Update .gitignore to include generated noble-lab-ui-urls.md and enhance README.md with new role documentation. Refactor noble.yml to incorporate noble_landing_urls role for improved URL management. Add ingress configurations for alertmanager, prometheus, longhorn, and vault to support TLS termination via Traefik. Update network policies and values.yaml for vault to allow traffic from Traefik. These changes aim to streamline deployment and enhance service accessibility.
This commit is contained in:
Nikholas Pcenicni
8
ansible/roles/noble_platform/defaults/main.yml
Normal file
8
ansible/roles/noble_platform/defaults/main.yml
Normal file
@@ -0,0 +1,8 @@
|
||||
---
|
||||
# kubectl apply -k can hit transient etcd timeouts under load; retries + longer API deadline help.
|
||||
noble_platform_kubectl_request_timeout: 120s
|
||||
noble_platform_kustomize_retries: 5
|
||||
noble_platform_kustomize_delay: 20
|
||||
|
||||
# Vault: injector (vault-k8s) owns MutatingWebhookConfiguration.caBundle; Helm upgrade can SSA-conflict. Delete webhook so Helm can recreate it.
|
||||
noble_vault_delete_injector_webhook_before_helm: true
|
||||
@@ -5,10 +5,15 @@
|
||||
argv:
|
||||
- kubectl
|
||||
- apply
|
||||
- "--request-timeout={{ noble_platform_kubectl_request_timeout }}"
|
||||
- -k
|
||||
- "{{ noble_repo_root }}/clusters/noble/apps"
|
||||
environment:
|
||||
KUBECONFIG: "{{ noble_kubeconfig }}"
|
||||
register: noble_platform_kustomize
|
||||
retries: "{{ noble_platform_kustomize_retries | int }}"
|
||||
delay: "{{ noble_platform_kustomize_delay | int }}"
|
||||
until: noble_platform_kustomize.rc == 0
|
||||
changed_when: true
|
||||
|
||||
- name: Install Sealed Secrets
|
||||
@@ -49,6 +54,21 @@
|
||||
KUBECONFIG: "{{ noble_kubeconfig }}"
|
||||
changed_when: true
|
||||
|
||||
# vault-k8s patches webhook CA after install; Helm 3/4 SSA then conflicts on upgrade. Removing the MWC lets Helm re-apply cleanly; injector repopulates caBundle.
|
||||
- name: Delete Vault agent injector MutatingWebhookConfiguration before Helm (avoids caBundle field conflict)
|
||||
ansible.builtin.command:
|
||||
argv:
|
||||
- kubectl
|
||||
- delete
|
||||
- mutatingwebhookconfiguration
|
||||
- vault-agent-injector-cfg
|
||||
- --ignore-not-found
|
||||
environment:
|
||||
KUBECONFIG: "{{ noble_kubeconfig }}"
|
||||
register: noble_vault_mwc_delete
|
||||
when: noble_vault_delete_injector_webhook_before_helm | default(true) | bool
|
||||
changed_when: "'deleted' in (noble_vault_mwc_delete.stdout | default(''))"
|
||||
|
||||
- name: Install Vault
|
||||
ansible.builtin.command:
|
||||
argv:
|
||||
@@ -66,6 +86,7 @@
|
||||
- --wait
|
||||
environment:
|
||||
KUBECONFIG: "{{ noble_kubeconfig }}"
|
||||
HELM_SERVER_SIDE_APPLY: "false"
|
||||
changed_when: true
|
||||
|
||||
- name: Install kube-prometheus-stack
|
||||
|
||||
Reference in New Issue
Block a user