diff --git a/ansible/.ansible-lint b/.ansible-lint similarity index 100% rename from ansible/.ansible-lint rename to .ansible-lint diff --git a/.archive/ansible/test/inventory/group_vars/all/main.yaml b/.archive/ansible/test/inventory/group_vars/all/main.yaml deleted file mode 100644 index e7eabea5b4597..0000000000000 --- a/.archive/ansible/test/inventory/group_vars/all/main.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -k3s_become: true -k3s_etcd_datastore: true -k3s_install_hard_links: true -k3s_registration_address: 192.168.42.55 -k3s_registries: - mirrors: - docker.io: - gcr.io: - ghcr.io: - k8s.gcr.io: - lscr.io: - mcr.microsoft.com: - public.ecr.aws: - quay.io: - registry.k8s.io: -# renovate: datasource=github-releases depName=k3s-io/k3s -k3s_release_version: v1.29.1+k3s1 -k3s_server_manifests_templates: - - custom-cilium-helmchart.yaml.j2 - - custom-coredns-helmchart.yaml.j2 - - kube-vip-ds.yaml.j2 - - kube-vip-rbac.yaml.j2 -k3s_use_unsupported_config: true diff --git a/.archive/ansible/test/inventory/group_vars/master/main.yaml b/.archive/ansible/test/inventory/group_vars/master/main.yaml deleted file mode 100644 index 09b143172ff63..0000000000000 --- a/.archive/ansible/test/inventory/group_vars/master/main.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -k3s_control_node: true -k3s_server: - cluster-cidr: 10.232.0.0/16 - disable: ["coredns", "flannel", "local-storage", "metrics-server", "servicelb", "traefik"] - disable-cloud-controller: true - disable-helm-controller: false - disable-kube-proxy: true - disable-network-policy: true - docker: false - embedded-registry: true - etcd-disable-snapshots: true - etcd-expose-metrics: true - flannel-backend: "none" # quote - kube-apiserver-arg: ["anonymous-auth=true"] - kube-controller-manager-arg: ["bind-address=0.0.0.0"] - kube-scheduler-arg: ["bind-address=0.0.0.0"] - kubelet-arg: ["image-gc-low-threshold=50", "image-gc-high-threshold=55"] - node-ip: "{{ ansible_host }}" - pause-image: registry.k8s.io/pause:3.9 - secrets-encryption: true - service-cidr: 10.233.0.0/16 - tls-san: ["{{ k3s_registration_address }}"] - write-kubeconfig-mode: "0644" # quote diff --git a/.archive/ansible/test/inventory/hosts.yaml b/.archive/ansible/test/inventory/hosts.yaml deleted file mode 100644 index a9d8f23405573..0000000000000 --- a/.archive/ansible/test/inventory/hosts.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -kubernetes: - vars: - ansible_user: devin - ansible_ssh_port: 22 - children: - master: - hosts: - k8s-test-0: - ansible_host: 192.168.42.203 diff --git a/.archive/ansible/test/playbooks/cluster-installation.yaml b/.archive/ansible/test/playbooks/cluster-installation.yaml deleted file mode 100644 index 8c8465e3bd482..0000000000000 --- a/.archive/ansible/test/playbooks/cluster-installation.yaml +++ /dev/null @@ -1,62 +0,0 @@ ---- -- name: Cluster Installation - hosts: kubernetes - become: true - gather_facts: true - any_errors_fatal: true - pre_tasks: - - name: Pausing for 2 seconds... - ansible.builtin.pause: - seconds: 2 - tasks: - - name: Check if cluster is installed - check_mode: false - ansible.builtin.stat: - path: /etc/rancher/k3s/config.yaml - register: k3s_installed - - - name: Ignore manifests templates and urls if the cluster is already installed - when: k3s_installed.stat.exists - ansible.builtin.set_fact: - k3s_server_manifests_templates: [] - k3s_server_manifests_urls: [] - - - name: Prevent downgrades - when: k3s_installed.stat.exists - ansible.builtin.include_tasks: tasks/version-check.yaml - - - name: Install Kubernetes - ansible.builtin.include_role: - name: xanmanning.k3s - public: true - vars: - k3s_state: installed - - - name: Wait for custom manifests to rollout - when: - - k3s_primary_control_node - - (k3s_server_manifests_templates | length > 0 - or k3s_server_manifests_urls | length > 0) - kubernetes.core.k8s_info: - kubeconfig: /etc/rancher/k3s/k3s.yaml - kind: "{{ item.kind }}" - name: "{{ item.name }}" - namespace: "{{ item.namespace | default('') }}" - wait: true - wait_sleep: 10 - wait_timeout: 360 - loop: - - { name: cilium, kind: HelmChart, namespace: kube-system } - - { name: coredns, kind: HelmChart, namespace: kube-system } - - - name: Coredns - when: k3s_primary_control_node - ansible.builtin.include_tasks: tasks/coredns.yaml - - - name: Cilium - when: k3s_primary_control_node - ansible.builtin.include_tasks: tasks/cilium.yaml - - - name: Cruft - when: k3s_primary_control_node - ansible.builtin.include_tasks: tasks/cruft.yaml diff --git a/.archive/ansible/test/playbooks/tasks/cilium.yaml b/.archive/ansible/test/playbooks/tasks/cilium.yaml deleted file mode 100644 index ca242bb031bfb..0000000000000 --- a/.archive/ansible/test/playbooks/tasks/cilium.yaml +++ /dev/null @@ -1,56 +0,0 @@ ---- -- name: Cilium - block: - - name: Cilium | Check if Cilium HelmChart exists - kubernetes.core.k8s_info: - kubeconfig: /etc/rancher/k3s/k3s.yaml - name: cilium - kind: HelmChart - namespace: kube-system - register: cilium_helmchart - - - name: Cilium | Wait for Cilium to rollout - when: cilium_helmchart.resources | count > 0 - kubernetes.core.k8s_info: - kubeconfig: /etc/rancher/k3s/k3s.yaml - name: helm-install-cilium - kind: Job - namespace: kube-system - wait: true - wait_condition: - type: Complete - status: true - wait_timeout: 360 - - - name: Cilium | Patch the Cilium HelmChart to unmanage it - when: cilium_helmchart.resources | count > 0 - kubernetes.core.k8s_json_patch: - kubeconfig: /etc/rancher/k3s/k3s.yaml - name: cilium - kind: HelmChart - namespace: kube-system - patch: - - op: add - path: /metadata/annotations/helmcharts.helm.cattle.io~1unmanaged - value: "true" - - - name: Cilium | Delete the Cilium HelmChart CR - when: cilium_helmchart.resources | count > 0 - kubernetes.core.k8s: - kubeconfig: /etc/rancher/k3s/k3s.yaml - name: cilium - kind: HelmChart - namespace: kube-system - state: absent - - - name: Cilium | Force delete the Cilium HelmChart - when: cilium_helmchart.resources | count > 0 - kubernetes.core.k8s: - kubeconfig: /etc/rancher/k3s/k3s.yaml - name: cilium - kind: HelmChart - namespace: kube-system - state: patched - definition: - metadata: - finalizers: [] diff --git a/.archive/ansible/test/playbooks/tasks/coredns.yaml b/.archive/ansible/test/playbooks/tasks/coredns.yaml deleted file mode 100644 index d18383a759f58..0000000000000 --- a/.archive/ansible/test/playbooks/tasks/coredns.yaml +++ /dev/null @@ -1,56 +0,0 @@ ---- -- name: Coredns - block: - - name: Coredns | Check if Coredns HelmChart exists - kubernetes.core.k8s_info: - kubeconfig: /etc/rancher/k3s/k3s.yaml - name: coredns - kind: HelmChart - namespace: kube-system - register: coredns_helmchart - - - name: