Fix linting error;Add workload cluster generation/configuration

2023-01-05 16:42:20 +01:00 · 2023-01-05 16:42:20 +01:00 · 6c3867fb57
parent edc19464e2
commit 6c3867fb57
3 changed files with 61 additions and 2 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/k3s.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/k3s.yml
@ -49,8 +49,8 @@
    status_code: [200, 401]
  register: api_readycheck
  until: api_readycheck.json.apiVersion is defined
-      retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.medium }}"
+  retries: "{{ playbook.retries }}"
+  delay: "{{ playbook.delays.medium }}"

 - name: Install kubectl tab-completion
  ansible.builtin.shell:
--- a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml
@ -92,7 +92,48 @@
    chdir: /opt/metacluster/cluster-api
  register: clusterctl_newcluster

+# TODO: move to git repo
 - name: Save workload cluster manifest
  ansible.builtin.copy:
    dest: /opt/metacluster/cluster-api/new-cluster.yaml
    content: "{{ clusterctl_newcluster.stdout }}"
+- name: Apply workload cluster manifest
+  kubernetes.core.k8s:
+    definition: >-
+      {{ clusterctl_newcluster.stdout }}
+    wait: yes
+    kubeconfig: "{{ kubeconfig.path }}"
+- name: Initialize tempfile
+  ansible.builtin.tempfile:
+    state: file
+  register: capi_kubeconfig
+- name: Retrieve kubeconfig
+  ansible.builtin.command:
+    cmd: kubectl config view --raw
+  register: capi_kubectl_config
+- name: Store kubeconfig in tempfile
+  ansible.builtin.copy:
+    dest: "{{ capi_kubeconfig.path }}"
+    content: "{{ capi_kubectl_config.stdout }}"
+    mode: 0600
+  no_log: true
+- name: Generate serviceaccount
+  # TODO: move to GitOps
+  kubernetes.core.k8s:
+    template: serviceaccount.j2
+    state: present
+    kubeconfig: "{{ capi_kubeconfig.path }}"
+  vars:
+    _template:
+      account:
+        name: argocd-sa
+        namespace: default
+      clusterrolebinding:
+        name: argocd-crb
+- name: Apply cni plugin manifest
+  # TODO: move to GitOps
+  kubernetes.core.k8s:
+    src: /opt/metacluster/cluster-api/cni-calico/{{ components.clusterapi.workload.version.calico }}/calico.yaml
+    state: present
+    wait: yes
+    kubeconfig: "{{ capi_kubeconfig.path }}"
--- a/ansible/roles/firstboot/files/ansible_payload/templates/serviceaccount.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/templates/serviceaccount.j2
@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ _template.account.name }}
+  namespace: {{ _template.account.namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ _template.clusterrolebinding.name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ _template.account.name }}
+  namespace: {{ _template.account.namespace }}
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io