Add RHOSO kubeconfigfile to shiftstackclient pod

Create a secret from the file and add it as a volume to the pod
openstack-k8s-operators · Dec 19, 2024 · 63f8e1b · 63f8e1b
1 parent fe85ae8
commit 63f8e1b
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 1 deletion.
diff --git a/roles/shiftstack/README.md b/roles/shiftstack/README.md
@@ -5,6 +5,8 @@ Role for triggering Openshift on Openstack QA automation (installation and tests
 * `cifmw_shiftstack_ansible_command_logs_dir`: (*string*) Directory name for the ansible command module output. Defaults to `"{{ cifmw_shiftstack_basedir }}/ansible_command_logs"`.
 * `cifmw_shiftstack_artifacts_dir`: (*string*) Directory name for the role artifacts. Defaults to `"{{ cifmw_shiftstack_basedir }}/artifacts"`.
 * `cifmw_shiftstack_basedir`: (*string*) Base directory for the role artifacts and logs. Defaults to `{{ cifmw_basedir }}/tests/shiftstack` (which defaults to `~/ci-framework-data/tests/shiftstack`.
+* `cifmw_shiftstack_client_incluster_secret_manifest`: (*string*) The manifest file for creating the secret that will hold the RHOSO kubeconfig. Defaults to `{{ cifmw_shiftstack_client_pod_name }}_incluster_secret.yml`.
+* `cifmw_shiftstack_client_incluster_secret_name:`: (*string*) The secret name that will hold the RHOSO kubeconfig. Defaults to `incluster-kubeconfig`.
 * `cifmw_shiftstack_client_pod_name`: (*string*) Pod name for the pod running the Openshift installer and tests. Defaults to `shiftstackclient`.
 * `cifmw_shiftstack_client_pod_manifest`: (*string*) The file name for the shiftstackclient pod manifest. Defaults to `"{{ cifmw_shiftstack_client_pod_name }}_pod.yml"`.
 * `cifmw_shiftstack_client_pod_namespace`: (*string*) The namespace where the `cifmw_shiftstack_client_pod_name` will be deployed. Defaults to `openstack`.
@@ -14,12 +16,13 @@ Role for triggering Openshift on Openstack QA automation (installation and tests
 * `cifmw_shiftstack_installation_dir`: (*string*) Directory to place installation files. Defaults to `"{{ cifmw_shiftstack_shiftstackclient_artifacts_dir }}/installation"`.
 * `cifmw_shiftstack_manifests_dir`: (*string*) Directory name for the role generated Openshift manifests. Defaults to `"{{ cifmw_shiftstack_basedir }}/manifests"`.
 * `cifmw_shiftstack_project_name`: (*string*) The Openstack project name. Defaults to `shiftstack`.
+* `cifmw_shiftstack_proxy`: (*string*) The proxy url that should be used to reach the underlying OCP. Defaults to omit.
 * `cifmw_shiftstack_qa_gerrithub_change`: (*string*) The gerrithub change to fetch from the `cifmw_shiftstack_qa_repo` repository (i.e. 'refs/changes/29/1188429/50)'. Defaults to ''.
 * `cifmw_shiftstack_qa_repo`: (*string*) The repository containing the Openshift on Openstack QA automation. Defaults to `https://review.gerrithub.io/shiftstack/shiftstack-qa`.
 * `cifmw_shiftstack_run_playbook`: (*string*) The playbook to be run from the `cifmw_shiftstack_qa_repo` repository. Defaults to `ocp_testing.yaml`.
 * `cifmw_shiftstack_sc`: (*string*) The storage class to be used for PVC for the shiftstackclient pod. Defaults to `local-storage`.
 * `cifmw_shiftstack_shiftstackclient_artifacts_dir`: (*string*) The artifacts directory path for the shiftstackclient pod. Defaults to `/home/cloud-admin/artifacts`.
-* `cifmw_shiftstack_proxy`: (*string*) The proxy url that should be used to reach the underlying OCP. Defaults to omit.
+* `cifmw_shiftstack_shiftstackclient_incluster_kubeconfig_dir`: (*string*) The directory path in shiftstackclient pod the will hold the RHOSO kubeconfig. Defaults to `/home/cloud-admin/incluster-kubeconfig`.
 
