sgratias/semaphore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add kubernetes part

Browse Source
This commit is contained in:
sgratias
2023-10-01 10:10:53 +02:00
parent 8353c02b42
commit 511dcde61a
9 changed files with 211 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ansible.cfg
View File

@@ -8,5 +8,6 @@ load_callback_plugins= yes
#to keep display output, comment stdout_callback #to keep display output, comment stdout_callback
#stdout_callback= log_plays #stdout_callback= log_plays
; [ssh_connection] # [ssh_connection]
; ssh_args=-o ForwardAgent=yes # ssh_args=-o ForwardAgent=yes

22
group_vars/perso.yml
View File

@@ -14,17 +14,17 @@ management_user_list:
as: ALL as: ALL
commands: ALL commands: ALL
nopasswd: ALL nopasswd: ALL
- name: staffadmin # - name: staffadmin
shell: '/bin/bash' # shell: '/bin/bash'
state: absent # state: absent
authorized_keys: # authorized_keys:
- key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane" # - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane"
exclusive: yes # exclusive: yes
sudo: # sudo:
hosts: ALL # hosts: ALL
as: ALL # as: ALL
commands: ALL # commands: ALL
nopasswd: ALL # nopasswd: ALL
################ ################
# SSH - CLIENT # # SSH - CLIENT #

14
host_vars/scaleway_fr.yml
View File

@@ -186,4 +186,16 @@ chisel_proxychains_conf:
- path: "/etc/proxychains.conf" - path: "/etc/proxychains.conf"
regexp: "^socks5 {{ chisel_server_host }} 1080" regexp: "^socks5 {{ chisel_server_host }} 1080"
state: present state: present
line: "socks5 {{ chisel_server_host }} 1080" line: "socks5 {{ chisel_server_host }} 1080"
dockerapp_tree_volumes:
- "gitlab"
# boostrap dockerapp:
dockerapp_tree_base_dir:
- "/opt/test"
dockerapp_service: lab
pip_executable: pip3
pip_install_packages:
- docker-compose

