Initial multi-cluster configuration

prehor · Apr 21, 2024 · 1c3a82e · 1c3a82e
1 parent 67aa0b5
commit 1c3a82e
Show file tree

Hide file tree

Showing 227 changed files with 6,108 additions and 734 deletions.
diff --git a/.envrc b/.envrc
@@ -1,5 +1,5 @@
 #shellcheck disable=SC2148,SC2155
-export KUBECONFIG="$(expand_path ./kubeconfig)"
+export KUBECONFIG="$(expand_path ./kubernetes/main/kubeconfig):$(expand_path ./kubernetes/storage/kubeconfig)"
 export SOPS_AGE_KEY_FILE="$(expand_path ./age.key)"
 # Venv
 PATH_add "$(expand_path ./.venv/bin)"
@@ -11,8 +11,8 @@ export ANSIBLE_ROLES_PATH=$(expand_path ./.venv/galaxy/ansible_roles)
 export ANSIBLE_VARS_ENABLED="host_group_vars"
 export ANSIBLE_LOCALHOST_WARNING="False"
 export ANSIBLE_INVENTORY_UNPARSED_WARNING="False"
-export K8S_AUTH_KUBECONFIG="$(expand_path ./kubeconfig)"
+export K8S_AUTH_KUBECONFIG="$(expand_path ./kubernetes/main/kubeconfig):$(expand_path ./kubernetes/storage/kubeconfig)"
 # Talos
-export TALOSCONFIG="$(expand_path ./kubernetes/bootstrap/talos/clusterconfig/talosconfig)"
+export TALOSCONFIG="$(expand_path ./kubernetes/main/bootstrap/talos/clusterconfig/talosconfig)"
 # Bin
 PATH_add "$(expand_path ./.bin)"
diff --git a/.github/labeler.yaml b/.github/labeler.yaml
@@ -1,17 +1,34 @@
 ---
+# Areas
 area/ansible:
   - changed-files:
       - any-glob-to-any-file: ansible/**/*
-area/bootstrap:
+area/docs:
   - changed-files:
-      - any-glob-to-any-file: bootstrap/**/*
+      - any-glob-to-any-file:
+          - "docs/**/*"
+          - "README.md"
 area/github:
   - changed-files:
       - any-glob-to-any-file: .github/**/*
 area/kubernetes:
   - changed-files:
-      - any-glob-to-any-file: kubernetes/**/*
+      - any-glob-to-any-file:
+          - .sops.yaml
+          - kubernetes/**/*
 area/taskfile:
   - changed-files:
-      - any-glob-to-any-file: .taskfiles/**/*
-      - any-glob-to-any-file: Taskfile*
+      - any-glob-to-any-file:
+          - .taskfiles/**/*
+          - Taskfile*
+# Clusters
+cluster/main:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "ansible/main/**/*"
+          - "kubernetes/main/**/*"
+cluster/storage:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "ansible/storage/**/*"
+          - "kubernetes/storage/**/*"
diff --git a/.github/labels.yaml b/.github/labels.yaml
@@ -1,20 +1,21 @@
 ---
 # Area
 - { name: "area/ansible",            color: "0e8a16" }
-- { name: "area/bootstrap",          color: "0e8a16" }
+- { name: "area/docs",               color: "0e8a16" }
 - { name: "area/github",             color: "0e8a16" }
 - { name: "area/kubernetes",         color: "0e8a16" }
 - { name: "area/taskfile",           color: "0e8a16" }
-# Distro
-- { name: "distro/k3s",              color: "ffc300" }
-- { name: "distro/talos",            color: "ffc300" }
+# Clusters
+- { name: "cluster/main",            color: "ffc300" }
+- { name: "cluster/storage",         color: "ffc300" }
 # Renovate
 - { name: "renovate/ansible",        color: "027fa0" }
 - { name: "renovate/container",      color: "027fa0" }
 - { name: "renovate/github-action",  color: "027fa0" }
 - { name: "renovate/github-release", color: "027fa0" }
 - { name: "renovate/helm",           color: "027fa0" }
 # Semantic Type
+- { name: "type/digest",             color: "ffec19" }
