Compare commits
20 Commits
Test_SemRe
...
05f085aee7
| Author | SHA1 | Date | |
|---|---|---|---|
| 05f085aee7 | |||
| 072fc56050 | |||
| 5363eba1a3 | |||
| a245cc3d48 | |||
| 51c477fb07 | |||
| 1446cba537 | |||
| 0501a035f2 | |||
| 6e942af974 | |||
| 89874d57ce | |||
| 2b497d4653 | |||
| cfa4a5379a | |||
| a2c2766ff7 | |||
| 76d3b6c742 | |||
| a5248bd54c | |||
| cbedc9679f | |||
| 740b6b3dc9 | |||
| 0ba87988bc | |||
| aa14a8a3a8 | |||
| 48c14afd0f | |||
| 2addda3f06 |
35
.drone.yml
35
.drone.yml
@ -26,8 +26,6 @@ steps:
|
||||
- yamllint --version
|
||||
|
||||
- name: Linting
|
||||
depends_on:
|
||||
- Debugging information
|
||||
image: bv11-cr01.bessems.eu/library/packer-extended
|
||||
pull: always
|
||||
commands:
|
||||
@ -38,8 +36,6 @@ steps:
|
||||
scripts
|
||||
|
||||
- name: Semantic Release (Dry-run)
|
||||
depends_on:
|
||||
- Linting
|
||||
image: bv11-cr01.bessems.eu/proxy/library/node:20-slim
|
||||
pull: always
|
||||
commands:
|
||||
@ -47,21 +43,29 @@ steps:
|
||||
apt-get update
|
||||
- |
|
||||
apt-get install -y --no-install-recommends \
|
||||
curl \
|
||||
git-core \
|
||||
jq \
|
||||
ca-certificates
|
||||
- |
|
||||
curl -L https://api.github.com/repos/mikefarah/yq/releases/latest | \
|
||||
jq -r '.assets[] | select(.name | endswith("yq_linux_amd64")) | .browser_download_url' | \
|
||||
xargs -I {} curl -L -o /bin/yq {} && \
|
||||
chmod +x /bin/yq
|
||||
- |
|
||||
npm install \
|
||||
semantic-release \
|
||||
@semantic-release/commit-analyzer \
|
||||
@semantic-release/exec \
|
||||
- |
|
||||
export K8S_VERSION=$(yq '.components.clusterapi.workload.version.k8s' < ./ansible/vars/metacluster.yml)
|
||||
export GIT_CREDENTIALS=$${GIT_USERNAME}:$${GIT_APIKEY}
|
||||
- |
|
||||
npx semantic-release \
|
||||
--package @semantic-release/exec \
|
||||
--package semantic-release \
|
||||
--branches ${DRONE_BRANCH} \
|
||||
--tag-format "K8s_1.25.9-v\$${version}" \
|
||||
--tag-format "K8s_$${K8S_VERSION}-v\$${version}" \
|
||||
--dry-run \
|
||||
--plugins @semantic-release/commit-analyzer,@semantic-release/exec \
|
||||
--analyzeCommits @semantic-release/commit-analyzer \
|
||||
@ -73,8 +77,6 @@ steps:
|
||||
GIT_USERNAME: djpbessems
|
||||
|
||||
- name: Install Ansible Galaxy collections
|
||||
depends_on:
|
||||
- Semantic Release (Dry-run)
|
||||
image: bv11-cr01.bessems.eu/library/packer-extended
|
||||
pull: always
|
||||
commands:
|
||||
@ -84,8 +86,6 @@ steps:
|
||||
-p ./ansible/collections
|
||||
|
||||
- name: Kubernetes Bootstrap Appliance
|
||||
depends_on:
|
||||
- Install Ansible Galaxy collections
|
||||
image: bv11-cr01.bessems.eu/library/packer-extended
|
||||
pull: always
|
||||
commands:
|
||||
@ -94,7 +94,7 @@ steps:
|
||||
packer/preseed/UbuntuServer22.04/user-data
|
||||
- |
|
||||
export K8S_VERSION=$(yq '.components.clusterapi.workload.version.k8s' < ./ansible/vars/metacluster.yml)
|
||||
export NEXT_RELEASE_VERSION=$(cat .version)
|
||||
export APPLIANCE_VERSION=$(cat .version)
|
||||
- |
|
||||
packer init -upgrade \
|
||||
./packer
|
||||
@ -109,7 +109,7 @@ steps:
|
||||
-var ssh_password=$${SSH_PASSWORD} \
|
||||
-var vsphere_password=$${VSPHERE_PASSWORD} \
|
||||
-var k8s_version=$K8S_VERSION \
|
||||
-var next_release_version=$NEXT_RELEASE_VERSION \
|
||||
-var appliance_version=$APPLIANCE_VERSION \
|
||||
./packer
|
||||
- |
|
||||
packer build \
|
||||
@ -123,7 +123,7 @@ steps:
|
||||
-var ssh_password=$${SSH_PASSWORD} \
|
||||
-var vsphere_password=$${VSPHERE_PASSWORD} \
|
||||
-var k8s_version=$K8S_VERSION \
|
||||
-var next_release_version=$NEXT_RELEASE_VERSION \
|
||||
-var appliance_version=$APPLIANCE_VERSION \
|
||||
./packer
|
||||
environment:
|
||||
DOCKER_USERNAME:
|
||||
@ -146,8 +146,6 @@ steps:
|
||||
path: /scratch
|
||||
|
||||
- name: Kubernetes Upgrade Appliance
|
||||
depends_on:
|
||||
