ci: Removed ansible galaxy logic (broken) (#1)

alanbchristie · a.b.christie · web-flow · commit 10fe7cd1359d · 2026-01-23T12:09:50.000Z
Co-authored-by: a.b.christie &lt;alan.christie@matildapeak.com&gt;
diff --git a/roles/fragnet/tasks/deploy-depict.yaml b/roles/fragnet/tasks/deploy-depict.yaml
@@ -2,8 +2,8 @@
 
 - name: Deploy Fragnet Depict objects
   k8s:
-    definition: "{{ lookup('template', '{{ item }}.yaml.j2') }}"
+    definition: "{{ lookup('template', item) }}"
     wait: yes
     wait_timeout: "{{ fs_pod_ready_timeout }}"
   loop:
-  - deployment-depict
+  - deployment-depict.yaml.j2
diff --git a/roles/fragnet/tasks/deploy-search.yaml b/roles/fragnet/tasks/deploy-search.yaml
@@ -37,10 +37,10 @@
 
 - name: Deploy Fragnet Search objects (fs_image_tag={{ fs_image_tag }})
   k8s:
-    definition: "{{ lookup('template', '{{ item }}.yaml.j2') }}"
+    definition: "{{ lookup('template', item) }}"
     wait: yes
     wait_timeout: "{{ fs_pod_ready_timeout }}"
   loop:
-  - configmap-common
-  - configmap-keycloak-search
-  - deployment-search
+  - configmap-common.yaml.j2
+  - configmap-keycloak-search.yaml.j2
+  - deployment-search.yaml.j2
diff --git a/roles/fragnet/tasks/deploy-ui.yaml b/roles/fragnet/tasks/deploy-ui.yaml
@@ -4,68 +4,6 @@
   include_vars:
     file: pull-secrets.vault
 
-# Adjust the Keycloak realm?
-
-- name: Adjust keycloak realm
-  block:
-
-  # Configure the Fragnet Search UI Keycloak Client.
-  #
-  # The user is assumed to have created a realm
-  # and we simply need to add a Role to that realm and then
-  # register the Fragnet Search Client.
-
-  - name: Set client address
-    set_fact:
-      fs_client_hostname: "{{ fs_location['ui'].hostname }}{{ fs_location['ui'].path }}"
-
-  - name: Display client address
-    debug:
-      var: fs_client_hostname
-
-  - import_tasks: get-keycloak-realm-manager-credentials.yaml
-    vars:
-      realm_name: "{{ fs_realm }}"
-      realm_namespace: "{{ ir_namespace }}"
-
-  - name: Add realm roles
-    include_role:
-      name: informaticsmatters.infrastructure_user
-    vars:
-      iu_action: create
-      iu_type: role
-      iu_hostname: "{{ keycloak_server_url|urlsplit('hostname') }}"
-      iu_realm: "{{ fs_realm }}"
-      iu_realm_manager: "{{ keycloak_realm_manager_fact }}"
-      iu_realm_manager_password: "{{ keycloak_realm_manager_password_fact }}"
-      iu_roles:
-      - name: fragnet-search
-
-  - name: Add Keycloak Fragnet Search Client
-    keycloak_client:
-      auth_client_id: admin-cli
-      auth_keycloak_url: "{{ keycloak_server_url }}"
-      auth_realm: "{{ fs_realm }}"
-      auth_username: "{{ keycloak_realm_manager_fact }}"
-      auth_password: "{{ keycloak_realm_manager_password_fact }}"
-      realm: "{{ fs_realm }}"
-      client_id: "{{ fs_keycloak_client_id }}"
-      protocol: openid-connect
-      base_url: https://{{ fs_client_hostname }}
-      web_origins:
-      - https://{{ fs_client_hostname }}
-      redirect_uris:
-      - https://{{ fs_client_hostname }}/*
-      public_client: yes
-      service_accounts_enabled: yes
-      direct_access_grants_enabled: yes
-      standard_flow_enabled: yes
-      default_roles:
-      - fragnet-search
-    delegate_to: localhost
-
-  when: fs_alter_realm|bool
-
 # Create secret objects for each image pull secret defined.
 # These are typically used to pull container images
 # from private registries.
@@ -81,10 +19,10 @@
 
 - name: Deploy Fragnet UI objects
   k8s:
-    definition: "{{ lookup('template', '{{ item }}.yaml.j2') }}"
+    definition: "{{ lookup('template', item) }}"
     wait: yes
     wait_timeout: "{{ fs_pod_ready_timeout }}"
   loop:
-  - configmap-common
-  - configmap-ui
-  - deployment-ui
+  - configmap-common.yaml.j2
+  - configmap-ui.yaml.j2
+  - deployment-ui.yaml.j2
diff --git a/roles/fragnet/tasks/deploy.yaml b/roles/fragnet/tasks/deploy.yaml
@@ -39,17 +39,10 @@
 
