openshift / openvpn: setup things to deploy openvpn on rdu3 nodes

Add the rest of the rdu3 workers in and setup openvpn role to setup on
them.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>

inventory/group_vars/all

@@ -213,6 +213,9 @@ ocp_nodes:
 ocp_nodes_rdu3:
   - worker01.ocp.rdu3.fedoraproject.org
   - worker02.ocp.rdu3.fedoraproject.org
+  - worker03.ocp.rdu3.fedoraproject.org
+  - worker04.ocp.rdu3.fedoraproject.org
+  - worker05.ocp.rdu3.fedoraproject.org
 ocp_wildcard_cert_file: wildcard-2024.apps.ocp.fedoraproject.org.cert
 # This is the openshift wildcard cert for ocp
 ocp_wildcard_cert_name: wildcard-2024.apps.ocp.fedoraproject.org

roles/openshift-apps/openvpn/templates/deployment.yml.j2

@@ -6,7 +6,11 @@ metadata:
   annotations:
     image.openshift.io/triggers: '[{"from":{"kind":"ImageStreamTag","name":"openvpn:latest"},"fieldPath":"spec.template.spec.containers[?(@.name==\"setup\")].image"},{"from":{"kind":"ImageStreamTag","name":"openvpn:latest"},"fieldPath":"spec.template.spec.containers[?(@.name==\"openvpn\")].image"}]'
 spec:
+{% if datacenter == 'iad2' }
   replicas: {{ ocp_nodes | length }}
+{% elif datacenter == 'rdu3' }
+  replicas: {{ ocp_nodes_rdu3 | length }}
+{% endif %}
   selector:
     matchLabels:
       app: openvpn-client

roles/openshift-apps/openvpn/templates/secrets.yml.j2

@@ -5,7 +5,14 @@ metadata:
   name: openvpn-certs
 data:
   ca.crt: {{ lookup('file', private+'/files/vpn/pki/ca.crt') | b64encode }}
+{% if datacenter == 'iad2' }
 {% for node in ocp_nodes %}
   {{node}}.crt: {{ lookup('file', private+'/files/vpn/pki/issued/'+node+'.crt') | b64encode }}
   {{node}}.key: {{ lookup('file', private+'/files/vpn/pki/private/'+node+'.key') | b64encode }}
 {% endfor %}
+{% elif datacenter == 'rdu3' }
+{% for node in ocp_nodes_rdu3 %}
+  {{node}}.crt: {{ lookup('file', private+'/files/vpn/pki/issued/'+node+'.crt') | b64encode }}
+  {{node}}.key: {{ lookup('file', private+'/files/vpn/pki/private/'+node+'.key') | b64encode }}
+{% endfor %}
+{% endif %}