diff --git a/defaults/main.yml b/defaults/main.yml index 926c000..c229215 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,7 +3,7 @@ # -- yq version # -------------------------------------- yq: - version: v4.31.2 + version: v4.35.2 binary: yq_linux_amd64 # -------------------------------------- # -- kubectl version @@ -58,6 +58,10 @@ role: cluster-admin # binding_type: ClusterRoleBinding # role_type: ClusterRole # role: cluster-admin +# k8s_config_path: /etc/kubernetes/admin.conf +# k8s_cert_path: /etc/kubernetes/pki +# k8s_cert_crt_file: ca.crt +# k8s_cert_key_file: ca.key # -------------------------------------- users: [] # -------------------------------------- @@ -65,3 +69,10 @@ users: [] # -------------------------------------- # k8s_config_path: /var/snap/microk8s/current/credentials/client.config # k8s_cert_path: /var/snap/microk8s/current/certs +# -------------------------------------- +# -- Use with k3s +# -------------------------------------- +# k8s_config_path: /etc/rancher/k3s/k3s.yaml +# k8s_cert_path: /var/lib/rancher/k3s/server/tls +# k8s_cert_crt_file: server-ca.crt +# k8s_cert_key_file: server-ca.key diff --git a/tasks/create-user.yaml b/tasks/create-user.yaml index 5a2ba0e..64b33af 100644 --- a/tasks/create-user.yaml +++ b/tasks/create-user.yaml @@ -41,14 +41,14 @@ # -- Get k8s server from admin.conf # -------------------------------------- - name: Get k8s server - shell: yq e '.clusters[0] | select(.name == "{{ cluster }}").cluster.server' "{{ k8s_config_path }}" + shell: "{{ working_dir }}/bin/yq e '.clusters[0] | select(.name == \"{{ cluster }}\").cluster.server' {{ k8s_config_path }}" register: kubernetes_server_output # -------------------------------------- # -- Get k8s certificate authority data # -- from admin-conf # -------------------------------------- - name: Get k8s certificate authority data - shell: yq e '.clusters[0] | select(.name == "{{ cluster }}").cluster.certificate-authority-data' "{{ k8s_config_path }}" + shell: "{{ working_dir }}/bin/yq e '.clusters[0] | select(.name == \"{{ cluster }}\").cluster.certificate-authority-data' {{ k8s_config_path }}" register: kubernetes_cad_output - name: Get user cert data @@ -67,15 +67,15 @@ user_key_data: " {{ user_key_data_output.stdout }}" - name: Create k8s user - ansible.builtin.shell: | - kubectl config set-credentials "{{ username }}"\ + ansible.builtin.shell: >- + {{ working_dir }}/bin/kubectl config set-credentials {{ username }} \ --client-certificate="{{ cert_dir }}/{{ username }}.crt" \ --client-key="{{ cert_dir }}/{{ username }}.key" notify: remove certificates - name: Set user context - ansible.builtin.shell: | - kubectl config set-context "{{ username }}@{{ cluster }}" \ + ansible.builtin.shell: >- + {{ working_dir }}/bin/kubectl config set-context {{ username }}@{{ cluster }} \ --cluster={{ cluster }} --user="{{ username }}" - name: Create config file from template @@ -95,5 +95,5 @@ - name: Apply role binding manifest environment: KUBECONFIG: "{{ k8s_config_path }}" - shell: kubectl apply -f "{{ cert_dir }}/{{ username }}.yaml" + shell: "{{ working_dir }}/bin/kubectl apply -f {{ cert_dir }}/{{ username }}.yaml" tags: add_user diff --git a/tasks/main.yml b/tasks/main.yml index e41f0e9..4c3be3e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -10,55 +10,61 @@ - name: Ensure required packages are installed tags: packages block: - # ------------------------- - # -- Prepare kubectl repo - # ------------------------- - - name: Add an apt signing key for Kubernetes - become: true - apt_key: - url: