zuul-operator/playbooks/zuul-operator-functional/tasks/create_test_secrets.yaml

100 lines
2.8 KiB
YAML

- name: Generate executor ssh key
command: ssh-keygen -t rsa -m PEM -N '' -f 'id_rsa' -q -C 'zuul-executor'
args:
creates: id_rsa
# Note: Using lookup(file) is somehow failing with 'NoneType' object has no attribute 'startswith'
- name: Read generated ssh key
command: cat id_rsa
register: _ssh_key
- name: Read generated ssh public key
command: cat id_rsa.pub
register: _ssh_key_pub
- name: Read kube server address
command: kubectl config view -o jsonpath='{.clusters[0].cluster.server}'
register: _kube_config
- name: Read generated kubectl configuration
shell: "kubectl config view --flatten | sed -e 's#{{ _kube_config.stdout }}#https://kubernetes/#g'"
register: _kube_config
- name: Read current context name
command: kubectl config current-context
register: _kube_context
- name: Setup user provided secrets
k8s:
namespace: "{{ namespace }}"
definition:
apiVersion: v1
kind: Secret
metadata:
name: "{{ item.name }}"
stringData: "{{ item.data }}"
loop:
- name: static-node-authorized-keys
data:
authorized_keys: "{{ _ssh_key_pub.stdout }}"
- name: executor-ssh-key
data:
sshkey: "{{ _ssh_key.stdout }}"
- name: zuul-yaml-conf
data:
main.yaml: |
- tenant:
name: local
source:
opendev.org:
config-projects:
- zuul/zuul-base-jobs
untrusted-projects:
- zuul/zuul-jobs
- name: nodepool-yaml-conf
data:
nodepool.yaml: |
labels:
- name: pod-fedora-34
min-ready: 1
- name: ubuntu-focal
min-ready: 1
providers:
- name: kube-cluster
driver: kubernetes
context: {{ _kube_context.stdout }}
max-pods: 15
pools:
- name: default
labels:
- name: pod-fedora-34
type: pod
image: docker.io/fedora:34
python-path: /bin/python3
- name: static-vms
driver: static
pools:
- name: main
nodes:
- name: node.default
labels: ubuntu-focal
host-key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgHJYejINIKzUiuSJ2MN8uPc+dfFrZ9JH1hLWS8gI+g"
python-path: /usr/bin/python3
username: root
- name: nodepool-kube-config
data:
kube.config: "{{ _kube_config.stdout }}"
- name: zuul-registry-conf
data:
registry.yaml: |
registry:
users:
- name: testuser
pass: testpass
access: write