sh-4.4$ cat opt/ansible/roles/common/tasks/data-exchange-service.yaml cat: opt/ansible/roles/common/tasks/data-exchange-service.yaml: No such file or directory sh-4.4$ cat /opt/ansible/roles/common/tasks/data-exchange-service.yaml --- - name: Get the UDS SA info k8s_info: kind: ServiceAccount name: "{{ applicationsa }}" namespace: "{{ ansible_operator_meta.namespace }}" register: uds_sa_info # - name: Debug SA # debug: # msg: # - "SA ******************* {{ uds_sa_info }}" - name: Select SA secrets set_fact: sa_secrets: "{{item.secrets}}" loop: "{{ uds_sa_info.resources }}" - name: Select SA token secret set_fact: secret_name: "{{item.name}}" when: (item.name is search("uds-sa-token")) loop: "{{ sa_secrets }}" - name: Get the tls certificate and key from data-exchange-service-cert secret k8s_info: kind: Secret name: data-exchange-service-certs namespace: "{{ ansible_operator_meta.namespace }}" register: airgap_cert_key ##### Create secret for data-exchange-service ##### - name: Get the submodule service key secret k8s_info: kind: Secret name: submodule-service-key-secret namespace: "{{ ansible_operator_meta.namespace }}" register: submodule_secret_info - name: Create submodule service key secret if not already present vars: api_key: "{{ lookup('password', '/dev/null length=64 chars=ascii_letters,digits') }}" k8s: state: present definition: apiVersion: v1 kind: Secret metadata: name: submodule-service-key-secret namespace: "{{ ansible_operator_meta.namespace }}" labels: secret-owner: uds-endpoint owner: "{{ labelvalue }}" app.kubernetes.io/instance: "{{ deploymentName }}" app.kubernetes.io/managed-by: "{{ managedBy }}" app.kubernetes.io/name: "{{ name }}" annotations: productID: "{{ productID }}" productName: "{{ productName }}" productMetric: "{{ productMetric }}" type: Opaque stringData: apikey: "{{ api_key }}" when: (submodule_secret_info.resources | length == 0) #Creates Data Exchange Service Configmap, Deployment and Service - name: Create data-exchange-service configmap k8s: definition: apiVersion: v1 kind: ConfigMap metadata: name: data-exchange-service-cm namespace: "{{ ansible_operator_meta.namespace }}" labels: owner: "{{ labelvalue }}" app.kubernetes.io/instance: "{{ deploymentName }}" app.kubernetes.io/managed-by: "{{ managedBy }}" app.kubernetes.io/name: "{{ name }}" annotations: productID: "{{ productID }}" productName: "{{ productName }}" productMetric: "{{ productMetric }}" data: config.yaml: | airgapped: {{ air_gapped_enabled | lower }} server: tls: enabled: true certificate-path: /var/run/secrets/openshift.io/services_serving_certs/tls.crt key-path: /usr/local/secret/tls.pem secret: path: /usr/local/airgap-service/ token-path: /var/run/secrets/kubernetes.io/serviceaccount/ token-name: token airgap: url: https://store-api-service.{{ ansible_operator_meta.namespace }}.svc.cluster.local:8443 downloadpath: /v1/file listpath: /v1/files deletepath: /v1/file header: X-API-KEY apiKey: test-key tls: enabled: true root-ca-path: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt uds: backup: url: https://store-api-service.{{ ansible_operator_meta.namespace }}.svc.cluster.local:8443 path: /v1/events header: X-API-KEY payload-path: /usr/local/data/ tls: enabled: true root-ca-path: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt archive: url: https://store-api-service.{{ ansible_operator_meta.namespace }}.svc.cluster.local:8443 path: /v1/archive header: X-API-KEY payload-path: /usr/local/data/ tls: enabled: true root-ca-path: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt dpcm: backup: url: https://submodule-service.