From 7610682b6fa1d041bcb6c64f925eecac66e287bf Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@redhat.com>
Date: Wed, 6 Feb 2019 15:38:10 -0800
Subject: [PATCH] Configure .kube/config on bridge

Add the gitea k8s cluster to root's .kube/config file on bridge.

The default context does not exist in order to force us to explicitly
specify a context for all commands (so that we do not inadvertently
deploy something on the wrong k8s cluster).

Change-Id: I53368c76e6f5b3ab45b1982e9a977f9ce9f08581
---
 kubernetes/gitea/gitea-playbook.yaml          |  8 +++++++-
 kubernetes/gitea/setup-repo.yaml              |  2 +-
 .../percona-xtradb-cluster/pxc-playbook.yaml  |  9 +++++++++
 kubernetes/rook/rook-playbook.yaml            |  8 ++++----
 playbooks/base.yaml                           |  4 +++-
 playbooks/host_vars/bridge.openstack.org.yaml |  1 +
 playbooks/roles/configure-kubectl/README.rst  |  2 +-
 playbooks/run-k8s-on-openstack.yaml           |  1 +
 .../clouds/bridge_kube_config.yaml.j2         | 19 +++++++++++++++++++
 .../templates/group_vars/nodepool.yaml.j2     |  2 +-
 .../host_vars/bridge.openstack.org.yaml.j2    |  1 +
 testinfra/test_bridge.py                      |  7 +++++++
 testinfra/test_nodepool.py                    |  2 +-
 13 files changed, 56 insertions(+), 10 deletions(-)
 create mode 100644 playbooks/templates/clouds/bridge_kube_config.yaml.j2

diff --git a/kubernetes/gitea/gitea-playbook.yaml b/kubernetes/gitea/gitea-playbook.yaml
index 5f02f03982..3aa3728db9 100644
--- a/kubernetes/gitea/gitea-playbook.yaml
+++ b/kubernetes/gitea/gitea-playbook.yaml
@@ -2,14 +2,17 @@
   tasks:
     - name: Set up gitea namespace
       k8s:
+        context: gitea
         state: present
         definition: "{{ lookup('template', 'k8s/namespace.yaml') | from_yaml }}"
     - name: Set up gitea secrets
       k8s:
+        context: gitea
         state: present
         definition: "{{ lookup('template', 'k8s/secret.yaml') | from_yaml }}"
     - name: Set up gitea configmap
       k8s:
+        context: gitea
         state: present
         definition:
           apiVersion: v1
@@ -23,14 +26,17 @@
             app.ini.j2: "{{ lookup('file', 'app.ini.j2') }}"
     - name: Set up gitea deployment
       k8s:
+        context: gitea
         state: present
         definition: "{{ lookup('template', 'k8s/deployment.yaml') | from_yaml }}"
     - name: Set up gitea service
       k8s:
+        context: gitea
         state: present
         definition: "{{ lookup('template', 'k8s/service.yaml') | from_yaml }}"
     - name: Get service IP
       k8s:
+        context: gitea
         namespace: gitea
         kind: Service
         name: gitea-service
@@ -57,7 +63,7 @@
               - "app = gitea"
           register: gitea_pods
         - name: Create root user
-          command: "kubectl exec {{ gitea_pods.resources[0].metadata.name }} -n gitea -c gitea -- gitea admin create-user --name root --password {{ gitea_root_password }} --email {{ gitea_root_email }} --admin"
+          command: "kubectl --context gitea exec {{ gitea_pods.resources[0].metadata.name }} -n gitea -c gitea -- gitea admin create-user --name root --password {{ gitea_root_password }} --email {{ gitea_root_email }} --admin"
           no_log: true
     - name: Check if gerrit user exists
       uri:
diff --git a/kubernetes/gitea/setup-repo.yaml b/kubernetes/gitea/setup-repo.yaml
index 27cf7f1cb3..1d1e1a8c2d 100644
--- a/kubernetes/gitea/setup-repo.yaml
+++ b/kubernetes/gitea/setup-repo.yaml
@@ -36,4 +36,4 @@
 - name: Adjust repo settings
   when: "sql_statement is defined"
   command: |
-    kubectl exec gitea-pxc-0 -c database -n gitea-db -- mysql gitea -e '{{ sql_statement }}'
+    kubectl --context gitea exec gitea-pxc-0 -c database -n gitea-db -- mysql gitea -e '{{ sql_statement }}'
diff --git a/kubernetes/percona-xtradb-cluster/pxc-playbook.yaml b/kubernetes/percona-xtradb-cluster/pxc-playbook.yaml
index 44e3638d7e..9e8c02202c 100644
--- a/kubernetes/percona-xtradb-cluster/pxc-playbook.yaml
+++ b/kubernetes/percona-xtradb-cluster/pxc-playbook.yaml
@@ -2,45 +2,54 @@
   tasks:
     - name: Set up cinder storage class
       k8s:
+        context: gitea
         state: present
         definition: "{{ lookup('file', 'storage-class.yaml') | from_yaml }}"
 
