├── .gitignore
├── CHANGELOG.md
├── LICENSE
├── README.md
├── Vagrantfile
├── ansible-requirements.yaml
├── argocd-nutshell.yaml
├── config
    ├── core.yaml
    ├── default.yaml
    └── sso.yaml
├── kube
    └── metallb
    │   ├── crd
    │       └── kustomization.yaml
    │   └── install
    │       ├── config.yaml
    │       ├── configmap.yaml
    │       ├── kustomization.yaml
    │       └── secret.yaml
├── roles
    ├── core-argocd
    │   └── tasks
    │   │   └── main.yml
    ├── core-kubernetes
    │   └── tasks
    │   │   └── main.yml
    ├── core-tools
    │   └── tasks
    │   │   └── main.yml
    └── feat-git
    │   ├── tasks
    │       ├── git.yml
    │       └── main.yml
    │   └── templates
    │       └── nginx
    │           └── nginx.conf
└── variants
    ├── core
        ├── base
        │   └── kustomization.yaml
        ├── overlays
        │   └── argocd-cm.yaml
        └── patches
        │   ├── argocd-application-controller.json
        │   ├── argocd-secret.json
        │   └── argocd-server.json
    ├── default
        ├── base
        │   └── kustomization.yaml
        ├── overlays
        │   ├── argocd-cm.yaml
        │   └── argocd-server-service.yaml
        └── patches
        │   ├── argocd-application-controller.json
        │   ├── argocd-secret.json
        │   └── argocd-server.json
    └── sso
        ├── base
            └── kustomization.yaml
        └── overlays
            └── argocd-cm.yaml


/.gitignore:
--------------------------------------------------------------------------------
1 | .vagrant
2 | .vscode
3 | 


