From 915660f618186a85676719d249ce057ca3fea207 Mon Sep 17 00:00:00 2001
From: Danny Bessems <danny@bessems.eu>
Date: Tue, 4 Apr 2023 10:47:28 +0200
Subject: [PATCH] Housekeeping;Populate all registry mirrors;Disable manifest
 image reference workaround;Add missing key;Remove redundant filter

---
 .../roles/metacluster/tasks/init.yml          |  2 +-
 .../workloadcluster/tasks/clusterapi.yml      | 44 +++++++------------
 .../roles/workloadcluster/tasks/gitops.yml    |  7 +--
 .../common/templates/registries.j2            |  6 +--
 4 files changed, 25 insertions(+), 34 deletions(-)

diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml
index f01c1fe..ddbcd7e 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml
@@ -78,6 +78,6 @@
     src: registries.j2
   vars:
     _template:
-      data: "{{ source_registries }}"
+      registries: "{{ source_registries }}"
       hv:
         fqdn: "{{ vapp['metacluster.fqdn'] }}"
diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
index 6d0dbff..b5822a5 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
@@ -52,22 +52,22 @@
         version: "{{ components.clusterapi.workload.version.k8s }}"
         vip: "{{ vapp['workloadcluster.vip'] }}"
 
-- name: WORKAROUND - Update image references to use local registry
-  ansible.builtin.replace:
-    dest: "{{ item }}"
-    regexp: '([ ]+image:[ "]+)(?!({{ _template.pattern }}|"{{ _template.pattern }}))'
-    replace: '\1{{ _template.pattern }}'
-  vars:
-    fileglobs:
-      - "{{ query('ansible.builtin.fileglob', '/opt/metacluster/cluster-api/cni-calico/' ~ components.clusterapi.workload.version.calico ~ '/*.yaml') }}"
-      - "{{ query('ansible.builtin.fileglob', '/opt/metacluster/cluster-api/infrastructure-vsphere/' ~ components.clusterapi.management.version.infrastructure_vsphere ~ '/*.yaml') }}"
-    _template:
-      pattern: registry.{{ vapp['metacluster.fqdn'] }}/library/
-  loop: "{{ fileglobs[0:] | flatten | select }}"
-  loop_control:
-    label: "{{ item | basename }}"
-  when:
-    - item is not search("components.yaml|metadata.yaml")
+# - name: WORKAROUND - Update image references to use local registry
+#   ansible.builtin.replace:
+#     dest: "{{ item }}"
+#     regexp: '([ ]+image:[ "]+)(?!({{ _template.pattern }}|"{{ _template.pattern }}))'
+#     replace: '\1{{ _template.pattern }}'
+#   vars:
+#     fileglobs:
+#       - "{{ query('ansible.builtin.fileglob', '/opt/metacluster/cluster-api/cni-calico/' ~ components.clusterapi.workload.version.calico ~ '/*.yaml') }}"
+#       - "{{ query('ansible.builtin.fileglob', '/opt/metacluster/cluster-api/infrastructure-vsphere/' ~ components.clusterapi.management.version.infrastructure_vsphere ~ '/*.yaml') }}"
+#     _template:
+#       pattern: registry.{{ vapp['metacluster.fqdn'] }}/library/
+#   loop: "{{ fileglobs[0:] | flatten | select }}"
+#   loop_control:
+#     label: "{{ item | basename }}"
+#   when:
+#     - item is not search("components.yaml|metadata.yaml")
 
 - name: Generate kustomization template
   ansible.builtin.template:
@@ -82,10 +82,7 @@
       rootca: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] }}"
       runcmds:
         - update-ca-certificates
-      registries:
-        # This should obviously be a dynamic list, but testing first!
-        - docker.io
-        - gcr.io
+      registries: "{{ source_registries }}"
 
 - name: Store custom cluster-template
   ansible.builtin.copy:
@@ -246,13 +243,6 @@
 - name: Trigger handlers
   ansible.builtin.meta: flush_handlers
 
-# - name: Apply workload cluster manifest
-#   kubernetes.core.k8s:
-#     definition: >-
-#       {{ clusterctl_newcluster.stdout }}
-#     wait: true
-#     kubeconfig: "{{ kubeconfig.path }}"
-
 - name: Wait for cluster to be available
   ansible.builtin.shell:
     cmd: >-
diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml
index 8b28efc..8834451 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml
@@ -45,6 +45,7 @@
         kind: Secret
         name: "{{ vapp['workloadcluster.name'] }}-kubeconfig"
         namespace: default
+        kubeconfig: "{{ kubeconfig.path }}"
       register: secret_workloadcluster_kubeconfig
 
     - name: Register workload-cluster in argo-cd
@@ -59,9 +60,9 @@
             secret: argocd-cluster-{{ vapp['workloadcluster.name'] | lower }}
             url: https://{{ vapp['workloadcluster.vip'] }}:6443
           kubeconfig:
-            ca: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).clusters[0].cluster['certificate-authority-data'] | b64encode }}"
-            certificate: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-certificate-data'] | b64encode }}"
-            key: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-key-data'] | b64encode }}"
+            ca: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).clusters[0].cluster['certificate-authority-data'] }}"
+            certificate: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-certificate-data'] }}"
+            key: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-key-data'] }}"
 
     - name: Configure workload-cluster GitOps repository
       ansible.builtin.template:
diff --git a/ansible/roles/firstboot/files/ansible_payload/common/templates/registries.j2 b/ansible/roles/firstboot/files/ansible_payload/common/templates/registries.j2
index 45cde78..8345db3 100644
--- a/ansible/roles/firstboot/files/ansible_payload/common/templates/registries.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/common/templates/registries.j2
@@ -1,8 +1,8 @@
 mirrors:
-{% for entry in _template.data %}
-  {{ entry }}:
+{% for registry in _template.registries %}
+  {{ registry }}:
     endpoint:
       - https://registry.{{ _template.hv.fqdn }}
     rewrite:
-      "(.*)": "library/{{ entry }}/$1"
+      "(.*)": "library/{{ registry }}/$1"
 {% endfor %}