Change the way binaries are installed

Now binaries are installed to the workdir, so they do not affect the
system. I want to have this role more or less containerized

Also some minor refactoring has been done as well

defaults/main.yml

@@ -3,7 +3,7 @@
 # -- yq version
 # --------------------------------------
 yq:
-  version: v4.31.2
+  version: v4.35.2
   binary: yq_linux_amd64
 # --------------------------------------
 # -- kubectl version
@@ -58,6 +58,10 @@ role: cluster-admin
 #     binding_type: ClusterRoleBinding
 #     role_type: ClusterRole
 #     role: cluster-admin
+#     k8s_config_path: /etc/kubernetes/admin.conf
+#     k8s_cert_path: /etc/kubernetes/pki 
+#     k8s_cert_crt_file: ca.crt
+#     k8s_cert_key_file: ca.key
 # --------------------------------------
 users: []
 # --------------------------------------
@@ -65,3 +69,10 @@ users: []
 # --------------------------------------
 # k8s_config_path: /var/snap/microk8s/current/credentials/client.config 
 # k8s_cert_path: /var/snap/microk8s/current/certs
+# --------------------------------------
+# -- Use with k3s
+# --------------------------------------
+# k8s_config_path: /etc/rancher/k3s/k3s.yaml
+# k8s_cert_path: /var/lib/rancher/k3s/server/tls
+# k8s_cert_crt_file: server-ca.crt
+# k8s_cert_key_file: server-ca.key

tasks/create-user.yaml

@@ -41,14 +41,14 @@
       # -- Get k8s server from admin.conf
       # --------------------------------------
       - name: Get k8s server
-        shell: yq e '.clusters[0] | select(.name == "{{ cluster }}").cluster.server' "{{ k8s_config_path }}"
+        shell: "{{ working_dir }}/bin/yq e '.clusters[0] | select(.name == \"{{ cluster }}\").cluster.server' {{ k8s_config_path }}"
         register: kubernetes_server_output
       # --------------------------------------
       # -- Get k8s certificate authority data
       # -- from admin-conf
       # --------------------------------------
       - name: Get k8s certificate authority data
-        shell: yq e '.clusters[0] | select(.name == "{{ cluster }}").cluster.certificate-authority-data' "{{ k8s_config_path }}"
+        shell: "{{ working_dir }}/bin/yq e '.clusters[0] | select(.name == \"{{ cluster }}\").cluster.certificate-authority-data' {{ k8s_config_path }}"
         register: kubernetes_cad_output
 
       - name: Get user cert data
@@ -67,15 +67,15 @@
           user_key_data: " {{ user_key_data_output.stdout }}"
 
       - name: Create k8s user
-        ansible.builtin.shell: |
+        ansible.builtin.shell: >-
-          kubectl config set-credentials  "{{ username }}"\
+          {{ working_dir }}/bin/kubectl config set-credentials {{ username }} \
             --client-certificate="{{ cert_dir }}/{{ username }}.crt" \
             --client-key="{{ cert_dir }}/{{ username }}.key"
         notify: remove certificates
 
       - name: Set user context
-        ansible.builtin.shell: |
+        ansible.builtin.shell: >-
-          kubectl config set-context "{{ username }}@{{ cluster }}" \
+          {{ working_dir }}/bin/kubectl config set-context {{ username }}@{{ cluster }} \
             --cluster={{ cluster }} --user="{{ username }}"
 
       - name: Create config file from template
@@ -95,5 +95,5 @@
       - name: Apply role binding manifest
         environment:
           KUBECONFIG: "{{ k8s_config_path }}"
-        shell: kubectl apply -f "{{ cert_dir }}/{{ username }}.yaml"
+        shell: "{{ working_dir }}/bin/kubectl apply -f {{ cert_dir }}/{{ username }}.yaml"
     tags: add_user

tasks/main.yml

@@ -10,55 +10,61 @@
 - name: Ensure required packages are installed
   tags: packages
   block:
-  # -------------------------
+    - name: Create a directory if it does not exist
-  # -- Prepare kubectl repo
+      ansible.builtin.file:
-  # -------------------------
+        path: "{{ working_dir }}"
-    - name: Add an apt signing key for Kubernetes
+        state: directory
-      become: true
+        mode: "0775"
-      apt_key:
+    - name: Prepare bin directory
-        url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
+      block:
-        state: present
+        - name: Set workdir as fact
+          set_fact:
+            bin_dir: "{{ working_dir }}/bin"
 
