ansible-create-k8s-user/tasks/main.yml

# --------------------------------------
# -- Create kubernetes user
# --------------------------------------
# -- 1. Install packages
# -- 2. Generate certificate
# -- 3. Add user to kubernetes
# -- 4. Remove certificates (Optional)
# --------------------------------------
---
- name: Ensure required packages are installed
  when: not use_system_bins
  tags: packages
  block:
    - name: Create a working directory if it doesn't exist
      ansible.builtin.file:
        path: "{{ working_dir }}"
        state: directory
        mode: "0775"

    - name: Prepare bin directory
      block:
        - name: Set workdir as fact
          set_fact:
            bin_dir: "{{ working_dir }}/bin"

        - name: Create a directory if it does not exist
          ansible.builtin.file:
            path: "{{ bin_dir }}"
            state: directory
            mode: "0775"

    - name: Install yq
      block:
        - name: Ensure yq is installed
          become: true
          get_url:
            url: "https://github.com/mikefarah/yq/releases/download/{{ yq.version }}/{{ yq.binary }}"
            dest: "{{ bin_dir }}/yq"
            mode: "0777"

    - name: Install kubectl
      block:
        - name: Download kubectl release
          become: true
          get_url:
            url: https://dl.k8s.io/release/{{ kubectl.version }}/bin/linux/{{ kubectl.arch }}/kubectl
            dest: "{{ bin_dir }}/kubectl"
            mode: "0777"

        - name: Download the kubectl checksum file
          uri:
            url: https://dl.k8s.io/{{ kubectl.version }}/bin/linux/{{ kubectl.arch }}/kubectl.sha256
            dest: /tmp

        - name: Validate the kubectl binary against the checksum file
          shell: echo "$(cat /tmp/kubectl.sha256)  {{ bin_dir }}/kubectl" | sha256sum --check
          register: result

        - name: Assert that the kubectl binary is OK
          vars:
            expected: "{{ bin_dir }}/kubectl: OK"
          assert:
            that:
              - result.stdout == expected
            fail_msg: "{{ result.stdout }}"
            success_msg: "{{ result.stdout }}"

    - name: Ensure openssl is installed
      become: true
      package:
        name: "openssl"
        state: present

