Packer.Images/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml

- name: Aggregate helm charts from filesystem
  ansible.builtin.find:
    path: /opt/workloadcluster/helm-charts
    file_type: directory
    recurse: false
  register: helm_charts

- name: Create hard-links to populate new git-repository
  ansible.builtin.shell:
    cmd: >-
      cp -lr {{ item.path }}/ /opt/workloadcluster/git-repositories/gitops/charts      
  loop: "{{ helm_charts.files }}"
  loop_control:
    label: "{{ item.path | basename }}"

- name: Create subfolders
  ansible.builtin.file:
    path: /opt/workloadcluster/git-repositories/gitops/values/{{ item.key }}
    state: directory
  loop: "{{ query('ansible.builtin.dict', downstream_components) }}"
  loop_control:
    label: "{{ item.key }}"

- name: Write chart values to file
  ansible.builtin.copy:
    dest: /opt/workloadcluster/git-repositories/gitops/values/{{ item.key }}/values.yaml
    content: "{{ item.value.chart_values | default('# Empty') | to_nice_yaml(indent=2, width=4096) }}"
  loop: "{{ query('ansible.builtin.dict', downstream_components) }}"
  loop_control:
    label: "{{ item.key }}"

- name: Initialize/Push git repository
  ansible.builtin.shell:
    cmd: |
      git init
      git config --global user.email "administrator@{{ vapp['metacluster.fqdn'] }}"
      git config --global user.name "administrator"
      git checkout -b main
      git add .
      git commit -m "Upload charts"
      git remote add origin https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
      git push https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git --all      
    chdir: /opt/workloadcluster/git-repositories/gitops

- name: Retrieve workload-cluster kubeconfig
  kubernetes.core.k8s_info:
    kind: Secret
    name: "{{ vapp['workloadcluster.name'] }}-kubeconfig"
    namespace: default
    kubeconfig: "{{ kubeconfig.path }}"
  register: secret_workloadcluster_kubeconfig

- name: Register workload-cluster in argo-cd
  kubernetes.core.k8s:
    template: cluster.j2
    state: present
    kubeconfig: "{{ kubeconfig.path }}"
  vars:
    _template:
      cluster:
        name: "{{ vapp['workloadcluster.name'] | lower }}"
        secret: argocd-cluster-{{ vapp['workloadcluster.name'] | lower }}
        url: https://{{ vapp['workloadcluster.vip'] }}:6443
      kubeconfig:
        ca: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).clusters[0].cluster['certificate-authority-data'] }}"
        certificate: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-certificate-data'] }}"
        key: "{{ (secret_workloadcluster_kubeconfig.resources[0].data.value | b64decode | from_yaml).users[0].user['client-key-data'] }}"

- name: Configure workload-cluster GitOps repository
  ansible.builtin.template:
    src: gitrepo.j2
    dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
    owner: root
    group: root
    mode: 0600
  vars:
    _template:
      name: gitrepo-wl-gitopsconfig
      namespace: argo-cd
      url: https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
  notify:
    - Apply manifests

- name: Create applicationset
  ansible.builtin.template:
    src: applicationset.j2
    dest: /var/lib/rancher/k3s/server/manifests/{{ _template.application.name }}-manifest.yaml
    owner: root
    group: root
    mode: 0600
  vars:
    _template:
      application:
        name: applicationset-workloadcluster
        namespace: argo-cd
      cluster:
        url: https://{{ vapp['workloadcluster.vip'] }}:6443
      repository:
        url: https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
        revision: main
  notify:
    - Apply manifests

- name: Trigger handlers
  ansible.builtin.meta: flush_handlers