Prathamesh Musale
2e0fbd82f1
Part of [Service Provider setup](https://www.notion.so/Service-provider-setup-a09e2207e1f34f3a847f7ce9713b7ac5) and [Service provider auctions for web deployments](https://www.notion.so/Service-provider-auctions-for-web-deployments-104a6b22d47280dbad51d28aa3a91d75) - Configure laconicd chain id - Configure whether deployer should handle auctions and amount to bid - Update playbook to issue wildcard cert on deploying k8s Co-authored-by: Adw8 <adwaitgharpure@gmail.com> Co-authored-by: Shreerang Kale <shreerangkale@gmail.com> Reviewed-on: #12 Co-authored-by: Prathamesh Musale <prathamesh.musale0@gmail.com> Co-committed-by: Prathamesh Musale <prathamesh.musale0@gmail.com>
162 lines
5.7 KiB
YAML
162 lines
5.7 KiB
YAML
- name: Setup container registry
|
|
hosts: "{{ target_host }}"
|
|
|
|
environment:
|
|
PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin"
|
|
|
|
vars_files:
|
|
- vars/k8s-vars.yml
|
|
- vars/container-vars.yml
|
|
- vars/dns-vars.yml
|
|
|
|
tasks:
|
|
- name: Generate spec file for the container-registry stack
|
|
template:
|
|
src: "./templates/specs/container-registry.spec.j2"
|
|
dest: "{{ansible_env.HOME}}/container-registry.spec"
|
|
|
|
- name: Create a deployment for the container-registry stack
|
|
command: laconic-so --stack container-registry deploy create --deployment-dir container-registry --spec-file container-registry.spec
|
|
|
|
- name: Base64 encode the container registry credentials
|
|
set_fact:
|
|
b64_encoded_cred: "{{ (container_registry_username + ':' + container_registry_password) | b64encode }}"
|
|
|
|
- name: Encrypt the container registry credentials to create an htpasswd file
|
|
command: >
|
|
htpasswd -bB -c container-registry/configmaps/config/htpasswd
|
|
{{ container_registry_username }} {{ container_registry_password }}
|
|
register: htpasswd_file
|
|
|
|
- name: Read the htpasswd file
|
|
slurp:
|
|
src: "container-registry/configmaps/config/htpasswd"
|
|
register: htpasswd_file_content
|
|
|
|
- name: Extract the hashed password (after the colon)
|
|
set_fact:
|
|
hashed_password: "{{ (htpasswd_file_content.content | b64decode).split(':')[1] | trim }}"
|
|
|
|
- name: Create container-registry/my_password.json file
|
|
template:
|
|
src: "./templates/my_password.json.j2"
|
|
dest: "container-registry/my_password.json"
|
|
|
|
- name: Configure the file container-registry/config.env
|
|
copy:
|
|
dest: "container-registry/config.env"
|
|
content: |
|
|
REGISTRY_AUTH=htpasswd
|
|
REGISTRY_AUTH_HTPASSWD_REALM="{{org_id}} Service Provider Image Registry"
|
|
REGISTRY_AUTH_HTPASSWD_PATH="/config/htpasswd"
|
|
REGISTRY_HTTP_SECRET='{{ hashed_password }}'
|
|
|
|
- name: Set KUBECONFIG environment variable
|
|
set_fact:
|
|
kubeconfig_path: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
|
|
|
|
- name: Add the container registry credentials as a secret available to the cluster
|
|
command: >
|
|
kubectl create secret generic laconic-registry
|
|
--from-file=.dockerconfigjson=container-registry/my_password.json
|
|
--type=kubernetes.io/dockerconfigjson
|
|
environment:
|
|
KUBECONFIG: "{{ kubeconfig_path }}"
|
|
|
|
# TODO: Investigate why container registry throws error if started immediately
|
|
- name: Wait for 90 seconds
|
|
pause:
|
|
seconds: 90
|
|
|
|
- block:
|
|
- name: Get Kubernetes nodes with wide output
|
|
command: kubectl get nodes -o wide
|
|
environment:
|
|
KUBECONFIG: "{{ kubeconfig_path }}"
|
|
register: nodes_output
|
|
|
|
- name: Print output of 'kubectl get nodes -o wide'
|
|
debug:
|
|
var: nodes_output.stdout
|
|
|
|
- name: Get all secrets from all namespaces
|
|
command: kubectl get secrets --all-namespaces
|
|
environment:
|
|
KUBECONFIG: "{{ kubeconfig_path }}"
|
|
register: secrets_output
|
|
|
|
- name: Print output of 'kubectl get secrets --all-namespaces'
|
|
debug:
|
|
var: secrets_output.stdout
|
|
|
|
- name: Get cluster issuers
|
|
command: kubectl get clusterissuer
|
|
environment:
|
|
KUBECONFIG: "{{ kubeconfig_path }}"
|
|
register: clusterissuer_output
|
|
|
|
- name: Print output of 'kubectl get clusterissuer'
|
|
debug:
|
|
var: clusterissuer_output.stdout
|
|
|
|
- name: Get certificates
|
|
command: kubectl get certificates
|
|
environment:
|
|
KUBECONFIG: "{{ kubeconfig_path }}"
|
|
register: certificates_output
|
|
|
|
- name: Print output of 'kubectl get certificates'
|
|
debug:
|
|
var: certificates_output.stdout
|
|
|
|
- name: Get DaemonSets in all namespaces
|
|
command: kubectl get ds --all-namespaces
|
|
environment:
|
|
KUBECONFIG: "{{ kubeconfig_path }}"
|
|
register: daemonsets_output
|
|
|
|
- name: Print output of 'kubectl get ds --all-namespaces'
|
|
debug:
|
|
var: daemonsets_output.stdout
|
|
|
|
ignore_errors: yes
|
|
|
|
- name: Deploy the container registry
|
|
command: >
|
|
laconic-so deployment --dir container-registry start
|
|
|
|
- name: Get cluster_id from container-registry-deployment
|
|
slurp:
|
|
src: container-registry/deployment.yml
|
|
register: deployment_file
|
|
|
|
- name: Decode and extract cluster-id
|
|
set_fact:
|
|
extracted_cluster_id: "{{ deployment_file.content | b64decode | regex_search('cluster-id: (.+)', '\\1') }}"
|
|
|
|
- name: Set modified cluster-id
|
|
set_fact:
|
|
formatted_cluster_id: "{{ extracted_cluster_id | replace('[', '') | replace(']', '') | replace(\"'\", '') }}"
|
|
|
|
- name: Display the cluster ID
|
|
debug:
|
|
msg: "The cluster ID is: {{ formatted_cluster_id }}"
|
|
|
|
- name: Annotate ingress for proxy body size
|
|
command: >
|
|
kubectl annotate ingress {{ formatted_cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-body-size=0
|
|
environment:
|
|
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
|
|
|
|
- name: Annotate ingress for proxy read timeout
|
|
command: >
|
|
kubectl annotate ingress {{ formatted_cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-read-timeout=600
|
|
environment:
|
|
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
|
|
|
|
- name: Annotate ingress for proxy send timeout
|
|
command: >
|
|
kubectl annotate ingress {{ formatted_cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-send-timeout=600
|
|
environment:
|
|
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
|