diff options
| author | Jan Chaloupka <jchaloup@redhat.com> | 2017-02-11 10:06:42 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-02-11 10:06:42 +0100 |
| commit | 9d25cb0280664f8bdef6247c8dc13520c90756da (patch) | |
| tree | dd4d1022288e0d2f8ef805459230a724a3b49ca5 /roles/openshift_hosted | |
| parent | 7c948bc637480e6d292b8af18b7a4c90b71d747c (diff) | |
| parent | b0f065dde8ddf14a8712a769152e63faea6688a3 (diff) | |
| download | openshift-9d25cb0280664f8bdef6247c8dc13520c90756da.tar.gz openshift-9d25cb0280664f8bdef6247c8dc13520c90756da.tar.bz2 openshift-9d25cb0280664f8bdef6247c8dc13520c90756da.tar.xz openshift-9d25cb0280664f8bdef6247c8dc13520c90756da.zip | |
Merge pull request #3307 from ingvagabund/oc_serviceaccount_secret
Replace service account secrets handling with oc_serviceaccount_secret module
Diffstat (limited to 'roles/openshift_hosted')
| -rw-r--r-- | roles/openshift_hosted/meta/main.yml | 1 | ||||
| -rw-r--r-- | roles/openshift_hosted/tasks/registry/secure.yml | 10 | ||||
| -rw-r--r-- | roles/openshift_hosted/tasks/registry/storage/object_storage.yml | 22 |
3 files changed, 13 insertions, 20 deletions
diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml index ca5e88b15..ced71bb41 100644 --- a/roles/openshift_hosted/meta/main.yml +++ b/roles/openshift_hosted/meta/main.yml @@ -14,6 +14,7 @@ galaxy_info: dependencies: - role: openshift_cli - role: openshift_hosted_facts +- role: lib_openshift - role: openshift_projects openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}" - role: openshift_serviceaccounts diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index d87a3847c..84b69d94c 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -54,10 +54,12 @@ failed_when: "'already exists' not in create_registry_certificates_secret.stderr and create_registry_certificates_secret.rc != 0" - name: "Add the secret to the registry's pod service accounts" - command: > - {{ openshift.common.client_binary }} secrets add {{ item }} registry-certificates - --config={{ openshift_hosted_kubeconfig }} - -n default + oc_serviceaccount_secret: + service_account: "{{ item }}" + secret: registry-certificates + namespace: default + kubeconfig: "{{ openshift_hosted_kubeconfig }}" + state: present with_items: - registry - default diff --git a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml index e56a68e27..15128784e 100644 --- a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml +++ b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml @@ -53,23 +53,13 @@ create -f - when: secrets.rc == 1 -- name: Determine if service account contains secrets - command: > - {{ openshift.common.client_binary }} - --config={{ openshift_hosted_kubeconfig }} - --namespace={{ openshift.hosted.registry.namespace | default('default') }} - get serviceaccounts registry - -o jsonpath='{.secrets[?(@.name=="{{ registry_config_secret_name }}")].name}' - register: serviceaccount - changed_when: false - - name: Add secrets to registry service account - command: > - {{ openshift.common.client_binary }} - --config={{ openshift_hosted_kubeconfig }} - --namespace={{ openshift.hosted.registry.namespace | default('default') }} - secrets add serviceaccount/registry secrets/{{ registry_config_secret_name }} - when: serviceaccount.stdout == '' + oc_serviceaccount_secret: + service_account: registry + secret: "{{ registry_config_secret_name }}" + namespace: "{{ openshift.hosted.registry.namespace | default('default') }}" + kubeconfig: "{{ openshift_hosted_kubeconfig }}" + state: present - name: Determine if deployment config contains secrets command: > |