---
# helm uses some undecipherable configmaps, so we need to use the binary
- name: helm chart check
ansible.builtin.command:
argv:
- /usr/bin/env
- KUBECONFIG={{ ansible_facts['user_dir'] }}/kubeconfig-{{ cluster }}
- /usr/local/bin/helm
- -n
- stackrox
- list
- -o
- json
- --filter
- stackrox.*services
chdir: "{{ ansible_facts['user_dir'] }}"
register: helm_chart_status
- name: assert chart isn't there
set_fact:
helm_chart_present: false
- name: unless proven otherwise
set_fact:
helm_chart_present: true
when:
- helm_chart_status.stdout | from_json | list | length > 0
- (helm_chart_status.stdout | from_json | list)[0].status == "deployed"
- name: create helm vars
template:
src: templates/helm-vars.yml
dest: "{{ ansible_facts['user_dir'] }}/{{ clusters[cluster].name }}-helm-vars.yaml"
mode: 0600
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
when:
- not helm_chart_present
- name: check the repo
ansible.builtin.command:
argv:
- /usr/bin/env
- KUBECONFIG={{ ansible_facts['user_dir'] }}/kubeconfig-{{ cluster }}
- /usr/local/bin/helm
- repo
- list
- -o
- json
chdir: "{{ ansible_facts['user_dir'] }}"
ignore_errors: yes
register: repo_is_there
- name: add the repo
ansible.builtin.command:
argv:
- /usr/bin/env
- KUBECONFIG={{ ansible_facts['user_dir'] }}/kubeconfig-{{ cluster }}
- /usr/local/bin/helm
- repo
- add
- rhacs
- https://mirror.openshift.com/pub/rhacs/charts/
chdir: "{{ ansible_facts['user_dir'] }}"
when: repo_is_there.failed or (repo_is_there.stdout | from_json | list | length) == 0
- name: apply helm chart
ansible.builtin.command:
argv:
- /usr/bin/env
- KUBECONFIG={{ ansible_facts['user_dir'] }}/kubeconfig-{{ cluster }}
- /usr/local/bin/helm
- install
- -n
- stackrox
- --create-namespace
- stackrox-secured-cluster-services
- rhacs/secured-cluster-services
- -f
- "{{ ansible_facts['user_dir'] }}/{{ clusters[cluster].name }}-helm-bundle.yaml"
- -f
- "{{ ansible_facts['user_dir'] }}/{{ clusters[cluster].name }}-helm-vars.yaml"
chdir: "{{ ansible_facts['user_dir'] }}"
when:
- not helm_chart_present
...