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | # Changelog for Argo CD in a nutshell
 2 | 
 3 | ## Unreleased
 4 | 
 5 | ## v0.0.2 - 2020-01-16
 6 | 
 7 | * Make k3s auto-decide on latest version
 8 | * Pull in all roles for Kustomize, not just the specified one
 9 | * Pull in firefox for CLI SSO and some new variables.
10 | * Allow SSH X11 forwarding in the VM
11 | * New SSO variant for use with GitHub
12 | * Disable traefik to prevent race for metallb IP
13 | 
14 | ## v0.0.1 - 2020-01-11
15 | 
16 | Initial release
17 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | Copyright (c) 2021 Jann Fischer <jann@mistrust.net>
 2 | 
 3 | Permission to use, copy, modify, and distribute this software for any
 4 | purpose with or without fee is hereby granted, provided that the above
 5 | copyright notice and this permission notice appear in all copies.
 6 | 
 7 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 8 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 9 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
10 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14 | 
15 | 
16 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Argo CD in a nutshell
  2 | 
  3 | Zero-conf, repeatable
  4 | [Argo CD](https://argoproj.github.io/argo-cd/)
  5 | environments for demoing, development purposes or troubleshooting (i.e. to
  6 | reproduce an issue on a clean environment) using
  7 | [Vagrant](https://www.vagrantup.com/)
  8 | and
  9 | [k3s](https://k3s.io/)
 10 | in a single-node setup.
 11 | 
 12 | Please be aware that this is work in progress, and mainly serves for my own
 13 | purposes. I thought it could be useful enough to share, however, so here it
 14 | is.
 15 | 
 16 | ## Getting started
 17 | 
 18 | You will need
 19 | [Vagrant](https://www.vagrantup.com/)
 20 | and
 21 | [VirtualBox](https://www.virtualbox.org/)
 22 | installed on your system. Also, this box will set-up a private network with
 23 | CIDR range `192.168.56.0/24`, so make sure you don't have this already
 24 | setup on your host, or have a route to an already existing net or host in
 25 | that range.
 26 | 
 27 | Then:
 28 | 
 29 | ```bash
 30 | git clone https://github.com/jannfis/argocd-nutshell
 31 | cd argocd-nutshell
 32 | vagrant up
 33 | ```
 34 | 
 35 | This will fire up a VM with the default variant of Argo CD up & running. This
 36 | can take a couple of minutes, depending on your network speed and general
 37 | computer performance specs.
 38 | 
 39 | To make sure everything is up & running, `ssh` into the box and check the pods
 40 | status:
 41 | 
 42 | ```shell
 43 | $ vagrant ssh
 44 | vagrant@argocd-nutshell:~$ kubectl get pods -n argocd
 45 | NAME                                  READY   STATUS    RESTARTS   AGE
 46 | argocd-redis-6fb68d9df5-sx7xh         1/1     Running   0          4m30s
 47 | argocd-dex-server-748c65b578-kqlpp    1/1     Running   0          4m30s
 48 | argocd-application-controller-0       1/1     Running   0          4m30s
 49 | argocd-repo-server-64f4ddf469-mbdzn   1/1     Running   0          4m30s
 50 | argocd-server-846cf6844-9dvcl         1/1     Running   0          4m30s
 51 | ```
 52 | 
 53 | If all pods are running correctly, you can then access the web UI by visiting
 54 | 
 55 | ```shell
 56 | https://192.168.56.100
 57 | ```
 58 | 
 59 | The default username is `admin`, and the default password is `admin` as well.
 60 | 
 61 | ## Teardown
 62 | 
 63 | When you had enough testing, simply run
 64 | 
 65 | ```bash
 66 | vagrant destroy -f
 67 | ```
 68 | 
 69 | within the directory that contains the `Vagrantfile`.
 70 | 
 71 | ## What's in it?
 72 | 
 73 | On top of the already mentioned K3s cluster and a default installation
 74 | of Argo CD with minor customisation (i.e. service of type LoadBalancer and
 75 | an admin password set), the following is currently included after the box
 76 | has been provisioned:
 77 | 
 78 | * `kubectl` pre-configured and with shell completion set-up
 79 | * `kubectx` and `kubens` too, also with shell completion set-up
 80 | * a `kustomize` binary in `/usr/local/bin` (version 3.9.1)
 81 | * The latest released `argocd` CLI, ready to use logged into the Argo CD
 82 |   instance
 83 | 
 84 | ## Versions
 85 | 
 86 | By default, the most recent stable versions of Argo CD and K3S will be
 87 | installed in the box.
 88 | 
 89 | You can override (pin) the versions installed by the `default` variant by
 90 | setting some environment variables before running `vagrant up`:
 91 | 
 92 | * `ARGOCD_VERSION`: This lets you specify another version of the manifests
 93 |   to install. This can be either a tag name (such as `v1.8.2` or `stable`),
 94 |   or use `HEAD` to use the latest manifests from `master` branch.
 95 | 
 96 | * `ARGOCD_CLI_VERSION`: Lets you specify the release tag of the Argo CD CLI
 97 |   to install. The special value `latest` (which is also the default) will
 98 |   look up the latest released version of the CLI from GitHub and install it.
 99 | 
100 | * `ARGOCD_IMAGE`: Lets you override the Argo CD container image to use with
101 |   the manifests. This must be the full path and tag to the image, e.g.
102 |   `quay.io/argoproj/argocd:v1.8.2`. By default, the images as defined in the
103 |   manifests will be used.
104 | 
105 | * `K3S_VERSION`: The fully qualified version of K3S to install, e.g.
106 |   `v1.20.0+k3s2`. Look at the
107 |   [K3s releases](https://github.com/k3s-io/k3s/releases) for valid versions.
108 |   Pre-releases are not supported by the installer.
109 | 
110 | For example, if you want to install Argo CD v1.7.11 with accompanying CLI on a
111 | Kubernetes 1.18.6 cluster, create the box as follows:
112 | 
113 | ```bash
114 | ARGOCD_VERSION=v1.7.11 ARGOCD_CLI_VERSION=v1.7.11 K3S_VERSION=v1.18.6+k3s1 vagrant up
115 | ```
116 | 
117 | ## Git repository with test data
118 | 
119 | In order to have some test cases ready to use with the new Argo CD environment,
120 | you can have the script automatically setup a Git repository server which
121 | serves a configurable repository clone. It can be activated by setting the
122 | following environment variable before running `vagrant up`:
123 | 
124 | ```bash
125 | GIT_ENABLED=true
126 | ```
127 | 
128 | The following environment variables control what is set up:
129 | 
130 | * `GIT_CLONE_REPO` - the URL to a repository to clone. Defaults to the Argo CD
131 |   example apps repository `https://github.com/argoproj/argocd-example-apps`
132 | 
133 | * `GIT_CHECKOUT` - if set to `true`, will checkout the repository from the
134 |   environment's own repository server (*not* the upstream repository) in the
135 |   home directory of the `vagrant` user. You can then modify, commit and
136 |   push from that local checkout without modifying upstream (to keep results
137 |   initially predictable). Defaults to `true`.
138 | 
139 | * `GIT_CONNECT` - if set to true, will connect the repository within Argo CD,
140 |   so it's readily available to use. Defaults to `true`.
141 | 
142 | ## Variants
143 | 
144 | Variants are certain pre-configured installations of Argo CD that
145 | `argocd-nutshell` can provision for you.
146 | 
147 | A variant is specified by launching your box with `ARGOCD_VARIANT` set to
148 | the name of the variant you want to launch.
149 | 
150 | ### Single-Sign-On with GitHub
151 | 
152 | The variant `sso` sets up Argo CD pre-configured to do SSO with a GitHub org.
153 | You will need to setup a GitHub oauth app for this, that needs to match the
154 | following configuration:
155 | 
156 | ![OAuth configuration](docs/images/github-oauth-config.png)
157 | 
158 | The client ID, client secret and GitHub org name must be passed to the Vagrant
159 | provisioner like follows:
160 | 
161 | ```
162 | DEX_CLIENT_ID=<client_id> \
163 |   DEX_CLIENT_SECRET=<client_secret> \
164 |   DEX_GH_ORG_NAME=<name of your GH org> \
165 |   ARGOCD_VARIANT=sso vagrant up
166 |   ```
167 | 
168 | ## Customization
169 | 
170 | You can provision custom boxes by doing the following:
171 | 
172 | * Create a new YAML configuration in the `config` directory. Have a look at
173 |   `config/default.yaml`. Consider all variables mandatory. Be sure to
174 |   change `argocd.variant` variable to the name of your new variant, for
175 |   example `myvariant`.
176 | 
177 | * The Argo CD manifests are rendered via Kustomize. Have a look at the
178 |   `variants/default` directory for the default variant that is installed.
179 |   It contains Kustomize resources to build the Argo CD manifests. You can
180 |   copy its contents to a new folder with the same name as your new variant.
181 |   Be aware that the Kustomize resources will be templated by Ansible, and
182 |   cannot be rendered using `kustomize` as-is. To troubleshoot, use
183 |   `vagrant provision` on changes, and find the final resources on the box
184 |   within the `/kustomize` directory.
185 | 
186 | * Set `ARGOCD_VARIANT` to the name of the new variant before running `vagrant
187 |   up`, i.e.
188 | 
189 |   ```bash
190 |   ARGOCD_VARIANT=myvariant vagrant up
191 |   ```
192 | 
193 | And then hope it will work out.
194 | 
195 | ## Status
196 | 
197 | This has just been born, and is not ready for general consumption. Feel free
198 | to use it in the default configuration. Expect to hack on it. It has lots
199 | and lots of rough edges and pitfalls.
200 | 
201 | **YMMV.**
202 | 


