service-provider-setup/setup-k8s.yml

@@ -4,6 +4,10 @@
 - name: Setup k8s
   hosts: "{{ target_host }}"
 
+  environment:
+    PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/.local/bin"
+    VAULT_KEY: "{{ vault_passphrase }}"
+
   vars_files:
     - k8s-vars.yml
     - dns-vars.yml
@@ -107,9 +111,61 @@
     - name: Copy wildcard-pwa-example.yml.j2 to the remote VM
       template:
         src: ./templates/wildcard-pwa-example.yml.j2
-        dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{dns_domain}}.yml"
+        dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{dns_domain}}.yaml"
 
     - name: Delete old wildcard-pwa file
       file:
         path: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-laconic.yaml"
         state: absent
+
+    - name: Install required ansible roles
+      shell: ansible-galaxy install -f -p roles -r roles/requirements.yml
+      args:
+        chdir: "{{ ansible_env.HOME }}/service-provider-template"
+
+    - name: Install Kubernetes helper tools
+      shell: ./roles/k8s/files/scripts/get-kube-tools.sh
+      args:
+        chdir: "{{ ansible_env.HOME }}/service-provider-template"
+      become: yes
+
+    - name: Update group_vars/all/vault.yml with support email using template
+      template:
+        src: ./templates/vault.yml.j2
+        dest: "{{ ansible_env.HOME }}/service-provider-template/group_vars/all/vault.yml"
+
+    - name: Base64 encode DigitalOcean token
+      set_fact:
+        b64_encoded_token: "{{ do_api_token | b64encode }}"
+
+    - name: Update secret-digitalocean-dns.yaml with encoded token
+      template:
+        src: ./templates/secret-digitalocean-dns.yml.j2
+        dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/secret-digitalocean-dns.yaml"
+      vars:
+        b64_encoded_token: "{{ b64_encoded_token }}"
+
+    - name: Remove k8s-vault.yml file
+      file:
+        path: "{{ ansible_env.HOME }}/service-provider-template/group_vars/{{ org_id }}_{{ location_id }}/k8s-vault.yml"
+        state: absent
+
+    - name: Generate token for the cluster
+      command: ./roles/k8s/files/scripts/token-vault.sh ./group_vars/{{ org_id }}_{{ location_id }}/k8s-vault.yml
+      args:
+        chdir: "{{ ansible_env.HOME }}/service-provider-template"
+
+    - name: Configure firewalld and nginx
+      command: ansible-playbook -i hosts site.yml --tags=firewalld,nginx
+      args:
+        chdir: "{{ ansible_env.HOME }}/service-provider-template"
+
+    - name: Install Stack Orchestrator
+      command: ansible-playbook -i hosts site.yml --tags=so --limit=so
+      args:
+        chdir: "{{ ansible_env.HOME }}/service-provider-template"
+
+    - name: Deploy Kubernetes
+      command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }}
+      args:
+        chdir: "{{ ansible_env.HOME }}/service-provider-template"

service-provider-setup/templates/hosts.j2

@@ -5,8 +5,8 @@
 [so]
 {{ org_id }}-daemon
 
-[{{ org_id }}-{{ location_id }}]
+[{{ org_id }}_{{ location_id }}]
 {{ org_id }}-{{ location_id }}-cluster-control k8s_node_type=bootstrap k8s_pod_limit=1024 k8s_external_ip={{ cluster_control_ip }}
 
 [k8s:children]
-{{ org_id }}-{{ location_id }}
+{{ org_id }}_{{ location_id }}

service-provider-setup/templates/secret-digitalocean-dns.yml.j2

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
+---
+apiVersion: v1
+data:
+  access-token: {{ b64_encoded_token }}
+kind: Secret
+metadata:
+  name: digitalocean-dns
+  namespace: cert-manager

service-provider-setup/templates/vault.yml.j2

@@ -0,0 +1,2 @@
+---
+support_email: {{ support_email }}