Fixing workflows

Author: xnoto

.github/workflows/apply.yml

@@ -20,6 +20,15 @@ jobs:
       - name: Run Git as root
         run: git config --global --add safe.directory '*'
 
+      - name: Install SSH key
+        uses: shimataro/ssh-key-action@v2
+        with:
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }}
+
+      - name: Copy SSH area
+        run: cp -r /root/.ssh /github/home/
+
       - name: Login to OpenShift
         uses: redhat-actions/oc-login@v1
         with:

.github/workflows/plan.yml

@@ -20,6 +20,14 @@ jobs:
       - name: Run Git as root
         run: git config --global --add safe.directory '*'
 
+      - name: Install SSH key
+        uses: shimataro/ssh-key-action@v2
+        with:
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }}
+
+      - name: Copy SSH area
+
       - name: Login to OpenShift
         uses: redhat-actions/oc-login@v1
         with:

Makefile

@@ -1,4 +1,5 @@
 SHELL := /bin/bash
+CLUSTER_HOST := ltc.makeitwork.cloud
 OPENSHIFT := $(shell which oc)
 TERRAFORM := $(shell which terraform)
 ARGOCD_URL := $(shell sops decrypt secrets/secrets.yaml | grep argocd_url | cut -d ' ' -f 2)
@@ -31,6 +32,9 @@ help:
 	@echo "\tpre-commit-check-deps: check pre-commit dependencies"
 	@echo
 
+check-context:
+	@if [[ "${CONTEXT}" == *"${DESIRED_CONTEXT}"* ]]; then echo "Context check passed"; else echo "Context check failed" && exit 1; fi
+
 clean:
 	@find . -name .terraform -type d | xargs -I {} rm -rf {}
 
@@ -40,18 +44,25 @@ init: check-context clean .terraform/terraform.tfstate
 	@${OPENSHIFT} get project ${OPENSHIFT_TF_NAMESPACE} > /dev/null 2>&1 || ${OPENSHIFT} new-project ${OPENSHIFT_TF_NAMESPACE}
 	@${TERRAFORM} init -reconfigure -upgrade -input=false -backend-config="host=https://${OPENSHIFT_API_URL}" -backend-config="namespace=${OPENSHIFT_TF_NAMESPACE}"
 
-plan: init .terraform/plan
+plan: ansible-check init .terraform/plan
 
 .terraform/plan:
-	@${TERRAFORM} state show kubernetes_manifest.openshift_gitops_subscription >/dev/null 2>&1 && ${TERRAFORM} plan -compact-warnings -out .terraform/plan || ${TERRAFORM} plan -compact-warnings -out .terraform/plan -target kubernetes_manifest.openshift_gitops_subscription
+	@${TERRAFORM} plan -compact-warnings -out .terraform/plan
 
-initial-deployment-apply:
-	@${TERRAFORM} state show kubernetes_manifest.openshift_gitops_subscription >/dev/null 2>&1 || ( echo "INITIAL DEPLOYMENT" && ${TERRAFORM} apply -auto-approve -compact-warnings -target kubernetes_manifest.openshift_gitops_subscription .terraform/plan && rm -f .terraform/plan && echo "WAITING FOR GITOPS DEPLOYMENT" && while true; do oc get argocd -n openshift-gitops openshift-gitops >/dev/null 2>&1 && sleep 10 && break; sleep 2; done && oc apply -k kustomize && echo "WAITING FOR CHANGES TO BE DEPLOYED" && while true; do oc get argocd openshift-gitops -n openshift-gitops -o yaml | grep KSOPS >/dev/null 2>&1 && sleep 10 && break; sleep 2; done && ${TERRAFORM} plan -compact-warnings -out .terraform/plan )
+ansible-check:
+	@rm -rf ~/.ansible >/dev/null 2>&1
+	@ansible-galaxy install -r ansible/requirements.yml
+	@ansible/site.yml -i "${CLUSTER_HOST}," -C --diff
 
-apply: test plan initial-deployment-apply
+apply: ansible-init test plan
 	@${TERRAFORM} apply -auto-approve -compact-warnings .terraform/plan
 	@rm -f .terraform/plan
 