- name: Create kubernetes user
  loop: "{{ users }}"
  include_tasks: create-user.yaml
  vars:
    certificate_expires_in: "{{ item.certificate_expires_in | default('500') }}"
    username: "{{ item.username }}"
    host_user: "{{ item.host_user | default('') }}"
    k8s_namespace: "{{ item.k8s_namespace | default('default') }}"
    cluster: "{{ item.cluster }}"
    binding_type: "{{ item.binding_type | default('ClusterRoleBinding') }}"
    role_type: "{{ item.role_type | default('ClusterRole') }}"
    role: "{{ item.role | default('cluster-admin') }}"
    user_k8s_config_path: "{{ item.k8s_config_path | default(k8s_config_path) }}"
    user_k8s_cert_path: "{{ item.k8s_cert_path | default(k8s_cert_path) }}"
    user_k8s_cert_crt_file: "{{ item.k8s_cert_crt_file | default(k8s_cert_crt_file) }}"
    user_k8s_cert_key_file: "{{ item.k8s_cert_key_file | default(k8s_cert_key_file) }}"
    download_config: "{{ item.download_config | default(false) }}"
    output_path: "{{ item.output_path | default ('/tmp/outputs') }}"
Migrate the role to a separate repo 2023-03-11 17:18:57 +00:00			`# --------------------------------------`
			`# -- Create kubernetes user`
			`# --------------------------------------`
			`# -- 1. Install packages`
			`# -- 2. Generate certificate`
			`# -- 3. Add user to kubernetes`
			`# -- 4. Remove certificates (Optional)`
			`# --------------------------------------`
			`---`
			`- name: Ensure required packages are installed`
Support saving configs per user 2024-02-14 10:19:18 +00:00			`when: not use_system_bins`
Migrate the role to a separate repo 2023-03-11 17:18:57 +00:00			`tags: packages`
			`block:`
Support saving configs per user 2024-02-14 10:19:18 +00:00			`- name: Create a working directory if it doesn't exist`
Change the way binaries are installed Now binaries are installed to the workdir, so they do not affect the system. I want to have this role more or less containerized Also some minor refactoring has been done as well 2023-08-11 07:34:21 +00:00			`ansible.builtin.file:`
			`path: "{{ working_dir }}"`
			`state: directory`
			`mode: "0775"`
Support saving configs per user 2024-02-14 10:19:18 +00:00
Change the way binaries are installed Now binaries are installed to the workdir, so they do not affect the system. I want to have this role more or less containerized Also some minor refactoring has been done as well 2023-08-11 07:34:21 +00:00			`- name: Prepare bin directory`
			`block:`
			`- name: Set workdir as fact`
			`set_fact:`
			`bin_dir: "{{ working_dir }}/bin"`
Migrate the role to a separate repo 2023-03-11 17:18:57 +00:00
Change the way binaries are installed Now binaries are installed to the workdir, so they do not affect the system. I want to have this role more or less containerized Also some minor refactoring has been done as well 2023-08-11 07:34:21 +00:00			`- name: Create a directory if it does not exist`
			`ansible.builtin.file:`
			`path: "{{ bin_dir }}"`
			`state: directory`
			`mode: "0775"`
Migrate the role to a separate repo 2023-03-11 17:18:57 +00:00
Change the way binaries are installed Now binaries are installed to the workdir, so they do not affect the system. I want to have this role more or less containerized Also some minor refactoring has been done as well 2023-08-11 07:34:21 +00:00			`- name: Install yq`
			`block:`
			`- name: Ensure yq is installed`
			`become: true`
			`get_url:`
			`url: "https://github.com/mikefarah/yq/releases/download/{{ yq.version }}/{{ yq.binary }}"`
			`dest: "{{ bin_dir }}/yq"`
			`mode: "0777"`
Migrate the role to a separate repo 2023-03-11 17:18:57 +00:00
Change the way binaries are installed Now binaries are installed to the workdir, so they do not affect the system. I want to have this role more or less containerized Also some minor refactoring has been done as well 2023-08-11 07:34:21 +00:00			`- name: Install kubectl`
			`block:`
			`- name: Download kubectl release`
			`become: true`
			`get_url:`
			`url: https://dl.k8s.io/release/{{ kubectl.version }}/bin/linux/{{ kubectl.arch }}/kubectl`
			`dest: "{{ bin_dir }}/kubectl"`
			`mode: "0777"`
add support for multi-users 2023-07-16 20:07:38 +00:00
Change the way binaries are installed Now binaries are installed to the workdir, so they do not affect the system. I want to have this role more or less containerized Also some minor refactoring has been done as well 2023-08-11 07:34:21 +00:00			`- name: Download the kubectl checksum file`
			`uri:`
			`url: https://dl.k8s.io/{{ kubectl.version }}/bin/linux/{{ kubectl.arch }}/kubectl.sha256`
			`dest: /tmp`
add support for multi-users 2023-07-16 20:07:38 +00:00
Change the way binaries are installed Now binaries are installed to the workdir, so they do not affect the system. I want to have this role more or less containerized Also some minor refactoring has been done as well 2023-08-11 07:34:21 +00:00			`- name: Validate the kubectl binary against the checksum file`
			`shell: echo "$(cat /tmp/kubectl.sha256) {{ bin_dir }}/kubectl" \| sha256sum --check`
			`register: result`
add support for multi-users 2023-07-16 20:07:38 +00:00
Change the way binaries are installed Now binaries are installed to the workdir, so they do not affect the system. I want to have this role more or less containerized Also some minor refactoring has been done as well 2023-08-11 07:34:21 +00:00			`- name: Assert that the kubectl binary is OK`
			`vars:`
			`expected: "{{ bin_dir }}/kubectl: OK"`
			`assert:`
			`that:`
			`- result.stdout == expected`
			`fail_msg: "{{ result.stdout }}"`
			`success_msg: "{{ result.stdout }}"`
add support for multi-users 2023-07-16 20:07:38 +00:00
			`- name: Ensure openssl is installed`
			`become: true`
Migrate the role to a separate repo 2023-03-11 17:18:57 +00:00			`package:`
add support for multi-users 2023-07-16 20:07:38 +00:00			`name: "openssl"`
Migrate the role to a separate repo 2023-03-11 17:18:57 +00:00			`state: present`

add support for multi-users 2023-07-16 20:07:38 +00:00			`- name: Create kubernetes user`
			`loop: "{{ users }}"`
			`include_tasks: create-user.yaml`
			`vars:`
			`certificate_expires_in: "{{ item.certificate_expires_in \| default('500') }}"`
			`username: "{{ item.username }}"`
Support saving configs per user 2024-02-14 10:19:18 +00:00			`host_user: "{{ item.host_user \| default('') }}"`
Pass k8s namespace to the loop 2024-02-15 15:04:41 +00:00			`k8s_namespace: "{{ item.k8s_namespace \| default('default') }}"`
add support for multi-users 2023-07-16 20:07:38 +00:00			`cluster: "{{ item.cluster }}"`
			`binding_type: "{{ item.binding_type \| default('ClusterRoleBinding') }}"`
			`role_type: "{{ item.role_type \| default('ClusterRole') }}"`
Change the way binaries are installed Now binaries are installed to the workdir, so they do not affect the system. I want to have this role more or less containerized Also some minor refactoring has been done as well 2023-08-11 07:34:21 +00:00			`role: "{{ item.role \| default('cluster-admin') }}"`
			`user_k8s_config_path: "{{ item.k8s_config_path \| default(k8s_config_path) }}"`
			`user_k8s_cert_path: "{{ item.k8s_cert_path \| default(k8s_cert_path) }}"`
			`user_k8s_cert_crt_file: "{{ item.k8s_cert_crt_file \| default(k8s_cert_crt_file) }}"`
			`user_k8s_cert_key_file: "{{ item.k8s_cert_key_file \| default(k8s_cert_key_file) }}"`
Allow downloading configs 2024-03-22 15:24:40 +00:00			`download_config: "{{ item.download_config \| default(false) }}"`
			`output_path: "{{ item.output_path \| default ('/tmp/outputs') }}"`