build: Add missing variables

feat: Add version/metadata API endpoint
build: Disable parallel builds entirely
2023-07-07 17:12:20 +02:00 · 2023-07-07 16:48:32 +02:00 · 2023-07-07 14:33:47 +02:00 · 2023-07-07 10:30:20 +02:00 · 2023-07-06 13:01:35 +02:00 · 2023-05-19 13:43:23 +02:00
10 changed files with 100 additions and 49 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -21,8 +21,8 @@ steps:
  - yamllint --version

 - name: Linting
-  depends_on:
-  - Debugging information
+  # depends_on:
+  # - Debugging information
  image: bv11-cr01.bessems.eu/library/packer-extended
  pull: always
  commands:
@ -33,8 +33,8 @@ steps:
      scripts

 - name: Install Ansible Galaxy collections
-  depends_on:
-  - Linting
+  # depends_on:
+  # - Linting
  image: bv11-cr01.bessems.eu/library/packer-extended
  pull: always
  commands:
@ -47,8 +47,8 @@ steps:
    path: /scratch

 - name: Kubernetes Bootstrap Appliance
-  depends_on:
-  - Install Ansible Galaxy collections
+  # depends_on:
+  # - Install Ansible Galaxy collections
  image: bv11-cr01.bessems.eu/library/packer-extended
  pull: always
  commands:
@ -106,8 +106,8 @@ steps:
    path: /scratch

 - name: Kubernetes Upgrade Appliance
-  depends_on:
-  - Install Ansible Galaxy collections
+  # depends_on:
+  # - Install Ansible Galaxy collections
  image: bv11-cr01.bessems.eu/library/packer-extended
  pull: alwaysquery(
  commands:
@ -165,9 +165,9 @@ steps:
    path: /scratch

 - name: Remove temporary resources
-  depends_on:
-  - Kubernetes Bootstrap Appliance
-  - Kubernetes Upgrade Appliance
+  # depends_on:
+  # - Kubernetes Bootstrap Appliance
+  # - Kubernetes Upgrade Appliance
  image: bv11-cr01.bessems.eu/library/packer-extended
  commands:
  - |
--- a/ansible/roles/assets/tasks/manifests.yml
+++ b/ansible/roles/assets/tasks/manifests.yml
@ -16,14 +16,16 @@
            { 'components': (
              metacluster_chartvalues |
              combine({ 'clusterapi': components.clusterapi }) |
-              combine({ 'kubevip'   : components.kubevip }) )
+              combine({ 'kubevip'   : components.kubevip }) ),
+              'appliance': {
+                'version': (applianceversion)
+              }
            } | to_nice_yaml(indent=2, width=4096)
          }}

    - name: Aggregate chart_values into dict
      ansible.builtin.set_fact:
        workloadcluster_chartvalues: "{{ workloadcluster_chartvalues | default({}) | combine({ item.key: { 'chart_values': (item.value.chart_values | default('') | from_yaml) } }) }}"
-      # when: item.value.chart_values is defined
      loop: "{{ query('ansible.builtin.dict', downstream.helm_charts) }}"
      loop_control:
        label: "{{ item.key }}"
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml
@ -55,7 +55,6 @@
        force_basic_auth: yes
        body:
          name: token_init_{{ lookup('password', '/dev/null length=5 chars=ascii_letters,digits') }}
-          scopes: ["write:public_key","write:org"]
      register: gitea_api_token

    - name: Retrieve existing gitea configuration
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/json-server.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/json-server.yml
@ -0,0 +1,27 @@
+- block:
+    - name: Install json-server chart
+      kubernetes.core.helm:
+        name: json-server
+        chart_ref: /opt/metacluster/helm-charts/json-server
+        release_namespace: json-server
+        create_namespace: true
+        wait: false
+        kubeconfig: "{{ kubeconfig.path }}"
+        values: "{{ components['json-server'].chart_values }}"
+
+    - name: Ensure json-server API availability
+      ansible.builtin.uri:
+        url: https://version.{{ vapp['metacluster.fqdn'] }}/healthz
+        method: GET
+      register: api_readycheck
+      until:
+        - api_readycheck.json.status is defined
+        - api_readycheck.json.status == 'running'
+      retries: "{{ playbook.retries }}"
+      delay: "{{ (storage_benchmark | int) * (playbook.delay.long | int) }}"
+
+  module_defaults:
+    ansible.builtin.uri:
+      validate_certs: no
+      status_code: [200, 201]
+      body_format: json
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/main.yml
@ -1,5 +1,6 @@
 - import_tasks: init.yml
 - import_tasks: k3s.yml
+- import_tasks: json-server.yml
 - import_tasks: assets.yml
 - import_tasks: kube-vip.yml
 - import_tasks: storage.yml
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2
@ -42,11 +42,6 @@ patches:
      kubeadmConfigSpec:
        clusterConfiguration:
          imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
-        ntp:
-          enabled: true
-          servers:
-            - 0.nl.pool.ntp.org
-            - 1.nl.pool.ntp.org
 - patch: |-
    apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
    kind: KubeadmConfigTemplate
@ -58,11 +53,6 @@ patches:
        spec:
          clusterConfiguration:
            imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
-          ntp:
-            enabled: true
-            servers:
-              - 0.nl.pool.ntp.org
-              - 1.nl.pool.ntp.org
 - patch: |-
    apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
    kind: KubeadmConfigTemplate
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@ -1,7 +1,7 @@
 platform:

