From 915660f618186a85676719d249ce057ca3fea207 Mon Sep 17 00:00:00 2001 From: Danny Bessems Date: Tue, 4 Apr 2023 10:47:28 +0200 Subject: [PATCH] Housekeeping;Populate all registry mirrors;Disable manifest image reference workaround;Add missing key;Remove redundant filter --- .../roles/metacluster/tasks/init.yml | 2 +- .../workloadcluster/tasks/clusterapi.yml | 44 +++++++------------ .../roles/workloadcluster/tasks/gitops.yml | 7 +-- .../common/templates/registries.j2 | 6 +-- 4 files changed, 25 insertions(+), 34 deletions(-) diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml index f01c1fe..ddbcd7e 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml @@ -78,6 +78,6 @@ src: registries.j2 vars: _template: - data: "{{ source_registries }}" + registries: "{{ source_registries }}" hv: fqdn: "{{ vapp['metacluster.fqdn'] }}" diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml index 6d0dbff..b5822a5 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml @@ -52,22 +52,22 @@ version: "{{ components.clusterapi.workload.version.k8s }}" vip: "{{ vapp['workloadcluster.vip'] }}" -- name: WORKAROUND - Update image references to use local registry - ansible.builtin.replace: - dest: "{{ item }}" - regexp: '([ ]+image:[ "]+)(?!({{ _template.pattern }}|"{{ _template.pattern }}))' - replace: '\1{{ _template.pattern }}' - vars: - fileglobs: - - "{{ query('ansible.builtin.fileglob', '/opt/metacluster/cluster-api/cni-calico/' ~ components.clusterapi.workload.version.calico ~ '/*.yaml') }}" - - "{{ query('ansible.builtin.fileglob', '/opt/metacluster/cluster-api/infrastructure-vsphere/' ~ components.clusterapi.management.version.infrastructure_vsphere ~ '/*.yaml') }}" - _template: - pattern: registry.{{ vapp['metacluster.fqdn'] }}/library/ - loop: "{{ fileglobs[0:] | flatten | select }}" - loop_control: - label: "{{ item | basename }}" - when: - - item is not search("components.yaml|metadata.yaml") +# - name: WORKAROUND - Update image references to use local registry +# ansible.builtin.replace: +# dest: "{{ item }}" +# regexp: '([ ]+image:[ "]+)(?!({{ _template.pattern }}|"{{ _template.pattern }}))' +# replace: '\1{{ _template.pattern }}' +# vars: +# fileglobs: +# - "{{ query('ansible.builtin.fileglob', '/opt/metacluster/cluster-api/cni-calico/' ~ components.clusterapi.workload.version.calico ~ '/*.yaml') }}" +# - "{{ query('ansible.builtin.fileglob', '/opt/metacluster/cluster-api/infrastructure-vsphere/' ~ components.clusterapi.management.version.infrastructure_vsphere ~ '/*.yaml') }}" +# _template: +# pattern: registry.{{ vapp['metacluster.fqdn'] }}/library/ +# loop: "{{ fileglobs[0:] | flatten | select }}" +# loop_control: +# label: "{{ item | basename }}" +# when: +# - item is not search("components.yaml|metadata.yaml") - name: Generate kustomization template ansible.builtin.template: @@ -82,10 +82,7 @@ rootca: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] }}" runcmds: - update-ca-certificates - registries: - # This should obviously be a dynamic list, but testing first! - - docker.io - - gcr.io + registries: "{{ source_registries }}" - name: Store custom cluster-template ansible.builtin.copy: @@ -246,13 +243,6 @@ - name: Trigger handlers ansible.builtin.meta: flush_handlers -# - name: Apply workload cluster manifest -# kubernetes.core.k8s: -# definition: >- -# {{ clusterctl_newcluster.stdout }} -# wait: true -# kubeconfig: "{{ kubeconfig.path }}" - - name: Wait for cluster to be available ansible.builtin.shell: cmd: >- diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml index 8b28efc..8834451 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml @@ -45,6 +45,7 @@ kind: Secret name: "{{ vapp['workloadcluster.name'] }}-kubeconfig" namespace: default + kubeconfig: "{{ kubeconfig.path }}" register: secret_workloadcluster_kubeconfig - name: Register workload-cluster in argo-cd @@ -59,9 +60,9 @@ secret: argocd-cluster-{{ vapp['workloadcluster.name'] | lower }} url: https://{{ vapp['workloadcluster.vip'] }}:6443 kubeconfig: - ca: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).clusters[0].cluster['certificate-authority-data'] | b64encode }}" - certificate: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-certificate-data'] | b64encode }}" - key: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-key-data'] | b64encode }}" + ca: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).clusters[0].cluster['certificate-authority-data'] }}" + certificate: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-certificate-data'] }}" + key: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-key-data'] }}" - name: Configure workload-cluster GitOps repository ansible.builtin.template: diff --git a/ansible/roles/firstboot/files/ansible_payload/common/templates/registries.j2 b/ansible/roles/firstboot/files/ansible_payload/common/templates/registries.j2 index 45cde78..8345db3 100644 --- a/ansible/roles/firstboot/files/ansible_payload/common/templates/registries.j2 +++ b/ansible/roles/firstboot/files/ansible_payload/common/templates/registries.j2 @@ -1,8 +1,8 @@ mirrors: -{% for entry in _template.data %} - {{ entry }}: +{% for registry in _template.registries %} + {{ registry }}: endpoint: - https://registry.{{ _template.hv.fqdn }} rewrite: - "(.*)": "library/{{ entry }}/$1" + "(.*)": "library/{{ registry }}/$1" {% endfor %}