deploy_gardener.yaml

---
- name: deploy gardener
  hosts: control-plane
  connection: local
  gather_facts: false
  pre_tasks:
    - name: Fake Gardener metal shoot
      k8s:
        definition:
          apiVersion: v1
          kind: ConfigMap
          metadata:
            name: shoot-info
            namespace: kube-system
          data:
            nodeNetwork: 172.18.0.0/16
            podNetwork: 10.244.0.0/24
            serviceNetwork: 10.96.0.0/16

    - name: Create garden namespace
      k8s:
        definition:
          apiVersion: v1
          kind: Namespace
          metadata:
            name: garden

    # our current state in metal-roles/gardener does not support network policies from gardenlet <-> virtual garden
    # this should be possible to resolve when we use the Gardener Operator
    - name: Deploy allow all network policy
      k8s:
        definition: "{{ lookup('file', 'netpol-allow-all.yaml') }}"
        namespace: garden
        apply: yes
  roles:
    - name: ansible-common
      tags: always
    - name: minio
    - name: powerdns
      tags: powerdns
    - name: metal-roles/control-plane/roles/gardener
      tags: gardener
  vars:
    metal_control_plane_host_provider: metal

  post_tasks:
    # gardener exposes the istio ingress gateway through service type load balancer
    # we can fake the exposal by patching the status field, which is also what's
    # done in the gardener local environment
    - name: Wait for istio ingress gateway service
      kubernetes.core.k8s_info:
        api_version: v1
        kind: Service
        name: istio-ingressgateway
        namespace: istio-ingress
      register: result
      until: result.resources
      retries: 30
      delay: 10

    - name: Patch ingress status of istio ingress gateway to allow seed to get ready
      patch_service_status_k8s:
        name: istio-ingressgateway
        namespace: istio-ingress
        body:
          status:
            loadBalancer:
              ingress:
                - ip: "172.17.0.1"

    - name: Wait until seed is ready
      kubernetes.core.k8s_info:
        api_version: "core.gardener.cloud/v1beta1"
        kind: Seed
        name: "{{ metal_control_plane_stage_name }}"
        kubeconfig: "{{ gardener_kube_apiserver_kubeconfig_path }}"
        wait: yes
        wait_condition:
          reason: GardenletReady
          status: "True"
          type: GardenletReady
        wait_timeout: 300