build: Add missing variables

feat: Add version/metadata API endpoint
build: Disable parallel builds entirely
2023-07-07 17:12:20 +02:00 · 2023-07-07 16:48:32 +02:00 · 2023-07-07 14:33:47 +02:00 · 2023-07-07 10:30:20 +02:00 · 2023-07-06 13:01:35 +02:00 · 2023-05-19 13:43:23 +02:00
9 changed files with 244 additions and 184 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -21,8 +21,8 @@ steps:
  - yamllint --version

 - name: Linting
-  depends_on:
-  - Debugging information
+  # depends_on:
+  # - Debugging information
  image: bv11-cr01.bessems.eu/library/packer-extended
  pull: always
  commands:
@ -33,8 +33,8 @@ steps:
      scripts

 - name: Install Ansible Galaxy collections
-  depends_on:
-  - Linting
+  # depends_on:
+  # - Linting
  image: bv11-cr01.bessems.eu/library/packer-extended
  pull: always
  commands:
@ -47,8 +47,8 @@ steps:
    path: /scratch

 - name: Kubernetes Bootstrap Appliance
-  depends_on:
-  - Install Ansible Galaxy collections
+  # depends_on:
+  # - Install Ansible Galaxy collections
  image: bv11-cr01.bessems.eu/library/packer-extended
  pull: always
  commands:
@ -106,8 +106,8 @@ steps:
    path: /scratch

 - name: Kubernetes Upgrade Appliance
-  depends_on:
-  - Install Ansible Galaxy collections
+  # depends_on:
+  # - Install Ansible Galaxy collections
  image: bv11-cr01.bessems.eu/library/packer-extended
  pull: alwaysquery(
  commands:
@ -165,9 +165,9 @@ steps:
    path: /scratch

 - name: Remove temporary resources
-  depends_on:
-  - Kubernetes Bootstrap Appliance
-  - Kubernetes Upgrade Appliance
+  # depends_on:
+  # - Kubernetes Bootstrap Appliance
+  # - Kubernetes Upgrade Appliance
  image: bv11-cr01.bessems.eu/library/packer-extended
  commands:
  - |
--- a/ansible/roles/assets/tasks/manifests.yml
+++ b/ansible/roles/assets/tasks/manifests.yml
@ -16,14 +16,16 @@
            { 'components': (
              metacluster_chartvalues |
              combine({ 'clusterapi': components.clusterapi }) |
-              combine({ 'kubevip'   : components.kubevip }) )
+              combine({ 'kubevip'   : components.kubevip }) ),
+              'appliance': {
+                'version': (applianceversion)
+              }
            } | to_nice_yaml(indent=2, width=4096)
          }}

    - name: Aggregate chart_values into dict
      ansible.builtin.set_fact:
        workloadcluster_chartvalues: "{{ workloadcluster_chartvalues | default({}) | combine({ item.key: { 'chart_values': (item.value.chart_values | default('') | from_yaml) } }) }}"
-      # when: item.value.chart_values is defined
      loop: "{{ query('ansible.builtin.dict', downstream.helm_charts) }}"
      loop_control:
        label: "{{ item.key }}"
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/json-server.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/json-server.yml
@ -0,0 +1,27 @@
+- block:
+    - name: Install json-server chart
+      kubernetes.core.helm:
+        name: json-server
+        chart_ref: /opt/metacluster/helm-charts/json-server
+        release_namespace: json-server
+        create_namespace: true
+        wait: false
+        kubeconfig: "{{ kubeconfig.path }}"
+        values: "{{ components['json-server'].chart_values }}"
+
+    - name: Ensure json-server API availability
+      ansible.builtin.uri:
+        url: https://version.{{ vapp['metacluster.fqdn'] }}/healthz
+        method: GET
+      register: api_readycheck
+      until:
+        - api_readycheck.json.status is defined
+        - api_readycheck.json.status == 'running'
+      retries: "{{ playbook.retries }}"
+      delay: "{{ (storage_benchmark | int) * (playbook.delay.long | int) }}"
+
+  module_defaults:
+    ansible.builtin.uri:
+      validate_certs: no
+      status_code: [200, 201]
+      body_format: json
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/main.yml
@ -1,5 +1,6 @@
 - import_tasks: init.yml
 - import_tasks: k3s.yml
+- import_tasks: json-server.yml
 - import_tasks: assets.yml
 - import_tasks: kube-vip.yml
 - import_tasks: storage.yml
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2
@ -3,8 +3,8 @@ kind: Kustomization
 resources:
 - cluster-template.yaml