- Install Ansible Galaxy collections
|
||||
image: bv11-cr01.bessems.eu/library/packer-extended
|
||||
pull: alwaysquery(
|
||||
commands:
|
||||
@ -156,7 +154,7 @@ steps:
|
||||
packer/preseed/UbuntuServer22.04/user-data
|
||||
- |
|
||||
export K8S_VERSION=$(yq '.components.clusterapi.workload.version.k8s' < ./ansible/vars/metacluster.yml)
|
||||
export NEXT_RELEASE_VERSION=$(cat .version)
|
||||
export APPLIANCE_VERSION=$(cat .version)
|
||||
- |
|
||||
packer init -upgrade \
|
||||
./packer
|
||||
@ -171,7 +169,7 @@ steps:
|
||||
-var ssh_password=$${SSH_PASSWORD} \
|
||||
-var vsphere_password=$${VSPHERE_PASSWORD} \
|
||||
-var k8s_version=$K8S_VERSION \
|
||||
-var next_release_version=$NEXT_RELEASE_VERSION \
|
||||
-var appliance_version=$APPLIANCE_VERSION \
|
||||
./packer
|
||||
- |
|
||||
packer build \
|
||||
@ -185,7 +183,7 @@ steps:
|
||||
-var ssh_password=$${SSH_PASSWORD} \
|
||||
-var vsphere_password=$${VSPHERE_PASSWORD} \
|
||||
-var k8s_version=$K8S_VERSION \
|
||||
-var next_release_version=$NEXT_RELEASE_VERSION \
|
||||
-var appliance_version=$APPLIANCE_VERSION \
|
||||
./packer
|
||||
environment:
|
||||
DOCKER_USERNAME:
|
||||
@ -208,9 +206,6 @@ steps:
|
||||
path: /scratch
|
||||
|
||||
- name: Remove temporary resources
|
||||
depends_on:
|
||||
- Kubernetes Bootstrap Appliance
|
||||
- Kubernetes Upgrade Appliance
|
||||
image: bv11-cr01.bessems.eu/library/packer-extended
|
||||
commands:
|
||||
- |
|
||||
|
||||
@ -1,11 +0,0 @@
|
||||
{
|
||||
"plugins": [
|
||||
["@semantic-release/commit-analyzer"],
|
||||
["@semantic-release/release-notes-generator"],
|
||||
["@semantic-release/exec", {
|
||||
"prepareCmd": "export SEMANTICRELEASE_NEXTRELEASEVERSION=${nextRelease.version}",
|
||||
"publishCmd": "echo $SEMANTICRELEASE_NEXTRELEASEVERSION"
|
||||
}],
|
||||
["@semantic-release/git"]
|
||||
]
|
||||
}
|
||||
@ -16,14 +16,16 @@
|
||||
{ 'components': (
|
||||
metacluster_chartvalues |
|
||||
combine({ 'clusterapi': components.clusterapi }) |
|
||||
combine({ 'kubevip' : components.kubevip }) )
|
||||
combine({ 'kubevip' : components.kubevip }) ),
|
||||
'appliance': {
|
||||
'version': (applianceversion)
|
||||
}
|
||||
} | to_nice_yaml(indent=2, width=4096)
|
||||
}}
|
||||
|
||||
- name: Aggregate chart_values into dict
|
||||
ansible.builtin.set_fact:
|
||||
workloadcluster_chartvalues: "{{ workloadcluster_chartvalues | default({}) | combine({ item.key: { 'chart_values': (item.value.chart_values | default('') | from_yaml) } }) }}"
|
||||
# when: item.value.chart_values is defined
|
||||
loop: "{{ query('ansible.builtin.dict', downstream.helm_charts) }}"
|
||||
loop_control:
|
||||
label: "{{ item.key }}"
|
||||
|
||||
@ -1,14 +1,9 @@
|
||||
- block:
|
||||
|
||||
- name: Initialize tempfile
|
||||
ansible.builtin.tempfile:
|
||||
state: file
|
||||
register: values_file
|
||||
|
||||
- name: Write chart values w/ password to tempfile
|
||||
- name: Inject password into values file
|
||||
ansible.builtin.copy:
|
||||
dest: "{{ values_file.path }}"
|
||||
content: "{{ stepca_values.stdout | regex_replace('(ca_password|provisioner_password): ', '\\1: ' ~ (vapp['metacluster.password'] | b64encode)) }}"
|
||||
dest: "{{ stepconfig.path }}"
|
||||
content: "{{ lookup('ansible.builtin.file', stepconfig.path) | regex_replace('(ca_password|provisioner_password): ', '\\1: ' ~ (vapp['metacluster.password'] | b64encode)) }}"
|
||||
no_log: true
|
||||
|
||||
- name: Install step-ca chart
|
||||
@ -21,13 +16,7 @@
|
||||
wait: true
|
||||
kubeconfig: "{{ kubeconfig.path }}"
|
||||
values_files:
|
||||
- "{{ values_file.path }}"
|
||||
|
||||
- name: Cleanup tempfile
|
||||
ansible.builtin.file:
|
||||
path: "{{ values_file.path }}"
|
||||
state: absent
|
||||
when: values_file.path is defined
|
||||
- "{{ stepconfig.path }}"
|
||||
|
||||
