diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..8f92c9a --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,9 @@ +--- +skip_list: + - yaml[line-length] + - var-naming +warn_list: + - command-instead-of-shell + - deprecated-command-syntax + - experimental + - no-changed-when diff --git a/.taskfiles/Ansible/Taskfile.yaml b/.taskfiles/Ansible/Taskfile.yaml new file mode 100644 index 0000000..ecacebf --- /dev/null +++ b/.taskfiles/Ansible/Taskfile.yaml @@ -0,0 +1,52 @@ +--- +# yaml-language-server: $schema=https://taskfile.dev/schema.json +version: "3" + +vars: + PYTHON_BIN: python3 + +env: + PATH: "{{.ROOT_DIR}}/.venv/bin:$PATH" + VIRTUAL_ENV: "{{.ROOT_DIR}}/.venv" + ANSIBLE_COLLECTIONS_PATH: "{{.ROOT_DIR}}/.venv/galaxy" + ANSIBLE_ROLES_PATH: "{{.ROOT_DIR}}/.venv/galaxy/ansible_roles" + ANSIBLE_VARS_ENABLED: "host_group_vars,community.sops.sops" + +tasks: + + deps: + desc: Set up Ansible dependencies for the environment + cmds: + - task: .venv + + run: + desc: Run an Ansible playbook for configuring a cluster + summary: | + Args: + cluster: Cluster to run command against (required) + playbook: Playbook to run (required) + prompt: Run Ansible playbook '{{.playbook}}' against the '{{.cluster}}' cluster... continue? + deps: ["deps"] + cmd: | + .venv/bin/ansible-playbook \ + --inventory {{.ANSIBLE_DIR}}/{{.cluster}}/inventory/hosts.yaml \ + {{.ANSIBLE_DIR}}/{{.cluster}}/playbooks/{{.playbook}}.yaml {{.CLI_ARGS}} + preconditions: + - { msg: "Argument (cluster) is required", sh: "test -n {{.cluster}}" } + - { msg: "Argument (playbook) is required", sh: "test -n {{.playbook}}" } + - { msg: "Venv not found", sh: "test -d {{.ROOT_DIR}}/.venv" } + - { msg: "Inventory not found", sh: "test -f {{.ANSIBLE_DIR}}/{{.cluster}}/inventory/hosts.yaml" } + - { msg: "Playbook not found", sh: "test -f {{.ANSIBLE_DIR}}/{{.cluster}}/playbooks/{{.playbook}}.yaml" } + + .venv: + internal: true + cmds: + - true && {{.PYTHON_BIN}} -m venv {{.ROOT_DIR}}/.venv + - .venv/bin/python3 -m pip install --upgrade pip setuptools wheel + - .venv/bin/python3 -m pip install --upgrade --requirement {{.ANSIBLE_DIR}}/requirements.txt + - .venv/bin/ansible-galaxy install --role-file "{{.ANSIBLE_DIR}}/requirements.yaml" --force + sources: + - "{{.ANSIBLE_DIR}}/requirements.txt" + - "{{.ANSIBLE_DIR}}/requirements.yaml" + generates: + - "{{.ROOT_DIR}}/.venv/pyvenv.cfg" diff --git a/Taskfile.yaml b/Taskfile.yaml index e1caf3f..694c309 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -3,8 +3,9 @@ version: "3" vars: PYTHON_BIN: python3 - CLUSTER_DIR: "{{.ROOT_DIR}}/kubernetes" ANSIBLE_DIR: "{{.ROOT_DIR}}/ansible" + KUBERNETES_DIR: "{{.ROOT_DIR}}/kubernetes" + TERRAFORM_DIR: "{{.ROOT_DIR}}/terraform" CLUSTER_SECRETS_FILE: "{{.CLUSTER_DIR}}/flux/vars/cluster-secrets.sops.env" CLUSTER_SETTINGS_FILE: "{{.CLUSTER_DIR}}/flux/vars/cluster-settings.env" @@ -19,6 +20,7 @@ env: K8S_AUTH_KUBECONFIG: "{{.ROOT_DIR}}/kubeconfig" includes: + ansible: .taskfiles/Ansible/Taskfile.yaml volsync: .taskfiles/VolSync/Tasks.yaml precommit: .taskfiles/PreCommit/Tasks.yaml rook: diff --git a/kubernetes/apps/system/kubelet-csr-approver/app/helmrelease.yaml b/archive/system/kubelet-csr-approver/app/helmrelease.yaml similarity index 100% rename from kubernetes/apps/system/kubelet-csr-approver/app/helmrelease.yaml rename to archive/system/kubelet-csr-approver/app/helmrelease.yaml diff --git a/kubernetes/apps/system/kubelet-csr-approver/app/kustomization.yaml b/archive/system/kubelet-csr-approver/app/kustomization.yaml similarity index 100% rename from kubernetes/apps/system/kubelet-csr-approver/app/kustomization.yaml rename to archive/system/kubelet-csr-approver/app/kustomization.yaml diff --git a/kubernetes/apps/system/kubelet-csr-approver/app/kustomizeconfig.yaml