chore: Configure argo workflows permissions
All checks were successful
Container & Helm chart / Linting (push) Successful in 1m35s
Container & Helm chart / Semantic Release (Dry-run) (push) Successful in 2m15s
Container & Helm chart / Kubernetes Bootstrap Appliance (push) Successful in 32m49s

This commit is contained in:
Danny Bessems 2024-06-14 12:32:06 +10:00
parent 9cbb84a0f3
commit ac38731dcf
3 changed files with 56 additions and 1 deletions

View File

@ -10,6 +10,23 @@
# - argo-workflows # - argo-workflows
- firstboot - firstboot
- name: Create ClusterRoleBinding for default serviceaccount
kubernetes.core.k8s:
state: present
kubeconfig: "{{ kubeconfig.path }}"
definition: |
kind: ClusterRoleBinding
metadata:
name: argo-workflows-firstboot-clusteradmin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: default
namespace: firstboot
- name: Install argo-workflows chart - name: Install argo-workflows chart
kubernetes.core.helm: kubernetes.core.helm:
name: argo-workflows name: argo-workflows

View File

@ -85,11 +85,19 @@ components:
chart: argo/argo-workflows chart: argo/argo-workflows
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe | chart_values: !unsafe |
# workflow:
# serviceAccount:
# create: true
# name: "argo-workflows"
# rbac:
# create: true
controller: controller:
workflowNamespaces: workflowNamespaces:
- default - default
- firstboot - firstboot
server: server:
authModes:
- server
ingress: ingress:
enabled: true enabled: true
hosts: hosts:

View File

@ -5,12 +5,42 @@
- vars/pb.secrets.yaml - vars/pb.secrets.yaml
tasks: tasks:
- name: Retrieve target folder details
community.vmware.vmware_vm_info:
hostname: "{{ hv.hostname }}"
username: "{{ hv.username }}"
password: "{{ secrets.hv.password }}"
folder: "{{ hv.folder }}"
validate_certs: false
register: vm_info
- name: User prompt
ansible.builtin.pause:
prompt: Virtual machine '{{ appliance.id }}' already exists. Delete to continue [yes] or abort [no]?"
register: prompt
until:
- prompt.user_input in ['yes', 'no']
delay: 0
when: (vm_info | selectattr('guest_name', 'equalto', appliance.id) | length) > 0
- name: Destroy existing VM
community.vmware.vmware_guest:
hostname: "{{ hv.hostname }}"
username: "{{ hv.username }}"
password: "{{ secrets.hv.password }}"
folder: "{{ hv.folder }}"
name: appliance.id
state: absent
when:
- (vm_info | selectattr('guest_name', 'equalto', appliance.id) | length) > 0
- (prompt.user_input | bool) == true
- name: Deploy VM from OVA-template - name: Deploy VM from OVA-template
community.vmware.vmware_deploy_ovf: community.vmware.vmware_deploy_ovf:
hostname: "{{ hv.hostname }}" hostname: "{{ hv.hostname }}"
username: "{{ hv.username }}" username: "{{ hv.username }}"
password: "{{ secrets.hv.password }}" password: "{{ secrets.hv.password }}"
validate_certs: no validate_certs: false
datacenter: "{{ hv.datacenter }}" datacenter: "{{ hv.datacenter }}"
folder: "{{ hv.folder }}" folder: "{{ hv.folder }}"
cluster: "{{ hv.cluster }}" cluster: "{{ hv.cluster }}"