rht
/
ocp-ing-ichp-materials


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134
							---
# remove any realm imports
- name: Delete any realm import for the configured realm.
  block:
    - name: Remove the template realm import.
      kubernetes.core.k8s:
        kubeconfig: tmp/kubeconfig-ocp4
        validate_certs: no
        api_version: k8s.keycloak.org/v2alpha1
        kind: keycloakrealmimport
        namespace: "{{ rhbk.namespace | default('keycloak') }}"
        name: "{{ rhbk.name | default('sso') }}-{{ rhbk.realm | default('sample-realm') }}-import"
        state: absent

# remove the route
- name: Remove the re-encrypt route.
  kubernetes.core.k8s:
    kubeconfig: tmp/kubeconfig-ocp4
    validate_certs: no
    api_version: route.openshift.io/v1
    kind: route
    namespace: "{{ rhbk.namespace | default('keycloak') }}"
    name: "{{ rhbk.name | default('sso') }}"
    state: absent

- name: Check whether the Keycloak service exists (to remove the annotation from it).
  kubernetes.core.k8s_info:
    kubeconfig: tmp/kubeconfig-ocp4
    validate_certs: no
    api_version: v1
    kind: service
    namespace: "{{ rhbk.namespace | default('keycloak') }}"
    name: "{{ rhbk.name | default('sso') }}-service"
  register: service_is_there

# remove the annotation from the service
- name: Remove the TLS annotation from the service.
  kubernetes.core.k8s_json_patch:
    kubeconfig: tmp/kubeconfig-ocp4
    validate_certs: no
    api_version: v1
    kind: service
    namespace: "{{ rhbk.namespace | default('keycloak') }}"
    name: "{{ rhbk.name | default('sso') }}-service"
    patch:
      - op: remove
        path: /metadata/annotations/service.beta.openshift.io~1serving-cert-secret-name
  when:
    - service_is_there.resources is defined
    - service_is_there.resources | length == 1
    - service_is_there.resources[0].metadata is defined
    - service_is_there.resources[0].metadata.annotations is defined
    - service_is_there.resources[0].metadata.annotations.keys() is contains("service.beta.openshift.io/serving-cert-secret-name")

# remove the tls secret
- name: Remove the TLS secret.
  kubernetes.core.k8s:
    kubeconfig: tmp/kubeconfig-ocp4
    validate_certs: no
    api_version: v1
    kind: secret
    namespace: "{{ rhbk.namespace | default('keycloak') }}"
    name: "{{ rhbk.name | default('sso') }}-tls"
    state: absent

# remove the keycloak
- name: Remove the Keycloak.
  kubernetes.core.k8s:
    kubeconfig: tmp/kubeconfig-ocp4
    validate_certs: no
    api_version: k8s.keycloak.org/v2alpha1
    kind: keycloak
    namespace: "{{ rhbk.namespace | default('keycloak') }}"
    name: "{{ rhbk.name | default('sso') }}"
    state: absent

# TODO: Wait for anything here?

# remove bootstrap secret
- name: Remove the bootstrap credentials secret.
  kubernetes.core.k8s:
    kubeconfig: tmp/kubeconfig-ocp4
    validate_certs: no
    api_version: v1
    kind: secret
    namespace: "{{ rhbk.namespace | default('keycloak') }}"
    name: "{{ rhbk.name | default('sso') }}-auth"
    state: absent

# remove db service
- name: Remove the database service.
  kubernetes.core.k8s:
    kubeconfig: tmp/kubeconfig-ocp4
    validate_certs: no
    api_version: v1
    kind: service
    namespace: "{{ rhbk.namespace | default('keycloak') }}"
    name: "{{ rhbk.name | default('sso') }}-db"
    state: absent

# remove db sts
- name: Remove the database statefulset.
  kubernetes.core.k8s:
    kubeconfig: tmp/kubeconfig-ocp4
    validate_certs: no
    api_version: apps/v1
    kind: statefulset
    namespace: "{{ rhbk.namespace | default('keycloak') }}"
    name: "{{ rhbk.name | default('sso') }}-db"
    state: absent

# remove db credential secret
- name: Remove the database credentials secret.
  kubernetes.core.k8s:
    kubeconfig: tmp/kubeconfig-ocp4
    validate_certs: no
    api_version: v1
    kind: secret
    namespace: "{{ rhbk.namespace | default('keycloak') }}"
    name: "{{ rhbk.name | default('sso') }}-db-auth"
    state: absent

# remove pvcs
- name: Finally, remove the PVC(s).
  kubernetes.core.k8s:
    kubeconfig: tmp/kubeconfig-ocp4
    validate_certs: no
    api_version: v1
    kind: persistentvolumeclaim
    namespace: "{{ rhbk.namespace | default('keycloak') }}"
    # TODO: if rhbk.db.replicas is implemented this will need to become a loop
    name: "{{ rhbk.name | default('sso') }}-db-data-{{ rhbk.name | default('sso') }}-db-0"
    state: absent
...