Coredns | Wait for Coredns to rollout - when: coredns_helmchart.resources | count > 0 - kubernetes.core.k8s_info: - kubeconfig: /etc/rancher/k3s/k3s.yaml - name: helm-install-coredns - kind: Job - namespace: kube-system - wait: true - wait_condition: - type: Complete - status: true - wait_timeout: 360 - - - name: Coredns | Patch the Coredns HelmChart to unmanage it - when: coredns_helmchart.resources | count > 0 - kubernetes.core.k8s_json_patch: - kubeconfig: /etc/rancher/k3s/k3s.yaml - name: coredns - kind: HelmChart - namespace: kube-system - patch: - - op: add - path: /metadata/annotations/helmcharts.helm.cattle.io~1unmanaged - value: "true" - - - name: Coredns | Delete the Coredns HelmChart CR - when: coredns_helmchart.resources | count > 0 - kubernetes.core.k8s: - kubeconfig: /etc/rancher/k3s/k3s.yaml - name: coredns - kind: HelmChart - namespace: kube-system - state: absent - - - name: Coredns | Force delete the Coredns HelmChart - when: coredns_helmchart.resources | count > 0 - kubernetes.core.k8s: - kubeconfig: /etc/rancher/k3s/k3s.yaml - name: coredns - kind: HelmChart - namespace: kube-system - state: patched - definition: - metadata: - finalizers: [] diff --git a/.archive/ansible/test/playbooks/tasks/version-check.yaml b/.archive/ansible/test/playbooks/tasks/version-check.yaml deleted file mode 100644 index c9ba34677af2b..0000000000000 --- a/.archive/ansible/test/playbooks/tasks/version-check.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Version Check - block: - - name: Get deployed k3s version - ansible.builtin.command: k3s --version - register: k3s_version - changed_when: false - failed_when: false - - - name: Extract k3s version - ansible.builtin.set_fact: - deployed_k3s_version: "{{ k3s_version.stdout | regex_replace('(?im)k3s version (?P[a-z0-9\\.\\+]+).*\n.*', '\\g') }}" - - - name: Check if upgrades are allowed - ansible.builtin.assert: - that: - - "k3s_release_version is version(deployed_k3s_version, '>=')" - fail_msg: "Unable to upgrade k3s because the deployed version is higher than the one specified in the configuration" diff --git a/.archive/ansible/test/playbooks/templates/custom-cilium-helmchart.yaml.j2 b/.archive/ansible/test/playbooks/templates/custom-cilium-helmchart.yaml.j2 deleted file mode 100644 index 3cef7cef5d65f..0000000000000 --- a/.archive/ansible/test/playbooks/templates/custom-cilium-helmchart.yaml.j2 +++ /dev/null @@ -1,46 +0,0 @@ ---- -apiVersion: helm.cattle.io/v1 -kind: HelmChart -metadata: - name: cilium - namespace: kube-system -spec: - repo: https://helm.cilium.io/ - chart: cilium - # renovate: datasource=helm depName=cilium repository=https://helm.cilium.io - version: 1.15.0 - targetNamespace: kube-system - bootstrap: true - valuesContent: |- - autoDirectNodeRoutes: true - bpf: - masquerade: true - cluster: - name: kubernetes - id: 1 - containerRuntime: - integration: containerd - socketPath: /var/run/k3s/containerd/containerd.sock - endpointRoutes: - enabled: true - hubble: - enabled: false - ipam: - mode: kubernetes - ipv4NativeRoutingCIDR: "{{ k3s_server['cluster-cidr'] }}" - k8sServiceHost: 127.0.0.1 - k8sServicePort: 6444 - kubeProxyReplacement: true - kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256 - l2announcements: - enabled: true - loadBalancer: - algorithm: maglev - mode: dsr - localRedirectPolicy: true - operator: - rollOutPods: true - rollOutCiliumPods: true - securityContext: - privileged: true - routingMode: native diff --git a/.archive/kubernetes/k0s-nas/k0sctl.yaml b/.archive/kubernetes/k0s-nas/k0sctl.yaml deleted file mode 100644 index 5322708c2d74d..0000000000000 --- a/.archive/kubernetes/k0s-nas/k0sctl.yaml +++ /dev/null @@ -1,110 +0,0 @@ ---- -apiVersion: k0sctl.k0sproject.io/v1beta1 -kind: Cluster -metadata: - name: storage -spec: - hosts: - - role: controller+worker - ssh: - address: 192.168.42.80 - user: devin - installFlags: - - --disable-components=metrics-server - - --no-taints - privateInterface: bond0 - files: - - name: bootstrap-scripts - src: scripts - hooks: - apply: - before: - - bash ~/k0s-apply-system.sh expanse - reset: - before: - - bash ~/k0s-reset-cilium.sh - after: - - bash ~/k0s-reset-system.sh - k0s: - # renovate: datasource=github-releases depName=k0sproject/k0s - version: v1.29.1+k0s.0 - config: - apiVersion: k0s.k0sproject.io/v1beta1 - kind: ClusterConfig - metadata: - name: storage - spec: - telemetry: - enabled: false - controllerManager: - extraArgs: - bind-address: "0.0.0.0" - scheduler: - extraArgs: - bind-address: "0.0.0.0" - storage: - type: etcd - etcd: - extraArgs: - listen-metrics-urls: http://0.0.0.0:2381 - api: - sans: - - 192.168.42.80 - - expanse - - expanse.turbo.ac - network: - provider: custom - kubeProxy: - disabled: true - nodeLocalLoadBalancing: - enabled: true - type: EnvoyProxy - podCIDR: 10.132.0.0/16 - serviceCIDR: 10.133.0.0/16 - extensions: - helm: - repositories: - - name: cilium - url: https://helm.cilium.io - charts: - - name: cilium - chartname: cilium/cilium - # renovate: datasource=github-releases depName=cilium/cilium - version: 1.15.0 - namespace: kube-system - values: |2 - autoDirectNodeRoutes: true - bpf: - masquerade: true - cluster: - name: storage - id: 2 - containerRuntime: - integration: containerd - socketPath: /var/run/k0s/containerd.sock - devices: bond0 - enableRuntimeDeviceDetection: true - endpointRoutes: - enabled: true - hubble: - enabled: false - ipam: - mode: kubernetes - ipv4NativeRoutingCIDR: 10.132.0.0/16 - k8sServiceHost: localhost - k8sServicePort: 7443 - kubeProxyReplacement: true - kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256 - l2announcements: - enabled: true - loadBalancer: - algorithm: maglev - mode: dsr - localRedirectPolicy: true - operator: - replicas: 1 - rollOutPods: true - rollOutCiliumPods: true - routingMode: native - securityContext: - privileged: true diff --git a/.archive/kubernetes/k0s-nas/scripts/k0s-apply-system.sh b/.archive/kubernetes/k0s-nas/scripts/k0s-apply-system.sh deleted file mode 100755 index 94e39e8095892..0000000000000 --- a/.archive/kubernetes/k0s-nas/scripts/k0s-apply-system.