Add sealedsecrets values override parameter (#46)

.ansible-lint-ignore

@@ -8,7 +8,6 @@ tasks/verify/certs.yml jinja[spacing]
 tasks/verify/ingress.yml jinja[spacing]
 tasks/verify/install.yml jinja[spacing]
 tasks/verify/mysql.yml jinja[spacing]
-tasks/verify/olm.yml jinja[spacing]
 tasks/verify/pods.yml jinja[spacing]
 tasks/verify/secrets.yml jinja[spacing]
 tasks/verify/service.yml jinja[spacing]

tasks/deploy.yml

@@ -23,10 +23,6 @@
   ansible.builtin.include_tasks: "deploy/longhorn.yml"
   when: k8s_longhorn_deploy | bool
 
-- name: Include olm deployment tasks
-  ansible.builtin.include_tasks: "deploy/olm.yml"
-  when: k8s_olm_deploy | bool
-
 - name: Include argocd deployment tasks
   ansible.builtin.include_tasks: "deploy/argocd.yml"
   when: k8s_argocd_deploy | bool

tasks/deploy/argocd.yml

@@ -11,7 +11,7 @@
     name: argocd
     chart_ref: "{{ k8s_argocd_chart.name }}"
     chart_repo_url: "{{ k8s_argocd_chart.repo }}"
-    chart_version: "{{ k8s_argocd_chart.release }}"
+    chart_version: "{{ _release }}"
     release_namespace: "{{ k8s_argocd_namespace }}"
     create_namespace: true
     state: present
@@ -20,6 +20,8 @@
     values: "{{ k8s_argocd_chart_values }}"
     kubeconfig: "{{ k8s_kubeconfig | default(omit) }}"
     binary_path: "{{ lookup('ansible.builtin.env', 'HELM_BIN', default=k8s_helm_bin) }}"
+  vars:
+    _release: "{{ k8s_argocd_chart_release | default(k8s_argocd_chart.release) }}"
 
 - name: Query argocd-repo-server definition
   ansible.builtin.set_fact:
@@ -93,7 +95,7 @@
     name: argocd-apps
     chart_ref: "{{ k8s_argocd_apps_chart.name }}"
     chart_repo_url: "{{ k8s_argocd_apps_chart.repo }}"
-    chart_version: "{{ k8s_argocd_apps_chart.release }}"
+    chart_version: "{{ _release }}"
     release_namespace: "{{ k8s_argocd_apps_namespace }}"
     create_namespace: true
     state: present
@@ -102,3 +104,5 @@
     values: "{{ k8s_argocd_apps_chart_values }}"
     kubeconfig: "{{ k8s_kubeconfig | default(omit) }}"
     binary_path: "{{ lookup('ansible.builtin.env', 'HELM_BIN', default=k8s_helm_bin) }}"
+  vars:
+    _release: "{{ k8s_argocd_apps_chart_release | default(k8s_argocd_apps_chart.release) }}"

tasks/deploy/certmanager.yml

@@ -4,7 +4,7 @@
     name: cert-manager
     chart_ref: "{{ k8s_certmanager_chart.name }}"
     chart_repo_url: "{{ k8s_certmanager_chart.repo }}"
-    chart_version: "{{ k8s_certmanager_chart.release }}"
+    chart_version: "{{ _release }}"
     release_namespace: "{{ k8s_certmanager_namespace }}"
     create_namespace: true
     state: present
@@ -19,6 +19,8 @@
         nameservers:
           - 1.1.1.1
           - 8.8.8.8
+  vars:
+    _release: "{{ k8s_certmanager_chart_release | default(k8s_certmanager_chart.release) }}"
 
 - name: Deploy cloudflare cluster issuer
   when: k8s_certmanager_issuer_name == 'letsencrypt'

