From 30501645611022bf0b20f01b8a734fe7a6b792f8 Mon Sep 17 00:00:00 2001
From: thweber <thomas.weber@wu.ac.at>
Date: Mon, 5 Sep 2022 16:13:53 +0200
Subject: [PATCH] add ccm secret creation with kubectl

---
 roles/rke2/tasks/config_ccm.yml               | 27 +++++++++++++++++
 roles/rke2/tasks/main.yml                     | 29 +++++++------------
 roles/rke2/templates/cloud.conf.j2            | 20 +++++++++++++
 .../manifests/deploy-openstack-ccm.j2         |  3 ++
 4 files changed, 60 insertions(+), 19 deletions(-)
 create mode 100644 roles/rke2/tasks/config_ccm.yml
 create mode 100644 roles/rke2/templates/cloud.conf.j2

diff --git a/roles/rke2/tasks/config_ccm.yml b/roles/rke2/tasks/config_ccm.yml
new file mode 100644
index 0000000..8f45d6d
--- /dev/null
+++ b/roles/rke2/tasks/config_ccm.yml
@@ -0,0 +1,27 @@
+- name: wait for k8s to come up till 403 forbidden
+  delegate_to: localhost
+  uri:
+    url: "https://{{ LB_IP_MGMT }}:6443"
+    status_code: [403]
+    validate_certs: no
+  register: result
+  until: result.status == 403
+  retries: 10 # retry X times
+  delay: 10 # pause for X sec b/w each call
+
+- name: add cloud.conf template for CCM
+  template:
+    src: cloud.conf.j2
+    dest: /tmp/cloud.conf
+
+- name: apply secrets for CCM
+  ansible.builtin.shell:
+    executable: /var/lib/rancher/rke2/bin/kubectl
+    cmd: create secret generic --namespace kube-system cloud-config --from-file=cloud.conf=/tmp/cloud.conf \
+  environment:
+    KUBECONFIG: /etc/rancher/rke2/rke2.yaml
+
+- name: remove /tmp/cloud.conf on remote
+  ansible.builtin.file:
+    path: /tmp/cloud.conf
+    state: absent
\ No newline at end of file
diff --git a/roles/rke2/tasks/main.yml b/roles/rke2/tasks/main.yml
index ea9d298..1abc6c3 100644
--- a/roles/rke2/tasks/main.yml
+++ b/roles/rke2/tasks/main.yml
@@ -8,7 +8,8 @@
   - include_tasks: install_rke2.yml
   when: ( not rke2_installed.stat.exists and state != 'absent' ) or (upgrade and state != 'absent' )
 
-- include_tasks: templates.yml
+- name: copy k8s yaml templates to master node
+  include_tasks: templates.yml
   when: state != 'absent' and 'master' in group_names
 
 - block:
@@ -16,10 +17,12 @@
     - include_tasks: config_rke2.yml
   when: state != 'absent'
 
-- include_tasks: save_kubeconfig.yml
+- name: save kubeconfig in keyvault
+  include_tasks: save_kubeconfig.yml
   when: state != 'absent' and 'master' in group_names
 
-- include_tasks: rotate_encryption.yml
+- name: rotate etcd secrets encryption key
+  include_tasks: rotate_encryption.yml
   when: state != 'absent' and 'control-plane' in group_names and rotate 
 
 - name: uninstall rke2
@@ -28,20 +31,8 @@
 
 - name: Flush handlers
   meta: flush_handlers
+  when: state != 'absent'
 
-- name: wait for k8s to come up till 403 forbidden
-  delegate_to: localhost
-  uri:
-    url: "https://{{ LB_IP_MGMT }}:6443"
-    status_code: [403]
-    validate_certs: no
-  register: result
-  until: result.status == 403
-  retries: 10 # retry X times
-  delay: 10 # pause for X sec b/w each call
-  when: state != 'absent' and 'master' in group_names
-
-- name: add secrets for CCM
-  ansible.builtin.debug:
-    var: result
-    verbosity: 2
\ No newline at end of file
+- name: configure Openstack Cloud Controller Manager
+  include_tasks: config_ccm.yml
+  when: state != 'absent' and 'master' in group_names
\ No newline at end of file
diff --git a/roles/rke2/templates/cloud.conf.j2 b/roles/rke2/templates/cloud.conf.j2
new file mode 100644
index 0000000..a386572
--- /dev/null
+++ b/roles/rke2/templates/cloud.conf.j2
@@ -0,0 +1,20 @@
+[Global]
+application-credential-id = {{ openstack_auth.application_credential_id }}
+application-credential-secret = {{ openstack_auth.application_credential_secret }}
+auth-url = {{ openstack_auth.auth_url }}
+region = {{ openstack_region_name }}
+
+[Networking]
+
+[LoadBalancer]
+enable-ingress-hostname = true
+floating-network-id = {{ floating_network_id }}
+subnet-id = {{ subnet_id }}
+use-octavia = true
+{% if item.value.ingressHostnameSuffix is defined %}
+ingress-hostname-suffix: {{ item.value.ingressHostnameSuffix }}
+{% endif %}
+
+[BlockStorage]
+
+[Metadata]
\ No newline at end of file
diff --git a/roles/rke2/templates/manifests/deploy-openstack-ccm.j2 b/roles/rke2/templates/manifests/deploy-openstack-ccm.j2
index 9b8cecb..cf78f3e 100644
--- a/roles/rke2/templates/manifests/deploy-openstack-ccm.j2
+++ b/roles/rke2/templates/manifests/deploy-openstack-ccm.j2
@@ -20,6 +20,9 @@ spec:
   bootstrap: True
   targetNamespace: kube-system
   valuesContent: |-
+    secret:
+      create: false
+      name: cloud-config
     cloudConfig:
       global:
         auth-url: {{ openstack_auth.auth_url }}
-- 
GitLab