92
host_vars/vagrant.yml
View File

@@ -1,16 +1,102 @@
docker_install_compose: false docker_install_compose: false
# kubernetes_config_kubelet_configuration:
# cgroupDriver: systemd
kubernetes_version: 1.28 kubernetes_version: 1.28
kubernetes_apiserver_advertise_address: 192.168.33.10 kubernetes_apiserver_advertise_address: 192.168.33.10
kubernetes_pod_network: kubernetes_pod_network:
# Flannel CNI. # Flannel CNI.
cni: 'weave' cni: 'flannel'
cidr: '10.244.0.0/16' cidr: '10.244.0.0/16'
containerd_config_systemd: true # containerd_config_systemd: true
# containerd_config_disabled_cgroups: true
# kubernetes_ignore_preflight_errors: null # kubernetes_ignore_preflight_errors: null
# kubernetes_kubeadm_init_extra_opts: # kubernetes_kubeadm_init_extra_opts:
# - "--pod-network-cidr=10.244.0.0/16" # - "--pod-network-cidr=10.244.0.0/16"
# - "--control-plane-endpoint=192.168.33.10" # - "--control-plane-endpoint=192.168.33.10"
kubernetes_namespaces:
- apiVersion: v1
kind: Namespace
metadata:
name: argocd
# kubernetes_namespace: toto
kubernetes_argocd_objects:
- namespace: argocd
kind: Secret
definition:
- apiVersion: v1
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZsVENDQTMwQ0ZHZ1grMjdlSkJObVRVVDhUcjRsZEdUR0l4SzlNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1JR0cKTVFzd0NRWURWUVFHRXdKR1VqRVBNQTBHQTFVRUNBd0dSbkpoYm1ObE1RNHdEQVlEVlFRSERBVlFZWEpwY3pFTgpNQXNHQTFVRUNnd0VWRVZUVkRFTk1Bc0dBMVVFQ3d3RVZFVlRWREViTUJrR0ExVUVBd3dTWVhKbmIyTmtMblJ5CllXVm1hV3N1Ym1WME1Sc3dHUVlKS29aSWh2Y05BUWtCRmd4dWIyTkFkR1Z6ZEM1amIyMHdIaGNOTWpNd09ETXcKTVRVek9UUXpXaGNOTWpNd09USTVNVFV6T1RReldqQ0JoakVMTUFrR0ExVUVCaE1DUmxJeER6QU5CZ05WQkFnTQpCa1p5WVc1alpURU9NQXdHQTFVRUJ3d0ZVR0Z5YVhNeERUQUxCZ05WQkFvTUJGUkZVMVF4RFRBTEJnTlZCQXNNCkJGUkZVMVF4R3pBWkJnTlZCQU1NRW1GeVoyOWpaQzUwY21GbFptbHJMbTVsZERFYk1Ca0dDU3FHU0liM0RRRUoKQVJZTWJtOWpRSFJsYzNRdVkyOXRNSUlDSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQQozcVhnNU1JM1Q4OGNiKzRHem9ENmI4eUs4YnplVlh5ZmUwcDVGcjBNbFlOSjNqai9GbXE1dzZ4akZTcUo0NTR3CnRSWkJUSEFIUnNTNlJFZHFSay8xdGNyV2s1ZStNbHhqamtqd3pXOS9kNW5CRER4MWRkL0VPVDA2MTY4RlorWkwKeGNseDFSVlN3L3Q3UmxlQTFJYTF5dmZRcnJXV2V0Qm9BQXZaeG1YVmtTK0tjUTl0ZXRudnFDUUJ2eDJVdTgxUgpaME9SeTN1U3doTUlRUlh5NzdvanM4MEN1ZjlQU0ZzRmUrUnZjQU5tVDlqZjNwYy9LNjRsME5WK0VqU3Biekp6ClFRL1BxdHR2NUFtck1JNFNEcGs4VWtKY3hHY09ZZ3BBV2hOK3Nzc0lHSnFBYlQyWjVWTExhdnp3STBsZlEweUgKMWtmQ2FqZ1FrTW5nOG51aTAxMzdGRkZmVjVPVGZkMTh2T2wxTlRIOVc2Q1d6eW5abXc5VGxBdVF1YWl1dFRtTwptU2VmOW9hbElhc2RnZVQ2WUprMzRuRWQwSEhJcFZFcWlhUHZXZlVzSlJHbldTWWRTWWd1UklFaDhTbDFJVy9PCldKUmNua2VrZmJxaTRCZ2pYR295TTJnQTBCWDNRcHVSOXMvZUdrWnVrWW8vQmRnczNORFB0OEYwYWFvemlYVEcKU2pXQVpOU3VKRHhwdWJ6WFNVMWtpa2pQUDM5aXJrOXVOZzlBbkZNUzNzak1CZEVyZmdybld6RE5SNzF0K0lLQgo1RTRrYklPdGlVbXp4MlFzVGdQNkhXTFJQd0pjT0pXWVVkYXBKTFJJb2J1VTUrdWhwaU9tSk9rK20wUnkzdnJVCkk5VXNhUGc2YndWWWNseWFzR