-patchesStrategicMerge:
-  - |-
+patches:
+- patch: |-
    apiVersion: v1
    kind: Secret
    metadata:
@ -32,7 +32,7 @@ patchesStrategicMerge:
            [Network]
            public-network = "${VSPHERE_NETWORK}"
        type: Opaque
-  - |-
+- patch: |-
    apiVersion: controlplane.cluster.x-k8s.io/v1beta1
    kind: KubeadmControlPlane
    metadata:
@ -42,7 +42,7 @@ patchesStrategicMerge:
      kubeadmConfigSpec:
        clusterConfiguration:
          imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
-  - |-
+- patch: |-
    apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
    kind: KubeadmConfigTemplate
    metadata:
@ -53,7 +53,7 @@ patchesStrategicMerge:
        spec:
          clusterConfiguration:
            imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
-  - |-
+- patch: |-
    apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
    kind: KubeadmConfigTemplate
    metadata:
@ -86,7 +86,7 @@ patchesStrategicMerge:
              {{ _template.rootca | indent(width=14, first=False) | trim }}
            owner: root:root
            path: /usr/local/share/ca-certificates/root_ca.crt
-  - |-
+- patch: |-
    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
    kind: VSphereMachineTemplate
    metadata:
@ -105,7 +105,7 @@ patchesStrategicMerge:
              nameservers:
              - {{ _template.network.dnsserver }}
              networkName: '${VSPHERE_NETWORK}'
-  - |-
+- patch: |-
    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
    kind: VSphereMachineTemplate
    metadata:
@ -125,132 +125,131 @@ patchesStrategicMerge:
              - {{ _template.network.dnsserver }}
              networkName: '${VSPHERE_NETWORK}'

-patchesJson6902:
-  - target:
-      group: controlplane.cluster.x-k8s.io
-      version: v1beta1
-      kind: KubeadmControlPlane
-      name: .*
-    patch: |-
-      - op: add
-        path: /spec/kubeadmConfigSpec/files/-
-        value:
-          content: |
-              [plugins."io.containerd.grpc.v1.cri".registry]
-                config_path = "/etc/containerd/certs.d"
-          append: true
-          path: /etc/containerd/config.toml
+- target:
+    group: controlplane.cluster.x-k8s.io
+    version: v1beta1
+    kind: KubeadmControlPlane
+    name: .*
+  patch: |-
+    - op: add
+      path: /spec/kubeadmConfigSpec/files/-
+      value:
+        content: |
+            [plugins."io.containerd.grpc.v1.cri".registry]
+              config_path = "/etc/containerd/certs.d"
+        append: true
+        path: /etc/containerd/config.toml
 {% for registry in _template.registries %}
-      - op: add
-        path: /spec/kubeadmConfigSpec/files/-
-        value:
-          content: |
-            server = "https://{{ registry }}"
+    - op: add
+      path: /spec/kubeadmConfigSpec/files/-
+      value:
+        content: |
+          server = "https://{{ registry }}"

-            [host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"]
-              capabilities = ["pull", "resolve"]
-              override_path = true
-          owner: root:root
-          path: /etc/containerd/certs.d/{{ registry }}/hosts.toml
+          [host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"]
+            capabilities = ["pull", "resolve"]
+            override_path = true
+        owner: root:root
+        path: /etc/containerd/certs.d/{{ registry }}/hosts.toml
 {% endfor %}
-      - op: add
-        path: /spec/kubeadmConfigSpec/files/-
-        value:
-          content: |
-            network: {config: disabled}
-          owner: root:root
-          path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
-      - op: add
-        path: /spec/kubeadmConfigSpec/files/-
-        value:
-          content: |
-            {{ _template.rootca | indent(width=12, first=False) | trim }}
-          owner: root:root
-          path: /usr/local/share/ca-certificates/root_ca.crt
-  - target:
-      group: bootstrap.cluster.x-k8s.io
-      version: v1beta1
-      kind: KubeadmConfigTemplate
-      name: .*
-    patch: |-
+    - op: add
+      path: /spec/kubeadmConfigSpec/files/-
+      value:
+        content: |
+          network: {config: disabled}
+        owner: root:root
+        path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
+    - op: add
+      path: /spec/kubeadmConfigSpec/files/-
+      value:
+        content: |
+          {{ _template.rootca | indent(width=10, first=False) | trim }}
+        owner: root:root
+        path: /usr/local/share/ca-certificates/root_ca.crt
+- target:
+    group: bootstrap.cluster.x-k8s.io
+    version: v1beta1
+    kind: KubeadmConfigTemplate
+    name: .*
+  patch: |-
 {% for cmd in _template.runcmds %}
-      - op: add
-        path: /spec/template/spec/preKubeadmCommands/-
-        value: {{ cmd }}
+    - op: add
+      path: /spec/template/spec/preKubeadmCommands/-
+      value: {{ cmd }}
 {% endfor %}
-  - target:
-      group: controlplane.cluster.x-k8s.io
-      version: v1beta1
-      kind: KubeadmControlPlane
-      name: .*
-    patch: |-
+- target:
+    group: controlplane.cluster.x-k8s.io
+    version: v1beta1
+    kind: KubeadmControlPlane
+    name: .*
+  patch: |-
 {% for cmd in _template.runcmds %}
-      - op: add
-        path: /spec/kubeadmConfigSpec/preKubeadmCommands/-
-        value: {{ cmd }}
+    - op: add
+      path: /spec/kubeadmConfigSpec/preKubeadmCommands/-
+      value: {{ cmd }}
 {% endfor %}

