feat: deploy docker registry key to namespace

4 years ago · 31298d109d
parent ef3634cf4e
commit 31298d109d
4 changed files with 47 additions and 0 deletions
--- a/kubernetes.yml
+++ b/kubernetes.yml
@ -14,6 +14,7 @@
        msg: "The ansible version has to be at least ({{ ansible_version.full }})"
      delegate_to: 127.0.0.1
      become: false
+# TODO run only once (> argo-cd uses stage_server_infos)
    - name: "Import autodiscover pre-tasks"
      include_tasks: tasks/autodiscover_pre_tasks.yml
      tags:
@ -21,8 +22,10 @@

  roles:
    - { role: kubernetes/base }
+    - { role: kubernetes/namespace }
 # DEV-243 is waiting for hetzner support << Ticket#2021110303010972 RE: Anderes Problem (Server: #15275628) >>
    - { role: kubernetes/cloud-controller-manager }
+    - { role: kubernetes/container-storage-interface }
    - { role: kubernetes/cert-manager }
    - { role: kubernetes/ingress-controller }
    - { role: kubernetes/apps, tags: prometheus }
--- a/roles/kubernetes/namespace/defaults/main.yml
+++ b/roles/kubernetes/namespace/defaults/main.yml
@ -0,0 +1,4 @@
+---
+
+k8s_namespace: "default"
+k8s_docker_registry_key: "{{ stage }}-docker-registry-key"
--- a/roles/kubernetes/namespace/tasks/main.yml
+++ b/roles/kubernetes/namespace/tasks/main.yml
@ -0,0 +1,33 @@
+---
+
+### tags:
+###   namespace
+
+- name: "Create k8s namespace <{{ k8s_namespace }}>"
+  kubernetes.core.k8s:
+    name: "{{ k8s_namespace }}"
+    api_version: v1
+    kind: Namespace
+    state: present
+  when:
+  - inventory_hostname == groups['kube_control_plane'][0]
+  tags:
+    - namespace
+
+- name: "Create docker registry secret for namespace <{{ k8s_namespace }}"
+  kubernetes.core.k8s:
+    state: present
+    merge_type: merge
+    definition:
+      apiVersion: v1
+      data:
+        .dockerconfigjson: "{{ lookup('template', 'docker-secret.json.j2') | to_json | b64encode }}"
+      kind: Secret
+      metadata:
+        name: "{{ k8s_docker_registry_key }}"
+        namespace: "{{ k8s_namespace }}"
+      type: kubernetes.io/dockerconfigjson
+  when: 
+  - inventory_hostname == groups['kube_control_plane'][0]
+  tags:
+    - namespace
--- a/roles/kubernetes/namespace/templates/docker-secret.json.j2
+++ b/roles/kubernetes/namespace/templates/docker-secret.json.j2
@ -0,0 +1,7 @@
+{
+  "auths": {
+    "{{ shared_service_docker_registry_hostname }}": {
+      "auth": "{{ [docker_registry_username, docker_registry_token] | join(":") | string | b64encode }}"
+    }
+  }
+}