fix: Generate and store kubeconfig in repository

2023-08-24 18:24:24 +02:00
parent 4c1f1fce5e
commit 32dda728cb
5 changed files with 45 additions and 15 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml
@@ -125,6 +125,12 @@
                auto_init: true
                default_branch: main
                description: GitOps manifests
+            - organization: wl
+              body:
+                name: ClusterAccess.Store
+                auto_init: true
+                default_branch: main
+                description: Kubeconfig files
          loop_control:
            label: "{{ item.organization ~ '/' ~ item.body.name }}"

--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/authentication.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/authentication.yml
@@ -0,0 +1,36 @@
+- name: Initialize tempfolder
+  ansible.builtin.tempfile:
+    state: directory
+  register: pinniped_kubeconfig
+
+- name: Pull existing repository
+  ansible.builtin.git:
+    repo: https://git.{{ vapp['metacluster.fqdn'] }}/wl/ClusterAccess.Store.git
+    dest: "{{ pinniped_kubeconfig.path }}"
+    version: main
+
+- name: Generate kubeconfig
+  ansible.builtin.shell:
+    cmd: pinniped get kubeconfig --kubeconfig {{ capi_kubeconfig.path }}
+  register: pinniped_config
+
+- name: Store kubeconfig in tempfile
+  ansible.builtin.copy:
+    dest: "{{ pinniped_kubeconfig.path }}"
+    content: "{{ pinniped_config.stdout }}"
+    mode: 0600
+  no_log: true
+
+- name: Push git repository
+  lvrfrc87.git_acp.git_acp:
+    path: "{{ pinniped_kubeconfig.path }}"
+    branch: main
+    comment: "Upload kubeconfig files"
+    add:
+      - .
+    url: https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/wl/ClusterAccess.Store.git
+  environment:
+    GIT_AUTHOR_NAME: administrator
+    GIT_AUTHOR_EMAIL: administrator@{{ vapp['metacluster.fqdn'] }}
+    GIT_COMMITTER_NAME: administrator
+    GIT_COMMITTER_EMAIL: administrator@{{ vapp['metacluster.fqdn'] }}
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml
@@ -69,19 +69,6 @@
    GIT_COMMITTER_NAME: administrator
    GIT_COMMITTER_EMAIL: administrator@{{ vapp['metacluster.fqdn'] }}

-# - name: Initialize/Push git repository
-#   ansible.builtin.shell:
-#     cmd: |
-#       git init
-#       git config --global user.email "administrator@{{ vapp['metacluster.fqdn'] }}"
-#       git config --global user.name "administrator"
-#       git checkout -b main
-#       git add .
-#       git commit -m "Upload charts"
-#       git remote add origin https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
-#       git push https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git --all
-#     chdir: /opt/workloadcluster/git-repositories/gitops
-
 - name: Retrieve workload-cluster kubeconfig
  kubernetes.core.k8s_info:
    kind: Secret
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/main.yml
@@ -6,6 +6,7 @@

    - import_tasks: clusterapi.yml
    - import_tasks: gitops.yml
+    - import_tasks: authentication.yml

  when:
    - vapp['deployment.type'] != 'core'