--------------------------------------------------------------------------------
/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Amount of memory in MiB to assign the VM
 5 | VM_MEM=8096
 6 | 
 7 | # IP address of the VM. Must be in a dedicated subnet, that's not yet routed
 8 | # on your host.
 9 | VM_IPADDR="192.168.56.2"
10 | 
11 | # The following environment variables will be set in the box, and are required
12 | # by the ansible provisioner as well.
13 | $set_environment_variables = <<SCRIPT
14 | tee "/etc/profile.d/myvars.sh" > "/dev/null" <<EOF
15 | export ARGOCD_NAMESPACE=#{ENV['ARGOCD_NAMESPACE'] || 'argocd'}
16 | export ARGOCD_VERSION=#{ENV['ARGOCD_VERSION']}
17 | export ARGOCD_CLI_VERSION=#{ENV['ARGOCD_CLI_VERSION']}
18 | export ARGOCD_IMAGE=#{ENV['ARGOCD_IMAGE']}
19 | export ARGOCD_VARIANT=#{ENV['ARGOCD_VARIANT']}
20 | export K3S_VERSION=#{ENV['K3S_VERSION']}
21 | export DEX_CLIENT_ID=#{ENV['DEX_CLIENT_ID']}
22 | export DEX_CLIENT_SECRET=#{ENV['DEX_CLIENT_SECRET']}
23 | export DEX_GH_ORG_NAME=#{ENV['DEX_GH_ORG_NAME']}
24 | export GIT_ENABLED=#{ENV['GIT_ENABLED']}
25 | export GIT_CLONE_REPO=#{ENV['GIT_CLONE_REPO']}
26 | export GIT_CHECKOUT=#{ENV['GIT_CHECKOUT']}
27 | export GIT_CONNECT=#{ENV['GIT_CONNECT']}
28 | EOF
29 | SCRIPT
30 | 
31 | Vagrant.configure("2") do |config|
32 |   config.vm.box = "ubuntu/focal64"
33 |   config.vm.hostname = "argocd-nutshell"
34 |   config.vm.define "argocd-nutshell"
35 | 
36 |   # Create a forwarded port mapping which allows access to a specific port
37 |   # within the machine from a port on the host machine and only allow access
38 |   # via 127.0.0.1 to disable public access
39 |   # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
40 | 
41 |   # Create a private network, which allows host-only access to the machine
42 |   # using a specific IP.
43 |   config.vm.network "private_network", ip: VM_IPADDR
44 | 
45 |   # Create a public network, which generally matched to bridged network.
46 |   # Bridged networks make the machine appear as another physical device on
47 |   # your network.
48 |   # config.vm.network "public_network"
49 | 
50 |   # Share an additional folder to the guest VM. The first argument is
51 |   # the path on the host to the actual folder. The second argument is
52 |   # the path on the guest to mount the folder. And the optional third
53 |   # argument is a set of non-required options.
54 |   config.vm.synced_folder ".", "/vagrant"
55 | 
56 |   # Provider-specific configuration so you can fine-tune various
57 |   # backing providers for Vagrant. These expose provider-specific options.
58 |   # Example for VirtualBox:
59 |   #
60 |   config.vm.provider "virtualbox" do |vb|
61 |     vb.name = "argocd-nutshell"
62 |     vb.memory = VM_MEM
63 |   end
64 | 
65 |   # Install core requirements for running ansible
66 |   config.vm.provision "shell" do |s|
67 |     s.inline = <<-SHELL
68 |       apt-get update
69 |       apt-get install -y python3-pip firefox
70 |       pip3 install ansible
71 |       pip3 install openshift
72 |       pip3 install passlib
73 |     SHELL
74 |   end
75 | 
76 |   config.vm.provision "shell" do |s|
77 |     s.inline = $set_environment_variables
78 |   end
79 | 
80 |   # Provision the box using a local ansible. 
81 |   config.vm.provision "ansible_local" do |a|
82 |     a.playbook = "argocd-nutshell.yaml"
83 |     a.galaxy_role_file = "ansible-requirements.yaml"
84 |     a.galaxy_roles_path = '/home/vagrant/.ansible/collections'
85 |     a.galaxy_command = 'ansible-galaxy collection install -r %{role_file} -p %{roles_path}'
86 |     a.become = true
87 |     a.extra_vars = "config/#{ENV['ARGOCD_VARIANT'] || 'default'}.yaml"
88 |   end
89 | 
90 |   config.ssh.forward_x11 = true
91 | end
92 | 


--------------------------------------------------------------------------------
/ansible-requirements.yaml:
--------------------------------------------------------------------------------
1 | collections:
2 | - community.crypto
3 | - community.general
4 | 


--------------------------------------------------------------------------------
/argocd-nutshell.yaml:
--------------------------------------------------------------------------------
1 | - hosts: all
2 |   name: Prepare Kubernetes infrastructure
3 |   roles:
4 |   - core-tools
5 |   - core-kubernetes
6 |   - core-argocd
7 |   - feat-git


--------------------------------------------------------------------------------
/config/core.yaml:
--------------------------------------------------------------------------------
 1 | # Configuration file for variant 'default'
 2 | argocd:
 3 |   namespace: "{{ lookup('env', 'ARGOCD_NAMESPACE') | default('argocd', True) }}"
 4 | 
 5 |   # The variant to use
 6 |   variant: "{{ lookup('env', 'ARGOCD_VARIANT') | default('default', True) }}"
 7 | 
 8 |   # The version (tag) to use as `ref` for remote kustomize base, e.g `v1.8.2`
 9 |   # Use `HEAD` to get the latest version from master branch
10 |   version: "{{ lookup('env', 'ARGOCD_VERSION') | default('stable', True) }}"
11 | 
12 |   # CLI specific configuration
13 |   cli:
14 |     # specifices the CLI version to install (fetched from releases),
15 |     # e.g. `v1.8.2`. If set to `latest`, fetches the latest released version.
16 |     version: "{{ lookup('env', 'ARGOCD_CLI_VERSION') | default('latest', True) }}"
17 |     # if autologin is set to true, setup will perform login to Argo CD
18 |     autologin: false
19 | 
20 |   # The argocd-server service will be converted to be of  of type LoadBalancer
21 |   # and the service_ip will be requested to be set. Must be in the range between
22 |   # 192.168.56.100 and 192.168.56.240
23 |   service_ip: ''
24 | 
25 |   # argocd.image lets you use a different image than in the manifests
26 |   # OPTIONAL.
27 |   image: "{{ lookup('env', 'ARGOCD_IMAGE') }}"
28 | 
29 |   core: true
30 | 
31 | kubernetes:
32 |   # Specify the Kubernetes version to use, e.g. `v1.19.5+k3s1`. We install K3s,
33 |   # so version specified must be available from K3s releases. 
34 |   version: "{{ lookup('env', 'K3S_VERSION') }}"
35 | 
36 | git:
37 |   enabled: "{{ lookup('env', 'GIT_ENABLED') | default('false', True) }}"
38 |   clone:
39 |     repository: "{{ lookup('env', 'GIT_CLONE_REPO') | default('https://github.com/argoproj/argocd-example-apps', True) }}"
40 |     checkout: "{{ lookup('env', 'GIT_CHECKOUT') | default('true', True) }}"
41 |     connect: "{{ lookup('env', 'GIT_CONNECT') | default('true', True) }}"
42 | 


