nemoinho/base-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add concourse as the foundational CI tool to k8s-cluster

Browse Source 
This change allows to add a concourse-server to the kubernetes cluster.
This commit is contained in:
Felix Nehrke
2025-11-27 18:01:07 +01:00
parent 0eaa5d3b08
commit 91f81b8726
5 changed files with 101 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
config.yml
View File

@@ -1,8 +1,10 @@
all: all:
vars: vars:
api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_host'] | default(groups['server'][0]) }}" api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_host'] | default(groups['server'][0]) }}"
cert_manager_state: present cert_manager_state: present
cert_manager_version: v1.18.2 cert_manager_version: v1.18.2
letsencrypt_clusterissuers: letsencrypt_clusterissuers:
staging: staging:
server: https://acme-staging-v02.api.letsencrypt.org/directory server: https://acme-staging-v02.api.letsencrypt.org/directory
@@ -10,6 +12,7 @@ all:
prod: prod:
server: https://acme-v02.api.letsencrypt.org/directory server: https://acme-v02.api.letsencrypt.org/directory
email: "{{ vault_letsencrypt_issuer_email }}" email: "{{ vault_letsencrypt_issuer_email }}"
gitea_chart_version: 12.3.0 gitea_chart_version: 12.3.0
gitea_state: present gitea_state: present
gitea_host: gitea.nehrke.info gitea_host: gitea.nehrke.info
@@ -20,6 +23,13 @@ all:
gitea_admin_password: "{{ vault_gitea_admin_password }}" gitea_admin_password: "{{ vault_gitea_admin_password }}"
gitea_admin_email: "{{ vault_gitea_admin_email }}" gitea_admin_email: "{{ vault_gitea_admin_email }}"
concourse_state: present
concourse_chart_version: 19.0.2
concourse_certificate_issuer: letsencrypt-prod
concourse_host: ci.nehrke.info
concourse_local_users: "{{ vault_concourse_local_users }}"
concourse_worker_replicas: 2
k3s_cluster: k3s_cluster:
vars: vars:
ansible_user: root ansible_user: root

7
roles/k8s-setup/defaults/main.yml
View File

@@ -1,6 +1,8 @@
cert_manager_state: present cert_manager_state: present
cert_manager_version: v1.18.2 cert_manager_version: v1.18.2
letsencrypt_clusterissuers: {} letsencrypt_clusterissuers: {}
gitea_chart_version: 12.3.0 gitea_chart_version: 12.3.0
gitea_state: present gitea_state: present
gitea_image_rootless: False gitea_image_rootless: False
@@ -9,3 +11,8 @@ gitea_image: gitea-for-nehrke-info
gitea_image_tag: latest gitea_image_tag: latest
gitea_image_registry: docker.nehrke.info gitea_image_registry: docker.nehrke.info
concourse_chart_version: 19.0.2
concourse_state: present
concourse_namespace: concourse
concourse_local_users: {}
concourse_worker_replicas: 2

45
roles/k8s-setup/tasks/_concourse.yml Normal file
View File

@@ -0,0 +1,45 @@
- name: Ensure concourse namespace
kubernetes.core.k8s:
state: "{{ concourse_state }}"
definition:
apiVersion: v1
kind: Namespace
metadata:
name: "{{ concourse_namespace }}"
labels:
name: "{{ concourse_namespace }}"
- name: Deploy concourse {{ concourse_chart_version }}
kubernetes.core.helm:
name: concourse
chart_ref: concourse
chart_version: "{{ concourse_chart_version }}"
chart_repo_url: https://concourse-charts.storage.googleapis.com/
release_namespace: "{{ concourse_namespace }}"
release_state: "{{ concourse_state }}"
values:
concourse:
web:
kubernetes:
keepNamespaces: False
externalUrl: "https://{{ concourse_host }}"
enableResourceCausality: True
secrets:
localUsers: "{{ concourse_local_users.items() | map('join', ':') | join(',') }}"
worker:
replicas: "{{ concourse_worker_replicas }}"
web:
env:
- name: CONCOURSE_MAIN_TEAM_LOCAL_USER
value: "{{ concourse_local_users.keys() | join(',') }}"
ingress:
enabled: True
annotations:
cert-manager.io/cluster-issuer: "{{ concourse_certificate_issuer }}"
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
hosts:
- "{{ concourse_host }}"
tls:
- hosts:
- "{{ concourse_host }}"
secretName: concourse-tls

