build: Add missing variables

.drone.yml

@@ -21,8 +21,8 @@ steps:
   - yamllint --version
 
 - name: Linting
-  depends_on:
+  # depends_on:
-  - Debugging information
+  # - Debugging information
   image: bv11-cr01.bessems.eu/library/packer-extended
   pull: always
   commands:
@@ -33,8 +33,8 @@ steps:
       scripts
 
 - name: Install Ansible Galaxy collections
-  depends_on:
+  # depends_on:
-  - Linting
+  # - Linting
   image: bv11-cr01.bessems.eu/library/packer-extended
   pull: always
   commands:
@@ -47,8 +47,8 @@ steps:
     path: /scratch
 
 - name: Kubernetes Bootstrap Appliance
-  depends_on:
+  # depends_on:
-  - Install Ansible Galaxy collections
+  # - Install Ansible Galaxy collections
   image: bv11-cr01.bessems.eu/library/packer-extended
   pull: always
   commands:
@@ -106,8 +106,8 @@ steps:
     path: /scratch
 
 - name: Kubernetes Upgrade Appliance
-  depends_on:
+  # depends_on:
-  - Install Ansible Galaxy collections
+  # - Install Ansible Galaxy collections
   image: bv11-cr01.bessems.eu/library/packer-extended
   pull: alwaysquery(
   commands:
@@ -165,9 +165,9 @@ steps:
     path: /scratch
 
 - name: Remove temporary resources
-  depends_on:
+  # depends_on:
-  - Kubernetes Bootstrap Appliance
+  # - Kubernetes Bootstrap Appliance
-  - Kubernetes Upgrade Appliance
+  # - Kubernetes Upgrade Appliance
   image: bv11-cr01.bessems.eu/library/packer-extended
   commands:
   - |

ansible/roles/assets/tasks/manifests.yml

@@ -16,14 +16,16 @@
             { 'components': (
               metacluster_chartvalues |
               combine({ 'clusterapi': components.clusterapi }) |
-              combine({ 'kubevip'   : components.kubevip }) )
+              combine({ 'kubevip'   : components.kubevip }) ),
+              'appliance': {
+                'version': (applianceversion)
+              }
             } | to_nice_yaml(indent=2, width=4096)
           }}
 
     - name: Aggregate chart_values into dict
       ansible.builtin.set_fact:
         workloadcluster_chartvalues: "{{ workloadcluster_chartvalues | default({}) | combine({ item.key: { 'chart_values': (item.value.chart_values | default('') | from_yaml) } }) }}"
-      # when: item.value.chart_values is defined
       loop: "{{ query('ansible.builtin.dict', downstream.helm_charts) }}"
       loop_control:
         label: "{{ item.key }}"

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml

@@ -55,7 +55,6 @@
         force_basic_auth: yes
         body:
           name: token_init_{{ lookup('password', '/dev/null length=5 chars=ascii_letters,digits') }}
-          scopes: ["write:public_key","write:org"]
       register: gitea_api_token
 
     - name: Retrieve existing gitea configuration

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/json-server.yml

@@ -0,0 +1,27 @@
+- block:
+    - name: Install json-server chart
+      kubernetes.core.helm:
+        name: json-server
+        chart_ref: /opt/metacluster/helm-charts/json-server
+        release_namespace: json-server
+        create_namespace: true
+        wait: false
+        kubeconfig: "{{ kubeconfig.path }}"
+        values: "{{ components['json-server'].chart_values }}"
+
+    - name: Ensure json-server API availability
+      ansible.builtin.uri:
+        url: https://version.{{ vapp['metacluster.fqdn'] }}/healthz
+        method: GET
+      register: api_readycheck
+      until:
+        - api_readycheck.json.status is defined
+        - api_readycheck.json.status == 'running'
+      retries: "{{ playbook.retries }}"
+      delay: "{{ (storage_benchmark | int) * (playbook.delay.long | int) }}"
+
+  module_defaults:
+    ansible.builtin.uri:
+      validate_certs: no
+      status_code: [200, 201]
+      body_format: json

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/main.yml

@@ -1,5 +1,6 @@
 - import_tasks: init.yml
 - import_tasks: k3s.yml
+- import_tasks: json-server.yml
 - import_tasks: assets.yml
 - import_tasks: kube-vip.yml
 - import_tasks: storage.yml

ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2

@@ -42,11 +42,6 @@ patches:
       kubeadmConfigSpec:
         clusterConfiguration:
           imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
-        ntp:
-          enabled: true
-          servers:
-            - 0.nl.pool.ntp.org
-            - 1.nl.pool.ntp.org
 - patch: |-
     apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
     kind: KubeadmConfigTemplate
@@ -58,11 +53,6 @@ patches:
         spec:
           clusterConfiguration:
             imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
-          ntp:
-            enabled: true
-            servers:
-              - 0.nl.pool.ntp.org
-              - 1.nl.pool.ntp.org
 - patch: |-
     apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
     kind: KubeadmConfigTemplate

ansible/vars/metacluster.yml

@@ -1,7 +1,7 @@
 platform:
 
   k3s:
-    version: v1.26.5+k3s1
+    version: v1.27.1+k3s1
 
   packaged_components:
     - name: traefik
@@ -51,12 +51,14 @@ platform:
       url: https://prometheus-community.github.io/helm-charts
     - name: smallstep
       url: https://smallstep.github.io/helm-charts/
+    - name: spamasaurus
+      url: https://code.spamasaurus.com/api/packages/djpbessems/helm
 
 components:
 
   argo-cd:
     helm:
-      version: 5.34.6  # (= ArgoCD v2.7.3)
+      version: 5.27.4  # (= ArgoCD v2.6.7)
       chart: argo/argo-cd
       parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
       chart_values: !unsafe |
@@ -99,7 +101,7 @@ components:
 
   cert-manager:
     helm:
-      version: 1.12.1
+      version: 1.11.0
       chart: jetstack/cert-manager
       parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
       # chart_values: !unsafe |
@@ -109,19 +111,19 @@ components:
     management:
       version:
         # Must match the version referenced at `dependencies.static_binaries[.filename==clusterctl].url`
-        base: v1.4.1
+        base: v1.4.0
         # Must match the version referenced at `components.cert-manager.helm.version`
-        cert_manager: v1.11.1
+        cert_manager: v1.11.0
-        infrastructure_vsphere: v1.6.1
+        infrastructure_vsphere: v1.6.0
         ipam_incluster: v0.1.0-alpha.2
         # Refer to `https://console.cloud.google.com/gcr/images/cloud-provider-vsphere/GLOBAL/cpi/release/manager` for available tags
-        cpi_vsphere: v1.26.2
+        cpi_vsphere: v1.26.1
     workload:
       version:
-        calico: v3.26.0
+        calico: v3.25.0
-        k8s: v1.26.5
+        k8s: v1.27.1
       node_template:
-        url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2204-kube-v1.26.5.ova
+        url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2204-kube-v1.27.1.ova
 
   # dex:
   #   helm:
@@ -173,7 +175,7 @@ components:
 
   gitea:
     helm:
-      version: v8.3.0 # (= Gitea v1.19.3)
+      version: v7.0.2 # (= Gitea v1.18.3)
       chart: gitea-charts/gitea
       parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/'
       chart_values: !unsafe |
@@ -204,7 +206,7 @@ components:
 
   harbor:
     helm:
-      version: 1.12.1  # (= Harbor v2.8.1)
+      version: 1.11.0  # (= Harbor v2.7.0)
       chart: harbor/harbor
       parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
       chart_values: !unsafe |
@@ -225,6 +227,34 @@ components:
             registry:
               size: 25Gi
 
+  json-server:
+    helm:
+      version: v0.5.1
+      chart: spamasaurus/json-server
+      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
+      chart_values: !unsafe |
+        ingress:
+          enabled: true
+          hosts:
+            - host: version.{{ vapp['metacluster.fqdn'] }}
+              paths:
+                - path: /
+                  pathType: Prefix
+        seedData:
+          configInline: |
+            {
+              "appliance": { "version": "{{ appliance.version }}" },
+              "components": [
+                { "app": "argo-cd", "version": "{{ components[argo-cd].helm.version }}" },
+                { "app": "cert-manager", "version": "{{ components[cert-manager].helm.version }}" },
+                { "app": "cluster-api",
+                  "management": { "foo": "bar" },
+                  "workload": { "foo": "bar" }
+                }
+              ],
+              "healthz": { "status": "running" }
+            }
+
   # keycloakx:
   #   helm:
   #     version: 2.1.1  # (= Keycloak 20.0.3)
@@ -259,7 +289,7 @@ components:
 
