# Container Mom Operator Role This role sets up the Container Mom Operator in an OpenShift cluster. It manages the creation of necessary secrets, configmaps, and resources for the operator to function properly. ## Prerequisites The following are required before using this role: - Access to an OpenShift cluster - Forgejo credentials configured in the Ansible vault - ArgoCD credentials configured in the Ansible vault - Cloudflare credentials configured in the Ansible vault (for DNS integration) ## Role Variables All role variables are defined in defaults/main.yml. Important variables include: | Variable | Description | Default | |----------|-------------|---------| | forgejo_url | URL for the Forgejo instance | "https://git.container.mom" | | forgejo_org | Organization name in Forgejo | "container-mom" | | argocd_namespace | Namespace where ArgoCD is deployed | "wkl-argocd" | | argocd_url | URL for the ArgoCD instance | Based on cluster name and region | | base_domain | Base domain for the cluster | Based on cluster name and region | ## Secrets Management ### Forgejo Credentials The role creates a secret for Forgejo integration with the following keys: - token: API token for Forgejo - username: Forgejo admin username - password: Forgejo admin password ### ArgoCD Credentials The role creates a secret for ArgoCD integration with the following keys: - namespace: ArgoCD namespace - url: ArgoCD URL - token: ArgoCD authentication token ### Cloudflare Credentials The role creates a secret for Cloudflare DNS integration with the following keys: - CLOUDFLARE_API_TOKEN: API token for Cloudflare - CLOUDFLARE_ZONE_ID: Zone ID for the domain - OPENSHIFT_ROUTER_URL: OpenShift router URL to use as the CNAME target ## Required Vault Variables The following variables must be set in your Ansible vault (secrets.yml): ```yaml global: forgejo: admin_username: "your_admin_username" admin_password: "your_admin_password" api_token: "your_forgejo_api_token" argocd: auth_token: "your_argocd_auth_token" cloudflare: api_token: "your_cloudflare_api_token" zone_id: "your_cloudflare_zone_id" router_url: "router-default.apps.hub.euw.container.mom" ``` ## Cloudflare Integration The Container Mom Operator uses Cloudflare DNS integration to automatically create CNAME records for routes. To use this feature: 1. Create a Cloudflare API token with the following permissions: - Zone:DNS:Edit - Zone:Zone:Read 2. Find your Cloudflare Zone ID for the domain (e.g., container.mom) 3. Add these values to your Ansible vault as shown above ## Example Playbook Usage ```yaml - name: Deploy Container Mom Operator hosts: localhost roles: - role: container_mom_operator vars: forgejo_url: "https://git.container.mom" forgejo_org: "container-mom" argocd_namespace: "wkl-argocd" argocd_url: "https://wkl-argocd.apps.hub.euw.container.mom" base_domain: "apps.hub.euw.container.mom" ```