sidecarInjector.yml

---
- name: Find status of the sidecar injector deployment. Set status once found.
  block:
    - name: Check if sidecar injector is configued
      k8s_facts:
        kind: Pod
        api_version: v1
        namespace: injectors
      register: pod_list

    - name: set variable with name of pod
      set_fact:
        pod_name: "{{ item }}"
      loop: "{{pod_list | json_query('resources[*].metadata.name')}}"

    - name: Set sidecarinjector status to configured
      set_fact:
        sidecarinjector: "configured"
      when: pod_name is defined 

    - name: Set variable value to not configured if there aren't running pods
      set_fact:
        sidecarinjector: "notConfigured"
      when: pod_name is not defined 

- name: Configure DAP Mutating Webhook
  block:
    - name: Download injector files
      git:
        clone: yes
        repo: https://github.com/cyberark/sidecar-injector.git
        dest: "{{ playbook_dir }}/files/manifests/sidecarInjector"
        force: yes

    - name: Create injectors namespace
      k8s:
        name: injectors
        api_version: v1
        kind: Namespace
        state: present
        wait: yes
        wait_condition:
          reason: completed
          status: "True"
        wait_timeout: 360
    
    - name: Create a signed cert/key pair and store it in a Kubernetes secret that will be consumed by sidecar injector deployment
      shell: |
        ./webhook-create-signed-cert.sh --service cyberark-sidecar-injector --secret cyberark-sidecar-injector --namespace injectors
      args:
        chdir: "{{ playbook_dir }}/files/manifests/sidecarInjector/deployment"

    - name: Patch the MutatingWebhookConfiguration by setting caBundle with correct value from Kubernetes cluster
      shell: |
        cat mutatingwebhook.yaml | ./webhook-patch-ca-bundle.sh --namespace-selector-label cyberark-sidecar-injector --service cyberark-sidecar-injector --namespace injectors > mutatingwebhook-ca-bundle.yaml
      args:
        chdir: "{{ playbook_dir }}/files/manifests/sidecarInjector/deployment"

    - name: Remove Mutating webhooks file
      file:
        state: absent
        path: "{{ playbook_dir }}/files/manifests/sidecarInjector/deployment/mutatingwebhook.yaml"

    - name: Find all manifests in manifests/sidecarInjector directory
      find:
        paths: "{{ playbook_dir }}/files/manifests/sidecarInjector/deployment"
        file_type: file
        use_regex: yes
        patterns:
          - '.*.yml$'
          - '.*.yaml$'
      register: sidecarManifests

    - name: Load Cluster tools manifests
      k8s:
        state: present
        src: "{{ sidecarInjectorLoad }}"
        namespace: injectors
        wait: yes
        wait_condition:
          reason: completed
          status: "True"
        wait_timeout: 360
      loop: "{{ sidecarManifests.files | map(attribute='path') | list }}"
      loop_control:
        loop_var: sidecarInjectorLoad

    - name: Set demo stage status
      set_fact:
        demoStage: "mutatingWebHookLoaded"
  when: sidecarinjector == "notConfigured"