-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathk3s_externalsecrets_argocd.yml
91 lines (80 loc) · 3.06 KB
/
k3s_externalsecrets_argocd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
---
- name: k3s_externalsecrets_argocd.yml
hosts:
- k3s_external_secrets_install
gather_facts: false
vars:
helm_version: 3.11.0
helm_bin: /usr/local/bin
external_secrets_repo: "https://charts.external-secrets.io"
external_secrets_version: "0.7.2"
certmanager_version: "1.11.1"
certmanager_repo: "https://charts.jetstack.io"
builddir: /tmp/ansible-build
k3s_es_chart_src: /etc/ansible/files/rancher/k3s_external_secrets_bootstrap
tasks:
- name: Create temporary build directory
file:
state: directory
path: "{{ builddir }}"
mode: '0755'
- name: Download Helm
get_url:
url: "https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz"
dest: "{{ builddir }}"
checksum: "sha256:https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz.sha256sum"
- name: unarchive helm tarball
unarchive:
src: "{{ builddir }}/helm-v{{ helm_version}}-linux-amd64.tar.gz"
dest: "{{ builddir }}"
remote_src: true
- name: Install helm
copy:
force: false
src: "{{ builddir }}/linux-amd64/helm"
dest: "{{ helm_bin }}"
mode: 0755
owner: root
group: root
remote_src: true
become: true
- name: Copy Chart to remote
copy:
force: false
src: "{{ k3s_es_chart_src }}"
dest: "{{ builddir }}"
mode: 0755
owner: root
group: root
become: true
- name: "Install external secrets helm chart on cluster"
become: true
shell: |
"{{ helm_bin }}/helm" repo add external-secrets "{{ external_secrets_repo }}"
"{{ helm_bin }}/helm" upgrade --install --version "{{ external_secrets_version }}" -n external-secrets --create-namespace external-secrets external-secrets/external-secrets
environment:
KUBECONFIG: "/etc/rancher/k3s/k3s.yaml"
- name: "Install cert manager helm chart on cluster"
become: true
shell: |
"{{ helm_bin }}/helm" repo add jetstack "{{ certmanager_repo }}"
"{{ helm_bin }}/helm" upgrade --install --version "{{ certmanager_version }}" -n cert-manager --create-namespace cert-manager jetstack/cert-manager --set installCRDs=true
environment:
KUBECONFIG: "/etc/rancher/k3s/k3s.yaml"
- name: Pause for 1 minutes
pause:
minutes: 1
- name: Install k3s bootstrap helm chart on cluster
become: true
shell: |
"{{ helm_bin }}/helm" upgrade --install -n uclabootstrap --create-namespace uclabootstrap "{{ builddir }}/k3s_external_secrets_bootstrap" \
--set secrets.external_secrets.argocd.aws.access_key="{{ es_argocd_access_key }}" \
--set secrets.external_secrets.argocd.aws.secret_access_key="{{ es_argocd_secret_access_key }}"
environment:
KUBECONFIG: "/etc/rancher/k3s/k3s.yaml"
- name: Use the registered var and the file module to remove the temporary file
ansible.builtin.file:
path: "{{ builddir }}"
state: absent
when: builddir is defined
become: true