6
roles/k8s-setup/tasks/main.yml
View File

@@ -9,3 +9,9 @@
- k8s - k8s
- gitea - gitea
import_tasks: _gitea.yml import_tasks: _gitea.yml
- name: Ensure concourse
tags:
- k8s
- concourse
import_tasks: _concourse.yml

60
vault.yml
View File

@@ -1,28 +1,34 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
39303138313831326563376436343965396439393734663935616232353733363761393462326365 64306466396434313937333231373533323666666539383665396632616433396564643461333638
3536323339393332643863313535643563373062646262320a333937363761353564353339323166 6666613265323262323537393664643630323064343531660a653632656663626562313065373539
35623732646630636234643531616361643534653461626466353262346137636432366436333732 34646534373034346135356638613133326138353836666633353064626665353363613533636436
3232663239643535640a393537623336643033646331363130646635636534333864353237646236 3932653939613939350a623130646362633864313034356164626230336538633637383431656661
65313232633034643938316333346234636561316465643434663365613733396662376536616530 62313161353734633137656163346137343131393865306162613832613239393464396638623936
37343939336437363663373432643734303236663438303039366337323734336133306137333330 63343565396162616466303130636131346530353134656163663762383630336365326630313063
39356139393462343966316462623363396434323733333030363131393564346361396236343636 63396661613465633264336337373434623533303662373031303731346535353164663862613035
62356431353138613264643630613265396235646233316166313163303263356664333866303261 32663662336362393665323832643561313164326232653538396364643737306536623030313061
64623133646264633330363537396132326236636363353232653564613530316231306435333766 64346133323664356539643538346233643766316439373339323463333833346662666539393237
37343235623965663236333135396334366434653061313237323564643464386533313632396237 37643965636536376634626133663537363935653438383636306331663734376130343461376138
65373837393132316163383435326366383637653935643138393437326133363834303333323438 63663930643363373765393931366130626264653735393731383864366430386335373165326637
64306534363939356439656231346533346432323633666464356132303664326137653930386530 37303635333239373634383739316539313263326363643534656137386138313130343766366231
65303734653362343332356238383139656139626161383130313434613738633762656130346163 66636337613030386536316631626630343264663464383530316135323165303963653530613631
33373166363266343730616231626437383832396139636639363636396565373932323338333466 37303536323366396231373030306233323866323166376639386661643565373162303762353735
64383631316130613331376230353063396266636632653030323436386264656334316463386137 63623834343037633137363264323864393066373831363139363333353034633534343432306337
64383836653935623938336239313638653165396232363766373330323037383930393962636536 61396537383136303933626635643932636562383034306238333230393038313532636335626534
64356638353234303964306335633064626562646639393338663462346632333833646261326438 61393131653933656165393930336265346564653966303533616536346636343463656663323564
62626539623033393065343365633539363962613935363634383530333262636333353830626330 32306561303165383963326139363639623361613634343836316232333939646137626465383438
62343763393037353732643339353164353664633565313962653039643861353465326139663766 32653431616132373365356366643633303232656137613463623764303931363433323038643331
61393666623866376462323636303232366363633861633436313234353461643066396561663262 64636239393630373866323031373464373564396466313362623838623832376165386162383133
39616465353136343761396334373230663737616464646130616136313835323164633032396531 30616134393063646331303465373730663165633464366166303661666338336461643431316363
34643034373237613162366665646366313332636531303231643666313931663532366330366339 35313132636538396464623361333037633530376137386364663535313138353537316536343032
66363637393463326533666335366232666561323539336365326237376661653130613166396238 38316661666232373738363636316162626330353130613436366131363362653034313537393133
61643163636531326232653031646536326239343261363533336230646534376362363734343936 37393264366633346430396661366636343562353137663835303032646631393461366338633964
34613465343332343764383965386564393133643232323237656639373837656430313962636131 36643063383530396237333365663061313439353666656665373263313634643832393563336336
61363131363637613235613832303161623666666361613136376537373131373461316233366330 38386263313737336432363637626266373937323536323965343237306530633362383735393036
663934313536643162623337623938653163 62353437323037313337383861343134343663323739386536333230393933643263353536323338
61643365326136383031656364343637326561373536383464383136366333343332326232396235
61386335316138396535336161333437346137616366356330386331393335323734666439666134
63313131383164393138323736656265626333323566336164393263343633363965666432363232
66303936643136623366346664666362313035326136383365366163333865353534666664666462
33326531346364353734336434653538323265656163366634353334306630623366623633393331
6563