Housekeeping;Populate all registry mirrors;Disable manifest image reference workaround;Add missing key;Remove redundant filter

2023-04-04 10:47:28 +02:00 · 2023-04-04 10:47:28 +02:00 · 915660f618
commit 915660f618
parent d0c4251e06
4 changed files with 25 additions and 34 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml
@ -78,6 +78,6 @@
    src: registries.j2
  vars:
    _template:
-      data: "{{ source_registries }}"
+      registries: "{{ source_registries }}"
      hv:
        fqdn: "{{ vapp['metacluster.fqdn'] }}"
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
@ -52,22 +52,22 @@
        version: "{{ components.clusterapi.workload.version.k8s }}"
        vip: "{{ vapp['workloadcluster.vip'] }}"

- name: WORKAROUND - Update image references to use local registry
-  ansible.builtin.replace:
-    dest: "{{ item }}"
-    regexp: '([ ]+image:[ "]+)(?!({{ _template.pattern }}|"{{ _template.pattern }}))'
-    replace: '\1{{ _template.pattern }}'
-  vars:
-    fileglobs:
-      - "{{ query('ansible.builtin.fileglob', '/opt/metacluster/cluster-api/cni-calico/' ~ components.clusterapi.workload.version.calico ~ '/*.yaml') }}"
-      - "{{ query('ansible.builtin.fileglob', '/opt/metacluster/cluster-api/infrastructure-vsphere/' ~ components.clusterapi.management.version.infrastructure_vsphere ~ '/*.yaml') }}"
-    _template:
-      pattern: registry.{{ vapp['metacluster.fqdn'] }}/library/
-  loop: "{{ fileglobs[0:] | flatten | select }}"
-  loop_control:
-    label: "{{ item | basename }}"
-  when:
-    - item is not search("components.yaml|metadata.yaml")
+# - name: WORKAROUND - Update image references to use local registry
+#   ansible.builtin.replace:
+#     dest: "{{ item }}"
+#     regexp: '([ ]+image:[ "]+)(?!({{ _template.pattern }}|"{{ _template.pattern }}))'
+#     replace: '\1{{ _template.pattern }}'
+#   vars:
+#     fileglobs:
+#       - "{{ query('ansible.builtin.fileglob', '/opt/metacluster/cluster-api/cni-calico/' ~ components.clusterapi.workload.version.calico ~ '/*.yaml') }}"
+#       - "{{ query('ansible.builtin.fileglob', '/opt/metacluster/cluster-api/infrastructure-vsphere/' ~ components.clusterapi.management.version.infrastructure_vsphere ~ '/*.yaml') }}"
+#     _template:
+#       pattern: registry.{{ vapp['metacluster.fqdn'] }}/library/
+#   loop: "{{ fileglobs[0:] | flatten | select }}"
+#   loop_control:
+#     label: "{{ item | basename }}"
+#   when:
+#     - item is not search("components.yaml|metadata.yaml")

 - name: Generate kustomization template
  ansible.builtin.template:
@ -82,10 +82,7 @@
      rootca: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] }}"
      runcmds:
        - update-ca-certificates
-      registries:
-        # This should obviously be a dynamic list, but testing first!
-        - docker.io
-        - gcr.io
+      registries: "{{ source_registries }}"

 - name: Store custom cluster-template
  ansible.builtin.copy:
@ -246,13 +243,6 @@
 - name: Trigger handlers
  ansible.builtin.meta: flush_handlers

-# - name: Apply workload cluster manifest
-#   kubernetes.core.k8s:
-#     definition: >-
-#       {{ clusterctl_newcluster.stdout }}
-#     wait: true
-#     kubeconfig: "{{ kubeconfig.path }}"
-
 - name: Wait for cluster to be available
  ansible.builtin.shell:
    cmd: >-
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml
@ -45,6 +45,7 @@
        kind: Secret
        name: "{{ vapp['workloadcluster.name'] }}-kubeconfig"
        namespace: default
+        kubeconfig: "{{ kubeconfig.path }}"
      register: secret_workloadcluster_kubeconfig

    - name: Register workload-cluster in argo-cd
@ -59,9 +60,9 @@
            secret: argocd-cluster-{{ vapp['workloadcluster.name'] | lower }}
            url: https://{{ vapp['workloadcluster.vip'] }}:6443
          kubeconfig:
-            ca: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).clusters[0].cluster['certificate-authority-data'] | b64encode }}"
-            certificate: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-certificate-data'] | b64encode }}"
-            key: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-key-data'] | b64encode }}"
+            ca: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).clusters[0].cluster['certificate-authority-data'] }}"
+            certificate: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-certificate-data'] }}"
+            key: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-key-data'] }}"

    - name: Configure workload-cluster GitOps repository
      ansible.builtin.template:
--- a/ansible/roles/firstboot/files/ansible_payload/common/templates/registries.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/common/templates/registries.j2
@ -1,8 +1,8 @@
 mirrors:
-{% for entry in _template.data %}
-  {{ entry }}:
+{% for registry in _template.registries %}
+  {{ registry }}:
    endpoint:
      - https://registry.{{ _template.hv.fqdn }}
    rewrite:
-      "(.*)": "library/{{ entry }}/$1"
+      "(.*)": "library/{{ registry }}/$1"
 {% endfor %}