djpbessems/Packer.Images
Archived
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: djpbessems:88e37bb706bf532c8aaea7f95f05c638274a3e1c
Branches Tags
djpbessems:master djpbessems:Appliance.AirgappedK8s-1.27.x djpbessems:Appliance.AirgappedK8s-1.26.x djpbessems:Appliance.AirgappedK8s-1.25.x djpbessems:Test_SemRel djpbessems:UbuntuServer22.04 djpbessems:UbuntuServer20.04 djpbessems:Windows10 djpbessems:Server2019 djpbessems:ADDS
djpbessems:K8s_1.25.9-v1.0.0 djpbessems:v1.0.0
..
compare: djpbessems:544f98a8fb143181e0100a3b112440d94e97e292
Branches Tags
djpbessems:Appliance.AirgappedK8s-1.27.x djpbessems:Appliance.AirgappedK8s-1.26.x djpbessems:Appliance.AirgappedK8s-1.25.x djpbessems:Test_SemRel djpbessems:UbuntuServer22.04 djpbessems:UbuntuServer20.04 djpbessems:Windows10 djpbessems:master djpbessems:Server2019 djpbessems:ADDS
djpbessems:K8s_1.25.9-v1.0.0 djpbessems:v1.0.0

2 Commits
88e37bb706 ... 544f98a8fb

Author SHA1 Message Date
djpbessems
544f98a8fb chore: Add Traefik persistent volume permissions workaround
All checks were successful
Container & Helm chart / Linting (push) Successful in 6s
Details
Container & Helm chart / Semantic Release (Dry-run) (push) Successful in 1m4s
Details
Container & Helm chart / Kubernetes Bootstrap Appliance (push) Successful in 36m45s
Details
2024-06-10 22:19:29 +10:00
djpbessems
562e0b8167 build: Cleanup virtual machine after builds 2024-06-10 15:59:19 +10:00
4 changed files with 10 additions and 236 deletions
Expand all files Collapse all files

