gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: deploy docker registry key to namespace

Browse Source
master
Sven Ketelsen 4 years ago
parent ef3634cf4e
commit 31298d109d
4 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File

3
kubernetes.yml
Unescape Escape View File

@ -14,6 +14,7 @@
msg: "The ansible version has to be at least ({{ ansible_version.full }})" msg: "The ansible version has to be at least ({{ ansible_version.full }})"
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
become: false become: false
# TODO run only once (> argo-cd uses stage_server_infos)
- name: "Import autodiscover pre-tasks" - name: "Import autodiscover pre-tasks"
include_tasks: tasks/autodiscover_pre_tasks.yml include_tasks: tasks/autodiscover_pre_tasks.yml
tags: tags:
@ -21,8 +22,10 @@
roles: roles:
- { role: kubernetes/base } - { role: kubernetes/base }
- { role: kubernetes/namespace }
# DEV-243 is waiting for hetzner support << Ticket#2021110303010972 RE: Anderes Problem (Server: #15275628) >> # DEV-243 is waiting for hetzner support << Ticket#2021110303010972 RE: Anderes Problem (Server: #15275628) >>
- { role: kubernetes/cloud-controller-manager } - { role: kubernetes/cloud-controller-manager }
- { role: kubernetes/container-storage-interface }
- { role: kubernetes/cert-manager } - { role: kubernetes/cert-manager }
- { role: kubernetes/ingress-controller } - { role: kubernetes/ingress-controller }
- { role: kubernetes/apps, tags: prometheus } - { role: kubernetes/apps, tags: prometheus }

4
roles/kubernetes/namespace/defaults/main.yml
Unescape Escape View File

@ -0,0 +1,4 @@
---
k8s_namespace: "default"
k8s_docker_registry_key: "{{ stage }}-docker-registry-key"

33
roles/kubernetes/namespace/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,33 @@
---
### tags:
### namespace
- name: "Create k8s namespace <{{ k8s_namespace }}>"
kubernetes.core.k8s:
name: "{{ k8s_namespace }}"
api_version: v1
kind: Namespace
state: present
when:
- inventory_hostname == groups['kube_control_plane'][0]
tags:
- namespace
- name: "Create docker registry secret for namespace <{{ k8s_namespace }}"
kubernetes.core.k8s:
state: present
merge_type: merge
definition:
apiVersion: v1
data:
.dockerconfigjson: "{{ lookup('template', 'docker-secret.json.j2') | to_json | b64encode }}"
kind: Secret
metadata:
name: "{{ k8s_docker_registry_key }}"
namespace: "{{ k8s_namespace }}"
type: kubernetes.io/dockerconfigjson
when:
- inventory_hostname == groups['kube_control_plane'][0]
tags:
- namespace

7
roles/kubernetes/namespace/templates/docker-secret.json.j2
Unescape Escape View File

@ -0,0 +1,7 @@
{
"auths": {
"{{ shared_service_docker_registry_hostname }}": {
"auth": "{{ [docker_registry_username, docker_registry_token] | join(":") | string | b64encode }}"
}
}
}
Write Preview
Loading…
Cancel
Save