 - name: Create namespace objects
   k8s:
-    definition: "{{ lookup('template', '{{ item }}.yaml.j2') }}"
+    definition: "{{ lookup('template', item) }}"
     wait: yes
   loop:
-  - serviceaccount
-  - role
-  - rolebinding-fs-sa
-
-- name: Relax {{ fs_namespace }}§ 'default' service account (for cert-manager)
-  k8s:
-    definition: "{{ lookup('template', 'rolebinding-default-sa.yaml.j2') }}"
-    wait: yes
+  - serviceaccount.yaml.j2
 
 # Deploy Search, Depict or UI?
 
diff --git a/roles/fragnet/tasks/get-keycloak-realm-manager-credentials.yaml b/roles/fragnet/tasks/get-keycloak-realm-manager-credentials.yaml
diff --git a/roles/fragnet/tasks/main.yaml b/roles/fragnet/tasks/main.yaml
@@ -11,17 +11,17 @@
 - name: Assert authentication
   assert:
     that:
-    - k8s_auth_host|length > 0
-    - k8s_auth_api_key|length > 0
+    - k8s_auth_host | length > 0
+    - k8s_auth_api_key | length > 0
 
 # Go...
 
 - block:
 
   - include_tasks: deploy.yaml
-    when: fs_state|string == 'present'
+    when: fs_state | string == 'present'
   - include_tasks: undeploy.yaml
-    when: fs_state|string == 'absent'
+    when: fs_state | string == 'absent'
 
   module_defaults:
     group/k8s:
diff --git a/roles/fragnet/tasks/prep.yaml b/roles/fragnet/tasks/prep.yaml
@@ -39,13 +39,6 @@
   - { name: 'openshift', version: '0.10.0' }
   when: fs_control_needs_kubernetes|bool
 
-# Install required Ansible Galaxy modules
-
-- name: Install Ansible Galaxy modules
-  command: ansible-galaxy install -r infrastructure-realm-requirements.yaml
-  register: ag_result
-  changed_when: "'downloading role' in ag_result.stdout"
-
 # Kubernetes credentials ------------------------------------------------------
 
 # We don't use the Kubernetes credentials directly,
diff --git a/roles/fragnet/tasks/undeploy.yaml b/roles/fragnet/tasks/undeploy.yaml
@@ -10,40 +10,3 @@
     state: absent
     definition: "{{ lookup('template', 'namespace.yaml.j2') }}"
     wait: yes
-
-# ...and then clean-up the infrastructure?
-# Yes if fs_alter_realm is 'yes'
-
-- block:
-
-  - import_tasks: get-keycloak-realm-manager-credentials.yaml
-    vars:
-      realm_name: "{{ fs_realm }}"
-      realm_namespace: "{{ ir_namespace }}"
-
-  - name: Delete Fragnet Search Client
-    keycloak_client:
-      auth_client_id: admin-cli
-      auth_keycloak_url: "{{ keycloak_server_url }}"
-      auth_realm: "{{ fs_realm }}"
-      auth_username: "{{ keycloak_realm_manager_fact }}"
-      auth_password: "{{ keycloak_realm_manager_password_fact }}"
-      realm: "{{ fs_realm }}"
-      client_id: "{{ fs_keycloak_client_id }}"
-      state: absent
-    delegate_to: localhost
-
-  - name: Delete role
-    include_role:
-      name: informaticsmatters.infrastructure_user
-    vars:
-      iu_action: delete
-      iu_type: role
-      iu_hostname: "{{ keycloak_server_url|urlsplit('hostname') }}"
-      iu_realm: "{{ fs_realm }}"
-      iu_realm_manager: "{{ keycloak_realm_manager_fact }}"
-      iu_realm_manager_password: "{{ keycloak_realm_manager_password_fact }}"
-      iu_roles:
-      - name: fragnet-search
-
-  when: fs_alter_realm|bool
diff --git a/roles/fragnet/templates/ingress.yaml.j2 b/roles/fragnet/templates/ingress.yaml.j2
@@ -6,7 +6,6 @@ metadata:
   namespace: {{ fs_namespace }}
   annotations:
     cert-manager.io/cluster-issuer: "letsencrypt-nginx-{{ fs_cert_issuer|lower }}"
-    kubernetes.io/ingress.class: "nginx"
     nginx.ingress.kubernetes.io/cors-allow-origin: "https://{{ fs_cors_allow_origin }}"
     nginx.ingress.kubernetes.io/enable-cors: 'true'
     nginx.ingress.kubernetes.io/proxy-body-size: "{{ fs_ingress_nginx_proxy_body_size }}"
@@ -15,6 +14,7 @@ metadata:
     # For a full set of nginx annotations see...
     # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/
 spec:
+  ingressClassName: nginx
   tls:
   - hosts:
     - {{ fs_location[fs_flavour].hostname }}
diff --git a/roles/fragnet/templates/role.yaml.j2 b/roles/fragnet/templates/role.yaml.j2
diff --git a/roles/fragnet/templates/rolebinding-default-sa.yaml.j2 b/roles/fragnet/templates/rolebinding-default-sa.yaml.j2
diff --git a/roles/fragnet/templates/rolebinding-fs-sa.yaml.j2 b/roles/fragnet/templates/rolebinding-fs-sa.yaml.j2
