--- # Tasks for setting up container-mom namespaces and secrets - name: Extract Docker registry credentials from vault ansible.builtin.set_fact: registry_password: "{{ global.registry_token }}" when: global is defined and global.registry_token is defined - name: Create Docker config JSON ansible.builtin.set_fact: docker_config_json: "{{ {'auths': {'https://' + registry_server: {'username': registry_username, 'password': registry_password, 'email': registry_email, 'auth': (registry_username + ':' + registry_password) | b64encode }}} | to_json }}" when: registry_password is defined # Create production namespaces - name: Create production namespaces kubernetes.core.k8s: state: present definition: apiVersion: v1 kind: Namespace metadata: name: "{{ item.name }}" labels: "{{ item.labels | default({}) }}" kubeconfig: "{{ k8s_auth_params.kubeconfig }}" validate_certs: "{{ k8s_auth_params.validate_certs }}" loop: "{{ system_namespaces }}" when: is_hub_cluster | bool # Create registry secret in all production namespaces - name: Create registry secret in production namespaces kubernetes.core.k8s: state: present definition: apiVersion: v1 kind: Secret metadata: name: container-mom-registry namespace: "{{ item.name }}" type: kubernetes.io/dockerconfigjson stringData: .dockerconfigjson: "{{ docker_config_json }}" kubeconfig: "{{ k8s_auth_params.kubeconfig }}" validate_certs: "{{ k8s_auth_params.validate_certs }}" loop: "{{ system_namespaces }}" when: - is_hub_cluster | bool - registry_password is defined - docker_config_json is defined # Create test namespaces - name: Create test namespaces kubernetes.core.k8s: state: present definition: apiVersion: v1 kind: Namespace metadata: name: "{{ item.name }}" labels: "{{ item.labels | default({}) }}" kubeconfig: "{{ k8s_auth_params.kubeconfig }}" validate_certs: "{{ k8s_auth_params.validate_certs }}" loop: "{{ test_namespaces }}" when: is_hub_cluster | bool # Create registry secret in all test namespaces - name: Create registry secret in test namespaces kubernetes.core.k8s: state: present definition: apiVersion: v1 kind: Secret metadata: name: container-mom-registry namespace: "{{ item.name }}" type: kubernetes.io/dockerconfigjson stringData: .dockerconfigjson: "{{ docker_config_json }}" kubeconfig: "{{ k8s_auth_params.kubeconfig }}" validate_certs: "{{ k8s_auth_params.validate_certs }}" loop: "{{ test_namespaces }}" when: - is_hub_cluster | bool - registry_password is defined - docker_config_json is defined # Create Portal Backend Secret for production - name: Create Container Mom Portal backend secrets for production kubernetes.core.k8s: state: present definition: apiVersion: v1 kind: Secret metadata: name: container-mom-portal-backend-secret namespace: container-mom-portal labels: app: container-mom-portal component: backend type: Opaque stringData: # Auth0 credentials AUTH0_CLIENT_ID: "{{ global.prod.container_mom_portal.auth0.client_id | default('') }}" AUTH0_CLIENT_SECRET: "{{ global.prod.container_mom_portal.auth0.client_secret | default('') }}" AUTH0_SECRET: "{{ global.prod.container_mom_portal.auth0.secret | default('') }}" # Basic auth password (for testing environments) BASIC_AUTH_PASSWORD: "{{ global.prod.container_mom_portal.basic_auth.password | default('') }}" kubeconfig: "{{ k8s_auth_params.kubeconfig }}" validate_certs: "{{ k8s_auth_params.validate_certs }}" when: - is_hub_cluster | bool - global is defined - global.prod is defined - global.prod.container_mom_portal is defined # Create Portal Backend ConfigMap for production - name: Create Container Mom Portal backend config for production kubernetes.core.k8s: state: present definition: apiVersion: v1 kind: ConfigMap metadata: name: container-mom-portal-backend-config namespace: container-mom-portal labels: app: container-mom-portal component: backend data: # Auth0 domain AUTH0_DOMAIN: "{{ global.prod.container_mom_portal.auth0.domain | default('dev-a3o2jif0.us.auth0.com') }}" # Basic auth settings - use settings from production config ENABLE_BASIC_AUTH: "{{ global.prod.container_mom_portal.basic_auth.enabled | default(false) | string | lower }}" BASIC_AUTH_USERNAME: "testuser" kubeconfig: "{{ k8s_auth_params.kubeconfig }}" validate_certs: "{{ k8s_auth_params.validate_certs }}" when: - is_hub_cluster | bool - global is defined - global.prod is defined - global.prod.container_mom_portal is defined # Create Portal Frontend ConfigMap for production - name: Create Container Mom Portal frontend config for production kubernetes.core.k8s: state: present definition: apiVersion: v1 kind: ConfigMap metadata: name: portal-config namespace: container-mom-portal labels: app: container-mom-portal