 ## Examples
 The role is imported in the test playbook, i.e. when:

diff --git a/roles/shiftstack/defaults/main.yml b/roles/shiftstack/defaults/main.yml
@@ -20,6 +20,8 @@
 cifmw_shiftstack_ansible_command_logs_dir: "{{ cifmw_shiftstack_basedir }}/ansible_command_logs"
 cifmw_shiftstack_artifacts_dir: "{{ cifmw_shiftstack_basedir }}/artifacts"
 cifmw_shiftstack_basedir: "{{ cifmw_basedir | default(ansible_user_dir ~ '/ci-framework-data') }}/tests/shiftstack"
+cifmw_shiftstack_client_incluster_secret_manifest: "{{ cifmw_shiftstack_client_pod_name }}_incluster_secret.yml"
+cifmw_shiftstack_client_incluster_secret_name: "incluster-kubeconfig"
 cifmw_shiftstack_client_pod_image: "quay.io/shiftstack-qe/shiftstack-client:latest"
 cifmw_shiftstack_client_pod_manifest: "{{ cifmw_shiftstack_client_pod_name }}_pod.yml"
 cifmw_shiftstack_client_pod_name: "shiftstackclient-{{ cifmw_shiftstack_project_name }}"
@@ -35,3 +37,4 @@ cifmw_shiftstack_run_playbook: "ocp_testing.yaml"
 cifmw_shiftstack_sc: "local-storage"
 cifmw_shiftstack_shiftstackclient_artifacts_dir: "/home/cloud-admin/artifacts"
 cifmw_shiftstack_shiftstackclient_installation_dir: "{{ cifmw_shiftstack_shiftstackclient_artifacts_dir }}/installation"
+cifmw_shiftstack_shiftstackclient_incluster_kubeconfig_dir: "/home/cloud-admin/incluster-kubeconfig"
diff --git a/roles/shiftstack/tasks/cleanup.yml b/roles/shiftstack/tasks/cleanup.yml
@@ -18,6 +18,16 @@
   ansible.builtin.debug:
     msg: "TODO: to be added once it's supported in shiftstack-qa automation"
 
+- name: Delete the secret '{{ cifmw_shiftstack_client_incluster_secret_name }}'
+  kubernetes.core.k8s:
+    state: absent
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    api_version: v1
+    kind: Secret
+    namespace: openstack
+    name: "{{ cifmw_shiftstack_client_incluster_secret_name }}"
+    proxy: "{{ cifmw_shiftstack_proxy | default(omit) }}"
+
 - name: Delete the pod '{{ cifmw_shiftstack_client_pod_name }}'
   kubernetes.core.k8s:
     state: absent

diff --git a/roles/shiftstack/tasks/deploy_shiftstackclient_pod.yml b/roles/shiftstack/tasks/deploy_shiftstackclient_pod.yml
@@ -14,6 +14,23 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+- name: Encode kubeconfig file to Base64
+  ansible.builtin.set_fact:
+    incluster_kubeconfig_base64: "{{ lookup('ansible.builtin.file', cifmw_openshift_kubeconfig ) | b64encode }}"
+
+- name: Render the incluster kubeconfig secret manifest
+  ansible.builtin.template:
+    src: shiftstackclient_incluster_kubeconfig_secret.yml.j2
+    dest: "{{ (cifmw_shiftstack_manifests_dir, cifmw_shiftstack_client_incluster_secret_manifest) | path_join }}"
+    mode: "0644"
+
+- name: Apply the manifest for the incluster kubeconfig secret
+  kubernetes.core.k8s:
+    state: present
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    src: "{{ (cifmw_shiftstack_manifests_dir, cifmw_shiftstack_client_incluster_secret_manifest) | path_join }}"
+    proxy: "{{ cifmw_shiftstack_proxy | default(omit) }}"
+
 - name: Render the pvc manifest
   ansible.builtin.template:
     src: templates/shiftstackclient_pvc.yml.j2

diff --git a/roles/shiftstack/templates/shiftstackclient_incluster_kubeconfig_secret.yml.j2 b/roles/shiftstack/templates/shiftstackclient_incluster_kubeconfig_secret.yml.j2
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ cifmw_shiftstack_client_incluster_secret_name }}"
+  namespace: openstack
+type: Opaque
+data:
+  kubeconfig: {{ incluster_kubeconfig_base64 }}
diff --git a/roles/shiftstack/templates/shiftstackclient_pod.yml.j2 b/roles/shiftstack/templates/shiftstackclient_pod.yml.j2
@@ -30,6 +30,9 @@ spec:
       readOnly: true
     - name: installation-volume
       mountPath: {{ cifmw_shiftstack_shiftstackclient_installation_dir }}
+    - name: {{ cifmw_shiftstack_client_incluster_secret_name }}-volume
+      mountPath: {{ cifmw_shiftstack_shiftstackclient_incluster_kubeconfig_dir }}
+      readOnly: true
   dnsPolicy: ClusterFirst
   enableServiceLinks: true
   preemptionPolicy: PreemptLowerPriority
@@ -48,6 +51,9 @@ spec:
     operator: Exists
     tolerationSeconds: 300
   volumes:
+  - name: {{ cifmw_shiftstack_client_incluster_secret_name }}-volume
+    secret:
+      secretName: {{ cifmw_shiftstack_client_incluster_secret_name }}
   - configMap:
       defaultMode: 420
       name: openstack-config