226
.drone.yml
View File

@@ -1,226 +0,0 @@
kind: pipeline
type: kubernetes
name: 'Packer Build'
volumes:
- name: output
claim:
name: flexvolsmb-drone-output
- name: scratch
claim:
name: flexvolsmb-drone-scratch
trigger:
event:
exclude:
- tag
steps:
- name: Debugging information
image: bv11-cr01.bessems.eu/library/packer-extended
pull: always
commands:
- ansible --version
- ovftool --version
- packer --version
- yamllint --version
- name: Linting
image: bv11-cr01.bessems.eu/library/packer-extended
pull: always
commands:
- |
yamllint -d "{extends: relaxed, rules: {line-length: disable}}" \
ansible \
packer/preseed/UbuntuServer22.04/user-data \
scripts
- name: Semantic Release (Dry-run)
image: bv11-cr01.bessems.eu/proxy/library/node:20-slim
pull: always
commands:
- |
apt-get update
- |
apt-get install -y --no-install-recommends \
curl \
git-core \
jq \
ca-certificates
- |
curl -L https://api.github.com/repos/mikefarah/yq/releases/latest | \
jq -r '.assets[] | select(.name | endswith("yq_linux_amd64")) | .browser_download_url' | \
xargs -I {} curl -L -o /bin/yq {} && \
chmod +x /bin/yq
- |
npm install \
semantic-release \
@semantic-release/commit-analyzer \
@semantic-release/exec \
- |
export K8S_VERSION=$(yq '.components.clusterapi.workload.version.k8s' < ./ansible/vars/metacluster.yml)
export GIT_CREDENTIALS=$${GIT_USERNAME}:$${GIT_APIKEY}
- |
npx semantic-release \
--package @semantic-release/exec \
--package semantic-release \
--branches ${DRONE_BRANCH} \
--tag-format "K8s_$${K8S_VERSION}-v\$${version}" \
--dry-run \
--plugins @semantic-release/commit-analyzer,@semantic-release/exec \
--analyzeCommits @semantic-release/commit-analyzer \
--verifyRelease @semantic-release/exec \
--verifyReleaseCmd 'echo "$${nextRelease.version}" > .version'
environment:
GIT_APIKEY:
from_secret: git_apikey
GIT_USERNAME: djpbessems
- name: Install Ansible Galaxy collections
image: bv11-cr01.bessems.eu/library/packer-extended
pull: always
commands:
- |
ansible-galaxy collection install \
-r ansible/requirements.yml \
-p ./ansible/collections
- name: Kubernetes Bootstrap Appliance
image: bv11-cr01.bessems.eu/library/packer-extended
pull: always
commands:
- |
sed -i -e "s/<<img-password>>/$${SSH_PASSWORD}/g" \
packer/preseed/UbuntuServer22.04/user-data
- |
export K8S_VERSION=$(yq '.components.clusterapi.workload.version.k8s' < ./ansible/vars/metacluster.yml)
export APPLIANCE_VERSION=$(cat .version)
- |
packer init -upgrade \
./packer
- |
packer validate \
-only=vsphere-iso.bootstrap \
-var vm_name=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:10}-$(openssl rand -hex 3) \
-var docker_username=$${DOCKER_USERNAME} \
-var docker_password=$${DOCKER_PASSWORD} \
-var repo_username=$${REPO_USERNAME} \
-var repo_password=$${REPO_PASSWORD} \
-var ssh_password=$${SSH_PASSWORD} \
-var vsphere_password=$${VSPHERE_PASSWORD} \
-var k8s_version=$K8S_VERSION \
-var appliance_version=$APPLIANCE_VERSION \
./packer
- |
packer build \
-on-error=cleanup -timestamp-ui \
-only=vsphere-iso.bootstrap \
-var vm_name=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:10}-$(openssl rand -hex 3) \
-var docker_username=$${DOCKER_USERNAME} \
-var docker_password=$${DOCKER_PASSWORD} \
-var repo_username=$${REPO_USERNAME} \
-var repo_password=$${REPO_PASSWORD} \
-var ssh_password=$${SSH_PASSWORD} \
-var vsphere_password=$${VSPHERE_PASSWORD} \
-var k8s_version=$K8S_VERSION \
-var appliance_version=$APPLIANCE_VERSION \
./packer
environment:
DOCKER_USERNAME:
from_secret: docker_username
DOCKER_PASSWORD:
from_secret: docker_password
# PACKER_LOG: 1
REPO_USERNAME:
from_secret: repo_username
REPO_PASSWORD:
from_secret: repo_password
SSH_PASSWORD:
from_secret: ssh_password
VSPHERE_PASSWORD:
from_secret: vsphere_password
volumes:
- name: output
path: /output
- name: scratch
path: /scratch
- name: Kubernetes Upgrade Appliance
image: bv11-cr01.bessems.eu/library/packer-extended
pull: alwaysquery(
commands:
- |
sed -i -e "s/<<img-password>>/$${SSH_PASSWORD}/g" \
packer/preseed/UbuntuServer22.04/user-data
- |
export K8S_VERSION=$(yq '.components.clusterapi.workload.version.k8s' < ./ansible/vars/metacluster.yml)
export APPLIANCE_VERSION=$(cat .version)
- |
packer init -upgrade \
./packer
- |
packer validate \
-only=vsphere-iso.upgrade \
-var vm_name=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:10}-$(openssl rand -hex 3) \
-var docker_username=$${DOCKER_USERNAME} \
-var docker_password=$${DOCKER_PASSWORD} \
-var repo_username=$${REPO_USERNAME} \
-var repo_password=$${REPO_PASSWORD} \
-var ssh_password=$${SSH_PASSWORD} \
-var vsphere_password=$${VSPHERE_PASSWORD} \
-var k8s_version=$K8S_VERSION \
-var appliance_version=$APPLIANCE_VERSION \
./packer
- |
packer build \
-on-error=cleanup -timestamp-ui \
-only=vsphere-iso.upgrade \
-var vm_name=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:10}-$(openssl rand -hex 3) \
-var docker_username=$${DOCKER_USERNAME} \
-var docker_password=$${DOCKER_PASSWORD} \
-var repo_username=$${REPO_USERNAME} \
-var repo_password=$${REPO_PASSWORD} \
-var ssh_password=$${SSH_PASSWORD} \
-var vsphere_password=$${VSPHERE_PASSWORD} \
-var k8s_version=$K8S_VERSION \
-var appliance_version=$APPLIANCE_VERSION \
./packer
environment:
DOCKER_USERNAME:
from_secret: docker_username
DOCKER_PASSWORD:
from_secret: docker_password
# PACKER_LOG: 1
REPO_USERNAME:
from_secret: repo_username
REPO_PASSWORD:
from_secret: repo_password
SSH_PASSWORD:
from_secret: ssh_password
VSPHERE_PASSWORD:
from_secret: vsphere_password
volumes:
- name: output
path: /output
- name: scratch
path: /scratch
- name: Remove temporary resources
image: bv11-cr01.bessems.eu/library/packer-extended
commands:
- |
pwsh -file scripts/Remove-Resources.ps1 \
-VMName $DRONE_BUILD_NUMBER-${DRONE_COMMIT_SHA:0:10} \
-VSphereFQDN 'bv11-vc.bessems.lan' \
-VSphereUsername 'administrator@vsphere.local' \
-VSpherePassword $${VSPHERE_PASSWORD}
environment:
VSPHERE_PASSWORD:
from_secret: vsphere_password
volumes:
- name: scratch
path: /scratch
when:
status:
- success
- failure

