feat: Include pinniped local-user-authenticator
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
parent
ef8766b5ca
commit
5cdd6ef052
@ -14,6 +14,12 @@
|
|||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item.dest | basename }}"
|
label: "{{ item.dest | basename }}"
|
||||||
|
|
||||||
|
- name: Parse pinniped manifest for container images
|
||||||
|
ansible.builtin.shell:
|
||||||
|
cmd: >-
|
||||||
|
cat {{ pinniped_manifest.dest }} | yq --no-doc eval '.. | .image? | select(.)' | awk '!/ /';
|
||||||
|
register: pinniped_parsedmanifest
|
||||||
|
|
||||||
- name: Parse metacluster helm charts for container images
|
- name: Parse metacluster helm charts for container images
|
||||||
ansible.builtin.shell:
|
ansible.builtin.shell:
|
||||||
cmd: "{{ item.value.helm.parse_logic }}"
|
cmd: "{{ item.value.helm.parse_logic }}"
|
||||||
@ -43,6 +49,8 @@
|
|||||||
results: "{{ kubeadmimages.stdout_lines }}"
|
results: "{{ kubeadmimages.stdout_lines }}"
|
||||||
- source: clusterapi
|
- source: clusterapi
|
||||||
results: "{{ clusterapi_parsedmanifests | json_query('results[*].stdout_lines') | select() | flatten | list }}"
|
results: "{{ clusterapi_parsedmanifests | json_query('results[*].stdout_lines') | select() | flatten | list }}"
|
||||||
|
- source: pinniped
|
||||||
|
results: "{{ pinniped_parsedmanifest.stdout_lines }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item.source }}"
|
label: "{{ item.source }}"
|
||||||
|
|
||||||
@ -64,4 +72,4 @@
|
|||||||
docker://{{ item }} \
|
docker://{{ item }} \
|
||||||
docker-archive:./{{ ( item | regex_findall('[^/:]+'))[-2] }}_{{ lookup('ansible.builtin.password', '/dev/null length=5 chars=ascii_lowercase,digits seed={{ item }}') }}.tar:{{ item }}
|
docker-archive:./{{ ( item | regex_findall('[^/:]+'))[-2] }}_{{ lookup('ansible.builtin.password', '/dev/null length=5 chars=ascii_lowercase,digits seed={{ item }}') }}.tar:{{ item }}
|
||||||
chdir: /opt/metacluster/container-images
|
chdir: /opt/metacluster/container-images
|
||||||
loop: "{{ (containerimages_charts + containerimages_kubeadm + containerimages_clusterapi + dependencies.container_images) | flatten | unique | sort }}"
|
loop: "{{ (containerimages_charts + containerimages_kubeadm + containerimages_clusterapi + containerimages_pinniped + dependencies.container_images) | flatten | unique | sort }}"
|
||||||
|
@ -16,6 +16,7 @@
|
|||||||
- /opt/metacluster/helm-charts
|
- /opt/metacluster/helm-charts
|
||||||
- /opt/metacluster/k3s
|
- /opt/metacluster/k3s
|
||||||
- /opt/metacluster/kube-vip
|
- /opt/metacluster/kube-vip
|
||||||
|
- /opt/metacluster/pinniped
|
||||||
- /opt/workloadcluster/helm-charts
|
- /opt/workloadcluster/helm-charts
|
||||||
- /opt/workloadcluster/node-templates
|
- /opt/workloadcluster/node-templates
|
||||||
- /var/lib/rancher/k3s/agent/images
|
- /var/lib/rancher/k3s/agent/images
|
||||||
|
@ -15,8 +15,9 @@
|
|||||||
{{
|
{{
|
||||||
{ 'components': (
|
{ 'components': (
|
||||||
metacluster_chartvalues |
|
metacluster_chartvalues |
|
||||||
combine({ 'clusterapi': components.clusterapi }) |
|
combine({ 'clusterapi' : components['clusterapi'] }) |
|
||||||
combine({ 'kubevip' : components.kubevip }) ),
|
combine({ 'kubevip' : components['kubevip'] }) |
