From 150890100d244eafbf3bc8659fddeb24c0722669 Mon Sep 17 00:00:00 2001
From: Max Gautier <mg@max.gautier.name>
Date: Sat, 9 Nov 2024 23:38:10 +0100
Subject: [PATCH] Convert netchecker to kubectl_apply_stdin

Not that the Apparmor check result is no longer used since the PSP removal.
---
 roles/kubernetes-apps/ansible/tasks/main.yml  | 18 ++++++-
 .../ansible/tasks/netchecker.yml              | 47 -------------------
 2 files changed, 17 insertions(+), 48 deletions(-)
 delete mode 100644 roles/kubernetes-apps/ansible/tasks/netchecker.yml

diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml
index 8121a7a58..5622f3b89 100644
--- a/roles/kubernetes-apps/ansible/tasks/main.yml
+++ b/roles/kubernetes-apps/ansible/tasks/main.yml
@@ -86,10 +86,26 @@
     - etcd_metrics
 
 - name: Kubernetes Apps | Netchecker
-  import_tasks: netchecker.yml
+  command:
+    cmd: "{{ kubectl_apply_stdin }}"
+    stdin: "{{ lookup('template', item) }}"
+  delegate_to: "{{ groups['kube_control_plane'][0] }}"
+  run_once: true
+  vars:
+    namespace: "{{ netcheck_namespace }}"
   when: deploy_netchecker
   tags:
     - netchecker
+  loop:
+    - netchecker-ns.yml.j2
+    - netchecker-agent-sa.yml.j2
+    - netchecker-agent-ds.yml.j2
+    - netchecker-agent-hostnet-ds.yml.j2
+    - netchecker-server-sa.yml.j2
+    - netchecker-server-clusterrole.yml.j2
+    - netchecker-server-clusterrolebinding.yml.j2
+    - netchecker-server-deployment.yml.j2
+    - netchecker-server-svc.yml.j2
 
 - name: Kubernetes Apps | Dashboard
   command:
diff --git a/roles/kubernetes-apps/ansible/tasks/netchecker.yml b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
deleted file mode 100644
index 2cf4b5dc9..000000000
--- a/roles/kubernetes-apps/ansible/tasks/netchecker.yml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-- name: Kubernetes Apps | Check AppArmor status
-  command: which apparmor_parser
-  register: apparmor_status
-  when:
-    - inventory_hostname == groups['kube_control_plane'][0]
-  failed_when: false
-
-- name: Kubernetes Apps | Set apparmor_enabled
-  set_fact:
-    apparmor_enabled: "{{ apparmor_status.rc == 0 }}"
-  when:
-    - inventory_hostname == groups['kube_control_plane'][0]
-
-- name: Kubernetes Apps | Netchecker Templates list
-  set_fact:
-    netchecker_templates:
-      - {file: netchecker-ns.yml, type: ns, name: netchecker-namespace}
-      - {file: netchecker-agent-sa.yml, type: sa, name: netchecker-agent}
-      - {file: netchecker-agent-ds.yml, type: ds, name: netchecker-agent}
-      - {file: netchecker-agent-hostnet-ds.yml, type: ds, name: netchecker-agent-hostnet}
-      - {file: netchecker-server-sa.yml, type: sa, name: netchecker-server}
-      - {file: netchecker-server-clusterrole.yml, type: clusterrole, name: netchecker-server}
-      - {file: netchecker-server-clusterrolebinding.yml, type: clusterrolebinding, name: netchecker-server}
-      - {file: netchecker-server-deployment.yml, type: deployment, name: netchecker-server}
-      - {file: netchecker-server-svc.yml, type: svc, name: netchecker-service}
-
-- name: Kubernetes Apps | Lay Down Netchecker Template
-  template:
-    src: "{{ item.file }}.j2"
-    dest: "{{ kube_config_dir }}/{{ item.file }}"
-    mode: "0644"
-  with_items: "{{ netchecker_templates }}"
-  register: manifests
-  when:
-    - inventory_hostname == groups['kube_control_plane'][0]
-
-- name: Kubernetes Apps | Start Netchecker Resources
-  kube:
-    name: "{{ item.item.name }}"
-    namespace: "{{ netcheck_namespace }}"
-    kubectl: "{{ bin_dir }}/kubectl"
-    resource: "{{ item.item.type }}"
-    filename: "{{ kube_config_dir }}/{{ item.item.file }}"
-    state: "latest"
-  with_items: "{{ manifests.results }}"
-  when: inventory_hostname == groups['kube_control_plane'][0] and not item is skipped