84 lines
2.6 KiB
YAML
84 lines
2.6 KiB
YAML
# --------------------------------------
|
|
# -- Create kubernetes user
|
|
# --------------------------------------
|
|
# -- 1. Install packages
|
|
# -- 2. Generate certificate
|
|
# -- 3. Add user to kubernetes
|
|
# -- 4. Remove certificates (Optional)
|
|
# --------------------------------------
|
|
---
|
|
- name: Ensure required packages are installed
|
|
tags: packages
|
|
block:
|
|
# -------------------------
|
|
# -- Prepare kubectl repo
|
|
# -------------------------
|
|
- name: Add an apt signing key for Kubernetes
|
|
become: true
|
|
apt_key:
|
|
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
|
|
state: present
|
|
|
|
- name: Adding apt repository for Kubernetes
|
|
become: true
|
|
apt_repository:
|
|
repo: deb https://apt.kubernetes.io/ kubernetes-xenial main
|
|
state: present
|
|
filename: kubernetes.list
|
|
|
|
# --------------------------------------
|
|
# -- Install yq
|
|
# --------------------------------------
|
|
- name: Ensure yq is installed
|
|
become: true
|
|
get_url:
|
|
url: "https://github.com/mikefarah/yq/releases/download/{{ yq.version }}/{{ yq.binary }}"
|
|
dest: /usr/bin/yq
|
|
mode: "0777"
|
|
|
|
- block:
|
|
- name: Download kubectl release
|
|
uri:
|
|
url: https://dl.k8s.io/release/{{ kubectl.version }}/bin/linux/{{ kubectl.arch }}/kubectl
|
|
dest: /tmp
|
|
|
|
- name: Download the kubectl checksum file
|
|
uri:
|
|
url: https://dl.k8s.io/{{ kubectl.version }}/bin/linux/{{ kubectl.arch }}/kubectl.sha256
|
|
dest: /tmp
|
|
|
|
- name: Validate the kubectl binary against the checksum file
|
|
shell: echo "$(cat /tmp/kubectl.sha256) /tmp/kubectl" | sha256sum --check
|
|
register: result
|
|
|
|
- name: Assert that the kubectl binary is OK
|
|
vars:
|
|
expected: "/tmp/kubectl: OK"
|
|
assert:
|
|
that:
|
|
- result.stdout == expected
|
|
fail_msg: "{{ result.stdout }}"
|
|
success_msg: "{{ result.stdout }}"
|
|
|
|
- name: Ensure openssl is installed
|
|
become: true
|
|
package:
|
|
name: "openssl"
|
|
state: present
|
|
|
|
- name: Create a directory if it does not exist
|
|
ansible.builtin.file:
|
|
path: "{{ working_dir }}"
|
|
state: directory
|
|
mode: "0775"
|
|
|
|
- name: Create kubernetes user
|
|
loop: "{{ users }}"
|
|
include_tasks: create-user.yaml
|
|
vars:
|
|
certificate_expires_in: "{{ item.certificate_expires_in | default('500') }}"
|
|
username: "{{ item.username }}"
|
|
cluster: "{{ item.cluster }}"
|
|
binding_type: "{{ item.binding_type | default('ClusterRoleBinding') }}"
|
|
role_type: "{{ item.role_type | default('ClusterRole') }}"
|
|
role: "{{ item.role | default('cluster-admin') }}" |