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/bin/env bash -set -e -set -o noglob - -[ $(id -u) -eq 0 ] || exec sudo $0 $@ - -HOSTNAME="$1" - -# Prepare -sudo apt-get update -y - -# Install Packages -apt-get install -y --no-install-recommends \ - apt-transport-https ca-certificates conntrack curl dirmngr gdisk gnupg hdparm htop \ - iptables iputils-ping ipvsadm libseccomp2 lm-sensors net-tools nfs-common nvme-cli \ - open-iscsi parted psmisc python3 smartmontools socat software-properties-common \ - unzip util-linux - -# Timezone -timedatectl set-timezone "America/New_York" - -# Hostname -hostnamectl set-hostname "${HOSTNAME}" - -# Hosts -cat < /etc/hosts -127.0.0.1 localhost -127.0.1.1 $HOSTNAME.turbo.ac $HOSTNAME -::1 localhost ip6-localhost ip6-loopback -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters -EOF - -# Kernel Modules -for module in bonding br_netfilter ceph ip_vs ip_vs_rr nbd overlay rbd; do - if ! test -f /etc/modules-load.d/$module.conf; then - echo $module > /etc/modules-load.d/$module.conf - fi -done -systemctl restart systemd-modules-load.service - -# Sysctls -cat < /etc/sysctl.d/99-kubernetes.conf -fs.inotify.max_queued_events = 65536 -fs.inotify.max_user_watches = 524288 -fs.inotify.max_user_instances = 8192 -EOF -sysctl -p /etc/sysctl.d/99-kubernetes.conf - -# Disable swap -swapoff -a - -# Disable AppArmor -if systemctl is-enabled apparmor.service; then - systemctl mask apparmor.service -fi - -# Create containerd config -mkdir -p /etc/k0s/containerd.d -cat < /etc/k0s/containerd.d/default.toml -[plugins."io.containerd.grpc.v1.cri"] - enable_unprivileged_ports = true - enable_unprivileged_icmp = true -[plugins."io.containerd.grpc.v1.cri".registry] - config_path = "/var/lib/k0s/containerd/certs.d" -[plugins."io.containerd.grpc.v1.cri".containerd] - discard_unpacked_layers = false -[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] - discard_unpacked_layers = false -EOF diff --git a/.archive/kubernetes/k0s-nas/scripts/k0s-reset-cilium.sh b/.archive/kubernetes/k0s-nas/scripts/k0s-reset-cilium.sh deleted file mode 100755 index cdf29201abd07..0000000000000 --- a/.archive/kubernetes/k0s-nas/scripts/k0s-reset-cilium.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/env bash -set -e -set -o noglob - -[ $(id -u) -eq 0 ] || exec sudo $0 $@ - -remove_interfaces() { - ip link show 2>/dev/null | grep 'cilium' | while read ignore iface ignore; do - iface=${iface%%@*} - [ -z "$iface" ] || (ip link delete $iface || true) - done -} - -reset_iptables() { - iptables -t nat -F - iptables -t mangle -F - iptables -t filter -F - iptables -t raw -F - iptables -X - ip6tables -t nat -F - ip6tables -t mangle -F - ip6tables -t filter -F - ip6tables -t raw -F - ip6tables -X -} - -do_unmount_and_remove() { - set +x - while read -r _ path _; do - case "$path" in $1*) echo "$path" ;; esac - done < /proc/self/mounts | sort -r | xargs -r -t -n 1 sh -c 'umount -f "$0" && rm -rf "$0"' - set -x -} - -do_unmount_and_remove '/run/netns/cni-' -ip netns show 2>/dev/null | grep cni- | xargs -r -t -n 1 ip netns delete -remove_interfaces -reset_iptables -rm -rf /var/lib/cni -rm -rf /etc/cni/net.d diff --git a/.archive/kubernetes/k0s-nas/scripts/k0s-reset-system.sh b/.archive/kubernetes/k0s-nas/scripts/k0s-reset-system.sh deleted file mode 100755 index f5fafac5eeea6..0000000000000 --- a/.archive/kubernetes/k0s-nas/scripts/k0s-reset-system.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash -set -e -set -o noglob - -[ $(id -u) -eq 0 ] || exec sudo $0 $@ - -# Remove containerd config -rm -rf /etc/k0s/containerd.d - -# Remove local storage data -rm -rf /var/openebs/local - -# # Reboot -# (sleep 30 && systemctl reboot)& diff --git a/.archive/kubernetes/k0s/k0sctl.yaml b/.archive/kubernetes/k0s/k0sctl.yaml deleted file mode 100644 index 1a544738b5a33..0000000000000 --- a/.archive/kubernetes/k0s/k0sctl.yaml +++ /dev/null @@ -1,106 +0,0 @@ ---- -apiVersion: k0sctl.k0sproject.io/v1beta1 -kind: Cluster -metadata: - name: k0s-cluster -spec: - hosts: - - role: controller+worker - ssh: - address: 192.168.42.203 - user: devin - installFlags: - - --disable-components=metrics-server - - --no-taints - files: - - name: bootstrap-scripts - src: scripts - hooks: - apply: - before: - - bash ~/apply-system.sh "k8s-test-0" - - bash ~/apply-kube-vip.sh - reset: - before: - - bash ~/reset-cilium.sh - after: - - bash ~/reset-system.sh - k0s: - # renovate: datasource=github-releases depName=k0sproject/k0s - version: v1.29.1+k0s.0 - dynamicConfig: false - config: - spec: - telemetry: - enabled: false - controllerManager: - extraArgs: - bind-address: "0.0.0.0" - scheduler: - extraArgs: - bind-address: "0.0.0.0" - storage: - etcd: - extraArgs: - listen-metrics-urls: http://0.0.0.0:2381 - api: - sans: - - 192.168.42.203 - - 192.168.42.55 - network: - provider: custom - kubeProxy: - disabled: true - nodeLocalLoadBalancing: - enabled: true - type: EnvoyProxy - extensions: - helm: - repositories: - - name: cilium - url: https://helm.cilium.io - charts: - - name: cilium - chartname: cilium/cilium - # renovate: datasource=github-releases depName=cilium/cilium - version: 1.15.0-rc.1 - namespace: kube-system - values: |2 - autoDirectNodeRoutes: true - bpf: - masquerade: true - bgp: - enabled: false - cluster: - name: home-cluster - id: 1 - containerRuntime: - integration: containerd - socketPath: /var/run/k0s/containerd.sock - endpointRoutes: - enabled: true - hubble: - enabled: false - ipam: - mode: kubernetes - ipv4NativeRoutingCIDR: 10.42.0.0/16 - k8sServiceHost: localhost - k8sServicePort: 7443 - kubeProxyReplacement: true - kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256 - l2announcements: - enabled: true - leaseDuration: 120s - leaseRenewDeadline: 60s - leaseRetryPeriod: 1s - loadBalancer: - algorithm: maglev - mode: dsr - localRedirectPolicy: true - operator: - replicas: 1 - rollOutPods: true - rollOutCiliumPods: true - routingMode: native - securityContext: - privileged: true diff --git a/.archive/kubernetes/k0s/scripts/apply-kube-vip.sh b/.archive/kubernetes/k0s/scripts/apply-kube-vip.sh deleted file mode 100755 index 7222f5190b22a..0000000000000 --- a/.archive/kubernetes/k0s/scripts/apply-kube-vip.sh +++ /dev/null @@ -1,131 +0,0 @@ -#!/usr/bin/env bash -set -e -set -o noglob - -[ $(id -u) -eq 0 ] || exec sudo $0 $@ - -# Create directory -mkdir -p /var/lib/k0s/manifests/kube-vip - -# Create kube-vip rbac -cat < /var/lib/k0s/manifests/kube-vip/rbac.