Add option to import existing clusters (#334)

* Add option to import existing clusters Signed-off-by: Jakub Stejskal <[email protected]> * Allow to specify already existing clusters Signed-off-by: Jakub Stejskal <[email protected]> --------- Signed-off-by: Jakub Stejskal <[email protected]>
skodjob · Feb 5, 2024 · bae52f8 · bae52f8
1 parent 836008e
commit bae52f8
Show file tree

Hide file tree

Showing 23 changed files with 302 additions and 376 deletions.
diff --git a/install/roles/automation-hub/tasks/common/prepare_kubeconfigs.yaml b/install/roles/automation-hub/tasks/common/prepare_kubeconfigs.yaml
@@ -29,11 +29,19 @@
     path: "{{ kubeconfig_path }}/{{ infra_context_name }}"
     mode: '0755'
 
+- include_tasks:
+    file: setup_cluster_kubeconfig_hive.yaml
+  loop: "{{ clusters_dict.values() }}"
+  loop_control:
+    loop_var: cluster
+  when: cluster.kubeconfig is undefined
+
 - include_tasks:
     file: setup_cluster_kubeconfig.yaml
   loop: "{{ clusters_dict.values() }}"
   loop_control:
     loop_var: cluster
+  when: cluster.kubeconfig is defined
 
 - name: Check cluster type
   shell: kubectl api-versions

diff --git a/install/roles/automation-hub/tasks/common/setup_cluster_kubeconfig.yaml b/install/roles/automation-hub/tasks/common/setup_cluster_kubeconfig.yaml
@@ -1,109 +1,57 @@
-# Get cluster URL
-
-- name: "Check if {{ cluster.name }} cluster config exists in {{ hive_namespace }} namespace"
-  kubernetes.core.k8s_info:
-    kubeconfig: "{{ kubeconfig_path }}/{{ infra_context_name }}"
-    namespace: "{{ hive_namespace }}"
-    kind: ClusterDeployment
-    name: "{{ cluster.name }}"
-    verify_ssl: no
-  ignore_errors: true
-  register: cluster_present
-
-- name: "Wait for ClusterDeployment {{ cluster.name }} readiness"
-  kubernetes.core.k8s_info:
-    kubeconfig: "{{ kubeconfig_path }}/{{ infra_context_name }}"
-    namespace: "{{ hive_namespace }}"
-    kind: ClusterDeployment
-    name: "{{ cluster.name }}"
-    wait: true
-    wait_timeout: 5
-    verify_ssl: no
-    wait_condition:
-      type: Provisioned
-      status: True
-      reason: Provisioned
-  when: cluster_present.resources != []
-  ignore_errors: true
-  register: readiness
-
-- debug:
-    msg: "{{ readiness }}"
+##################################
+#### Set kubeconfig data from yaml
+##################################
+- name: "Debug na zacatku"
+  debug:
+    msg: "{{ clusters_dict }}"
 
-- name: "Update facts for {{ cluster.name }}"
+- name: "Update facts for {{ cluster.name }} - kubeconfig based"
   ansible.utils.update_fact:
     updates:
-      - path: "clusters_dict['{{ cluster.name }}'].exists"
-        value: "{{ cluster_present.resources != [] }}"
-      - path: "clusters_dict['{{ cluster.name }}'].provisioned"
-        value: "{{ readiness.failed == False }}"
-  when: cluster_present.resources != []
-  register: updated_data_ready
+      - path: "clusters_dict['{{ cluster.name }}'].serverUrl"
+        value: "{{ cluster.kubeconfig.serverUrl }}"
+      - path: "clusters_dict['{{ cluster.name }}'].provisionRefName"
+        value: "{{ cluster.name }}"
+  register: updated_data
+  when: cluster.kubeconfig is defined
+
+- set_fact:
+    clusters_dict: "{{ updated_data.clusters_dict }}"
+  when: cluster.kubeconfig is defined
 
 - name: "Update facts for {{ cluster.name }}"
   ansible.utils.update_fact:
     updates:
       - path: "clusters_dict['{{ cluster.name }}'].exists"
-        value: "{{ cluster_present.resources != [] }}"
+        value: True
       - path: "clusters_dict['{{ cluster.name }}'].provisioned"
-        value: False
-  when: cluster_present.resources == []
-  register: updated_data_not_ready
+        value: True
+  when: cluster.kubeconfig is defined
+  register: kubeconfig_defined
 
