Add playbook to setup container-registry

2024-09-20 12:15:14 +05:30 · 2024-09-20 12:15:14 +05:30 · 45cf620c22
commit 45cf620c22
parent a37a5997b3
6 changed files with 98 additions and 6 deletions
--- a/service-provider-setup/.gitignore
+++ b/service-provider-setup/.gitignore
@ -1,2 +1,3 @@
 dns-vars.yml
 k8s-vars.yml
+container-vars.yml
--- a/service-provider-setup/container-vars.example.yml
+++ b/service-provider-setup/container-vars.example.yml
@ -0,0 +1,3 @@
+container_registry_username: ""
+container_registry_password: ""
+container_registry_domain: ""
--- a/service-provider-setup/setup-container-registry.yml
+++ b/service-provider-setup/setup-container-registry.yml
@ -0,0 +1,63 @@
+- name: Setup container registry
+  hosts: "{{ target_host }}"
+
+  environment:
+    PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin"
+
+  vars_files:
+    - k8s-vars.yml
+    - container-vars.yml
+
+  tasks:
+    - name: Generate the spec file for the container-registry stack
+      template:
+        src: "./templates/container-registry.spec.j2"
+        dest: "{{ansible_env.HOME}}/container-registry.spec"
+
+    - name: Create a deployment for the container-registry stack
+      command: laconic-so --stack container-registry deploy create --deployment-dir container-registry --spec-file container-registry.spec
+
+    - name: Base64 encode the container registry credentials
+      set_fact:
+        b64_encoded_cred: "{{ (container_registry_username + ':' + container_registry_password) | b64encode }}"
+
+    - name: Encrypt the container registry credentials to create an htpasswd file
+      command: >
+        htpasswd -bB -c container-registry/configmaps/config/htpasswd
+        {{ container_registry_username }} {{ container_registry_password }}
+      register: htpasswd_file
+
+    - name: Read the htpasswd file
+      slurp:
+        src: "container-registry/configmaps/config/htpasswd"
+      register: htpasswd_file_content
+
+    - name: Extract the hashed password (after the colon)
+      set_fact:
+        hashed_password: "{{ (htpasswd_file_content.content | b64decode).split(':')[1] | trim }}"
+
+    - name: Create container-registry/my_password.json file
+      template:
+        src: "./templates/my_password.json.j2"
+        dest: "container-registry/my_password.json"
+
+    - name: Configure the file container-registry/config.env
+      copy:
+        dest: "container-registry/config.env"
+        content: |
+          REGISTRY_AUTH=htpasswd
+          REGISTRY_AUTH_HTPASSWD_REALM="{{org_id}} Service Provider Image Registry"
+          REGISTRY_AUTH_HTPASSWD_PATH="/config/htpasswd"
+          REGISTRY_HTTP_SECRET='{{ hashed_password }}'
+
+    - name: Add the container registry credentials as a secret available to the cluster
+      command: >
+        kubectl create secret generic laconic-registry
+        --from-file=.dockerconfigjson=container-registry/my_password.json
+        --type=kubernetes.io/dockerconfigjson
+      environment:
+        KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
+
+    - name: Deploy the container registry
+      command: >
+        laconic-so deployment --dir container-registry start
--- a/service-provider-setup/setup-k8s.yml
+++ b/service-provider-setup/setup-k8s.yml
@ -83,32 +83,32 @@
      args:
        chdir: "{{ ansible_env.HOME }}/service-provider-template/host_vars"

-    - name: Copy control-firewalld.yml.j2 to the remote VM
+    - name: Copy control-firewalld.yml to the remote VM
      template:
        src: ./templates/control-firewalld.yml.j2
        dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-{{ location_id }}-cluster-control/firewalld.yml"

-    - name: Copy daemon-firewalld.yml.j2 to the remote VM
+    - name: Copy daemon-firewalld.yml to the remote VM
      template:
        src: ./templates/daemon-firewalld.yml.j2
        dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-daemon/firewalld.yml"

-    - name: Copy nginx.yml.j2 to the remote VM
+    - name: Copy nginx.yml to the remote VM
      template:
        src: ./templates/nginx.yml.j2
        dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-daemon/nginx.yml"

-    - name: Copy hosts.j2 to the remote VM
+    - name: Copy hosts file to the remote VM
      template:
        src: ./templates/hosts.j2
        dest: "{{ ansible_env.HOME }}/service-provider-template/hosts"

-    - name: Copy k8s.yml.j2 to the remote VM
+    - name: Copy k8s.yml to the remote VM
      template:
        src: ./templates/k8s.yml.j2
        dest: "{{ ansible_env.HOME }}/service-provider-template/group_vars/{{ org_id }}_{{ location_id }}/k8s.yml"

-    - name: Copy wildcard-pwa-example.yml.j2 to the remote VM
+    - name: Copy wildcard-pwa-example.yml to the remote VM
      template:
        src: ./templates/wildcard-pwa-example.yml.j2
        dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{dns_domain}}.yaml"
--- a/service-provider-setup/templates/container-registry.spec.j2
+++ b/service-provider-setup/templates/container-registry.spec.j2
@ -0,0 +1,16 @@
+stack: container-registry
+deploy-to: k8s
+kube-config: /home/{{ ansible_user }}/.kube/config-default.yaml
+network:
+  ports:
+    registry:
+     - '5000'
+  http-proxy:
+    - host-name: container-registry.pwa.{{dns_domain}}.com
+      routes:
+        - path: '/'
+          proxy-to: registry:5000
+volumes:
+  registry-data:
+configmaps:
+  config: ./configmaps/config
--- a/service-provider-setup/templates/my_password.json.j2
+++ b/service-provider-setup/templates/my_password.json.j2
@ -0,0 +1,9 @@
+{
+  "auths": {
+    "{{container_registry_domain}}": {
+      "username": "{{ container_registry_username }}",
+      "password": "{{ hashed_password }}",
+      "auth": "{{ b64_encoded_cred }}"
+    }
+  }
+}