--------------------------------------------------------------------------------
/config/default.yaml:
--------------------------------------------------------------------------------
 1 | # Configuration file for variant 'default'
 2 | argocd:
 3 |   namespace: "{{ lookup('env', 'ARGOCD_NAMESPACE') | default('argocd', True) }}"
 4 | 
 5 |   # The variant to use
 6 |   variant: "{{ lookup('env', 'ARGOCD_VARIANT') | default('default', True) }}"
 7 | 
 8 |   # The version (tag) to use as `ref` for remote kustomize base, e.g `v1.8.2`
 9 |   # Use `HEAD` to get the latest version from master branch
10 |   version: "{{ lookup('env', 'ARGOCD_VERSION') | default('stable', True) }}"
11 | 
12 |   # CLI specific configuration
13 |   cli:
14 |     # specifices the CLI version to install (fetched from releases),
15 |     # e.g. `v1.8.2`. If set to `latest`, fetches the latest released version.
16 |     version: "{{ lookup('env', 'ARGOCD_CLI_VERSION') | default('latest', True) }}"
17 |     # if autologin is set to true, setup will perform login to Argo CD
18 |     autologin: true
19 | 
20 |   # The argocd-server service will be converted to be of  of type LoadBalancer
21 |   # and the service_ip will be requested to be set. Must be in the range between
22 |   # 192.168.56.100 and 192.168.56.240
23 |   service_ip: 192.168.56.200
24 | 
25 |   # argocd.image lets you use a different image than in the manifests
26 |   # OPTIONAL.
27 |   image: "{{ lookup('env', 'ARGOCD_IMAGE') }}"
28 | 
29 | kubernetes:
30 |   # Specify the Kubernetes version to use, e.g. `v1.19.5+k3s1`. We install K3s,
31 |   # so version specified must be available from K3s releases. 
32 |   version: "{{ lookup('env', 'K3S_VERSION') }}"
33 | 
34 | git:
35 |   enabled: "{{ lookup('env', 'GIT_ENABLED') | default('false', True) }}"
36 |   clone:
37 |     repository: "{{ lookup('env', 'GIT_CLONE_REPO') | default('https://github.com/argoproj/argocd-example-apps', True) }}"
38 |     checkout: "{{ lookup('env', 'GIT_CHECKOUT') | default('true', True) }}"
39 |     connect: "{{ lookup('env', 'GIT_CONNECT') | default('true', True) }}"
40 | 


--------------------------------------------------------------------------------
/config/sso.yaml:
--------------------------------------------------------------------------------
 1 | # Configuration file for variant 'default'
 2 | argocd:
 3 |   namespace: "{{ lookup('env', 'ARGOCD_NAMESPACE') | default('argocd', True) }}"
 4 |     
 5 |   # The variant to use
 6 |   variant: "{{ lookup('env', 'ARGOCD_VARIANT') | default('default', True) }}"
 7 | 
 8 |   # The version (tag) to use as `ref` for remote kustomize base, e.g `v1.8.2`
 9 |   # Use `HEAD` to get the latest version from master branch
10 |   version: "{{ lookup('env', 'ARGOCD_VERSION') | default('stable', True) }}"
11 | 
12 |   # CLI specific configuration
13 |   cli:
14 |     # specifices the CLI version to install (fetched from releases),
15 |     # e.g. `v1.8.2`. If set to `latest`, fetches the latest released version.
16 |     version: "{{ lookup('env', 'ARGOCD_CLI_VERSION') | default('latest', True) }}"
17 |     # if autologin is set to true, setup will perform login to Argo CD
18 |     autologin: true
19 | 
20 |   # The argocd-server service will be converted to be of  of type LoadBalancer
21 |   # and the service_ip will be requested to be set. Must be in the range between
22 |   # 192.168.56.100 and 192.168.56.240
23 |   service_ip: 192.168.56.100
24 | 
25 |   # argocd.image lets you use a different image than in the manifests
26 |   # OPTIONAL.
27 |   image: "{{ lookup('env', 'ARGOCD_IMAGE') }}"
28 | 
29 | kubernetes:
30 |   # Specify the Kubernetes version to use, e.g. `v1.19.5+k3s1`. We install K3s,
31 |   # so version specified must be available from K3s releases.
32 |   version: "{{ lookup('env', 'K3S_VERSION') }}"
33 | 
34 | dex:
35 |   client_id: "{{ lookup('env', 'DEX_CLIENT_ID') }}"
36 |   client_secret: "{{ lookup('env', 'DEX_CLIENT_SECRET') }}"
37 |   gh_org_name: "{{ lookup('env', 'DEX_GH_ORG_NAME') }}"
38 | 
39 | 


--------------------------------------------------------------------------------
/kube/metallb/crd/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 |   - github.com/metallb/metallb/config/crd?ref=v0.13.7
3 | 


--------------------------------------------------------------------------------
/kube/metallb/install/config.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: metallb.io/v1beta1
 2 | kind: IPAddressPool
 3 | metadata:
 4 |   name: default
 5 |   namespace: metallb-system
 6 | spec:
 7 |   addresses:
 8 |   - 192.168.56.200-192.168.56.240
 9 | ---
10 | apiVersion: metallb.io/v1beta1
11 | kind: L2Advertisement
12 | metadata:
13 |   name: default
14 |   namespace: metallb-system
15 | 


--------------------------------------------------------------------------------
/kube/metallb/install/configmap.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   namespace: metallb-system
 5 |   name: config
 6 | data:
 7 |   config: |
 8 |     address-pools:
 9 |     - name: default
10 |       protocol: layer2
11 |       addresses:
12 |       - 192.168.56.200-192.168.56.240
13 | 


--------------------------------------------------------------------------------
/kube/metallb/install/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 |   - github.com/metallb/metallb/config/native?ref=v0.13.7
3 |   - config.yaml 
4 |   - secret.yaml
5 | 


--------------------------------------------------------------------------------
/kube/metallb/install/secret.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | data:
3 |   secretkey: eDU5U2hKQWlvTndkTmJKa3o4VFBNbmJTbFBZS2tBeWpycnFTcjQ1VExhaXJFOHQwQXlrWXBpTzlYOW43RVE3VAp5NTVXVDNDRkl2ZExERkFISmZTWmN0NzVWWFFwL3ZZc2xEUEU3b21ZOFVleEl6NmpqU05tcXArZ3ZQWVdrazEwCkdEUjZPSmNzUWJzZlowRkFSUFhWZllGU21FNHpsTlloRkQ0SFJuSTE3dHM9
4 | kind: Secret
5 | metadata:
6 |   creationTimestamp: null
7 |   name: memberlist
8 |   namespace: metallb-system
9 | 


--------------------------------------------------------------------------------
/roles/core-argocd/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | - name: Ensure argocd namespace exists
 2 |   k8s:
 3 |     name: "{{ argocd.namespace }}"
 4 |     kind: Namespace
 5 |     state: present
 6 |   become: yes
 7 |   become_user: vagrant
 8 | 
 9 | - name: Ensure Kustomize source dir exists
10 |   file:
11 |     path: /kustomize
12 |     state: directory
13 |     mode: 0755
14 |     owner: vagrant
15 | 
16 | - name: Create Kustomize directories
17 |   file:
18 |     path: /kustomize/{{ item.path }}
19 |     state: directory
20 |     mode: 0755
21 |     owner: vagrant
22 |   with_filetree: "/vagrant/variants"
23 |   when: item.state == 'directory'
24 | 
25 | - name: Template out Kustomize sources
26 |   template:
27 |     src: '{{ item.src }}'
28 |     dest: /kustomize/{{ item.path }}
29 |     mode: 0644
30 |     owner: vagrant
31 |   with_filetree: "/vagrant/variants"
32 |   when: item.state == 'file'
33 | 
34 | - name: Set Argo CD image to use in the manifests
35 |   shell:
36 |     cmd: kustomize edit set image argoproj/argocd={{ argocd.image }}
37 |     chdir: /kustomize/{{ argocd.variant | default('default') }}/{{ kustomize.base | default('base') }}
38 |   become: yes
39 |   become_user: vagrant
40 |   when: argocd.image is defined and argocd.image != ""
41 | 
42 | - name: Build Argo CD manifests with Kustomize
43 |   shell:
44 |     cmd: kustomize build --load_restrictor LoadRestrictionsNone . > /kustomize/argocd-install-{{ argocd.variant | default('default') }}.yaml
45 |     chdir: /kustomize/{{ argocd.variant | default('default') }}/{{ kustomize.base | default('base') }}
46 |   become: yes
47 |   become_user: vagrant
48 | 
49 | - name: Apply Argo CD manifests to the cluster
50 |   k8s:
51 |     src: /kustomize/argocd-install-{{ argocd.variant | default('default') }}.yaml
52 |     namespace: "{{ argocd.namespace }}"
53 |     state: present
54 |   become: yes
55 |   become_user: vagrant
56 | 
57 | - name: Get latest Argo CD CLI version from GitHub
58 |   shell:
59 |     cmd: curl --silent "https://api.github.com/repos/argoproj/argo-cd/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/'
60 |   register: argocd_cli_version
61 |   when: argocd.cli.version is not defined or argocd.cli.version == "latest" or argocd.cli.version == "stable"
62 | 
63 | - name: Fetch and install argocd client
64 |   get_url:
65 |     url: https://github.com/argoproj/argo-cd/releases/download/{{ argocd_cli_version.stdout | default(argocd.cli.version, True) }}/argocd-linux-amd64
66 |     dest: /usr/local/bin/argocd
67 |     mode: 0755
68 | 
69 | - name: Wait up to 10 minutes for argocd-server replicaset to become ready
70 |   shell:
71 |     cmd: kubectl get -n {{ argocd.namespace }} deployments.apps argocd-server -o jsonpath='{ .status.readyReplicas }' 
72 |   register: replicas
73 |   until: replicas.stdout == "1"
74 |   retries: 60
75 |   delay: 10
76 |   when: argocd.cli.autologin == true
77 |   become: yes
78 |   become_user: vagrant
79 | 
80 | - name: Perform login to argocd
81 |   shell:
82 |     cmd: /usr/local/bin/argocd login --username admin --password admin --insecure {{ argocd.service_ip }}
83 |   when: argocd.cli.autologin == true
84 |   become: yes
85 |   become_user: vagrant
86 | 
87 | - name: Set default namespace in kube context to argocd
88 |   shell:
89 |     cmd: kubens {{ argocd.namespace }}
90 |   become: yes
91 |   become_user: vagrant
92 | 


