--- - name: Ensure an empty /tmp/kube.config ansible.builtin.file: path: /tmp/kube.config state: touch - name: Get existing kube.config from the secret ansible.builtin.shell: > kubectl get secret nodepool-providers-secrets \ -o jsonpath="{.data.kube\.config}" | base64 --decode > /tmp/kube.config failed_when: false - name: Create a fake clouds.yaml copy: dest: "/tmp/clouds.yaml" content: | cache: expiration: server: 5 port: 5 floating-ip: 5 image.images: 5 metrics: statsd: prefix: nodepool.openstack clouds: nimbus: api_timeout: 60 auth: username: user1 password: password1 auth_url: https://keystone.nimbus/v2.0 project_name: my-project image_format: raw metrics: statsd: prefix: nodepool.openstack.nimbus cumulus: api_timeout: 60 auth: username: user2 password: password2 auth_url: https://keystone.cumulus/v2.0 project_name: my-other-project image_format: raw metrics: statsd: prefix: nodepool.openstack.cumulus - name: Update the secret clouds.yaml key ansible.builtin.shell: > kubectl create secret generic nodepool-providers-secrets \ --from-file=clouds.yaml=/tmp/clouds.yaml \ --from-file=kube.config=/tmp/kube.config \ --dry-run=client -o yaml | kubectl apply -f - - name: Wait for secrets to be updated ansible.builtin.include_role: name: "health-check/check-sf-resource-ready" - name: "Check that clouds.yaml available in nodepool-builder" ansible.builtin.shell: | kubectl exec nodepool-builder-0 -- bash -c "ls /var/lib/nodepool/.config/openstack/clouds.yaml" register: _result retries: 60 delay: 1 until: _result.rc == 0 - name: "Check that clouds.yaml available in nodepool-launcher containers" ansible.builtin.shell: | POD=$(kubectl get pods -l=run=nodepool-launcher -o name | tail -n 1) kubectl exec $POD -- bash -c "ls /var/lib/nodepool/.config/openstack/clouds.yaml" register: _result retries: 60 delay: 1 until: _result.rc == 0