chore: Align controller details with latest chart versions

chore: Duplicate certificate provisioner w/ custom claims
feat: Include new component argo workflows
2024-06-11 21:58:14 +10:00 · 2024-06-11 21:57:38 +10:00 · 2024-06-11 21:57:00 +10:00
5 changed files with 71 additions and 3 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml
@ -8,6 +8,34 @@
            combine( components['step-certificates'].chart_values | from_yaml, recursive=True, list_merge='append')
          }}
    - name: Duplicate default provisioner with modified claims
      ansible.builtin.set_fact:
        values_new: |
          {{
            values_initial |
              combine({'inject':{'config':{'files':{'ca.json':{'authority': {'provisioners': [
                values_initial.inject.config.files['ca.json'].authority.provisioners[0] | combine({'name':'long-lived', 'claims':{'maxTLSCertDuration':'87660h'}})
              ]}}}}}}, list_merge='append_rp', recursive=true)
          }}
    # We're facing several bugs or niche cases that result in incorrect output, despite being behaviour by design:
    # - Ansible's `to_yaml` filter, sees `\n` escape sequences in PEM certificate strings and correctly converts them to actual newlines - without any way to prevent this
    #   So we cannot rely on Ansible to (re)create the helm chart values file
    # - Python's yaml interpreter sees strings with a value of `y` as short for `yes` or `true`, even when that string is a key name.
    #   So we cannot use a straightforward yaml document as input for the Ansible helm module (which is written in Python)
    #
    # Lets explain the following workaround steps:
    # - First we convert the dictionary to a json-object (through Ansible), so that yq can read it
    # - Second we convert the json-object in its entirety to yaml (through yq), so that yq can actually manipulate it.
    # - Finally, we take one specific subkey's contents (list of dictionaries) and iterate over each with the following steps (with `map`):
    #   - Convert the dictionary to json with `tojson`
    #   - Remove newlines (and spaces) with `sub`
    #   - Remove outer quotes (') with `sed`
    - name: Save updated values file
      ansible.builtin.shell:
        cmd: |
          echo '{{ values_new | to_nice_json }}' | yq -p json -o yaml | yq e '.inject.config.files["ca.json"].authority.provisioners |= map(tojson | sub("[\n ]";""))' | sed -e "s/- '/- /;s/'$//" > {{ stepconfig.path }}
    - name: Install step-ca chart
      kubernetes.core.helm:
        name: step-certificates
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/main.yml
@ -1,6 +1,7 @@
 - import_tasks: init.yml
 - import_tasks: k3s.yml
 - import_tasks: assets.yml
 - import_tasks: workflow.yml
 - import_tasks: virtualip.yml
 - import_tasks: metadata.yml
 - import_tasks: storage.yml
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/workflow.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/workflow.yml
@ -0,0 +1,20 @@
 - block:
    - name: Install argo-workflows chart
      kubernetes.core.helm:
        name: argo-workflows
        chart_ref: /opt/metacluster/helm-charts/argo-workflows
        release_namespace: argo-workflows
        create_namespace: true
        wait: false
        kubeconfig: "{{ kubeconfig.path }}"
        values: "{{ components['argo-workflows'].chart_values }}"
    # - name: Trigger handlers
    #   ansible.builtin.meta: flush_handlers
  module_defaults:
    ansible.builtin.uri:
      validate_certs: no
      status_code: [200, 201]
      body_format: json
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
@ -127,8 +127,8 @@
    wait: true
    kubeconfig: "{{ kubeconfig.path }}"
  loop:
-    - name: caip-in-cluster-controller-manager
+    - name: capi-ipam-in-cluster-controller-manager
-      namespace: caip-in-cluster-system
+      namespace: capi-ipam-in-cluster-system
    - name: capi-controller-manager
      namespace: capi-system
    - name: capv-controller-manager
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@ -58,7 +58,7 @@ components:
  argo-cd:
    helm:
-      version: 6.7.7  # (=ArgoCD v.2.10.5)
+      version: 6.7.7  # (=Argo CD v2.10.5)
      chart: argo/argo-cd
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
      chart_values: !unsafe |
@ -79,6 +79,25 @@ components:
          ingress:
            enabled: true
  argo-workflows:
    helm:
      version: 0.41.8  # (=Argo Workflows v3.5.7)
      chart: argo/argo-workflows
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
      chart_values: !unsafe |
        controller:
          workflowNamespaces:
            - default
            - firstboot
        server:
          ingress:
            enabled: true
            hosts:
              - workflow.{{ vapp['workloadcluster.fqdn']}}
            paths:
              - /
            pathType: Prefix
  cert-manager:
    helm:
      version: 1.14.4
Author	SHA1	Message	Date
djpbessems	066a21b1d2	chore: Align controller details with latest chart versions All checks were successful Container & Helm chart / Linting (push) Successful in 5s Details Container & Helm chart / Semantic Release (Dry-run) (push) Successful in 1m16s Details Container & Helm chart / Kubernetes Bootstrap Appliance (push) Successful in 37m13s Details	2024-06-11 21:58:14 +10:00
djpbessems	46fe962e77	chore: Duplicate certificate provisioner w/ custom claims	2024-06-11 21:57:38 +10:00
djpbessems	74070f266c	feat: Include new component argo workflows	2024-06-11 21:57:00 +10:00