--------------------------------------------------------------------------------
/roles/core-kubernetes/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | - name: Reconfigure sshd
 2 |   lineinfile:
 3 |     path: /etc/ssh/sshd_config
 4 |     regexp: ^UseDNS\ .*$
 5 |     line: UseDNS no
 6 | 
 7 | - name: Restart sshd
 8 |   service:
 9 |     name: sshd
10 |     state: restarted
11 |     enabled: yes
12 | 
13 | - name: Fetch K3s installation script
14 |   get_url:
15 |     url: https://get.k3s.io/
16 |     dest: /tmp/install-k3s.sh
17 |     mode: 0755
18 | 
19 | - name: Install K3s version {{ kubernetes.version }}
20 |   shell:
21 |     cmd: /tmp/install-k3s.sh
22 |   environment:
23 |     INSTALL_K3S_VERSION: "{{ kubernetes.version | default('v1.25.5+k3s1', True) }}"
24 |     # We install metallb
25 |     INSTALL_K3S_EXEC: "--disable servicelb --disable traefik"
26 | 
27 | - name: Ensure permissions on K3s directories
28 |   file:
29 |     path: /etc/rancher/k3s
30 |     state: directory
31 |     owner: vagrant
32 |     mode: 0755
33 | 
34 | - name: Ensure permissions on K3s kubeconfig
35 |   file:
36 |     path: /etc/rancher/k3s/k3s.yaml
37 |     owner: vagrant
38 |     mode: 0644
39 | 
40 | - name: Ensure kubeconfig directory exists
41 |   file:
42 |     path: /home/vagrant/.kube
43 |     state: directory
44 |     owner: vagrant
45 | 
46 | - name: Ensure kubeconfig exists
47 |   shell: 
48 |     cmd: k3s kubectl config view --raw > /home/vagrant/.kube/config
49 |     creates: /home/vagrant/.kube/config
50 | 
51 | - name: Ensure kube config has correct permissions
52 |   file:
53 |     path: /home/vagrant/.kube/config
54 |     owner: vagrant
55 |     mode: 0644
56 |     state: file
57 | 
58 | - name: Ensure metallb-system namespace exists
59 |   k8s:
60 |     api_version: v1
61 |     kind: Namespace
62 |     name: metallb-system
63 |     state: present
64 |     kubeconfig: /home/vagrant/.kube/config
65 |   become: yes
66 |   become_user: vagrant
67 | 
68 | - name: Render metallb installation manifests
69 |   shell:
70 |     cmd: kustomize build . > /tmp/metallb-crd.yaml
71 |     chdir: /vagrant/kube/metallb/crd
72 |   become: yes
73 |   become_user: vagrant
74 | 
75 | - name: Render metallb installation manifests
76 |   shell:
77 |     cmd: kustomize build . > /tmp/metallb-install.yaml
78 |     chdir: /vagrant/kube/metallb/install
79 |   become: yes
80 |   become_user: vagrant
81 | 
82 | - name: Install metallb CRDs into the cluster
83 |   k8s:
84 |     src: /tmp/metallb-crd.yaml
85 |     namespace: metallb-system
86 |     state: present
87 |   become: yes
88 |   become_user: vagrant
89 | 
90 | - name: Install metallb into the cluster
91 |   k8s:
92 |     src: /tmp/metallb-install.yaml
93 |     namespace: metallb-system
94 |     state: present
95 |   become: yes
96 |   become_user: vagrant
97 | 


--------------------------------------------------------------------------------
/roles/core-tools/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | - get_url:
 2 |     url: https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv3.9.1/kustomize_v3.9.1_linux_amd64.tar.gz
 3 |     dest: /tmp/kustomize.tar.gz
 4 |     checksum: sha256:0fb2c3299ca3668205eac3a3a5be9a8e4a79d7c4fba18542a6c444e0d33ddbdd
 5 |   name: Fetch Kustomize from GitHub
 6 | - unarchive:
 7 |     src: /tmp/kustomize.tar.gz
 8 |     dest: /usr/local/bin
 9 |     mode: 0755
10 |     creates: /usr/local/bin/kustomize
11 |   name: Extract Kustomize binary
12 | - get_url:
13 |     url: https://github.com/ahmetb/kubectx/releases/download/v0.9.1/kubectx
14 |     dest: /usr/local/bin/kubectx
15 |     mode: 0755
16 |     checksum: sha256:b1a0fcfb0073b488620a4e40de24a354a44354f277a355b793d80d8674284bd4
17 |   name: Fetch kubectx tool
18 | - get_url:
19 |     url: https://github.com/ahmetb/kubectx/releases/download/v0.9.1/kubens
20 |     dest: /usr/local/bin/kubens
21 |     mode: 0755
22 |     checksum: sha256:509c97c0882e688ae8fad8aa13524cc7c003e4883db447a905bdb47d64c13bdc
23 |   name: Fetch kubens tool
24 | - get_url:
25 |     url: https://github.com/ahmetb/kubectx/raw/v0.9.1/completion/kubectx.bash
26 |     dest: /usr/share/bash-completion/completions/kubectx
27 |     mode: 0644
28 |     checksum: sha256:3a3ada36a5ada06eb0d2d102d85e7878f22029ef5d7f11db7fc7e163ee02ce83
29 |   name: Install kubectx completion
30 | - get_url:
31 |     url: https://github.com/ahmetb/kubectx/raw/v0.9.1/completion/kubens.bash
32 |     dest: /usr/share/bash-completion/completions/kubens
33 |     mode: 0644
34 |     checksum: sha256:f075a473f87bffd17a8187d187423c2f44ada0b978c333e378890feefe172e9d
35 |   name: Install kubectx completion
36 | - lineinfile:
37 |     path: /home/vagrant/.bashrc
38 |     line: source <(kubectl completion bash)
39 |     state: present
40 |   name: Ensure kubectl completion is setup


