Packer.Images/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml

- name: Aggregate helm charts from filesystem
  ansible.builtin.find:
    path: /opt/workloadcluster/helm-charts
    file_type: directory
    recurse: false
  register: helm_charts

- name: Pull existing repository
  ansible.builtin.git:
    repo: https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
    dest: /opt/workloadcluster/git-repositories/gitops
    version: main

- name: Create folder structure within new git-repository
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
  loop:
    - /opt/workloadcluster/git-repositories/gitops/charts
    - /opt/workloadcluster/git-repositories/gitops/values

- name: Create hard-links to populate new git-repository
  ansible.builtin.shell:
    cmd: >-
      cp -lr {{ item.path }}/ /opt/workloadcluster/git-repositories/gitops/charts      
  loop: "{{ helm_charts.files }}"
  loop_control:
    label: "{{ item.path | basename }}"

- name: Write custom manifests to respective chart templates store
  ansible.builtin.template:
    src: "{{ src }}"
    dest: /opt/workloadcluster/git-repositories/gitops/charts/{{ manifest.value.namespace }}/{{ manifest.key }}/templates/{{ (src | split('.'))[0] ~ '-' ~ _template.name ~ '.yaml' }}
  vars:
    manifest: "{{ item.0 }}"
    src: "{{ item.1.src }}"
    _template: "{{ item.1._template }}"
  loop: "{{ query('ansible.builtin.subelements', query('ansible.builtin.dict', downstream_components), 'value.extra_manifests') }}"
  loop_control:
    label: "{{ (src | split('.'))[0] ~ '-' ~ _template.name }}"

- name: Create subfolders
  ansible.builtin.file:
    path: /opt/workloadcluster/git-repositories/gitops/values/{{ item.key }}
    state: directory
  loop: "{{ query('ansible.builtin.dict', downstream_components) }}"
  loop_control:
    label: "{{ item.key }}"

- name: Write chart values to file
  ansible.builtin.copy:
    dest: /opt/workloadcluster/git-repositories/gitops/values/{{ item.key }}/values.yaml
    content: "{{ item.value.chart_values | default('# Empty') | to_nice_yaml(indent=2, width=4096) }}"
  loop: "{{ query('ansible.builtin.dict', downstream_components) }}"
  loop_control:
    label: "{{ item.key }}"

- name: Push git repository
  lvrfrc87.git_acp.git_acp:
    path: /opt/workloadcluster/git-repositories/gitops
    branch: main
    comment: "Upload charts"
    add:
      - .
    url: https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
  environment:
    GIT_AUTHOR_NAME: administrator
    GIT_AUTHOR_EMAIL: administrator@{{ vapp['metacluster.fqdn'] }}
    GIT_COMMITTER_NAME: administrator
    GIT_COMMITTER_EMAIL: administrator@{{ vapp['metacluster.fqdn'] }}

- name: Retrieve workload-cluster kubeconfig
  kubernetes.core.k8s_info:
    kind: Secret
    name: "{{ vapp['workloadcluster.name'] }}-kubeconfig"
    namespace: default
    kubeconfig: "{{ kubeconfig.path }}"
  register: secret_workloadcluster_kubeconfig

- name: Register workload-cluster in argo-cd
  kubernetes.core.k8s:
    template: cluster.j2
    state: present
    kubeconfig: "{{ kubeconfig.path }}"
  vars:
    _template:
      cluster:
        name: "{{ vapp['workloadcluster.name'] | lower }}"
        secret: argocd-cluster-{{ vapp['workloadcluster.name'] | lower }}
        url: https://{{ vapp['workloadcluster.vip'] }}:6443
      kubeconfig:
        ca: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).clusters[0].cluster['certificate-authority-data'] }}"
        certificate: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-certificate-data'] }}"
        key: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-key-data'] }}"

- name: Configure workload-cluster GitOps repository
  ansible.builtin.template:
    src: gitrepo.j2
    dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
    owner: root
    group: root
    mode: 0600
  vars:
    _template:
      name: gitrepo-wl-gitopsconfig
      namespace: argo-cd
      url: https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
  notify:
    - Apply manifests

- name: Create applicationset
  ansible.builtin.template:
    src: applicationset.j2
    dest: /var/lib/rancher/k3s/server/manifests/{{ _template.application.name }}-manifest.yaml
    owner: root
    group: root
    mode: 0600
  vars:
    _template:
      application:
        name: applicationset-workloadcluster
        namespace: argo-cd
      cluster:
        url: https://{{ vapp['workloadcluster.vip'] }}:6443
      repository:
        url: https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
        revision: main
  notify:
    - Apply manifests

- name: Trigger handlers
  ansible.builtin.meta: flush_handlers