redhat-cop · newgoliath · Nov 26, 2024 · Nov 22, 2024
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_rhacm_cloud_credentials/defaults/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_rhacm_cloud_credentials/defaults/main.yml
@@ -5,6 +5,13 @@ silent: false
 tmp_dir: /tmp/{{ guid }}
 tmp_kubeconfig: "{{ tmp_dir }}/.kube/config"
 
+# Common variables
+ocp4_token: CHANGEME
+ssh_privatekey: CHANGEME
+ssh_publickey: CHANGEME
+
+ocp4_workload_rhacm_cloud_credentials_namespace: open-cluster-management
+
 # Azure Cloud credentials
 az_acm_secret_name: azure-secret
 # az_acm_secret_namespace: "open-cluster-management"
@@ -26,7 +33,6 @@ ocp4_base_domain: CHANGEME
 # AWS ACM namespace (optional)
 # aws_acm_secret_namespace: CHANGEME
 
-# Common variables
-ocp4_token: CHANGEME
-ssh_privatekey: CHANGEME
-ssh_publickey: CHANGEME
+# kubevirt credentials
+ocp4_workload_rhacm_cloud_credentials_kubevirt: false
+ocp4_workload_rhacm_cloud_credentials_kubevirt_secret_name: kubevirt-secret
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_rhacm_cloud_credentials/readme.adoc b/ansible/roles_ocp_workloads/ocp4_workload_rhacm_cloud_credentials/readme.adoc
@@ -1,67 +1,11 @@
-= ocp4_workload_lpe_automation_controller - automation_controller Workload Role
+= ocp4_workload_rhacm_cloud_credentials
 
 == Role overview
 
-Deploys an instance of automation_controller on your cluster, into a new project or an existing project.
+Create the Secrets necessary for RHACM to deploy clusters.
 
-== Review the defaults variable file
+Supports:
 
-* This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you need to define to control the deployment of your workload.
-* The variable *ocp_username* is mandatory to assign the workload to the correct OpenShift user.
-* A variable *silent=True* can be passed to suppress debug messages.
-* You can modify any of these default values by adding `-e "variable_name=variable_value"` to the command line
-
-=== Deploy a Workload with the `ocp-workload` playbook [Mostly for testing]
-
-----
-TARGET_HOST="bastion.na39.openshift.opentlc.com"
-OCP_USERNAME="mitsharm-redhat.com"
-WORKLOAD="ocp4_workload_lpe_automation_controller"
-GUID=1001
-
-# a TARGET_HOST is specified in the command line, without using an inventory file
-ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \
-    -e"ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem" \
-    -e"ansible_user=ec2-user" \
-    -e"ocp_username=${OCP_USERNAME}" \
-    -e"ocp_workload=${WORKLOAD}" \
-    -e"silent=False" \
-    -e"guid=${GUID}" \
-    -e"ACTION=create"
-----
-
-=== To Delete an environment
-
-----
-TARGET_HOST="bastion.na39.openshift.opentlc.com"
-OCP_USERNAME="psrivast-redhat.com"
-WORKLOAD="ocp4_workload_lpe_automation_controller"
-GUID=1002
-
-# a TARGET_HOST is specified in the command line, without using an inventory file
-ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \
-    -e"ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem" \
-    -e"ansible_user=ec2-user" \
-    -e"ocp_username=${OCP_USERNAME}" \
-    -e"ocp_workload=${WORKLOAD}" \
-    -e"guid=${GUID}" \
-    -e"ACTION=remove"
-----
-
-
-== Other related information:
-
-=== Deploy Workload on OpenShift Cluster from an existing playbook:
-
-[source,yaml]
-----
-- name: Deploy a workload role on a master host
-  hosts: all
-  become: true
-  gather_facts: False
-  tags:
-    - step007
-  roles:
-    - { role: "{{ocp_workload}}", when: 'ocp_workload is defined' }
-----
-NOTE: You might want to change `hosts: all` to fit your requirements
+* AWS
+* Azure
+* KubeVirt
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_rhacm_cloud_credentials/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_rhacm_cloud_credentials/tasks/workload.yml
@@ -21,6 +21,17 @@
         state: present
         definition: "{{ lookup('template', './templates/azure_secret.j2' ) | from_yaml }}"
 
+- when: ocp4_workload_rhacm_cloud_credentials_kubevirt | default(false) | bool
+  vars:
+    ocp4_workload_rhacm_cloud_credentials_kubevirt_pubkey: |
+      {{ hostvars.localhost.ssh_provision_pubkey_content |
+         default(hostvars.localhost.env_authorized_key_content_pub) }}
+  block:
+    - name: Create OpenShift objects for workload - KubeVirt
+      kubernetes.core.k8s:
+        state: present
+        definition: "{{ lookup('template', './templates/kubevirt_ns_and_secret.yaml.j2' ) | from_yaml_all }}"
+
 # Leave this as the last task in the playbook.
 - name: workload tasks complete
   debug:

diff --git a/..._workloads/ocp4_workload_rhacm_cloud_credentials/templates/kubevirt_ns_and_secret.yaml.j2 b/..._workloads/ocp4_workload_rhacm_cloud_credentials/templates/kubevirt_ns_and_secret.yaml.j2
@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ ocp4_workload_rhacm_cloud_credentials_namespace }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ ocp4_workload_rhacm_cloud_credentials_kubevirt_secret_name }}
+  namespace: {{ ocp4_workload_rhacm_cloud_credentials_namespace }}
+  annotations:
+  labels:
+    cluster.open-cluster-management.io/credentials: ""
+    cluster.open-cluster-management.io/type: kubevirt
+type: Opaque
+data:
+  pullSecret: {{ ocp4_token | string | b64encode }}
+  ssh-publickey: |
+    {{ ocp4_workload_rhacm_cloud_credentials_kubevirt_pubkey |
+       string | b64encode }}