diff --git a/defaults/main.yml b/defaults/main.yml index c229215..e3516eb 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,13 +1,17 @@ --- -# -------------------------------------- -# -- yq version -# -------------------------------------- +# --------------------------------------------------------------------- +# If set to true, the role won't install yq and kubeectl +# --------------------------------------------------------------------- +use_system_bins: false +# --------------------------------------------------------------------- +# yq version +# --------------------------------------------------------------------- yq: version: v4.35.2 binary: yq_linux_amd64 -# -------------------------------------- -# -- kubectl version -# -------------------------------------- +# --------------------------------------------------------------------- +# kubectl version +# --------------------------------------------------------------------- kubectl: version: v1.26.6 arch: amd64 @@ -15,7 +19,7 @@ kubectl: # -- Path to k8s admin config # -------------------------------------- k8s_config_path: /etc/kubernetes/admin.conf -k8s_cert_path: /etc/kubernetes/pki +k8s_cert_path: /etc/kubernetes/pki k8s_cert_crt_file: ca.crt k8s_cert_key_file: ca.key # -------------------------------------- @@ -23,7 +27,7 @@ k8s_cert_key_file: ca.key # -------------------------------------- username: "admin" # -------------------------------------- -# -- How many days certificate +# -- How many days certificate # -- will be valid # -------------------------------------- certificate_expires_in: 500 @@ -34,7 +38,7 @@ cluster: "microk8s-cluster" # -------------------------------------- # -- RoleBinding parameters # -------------------------------------- -# -- Binding type: +# -- Binding type: # ---- ClusterRoleBinding # ---- RoleBinding # -------------------------------------- @@ -53,13 +57,14 @@ role: cluster-admin # -------------------------------------- # users: # - username: "admin" +# host_user: "admin" # cluster: "microk8s-cluster" # certificate_expires_in: 500 # binding_type: ClusterRoleBinding # role_type: ClusterRole # role: cluster-admin # k8s_config_path: /etc/kubernetes/admin.conf -# k8s_cert_path: /etc/kubernetes/pki +# k8s_cert_path: /etc/kubernetes/pki # k8s_cert_crt_file: ca.crt # k8s_cert_key_file: ca.key # -------------------------------------- @@ -67,7 +72,7 @@ users: [] # -------------------------------------- # -- Use with microk8s # -------------------------------------- -# k8s_config_path: /var/snap/microk8s/current/credentials/client.config +# k8s_config_path: /var/snap/microk8s/current/credentials/client.config # k8s_cert_path: /var/snap/microk8s/current/certs # -------------------------------------- # -- Use with k3s diff --git a/tasks/create-user.yaml b/tasks/create-user.yaml index 64b33af..61533af 100644 --- a/tasks/create-user.yaml +++ b/tasks/create-user.yaml @@ -1,15 +1,38 @@ --- - name: Prepare cert directory block: - - name: Set workdir as fact - set_fact: - cert_dir: "{{ working_dir }}/.certs/{{ username }}" + - name: Using host_user to bootstrap config + when: host_user | length > 0 + block: + - name: Set workdir with a custom host user as a fact + set_fact: + cert_dir: "/home/{{ host_user }}/.k8s/certs/{{ username }}" + conf_dir: "/home/{{ host_user }}/.kube/{{ username }}" + is_host_user: true - - name: Create a directory if it does not exist + - name: Using user to bootstrap config + when: host_user | length == 0 + block: + - name: Set workdir with a custom host user as a fact + set_fact: + cert_dir: "/home/{{ username }}/.k8s/certs/" + conf_dir: "/home/{{ username }}/.kube" + is_host_user: false + + - name: create a directory if it does not exist ansible.builtin.file: path: "{{ cert_dir }}" state: directory mode: "0775" + owner: "{{ lookup('vars','host_user') if (is_host_user) else lookup('vars','username')}}" + + - name: create a directory if it does not exist + ansible.builtin.file: + path: "{{ conf_dir }}" + state: directory + mode: "0775" + owner: "{{ lookup('vars','host_user') if (is_host_user) else lookup('vars','username')}}" + - block: - name: Generate openssl certificate tags: openssl @@ -81,8 +104,9 @@ - name: Create config file from template template: src: config.j2 - dest: "{{ working_dir }}/{{ username }}.config" + dest: "{{ conf_dir }}/config" force: false + owner: "{{ lookup('vars','host_user') if (is_host_user) else lookup('vars','username')}}" tags: config - name: Bind user to role diff --git a/tasks/main.yml b/tasks/main.yml index 4c3be3e..714b9d8 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -8,13 +8,15 @@ # -------------------------------------- --- - name: Ensure required packages are installed + when: not use_system_bins tags: packages block: - - name: Create a directory if it does not exist + - name: Create a working directory if it doesn't exist ansible.builtin.file: path: "{{ working_dir }}" state: directory mode: "0775" + - name: Prepare bin directory block: - name: Set workdir as fact @@ -27,9 +29,6 @@ state: directory mode: "0775" - # -------------------------------------- - # -- Install yq - # -------------------------------------- - name: Install yq block: - name: Ensure yq is installed @@ -78,6 +77,7 @@ vars: certificate_expires_in: "{{ item.certificate_expires_in | default('500') }}" username: "{{ item.username }}" + host_user: "{{ item.host_user | default('') }}" cluster: "{{ item.cluster }}" binding_type: "{{ item.binding_type | default('ClusterRoleBinding') }}" role_type: "{{ item.role_type | default('ClusterRole') }}"