From 31298d109d99b00985fca83a80af2613d2f598aa Mon Sep 17 00:00:00 2001
From: Sven Ketelsen <sven.ketelsen@arxes-tolina.de>
Date: Mon, 15 Nov 2021 19:53:27 +0100
Subject: [PATCH] feat: deploy docker registry key to namespace

---
 kubernetes.yml                                |  3 ++
 roles/kubernetes/namespace/defaults/main.yml  |  4 +++
 roles/kubernetes/namespace/tasks/main.yml     | 33 +++++++++++++++++++
 .../namespace/templates/docker-secret.json.j2 |  7 ++++
 4 files changed, 47 insertions(+)
 create mode 100644 roles/kubernetes/namespace/defaults/main.yml
 create mode 100644 roles/kubernetes/namespace/tasks/main.yml
 create mode 100644 roles/kubernetes/namespace/templates/docker-secret.json.j2

diff --git a/kubernetes.yml b/kubernetes.yml
index 5308d93..0a5143e 100644
--- a/kubernetes.yml
+++ b/kubernetes.yml
@@ -14,6 +14,7 @@
         msg: "The ansible version has to be at least ({{ ansible_version.full }})"
       delegate_to: 127.0.0.1
       become: false
+# TODO run only once (> argo-cd uses stage_server_infos)
     - name: "Import autodiscover pre-tasks"
       include_tasks: tasks/autodiscover_pre_tasks.yml
       tags:
@@ -21,8 +22,10 @@
 
   roles:
     - { role: kubernetes/base }
+    - { role: kubernetes/namespace }
 # DEV-243 is waiting for hetzner support << Ticket#2021110303010972 RE: Anderes Problem (Server: #15275628) >>
     - { role: kubernetes/cloud-controller-manager }
+    - { role: kubernetes/container-storage-interface }
     - { role: kubernetes/cert-manager }
     - { role: kubernetes/ingress-controller }
     - { role: kubernetes/apps, tags: prometheus }
diff --git a/roles/kubernetes/namespace/defaults/main.yml b/roles/kubernetes/namespace/defaults/main.yml
new file mode 100644
index 0000000..7c23cd2
--- /dev/null
+++ b/roles/kubernetes/namespace/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+
+k8s_namespace: "default"
+k8s_docker_registry_key: "{{ stage }}-docker-registry-key"
diff --git a/roles/kubernetes/namespace/tasks/main.yml b/roles/kubernetes/namespace/tasks/main.yml
new file mode 100644
index 0000000..d17d095
--- /dev/null
+++ b/roles/kubernetes/namespace/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+
+### tags:
+###   namespace
+
+- name: "Create k8s namespace <{{ k8s_namespace }}>"
+  kubernetes.core.k8s:
+    name: "{{ k8s_namespace }}"
+    api_version: v1
+    kind: Namespace
+    state: present
+  when:
+  - inventory_hostname == groups['kube_control_plane'][0]
+  tags:
+    - namespace
+
+- name: "Create docker registry secret for namespace <{{ k8s_namespace }}"
+  kubernetes.core.k8s:
+    state: present
+    merge_type: merge
+    definition:
+      apiVersion: v1
+      data:
+        .dockerconfigjson: "{{ lookup('template', 'docker-secret.json.j2') | to_json | b64encode }}"
+      kind: Secret
+      metadata:
+        name: "{{ k8s_docker_registry_key }}"
+        namespace: "{{ k8s_namespace }}"
+      type: kubernetes.io/dockerconfigjson
+  when: 
+  - inventory_hostname == groups['kube_control_plane'][0]
+  tags:
+    - namespace
diff --git a/roles/kubernetes/namespace/templates/docker-secret.json.j2 b/roles/kubernetes/namespace/templates/docker-secret.json.j2
new file mode 100644
index 0000000..bd6463d
--- /dev/null
+++ b/roles/kubernetes/namespace/templates/docker-secret.json.j2
@@ -0,0 +1,7 @@
+{
+  "auths": {
+    "{{ shared_service_docker_registry_hostname }}": {
+      "auth": "{{ [docker_registry_username, docker_registry_token] | join(":") | string | b64encode }}"
+    }
+  }
+}
\ No newline at end of file