diff --git a/ansible.cfg b/ansible.cfg index e77258e..ac89418 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -8,5 +8,6 @@ load_callback_plugins= yes #to keep display output, comment stdout_callback #stdout_callback= log_plays -; [ssh_connection] -; ssh_args=-o ForwardAgent=yes \ No newline at end of file +# [ssh_connection] +# ssh_args=-o ForwardAgent=yes + diff --git a/group_vars/perso.yml b/group_vars/perso.yml index c372977..03932b8 100644 --- a/group_vars/perso.yml +++ b/group_vars/perso.yml @@ -14,17 +14,17 @@ management_user_list: as: ALL commands: ALL nopasswd: ALL - - name: staffadmin - shell: '/bin/bash' - state: absent - authorized_keys: - - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane" - exclusive: yes - sudo: - hosts: ALL - as: ALL - commands: ALL - nopasswd: ALL + # - name: staffadmin + # shell: '/bin/bash' + # state: absent + # authorized_keys: + # - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane" + # exclusive: yes + # sudo: + # hosts: ALL + # as: ALL + # commands: ALL + # nopasswd: ALL ################ # SSH - CLIENT # diff --git a/host_vars/scaleway_fr.yml b/host_vars/scaleway_fr.yml index 46fbb8c..2b8997d 100644 --- a/host_vars/scaleway_fr.yml +++ b/host_vars/scaleway_fr.yml @@ -186,4 +186,16 @@ chisel_proxychains_conf: - path: "/etc/proxychains.conf" regexp: "^socks5 {{ chisel_server_host }} 1080" state: present - line: "socks5 {{ chisel_server_host }} 1080" \ No newline at end of file + line: "socks5 {{ chisel_server_host }} 1080" + +dockerapp_tree_volumes: + - "gitlab" + +# boostrap dockerapp: +dockerapp_tree_base_dir: + - "/opt/test" +dockerapp_service: lab + +pip_executable: pip3 +pip_install_packages: + - docker-compose \ No newline at end of file diff --git a/host_vars/vagrant.yml b/host_vars/vagrant.yml index 6fe8d40..bc6a8fc 100644 --- a/host_vars/vagrant.yml +++ b/host_vars/vagrant.yml @@ -1,16 +1,102 @@ docker_install_compose: false - +# kubernetes_config_kubelet_configuration: +# cgroupDriver: systemd kubernetes_version: 1.28 kubernetes_apiserver_advertise_address: 192.168.33.10 kubernetes_pod_network: # Flannel CNI. - cni: 'weave' + cni: 'flannel' cidr: '10.244.0.0/16' -containerd_config_systemd: true +# containerd_config_systemd: true +# containerd_config_disabled_cgroups: true + # kubernetes_ignore_preflight_errors: null # kubernetes_kubeadm_init_extra_opts: # - "--pod-network-cidr=10.244.0.0/16" # - "--control-plane-endpoint=192.168.33.10" + +kubernetes_namespaces: + - apiVersion: v1 + kind: Namespace + metadata: + name: argocd + +# kubernetes_namespace: toto + +kubernetes_argocd_objects: + - namespace: argocd + kind: Secret + definition: + - apiVersion: v1 + data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZsVENDQTMwQ0ZHZ1grMjdlSkJObVRVVDhUcjRsZEdUR0l4SzlNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1JR0cKTVFzd0NRWURWUVFHRXdKR1VqRVBNQTBHQTFVRUNBd0dSbkpoYm1ObE1RNHdEQVlEVlFRSERBVlFZWEpwY3pFTgpNQXNHQTFVRUNnd0VWRVZUVkRFTk1Bc0dBMVVFQ3d3RVZFVlRWREViTUJrR0ExVUVBd3dTWVhKbmIyTmtMblJ5CllXVm1hV3N1Ym1WME1Sc3dHUVlKS29aSWh2Y05BUWtCRmd4dWIyTkFkR1Z6ZEM1amIyMHdIaGNOTWpNd09ETXcKTVRVek9UUXpXaGNOTWpNd09USTVNVFV6T1RReldqQ0JoakVMTUFrR0ExVUVCaE1DUmxJeER6QU5CZ05WQkFnTQpCa1p5WVc1alpURU9NQXdHQTFVRUJ3d0ZVR0Z5YVhNeERUQUxCZ05WQkFvTUJGUkZVMVF4RFRBTEJnTlZCQXNNCkJGUkZVMVF4R3pBWkJnTlZCQU1NRW1GeVoyOWpaQzUwY21GbFptbHJMbTVsZERFYk1Ca0dDU3FHU0liM0RRRUoKQVJZTWJtOWpRSFJsYzNRdVkyOXRNSUlDSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQQozcVhnNU1JM1Q4OGNiKzRHem9ENmI4eUs4YnplVlh5ZmUwcDVGcjBNbFlOSjNqai9GbXE1dzZ4akZTcUo0NTR3CnRSWkJUSEFIUnNTNlJFZHFSay8xdGNyV2s1ZStNbHhqamtqd3pXOS9kNW5CRER4MWRkL0VPVDA2MTY4RlorWkwKeGNseDFSVlN3L3Q3UmxlQTFJYTF5dmZRcnJXV2V0Qm9BQXZaeG1YVmtTK0tjUTl0ZXRudnFDUUJ2eDJVdTgxUgpaME9SeTN1U3doTUlRUlh5NzdvanM4MEN1ZjlQU0ZzRmUrUnZjQU5tVDlqZjNwYy9LNjRsME5WK0VqU3Biekp6ClFRL1BxdHR2NUFtck1JNFNEcGs4VWtKY3hHY09ZZ3BBV2hOK3Nzc0lHSnFBYlQyWjVWTExhdnp3STBsZlEweUgKMWtmQ2FqZ1FrTW5nOG51aTAxMzdGRkZmVjVPVGZkMTh2T2wxTlRIOVc2Q1d6eW5abXc5VGxBdVF1YWl1dFRtTwptU2VmOW9hbElhc2RnZVQ2WUprMzRuRWQwSEhJcFZFcWlhUHZXZlVzSlJHbldTWWRTWWd1UklFaDhTbDFJVy9PCldKUmNua2VrZmJxaTRCZ2pYR295TTJnQTBCWDNRcHVSOXMvZUdrWnVrWW8vQmRnczNORFB0OEYwYWFvemlYVEcKU2pXQVpOU3VKRHhwdWJ6WFNVMWtpa2pQUDM5aXJrOXVOZzlBbkZNUzNzak1CZEVyZmdybld6RE5SNzF0K0lLQgo1RTRrYklPdGlVbXp4MlFzVGdQNkhXTFJQd0pjT0pXWVVkYXBKTFJJb2J1VTUrdWhwaU9tSk9rK20wUnkzdnJVCkk5VXNhUGc2YndWWWNseWFzR3Q1eXJTRFRmenQxRTBvc1FTcldxTllzejhDQXdFQUFUQU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBZ0VBcWNPNVA5YStwZnZ4VXZXS1N0ZVduYXIzVVhUQzlQa3JYTW8zYzFZNWdSUmJSZTUzOTUwbApEYVZYQ1UxR25FN3ZoQndtTUdycmFZOXFJRlZRZUNvRDBBd05HZURnL2s2QkJqWXNCZ2k3eVhyUnhBVnFyY3BNCjMrb2tvTzR6a29JVnNLSUVwSG1nVzJIckFUSjBBMWRxazZSUENXZ2RPY0JqZUhocldXZWNDeHpvSk5TdkNhd1cKZmpsNkg5c2NKT3lZS01za3lYTldBb2xQTkxkTHpsL3hDTFVPdTZUREYySGdHSWpHZmdIbW9kYUpuVUJYNXU1QwpTaGxOd1Z2U2pMWUY3QTVEWlF6aHBzTzgyZGVMZVFPeGxwZ2hUcFE1UC95MU5PWXJ0dDAxeVZBTkFnRFgySkVXCjRVK1k5VERoVGVWM3VMRmU0OHpEazBtTms5WDRWb0NyQWhOVnJMNmFxN2pMWUtuNCtjUWFlMWFiaXhaMVVKUkgKVDJDV0dybnUrRTN4R09GdWNlSytCT2NJRGNZRjVVcFdMYTFVOUxUTXRKMFN2bkh4dnAxZHgyKzN4VzdVS2RURApOc0xzcG4wSXRiUzR1aFRvZEdpQUZUSEMxMTZlUE5OT2RXNjlDVGVGa2dQaVJRcFcwY0VGZ1NVc0ZDcGFFbUpECnp1YUVYeWN1SE8zVGJsTCtIUFoxcEQ5U0FyZHFRMlR4Z2V6MW55eHM5MERuTldDcjl3QjhWRE53S084ekVzNzIKYVNJTFE1Ym0zeVFEanI5QVVFUVFpSWNscUJlcTVGTW9aNFpFOC9TTFlLdmJMR3hZY3d2ckxuNTZJVFBCdmxUcApVamdkYXFBR2NtUDV1azlPRStQdjJiTmJldEFGTUZUZG0wQ1pqUEcvMjB3dHNhUjRDRzB2MVFjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRGVwZURrd2pkUHp4eHYKN2diT2dQcHZ6SXJ4dk41VmZKOTdTbmtXdlF5VmcwbmVPUDhXYXJuRHJHTVZLb25qbmpDMUZrRk1jQWRHeExwRQpSMnBHVC9XMXl0YVRsNzR5WEdPT1NQRE5iMzkzbWNFTVBIVjEzOFE1UFRyWHJ3Vm41a3ZGeVhIVkZWTEQrM3RHClY0RFVoclhLOTlDdXRaWjYwR2dBQzluR1pkV1JMNHB4RDIxNjJlK29KQUcvSFpTN3pWRm5RNUhMZTVMQ0V3aEIKRmZMdnVpT3p6UUs1LzA5SVd3Vjc1Rzl3QTJaUDJOL2VsejhycmlYUTFYNFNOS2x2TW5OQkQ4K3EyMi9rQ2FzdwpqaElPbVR4U1FsekVadzVpQ2tCYUUzNnl5d2dZbW9CdFBabmxVc3RxL1BBalNWOURUSWZXUjhKcU9CQ1F5ZUR5CmU2TFRYZnNVVVY5WGs1TjkzWHk4NlhVMU1mMWJvSmJQS2RtYkQxT1VDNUM1cUs2MU9ZNlpKNS8yaHFVaHF