# Namespace Setup Role

This role creates and configures the namespaces required for Container Mom components, including resource limits, labels, and initial secrets.

## Overview

The Namespace Setup role:

1. Creates system and test namespaces for Container Mom components
2. Sets up resource quotas and limits
3. Creates initial secrets for authentication
4. Labels namespaces for OpenShift integration
5. Applies appropriate annotations for security

## Role Variables

| Variable | Description | Default |
|----------|-------------|---------|
| system_namespaces | List of system namespaces to create | See defaults/main.yml |
| test_namespaces | List of test namespaces to create | See defaults/main.yml |
| resource_quota_enabled | Whether to enable resource quotas | true |
| registry_pull_secret_name | Name of secret for registry authentication | "registry-pull-secret" |
| registry_token | Token for registry authentication | From vault |

## Directory Structure

```
namespace_setup/
├── defaults/           # Default variables
│   └── main.yml
├── meta/               # Role metadata
│   └── main.yml
├── tasks/              # Tasks for namespace setup
│   └── main.yml
├── templates/          # Templates for resources
└── vars/               # Role-specific variables
```

## Namespaces Created

By default, the role creates the following namespaces:

### System Namespaces
- container-mom-system
- container-mom-portal
- container-mom-operator
- container-mom-apps

### Test Namespaces
- container-mom-system-test
- container-mom-portal-test
- container-mom-operator-test
- container-mom-apps-test

Each namespace includes appropriate labels and annotations.

## Secret Management

The role creates the following secrets:

1. **Registry Pull Secret**:
   - Used for pulling container images from private registries
   - Created in all namespaces

2. **Container Mom Portal Secrets**:
   - Created in the portal namespace
   - Includes Auth0 configuration
   - Includes basic auth configuration

3. **Cloudflare API Token Secret** (optional):
   - Used for DNS management with Cloudflare
   - Created when `skip_cloudflare_secret` is false

## Required Vault Variables

The following variables must be set in your Ansible vault (secrets.yml):

```yaml
global:
  registry_token: "your-registry-token"
  
  # Production environment
  prod:
    container_mom_portal:
      auth0:
        domain: "dev-example.us.auth0.com"
        client_id: "your_auth0_client_id"
        client_secret: "your_auth0_client_secret"
        secret: "your_auth0_secret"
      basic_auth:
        enabled: false
        password: "strong-password"

  # Test environment
  test:
    container_mom_portal:
      auth0:
        domain: "dev-example.us.auth0.com"
        client_id: "your_test_auth0_client_id"
        client_secret: "your_test_auth0_client_secret"
        secret: "your_test_auth0_secret"
      basic_auth:
        enabled: true
        password: "test-password"
```

## Example Usage

```yaml
- name: Set up Container Mom namespaces
  hosts: localhost
  roles:
    - role: namespace_setup
      vars:
        resource_quota_enabled: true
```

## Dependencies

This role depends on:
- **kubernetes_auth**: For cluster authentication

## Notes

- System namespaces are used for production workloads
- Test namespaces are used for testing new features
- Resource quotas can be disabled for development environments
- The role is idempotent and can be safely rerun