core/oc-deploy
6
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases 1 Wiki Activity
2ede262abe
oc-deploy/ansible/Admiralty/setup_admiralty_target.yml

110 lines
4.0 KiB
YAML
Raw Normal View History

All the Ansible playbooks used to deploy k3s, argo server, admiralty and minio
2025-09-26 14:12:01 +02:00
- name: Setup an exsiting k8s cluster to become an admiralty worker for Argo Workflows
hosts: all:!localhost
user: "{{ user_prompt }}"
# Pass these through --extr-vars
vars:
- namespace: "{{ namespace_prompt }}"
- source_name: "{{ source_prompt }}"
- service_account_name : "admiralty-{{ source_prompt }}"
environment:
KUBECONFIG: /home/{{ user_prompt }}/.kube/config
tasks:
- name: Save target IP
set_fact:
target_ip : "{{ ansible_host }}"
- name: Install the appropriates packages
become: true
become_method: sudo
package:
name:
- python3
- python3-yaml
- python3-kubernetes
- jq
state: present
# We need to provide the source name in the command line through --extr-vars
- name: Create a service account for the source
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: ServiceAccount
metadata:
name: '{{ service_account_name }}'
namespace: '{{ namespace }}'
- name: Add patch permission for pods to argo-role
command: >
kubectl patch role argo-role -n {{ namespace }} --type='json'
-p '[{"op": "add", "path": "/rules/-", "value": {"apiGroups":[""],"resources":["pods"],"verbs":["patch"]}}]'
register: patch_result
changed_when: "'patched' in patch_result.stdout"
- name: Add service account to argo-rolebinding
ansible.builtin.command: >
kubectl patch rolebinding argo-role-binding -n {{ namespace }} --type='json'
-p '[{"op": "add", "path": "/subjects/-", "value": {"kind": "ServiceAccount", "name": "{{ service_account_name }}", "namespace": "{{ namespace }}"}}]'
register: patch_result
changed_when: "'patched' in patch_result.stdout"
- name: Create a token for the created serivce account
ansible.builtin.command:
cmd: |
kubectl create token '{{ service_account_name }}' -n {{ namespace }}
register: token_source
- name: Create the source ressource
kubernetes.core.k8s:
state: present
definition:
apiVersion: multicluster.admiralty.io/v1alpha1
kind: Source
metadata:
name: source-{{ source_name }}
namespace: '{{ namespace }}'
spec:
serviceAccountName: "{{ service_account_name }}"
- name: Retrieve the current kubeconfig as json
ansible.builtin.shell:
cmd: |
kubectl config view --minify --raw --output json
register: worker_kubeconfig
- name: Convert kubeconfig to JSON
set_fact:
kubeconfig_json: "{{ worker_kubeconfig.stdout | trim | from_json }}"
- name: View worker kubeconfig
ansible.builtin.debug:
msg: '{{ kubeconfig_json }}'
- name: Temporary kubeconfig file
ansible.builtin.copy:
content: "{{ kubeconfig_json }}"
dest: "{{ target_ip }}_kubeconfig.json"
- name: Modify kubeconfig JSON
ansible.builtin.shell:
cmd: |
jq '.users[0].user={token:"'{{ token_source.stdout }}'"} | .clusters[0].cluster.server="https://'{{ target_ip }}':6443"' {{ target_ip }}_kubeconfig.json
register: kubeconfig_json
- name: Save updated kubeconfig
ansible.builtin.copy:
content: "{{ kubeconfig_json.stdout | trim | from_json | to_nice_json }}"
dest: ./worker_kubeconfig/{{ target_ip }}_kubeconfig.json
delegate_to: localhost
- name: Display informations for the creation of the target on the source host
ansible.builtin.debug:
msg: >
- To add this host as a target in an Admiralty network use the following command line :
- ansible-playbook add_admiralty_target.yml -i <SOURCE HOST IP>, --extra-vars "user_prompt=<YOUR USER> target_name=<TARGET NAME IN KUBE> target_ip={{ ansible_host }} namespace_source={{ namespace }} serviceaccount_prompt={{ service_account_name }}"
- Don't forget to give {{ service_account_name }} the appropriate role in namespace {{ namespace }}
Reference in New Issue Copy Permalink