|
|
@@ -3,6 +3,8 @@
|
|
|
hosts: workstation.lab.example.com
|
|
|
gather_subset: min
|
|
|
become: no
|
|
|
+ vars:
|
|
|
+ ge_nsp: deployments-strategy
|
|
|
tasks:
|
|
|
- name: Make sure kubeconfig is there on utility
|
|
|
delegate_to: utility.lab.example.com
|
|
|
@@ -30,13 +32,13 @@
|
|
|
validate_certs: no
|
|
|
api_version: v1
|
|
|
kind: namespace
|
|
|
- name: deployments-strategy
|
|
|
- register: ge_nsp
|
|
|
+ name: "{{ ge_nsp }}"
|
|
|
+ register: ge_exists
|
|
|
|
|
|
- name: Fail if the namespace exists
|
|
|
fail:
|
|
|
- msg: "The exercise namespace already exists: deployments-strategy; please run strategy-finish.yml to clean up first and then re-run this playbook."
|
|
|
- when: ge_nsp.resources | length > 0
|
|
|
+ msg: "The exercise namespace already exists: {{ ge_nsp }}; please run strategy-finish.yml to clean up first and then re-run this playbook."
|
|
|
+ when: ge_exists.resources | length > 0
|
|
|
|
|
|
- name: Ensure there is a namespace for the exercise
|
|
|
k8s:
|
|
|
@@ -44,5 +46,23 @@
|
|
|
validate_certs: no
|
|
|
api_version: v1
|
|
|
kind: namespace
|
|
|
- name: deployments-strategy
|
|
|
+ name: "{{ ge_nsp }}"
|
|
|
+
|
|
|
+ - name: Give developer admin role in the project
|
|
|
+ k8s:
|
|
|
+ kubeconfig: tmp/kubeconfig-ocp4
|
|
|
+ validate_certs: no
|
|
|
+ api_version: rbac.authorization.k8s.io/v1
|
|
|
+ kind: rolebinding
|
|
|
+ namespace: "{{ ge_nsp }}"
|
|
|
+ name: dev-admin
|
|
|
+ definition:
|
|
|
+ roleRef:
|
|
|
+ apiGroup: rbac.authorization.k8s.io
|
|
|
+ kind: ClusterRole
|
|
|
+ name: admin
|
|
|
+ subjects:
|
|
|
+ - apiGroup: rbac.authorization.k8s.io
|
|
|
+ kind: User
|
|
|
+ name: developer
|
|
|
|