-  - target:
-      group: infrastructure.cluster.x-k8s.io
-      version: v1beta1
-      kind: VSphereMachineTemplate
-      name: \${CLUSTER_NAME}
-    patch: |-
-      - op: replace
-        path: /metadata/name
-        value: ${CLUSTER_NAME}-master
-  - target:
-      group: controlplane.cluster.x-k8s.io
-      version: v1beta1
-      kind: KubeadmControlPlane
-      name: \${CLUSTER_NAME}
-    patch: |-
-      - op: replace
-        path: /metadata/name
-        value: ${CLUSTER_NAME}-master
-      - op: replace
-        path: /spec/machineTemplate/infrastructureRef/name
-        value: ${CLUSTER_NAME}-master
-  - target:
-      group: cluster.x-k8s.io
-      version: v1beta1
-      kind: Cluster
-      name: \${CLUSTER_NAME}
-    patch: |-
-      - op: replace
-        path: /spec/controlPlaneRef/name
-        value: ${CLUSTER_NAME}-master
+- target:
+    group: infrastructure.cluster.x-k8s.io
+    version: v1beta1
+    kind: VSphereMachineTemplate
+    name: \${CLUSTER_NAME}
+  patch: |-
+    - op: replace
+      path: /metadata/name
+      value: ${CLUSTER_NAME}-master
+- target:
+    group: controlplane.cluster.x-k8s.io
+    version: v1beta1
+    kind: KubeadmControlPlane
+    name: \${CLUSTER_NAME}
+  patch: |-
+    - op: replace
+      path: /metadata/name
+      value: ${CLUSTER_NAME}-master
+    - op: replace
+      path: /spec/machineTemplate/infrastructureRef/name
+      value: ${CLUSTER_NAME}-master
+- target:
+    group: cluster.x-k8s.io
+    version: v1beta1
+    kind: Cluster
+    name: \${CLUSTER_NAME}
+  patch: |-
+    - op: replace
+      path: /spec/controlPlaneRef/name
+      value: ${CLUSTER_NAME}-master

