From ac38731dcf720f7ec724ba0edc79b24611376436 Mon Sep 17 00:00:00 2001 From: djpbessems Date: Fri, 14 Jun 2024 12:32:06 +1000 Subject: [PATCH] chore: Configure argo workflows permissions --- .../roles/metacluster/tasks/workflow.yml | 17 ++++++++++ ansible/vars/metacluster.yml | 8 +++++ deployment/playbook.yml | 32 ++++++++++++++++++- 3 files changed, 56 insertions(+), 1 deletion(-) diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/workflow.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/workflow.yml index 3ca87df..efa88d6 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/workflow.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/workflow.yml @@ -10,6 +10,23 @@ # - argo-workflows - firstboot + - name: Create ClusterRoleBinding for default serviceaccount + kubernetes.core.k8s: + state: present + kubeconfig: "{{ kubeconfig.path }}" + definition: | + kind: ClusterRoleBinding + metadata: + name: argo-workflows-firstboot-clusteradmin + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin + subjects: + - kind: ServiceAccount + name: default + namespace: firstboot + - name: Install argo-workflows chart kubernetes.core.helm: name: argo-workflows diff --git a/ansible/vars/metacluster.yml b/ansible/vars/metacluster.yml index 4c82133..41ed9c3 100644 --- a/ansible/vars/metacluster.yml +++ b/ansible/vars/metacluster.yml @@ -85,11 +85,19 @@ components: chart: argo/argo-workflows parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' chart_values: !unsafe | + # workflow: + # serviceAccount: + # create: true + # name: "argo-workflows" + # rbac: + # create: true controller: workflowNamespaces: - default - firstboot server: + authModes: + - server ingress: enabled: true hosts: diff --git a/deployment/playbook.yml b/deployment/playbook.yml index 7f7f653..a862773 100644 --- a/deployment/playbook.yml +++ b/deployment/playbook.yml @@ -5,12 +5,42 @@ - vars/pb.secrets.yaml tasks: + - name: Retrieve target folder details + community.vmware.vmware_vm_info: + hostname: "{{ hv.hostname }}" + username: "{{ hv.username }}" + password: "{{ secrets.hv.password }}" + folder: "{{ hv.folder }}" + validate_certs: false + register: vm_info + + - name: User prompt + ansible.builtin.pause: + prompt: Virtual machine '{{ appliance.id }}' already exists. Delete to continue [yes] or abort [no]?" + register: prompt + until: + - prompt.user_input in ['yes', 'no'] + delay: 0 + when: (vm_info | selectattr('guest_name', 'equalto', appliance.id) | length) > 0 + + - name: Destroy existing VM + community.vmware.vmware_guest: + hostname: "{{ hv.hostname }}" + username: "{{ hv.username }}" + password: "{{ secrets.hv.password }}" + folder: "{{ hv.folder }}" + name: appliance.id + state: absent + when: + - (vm_info | selectattr('guest_name', 'equalto', appliance.id) | length) > 0 + - (prompt.user_input | bool) == true + - name: Deploy VM from OVA-template community.vmware.vmware_deploy_ovf: hostname: "{{ hv.hostname }}" username: "{{ hv.username }}" password: "{{ secrets.hv.password }}" - validate_certs: no + validate_certs: false datacenter: "{{ hv.datacenter }}" folder: "{{ hv.folder }}" cluster: "{{ hv.cluster }}"