|
||||||
|
combine({ 'local-user-auth': components['local-user-auth'] })),
|
||||||
'appliance': {
|
'appliance': {
|
||||||
'version': (applianceversion)
|
'version': (applianceversion)
|
||||||
}
|
}
|
||||||
@ -108,6 +109,21 @@
|
|||||||
delay: 5
|
delay: 5
|
||||||
until: kubevip_manifest is not failed
|
until: kubevip_manifest is not failed
|
||||||
|
|
||||||
|
- name: Download pinniped local-user-authenticator manifest
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: https://get.pinniped.dev/{{ components['local-user-authenticator'].version }}/install-local-user-authenticator.yaml
|
||||||
|
dest: /opt/metacluster/pinniped/local-user-authenticator.yaml
|
||||||
|
register: pinniped_manifest
|
||||||
|
retries: 5
|
||||||
|
delay: 5
|
||||||
|
until: pinniped_manifest is not failed
|
||||||
|
|
||||||
|
- name: Trim image hash from manifest
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: /opt/metacluster/pinniped/local-user-authenticator.yaml
|
||||||
|
content: "{{ lookup('ansible.builtin.file', '/opt/metacluster/pinniped/local-user-authenticator.yaml') | regex_replace('([ ]*image: .*)@.*', '\\1') }}"
|
||||||
|
no_log: true
|
||||||
|
|
||||||
# - name: Inject manifests
|
# - name: Inject manifests
|
||||||
# ansible.builtin.template:
|
# ansible.builtin.template:
|
||||||
# src: "{{ item.type }}.j2"
|
# src: "{{ item.type }}.j2"
|
||||||
|
@ -10,6 +10,29 @@
|
|||||||
kubeconfig: "{{ kubeconfig.path }}"
|
kubeconfig: "{{ kubeconfig.path }}"
|
||||||
values: "{{ components['dex'].chart_values }}"
|
values: "{{ components['dex'].chart_values }}"
|
||||||
|
|
||||||
|
- block:
|
||||||
|
|
||||||
|
- name: Install pinniped local-user-authenticator
|
||||||
|
kubernetes.core.k8s:
|
||||||
|
src: /opt/metacluster/pinniped/local-user-authenticator.yaml
|
||||||
|
state: present
|
||||||
|
kubeconfig: "{{ kubeconfig.path }}"
|
||||||
|
|
||||||
|
- name: Create local-user-authenticator accounts
|
||||||
|
kubernetes.core.k8s:
|
||||||
|
template: secret.j2
|
||||||
|
state: present
|
||||||
|
kubeconfig: "{{ kubeconfig.path }}"
|
||||||
|
vars:
|
||||||
|
_template:
|
||||||
|
name: "{{ item.username }}"
|
||||||
|
namespace: local-user-authenticator
|
||||||
|
type: ''
|
||||||
|
data:
|
||||||
|
- groups: group1,group2
|
||||||
|
passwordHash: "{{ item.password }}"
|
||||||
|
loop: "{{ components['local-user-authenticator'].users }}"
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
|
||||||
- name: Install pinniped chart
|
- name: Install pinniped chart
|
||||||
|
@ -255,6 +255,14 @@ components:
|
|||||||
service:
|
service:
|
||||||
public:
|
public:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
|
local-user-authenticator:
|
||||||
|
# Must match the appVersion (!=chart version) referenced at `components.pinniped.helm.version`
|
||||||
|
version: v0.27.0
|
||||||
|
users:
|
||||||
|
- username: metauser
|
||||||
|
password: "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}"
|
||||||
|
- username: metaguest
|
||||||
|
password: "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}"
|
||||||
|
|
||||||
step-certificates:
|
step-certificates:
|
||||||
helm:
|
helm:
|
||||||
|
Loading…
Reference in New Issue
Block a user