Skip to content

gitops_bootstrap: userinfo ConfigMap discovery + cascade cleanup on destroy #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
prakhar1985 wants to merge 3 commits into
base: main
Choose a base branch
from
Open

gitops_bootstrap: userinfo ConfigMap discovery + cascade cleanup on destroy #62

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9104117
Enable userinfo ConfigMap discovery in gitops_bootstrap
Feb 7, 2026
be13bd3
feat: add resources-finalizer to bootstrap Application and implement …
Mar 3, 2026
f4b8a9e
feat: add multi-application support via ocp4_workload_gitops_bootstra…
Mar 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions roles/ocp4_workload_gitops_bootstrap/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,23 @@
ocp4_workload_gitops_bootstrap_repo_url: http://gitea:3000/user/bootstrap
ocp4_workload_gitops_bootstrap_repo_revision: main

# Multi-application mode: create multiple bootstrap Applications in one role call.
# When set, all other ocp4_workload_gitops_bootstrap_* vars are ignored.
# Each entry supports: name, path, project (optional), repo_url (optional),
# repo_revision (optional), helm_values (optional)
#
# Example:
# ocp4_workload_gitops_bootstrap_applications:
# - name: bootstrap-infra
# path: infra/bootstrap
# - name: bootstrap-platform
# path: platform/bootstrap
# project: platform
# helm_values:
# deployer:
# domain: "{{ openshift_cluster_ingress_domain }}"
ocp4_workload_gitops_bootstrap_applications: []

# Examples to support multi-tenancy:
#
# Example 1: Backwards compatibility. Deploys INFRA and N number of tenants
Expand Down
35 changes: 32 additions & 3 deletions roles/ocp4_workload_gitops_bootstrap/tasks/remove_workload.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,33 @@
---
- name: Print Not Implemented message
ansible.builtin.debug:
msg: "Removing this workload is not implemented."
# Delete bootstrap Applications.
# resources-finalizer.argocd.argoproj.io causes ArgoCD to cascade-delete
# all child Applications and their managed resources before removal.

- name: Delete multiple bootstrap Applications (multi-app mode)
when: ocp4_workload_gitops_bootstrap_applications | length > 0
kubernetes.core.k8s:
state: absent
api_version: argoproj.io/v1alpha1
kind: Application
name: "{{ app_item.name }}"
namespace: "{{ ocp4_workload_gitops_bootstrap_namespace }}"
wait: true
wait_timeout: 300
loop: "{{ ocp4_workload_gitops_bootstrap_applications }}"
loop_control:
loop_var: app_item
label: "{{ app_item.name }}"
ignore_errors: true

- name: Delete single bootstrap Application (single-app mode)
when: ocp4_workload_gitops_bootstrap_applications | length == 0
kubernetes.core.k8s:
state: absent
api_version: argoproj.io/v1alpha1
kind: Application
name: "{{ ocp4_workload_gitops_bootstrap_final_application_name
| default(ocp4_workload_gitops_bootstrap_application_name) }}"
namespace: "{{ ocp4_workload_gitops_bootstrap_namespace }}"
wait: true
wait_timeout: 300
ignore_errors: true
144 changes: 96 additions & 48 deletions roles/ocp4_workload_gitops_bootstrap/tasks/workload.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,54 @@
ansible.builtin.debug:
msg: "{{ _ocp4_workload_gitops_bootstrap_deployer_values | to_yaml }}"


# ==================================================================
# Multi-application mode: create multiple Applications in one call.
# Runs when ocp4_workload_gitops_bootstrap_applications list is set.
# ==================================================================
- name: Create multiple bootstrap ArgoCD applications
when: ocp4_workload_gitops_bootstrap_applications | length > 0
kubernetes.core.k8s:
state: present
definition:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: "{{ app_item.name }}"
namespace: "{{ ocp4_workload_gitops_bootstrap_namespace }}"
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: "{{ app_item.project | default('default') }}"
source:
repoURL: "{{ app_item.repo_url | default(ocp4_workload_gitops_bootstrap_repo_url) }}"
targetRevision: "{{ app_item.repo_revision | default(ocp4_workload_gitops_bootstrap_repo_revision) }}"
path: "{{ app_item.path }}"
helm:
values: |
{{ (app_item.helm_values | default({}))
| combine(_ocp4_workload_gitops_bootstrap_deployer_values)
| to_nice_yaml
| indent(width=14, first=False) }}
destination:
namespace: "{{ ocp4_workload_gitops_bootstrap_namespace }}"
server: https://kubernetes.default.svc
syncPolicy:
automated:
prune: false
selfHeal: false
loop: "{{ ocp4_workload_gitops_bootstrap_applications }}"
loop_control:
loop_var: app_item
label: "{{ app_item.name }}"

