Skip to content

Commit

Permalink
feat: 🚧 FEAT: implementing DsoSocleConfig CRD
Browse files Browse the repository at this point in the history
  • Loading branch information
@cedric-montagne
cedric-montagne committed Jun 12, 2023
1 parent d6a66b6 commit 083e6e3
Show file tree
Hide file tree
Showing 23 changed files with 577 additions and 100 deletions.
2 changes: 1 addition & 1 deletion roles/ca/tasks/additionals_ca.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
- name: Get a ca resource
include_tasks:
file: get-ca.yaml
with_items: "{{ additionals_ca }}"
with_items: "{{ DSC.additionalsCA }}"
vars:
kind: "{{ item.kind }}"
name: "{{ item.name }}"
Expand Down
26 changes: 13 additions & 13 deletions roles/ca/tasks/exposed_ca.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,42 +1,42 @@
- name: no exposed_ca
when: exposed_ca.type == 'none'
when: DSC.exposedCA.type == 'none'
set_fact:
exposed_ca_pem: ""

- name: exposed_ca (configmap)
when: exposed_ca.type == 'configmap'
when: DSC.exposedCA.type == 'configmap'
block:
- name: get configMap
kubernetes.core.k8s_info:
name: "{{ exposed_ca.configmap.name }}"
namespace: "{{ exposed_ca.configmap.namespace }}"
name: "{{ DSC.exposedCA.configmap.name }}"
namespace: "{{ DSC.exposedCA.configmap.namespace }}"
kind: ConfigMap
register: exposed_ca_resource

- name: extract key
set_fact:
exposed_ca_pem: "{{ exposed_ca_resource.resources[0].data[exposed_ca.configmap.key] }}"
exposed_ca_pem: "{{ exposed_ca_resource.resources[0].data[DSC.exposedCA.configmap.key] }}"

- name: exposed_ca (secret)
when: exposed_ca.type == 'secret'
when: DSC.exposedCA.type == 'secret'
block:
- name: get secret
kubernetes.core.k8s_info:
name: "{{ exposed_ca.configmap.name }}"
namespace: "{{ exposed_ca.configmap.namespace }}"
name: "{{ DSC.exposedCA.configmap.name }}"
namespace: "{{ DSC.exposedCA.configmap.namespace }}"
kind: Secret
register: exposed_ca_resource

- name: extract key
set_fact:
exposed_ca_pem: "{{ exposed_ca_resource.resources[0].data[exposed_ca.configmap.key] | b64decode }}"
exposed_ca_pem: "{{ exposed_ca_resource.resources[0].data[DSC.exposedCA.configmap.key] | b64decode }}"

- name: exposed_ca (certmanager)
when: exposed_ca.type == 'certmanager'
when: DSC.exposedCA.type == 'certmanager'
block:
- name: get certmanager secret
kubernetes.core.k8s_info:
name: "{{ ingress.tls.ca.secretName }}"
name: "{{ DSC.ingress.tls.ca.secretName }}"
namespace: "cert-manager"
kind: Secret
register: exposed_ca_resource
Expand All @@ -46,11 +46,11 @@
exposed_ca_pem: "{{ exposed_ca_resource.resources[0].data['tls.crt'] | b64decode }}"

- name: exposed_ca (url)
when: exposed_ca.type == 'url'
when: DSC.exposedCA.type == 'url'
block:
- name: get url
ansible.builtin.shell:
cmd: "curl {{ exposed_ca.url }} -s | openssl x509"
cmd: "curl {{ DSC.exposedCA.url }} -s | openssl x509"
changed_when: false
register: exposed_ca_resource
tags: ['skip_ansible_lint']
Expand Down
14 changes: 7 additions & 7 deletions roles/cert-manager/tasks/main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

- name: Download cert-manager
ansible.builtin.uri:
url: "https://github.com/cert-manager/cert-manager/releases/download/{{ CERTMANAGER_VERSION }}/cert-manager.yaml"
url: "https://github.com/cert-manager/cert-manager/releases/download/{{ DSC.certmanager.version }}/cert-manager.yaml"
return_content: true
register: cert_manifest

Expand All @@ -17,12 +17,12 @@
vars:
envs:
- name: http_proxy
value: "{{ HTTP_PROXY }}"
value: "{{ DSC.proxy.http_proxy }}"
- name: https_proxy
value: "{{ HTTPS_PROXY }}"
value: "{{ DSC.proxy.https_proxy }}"
- name: no_proxy
value: "{{ NO_PROXY }}"
when: USE_PROXY
value: "{{ DSC.proxy.no_proxy }}"
when: DSC.proxy.enabled

- name: Apply cert-manager
kubernetes.core.k8s:
Expand Down Expand Up @@ -54,10 +54,10 @@
kubernetes.core.k8s:
state: present
template: cluster-issuer-acme.j2
when: ingress.tls.type == 'acme'
when: DSC.ingress.tls.type == 'acme'

