Create token for k8s coredump handler

Create k8s-coredump handler secret and configure the token file (/etc/k8s-coredump-conf.json) for it to be used by k8s-coredump-handler. Test Plan: PASS: Install and bootstrap system PASS: Verify if the secret is created after bootstrap. PASS: Verify if /etc/k8s-coredump-conf.json is present after bootstrap PASS: Verify if token in /etc/k8s-coredump-conf.json is valid PASS: Validate feature in a Backup and Restore, checking if /etc/k8s-coredump-conf.json is present and if the token is valid. PASS: Validate feature in a DC environment, checking if /etc/k8s-coredump-conf.json is present and if the token is valid in both the controllers and subclouds. Regression: PASS: After bootstrap, create and crash a pod with annotations configured and verify if coredump is generated on pod namespace. PASS: After bootstrap, crash a non k8s application and verify that the coredump is generated as previously (by systemd-coredump) PASS: Before bootstrap, crash a non k8s application and verify that the coredump is generated as previously (by systemd-coredump) PASS: Validate feature in a Backup and Restore, creating and crashing a pod with annotations configured and also crashing a non k8s application, and verify if the coredump was generated correctly. PASS: Validate feature in a DC environment, creating and crashing a pod with annotations configured and also crashing a non k8s application, and verify if the coredump was generated correctly in both the controllers and subclouds. Story: 2010261 Task: 46563 Signed-off-by: Heron Vieira <heron.vieira@windriver.com> Change-Id: I52b03b7f960e5ac32a3ae9a1ca57c1b43b6f11b2
2022-10-13 16:33:34 -03:00
parent d38c6a44ab
commit e624bf8c1f
2 changed files with 36 additions and 0 deletions
--- a/playbookconfig/src/playbooks/roles/bootstrap/bringup-essential-services/tasks/main.yml
+++ b/playbookconfig/src/playbooks/roles/bootstrap/bringup-essential-services/tasks/main.yml
@@ -271,4 +271,37 @@
      name: k8s-storage-backends/snapshot-controller
    when: enable_volume_snapshot_support|bool

+  - name: Configure k8s-coredump-handler
+    block:
+      - name: Create user account for k8s coredump handler
+        command: kubectl apply -f /etc/k8s-coredump/k8s-coredump.yaml
+        environment:
+          KUBECONFIG: /etc/kubernetes/admin.conf
+        register: create_k8s_coredump_handler_account
+        until: create_k8s_coredump_handler_account is not failed
+        retries: 5
+        delay: 10
+
+      - name: Get secret token from created user account
+        command: kubectl -n kube-system get secrets coredump-secret-token -ojsonpath='{.data.token}'
+        environment:
+          KUBECONFIG: /etc/kubernetes/admin.conf
+        register: k8s_auth_token
+        until: k8s_auth_token is not failed
+        retries: 5
+        delay: 10
+
+      - name: Decode token in base64
+        shell: echo {{ k8s_auth_token.stdout }} | base64 -d
+        register: k8s_auth_token
+
+      - set_fact:
+          k8s_auth_token: "{{ k8s_auth_token.stdout }}"
+
+      - name: Create k8s-coredump-conf.json for k8s-coredump-handler
+        template:
+          src: "k8s-coredump-conf.json.j2"
+          dest: /etc/k8s-coredump-conf.json
+          mode: 0700
+
  when: (not replayed) or (restart_services)
--- a/playbookconfig/src/playbooks/roles/bootstrap/bringup-essential-services/templates/k8s-coredump-conf.json.j2
+++ b/playbookconfig/src/playbooks/roles/bootstrap/bringup-essential-services/templates/k8s-coredump-conf.json.j2
@@ -0,0 +1,3 @@
+{
+    "k8s_coredump_token": "{{ k8s_auth_token }}"
+}