djpbessems/Packer.Images
djpbessems/Packer.Images
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Include pinniped local-user-authenticator
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Danny Bessems 2023-10-22 15:20:34 +02:00
parent ef8766b5ca
commit 5cdd6ef052
5 changed files with 59 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ansible/roles/assets/tasks/containerimages.yml
View File

@ -14,6 +14,12 @@
loop_control: loop_control:
label: "{{ item.dest | basename }}" label: "{{ item.dest | basename }}"
- name: Parse pinniped manifest for container images
ansible.builtin.shell:
cmd: >-
cat {{ pinniped_manifest.dest }} | yq --no-doc eval '.. | .image? | select(.)' | awk '!/ /';
register: pinniped_parsedmanifest
- name: Parse metacluster helm charts for container images - name: Parse metacluster helm charts for container images
ansible.builtin.shell: ansible.builtin.shell:
cmd: "{{ item.value.helm.parse_logic }}" cmd: "{{ item.value.helm.parse_logic }}"
@ -43,6 +49,8 @@
results: "{{ kubeadmimages.stdout_lines }}" results: "{{ kubeadmimages.stdout_lines }}"
- source: clusterapi - source: clusterapi
results: "{{ clusterapi_parsedmanifests | json_query('results[*].stdout_lines') | select() | flatten | list }}" results: "{{ clusterapi_parsedmanifests | json_query('results[*].stdout_lines') | select() | flatten | list }}"
- source: pinniped
results: "{{ pinniped_parsedmanifest.stdout_lines }}"
loop_control: loop_control:
label: "{{ item.source }}" label: "{{ item.source }}"
@ -64,4 +72,4 @@
docker://{{ item }} \ docker://{{ item }} \
docker-archive:./{{ ( item | regex_findall('[^/:]+'))[-2] }}_{{ lookup('ansible.builtin.password', '/dev/null length=5 chars=ascii_lowercase,digits seed={{ item }}') }}.tar:{{ item }} docker-archive:./{{ ( item | regex_findall('[^/:]+'))[-2] }}_{{ lookup('ansible.builtin.password', '/dev/null length=5 chars=ascii_lowercase,digits seed={{ item }}') }}.tar:{{ item }}
chdir: /opt/metacluster/container-images chdir: /opt/metacluster/container-images
loop: "{{ (containerimages_charts + containerimages_kubeadm + containerimages_clusterapi + dependencies.container_images) | flatten | unique | sort }}" loop: "{{ (containerimages_charts + containerimages_kubeadm + containerimages_clusterapi + containerimages_pinniped + dependencies.container_images) | flatten | unique | sort }}"

1
ansible/roles/assets/tasks/main.yml
View File

@ -16,6 +16,7 @@
- /opt/metacluster/helm-charts - /opt/metacluster/helm-charts
- /opt/metacluster/k3s - /opt/metacluster/k3s
- /opt/metacluster/kube-vip - /opt/metacluster/kube-vip
- /opt/metacluster/pinniped
- /opt/workloadcluster/helm-charts - /opt/workloadcluster/helm-charts
- /opt/workloadcluster/node-templates - /opt/workloadcluster/node-templates
- /var/lib/rancher/k3s/agent/images - /var/lib/rancher/k3s/agent/images

20
ansible/roles/assets/tasks/manifests.yml
View File

@ -15,8 +15,9 @@
{{ {{
{ 'components': ( { 'components': (
metacluster_chartvalues | metacluster_chartvalues |
combine({ 'clusterapi': components.clusterapi }) | combine({ 'clusterapi' : components['clusterapi'] }) |
combine({ 'kubevip' : components.kubevip }) ), combine({ 'kubevip' : components['kubevip'] }) |
combine({ 'local-user-auth': components['local-user-auth'] })),
'appliance': { 'appliance': {
'version': (applianceversion) 'version': (applianceversion)
} }
@ -108,6 +109,21 @@
delay: 5 delay: 5
until: kubevip_manifest is not failed until: kubevip_manifest is not failed
- name: Download pinniped local-user-authenticator manifest
ansible.builtin.get_url:
url: https://get.pinniped.dev/{{ components['local-user-authenticator'].version }}/install-local-user-authenticator.yaml
dest: /opt/metacluster/pinniped/local-user-authenticator.yaml
register: pinniped_manifest
retries: 5
delay: 5
until: pinniped_manifest is not failed
- name: Trim image hash from manifest
ansible.builtin.copy:
dest: /opt/metacluster/pinniped/local-user-authenticator.yaml
content: "{{ lookup('ansible.builtin.file', '/opt/metacluster/pinniped/local-user-authenticator.yaml') | regex_replace('([ ]*image: .*)@.*', '\\1') }}"
no_log: true
# - name: Inject manifests # - name: Inject manifests
# ansible.builtin.template: # ansible.builtin.template:
# src: "{{ item.type }}.j2" # src: "{{ item.type }}.j2"

23
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/authentication.yml
View File

@ -10,6 +10,29 @@
kubeconfig: "{{ kubeconfig.path }}" kubeconfig: "{{ kubeconfig.path }}"
values: "{{ components['dex'].chart_values }}" values: "{{ components['dex'].chart_values }}"
- block:
- name: Install pinniped local-user-authenticator
kubernetes.core.k8s:
src: /opt/metacluster/pinniped/local-user-authenticator.yaml
state: present
kubeconfig: "{{ kubeconfig.path }}"
- name: Create local-user-authenticator accounts
kubernetes.core.k8s:
template: secret.j2
state: present
kubeconfig: "{{ kubeconfig.path }}"
vars:
_template:
name: "{{ item.username }}"
namespace: local-user-authenticator
type: ''
data:
- groups: group1,group2
passwordHash: "{{ item.password }}"
loop: "{{ components['local-user-authenticator'].users }}"
- block: - block:
- name: Install pinniped chart - name: Install pinniped chart

8
ansible/vars/metacluster.yml
View File

@ -255,6 +255,14 @@ components:
service: service:
public: public:
type: ClusterIP type: ClusterIP
local-user-authenticator:
# Must match the appVersion (!=chart version) referenced at `components.pinniped.helm.version`
version: v0.27.0
users:
- username: metauser
password: "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}"
- username: metaguest
password: "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}"
step-certificates: step-certificates:
helm: helm: