Platform engineering workshop

ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/files/openshift_gitops_clusterrolebinding.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: gitops-cluster-admin
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: openshift-gitops-argocd-application-controller
+  namespace: openshift-gitops

ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/external_secrets.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Create External Secrets application
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', 'external-secrets/external-secrets-application.yml.j2') | from_yaml }}"

ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/gitlab.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Create GitLab application
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', 'gitlab/gitlab-application.yml.j2') | from_yaml }}"

ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/keycloak.yml

@@ -0,0 +1,19 @@
+---
+
+- name: Set facts
+  ansible.builtin.set_fact:
+    _backstage_redirect_url: "https://backstage-{{ ocp4_workload_platform_engineering_workshop_rhdh_namespace }}.{{ r_openshift_subdomain }}/api/auth/oidc/handler/frame" # yamllint disable-line rule:line-length
+    _backstage_web_origin: "https://backstage-{{ ocp4_workload_platform_engineering_workshop_rhdh_namespace }}.{{ r_openshift_subdomain }}" # yamllint disable-line rule:line-length
+
+- name: Pause for 5 minutes to finish setting up
+  ansible.builtin.pause:
+    minutes: 5
+
+- name: Create RHBK application
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', 'keycloak/keycloak-application.yaml.j2') | from_yaml }}"
+
+- name: Pause for 5 minutes to finish setting up
+  ansible.builtin.pause:
+    minutes: 5

ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+# Do not modify this file
+
+- name: Running Pre Workload Tasks
+  ansible.builtin.include_tasks:
+    file: ./pre_workload.yml
+    apply:
+      become: "{{ become_override | bool }}"
+  when: ACTION == "create" or ACTION == "provision"
+
+- name: Running Workload Tasks
+  ansible.builtin.include_tasks:
+    file: ./workload.yml
+    apply:
+      become: "{{ become_override | bool }}"
+  when: ACTION == "create" or ACTION == "provision"
+
+- name: Running Post Workload Tasks
+  ansible.builtin.include_tasks:
+    file: ./post_workload.yml
+    apply:
+      become: "{{ become_override | bool }}"
+  when: ACTION == "create" or ACTION == "provision"
+
+- name: Running Workload removal Tasks
+  ansible.builtin.include_tasks:
+    file: ./remove_workload.yml
+    apply:
+      become: "{{ become_override | bool }}"
+  when: ACTION == "destroy" or ACTION == "remove"

ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/noobaa.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Create NooBaa application
+  when: ocp4_workload_platform_engineering_workshop_noobaa_install | bool
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', 'noobaa/noobaa-application.yaml.j2') | from_yaml }}"

ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml

@@ -0,0 +1,84 @@
+---
+
+- name: Install OpenShift GitOps operator
+  ansible.builtin.include_role:
+    name: install_operator
+  vars:
+    install_operator_action: install
+    install_operator_name: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_name }}"
+    install_operator_namespace: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_namespace }}"
+    install_operator_channel: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_channel }}"
+    install_operator_catalog: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_catalog }}"
+    install_operator_automatic_install_plan_approval:
+      "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_automatic_install_plan_approval | default(true) }}"
+    install_operator_starting_csv: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_starting_csv }}"
+    install_operator_catalogsource_setup:
+      "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_use_catalog_snapshot | default(false) }}"
+    install_operator_catalogsource_name:
+      "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_catalogsource_name | default('') }}"
+    install_operator_catalogsource_namespace:
+      "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_catalogsource_namespace | default('') }}"
+    install_operator_catalogsource_image:
+      "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_catalog_snapshot_image | default('') }}"
+    install_operator_catalogsource_image_tag:
+      "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_catalog_snapshot_image_tag | default('') }}"
+    install_operator_subscription_config:
+      "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_config }}"
+
+- name: Grant cluster-admin permissions to Gitops Service account
+  when: ocp4_workload_platform_engineering_workshop_openshift_gitops_setup_cluster_admin | bool
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('file', 'openshift_gitops_clusterrolebinding.yaml') | from_yaml }}"
+
+- name: Wait until openshift-gitops ArgoCD instance has been created
+  kubernetes.core.k8s_info:
+    api_version: argoproj.io/v1beta1
+    kind: ArgoCD
+    name: openshift-gitops
+    namespace: openshift-gitops
+  register: r_openshift_gitops
+  until:
+    - r_openshift_gitops is defined
+    - r_openshift_gitops.resources is defined
+    - r_openshift_gitops.resources | length == 1
+
+- name: Update resources for openshift-gitops ArgoCD instance
+  when: ocp4_workload_platform_engineering_workshop_openshift_gitops_update_resources | bool
+  kubernetes.core.k8s:
+    state: patched
+    definition: "{{ lookup('template', 'openshift-gitops/openshift-gitops.yaml.j2') | from_yaml }}"
+
+- name: Remove memory limit for ArgoCD controller
+  when: ocp4_workload_platform_engineering_workshop_openshift_gitops_controller_remove_memory_limits | bool
+  kubernetes.core.k8s_json_patch:
+    api_version: argoproj.io/v1beta1
+    kind: ArgoCD
+    name: openshift-gitops
+    namespace: openshift-gitops
+    patch:
+      - op: remove
+        path: /spec/controller/resources/limits/memory
+
+
+- name: Retrieve openshift-gitops-cluster secret
+  kubernetes.core.k8s_info:
+    api_version: "v1"
+    kind: Secret
+    name: openshift-gitops-cluster
+    namespace: openshift-gitops
+  register: r_secret
+  until:
+    - r_secret is defined
+    - r_openshift_gitops.resources is defined
+    - r_openshift_gitops.resources | length == 1
+
+- name: Get openshift_gitops_admin_password
+  ansible.builtin.set_fact:
+    openshift_gitops_admin_password: "{{ r_secret.resources[0]['data']['admin.password'] |string |b64decode }}"
+
+- name: Print Access information
+  agnosticd_user_info:
+    data:
+      openshift_gitops_user: "admin"
+      openshift_gitops_password: "{{ openshift_gitops_admin_password }}"

ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_pipelines.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Create OpenShift Pipeliness application
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', 'openshift-pipelines/openshift-pipelines-application.yaml.j2') | from_yaml }}"

ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/parasol.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Create Parasol application
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', 'parasol/parasol-application.yml.j2') | from_yaml }}"

ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/post_workload.yml

@@ -0,0 +1,26 @@
+---
+# Implement your Post Workload deployment tasks here
+# --------------------------------------------------
+
+# Leave these as the last tasks in the playbook
+# ---------------------------------------------
+
+# For deployment onto a dedicated cluster (as part of the
+# cluster deployment) set workload_shared_deployment to False
+# This is the default so it does not have to be set explicitely
+- name: Post_workload tasks complete
+  ansible.builtin.debug:
+    msg: "Post-Workload tasks completed successfully."
+  when:
+    - not silent | bool
+    - not workload_shared_deployment | default(false) | bool
+
+# For RHPDS deployment (onto a shared cluster) set
+# workload_shared_deployment to True
+# (in the deploy script or AgnosticV configuration)
+- name: Post_workload tasks complete
+  ansible.builtin.debug:
+    msg: "Post-Software checks completed successfully"
+  when:
+    - not silent | bool
+    - workload_shared_deployment | default(false) | bool

ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/pre_workload.yml

@@ -0,0 +1,57 @@
+---
+# Implement your Pre Workload deployment tasks here
+# -------------------------------------------------
+
+- name: Get OpenShift Web Console route
+  kubernetes.core.k8s_info:
+    api_version: route.openshift.io/v1
+    kind: Route
+    namespace: openshift-console
+    name: console
+  register: r_console_route
+
+- name: Get ingress domain
+  kubernetes.core.k8s_info:
+    kind: IngressController
+    name: default
+    namespace: openshift-ingress-operator
+    api_version: operator.openshift.io/v1
+  register: r_openshift_ingress_controller
+
+- name: Set openshift domain
+  ansible.builtin.set_fact:
+    r_openshift_subdomain: "{{ r_openshift_ingress_controller.resources[0].status.domain }}"
+
+- name: Get API server URL
+  kubernetes.core.k8s_info:
+    api_version: config.openshift.io/v1
+    kind: Infrastructure
+    name: cluster
+  register: r_api_url
+
+- name: Set API server URL
+  ansible.builtin.set_fact:
+    r_openshift_api_server: "{{ r_api_url.resources[0].status.apiServerURL }}"
+
+# Leave these as the last tasks in the playbook
+# ---------------------------------------------
+
+# For deployment onto a dedicated cluster (as part of the
+# cluster deployment) set workload_shared_deployment to False
+# This is the default so it does not have to be set explicitely
+- name: Pre_workload tasks complete
+  ansible.builtin.debug:
+    msg: "Pre-Workload tasks completed successfully."
+  when:
+    - not silent | bool
+    - not workload_shared_deployment | default(false) | bool
+
+# For RHPDS deployment (onto a shared cluster) set
+# workload_shared_deployment to True
+# (in the deploy script or AgnosticV configuration)
+- name: Pre_workload tasks complete
+  ansible.builtin.debug:
+    msg: "Pre-Software checks completed successfully"
+  when:
+    - not silent | bool
+    - workload_shared_deployment | default(false) | bool

ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/quay.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Create Quay application
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', 'quay/quay-application.yaml.j2') | from_yaml }}"

ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/redhat_developer_hub.yml

@@ -0,0 +1,55 @@
+---
+
+- name: Retrieve Gitlab root private token
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: Secret
+    name: root-user-personal-token
+    namespace: "{{ ocp4_workload_platform_engineering_workshop_gitlab_namespace }}"
+  register: r_root_token
+  retries: 120
+  delay: 10
+  until:
+    - r_root_token is defined
+    - r_root_token.resources is defined
+    - r_root_token.resources | length > 0
+    - r_root_token.resources[0] is defined
+    - r_root_token.resources[0].data is defined
+    - r_root_token.resources[0].data.token is defined
+    - r_root_token.resources[0].data.token | length > 0
+
+- name: Decode root token
+  ansible.builtin.set_fact:
+    _ocp4_workload_platform_engineering_workshop_gitlab_root_token: "{{ r_root_token.resources[0].data.token | b64decode }}"
+
+- name: Create default token secret
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', 'developer-hub/secret-default-sa-token.yaml.j2') | from_yaml }}"
+
+- name: Get default token
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: Secret
+    name: default-token
+    namespace: default
+  register: r_default_token
+  retries: 120
+  delay: 10
+  until:
+    - r_default_token is defined
+    - r_default_token.resources is defined
+    - r_default_token.resources | length > 0
+    - r_default_token.resources[0] is defined
+    - r_default_token.resources[0].data is defined
+    - r_default_token.resources[0].data.token is defined
+    - r_default_token.resources[0].data.token | length > 0
+
+- name: Decode default token
+  ansible.builtin.set_fact:
+    ocp4_workload_platform_engineering_workshop_rhdh_ocp_default_sa_token: "{{ r_default_token.resources[0].data.token | b64decode }}"
+
+- name: Install RHDH Application
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', 'developer-hub/developer-hub-application.yaml.j2') }}"

ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/rhdh_gitops.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Create RHDH Gitops application
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', 'rhdh-gitops/rhdh-gitops-application.yaml.j2') | from_yaml }}"

ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/showroom.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Set user info for showroom
+  agnosticd_user_info:
+    data:
+      common_password: "{{ common_password }}"

ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/vault.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Create Vault application
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', 'vault/vault-application.yml.j2') | from_yaml }}"