Kinda hate everything.

.ansible-lint

@@ -7,7 +7,6 @@ profile: 'production'
 # option are parsed relative to the CWD of execution.
 exclude_paths:
   - roles/geerlingguy*
-  - kubespray/*
 
 # Enforce variable names to follow pattern below, in addition to Ansible own
 # requirements, like avoiding python identifiers. To disable add `var-naming`

ansible.cfg

@@ -2,16 +2,16 @@
 nocows = 1
 vault_password_file = ~/.goldentooth_vault_password
 inventory = ./inventory
-roles_path = ./roles:~/.ansible/roles:./kubespray/roles/
+roles_path = ./roles:~/.ansible/roles
 callbacks_enabled = profile_tasks
 stdout_callback = yaml
 stderr_callback = yaml
 pipelining = true
 ssh_args = -o ControlMaster=auto -o ControlPersist=3600s -o PreferredAuthentications=publickey
 control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
 forks = 10
-library = ./library/:./kubespray/library/
-playbook_dir = ./playbooks/:./kubespray/playbooks/
+library = ./library/
+playbook_dir = ./playbooks/
 
 [ssh_connection]
 scp_if_ssh = true

inventory/group_vars/all/vars.yaml

@@ -142,7 +142,3 @@ security_autoupdate_mail_on_error: true
 
 # Don't worry about `fail2ban` for now.
 security_fail2ban_enabled: true
-
-# Kubespray
-# #############################################################################
-# See `kubespray/vars.yaml`.

inventory/hosts

@@ -9,13 +9,13 @@ all:
         control_plane:
           hosts:
             bettley:
-            fenn:
-            gardener:
-        worker:
-          hosts:
             cargyll:
             dalt:
+        worker:
+          hosts:
             erenford:
+            fenn:
+            gardener:
             harlton:
             inchfield:
             jast:

roles/goldentooth.bootstrap_k8s/tasks/main.yaml

@@ -38,7 +38,7 @@
         src: '/etc/kubernetes/admin.conf'
         dest: '~/.kube/config'
         state: 'link'
-        mode: '0644'
+        mode: '0600'
 
     - name: 'Configure Calico networking.'
       ansible.builtin.command:

roles/goldentooth.install_argocd/defaults/main.yaml

@@ -1,5 +1,5 @@
 # Argo CD chart version.
-argocd_chart_version: '6.6.0'
+argocd_chart_version: '7.1.5'
 
 # Argo CD chart repository URL.
 argocd_chart_repo_url: 'https://argoproj.github.io/argo-helm'

roles/goldentooth.install_argocd/tasks/main.yaml

@@ -14,6 +14,16 @@
     dest: '/usr/local/bin/argocd'
     mode: '0555'
 
+- name: 'Create the Argo CD namespace.'
+  kubernetes.core.k8s:
+    state: 'present'
+    definition:
+      apiVersion: 'v1'
+      kind: 'Namespace'
+      metadata:
+        name: 'argocd'
+  run_once: true
+
 - name: 'Create a Kubernetes secret for the GitHub token.'
   kubernetes.core.k8s:
     state: 'present'
@@ -30,13 +40,13 @@
 
 - name: 'Install Argo CD from Helm chart.'
   kubernetes.core.helm:
-    atomic: true
+    atomic: false
     chart_ref: 'argo/argo-cd'
     chart_version: "{{ argocd_chart_version }}"
     create_namespace: true
     release_name: 'argocd'
     release_namespace: 'argocd'
     release_values: "{{ argocd_release_values }}"
     update_repo_cache: true
-    wait: true
+    wait: false
   run_once: true

roles/goldentooth.install_argocd_apps/tasks/main.yaml

@@ -2,7 +2,7 @@
 - name: 'Create Argo CD AppProject resources.'
   ansible.builtin.include_tasks: "{{ project_file }}"
   loop:
-    - 'app_projects/generic.yaml'
+    - 'app_projects/gitops_repo.yaml'
   loop_control:
     loop_var: 'project_file'
 

roles/goldentooth.install_helm/tasks/main.yaml

@@ -22,5 +22,5 @@
   ansible.builtin.apt:
     name:
       - 'helm'
-    state: 'present'
+    state: 'latest'
     cache_valid_time: 3600