--------------------------------------------------------------------------------
/roles/feat-git/tasks/git.yml:
--------------------------------------------------------------------------------
  1 | - name: Ensure packages for Git are installed correctly
  2 |   apt:
  3 |     name:
  4 |     - git
  5 |     - nginx
  6 |     - fcgiwrap
  7 |     state: latest
  8 | 
  9 | - name: Ensure all required directories exist
 10 |   file:
 11 |     path: "{{ item }}"
 12 |     state: directory
 13 |     owner: vagrant
 14 |   with_items:
 15 |     - /repos/git
 16 |     - /repos/cert
 17 | 
 18 | - name: Ensure private key for TLS exists
 19 |   community.crypto.openssl_privatekey:
 20 |     path: /repos/cert/tls-private-key.pem
 21 |     size: 2048
 22 |     mode: 0400
 23 |     owner: vagrant
 24 | 
 25 | - name: Set listener IP for nginx
 26 |   set_fact:
 27 |     local_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
 28 | 
 29 | - name: Ensure CSR for TLS exists
 30 |   community.crypto.openssl_csr:
 31 |     path: /repos/cert/tls-request.csr
 32 |     owner: vagrant
 33 |     privatekey_path: /repos/cert/tls-private-key.pem
 34 |     common_name: Argo CD in a nutshell
 35 |     country_name: DE
 36 |     organization_name: Acme, Inc.
 37 |     subject_alt_name:
 38 |       - "DNS:argocd-nutshell"
 39 |       - "DNS:localhost"
 40 |       - "IP:{{ local_ip }}"
 41 |       - "IP:127.0.0.1"
 42 | 
 43 | - name: Ensure certificate for TLS exists
 44 |   community.crypto.x509_certificate:
 45 |     path: /repos/cert/tls-certificate.pem
 46 |     owner: vagrant
 47 |     privatekey_path: /repos/cert/tls-private-key.pem
 48 |     csr_path: /repos/cert/tls-request.csr
 49 |     provider: selfsigned
 50 | 
 51 | - name: Ensure nginx.conf is up-to-date
 52 |   template:
 53 |     src: nginx/nginx.conf
 54 |     dest: /etc/nginx/nginx.conf
 55 |     owner: root
 56 |     mode: 0644
 57 | 
 58 | - name: Ensure nginx service is started
 59 |   service:
 60 |     name: nginx
 61 |     state: restarted
 62 |     enabled: true
 63 | 
 64 | - name: Ensure authentication is setup
 65 |   community.general.htpasswd:
 66 |     path: /repos/git/.htpasswd
 67 |     owner: vagrant
 68 |     name: git
 69 |     password: git
 70 | 
 71 | - name: Ensure FastCGI is running
 72 |   service:
 73 |     name: fcgiwrap
 74 |     state: started
 75 |     enabled: true
 76 | 
 77 | - name: Ensure Git e-mail is configured correctly
 78 |   shell: git config --global user.email "example@example.com"
 79 |   become: yes
 80 |   become_user: vagrant
 81 |   when: git.clone.repository is defined
 82 | 
 83 | - name: Ensure Git user is configured correctly
 84 |   shell: git config --global user.name "git"
 85 |   become: yes
 86 |   become_user: vagrant
 87 |   when: git.clone.repository is defined
 88 | 
 89 | - name: Ensure Git credential helper is configured correctly
 90 |   shell: git config --global credential.helper store
 91 |   become: yes
 92 |   become_user: vagrant
 93 |   when: git.clone.repository is defined
 94 | 
 95 | - name: Ensure initial repositories are available
 96 |   git:
 97 |     repo: "{{ git.clone.repository }}"
 98 |     dest: /repos/git/{{ git.clone.repository | basename }}.git
 99 |     bare: yes
100 |   become: yes
101 |   become_user: vagrant
102 |   when: git.clone.repository is defined
103 | 
104 | - name: Ensure Git repository can be written to
105 |   file:
106 |     group: www-data
107 |     path: /repos/git
108 |     recurse: true
109 |   when: git.clone.repository is defined
110 | 
111 | - name: Ensure repository is checked out locally
112 |   git:
113 |     repo: http://git:git@{{ local_ip }}:9080/git/{{ git.clone.repository | basename }}
114 |     dest: /home/vagrant/{{ git.clone.repository | basename }}
115 |   become: yes
116 |   become_user: vagrant
117 |   when: git.clone.repository is defined and git.clone.checkout is defined and git.clone.checkout == "true"
118 | 
119 | - name: Add repository to Argo CD
120 |   shell: argocd repo add --username git --password git --type git http://{{ local_ip }}:9080/git/{{ git.clone.repository | basename }}
121 |   become: yes
122 |   become_user: vagrant
123 |   when: git.clone.repository is defined and git.clone.connect is defined and git.clone.connect == "true"
124 |   retries: 5
125 |   delay: 10
126 | 


--------------------------------------------------------------------------------
/roles/feat-git/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Include Git setup tasks
2 |   import_tasks: git.yml
3 |   when: git.enabled is defined and (git.enabled == true or git.enabled == "true")
4 | 


--------------------------------------------------------------------------------
/roles/feat-git/templates/nginx/nginx.conf:
--------------------------------------------------------------------------------
 1 | worker_processes 1;
 2 | error_log /tmp/nginx-errors.log info;
 3 | user vagrant;
 4 | 
 5 | events { worker_connections 1024; }
 6 | 
 7 | http {
 8 |   
 9 |   server {
10 |     listen  {{ local_ip }}:9080;
11 |     listen  {{ local_ip }}:9443 ssl http2;
12 | 
13 |     auth_basic            "Restricted";
14 |     auth_basic_user_file  "/repos/git/.htpasswd";
15 |     root /repos/git;
16 | 
17 |     ssl_certificate "/repos/cert/tls-certificate.pem";
18 |     ssl_certificate_key "/repos/cert/tls-private-key.pem";
19 |     ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
20 | 
21 |     location ~ /git(/.*) {
22 |           # Set chunks to unlimited, as the body's can be huge
23 |           client_max_body_size                  0;
24 | 
25 |           fastcgi_param SCRIPT_FILENAME         /usr/lib/git-core/git-http-backend;
26 |           include               /etc/nginx/fastcgi_params;
27 |           fastcgi_param GIT_HTTP_EXPORT_ALL     "";
28 |           fastcgi_param GIT_PROJECT_ROOT        /repos/git;
29 |           fastcgi_param PATH_INFO               $1;
30 |         
31 |           # Forward REMOTE_USER as we want to know when we are authenticated
32 |           fastcgi_param REMOTE_USER             $remote_user;
33 |           fastcgi_pass  unix:/var/run/fcgiwrap.socket;
34 |     }
35 |   }
36 | }