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kube-vip - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.kubernetes.io/autoupdate: "true" - name: system:kube-vip-role -rules: - - apiGroups: [""] - resources: ["services/status"] - verbs: ["update"] - - apiGroups: [""] - resources: ["services", "endpoints"] - verbs: ["list","get","watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["list","get","watch", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["list", "get", "watch", "update", "create"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["list","get","watch", "update"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: system:kube-vip-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:kube-vip-role -subjects: -- kind: ServiceAccount - name: kube-vip - namespace: kube-system -EOF - -cat < /var/lib/k0s/manifests/kube-vip/ds.yaml ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: kube-vip - namespace: kube-system - labels: - app.kubernetes.io/name: kube-vip -spec: - selector: - matchLabels: - app.kubernetes.io/name: kube-vip - template: - metadata: - labels: - app.kubernetes.io/name: kube-vip - spec: - containers: - - name: kube-vip - image: ghcr.io/kube-vip/kube-vip:v0.6.4 - imagePullPolicy: IfNotPresent - args: ["manager"] - env: - - name: address - value: 192.168.42.55 - - name: vip_arp - value: "true" - - name: lb_enable - value: "true" - - name: port - value: "6443" - - name: vip_cidr - value: "32" - - name: cp_enable - value: "true" - - name: cp_namespace - value: kube-system - - name: vip_ddns - value: "false" - - name: svc_enable - value: "false" - - name: vip_leaderelection - value: "true" - - name: vip_leaseduration - value: "15" - - name: vip_renewdeadline - value: "10" - - name: vip_retryperiod - value: "2" - - name: prometheus_server - value: :2112 - securityContext: - capabilities: - add: ["NET_ADMIN", "NET_RAW", "SYS_TIME"] - hostAliases: - - hostnames: - - kubernetes - ip: 127.0.0.1 - hostNetwork: true - serviceAccountName: kube-vip - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists -EOF diff --git a/.archive/kubernetes/k0s/scripts/apply-system.sh b/.archive/kubernetes/k0s/scripts/apply-system.sh deleted file mode 100755 index be69c90717e29..0000000000000 --- a/.archive/kubernetes/k0s/scripts/apply-system.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/bin/env bash -set -e -set -o noglob - -[ $(id -u) -eq 0 ] || exec sudo $0 $@ - -K0S_HOSTNAME="$1" - -# Prepare -sudo apt-get update -y - -# Hostname -if [ -n "${K0S_HOSTNAME}" ] && [ "$(hostnamectl hostname)" != "${K0S_HOSTNAME}" ]; then - hostnamectl set-hostname "${K0S_HOSTNAME}" -cat < /etc/hosts -tee /etc/hosts > /dev/null < /etc/resolv.conf -search . -nameserver 1.1.1.1 -EOF -chattr +i /etc/resolv.conf - -# Kernel Modules -for module in br_netfilter ceph ip_vs ip_vs_rr nbd overlay rbd; do - if ! test -f /etc/modules-load.d/$module.conf; then - echo $module > /etc/modules-load.d/$module.conf - fi -done -systemctl restart systemd-modules-load.service - -# Sysctls -cat < /etc/sysctl.d/99-kubernetes.conf -fs.inotify.max_queued_events = 65536 -fs.inotify.max_user_watches = 524288 -fs.inotify.max_user_instances = 8192 -EOF -sysctl -p /etc/sysctl.d/99-kubernetes.conf - -# Disable swap -swapoff -a - -# Disable AppArmor -if systemctl is-enabled apparmor.service; then - systemctl mask apparmor.service -fi - -# Create containerd config -mkdir -p /etc/k0s/containerd.d -cat < /etc/k0s/containerd.d/default.toml -[plugins."io.containerd.grpc.v1.cri"] - enable_unprivileged_ports = true - enable_unprivileged_icmp = true -[plugins."io.containerd.grpc.v1.cri".registry] - config_path = "/var/lib/k0s/containerd/certs.d" -[plugins."io.containerd.grpc.v1.cri".containerd] - discard_unpacked_layers = false -[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] - discard_unpacked_layers = false -EOF diff --git a/.archive/kubernetes/k0s/scripts/reset-cilium.sh b/.archive/kubernetes/k0s/scripts/reset-cilium.sh deleted file mode 100755 index cdf29201abd07..0000000000000 --- a/.archive/kubernetes/k0s/scripts/reset-cilium.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/env bash -set -e -set -o noglob - -[ $(id -u) -eq 0 ] || exec sudo $0 $@ - -remove_interfaces() { - ip link show 2>/dev/null | grep 'cilium' | while read ignore iface ignore; do - iface=${iface%%@*} - [ -z "$iface" ] || (ip link delete $iface || true) - done -} - -reset_iptables() { - iptables -t nat -F - iptables -t mangle -F - iptables -t filter -F - iptables -t raw -F - iptables -X - ip6tables -t nat -F - ip6tables -t mangle -F - ip6tables -t filter -F - ip6tables -t raw -F - ip6tables -X -} - -do_unmount_and_remove() { - set +x - while read -r _ path _; do - case "$path" in $1*) echo "$path" ;; esac - done < /proc/self/mounts | sort -r | xargs -r -t -n 1 sh -c 'umount -f "$0" && rm -rf "$0"' - set -x -} - -do_unmount_and_remove '/run/netns/cni-' -ip netns show 2>/dev/null | grep cni- | xargs -r -t -n 1 ip netns delete -remove_interfaces -reset_iptables -rm -rf /var/lib/cni -rm -rf /etc/cni/net.d diff --git a/.archive/kubernetes/k0s/scripts/reset-system.sh b/.archive/kubernetes/k0s/scripts/reset-system.sh deleted file mode 100755 index 9308c03ec9bc4..0000000000000 --- a/.archive/kubernetes/k0s/scripts/reset-system.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash -set -e -set -o noglob - -[ $(id -u) -eq 0 ] || exec sudo $0 $@ - -# Remove containerd config -rm -rf /etc/k0s/containerd.d - -# Remove local storage data -rm -rf /var/openebs/local - -# Reboot -(sleep 30 && systemctl reboot)& diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/docs.yaml similarity index 98% rename from .github/workflows/publish-docs.yaml rename to .github/workflows/docs.yaml index b3b2f88a778fd..111a74b455c91 100644 --- a/.github/workflows/publish-docs.yaml +++ b/.github/workflows/docs.yaml @@ -1,6 +1,6 @@ --- # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json -name: "Publish Docs" +name: "Docs" on: workflow_dispatch: diff --git a/.github/workflows/publish-terraform.yaml b/.github/workflows/oci.yaml similarity index 52% rename from .github/workflows/publish-terraform.yaml rename to .github/workflows/oci.yaml index e2106f048a7e0..5ce69ca9d3ed7 100644 --- a/.github/workflows/publish-terraform.yaml +++ b/.github/workflows/oci.yaml @@ -1,20 +1,62 @@ --- # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json -name: "Publish Terraform" +name: "OCI" on: workflow_dispatch: push: branches: ["main"] - paths: ["terraform/**"] + paths: ["kubernetes/**"] + +concurrency: + group: ${{ github.workflow }}-${{ github.event.number || github.ref }} + cancel-in-progress: true jobs: - publish-terraform: - name: Publish Terraform + changed-clusters: + name: Changed Clusters + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.changed-clusters.outputs.all_changed_and_modified_files }} + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Checkout + uses: actions/checkout@v4 + with: + token: "${{ steps.app-token.outputs.token }}" + fetch-depth: 0 + + - name: Get Changed Clusters + id: changed-clusters + uses: tj-actions/changed-files@v42 + with: + files: kubernetes/** + dir_names: true + dir_names_max_depth: 2 + json: true + escape_json: false + + - name: List All Changed Clusters + run: echo "${{ steps.changed-clusters.outputs.all_changed_and_modified_files }}" + + publish: + name: Publish OCI runs-on: ubuntu-latest + needs: ["changed-clusters"] permissions: contents: read packages: write + strategy: + matrix: + paths: ${{ fromJSON(needs.changed-clusters.outputs.matrix) }} + max-parallel: 