diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml index 5149389..2a1e262 100644 --- a/service-provider-setup/setup-k8s.yml +++ b/service-provider-setup/setup-k8s.yml @@ -4,6 +4,10 @@ - name: Setup k8s hosts: "{{ target_host }}" + environment: + PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/.local/bin" + VAULT_KEY: "{{ vault_passphrase }}" + vars_files: - k8s-vars.yml - dns-vars.yml @@ -107,9 +111,61 @@ - name: Copy wildcard-pwa-example.yml.j2 to the remote VM template: src: ./templates/wildcard-pwa-example.yml.j2 - dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{dns_domain}}.yml" + dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{dns_domain}}.yaml" - name: Delete old wildcard-pwa file file: path: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-laconic.yaml" state: absent + + - name: Install required ansible roles + shell: ansible-galaxy install -f -p roles -r roles/requirements.yml + args: + chdir: "{{ ansible_env.HOME }}/service-provider-template" + + - name: Install Kubernetes helper tools + shell: ./roles/k8s/files/scripts/get-kube-tools.sh + args: + chdir: "{{ ansible_env.HOME }}/service-provider-template" + become: yes + + - name: Update group_vars/all/vault.yml with support email using template + template: + src: ./templates/vault.yml.j2 + dest: "{{ ansible_env.HOME }}/service-provider-template/group_vars/all/vault.yml" + + - name: Base64 encode DigitalOcean token + set_fact: + b64_encoded_token: "{{ do_api_token | b64encode }}" + + - name: Update secret-digitalocean-dns.yaml with encoded token + template: + src: ./templates/secret-digitalocean-dns.yml.j2 + dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/secret-digitalocean-dns.yaml" + vars: + b64_encoded_token: "{{ b64_encoded_token }}" + + - name: Remove k8s-vault.yml file + file: + path: "{{ ansible_env.HOME }}/service-provider-template/group_vars/{{ org_id }}_{{ location_id }}/k8s-vault.yml" + state: absent + + - name: Generate token for the cluster + command: ./roles/k8s/files/scripts/token-vault.sh ./group_vars/{{ org_id }}_{{ location_id }}/k8s-vault.yml + args: + chdir: "{{ ansible_env.HOME }}/service-provider-template" + + - name: Configure firewalld and nginx + command: ansible-playbook -i hosts site.yml --tags=firewalld,nginx + args: + chdir: "{{ ansible_env.HOME }}/service-provider-template" + + - name: Install Stack Orchestrator + command: ansible-playbook -i hosts site.yml --tags=so --limit=so + args: + chdir: "{{ ansible_env.HOME }}/service-provider-template" + + - name: Deploy Kubernetes + command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} + args: + chdir: "{{ ansible_env.HOME }}/service-provider-template" diff --git a/service-provider-setup/templates/hosts.j2 b/service-provider-setup/templates/hosts.j2 index eede504..c7260e1 100644 --- a/service-provider-setup/templates/hosts.j2 +++ b/service-provider-setup/templates/hosts.j2 @@ -5,8 +5,8 @@ [so] {{ org_id }}-daemon -[{{ org_id }}-{{ location_id }}] +[{{ org_id }}_{{ location_id }}] {{ org_id }}-{{ location_id }}-cluster-control k8s_node_type=bootstrap k8s_pod_limit=1024 k8s_external_ip={{ cluster_control_ip }} [k8s:children] -{{ org_id }}-{{ location_id }} +{{ org_id }}_{{ location_id }} diff --git a/service-provider-setup/templates/secret-digitalocean-dns.yml.j2 b/service-provider-setup/templates/secret-digitalocean-dns.yml.j2 new file mode 100644 index 0000000..e9a911c --- /dev/null +++ b/service-provider-setup/templates/secret-digitalocean-dns.yml.j2 @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager +--- +apiVersion: v1 +data: + access-token: {{ b64_encoded_token }} +kind: Secret +metadata: + name: digitalocean-dns + namespace: cert-manager diff --git a/service-provider-setup/templates/vault.yml.j2 b/service-provider-setup/templates/vault.yml.j2 new file mode 100644 index 0000000..818529e --- /dev/null +++ b/service-provider-setup/templates/vault.yml.j2 @@ -0,0 +1,2 @@ +--- +support_email: {{ support_email }}