Tobias Wüst
01fd12d75c
Adds k3s and ess_pro roles to replace the planned Nextcloud Talk stack. Integrates with existing Keycloak (OIDC), Garage (S3 media) and OpenBao (secrets). Hostnames under digitalboard.ch.
41 lines
1.5 KiB
YAML
41 lines
1.5 KiB
YAML
# SPDX-License-Identifier: MIT-0
|
|
---
|
|
# Helm needs to authenticate against registry.element.io to pull both the
|
|
# matrix-stack chart AND the Pro container images. We do both:
|
|
# 1. `helm registry login` so the chart pull works.
|
|
# 2. A docker-registry Secret in the namespace so pods can pull images.
|
|
|
|
- name: Log in to Element Helm/OCI registry
|
|
ansible.builtin.command:
|
|
cmd: >-
|
|
{{ ess_pro_helm_install_dir }}/helm registry login {{ ess_pro_registry_url }}
|
|
--username {{ ess_pro_registry_username | quote }}
|
|
--password-stdin
|
|
stdin: "{{ ess_pro_registry_token }}"
|
|
register: helm_login
|
|
changed_when: "'Login Succeeded' in (helm_login.stdout + helm_login.stderr)"
|
|
no_log: true
|
|
|
|
- name: Create image pull Secret for the ESS namespace
|
|
kubernetes.core.k8s:
|
|
kubeconfig: "{{ ess_pro_kubeconfig }}"
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: Secret
|
|
type: kubernetes.io/dockerconfigjson
|
|
metadata:
|
|
name: "{{ ess_pro_image_pull_secret_name }}"
|
|
namespace: "{{ ess_pro_namespace }}"
|
|
labels:
|
|
app.kubernetes.io/managed-by: ansible
|
|
data:
|
|
.dockerconfigjson: "{{ _dockerconfig | to_json | b64encode }}"
|
|
vars:
|
|
_dockerconfig:
|
|
auths:
|
|
"{{ ess_pro_registry_url }}":
|
|
username: "{{ ess_pro_registry_username }}"
|
|
password: "{{ ess_pro_registry_token }}"
|
|
auth: "{{ (ess_pro_registry_username ~ ':' ~ ess_pro_registry_token) | b64encode }}"
|
|
no_log: true
|