From 3f7a6e04758ac28aa51bd66b67f600534f646ff0 Mon Sep 17 00:00:00 2001
From: Cian Johnston <cian.johnston@est.tech>
Date: Wed, 3 Mar 2021 10:15:37 +0000
Subject: [PATCH] Changes for Helm v3 compatibility:

 * Helm v3 complains if kubeconfig is world-readable. Setting permissions
   on /root/.kube/config to keep it happy.
 * Add local helm repos in prometheus/spinnaker install tasks
 * Pinning openshift due to regression in kubernetes client

Signed-off-by: Cian Johnston <cian.johnston@est.tech>
Change-Id: Ie0dc3d9c7af4eda5a4d56461f9e3e4341ea7a12c
---
 .../playbooks/roles/install/tasks/main.yaml        | 14 ++++++++++++++
 .../playbooks/roles/install/tasks/main.yml         | 13 +++++++++++++
 .../roles/postinstall/tasks/configure-jumphost.yml |  4 ++--
 playbooks/roles/postinstall/vars/main.yaml         |  3 +++
 4 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/apps/prometheus/kubespray/playbooks/roles/install/tasks/main.yaml b/apps/prometheus/kubespray/playbooks/roles/install/tasks/main.yaml
index 98aca07..ed9a2c9 100644
--- a/apps/prometheus/kubespray/playbooks/roles/install/tasks/main.yaml
+++ b/apps/prometheus/kubespray/playbooks/roles/install/tasks/main.yaml
@@ -36,6 +36,11 @@
       src: "index.yaml.j2"
       dest: "{{ engine_workspace }}/offline/charts/stable/index.yaml"
       force: true
+
+  - name: Create local repo index (empty initially)
+    command: "helm repo index {{ engine_workspace }}/offline/charts/local/"
+    args:
+      creates: "{{ engine_workspace }}/offline/charts/local/index.yaml"
   when: execution_mode == "offline-deployment"
 
 - name: Initialize Helm
@@ -59,6 +64,15 @@
     and execution_mode == "online-deployment"
     and helm_repo_list_result is not search(stable_repo_url)
 
+- name: Add local helm repo (helm v3+)
+  command: "helm repo add local {{ local_repo_url }}"
+  register: helm_repo_add_local_result
+  changed_when: true
+  when: >
+    helm_version is version('v3.0.0', '>=')
+    and execution_mode == "offline-deployment"
+    and helm_repo_list_result is not search(local_repo_url)
+
 - name: Clone Helm Charts repository
   git:
     repo: "{{ helm_charts_git_url }}"
diff --git a/apps/spinnaker/kubespray/playbooks/roles/install/tasks/main.yml b/apps/spinnaker/kubespray/playbooks/roles/install/tasks/main.yml
index ddff98e..e90fbad 100644
--- a/apps/spinnaker/kubespray/playbooks/roles/install/tasks/main.yml
+++ b/apps/spinnaker/kubespray/playbooks/roles/install/tasks/main.yml
@@ -36,6 +36,10 @@
       src: "index.yaml.j2"
       dest: "{{ engine_workspace }}/offline/charts/stable/index.yaml"
       force: true
+
+  - name: Create local repo index (empty initially)
+    command: "helm repo index {{ engine_workspace }}/offline/charts/local/"
+    creates: "{{ engine_workspace }}/offline/charts/local/index.yaml"
   when: execution_mode == "offline-deployment"
 
 - name: Initialize Helm
@@ -59,6 +63,15 @@
     and execution_mode == "online-deployment"
     and helm_repo_list_result is not search(stable_repo_url)
 
+- name: Add local helm repo (helm v3+)
+  command: "helm repo add local {{ local_repo_url }}"
+  register: helm_repo_add_local_result
+  changed_when: true
+  when: >
+    helm_version is version('v3.0.0', '>=')
+    and execution_mode == "offline-deployment"
+    and helm_repo_list_result is not search(local_repo_url)
+
 - name: Clone Helm Charts repository
   git:
     repo: "{{ helm_charts_git_url }}"
diff --git a/playbooks/roles/postinstall/tasks/configure-jumphost.yml b/playbooks/roles/postinstall/tasks/configure-jumphost.yml
index a5dc9a6..4ba1e90 100644
--- a/playbooks/roles/postinstall/tasks/configure-jumphost.yml
+++ b/playbooks/roles/postinstall/tasks/configure-jumphost.yml
@@ -22,7 +22,7 @@
 
 - name: Install openshift
   pip:
-    name: openshift
+    name: "openshift=={{ openshift_version }}"
 
 - name: Ensure /root/.kube folder exists and empty
   file:
@@ -39,7 +39,7 @@
     src: "{{ engine_cache }}/repos/kubespray/inventory/engine/artifacts/admin.conf"
     dest: "/root/.kube/config"
     owner: "root"
-    mode: 0644
+    mode: 0600
 
 - name: Download kubectl and place it to /usr/local/bin
   get_url:
diff --git a/playbooks/roles/postinstall/vars/main.yaml b/playbooks/roles/postinstall/vars/main.yaml
index 9c1177b..01abd5b 100644
--- a/playbooks/roles/postinstall/vars/main.yaml
+++ b/playbooks/roles/postinstall/vars/main.yaml
@@ -18,5 +18,8 @@
 # ============LICENSE_END=========================================================
 
 jumphost: "{{ 'jumphost' if provisioner_type == 'heat' else 'localhost' }}"
+# NOTE (cian): pinning openshift due to regression in 0.12
+# Ref: https://github.com/ansible-collections/community.kubernetes/issues/283
+openshift_version: "0.11"
 
 # vim: set ts=2 sw=2 expandtab:
-- 
2.25.1