imp: sync certs removed ansible playbook, changed env names - working using gitactions ci/cd

2025-10-18 20:40:48 +00:00
parent 8b5601f9db
commit f448b03ed7
4 changed files with 10 additions and 69 deletions
--- a/.gitea/workflows/deploy-sync-certs-job.yml
+++ b/.gitea/workflows/deploy-sync-certs-job.yml
@@ -13,9 +13,9 @@ jobs:
    - name: docker compose up
      env:
        KUBERNETES_SERVER: ${{ secrets.KUBERNETES_SERVER }}
-        KUBERNETES_CLIENT_CRT_DATA: ${{ secrets.KUBERNETES_CLIENT_CRT_DATA }}
-        KUBERNETES_CLIENT_KEY_DATA: ${{ secrets.KUBERNETES_CLIENT_KEY_DATA }}
-        KUBERNETES_CRT_AUTHORITY_DATA: ${{ secrets.KUBERNETES_CRT_AUTHORITY_DATA }}
+        KUBERNETES_CLIENT_CRT_BASE64: ${{ secrets.KUBERNETES_CLIENT_CRT_BASE64 }}
+        KUBERNETES_CLIENT_KEY_BASE64: ${{ secrets.KUBERNETES_CLIENT_KEY_BASE64 }}
+        KUBERNETES_CRT_AUTHORITY_BASE64: ${{ secrets.KUBERNETES_CRT_AUTHORITY_BASE64 }}
      run:  |
          docker compose -f ./casa-limbosolutions-com/sync-certs-job/docker-compose.yaml up -d --pull always 

--- a/casa-limbosolutions-com/sync-certs-job/README.md
+++ b/casa-limbosolutions-com/sync-certs-job/README.md
--- a/casa-limbosolutions-com/sync-certs-job/deploy.ansible.yaml
+++ b/casa-limbosolutions-com/sync-certs-job/deploy.ansible.yaml
@@ -1,55 +0,0 @@
- name: Deploy Sync certificates Job
-  hosts:
-    - homesrv01
-  vars:
-    context:
-      copy: true
-      register_cron: true
-      run_now: true
-      target_folder: "/etc/myLimbo/casa-limbo-solutions-com/sync-cert-jobs"
-      
-  tasks:
-    - name: Enforce Target Folder
-      become: true
-      ansible.builtin.file:
-        path: "{{ context.target_folder }}"
-        state: directory
-        mode: '700' #only root
-        recurse: true
-      when: context.copy
-
-    - name: Copy Files
-      become: true
-      ansible.builtin.copy:
-        dest: "{{ context.target_folder }}"
-        src: "{{ item }}"
-        mode: '700' #only root
-      loop:
-        - ./docker-compose.yaml
-        - ./.env
-      when: context.copy
-
-
-    - name: Register Cron job
-      become: true
-      ansible.builtin.cron:
-        user: root
-        name: auto-update
-        weekday: "*"
-        minute: "0"
-        hour: "0"
-        job:  "/usr/bin/docker compose -f {{ context.target_folder }}/docker-compose.yaml up | /usr/bin/logger -t mylimbo.casa-limbosolutions-com"
-        cron_file: mylimbo_casa-limbosolutions-com
-      when: context.register_cron
-
-    - name: Execute now
-      become: true
-      ansible.builtin.shell:
-        "/usr/bin/docker compose -f {{ context.target_folder }}/docker-compose.yaml up"
-      register: exec_now_output
-      when: context.run_now
-
-    - name: Execute now - stdout
-      ansible.builtin.debug:
-        var: exec_now_output.stdout_lines
-      when: context.run_now
--- a/casa-limbosolutions-com/sync-certs-job/docker-compose.yaml
+++ b/casa-limbosolutions-com/sync-certs-job/docker-compose.yaml
@@ -4,22 +4,18 @@ configs:
    content: |
      #!/bin/bash
      ##############################################################################################################################
-      # notes:
-      # --certificate-authority="$${KUBERNETES_CRT_AUTHORITY}" not working, dont hnow why, so using --insecure-skip-tls-verify
-      ##############################################################################################################################
-      
      
      set -e
      mkdir -p /tmp/.kube

      echo "Trace: Setup kube"
   
-      echo "Trace: Processing KUBERNETES_CRT_AUTHORITY_DATA"
-      base64 -d <<< "${KUBERNETES_CRT_AUTHORITY_DATA}" > "$${KUBERNETES_CRT_AUTHORITY}"
-      echo "Trace: Processing KUBERNETES_CLIENT_CRT_DATA"
-      base64 -d <<< "${KUBERNETES_CLIENT_CRT_DATA}" > "$${KUBERNETES_CLIENT_CRT}"
-      echo "Trace: Processing KUBERNETES_CLIENT_KEY_DATA"
-      base64 -d <<< "${KUBERNETES_CLIENT_KEY_DATA}" > "$${KUBERNETES_CLIENT_KEY}"
+      echo "Trace: Processing KUBERNETES_CRT_AUTHORITY_BASE64"
+      base64 -d <<< "${KUBERNETES_CRT_AUTHORIT_BASE64}" > "$${KUBERNETES_CRT_AUTHORITY}"
+      echo "Trace: Processing KUBERNETES_CLIENT_CRT_BASE64"
+      base64 -d <<< "${KUBERNETES_CLIENT_CRT_BASE64}" > "$${KUBERNETES_CLIENT_CRT}"
+      echo "Trace: Processing KUBERNETES_CLIENT_KEY_BASE64"
+      base64 -d <<< "${KUBERNETES_CLIENT_KEY_BASE64}" > "$${KUBERNETES_CLIENT_KEY}"

      # while true ; do
      #   sleep 5
@@ -48,7 +44,7 @@ configs:
          while IFS=' ' read -r KEY VALUE; do
            echo "Processing key: $$KEY"
            # Decode the base64 value and save it to the appropriate file
-            echo "Trace: Saving key: $$KEY"
+            echo "Trace: Saving key: /etc/ssl/certs/casa-limbosolutions-com-certs/$${CERT_NAME}_$${KEY}"
            echo "$$VALUE" | base64 -d > "/etc/ssl/certs/casa-limbosolutions-com-certs/$${CERT_NAME}_$${KEY}"
          done
      done