component: frontend data: # Basic auth settings - use settings from production config REACT_APP_ENABLE_BASIC_AUTH: "{{ global.prod.container_mom_portal.basic_auth.enabled | default(false) | string | lower }}" REACT_APP_BASIC_AUTH_USERNAME: "testuser" kubeconfig: "{{ k8s_auth_params.kubeconfig }}" validate_certs: "{{ k8s_auth_params.validate_certs }}" when: - is_hub_cluster | bool - global is defined - global.prod is defined - global.prod.container_mom_portal is defined # Create Portal Backend Secret for test environment - name: Create Container Mom Portal backend secrets for test kubernetes.core.k8s: state: present definition: apiVersion: v1 kind: Secret metadata: name: container-mom-portal-backend-secret namespace: container-mom-portal-test labels: app: container-mom-portal component: backend environment: test type: Opaque stringData: # Auth0 credentials - use test environment settings AUTH0_CLIENT_ID: "{{ global.test.container_mom_portal.auth0.client_id | default('') }}" AUTH0_CLIENT_SECRET: "{{ global.test.container_mom_portal.auth0.client_secret | default('') }}" AUTH0_SECRET: "{{ global.test.container_mom_portal.auth0.secret | default('') }}" # Basic auth password - use test environment settings BASIC_AUTH_PASSWORD: "{{ global.test.container_mom_portal.basic_auth.password | default('') }}" kubeconfig: "{{ k8s_auth_params.kubeconfig }}" validate_certs: "{{ k8s_auth_params.validate_certs }}" when: - is_hub_cluster | bool - global is defined - global.test is defined - global.test.container_mom_portal is defined # Create Portal Backend ConfigMap for test environment - name: Create Container Mom Portal backend config for test kubernetes.core.k8s: state: present definition: apiVersion: v1 kind: ConfigMap metadata: name: container-mom-portal-backend-config namespace: container-mom-portal-test labels: app: container-mom-portal component: backend environment: test data: # Auth0 domain AUTH0_DOMAIN: "{{ global.test.container_mom_portal.auth0.domain | default('dev-a3o2jif0.us.auth0.com') }}" # Basic auth settings - use test environment settings ENABLE_BASIC_AUTH: "{{ global.test.container_mom_portal.basic_auth.enabled | default(true) | string | lower }}" BASIC_AUTH_USERNAME: "testuser" kubeconfig: "{{ k8s_auth_params.kubeconfig }}" validate_certs: "{{ k8s_auth_params.validate_certs }}" when: - is_hub_cluster | bool - global is defined - global.test is defined - global.test.container_mom_portal is defined # Create Portal Frontend ConfigMap for test environment - name: Create Container Mom Portal frontend config for test kubernetes.core.k8s: state: present definition: apiVersion: v1 kind: ConfigMap metadata: name: portal-config namespace: container-mom-portal-test labels: app: container-mom-portal component: frontend environment: test data: # Basic auth settings - use test environment settings REACT_APP_ENABLE_BASIC_AUTH: "{{ global.test.container_mom_portal.basic_auth.enabled | default(true) | string | lower }}" REACT_APP_BASIC_AUTH_USERNAME: "testuser" kubeconfig: "{{ k8s_auth_params.kubeconfig }}" validate_certs: "{{ k8s_auth_params.validate_certs }}" when: - is_hub_cluster | bool - global is defined - global.test is defined - global.test.container_mom_portal is defined # Create certificates namespace - name: Create cert-manager namespace kubernetes.core.k8s: state: present definition: apiVersion: v1 kind: Namespace metadata: name: cert-manager kubeconfig: "{{ k8s_auth_params.kubeconfig }}" validate_certs: "{{ k8s_auth_params.validate_certs }}" # Create Cloudflare secret in cert-manager namespace - name: Set cert-manager Cloudflare API token variable ansible.builtin.set_fact: certmanager_cloudflare_token: >- {{ global.cloudflare.api_token | default('') if global.cloudflare is mapping else global.cloudflare | default('') }} when: global is defined and global.cloudflare is defined no_log: true - name: Debug Cloudflare secret for cert-manager ansible.builtin.debug: msg: "API token set for cert-manager: {{ certmanager_cloudflare_token | default('') | length > 0 }}" verbosity: 1 when: global is defined and global.cloudflare is defined - name: Create cloudflare-secret in cert-manager namespace kubernetes.core.k8s: state: present definition: apiVersion: v1 kind: Secret metadata: name: cloudflare-secret namespace: cert-manager type: Opaque stringData: # cert-manager expects just the API token as a simple string api-token: "{{ certmanager_cloudflare_token }}" kubeconfig: "{{ k8s_auth_params.kubeconfig }}" validate_certs: "{{ k8s_auth_params.validate_certs }}" when: global is defined and global.cloudflare is defined and certmanager_cloudflare_token | default('') | length > 0