cloud-pi-native · cedric-montagne · Nov 16, 2023 · Nov 16, 2023 · Nov 16, 2023
diff --git a/install.yaml b/install.yaml
@@ -1,3 +1,4 @@
+---
 - name: Installation du socle DSO
   hosts: localhost
   gather_facts: false
@@ -84,7 +85,8 @@
         - console-dso
 
   post_tasks:
-    - debug:
+    - name: Post-Install Disclaimer
+      ansible.builtin.debug:
         msg: "{{ dsc | get_debug_messages }}"
       tags:
-        - always
+        - always
diff --git a/roles/argocd/tasks/main.yaml b/roles/argocd/tasks/main.yaml
@@ -1,3 +1,4 @@
+---
 - name: Get argo client secret
   kubernetes.core.k8s_info:
     kind: Secret
@@ -12,7 +13,7 @@
       apiVersion: rbac.authorization.k8s.io/v1
       kind: ClusterRoleBinding
       metadata:
-        creationTimestamp: null
+        creationTimestamp:
         name: system:openshift:scc:privileged
       roleRef:
         apiGroup: rbac.authorization.k8s.io
@@ -34,13 +35,23 @@
     name: bitnami
     repo_url: https://charts.bitnami.com/bitnami
 
-- name: Set extra env vars
+- name: Set argo_values
   ansible.builtin.set_fact:
     argo_values: "{{ lookup('template', 'values.yaml.j2') | from_yaml }}"
 
+- name: Merge with proxy settings
+  when: dsc.proxy.enabled
+  block:
+    - name: Generate proxy values
+      ansible.builtin.set_fact:
+        argo_proxy_values: "{{ lookup('template', 'proxy-values.yaml.j2') | from_yaml }}"
+    - name: Merge with argo proxy values
+      ansible.builtin.set_fact:
+        argo_values: "{{ argo_values | combine(argo_proxy_values, recursive=True, list_merge='append') }}"
+
 - name: Merge with argo user values
   ansible.builtin.set_fact:
-    argo_values: "{{ argo_values | combine(dsc.argocd['values'], recursive=True) }}"
+    argo_values: "{{ argo_values | combine(dsc.argocd['values'], recursive=True, list_merge='append') }}"
 
 - name: Deploy helm
   kubernetes.core.helm:

diff --git a/roles/argocd/templates/proxy-values.yaml.j2 b/roles/argocd/templates/proxy-values.yaml.j2
@@ -0,0 +1,12 @@
+
+server:
+  extraEnvVars: &extraEnvVars
+    - name: HTTP_PROXY
+      value: "{{ dsc.proxy.http_proxy }}"
+    - name: HTTPS_PROXY
+      value: "{{ dsc.proxy.https_proxy }}"
+    - name: NO_PROXY
+      value: "{{ dsc.proxy.no_proxy }},argo-argo-cd-repo-server"
+
+repoServer:
+  extraEnvVars: *extraEnvVars
diff --git a/roles/argocd/templates/values.yaml.j2 b/roles/argocd/templates/values.yaml.j2
@@ -3,11 +3,7 @@ securityContext: &securityContext
     runAsUser: null
   podSecurityContext:
     fsGroup: null
-# TODO variabilize openshift boolean
-openshift:
-  enabled: true
-image:
-  PullPolicy: IfNotPresent
+
 config:
 {% if dsc.argocd.admin.enabled %}
   secret:
@@ -53,26 +49,10 @@ server:
         kinds:
         - TaskRun
         - PipelineRun
-  extraEnvVars:
-{% if dsc.proxy.enabled %}
-    - name: HTTP_PROXY
-      value: "{{ dsc.proxy.http_proxy }}"
-    - name: HTTPS_PROXY
-      value: "{{ dsc.proxy.https_proxy }}"
-    - name: NO_PROXY
-      value: "{{ dsc.proxy.no_proxy }},argo-argo-cd-repo-server"
-{% endif %}
+  extraEnvVars: []
 repoServer:
   <<: *securityContext
-  extraEnvVars:
-{% if dsc.proxy.enabled %}
-    - name: HTTP_PROXY
-      value: "{{ dsc.proxy.http_proxy }}"
-    - name: HTTPS_PROXY
-      value: "{{ dsc.proxy.https_proxy }}"
-    - name: NO_PROXY
-      value: "{{ dsc.proxy.no_proxy }}"
-{% endif %}
+  extraEnvVars: []
 extraDeploy:
   - apiVersion: v1
     data:

