Created
April 21, 2020 16:05
-
-
Save chuckersjp/fda432a1bbd42eb924995ec8362e8378 to your computer and use it in GitHub Desktop.
Ansible Playbook to update an OpenShift Secret using k8s
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: retrieve pullsecret | |
# Newer version of Ansible call this module k8s_info | |
k8s_facts: | |
api: v1 | |
kind: Secret | |
name: pull-secret-chuck | |
namespace: openshift-config | |
register: pullsecret | |
- name: Get the original cred secrets | |
set_fact: | |
original_secret: "{{ item.data }}" | |
with_items: "{{ pullsecret.resources }}" | |
no_log: true | |
- name: Get the dockerconfigjson info | |
set_fact: | |
secret_string: '{{ original_secret[".dockerconfigjson"] | b64decode | from_json }}' | |
- name: Create the new string | |
set_fact: | |
new_secret_string: '{{ secret_string | combine( nexus_creds, recursive=True) }}' | |
- name: Set the initial update flag | |
set_fact: | |
need_update: False | |
- name: Change the update flag if there is a difference in the updated list of auths items | |
set_fact: | |
need_update: True | |
# i.e. if we have a different number of keys, we obviously changed something so need an update | |
when: "new_secret_string['auths'].keys() | symmetric_difference(secret_string['auths'].keys()) | length != 0" | |
- name: Change the update flag if there is a difference in the contents of the auths items | |
set_fact: | |
need_update: True | |
loop: "{{ new_secret_string['auths'].keys() | sort }}" | |
when: | |
# If we have added a new auth don't bother checking we have and update | |
- not need_update | |
# If we have a different value for our keys, we need an update | |
- new_secret_string['auths'][item] != secret_string['auths'][item] | |
- name: Create new secret | |
k8s: | |
state: present | |
merge_type: merge | |
definition: | |
apiVersion: v1 | |
data: | |
.dockerconfigjson: "{{ new_secret_string | to_json | b64encode }}" | |
kind: Secret | |
metadata: | |
name: pull-secret-chuck | |
namespace: openshift-config | |
type: kubernetes.io/dockerconfigjson | |
when: need_update |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment