--- - import_tasks: facts.yml - import_tasks: upgrade.yml when: openshift_upgrade_target is defined - include_tasks: generate_certs.yml # Deployment of ansible-service-broker starts here - name: create openshift-ansible-service-broker project oc_project: name: openshift-ansible-service-broker state: present node_selector: - "" - name: create ansible-service-broker serviceaccount oc_serviceaccount: name: asb namespace: openshift-ansible-service-broker state: present - name: create ansible-service-broker client serviceaccount oc_serviceaccount: name: asb-client namespace: openshift-ansible-service-broker state: present - name: Create asb-auth cluster role oc_clusterrole: state: present name: asb-auth rules: - apiGroups: [""] resources: ["namespaces"] verbs: ["create", "delete"] - apiGroups: ["authorization.openshift.io"] resources: ["subjectrulesreview"] verbs: ["create"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] verbs: ["create"] - apiGroups: ["authentication.k8s.io"] resources: ["tokenreviews"] verbs: ["create"] - apiGroups: ["image.openshift.io", ""] resources: ["images"] verbs: ["get", "list"] - apiGroups: ["network.openshift.io"] resources: ["clusternetworks", "netnamespaces"] verbs: ["get"] - apiGroups: ["network.openshift.io"] resources: ["netnamespaces"] verbs: ["update"] - apiGroups: ["networking.k8s.io"] resources: ["networkpolicies"] verbs: ["create", "delete"] - apiGroups: ["automationbroker.io"] resources: ["bundles", "bundlebindings", "bundleinstances"] verbs: ["*"] - name: Create asb-access cluster role oc_clusterrole: state: present name: asb-access rules: - nonResourceURLs: ["/ansible-service-broker", "/ansible-service-broker/*"] verbs: ["get", "post", "put", "patch", "delete"] - name: Bind admin cluster-role to asb serviceaccount oc_adm_policy_user: state: present resource_kind: cluster-role resource_name: admin user: "system:serviceaccount:openshift-ansible-service-broker:asb" - name: Bind auth cluster role to asb service account oc_adm_policy_user: state: present resource_kind: cluster-role resource_name: asb-auth user: "system:serviceaccount:openshift-ansible-service-broker:asb" - name: Bind asb-access role to asb-client service account oc_adm_policy_user: state: present resource_kind: cluster-role resource_name: asb-access user: "system:serviceaccount:openshift-ansible-service-broker:asb-client" - name: create asb-client token secret oc_obj: name: asb-client namespace: openshift-ansible-service-broker state: present kind: Secret content: path: /tmp/asbclientsecretout data: apiVersion: v1 kind: Secret metadata: name: asb-client namespace: openshift-ansible-service-broker annotations: kubernetes.io/service-account.name: asb-client type: kubernetes.io/service-account-token - oc_secret: state: list namespace: openshift-ansible-service-broker name: asb-client register: asb_client_secret - set_fact: service_ca_crt: "{{ asb_client_secret.results.results.0.data['service-ca.crt'] }}" - name: Create custom resource definitions for asb oc_obj: name: '{{ asb_crd.metadata.name }}' kind: CustomResourceDefinition state: present content: path: /tmp/{{ asb_crd.metadata.name }} data: '{{ asb_crd }}' vars: asb_crd: "{{ lookup('file', item) | from_yaml }}" with_fileglob: - 'files/*.automationbroker.io.yaml' - name: create ansible-service-broker service oc_service: name: asb namespace: openshift-ansible-service-broker labels: app: openshift-ansible-service-broker service: asb annotations: service.alpha.openshift.io/serving-cert-secret-name: asb-tls ports: - name: port-1338 port: 1338 targetPort: 1338 protocol: TCP - name: port-1337 port: 1337 targetPort: 1337 protocol: TCP selector: app: openshift-ansible-service-broker service: asb - name: create route for ansible-service-broker service oc_route: name: asb-1338 namespace: openshift-ansible-service-broker state: present labels: app: openshift-ansible-service-broker service: asb service_name: asb port: 1338 tls_termination: Reencrypt - name: create route for dashboard-redirector service oc_route: name: dr-1337 namespace: openshift-ansible-service-broker state: present labels: app: openshift-ansible-service-broker service: asb service_name: asb port: 1337 when: ansible_service_broker_enable_dashboard_redirector - name: Set Ansible Service Broker deployment config oc_obj: force: yes name: asb namespace: openshift-ansible-service-broker state: present kind: DeploymentConfig content: path: /tmp/dcout data: "{{ lookup('template', 'asb_dc.yaml.j2') | from_yaml }}" - name: set auth name and type facts if needed set_fact: ansible_service_broker_registry_auth_type: "secret" ansible_service_broker_registry_auth_name: "asb-registry-auth" when: ansible_service_broker_registry_user != "" and ansible_service_broker_registry_password != "" # TODO: saw a oc_configmap in the library, but didn't understand how to get it to do the following: - name: Create config map for ansible-service-broker oc_obj: name: broker-config namespace: openshift-ansible-service-broker state: present kind: ConfigMap content: path: /tmp/cmout data: "{{ lookup('template', 'configmap.yaml.j2') | from_yaml }}" - oc_secret: name: asb-registry-auth namespace: openshift-ansible-service-broker state: present contents: - path: username data: "{{ ansible_service_broker_registry_user }}" - path: password data: "{{ ansible_service_broker_registry_password }}" when: ansible_service_broker_registry_user != "" and ansible_service_broker_registry_password != "" - name: Create the Broker resource in the catalog oc_obj: name: ansible-service-broker state: present kind: ClusterServiceBroker content: path: /tmp/brokerout data: apiVersion: servicecatalog.k8s.io/v1beta1 kind: ClusterServiceBroker metadata: name: ansible-service-broker spec: url: https://asb.openshift-ansible-service-broker.svc:1338/ansible-service-broker authInfo: bearer: secretRef: name: asb-client namespace: openshift-ansible-service-broker kind: Secret caBundle: "{{ service_ca_crt }}"