From 32dda728cb915a16b8d3eba8aea4754d7ba03d50 Mon Sep 17 00:00:00 2001 From: Danny Bessems Date: Thu, 24 Aug 2023 18:24:24 +0200 Subject: [PATCH] fix: Generate and store kubeconfig in repository --- .../bootstrap/roles/metacluster/tasks/git.yml | 6 ++++ .../workloadcluster/tasks/authentication.yml | 36 +++++++++++++++++++ .../roles/workloadcluster/tasks/gitops.yml | 13 ------- .../roles/workloadcluster/tasks/main.yml | 1 + ansible/vars/metacluster.yml | 4 +-- 5 files changed, 45 insertions(+), 15 deletions(-) create mode 100644 ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/authentication.yml diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml index fd59f48..1f73414 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml @@ -125,6 +125,12 @@ auto_init: true default_branch: main description: GitOps manifests + - organization: wl + body: + name: ClusterAccess.Store + auto_init: true + default_branch: main + description: Kubeconfig files loop_control: label: "{{ item.organization ~ '/' ~ item.body.name }}" diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/authentication.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/authentication.yml new file mode 100644 index 0000000..375990d --- /dev/null +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/authentication.yml @@ -0,0 +1,36 @@ +- name: Initialize tempfolder + ansible.builtin.tempfile: + state: directory + register: pinniped_kubeconfig + +- name: Pull existing repository + ansible.builtin.git: + repo: https://git.{{ vapp['metacluster.fqdn'] }}/wl/ClusterAccess.Store.git + dest: "{{ pinniped_kubeconfig.path }}" + version: main + +- name: Generate kubeconfig + ansible.builtin.shell: + cmd: pinniped get kubeconfig --kubeconfig {{ capi_kubeconfig.path }} + register: pinniped_config + +- name: Store kubeconfig in tempfile + ansible.builtin.copy: + dest: "{{ pinniped_kubeconfig.path }}" + content: "{{ pinniped_config.stdout }}" + mode: 0600 + no_log: true + +- name: Push git repository + lvrfrc87.git_acp.git_acp: + path: "{{ pinniped_kubeconfig.path }}" + branch: main + comment: "Upload kubeconfig files" + add: + - . + url: https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/wl/ClusterAccess.Store.git + environment: + GIT_AUTHOR_NAME: administrator + GIT_AUTHOR_EMAIL: administrator@{{ vapp['metacluster.fqdn'] }} + GIT_COMMITTER_NAME: administrator + GIT_COMMITTER_EMAIL: administrator@{{ vapp['metacluster.fqdn'] }} diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml index 9c3002a..b91f24c 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml @@ -69,19 +69,6 @@ GIT_COMMITTER_NAME: administrator GIT_COMMITTER_EMAIL: administrator@{{ vapp['metacluster.fqdn'] }} -# - name: Initialize/Push git repository -# ansible.builtin.shell: -# cmd: | -# git init -# git config --global user.email "administrator@{{ vapp['metacluster.fqdn'] }}" -# git config --global user.name "administrator" -# git checkout -b main -# git add . -# git commit -m "Upload charts" -# git remote add origin https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git -# git push https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git --all -# chdir: /opt/workloadcluster/git-repositories/gitops - - name: Retrieve workload-cluster kubeconfig kubernetes.core.k8s_info: kind: Secret diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/main.yml index 59d5fa3..42b5c52 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/main.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/main.yml @@ -6,6 +6,7 @@ - import_tasks: clusterapi.yml - import_tasks: gitops.yml + - import_tasks: authentication.yml when: - vapp['deployment.type'] != 'core' diff --git a/ansible/vars/metacluster.yml b/ansible/vars/metacluster.yml index 397df6a..2e60978 100644 --- a/ansible/vars/metacluster.yml +++ b/ansible/vars/metacluster.yml @@ -117,9 +117,9 @@ components: - https://auth.{{ vapp['metacluster.fqdn'] }}/sso/callback enablePasswordDB: true staticPasswords: - - email: admin@{{ vapp['metacluster.fqdn'] }} + - email: user@{{ vapp['metacluster.fqdn'] }} hash: "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}" - username: admin + username: user userID: "{{ lookup('ansible.builtin.password', '/dev/null length=64 chars=ascii_lowercase,digits seed=' ~ vapp['metacluster.fqdn']) | to_uuid }}" ingress: enabled: true