3Q1eXJTRFRmenQxRTBvc1FTcldxTllzejhDQXdFQUFUQU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBZ0VBcWNPNVA5YStwZnZ4VXZXS1N0ZVduYXIzVVhUQzlQa3JYTW8zYzFZNWdSUmJSZTUzOTUwbApEYVZYQ1UxR25FN3ZoQndtTUdycmFZOXFJRlZRZUNvRDBBd05HZURnL2s2QkJqWXNCZ2k3eVhyUnhBVnFyY3BNCjMrb2tvTzR6a29JVnNLSUVwSG1nVzJIckFUSjBBMWRxazZSUENXZ2RPY0JqZUhocldXZWNDeHpvSk5TdkNhd1cKZmpsNkg5c2NKT3lZS01za3lYTldBb2xQTkxkTHpsL3hDTFVPdTZUREYySGdHSWpHZmdIbW9kYUpuVUJYNXU1QwpTaGxOd1Z2U2pMWUY3QTVEWlF6aHBzTzgyZGVMZVFPeGxwZ2hUcFE1UC95MU5PWXJ0dDAxeVZBTkFnRFgySkVXCjRVK1k5VERoVGVWM3VMRmU0OHpEazBtTms5WDRWb0NyQWhOVnJMNmFxN2pMWUtuNCtjUWFlMWFiaXhaMVVKUkgKVDJDV0dybnUrRTN4R09GdWNlSytCT2NJRGNZRjVVcFdMYTFVOUxUTXRKMFN2bkh4dnAxZHgyKzN4VzdVS2RURApOc0xzcG4wSXRiUzR1aFRvZEdpQUZUSEMxMTZlUE5OT2RXNjlDVGVGa2dQaVJRcFcwY0VGZ1NVc0ZDcGFFbUpECnp1YUVYeWN1SE8zVGJsTCtIUFoxcEQ5U0FyZHFRMlR4Z2V6MW55eHM5MERuTldDcjl3QjhWRE53S084ekVzNzIKYVNJTFE1Ym0zeVFEanI5QVVFUVFpSWNscUJlcTVGTW9aNFpFOC9TTFlLdmJMR3hZY3d2ckxuNTZJVFBCdmxUcApVamdkYXFBR2NtUDV1azlPRStQdjJiTmJldEFGTUZUZG0wQ1pqUEcvMjB3dHNhUjRDRzB2MVFjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRGVwZURrd2pkUHp4eHYKN2diT2dQcHZ6SXJ4dk41VmZKOTdTbmtXdlF5VmcwbmVPUDhXYXJuRHJHTVZLb25qbmpDMUZrRk1jQWRHeExwRQpSMnBHVC9XMXl0YVRsNzR5WEdPT1NQRE5iMzkzbWNFTVBIVjEzOFE1UFRyWHJ3Vm41a3ZGeVhIVkZWTEQrM3RHClY0RFVoclhLOTlDdXRaWjYwR2dBQzluR1pkV1JMNHB4RDIxNjJlK29KQUcvSFpTN3pWRm5RNUhMZTVMQ0V3aEIKRmZMdnVpT3p6UUs1LzA5SVd3Vjc1Rzl3QTJaUDJOL2VsejhycmlYUTFYNFNOS2x2TW5OQkQ4K3EyMi9rQ2FzdwpqaElPbVR4U1FsekVadzVpQ2tCYUUzNnl5d2dZbW9CdFBabmxVc3RxL1BBalNWOURUSWZXUjhKcU9CQ1F5ZUR5CmU2TFRYZnNVVVY5WGs1TjkzWHk4NlhVMU1mMWJvSmJQS2RtYkQxT1VDNUM1cUs2MU9ZNlpKNS8yaHFVaHF4MkIKNVBwZ21UZmljUjNRY2NpbFVTcUpvKzlaOVN3bEVhZFpKaDFKaUM1RWdTSHhLWFVoYjg1WWxGeWVSNlI5dXFMZwpHQ05jYWpJemFBRFFGZmRDbTVIMno5NGFSbTZSaWo4RjJDemMwTSszd1hScHFqT0pkTVpLTllCazFLNGtQR201CnZOZEpUV1NLU004L2YyS3VUMjQyRDBDY1V4TGV5TXdGMFN0K0N1ZGJNTTFIdlczNGdvSGtUaVJzZzYySlNiUEgKWkN4T0Evb2RZdEUvQWx3NGxaaFIxcWtrdEVpaHU1VG42NkdtSTZZazZUNmJSSExlK3RRajFTeG8rRHB2QlZoeQpYSnF3YTNuS3RJTk4vTzNVVFNpeEJLdGFvMWl6UHdJREFRQUJBb0lDQVFDWWYxVkNXaVE0YmNzMGZ2djZoUzBEClZqMzB4VUFqblhBK3FndTJIMVozTWExdW4rdFlGMUdWVElXeEFhbmdWWUZYQng5Q2s1am9SK2FzeloxaysyOTQKVEs0YitWczBjME5kT1doMXpXQ3BNbzZmS3VucENwTUVBWVJFSm9TMVhXK1kwUmsrc1pRMjJCRGZaUi9BY1dRaQoyUW4rSURJcGZJVS9RdDZ1blNGaWlBVnkydlpKcHV3WFpsSXI3TDdxd3Y1MmxEbFAvaHZQQWVvdGFqTXpMM00wCnU3NmFWdHllMm5rdkdvK1pVVHJLaGVrUU5OZjN1eGY3cWI3b0NWbmo1OUk1UmZNZk81MnZ1MCtkdWpGei9sRHEKcHJtVGJHTFZrOS92MGxwOWE4TG4xeXNQcDVtNUVMUnpXenUvYjRub05vcnpvY0x2cmVicXhOdG1PbmlUL1ZMeQptRERZbUxrbUY2WkwwMnRpVWFOajlTY05iYjh2bGdHb0M4ek14bjBFMWtZVDJ0bHFFbEppK05LN2dlczlyWHJqCkdiYWVxTWF1YnNWb0xLNGFsNGlSOE1LWjErV3UyTkNuWjIzSlpvYzJTdFFPRWtNRmFJeENPYWp4VWRMeTZkS2UKNk9HS0RYUXUvTFludHFnM2hpenhCbW83T3RmWC9rTitxWlU2Z09kMy92TE1FSk5XYkdPVHdaKzUySUl4bEVTSwpXR2JiL1FXOEcrMXFtelViUDFDZy9yRkRJWmY0OU40