testnet-ops/service-provider-setup/templates/k8s.yml.j2
nabarun 18df60a291 Add ansible playbook to automate service provider setup (#10)
Part of [Service Provider setup](https://www.notion.so/Service-provider-setup-a09e2207e1f34f3a847f7ce9713b7ac5)
- Added ansible playbooks for:
  - Adding a new user with passwordless sudo
  - Configuring DNS records
  - Setting up the system with required packages and gpg key
  - Deploying k8s
  - Setting up container registry
  - Setting up laconicd and laconic-console
  - Setting up and starting webapp-deployer-api and webapp-deployer-ui
- TODOs:
  - Mount gpg keys in webapp-deployer-api container

Co-authored-by: Adw8 <adwaitgharpure@gmail.com>
Reviewed-on: #10
2024-10-01 12:17:10 +00:00

56 lines
1.8 KiB
Django/Jinja

---
# default context is used for stack orchestrator deployments, for testing a custom context name can be usefull
#k8s_cluster_name: {{ org_id }}-{{ location_id }}-cluster
k8s_cluster_name: default
k8s_cluster_url: {{ org_id }}-{{ location_id }}-cluster-control.{{ full_domain }}
k8s_taint_servers: false
k8s_acme_email: "{{ support_email }}"
# k3s bundles traefik as the default ingress controller, we will disable it and use nginx instead
k8s_disable:
- traefik
# secrets can be stored in a file or as a template, the template secrets gets dynamically base64 encoded while file based secrets must be encoded by hand
k8s_secrets:
- name: digitalocean-dns
type: file
source: secret-digitalocean-dns.yaml
k8s_manifests:
# ingress controller, replaces traefik which is explicitly disabled
- name: ingress-nginx
type: url
source: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml
# cert-manager, required for letsencrypt
- name: cert-manager
type: url
source: https://github.com/cert-manager/cert-manager/releases/download/v1.15.1/cert-manager.yaml
# issuer for basic http certs
- name: letsencrypt-prod
type: template
source: shared/clusterissuer-acme.yaml
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- type: http
ingress: nginx
# issuer for wildcard dns certs
- name: letsencrypt-prod-wild
type: template
source: shared/clusterissuer-acme.yaml
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- type: dns
provider: digitalocean
tokenref: tokenSecretRef
secret_name: digitalocean-dns
secret_key: access-token
# initiate wildcard cert
- name: pwa.{{ full_domain }}
type: file
source: wildcard-pwa-{{ base_domain }}.yaml