egeneralov/ansible-integrate-gitlab-instance-with-k8s.yaml

## ansible-integrate-gitlab-instance-with-k8s.yaml
---

- name: integrate gitlab instance with k8s
  hosts: kube-master[0]
  gather_facts: no
  tasks:
    - apt:
        name:
          - python-pip
          - python-setuptools

    - pip:
        name:
          - kubernetes==11.0.0
          - openshift==0.11.2
          - PyYAML==5.3.1

    - name: "create gitlab ServiceAccount"
      k8s:
        state: present
        definition:
          apiVersion: v1
          kind: ServiceAccount
          metadata:
            name: gitlab
            namespace: kube-system
      register: sa

    - wait_for:
        timeout: 20

    - k8s_info:
        api_version: v1
        kind: Secret
        name: "{{ sa.result.secrets[0].name }}"
        namespace: kube-system
      register: sa_secret

    - name: "create ClusterRoleBinding"
      k8s:
        state: present
        definition:
          kind: ClusterRoleBinding
          apiVersion: rbac.authorization.k8s.io/v1
          metadata:
            name: gitlab-cluster-admin
          subjects:
          - kind: ServiceAccount
            name: gitlab
            namespace: kube-system
          roleRef:
            kind: ClusterRole
            name: cluster-admin
            apiGroup: rbac.authorization.k8s.io

    - name: "create ClusterRoleBinding"
      k8s:
        state: present
        definition:
          kind: ClusterRoleBinding
          apiVersion: rbac.authorization.k8s.io/v1
          metadata:
            name: gitlab-ns-cluster-admin
          subjects:
          - kind: ServiceAccount
            name: default
            namespace: gitlab-managed-apps
          roleRef:
            kind: ClusterRole
            name: cluster-admin
            apiGroup: rbac.authorization.k8s.io

    - block:
        - set_fact:
            master_ip: "{{ hostvars[groups['kube-master'][0]]['ansible_host'] }}"
            payload:
              name: cluster-name
              environment_scope: "cluster-name-*"
              managed: false
              platform_kubernetes_attributes:
                api_url: "https://{{ hostvars[groups['kube-master'][0]]['ansible_host'] }}:6443"
                token: "{{ sa_secret.resources[0].data['token'] | b64decode }}"
                ca_cert: "{{ sa_secret.resources[0].data['ca.crt'] | b64decode }}"

        - name: Create a gitlab cluster for group
          uri:
            url: https://gitlab.example.com/api/v4/groups/${GROUP_ID}/clusters/user
            headers:
              Private-Token: "${PERSONAL_ACCESS_TOKEN}"
            method: POST
            body: "{{ payload | to_json }}"
            status_code: 201
            body_format: json
          register: answer

        - name: Create a gitlab cluster for project
          uri:
            url: https://gitlab.example.com/api/v4/projects/${PROJECT_ID}/clusters/user
            headers:
              Private-Token: "${PERSONAL_ACCESS_TOKEN}"
            method: POST
            body: "{{ payload | to_json }}"
            status_code: 201
            body_format: json
          register: answer

        - name: Create a instance-wide cluster
          uri:
            url: https://gitlab.example.com/api/v4/admin/clusters/add
            headers:
              Private-Token: "${PERSONAL_ACCESS_TOKEN}"
            method: POST
            body: "{{ payload | to_json }}"
            status_code: 201
            body_format: json
          register: answer

      delegate_to: localhost
	---

	- name: integrate gitlab instance with k8s
	hosts: kube-master[0]
	gather_facts: no
	tasks:
	- apt:
	name:
	- python-pip
	- python-setuptools

	- pip:
	name:
	- kubernetes==11.0.0
	- openshift==0.11.2
	- PyYAML==5.3.1

	- name: "create gitlab ServiceAccount"
	k8s:
	state: present
	definition:
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: gitlab
	namespace: kube-system
	register: sa

	- wait_for:
	timeout: 20

	- k8s_info:
	api_version: v1
	kind: Secret
	name: "{{ sa.result.secrets[0].name }}"
	namespace: kube-system
	register: sa_secret

	- name: "create ClusterRoleBinding"
	k8s:
	state: present
	definition:
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: gitlab-cluster-admin
	subjects:
	- kind: ServiceAccount
	name: gitlab
	namespace: kube-system
	roleRef:
	kind: ClusterRole
	name: cluster-admin
	apiGroup: rbac.authorization.k8s.io

	- name: "create ClusterRoleBinding"
	k8s:
	state: present
	definition:
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: gitlab-ns-cluster-admin
	subjects:
	- kind: ServiceAccount
	name: default
	namespace: gitlab-managed-apps
	roleRef:
	kind: ClusterRole
	name: cluster-admin
	apiGroup: rbac.authorization.k8s.io

	- block:
	- set_fact:
	master_ip: "{{ hostvars[groups['kube-master'][0]]['ansible_host'] }}"
	payload:
	name: cluster-name
	environment_scope: "cluster-name-*"
	managed: false
	platform_kubernetes_attributes:
	api_url: "https://{{ hostvars[groups['kube-master'][0]]['ansible_host'] }}:6443"
	token: "{{ sa_secret.resources[0].data['token'] \| b64decode }}"
	ca_cert: "{{ sa_secret.resources[0].data['ca.crt'] \| b64decode }}"

	- name: Create a gitlab cluster for group
	uri:
	url: https://gitlab.example.com/api/v4/groups/${GROUP_ID}/clusters/user
	headers:
	Private-Token: "${PERSONAL_ACCESS_TOKEN}"
	method: POST
	body: "{{ payload \| to_json }}"
	status_code: 201
	body_format: json
	register: answer

	- name: Create a gitlab cluster for project
	uri:
	url: https://gitlab.example.com/api/v4/projects/${PROJECT_ID}/clusters/user
	headers:
	Private-Token: "${PERSONAL_ACCESS_TOKEN}"
	method: POST
	body: "{{ payload \| to_json }}"
	status_code: 201
	body_format: json
	register: answer

	- name: Create a instance-wide cluster
	uri:
	url: https://gitlab.example.com/api/v4/admin/clusters/add
	headers:
	Private-Token: "${PERSONAL_ACCESS_TOKEN}"
	method: POST
	body: "{{ payload \| to_json }}"
	status_code: 201
	body_format: json
	register: answer

	delegate_to: localhost