From 7166585268156992e25d3d14d413c8888ee01777 Mon Sep 17 00:00:00 2001
From: Paul-Henri Froidmont <git.contact-57n2p@froidmont.org>
Date: Tue, 31 Jul 2018 18:52:30 +0200
Subject: [PATCH] Add all services config to kubectl

---
 roles/kubectl/tasks/kubectl-config.yml | 11 +++++++++++
 roles/kubectl/tasks/main.yml           | 23 +++++++++++++++++++++++
 2 files changed, 34 insertions(+)
 create mode 100644 roles/kubectl/tasks/kubectl-config.yml

diff --git a/roles/kubectl/tasks/kubectl-config.yml b/roles/kubectl/tasks/kubectl-config.yml
new file mode 100644
index 0000000..1f33c02
--- /dev/null
+++ b/roles/kubectl/tasks/kubectl-config.yml
@@ -0,0 +1,11 @@
+- name: Generate a kubeconfig file for the {{service.name}} service (set-cluster)
+  shell: "kubectl config set-cluster {{k8s_config_cluster_name}} --certificate-authority={{k8s_ca_conf_directory}}/ca-k8s-apiserver.pem --embed-certs=true --server=https://{{apiServer}}:{{k8s_apiserver_secure_port}} --kubeconfig={{k8s_config_directory}}/{{service.name}}.kubeconfig"
+
+- name: Generate a kubeconfig file for the {{service.name}} service (set-credentials)
+  shell: "kubectl config set-credentials system:{{service.name}} --client-certificate={{k8s_ca_conf_directory}}/cert-{{service.client_cert}}.pem --client-key={{k8s_ca_conf_directory}}/cert-{{service.client_cert}}-key.pem --embed-certs=true --kubeconfig={{k8s_config_directory}}/{{service.name}}.kubeconfig"
+
+- name: Generate a kubeconfig file for the {{service.name}} service (set-context)
+  shell: "kubectl config set-context default --cluster={{k8s_config_cluster_name}} --user=system:{{service.name}} --kubeconfig={{k8s_config_directory}}/{{service.name}}.kubeconfig"
+
+- name: Set use-context
+  shell: "kubectl config use-context default --kubeconfig={{k8s_config_directory}}/{{service.name}}.kubeconfig"
diff --git a/roles/kubectl/tasks/main.yml b/roles/kubectl/tasks/main.yml
index afd3063..3f84c6d 100644
--- a/roles/kubectl/tasks/main.yml
+++ b/roles/kubectl/tasks/main.yml
@@ -52,3 +52,26 @@
     - k8s_worker
   tags:
     - k8s-auth-config-kubelet
+
+- name: Get IP address of first host in k8s_master group and use as API server
+  set_fact:
+    apiServer: |
+      {% set item = groups["k8s_master"][0] %}
+      {{ hostvars[item]["ansible_"+hostvars[item]["peervpn_conf_interface"]].ipv4.address }}
+
+- name: Remove newline from API server IP address
+  set_fact:
+    apiServer: "{{apiServer |replace('\n', '')}}"
+
+- include_tasks: kubectl-config.yml
+  loop:
+    - name: kube-proxy
+      client_cert: k8s-proxy
+    - name: kube-controller-manager
+      client_cert: k8s-controller-manager
+    - name: kube-scheduler
+      client_cert: k8s-scheduler
+    - name: admin
+      client_cert: admin
+  loop_control:
+    loop_var: service