-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathkubectl-local-config.yml
executable file
·121 lines (121 loc) · 6 KB
/
kubectl-local-config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
---
# Configures a previously installed kubectl as to be able to manage the K3S cluster
# running in Multipass VMs.
# The K3S cluster must be created and, as a minimum, the master node must be running in order for
# this playbook to be able to retrieve the information necessary to configure kubectl.
#
# Variables:
# vm_user - User in the Multipass VM used to SSH to the VM with.
# vm_user_ssh_private_key_file - File containing above user's private key used to SSH to the VM with.
- name: Install and configure kubectl
hosts: master-nodes
vars:
vm_user: "vmadmin"
tempfiles_root_rel: "~/k3scluster"
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
ansible_connection: local
k3s_cluster_user: "k3s_user"
k3s_cluster: "k3s"
k3s_context: "k3s_context"
tasks:
- name: Find absolute path to tempfiles root
ansible.builtin.shell: "echo {{ tempfiles_root_rel }}"
register: tempfiles_root_out
delegate_to: localhost
- name: Retrieve absolute path to tempfiles root
ansible.builtin.set_fact:
tempfiles_root: "{{ tempfiles_root_out.stdout }}"
- name: Set paths in which tempfiles root is used
ansible.builtin.set_fact:
vm_user_ssh_private_key_file: "{{ tempfiles_root }}/multipass-certs/user_key"
client_key_file: "{{ tempfiles_root }}/temp/k3s_client_key"
client_certificate_file: "{{ tempfiles_root }}/temp/k3s_client_certificate"
cluster_certificate_authority_file: "{{ tempfiles_root }}/temp/k3s_cluster_certificate_authority"
- ansible.builtin.debug:
msg: "Using client certificate file: {{ vm_user_ssh_private_key_file }}"
- name: Obtain IP address of K3S cluster master node
ansible.builtin.include_role:
name: ivankrizsan.k3s_cluster.k3scluster
tasks_from: get-node-ip
- name: Store K3S master node IP address
ansible.builtin.set_fact:
k3s_master_ip: "{{ vm_ip }}"
- name: Retrieve K3S master kubectl configuration from K3S master node
ansible.builtin.include_role:
name: ivankrizsan.k3s_cluster.k3scluster
tasks_from: execute-cmd-and-log.yml
vars:
vm_command: "sudo kubectl config view --minify --flatten"
log_msg_prefix: "K3S master token"
ansible_user: "{{ vm_user }}"
ansible_ssh_private_key_file: "{{ vm_user_ssh_private_key_file }}"
ansible_connection: ssh
- name: Parse kubectl configuration YAML
ansible.builtin.set_fact:
master_kubectl_config: "{{ cmd_output.stdout | from_yaml }}"
- name: Retrieve kubectl user client certificate data from K3S kubectl configuration.
ansible.builtin.set_fact:
kubectl_client_certificate_data: "{{ master_kubectl_config['users'][0]['user']['client-certificate-data'] }}"
- name: Write user client certificate to file.
ansible.builtin.copy:
content: "{{ kubectl_client_certificate_data | b64decode }}"
dest: "{{ client_certificate_file }}"
# User client key from K3S kubectl configuration
- name: Retrieve kubectl user client key data
ansible.builtin.set_fact:
kubectl_client_key_data: "{{ master_kubectl_config['users'][0]['user']['client-key-data'] }}"
- name: Write user client key to file
ansible.builtin.copy:
content: "{{ kubectl_client_key_data | b64decode }}"
dest: "{{ client_key_file }}"
# Cluster certificate authority from K3S kubectl configuration
- name: Retrieve kubectl cluster certificate-authority-data
ansible.builtin.set_fact:
kubectl_cluster_certificate_authority_data: "{{ master_kubectl_config['clusters'][0]['cluster']['certificate-authority-data'] }}"
- name: Write cluster certificate authority to file
ansible.builtin.copy:
content: "{{ kubectl_cluster_certificate_authority_data | b64decode }}"
dest: "{{ cluster_certificate_authority_file }}"
# Create or re-create a K3S cluster in the local kubectl configuration
- name: Delete any existing K3S cluster in the local kubectl configuration
ansible.builtin.shell: kubectl config delete-cluster {{ k3s_cluster }}
ignore_errors: true
- name: Add a K3S cluster to the local kubectl configuration
ansible.builtin.shell: |
kubectl config set-cluster {{ k3s_cluster }} \
--embed-certs \
--server=https://{{ k3s_master_ip }}:6443 \
--certificate-authority={{ cluster_certificate_authority_file }}
# Create or re-create a K3S user in the local kubectl configuration
- name: Delete any existing user in the local kubectl configuration
ansible.builtin.shell: kubectl config delete-user {{ k3s_cluster_user }}
ignore_errors: true
- name: Add the K3S user to the local kubectl configuration
ansible.builtin.shell: |
kubectl config set-credentials {{ k3s_cluster_user }} \
--embed-certs \
--client-certificate={{ client_certificate_file }} \
--client-key={{ client_key_file }}
# Create or re-create a context in the local kubectl configuration that connects
# the cluster and the user created earlier
- name: Delete any existing context in the local kubectl configuration
ansible.builtin.shell: kubectl config delete-context {{ k3s_context }}
ignore_errors: true
- name: Create the K3S context in the local kubectl configuration
ansible.builtin.shell: |
kubectl config set-context {{ k3s_context }} \
--cluster={{ k3s_cluster }} \
--user={{ k3s_cluster_user }}
# Set the current context to the K3S context
- name: Set the current kubectl context to the K3S context
ansible.builtin.shell: |
kubectl config use-context {{ k3s_context }}
# Delete the files containing client certificate, client key and cluster certificate authority
- name: Delete certificate files used when configuring kubectl
ansible.builtin.file:
path: "{{ item }}"
state: absent
with_items:
- "{{ client_certificate_file }}"
- "{{ client_key_file }}"
- "{{ cluster_certificate_authority_file }}"