gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fc70c68c26c3133d80a27a770349da51185deb65
home-server/ansible/roles/noble_kyverno/tasks/main.yml

68 lines
2.0 KiB
YAML
Raw Blame History

---
# Argo may have server-side-applied cluster FlowSchemas; Helm then fails with "conflict with argocd-controller".
- name: Read kyverno-admission-controller FlowSchema (if any) for SSA repair
ansible.builtin.command:
argv:
- kubectl
- get
- flowschemas.flowcontrol.apiserver.k8s.io
- kyverno-admission-controller
- --show-managed-fields=true
- -o
- json
environment:
KUBECONFIG: "{{ noble_kubeconfig }}"
register: noble_kyverno_flowschema_json
failed_when: false
changed_when: false
when: noble_kyverno_repair_argo_ssa_on_flowschema | default(true) | bool
- name: Remove kyverno-admission-controller FlowSchema when Argo is a field manager (Helm SSA conflict recovery)
ansible.builtin.command:
argv:
- kubectl
- delete
- flowschemas.flowcontrol.apiserver.k8s.io
- kyverno-admission-controller
- --wait=false
environment:
KUBECONFIG: "{{ noble_kubeconfig }}"
when:
- noble_kyverno_repair_argo_ssa_on_flowschema | default(true) | bool
- not (noble_kyverno_flowschema_json.skipped | default(false))
- noble_kyverno_flowschema_json.rc | default(-1) | int == 0
- (noble_kyverno_delete_kyverno_admission_flowschema_if_present | default(false) | bool) or ("argocd-controller" in (noble_kyverno_flowschema_json.stdout | default("")))
changed_when: true
- name: Create Kyverno namespace
ansible.builtin.command:
argv:
- kubectl
- apply
- -f
- "{{ noble_repo_root }}/clusters/noble/bootstrap/kyverno/namespace.yaml"
environment:
KUBECONFIG: "{{ noble_kubeconfig }}"
changed_when: true
- name: Install Kyverno operator
ansible.builtin.command:
argv:
- helm
- upgrade
- --install
- kyverno
- kyverno/kyverno
- -n
- kyverno
- --version
- "3.7.1"
- -f
- "{{ noble_repo_root }}/clusters/noble/bootstrap/kyverno/values.yaml"
- --wait
- --timeout
- 15m
environment:
KUBECONFIG: "{{ noble_kubeconfig }}"
changed_when: true
Reference in New Issue View Git Blame Copy Permalink