4 + fail-fast: false steps: - name: Generate Token uses: actions/create-github-app-token@v1 @@ -45,13 +87,13 @@ jobs: - name: Generate Tag id: generate-tag shell: bash - run: echo "tag=ghcr.io/${{ github.repository_owner }}/manifests/terraform:$(git rev-parse --short HEAD)" >> "${GITHUB_OUTPUT}" + run: echo "tag=ghcr.io/${{ github.repository_owner }}/manifests/kubernetes-$(basename ${{ matrix.paths }}):$(git rev-parse --short HEAD)" >> "${GITHUB_OUTPUT}" - name: Publish OCI Artifact shell: bash run: | flux push artifact oci://${{ steps.generate-tag.outputs.tag }} \ - --path="./terraform" \ + --path="${{ matrix.paths }}" \ --source="$(git config --get remote.origin.url)" \ --revision="$(git branch --show-current)/$(git rev-parse HEAD)" diff --git a/.github/workflows/publish-schemas.yaml b/.github/workflows/schemas.yaml similarity index 98% rename from .github/workflows/publish-schemas.yaml rename to .github/workflows/schemas.yaml index c60b468c769d2..4a6c9d311d377 100644 --- a/.github/workflows/publish-schemas.yaml +++ b/.github/workflows/schemas.yaml @@ -1,6 +1,6 @@ --- # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json -name: "Publish Schemas" +name: "Schemas" on: workflow_dispatch: @@ -11,7 +11,7 @@ on: paths: [".github/workflows/publish-schemas.yaml"] jobs: - publish-schemas: + publish: name: Publish Schemas runs-on: ["arc-runner-set-home-ops"] permissions: diff --git a/.taskfiles/Ansible/Taskfile.yaml b/.taskfiles/Ansible/Taskfile.yaml index cefe36db3b309..51bbb6954bf6d 100644 --- a/.taskfiles/Ansible/Taskfile.yaml +++ b/.taskfiles/Ansible/Taskfile.yaml @@ -19,11 +19,11 @@ tasks: cmds: - true && {{.PYTHON_BIN}} -m venv {{.ROOT_DIR}}/.venv - .venv/bin/python3 -m pip install --upgrade pip setuptools wheel - - .venv/bin/python3 -m pip install --upgrade --requirement {{.ANSIBLE_DIR}}/requirements.txt - - .venv/bin/ansible-galaxy install --role-file "{{.ANSIBLE_DIR}}/requirements.yaml" --force + - .venv/bin/python3 -m pip install --upgrade --requirement {{.ROOT_DIR}}/requirements.txt + - .venv/bin/ansible-galaxy install --role-file "{{.ROOT_DIR}}/requirements.yaml" --force sources: - - "{{.ANSIBLE_DIR}}/requirements.txt" - - "{{.ANSIBLE_DIR}}/requirements.yaml" + - "{{.ROOT_DIR}}/requirements.txt" + - "{{.ROOT_DIR}}/requirements.yaml" generates: - "{{.ROOT_DIR}}/.venv/pyvenv.cfg" @@ -37,11 +37,11 @@ tasks: deps: ["deps"] cmd: | .venv/bin/ansible-playbook \ - --inventory {{.ANSIBLE_DIR}}/{{.cluster}}/inventory/hosts.yaml \ - {{.ANSIBLE_DIR}}/{{.cluster}}/playbooks/{{.playbook}}.yaml {{.CLI_ARGS}} + --inventory {{.ROOT_DIR}}/{{.cluster}}/inventory/hosts.yaml \ + {{.ROOT_DIR}}/{{.cluster}}/playbooks/{{.playbook}}.yaml {{.CLI_ARGS}} requires: vars: ["cluster", "playbook"] preconditions: - { msg: "Venv not found", sh: "test -d {{.ROOT_DIR}}/.venv" } - - { msg: "Inventory not found", sh: "test -f {{.ANSIBLE_DIR}}/{{.cluster}}/inventory/hosts.yaml" } - - { msg: "Playbook not found", sh: "test -f {{.ANSIBLE_DIR}}/{{.cluster}}/playbooks/{{.playbook}}.yaml" } + - { msg: "Inventory not found", sh: "test -f {{.ROOT_DIR}}/{{.cluster}}/inventory/hosts.yaml" } + - { msg: "Playbook not found", sh: "test -f {{.ROOT_DIR}}/{{.cluster}}/playbooks/{{.playbook}}.yaml" } diff --git a/Taskfile.yaml b/Taskfile.yaml index 19356a5a403bf..f49f06e4bfd0e 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -6,9 +6,7 @@ version: "3" # Ref: https://github.com/go-task/task/issues/1038 vars: - ANSIBLE_DIR: "{{.ROOT_DIR}}/ansible" KUBERNETES_DIR: "{{.ROOT_DIR}}/kubernetes" - TERRAFORM_DIR: "{{.ROOT_DIR}}/terraform" env: KUBECONFIG: "{{.KUBERNETES_DIR}}/kubernetes/main/kubeconfig:{{.KUBERNETES_DIR}}/kubernetes/storage/kubeconfig" diff --git a/ansible/main/inventory/group_vars/workers/main.yaml b/ansible/main/inventory/group_vars/workers/main.yaml deleted file mode 100644 index 6d1679043bb3e..0000000000000 --- a/ansible/main/inventory/group_vars/workers/main.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -k3s_control_node: false -k3s_agent: - kubelet-arg: ["image-gc-low-threshold=50", "image-gc-high-threshold=55"] - node-ip: "{{ ansible_host }}" - pause-image: registry.k8s.io/pause:3.9 diff --git a/ansible/main/playbooks/cluster-nuke.yaml b/ansible/main/playbooks/cluster-nuke.yaml deleted file mode 100644 index 97eff28ecd89a..0000000000000 --- a/ansible/main/playbooks/cluster-nuke.yaml +++ /dev/null @@ -1,84 +0,0 @@ ---- -- name: Cluster Nuke - hosts: kubernetes - become: true - gather_facts: true - any_errors_fatal: true - pre_tasks: - - name: Pausing for 2 seconds... - ansible.builtin.pause: - seconds: 2 - tasks: - - name: Stop Kubernetes # noqa: ignore-errors - ignore_errors: true - block: - - name: Stop Kubernetes - ansible.builtin.include_role: - name: xanmanning.k3s - public: true - vars: - k3s_state: stopped - - # Ref: https://github.com/k3s-io/docs/blob/main/docs/installation/network-options.md - - name: Networking - block: - - name: Networking | Delete Cilium links - ansible.builtin.command: - cmd: "ip link delete {{ item }}" - removes: "/sys/class/net/{{ item }}" - loop: ["cilium_host", "cilium_net", "cilium_vxlan"] - - name: Networking | Flush iptables - ansible.builtin.iptables: - table: "{{ item }}" - flush: true - loop: ["filter", "nat", "mangle", "raw"] - - name: Networking | Flush ip6tables - ansible.builtin.iptables: - table: "{{ item }}" - flush: true - ip_version: ipv6 - loop: ["filter", "nat", "mangle", "raw"] - - name: Networking | Delete CNI directory - ansible.builtin.file: - path: /etc/cni/net.d - state: absent - - - name: Check to see if k3s-killall.sh exits - ansible.builtin.stat: - path: /usr/local/bin/k3s-killall.sh - register: check_k3s_killall_script - - - name: Check to see if k3s-uninstall.sh exits - ansible.builtin.stat: - path: /usr/local/bin/k3s-uninstall.sh - register: check_k3s_uninstall_script - - - name: Run k3s-killall.sh - when: check_k3s_killall_script.stat.exists - ansible.builtin.command: - cmd: /usr/local/bin/k3s-killall.sh - register: k3s_killall - changed_when: k3s_killall.rc == 0 - - - name: Run k3s-uninstall.sh - when: check_k3s_uninstall_script.stat.exists - ansible.builtin.command: - cmd: /usr/local/bin/k3s-uninstall.sh - args: - removes: /usr/local/bin/k3s-uninstall.sh - register: k3s_uninstall - changed_when: k3s_uninstall.rc == 0 - - - name: Ensure hard links are removed - when: - - k3s_install_hard_links - - not ansible_check_mode - ansible.builtin.file: - path: "{{ k3s_install_dir }}/{{ item }}" - state: absent - loop: ["kubectl", "crictl", "ctr"] - - - name: Reboot - ansible.builtin.reboot: - msg: Rebooting nodes - reboot_timeout: 3600 diff --git a/ansible/main/playbooks/templates/custom-coredns-helmchart.yaml.j2 