110 lines
4.0 KiB
YAML
110 lines
4.0 KiB
YAML
- name: Setup an exsiting k8s cluster to become an admiralty worker for Argo Workflows
|
|
hosts: all:!localhost
|
|
user: "{{ user_prompt }}"
|
|
# Pass these through --extr-vars
|
|
vars:
|
|
- namespace: "{{ namespace_prompt }}"
|
|
- source_name: "{{ source_prompt }}"
|
|
- service_account_name : "admiralty-{{ source_prompt }}"
|
|
environment:
|
|
KUBECONFIG: /home/{{ user_prompt }}/.kube/config
|
|
|
|
tasks:
|
|
- name: Save target IP
|
|
set_fact:
|
|
target_ip : "{{ ansible_host }}"
|
|
|
|
- name: Install the appropriates packages
|
|
become: true
|
|
become_method: sudo
|
|
package:
|
|
name:
|
|
- python3
|
|
- python3-yaml
|
|
- python3-kubernetes
|
|
- jq
|
|
state: present
|
|
|
|
# We need to provide the source name in the command line through --extr-vars
|
|
- name: Create a service account for the source
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: '{{ service_account_name }}'
|
|
namespace: '{{ namespace }}'
|
|
|
|
- name: Add patch permission for pods to argo-role
|
|
command: >
|
|
kubectl patch role argo-role -n {{ namespace }} --type='json'
|
|
-p '[{"op": "add", "path": "/rules/-", "value": {"apiGroups":[""],"resources":["pods"],"verbs":["patch"]}}]'
|
|
register: patch_result
|
|
changed_when: "'patched' in patch_result.stdout"
|
|
|
|
- name: Add service account to argo-rolebinding
|
|
ansible.builtin.command: >
|
|
kubectl patch rolebinding argo-role-binding -n {{ namespace }} --type='json'
|
|
-p '[{"op": "add", "path": "/subjects/-", "value": {"kind": "ServiceAccount", "name": "{{ service_account_name }}", "namespace": "{{ namespace }}"}}]'
|
|
register: patch_result
|
|
changed_when: "'patched' in patch_result.stdout"
|
|
|
|
- name: Create a token for the created serivce account
|
|
ansible.builtin.command:
|
|
cmd: |
|
|
kubectl create token '{{ service_account_name }}' -n {{ namespace }}
|
|
register: token_source
|
|
|
|
- name: Create the source ressource
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: multicluster.admiralty.io/v1alpha1
|
|
kind: Source
|
|
metadata:
|
|
name: source-{{ source_name }}
|
|
namespace: '{{ namespace }}'
|
|
spec:
|
|
serviceAccountName: "{{ service_account_name }}"
|
|
|
|
- name: Retrieve the current kubeconfig as json
|
|
ansible.builtin.shell:
|
|
cmd: |
|
|
kubectl config view --minify --raw --output json
|
|
register: worker_kubeconfig
|
|
|
|
|
|
- name: Convert kubeconfig to JSON
|
|
set_fact:
|
|
kubeconfig_json: "{{ worker_kubeconfig.stdout | trim | from_json }}"
|
|
|
|
- name: View worker kubeconfig
|
|
ansible.builtin.debug:
|
|
msg: '{{ kubeconfig_json }}'
|
|
|
|
- name: Temporary kubeconfig file
|
|
ansible.builtin.copy:
|
|
content: "{{ kubeconfig_json }}"
|
|
dest: "{{ target_ip }}_kubeconfig.json"
|
|
|
|
- name: Modify kubeconfig JSON
|
|
ansible.builtin.shell:
|
|
cmd: |
|
|
jq '.users[0].user={token:"'{{ token_source.stdout }}'"} | .clusters[0].cluster.server="https://'{{ target_ip }}':6443"' {{ target_ip }}_kubeconfig.json
|
|
register: kubeconfig_json
|
|
|
|
|
|
|
|
- name: Save updated kubeconfig
|
|
ansible.builtin.copy:
|
|
content: "{{ kubeconfig_json.stdout | trim | from_json | to_nice_json }}"
|
|
dest: ./worker_kubeconfig/{{ target_ip }}_kubeconfig.json
|
|
delegate_to: localhost
|
|
|
|
- name: Display informations for the creation of the target on the source host
|
|
ansible.builtin.debug:
|
|
msg: >
|
|
- To add this host as a target in an Admiralty network use the following command line :
|
|
- ansible-playbook add_admiralty_target.yml -i <SOURCE HOST IP>, --extra-vars "user_prompt=<YOUR USER> target_name=<TARGET NAME IN KUBE> target_ip={{ ansible_host }} namespace_source={{ namespace }} serviceaccount_prompt={{ service_account_name }}"
|
|
- Don't forget to give {{ service_account_name }} the appropriate role in namespace {{ namespace }} |