   kube-prometheus-stack:
     helm:
-      version: 46.5.0  # (= Prometheus version v0.65.1)
+      version: 45.2.0
       chart: prometheus-community/kube-prometheus-stack
       parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
       chart_values: !unsafe |
@@ -270,11 +300,11 @@ components:
 
   kubevip:
     # Must match the version referenced at `dependencies.container_images`
-    version: v0.6.0
+    version: v0.5.8
 
   longhorn:
     helm:
-      version: 1.4.2
+      version: 1.4.1
       chart: longhorn/longhorn
       parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
       chart_values: !unsafe |
@@ -290,7 +320,7 @@ components:
 
   step-certificates:
     helm:
-      version: 1.23.2+5  # (= step-ca v0.23.2)
+      version: 1.23.0
       chart: smallstep/step-certificates
       parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
       chart_values: !unsafe |
@@ -320,7 +350,7 @@ dependencies:
   container_images:
     # This should match the image tag referenced at `platform.packaged_components[.name==traefik].config`
     - busybox:1
-    - ghcr.io/kube-vip/kube-vip:v0.6.0
+    - ghcr.io/kube-vip/kube-vip:v0.5.8
     # The following list is generated by running the following commands:
     #   $ clusterctl init -i vsphere:<version> [...]
     #   $ clusterctl generate cluster <name> [...] | yq eval '.data.data' | yq --no-doc eval '.. | .image? | select(.)' | sort -u
@@ -334,25 +364,25 @@ dependencies:
 
   static_binaries:
     - filename: clusterctl
-      url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.4.1/clusterctl-linux-amd64
+      url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.4.0/clusterctl-linux-amd64
     - filename: govc
-      url: https://github.com/vmware/govmomi/releases/download/v0.30.4/govc_Linux_x86_64.tar.gz
+      url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz
       archive: compressed
     - filename: helm
-      url: https://get.helm.sh/helm-v3.12.0-linux-amd64.tar.gz
+      url: https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz
       archive: compressed
       extra_opts: --strip-components=1
     - filename: kubectl-slice
-      url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.6/kubectl-slice_linux_x86_64.tar.gz
+      url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.5/kubectl-slice_linux_x86_64.tar.gz
       archive: compressed
     - filename: skopeo
       url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.12.0/skopeo_linux_amd64
     - filename: step
-      url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.2/step_linux_0.23.2_amd64.tar.gz
+      url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.0/step_linux_0.23.0_amd64.tar.gz
       archive: compressed
       extra_opts: --strip-components=2
     - filename: yq
-      url: http://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64
+      url: http://github.com/mikefarah/yq/releases/download/v4.30.5/yq_linux_amd64
 
   packages:
     apt:

ansible/vars/workloadcluster.yml

@@ -9,7 +9,7 @@ downstream:
   helm_charts:
 
     longhorn:
-      version: 1.4.2
+      version: 1.4.1
       chart: longhorn/longhorn
       namespace: longhorn-system
       parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
@@ -19,7 +19,7 @@ downstream:
           defaultDataPath: /mnt/blockstorage
 
     sealed-secrets:
-      version: 2.9.0  # (= Sealed Secrets v0.21.0)
+      version: 2.8.1  # (= Sealed Secrets v0.20.2)
       chart: sealed-secrets/sealed-secrets
       namespace: sealed-secrets
       parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'

packer/build.pkr.hcl

@@ -28,6 +28,7 @@ build {
 
     extra_arguments  = [
       "--extra-vars", "appliancetype=${source.name}",
+      "--extra-vars", "applianceversion=${var.appliance_version}",
       "--extra-vars", "ansible_ssh_pass=${var.ssh_password}",
       "--extra-vars", "docker_username=${var.docker_username}",
       "--extra-vars", "docker_password=${var.docker_password}",

packer/variables.pkr.hcl

@@ -34,4 +34,5 @@ variable "docker_password" {
     sensitive = true
 }
 
+variable "appliance_version" {}
 variable "k8s_version" {}