b/ansible/main/playbooks/templates/custom-coredns-helmchart.yaml.j2 deleted file mode 100644 index 262b8a669051f..0000000000000 --- a/ansible/main/playbooks/templates/custom-coredns-helmchart.yaml.j2 +++ /dev/null @@ -1,76 +0,0 @@ ---- -apiVersion: helm.cattle.io/v1 -kind: HelmChart -metadata: - name: coredns - namespace: kube-system -spec: - repo: https://coredns.github.io/helm - chart: coredns - # renovate: datasource=helm depName=coredns repository=https://coredns.github.io/helm - version: 1.29.0 - targetNamespace: kube-system - bootstrap: true - valuesContent: |- - fullnameOverride: coredns - replicaCount: 2 - k8sAppLabelOverride: kube-dns - service: - name: kube-dns - clusterIP: {{ k3s_server['service-cidr'] | ansible.utils.nthhost(10) }} - serviceAccount: - create: true - deployment: - annotations: - reloader.stakater.com/auto: "true" - servers: - - zones: - - zone: . - scheme: dns:// - use_tcp: true - port: 53 - plugins: - - name: log - - name: errors - - name: health - configBlock: |- - lameduck 5s - - name: ready - - name: kubernetes - parameters: cluster.local in-addr.arpa ip6.arpa - configBlock: |- - pods insecure - fallthrough in-addr.arpa ip6.arpa - ttl 30 - - name: prometheus - parameters: 0.0.0.0:9153 - - name: forward - parameters: . /etc/resolv.conf - - name: cache - parameters: 30 - - name: loop - - name: reload - - name: loadbalance - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - tolerations: - - key: CriticalAddonsOnly - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoSchedule - - key: node-role.kubernetes.io/master - operator: Exists - effect: NoSchedule - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app.kubernetes.io/instance: coredns diff --git a/ansible/main/playbooks/templates/kube-vip-ds.yaml.j2 b/ansible/main/playbooks/templates/kube-vip-ds.yaml.j2 deleted file mode 100644 index a4fd66ffbc389..0000000000000 --- a/ansible/main/playbooks/templates/kube-vip-ds.yaml.j2 +++ /dev/null @@ -1,75 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: kube-vip - namespace: kube-system - labels: - app.kubernetes.io/name: kube-vip -spec: - selector: - matchLabels: - app.kubernetes.io/name: kube-vip - template: - metadata: - labels: - app.kubernetes.io/name: kube-vip - spec: - containers: - - name: kube-vip - image: ghcr.io/kube-vip/kube-vip:v0.6.4 - imagePullPolicy: IfNotPresent - args: ["manager"] - env: - - name: address - value: "{{ k3s_registration_address }}" - - name: vip_arp - value: "true" - - name: lb_enable - value: "true" - - name: port - value: "6443" - - name: vip_cidr - value: "32" - - name: cp_enable - value: "true" - - name: cp_namespace - value: kube-system - - name: vip_ddns - value: "false" - - name: svc_enable - value: "false" - - name: vip_leaderelection - value: "true" - - name: vip_leaseduration - value: "15" - - name: vip_renewdeadline - value: "10" - - name: vip_retryperiod - value: "2" - - name: prometheus_server - value: :2112 - securityContext: - capabilities: - add: ["NET_ADMIN", "NET_RAW", "SYS_TIME"] - hostAliases: - - hostnames: - - kubernetes - ip: 127.0.0.1 - hostNetwork: true - serviceAccountName: kube-vip - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists diff --git a/ansible/main/playbooks/templates/kube-vip-rbac.yaml.j2 b/ansible/main/playbooks/templates/kube-vip-rbac.yaml.j2 deleted file mode 100644 index d6ecc93677e05..0000000000000 --- a/ansible/main/playbooks/templates/kube-vip-rbac.yaml.j2 +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kube-vip - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.kubernetes.io/autoupdate: "true" - name: system:kube-vip-role -rules: - - apiGroups: [""] - resources: ["services/status"] - verbs: ["update"] - - apiGroups: [""] - resources: ["services", "endpoints"] - verbs: ["list","get","watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["list","get","watch", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["list", "get", "watch", "update", "create"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["list","get","watch", "update"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: system:kube-vip-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:kube-vip-role -subjects: -- kind: ServiceAccount - name: kube-vip - namespace: kube-system diff --git a/ansible/storage/.envrc b/ansible/storage/.envrc deleted file mode 100644 index a3eca56faddeb..0000000000000 --- a/ansible/storage/.envrc +++ /dev/null @@ -1,8 +0,0 @@ -#shellcheck disable=SC2148,SC2155 -export SOPS_AGE_KEY_FILE="$(expand_path ../../age.key)" -export VIRTUAL_ENV="$(expand_path ../../.venv)" -export ANSIBLE_COLLECTIONS_PATH=$(expand_path ../../.venv/galaxy) -export ANSIBLE_ROLES_PATH=$(expand_path ../../.venv/galaxy/ansible_roles) -export ANSIBLE_VARS_ENABLED="host_group_vars,community.sops.sops" -export ANSIBLE_INVENTORY=$(expand_path ./inventory/hosts.yaml) -PATH_add "$(expand_path ../../.venv/bin)" diff --git a/ansible/storage/playbooks/tasks/cruft.yaml b/ansible/storage/playbooks/tasks/cruft.yaml deleted file mode 100644 index 7369747636094..0000000000000 --- a/ansible/storage/playbooks/tasks/cruft.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- name: Cruft - block: - - name: Cruft | Get list of custom manifests - ansible.builtin.find: - paths: "{{ k3s_server_manifests_dir }}" - file_type: file - use_regex: true - patterns: ["^custom-.*"] - register: custom_manifest - - - name: Cruft | Delete custom manifests - ansible.builtin.file: - path: "{{ item.path }}" - state: absent - loop: "{{ custom_manifest.files }}" - - - name: Cruft | Get list of custom addons - kubernetes.core.k8s_info: - kubeconfig: /etc/rancher/k3s/k3s.yaml - kind: Addon - register: addons_list - - - name: Cruft | Delete addons - kubernetes.core.k8s: - kubeconfig: /etc/rancher/k3s/k3s.yaml - name: "{{ item.metadata.name }}" - kind: Addon - namespace: kube-system - state: absent - loop: "{{ addons_list.resources | selectattr('metadata.name', 'match', '^custom-.