tasks/deploy/check.yml

@@ -1,9 +1,23 @@
 ---
-- name: Check cluster type input
+- name: Set version certmanager release facts
+  ansible.builtin.set_fact:
+    k8s_certmanager_chart_release: "{{ k8s_certmanager_chart.release }}"
+  when: k8s_certmanager_chart_release is not defined
+
+- name: Set version certmanager release facts
+  ansible.builtin.set_fact:
+    k8s_nginx_chart_release: "{{ k8s_nginx_chart.release }}"
+  when: k8s_nginx_chart_release is not defined
+
+- name: Check cluster name parameter
+  ansible.builtin.assert:
+    fail_msg: "k8s_cluster_name must be defined"
+    that: k8s_cluster_name is defined
+
+- name: Check cluster type parameter
   ansible.builtin.assert:
     fail_msg: "k8s_cluster_type must be one of [{{ valid_cluster_types | join(', ') }}]"
-    that:
-      - k8s_cluster_type in valid_cluster_types
+    that: k8s_cluster_type in valid_cluster_types
   vars:
     valid_cluster_types:
       - local
@@ -31,8 +45,7 @@
         - name: Check public address pool range
           ansible.builtin.assert:
             fail_msg: "public address pool range must be set as subnet/prefix"
-            that:
-              - k8s_address_pool_public_iprange | ansible.utils.ipaddr('network/prefix')
+            that: k8s_address_pool_public_iprange | ansible.utils.ipaddr('network/prefix')
 
         - name: Extend k8s_address_pool metadata
           ansible.builtin.set_fact:
@@ -50,8 +63,7 @@
 - name: Check MetalLB pool definitions
   ansible.builtin.assert:
     fail_msg: "k8s_address_pools must not be empty"
-    that:
-      - k8s_address_pools | length > 0
+    that: k8s_address_pools | length > 0
 
 - name: Debug MetalLB pool configuration
   ansible.builtin.debug:
@@ -67,28 +79,25 @@
 - name: Check nginx ingress controller release
   ansible.builtin.assert:
     fail_msg: "k8s_nginx_chart_release must be at least '{{ chart_release_min }}'"
-    that:
-      - chart_release_req_normalized is version(chart_release_min_normalized, operator='ge')
+    that: chart_release_req_normalized is version(chart_release_min_normalized, operator='ge')
   vars:
     chart_release_min: "4.0.15"
-    chart_release_req_normalized: "{{ k8s_nginx_chart.release | regex_replace('^v', '') }}"
+    chart_release_req_normalized: "{{ k8s_nginx_chart_release | regex_replace('^v', '') }}"
     chart_release_min_normalized: "{{ chart_release_min | regex_replace('^v', '') }}"
 
 - name: Check certmanager release
   ansible.builtin.assert:
-    fail_msg: "k8s_certmanager_chart.release must be at least '{{ _release_min }}'"
-    that:
-      - _release_string is version(_release_min, operator='ge' )
+    fail_msg: "k8s_certmanager_chart_release must be at least '{{ _release_min }}'"
+    that: _release_string is version(_release_min, operator='ge' )
   vars:
-    _release_string: "{{ (k8s_certmanager_chart.release | regex_replace('^v', '')) }}"
+    _release_string: "{{ (k8s_certmanager_chart_release | regex_replace('^v', '')) }}"
     _release_min: "{{ 'v1.6.1' | regex_replace('^v', '') }}"
 
 - name: Check certmanager name
   ansible.builtin.assert:
     fail_msg: >
       k8s_certmanager_issuer_name must be one of [{{ valid_issuer_names | join(', ') }}]
-    that:
-      - k8s_certmanager_issuer_name in valid_issuer_names
+    that: k8s_certmanager_issuer_name in valid_issuer_names
   vars:
     valid_issuer_names:
       - local
@@ -97,6 +106,5 @@
 - name: Check certmanager secret
   ansible.builtin.assert:
     fail_msg: k8s_certmanager_secret must be set for letsenrypt issuer
-    that:
-      - k8s_certmanager_secret is defined
+    that: k8s_certmanager_secret is defined
   when: k8s_certmanager_issuer_name == 'letsencrypt'

tasks/deploy/keel.yml

@@ -4,7 +4,7 @@
     name: keel
     chart_ref: "{{ k8s_keel_chart.name }}"
     chart_repo_url: "{{ k8s_keel_chart.repo }}"
-    chart_version: "{{ k8s_keel_chart.release }}"
+    chart_version: "{{ _release }}"
     release_namespace: "{{ k8s_keel_namespace }}"
     create_namespace: true
     state: present
@@ -15,3 +15,5 @@
     values:
       helmProvider:
         version: "v3"
+  vars:
+    _release: "{{ k8s_keel_chart_release | default(k8s_keel_chart.release) }}"

