ci: DM objects now part of separate play (site_dm)

Alan Christie · Alan Christie · commit 7b118ddada39 · 2022-07-05T14:37:34.000+01:00
diff --git a/README.md b/README.md
@@ -93,6 +93,17 @@ needs. Then deploy, using Ansible, from the root of the project: -
     export PARAMS=parameters
     ansible-playbook -e @${PARAMS}.yaml site.yaml
 
+That deploys the operator and its CRD to your chosen operator namespace.
+To deploy the Data Manager RBAC objects you need to run the
+`site_dm.yaml` playbook: -
+
+    ansible-playbook -e @${PARAMS}.yaml site_dm.yaml
+
+>   If deploying to multiple Data Managers you should just need one operator
+    and then deploy RBACs to each DM namespace. Remember to also adjust the
+    annotations of for CRD so each DM namespace recognises it as a valid
+    application.
+
 To remove the operator (assuming there are no operator-derived instances)...
 
     ansible-playbook -e @${PARAMS}.yaml -e jo_state=absent site.yaml
diff --git a/roles/operator/tasks/deploy.yaml b/roles/operator/tasks/deploy.yaml
@@ -1,37 +1,5 @@
 ---
 
-# Check the Data Manager Namespace and Service Account exists...
-
-- name: Get Data Manager Namespace ({{ jo_dmapi_namespace }})
-  kubernetes.core.k8s_info:
-    kind: Namespace
-    name: "{{ jo_dmapi_namespace }}"
-  register: ns_result
-
-- name: Assert Namespace ({{ jo_dmapi_namespace }})
-  assert:
-    that:
-    - ns_result.resources|length == 1
-
-- name: Get Data Manager ServiceAccount
-  kubernetes.core.k8s_info:
-    kind: ServiceAccount
-    name: data-manager
-    namespace: "{{ jo_dmapi_namespace }}"
-  register: sa_result
-
-- name: Assert ServiceAccount
-  assert:
-    that:
-    - sa_result.resources|length == 1
-
-- name: Deploy Data Manager API Operator RBAC
-  kubernetes.core.k8s:
-    definition: "{{ lookup('template', 'rbac-data-manager.yaml.j2') }}"
-    wait: yes
-
-# Now we can (safely) deploy the operator
-
 - name: Deploy CRD
   kubernetes.core.k8s:
     definition: "{{ lookup('template', 'crd.yaml.j2') }}"
diff --git a/roles/operator/tasks/dm.yaml b/roles/operator/tasks/dm.yaml
@@ -0,0 +1,43 @@
+---
+
+# A ply to deploy objects to the chosen Data Manager namespace.
+# In this case it's a Role and RoleBinding
+
+- include_tasks: prep.yaml
+
+# Check the Data Manager Namespace and Service Account exists...
+
+- name: Deploy DataManager RBAC objects
+  block:
+
+  - name: Get Data Manager Namespace ({{ jo_dmapi_namespace }})
+    kubernetes.core.k8s_info:
+      kind: Namespace
+      name: "{{ jo_dmapi_namespace }}"
+    register: ns_result
+
+  - name: Assert Namespace ({{ jo_dmapi_namespace }})
+    assert:
+      that:
+      - ns_result.resources|length == 1
+
+  - name: Get Data Manager ServiceAccount
+    kubernetes.core.k8s_info:
+      kind: ServiceAccount
+      name: data-manager
+      namespace: "{{ jo_dmapi_namespace }}"
+    register: sa_result
+
+  - name: Assert ServiceAccount
+    assert:
+      that:
+      - sa_result.resources|length == 1
+
+  - name: Deploy Data Manager API Operator RBAC
+    kubernetes.core.k8s:
+      definition: "{{ lookup('template', 'rbac-data-manager.yaml.j2') }}"
+      wait: yes
+
+  module_defaults:
+    group/k8s:
+      kubeconfig: "{{ jo_kubeconfig }}"
diff --git a/roles/operator/tasks/main.yaml b/roles/operator/tasks/main.yaml
@@ -2,6 +2,12 @@
 
 - include_tasks: prep.yaml
 
+- name: Assert operator version defined
+  assert:
+    that:
+    - jo_image_tag|length > 0
+    - jo_image_tag != 'SetMe'
+
 - name: Deploy using Kubernetes config
   block:
 
diff --git a/roles/operator/tasks/prep.yaml b/roles/operator/tasks/prep.yaml
@@ -23,9 +23,3 @@
     that:
     - jo_kubeconfig|length > 0
     - jo_kubeconfig != 'SetMe'
-
-- name: Assert operator version defined
-  assert:
-    that:
-    - jo_image_tag|length > 0
-    - jo_image_tag != 'SetMe'
diff --git a/site_dm.yaml b/site_dm.yaml
@@ -0,0 +1,6 @@
+---
+- hosts: localhost
+  tasks:
+  - include_role:
+      name: operator
+      tasks_from: dm.yaml
diff --git a/xchem-dev-test-parameters.yaml b/xchem-dev-test-parameters.yaml
@@ -0,0 +1,13 @@
+---
+
+jo_image_tag: 19.2.1
+jo_dmapi_namespace: data-manager-api-test
+
+jo_ingress_domain: data-manager.xchem-dev.diamond.ac.uk
+jo_ingress_tls_secret: data-manager-api-tls
+jo_namespaces: data-manager-api-dev:data-manager-api-integration:data-manager-api-test
+jo_pod_node_selector_key: informaticsmatters.com/purpose
+jo_pod_node_selector_value: core
+jo_fallback_node_selector_key: informaticsmatters.com/purpose
+
+jo_kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}"
