Fix kubeconfig source;(WIP)Register workloadcluster in argocd

2023-01-06 16:27:33 +01:00 · 2023-01-06 16:27:33 +01:00 · 2a5a154df0
parent 36e3a2b99f
commit 2a5a154df0
2 changed files with 42 additions and 16 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml
@ -103,14 +103,18 @@
      {{ clusterctl_newcluster.stdout }}
    wait: yes
    kubeconfig: "{{ kubeconfig.path }}"
+# TODO: move to git repo
+
 - name: Initialize tempfile
  ansible.builtin.tempfile:
    state: file
  register: capi_kubeconfig
+
 - name: Retrieve kubeconfig
  ansible.builtin.command:
-    cmd: kubectl config view --raw
+    cmd: clusterctl get kubeconfig {{ vapp['workloadcluster.name'] | lower }}
  register: capi_kubectl_config
+
 - name: Store kubeconfig in tempfile
  ansible.builtin.copy:
    dest: "{{ capi_kubeconfig.path }}"
@ -129,23 +133,11 @@
  retries: "{{ playbook.retries }}"
  delay: "{{ playbook.delays.long }}"

- name: Generate serviceaccount
-  # TODO: move to GitOps
-  kubernetes.core.k8s:
-    template: serviceaccount.j2
-    state: present
-    kubeconfig: "{{ capi_kubeconfig.path }}"
-  vars:
-    _template:
-      account:
-        name: argocd-sa
-        namespace: default
-      clusterrolebinding:
-        name: argocd-crb
+# TODO: move to git repo
 - name: Apply cni plugin manifest
-  # TODO: move to GitOps
  kubernetes.core.k8s:
    src: /opt/metacluster/cluster-api/cni-calico/{{ components.clusterapi.workload.version.calico }}/calico.yaml
    state: present
    wait: yes
    kubeconfig: "{{ capi_kubeconfig.path }}"
+# TODO: move to git repo
--- a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/gitops.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/gitops.yml
@ -1 +1,35 @@
-# - name: Register workload cluster in argo-cd
+- block:
+
+    - name: Generate service account in workload cluster
+      kubernetes.core.k8s:
+        template: serviceaccount.j2
+        state: present
+        kubeconfig: "{{ capi_kubeconfig.path }}"
+
+    - name: Retrieve service account bearer token
+      kubernetes.core.k8s_info:
+        kind: ServiceAccount
+        name: "{{ _template.account.name }}"
+        namespace: "{{ _template.account.namespace }}"
+      register: workloadcluster_serviceaccount
+
+    - name: Retrieve service account bearer token
+      kubernetes.core.k8s_info:
+        kind: Secret
+        name: "{{ workloadcluster_serviceaccount.resources | json_query('[].secrets[].name') | first }}"
+        namespace: "{{ _template.account.namespace }}"
+      register: workloadcluster_bearertoken
+
+    - debug:
+        msg: "{{ workloadcluster_bearertoken.resources | json_query('[].data.token') }}"
+
+  vars:
+    _template:
+      account:
+        name: argocd-sa
+        namespace: default
+      clusterrolebinding:
+        name: argocd-crb
+  module_defaults:
+    group/k8s:
+      kubeconfig: "{{ capi_kubeconfig.path }}"