mirror of https://github.com/easzlab/kubeasz.git
47 lines
2.2 KiB
YAML
47 lines
2.2 KiB
YAML
- name: 创建自定义用户证书目录
|
||
file: name={{ cluster_dir }}/ssl/users/ state=directory
|
||
|
||
- name: 准备CA配置文件
|
||
template: src=ca-config.json.j2 dest={{ cluster_dir }}/ssl/ca-config.json
|
||
|
||
- name: 准备kubectl使用的{{ USER_NAME }}证书签名请求
|
||
template: src=user-csr.json.j2 dest={{ cluster_dir }}/ssl/users/{{ USER_NAME }}-csr.json
|
||
|
||
- name: 创建{{ USER_NAME }}证书与私钥
|
||
shell: "cd {{ cluster_dir }}/ssl/users && {{ base_dir }}/bin/cfssl gencert \
|
||
-ca={{ cluster_dir }}/ssl/ca.pem \
|
||
-ca-key={{ cluster_dir }}/ssl/ca-key.pem \
|
||
-config={{ cluster_dir }}/ssl/ca-config.json \
|
||
-profile=kcfg {{ USER_NAME }}-csr.json | {{ base_dir }}/bin/cfssljson -bare {{ USER_NAME }}"
|
||
|
||
- name: 设置集群参数
|
||
shell: "{{ base_dir }}/bin/kubectl config set-cluster {{ CLUSTER_NAME }} \
|
||
--certificate-authority={{ cluster_dir }}/ssl/ca.pem \
|
||
--embed-certs=true \
|
||
--server={{ KUBE_APISERVER }} \
|
||
--kubeconfig={{ cluster_dir }}/ssl/users/{{ USER_NAME }}.kubeconfig"
|
||
|
||
- name: 设置客户端认证参数
|
||
shell: "{{ base_dir }}/bin/kubectl config set-credentials {{ USER_NAME }} \
|
||
--client-certificate={{ cluster_dir }}/ssl/users/{{ USER_NAME }}.pem \
|
||
--embed-certs=true \
|
||
--client-key={{ cluster_dir }}/ssl/users/{{ USER_NAME }}-key.pem \
|
||
--kubeconfig={{ cluster_dir }}/ssl/users/{{ USER_NAME }}.kubeconfig"
|
||
|
||
- name: 设置上下文参数
|
||
shell: "{{ base_dir }}/bin/kubectl config set-context {{ CONTEXT_NAME }} \
|
||
--cluster={{ CLUSTER_NAME }} --user={{ USER_NAME }} \
|
||
--kubeconfig={{ cluster_dir }}/ssl/users/{{ USER_NAME }}.kubeconfig"
|
||
|
||
- name: 选择默认上下文
|
||
shell: "{{ base_dir }}/bin/kubectl config use-context {{ CONTEXT_NAME }} \
|
||
--kubeconfig={{ cluster_dir }}/ssl/users/{{ USER_NAME }}.kubeconfig"
|
||
|
||
- name: 生成clusterrolebind 配置文件
|
||
template: src=crb.yaml.j2 dest={{ cluster_dir }}/ssl/users/crb-{{ USER_NAME }}.yaml
|
||
|
||
- name: 创建clusterrolebind 配置
|
||
shell: "{{ base_dir }}/bin/kubectl apply -f {{ cluster_dir }}/ssl/users/crb-{{ USER_NAME }}.yaml"
|
||
|
||
- debug: msg="查看{{ USER_NAME }}自定义kubeconfig:{{ cluster_dir }}/ssl/users/{{ USER_NAME }}.kubeconfig"
|