allanger
/
ansible-create-k8s-user
1
1
Fork 1
Code Issues 2 Pull Requests Packages Projects Releases Activity
ansible-create-k8s-user/tasks/create-user.yaml

100 lines
3.6 KiB
YAML
Raw Blame History

---
- name: Prepare cert directory
block:
- name: Set workdir as fact
set_fact:
cert_dir: "{{ working_dir }}/.certs/{{ username }}"
- name: Create a directory if it does not exist
ansible.builtin.file:
path: "{{ cert_dir }}"
state: directory
mode: "0775"
- block:
- name: Generate openssl certificate
tags: openssl
block:
- name: Generate an OpenSSL private key
community.crypto.openssl_privatekey:
path: "{{ cert_dir }}/{{ username }}.key"
size: 2048
- name: Generate an OpenSSL Certificate Signing Request
community.crypto.openssl_csr:
path: "{{ cert_dir }}/{{ username }}.csr"
privatekey_path: "{{ cert_dir }}/{{ username }}.key"
common_name: "{{ username }}"
- name: Generate an OpenSSL certificate signed with your own CA certificate
become: true
community.crypto.x509_certificate:
path: "{{ cert_dir }}/{{ username }}.crt"
csr_path: "{{ cert_dir }}/{{ username }}.csr"
ownca_path: "{{ k8s_cert_path }}/{{ k8s_cert_crt_file }}"
ownca_privatekey_path: "{{ k8s_cert_path }}/{{ k8s_cert_key_file }}"
provider: ownca
entrust_not_after: "+{{ certificate_expires_in }}d"
- name: Add user to cluster
block:
# --------------------------------------
# -- Get k8s server from admin.conf
# --------------------------------------
- name: Get k8s server
shell: yq e '.clusters[0] | select(.name == "{{ cluster }}").cluster.server' "{{ k8s_config_path }}"
register: kubernetes_server_output
# --------------------------------------
# -- Get k8s certificate authority data
# -- from admin-conf
# --------------------------------------
- name: Get k8s certificate authority data
shell: yq e '.clusters[0] | select(.name == "{{ cluster }}").cluster.certificate-authority-data' "{{ k8s_config_path }}"
register: kubernetes_cad_output
- name: Get user cert data
shell: cat "{{ cert_dir }}/{{ username }}.crt" | base64 -w 0
register: user_cert_data_output
- name: Get user key data
shell: cat "{{ cert_dir }}/{{ username }}.key" | base64 -w 0
register: user_key_data_output
- name: Set variables for template
set_fact:
kubernetes_server: "{{ kubernetes_server | default(kubernetes_server_output.stdout) }}"
kubernetes_cad: "{{ kubernetes_cad_output.stdout }}"
user_cert_data: " {{ user_cert_data_output.stdout }}"
user_key_data: " {{ user_key_data_output.stdout }}"
- name: Create k8s user
ansible.builtin.shell: |
kubectl config set-credentials "{{ username }}"\
--client-certificate="{{ cert_dir }}/{{ username }}.crt" \
--client-key="{{ cert_dir }}/{{ username }}.key"
notify: remove certificates
- name: Set user context
ansible.builtin.shell: |
kubectl config set-context "{{ username }}@{{ cluster }}" \
--cluster={{ cluster }} --user="{{ username }}"
- name: Create config file from template
template:
src: config.j2
dest: "{{ working_dir }}/{{ username }}.config"
force: false
tags: config
- name: Bind user to role
block:
- name: Generate role binding yaml
template:
src: role-binding.j2
dest: "{{ cert_dir }}/{{ username }}.yaml"
- name: Apply role binding manifest
environment:
KUBECONFIG: "{{ k8s_config_path }}"
shell: kubectl apply -f "{{ cert_dir }}/{{ username }}.yaml"
tags: add_user
Reference in New Issue View Git Blame Copy Permalink