df1b9a5685
complete the implementation of puppet in kubernetes, taking many features from the openvox helm chart and improving on them. changes from helm are: - using vault for storing secrets - using g10k instead of r10k - using a single shared g10k cronjob for all masters/compilers - using a single shared /etc/puppetlabs/code directory (shared, cephfs) changes: - deploy puppet master and compiler servers with statefulset/deployment - deploy puppetdb with postgresql backend, taking advantage of cnpg cluster and pooler - deploy puppetboard - all supporting configmaps, services, ingresses, and hpas - added vaultstaticsecret for eyaml private keys - configured secure mounting of eyaml keys at /var/lib/puppet/keys/ - updated base kustomization to include all 23 new puppet resource files Reviewed-on: #29
29 lines
944 B
YAML
29 lines
944 B
YAML
apiVersion: v1
|
|
data:
|
|
check_for_masters.sh: |
|
|
#!/usr/bin/env bash
|
|
if [[ -d "$PUPPET_SSL_DIR" ]]; then
|
|
ls -la /etc/puppetlabs/puppet/ssl/certs/
|
|
echo "A Puppetserver master has already started running."
|
|
echo "Waiting to finish the generation of the Puppet SSL certs..."
|
|
sleep 5
|
|
while ! [[ -n "$(find /etc/puppetlabs/puppet/ssl/certs -name 'puppet*.pem' | head -1)" ]];
|
|
do
|
|
echo "Still waiting..."
|
|
sleep 5
|
|
done
|
|
sleep 15
|
|
echo "Puppet SSL certs have been generated. Continuing..."
|
|
else
|
|
echo "No other Puppetserver master is running. Continuing..."
|
|
fi
|
|
kind: ConfigMap
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: puppetserver
|
|
app.kubernetes.io/instance: puppetserver
|
|
app.kubernetes.io/name: puppetserver
|
|
app.kubernetes.io/version: 8.8.0
|
|
name: puppetserver-init-masters-config
|
|
namespace: puppet
|