- name: Retrieve configmap w/ root certificate
|
||||
kubernetes.core.k8s_info:
|
||||
|
||||
@ -12,6 +12,15 @@
|
||||
- registry
|
||||
- storage
|
||||
|
||||
- name: Create step-ca config dictionary
|
||||
ansible.builtin.set_fact:
|
||||
stepconfig: "{{ { 'path': ansible_env.HOME ~ '/.step/config/values.yaml' } }}"
|
||||
|
||||
- name: Create step-ca target folder
|
||||
ansible.builtin.file:
|
||||
path: "{{ stepconfig.path | dirname }}"
|
||||
state: directory
|
||||
|
||||
- name: Initialize tempfile
|
||||
ansible.builtin.tempfile:
|
||||
state: file
|
||||
@ -36,8 +45,8 @@
|
||||
--address=:9000 \
|
||||
--provisioner=admin \
|
||||
--acme \
|
||||
--password-file={{ stepca_password.path }}
|
||||
register: stepca_values
|
||||
--password-file={{ stepca_password.path }} | tee {{ stepconfig.path }}
|
||||
creates: "{{ stepconfig.path }}"
|
||||
|
||||
- name: Cleanup tempfile
|
||||
ansible.builtin.file:
|
||||
@ -48,7 +57,7 @@
|
||||
- name: Store root CA certificate
|
||||
ansible.builtin.copy:
|
||||
dest: /usr/local/share/ca-certificates/root_ca.crt
|
||||
content: "{{ (stepca_values.stdout | from_yaml).inject.certificates.root_ca }}"
|
||||
content: "{{ (lookup('ansible.builtin.file', stepconfig.path) | from_yaml).inject.certificates.root_ca }}"
|
||||
|
||||
- name: Update certificate truststore
|
||||
ansible.builtin.command:
|
||||
|
||||
@ -0,0 +1,38 @@
|
||||
- block:
|
||||
- name: Install json-server chart
|
||||
kubernetes.core.helm:
|
||||
name: json-server
|
||||
chart_ref: /opt/metacluster/helm-charts/json-server
|
||||
release_namespace: json-server
|
||||
create_namespace: true
|
||||
wait: false
|
||||
kubeconfig: "{{ kubeconfig.path }}"
|
||||
values: |
|
||||
{{
|
||||
components['json-server'].chart_values |
|
||||
combine( {
|
||||
'jsonServer': {
|
||||
'seedData': {
|
||||
'configInline': ( components['json-server'].chart_values.jsonServer.seedData.configInline | to_json )
|
||||
}
|
||||
}
|
||||
} )
|
||||
}}
|
||||
|
||||
- name: Ensure json-server API availability
|
||||
ansible.builtin.uri:
|
||||
url: https://version.{{ vapp['metacluster.fqdn'] }}/healthz
|
||||
method: GET
|
||||
# This mock REST API -ironically- does not support json encoded body argument
|
||||
body_format: raw
|
||||
register: api_readycheck
|
||||
until:
|
||||
- api_readycheck.json.status is defined
|
||||
- api_readycheck.json.status == 'running'
|
||||
retries: "{{ playbook.retries }}"
|
||||
delay: "{{ (storage_benchmark | int) * (playbook.delay.long | int) }}"
|
||||
|
||||
module_defaults:
|
||||
ansible.builtin.uri:
|
||||
validate_certs: no
|
||||
status_code: [200, 201]
|
||||
@ -42,19 +42,30 @@
|
||||
retries: "{{ playbook.retries }}"
|
||||
delay: "{{ (storage_benchmark | int) * (playbook.delay.medium | int) }}"
|
||||
|
||||
- name: Install kubectl tab-completion
|
||||
- name: Install tab-completion
|
||||
ansible.builtin.shell:
|
||||
cmd: kubectl completion bash | tee /etc/bash_completion.d/kubectl
|
||||
cmd: |-
|
||||
{{ item }} completion bash > /etc/bash_completion.d/{{ item }}
|
||||
creates: /etc/bash_completion.d/{{ item }}
|
||||
loop:
|
||||
- kubectl
|
||||
- helm
|
||||
- step
|
||||
|
||||
- name: Initialize tempfile
|
||||
ansible.builtin.tempfile:
|
||||
state: file
|
||||
register: kubeconfig
|
||||
- name: Create kubeconfig dictionary
|
||||
ansible.builtin.set_fact:
|
||||
kubeconfig: "{{ { 'path': ansible_env.HOME ~ '/.kube/config' } }}"
|
||||
|
||||
- name: Create kubeconfig target folder
|
||||
ansible.builtin.file:
|
||||
path: "{{ kubeconfig.path | dirname }}"
|
||||
state: directory
|
||||
|
||||
- name: Retrieve kubeconfig
|
||||
ansible.builtin.command:
|
||||
cmd: kubectl config view --raw
|
||||
register: kubectl_config
|
||||
no_log: true
|
||||
|
||||
- name: Store kubeconfig in tempfile
|
||||
ansible.builtin.copy:
