djpbessems/Packer.Images
djpbessems
/
Packer.Images
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Generate and store kubeconfig in repository
continuous-integration/drone/push Build is passing Details

This commit is contained in:
Danny Bessems 2023-08-24 18:24:24 +02:00
parent 4c1f1fce5e
commit 32dda728cb
5 changed files with 45 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml
View File

@ -125,6 +125,12 @@
auto_init: true
default_branch: main
description: GitOps manifests
- organization: wl
body:
name: ClusterAccess.Store
auto_init: true
default_branch: main
description: Kubeconfig files
loop_control:
label: "{{ item.organization ~ '/' ~ item.body.name }}"

36
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/authentication.yml Normal file
View File

@ -0,0 +1,36 @@
- name: Initialize tempfolder
ansible.builtin.tempfile:
state: directory
register: pinniped_kubeconfig
- name: Pull existing repository
ansible.builtin.git:
repo: https://git.{{ vapp['metacluster.fqdn'] }}/wl/ClusterAccess.Store.git
dest: "{{ pinniped_kubeconfig.path }}"
version: main
- name: Generate kubeconfig
ansible.builtin.shell:
cmd: pinniped get kubeconfig --kubeconfig {{ capi_kubeconfig.path }}
register: pinniped_config
- name: Store kubeconfig in tempfile
ansible.builtin.copy:
dest: "{{ pinniped_kubeconfig.path }}"
content: "{{ pinniped_config.stdout }}"
mode: 0600
no_log: true
- name: Push git repository
lvrfrc87.git_acp.git_acp:
path: "{{ pinniped_kubeconfig.path }}"
branch: main
comment: "Upload kubeconfig files"
add:
- .
url: https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/wl/ClusterAccess.Store.git
environment:
GIT_AUTHOR_NAME: administrator
GIT_AUTHOR_EMAIL: administrator@{{ vapp['metacluster.fqdn'] }}
GIT_COMMITTER_NAME: administrator
GIT_COMMITTER_EMAIL: administrator@{{ vapp['metacluster.fqdn'] }}

13
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml
View File

@ -69,19 +69,6 @@
GIT_COMMITTER_NAME: administrator
GIT_COMMITTER_EMAIL: administrator@{{ vapp['metacluster.fqdn'] }}
# - name: Initialize/Push git repository
# ansible.builtin.shell:
# cmd: |
# git init
# git config --global user.email "administrator@{{ vapp['metacluster.fqdn'] }}"
# git config --global user.name "administrator"
# git checkout -b main
# git add .
# git commit -m "Upload charts"
# git remote add origin https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
# git push https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git --all
# chdir: /opt/workloadcluster/git-repositories/gitops
- name: Retrieve workload-cluster kubeconfig
kubernetes.core.k8s_info:
kind: Secret

1
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/main.yml
View File

@ -6,6 +6,7 @@
- import_tasks: clusterapi.yml
- import_tasks: gitops.yml
- import_tasks: authentication.yml
when:
- vapp['deployment.type'] != 'core'

4
ansible/vars/metacluster.yml
View File

@ -117,9 +117,9 @@ components:
- https://auth.{{ vapp['metacluster.fqdn'] }}/sso/callback
enablePasswordDB: true
staticPasswords:
- email: admin@{{ vapp['metacluster.fqdn'] }}
- email: user@{{ vapp['metacluster.fqdn'] }}
hash: "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}"
username: admin
username: user
userID: "{{ lookup('ansible.builtin.password', '/dev/null length=64 chars=ascii_lowercase,digits seed=' ~ vapp['metacluster.fqdn']) | to_uuid }}"
ingress:
enabled: true