 - { name: "type/patch",              color: "ffec19" }
 - { name: "type/minor",              color: "ff9800" }
 - { name: "type/major",              color: "f6412d" }

diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -6,251 +6,57 @@
     ":disableRateLimiting",
     ":dependencyDashboard",
     ":semanticCommits",
-    ":automergeBranch"
+    ":automergeBranch",
+    ":timezone(Europe/Prague)",
+    "github>prehor/home-ops//.github/renovate/automerge.json5",
+    "github>prehor/home-ops//.github/renovate/clusters.json5",
+    "github>prehor/home-ops//.github/renovate/commit-messages.json5",
+    "github>prehor/home-ops//.github/renovate/custom-managers.json5",
+    "github>prehor/home-ops//.github/renovate/groups.json5",
+    "github>prehor/home-ops//.github/renovate/labels.json5",
+    "github>prehor/home-ops//.github/renovate/versioning.json5"
   ],
   "dependencyDashboard": true,
   "dependencyDashboardTitle": "Renovate Dashboard 🤖",
   "suppressNotifications": ["prEditedNotification", "prIgnoreNotification"],
   "rebaseWhen": "conflicted",
-  "schedule": ["on saturday"],
+  "schedule": ["on friday and saturday"],
   "flux": {
     "fileMatch": [
-      "(^|/)ansible/.+\\.ya?ml(?:\\.j2)?$",
-      "(^|/)kubernetes/.+\\.ya?ml(?:\\.j2)?$"
+      "(^|/)ansible/.+\\.ya?ml$",
+      "(^|/)kubernetes/.+\\.ya?ml$"
     ]
   },
   "helm-values": {
     "fileMatch": [
-      "(^|/)ansible/.+\\.ya?ml(?:\\.j2)?$",
-      "(^|/)kubernetes/.+\\.ya?ml(?:\\.j2)?$"
+      "(^|/)ansible/.+\\.ya?ml$",
+      "(^|/)kubernetes/.+\\.ya?ml$"
     ]
   },
   "helmfile": {
     "fileMatch": [
-      "(^|/)helmfile\\.ya?ml(?:\\.j2)?$"
+      "(^|/)helmfile\\.ya?ml$"
     ]
   },
   "kubernetes": {
     "fileMatch": [
-      "(^|/)ansible/.+\\.ya?ml(?:\\.j2)?$",
-      "(^|/)kubernetes/.+\\.ya?ml(?:\\.j2)?$"
+      "(^|/)ansible/.+\\.ya?ml$",
+      "(^|/)kubernetes/.+\\.ya?ml$"
     ]
   },
   "kustomize": {
     "fileMatch": [
-      "(^|/)kustomization\\.ya?ml(?:\\.j2)?$"
+      "(^|/)kustomization\\.ya?ml$"
     ]
   },
   "pip_requirements": {
     "fileMatch": [
-      "(^|/)[\\w-]*requirements(-\\w+)?\\.(txt|pip)(?:\\.j2)?$"
+      "(^|/)[\\w-]*requirements(-\\w+)?\\.(txt|pip)$"
     ]
   },
   "ansible-galaxy": {
     "fileMatch": [
-      "(^|/)(galaxy|requirements)(\\.ansible)?\\.ya?ml(?:\\.j2)?$"
+      "(^|/)(galaxy|requirements)(\\.ansible)?\\.ya?ml$"
     ]
-  },
-  // commit message topics
-  "commitMessageTopic": "{{depName}}",
-  "commitMessageExtra": "to {{newVersion}}",
-  "commitMessageSuffix": "",
-  // package rules
-  "packageRules": [
-    // automerge
-    {
-      "description": ["Auto merge Github Actions"],
-      "matchManagers": ["github-actions"],
-      "automerge": true,
-      "automergeType": "branch",
-      "ignoreTests": true,
-      "matchUpdateTypes": ["minor", "patch"]
-    },
-    // groups
-    {
-      "description": ["Flux Group"],
-      "groupName": "Flux",
-      "matchPackagePatterns": ["flux"],
-      "matchDatasources": ["docker", "github-tags"],
-      "versioning": "semver",
-      "group": {
-        "commitMessageTopic": "{{{groupName}}} group"
-      },
-      "separateMinorPatch": true
-    },
-    {
-      "description": ["System Upgrade Controller Group"],
-      "groupName": "System Upgrade Controller",