{{ ansible_operator_meta.namespace }}.svc.cluster.local:8443 path: /cm/2/backup/ header: X-dpcm-apikey tls: enabled: true root-ca-path: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt archive: url: https://submodule-service.{{ ansible_operator_meta.namespace }}.svc.cluster.local:8443 path: /cm/2/backup/ header: X-dpcm-apikey tls: enabled: true root-ca-path: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt dbarchiver: path: /usr/local/data/ - name: Create data-exchange-service k8s: definition: kind: Service apiVersion: v1 metadata: name: data-exchange-service namespace: "{{ ansible_operator_meta.namespace }}" labels: owner: "{{ labelvalue }}" app.kubernetes.io/instance: "{{ deploymentName }}" app.kubernetes.io/managed-by: "{{ managedBy }}" app.kubernetes.io/name: "{{ name }}" annotations: productID: "{{ productID }}" productName: "{{ productName }}" productMetric: "{{ productMetric }}" service.alpha.openshift.io/serving-cert-secret-name: data-exchange-service-certs spec: ports: - protocol: TCP port: 50051 targetPort: 50051 selector: app: data-exchange-service-deployment type: ClusterIP sessionAffinity: None - name: Get the data-exchange-service HPA k8s_info: kind: HorizontalPodAutoscaler name: data-exchange-service-hpa namespace: "{{ ansible_operator_meta.namespace }}" register: data_exchange_hpa_info - name: Get the desiredReplicas count of hpa set_fact: data_exchange_hpa_desired_replica: "{{ data_exchange_hpa_info.resources[0] | json_query('status.desiredReplicas') }}" when: data_exchange_hpa_info.resources|length > 0 - name: Set the deployment to data exchange service HPA desiredReplicas if it is defined set_fact: dataExchangeDeploymentReplicas: "{{ item }}" when: data_exchange_hpa_desired_replica is defined and data_exchange_hpa_desired_replica | int == item | int loop: - 1 - 2 - 3 - 4 - name: Print Data exchange service deployment replicas debug: msg: - "Data exchange service Deployment Replicas: {{ dataExchangeDeploymentReplicas }}" - name: Create data exchange deployment vars: airgap_image: "{{ lookup('env','RELATED_IMAGE_DATAEXCHANGE_SERVICE') }}" RELATED_IMAGE_INIT: "{{ lookup('env','RELATED_IMAGE_INIT_CONTAINER') }}" k8s: definition: kind: Deployment apiVersion: apps/v1 metadata: name: data-exchange-service-deployment namespace: "{{ ansible_operator_meta.namespace }}" labels: owner: "{{ labelvalue }}" app.kubernetes.io/instance: "{{ deploymentName }}" app.kubernetes.io/managed-by: "{{ managedBy }}" app.kubernetes.io/name: "{{ name }}" annotations: productID: "{{ productID }}" productName: "{{ productName }}" productMetric: "{{ productMetric }}" spec: replicas: "{{ dataExchangeDeploymentReplicas }}" selector: matchLabels: app: data-exchange-service-deployment template: metadata: labels: app: data-exchange-service-deployment app.kubernetes.io/instance: "{{ deploymentName }}" app.kubernetes.io/managed-by: "{{ managedBy }}" app.kubernetes.io/name: "{{ name }}" annotations: productID: "{{ productID }}" productName: "{{ productName }}" productMetric: "{{ productMetric }}" spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - data-exchange-service-deployment topologyKey: "kubernetes.io/hostname" serviceAccountName: "{{ applicationsa }}" securityContext: runAsUser: 1000 fsGroup: 1000 initContainers: - name: pem-to-keystore env: - name: keyfile value: /var/run/secrets/openshift.io/services_serving_certs/tls.key - name: pemfile value: /usr/local/secret/tls.pem imagePullPolicy: Always volumeMounts: - name: service-certs mountPath: /var/run/secrets/openshift.io/services_serving_certs - name: keystore-password-mount mountPath: /usr/local/keystore/ - name: secrets-volume mountPath: /usr/local/secret/ image: "{{ RELATED_IMAGE_INIT }}" securityContext: capabilities: drop: - ALL command: - /bin/bash - -c - | password=`cat /usr/local/keystore/password` openssl pkcs8 -topk8 -nocrypt -passin pass:$password -in $keyfile -out $pemfile; containers: - name: data-exchange-service imagePullPolicy: Always image: '{{ airgap_image }}' ports: - containerPort: 50051 protocol: TCP securityContext: capabilities: drop: - ALL resources: requests: cpu: "{{ requestscpu }}" memory: "{{ requestsmemory }}" limits: cpu: "{{ limitscpu }}" memory: "{{ limitsmemory }}" volumeMounts: - name: data-exchange-service-cm-mount mountPath: /usr/local/config/ - name: secrets-volume mountPath: /usr/local/secret/ - name: service-certs mountPath: /var/run/secrets/openshift.io/services_serving_certs - name: store-api-apikey-mount mountPath: /usr/local/airgap-service/uds_apikey subPath: apikey - name: submodule-api-apikey-mount mountPath: /usr/local/airgap-service/dpcm_apikey subPath: apikey - name: dbarchive-backup-pvc-mount mountPath: /usr/local/data - name: uds-sa-token readOnly: true mountPath: /var/run/secrets/kubernetes.io/serviceaccount volumes: - name: uds-sa-token secret: secretName: "{{ secret_name }}" - name: data-exchange-service-cm-mount configMap: name: data-exchange-service-cm - name: service-certs secret: secretName: data-exchange-service-certs - name: secrets-volume emptyDir: {} - name: keystore-password-mount secret: secretName: keystore-secret items: - key: password path: password - name: store-api-apikey-mount secret: secretName: store-api-key-secret items: - key: apikey path: apikey - name: submodule-api-apikey-mount secret: secretName: submodule-service-key-secret items: - key: apikey path: apikey - name: dbarchive-backup-pvc-mount persistentVolumeClaim: claimName: dbarchive-backup-pvc restartPolicy: Always - name: Create Network Policy for data exchange deployment Service k8s: definition: kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: data-exchange-service-networkpolicy namespace: "{{ ansible_operator_meta.namespace }}" labels: owner: "{{ labelvalue }}" app.kubernetes.io/instance: "{{ deploymentName }}" app.kubernetes.io/managed-by: "{{ managedBy }}" app.kubernetes.io/name: "{{ name }}" annotations: productID: "{{ productID }}" productName: "{{ productName }}" productMetric: "{{ productMetric }}" spec: podSelector: matchLabels: app: data-exchange-service-deployment ingress: - from: [] ports: - protocol: TCP port: 50051 - name: Create data exchange service without hostname k8s: definition: kind: Route apiVersion: route.openshift.io/v1 metadata: name: data-exchange-service-endpoint namespace: "{{ ansible_operator_meta.namespace }}" spec: to: kind: Service name: data-exchange-service port: targetPort: 50051 tls: termination: reencrypt insecureEdgeTerminationPolicy: Redirect when: ( tls.airgap_host is not defined ) or ( tls.airgap_host|length == 0 ) - name: Create data exchange service with hostname k8s: definition: kind: Route apiVersion: route.openshift.io/v1 metadata: name: data-exchange-service-endpoint namespace: "{{ ansible_operator_meta.namespace }}" labels: owner: "{{ labelvalue }}" app.kubernetes.io/instance: "{{ deploymentName }}" app.kubernetes.io/managed-by: "{{ managedBy }}" app.kubernetes.io/name: "{{ name }}" annotations: productID: "{{ productID }}" productName: "{{ productName }}" productMetric: "{{ productMetric }}" spec: to: kind: Service name: data-exchange-service port: targetPort: 50051 host: "airgap-{{ ansible_operator_meta.namespace }}.{{tls.airgap_host}}" tls: termination: reencrypt insecureEdgeTerminationPolicy: Redirect certificate: "{{ airgap_cert_key.resources[0].data['tls.crt'] | b64decode }}" key: "{{ airgap_cert_key.resources[0].data['tls.key'] | b64decode }}" when: ( tls.airgap_host is defined ) and ( tls.airgap_host|length > 0 )