diff --git a/roles/ca/tasks/additionals_ca.yaml b/roles/ca/tasks/additionals_ca.yaml
@@ -1,3 +1,4 @@
+---
 - name: Set empty ca fact
   ansible.builtin.set_fact:
     additionals_ca_pem_array: []

diff --git a/roles/ca/tasks/exposed_ca.yaml b/roles/ca/tasks/exposed_ca.yaml
@@ -1,3 +1,4 @@
+---
 - name: No exposed_ca
   when: dsc.exposedCA.type == 'none'
   ansible.builtin.set_fact:
@@ -37,7 +38,7 @@
     - name: Get certmanager secret
       kubernetes.core.k8s_info:
         name: "{{ dsc.ingress.tls.ca.secretName }}"
-        namespace: "cert-manager"
+        namespace: cert-manager
         kind: Secret
       register: exposed_ca_resource
 
@@ -50,10 +51,10 @@
   block:
     - name: Get url
       ansible.builtin.shell:
-        cmd: "curl {{ dsc.exposedCA.url }} -s | openssl x509"
+        cmd: curl {{ dsc.exposedCA.url }} -s | openssl x509
       changed_when: false
       register: exposed_ca_resource
-      tags: ["skip_ansible_lint"]
+      tags: [skip_ansible_lint]
 
     - name: Extract key
       ansible.builtin.set_fact:

diff --git a/roles/ca/tasks/get-ca.yaml b/roles/ca/tasks/get-ca.yaml
@@ -1,3 +1,4 @@
+---
 - name: Get CA cert
   kubernetes.core.k8s_info:
     namespace: default
@@ -12,7 +13,7 @@
 
 - name: Set ca fact (secret)
   ansible.builtin.set_fact:
-    additionals_ca_pem_array: "{{ additionals_ca_pem_array + [( ca_cert.resources[0].data[key] | b64decode )] }}"
+    additionals_ca_pem_array: "{{ additionals_ca_pem_array + [(ca_cert.resources[0].data[key] | b64decode)] }}"
   when: kind == 'Secret' and key | length != 0
 
 - name: Set ca fact (cm)
@@ -25,7 +26,7 @@
 
 - name: Set ca fact (secret)
   ansible.builtin.set_fact:
-    additionals_ca_pem_array: "{{ additionals_ca_pem_array + [( ca_cert.resources[0].data[resKey.key] | b64decode )] }}"
+    additionals_ca_pem_array: "{{ additionals_ca_pem_array + [(ca_cert.resources[0].data[resKey.key] | b64decode)] }}"
   loop: "{{ ca_cert.resources[0].data | dict2items }}"
   when: kind == 'Secret' and key | length == 0
   loop_control:

diff --git a/roles/ca/tasks/main.yaml b/roles/ca/tasks/main.yaml
@@ -1,3 +1,4 @@
+---
 - name: Additionals_ca tasks
   ansible.builtin.include_tasks:
     file: additionals_ca.yaml

diff --git a/roles/cert-manager/tasks/main.yaml b/roles/cert-manager/tasks/main.yaml
@@ -1,3 +1,4 @@
+---
 - name: Add cert-manager helm repo
   kubernetes.core.helm_repository:
     name: jetstack
@@ -19,7 +20,17 @@
 
 - name: Set cert-manager helm values
   ansible.builtin.set_fact:
-    cm_values: "{{ lookup('template', 'values.yaml.j2') | from_yaml }}"
+    cm_values: {}
+
+- name: Merge with proxy settings
+  when: dsc.proxy.enabled
+  block:
+    - name: Generate proxy values
+      ansible.builtin.set_fact:
+        cm_proxy_values: "{{ lookup('template', 'proxy-values.yaml.j2') | from_yaml }}"
+    - name: Merge with cm proxy values
+      ansible.builtin.set_fact:
+        cm_values: "{{ cm_values | combine(cm_proxy_values, recursive=True, list_merge='append') }}"
 
 - name: Deploy helm
   kubernetes.core.helm:

diff --git a/roles/cert-manager/templates/proxy-values.yaml.j2 b/roles/cert-manager/templates/proxy-values.yaml.j2
@@ -0,0 +1,3 @@
+http_proxy: "{{ dsc.proxy.http_proxy }}"
+https_proxy: "{{ dsc.proxy.https_proxy }}"
+no_proxy: "{{ dsc.proxy.no_proxy }}"