platform: k3s: version: v1.24.1+k3s1 gitops: repository: uri: https://code.spamasaurus.com/djpbessems/GitOps.MetaCluster.git # revision: v0.1.0 revision: HEAD packaged_components: - name: traefik namespace: kube-system config: |2 additionalArguments: - "--certificatesResolvers.stepca.acme.caserver=https://step-certificates.step-ca.svc.cluster.local/acme/acme/directory" - "--certificatesResolvers.stepca.acme.email=admin" - "--certificatesResolvers.stepca.acme.storage=/data/acme.json" - "--certificatesResolvers.stepca.acme.tlsChallenge=true" - "--certificatesresolvers.stepca.acme.certificatesduration=24" globalArguments: [] ingressRoute: dashboard: enabled: false ports: ssh: port: 8022 protocol: TCP web: redirectTo: websecure websecure: tls: certResolver: stepca helm_repositories: - name: argo url: https://argoproj.github.io/argo-helm - name: gitea-charts url: https://dl.gitea.io/charts/ - name: harbor url: https://helm.goharbor.io - name: jetstack url: https://charts.jetstack.io - name: longhorn url: https://charts.longhorn.io - name: sealed-secrets url: https://bitnami-labs.github.io/sealed-secrets - name: smallstep url: https://smallstep.github.io/helm-charts/ components: argo-cd: helm: version: 4.9.7 # (= ArgoCD v2.4.2) chart: argo/argo-cd parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' chart_values: !unsafe | configs: secret: argocdServerAdminPassword: "{{ vapp['guestinfo.rootpw'] | password_hash('bcrypt') }}" server: extraArgs: - --insecure ingress: enabled: true hosts: - gitops.{{ vapp['metacluster.fqdn'] }} cert-manager: helm: version: 1.9.1 chart: jetstack/cert-manager parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' # chart_values: !unsafe | # installCRDs: true clusterapi: manifest: version: base: v1.2.4 infrastructure_vsphere: v1.3.5 gitea: helm: version: v6.0.0 # (= Gitea v1.17.1) chart: gitea-charts/gitea parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/' chart_values: !unsafe | gitea: admin: username: administrator password: "{{ vapp['guestinfo.rootpw'] }}" email: admin@{{ vapp['metacluster.fqdn'] }} config: server: OFFLINE_MODE: true PROTOCOL: http ROOT_URL: https://git.{{ vapp['metacluster.fqdn'] }}/ image: pullPolicy: IfNotPresent ingress: enabled: true hosts: - host: git.{{ vapp['metacluster.fqdn'] }} paths: - path: / pathType: Prefix service: ssh: type: ClusterIP port: 22 clusterIP: harbor: helm: version: 1.9.1 # (= Harbor v2.5.1) chart: harbor/harbor parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' chart_values: !unsafe | expose: ingress: annotations: {} hosts: core: registry.{{ vapp['metacluster.fqdn'] }} tls: certSource: none enabled: false externalURL: https://registry.{{ vapp['metacluster.fqdn'] }} harborAdminPassword: "{{ vapp['guestinfo.rootpw'] }}" notary: enabled: false longhorn: helm: version: 1.3.0 chart: longhorn/longhorn parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag' chart_values: !unsafe | defaultSettings: defaultDataPath: /mnt/blockstorage defaultReplicaCount: 1 ingress: enabled: true host: storage.{{ vapp['metacluster.fqdn'] }} persistence: defaultClassReplicaCount: 1 sealed-secrets: helm: version: 2.4.0 # (= SealedSecrets v0.18.1) chart: sealed-secrets/sealed-secrets parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' step-certificates: helm: version: 1.18.2+20220324 chart: smallstep/step-certificates parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u chart_values: !unsafe | ca: bootstrap: postInitHook: | echo '{{ vapp["guestinfo.rootpw"] }}' > ~/pwfile step ca provisioner add acme \ --type ACME \ --password-file=~/pwfile \ --force-cn rm ~/pwfile dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1 password: "{{ vapp['guestinfo.rootpw'] }}" provisioner: name: admin password: "{{ vapp['guestinfo.rootpw'] }}" inject: secrets: ca_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}" provisioner_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}" service: targetPort: 9000 dependencies: ansible_galaxy_collections: - ansible.posix - ansible.utils - community.crypto - community.general - community.vmware - kubernetes.core container_images: - vmware/powerclicore:12.7 static_binaries: - filename: clusterctl url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.2.3/clusterctl-linux-amd64 - filename: govc url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz archive: compressed - filename: helm url: https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz archive: compressed extra_opts: --strip-components=1 - filename: kubeseal url: https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.18.2/kubeseal-0.18.2-linux-amd64.tar.gz archive: compressed - filename: skopeo url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.10.0/skopeo - filename: step url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.22.0/step_linux_0.22.0_amd64.tar.gz archive: compressed extra_opts: --strip-components=2 - filename: yq url: http://github.com/mikefarah/yq/releases/download/v4.25.3/yq_linux_amd64 packages: apt: - lvm2 pip: - jmespath - kubernetes - netaddr - passlib - pyvmomi