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
- import_tasks: k3s.yml
|
||||
- import_tasks: assets.yml
|
||||
- import_tasks: kube-vip.yml
|
||||
- import_tasks: json-server.yml
|
||||
- import_tasks: storage.yml
|
||||
- import_tasks: ingress.yml
|
||||
- import_tasks: certauthority.yml
|
||||
|
||||
@ -3,8 +3,8 @@ kind: Kustomization
|
||||
resources:
|
||||
- cluster-template.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- |-
|
||||
patches:
|
||||
- patch: |-
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
@ -32,7 +32,7 @@ patchesStrategicMerge:
|
||||
[Network]
|
||||
public-network = "${VSPHERE_NETWORK}"
|
||||
type: Opaque
|
||||
- |-
|
||||
- patch: |-
|
||||
apiVersion: controlplane.cluster.x-k8s.io/v1beta1
|
||||
kind: KubeadmControlPlane
|
||||
metadata:
|
||||
@ -42,7 +42,7 @@ patchesStrategicMerge:
|
||||
kubeadmConfigSpec:
|
||||
clusterConfiguration:
|
||||
imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
|
||||
- |-
|
||||
- patch: |-
|
||||
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
|
||||
kind: KubeadmConfigTemplate
|
||||
metadata:
|
||||
@ -53,7 +53,7 @@ patchesStrategicMerge:
|
||||
spec:
|
||||
clusterConfiguration:
|
||||
imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
|
||||
- |-
|
||||
- patch: |-
|
||||
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
|
||||
kind: KubeadmConfigTemplate
|
||||
metadata:
|
||||
@ -86,7 +86,7 @@ patchesStrategicMerge:
|
||||
{{ _template.rootca | indent(width=14, first=False) | trim }}
|
||||
owner: root:root
|
||||
path: /usr/local/share/ca-certificates/root_ca.crt
|
||||
- |-
|
||||
- patch: |-
|
||||
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
|
||||
kind: VSphereMachineTemplate
|
||||
metadata:
|
||||
@ -105,7 +105,7 @@ patchesStrategicMerge:
|
||||
nameservers:
|
||||
- {{ _template.network.dnsserver }}
|
||||
networkName: '${VSPHERE_NETWORK}'
|
||||
- |-
|
||||
- patch: |-
|
||||
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
|
||||
kind: VSphereMachineTemplate
|
||||
metadata:
|
||||
@ -125,132 +125,131 @@ patchesStrategicMerge:
|
||||
- {{ _template.network.dnsserver }}
|
||||
networkName: '${VSPHERE_NETWORK}'
|
||||
|
||||
patchesJson6902:
|
||||
- target:
|
||||
group: controlplane.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: KubeadmControlPlane
|
||||
name: .*
|
||||
patch: |-
|
||||
- op: add
|
||||
path: /spec/kubeadmConfigSpec/files/-
|
||||
value:
|
||||
content: |
|
||||
[plugins."io.containerd.grpc.v1.cri".registry]
|
||||
config_path = "/etc/containerd/certs.d"
|
||||
append: true
|
||||
path: /etc/containerd/config.toml
|
||||
- target:
|
||||
group: controlplane.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: KubeadmControlPlane
|
||||
name: .*
|
||||
patch: |-
|
||||
- op: add
|
||||
path: /spec/kubeadmConfigSpec/files/-
|
||||
value:
|
||||
content: |
|
||||
[plugins."io.containerd.grpc.v1.cri".registry]
|
||||
config_path = "/etc/containerd/certs.d"
|
||||
append: true
|
||||
path: /etc/containerd/config.toml
|
||||
{% for registry in _template.registries %}
|
||||
- op: add
|
||||
path: /spec/kubeadmConfigSpec/files/-
|
||||
value:
|
||||
content: |
|
||||
server = "https://{{ registry }}"
|
||||
- op: add
|
||||
path: /spec/kubeadmConfigSpec/files/-
|
||||
value:
|
||||
content: |
|
||||
server = "https://{{ registry }}"
|
||||
|
||||
[host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"]
|
||||
capabilities = ["pull", "resolve"]
|
||||
override_path = true
|
||||
owner: root:root
|
||||
path: /etc/containerd/certs.d/{{ registry }}/hosts.toml
|
||||
[host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"]
|
||||
capabilities = ["pull", "resolve"]
|
||||
override_path = true
|
||||
owner: root:root
|
||||
path: /etc/containerd/certs.d/{{ registry }}/hosts.toml
|
||||
{% endfor %}
|
||||
- op: add
|
||||