 - set_fact:
-    clusters_dict: "{{ updated_data_not_ready.clusters_dict }}"
-  when: updated_data_not_ready.clusters_dict is defined
-
-- set_fact:
-    clusters_dict: "{{ updated_data_ready.clusters_dict }}"
-  when: updated_data_ready.clusters_dict is defined
-
-- debug:
-    msg: "{{ clusters_dict }}"
-
-- name: "Get cluster {{ cluster.name }} API URL"
-  shell: "oc get clusterdeployment {{ cluster.name }} -n {{ hive_namespace }} -o=jsonpath='{.status.apiURL}'"
-  environment:
-    KUBECONFIG: "{{ kubeconfig_path }}/{{ infra_context_name }}"
-  register: serverUrl_output
-  when: clusters_dict[cluster.name].provisioned
-
-- name: "Get cluster {{ cluster.name }} provisionRef name"
-  shell: "oc get clusterdeployment {{ cluster.name }} -n {{ hive_namespace }} -o=jsonpath='{.status.provisionRef.name}'"
-  environment:
-    KUBECONFIG: "{{ kubeconfig_path }}/{{ infra_context_name }}"
-  register: provisionRefName_output
-  when: clusters_dict[cluster.name].provisioned
-
-- name: "Extract kubeconfig for cluster {{ cluster.name }}"
-  shell: "oc extract secret/{{ provisionRefName_output.stdout }}-admin-kubeconfig -n {{ hive_namespace }} --to=- --keys=kubeconfig"
-  environment:
-    KUBECONFIG: "{{ kubeconfig_path }}/{{ infra_context_name }}"
-  register: kubeconfig_output
-  when: clusters_dict[cluster.name].provisioned
-
-- name: "Update facts for {{ cluster.name }}"
-  ansible.utils.update_fact:
-    updates:
-      - path: "clusters_dict['{{ cluster.name }}'].serverUrl"
-        value: "{{ serverUrl_output.stdout }}"
-      - path: "clusters_dict['{{ cluster.name }}'].provisionRefName"
-        value: "{{ provisionRefName_output.stdout }}"
-  register: updated_data
-  when: clusters_dict[cluster.name].provisioned
+    clusters_dict: "{{ kubeconfig_defined.clusters_dict }}"
+  when: cluster.kubeconfig is defined
 
 - set_fact:
-    clusters_dict: "{{ updated_data.clusters_dict }}"
-  when: clusters_dict[cluster.name].provisioned
+    kubeconfig_data: "{{ cluster.kubeconfig.kubeconfig }}"
+  when: cluster.kubeconfig is defined
 
 - name: Create kubeconfig for {{ cluster.name }}
   copy:
-    content: "{{ kubeconfig_output.stdout }}"
+    content: "{{ kubeconfig_data | b64decode }}"
     dest: "{{ kubeconfig_path }}/{{ cluster.name }}"
-  when: clusters_dict[cluster.name].provisioned
+  when: cluster.kubeconfig is defined
 