+ansible-init:
+	@rm -rf ~/.ansible >/dev/null 2>&1
+	@ansible-galaxy install -r ansible/requirements.yml
+	@ansible/site.yml -i "${CLUSTER_HOST},"
+
 test: check-context .git/hooks/pre-commit
 	@pre-commit run -a
 
@@ -74,19 +85,18 @@ pre-commit-install-hooks: .git/hooks/pre-commit
 .git/hooks/pre-commit: pre-commit-check-deps
 	@pre-commit install --install-hooks
 
-check-context:
-	@ if [[ "${CONTEXT}" == *"${DESIRED_CONTEXT}"* ]]; then echo "Context check passed"; else echo "Context check failed" && exit 1; fi
 
 argocd-password:
-	@ ${OPENSHIFT} get secret openshift-gitops-cluster -n openshift-gitops -o jsonpath='{.data.admin\.password}' | base64 -d
-	@ echo
+	@${OPENSHIFT} get secret openshift-gitops-cluster -n openshift-gitops -o jsonpath='{.data.admin\.password}' | base64 -d
+	@echo
 
 password: argocd-password
 
 argocd-login:
-	@ argocd login --skip-test-tls --insecure --username admin --password "$(shell ${OPENSHIFT} get secret openshift-gitops-cluster -n openshift-gitops -o jsonpath='{.data.admin\.password}' | base64 -d)" ${ARGOCD_URL}
+	@argocd login --skip-test-tls --insecure --username admin --password "$(shell ${OPENSHIFT} get secret openshift-gitops-cluster -n openshift-gitops -o jsonpath='{.data.admin\.password}' | base64 -d)" ${ARGOCD_URL}
 
 argocd-sync: argocd-login
-	@ argocd app sync gitops-configs
+	@argocd app sync gitops-configs
 
 sync: argocd-sync
+

README.md

@@ -22,11 +22,7 @@ No modules.
 |------|------|
 | [kubernetes_cluster_role_binding.openshift_gitops_cluster_admin](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding) | resource |
 | [kubernetes_manifest.argocd_kustomize_app](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
-| [kubernetes_manifest.openshift_gitops_operator_group](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
-| [kubernetes_manifest.openshift_gitops_subscription](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
-| [kubernetes_namespace.openshift_gitops](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_secret.argocd_github_repo_secret](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [kubernetes_secret.sops_age_key](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [sops_file.secret_vars](https://registry.terraform.io/providers/carlpett/sops/latest/docs/data-sources/file) | data source |
 
 ## Inputs

ansible/gitops.yml

@@ -1 +1,5 @@
-- src: https://github.com/makeitworkcloud/ansible-crc
+---
+- name: crc
+  src: https://github.com/makeitworkcloud/ansible-crc
+- name: ksopsgitops
+  src: https://github.com/makeitworkcloud/ansible-ksops

ansible/requirements.yml

@@ -0,0 +1,8 @@
+#!/usr/bin/env ansible-playbook
+---
+- name: Deploy OpenShift Local + GitOps
+  gather_facts: true
+  hosts: all
+  roles:
+    - crc
+    - ksopsgitops

ansible/site.yml

@@ -12,7 +12,7 @@ resource "kubernetes_secret" "argocd_github_repo_secret" {
     project = "default"
     type    = "git"
   }
-  depends_on = [kubernetes_manifest.openshift_gitops_subscription]
+  depends_on = [kubernetes_cluster_role_binding.openshift_gitops_cluster_admin]
 }
 
 resource "kubernetes_manifest" "argocd_kustomize_app" {
@@ -27,7 +27,7 @@ resource "kubernetes_manifest" "argocd_kustomize_app" {
       project = "default"
       source = {
         repoURL        = "https://github.com/makeitworkcloud/cluster.git"
-        path           = "gitops-configs"
+        path           = "kustomize"
         targetRevision = "main"
       }
       destination = {
@@ -43,3 +43,4 @@ resource "kubernetes_manifest" "argocd_kustomize_app" {
   }
   depends_on = [kubernetes_secret.argocd_github_repo_secret]
 }
+