-      "matchPackagePatterns": ["system-upgrade-controller"],
-      "matchDatasources": ["docker", "github-releases"],
-      "group": {
-        "commitMessageTopic": "{{{groupName}}} group"
-      },
-      "separateMinorPatch": true
-    },
-    // custom versioning
-    {
-      "description": ["Use custom versioning for k3s"],
-      "matchDatasources": ["github-releases"],
-      "versioning": "regex:^v(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)(?<compatibility>\\+k.s)\\.?(?<build>\\d+)$",
-      "matchPackagePatterns": ["k3s"]
-    },
-    // commit message topics
-    {
-      "matchDatasources": ["helm"],
-      "commitMessageTopic": "chart {{depName}}"
-    },
-    {
-      "matchDatasources": ["docker"],
-      "commitMessageTopic": "image {{depName}}"
-    },
-    // commit messages
-    {
-      "matchDatasources": ["docker"],
-      "matchUpdateTypes": ["major"],
-      "commitMessagePrefix": "feat(container)!: "
-    },
-    {
-      "matchDatasources": ["docker"],
-      "matchUpdateTypes": ["minor"],
-      "semanticCommitType": "feat",
-      "semanticCommitScope": "container"
-    },
-    {
-      "matchDatasources": ["docker"],
-      "matchUpdateTypes": ["patch"],
-      "semanticCommitType": "fix",
-      "semanticCommitScope": "container"
-    },
-    {
-      "matchDatasources": ["docker"],
-      "matchUpdateTypes": ["digest"],
-      "semanticCommitType": "chore",
-      "semanticCommitScope": "container"
-    },
-    {
-      "matchDatasources": ["helm"],
-      "matchUpdateTypes": ["major"],
-      "commitMessagePrefix": "feat(helm)!: "
-    },
-    {
-      "matchDatasources": ["helm"],
-      "matchUpdateTypes": ["minor"],
-      "semanticCommitType": "feat",
-      "semanticCommitScope": "helm"
-    },
-    {
-      "matchDatasources": ["helm"],
-      "matchUpdateTypes": ["patch"],
-      "semanticCommitType": "fix",
-      "semanticCommitScope": "helm"
-    },
-    {
-      "matchDatasources": ["galaxy", "galaxy-collection"],
-      "matchUpdateTypes": ["major"],
-      "commitMessagePrefix": "feat(ansible)!: "
-    },
-    {
-      "matchDatasources": ["galaxy", "galaxy-collection"],
-      "matchUpdateTypes": ["minor"],
-      "semanticCommitType": "feat",
-      "semanticCommitScope": "ansible"
-    },
-    {
-      "matchDatasources": ["galaxy", "galaxy-collection"],
-      "matchUpdateTypes": ["patch"],
-      "semanticCommitType": "fix",
-      "semanticCommitScope": "ansible"
-    },
-    {
-      "matchDatasources": ["github-releases", "github-tags"],
-      "matchUpdateTypes": ["major"],
-      "commitMessagePrefix": "feat(github-release)!: "
-    },
-    {
-      "matchDatasources": ["github-releases", "github-tags"],
-      "matchUpdateTypes": ["minor"],
-      "semanticCommitType": "feat",
-      "semanticCommitScope": "github-release"
-    },
-    {
-      "matchDatasources": ["github-releases", "github-tags"],
-      "matchUpdateTypes": ["patch"],
-      "semanticCommitType": "fix",
-      "semanticCommitScope": "github-release"
-    },
-    {
-      "matchManagers": ["github-actions"],
-      "matchUpdateTypes": ["major"],
-      "commitMessagePrefix": "feat(github-action)!: "
-    },
-    {
-      "matchManagers": ["github-actions"],
-      "matchUpdateTypes": ["minor"],