path: /spec/kubeadmConfigSpec/files/-
|
||||
value:
|
||||
content: |
|
||||
network: {config: disabled}
|
||||
owner: root:root
|
||||
path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
|
||||
- op: add
|
||||
path: /spec/kubeadmConfigSpec/files/-
|
||||
value:
|
||||
content: |
|
||||
{{ _template.rootca | indent(width=12, first=False) | trim }}
|
||||
owner: root:root
|
||||
path: /usr/local/share/ca-certificates/root_ca.crt
|
||||
- target:
|
||||
group: bootstrap.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: KubeadmConfigTemplate
|
||||
name: .*
|
||||
patch: |-
|
||||
- op: add
|
||||
path: /spec/kubeadmConfigSpec/files/-
|
||||
value:
|
||||
content: |
|
||||
network: {config: disabled}
|
||||
owner: root:root
|
||||
path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
|
||||
- op: add
|
||||
path: /spec/kubeadmConfigSpec/files/-
|
||||
value:
|
||||
content: |
|
||||
{{ _template.rootca | indent(width=10, first=False) | trim }}
|
||||
owner: root:root
|
||||
path: /usr/local/share/ca-certificates/root_ca.crt
|
||||
- target:
|
||||
group: bootstrap.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: KubeadmConfigTemplate
|
||||
name: .*
|
||||
patch: |-
|
||||
{% for cmd in _template.runcmds %}
|
||||
- op: add
|
||||
path: /spec/template/spec/preKubeadmCommands/-
|
||||
value: {{ cmd }}
|
||||
- op: add
|
||||
path: /spec/template/spec/preKubeadmCommands/-
|
||||
value: {{ cmd }}
|
||||
{% endfor %}
|
||||
- target:
|
||||
group: controlplane.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: KubeadmControlPlane
|
||||
name: .*
|
||||
patch: |-
|
||||
- target:
|
||||
group: controlplane.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: KubeadmControlPlane
|
||||
name: .*
|
||||
patch: |-
|
||||
{% for cmd in _template.runcmds %}
|
||||
- op: add
|
||||
path: /spec/kubeadmConfigSpec/preKubeadmCommands/-
|
||||
value: {{ cmd }}
|
||||
- op: add
|
||||
path: /spec/kubeadmConfigSpec/preKubeadmCommands/-
|
||||
value: {{ cmd }}
|
||||
{% endfor %}
|
||||
|
||||
- target:
|
||||
group: infrastructure.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: VSphereMachineTemplate
|
||||
name: \${CLUSTER_NAME}
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /metadata/name
|
||||
value: ${CLUSTER_NAME}-master
|
||||
- target:
|
||||
group: controlplane.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: KubeadmControlPlane
|
||||
name: \${CLUSTER_NAME}
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /metadata/name
|
||||
value: ${CLUSTER_NAME}-master
|
||||
- op: replace
|
||||
path: /spec/machineTemplate/infrastructureRef/name
|
||||
value: ${CLUSTER_NAME}-master
|
||||
- target:
|
||||
group: cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: Cluster
|
||||
name: \${CLUSTER_NAME}
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/controlPlaneRef/name
|
||||
value: ${CLUSTER_NAME}-master
|
||||
- target:
|
||||
group: infrastructure.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: VSphereMachineTemplate
|
||||
name: \${CLUSTER_NAME}
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /metadata/name
|
||||
value: ${CLUSTER_NAME}-master
|
||||
- target:
|
||||
group: controlplane.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: KubeadmControlPlane
|
||||
name: \${CLUSTER_NAME}
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /metadata/name
|
||||
value: ${CLUSTER_NAME}-master
|
||||
- op: replace
|
||||
path: /spec/machineTemplate/infrastructureRef/name
|
||||
value: ${CLUSTER_NAME}-master
|
||||
- target:
|
||||
group: cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: Cluster
|
||||
name: \${CLUSTER_NAME}
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/controlPlaneRef/name
|
||||
value: ${CLUSTER_NAME}-master
|
||||
|
||||
- target:
|
||||
group: infrastructure.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: VSphereMachineTemplate