*') | list }}" diff --git a/.archive/ansible/test/.envrc b/kubernetes/main/ansible/.envrc similarity index 100% rename from .archive/ansible/test/.envrc rename to kubernetes/main/ansible/.envrc diff --git a/ansible/main/inventory/group_vars/controllers/main.yaml b/kubernetes/main/ansible/inventory/group_vars/controllers/main.yaml similarity index 100% rename from ansible/main/inventory/group_vars/controllers/main.yaml rename to kubernetes/main/ansible/inventory/group_vars/controllers/main.yaml diff --git a/ansible/main/inventory/group_vars/kubernetes/main.yaml b/kubernetes/main/ansible/inventory/group_vars/kubernetes/main.yaml similarity index 100% rename from ansible/main/inventory/group_vars/kubernetes/main.yaml rename to kubernetes/main/ansible/inventory/group_vars/kubernetes/main.yaml diff --git a/.archive/ansible/test/inventory/group_vars/worker/main.yaml b/kubernetes/main/ansible/inventory/group_vars/workers/main.yaml similarity index 100% rename from .archive/ansible/test/inventory/group_vars/worker/main.yaml rename to kubernetes/main/ansible/inventory/group_vars/workers/main.yaml diff --git a/ansible/main/inventory/hosts.yaml b/kubernetes/main/ansible/inventory/hosts.yaml similarity index 100% rename from ansible/main/inventory/hosts.yaml rename to kubernetes/main/ansible/inventory/hosts.yaml diff --git a/ansible/main/playbooks/cluster-ceph-reset.yaml b/kubernetes/main/ansible/playbooks/cluster-ceph-reset.yaml similarity index 100% rename from ansible/main/playbooks/cluster-ceph-reset.yaml rename to kubernetes/main/ansible/playbooks/cluster-ceph-reset.yaml diff --git a/ansible/main/playbooks/cluster-installation.yaml b/kubernetes/main/ansible/playbooks/cluster-installation.yaml similarity index 100% rename from ansible/main/playbooks/cluster-installation.yaml rename to kubernetes/main/ansible/playbooks/cluster-installation.yaml diff --git a/ansible/main/playbooks/cluster-kube-vip.yaml b/kubernetes/main/ansible/playbooks/cluster-kube-vip.yaml similarity index 100% rename from ansible/main/playbooks/cluster-kube-vip.yaml rename to kubernetes/main/ansible/playbooks/cluster-kube-vip.yaml diff --git a/.archive/ansible/test/playbooks/cluster-nuke.yaml b/kubernetes/main/ansible/playbooks/cluster-nuke.yaml similarity index 100% rename from .archive/ansible/test/playbooks/cluster-nuke.yaml rename to kubernetes/main/ansible/playbooks/cluster-nuke.yaml diff --git a/ansible/main/playbooks/cluster-prepare.yaml b/kubernetes/main/ansible/playbooks/cluster-prepare.yaml similarity index 100% rename from ansible/main/playbooks/cluster-prepare.yaml rename to kubernetes/main/ansible/playbooks/cluster-prepare.yaml diff --git a/ansible/main/playbooks/cluster-rollout-update.yaml b/kubernetes/main/ansible/playbooks/cluster-rollout-update.yaml similarity index 100% rename from ansible/main/playbooks/cluster-rollout-update.yaml rename to kubernetes/main/ansible/playbooks/cluster-rollout-update.yaml diff --git a/ansible/main/playbooks/files/nfsmount.conf b/kubernetes/main/ansible/playbooks/files/nfsmount.conf similarity index 100% rename from ansible/main/playbooks/files/nfsmount.conf rename to kubernetes/main/ansible/playbooks/files/nfsmount.conf diff --git a/ansible/main/playbooks/tasks/cilium.yaml b/kubernetes/main/ansible/playbooks/tasks/cilium.yaml similarity index 100% rename from ansible/main/playbooks/tasks/cilium.yaml rename to kubernetes/main/ansible/playbooks/tasks/cilium.yaml diff --git a/ansible/main/playbooks/tasks/coredns.yaml b/kubernetes/main/ansible/playbooks/tasks/coredns.yaml similarity index 100% rename from ansible/main/playbooks/tasks/coredns.yaml rename to kubernetes/main/ansible/playbooks/tasks/coredns.yaml diff --git a/ansible/main/playbooks/tasks/cruft.yaml b/kubernetes/main/ansible/playbooks/tasks/cruft.yaml similarity index 100% rename from ansible/main/playbooks/tasks/cruft.yaml rename to kubernetes/main/ansible/playbooks/tasks/cruft.yaml diff --git a/ansible/main/playbooks/tasks/downgrade.yaml b/kubernetes/main/ansible/playbooks/tasks/downgrade.yaml similarity index 100% rename from ansible/main/playbooks/tasks/downgrade.yaml rename to kubernetes/main/ansible/playbooks/tasks/downgrade.yaml diff --git a/ansible/main/playbooks/templates/custom-cilium-helmchart.yaml.j2 b/kubernetes/main/ansible/playbooks/templates/custom-cilium-helmchart.yaml.j2 similarity index 100% rename from ansible/main/playbooks/templates/custom-cilium-helmchart.yaml.j2 rename to kubernetes/main/ansible/playbooks/templates/custom-cilium-helmchart.yaml.j2 diff --git a/.archive/ansible/test/playbooks/templates/custom-coredns-helmchart.yaml.j2 b/kubernetes/main/ansible/playbooks/templates/custom-coredns-helmchart.yaml.j2 similarity index 100% rename from .archive/ansible/test/playbooks/templates/custom-coredns-helmchart.yaml.j2 rename to kubernetes/main/ansible/playbooks/templates/custom-coredns-helmchart.yaml.j2 diff --git a/.archive/ansible/test/playbooks/templates/kube-vip-ds.yaml.j2 b/kubernetes/main/ansible/playbooks/templates/kube-vip-ds.yaml.j2 similarity index 100% rename from .archive/ansible/test/playbooks/templates/kube-vip-ds.yaml.j2 rename to kubernetes/main/ansible/playbooks/templates/kube-vip-ds.yaml.j2 diff --git a/.archive/ansible/test/playbooks/templates/kube-vip-rbac.yaml.j2 b/kubernetes/main/ansible/playbooks/templates/kube-vip-rbac.yaml.j2 similarity index 100% rename from .archive/ansible/test/playbooks/templates/kube-vip-rbac.yaml.j2 rename to kubernetes/main/ansible/playbooks/templates/kube-vip-rbac.yaml.j2 diff --git a/kubernetes/main/apps/flux-system/tf-controller/terraforms/ocirepository.yaml b/kubernetes/main/apps/flux-system/tf-controller/terraforms/ocirepository.yaml index ccf6431b9d47d..c36ebd36d48d1 100644 --- a/kubernetes/main/apps/flux-system/tf-controller/terraforms/ocirepository.yaml +++ b/kubernetes/main/apps/flux-system/tf-controller/terraforms/ocirepository.yaml @@ -3,9 +3,9 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: OCIRepository metadata: - name: terraform + name: kubernetes-main spec: interval: 1m - url: oci://ghcr.io/onedr0p/manifests/terraform + url: oci://ghcr.io/onedr0p/manifests/kubernetes-main ref: tag: main diff --git a/kubernetes/main/apps/flux-system/tf-controller/terraforms/terraform.yaml b/kubernetes/main/apps/flux-system/tf-controller/terraforms/terraform.yaml index 726d9516d229b..a9df98784cfb7 100644 --- a/kubernetes/main/apps/flux-system/tf-controller/terraforms/terraform.yaml +++ b/kubernetes/main/apps/flux-system/tf-controller/terraforms/terraform.yaml @@ -3,12 +3,12 @@ apiVersion: infra.contrib.fluxcd.io/v1alpha2 kind: Terraform metadata: - name: kubernetes-cloudflare + name: kubernetes-main-cloudflare spec: suspend: false approvePlan: auto interval: 12h - path: ./main/cloudflare + path: ./terraform/cloudflare sourceRef: kind: OCIRepository name: terraform diff --git a/kubernetes/main/flux/config/cluster.yaml b/kubernetes/main/flux/config/cluster.yaml index 8b68148d92650..13570a0c5d69a 100644 --- a/kubernetes/main/flux/config/cluster.yaml +++ b/kubernetes/main/flux/config/cluster.yaml @@ -15,8 +15,10 @@ spec: ignore: | # exclude all /* - # include kubernetes directory - !/kubernetes/main + # include flux directories + !/kubernetes/main/apps + !/kubernetes/main/flux + !