djpbessems/Packer.Images
djpbessems/Packer.Images
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor cluster registration
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Danny Bessems 2023-04-02 22:36:23 +02:00
parent 3f9fc4b7aa
commit 89cf69adc7
5 changed files with 34 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml
View File

@ -58,7 +58,7 @@
name: argocd-applicationset-metacluster name: argocd-applicationset-metacluster
namespace: argo-cd namespace: argo-cd
cluster: cluster:
name: https://kubernetes.default.svc url: https://kubernetes.default.svc
repository: repository:
url: https://git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.Config.git url: https://git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.Config.git
notify: notify:

46
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml
View File

@ -28,19 +28,26 @@
- block: - block:
- name: Generate service account in workload cluster # - name: Generate service account in workload-cluster
kubernetes.core.k8s: # kubernetes.core.k8s:
template: serviceaccount.j2 # template: serviceaccount.j2
state: present # state: present
- name: Retrieve service account bearer token # - name: Retrieve service account bearer token
# kubernetes.core.k8s_info:
# kind: Secret
# name: "{{ _template.account.name }}-secret"
# namespace: "{{ _template.account.namespace }}"
# register: workloadcluster_bearertoken
- name: Retrieve workload-cluster kubeconfig
kubernetes.core.k8s_info: kubernetes.core.k8s_info:
kind: Secret kind: Secret
name: "{{ _template.account.name }}-secret" name: "{{ vapp['workloadcluster.name'] }}-kubeconfig"
namespace: "{{ _template.account.namespace }}" namespace: default
register: workloadcluster_bearertoken register: secret_workloadcluster_kubeconfig
- name: Register workload cluster in argo-cd - name: Register workload-cluster in argo-cd
kubernetes.core.k8s: kubernetes.core.k8s:
template: cluster.j2 template: cluster.j2
state: present state: present
@ -51,7 +58,10 @@
name: "{{ vapp['workloadcluster.name'] | lower }}" name: "{{ vapp['workloadcluster.name'] | lower }}"
secret: argocd-cluster-{{ vapp['workloadcluster.name'] | lower }} secret: argocd-cluster-{{ vapp['workloadcluster.name'] | lower }}
url: https://{{ vapp['workloadcluster.vip'] }}:6443 url: https://{{ vapp['workloadcluster.vip'] }}:6443
token: "{{ workloadcluster_bearertoken.resources | json_query('[].data.token') }}" kubeconfig:
ca: (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).clusters[0].cluster['certificate-authority-data'] | b64encode
certificate: (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-certificate-data'] | b64encode
key: (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-key-data'] | b64encode
- name: Configure workload-cluster GitOps repository - name: Configure workload-cluster GitOps repository
ansible.builtin.template: ansible.builtin.template:
@ -81,7 +91,7 @@
name: argocd-applicationset-workloadcluster name: argocd-applicationset-workloadcluster
namespace: argo-cd namespace: argo-cd
cluster: cluster:
name: "{{ vapp['workloadcluster.name'] | lower }}" url: https://{{ vapp['workloadcluster.vip'] }}:6443
repository: repository:
url: https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git url: https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
@ -91,13 +101,13 @@
- name: Trigger handlers - name: Trigger handlers
ansible.builtin.meta: flush_handlers ansible.builtin.meta: flush_handlers
vars: # vars:
_template: # _template:
account: # account:
name: argocd-sa # name: argocd-sa
namespace: default # namespace: default
clusterrolebinding: # clusterrolebinding:
name: argocd-crb # name: argocd-crb
module_defaults: module_defaults:
group/k8s: group/k8s:
kubeconfig: "{{ capi_kubeconfig.path }}" kubeconfig: "{{ capi_kubeconfig.path }}"

2
ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/applicationset.j2
View File

@ -24,5 +24,5 @@ spec:
targetRevision: HEAD targetRevision: HEAD
path: {% raw %}'{{ path }}'{% endraw +%} path: {% raw %}'{{ path }}'{% endraw +%}
destination: destination:
server: {{ _template.cluster.name }} server: {{ _template.cluster.url }}
namespace: default namespace: default

6
ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/cluster.j2
View File

@ -11,8 +11,10 @@ stringData:
server: {{ _template.cluster.url }} server: {{ _template.cluster.url }}
config: | config: |
{ {
"bearerToken": "{{ _template.cluster.token }}",
"tlsClientConfig": { "tlsClientConfig": {
"insecure": true "insecure": false,
"caData": "{{ _template.kubeconfig.ca }}",
"certData": "{{ _template.kubeconfig.certificate }}",
"keyData": "{{ _template.kubeconfig.key }}"
} }
} }

0
ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/serviceaccount.j2 → ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/serviceaccount.j2.DISABLED
View File