testnet-ops/service-provider-setup/setup-container-registry.yml
Prathamesh Musale 2e0fbd82f1 Update service provider setup to configure laconicd chain id ()
Part of [Service Provider setup](https://www.notion.so/Service-provider-setup-a09e2207e1f34f3a847f7ce9713b7ac5) and [Service provider auctions for web deployments](https://www.notion.so/Service-provider-auctions-for-web-deployments-104a6b22d47280dbad51d28aa3a91d75)

- Configure laconicd chain id
- Configure whether deployer should handle auctions and amount to bid
- Update playbook to issue wildcard cert on deploying k8s

Co-authored-by: Adw8 <adwaitgharpure@gmail.com>
Co-authored-by: Shreerang Kale <shreerangkale@gmail.com>
Reviewed-on: 
Co-authored-by: Prathamesh Musale <prathamesh.musale0@gmail.com>
Co-committed-by: Prathamesh Musale <prathamesh.musale0@gmail.com>
2024-10-21 10:22:32 +00:00

162 lines
5.7 KiB
YAML

- name: Setup container registry
hosts: "{{ target_host }}"
environment:
PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin"
vars_files:
- vars/k8s-vars.yml
- vars/container-vars.yml
- vars/dns-vars.yml
tasks:
- name: Generate spec file for the container-registry stack
template:
src: "./templates/specs/container-registry.spec.j2"
dest: "{{ansible_env.HOME}}/container-registry.spec"
- name: Create a deployment for the container-registry stack
command: laconic-so --stack container-registry deploy create --deployment-dir container-registry --spec-file container-registry.spec
- name: Base64 encode the container registry credentials
set_fact:
b64_encoded_cred: "{{ (container_registry_username + ':' + container_registry_password) | b64encode }}"
- name: Encrypt the container registry credentials to create an htpasswd file
command: >
htpasswd -bB -c container-registry/configmaps/config/htpasswd
{{ container_registry_username }} {{ container_registry_password }}
register: htpasswd_file
- name: Read the htpasswd file
slurp:
src: "container-registry/configmaps/config/htpasswd"
register: htpasswd_file_content
- name: Extract the hashed password (after the colon)
set_fact:
hashed_password: "{{ (htpasswd_file_content.content | b64decode).split(':')[1] | trim }}"
- name: Create container-registry/my_password.json file
template:
src: "./templates/my_password.json.j2"
dest: "container-registry/my_password.json"
- name: Configure the file container-registry/config.env
copy:
dest: "container-registry/config.env"
content: |
REGISTRY_AUTH=htpasswd
REGISTRY_AUTH_HTPASSWD_REALM="{{org_id}} Service Provider Image Registry"
REGISTRY_AUTH_HTPASSWD_PATH="/config/htpasswd"
REGISTRY_HTTP_SECRET='{{ hashed_password }}'
- name: Set KUBECONFIG environment variable
set_fact:
kubeconfig_path: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
- name: Add the container registry credentials as a secret available to the cluster
command: >
kubectl create secret generic laconic-registry
--from-file=.dockerconfigjson=container-registry/my_password.json
--type=kubernetes.io/dockerconfigjson
environment:
KUBECONFIG: "{{ kubeconfig_path }}"
# TODO: Investigate why container registry throws error if started immediately
- name: Wait for 90 seconds
pause:
seconds: 90
- block:
- name: Get Kubernetes nodes with wide output
command: kubectl get nodes -o wide
environment:
KUBECONFIG: "{{ kubeconfig_path }}"
register: nodes_output
- name: Print output of 'kubectl get nodes -o wide'
debug:
var: nodes_output.stdout
- name: Get all secrets from all namespaces
command: kubectl get secrets --all-namespaces
environment:
KUBECONFIG: "{{ kubeconfig_path }}"
register: secrets_output
- name: Print output of 'kubectl get secrets --all-namespaces'
debug:
var: secrets_output.stdout
- name: Get cluster issuers
command: kubectl get clusterissuer
environment:
KUBECONFIG: "{{ kubeconfig_path }}"
register: clusterissuer_output
- name: Print output of 'kubectl get clusterissuer'
debug:
var: clusterissuer_output.stdout
- name: Get certificates
command: kubectl get certificates
environment:
KUBECONFIG: "{{ kubeconfig_path }}"
register: certificates_output
- name: Print output of 'kubectl get certificates'
debug:
var: certificates_output.stdout
- name: Get DaemonSets in all namespaces
command: kubectl get ds --all-namespaces
environment:
KUBECONFIG: "{{ kubeconfig_path }}"
register: daemonsets_output
- name: Print output of 'kubectl get ds --all-namespaces'
debug:
var: daemonsets_output.stdout
ignore_errors: yes
- name: Deploy the container registry
command: >
laconic-so deployment --dir container-registry start
- name: Get cluster_id from container-registry-deployment
slurp:
src: container-registry/deployment.yml
register: deployment_file
- name: Decode and extract cluster-id
set_fact:
extracted_cluster_id: "{{ deployment_file.content | b64decode | regex_search('cluster-id: (.+)', '\\1') }}"
- name: Set modified cluster-id
set_fact:
formatted_cluster_id: "{{ extracted_cluster_id | replace('[', '') | replace(']', '') | replace(\"'\", '') }}"
- name: Display the cluster ID
debug:
msg: "The cluster ID is: {{ formatted_cluster_id }}"
- name: Annotate ingress for proxy body size
command: >
kubectl annotate ingress {{ formatted_cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-body-size=0
environment:
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
- name: Annotate ingress for proxy read timeout
command: >
kubectl annotate ingress {{ formatted_cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-read-timeout=600
environment:
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
- name: Annotate ingress for proxy send timeout
command: >
kubectl annotate ingress {{ formatted_cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-send-timeout=600
environment:
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"