-      "semanticCommitType": "feat",
-      "semanticCommitScope": "github-action"
-    },
-    {
-      "matchManagers": ["github-actions"],
-      "matchUpdateTypes": ["patch"],
-      "semanticCommitType": "fix",
-      "semanticCommitScope": "github-action"
-    },
-    // labels
-    {
-      "matchUpdateTypes": ["major"],
-      "labels": ["type/major"]
-    },
-    {
-      "matchUpdateTypes": ["minor"],
-      "labels": ["type/minor"]
-    },
-    {
-      "matchUpdateTypes": ["patch"],
-      "labels": ["type/patch"]
-    },
-    {
-      "matchDatasources": ["docker"],
-      "addLabels": ["renovate/container"]
-    },
-    {
-      "matchDatasources": ["helm"],
-      "addLabels": ["renovate/helm"]
-    },
-    {
-      "matchDatasources": ["galaxy", "galaxy-collection"],
-      "addLabels": ["renovate/ansible"]
-    },
-    {
-      "matchDatasources": ["github-releases", "github-tags"],
-      "addLabels": ["renovate/github-release"]
-    },
-    {
-      "matchManagers": ["github-actions"],
-      "addLabels": ["renovate/github-action"]
-    }
-  ],
-  // custom managers
-  "customManagers": [
-    {
-      "customType": "regex",
-      "description": ["Process custom dependencies"],
-      "fileMatch": [
-        "(^|/).taskfiles/.+\\.ya?ml$",
-        "(^|/)ansible/.+\\.ya?ml(?:\\.j2)?$",
-        "(^|/)kubernetes/.+\\.ya?ml(?:\\.j2)?$"
-      ],
-      "matchStrings": [
-        // # renovate: datasource=github-releases depName=k3s-io/k3s
-        // k3s_release_version: &version v1.29.0+k3s1
-        // # renovate: datasource=helm depName=cilium repository=https://helm.cilium.io
-        // version: 1.15.1
-        "datasource=(?<datasource>\\S+) depName=(?<depName>\\S+)( repository=(?<registryUrl>\\S+))?\\n.+: (&\\S+\\s)?(?<currentValue>\\S+)",
-        // # renovate: datasource=github-releases depName=rancher/system-upgrade-controller
-        // https://github.com/rancher/system-upgrade-controller/releases/download/v0.13.2/crd.yaml
-        "datasource=(?<datasource>\\S+) depName=(?<depName>\\S+)\\n.+/(?<currentValue>(v|\\d)[^/]+)"
-      ],
-      "datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}"
-    }
-  ]
+  }
 }
diff --git a/.github/renovate/automerge.json5 b/.github/renovate/automerge.json5
@@ -0,0 +1,13 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "packageRules": [
+    {
+      "description": ["Auto merge Github Actions"],
+      "matchManagers": ["github-actions"],
+      "automerge": true,
+      "automergeType": "branch",
+      "ignoreTests": true,
+      "matchUpdateTypes": ["minor", "patch"]
+    }
+  ]
+}
diff --git a/.github/renovate/clusters.json5 b/.github/renovate/clusters.json5
@@ -0,0 +1,23 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "packageRules": [
+    {
+      "description": ["Separate PRs for main cluster"],
+      "matchFileNames": [
+        "**/kubernetes/main/**",
+        "**/ansible/main/**",
+        "**/terraform/main/**"
+      ],
+      "additionalBranchPrefix": "main-"
+    },
+    {
+      "description": ["Separate PRs for storage cluster"],
+      "matchFileNames": [
+        "**/kubernetes/storage/**",
+        "**/ansible/storage/**",
+        "**/terraform/storage/**"
+      ],
+      "additionalBranchPrefix": "storage-"
+    }
+  ]
+}