- name: Create CA ClusterIssuer
kubernetes.core.k8s:
state: present
template: cluster-issuer-ca.j2
when: ingress.tls.type == 'ca'
when: DSC.ingress.tls.type == 'ca'
2 changes: 1 addition & 1 deletion roles/cert-manager/templates/cluster-issuer-acme.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
name: acme-issuer
spec:
acme:
email: {{ ingress.tls.acme.email }}
email: {{ DSC.ingress.tls.acme.email }}
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: acme-issuer-account-key
Expand Down
2 changes: 1 addition & 1 deletion roles/cert-manager/templates/cluster-issuer-ca.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ metadata:
name: ca-issuer
spec:
ca:
secretName: {{ ingress.tls.ca.secretName }}
secretName: {{ DSC.ingress.tls.ca.secretName }}
9 changes: 4 additions & 5 deletions roles/console-dso-config/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
- name: Create dso-console namespace
kubernetes.core.k8s:
name: "{{ CONSOLE_NAMESPACE }}"
name: "{{ DSC.console.namespace }}"
api_version: v1
kind: Namespace
state: present
Expand All @@ -11,7 +11,7 @@
kind: ConfigMap
metadata:
name: dso-config
namespace: "{{ CONSOLE_NAMESPACE }}"
namespace: "{{ DSC.console.namespace }}"
data:
ARGOCD_URL: https://{{ ARGOCD_DOMAIN }}/
GITLAB_URL: https://{{ GITLAB_DOMAIN }}/
Expand All @@ -20,7 +20,6 @@
NEXUS_URL: https://{{ NEXUS_DOMAIN }}/
SONARQUBE_URL: https://{{ SONAR_DOMAIN }}/
VAULT_URL: https://{{ VAULT_DOMAIN }}/

HARBOR_ADMIN: admin
# HARBOR_ADMIN_PASSWORD: roles/harbor/tasks/main.yaml
KEYCLOAK_ADMIN: admin
Expand All @@ -30,5 +29,5 @@
# NEXUS_ADMIN_PASSWORD: roles/nexus/tasks/main.yaml
# SONAR_API_TOKEN: roles/sonarqube/tasks/main.yaml
# VAULT_TOKEN: roles/vault/tasks/main.yaml
ARGO_NAMESPACE: "{{ ARGOCD_NAMESPACE }}"
PROJECTS_ROOT_DIR: "{{ projectsRootDir | join('/') }}"
ARGO_NAMESPACE: "{{ DSC.argocd.namespace }}"
PROJECTS_ROOT_DIR: "{{ DSC.global.projectsRootDir | join('/') }}"
10 changes: 5 additions & 5 deletions roles/keycloak/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
- name: Wait Keycloak
kubernetes.core.k8s_info:
kind: keycloak
namespace: "{{ KEYCLOAK_NAMESPACE }}"
namespace: "{{ DSC.keycloak.namespace }}"
name: dso-keycloak
api_version: keycloak.org/v1alpha1
register: keycloak_instance
Expand All @@ -36,7 +36,7 @@
- name: Find keycloak admin password
kubernetes.core.k8s_info:
namespace: "{{ KEYCLOAK_NAMESPACE }}"
namespace: "{{ DSC.keycloak.namespace }}"
kind: Secret
name: "{{ keycloak_instance.resources[0].status.credentialSecret }}"
register: kc_admin
Expand All @@ -53,7 +53,7 @@
kubernetes.core.k8s:
kind: ConfigMap
name: dso-config
namespace: "{{ CONSOLE_NAMESPACE }}"
namespace: "{{ DSC.console.namespace }}"
state: patched
definition:
data:
Expand All @@ -67,7 +67,7 @@