https://packages.cloud.google.com/apt/doc/apt-key.gpg - state: present + - name: Create a directory if it does not exist + ansible.builtin.file: + path: "{{ working_dir }}" + state: directory + mode: "0775" + - name: Prepare bin directory + block: + - name: Set workdir as fact + set_fact: + bin_dir: "{{ working_dir }}/bin" - - name: Adding apt repository for Kubernetes - become: true - apt_repository: - repo: deb https://apt.kubernetes.io/ kubernetes-xenial main - state: present - filename: kubernetes.list + - name: Create a directory if it does not exist + ansible.builtin.file: + path: "{{ bin_dir }}" + state: directory + mode: "0775" # -------------------------------------- # -- Install yq # -------------------------------------- - - name: Ensure yq is installed - become: true - get_url: - url: "https://github.com/mikefarah/yq/releases/download/{{ yq.version }}/{{ yq.binary }}" - dest: /usr/bin/yq - mode: "0777" + - name: Install yq + block: + - name: Ensure yq is installed + become: true + get_url: + url: "https://github.com/mikefarah/yq/releases/download/{{ yq.version }}/{{ yq.binary }}" + dest: "{{ bin_dir }}/yq" + mode: "0777" - - block: - - name: Download kubectl release - uri: - url: https://dl.k8s.io/release/{{ kubectl.version }}/bin/linux/{{ kubectl.arch }}/kubectl - dest: /tmp + - name: Install kubectl + block: + - name: Download kubectl release + become: true + get_url: + url: https://dl.k8s.io/release/{{ kubectl.version }}/bin/linux/{{ kubectl.arch }}/kubectl + dest: "{{ bin_dir }}/kubectl" + mode: "0777" - - name: Download the kubectl checksum file - uri: - url: https://dl.k8s.io/{{ kubectl.version }}/bin/linux/{{ kubectl.arch }}/kubectl.sha256 - dest: /tmp + - name: Download the kubectl checksum file + uri: + url: https://dl.k8s.io/{{ kubectl.version }}/bin/linux/{{ kubectl.arch }}/kubectl.sha256 + dest: /tmp - - name: Validate the kubectl binary against the checksum file - shell: echo "$(cat /tmp/kubectl.sha256) /tmp/kubectl" | sha256sum --check - register: result + - name: Validate the kubectl binary against the checksum file + shell: echo "$(cat /tmp/kubectl.sha256) {{ bin_dir }}/kubectl" | sha256sum --check + register: result - - name: Assert that the kubectl binary is OK - vars: - expected: "/tmp/kubectl: OK" - assert: - that: - - result.stdout == expected - fail_msg: "{{ result.stdout }}" - success_msg: "{{ result.stdout }}" + - name: Assert that the kubectl binary is OK + vars: + expected: "{{ bin_dir }}/kubectl: OK" + assert: + that: + - result.stdout == expected + fail_msg: "{{ result.stdout }}" + success_msg: "{{ result.stdout }}" - name: Ensure openssl is installed become: true @@ -66,12 +72,6 @@ name: "openssl" state: present - - name: Create a directory if it does not exist - ansible.builtin.file: - path: "{{ working_dir }}" - state: directory - mode: "0775" - - name: Create kubernetes user loop: "{{ users }}" include_tasks: create-user.yaml @@ -81,4 +81,8 @@ cluster: "{{ item.cluster }}" binding_type: "{{ item.binding_type | default('ClusterRoleBinding') }}" role_type: "{{ item.role_type | default('ClusterRole') }}" - role: "{{ item.role | default('cluster-admin') }}" \ No newline at end of file + role: "{{ item.role | default('cluster-admin') }}" + user_k8s_config_path: "{{ item.k8s_config_path | default(k8s_config_path) }}" + user_k8s_cert_path: "{{ item.k8s_cert_path | default(k8s_cert_path) }}" + user_k8s_cert_crt_file: "{{ item.k8s_cert_crt_file | default(k8s_cert_crt_file) }}" + user_k8s_cert_key_file: "{{ item.k8s_cert_key_file | default(k8s_cert_key_file) }}"