Support saving configs per user

This commit is contained in:
Nikolai Rodionov 2024-02-14 11:19:18 +01:00
parent 3806fe53b5
commit 1f12d21059
Signed by: allanger
GPG Key ID: 0AA46A90E25592AD
3 changed files with 49 additions and 20 deletions

View File

@ -1,13 +1,17 @@
--- ---
# -------------------------------------- # ---------------------------------------------------------------------
# -- yq version # If set to true, the role won't install yq and kubeectl
# -------------------------------------- # ---------------------------------------------------------------------
use_system_bins: false
# ---------------------------------------------------------------------
# yq version
# ---------------------------------------------------------------------
yq: yq:
version: v4.35.2 version: v4.35.2
binary: yq_linux_amd64 binary: yq_linux_amd64
# -------------------------------------- # ---------------------------------------------------------------------
# -- kubectl version # kubectl version
# -------------------------------------- # ---------------------------------------------------------------------
kubectl: kubectl:
version: v1.26.6 version: v1.26.6
arch: amd64 arch: amd64
@ -15,7 +19,7 @@ kubectl:
# -- Path to k8s admin config # -- Path to k8s admin config
# -------------------------------------- # --------------------------------------
k8s_config_path: /etc/kubernetes/admin.conf k8s_config_path: /etc/kubernetes/admin.conf
k8s_cert_path: /etc/kubernetes/pki k8s_cert_path: /etc/kubernetes/pki
k8s_cert_crt_file: ca.crt k8s_cert_crt_file: ca.crt
k8s_cert_key_file: ca.key k8s_cert_key_file: ca.key
# -------------------------------------- # --------------------------------------
@ -23,7 +27,7 @@ k8s_cert_key_file: ca.key
# -------------------------------------- # --------------------------------------
username: "admin" username: "admin"
# -------------------------------------- # --------------------------------------
# -- How many days certificate # -- How many days certificate
# -- will be valid # -- will be valid
# -------------------------------------- # --------------------------------------
certificate_expires_in: 500 certificate_expires_in: 500
@ -34,7 +38,7 @@ cluster: "microk8s-cluster"
# -------------------------------------- # --------------------------------------
# -- RoleBinding parameters # -- RoleBinding parameters
# -------------------------------------- # --------------------------------------
# -- Binding type: # -- Binding type:
# ---- ClusterRoleBinding # ---- ClusterRoleBinding
# ---- RoleBinding # ---- RoleBinding
# -------------------------------------- # --------------------------------------
@ -53,13 +57,14 @@ role: cluster-admin
# -------------------------------------- # --------------------------------------
# users: # users:
# - username: "admin" # - username: "admin"
# host_user: "admin"
# cluster: "microk8s-cluster" # cluster: "microk8s-cluster"
# certificate_expires_in: 500 # certificate_expires_in: 500
# binding_type: ClusterRoleBinding # binding_type: ClusterRoleBinding
# role_type: ClusterRole # role_type: ClusterRole
# role: cluster-admin # role: cluster-admin
# k8s_config_path: /etc/kubernetes/admin.conf # k8s_config_path: /etc/kubernetes/admin.conf
# k8s_cert_path: /etc/kubernetes/pki # k8s_cert_path: /etc/kubernetes/pki
# k8s_cert_crt_file: ca.crt # k8s_cert_crt_file: ca.crt
# k8s_cert_key_file: ca.key # k8s_cert_key_file: ca.key
# -------------------------------------- # --------------------------------------
@ -67,7 +72,7 @@ users: []
# -------------------------------------- # --------------------------------------
# -- Use with microk8s # -- Use with microk8s
# -------------------------------------- # --------------------------------------
# k8s_config_path: /var/snap/microk8s/current/credentials/client.config # k8s_config_path: /var/snap/microk8s/current/credentials/client.config
# k8s_cert_path: /var/snap/microk8s/current/certs # k8s_cert_path: /var/snap/microk8s/current/certs
# -------------------------------------- # --------------------------------------
# -- Use with k3s # -- Use with k3s

View File

@ -1,15 +1,38 @@
--- ---
- name: Prepare cert directory - name: Prepare cert directory
block: block:
- name: Set workdir as fact - name: Using host_user to bootstrap config
set_fact: when: host_user | length > 0
cert_dir: "{{ working_dir }}/.certs/{{ username }}" block:
- name: Set workdir with a custom host user as a fact
set_fact:
cert_dir: "/home/{{ host_user }}/.k8s/certs/{{ username }}"
conf_dir: "/home/{{ host_user }}/.kube/{{ username }}"
is_host_user: true
- name: Create a directory if it does not exist - name: Using user to bootstrap config
when: host_user | length == 0
block:
- name: Set workdir with a custom host user as a fact
set_fact:
cert_dir: "/home/{{ username }}/.k8s/certs/"
conf_dir: "/home/{{ username }}/.kube"
is_host_user: false
- name: create a directory if it does not exist
ansible.builtin.file: ansible.builtin.file:
path: "{{ cert_dir }}" path: "{{ cert_dir }}"
state: directory state: directory
mode: "0775" mode: "0775"
owner: "{{ lookup('vars','host_user') if (is_host_user) else lookup('vars','username')}}"
- name: create a directory if it does not exist
ansible.builtin.file:
path: "{{ conf_dir }}"
state: directory
mode: "0775"
owner: "{{ lookup('vars','host_user') if (is_host_user) else lookup('vars','username')}}"
- block: - block:
- name: Generate openssl certificate - name: Generate openssl certificate
tags: openssl tags: openssl
@ -81,8 +104,9 @@
- name: Create config file from template - name: Create config file from template
template: template:
src: config.j2 src: config.j2
dest: "{{ working_dir }}/{{ username }}.config" dest: "{{ conf_dir }}/config"
force: false force: false
owner: "{{ lookup('vars','host_user') if (is_host_user) else lookup('vars','username')}}"
tags: config tags: config
- name: Bind user to role - name: Bind user to role

View File

@ -8,13 +8,15 @@
# -------------------------------------- # --------------------------------------
--- ---
- name: Ensure required packages are installed - name: Ensure required packages are installed
when: not use_system_bins
tags: packages tags: packages
block: block:
- name: Create a directory if it does not exist - name: Create a working directory if it doesn't exist
ansible.builtin.file: ansible.builtin.file:
path: "{{ working_dir }}" path: "{{ working_dir }}"
state: directory state: directory
mode: "0775" mode: "0775"
- name: Prepare bin directory - name: Prepare bin directory
block: block:
- name: Set workdir as fact - name: Set workdir as fact
@ -27,9 +29,6 @@
state: directory state: directory
mode: "0775" mode: "0775"
# --------------------------------------
# -- Install yq
# --------------------------------------
- name: Install yq - name: Install yq
block: block:
- name: Ensure yq is installed - name: Ensure yq is installed
@ -78,6 +77,7 @@
vars: vars:
certificate_expires_in: "{{ item.certificate_expires_in | default('500') }}" certificate_expires_in: "{{ item.certificate_expires_in | default('500') }}"
username: "{{ item.username }}" username: "{{ item.username }}"
host_user: "{{ item.host_user | default('') }}"
cluster: "{{ item.cluster }}" cluster: "{{ item.cluster }}"
binding_type: "{{ item.binding_type | default('ClusterRoleBinding') }}" binding_type: "{{ item.binding_type | default('ClusterRoleBinding') }}"
role_type: "{{ item.role_type | default('ClusterRole') }}" role_type: "{{ item.role_type | default('ClusterRole') }}"