+#####################
+#### Common part ####
+#####################
 - name: Set proper rights for kubeconfigs on {{ cluster.name }}
   file:
     path: "{{ kubeconfig_path }}/{{ cluster.name }}"
     mode: '0755'
   when: clusters_dict[cluster.name].provisioned
+
+- name: "Debug na konci"
+  debug:
+    msg: "{{ clusters_dict }}"
diff --git a/install/roles/automation-hub/tasks/common/setup_cluster_kubeconfig_hive.yaml b/install/roles/automation-hub/tasks/common/setup_cluster_kubeconfig_hive.yaml
@@ -0,0 +1,111 @@
+# Get cluster URL in Hive
+- name: "Check if {{ cluster.name }} cluster config exists in {{ hive_namespace }} namespace"
+  kubernetes.core.k8s_info:
+    kubeconfig: "{{ kubeconfig_path }}/{{ infra_context_name }}"
+    namespace: "{{ hive_namespace }}"
+    kind: ClusterDeployment
+    name: "{{ cluster.name }}"
+    verify_ssl: no
+  ignore_errors: true
+  register: cluster_present
+
+- name: "Wait for ClusterDeployment {{ cluster.name }} readiness"
+  kubernetes.core.k8s_info:
+    kubeconfig: "{{ kubeconfig_path }}/{{ infra_context_name }}"
+    namespace: "{{ hive_namespace }}"
+    kind: ClusterDeployment
+    name: "{{ cluster.name }}"
+    wait: true
+    wait_timeout: 5
+    verify_ssl: no
+    wait_condition:
+      type: Provisioned
+      status: True
+      reason: Provisioned
+  when: cluster_present.resources != [] and cluster.kubeconfig is undefined
+  ignore_errors: true
+  register: readiness
+
+- debug:
+    msg: "{{ readiness }}"
+
+- name: "Update facts for {{ cluster.name }}"
+  ansible.utils.update_fact:
+    updates:
+      - path: "clusters_dict['{{ cluster.name }}'].exists"
+        value: "{{ cluster_present.resources != [] }}"
+      - path: "clusters_dict['{{ cluster.name }}'].provisioned"
+        value: "{{ readiness.failed == False }}"
+  when: cluster_present.resources != []
+  register: updated_data_ready
+
+- name: "Update facts for {{ cluster.name }}"
+  ansible.utils.update_fact:
+    updates:
+      - path: "clusters_dict['{{ cluster.name }}'].exists"
+        value: "{{ cluster_present.resources != [] }}"
+      - path: "clusters_dict['{{ cluster.name }}'].provisioned"
+        value: False
+  when: cluster_present.resources == []
+  register: updated_data_not_ready
+
+- set_fact:
+    clusters_dict: "{{ updated_data_not_ready.clusters_dict }}"
+  when: updated_data_not_ready.clusters_dict is defined
+
+- set_fact:
+    clusters_dict: "{{ updated_data_ready.clusters_dict }}"
+  when: updated_data_ready.clusters_dict is defined
+
+- debug:
+    msg: "{{ clusters_dict }}"
+
+- name: "Get cluster {{ cluster.name }} API URL"
+  shell: "oc get clusterdeployment {{ cluster.name }} -n {{ hive_namespace }} -o=jsonpath='{.status.apiURL}'"
+  environment:
+    KUBECONFIG: "{{ kubeconfig_path }}/{{ infra_context_name }}"
+  register: serverUrl_output
+  when: clusters_dict[cluster.name].provisioned and cluster.kubeconfig is undefined
+
+- name: "Get cluster {{ cluster.name }} provisionRef name"
+  shell: "oc get clusterdeployment {{ cluster.name }} -n {{ hive_namespace }} -o=jsonpath='{.status.provisionRef.name}'"
+  environment:
+    KUBECONFIG: "{{ kubeconfig_path }}/{{ infra_context_name }}"
+  register: provisionRefName_output
+  when: clusters_dict[cluster.name].provisioned and cluster.kubeconfig is undefined
+
+- name: "Extract kubeconfig for cluster {{ cluster.name }}"
+  shell: "oc extract secret/{{ provisionRefName_output.stdout }}-admin-kubeconfig -n {{ hive_namespace }} --to=- --keys=kubeconfig"
+  environment:
+    KUBECONFIG: "{{ kubeconfig_path }}/{{ infra_context_name }}"
+  register: kubeconfig_output
+  when: clusters_dict[cluster.name].provisioned and cluster.kubeconfig is undefined
+
+- name: "Update facts for {{ cluster.name }}"
+  ansible.utils.update_fact:
+    updates:
+      - path: "clusters_dict['{{ cluster.name }}'].serverUrl"
+        value: "{{ serverUrl_output.stdout }}"
+      - path: "clusters_dict['{{ cluster.name }}'].provisionRefName"
+        value: "{{ provisionRefName_output.stdout }}"
+  register: updated_data
+  when: clusters_dict[cluster.name].provisioned and cluster.kubeconfig is undefined
+
+- set_fact:
+    clusters_dict: "{{ updated_data.clusters_dict }}"
+  when: clusters_dict[cluster.name].provisioned and cluster.kubeconfig is undefined
+
+- name: Create kubeconfig for {{ cluster.name }}
+  copy:
+    content: "{{ kubeconfig_output.stdout }}"
+    dest: "{{ kubeconfig_path }}/{{ cluster.name }}"
+  when: clusters_dict[cluster.name].provisioned and cluster.kubeconfig is undefined
+
+#####################
+#### Common part ####
+#####################
+- name: Set proper rights for kubeconfigs on {{ cluster.name }}
+  file:
+    path: "{{ kubeconfig_path }}/{{ cluster.name }}"
+    mode: '0755'
+  when: clusters_dict[cluster.name].provisioned
diff --git a/install/roles/automation-hub/tasks/infra-setup/delete/delete_kubed.yaml b/install/roles/automation-hub/tasks/infra-setup/delete/delete_kubed.yaml
diff --git a/install/roles/automation-hub/tasks/infra-setup/delete/delete_kubernetes-replicator.yaml b/install/roles/automation-hub/tasks/infra-setup/delete/delete_kubernetes-replicator.yaml
@@ -0,0 +1,21 @@
+---
+- name: Delete Kubernetes Replicator on infra clusters
+  kubernetes.core.k8s:
+    kubeconfig: "{{ kubeconfig_path }}/{{ infra_context_name }}"
+    namespace: "kube-system"
+    state: absent
+    apply: true
+    template: templates/kubernetes-replicator/kubernetes-replicator.yaml.j2
+    verify_ssl: no
+
+- name: Delete Kubernetes Replicator on worker clusters
+  kubernetes.core.k8s:
+    kubeconfig: "{{ kubeconfig_path }}/{{ worker.name }}"
+    namespace: "kube-system"
+    state: absent
+    apply: true
+    template: templates/kubernetes-replicator/kubernetes-replicator.yaml.j2
+    verify_ssl: no
+  loop: "{{ clusters_dict.values() }}"
+  loop_control:
+    loop_var: worker
diff --git a/...tion-hub/tasks/infra-setup/install/advanced-cluster-management/install_observability.yaml b/...tion-hub/tasks/infra-setup/install/advanced-cluster-management/install_observability.yaml
@@ -60,6 +60,6 @@
     apply: true
     template: "templates/acm/08-extend-default-metrics-allowlist.yaml.j2"
     verify_ssl: no
-  loop: "{{ clusters_dict }}"
+  loop: "{{ clusters_dict.values() }}"
   loop_control:
     loop_var: worker
diff --git a/...tomation-hub/tasks/infra-setup/install/advanced-cluster-security/install_acs_central.yaml b/...tomation-hub/tasks/infra-setup/install/advanced-cluster-security/install_acs_central.yaml
@@ -44,17 +44,17 @@
   when: acs_central.changed
 