|
||||
name: \${CLUSTER_NAME}-worker
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/template/spec/numCPUs
|
||||
value: {{ _template.nodesize.cpu }}
|
||||
- op: replace
|
||||
path: /spec/template/spec/memoryMiB
|
||||
value: {{ _template.nodesize.memory }}
|
||||
- target:
|
||||
group: cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: MachineDeployment
|
||||
name: \${CLUSTER_NAME}-md-0
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /metadata/name
|
||||
value: ${CLUSTER_NAME}-worker
|
||||
- op: replace
|
||||
path: /spec/template/spec/bootstrap/configRef/name
|
||||
value: ${CLUSTER_NAME}-worker
|
||||
- target:
|
||||
group: bootstrap.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: KubeadmConfigTemplate
|
||||
name: \${CLUSTER_NAME}-md-0
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /metadata/name
|
||||
value: ${CLUSTER_NAME}-worker
|
||||
- target:
|
||||
group: infrastructure.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: VSphereMachineTemplate
|
||||
name: \${CLUSTER_NAME}-worker
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/template/spec/numCPUs
|
||||
value: {{ _template.nodesize.cpu }}
|
||||
- op: replace
|
||||
path: /spec/template/spec/memoryMiB
|
||||
value: {{ _template.nodesize.memory }}
|
||||
- target:
|
||||
group: cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: MachineDeployment
|
||||
name: \${CLUSTER_NAME}-md-0
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /metadata/name
|
||||
value: ${CLUSTER_NAME}-worker
|
||||
- op: replace
|
||||
path: /spec/template/spec/bootstrap/configRef/name
|
||||
value: ${CLUSTER_NAME}-worker
|
||||
- target:
|
||||
group: bootstrap.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: KubeadmConfigTemplate
|
||||
name: \${CLUSTER_NAME}-md-0
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /metadata/name
|
||||
value: ${CLUSTER_NAME}-worker
|
||||
|
||||
@ -5,8 +5,8 @@ resources:
|
||||
- manifests/machinedeployment-{{ _template.cluster.name }}-worker.yaml
|
||||
- manifests/vspheremachinetemplate-{{ _template.cluster.name }}-worker.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- |-
|
||||
patches:
|
||||
- patch: |-
|
||||
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
|
||||
kind: KubeadmConfigTemplate
|
||||
metadata:
|
||||
@ -31,7 +31,7 @@ patchesStrategicMerge:
|
||||
mounts:
|
||||
- - LABEL=blockstorage
|
||||
- /mnt/blockstorage
|
||||
- |-
|
||||
- patch: |-
|
||||
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
|
||||
kind: VSphereMachineTemplate
|
||||
metadata:
|
||||
@ -43,42 +43,41 @@ patchesStrategicMerge:
|
||||
additionalDisksGiB:
|
||||
- {{ _template.nodepool.additionaldisk }}
|
||||
|
||||
patchesJson6902:
|
||||
- target:
|
||||
group: bootstrap.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: KubeadmConfigTemplate
|
||||
name: {{ _template.cluster.name }}-worker
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /metadata/name
|
||||
value: {{ _template.cluster.name }}-worker-storage
|
||||
- target:
|
||||
group: bootstrap.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: KubeadmConfigTemplate
|
||||
name: {{ _template.cluster.name }}-worker
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /metadata/name
|
||||
value: {{ _template.cluster.name }}-worker-storage
|
||||
|
||||
- target:
|
||||
group: cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: MachineDeployment
|
||||
name: {{ _template.cluster.name }}-worker
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /metadata/name
|
||||
value: {{ _template.cluster.name }}-worker-storage
|
||||
- op: replace
|
||||
path: /spec/template/spec/bootstrap/configRef/name
|
||||
value: {{ _template.cluster.name }}-worker-storage
|
||||
- op: replace
|
||||
path: /spec/template/spec/infrastructureRef/name
