Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 1ac0416038 | |||
|
e4912110a5 | ||
| 5fdff5ebc7 | |||
| 3eb6f7cdf8 | |||
| 84a47d88b7 | |||
| 165cdfd533 | |||
| 98cc4b4ee3 | |||
| 92886ee96e | |||
| 6b28af8023 |
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,3 +1,4 @@
|
||||
vault-pass.gpg-*
|
||||
roles/*
|
||||
!roles/requirements.yml
|
||||
.vscode/
|
||||
|
||||
@ -1 +1 @@
|
||||
55F7FC933CCA4A47F5AA3C802F84305F02B16995
|
||||
88CBCAD842520E46
|
||||
|
||||
Binary file not shown.
@ -1,3 +1,3 @@
|
||||
[defaults]
|
||||
roles_path = roles:galaxy-roles:git-roles:ansible-roles:~/.ansible/roles
|
||||
# vault_password_file = .vault/vault-open.sh
|
||||
vault_password_file = .vault/vault-open.sh
|
||||
|
||||
@ -1 +1,19 @@
|
||||
dop_v1_cf3fddc6f6c9e008e62c454a3db645038634c253a526a3bbbcf27618789ae587
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
37303132393466333261633739343530323037363563346263393337306262386434616236623830
|
||||
6439616662356337653935346434323638326432363531660a333235636264313765646330363263
|
||||
31616232373735373834393965353930316161393265366431653639646438376534656462326337
|
||||
3036653763363530330a333461643731636535643532323139393238353431313034323066363635
|
||||
31336534383163303233383936383533663437663637323335326335356135653063303133643764
|
||||
35613638663736636166353734303333666332633434313766346332373565633166356561643030
|
||||
64626163636562323964346137313238633036396232393766393137663134396663613933646539
|
||||
63666435333763323862636536313436383133343031363232333433656264386139653030383465
|
||||
63333137356463303865393939303463333031383563393837623261333734353261326333316461
|
||||
66343135656631396230303665373033663431356464636163613333643362383162613861393435
|
||||
32626562653337313638623764646463663034363065306633346365303366643166633436643936
|
||||
32653865363631623839313533333831386339633837353233313730643939336265343764643131
|
||||
34363734616237373237303039643261376664376636386164643433366436353162656232336330
|
||||
39336436353235396633313265353939373262303637373830623439303132386666646130626330
|
||||
62653462343838303266343830366565666639353362343662653234396365353339343330623039
|
||||
37653335323564323762653338666634363237303830653736623963306564643831353233663630
|
||||
32386131373263613139326534633432666364656561663461643031663230643366363036336631
|
||||
3039393835346431346231636665396138393336343963333466
|
||||
|
||||
@ -1,15 +1,15 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: l.stg.earthball.xyz
|
||||
name: pwa.laconic.com
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: l.stg.earthball.xyz
|
||||
secretName: pwa.laconic.com
|
||||
issuerRef:
|
||||
name: letsencrypt-prod-wild
|
||||
kind: ClusterIssuer
|
||||
group: cert-manager.io
|
||||
commonName: "*.l.stg.earthball.xyz"
|
||||
commonName: "*.pwa.laconic.com"
|
||||
dnsNames:
|
||||
- "l.stg.earthball.xyz"
|
||||
- "*.l.stg.earthball.xyz"
|
||||
- "pwa.laconic.com"
|
||||
- "*.pwa.laconic.com"
|
||||
@ -1,2 +1,7 @@
|
||||
---
|
||||
support_email: someone@example.com
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
37613532616632663366373332616133316237633564386464643032636137356436623331313365
|
||||
3164613836383930663466306133336263393764306662620a616131366561306334656535663432