cWFuYTBFeHFjcDZkWk5YRU9YL1d0aWNlRXM4K0ZqNnZWCkVSMUorNHpWRVpMeGNCVC9aMC9hOHozenBuWWVabDFMYkhzQ0Q3RCt6VGRwS3E0bStlQkFiMWNQT2V5czF0RW4Kd2dwbG5vYk5DM2VBdkd3MjRubUtBUUtDQVFFQSt6bmN5RW9kNmVBbDNBc0YwTkNtVTI1bEFHVEdLVVlsSy9LdgorWGFPMnVGOFNLeEV3YVVPUzFicGU4TnNzamoyTGpucHkrQ1UzVW9OZExXUDhuc3hrZlpFbDB0a0MwWHU4UzU4Ck5TWjJkWG9MMEdBU0FtcDRsQTFDazBJeUg3ekxPajJBOGhlazRMUWRNemo0RHVSZjFYN1RRVzRhanMzQjJhSTIKSjlZN0cxaEFBV0dUMFR4Z0E2Y3dkUnZRbTNhczZoWCthZzZiaGE0YjQ3ejBxaHdaZ01aUnVSeGdEL2ZjbDVxVwphSmcvOGVsdjVMT1Y3UUpud2d4WTBJSmtocWdYU0JEZXprd2pvQ1FuWXdlYTlZSmlOK3Vrbnd0b3Btb2pEaWJXCkMzR0tjb3plY2ZYV3B1a3FocGkvcUIyeDhxclNVaTMyaVZKbjNRenY5YVJjeFZ2RUlRS0NBUUVBNHVEK0Y4b0wKQ2lBUGZlSlQ1WFFmNEtVdTlabTJLZU9tNmtRUURadEYrQXk2M1NSOEYvZFV5Qlk3T0FuVkRsSXZRZmZLaS9ZVApWMjVLNWQ4QUN5ak1lMnczeEJFTVVyVWtZT0hpK2ZZVk9kNytaRm5hTFU5UG56NWRMQ2t0OVpDdnNzR2FzMGdwCm5DMXdtaUxYQ1dOSDUvZjh1UW1STFM3VHY5VHFWb0lIWGNzNzNwK0hnNEJkbFFuclI5aWRITDlLTThpeUtpdEgKU3VlMmVmMkc5N0Nrek9uL3VUQUxKNzV6dkhXaDVtS1EwQlVNLzhMWmdMTXMyUkN5V3lnQ3hTdmF4MHBmYkVkMwplTGRETldoclBreXc2MmdTVVpoeXRTWXdQdmxraDFOSDI5OTc4VlovMXVrdlBJRXpVTHNCUjkxWm96NjJ0ZXVRCjFWNkdVVDcvK1MyTFh3S0NBUUI1WUJCQ0dFVHhqS0RkK2RsYWRLUVhKUHZaUDliWmRCRmJkVW45M1lEUlVTV0oKdXVrUklaeVJXN0U4WVVOdnE4T011K0F2NXhZay83VVdrTzIxK2owTnh3eUdpQjhTcnp2cy9FZDRLbGdMRStjSApTcE1JNWNYUnljSkRnVFRVVHBObFZQZXFmeS9pZkVLclQ3ZlJBaGNtLzdvekgyM25WcE4wZ1VGbTU4THd5Q2RNClE0ZDJESlJhejNqQzY2aFNvL2lRdEFXUjJmTGJtQzNUVHFScVYxOGU3ekhtbkVYeEVSQmJrbzFlaFVoSHFUK3QKSC9Lc2FvQVVxWUJ6Wkx3S3JzVm94UFhRZDhxeWdTVWlYRGRLckM2bDA4eGFKdG50cE5QQTc1UjBQT3Zsd2hkcQp1WnAyVTZwL0V1ZHQ0c0xwZWd4Wk5lbXBtTTJqWjYrN1h5aVBGWEhoQW9JQkFDM052SjZ5NUoycnNWVDV6M1JBCmlIc0Mva01KUUZTZXFFRWRjcHc4bjlpZlFVNktJaDk0aUg1SXRyWHVqanZ3N2FlRXpqaUplb2dwTlNmSmFLblkKRjhoSEpjOEluaE5Jak1xZWNBT0U0ZTRvRGZYV2lneWh1WEp0MWNPbm9LYTJDakt0a1h6bWNiZ2RHR0dWN1JIeApJRUE5dWFEbHhKQjVwcmhRMU9xWUg4S1kyRUp1dEo0ZzJVUFFsOWFPYmRHeThOa1ppSmFvM0NETVBQUE44bVNwCkhleGN4WXJ1bnlIcitsT3U3L3VpSkpoTjE2eisrb2hZSkJMQ295OXlHWFVURUgweGo2ZzltV29lbll2M3c4YjEKRnJhLzhRcldHenBsTmxKUWFUSkU1dm9GMlhEMHhLUnZ1V0NldU94d2hLYXNrbjg1bHd1TlBsVkZXeHFsL0dtaQovME1DZ2dFQkFPazAwQlpJRWt3MTd6cERlTW53a1JQMURTblAyN0RwN3E4bnRNREplYW0vUGY5Ynk0ZkczSG9VCk12eXRubmlhN0F5SHl4TXJWN2plQVNjVCt5aVJJdXlmcUM5aGNTTU5RK0pxODVyN3pxNnE3VHZBWGRkeWJnUkgKUzR4Y3ByWG1VNVI4dGkyekVtUFpiOFRZOFFGdHNLTTdyaUtkcndCK3JpRGVYWkpTTVRQWXM3NTMwT3Vmc1BPRgpEM0VydlZweE9DTGROL0ZxWW42TFBrRUpNSXluNUZBekpqSXRRSTJuOGRIMlNRdEU1UjlyV1ZsSkNjYndicVh0Ck01UVFLODkyM0V5KzFwWUxOZXQ5Vmo0cUs1NHA0YWtiUFkwUTROeTlZZjdxek5LUjYxcDdZWkZXL29icmY2R0sKS0J2TWFsNlhRSktlOHJkNEFiMkVyOEQyQnBDc3E1dz0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
metadata:
name: cert-argocd
namespace: argocd
type: kubernetes.io/tls
- apiVersion: v1
