communishift: Add task to create namespace for communishift authorization operator

Create IPA keytab for communishift authorization operator Signed-off-by: David Kirwan <dkirwan@redhat.com> Signed-off-by: Lenka Segura <lsegura@redhat.com> Signed-off-by: Patrik Polakovic <ppolakov@redhat.com>
2022-08-29 10:50:50 +01:00 · 2022-08-29 10:50:50 +01:00 · d9fa6611ae
commit d9fa6611ae
parent a60f3caa8a
3 changed files with 51 additions and 1 deletions
--- a/playbooks/manual/communishift.yml
+++ b/playbooks/manual/communishift.yml
@ -9,6 +9,13 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  tasks:
+    - name: Communishift Role
+      include_role:
+        name: communishift
+        tasks_from: administration-tasks
+        apply:
+          tags:
+            - deploy-operators
    - name: Communishift Role
      with_items: "{{ communishift_projects }}"
      include_role:
@ -22,6 +29,5 @@
      loop_control:
        loop_var: outer_item
  vars:
-    ansible_python_interpreter: "/usr/bin/python"
    communishift_projects:
      - communishift-dev-test
--- a/roles/communishift/tasks/administration-tasks.yml
+++ b/roles/communishift/tasks/administration-tasks.yml
@ -0,0 +1,2 @@
+---
+- include_tasks: deploy-communishift-authorization-operator.yml
--- a/roles/communishift/tasks/deploy-communishift-authorization-operator.yml
+++ b/roles/communishift/tasks/deploy-communishift-authorization-operator.yml
@ -0,0 +1,42 @@
+---
+- name: Create the CommunishiftAuthorization operator k8s namespace
+  community.okd.k8s:
+    api_key: "{{ communishift_ocp_api_token }}"
+    host: "{{ communishift_ocp_api_host }}"
+    name: "communishift-authorization-operator"
+    api_version: v1
+    kind: Namespace
+    state: present
+  tags:
+    - deploy-operators
+
+
+- name: Acquire a keytab
+  include_role:
+    name: keytab/service
+  vars:
+    kt_location: "/etc/openshift_apps/communishift-authorization/communishift-authorization-operator-keytab.kt"
+    service: "communishift-authorization-operator"
+    host: "{{ communishift_ocp_api_host }}"
+  tags:
+    - deploy-operators
+
+
+- name: Create the CommunishiftAuthorization operator k8s Secret
+  community.okd.k8s:
+    api_key: "{{ communishift_ocp_api_token }}"
+    host: "{{ communishift_ocp_api_host }}"
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        name: "communishift-keytab-secret"
+        namespace: "communishift-authorization-operator"
+      data:
+        communishift-authorization-keytab: "{{ communishift_authorization_keytab_file | b64encode }}"
+  vars:
+     communishift_authorization_keytab_file: "{{ lookup('file', '/etc/openshift_apps/communishift-authorization/communishift-authorization-operator-keytab.kt') }}"
+  tags:
+    - deploy-operators
+