tasks/deploy/longhorn.yml

@@ -4,7 +4,7 @@
     name: longhorn
     chart_ref: "{{ k8s_longhorn_chart.name }}"
     chart_repo_url: "{{ k8s_longhorn_chart.repo }}"
-    chart_version: "{{ k8s_longhorn_chart.release }}"
+    chart_version: "{{ _release }}"
     release_namespace: "{{ k8s_longhorn_namespace }}"
     create_namespace: true
     state: present
@@ -13,3 +13,5 @@
     kubeconfig: "{{ k8s_kubeconfig | default(omit) }}"
     binary_path: "{{ lookup('ansible.builtin.env', 'HELM_BIN', default=k8s_helm_bin) }}"
     values: "{{ k8s_longhorn_chart_values }}"
+  vars:
+    _release: "{{ k8s_longhorn_chart_release | default(k8s_longhorn_chart.release) }}"

tasks/deploy/metallb.yml

@@ -4,7 +4,7 @@
     name: metallb
     chart_ref: "{{ k8s_metallb_chart.name }}"
     chart_repo_url: "{{ k8s_metallb_chart.repo }}"
-    chart_version: "{{ k8s_metallb_chart.release }}"
+    chart_version: "{{ _release }}"
     release_namespace: "{{ k8s_metallb_namespace }}"
     create_namespace: true
     state: present
@@ -15,6 +15,8 @@
         secretValue: "{{ k8s_metallb_speaker_secret }}"
     kubeconfig: "{{ k8s_kubeconfig | default(omit) }}"
     binary_path: "{{ lookup('ansible.builtin.env', 'HELM_BIN', default=k8s_helm_bin) }}"
+  vars:
+    _release: "{{ k8s_metallb_chart_release | default(k8s_metallb_chart.release) }}"
 
 - name: Create MetalLB pools
   kubernetes.core.k8s:

tasks/deploy/mysql.yml

@@ -4,11 +4,13 @@
     name: mysql
     chart_ref: "{{ k8s_mysql_chart.name }}"
     chart_repo_url: "{{ k8s_mysql_chart.repo }}"
-    chart_version: "{{ k8s_mysql_chart.release }}"
+    chart_version: "{{ _release }}"
     release_namespace: "{{ k8s_mysql_namespace }}"
     create_namespace: true
     state: present
     wait: true
     wait_timeout: "{{ k8s_mysql_wait_timeout }}s"
     kubeconfig: "{{ k8s_kubeconfig | default(omit) }}"
     binary_path: "{{ k8s_helm_bin | default(omit) }}"
+  vars:
+    _release: "{{ k8s_mysql_chart_release | default(k8s_mysql_chart.release) }}"

tasks/deploy/nginx/aws.yml

@@ -4,7 +4,7 @@
     name: "{{ ingress_name }}"
     chart_ref: "{{ k8s_nginx_chart.name }}"
     chart_repo_url: "{{ k8s_nginx_chart.repo }}"
-    chart_version: "{{ k8s_nginx_chart.release }}"
+    chart_version: "{{ _release }}"
     release_namespace: "{{ ingress_namespace }}"
     state: present
     wait: true
@@ -31,6 +31,7 @@
               service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "instance"
               service.beta.kubernetes.io/aws-load-balancer-name: "{{ k8s_cluster_name }}-{{ item.name }}"
   vars:
+    _release: "{{ k8s_nginx_chart_release | default(k8s_nginx_chart.release) }}"
     ingress_class: "nginx-{{ item.name }}"
     ingress_name: "{{ item.name }}"
     ingress_namespace: "{{ ingress_class }}"

tasks/deploy/nginx/local.yml

@@ -4,7 +4,7 @@
     name: "{{ ingress_name }}"
     chart_ref: "{{ k8s_nginx_chart.name }}"
     chart_repo_url: "{{ k8s_nginx_chart.repo }}"
-    chart_version: "{{ k8s_nginx_chart.release }}"
+    chart_version: "{{ _release }}"
     release_namespace: "{{ ingress_namespace }}"
     state: present
     wait: true
@@ -22,6 +22,7 @@
           annotations:
             metallb.universe.tf/address-pool: "{{ item.name }}"
   vars:
+    _release: "{{ k8s_nginx_chart_release | default(k8s_nginx_chart.release) }}"
     ingress_class: "nginx-{{ item.name }}"
     ingress_name: "{{ ingress_class }}"
     ingress_namespace: "{{ ingress_class }}"

