From 6c3867fb57994c5d1ea9150387cbb0efd0d7d8fe Mon Sep 17 00:00:00 2001 From: Danny Bessems Date: Thu, 5 Jan 2023 16:42:20 +0100 Subject: [PATCH] Fix linting error;Add workload cluster generation/configuration --- .../roles/metacluster/tasks/k3s.yml | 4 +- .../workloadcluster/tasks/clusterapi.yml | 41 +++++++++++++++++++ .../templates/serviceaccount.j2 | 18 ++++++++ 3 files changed, 61 insertions(+), 2 deletions(-) create mode 100644 ansible/roles/firstboot/files/ansible_payload/templates/serviceaccount.j2 diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/k3s.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/k3s.yml index 379bd12..22fcf36 100644 --- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/k3s.yml +++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/k3s.yml @@ -49,8 +49,8 @@ status_code: [200, 401] register: api_readycheck until: api_readycheck.json.apiVersion is defined - retries: "{{ playbook.retries }}" - delay: "{{ playbook.delays.medium }}" + retries: "{{ playbook.retries }}" + delay: "{{ playbook.delays.medium }}" - name: Install kubectl tab-completion ansible.builtin.shell: diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml index 3dfe612..c2f37b2 100644 --- a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml +++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml @@ -92,7 +92,48 @@ chdir: /opt/metacluster/cluster-api register: clusterctl_newcluster +# TODO: move to git repo - name: Save workload cluster manifest ansible.builtin.copy: dest: /opt/metacluster/cluster-api/new-cluster.yaml content: "{{ clusterctl_newcluster.stdout }}" +- name: Apply workload cluster manifest + kubernetes.core.k8s: + definition: >- + {{ clusterctl_newcluster.stdout }} + wait: yes + kubeconfig: "{{ kubeconfig.path }}" +- name: Initialize tempfile + ansible.builtin.tempfile: + state: file + register: capi_kubeconfig +- name: Retrieve kubeconfig + ansible.builtin.command: + cmd: kubectl config view --raw + register: capi_kubectl_config +- name: Store kubeconfig in tempfile + ansible.builtin.copy: + dest: "{{ capi_kubeconfig.path }}" + content: "{{ capi_kubectl_config.stdout }}" + mode: 0600 + no_log: true +- name: Generate serviceaccount + # TODO: move to GitOps + kubernetes.core.k8s: + template: serviceaccount.j2 + state: present + kubeconfig: "{{ capi_kubeconfig.path }}" + vars: + _template: + account: + name: argocd-sa + namespace: default + clusterrolebinding: + name: argocd-crb +- name: Apply cni plugin manifest + # TODO: move to GitOps + kubernetes.core.k8s: + src: /opt/metacluster/cluster-api/cni-calico/{{ components.clusterapi.workload.version.calico }}/calico.yaml + state: present + wait: yes + kubeconfig: "{{ capi_kubeconfig.path }}" diff --git a/ansible/roles/firstboot/files/ansible_payload/templates/serviceaccount.j2 b/ansible/roles/firstboot/files/ansible_payload/templates/serviceaccount.j2 new file mode 100644 index 0000000..5788c15 --- /dev/null +++ b/ansible/roles/firstboot/files/ansible_payload/templates/serviceaccount.j2 @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ _template.account.name }} + namespace: {{ _template.account.namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ _template.clusterrolebinding.name }} +subjects: +- kind: ServiceAccount + name: {{ _template.account.name }} + namespace: {{ _template.account.namespace }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io