Packer.Images/ansible/vars/metacluster.yml
Danny Bessems 6bd49750a4
Some checks failed
continuous-integration/drone/push Build is failing
Add missing key/parameter;Fix dependency type;Add k8s version to filename
2023-03-15 10:24:45 +01:00

320 lines
11 KiB
YAML

platform:
k3s:
version: v1.26.1+k3s1
gitops:
repository:
uri: https://code.spamasaurus.com/djpbessems/GitOps.MetaCluster.git
# revision: v0.1.0
revision: HEAD
packaged_components:
- name: traefik
namespace: kube-system
config: |2
additionalArguments:
- "--certificatesResolvers.stepca.acme.caserver=https://step-certificates.step-ca.svc.cluster.local/acme/acme/directory"
- "--certificatesResolvers.stepca.acme.email=admin"
- "--certificatesResolvers.stepca.acme.storage=/data/acme.json"
- "--certificatesResolvers.stepca.acme.tlsChallenge=true"
- "--certificatesresolvers.stepca.acme.certificatesduration=24"
globalArguments: []
ingressRoute:
dashboard:
enabled: false
ports:
ssh:
port: 8022
protocol: TCP
web:
redirectTo: websecure
websecure:
tls:
certResolver: stepca
updateStrategy:
type: Recreate
rollingUpdate: null
helm_repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
- name: dex
url: https://charts.dexidp.io
- name: gitea-charts
url: https://dl.gitea.io/charts/
- name: harbor
url: https://helm.goharbor.io
- name: jetstack
url: https://charts.jetstack.io
- name: longhorn
url: https://charts.longhorn.io
- name: prometheus-community
url: https://prometheus-community.github.io/helm-charts
- name: smallstep
url: https://smallstep.github.io/helm-charts/
components:
argo-cd:
helm:
version: 5.24.0 # (= ArgoCD v2.6.3)
chart: argo/argo-cd
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
configs:
secret:
argocdServerAdminPassword: "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}"
server:
extraArgs:
- --insecure
ingress:
enabled: true
hosts:
- gitops.{{ vapp['metacluster.fqdn'] }}
cert-manager:
helm:
version: 1.11.0
chart: jetstack/cert-manager
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
# chart_values: !unsafe |
# installCRDs: true
clusterapi:
management:
version:
# Must match the version referenced at `dependencies.static_binaries[.filename==clusterctl].url`
base: v1.3.5
# Must match the version referenced at `components.cert-manager.helm.version`
cert_manager: v1.11.0
infrastructure_vsphere: v1.5.3
ipam_incluster: v0.1.0-alpha.2
workload:
version:
calico: v3.25.0
# k8s: v1.25.5
k8s: v1.26.2
node_template:
# url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2004-kube-v1.23.15.ova
url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2004-kube-v1.26.2.ova
dex:
helm:
version: 0.13.0 # (= Dex 2.35.3)
chart: dex/dex
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
config:
connectors:
- type: ldap
id: ldap
name: "LDAP"
config:
host: "{{ vapp['ldap.fqdn'] }}:636"
insecureNoSSL: false
insecureSkipVerify: true
bindDN: "{{ vapp['ldap.dn'] }}"
bindPW: "{{ vapp['ldap.password'] }}"
usernamePrompt: "Username"
userSearch:
baseDN: OU=Administrators,OU=Useraccounts,DC=bessems,DC=eu
filter: "(objectClass=person)"
username: userPrincipalName
idAttr: DN
emailAttr: userPrincipalName
nameAttr: cn
groupSearch:
baseDN: OU=Roles,OU=Groups,DC=bessems,DC=eu
filter: "(objectClass=group)"
userMatchers:
- userAttr: DN
groupAttr: member
nameAttr: cn
enablePasswordDB: true
issuer: https://oidc.{{ vapp['metacluster.fqdn'] }}
storage:
type: kubernetes
config:
inCluster: true
ingress:
enabled: true
hosts:
- host: oidc.{{ vapp['metacluster.fqdn'] }}
paths:
- path: /
pathType: Prefix
gitea:
helm:
version: v7.0.2 # (= Gitea v1.18.3)
chart: gitea-charts/gitea
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/'
chart_values: !unsafe |
gitea:
admin:
username: administrator
password: "{{ vapp['metacluster.password'] }}"
email: admin@{{ vapp['metacluster.fqdn'] }}
config:
server:
OFFLINE_MODE: true
PROTOCOL: http
ROOT_URL: https://git.{{ vapp['metacluster.fqdn'] }}/
image:
pullPolicy: IfNotPresent
ingress:
enabled: true
hosts:
- host: git.{{ vapp['metacluster.fqdn'] }}
paths:
- path: /
pathType: Prefix
service:
ssh:
type: ClusterIP
port: 22
clusterIP:
harbor:
helm:
version: 1.11.0 # (= Harbor v2.7.0)
chart: harbor/harbor
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
expose:
ingress:
annotations: {}
hosts:
core: registry.{{ vapp['metacluster.fqdn'] }}
tls:
certSource: none
enabled: false
externalURL: https://registry.{{ vapp['metacluster.fqdn'] }}
harborAdminPassword: "{{ vapp['metacluster.password'] }}"
notary:
enabled: false
persistence:
persistentVolumeClaim:
registry:
size: 25Gi
kube-prometheus-stack:
helm:
version: 45.2.0
chart: prometheus-community/kube-prometheus-stack
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
alertmanager:
enabled: false
global:
imageRegistry: registry.{{ vapp['metacluster.fqdn'] }}
kubevip:
# Must match the version referenced at `dependencies.container_images`
version: v0.5.8
longhorn:
helm:
version: 1.4.0
chart: longhorn/longhorn
parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
chart_values: !unsafe |
defaultSettings:
allowNodeDrainWithLastHealthyReplica: true
defaultDataPath: /mnt/blockstorage
defaultReplicaCount: 1
ingress:
enabled: true
host: storage.{{ vapp['metacluster.fqdn'] }}
persistence:
defaultClassReplicaCount: 1
step-certificates:
helm:
version: 1.23.0
chart: smallstep/step-certificates
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
chart_values: !unsafe |
ca:
bootstrap:
postInitHook: |
echo '{{ vapp["metacluster.password"] }}' > ~/pwfile
step ca provisioner add acme \
--type ACME \
--password-file=~/pwfile \
--force-cn
rm ~/pwfile
dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
password: "{{ vapp['metacluster.password'] }}"
provisioner:
name: admin
password: "{{ vapp['metacluster.password'] }}"
inject:
secrets:
ca_password: "{{ vapp['metacluster.password'] | b64encode }}"
provisioner_password: "{{ vapp['metacluster.password'] | b64encode }}"
service:
targetPort: 9000
dependencies:
ansible_galaxy_collections:
- ansible.posix
- ansible.utils
- community.crypto
- community.general
- community.vmware
- kubernetes.core
container_images:
# This should match the image tag referenced at `platform.packaged_components[.name==traefik].config`
- busybox:1
- ghcr.io/kube-vip/kube-vip:v0.5.8
# The following list is generated by running the following commands:
# $ clusterctl init -i vsphere:<version> [...]
# $ clusterctl generate cluster <name> [...] | yq eval '.data.data' | yq --no-doc eval '.. | .image? | select(.)' | sort -u
- gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.18.1
- gcr.io/cloud-provider-vsphere/csi/release/driver:v2.1.0
- gcr.io/cloud-provider-vsphere/csi/release/syncer:v2.1.0
- quay.io/k8scsi/csi-attacher:v3.0.0
- quay.io/k8scsi/csi-node-driver-registrar:v2.0.1
- quay.io/k8scsi/csi-provisioner:v2.0.0
- quay.io/k8scsi/livenessprobe:v2.1.0
static_binaries:
- filename: clusterctl
url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.3.5/clusterctl-linux-amd64
- filename: govc
url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz
archive: compressed
- filename: helm
url: https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz
archive: compressed
extra_opts: --strip-components=1
- filename: kubectl-slice
url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.5/kubectl-slice_linux_x86_64.tar.gz
archive: compressed
# - filename: npp-prepper
# url: https://code.spamasaurus.com/api/packages/djpbessems/generic/npp-prepper/v0.5.1/npp-prepper
- filename: skopeo
url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.11.1/skopeo_linux_amd64
- filename: step
url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.0/step_linux_0.23.0_amd64.tar.gz
archive: compressed
extra_opts: --strip-components=2
- filename: yq
url: http://github.com/mikefarah/yq/releases/download/v4.30.5/yq_linux_amd64
packages:
apt:
- lvm2
pip:
- jmespath
- kubernetes
- netaddr
- passlib
- pyvmomi