- name: Setup an exsiting k8s cluster to become an admiralty worker for Argo Workflows hosts: all:!localhost user: "{{ user_prompt }}" # Pass these through --extr-vars vars: - namespace: "{{ namespace_prompt }}" - source_name: "{{ source_prompt }}" - service_account_name : "admiralty-{{ source_prompt }}" environment: KUBECONFIG: /home/{{ user_prompt }}/.kube/config tasks: - name: Save target IP set_fact: target_ip : "{{ ansible_host }}" - name: Install the appropriates packages become: true become_method: sudo package: name: - python3 - python3-yaml - python3-kubernetes - jq state: present # We need to provide the source name in the command line through --extr-vars - name: Create a service account for the source kubernetes.core.k8s: state: present definition: apiVersion: v1 kind: ServiceAccount metadata: name: '{{ service_account_name }}' namespace: '{{ namespace }}' - name: Add patch permission for pods to argo-role command: > kubectl patch role argo-role -n {{ namespace }} --type='json' -p '[{"op": "add", "path": "/rules/-", "value": {"apiGroups":[""],"resources":["pods"],"verbs":["patch"]}}]' register: patch_result changed_when: "'patched' in patch_result.stdout" - name: Add service account to argo-rolebinding ansible.builtin.command: > kubectl patch rolebinding argo-role-binding -n {{ namespace }} --type='json' -p '[{"op": "add", "path": "/subjects/-", "value": {"kind": "ServiceAccount", "name": "{{ service_account_name }}", "namespace": "{{ namespace }}"}}]' register: patch_result changed_when: "'patched' in patch_result.stdout" - name: Create a token for the created serivce account ansible.builtin.command: cmd: | kubectl create token '{{ service_account_name }}' -n {{ namespace }} register: token_source - name: Create the source ressource kubernetes.core.k8s: state: present definition: apiVersion: multicluster.admiralty.io/v1alpha1 kind: Source metadata: name: source-{{ source_name }} namespace: '{{ namespace }}' spec: serviceAccountName: "{{ service_account_name }}" - name: Retrieve the current kubeconfig as json ansible.builtin.shell: cmd: | kubectl config view --minify --raw --output json register: worker_kubeconfig - name: Convert kubeconfig to JSON set_fact: kubeconfig_json: "{{ worker_kubeconfig.stdout | trim | from_json }}" - name: View worker kubeconfig ansible.builtin.debug: msg: '{{ kubeconfig_json }}' - name: Temporary kubeconfig file ansible.builtin.copy: content: "{{ kubeconfig_json }}" dest: "{{ target_ip }}_kubeconfig.json" - name: Modify kubeconfig JSON ansible.builtin.shell: cmd: | jq '.users[0].user={token:"'{{ token_source.stdout }}'"} | .clusters[0].cluster.server="https://'{{ target_ip }}':6443"' {{ target_ip }}_kubeconfig.json register: kubeconfig_json - name: Save updated kubeconfig ansible.builtin.copy: content: "{{ kubeconfig_json.stdout | trim | from_json | to_nice_json }}" dest: ./worker_kubeconfig/{{ target_ip }}_kubeconfig.json delegate_to: localhost - name: Display informations for the creation of the target on the source host ansible.builtin.debug: msg: > - To add this host as a target in an Admiralty network use the following command line : - ansible-playbook add_admiralty_target.yml -i , --extra-vars "user_prompt= target_name= target_ip={{ ansible_host }} namespace_source={{ namespace }} serviceaccount_prompt={{ service_account_name }}" - Don't forget to give {{ service_account_name }} the appropriate role in namespace {{ namespace }}