Created
February 10, 2022 15:23
-
-
Save mbaldessari/583983bdd2bf3fd13e2cfc791848e50d to your computer and use it in GitHub Desktop.
Playbook to import remote cluster in ACM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # We require the kubernetes collection. Install it first via: | |
| # ansible-galaxy collection install community.kubernetes | |
| # | |
| # This expects four environment variables to be set: | |
| # KUBECONFIG -> Pointing to the HUB | |
| # REMOTEAPI -> API endpoint of the remote cluster | |
| # REMOTECLUSTERNAME -> Name of the cluster you want to import | |
| # REMOTETOKEN -> Token of the remote cluster | |
| - name: Playbook to import a cluster | |
| hosts: localhost | |
| connection: local | |
| tasks: | |
| - name: Set KUBECONFIG, REMOTEAPI, REMOTECLUSTERNAME and REMOTETOKEN facts from env variables | |
| set_fact: | |
| KUBECONFIG: "{{ lookup('env', 'KUBECONFIG') }}" | |
| REMOTEAPI: "{{ lookup('env', 'REMOTEAPI') }}" | |
| REMOTECLUSTERNAME: "{{ lookup('env', 'REMOTECLUSTERNAME') }}" | |
| REMOTETOKEN: "{{ lookup('env', 'REMOTETOKEN') }}" | |
| - name: Check fVor correct KUBECONFIG env variable | |
| fail: | |
| msg: "KUBECONFIG env variable needs to be set and pointing to the KUBE kubeconfig file" | |
| when: | |
| KUBECONFIG is not defined or KUBECONFIG | length == 0 | |
| - name: Check for correct REMOTEAPI env variable | |
| fail: | |
| msg: "REMOTEAPI env variable needs to be set and pointing to the remote API" | |
| when: | |
| REMOTEAPI is not defined or REMOTEAPI | length == 0 | |
| - name: Print info | |
| debug: | |
| msg: "KUBECONFIG: {{ KUBECONFIG}} - REMOTEAPI: {{ REMOTEAPI }}" | |
| - name: Check for correct REMOTETOKEN env variable | |
| fail: | |
| msg: "REMOTETOKEN env variable needs to be set and containing a valid API token to the remote cluster" | |
| when: | |
| REMOTETOKEN is not defined or REMOTETOKEN | length == 0 | |
| - name: Check for correct REMOTECLUSTERNAME env variable | |
| fail: | |
| msg: "REMOTECLUSTERNAME env variable needs to be set and containing a valid API token to the remote cluster" | |
| when: | |
| REMOTECLUSTERNAME is not defined or REMOTECLUSTERNAME | length == 0 | |
| - name: Create namespace for regional cluster | |
| kubernetes.core.k8s: | |
| name: "{{ REMOTECLUSTERNAME }}" | |
| kind: Namespace | |
| api_version: v1 | |
| state: present | |
| - name: Add label to regional namespace | |
| kubernetes.core.k8s: | |
| state: patched | |
| kind: Namespace | |
| name: "{{ REMOTECLUSTERNAME }}" | |
| definition: | |
| metadata: | |
| labels: | |
| cluster.open-cluster-management.io/managedCluster: "{{ REMOTECLUSTERNAME }}" | |
| - name: Create secret to import regional cluster | |
| kubernetes.core.k8s: | |
| state: present | |
| definition: | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: auto-import-secret | |
| namespace: "{{ REMOTECLUSTERNAME }}" | |
| stringData: | |
| autoImportRetry: "5" | |
| token: "{{ REMOTETOKEN }}" | |
| server: "{{ REMOTEAPI }}" | |
| type: Opaque | |
| - name: Import regional ManagedCluster | |
| kubernetes.core.k8s: | |
| state: present | |
| definition: | |
| apiVersion: cluster.open-cluster-management.io/v1 | |
| kind: ManagedCluster | |
| metadata: | |
| labels: | |
| cloud: auto-detect | |
| vendor: auto-detect | |
| name: "{{ REMOTECLUSTERNAME }}" | |
| spec: | |
| hubAcceptsClient: true | |
| leaseDurationSeconds: 60 | |
| - name: Import the Klusterlet add-on | |
| kubernetes.core.k8s: | |
| state: present | |
| definition: | |
| apiVersion: agent.open-cluster-management.io/v1 | |
| kind: KlusterletAddonConfig | |
| metadata: | |
| name: "{{ REMOTECLUSTERNAME }}" | |
| namespace: "{{ REMOTECLUSTERNAME }}" | |
| spec: | |
| clusterName: "{{ REMOTECLUSTERNAME }}" | |
| clusterNamespace: "{{ REMOTECLUSTERNAME }}" | |
| applicationManager: | |
| enabled: true | |
| certPolicyController: | |
| enabled: true | |
| clusterLabels: | |
| cloud: auto-detect | |
| vendor: auto-detect | |
| iamPolicyController: | |
| enabled: true | |
| policyController: | |
| enabled: true | |
| searchCollector: | |
| enabled: true | |
| - name: Check for managedcluster inside region cluster namespace | |
| kubernetes.core.k8s_info: | |
| kind: ManagedCluster | |
| name: "{{ REMOTECLUSTERNAME }}" | |
| namespace: "{{ REMOTECLUSTERNAME }}" | |
| api_version: cluster.open-cluster-management.io/v1 | |
| delay: 10 | |
| retries: 60 | |
| register: result | |
| until: result.api_found|bool == True | |
| # Uncomment the following if you need to add special labels to the imported cluster | |
| # - name: Wait for managed cluster to show up as imported | |
| # kubernetes.core.k8s: | |
| # state: patched | |
| # kind: ManagedCluster | |
| # namespace: "{{ REMOTECLUSTERNAME }}" | |
| # name: "{{ REMOTECLUSTERNAME }}" | |
| # api_version: cluster.open-cluster-management.io/v1 | |
| # definition: | |
| # metadata: | |
| # labels: | |
| # foo: bar |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment