Add install_cuby role with ProcessCube marketplace secrets

- Add processcube_api_key terraform variable
- Create install_cuby ansible role that sets up:
  - processcube namespace
  - regcred ImagePull secret for marketplace.processcube.io
  - processcube-api-key secret with the API key

Author: Robin Lenz

hetzner-setup/ProcessCube.Cloud/ansible/inventory/hosts.tpl

@@ -28,4 +28,5 @@ tailscale_tags=${tailscale_tags}
 %{ if onepassword_credentials_json != "" ~}
 onepassword_credentials_json=${onepassword_credentials_json}
 %{ endif ~}
+processcube_api_key=${processcube_api_key}
 ansible_python_interpreter=/usr/bin/python3

hetzner-setup/ProcessCube.Cloud/ansible/roles/install_cuby/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+- name: Create processcube namespace
+  shell: kubectl create namespace processcube --dry-run=client -o yaml | kubectl apply -f -
+  changed_when: true
+
+- name: Create ProcessCube Marketplace ImagePull Secret
+  shell: |
+    kubectl create secret docker-registry regcred \
+      --docker-server=https://marketplace.processcube.io \
+      --docker-username=processcube \
+      --docker-password="{{ processcube_api_key }}" \
+      -n processcube \
+      --dry-run=client -o yaml | kubectl apply -f -
+  changed_when: true
+
+- name: Create ProcessCube API Key Secret
+  shell: |
+    kubectl create secret generic processcube-api-key \
+      --from-literal=api-key="{{ processcube_api_key }}" \
+      -n processcube \
+      --dry-run=client -o yaml | kubectl apply -f -
+  changed_when: true
+
+- name: Display ProcessCube setup info
+  debug:
+    msg:
+      - "ProcessCube secrets created in namespace 'processcube'"
+      - ""
+      - "Available secrets:"
+      - "  - regcred (ImagePull Secret)"
+      - "  - processcube-api-key (API Key Secret)"

hetzner-setup/ProcessCube.Cloud/ansible/site.yml

@@ -89,6 +89,13 @@
   roles:
     - argocd
 
+- name: Install Cuby
+  hosts: k3s_master
+  gather_facts: no
+  become: yes
+  roles:
+    - install_cuby
+
 - name: Verify Cluster
   hosts: k3s_master
   gather_facts: no

hetzner-setup/ProcessCube.Cloud/main.tf

@@ -200,6 +200,7 @@ resource "local_file" "ansible_inventory" {
     tailscale_auth_key   = var.tailscale_auth_key
     tailscale_tags       = var.tailscale_tags
     onepassword_credentials_json = var.onepassword_credentials_json
+    processcube_api_key          = var.processcube_api_key
   })
   filename = "${path.module}/ansible/inventory/hosts"
 

hetzner-setup/ProcessCube.Cloud/terraform.tfvars.example

@@ -28,3 +28,6 @@ tailscale_auth_key = "YOUR_TAILSCALE_AUTH_KEY_HERE"
 # onepassword_credentials_json = "/path/to/1password-credentials.json"
 # Note: External Secrets Operator will only be installed if this is set
 # Note: onepassword-connect-token must be created per application namespace
+
+# ProcessCube Marketplace Configuration
+processcube_api_key = "YOUR_PROCESSCUBE_API_KEY_HERE"

hetzner-setup/ProcessCube.Cloud/variables.tf

@@ -91,3 +91,9 @@ variable "onepassword_credentials_json" {
   sensitive   = true
   default     = ""
 }
+
+variable "processcube_api_key" {
+  description = "ProcessCube API key for marketplace.processcube.io image registry"
+  type        = string
+  sensitive   = true
+}