tasks/deploy/opensearch.yml

@@ -4,11 +4,13 @@
     name: os
     chart_ref: "{{ k8s_opensearch_chart.name }}"
     chart_repo_url: "{{ k8s_opensearch_chart.repo }}"
-    chart_version: "{{ k8s_opensearch_chart.release }}"
+    chart_version: "{{ _release }}"
     release_namespace: "{{ k8s_opensearch_namespace }}"
     create_namespace: true
     state: present
     wait: true
     wait_timeout: "{{ k8s_opensearch_wait_timeout }}s"
     kubeconfig: "{{ k8s_kubeconfig | default(omit) }}"
     binary_path: "{{ lookup('ansible.builtin.env', 'HELM_BIN', default=k8s_helm_bin) }}"
+  vars:
+    _release: "{{ k8s_opensearch_chart_release | default(k8s_opensearch_chart.release) }}"

tasks/deploy/reflector.yml

@@ -4,11 +4,13 @@
     name: reflector
     chart_ref: "{{ k8s_reflector_chart.name }}"
     chart_repo_url: "{{ k8s_reflector_chart.repo }}"
-    chart_version: "{{ k8s_reflector_chart.release }}"
+    chart_version: "{{ _release }}"
     release_namespace: "{{ k8s_reflector_namespace }}"
     create_namespace: true
     state: present
     wait: true
     wait_timeout: "{{ k8s_reflector_wait_timeout }}s"
     kubeconfig: "{{ k8s_kubeconfig | default(omit) }}"
     binary_path: "{{ lookup('ansible.builtin.env', 'HELM_BIN', default=k8s_helm_bin) }}"
+  vars:
+    _release: "{{ k8s_reflector_chart_release | default(k8s_reflector_chart.release) }}"

tasks/deploy/sealedsecrets.yml

@@ -4,11 +4,14 @@
     name: sealedsecrets
     chart_ref: "{{ k8s_sealedsecrets_chart.name }}"
     chart_repo_url: "{{ k8s_sealedsecrets_chart.repo }}"
-    chart_version: "{{ k8s_sealedsecrets_chart.release }}"
+    chart_version: "{{ _release }}"
     release_namespace: "{{ k8s_sealedsecrets_namespace }}"
     create_namespace: true
     state: present
     wait: true
     wait_timeout: "{{ k8s_sealedsecrets_wait_timeout }}s"
     kubeconfig: "{{ k8s_kubeconfig | default(omit) }}"
     binary_path: "{{ lookup('ansible.builtin.env', 'HELM_BIN', default=k8s_helm_bin) }}"
+    values: "{{ k8s_sealedsecrets_values | default(omit) }}"
+  vars:
+    _release: "{{ k8s_sealedsecrets_chart_release | default(k8s_sealedsecrets_chart.release) }}"

tasks/deploy/strimzi.yml

@@ -4,7 +4,7 @@
     name: strimzi
     chart_ref: "{{ k8s_strimzi_chart.name }}"
     chart_repo_url: "{{ k8s_strimzi_chart.repo }}"
-    chart_version: "{{ k8s_strimzi_chart.release }}"
+    chart_version: "{{ _release }}"
     release_namespace: "{{ k8s_strimzi_namespace }}"
     create_namespace: true
     state: present
@@ -14,3 +14,5 @@
     binary_path: "{{ lookup('ansible.builtin.env', 'HELM_BIN', default=k8s_helm_bin) }}"
     values:
       watchAnyNamespace: true
+  vars:
+    _release: "{{ k8s_strimzi_chart_release | default(k8s_strimzi_chart.release) }}"

tasks/deploy/zalando.yml

@@ -4,7 +4,7 @@
     name: zalando
     chart_ref: "{{ k8s_zalando_chart.name }}"
     chart_repo_url: "{{ k8s_zalando_chart.repo }}"
-    chart_version: "{{ k8s_zalando_chart.release }}"
+    chart_version: "{{ _release }}"
     release_namespace: "{{ k8s_zalando_namespace }}"
     create_namespace: true
     state: present
@@ -17,3 +17,5 @@
         secret_name_template: "{{ k8s_zalando_secret_template }}"
       configLoadBalancer:
         db_hosted_zone: "{{ k8s_zalando_basedomain }}"
+  vars:
+    _release: "{{ k8s_zalando_chart_release | default(k8s_zalando_chart.release) }}"

tasks/verify.yml

@@ -27,10 +27,6 @@
     - name: Include Helm checks
       ansible.builtin.include_tasks: verify/helm.yml
 
-    - name: Include olm checks
-      ansible.builtin.include_tasks: verify/olm.yml
-      when: k8s_olm_verify | bool
-
     - name: Include argocd checks
       ansible.builtin.include_tasks: verify/argocd.yml
       when: k8s_argocd_verify | bool