|
||||
value: {{ _template.cluster.name }}-worker-storage
|
||||
- op: replace
|
||||
path: /spec/replicas
|
||||
value: {{ _template.nodepool.size }}
|
||||
- target:
|
||||
group: cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: MachineDeployment
|
||||
name: {{ _template.cluster.name }}-worker
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /metadata/name
|
||||
value: {{ _template.cluster.name }}-worker-storage
|
||||
- op: replace
|
||||
path: /spec/template/spec/bootstrap/configRef/name
|
||||
value: {{ _template.cluster.name }}-worker-storage
|
||||
- op: replace
|
||||
path: /spec/template/spec/infrastructureRef/name
|
||||
value: {{ _template.cluster.name }}-worker-storage
|
||||
- op: replace
|
||||
path: /spec/replicas
|
||||
value: {{ _template.nodepool.size }}
|
||||
|
||||
- target:
|
||||
group: infrastructure.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: VSphereMachineTemplate
|
||||
name: {{ _template.cluster.name }}-worker
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /metadata/name
|
||||
value: {{ _template.cluster.name }}-worker-storage
|
||||
- target:
|
||||
group: infrastructure.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: VSphereMachineTemplate
|
||||
name: {{ _template.cluster.name }}-worker
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /metadata/name
|
||||
value: {{ _template.cluster.name }}-worker-storage
|
||||
|
||||
@ -1,12 +1,6 @@
|
||||
- import_tasks: service.yml
|
||||
- import_tasks: cron.yml
|
||||
|
||||
- name: Cleanup tempfile
|
||||
ansible.builtin.file:
|
||||
path: "{{ kubeconfig.path }}"
|
||||
state: absent
|
||||
when: kubeconfig.path is defined
|
||||
|
||||
# - name: Reboot host
|
||||
# ansible.builtin.shell:
|
||||
# cmd: systemctl reboot
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
platform:
|
||||
|
||||
k3s:
|
||||
version: v1.25.9+k3s1
|
||||
version: v1.27.1+k3s1
|
||||
|
||||
packaged_components:
|
||||
- name: traefik
|
||||
@ -35,10 +35,6 @@ platform:
|
||||
url: https://argoproj.github.io/argo-helm
|
||||
- name: authentik
|
||||
url: https://charts.goauthentik.io
|
||||
# - name: codecentric
|
||||
# url: https://codecentric.github.io/helm-charts
|
||||
# - name: dex
|
||||
# url: https://charts.dexidp.io
|
||||
- name: gitea-charts
|
||||
url: https://dl.gitea.io/charts/
|
||||
- name: harbor
|
||||
@ -51,6 +47,8 @@ platform:
|
||||
url: https://prometheus-community.github.io/helm-charts
|
||||
- name: smallstep
|
||||
url: https://smallstep.github.io/helm-charts/
|
||||
- name: spamasaurus
|
||||
url: https://code.spamasaurus.com/api/packages/djpbessems/helm
|
||||
|
||||
components:
|
||||
|
||||
@ -115,61 +113,13 @@ components:
|
||||
infrastructure_vsphere: v1.6.0
|
||||
ipam_incluster: v0.1.0-alpha.2
|
||||
# Refer to `https://console.cloud.google.com/gcr/images/cloud-provider-vsphere/GLOBAL/cpi/release/manager` for available tags
|
||||
cpi_vsphere: v1.25.2
|
||||
cpi_vsphere: v1.26.2
|
||||
workload:
|
||||
version:
|
||||
calico: v3.25.0
|
||||
k8s: v1.25.9
|
||||
k8s: v1.27.1
|
||||
node_template:
|
||||
url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2204-kube-v1.25.9.ova
|
||||
|
||||
# dex:
|
||||
# helm:
|
||||
# version: 0.13.0 # (= Dex 2.35.3)
|
||||
# chart: dex/dex
|
||||
# parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
|
||||
# chart_values: !unsafe |
|
||||
# config:
|
||||
# connectors:
|
||||
# - type: ldap
|
||||
# id: ldap
|
||||
# name: "LDAP"
|
||||
# config:
|
||||
# host: "{{ vapp['ldap.fqdn'] }}:636"
|
||||
# insecureNoSSL: false
|
||||
# insecureSkipVerify: true
|
||||
# bindDN: "{{ vapp['ldap.dn'] }}"
|
||||
# bindPW: "{{ vapp['ldap.password'] }}"
|
||||
|
||||
# usernamePrompt: "Username"
|
||||
# userSearch:
|
||||
# baseDN: OU=Administrators,OU=Useraccounts,DC=bessems,DC=eu
|
||||