12
.gitea/workflows/actions.yaml
View File

@@ -83,12 +83,9 @@ jobs:
echo "BUILD_COMMIT=$(echo ${{ gitea.sha }} | cut -c 1-10)" >> $GITHUB_ENV echo "BUILD_COMMIT=$(echo ${{ gitea.sha }} | cut -c 1-10)" >> $GITHUB_ENV
echo "BUILD_SUFFIX=$(openssl rand -hex 3)" >> $GITHUB_ENV echo "BUILD_SUFFIX=$(openssl rand -hex 3)" >> $GITHUB_ENV
- name: Run `packer validate` - name: Validate packer template files
id: validate id: validate
run: | run: |
# BUILD_COMMIT=$(echo "${{ gitea.sha }}" | cut -c 1-10)
# BUILD_SUFFIX=$(openssl rand -hex 3)
packer validate \ packer validate \
-only=vsphere-iso.bootstrap \ -only=vsphere-iso.bootstrap \
-var vm_name=${{ gitea.run_number }}-${BUILD_COMMIT}-${BUILD_SUFFIX} \ -var vm_name=${{ gitea.run_number }}-${BUILD_COMMIT}-${BUILD_SUFFIX} \
@@ -101,12 +98,10 @@ jobs:
-var k8s_version=${{ steps.get_k8sversion.outputs.result }} \ -var k8s_version=${{ steps.get_k8sversion.outputs.result }} \
-var appliance_version=${{ needs.semrel_dryrun.outputs.version }} \ -var appliance_version=${{ needs.semrel_dryrun.outputs.version }} \
./packer ./packer
- name: Run `packer build` - name: Build packer template
run: | run: |
# BUILD_COMMIT=$(echo "${{ gitea.sha }}" | cut -c 1-10)
# BUILD_SUFFIX=$(openssl rand -hex 3)
packer build \ packer build \
-on-error=cleanup -timestamp-ui \
-only=vsphere-iso.bootstrap \ -only=vsphere-iso.bootstrap \
-var vm_name=${{ gitea.run_number }}-${BUILD_COMMIT}-${BUILD_SUFFIX} \ -var vm_name=${{ gitea.run_number }}-${BUILD_COMMIT}-${BUILD_SUFFIX} \
-var docker_username=${{ secrets.DOCKER_USERNAME }} \ -var docker_username=${{ secrets.DOCKER_USERNAME }} \
@@ -121,7 +116,6 @@ jobs:
# env: # env:
# PACKER_LOG: 1 # PACKER_LOG: 1
# semrel: # semrel:
# name: Semantic Release # name: Semantic Release
# runs-on: dind-rootless # runs-on: dind-rootless

6
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/ingress.yml
View File

@@ -6,7 +6,11 @@
initContainers: initContainers:
- name: volume-permissions - name: volume-permissions
image: busybox:1 image: busybox:1
command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"] command: ["sh", "-c", "touch /data/acme.json; chown 65532 /data/acme.json; chmod -v 600 /data/acme.json"]
securityContext:
runAsNonRoot: false
runAsGroup: 0
runAsUser: 0
volumeMounts: volumeMounts:
- name: data - name: data
mountPath: /data mountPath: /data

2
packer/source.pkr.hcl
View File

@@ -58,4 +58,6 @@ source "vsphere-iso" "ubuntu" {
export { export {
output_directory = "/data/scratch" output_directory = "/data/scratch"
} }
destroy = true
} }