-  - target:
-      group: infrastructure.cluster.x-k8s.io
-      version: v1beta1
-      kind: VSphereMachineTemplate
-      name: \${CLUSTER_NAME}-worker
-    patch: |-
-      - op: replace
-        path: /spec/template/spec/numCPUs
-        value: {{ _template.nodesize.cpu }}
-      - op: replace
-        path: /spec/template/spec/memoryMiB
-        value: {{ _template.nodesize.memory }}
-  - target:
-      group: cluster.x-k8s.io
-      version: v1beta1
-      kind: MachineDeployment
-      name: \${CLUSTER_NAME}-md-0
-    patch: |-
-      - op: replace
-        path: /metadata/name
-        value: ${CLUSTER_NAME}-worker
-      - op: replace
-        path: /spec/template/spec/bootstrap/configRef/name
-        value: ${CLUSTER_NAME}-worker
-  - target:
-      group: bootstrap.cluster.x-k8s.io
-      version: v1beta1
-      kind: KubeadmConfigTemplate
-      name: \${CLUSTER_NAME}-md-0
-    patch: |-
-      - op: replace
-        path: /metadata/name
-        value: ${CLUSTER_NAME}-worker
+- target:
+    group: infrastructure.cluster.x-k8s.io
+    version: v1beta1
+    kind: VSphereMachineTemplate
+    name: \${CLUSTER_NAME}-worker
+  patch: |-
+    - op: replace
+      path: /spec/template/spec/numCPUs
+      value: {{ _template.nodesize.cpu }}
+    - op: replace
+      path: /spec/template/spec/memoryMiB
+      value: {{ _template.nodesize.memory }}
+- target:
+    group: cluster.x-k8s.io
+    version: v1beta1
+    kind: MachineDeployment
+    name: \${CLUSTER_NAME}-md-0
+  patch: |-
+    - op: replace
+      path: /metadata/name
+      value: ${CLUSTER_NAME}-worker
+    - op: replace
+      path: /spec/template/spec/bootstrap/configRef/name
+      value: ${CLUSTER_NAME}-worker
+- target:
+    group: bootstrap.cluster.x-k8s.io
+    version: v1beta1
+    kind: KubeadmConfigTemplate
+    name: \${CLUSTER_NAME}-md-0
+  patch: |-
+    - op: replace
+      path: /metadata/name
+      value: ${CLUSTER_NAME}-worker
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.nodepool.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.nodepool.j2
@ -5,8 +5,8 @@ resources:
 - manifests/machinedeployment-{{ _template.cluster.name }}-worker.yaml
 - manifests/vspheremachinetemplate-{{ _template.cluster.name }}-worker.yaml

-patchesStrategicMerge:
-  - |-
+patches:
+- patch: |-
    apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
    kind: KubeadmConfigTemplate
    metadata:
@ -31,7 +31,7 @@ patchesStrategicMerge:
          mounts:
          - - LABEL=blockstorage
            - /mnt/blockstorage
-  - |-
+- patch: |-
    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
    kind: VSphereMachineTemplate
    metadata:
@ -43,42 +43,41 @@ patchesStrategicMerge:
          additionalDisksGiB:
          - {{ _template.nodepool.additionaldisk }}

-patchesJson6902:
-  - target:
-      group: bootstrap.cluster.x-k8s.io
-      version: v1beta1
-      kind: KubeadmConfigTemplate
-      name: {{ _template.cluster.name }}-worker
-    patch: |-
-      - op: replace
-        path: /metadata/name
-        value: {{ _template.cluster.name }}-worker-storage
+- target:
+    group: bootstrap.cluster.x-k8s.io
+    version: v1beta1
+    kind: KubeadmConfigTemplate
+    name: {{ _template.cluster.name }}-worker
+  patch: |-
+    - op: replace
+      path: /metadata/name
+      value: {{ _template.cluster.name }}-worker-storage

-  - target:
-      group: cluster.x-k8s.io
-      version: v1beta1
-      kind: MachineDeployment
-      name: {{ _template.cluster.name }}-worker
-    patch: |-
-      - op: replace
-        path: /metadata/name
-        value: {{ _template.cluster.name }}-worker-storage
-      - op: replace
-        path: /spec/template/spec/bootstrap/configRef/name
-        value: {{ _template.cluster.name }}-worker-storage
-      - op: replace
-        path: /spec/template/spec/infrastructureRef/name
-        value: {{ _template.cluster.name }}-worker-storage
-      - op: replace
-        path: /spec/replicas
-        value: {{ _template.nodepool.size }}
+- target:
+    group: cluster.x-k8s.io
+    version: v1beta1
+    kind: MachineDeployment
+    name: {{ _template.cluster.name }}-worker
+  patch: |-
+    - op: replace
+      path: /metadata/name
+      value: {{ _template.cluster.name }}-worker-storage
+    - op: replace
+      path: /spec/template/spec/bootstrap/configRef/name
+      value: {{ _template.cluster.name }}-worker-storage
+    - op: replace
+      path: /spec/template/spec/infrastructureRef/name
+      value: {{ _template.cluster.name }}-worker-storage
+    - op: replace
+      path: /spec/replicas
+      value: {{ _template.nodepool.size }}