-    - name: Adding apt repository for Kubernetes
+        - name: Create a directory if it does not exist
-      become: true
+          ansible.builtin.file:
-      apt_repository:
+            path: "{{ bin_dir }}"
-        repo: deb https://apt.kubernetes.io/ kubernetes-xenial main
+            state: directory
-        state: present
+            mode: "0775"
-        filename: kubernetes.list
 
     # --------------------------------------
     # -- Install yq
     # --------------------------------------
-    - name: Ensure yq is installed
+    - name: Install yq
-      become: true
+      block:
-      get_url:
+        - name: Ensure yq is installed
-        url: "https://github.com/mikefarah/yq/releases/download/{{ yq.version }}/{{ yq.binary }}"
+          become: true
-        dest: /usr/bin/yq
+          get_url:
-        mode: "0777"
+            url: "https://github.com/mikefarah/yq/releases/download/{{ yq.version }}/{{ yq.binary }}"
+            dest: "{{ bin_dir }}/yq"
+            mode: "0777"
 
-    - block:
+    - name: Install kubectl
-      - name: Download kubectl release
+      block:
-        uri:
+        - name: Download kubectl release
-          url: https://dl.k8s.io/release/{{ kubectl.version }}/bin/linux/{{ kubectl.arch }}/kubectl
+          become: true
-          dest: /tmp
+          get_url:
+            url: https://dl.k8s.io/release/{{ kubectl.version }}/bin/linux/{{ kubectl.arch }}/kubectl
+            dest: "{{ bin_dir }}/kubectl"
+            mode: "0777"
 
-      - name: Download the kubectl checksum file
+        - name: Download the kubectl checksum file
-        uri:
+          uri:
-          url: https://dl.k8s.io/{{ kubectl.version }}/bin/linux/{{ kubectl.arch }}/kubectl.sha256
+            url: https://dl.k8s.io/{{ kubectl.version }}/bin/linux/{{ kubectl.arch }}/kubectl.sha256
-          dest: /tmp
+            dest: /tmp
 
-      - name: Validate the kubectl binary against the checksum file
+        - name: Validate the kubectl binary against the checksum file
-        shell: echo "$(cat /tmp/kubectl.sha256)  /tmp/kubectl" | sha256sum --check
+          shell: echo "$(cat /tmp/kubectl.sha256)  {{ bin_dir }}/kubectl" | sha256sum --check
-        register: result
+          register: result
 
-      - name: Assert that the kubectl binary is OK
+        - name: Assert that the kubectl binary is OK
-        vars:
+          vars:
-          expected: "/tmp/kubectl: OK"
+            expected: "{{ bin_dir }}/kubectl: OK"
-        assert:
+          assert:
-          that:
+            that:
-            - result.stdout == expected
+              - result.stdout == expected
-          fail_msg: "{{ result.stdout }}"
+            fail_msg: "{{ result.stdout }}"
-          success_msg: "{{ result.stdout }}"
+            success_msg: "{{ result.stdout }}"
 
     - name: Ensure openssl is installed
       become: true
@@ -66,12 +72,6 @@
         name: "openssl"
         state: present
 
-    - name: Create a directory if it does not exist
-      ansible.builtin.file:
-        path: "{{ working_dir }}"
-        state: directory
-        mode: "0775"
-
 - name: Create kubernetes user
   loop: "{{ users }}"
   include_tasks: create-user.yaml
@@ -81,4 +81,8 @@
     cluster: "{{ item.cluster }}"
     binding_type: "{{ item.binding_type | default('ClusterRoleBinding') }}"
     role_type: "{{ item.role_type | default('ClusterRole') }}"
-    role: "{{ item.role | default('cluster-admin') }}"
+    role: "{{ item.role | default('cluster-admin') }}"
+    user_k8s_config_path: "{{ item.k8s_config_path | default(k8s_config_path) }}"
+    user_k8s_cert_path: "{{ item.k8s_cert_path | default(k8s_cert_path) }}"
+    user_k8s_cert_crt_file: "{{ item.k8s_cert_crt_file | default(k8s_cert_crt_file) }}"
+    user_k8s_cert_key_file: "{{ item.k8s_cert_key_file | default(k8s_cert_key_file) }}"