b/archive/system/kubelet-csr-approver/app/kustomizeconfig.yaml similarity index 100% rename from kubernetes/apps/system/kubelet-csr-approver/app/kustomizeconfig.yaml rename to archive/system/kubelet-csr-approver/app/kustomizeconfig.yaml diff --git a/kubernetes/apps/system/kubelet-csr-approver/app/values.yaml b/archive/system/kubelet-csr-approver/app/values.yaml similarity index 100% rename from kubernetes/apps/system/kubelet-csr-approver/app/values.yaml rename to archive/system/kubelet-csr-approver/app/values.yaml diff --git a/kubernetes/apps/system/kubelet-csr-approver/ks.yaml b/archive/system/kubelet-csr-approver/ks.yaml similarity index 100% rename from kubernetes/apps/system/kubelet-csr-approver/ks.yaml rename to archive/system/kubelet-csr-approver/ks.yaml diff --git a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml index f0af114..8b9bcf1 100644 --- a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml +++ b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml @@ -55,10 +55,6 @@ spec: - NET_ADMIN - SYS_ADMIN - SYS_RESOURCE - cgroup: - autoMount: - enabled: false - hostRoot: /sys/fs/cgroup k8sServiceHost: ${K8S_SERVICE_ENDPOINT} k8sServicePort: 6443 rollOutCiliumPods: true diff --git a/kubernetes/apps/system/kustomization.yaml b/kubernetes/apps/system/kustomization.yaml index 2c93e4a..7d9520b 100644 --- a/kubernetes/apps/system/kustomization.yaml +++ b/kubernetes/apps/system/kustomization.yaml @@ -7,7 +7,6 @@ resources: - ./namespace.yaml # Flux-Kustomizations - ./intel-device-plugins/ks.yaml - - ./kubelet-csr-approver/ks.yaml - ./node-feature-discovery/ks.yaml - ./reloader/ks.yaml - ./snapshot-controller/ks.yaml diff --git a/kubernetes/flux/vars/cluster-secrets.sops.yaml b/kubernetes/flux/vars/cluster-secrets.sops.yaml index 90cdcac..d4d03f5 100644 --- a/kubernetes/flux/vars/cluster-secrets.sops.yaml +++ b/kubernetes/flux/vars/cluster-secrets.sops.yaml @@ -8,7 +8,7 @@ stringData: SECRET_PUSHOVER_ALERT_MANAGER_APIKEY: ENC[AES256_GCM,data:4+9e/tWQBszoPakAo+1vNhWsdKz8qfoioeUz+dTb,iv:sY4dkzMEmvi8kCLesBiknmoYHWq3uqXpWs5Y4FeFSuk=,tag:rPxH+5m6rPiSnhm2JrrT4w==,type:str] SECRET_HEALTHCHECKS_WEBHOOK: ENC[AES256_GCM,data:a6hjTy2HRy7s2+KHxfop8077CgAzzILCF/g5I9TIXdhRiziUrLpJVzC0mqNmfdooJsZyErrJ9ihamFKLFoK8S/PmD5IgWuZu,iv:l5JTxmiWct5nr7eJM/Rtl7AclhCoIQ4KW6nJK6Slhg0=,tag:K5yGxYBTNSSoxYJt8Kmhyw==,type:str] SECRET_CLOUDFLARE_ACCOUNT_ID: ENC[AES256_GCM,data:X63a7aMBMyd9Be6bik0knOyMXnYx/Kg3SoOrG0bkAHU=,iv:POcU1kIRWekrzUdzqPopKDovviK+fMZRVuZVWp9Vuuc=,tag:n9UamxITJCiLbH37Ta2lTg==,type:str] - K8S_SERVICE_ENDPOINT: ENC[AES256_GCM,data:3Ozpy3bMzEc=,iv:l0ND37q9ygRzYy/sjjzQC6vHk44PxPAxQPGVll5tXqQ=,tag:jK3FQiHRRoBBKhYugk2/NQ==,type:str] + K8S_SERVICE_ENDPOINT: ENC[AES256_GCM,data:mons7ADYFZv+PjnGpAg=,iv:vRkH6yn+nr2azS+kWOCG9rayB/X/02OlmQVhaIsJDkQ=,tag:RyPwMRcWgQV2kKFa6YQtMg==,type:str] sops: kms: [] gcp_kms: [] @@ -24,8 +24,8 @@ sops: dDhWMDZYait3UzNRZy9oVk85cHBPdEUKa7e22jHlW1chaLDKBB1in8ZTFnfKMXug QJQ/9z6z/RjmnnFam2FWg++Xg2A8LQ7XTZcfR97csf59DQ/xwu7sVw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-12T17:41:48Z" - mac: ENC[AES256_GCM,data:ViV0wIxtAak3BTEALubdJfZZpGO5fvdfzaqQ3LRcZZfEG2tuV/1cUT4UNfENA/Pu/3v6htfepAekwUJPrBLCGQzIdwnrjgeLV3njtwNVeGh9+y/6PGwK3+7Biymg7fWYFEyL348aHyPfZ744Z6Y5bFEoiRfTIW6FgQyZ9DOJ32s=,iv:1DBDc/zekjjbj8TBAX3FbPTyXrwkVt3OJL2OhvcVRqo=,tag:naNziCLKmuXffWHnATB88w==,type:str] + lastmodified: "2024-01-02T23:49:24Z" + mac: ENC[AES256_GCM,data:OZzwxpqsXk2tfWmDRjWdmRZaP1pc0HRAuxt1om1Q0yN0R7LTafyRaKdWRdDYi7g76/C8qvSwgT72If5u+M10Q/KKNDy/PavDKn9yMHLkYkdmnXCbyxuWCFqlDoVoOQyPG3H4+ahZkYDnXwzcScR8klTZxdG2n5xO6FJc3PKJFlk=,iv:f2d0J2vG3amQ5UCowNU4U9X+siuWq43uq3nLndoy76A=,tag:ZbfWo82UhiR1AOh93WkpLQ==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.8.1