 - name: "Wait for Central custom resource on Infra cluster"
-  kubernetes.core.k8s:
+  kubernetes.core.k8s_info:
     kubeconfig: "{{ kubeconfig_path }}/{{ infra_context_name }}"
     namespace: "{{ acs_namespace }}"
-    kind: Central
-    api_version: platform.stackrox.io/v1alpha1
-    name: stackrox-central-services
+    kind: Deployment
+    api_version: apps/v1
+    name: central
     wait: true
     verify_ssl: no
     wait_condition:
-      type: Deployed
+      type: Available
       status: True
-      reason: UpgradeSuccessful
+      reason: MinimumReplicasAvailable
   retries: 60
   delay: 10
diff --git a/.../automation-hub/tasks/infra-setup/install/advanced-cluster-security/register_cluster.yaml b/.../automation-hub/tasks/infra-setup/install/advanced-cluster-security/register_cluster.yaml
@@ -20,7 +20,7 @@
 
 - name: Generate api token
   shell: |
-    curl -k -X POST -u "admin:`oc get secret central-htpasswd -o yaml -n {{ acs_namespace }} | grep "password" | awk '{print $2}' | base64 -d`" "$ROX_ENDPOINT/v1/apitokens/generate" -d '{"name":"admin-{{ lookup('community.general.random_string', length=4, special=False) }}", "role": "Admin"}' | jq .token > {{ acs_api_token_file }}
+    curl -k -X POST -u "admin:`oc get secret central-htpasswd -o yaml -n {{ acs_namespace }} | grep "password" | awk '{print $2}' | base64 -d`" "{{ acs_central_url }}/v1/apitokens/generate" -d '{"name":"admin-{{ lookup('community.general.random_string', length=4, special=False) }}", "role": "Admin"}' | jq -r .token > {{ acs_api_token_file }}
     oc create secret generic stackrox-api-token --from-file token={{ acs_api_token_file }} -n "{{ acs_namespace }}"
   environment:
     KUBECONFIG: "{{ kubeconfig_path }}/{{ infra_context_name }}"
@@ -68,4 +68,4 @@
     verify_ssl: no
     template: "{{ item }}"
   loop:
-    - templates/acs/03-secure-cluster.yaml.j2
+    - templates/acs/03-secure-cluster.yaml.j2