From 656eedd01e92b67b8624d6a9272801f13499d1b0 Mon Sep 17 00:00:00 2001
From: Paul-Henri Froidmont <git.contact-57n2p@froidmont.org>
Date: Tue, 31 Jul 2018 18:08:17 +0200
Subject: [PATCH] Add configuration to kubectl role

---
 k8s.yml                      | 11 +++++------
 roles/kubectl/tasks/main.yml | 28 ++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/k8s.yml b/k8s.yml
index 8954812..3d18890 100644
--- a/k8s.yml
+++ b/k8s.yml
@@ -24,12 +24,6 @@
   roles:
     - role: peervpn
       tags: role-peervpn
-- hosts: k8s_kubectl
-  gather_facts: no
-  become: yes
-  roles:
-    - role: kubectl
-      tags: role-kubectl
 - hosts: k8s_ca
   become: yes
   roles:
@@ -37,6 +31,11 @@
       tags: role-cfssl
     - role: kubernetes-ca
       tags: role-kubernetes-ca
+- hosts: k8s_kubectl
+  become: yes
+  roles:
+    - role: kubectl
+      tags: role-kubectl
 - hosts: k8s_etcd
   gather_facts: no
   roles:
diff --git a/roles/kubectl/tasks/main.yml b/roles/kubectl/tasks/main.yml
index a8800f1..afd3063 100644
--- a/roles/kubectl/tasks/main.yml
+++ b/roles/kubectl/tasks/main.yml
@@ -24,3 +24,31 @@
     remote_src: yes
   with_items:
     - kubectl
+
+- name: Generate a kubeconfig file for each worker node (set-cluster)
+  shell: "kubectl config set-cluster {{k8s_config_cluster_name}} --certificate-authority={{k8s_ca_conf_directory}}/ca-k8s-apiserver.pem --embed-certs=true --server=https://{{hostvars[groups['k8s_master'][0]]['ansible_'+hostvars[item]['peervpn_conf_interface']].ipv4.address}}:{{k8s_apiserver_secure_port}} --kubeconfig={{k8s_config_directory}}/{{item}}.kubeconfig"
+  with_inventory_hostnames:
+    - k8s_worker
+  tags:
+    - k8s-auth-config-kubelet
+
+- name: Generate a kubeconfig file for each worker node (set-credentials)
+  shell: "kubectl config set-credentials system:node:{{hostvars[item]['ansible_hostname']}} --client-certificate={{k8s_ca_conf_directory}}/cert-{{item}}.pem --client-key={{k8s_ca_conf_directory}}/cert-{{item}}-key.pem --embed-certs=true --kubeconfig={{k8s_config_directory}}/{{item}}.kubeconfig"
+  with_inventory_hostnames:
+    - k8s_worker
+  tags:
+    - k8s-auth-config-kubelet
+
+- name: Generate a kubeconfig file for each worker node (set-context)
+  shell: "kubectl config set-context default --cluster={{k8s_config_cluster_name}} --user=system:node:{{hostvars[item]['ansible_hostname']}} --kubeconfig={{k8s_config_directory}}/{{item}}.kubeconfig"
+  with_inventory_hostnames:
+    - k8s_worker
+  tags:
+    - k8s-auth-config-kubelet
+
+- name: Set use-context
+  shell: "kubectl config use-context default --kubeconfig={{k8s_config_directory}}/{{item}}.kubeconfig"
+  with_inventory_hostnames:
+    - k8s_worker
+  tags:
+    - k8s-auth-config-kubelet