--------------------------------------------------------------------------------
/variants/core/base/kustomization.yaml:
--------------------------------------------------------------------------------
 1 | resources:
 2 | - https://github.com/argoproj/argo-cd/manifests/core-install?ref={{ argocd.version }}
 3 | 
 4 | patchesStrategicMerge:
 5 | - ../overlays/argocd-cm.yaml
 6 | 
 7 | patches:
 8 |   - path: ../patches/argocd-secret.json
 9 |     target:
10 |       version: v1
11 |       kind: Secret
12 |       name: argocd-secret
13 |   - path: ../patches/argocd-application-controller.json
14 |     target:
15 |       version: v1
16 |       group: rbac.authorization.k8s.io
17 |       kind: ClusterRoleBinding
18 |       name: argocd-application-controller
19 | 


--------------------------------------------------------------------------------
/variants/core/overlays/argocd-cm.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: argocd-cm
 5 | data:
 6 |   resource.customizations: |
 7 |     argoproj.io/Application:
 8 |       health.lua: |
 9 |         hs = {}
10 |         hs.status = "Healthy"
11 |         hs.message = ""
12 |         if obj.status ~= nil then
13 |           if obj.status.health ~= nil then
14 |             hs.status = obj.status.health.status
15 |             hs.message = obj.status.health.message
16 |           end
17 |         end
18 |         return hs
19 | 
20 | 


--------------------------------------------------------------------------------
/variants/core/patches/argocd-application-controller.json:
--------------------------------------------------------------------------------
1 | [
2 |   {
3 |     "op": "replace",
4 |     "path": "/subjects/0/namespace",
5 |     "value": "{{ argocd.namespace }}"
6 |   }
7 | ]
8 | 


--------------------------------------------------------------------------------
/variants/core/patches/argocd-secret.json:
--------------------------------------------------------------------------------
1 | [
2 |   {
3 |     "op": "add",
4 |     "path": "/data",
5 |     "value": {"admin.password": "JDJ5JDEwJGZKbldlTy5UdEJoRHUubEIyeXBuME81YVQuRDFkUWwuam4zOW1MT1BpendrME5zaUhtLjlpCg=="}
6 |   }
7 | ]
8 | 


--------------------------------------------------------------------------------
/variants/core/patches/argocd-server.json:
--------------------------------------------------------------------------------
1 | [
2 |   {
3 |     "op": "replace",
4 |     "path": "/subjects/0/namespace",
5 |     "value": "{{ argocd.namespace }}"
6 |   }
7 | ]
8 | 


--------------------------------------------------------------------------------
/variants/default/base/kustomization.yaml:
--------------------------------------------------------------------------------
 1 | resources:
 2 | - https://github.com/argoproj/argo-cd/manifests/cluster-install?ref={{ argocd.version }}
 3 | 
 4 | patchesStrategicMerge:
 5 | - ../overlays/argocd-server-service.yaml
 6 | - ../overlays/argocd-cm.yaml
 7 | 
 8 | patches:
 9 |   - path: ../patches/argocd-secret.json
10 |     target:
11 |       version: v1
12 |       kind: Secret
13 |       name: argocd-secret
14 |   - path: ../patches/argocd-application-controller.json
15 |     target:
16 |       version: v1
17 |       group: rbac.authorization.k8s.io
18 |       kind: ClusterRoleBinding
19 |       name: argocd-application-controller
20 |   - path: ../patches/argocd-server.json
21 |     target:
22 |       version: v1
23 |       group: rbac.authorization.k8s.io
24 |       kind: RoleBinding
25 |       name: argocd-server
26 | 


--------------------------------------------------------------------------------
/variants/default/overlays/argocd-cm.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: argocd-cm
 5 | data:
 6 |   resource.customizations: |
 7 |     argoproj.io/Application:
 8 |       health.lua: |
 9 |         hs = {}
10 |         hs.status = "Healthy"
11 |         hs.message = ""
12 |         if obj.status ~= nil then
13 |           if obj.status.health ~= nil then
14 |             hs.status = obj.status.health.status
15 |             hs.message = obj.status.health.message
16 |           end
17 |         end
18 |         return hs
19 | 
20 | 


--------------------------------------------------------------------------------
/variants/default/overlays/argocd-server-service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 |   name: argocd-server
5 | spec:
6 |   type: LoadBalancer
7 |   loadBalancerIP: {{ argocd.service_ip }}
8 | 


--------------------------------------------------------------------------------
/variants/default/patches/argocd-application-controller.json:
--------------------------------------------------------------------------------
1 | [
2 |   {
3 |     "op": "replace",
4 |     "path": "/subjects/0/namespace",
5 |     "value": "{{ argocd.namespace }}"
6 |   }
7 | ]
8 | 


--------------------------------------------------------------------------------
/variants/default/patches/argocd-secret.json:
--------------------------------------------------------------------------------
1 | [
2 |   {
3 |     "op": "add",
4 |     "path": "/data",
5 |     "value": {"admin.password": "JDJ5JDEwJGZKbldlTy5UdEJoRHUubEIyeXBuME81YVQuRDFkUWwuam4zOW1MT1BpendrME5zaUhtLjlpCg=="}
6 |   }
7 | ]
8 | 


--------------------------------------------------------------------------------
/variants/default/patches/argocd-server.json:
--------------------------------------------------------------------------------
1 | [
2 |   {
3 |     "op": "replace",
4 |     "path": "/subjects/0/namespace",
5 |     "value": "{{ argocd.namespace }}"
6 |   }
7 | ]
8 | 


--------------------------------------------------------------------------------
/variants/sso/base/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - ../../default/base
3 | 
4 | patchesStrategicMerge:
5 | - ../overlays/argocd-cm.yaml
6 | 


--------------------------------------------------------------------------------
/variants/sso/overlays/argocd-cm.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: argocd-cm
 5 | data:
 6 |   url: https://192.168.56.100
 7 |   dex.config: |
 8 |     connectors:
 9 |     - config:
10 |         clientID: {{ dex.client_id | default('') }}
11 |         clientSecret: {{ dex.client_secret | default('') }}
12 |         orgs:
13 |         - name: {{ dex.gh_org_name | default('none') }}
14 |         redirectURI: https://192.168.56.100/api/dex/callback
15 |       id: github
16 |       name: GitHub
17 |       type: github
18 | 
19 | 


--------------------------------------------------------------------------------