  k3s:
-    version: v1.26.5+k3s1
+    version: v1.27.1+k3s1

  packaged_components:
    - name: traefik
@ -51,12 +51,14 @@ platform:
      url: https://prometheus-community.github.io/helm-charts
    - name: smallstep
      url: https://smallstep.github.io/helm-charts/
+    - name: spamasaurus
+      url: https://code.spamasaurus.com/api/packages/djpbessems/helm

 components:

  argo-cd:
    helm:
-      version: 5.34.6  # (= ArgoCD v2.7.3)
+      version: 5.27.4  # (= ArgoCD v2.6.7)
      chart: argo/argo-cd
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
      chart_values: !unsafe |
@ -99,7 +101,7 @@ components:

  cert-manager:
    helm:
-      version: 1.12.1
+      version: 1.11.0
      chart: jetstack/cert-manager
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
      # chart_values: !unsafe |
@ -109,19 +111,19 @@ components:
    management:
      version:
        # Must match the version referenced at `dependencies.static_binaries[.filename==clusterctl].url`
-        base: v1.4.1
+        base: v1.4.0
        # Must match the version referenced at `components.cert-manager.helm.version`
-        cert_manager: v1.11.1
-        infrastructure_vsphere: v1.6.1
+        cert_manager: v1.11.0
+        infrastructure_vsphere: v1.6.0
        ipam_incluster: v0.1.0-alpha.2
        # Refer to `https://console.cloud.google.com/gcr/images/cloud-provider-vsphere/GLOBAL/cpi/release/manager` for available tags
-        cpi_vsphere: v1.26.2
+        cpi_vsphere: v1.26.1
    workload:
      version:
-        calico: v3.26.0
-        k8s: v1.26.5
+        calico: v3.25.0
+        k8s: v1.27.1
      node_template:
-        url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2204-kube-v1.26.5.ova
+        url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2204-kube-v1.27.1.ova

  # dex:
  #   helm:
@ -173,7 +175,7 @@ components:

  gitea:
    helm:
-      version: v8.3.0 # (= Gitea v1.19.3)
+      version: v7.0.2 # (= Gitea v1.18.3)
      chart: gitea-charts/gitea
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/'
      chart_values: !unsafe |
@ -204,7 +206,7 @@ components:

  harbor:
    helm:
-      version: 1.12.1  # (= Harbor v2.8.1)
+      version: 1.11.0  # (= Harbor v2.7.0)
      chart: harbor/harbor
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
      chart_values: !unsafe |
@ -225,6 +227,34 @@ components:
            registry:
              size: 25Gi

+  json-server:
+    helm:
+      version: v0.5.1
+      chart: spamasaurus/json-server
+      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
+      chart_values: !unsafe |
+        ingress:
+          enabled: true
+          hosts:
+            - host: version.{{ vapp['metacluster.fqdn'] }}
+              paths:
+                - path: /
+                  pathType: Prefix
+        seedData:
+          configInline: |
+            {
+              "appliance": { "version": "{{ appliance.version }}" },
+              "components": [
+                { "app": "argo-cd", "version": "{{ components[argo-cd].helm.version }}" },
+                { "app": "cert-manager", "version": "{{ components[cert-manager].helm.version }}" },
+                { "app": "cluster-api",
+                  "management": { "foo": "bar" },
+                  "workload": { "foo": "bar" }
+                }
+              ],
+              "healthz": { "status": "running" }
+            }
+
  # keycloakx:
  #   helm:
  #     version: 2.1.1  # (= Keycloak 20.0.3)
@ -259,7 +289,7 @@ components:

  kube-prometheus-stack:
    helm:
-      version: 46.5.0  # (= Prometheus version v0.65.1)
+      version: 45.2.0
      chart: prometheus-community/kube-prometheus-stack
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
      chart_values: !unsafe |
@ -270,11 +300,11 @@ components:

  kubevip:
    # Must match the version referenced at `dependencies.container_images`
-    version: v0.6.0
+    version: v0.5.8