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZsVENDQTMwQ0ZHZ1grMjdlSkJObVRVVDhUcjRsZEdUR0l4SzlNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1JR0cKTVFzd0NRWURWUVFHRXdKR1VqRVBNQTBHQTFVRUNBd0dSbkpoYm1ObE1RNHdEQVlEVlFRSERBVlFZWEpwY3pFTgpNQXNHQTFVRUNnd0VWRVZUVkRFTk1Bc0dBMVVFQ3d3RVZFVlRWREViTUJrR0ExVUVBd3dTWVhKbmIyTmtMblJ5CllXVm1hV3N1Ym1WME1Sc3dHUVlKS29aSWh2Y05BUWtCRmd4dWIyTkFkR1Z6ZEM1amIyMHdIaGNOTWpNd09ETXcKTVRVek9UUXpXaGNOTWpNd09USTVNVFV6T1RReldqQ0JoakVMTUFrR0ExVUVCaE1DUmxJeER6QU5CZ05WQkFnTQpCa1p5WVc1alpURU9NQXdHQTFVRUJ3d0ZVR0Z5YVhNeERUQUxCZ05WQkFvTUJGUkZVMVF4RFRBTEJnTlZCQXNNCkJGUkZVMVF4R3pBWkJnTlZCQU1NRW1GeVoyOWpaQzUwY21GbFptbHJMbTVsZERFYk1Ca0dDU3FHU0liM0RRRUoKQVJZTWJtOWpRSFJsYzNRdVkyOXRNSUlDSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQQozcVhnNU1JM1Q4OGNiKzRHem9ENmI4eUs4YnplVlh5ZmUwcDVGcjBNbFlOSjNqai9GbXE1dzZ4akZTcUo0NTR3CnRSWkJUSEFIUnNTNlJFZHFSay8xdGNyV2s1ZStNbHhqamtqd3pXOS9kNW5CRER4MWRkL0VPVDA2MTY4RlorWkwKeGNseDFSVlN3L3Q3UmxlQTFJYTF5dmZRcnJXV2V0Qm9BQXZaeG1YVmtTK0tjUTl0ZXRudnFDUUJ2eDJVdTgxUgpaME9SeTN1U3doTUlRUlh5NzdvanM4MEN1ZjlQU0ZzRmUrUnZjQU5tVDlqZjNwYy9LNjRsME5WK0VqU3Biekp6ClFRL1BxdHR2NUFtck1JNFNEcGs4VWtKY3hHY09ZZ3BBV2hOK3Nzc0lHSnFBYlQyWjVWTExhdnp3STBsZlEweUgKMWtmQ2FqZ1FrTW5nOG51aTAxMzdGRkZmVjVPVGZkMTh2T2wxTlRIOVc2Q1d6eW5abXc5VGxBdVF1YWl1dFRtTwptU2VmOW9hbElhc2RnZVQ2WUprMzRuRWQwSEhJcFZFcWlhUHZXZlVzSlJHbldTWWRTWWd1UklFaDhTbDFJVy9PCldKUmNua2VrZmJxaTRCZ2pYR295TTJnQTBCWDNRcHVSOXMvZUdrWnVrWW8vQmRnczNORFB0OEYwYWFvemlYVEcKU2pXQVpOU3VKRHhwdWJ6WFNVMWtpa2pQUDM5aXJrOXVOZzlBbkZNUzNzak1CZEVyZmdybld6RE5SNzF0K0lLQgo1RTRrYklPdGlVbXp4MlFzVGdQNkhXTFJQd0pjT0pXWVVkYXBKTFJJb2J1VTUrdWhwaU9tSk9rK20wUnkzdnJVCkk5VXNhUGc2YndWWWNseWFzR3Q1eXJTRFRmenQxRTBvc1FTcldxTllzejhDQXdFQUFUQU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBZ0VBcWNPNVA5YStwZnZ4VXZXS1N0ZVduYXIzVVhUQzlQa3JYTW8zYzFZNWdSUmJSZTUzOTUwbApEYVZYQ1UxR25FN3ZoQndtTUdycmFZOXFJRlZRZUNvRDBBd05HZURnL2s2QkJqWXNCZ2k3eVhyUnhBVnFyY3BNCjMrb2tvTzR6a29JVnNLSUVwSG1nVzJIckFUSjBBMWRxazZSUENXZ2RPY0JqZUhocldXZWNDeHpvSk5TdkNhd1cKZmpsNkg5c2NKT3lZS01za3lYTldBb2xQTkxkTHpsL3hDTFVPdTZUREYySGdHSWpHZmdIbW9kYUpuVUJYNXU1QwpTaGxOd1Z2U2pMWUY3QTVEWlF6aHBzTzgyZGVMZVFPeGxwZ2hUcFE1UC95MU5PWXJ0dDAxeVZBTkFnRFgySkVXCjRVK1k5VERoVGVWM3VMRmU0OHpEazBtTms5WDRWb0NyQWhOVnJMNmFxN2pMWUtuNCtjUWFlMWFiaXhaMVVKUkgKVDJDV0dybnUrRTN4R09GdWNlSytCT2NJRGNZRjVVcFdMYTFVOUxUTXRKMFN2bkh4dnAxZHgyKzN4VzdVS2RURApOc0xzcG4wSXRiUzR1aFRvZEdpQUZUSEMxMTZlUE5OT2RXNjlDVGVGa2dQaVJRcFcwY0VGZ1NVc0ZDcGFFbUpECnp1YUVYeWN1SE8zVGJsTCtIUFoxcEQ5U0FyZHFRMlR4Z2V6MW55eHM5MERuTldDcjl3QjhWRE53S084ekVzNzIKYVNJTFE1Ym0zeVFEanI5QVVFUVFpSWNscUJlcTVGTW9aNFpFOC9TTFlLdmJMR3hZY3d2ckxuNTZJVFBCdmxUcApVamdkYXFBR2NtUDV1azlPRStQdjJiTmJldEFGTUZUZG0wQ1pqUEcvMjB3dHNhUjRDRzB2MVFjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRGVwZURrd2pkUHp4eHYKN2diT2dQcHZ6SXJ4dk41VmZKOTdTbmtXdlF5VmcwbmVPUDhXYXJuRHJHTVZLb25qbmpDMUZrRk1jQWRHeExwRQpSMnBHVC9XMXl0YVRsNzR5WEdPT1NQRE5iMzkzbWNFTVBIVjEzOFE1UFRyWHJ3Vm41a3ZGeVhIVkZWTEQrM3RHClY0RFVoclhLOTlDdXRaWjYwR2dBQzluR1pkV1JMNHB4RDIxNjJlK29KQUcvSFpTN3pWRm5RNUhMZTVMQ0V3aEIKRmZMdnVpT3p6UUs1LzA5SVd3Vjc1Rzl3QTJaUDJOL2VsejhycmlYUTFYNFNOS2x2TW5OQkQ4K3EyMi9rQ2FzdwpqaElPbVR4U1FsekVadzVpQ2tCYUUzNnl5d2dZbW9CdFBabmxVc3RxL1BBalNWOURUSWZXUjhKcU9CQ1F5ZUR5CmU2TFRYZnNVVVY5WGs1TjkzWHk4NlhVMU1mMWJvSmJQS2RtYkQxT1VDNUM1cUs2MU9ZNlpKNS8yaHFVaHF4MkIKNVBwZ21UZmljUjNRY2NpbFVTcUpvKzlaOVN3bEVhZFpKaDFKaUM1RWdTSHhLWFVoYjg1WWxGeWVSNlI5dXFMZwpHQ05jYWpJemFBRFFGZmRDbTVIMno5NGFSbTZSaWo4RjJDemMwTSszd1hScHFqT0pkTVpLTllCazFLNGtQR201CnZOZEpUV1NLU004L2YyS3VUMjQyRDBDY1V4TGV5TXdGMFN0K0N1ZGJNTTFIdlczNGdvSGtUaVJzZzYySlNiUEgKWkN4T0Evb2RZdEUvQWx3NGxaaFIxcWtrdEVpaHU1VG42NkdtSTZZazZUNmJSSExlK3RRajFTeG8rRHB2QlZoeQpYSnF3YTNuS3RJTk4vTzNVVFNpeEJLdGFvMWl6UHdJREFRQUJBb0lDQVFDWWYxVkNXaVE0YmNzMGZ2djZoUzBEClZqMzB4VUFqblhBK3FndTJIMVozTWExdW4rdFlGMUdWVElXeEFhbmdWWUZYQng5Q2s1am9SK2FzeloxaysyOTQKVEs0YitWczBjME5kT1doMXpXQ3BNbzZmS3VucENwTUVBWVJFSm9TMVhXK1kwUmsrc1pRMjJCRGZaUi9BY1dRaQoyUW4rSURJcGZJVS9RdDZ1blNGaWlBVnkydlpKcHV3WFpsSXI3TDdxd3Y1MmxEbFAvaHZQQWVvdGFqTXpMM00wCnU3NmFWdHllMm5rdkdvK1pVVHJLaGVrUU5OZjN1eGY3cWI3b0NWbmo1OUk1UmZNZk81MnZ1MCtkdWpGei9sRHEKcHJtVGJHTFZrOS92MGxwOWE4TG4xeXNQcDVtNUVMUnpXenUvYjRub05vcnpvY0x2cmVicXhOdG1PbmlUL1ZMeQptRERZbUxrbUY2WkwwMnRpVWFOajlTY05iYjh2bGdHb0M4ek14bjBFMWtZVDJ0bHFFbEppK05LN2dlczlyWHJqCkdiYWVxTWF1YnNWb0xLNGFsNGlSOE1LWjErV3UyTkNuWjIzSlpvYzJTdFFPRWtNRmFJeENPYWp4VWRMeTZkS2UKNk9HS0RYUXUvTFludHFnM2hpenhCbW83T3RmWC9rTitxWlU2Z09kMy92TE1FSk5XYkdPVHdaKzUySUl4bEVTSwpXR2JiL1FXOEcrMXFtelViUDFDZy9yRkRJWmY0OU40cWFuYTBFeHFjcDZkWk5YRU9YL1d0aWNlRXM4K0ZqNnZWCkVSMUorNHpWRVpMeGNCVC9aMC9hOHozenBuWWVabDFMYkhzQ0Q3RCt6VGRwS3E0bStlQkFiMWNQT2V5czF0RW4Kd2dwbG5vYk5DM2VBdkd3MjRubUtBUUtDQVFFQSt6bmN5RW9kNmVBbDNBc0YwTkNtVTI1bEFHVEdLVVlsSy9LdgorWGFPMnVGOFNLeEV3YVVPUzFicGU4TnNzamoyTGpucHkrQ1UzVW9OZExXUDhuc3hrZlpFbDB0a0MwWHU4UzU4Ck5TWjJkWG9MMEdBU0FtcDRsQTFDazBJeUg3ekxPajJBOGhlazRMUWRNemo0RHVSZjFYN1RRVzRhanMzQjJhSTIKSjlZN0cxaEFBV0dUMFR4Z0E2Y3dkUnZRbTNhczZoWCthZzZiaGE0YjQ3ejBxaHdaZ01aUnVSeGdEL2ZjbDVxVwphSmcvOGVsdjVMT1Y3UUpud2d4WTBJSmtocWdYU0JEZXprd2pvQ1FuWXdlYTlZSmlOK3Vrbnd0b3Btb2pEaWJXCkMzR0tjb3plY2ZYV3B1a3FocGkvcUIyeDhxclNVaTMyaVZKbjNRenY5YVJjeFZ2RUlRS0NBUUVBNHVEK0Y4b0wKQ2lBUGZlSlQ1WFFmNEtVdTlabTJLZU9tNmtRUURadEYrQXk2M1NSOEYvZFV5Qlk3T0FuVkRsSXZRZmZLaS9ZVApWMjVLNWQ4QUN5ak1lMnczeEJFTVVyVWtZT0hpK2ZZVk9kNytaRm5hTFU5UG56NWRMQ2t0OVpDdnNzR2FzMGdwCm5DMXdtaUxYQ1dOSDUvZjh1UW1STFM3VHY5VHFWb0lIWGNzNzNwK0hnNEJkbFFuclI5aWRITDlLTThpeUtpdEgKU3VlMmVmMkc5N0Nrek9uL3VUQUxKNzV6dkhXaDVtS1EwQlVNLzhMWmdMTXMyUkN5V3lnQ3hTdmF4MHBmYkVkMwplTGRETldoclBreXc2MmdTVVpoeXRTWXdQdmxraDFOSDI5OTc4VlovMXVrdlBJRXpVTHNCUjkxWm96NjJ0ZXVRCjFWNkdVVDcvK1MyTFh3S0NBUUI1WUJCQ0dFVHhqS0RkK2RsYWRLUVhKUHZaUDliWmRCRmJkVW45M1lEUlVTV0oKdXVrUklaeVJXN0U4WVVOdnE4T011K0F2NXhZay83VVdrTzIxK2owTnh3eUdpQjhTcnp2cy9FZDRLbGdMRStjSApTcE1JNWNYUnljSkRnVFRVVHBObFZQZXFmeS9pZkVLclQ3ZlJBaGNtLzdvekgyM25WcE4wZ1VGbTU4THd5Q2RNClE0ZDJESlJhejNqQzY2aFNvL2lRdEFXUjJmTGJtQzNUVHFScVYxOGU3ekhtbkVYeEVSQmJrbzFlaFVoSHFUK3QKSC9Lc2FvQVVxWUJ6Wkx3S3JzVm94UFhRZDhxeWdTVWlYRGRLckM2bDA4eGFKdG50cE5QQTc1UjBQT3Zsd2hkcQp1WnAyVTZwL0V1ZHQ0c0xwZWd4Wk5lbXBtTTJqWjYrN1h5aVBGWEhoQW9JQkFDM052SjZ5NUoycnNWVDV6M1JBCmlIc0Mva01KUUZTZXFFRWRjcHc4bjlpZlFVNktJaDk0aUg1SXRyWHVqanZ3N2FlRXpqaUplb2dwTlNmSmFLblkKRjhoSEpjOEluaE5Jak1xZWNBT0U0ZTRvRGZYV2lneWh1WEp0MWNPbm9LYTJDakt0a1h6bWNiZ2RHR0dWN1JIeApJRUE5dWFEbHhKQjVwcmhRMU9xWUg4S1kyRUp1dEo0ZzJVUFFsOWFPYmRHeThOa1ppSmFvM0NETVBQUE44bVNwCkhleGN4WXJ1bnlIcitsT3U3L3VpSkpoTjE2eisrb2hZSkJMQ295OXlHWFVURUgweGo2ZzltV29lbll2M3c4YjEKRnJhLzhRcldHenBsTmxKUWFUSkU1dm9GMlhEMHhLUnZ1V0NldU94d2hLYXNrbjg1bHd1TlBsVkZXeHFsL0dtaQovME1DZ2dFQkFPazAwQlpJRWt3MTd6cERlTW53a1JQMURTblAyN0RwN3E4bnRNREplYW0vUGY5Ynk0ZkczSG9VCk12eXRubmlhN0F5SHl4TXJWN2plQVNjVCt5aVJJdXlmcUM5aGNTTU5RK0pxODVyN3pxNnE3VHZBWGRkeWJnUkgKUzR4Y3ByWG1VNVI4dGkyekVtUFpiOFRZOFFGdHNLTTdyaUtkcndCK3JpRGVYWkpTTVRQWXM3NTMwT3Vmc1BPRgpEM0VydlZweE9DTGROL0ZxWW42TFBrRUpNSXluNUZBekpqSXRRSTJuOGRIMlNRdEU1UjlyV1ZsSkNjYndicVh0Ck01UVFLODkyM0V5KzFwWUxOZXQ5Vmo0cUs1NHA0YWtiUFkwUTROeTlZZjdxek5LUjYxcDdZWkZXL29icmY2R0sKS0J2TWFsNlhRSktlOHJkNEFiMkVyOEQyQnBDc3E1dz0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
metadata:
name: cert-argocd-test
namespace: argocd
type: kubernetes.io/tls
kubernetes_tree_base_dir:
- /opt
- /opt/kubernetes
kubernetes_service: infra
kubernetes_git_repo: perso-infra
kubernetes_git_url: github.com
kubernetes_alias_bashrc:
- path: "/root/.bashrc"
regexp: "^source /usr/share/bash-completion/bash_completion"
state: present
line: "source /usr/share/bash-completion/bash_completion"
- path: "/root/.bashrc"
regexp: "^source /etc/bash_completion"
state: present
line: "source /etc/bash_completion"
- path: "/root/.bashrc"
regexp: "^source <(kubectl completion bash)"
state: present
line: "source <(kubectl completion bash)"
- path: "/root/.bashrc"
regexp: "^alias k=kubectl"
state: present
line: "alias k=kubectl"
- path: "/root/.bashrc"
regexp: "^complete -F __start_kubectl k"
state: present
line: "complete -F __start_kubectl k"
# - echo "source /usr/share/bash-completion/bash_completion" >> ~/.bashrc
# - echo "source /etc/bash_completion" >> ~/.bashrc
# - echo "source <(kubectl completion bash)" >> ~/.bashrc
# - echo "alias k=kubectl" >> ~/.bashrc
# - echo "complete -F __start_kubectl k" >> ~/.bashrc
# - complete -F __start_kubectl k
#- echo "function kname() {k config set-context --current --namespace $1}" >> ~/.bashrc
# for github
management_user_list:
- name: stephanegratias
shell: '/bin/bash'
authorized_keys:
- key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane"
exclusive: yes
sudo:
hosts: ALL
as: ALL
commands: ALL
nopasswd: ALL

