Template out known_users.csv, optionally add groups
parent
637f445c3f
commit
d1f58fed4c
|
@ -39,6 +39,7 @@ kube_cert_group: kube-cert
|
|||
kube_log_level: 2
|
||||
|
||||
# Users to create for basic auth in Kubernetes API via HTTP
|
||||
# Optionally add groups for user
|
||||
kube_api_pwd: "changeme"
|
||||
kube_users:
|
||||
kube:
|
||||
|
@ -47,6 +48,8 @@ kube_users:
|
|||
root:
|
||||
pass: "{{kube_api_pwd}}"
|
||||
role: admin
|
||||
# groups:
|
||||
# - system:masters
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -27,12 +27,10 @@
|
|||
group: "{{ kube_cert_group }}"
|
||||
|
||||
- name: Populate users for basic auth in API
|
||||
lineinfile:
|
||||
template:
|
||||
src: known_users.csv.j2
|
||||
dest: "{{ kube_users_dir }}/known_users.csv"
|
||||
create: yes
|
||||
line: '{{ item.value.pass }},{{ item.key }},{{ item.value.role }}'
|
||||
backup: yes
|
||||
with_dict: "{{ kube_users }}"
|
||||
when: inventory_hostname in "{{ groups['kube-master'] }}" and kube_basic_auth|default(true)
|
||||
notify: set secret_changed
|
||||
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
{% for user in kube_users %}
|
||||
{{kube_users[user].pass}},{{user}},{{kube_users[user].role}}{% if kube_users[user].groups is defined %},{% set groups_csv = kube_users[user].groups|join(',') -%}"{{groups_csv}}"{% endif %}
|
||||
{% endfor %}
|
Loading…
Reference in New Issue