Consistent templates files, include certs directory (trustification#34)

* Keep manifests in same directory

* Consistent name across manifests and template files

* mv certs folder

* Update README

.gitignore

@@ -1,3 +1,4 @@
+certs/
 venv/
 vm-testing/inventory
 vm-testing/vars.yml

README.md

@@ -86,38 +86,21 @@ Alternatively vagrant will prompt you to provide the registration username and p
 
 4. Path for TLS certificates files:
 
-Replace default value in play.yml and replace them accordingly
-`tpa_single_node_certificates_path: /tmp/certs`
-
-Default values for certificate file names are defined in `roles/tpa_single_node/vars/main.yml`, they can be changed if needed :
+Copy your certificate files in `./certs` directory using following names:
 
 - guac-collectsub-tls-certificate.pem"
 - guac-collectsub-tls-certificate.key"
 - guac-graphql-tls-certificate.pem"
 - guac-graphql-tls-certificate.key"
 
-5. Create a simple Ansible playbook `play.yml`:
-
-```
-- hosts: trustification
-  vars:
-    base_hostname: TODO # e.g. example.com
-    tpa_single_node_oidc_issuers: TODO # your OIDC provider (e.g. SSO/keycloak) URL
-    tpa_single_node_issuer_url: TODO # your OIDC provider (e.g. SSO/keycloak) URL
-  tasks:
-    - name: Include TPA single node role
-      ansible.builtin.include_role:
-        name: tpa_single_node
-```
-
 6. Create Environment Variables with S3 and OIDC credentails
+
 ```
 export TPA_S3_ACCESS_KEY=<S3 Storage Access Key>
 export TPA_S3_SECRET_KEY=<S3 Storage Secret Key>
 export TPA_OIDC_WALKER_SECRET=<OIDC Walker Secret>
 ```
 
-
 7. Execute the following command (NOTE: you will have to provide credentials to authenticate to registry.redhat.io: https://access.redhat.com/RegistryAuthentication):
 
 ```shell

play.yml

@@ -3,7 +3,6 @@
   vars:
     tpa_single_node_trustification_image: registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9:2943d20c8ac831f4ae4f209c8ca6807619404062
     tpa_single_node_guac_image: registry.redhat.io/rhtpa/rhtpa-guac-rhel9:f0688194637cc759052e02c350c38dbabc19484e
-    tpa_single_node_certificates_dir: /tmp/certs
   vars_files:
     - vars/main.yml
   tasks:

roles/tpa_single_node/tasks/podman.yml

@@ -20,7 +20,6 @@
     mode: "0700"
   loop:
     - "{{ tpa_single_node_kube_manifest_dir }}"
-    - "{{ tpa_single_node_kube_configmap_dir }}"
 
 - name: Create RHTPA network
   containers.podman.podman_network:

roles/tpa_single_node/tasks/podman/v11y_api.yml

@@ -26,7 +26,7 @@
 
 - name: Generate v11y API secret manifest
   ansible.builtin.template:
-    src: "{{ role_path }}/templates/manifests/v11y/api/v11y-api-secret.j2"
+    src: "{{ role_path }}/templates/manifests/v11y/api/Secret.yaml.j2"
     dest: "{{ tpa_single_node_v11y_api_secret }}"
     mode: "0600"
 
@@ -37,7 +37,7 @@
 
 - name: Generate OIDC auth ConfigMap manifest
   ansible.builtin.template:
-    src: "{{ role_path }}/templates/manifests/v11y/api/v11y-api-cm-{{ oidc }}.j2"
+    src: "{{ role_path }}/templates/manifests/v11y/api/Configmap-{{ oidc }}.yaml.j2"
     dest: "{{ tpa_single_node_v11y_api_config }}"
     mode: "0600"
   register: configmap_result
@@ -55,6 +55,6 @@
       state: started
       systemd_file: v11y-api
       network: "{{ tpa_single_node_podman_network }}"
-      kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/v11y/api/v11y-api-deployment-s3.j2') | from_yaml }}"
+      kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/v11y/api/Deployment-s3.yaml.j2') | from_yaml }}"
       configmap: "{{ tpa_single_node_v11y_api_config }}"
       configmap_changed: "{{ configmap_result.changed }}"

roles/tpa_single_node/vars/main.yml

@@ -1,8 +1,8 @@
 ---
 # vars file for tpa_scaffolding
 tpa_single_node_base_hostname: trustification
+tpa_single_node_certificates_dir: certs/
 tpa_single_node_config_dir: /etc/rhtpa
-tpa_single_node_kube_configmap_dir: "{{ tpa_single_node_config_dir }}/configs"
 tpa_single_node_kube_manifest_dir: "{{ tpa_single_node_config_dir }}/manifests"
 tpa_single_node_namespace: trustification
 tpa_single_node_podman_network: tcnet
@@ -28,7 +28,6 @@ tpa_single_node_s3_minio_endpoint: # <Enter minio storage endpoint, For AWS this
 
 # SQS_SERVICE
 
-
 # SSO_SERVICE
 tpa_single_node_oidc_issuer_url: # <Keycloak or AWS cognito Issuer URL with endpoint auth/realms/chicken>
 tpa_single_node_oidc_frontend: # <Keycloak or AWS cognito frontend Client ID>
@@ -42,5 +41,5 @@ tpa_single_node_guac_graphql_tls_cert_pem_path: "{{ tpa_single_node_certificates
 tpa_single_node_guac_graphql_tls_cert_key_path: "{{ tpa_single_node_certificates_dir }}/guac-graphql-tls-certificate.key"
 
 # Secret, certs and Configmap locations
-tpa_single_node_v11y_api_config: "{{ tpa_single_node_kube_configmap_dir }}/v11y-api-configmap.yaml"
-tpa_single_node_v11y_api_secret: "{{ tpa_single_node_kube_configmap_dir }}/v11y-api-secret.yaml"
+tpa_single_node_v11y_api_config: "{{ tpa_single_node_kube_manifest_dir }}/v11y-api-configmap.yaml"
+tpa_single_node_v11y_api_secret: "{{ tpa_single_node_kube_manifest_dir }}/v11y-api-secret.yaml"