github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-15 06:43:54 +00:00
Code Issues Projects Releases Wiki Activity

Generate a kubeconfig for kubectl which can be taken off the masterA

Browse Source 
/etc/kubernetes/kuectl.kubeconfig
This commit is contained in:
Eric Paris 2015-07-01 13:19:06 -04:00
parent 88087decb4
commit c66bafaa18
4 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/ansible/roles/kubernetes/tasks/gen_tokens.yml
View File

@ -10,7 +10,7 @@
environment: environment:
TOKEN_DIR: "{{ kube_token_dir }}" TOKEN_DIR: "{{ kube_token_dir }}"
with_nested: with_nested:
- [ "system:controller_manager", "system:scheduler" ] - [ "system:controller_manager", "system:scheduler", "system:kubectl" ]
- "{{ groups['masters'] }}" - "{{ groups['masters'] }}"
register: gentoken register: gentoken
changed_when: "'Added' in gentoken.stdout" changed_when: "'Added' in gentoken.stdout"

6
contrib/ansible/roles/kubernetes/tasks/secrets.yml
View File

@ -35,8 +35,12 @@
run_once: true run_once: true
delegate_to: "{{ groups['masters'][0] }}" delegate_to: "{{ groups['masters'][0] }}"
- name: Register the CA certificate as a fact so it can be used later
set_fact:
kube_ca_cert: "{{ ca_cert.content|b64decode }}"
- name: Place CA certificate everywhere - name: Place CA certificate everywhere
copy: content="{{ ca_cert.content|b64decode }}" dest="{{ kube_cert_dir }}/ca.crt" copy: content="{{ kube_ca_cert }}" dest="{{ kube_cert_dir }}/ca.crt"
notify: notify:
- restart daemons - restart daemons

5
contrib/ansible/roles/master/tasks/main.yml
View File

@ -27,6 +27,7 @@
with_items: with_items:
- "system:controller_manager" - "system:controller_manager"
- "system:scheduler" - "system:scheduler"
- "system:kubectl"
register: tokens register: tokens
delegate_to: "{{ groups['masters'][0] }}" delegate_to: "{{ groups['masters'][0] }}"
@ -34,6 +35,7 @@
set_fact: set_fact:
controller_manager_token: "{{ tokens.results[0].content|b64decode }}" controller_manager_token: "{{ tokens.results[0].content|b64decode }}"
scheduler_token: "{{ tokens.results[1].content|b64decode }}" scheduler_token: "{{ tokens.results[1].content|b64decode }}"
kubectl_token: "{{ tokens.results[2].content|b64decode }}"
- name: write the config file for the controller-manager - name: write the config file for the controller-manager
template: src=controller-manager.j2 dest={{ kube_config_dir }}/controller-manager template: src=controller-manager.j2 dest={{ kube_config_dir }}/controller-manager
@ -61,6 +63,9 @@
- name: Enable scheduler - name: Enable scheduler
service: name=kube-scheduler enabled=yes state=started service: name=kube-scheduler enabled=yes state=started
- name: write the kubecfg (auth) file for kubectl
template: src=kubectl.kubeconfig.j2 dest={{ kube_config_dir }}/kubectl.kubeconfig
- include: firewalld.yml - include: firewalld.yml
when: has_firewalld when: has_firewalld

18
contrib/ansible/roles/master/templates/kubectl.kubeconfig.j2 Normal file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Config
current-context: kubectl-to-{{ cluster_name }}
preferences: {}
clusters:
- cluster:
certificate-authority-data: {{ kube_ca_cert|b64encode }}
server: https://{{ groups['masters'][0] }}:443
name: {{ cluster_name }}
contexts:
- context:
cluster: {{ cluster_name }}
user: kubectl
name: kubectl-to-{{ cluster_name }}
users:
- name: kubectl
user:
token: {{ kubectl_token }}