Add 'namespace' config for NSaaS

This introduces a new namespace configuration designed to deploy OpenShift workloads directly to an existing namespace without requiring infrastructure provisioning or a bastion host.

This approach is for users who have direct, but potentially limited, namespace-level access to a shared OpenShift cluster and do not manage the underlying infrastructure.

The configuration runs on localhost and connects to the OpenShift API using provided credentials (API token or username/password). Workloads to be deployed are specified in the ocp_workloads_namespaced list variable.

A new example role, ocp_workloads_namespaced_example, is included to demonstrate how to build compatible, namespaced workloads. This role shows:

- Adding oc login initial authentication.
- Managing Kubernetes resources (Deployment, Service) and OpenShift resources (Route) via the kubernetes.core.k8s module and Jinja2 templates.
- Including lifecycle tasks for creation, verification, and destruction of the application.

Author: fridim

ansible/configs/namespace/README.adoc

@@ -0,0 +1,51 @@
+= Namespace Configuration
+
+The `namespace` configuration is designed to deploy OpenShift workloads directly to existing namespaces without requiring infrastructure provisioning or bastion hosts. This is ideal for deploying applications to shared clusters or when you only have namespace-level access.
+
+== Features
+
+* No infrastructure provisioning required
+* Direct connection to OpenShift clusters
+* Support for both token and user/password authentication
+* Simplified deployment for namespace-scoped workloads
+* No SSH or bastion host dependencies
+
+== Usage
+
+1. Copy `sample_vars.yml` to create your deployment variables file
+2. Configure your OpenShift connection details
+3. Define the workloads to deploy in `ocp_workloads_namespaced`
+4. Run the deployment
+
+=== Example Deployment
+
+[source,bash]
+----
+ ansible-navigator run ansible/main.yml -e @ansible/configs/namespace/sample_vars.yml -e @/secrets/ns.yaml -e ACTION=create
+----
+
+== Required Variables
+
+* `sandbox_openshift_api_url`: OpenShift API endpoint
+* `sandbox_openshift_namespace`: Target namespace
+* Authentication (choose one):
+  ** `sandbox_openshift_api_token`: API token
+  ** `sandbox_openshift_user` + `sandbox_openshift_password`: Username/password
+
+== Optional Variables
+
+* `sandbox_openshift_cluster`: Cluster name for identification
+* `sandbox_openshift_apps_domain`: Apps domain for route creation
+* `sandbox_openshift_credentials`: Additional credential objects
+
+== Workloads
+
+Define workloads in the `ocp_workloads_namespaced` list. Each workload should be a role that can deploy to OpenShift using the provided connection variables.
+
+Example:
+[source,yaml]
+----
+ocp_workloads_namespaced:
+  - ocp_workloads_namespaced_example
+  - my_custom_workload
+----

ansible/configs/namespace/default_vars.yml

@@ -0,0 +1,36 @@
+---
+# Namespace Config Default Variables
+# This config deploys OpenShift workloads directly to a namespace without
+# requiring infrastructure
+
+become_override: false
+
+# Cloud Provider
+cloud_provider: none
+
+# OpenShift cluster connection details
+sandbox_openshift_cluster: ""
+sandbox_openshift_api_url: ""
+sandbox_openshift_apps_domain: ""
+sandbox_openshift_namespace: ""
+sandbox_openshift_api_token: ""
+sandbox_openshift_credentials: []
+sandbox_openshift_user: ""
+sandbox_openshift_password: ""
+
+# List of namespace workloads to deploy
+ocp_workloads_namespaced: []
+
+# Environment name to display
+short_env_type_name: namespace
+
+# Common AgnosticD variables
+env_type: namespace
+
+# User info messages
+user_info_messages:
+  - "This configuration deploys workloads directly to OpenShift namespaces"
+  - "No infrastructure or bastion host is created"
+  - "Define 'ocp_workloads_namespaced' to specify workloads to deploy"
+
+target_host: localhost