4MkIKNVBwZ21UZmljUjNRY2NpbFVTcUpvKzlaOVN3bEVhZFpKaDFKaUM1RWdTSHhLWFVoYjg1WWxGeWVSNlI5dXFMZwpHQ05jYWpJemFBRFFGZmRDbTVIMno5NGFSbTZSaWo4RjJDemMwTSszd1hScHFqT0pkTVpLTllCazFLNGtQR201CnZOZEpUV1NLU004L2YyS3VUMjQyRDBDY1V4TGV5TXdGMFN0K0N1ZGJNTTFIdlczNGdvSGtUaVJzZzYySlNiUEgKWkN4T0Evb2RZdEUvQWx3NGxaaFIxcWtrdEVpaHU1VG42NkdtSTZZazZUNmJSSExlK3RRajFTeG8rRHB2QlZoeQpYSnF3YTNuS3RJTk4vTzNVVFNpeEJLdGFvMWl6UHdJREFRQUJBb0lDQVFDWWYxVkNXaVE0YmNzMGZ2djZoUzBEClZqMzB4VUFqblhBK3FndTJIMVozTWExdW4rdFlGMUdWVElXeEFhbmdWWUZYQng5Q2s1am9SK2FzeloxaysyOTQKVEs0YitWczBjME5kT1doMXpXQ3BNbzZmS3VucENwTUVBWVJFSm9TMVhXK1kwUmsrc1pRMjJCRGZaUi9BY1dRaQoyUW4rSURJcGZJVS9RdDZ1blNGaWlBVnkydlpKcHV3WFpsSXI3TDdxd3Y1MmxEbFAvaHZQQWVvdGFqTXpMM00wCnU3NmFWdHllMm5rdkdvK1pVVHJLaGVrUU5OZjN1eGY3cWI3b0NWbmo1OUk1UmZNZk81MnZ1MCtkdWpGei9sRHEKcHJtVGJHTFZrOS92MGxwOWE4TG4xeXNQcDVtNUVMUnpXenUvYjRub05vcnpvY0x2cmVicXhOdG1PbmlUL1ZMeQptRERZbUxrbUY2WkwwMnRpVWFOajlTY05iYjh2bGdHb0M4ek14bjBFMWtZVDJ0bHFFbEppK05LN2dlczlyWHJqCkdiYWVxTWF1YnNWb0xLNGFsNGlSOE1LWjErV3UyTkNuWjIzSlpvYzJTdFFPRWtNRmFJeENPYWp4VWRMeTZkS2UKNk9HS0RYUXUvTFludHFnM2hpenhCbW83T3RmWC9rTitxWlU2Z09kMy92TE1FSk5XYkdPVHdaKzUySUl4bEVTSwpXR2JiL1FXOEcrMXFtelViUDFDZy9yRkRJWmY0OU40cWFuYTBFeHFjcDZkWk5YRU9YL1d0aWNlRXM4K0ZqNnZWCkVSMUorNHpWRVpMeGNCVC9aMC9hOHozenBuWWVabDFMYkhzQ0Q3RCt6VGRwS3E0bStlQkFiMWNQT2V5czF0RW4Kd2dwbG5vYk5DM2VBdkd3MjRubUtBUUtDQVFFQSt6bmN5RW9kNmVBbDNBc0YwTkNtVTI1bEFHVEdLVVlsSy9LdgorWGFPMnVGOFNLeEV3YVVPUzFicGU4TnNzamoyTGpucHkrQ1UzVW9OZExXUDhuc3hrZlpFbDB0a0MwWHU4UzU4Ck5TWjJkWG9MMEdBU0FtcDRsQTFDazBJeUg3ekxPajJBOGhlazRMUWRNemo0RHVSZjFYN1RRVzRhanMzQjJhSTIKSjlZN0cxaEFBV0dUMFR4Z0E2Y3dkUnZRbTNhczZoWCthZzZiaGE0YjQ3ejBxaHdaZ01aUnVSeGdEL2ZjbDVxVwphSmcvOGVsdjVMT1Y3UUpud2d4WTBJSmtocWdYU0JEZXprd2pvQ1FuWXdlYTlZSmlOK3Vrbnd0b3Btb2pEaWJXCkMzR0tjb3plY2ZYV3B1a3FocGkvcUIyeDhxclNVaTMyaVZKbjNRenY5YVJjeFZ2RUlRS0NBUUVBNHVEK0Y4b0wKQ2lBUGZlSlQ1WFFmNEtVdTlabTJLZU9tNmtRUURadEYrQXk2M1NSOEYvZFV5Qlk3T0FuVkRsSXZRZmZLaS9ZVApWMjVLNWQ4QUN5ak1lMnczeEJFTVVyVWtZT0hpK2ZZVk9kNytaRm5hTFU5UG56NWRMQ2t0OVpDdnNzR2FzMGdwCm5DMXdtaUxYQ1dOSDUvZjh1UW1STFM3VHY5VHFWb0lIWGNzNzNwK0hnNEJkbFFuclI5aWRITDlLTThpeUtpdEgKU3VlMmVmMkc5N0Nrek9uL3VUQUxKNzV6dkhXaDVtS1EwQlVNLzhMWmdMTXMyUkN5V3lnQ3hTdmF4MHBmYkVkMwplTGRETldoclBreXc2MmdTVVpoeXRTWXdQdmxraDFOSDI5OTc4VlovMXVrdlBJRXpVTHNCUjkxWm96NjJ0ZXVRCjFWNkdVVDcvK1MyTFh3S0NBUUI1WUJCQ0dFVHhqS0RkK2RsYWRLUVhKUHZaUDliWmRCRmJkVW45M1lEUlVTV0oKdXVrUklaeVJXN0U4WVVOdnE4T011K0F2NXhZay83VVdrTzIxK2owTnh3eUdpQjhTcnp2cy9FZDRLbGdMRStjSApTcE1JNWNYUnljSkRnVFRVVHBObFZQZXFmeS9pZkVLclQ3ZlJBaGNtLzdvekgyM25WcE4wZ1VGbTU4THd5Q2RNClE0ZDJESlJhejNqQzY2aFNvL2lRdEFXUjJmTGJtQzNUVHFScVYxOGU3ekhtbkVYeEVSQmJrbzFlaFVoSHFUK3QKSC9Lc2FvQVVxWUJ6Wkx3S3JzVm94UFhRZDhxeWdTVWlYRGRLckM2bDA4eGFKdG50cE5QQTc1UjBQT3Zsd2hkcQp1WnAyVTZwL0V1ZHQ0c0xwZWd4Wk5lbXBtTTJqWjYrN1h5aVBGWEhoQW9JQkFDM052SjZ5NUoycnNWVDV6M1JBCmlIc0Mva01KUUZTZXFFRWRjcHc4bjlpZlFVNktJaDk0aUg1SXRyWHVqanZ3N2FlRXpqaUplb2dwTlNmSmFLblkKRjhoSEpjOEluaE5Jak1xZWNBT0U0ZTRvRGZYV2lneWh1WEp0MWNPbm9LYTJDakt0a1h6bWNiZ2RHR0dWN1JIeApJRUE5dWFEbHhKQjVwcmhRMU9xWUg4S1kyRUp1dEo0ZzJVUFFsOWFPYmRHeThOa1ppSmFvM0NETVBQUE44bVNwCkhleGN4WXJ1bnlIcitsT3U3L3VpSkpoTjE2eisrb2hZSkJMQ295OXlHWFVURUgweGo2ZzltV29lbll2M3c4YjEKRnJhLzhRcldHenBsTmxKUWFUSkU1dm9GMlhEMHhLUnZ1V0NldU94d2hLYXNrbjg1bHd1TlBsVkZXeHFsL0dtaQovME1DZ2dFQkFPazAwQlpJRWt3MTd6cERlTW53a1JQMURTblAyN0RwN3E4bnRNREplYW0vUGY5Ynk0ZkczSG9VCk12eXRubmlhN0F5SHl4TXJWN2plQVNjVCt5aVJJdXlmcUM5aGNTTU5RK0pxODVyN3pxNnE3VHZBWGRkeWJnUkgKUzR4Y3ByWG1VNVI4dGkyekVtUFpiOFRZOFFGdHNLTTdyaUtkcndCK3JpRGVYWkpTTVRQWXM3NTMwT3Vmc1BPRgpEM0VydlZweE9DTGROL0ZxWW42TFBrRUpNSXluNUZBekpqSXRRSTJuOGRIMlNRdEU1UjlyV1ZsSkNjYndicVh0Ck01UVFLODkyM0V5KzFwWUxOZXQ5Vmo0cUs1NHA0YWtiUFkwUTROeTlZZjdxek5LUjYxcDdZWkZXL29icmY2R0sKS0J2TWFsNlhRSktlOHJkNEFiMkVyOEQyQnBDc3E1dz0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + metadata: + name: cert-argocd + namespace: argocd + type: kubernetes.io/tls + - apiVersion: v1 + data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZsVENDQTMwQ0ZHZ1grMjdlSkJObVRVVDhUcjRsZEdUR0l4SzlNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1JR0cKTVFzd0NRWURWUVFHRXdKR1VqRVBNQTBHQTFVRUNBd0dSbkpoYm1ObE1RNHdEQVlEVlFRSERBVlFZWEpwY3pFTgpNQXNHQTFVRUNnd0VWRVZUVkRFTk1Bc0dBMVVFQ3d3RVZFVlRWREViTUJrR0ExVUVBd3dTWVhKbmIyTmtMblJ5CllXVm1hV3N1Ym1WME1Sc3dHUVlKS29aSWh2Y05BUWtCRmd4dWIyTkFkR1Z6ZEM1amIyMHdIaGNOTWpNd09ETXcKTVRVek9UUXpXaGNOTWpNd09USTVNVFV6T1RReldqQ0JoakVMTUFrR0ExVUVCaE1DUmxJeER6QU5CZ05WQkFnTQpCa1p5WVc1alpURU9NQXdHQTFVRUJ3d0ZVR0Z5YVhNeERUQUxCZ05WQkFvTUJGUkZVMVF4RFRBTEJnTlZCQXNNCkJGUkZVMVF4R3pBWkJnTlZCQU1NRW1GeVoyOWpaQzUwY21GbFptbHJMbTVsZERFYk1Ca0dDU3FHU0liM0RRRUoKQVJZTWJtOWpRSFJsYzNRdVkyOXRNSUlDSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQQozcVhnNU1JM1Q4OGNiKzRHem9ENmI4eUs4YnplVlh5ZmUwcDVGcjBNbFlOSjNqai9GbXE1dzZ4akZTcUo0NTR3CnRSWkJUSEFIUnNTNlJFZHFSay8xdGNyV2s1ZStNbHhqamtqd3pXOS9kNW5CRER4MWRkL0VPVDA2MTY4RlorWkwKeGNseDFSVlN3L3Q3UmxlQTFJYTF5dmZRcnJXV2V0Qm9BQXZaeG1YVmtTK0tjUTl0ZXRudnFDUUJ2eDJVdTgxUgpaME9SeTN1U3doTUlRUlh5NzdvanM4MEN1ZjlQU0ZzRmUrUnZjQU5tVDlqZjNwYy9LNjRsME5WK0VqU3Biekp6ClFRL1BxdHR2NUFtck1JNFNEcGs4VWtKY3hHY09ZZ3BBV2hOK3Nzc0lHSnFBYlQyWjVWTExhdnp3STBsZlEweUgKMWtmQ2FqZ1FrTW5nOG51aTAxMzdGRkZmVjVPVGZkMTh2T2wxTlRIOVc2Q1d6eW5abXc5VGxBdVF1YWl1dFRtTwptU2VmOW9hbElhc2RnZVQ2WUprMzRuRWQwSEhJcFZFcWlhUHZXZlVzSlJHbldTWWRTWWd1UklFaDhTbDFJVy9PCldKUmNua2VrZmJxaTRCZ2pYR295TTJnQTBCWDNRcHVSOXMvZUdrWnVrWW8vQmRnczNORFB0OEYwYWFvemlYVEcKU2pXQVpOU3VKRHhwdWJ6WFNVMWtpa2pQUDM5aXJrOXVOZzlBbkZNUzNzak1CZEVyZmdybld6RE5SNzF0K0lLQgo1RTRrYklPdGlVbXp4MlFzVGdQNkhXTFJQd0pjT0pXWVVkYXBKTFJJb2J1VTUrdWhwaU9tSk9rK20wUnkzdnJVCkk5VXNhUGc2YndWWWNseWFzR3Q1eXJTRFRmenQxRTBvc1FTcldxTllzejhDQXdFQUFUQU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBZ0VBcWNPNVA5YStwZnZ4VXZXS1N0ZVduYXIzVVhUQzlQa3JYTW8zYzFZNWdSUmJSZTUzOTUwbApEYVZYQ1UxR25FN3ZoQndtTUdycmFZOXFJRlZRZUNvRDBBd05HZURnL2s2QkJqWXNCZ2k3eVhyUnhBVnFyY3BNCjMrb2tvTzR6a29JVnNLSUVwSG1nVzJIckFUSjBBMWRxazZSUENXZ2RPY0JqZUhocldXZWNDeHpvSk5TdkNhd1cKZmpsNkg5c2NKT3lZS01za3lYTldBb2xQTkxkTHpsL3hDTFVPdTZUREYySGdHSWpHZmdIbW9kYUpuVUJYNXU1QwpTaGxOd