     - name: Set up gitea-db namespace
       k8s:
+        context: gitea
         state: present
         definition: "{{ lookup('template', 'gitea-db-namespace.yaml') | from_yaml }}"
 
     - name: Set up gitea-db secrets
       k8s:
+        context: gitea
         state: present
         definition: "{{ lookup('template', 'secrets.yaml') | from_yaml }}"
 
     - name: Set up gitea-db mysql config configmap
       k8s:
+        context: gitea
         state: present
         definition: "{{ lookup('file', 'config-map_mysql-config.yaml') | from_yaml }}"
 
     - name: Set up gitea-db startup scripts configmap
       k8s:
+        context: gitea
         state: present
         definition: "{{ lookup('file', 'config-map_startup-scripts.yaml') | from_yaml }}"
 
     - name: Set up gitea-db xtradb cluster statefulset
       k8s:
+        context: gitea
         state: present
         definition: "{{ lookup('file', 'statefulset.yaml') | from_yaml }}"
 
     - name: Set up gitea-db metrics service
       k8s:
+        context: gitea
         state: present
         definition: "{{ lookup('file', 'service-metrics.yaml') | from_yaml }}"
 
     - name: Set up gitea-db database service
       k8s:
+        context: gitea
         state: present
         definition: "{{ lookup('file', 'service-percona.yaml') | from_yaml }}"
 
     - name: Set up gitea-db galera replication service
       k8s:
+        context: gitea
         state: present
         definition: "{{ lookup('file', 'service-repl.yaml') | from_yaml }}"
diff --git a/kubernetes/rook/rook-playbook.yaml b/kubernetes/rook/rook-playbook.yaml
index 955bfab55b..692e5b99aa 100644
--- a/kubernetes/rook/rook-playbook.yaml
+++ b/kubernetes/rook/rook-playbook.yaml
@@ -8,7 +8,7 @@
     # into single document files is lame.
     - name: Set up cinder storage class
       command: |
-        kubectl apply -f rook-operator.yaml
-        kubectl apply -f rook-cluster.yaml
-        kubectl apply -f rook-toolbox.yaml
-        kubectl apply -f rook-filesystem.yaml
+        kubectl --context gitea apply -f rook-operator.yaml
+        kubectl --context gitea apply -f rook-cluster.yaml
+        kubectl --context gitea apply -f rook-toolbox.yaml
+        kubectl --context gitea apply -f rook-filesystem.yaml
diff --git a/playbooks/base.yaml b/playbooks/base.yaml
index 5b601943aa..6463c5e1d8 100644
--- a/playbooks/base.yaml
+++ b/playbooks/base.yaml
@@ -17,7 +17,9 @@
     - snmpd
 
 - hosts: bridge.openstack.org:!disabled
-  name: "Base: configure OpenStackSDK on bridge"
+  name: "Base: configure cloud credentials on bridge"
+  roles:
+    - configure-kubectl
   tasks:
     - include_role:
         name: configure-openstacksdk
diff --git a/playbooks/host_vars/bridge.openstack.org.yaml b/playbooks/host_vars/bridge.openstack.org.yaml
index c089e30c6e..f8324a2176 100644
--- a/playbooks/host_vars/bridge.openstack.org.yaml
+++ b/playbooks/host_vars/bridge.openstack.org.yaml
@@ -1,2 +1,3 @@
 ansible_python_interpreter: python3
 bastion_key_exclusive: false
+kube_config_template: clouds/bridge_kube_config.yaml.j2
diff --git a/playbooks/roles/configure-kubectl/README.rst b/playbooks/roles/configure-kubectl/README.rst
index 164a68bd06..74cb3ea24b 100644
--- a/playbooks/roles/configure-kubectl/README.rst
+++ b/playbooks/roles/configure-kubectl/README.rst
@@ -1,6 +1,6 @@
 Configure kube config files
 
-Configure kubernetes files needed by nodepool.
+Configure kubernetes files needed by kubectl.
 
