Compare commits
3 Commits
20f28f7d8a
...
066a21b1d2
| Author | SHA1 | Date | |
|---|---|---|---|
| 066a21b1d2 | |||
| 46fe962e77 | |||
| 74070f266c |
@@ -8,6 +8,34 @@
|
|||||||
combine( components['step-certificates'].chart_values | from_yaml, recursive=True, list_merge='append')
|
combine( components['step-certificates'].chart_values | from_yaml, recursive=True, list_merge='append')
|
||||||
}}
|
}}
|
||||||
|
|
||||||
|
- name: Duplicate default provisioner with modified claims
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
values_new: |
|
||||||
|
{{
|
||||||
|
values_initial |
|
||||||
|
combine({'inject':{'config':{'files':{'ca.json':{'authority': {'provisioners': [
|
||||||
|
values_initial.inject.config.files['ca.json'].authority.provisioners[0] | combine({'name':'long-lived', 'claims':{'maxTLSCertDuration':'87660h'}})
|
||||||
|
]}}}}}}, list_merge='append_rp', recursive=true)
|
||||||
|
}}
|
||||||
|
|
||||||
|
# We're facing several bugs or niche cases that result in incorrect output, despite being behaviour by design:
|
||||||
|
# - Ansible's `to_yaml` filter, sees `\n` escape sequences in PEM certificate strings and correctly converts them to actual newlines - without any way to prevent this
|
||||||
|
# So we cannot rely on Ansible to (re)create the helm chart values file
|
||||||
|
# - Python's yaml interpreter sees strings with a value of `y` as short for `yes` or `true`, even when that string is a key name.
|
||||||
|
# So we cannot use a straightforward yaml document as input for the Ansible helm module (which is written in Python)
|
||||||
|
#
|
||||||
|
# Lets explain the following workaround steps:
|
||||||
|
# - First we convert the dictionary to a json-object (through Ansible), so that yq can read it
|
||||||
|
# - Second we convert the json-object in its entirety to yaml (through yq), so that yq can actually manipulate it.
|
||||||
|
# - Finally, we take one specific subkey's contents (list of dictionaries) and iterate over each with the following steps (with `map`):
|
||||||
|
# - Convert the dictionary to json with `tojson`
|
||||||
|
# - Remove newlines (and spaces) with `sub`
|
||||||
|
# - Remove outer quotes (') with `sed`
|
||||||
|
- name: Save updated values file
|
||||||
|
ansible.builtin.shell:
|
||||||
|
cmd: |
|
||||||
|
echo '{{ values_new | to_nice_json }}' | yq -p json -o yaml | yq e '.inject.config.files["ca.json"].authority.provisioners |= map(tojson | sub("[\n ]";""))' | sed -e "s/- '/- /;s/'$//" > {{ stepconfig.path }}
|
||||||
|
|
||||||
- name: Install step-ca chart
|
- name: Install step-ca chart
|
||||||
kubernetes.core.helm:
|
kubernetes.core.helm:
|
||||||
name: step-certificates
|
name: step-certificates
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
- import_tasks: init.yml
|
- import_tasks: init.yml
|
||||||
- import_tasks: k3s.yml
|
- import_tasks: k3s.yml
|
||||||
- import_tasks: assets.yml
|
- import_tasks: assets.yml
|
||||||
|
- import_tasks: workflow.yml
|
||||||
- import_tasks: virtualip.yml
|
- import_tasks: virtualip.yml
|
||||||
- import_tasks: metadata.yml
|
- import_tasks: metadata.yml
|
||||||
- import_tasks: storage.yml
|
- import_tasks: storage.yml
|
||||||
|
|||||||
@@ -0,0 +1,20 @@
|
|||||||
|
- block:
|
||||||
|
|
||||||
|
- name: Install argo-workflows chart
|
||||||
|
kubernetes.core.helm:
|
||||||
|
name: argo-workflows
|
||||||
|
chart_ref: /opt/metacluster/helm-charts/argo-workflows
|
||||||
|
release_namespace: argo-workflows
|
||||||
|
create_namespace: true
|
||||||
|
wait: false
|
||||||
|
kubeconfig: "{{ kubeconfig.path }}"
|
||||||
|
values: "{{ components['argo-workflows'].chart_values }}"
|
||||||
|
|
||||||
|
# - name: Trigger handlers
|
||||||
|
# ansible.builtin.meta: flush_handlers
|
||||||
|
|
||||||
|
module_defaults:
|
||||||
|
ansible.builtin.uri:
|
||||||
|
validate_certs: no
|
||||||
|
status_code: [200, 201]
|
||||||
|
body_format: json
|
||||||
@@ -127,8 +127,8 @@
|
|||||||
wait: true
|
wait: true
|
||||||
kubeconfig: "{{ kubeconfig.path }}"
|
kubeconfig: "{{ kubeconfig.path }}"
|
||||||
loop:
|
loop:
|
||||||
- name: caip-in-cluster-controller-manager
|
- name: capi-ipam-in-cluster-controller-manager
|
||||||
namespace: caip-in-cluster-system
|
namespace: capi-ipam-in-cluster-system
|
||||||
- name: capi-controller-manager
|
- name: capi-controller-manager
|
||||||
namespace: capi-system
|
namespace: capi-system
|
||||||
- name: capv-controller-manager
|
- name: capv-controller-manager
|
||||||
|
|||||||
@@ -58,7 +58,7 @@ components:
|
|||||||
|
|
||||||
argo-cd:
|
argo-cd:
|
||||||
helm:
|
helm:
|
||||||
version: 6.7.7 # (=ArgoCD v.2.10.5)
|
version: 6.7.7 # (=Argo CD v2.10.5)
|
||||||
chart: argo/argo-cd
|
chart: argo/argo-cd
|
||||||
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
|
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
|
||||||
chart_values: !unsafe |
|
chart_values: !unsafe |
|
||||||
@@ -79,6 +79,25 @@ components:
|
|||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
|
argo-workflows:
|
||||||
|
helm:
|
||||||
|
version: 0.41.8 # (=Argo Workflows v3.5.7)
|
||||||
|
chart: argo/argo-workflows
|
||||||
|
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
|
||||||
|
chart_values: !unsafe |
|
||||||
|
controller:
|
||||||
|
workflowNamespaces:
|
||||||
|
- default
|
||||||
|
- firstboot
|
||||||
|
server:
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
hosts:
|
||||||
|
- workflow.{{ vapp['workloadcluster.fqdn']}}
|
||||||
|
paths:
|
||||||
|
- /
|
||||||
|
pathType: Prefix
|
||||||
|
|
||||||
cert-manager:
|
cert-manager:
|
||||||
helm:
|
helm:
|
||||||
version: 1.14.4
|
version: 1.14.4
|
||||||
|
|||||||
Reference in New Issue
Block a user