- name: Find dso admin password
kubernetes.core.k8s_info:
namespace: "{{ KEYCLOAK_NAMESPACE }}"
namespace: "{{ DSC.keycloak.namespace }}"
kind: Secret
name: dso-admin-user-secret
register: dso_admin
Expand All @@ -84,7 +84,7 @@
definition:
kind: Secret
metadata:
namespace: "{{ KEYCLOAK_NAMESPACE }}"
namespace: "{{ DSC.keycloak.namespace }}"
name: dso-admin-user-secret
data:
ADMIN_USER_PASSWORD: "{{ admin_user_password | b64encode }}"
Expand Down
2 changes: 1 addition & 1 deletion roles/keycloak/templates/keycloak-argo-client.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ metadata:
name: argo-client
labels:
app: sso
namespace: {{ KEYCLOAK_NAMESPACE }}
namespace: {{ DSC.keycloak.namespace }}
spec:
client:
clientId: argo-client
Expand Down
2 changes: 1 addition & 1 deletion roles/keycloak/templates/keycloak-console-backend-client.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ metadata:
name: console-backend-client
labels:
app: sso
namespace: {{ KEYCLOAK_NAMESPACE }}
namespace: {{ DSC.keycloak.namespace }}
spec:
client:
clientId: console-backend
Expand Down
2 changes: 1 addition & 1 deletion roles/keycloak/templates/keycloak-console-frontend-client.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ metadata:
name: console-frontend-client
labels:
app: sso
namespace: {{ KEYCLOAK_NAMESPACE }}
namespace: {{ DSC.keycloak.namespace }}
spec:
client:
clientId: console-frontend
Expand Down
2 changes: 1 addition & 1 deletion roles/keycloak/templates/keycloak-create-admin-user.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ metadata:
name: admin-gitlab
labels:
app: sso
namespace: {{ KEYCLOAK_NAMESPACE }}
namespace: {{ DSC.keycloak.namespace }}
spec:
realmSelector:
matchLabels:
Expand Down
2 changes: 1 addition & 1 deletion roles/keycloak/templates/keycloak-gitlab-client.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ metadata:
name: gitlab-client
labels:
app: sso
namespace: {{ KEYCLOAK_NAMESPACE }}
namespace: {{ DSC.keycloak.namespace }}
spec:
client:
clientId: gitlab-client
Expand Down
2 changes: 1 addition & 1 deletion roles/keycloak/templates/keycloak-harbor-client.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ metadata:
name: harbor-client
labels:
app: sso
namespace: {{ KEYCLOAK_NAMESPACE }}
namespace: {{ DSC.keycloak.namespace }}
spec:
client:
clientId: harbor-client
Expand Down
12 changes: 6 additions & 6 deletions roles/keycloak/templates/keycloak-ingress.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,24 +2,24 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak-alternative
namespace: {{ KEYCLOAK_NAMESPACE }}
namespace: {{ DSC.keycloak.namespace }}
annotations:
{% for key, val in ingress.annotations.items() %}
{% for key, val in DSC.ingress.annotations.items() %}
{{ key }}: {{ val }}
{% endfor %}
route.openshift.io/termination: reencrypt
labels:
app: keycloak
{% for key, val in ingress.labels.items() %}
{% for key, val in DSC.ingress.labels.items() %}
{{ key }}: {{ val }}
{% endfor %}
spec:
{% if not ingress.tls.type == 'none' %}
{% if not DSC.ingress.tls.type == 'none' %}
tls:
- hosts:
- {{ KEYCLOAK_DOMAIN }}
{% if ingress.tls.type == 'tlsSecret' %}
secretName: {{ ingress.tls.tlsSecret.name }}
{% if DSC.ingress.tls.type == 'tlsSecret' %}
secretName: {{ DSC.ingress.tls.tlsSecret.name }}
{% else %}
secretName: keycloak-tls-secret
{% endif %}
Expand Down
2 changes: 1 addition & 1 deletion roles/keycloak/templates/keycloak-portail-client.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ metadata:
name: portail-client
labels:
app: sso
namespace: {{ KEYCLOAK_NAMESPACE }}
namespace: {{ DSC.keycloak.namespace }}
spec:
client:
clientId: portail-client
Expand Down
2 changes: 1 addition & 1 deletion roles/keycloak/templates/keycloak-sonar-client.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ metadata:
name: sonar-client
labels:
app: sso
namespace: {{ KEYCLOAK_NAMESPACE }}
namespace: {{ DSC.keycloak.namespace }}
spec:
client:
clientId: sonar-client
Expand Down
10 changes: 5 additions & 5 deletions roles/keycloak/templates/keycloak.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ metadata:
name: dso-keycloak
labels:
app: sso
namespace: {{ KEYCLOAK_NAMESPACE }}
namespace: {{ DSC.keycloak.namespace }}
spec:
externalAccess:
enabled: false
Expand All @@ -15,12 +15,12 @@ spec:
keycloakDeploymentSpec:
experimental:
env:
{% if USE_PROXY %}
{% if DSC.proxy.enabled %}
- name: HTTP_PROXY
value: {{ HTTP_PROXY }}
value: {{ DSC.proxy.http_proxy }}
- name: HTTPS_PROXY
value: {{ HTTPS_PROXY }}
value: {{ DSC.proxy.https_proxy }}
- name: NO_PROXY
value: {{ NO_PROXY }}
value: {{ DSC.proxy.no_proxy }}
{% endif %}
instances: 1
8 changes: 4 additions & 4 deletions roles/keycloak/templates/operator-group.yaml.j2
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
kind: Namespace
apiVersion: v1
metadata:
name: {{ KEYCLOAK_NAMESPACE }}
name: {{ DSC.keycloak.namespace }}
---
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: {{ KEYCLOAK_NAMESPACE }}-opgroup
namespace: {{ KEYCLOAK_NAMESPACE }}
name: {{ DSC.keycloak.namespace }}-opgroup
namespace: {{ DSC.keycloak.namespace }}
spec:
targetNamespaces:
- {{ KEYCLOAK_NAMESPACE }}
- {{ DSC.keycloak.namespace }}
2 changes: 1 addition & 1 deletion roles/keycloak/templates/operator-subscription.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: keycloak-operator-kubernetes
namespace: {{ KEYCLOAK_NAMESPACE }}
namespace: {{ DSC.keycloak.namespace }}
spec:
channel: alpha
installPlanApproval: Automatic
Expand Down
2 changes: 1 addition & 1 deletion roles/keycloak/templates/realm.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ metadata:
name: dso-realm
labels:
app: sso
namespace: {{ KEYCLOAK_NAMESPACE }}
namespace: {{ DSC.keycloak.namespace }}
spec:
realm:
id: dso
Expand Down
Loading

0 comments on commit 083e6e3

Please sign in to comment.