- name: Setup container registry hosts: "{{ target_host }}" environment: PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin" vars_files: - vars/k8s-vars.yml - vars/container-vars.yml - vars/dns-vars.yml tasks: - name: Generate spec file for the container-registry stack template: src: "./templates/specs/container-registry.spec.j2" dest: "{{ansible_env.HOME}}/container-registry.spec" - name: Create a deployment for the container-registry stack command: laconic-so --stack container-registry deploy create --deployment-dir container-registry --spec-file container-registry.spec - name: Base64 encode the container registry credentials set_fact: b64_encoded_cred: "{{ (container_registry_username + ':' + container_registry_password) | b64encode }}" - name: Encrypt the container registry credentials to create an htpasswd file command: > htpasswd -bB -c container-registry/configmaps/config/htpasswd {{ container_registry_username }} {{ container_registry_password }} register: htpasswd_file - name: Read the htpasswd file slurp: src: "container-registry/configmaps/config/htpasswd" register: htpasswd_file_content - name: Extract the hashed password (after the colon) set_fact: hashed_password: "{{ (htpasswd_file_content.content | b64decode).split(':')[1] | trim }}" - name: Create container-registry/my_password.json file template: src: "./templates/my_password.json.j2" dest: "container-registry/my_password.json" - name: Configure the file container-registry/config.env copy: dest: "container-registry/config.env" content: | REGISTRY_AUTH=htpasswd REGISTRY_AUTH_HTPASSWD_REALM="{{org_id}} Service Provider Image Registry" REGISTRY_AUTH_HTPASSWD_PATH="/config/htpasswd" REGISTRY_HTTP_SECRET='{{ hashed_password }}' - name: Set KUBECONFIG environment variable set_fact: kubeconfig_path: "{{ ansible_env.HOME }}/.kube/config-default.yaml" - name: Add the container registry credentials as a secret available to the cluster command: > kubectl create secret generic laconic-registry --from-file=.dockerconfigjson=container-registry/my_password.json --type=kubernetes.io/dockerconfigjson environment: KUBECONFIG: "{{ kubeconfig_path }}" # TODO: Investigate why container registry throws error if started immediately - name: Wait for 90 seconds pause: seconds: 90 - block: - name: Get Kubernetes nodes with wide output command: kubectl get nodes -o wide environment: KUBECONFIG: "{{ kubeconfig_path }}" register: nodes_output - name: Print output of 'kubectl get nodes -o wide' debug: var: nodes_output.stdout - name: Get all secrets from all namespaces command: kubectl get secrets --all-namespaces environment: KUBECONFIG: "{{ kubeconfig_path }}" register: secrets_output - name: Print output of 'kubectl get secrets --all-namespaces' debug: var: secrets_output.stdout - name: Get cluster issuers command: kubectl get clusterissuer environment: KUBECONFIG: "{{ kubeconfig_path }}" register: clusterissuer_output - name: Print output of 'kubectl get clusterissuer' debug: var: clusterissuer_output.stdout - name: Get certificates command: kubectl get certificates environment: KUBECONFIG: "{{ kubeconfig_path }}" register: certificates_output - name: Print output of 'kubectl get certificates' debug: var: certificates_output.stdout - name: Get DaemonSets in all namespaces command: kubectl get ds --all-namespaces environment: KUBECONFIG: "{{ kubeconfig_path }}" register: daemonsets_output - name: Print output of 'kubectl get ds --all-namespaces' debug: var: daemonsets_output.stdout ignore_errors: yes - name: Deploy the container registry command: > laconic-so deployment --dir container-registry start - name: Get cluster_id from container-registry-deployment slurp: src: container-registry/deployment.yml register: deployment_file - name: Decode and extract cluster-id set_fact: extracted_cluster_id: "{{ deployment_file.content | b64decode | regex_search('cluster-id: (.+)', '\\1') }}" - name: Set modified cluster-id set_fact: formatted_cluster_id: "{{ extracted_cluster_id | replace('[', '') | replace(']', '') | replace(\"'\", '') }}" - name: Display the cluster ID debug: msg: "The cluster ID is: {{ formatted_cluster_id }}" - name: Annotate ingress for proxy body size command: > kubectl annotate ingress {{ formatted_cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-body-size=0 environment: KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" - name: Annotate ingress for proxy read timeout command: > kubectl annotate ingress {{ formatted_cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-read-timeout=600 environment: KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" - name: Annotate ingress for proxy send timeout command: > kubectl annotate ingress {{ formatted_cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-send-timeout=600 environment: KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"