|
||||
31323566373730353338356365663764386266383831666637646361626433343162313039343964
|
||||
3837666333343133630a343534366535613765336134623532323038633466666538356235323464
|
||||
65326264393765383138393661616537323864333036353130633461383865643030366363623437
|
||||
6162376537646461343066316234663730663466303931646630
|
||||
|
||||
8
group_vars/lcn_cad/k8s-vault.yml
Normal file
8
group_vars/lcn_cad/k8s-vault.yml
Normal file
@ -0,0 +1,8 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
32623937306230646432336339336134316263616136383264623030623930633664346263643165
|
||||
3539396565353163656432303038613736343430643765330a353465613136396436613565396638
|
||||
63396333363766353737363438383262623539376666316531303535663832303363356631633735
|
||||
6666643461626262350a393136306662666232356532366666323765356330333838363162356330
|
||||
61333233666634373666636630623865333838653762393634306464336636633633646266623263
|
||||
33373831613266373839383666326264376362646638386566656362656130383861633933666564
|
||||
383930616533303265633661363335633064
|
||||
@ -1,13 +1,22 @@
|
||||
---
|
||||
k8s_cluster_name: lx-cad
|
||||
k8s_cluster_url: lx-cad-cluster-control.l.stg.earthball.xyz
|
||||
k8s_taint_servers: true
|
||||
# default context is used for stack orchestrator deployments, for testing a custom context name can be usefull
|
||||
#k8s_cluster_name: lcn-cad-cluster
|
||||
k8s_cluster_name: default
|
||||
k8s_cluster_url: lcn-cad-cluster-control.laconic.com
|
||||
k8s_taint_servers: false
|
||||
|
||||
k8s_acme_email: "{{ support_email }}"
|
||||
|
||||
# k3s bundles traefik as the default ingress controller, we will disable it and use nginx instead
|
||||
k8s_disable:
|
||||
- traefik
|
||||
|
||||
# secrets can be stored in a file or as a template, the template secrets gets dynamically base64 encoded while file based secrets must be encoded by hand
|
||||
k8s_secrets:
|
||||
- name: digitalocean-dns
|
||||
type: file
|
||||
source: secret-digitalocean-dns.yaml
|
||||
|
||||
k8s_manifests:
|
||||
# ingress controller, replaces traefik which is explicitly disabled
|
||||
- name: ingress-nginx
|
||||
@ -17,7 +26,7 @@ k8s_manifests:
|
||||
# cert-manager, required for letsencrypt
|
||||
- name: cert-manager
|
||||
type: url
|
||||
source: https://github.com/cert-manager/cert-manager/releases/download/v1.15.0/cert-manager.yaml
|
||||
source: https://github.com/cert-manager/cert-manager/releases/download/v1.15.1/cert-manager.yaml
|
||||
|
||||
# issuer for basic http certs
|
||||
- name: letsencrypt-prod
|
||||
@ -41,6 +50,6 @@ k8s_manifests:
|
||||
secret_key: access-token
|
||||
|
||||
# initiate wildcard cert
|
||||
- name: l.stg.earthball.xyz
|
||||
- name: pwa.laconic.com
|
||||
type: file
|
||||
source: wildcard-l-earthball.yaml
|
||||
source: wildcard-pwa-laconic.yaml
|
||||
@ -1,10 +0,0 @@
|
||||
---
|
||||
k8s_cluster_token: 18cd2efad6ba0df6cfe1e559ffacb0e2
|
||||
|
||||
k8s_secrets:
|
||||
- name: digitalocean-dns
|
||||
type: template
|
||||
namespace: cert-manager
|
||||
secrets:
|
||||
- key: access-token
|
||||
value: dop_v1_cf3fddc6f6c9e008e62c454a3db645038634c253a526a3bbbcf27618789ae587
|
||||
@ -2,7 +2,7 @@
|
||||
firewalld_add:
|
||||
- name: public
|
||||
interfaces:
|
||||
- eth0
|
||||
- enp9s0
|
||||
services:
|
||||
- http
|
||||
- https
|
||||
@ -13,5 +13,4 @@ firewalld_add:
|
||||
sources:
|
||||
- 10.42.0.0/16
|
||||
- 10.43.0.0/16
|
||||
- 146.190.250.234/32
|
||||
- 138.197.140.188/32
|
||||
- 159.203.31.82/32
|
||||
@ -2,16 +2,15 @@
|
||||
firewalld_add:
|
||||
- name: public
|
||||
interfaces:
|
||||
- eth0
|
||||
- ens3
|
||||
services:
|
||||
- http
|
||||
- https
|
||||
ports:
|
||||
- 22657/tcp
|
||||
- 22656/tcp
|
||||
- 26657/tcp
|
||||
- 26656/tcp
|
||||
- 1317/tcp
|
||||
|
||||
- name: trusted
|
||||
sources:
|
||||
- 138.197.140.188/32
|
||||
- 138.197.136.93/32
|
||||
- 147.182.144.6/32
|
||||
@ -6,16 +6,16 @@ nginx_proxy_send_timeout: 1200
|
||||
nginx_proxy_connection_timeout: 75
|
||||
|
||||
nginx_sites:
|
||||
- name: lx-console
|
||||
url: lx-console.l.stg.earthball.xyz
|
||||
- name: lcn-console
|
||||
url: lcn-console.laconic.com
|
||||
upstream: http://localhost:8080
|
||||
template: basic-proxy
|
||||
ssl: true
|
||||
|
||||
- name: lx-daemon
|
||||
url: lx-daemon.l.stg.earthball.xyz
|
||||
- name: lcn-daemon
|
||||
url: lcn-daemon.laconic.com
|
||||
upstream: http://localhost:9473
|
||||
configs:
|
||||
- rewrite ^/deployer(/.*)? https://webapp-deployer.l.stg.earthball.xyz permanent
|
||||
- rewrite ^/deployer(/.*)? https://webapp-deployer.pwa.laconic.com permanent
|
||||
template: websocket-proxy
|
||||
ssl: true
|
||||
@ -1,15 +0,0 @@
|
||||
---
|
||||
firewalld_add:
|
||||
- name: public
|
||||
interfaces:
|
||||
- eth0
|
||||
services:
|
||||
- http
|
||||
- https
|
||||
|
||||
- name: trusted
|
||||
sources:
|
||||
- 10.42.0.0/16
|
||||
- 10.43.0.0/16
|
||||
- 146.190.250.234/32
|
||||
- 138.197.136.93/32
|
||||
14
hosts
14
hosts
@ -1,14 +1,12 @@
|
||||
[all]
|
||||
lx-daemon ansible_host=146.190.250.234
|
||||
lx-cad-cluster-control ansible_host=138.197.136.93
|
||||
lx-cad-cluster-worker ansible_host=138.197.140.188
|
||||
lcn-daemon ansible_host=159.203.31.82
|
||||
lcn-cad-cluster-control ansible_host=147.182.144.6
|
||||
|
||||
[so]
|
||||
lx-daemon
|
||||
lcn-daemon
|
||||
|
||||
[lx_cad]
|
||||
lx-cad-cluster-control k8s_node_type=bootstrap
|
||||
lx-cad-cluster-worker k8s_node_type=agent k8s_pod_limit=1024 k8s_external_ip=138.197.140.188
|
||||
[lcn_cad]
|
||||
lcn-cad-cluster-control k8s_node_type=bootstrap k8s_pod_limit=1024 k8s_external_ip=147.182.144.6
|
||||
|
||||
[k8s:children]
|
||||
lx_cad
|
||||
lcn_cad
|
||||
|
||||
@ -1,20 +1,20 @@
|
||||
---
|
||||
- name: firewalld
|
||||
scm: git
|
||||
src: https://github.com/srwadleigh/ansible-role-firewalld
|
||||
src: https://git.vdb.to/cerc-io/ansible-role-firewalld
|
||||
version: main
|
||||
|
||||
- name: nginx
|
||||
scm: git
|
||||
src: https://github.com/srwadleigh/ansible-role-nginx
|
||||
src: https://git.vdb.to/cerc-io/ansible-role-nginx
|
||||
version: main
|
||||
|
||||
- name: so
|
||||
scm: git
|
||||
src: https://github.com/srwadleigh/ansible-role-so
|
||||
src: https://git.vdb.to/cerc-io/ansible-role-so
|
||||
version: main
|
||||
|
||||
- name: k8s
|
||||
scm: git
|
||||
src: https://github.com/srwadleigh/ansible-role-k8s
|
||||
src: https://git.vdb.to/cerc-io/ansible-role-k8s
|
||||
version: main
|
||||
|
||||
Loading…
Reference in New Issue
Block a user