ansible/configs/namespace/destroy_env.yml

@@ -0,0 +1,37 @@
+---
+- name: Destroy Namespaced OCP Workloads
+  hosts: localhost
+  gather_facts: false
+  become: false
+  tags:
+    - ocp_workloads_namespaced
+  tasks:
+    - name: Destroy namespaced workloads
+      when:
+        - ocp_workloads_namespaced | default([]) | length > 0
+      block:
+        - name: Remove namespaced workload "{{ workload_loop_var }}"
+          ansible.builtin.include_role:
+            name: "{{ workload_loop_var }}"
+          vars:
+            ACTION: "destroy"
+            # Pass through OpenShift connection variables
+            sandbox_openshift_cluster: "{{ sandbox_openshift_cluster | default('') }}"
+            sandbox_openshift_api_url: "{{ sandbox_openshift_api_url | default('') }}"
+            sandbox_openshift_apps_domain: "{{ sandbox_openshift_apps_domain | default('') }}"
+            sandbox_openshift_namespace: "{{ sandbox_openshift_namespace | default('') }}"
+            sandbox_openshift_api_token: "{{ sandbox_openshift_api_token | default('') }}"
+            sandbox_openshift_credentials: "{{ sandbox_openshift_credentials | default([]) }}"
+            sandbox_openshift_user: "{{ sandbox_openshift_user | default('') }}"
+            sandbox_openshift_password: "{{ sandbox_openshift_password | default('') }}"
+          loop: "{{ ocp_workloads_namespaced }}"
+          loop_control:
+            loop_var: workload_loop_var
+
+- name: Destroy complete
+  hosts: localhost
+  gather_facts: false
+  become: false
+  tasks:
+    - debug:
+        msg: "Namespace workloads destroyed successfully"

ansible/configs/namespace/lifecycle.yml

@@ -0,0 +1,30 @@
+---
+- name: Build inventory
+  ansible.builtin.import_playbook: post_infra.yml
+
+- name: Destroy workload(s)
+  hosts: ocp_bastions
+  become: false
+  gather_facts: false
+  tags:
+    - step005
+  tasks:
+  - name: Fail if no action defined
+    when: ACTION is not defined or ACTION == ''
+    ansible.builtin.fail:
+      msg: ACTION must be defined
+
+  - name: Set facts for OpenShift cluster(s)
+    include_tasks: set_cluster_facts.yml
+
+  - name: Run Workloads to perform {{ ACTION }}
+    loop: "{{ cluster_workloads }}"
+    loop_control:
+      loop_var: __workload
+      label: "{{ __workload.name }}"
+    include_tasks: run_workload_on_clusters.yml
+    vars:
+      ACTION: destroy
+
+- name: Cleanup
+  ansible.builtin.import_playbook: cleanup.yml

ansible/configs/namespace/post_infra.yml

@@ -0,0 +1,8 @@
+---
+- name: Step 002 Post Infrastructure
+  hosts: localhost
+  gather_facts: false
+  become: false
+  tasks:
+    - debug:
+        msg: "Step 002 Post Infrastructure - No infrastructure setup needed for namespace config"

ansible/configs/namespace/post_software.yml

@@ -0,0 +1,8 @@
+---
+- name: Step 005 Post Software
+  hosts: localhost
+  gather_facts: false
+  become: false
+  tasks:
+    - debug:
+        msg: "Step 005 Post Software - Namespace workloads deployment completed"

ansible/configs/namespace/pre_infra.yml

@@ -0,0 +1,8 @@
+---
+- name: Step 000 Pre Infrastructure
+  hosts: localhost
+  gather_facts: false
+  become: false
+  tasks:
+    - debug:
+        msg: "Step 000 Pre Infrastructure - No infrastructure needed for namespace-only deployment"

ansible/configs/namespace/pre_software.yml

@@ -0,0 +1,8 @@
+---
+- name: Step 003 Pre Software
+  hosts: localhost
+  gather_facts: false
+  become: false
+  tasks:
+    - debug:
+        msg: "Step 003 Pre Software - No infrastructure software needed"

ansible/configs/namespace/requirements.yml

@@ -0,0 +1,4 @@
+---
+collections:
+- name: kubernetes.core
+  version: 5.0.0

ansible/configs/namespace/sample_vars.yml

@@ -0,0 +1,15 @@
+---
+# Sample Variables for Namespace Config
+# Copy this file and customize for your deployment
+
+# Basic environment information
+cloud_provider: none
+env_type: namespace
+guid: test-tt
+
+# List of workloads to deploy
+ocp_workloads_namespaced:
+  - ocp_workloads_namespaced_example
+
+# Output directory for deployment artifacts
+output_dir: "/tmp/output_dir/{{ guid }}"