# filter: "(objectClass=person)"
|
||||
# username: userPrincipalName
|
||||
# idAttr: DN
|
||||
# emailAttr: userPrincipalName
|
||||
# nameAttr: cn
|
||||
|
||||
# groupSearch:
|
||||
# baseDN: OU=Roles,OU=Groups,DC=bessems,DC=eu
|
||||
# filter: "(objectClass=group)"
|
||||
# userMatchers:
|
||||
# - userAttr: DN
|
||||
# groupAttr: member
|
||||
# nameAttr: cn
|
||||
# enablePasswordDB: true
|
||||
# issuer: https://oidc.{{ vapp['metacluster.fqdn'] }}
|
||||
# storage:
|
||||
# type: kubernetes
|
||||
# config:
|
||||
# inCluster: true
|
||||
# ingress:
|
||||
# enabled: true
|
||||
# hosts:
|
||||
# - host: oidc.{{ vapp['metacluster.fqdn'] }}
|
||||
# paths:
|
||||
# - path: /
|
||||
# pathType: Prefix
|
||||
url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2204-kube-v1.27.1.ova
|
||||
|
||||
gitea:
|
||||
helm:
|
||||
@ -225,37 +175,35 @@ components:
|
||||
registry:
|
||||
size: 25Gi
|
||||
|
||||
# keycloakx:
|
||||
# helm:
|
||||
# version: 2.1.1 # (= Keycloak 20.0.3)
|
||||
# chart: codecentric/keycloakx
|
||||
# parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
|
||||
# chart_values: !unsafe |
|
||||
# command:
|
||||
# - "/opt/keycloak/bin/kc.sh"
|
||||
# - "start"
|
||||
# - "--http-enabled=true"
|
||||
# - "--http-port=8080"
|
||||
# - "--hostname-strict=false"
|
||||
# - "--hostname-strict-https=false"
|
||||
# extraEnv: |
|
||||
# - name: KEYCLOAK_ADMIN
|
||||
# value: admin
|
||||
# - name: KEYCLOAK_ADMIN_PASSWORD
|
||||
# value: {{ vapp['metacluster.password'] }}
|
||||
# - name: KC_PROXY
|
||||
# value: "passthrough"
|
||||
# - name: JAVA_OPTS_APPEND
|
||||
# value: >-
|
||||
# -Djgroups.dns.query={% raw %}{{ include "keycloak.fullname" . }}{% endraw %}-headless
|
||||
# ingress:
|
||||
# enabled: true
|
||||
# rules:
|
||||
# - host: keycloak.{{ vapp['metacluster.fqdn'] }}
|
||||
# paths:
|
||||
# - path: /
|
||||
# pathType: Prefix
|
||||
# tls: []
|
||||
json-server:
|
||||
helm:
|
||||
version: v0.8.1
|
||||
chart: spamasaurus/json-server
|
||||
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
|
||||
chart_values: !unsafe |
|
||||
ingress:
|
||||
enabled: true
|
||||
hosts:
|
||||
- host: version.{{ vapp['metacluster.fqdn'] }}
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
jsonServer:
|
||||
seedData:
|
||||
configInline: |
|
||||
{
|
||||
"appliance": { "version": "{{ appliance.version }}" },
|
||||
"components": [
|
||||
{ "id": 0,
|
||||
"name": "cluster-api",
|
||||
"management": { "foo": "bar" },
|
||||
"workload": { "foo": "bar" }
|
||||
}
|
||||
],
|
||||
"healthz": { "status": "running" }
|
||||
}
|
||||
sidecar:
|
||||
targetUrl: version.{{ vapp['metacluster.fqdn'] }}
|
||||
|
||||
kube-prometheus-stack:
|
||||
helm:
|
||||
|
||||
@ -28,6 +28,7 @@ build {
|
||||
|
||||
extra_arguments = [
|
||||
"--extra-vars", "appliancetype=${source.name}",
|
||||
"--extra-vars", "applianceversion=${var.appliance_version}",
|
||||
"--extra-vars", "ansible_ssh_pass=${var.ssh_password}",
|
||||
"--extra-vars", "docker_username=${var.docker_username}",
|
||||
"--extra-vars", "docker_password=${var.docker_password}",
|
||||
@ -45,7 +46,7 @@ build {
|
||||
" -ManifestFileName '/scratch/bld_${var.vm_name}_${source.name}.mf'",
|
||||
"ovftool --acceptAllEulas --allowExtraConfig --overwrite \\",
|
||||
" '/scratch/bld_${var.vm_name}_${source.name}.ovf' \\",
|
||||
" /output/airgapped-k8s-${var.next_release_version}+${var.k8s_version}-${source.name}.ova"
|
||||
" /output/airgapped-k8s-${var.appliance_version}+${var.k8s_version}-${source.name}.ova"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
@ -34,5 +34,5 @@ variable "docker_password" {
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
variable "appliance_version" {}
|
||||
variable "k8s_version" {}
|
||||
variable "next_release_version" {}
|
||||
|
||||
Reference in New Issue
Block a user