4
hosts
View File

@@ -12,5 +12,5 @@ scaleway_fr ansible_host=163.172.84.28 ansible_user=stephane
; [scaleway] ; [scaleway]
; scaleway_fr ansible_host=163.172.84.28 ansible_user=stephane ; scaleway_fr ansible_host=163.172.84.28 ansible_user=stephane
; [local] [local]
; vagrant ansible_host=192.168.33.10 ansible_user=vagrant ansible_password=vagrant vagrant ansible_host=192.168.33.10 ansible_user=vagrant ansible_password=vagrant

118
kube.yml
View File

@@ -14,40 +14,98 @@
debug: debug:
msg: "{{ ansible_hostname }} : {{ ansible_distribution }} {{ ansible_distribution_version }} - {{ ansible_default_ipv4.address }}" msg: "{{ ansible_hostname }} : {{ ansible_distribution }} {{ ansible_distribution_version }} - {{ ansible_default_ipv4.address }}"
tags: tags:
- test - always
# Preparer le /etc/containerd/config.toml - name: Add the overlay and br_netfilter modules and make sure it is loaded after reboots
community.general.modprobe:
# version = 2 name: "{{ item }}"
# [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] state: present
# SystemdCgroup = true persistent: present
loop:
# when kubernetes_config_kubelet_configuration.cgroupDriver: "systemd" - overlay
- br_netfilter
pre_tasks:
- name: Create containerd config for Kubernetes
template:
src: "../templates/containerd.toml.j2"
dest: "/etc/containerd/config.toml"
owner: root
group: root
mode: 0644
tags: tags:
- kubernetes - always
- test
when:
- containerd_config_systemd is true
- kubernetes_config_kubelet_configuration.cgroupDriver is "systemd"
notify: restart containerd
# restart containerd
roles: roles:
- { role: geerlingguy.containerd, tags: [kubernetes, containerd] }
- { role: geerlingguy.kubernetes, tags: kubernetes } - { role: geerlingguy.kubernetes, tags: kubernetes }
handlers: tasks:
- name: restart containerd
service: - name: Add kubectl alias and completion
name: containerd ansible.builtin.lineinfile:
state: restarted path: "{{ item.path }}"
regexp: "{{ item.regexp }}"
state: "{{ item.state|default('present') }}"
line: "{{ item.line|default(omit) }}"
loop: "{{ kubernetes_alias_bashrc }}"
tags:
- kubernetes
- alias
- name: create kubernetes app base dir
file:
path: "{{ item }}"
state: directory
mode: 0755
owner: root
group: root
with_items:
- "{{ kubernetes_tree_base_dir | last }}"
- "{{ kubernetes_tree_base_dir | last }}/{{ kubernetes_service }}"
tags:
- kubernetes
- git
# - name: Allow pods on control plane (if configured).
# command: "kubectl taint nodes --all node-role.kubernetes.io/control-plane-"
# when:
# - kubernetes_allow_pods_on_control_plane | bool
# - not kubernetes_init_stat.stat.exists
# need pip kubernetes to use k8s module
- name: Create all k8s namespace
kubernetes.core.k8s:
name: argocd
api_version: v1
kind: Namespace
state: present
tags:
- test
# Download and apply manifest
- name: Download all manifest to the cluster.
ansible.builtin.get_url:
url: https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
dest: "{{ kubernetes_tree_base_dir | last }}/{{ kubernetes_service }}/install.yaml"
mode: '0664'
tags:
- test
- name: Apply metrics-server manifest to the cluster.
kubernetes.core.k8s:
state: present
namespace: argocd
src: "{{ kubernetes_tree_base_dir | last }}/{{ kubernetes_service }}/install.yaml"
tags:
- test
# - name: Remove file (delete file)
# ansible.builtin.file:
# path: /etc/foo.txt
# state: absent
- name: Create all k8s objects needed
kubernetes.core.k8s:
namespace: "{{ item.namespace }}"
kind: "{{ item.kind }}"
definition: "{{ item.definition }}"
state: present
loop: "{{ kubernetes_argocd_objects }}"
tags:
- test
- last

3
roles/.gitignore vendored
View File

@@ -8,6 +8,7 @@ GROG.package/
geerlingguy.docker/ geerlingguy.docker/
geerlingguy.kubernetes/ geerlingguy.kubernetes/
geerlingguy.pip/ geerlingguy.pip/
geerlingguy.containerd/
tumf.systemd-service/ tumf.systemd-service/
# SSH client side # SSH client side
linux-system-roles.ssh/ linux-system-roles.ssh/
@@ -26,4 +27,4 @@ robertdebock.fail2ban/
ome.rsync_server/ ome.rsync_server/
ome.selinux_utils/ ome.selinux_utils/
# CHISEL # CHISEL
justin_p.chisel/ justin_p.chisel/

3
roles/requirements.yml
View File

@@ -6,8 +6,11 @@
- src: GROG.sudo - src: GROG.sudo
# DOCKER # DOCKER
- src: geerlingguy.docker - src: geerlingguy.docker
- src: geerlingguy.containerd
- src: geerlingguy.kubernetes - src: geerlingguy.kubernetes
# PIP
- src: geerlingguy.pip - src: geerlingguy.pip
# SYSTEM
- src: tumf.systemd-service - src: tumf.systemd-service
# SSH client side # SSH client side
- src: linux-system-roles.ssh - src: linux-system-roles.ssh

26
templates/containerd.toml.j2
View File

@@ -1,26 +0,0 @@
# {{ ansible_managed }}
{% if containerd_config_disabled_plugins is defined %}
disabled_plugins = ["{{ containerd_config_disabled_plugins| join (',') }}"]
{% endif%}
{% if containerd_config_systemd is true %}
version = 2
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
{% endif%}
#root = "/var/lib/containerd"
#state = "/run/containerd"
#subreaper = true
#oom_score = 0
#[grpc]
# address = "/run/containerd/containerd.sock"
# uid = 0
# gid = 0
#[debug]
# address = "/run/containerd/debug.sock"
# uid = 0
# gid = 0
# level = "info"