fix: Generate and store kubeconfig in repository

fix: Add playbook scoped variable
2023-08-24 18:24:24 +02:00 · 2023-08-24 17:41:35 +02:00
7 changed files with 48 additions and 17 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/playbook.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/playbook.yml
@@ -2,6 +2,9 @@
 - hosts: 127.0.0.1
  connection: local
  gather_facts: true
+  vars:
+    # Needed by some templating in various tasks
+    _newline: "\n"
  vars_files:
    - defaults.yml
    - metacluster.yml
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/authentication.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/authentication.yml
@@ -109,7 +109,6 @@
        state: present
        kubeconfig: "{{ kubeconfig.path }}"
      vars:
-        _newline: "\n"
        _template:
          name: "{{ item.name }}"
          namespace: "{{ item.namespace }}"
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml
@@ -125,6 +125,12 @@
                auto_init: true
                default_branch: main
                description: GitOps manifests
+            - organization: wl
+              body:
+                name: ClusterAccess.Store
+                auto_init: true
+                default_branch: main
+                description: Kubeconfig files
          loop_control:
            label: "{{ item.organization ~ '/' ~ item.body.name }}"

--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/authentication.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/authentication.yml
@@ -0,0 +1,36 @@
+- name: Initialize tempfolder
+  ansible.builtin.tempfile:
+    state: directory
+  register: pinniped_kubeconfig
+
+- name: Pull existing repository
+  ansible.builtin.git:
+    repo: https://git.{{ vapp['metacluster.fqdn'] }}/wl/ClusterAccess.Store.git
+    dest: "{{ pinniped_kubeconfig.path }}"
+    version: main
+
+- name: Generate kubeconfig
+  ansible.builtin.shell:
+    cmd: pinniped get kubeconfig --kubeconfig {{ capi_kubeconfig.path }}
+  register: pinniped_config
+
+- name: Store kubeconfig in tempfile
+  ansible.builtin.copy:
+    dest: "{{ pinniped_kubeconfig.path }}"
+    content: "{{ pinniped_config.stdout }}"
+    mode: 0600
+  no_log: true
+
+- name: Push git repository
+  lvrfrc87.git_acp.git_acp:
+    path: "{{ pinniped_kubeconfig.path }}"
+    branch: main
+    comment: "Upload kubeconfig files"
+    add:
+      - .
+    url: https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/wl/ClusterAccess.Store.git
+  environment:
+    GIT_AUTHOR_NAME: administrator
+    GIT_AUTHOR_EMAIL: administrator@{{ vapp['metacluster.fqdn'] }}
+    GIT_COMMITTER_NAME: administrator
+    GIT_COMMITTER_EMAIL: administrator@{{ vapp['metacluster.fqdn'] }}
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml
@@ -34,7 +34,6 @@
  vars:
    manifest: "{{ item.0 }}"
    src: "{{ item.1.src }}"
-    _newline: "\n"
    _template: "{{ item.1._template }}"
  loop: "{{ query('ansible.builtin.subelements', query('ansible.builtin.dict', downstream_components), 'value.extra_manifests') }}"
  loop_control:
@@ -70,19 +69,6 @@
    GIT_COMMITTER_NAME: administrator
    GIT_COMMITTER_EMAIL: administrator@{{ vapp['metacluster.fqdn'] }}

-# - name: Initialize/Push git repository
-#   ansible.builtin.shell:
-#     cmd: |
-#       git init
-#       git config --global user.email "administrator@{{ vapp['metacluster.fqdn'] }}"
-#       git config --global user.name "administrator"
-#       git checkout -b main
-#       git add .
-#       git commit -m "Upload charts"
-#       git remote add origin https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
-#       git push https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git --all
-#     chdir: /opt/workloadcluster/git-repositories/gitops
-
 - name: Retrieve workload-cluster kubeconfig
  kubernetes.core.k8s_info:
    kind: Secret
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/main.yml
@@ -6,6 +6,7 @@

    - import_tasks: clusterapi.yml
    - import_tasks: gitops.yml
+    - import_tasks: authentication.yml

  when:
    - vapp['deployment.type'] != 'core'
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@@ -117,9 +117,9 @@ components:
            - https://auth.{{ vapp['metacluster.fqdn'] }}/sso/callback
          enablePasswordDB: true
          staticPasswords:
-          - email: admin@{{ vapp['metacluster.fqdn'] }}
+          - email: user@{{ vapp['metacluster.fqdn'] }}
            hash: "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}"
-            username: admin
+            username: user
            userID: "{{ lookup('ansible.builtin.password', '/dev/null length=64 chars=ascii_lowercase,digits seed=' ~ vapp['metacluster.fqdn']) | to_uuid }}"
        ingress:
          enabled: true
Author	SHA1	Message	Date
Danny Bessems	32dda728cb	fix: Generate and store kubeconfig in repository All checks were successful continuous-integration/drone/push Build is passing Details	2023-08-24 18:24:24 +02:00
Danny Bessems	4c1f1fce5e	fix: Add playbook scoped variable	2023-08-24 17:41:35 +02:00