-  - target:
-      group: infrastructure.cluster.x-k8s.io
-      version: v1beta1
-      kind: VSphereMachineTemplate
-      name: {{ _template.cluster.name }}-worker
-    patch: |-
-      - op: replace
-        path: /metadata/name
-        value: {{ _template.cluster.name }}-worker-storage
+- target:
+    group: infrastructure.cluster.x-k8s.io
+    version: v1beta1
+    kind: VSphereMachineTemplate
+    name: {{ _template.cluster.name }}-worker
+  patch: |-
+    - op: replace
+      path: /metadata/name
+      value: {{ _template.cluster.name }}-worker-storage
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@ -1,7 +1,7 @@
 platform:

  k3s:
-    version: v1.26.3+k3s1
+    version: v1.27.1+k3s1

  packaged_components:
    - name: traefik
@ -51,6 +51,8 @@ platform:
      url: https://prometheus-community.github.io/helm-charts
    - name: smallstep
      url: https://smallstep.github.io/helm-charts/
+    - name: spamasaurus
+      url: https://code.spamasaurus.com/api/packages/djpbessems/helm

 components:

@ -115,13 +117,13 @@ components:
        infrastructure_vsphere: v1.6.0
        ipam_incluster: v0.1.0-alpha.2
        # Refer to `https://console.cloud.google.com/gcr/images/cloud-provider-vsphere/GLOBAL/cpi/release/manager` for available tags
-        cpi_vsphere: v1.26.0
+        cpi_vsphere: v1.26.1
    workload:
      version:
        calico: v3.25.0
-        k8s: v1.26.3
+        k8s: v1.27.1
      node_template:
-        url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2004-kube-v1.26.3.ova
+        url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2204-kube-v1.27.1.ova

  # dex:
  #   helm:
@ -225,6 +227,34 @@ components:
            registry:
              size: 25Gi

+  json-server:
+    helm:
+      version: v0.5.1
+      chart: spamasaurus/json-server
+      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
+      chart_values: !unsafe |
+        ingress:
+          enabled: true
+          hosts:
+            - host: version.{{ vapp['metacluster.fqdn'] }}
+              paths:
+                - path: /
+                  pathType: Prefix
+        seedData:
+          configInline: |
+            {
+              "appliance": { "version": "{{ appliance.version }}" },
+              "components": [
+                { "app": "argo-cd", "version": "{{ components[argo-cd].helm.version }}" },
+                { "app": "cert-manager", "version": "{{ components[cert-manager].helm.version }}" },
+                { "app": "cluster-api",
+                  "management": { "foo": "bar" },
+                  "workload": { "foo": "bar" }
+                }
+              ],
+              "healthz": { "status": "running" }
+            }
+
  # keycloakx:
  #   helm:
  #     version: 2.1.1  # (= Keycloak 20.0.3)
--- a/packer/build.pkr.hcl
+++ b/packer/build.pkr.hcl
@ -28,6 +28,7 @@ build {

    extra_arguments  = [
      "--extra-vars", "appliancetype=${source.name}",
+      "--extra-vars", "applianceversion=${var.appliance_version}",
      "--extra-vars", "ansible_ssh_pass=${var.ssh_password}",
      "--extra-vars", "docker_username=${var.docker_username}",
      "--extra-vars", "docker_password=${var.docker_password}",
--- a/packer/variables.pkr.hcl
+++ b/packer/variables.pkr.hcl
@ -34,4 +34,5 @@ variable "docker_password" {
    sensitive = true
 }

+variable "appliance_version" {}
 variable "k8s_version" {}
Author	SHA1	Message	Date
Danny Bessems	a5248bd54c	build: Add missing variables Some checks failed continuous-integration/drone/push Build is failing Details	2023-07-07 17:12:20 +02:00
Danny Bessems	cbedc9679f	feat: Add version/metadata API endpoint Some checks failed continuous-integration/drone/push Build is failing Details	2023-07-07 16:48:32 +02:00
Danny Bessems	740b6b3dc9	build: Disable parallel builds entirely All checks were successful continuous-integration/drone/push Build is passing Details	2023-07-07 14:33:47 +02:00
Danny Bessems	0ba87988bc	fix: Incorrect indentation causing malformed PEM file Some checks failed continuous-integration/drone/push Build is failing Details	2023-07-07 10:30:20 +02:00
Danny Bessems	aa14a8a3a8	fix: Refactor kustomize templates All checks were successful continuous-integration/drone/push Build is passing Details	2023-07-06 13:01:35 +02:00
Danny Bessems	48c14afd0f	New major version branch All checks were successful continuous-integration/drone/push Build is passing Details	2023-05-19 13:43:23 +02:00
Danny Bessems	2addda3f06	Upgrade node template OS version;Upgrade K8s minor version All checks were successful continuous-integration/drone/push Build is passing Details	2023-05-19 12:19:06 +02:00