/kubernetes/main/templates --- # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 diff --git a/terraform/main/cloudflare/.terraform.lock.hcl b/kubernetes/main/terraform/cloudflare/.terraform.lock.hcl similarity index 100% rename from terraform/main/cloudflare/.terraform.lock.hcl rename to kubernetes/main/terraform/cloudflare/.terraform.lock.hcl diff --git a/terraform/main/cloudflare/account.tf b/kubernetes/main/terraform/cloudflare/account.tf similarity index 100% rename from terraform/main/cloudflare/account.tf rename to kubernetes/main/terraform/cloudflare/account.tf diff --git a/terraform/main/cloudflare/cache.tf b/kubernetes/main/terraform/cloudflare/cache.tf similarity index 100% rename from terraform/main/cloudflare/cache.tf rename to kubernetes/main/terraform/cloudflare/cache.tf diff --git a/terraform/main/cloudflare/firewall.tf b/kubernetes/main/terraform/cloudflare/firewall.tf similarity index 100% rename from terraform/main/cloudflare/firewall.tf rename to kubernetes/main/terraform/cloudflare/firewall.tf diff --git a/terraform/main/cloudflare/main.tf b/kubernetes/main/terraform/cloudflare/main.tf similarity index 100% rename from terraform/main/cloudflare/main.tf rename to kubernetes/main/terraform/cloudflare/main.tf diff --git a/terraform/main/cloudflare/providers.tf b/kubernetes/main/terraform/cloudflare/providers.tf similarity index 100% rename from terraform/main/cloudflare/providers.tf rename to kubernetes/main/terraform/cloudflare/providers.tf diff --git a/terraform/main/cloudflare/records.tf b/kubernetes/main/terraform/cloudflare/records.tf similarity index 100% rename from terraform/main/cloudflare/records.tf rename to kubernetes/main/terraform/cloudflare/records.tf diff --git a/terraform/main/cloudflare/zone.tf b/kubernetes/main/terraform/cloudflare/zone.tf similarity index 100% rename from terraform/main/cloudflare/zone.tf rename to kubernetes/main/terraform/cloudflare/zone.tf diff --git a/ansible/main/.envrc b/kubernetes/storage/ansible/.envrc similarity index 100% rename from ansible/main/.envrc rename to kubernetes/storage/ansible/.envrc diff --git a/ansible/storage/inventory/group_vars/controllers/main.yaml b/kubernetes/storage/ansible/inventory/group_vars/controllers/main.yaml similarity index 100% rename from ansible/storage/inventory/group_vars/controllers/main.yaml rename to kubernetes/storage/ansible/inventory/group_vars/controllers/main.yaml diff --git a/ansible/storage/inventory/group_vars/kubernetes/main.yaml b/kubernetes/storage/ansible/inventory/group_vars/kubernetes/main.yaml similarity index 100% rename from ansible/storage/inventory/group_vars/kubernetes/main.yaml rename to kubernetes/storage/ansible/inventory/group_vars/kubernetes/main.yaml diff --git a/ansible/storage/inventory/hosts.yaml b/kubernetes/storage/ansible/inventory/hosts.yaml similarity index 100% rename from ansible/storage/inventory/hosts.yaml rename to kubernetes/storage/ansible/inventory/hosts.yaml diff --git a/ansible/storage/playbooks/cluster-installation.yaml b/kubernetes/storage/ansible/playbooks/cluster-installation.yaml similarity index 100% rename from ansible/storage/playbooks/cluster-installation.yaml rename to kubernetes/storage/ansible/playbooks/cluster-installation.yaml diff --git a/ansible/storage/playbooks/cluster-nuke.yaml b/kubernetes/storage/ansible/playbooks/cluster-nuke.yaml similarity index 100% rename from ansible/storage/playbooks/cluster-nuke.yaml rename to kubernetes/storage/ansible/playbooks/cluster-nuke.yaml diff --git a/ansible/storage/playbooks/tasks/cilium.yaml b/kubernetes/storage/ansible/playbooks/tasks/cilium.yaml similarity index 100% rename from ansible/storage/playbooks/tasks/cilium.yaml rename to kubernetes/storage/ansible/playbooks/tasks/cilium.yaml diff --git a/ansible/storage/playbooks/tasks/coredns.yaml b/kubernetes/storage/ansible/playbooks/tasks/coredns.yaml similarity index 100% rename from ansible/storage/playbooks/tasks/coredns.yaml rename to kubernetes/storage/ansible/playbooks/tasks/coredns.yaml diff --git a/.archive/ansible/test/playbooks/tasks/cruft.yaml b/kubernetes/storage/ansible/playbooks/tasks/cruft.yaml similarity index 100% rename from .archive/ansible/test/playbooks/tasks/cruft.yaml rename to kubernetes/storage/ansible/playbooks/tasks/cruft.yaml diff --git a/ansible/storage/playbooks/tasks/downgrade.yaml b/kubernetes/storage/ansible/playbooks/tasks/downgrade.yaml similarity index 100% rename from ansible/storage/playbooks/tasks/downgrade.yaml rename to kubernetes/storage/ansible/playbooks/tasks/downgrade.yaml diff --git a/ansible/storage/playbooks/templates/custom-cilium-helmchart.yaml.j2 b/kubernetes/storage/ansible/playbooks/templates/custom-cilium-helmchart.yaml.j2 similarity index 100% rename from ansible/storage/playbooks/templates/custom-cilium-helmchart.yaml.j2 rename to kubernetes/storage/ansible/playbooks/templates/custom-cilium-helmchart.yaml.j2 diff --git a/ansible/storage/playbooks/templates/custom-coredns-helmchart.yaml.j2 b/kubernetes/storage/ansible/playbooks/templates/custom-coredns-helmchart.yaml.j2 similarity index 100% rename from ansible/storage/playbooks/templates/custom-coredns-helmchart.yaml.j2 rename to kubernetes/storage/ansible/playbooks/templates/custom-coredns-helmchart.yaml.j2 diff --git a/kubernetes/storage/flux/config/cluster.yaml b/kubernetes/storage/flux/config/cluster.yaml index 1a8360a47a4c7..eaf6d30de9683 100644 --- a/kubernetes/storage/flux/config/cluster.yaml +++ b/kubernetes/storage/flux/config/cluster.yaml @@ -15,8 +15,10 @@ spec: ignore: | # exclude all /* - # include kubernetes directory - !/kubernetes/storage + # include flux directories + !/kubernetes/storage/apps + !/kubernetes/storage/flux + !/kubernetes/storage/templates --- # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 diff --git a/terraform/storage/.gitkeep b/kubernetes/storage/terraform/.gitkeep similarity index 100% rename from terraform/storage/.gitkeep rename to kubernetes/storage/terraform/.gitkeep diff --git a/ansible/requirements.txt b/requirements.txt similarity index 70% rename from ansible/requirements.txt rename to requirements.txt index 11118bc2a6bfe..012f9a979f475 100644 --- a/ansible/requirements.txt +++ b/requirements.txt @@ -1,6 +1,5 @@ ansible==9.2.0 ansible-lint==6.22.2 -# Ref: https://github.com/pyca/bcrypt/issues/684 bcrypt==4.1.2 jmespath==1.0.1 netaddr==0.10.1 diff --git a/ansible/requirements.yaml b/requirements.yaml similarity index 76% rename from ansible/requirements.yaml rename to requirements.yaml index 7e4e064739dd7..4fb5335323983 100644 --- a/ansible/requirements.yaml +++ b/requirements.yaml @@ -6,12 +6,8 @@ collections: version: 3.1.0 - name: community.general version: 8.3.0 - - name: community.sops - version: 1.6.7 - name: kubernetes.core version: 3.0.0 - - name: onepassword.connect - version: 2.2.4 roles: - name: xanmanning.k3s src: https://github.com/PyratLabs/ansible-role-k3s