- name: End play when multi-application mode used (no single-app logic needed)
when: ocp4_workload_gitops_bootstrap_applications | length > 0
ansible.builtin.meta: end_play

# ==================================================================
# Single-application mode (default)
# ==================================================================
- name: Set App paths for 'bootstrap', infra + tenants deployment scenario
when: ocp4_workload_gitops_bootstrap_application_name == 'bootstrap'
ansible.builtin.set_fact:
Expand Down Expand Up @@ -101,51 +149,51 @@
#######
####### Begin processing GitOps output
#######
#
# - name: Retrieve ConfigMaps with the demo.redhat.com/userinfo label
# kubernetes.core.k8s_info:
# api_version: v1
# kind: ConfigMap
# label_selectors:
# - "demo.redhat.com/userinfo"
# register: cm_userinfo
#
# - name: If ConfigMaps were found, process them
# when:
# - cm_userinfo.resources is defined
# - cm_userinfo.resources | length | int > 0
# block:
# - name: Add to agnosticd_user_info all data from ConfigMaps except configmap.data.users_json data
# agnosticd.core.agnosticd_user_info:
# data: >-
# {{ item | dict2items | selectattr('key', 'ne', 'users_json') | items2dict }}
# loop: "{{ cm_userinfo.resources | map(attribute='data') }}"
#
# - name: Prepare data_user_json to add to agnosticd_user_info
# ansible.builtin.debug:
# msg: "Prepare data_user_json to add to agnosticd_user_info"
#
# - name: Merge list of all users_json data from all ConfigMaps that have data.users_json
# ansible.builtin.set_fact:
# data_users_json: "{{ data_users_json | default([]) | combine(item.data.users_json | from_json, recursive=True) }}"
# loop: "{{ cm_userinfo.resources }}"
# when: item.data.users_json is defined
#
# - name: Handle data_users_json data
# when: data_users_json is defined
# block:
# - name: Debug merged data_users_json data
# ansible.builtin.debug:
# msg: "{{ data_users_json }}"
#
# - name: Add to agnosticd_user_info all configmap.data.users_json ConfigMap data
# agnosticd.core.agnosticd_user_info:
# user: "{{ item.key }}"
# data:
# "{{ item.value }}"
# loop: "{{ data_users_json.users | dict2items }}"
# when: data_users_json is defined
#
# - name: Debug user_data
# ansible.builtin.debug:
# msg: "{{ lookup('agnosticd_user_data', '*') }}"

- name: Retrieve ConfigMaps with the demo.redhat.com/userinfo label
Copy link
Contributor

@wkulhanek wkulhanek Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need some logic to wait until all the Application(Set)s are in Synced and Ready state? Wouldn't this otherwise run and never find the ConfigMap because it would be way too quick to check?

kubernetes.core.k8s_info:
api_version: v1
kind: ConfigMap
label_selectors:
- "demo.redhat.com/userinfo"
register: cm_userinfo

- name: If ConfigMaps were found, process them
when:
- cm_userinfo.resources is defined
- cm_userinfo.resources | length | int > 0
block:
- name: Add to agnosticd_user_info all data from ConfigMaps except configmap.data.users_json data
agnosticd.core.agnosticd_user_info:
data: >-
{{ item | dict2items | selectattr('key', 'ne', 'users_json') | items2dict }}
loop: "{{ cm_userinfo.resources | map(attribute='data') }}"

- name: Prepare data_user_json to add to agnosticd_user_info
ansible.builtin.debug:
msg: "Prepare data_user_json to add to agnosticd_user_info"

- name: Merge list of all users_json data from all ConfigMaps that have data.users_json
ansible.builtin.set_fact:
data_users_json: "{{ data_users_json | default([]) | combine(item.data.users_json | from_json, recursive=True) }}"
loop: "{{ cm_userinfo.resources }}"
when: item.data.users_json is defined

- name: Handle data_users_json data
when: data_users_json is defined
block:
- name: Debug merged data_users_json data
ansible.builtin.debug:
msg: "{{ data_users_json }}"

- name: Add to agnosticd_user_info all configmap.data.users_json ConfigMap data
agnosticd.core.agnosticd_user_info:
user: "{{ item.key }}"
data:
"{{ item.value }}"
loop: "{{ data_users_json.users | dict2items }}"
when: data_users_json is defined

- name: Debug user_data
ansible.builtin.debug:
msg: "{{ lookup('agnosticd_user_data', '*') }}"
2 changes: 2 additions & 0 deletions roles/ocp4_workload_gitops_bootstrap/templates/application.yaml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ kind: Application
metadata:
name: "{{ ocp4_workload_gitops_bootstrap_final_application_name }}"
namespace: {{ ocp4_workload_gitops_bootstrap_namespace }}
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: "{{ ocp4_workload_gitops_bootstrap_application_project_name | default('default') }}"
source:
Expand Down