1Z2U2pMWUY3QTVEWlF6aHBzTzgyZGVMZVFPeGxwZ2hUcFE1UC95MU5PWXJ0dDAxeVZBTkFnRFgySkVXCjRVK1k5VERoVGVWM3VMRmU0OHpEazBtTms5WDRWb0NyQWhOVnJMNmFxN2pMWUtuNCtjUWFlMWFiaXhaMVVKUkgKVDJDV0dybnUrRTN4R09GdWNlSytCT2NJRGNZRjVVcFdMYTFVOUxUTXRKMFN2bkh4dnAxZHgyKzN4VzdVS2RURApOc0xzcG4wSXRiUzR1aFRvZEdpQUZUSEMxMTZlUE5OT2RXNjlDVGVGa2dQaVJRcFcwY0VGZ1NVc0ZDcGFFbUpECnp1YUVYeWN1SE8zVGJsTCtIUFoxcEQ5U0FyZHFRMlR4Z2V6MW55eHM5MERuTldDcjl3QjhWRE53S084ekVzNzIKYVNJTFE1Ym0zeVFEanI5QVVFUVFpSWNscUJlcTVGTW9aNFpFOC9TTFlLdmJMR3hZY3d2ckxuNTZJVFBCdmxUcApVamdkYXFBR2NtUDV1azlPRStQdjJiTmJldEFGTUZUZG0wQ1pqUEcvMjB3dHNhUjRDRzB2MVFjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRGVwZURrd2pkUHp4eHYKN2diT2dQcHZ6SXJ4dk41VmZKOTdTbmtXdlF5VmcwbmVPUDhXYXJuRHJHTVZLb25qbmpDMUZrRk1jQWRHeExwRQpSMnBHVC9XMXl0YVRsNzR5WEdPT1NQRE5iMzkzbWNFTVBIVjEzOFE1UFRyWHJ3Vm41a3ZGeVhIVkZWTEQrM3RHClY0RFVoclhLOTlDdXRaWjYwR2dBQzluR1pkV1JMNHB4RDIxNjJlK29KQUcvSFpTN3pWRm5RNUhMZTVMQ0V3aEIKRmZMdnVpT3p6UUs1LzA5SVd3Vjc1Rzl3QTJaUDJOL2VsejhycmlYUTFYNFNOS2x2TW5OQkQ4K3EyMi9rQ2FzdwpqaElPbVR4U1FsekVadzVpQ2tCYUUzNnl5d2dZbW9CdFBabmxVc3RxL1BBalNWOURUSWZXUjhKcU9CQ1F5ZUR5CmU2TFRYZnNVVVY5WGs1TjkzWHk4NlhVMU1mMWJvSmJQS2RtYkQxT1VDNUM1cUs2MU9ZNlpKNS8yaHFVaHF4MkIKNVBwZ21UZmljUjNRY2NpbFVTcUpvKzlaOVN3bEVhZFpKaDFKaUM1RWdTSHhLWFVoYjg1WWxGeWVSNlI5dXFMZwpHQ05jYWpJemFBRFFGZmRDbTVIMno5NGFSbTZSaWo4RjJDemMwTSszd1hScHFqT0pkTVpLTllCazFLNGtQR201CnZOZEpUV1NLU004L2YyS3VUMjQyRDBDY1V4TGV5TXdGMFN0K0N1ZGJNTTFIdlczNGdvSGtUaVJzZzYySlNiUEgKWkN4T0Evb2RZdEUvQWx3NGxaaFIxcWtrdEVpaHU1VG42NkdtSTZZazZUNmJSSExlK3RRajFTeG8rRHB2QlZoeQpYSnF3YTNuS3RJTk4vTzNVVFNpeEJLdGFvMWl6UHdJREFRQUJBb0lDQVFDWWYxVkNXaVE0YmNzMGZ2djZoUzBEClZqMzB4VUFqblhBK3FndTJIMVozTWExdW4rdFlGMUdWVElXeEFhbmdWWUZYQng5Q2s1am9SK2FzeloxaysyOTQKVEs0YitWczBjME5kT1doMXpXQ3BNbzZmS3VucENwTUVBWVJFSm9TMVhXK1kwUmsrc1pRMjJCRGZaUi9BY1dRaQoyUW4rSURJcGZJVS9RdDZ1blNGaWlBVnkydlpKcHV3WFpsSXI3TDdxd3Y1MmxEbFAvaHZQQWVvdGFqTXpMM00wCnU3NmFWdHllMm5rdkdvK1pVVHJLaGVrUU5OZjN1eGY3cWI3b0NWbmo1OUk1UmZNZk81MnZ1MCtkdWpGei9sRHEKcHJtVGJHTFZrOS92MGxwOWE4TG4xeXNQcDVtNUVMUnpXenUvYjRub05vcnpvY0x2cmVicXhOdG1PbmlUL1ZMeQptRERZbUxrbUY2WkwwMnRpVWFOajlTY05iYjh2bGdHb0M4ek14bjBFMWtZVDJ0bHFFbEppK05LN2dlczlyWHJqCkdiYWVxTWF1YnNWb0xLNGFsNGlSOE1LWjErV3UyTkNuWjIzSlpvYzJTdFFPRWtNRmFJeENPYWp4VWRMeTZkS2UKNk9HS0RYUXUvTFludHFnM2hpenhCbW83T3RmWC9rTitxWlU2Z09kMy92TE1FSk5XYkdPVHdaKzUySUl4bEVTSwpXR2JiL1FXOEcrMXFtelViUDFDZy9yRkRJWmY0OU40cWFuYTBFeHFjcDZkWk5YRU9YL1d0aWNlRXM4K0ZqNnZWCkVSMUorNHpWRVpMeGNCVC9aMC9hOHozenBuWWVabDFMYkhzQ0Q3RCt6VGRwS3E0bStlQkFiMWNQT2V5czF0RW4Kd2dwbG5vYk5DM2VBdkd3MjRubUtBUUtDQVFFQSt6bmN5RW9kNmVBbDNBc0YwTkNtVTI1bEFHVEdLVVlsSy9LdgorWGFPMnVGOFNLeEV3YVVPUzFicGU4TnNzamoyTGpucHkrQ1UzVW9OZExXUDhuc3hrZlpFbDB0a0MwWHU4UzU4Ck5TWjJkWG9MMEdBU0FtcDRsQTFDazBJeUg3ekxPajJBOGhlazRMUWRNemo0RHVSZjFYN1RRVzRhanMzQjJhSTIKSjlZN0cxaEFBV0dUMFR4Z0E2Y3dkUnZRbTNhczZoWCthZzZiaGE0YjQ3ejBxaHdaZ01aUnVSeGdEL2ZjbDVxVwphSmcvOGVsdjVMT1Y3UUpud2d4WTBJSmtocWdYU0JEZXprd2pvQ1FuWXdlYTlZSmlOK3Vrbnd0b3Btb2pEaWJXCkMzR0tjb3plY2ZYV3B1a3FocGkvcUIyeDhxclNVaTMyaVZKbjNRenY5YVJjeFZ2RUlRS0NBUUVBNHVEK0Y4b0wKQ2lBUGZlSlQ1WFFmNEtVdTlabTJLZU9tNmtRUURadEYrQXk2M1NSOEYvZFV5Qlk3T0FuVkRsSXZRZmZLaS9ZVApWMjVLNWQ4QUN5ak1lMnczeEJFTVVyVWtZT0hpK2ZZVk9kNytaRm5hTFU5UG56NWRMQ2t0OVpDdnNzR2FzMGdwCm5DMXdtaUxYQ1dOSDUvZjh1UW1STFM3VHY5VHFWb0lIWGNzNzNwK0hnNEJkbFFuclI5aWRITDlLTThpeUtpdEgKU3VlMmVmMkc5N0Nrek9uL3VUQUxKNzV6dkhXaDVtS1EwQlVNLzhMWmdMTXMyUkN5V3lnQ3hTdmF4MHBmYkVkMwplTGRETldoclBreXc2MmdTVVpoeXRTWXdQdmxraDFOSDI5OTc4VlovMXVrdlBJRXpVTHNCUjkxWm96NjJ0ZXVRCjFWNkdVVDcvK1MyTFh3S0NBUUI1WUJCQ0dFVHhqS0RkK2RsYWRLUVhKUHZaUDliWmRCRmJkVW45M1lEUlVTV0oKdXVrUklaeVJXN0U4WVVOdnE4T011K0F2NXhZay83VVdrTzIxK2owTnh3eUdpQjhTcnp2cy9FZDRLbGdMRStjSApTcE1JNWNYUnljSkRnVFRVVHBObFZQZXFmeS9pZkVLclQ3ZlJBaGNtLzdvekgyM25WcE4wZ1VGbTU4THd5Q2RNClE0ZDJESlJhejNqQzY2aFNvL2lRdEFXUjJmTGJtQzNUVHFScVYxOGU3ekhtbkVYeEVSQmJrbzFlaFVoSHFUK3QKSC9Lc2FvQVVxWUJ6Wkx3S3JzVm94UFhRZDhxeWdTVWlYRGRLckM2bDA4eGFKdG50cE5QQTc1UjBQT3Zsd2hkcQp1WnAyVTZwL0V1ZHQ0c0xwZWd4Wk5lbXBtTTJqWjYrN1h5aVBGWEhoQW9JQkFDM052SjZ5NUoycnNWVDV6M1JBCmlIc0Mva01KUUZTZXFFRWRjcHc4bjlpZlFVNktJaDk0aUg1SXRyWHVqanZ3N2FlRXpqaUplb2dwTlNmSmFLblkKRjhoSEpjOEluaE5Jak1xZWNBT0U0ZTRvRGZYV2lneWh1WEp0MWNPbm9LYTJDakt0a1h6bWNiZ2RHR0dWN1JIeApJRUE5dWFEbHhKQjVwcmhRMU9xWUg4S1kyRUp1dEo0ZzJVUFFsOWFPYmRHeThOa1ppSmFvM0NETVBQUE44bVNwCkhleGN4WXJ1bnlIcitsT3U3L3VpSkpoTjE2eisrb2hZSkJMQ295OXlHWFVURUgweGo2ZzltV29lbll2M3c4YjEKRnJhLzhRcldHenBsTmxKUWFUSkU1dm9GMlhEMHhLUnZ1V0NldU94d2hLYXNrbjg1bHd1TlBsVkZXeHFsL0dtaQovME1DZ2dFQkFPazAwQlpJRWt3MTd6cERlTW53a1JQMURTblAyN0RwN3E4bnRNREplYW0vUGY5Ynk0ZkczSG9VCk12eXRubmlhN0F5SHl4TXJWN2plQVNjVCt5aVJJdXlmcUM5aGNTTU5RK0pxODVyN3pxNnE3VHZBWGRkeWJnUkgKUzR4Y3ByWG1VNVI4dGkyekVtUFpiOFRZOFFGdHNLTTdyaUtkcndCK3JpRGVYWkpTTVRQWXM3NTMwT3Vmc1BPRgpEM0VydlZweE9DTGROL0ZxWW42TFBrRUpNSXluNUZBekpqSXRRSTJuOGRIMlNRdEU1UjlyV1ZsSkNjYndicVh0Ck01UVFLODkyM0V5KzFwWUxOZXQ5Vmo0cUs1NHA0YWtiUFkwUTROeTlZZjdxek5LUjYxcDdZWkZXL29icmY2R0sKS0J2TWFsNlhRSktlOHJkNEFiMkVyOEQyQnBDc3E1dz0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + metadata: + name: cert-argocd-test + namespace: argocd + type: kubernetes.io/tls + +kubernetes_tree_base_dir: + - /opt + - /opt/kubernetes + +kubernetes_service: infra + +kubernetes_git_repo: perso-infra + +kubernetes_git_url: github.com + +kubernetes_alias_bashrc: + - path: "/root/.bashrc" + regexp: "^source /usr/share/bash-completion/bash_completion" + state: present + line: "source /usr/share/bash-completion/bash_completion" + - path: "/root/.bashrc" + regexp: "^source /etc/bash_completion" + state: present + line: "source /etc/bash_completion" + - path: "/root/.bashrc" + regexp: "^source <(kubectl completion bash)" + state: present + line: "source <(kubectl completion bash)" + - path: "/root/.bashrc" + regexp: "^alias k=kubectl" + state: present + line: "alias k=kubectl" + - path: "/root/.bashrc" + regexp: "^complete -F __start_kubectl k" + state: present + line: "complete -F __start_kubectl k" + + # - echo "source /usr/share/bash-completion/bash_completion" >> ~/.bashrc + # - echo "source /etc/bash_completion" >> ~/.bashrc + # - echo "source <(kubectl completion bash)" >> ~/.bashrc + # - echo "alias k=kubectl" >> ~/.bashrc + # - echo "complete -F __start_kubectl k" >> ~/.bashrc + # - complete -F __start_kubectl k + #- echo "function kname() {k config set-context --current --namespace $1}" >> ~/.bashrc + +# for github + +management_user_list: + - name: stephanegratias + shell: '/bin/bash' + authorized_keys: + - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane" + exclusive: yes + sudo: + hosts: ALL + as: ALL + commands: ALL + nopasswd: ALL \ No newline at end of file diff --git a/hosts b/hosts index 4fd0365..013d25a 100644 --- a/hosts +++ b/hosts @@ -12,5 +12,5 @@ scaleway_fr ansible_host=163.172.84.28 ansible_user=stephane ; [scaleway] ; scaleway_fr ansible_host=163.172.84.28 ansible_user=stephane -; [local] -; vagrant ansible_host=192.168.33.10 ansible_user=vagrant ansible_password=vagrant \ No newline at end of file +[local] +vagrant ansible_host=192.168.33.10 ansible_user=vagrant ansible_password=vagrant \ No newline at end of file diff --git a/kube.yml b/kube.yml index 7fc028e..50ef72d 100644 --- a/kube.yml +++ b/kube.yml @@ -14,40 +14,98 @@ debug: msg: "{{ ansible_hostname }} : {{ ansible_distribution }} {{ ansible_distribution_version }} - {{ ansible_default_ipv4.address }}" tags: - - test + - always -# Preparer le /etc/containerd/config.toml - -# version = 2 -# [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] -# SystemdCgroup = true - -# when kubernetes_config_kubelet_configuration.cgroupDriver: "systemd" - - pre_tasks: - - - name: Create containerd config for Kubernetes - template: - src: "../templates/containerd.toml.j2" - dest: "/etc/containerd/config.toml" - owner: root - group: root - mode: 0644 + - name: Add the overlay and br_netfilter modules and make sure it is loaded after reboots + community.general.modprobe: + name: "{{ item }}" + state: present + persistent: present + loop: + - overlay + - br_netfilter tags: - - kubernetes - - test - when: - - containerd_config_systemd is true - - kubernetes_config_kubelet_configuration.cgroupDriver is "systemd" - notify: restart containerd + - always -# restart containerd roles: + - { role: geerlingguy.containerd, tags: [kubernetes, containerd] } - { role: geerlingguy.kubernetes, tags: kubernetes } - handlers: - - name: restart containerd - service: - name: containerd - state: restarted + tasks: + + - name: Add kubectl alias and completion + ansible.builtin.lineinfile: + path: "{{ item.path }}" + regexp: "{{ item.regexp }}" + state: "{{ item.state|default('present') }}" + line: "{{ item.line|default(omit) }}" + loop: "{{ kubernetes_alias_bashrc }}" + tags: + - kubernetes + - alias + + - name: create kubernetes app base dir + file: + path: "{{ item }}" + state: directory + mode: 0755 + owner: root + group: root + with_items: + - "{{ kubernetes_tree_base_dir | last }}" + - "{{ kubernetes_tree_base_dir | last }}/{{ kubernetes_service }}" + tags: + - kubernetes + - git + + # - name: Allow pods on control plane (if configured). + # command: "kubectl taint nodes --all node-role.kubernetes.io/control-plane-" + # when: + # - kubernetes_allow_pods_on_control_plane | bool + # - not kubernetes_init_stat.stat.exists + + +# need pip kubernetes to use k8s module + - name: Create all k8s namespace + kubernetes.core.k8s: + name: argocd + api_version: v1 + kind: Namespace + state: present + tags: + - test + + # Download and apply manifest + - name: Download all manifest to the cluster. + ansible.builtin.get_url: + url: https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml + dest: "{{ kubernetes_tree_base_dir | last }}/{{ kubernetes_service }}/install.yaml" + mode: '0664' + tags: + - test + + - name: Apply metrics-server manifest to the cluster. + kubernetes.core.k8s: + state: present + namespace: argocd + src: "{{ kubernetes_tree_base_dir | last }}/{{ kubernetes_service }}/install.yaml" + tags: + - test + + # - name: Remove file (delete file) + # ansible.builtin.file: + # path: /etc/foo.txt + # state: absent + + - name: Create all k8s objects needed + kubernetes.core.k8s: + namespace: "{{ item.namespace }}" + kind: "{{ item.kind }}" + definition: "{{ item.definition }}" + state: present + loop: "{{ kubernetes_argocd_objects }}" + tags: + - test + - last + diff --git a/roles/.gitignore b/roles/.gitignore index 568c3d8..b711f0e 100644 --- a/roles/.gitignore +++ b/roles/.gitignore @@ -8,6 +8,7 @@ GROG.package/ geerlingguy.docker/ geerlingguy.kubernetes/ geerlingguy.pip/ +geerlingguy.containerd/ tumf.systemd-service/ # SSH client side linux-system-roles.ssh/ @@ -26,4 +27,4 @@ robertdebock.fail2ban/ ome.rsync_server/ ome.selinux_utils/ # CHISEL -justin_p.chisel/ +justin_p.chisel/ \ No newline at end of file diff --git a/roles/requirements.yml b/roles/requirements.yml index 9eb1cc9..db8a568 100644 --- a/roles/requirements.yml +++ b/roles/requirements.yml @@ -6,8 +6,11 @@ - src: GROG.sudo # DOCKER - src: geerlingguy.docker +- src: geerlingguy.containerd - src: geerlingguy.kubernetes +# PIP - src: geerlingguy.pip +# SYSTEM - src: tumf.systemd-service # SSH client side - src: linux-system-roles.ssh diff --git a/templates/containerd.toml.j2 b/templates/containerd.toml.j2 deleted file mode 100644 index 8304b87..0000000 --- a/templates/containerd.toml.j2 +++ /dev/null @@ -1,26 +0,0 @@ -# {{ ansible_managed }} -{% if containerd_config_disabled_plugins is defined %} -disabled_plugins = ["{{ containerd_config_disabled_plugins| join (',') }}"] -{% endif%} - -{% if containerd_config_systemd is true %} -version = 2 -[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] - SystemdCgroup = true -{% endif%} - -#root = "/var/lib/containerd" -#state = "/run/containerd" -#subreaper = true -#oom_score = 0 - -#[grpc] -# address = "/run/containerd/containerd.sock" -# uid = 0 -# gid = 0 - -#[debug] -# address = "/run/containerd/debug.sock" -# uid = 0 -# gid = 0 -# level = "info" \ No newline at end of file