Migrate to shoot_admin_kubeconfig (#342)

metal-stack · Nov 4, 2024 · 867c016 · 867c016
1 parent 1c07e77
commit 867c016
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 14 deletions.
diff --git a/control-plane/roles/gardener-monitoring-certs/tasks/deploy_cert.yaml b/control-plane/roles/gardener-monitoring-certs/tasks/deploy_cert.yaml
@@ -1,8 +1,7 @@
 ---
 - name: Get seed kubeconfig
-  copy:
-    dest: "/tmp/kubeconfig.{{ gardener_shooted_seed.name }}"
-    content: "{{ lookup('k8s', kubeconfig='/tmp/kubeconfig.garden', api_version='v1', namespace='garden', kind='Secret', resource_name=gardener_shooted_seed.name+'.kubeconfig').get('data', {}).get('kubeconfig') | b64decode }}"
+  set_fact:
+    _seed_kubeconfig: "{{ gardener_seeds_virtual_garden_kubeconfig | shoot_admin_kubeconfig('garden', gardener_shooted_seed.name) | from_yaml }}"
 
 - name: Add seed ingress certificate
   k8s:
@@ -19,15 +18,21 @@
         secretRef:
           name: seed-ingress-certificate
           namespace: garden
-    kubeconfig: "/tmp/kubeconfig.{{ gardener_shooted_seed.name }}"
+    kubeconfig: "{{ _seed_kubeconfig }}"
+    apply: true
 
 - name: Wait until ingress secret is ready
-  command: echo
+  k8s_info:
+    api_version: v1
+    kind: Secret
+    name: seed-ingress-certificate
+    namespace: garden
+    kubeconfig: "{{ _seed_kubeconfig }}"
   changed_when: false
-  retries: 60
+  register: result
   delay: 10
-  until:
-    - lookup('k8s', kubeconfig='/tmp/kubeconfig.'+gardener_shooted_seed.name, api_version='v1', namespace='garden', kind='Secret', resource_name='seed-ingress-certificate')
+  retries: 60
+  until: result.resources | length > 0
 
 - name: Prepare seed ingress certificate secret
   k8s:
@@ -40,4 +45,5 @@
         name: seed-ingress-certificate
         namespace: garden
       type: kubernetes.io/tls
-    kubeconfig: "/tmp/kubeconfig.{{ gardener_shooted_seed.name }}"
+    kubeconfig: "{{ _seed_kubeconfig }}"
+    apply: true
diff --git a/control-plane/roles/gardener-monitoring-certs/tasks/main.yaml b/control-plane/roles/gardener-monitoring-certs/tasks/main.yaml
@@ -38,11 +38,6 @@
         namespace: garden
       type: kubernetes.io/tls
 
-- name: Write virtual garden kubeconfig
-  copy:
-    dest: "/tmp/kubeconfig.garden"
-    content: "{{ gardener_seeds_virtual_garden_kubeconfig }}"
-
 - name:  Loop over Gardener seeds
   include_tasks: deploy_cert.yaml
   loop: "{{ gardener_seeds_shooted_seeds }}"