nabarun
18df60a291
Part of [Service Provider setup](https://www.notion.so/Service-provider-setup-a09e2207e1f34f3a847f7ce9713b7ac5) - Added ansible playbooks for: - Adding a new user with passwordless sudo - Configuring DNS records - Setting up the system with required packages and gpg key - Deploying k8s - Setting up container registry - Setting up laconicd and laconic-console - Setting up and starting webapp-deployer-api and webapp-deployer-ui - TODOs: - Mount gpg keys in webapp-deployer-api container Co-authored-by: Adw8 <adwaitgharpure@gmail.com> Reviewed-on: #10
56 lines
1.8 KiB
Django/Jinja
56 lines
1.8 KiB
Django/Jinja
---
|
|
# default context is used for stack orchestrator deployments, for testing a custom context name can be usefull
|
|
#k8s_cluster_name: {{ org_id }}-{{ location_id }}-cluster
|
|
k8s_cluster_name: default
|
|
k8s_cluster_url: {{ org_id }}-{{ location_id }}-cluster-control.{{ full_domain }}
|
|
k8s_taint_servers: false
|
|
|
|
k8s_acme_email: "{{ support_email }}"
|
|
|
|
# k3s bundles traefik as the default ingress controller, we will disable it and use nginx instead
|
|
k8s_disable:
|
|
- traefik
|
|
|
|
# secrets can be stored in a file or as a template, the template secrets gets dynamically base64 encoded while file based secrets must be encoded by hand
|
|
k8s_secrets:
|
|
- name: digitalocean-dns
|
|
type: file
|
|
source: secret-digitalocean-dns.yaml
|
|
|
|
k8s_manifests:
|
|
# ingress controller, replaces traefik which is explicitly disabled
|
|
- name: ingress-nginx
|
|
type: url
|
|
source: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml
|
|
|
|
# cert-manager, required for letsencrypt
|
|
- name: cert-manager
|
|
type: url
|
|
source: https://github.com/cert-manager/cert-manager/releases/download/v1.15.1/cert-manager.yaml
|
|
|
|
# issuer for basic http certs
|
|
- name: letsencrypt-prod
|
|
type: template
|
|
source: shared/clusterissuer-acme.yaml
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
|
solvers:
|
|
- type: http
|
|
ingress: nginx
|
|
|
|
# issuer for wildcard dns certs
|
|
- name: letsencrypt-prod-wild
|
|
type: template
|
|
source: shared/clusterissuer-acme.yaml
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
|
solvers:
|
|
- type: dns
|
|
provider: digitalocean
|
|
tokenref: tokenSecretRef
|
|
secret_name: digitalocean-dns
|
|
secret_key: access-token
|
|
|
|
# initiate wildcard cert
|
|
- name: pwa.{{ full_domain }}
|
|
type: file
|
|
source: wildcard-pwa-{{ base_domain }}.yaml
|