 **Role Variables**
 
diff --git a/playbooks/run-k8s-on-openstack.yaml b/playbooks/run-k8s-on-openstack.yaml
index 4efcfacd56..5a17876774 100644
--- a/playbooks/run-k8s-on-openstack.yaml
+++ b/playbooks/run-k8s-on-openstack.yaml
@@ -18,5 +18,6 @@
 
     - name: Install cinder storage class
       k8s:
+        context: gitea
         state: present
         definition: "{{ lookup('file', 'k8s/storage-class.yaml') | from_yaml }}"
diff --git a/playbooks/templates/clouds/bridge_kube_config.yaml.j2 b/playbooks/templates/clouds/bridge_kube_config.yaml.j2
new file mode 100644
index 0000000000..859c9f1b6c
--- /dev/null
+++ b/playbooks/templates/clouds/bridge_kube_config.yaml.j2
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Config
+current-context: default # This context does not exist
+preferences: {}
+clusters:
+  - name: gitea
+    cluster:
+      server: https://38.108.68.20:6443
+      certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1ERXdPREV6TURRd05sb1hEVEk1TURFd05URXpNRFF3Tmxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT3loCkxQWjdWeU42YzN5a0QwWFBvM3c1enFRamNXeGVZRWVpMHhYTEV1SDA2anpGdXUwV1ZFWmd2ais3dEcvMnZiRDMKdlBGUmE5ZHpyelBjRkk5OHJPR2JlTjBGTFJYaHVYR0ZibDR6L3hoWHZHYVViZ2JRT0gvNDVzek5DOUltRWtEeQpRU1Zsa1EyOHl4Zmo4a2lwUTJocEk5MHNpSG05L1lnSjhrMHVhTEF4MmgvQnRwOUJPNVFtOEw0SUVyUThFUHZ0Cm1XMEROWlp3RDE3OEcrZUx2Ym9qbnhPaklYVmNMMTZFcWROSzRiMTZwSTVFa1RlT2FqSnowdWYvUlpCdzNUTCsKWForamdKV2I3VTVEU04wbndFVUlPTXBJWmtDcGVvbHFkRmF0eG93SUdaOFU2Q3BsbUlJMDBnYTBWTlpwZnRNRgpKdDdsM094YXlPaUNNdllSVVNFQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFEMlFPMDV4VGsrSG5xYi9JOVVvakIraGVZeEsKbktnUmwwMElvS2JvNEpHZ3FuZVBFMVZWYlZnRkFMRXJ2bjBZVnBWTi84QU1VeTZJSlBDV1FwSU1XUE54bUx2UwprYmsvREM5T2c1ZzlsSkdpUlYvdkRLV0Q1Vy9RN1ZjNHBnbE9VMHplUzNXUkZxeW5BSmlqSWJrTm1RQkEyTDNLCjRraVcrQXd1eVZJQ1VZVlpIU3E2M0tLeVlsK282Y1ROdHYwT1ZpRkg0UThKL2E0a0kvTTNXSitZd1ZXeW1kU2EKYXBvVzFCSFVYQmhmL01kQWs3c0xYaWhtR2YvRFdBaGFORGdvRFRvRVJwbmIwKzBJYWVwRHBOYW9qUVRvdEs5Nwp1TW5mUitkcDZQTUFmamZHMW9nZ2FTSDE0MHVjdlVZMTZvdGVrV1doYk9sSXBMWnQxMGxSZEVZdjBPND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+contexts:
+  - name: gitea
+    context:
+      cluster: gitea
+      user: gitea-admin
+users:
+  - name: gitea-admin
+    user:
+      client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4akNDQWRxZ0F3SUJBZ0lJSHQ5WXgyOGN2Wll3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB4T1RBeE1EZ3hNekEwTURaYUZ3MHlNREF4TURneE16QTBNVEJhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTRvQlUxbWJRRURtcDhETUYKVkVCa0o0TTIybExINGlxOXlsbjR2UG1MVUYyRHJLaWpvNUVvOEtuWlduM3IrWUJCcUVSd3J6YWQ4NkdDTjM4TQpRemoyY3ViTGR5U2pPVXl0Q0Y2NldlM01jMnAxbGdFVTBvQmNhTUxCWHFXbmZLMVI1aGdNZmI5VmNkNXJSaDZhCmhKdHJ3cWpBTXU2WVQ4M05SbXNKK2tZKzYwRkprSUVtcXNDa0xZRzRja0ZOZkxQMit1clY1d3NDMTBLTTlURXMKc2RnWDlTSEhBNXdDRkRXMnB2emliV0FiSGplYnc4ZUVrcFdTMnd6UFFsZ09CUEpFUWc2djhlWnlIUTZzaXJlUApmQ1c5TUZGaG1oaUVhT2doTTI0YVZVemkwOGk0YVRqYXRGbHhQcUhIdnlTcUV3YnFwYmRlWkh6MWpBdngvMkRnCk8zeDgwUUlEQVFBQm95Y3dKVEFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFGQXY5WHRYL3lrNDg2aE9jaTVPRHU2dnQwQXpDbzFzYXNMagppcWxQUmcwbFN6T3k2WG9SczNGbVViYThzRFRjeDM2SWg4N2ZGb0hKNWM0RzZCclJ1TlVxNWpaTkRTakxnOXJFCnlwUU1icmNCRXZqQ1lPSjA3WWRNQjR4cEJYOFFLOStsOGorai9Od29rNTBDZzExTlV6K3F2aCtXdGJhQUthWU4KQTJrOTVhTy9ZMk1vTFY1VHI3T2xwTkF0T1VSdVU1WUFOUzhHclVDQThEeUdGQW1EQlpyeHkzWEErdG1vL2dEZQpHQndyM0M4UndmZ2tpVEUzLzJodnZXZWlrRUtHZ0c1MTNxbUhRV0ZPMDZNZXhIbkVSUWVHUkZ0UEZHZkcrVC9HCm9yNHVIeENLaTBFajUrNFJLcGZYRmVSUzM1NGNkRWtQdkhWeFRicTQ3K3RWWlVGRXM5cz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+      client-key-data: {{ gitea_kube_key }}
diff --git a/playbooks/zuul/templates/group_vars/nodepool.yaml.j2 b/playbooks/zuul/templates/group_vars/nodepool.yaml.j2
index e2d36c0f97..21393b5ab8 100644
--- a/playbooks/zuul/templates/group_vars/nodepool.yaml.j2
+++ b/playbooks/zuul/templates/group_vars/nodepool.yaml.j2
@@ -11,7 +11,7 @@ nodepool_internap_project: project
 nodepool_vexxhost_username: user
 nodepool_vexxhost_password: password
 nodepool_vexxhost_project: project
-nodepool_vexxhost_kube_key: k8s_key
+nodepool_vexxhost_kube_key: nodepool_k8s_key
 nodepool_citycloud_username: user
 nodepool_citycloud_password: password
 nodepool_linaro_username: user
diff --git a/playbooks/zuul/templates/host_vars/bridge.openstack.org.yaml.j2 b/playbooks/zuul/templates/host_vars/bridge.openstack.org.yaml.j2
index b8db828e23..e0ab731292 100644
--- a/playbooks/zuul/templates/host_vars/bridge.openstack.org.yaml.j2
+++ b/playbooks/zuul/templates/host_vars/bridge.openstack.org.yaml.j2
@@ -58,3 +58,4 @@ clouds:
   openstackzuul_arm64ci_username: user
   openstackzuul_arm64ci_password: password
   openstackzuul_arm64ci_project_name: project
+gitea_kube_key: gitea_k8s_key
diff --git a/testinfra/test_bridge.py b/testinfra/test_bridge.py
index 31d0f5da98..d901a68e72 100644
--- a/testinfra/test_bridge.py
+++ b/testinfra/test_bridge.py
@@ -65,3 +65,10 @@ def test_ara(host):
     assert ara.rc == 0
     database = host.file('/var/cache/ansible/ara.sqlite')
     assert database.exists
+
+
+def test_kube_config(host):
+    kubeconfig = host.file('/root/.kube/config')
+    assert kubeconfig.exists
+
+    assert b'gitea_k8s_key' in kubeconfig.content
diff --git a/testinfra/test_nodepool.py b/testinfra/test_nodepool.py
index d74459012c..27d530eb93 100644
--- a/testinfra/test_nodepool.py
+++ b/testinfra/test_nodepool.py
@@ -27,4 +27,4 @@ def test_kube_config(host):
     kubeconfig = host.file('/home/nodepool/.kube/config')
     assert kubeconfig.exists
 
-    assert b'k8s_key' in kubeconfig.content
+    assert b'nodepool_k8s_key' in kubeconfig.content