  longhorn:
    helm:
-      version: 1.4.2
+      version: 1.4.1
      chart: longhorn/longhorn
      parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
      chart_values: !unsafe |
@ -290,7 +320,7 @@ components:

  step-certificates:
    helm:
-      version: 1.23.2+5  # (= step-ca v0.23.2)
+      version: 1.23.0
      chart: smallstep/step-certificates
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
      chart_values: !unsafe |
@ -320,7 +350,7 @@ dependencies:
  container_images:
    # This should match the image tag referenced at `platform.packaged_components[.name==traefik].config`
    - busybox:1
-    - ghcr.io/kube-vip/kube-vip:v0.6.0
+    - ghcr.io/kube-vip/kube-vip:v0.5.8
    # The following list is generated by running the following commands:
    #   $ clusterctl init -i vsphere:<version> [...]
    #   $ clusterctl generate cluster <name> [...] | yq eval '.data.data' | yq --no-doc eval '.. | .image? | select(.)' | sort -u
@ -334,25 +364,25 @@ dependencies:

  static_binaries:
    - filename: clusterctl
-      url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.4.1/clusterctl-linux-amd64
+      url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.4.0/clusterctl-linux-amd64
    - filename: govc
-      url: https://github.com/vmware/govmomi/releases/download/v0.30.4/govc_Linux_x86_64.tar.gz
+      url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz
      archive: compressed
    - filename: helm
-      url: https://get.helm.sh/helm-v3.12.0-linux-amd64.tar.gz
+      url: https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz
      archive: compressed
      extra_opts: --strip-components=1
    - filename: kubectl-slice
-      url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.6/kubectl-slice_linux_x86_64.tar.gz
+      url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.5/kubectl-slice_linux_x86_64.tar.gz
      archive: compressed
    - filename: skopeo
      url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.12.0/skopeo_linux_amd64
    - filename: step
-      url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.2/step_linux_0.23.2_amd64.tar.gz
+      url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.0/step_linux_0.23.0_amd64.tar.gz
      archive: compressed
      extra_opts: --strip-components=2
    - filename: yq
-      url: http://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64
+      url: http://github.com/mikefarah/yq/releases/download/v4.30.5/yq_linux_amd64

  packages:
    apt:
--- a/ansible/vars/workloadcluster.yml
+++ b/ansible/vars/workloadcluster.yml
@ -9,7 +9,7 @@ downstream:
  helm_charts:

    longhorn:
-      version: 1.4.2
+      version: 1.4.1
      chart: longhorn/longhorn
      namespace: longhorn-system
      parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
@ -19,7 +19,7 @@ downstream:
          defaultDataPath: /mnt/blockstorage

    sealed-secrets:
-      version: 2.9.0  # (= Sealed Secrets v0.21.0)
+      version: 2.8.1  # (= Sealed Secrets v0.20.2)
      chart: sealed-secrets/sealed-secrets
      namespace: sealed-secrets
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
--- a/packer/build.pkr.hcl
+++ b/packer/build.pkr.hcl
@ -28,6 +28,7 @@ build {

    extra_arguments  = [
      "--extra-vars", "appliancetype=${source.name}",
+      "--extra-vars", "applianceversion=${var.appliance_version}",
      "--extra-vars", "ansible_ssh_pass=${var.ssh_password}",
      "--extra-vars", "docker_username=${var.docker_username}",
      "--extra-vars", "docker_password=${var.docker_password}",
--- a/packer/variables.pkr.hcl
+++ b/packer/variables.pkr.hcl
@ -34,4 +34,5 @@ variable "docker_password" {
    sensitive = true
 }

+variable "appliance_version" {}
 variable "k8s_version" {}
Author	SHA1	Message	Date
Danny Bessems	a5248bd54c	build: Add missing variables Some checks failed continuous-integration/drone/push Build is failing Details	2023-07-07 17:12:20 +02:00
Danny Bessems	cbedc9679f	feat: Add version/metadata API endpoint Some checks failed continuous-integration/drone/push Build is failing Details	2023-07-07 16:48:32 +02:00
Danny Bessems	740b6b3dc9	build: Disable parallel builds entirely All checks were successful continuous-integration/drone/push Build is passing Details	2023-07-07 14:33:47 +02:00
Danny Bessems	0ba87988bc	fix: Incorrect indentation causing malformed PEM file Some checks failed continuous-integration/drone/push Build is failing Details	2023-07-07 10:30:20 +02:00
Danny Bessems	aa14a8a3a8	fix: Refactor kustomize templates All checks were successful continuous-integration/drone/push Build is passing Details	2023-07-06 13:01:35 +02:00
Danny Bessems	48c14afd0f	New major version branch All checks were successful continuous-integration/drone/push Build is passing Details	2023-05-19 13:43:23 +02:00