Merge pull request #52 from barrelmaker97/rename-roles

Rename roles and move namespace creation to workload deployment

README.md

@@ -14,7 +14,7 @@ ansible-playbook site.yaml
 
 Individual playbooks can be run in a similar manner:
 ```bash
-ansible-playbook cluster_user.yaml
+ansible-playbook setup.yaml
 ```
 # IP Plan
 | Name       | Address       | Hostname           |

cluster_workloads.yaml → core.yaml

@@ -1,6 +1,6 @@
 ---
-- name: Deploy Workloads
+- name: Deploy core services
   hosts: localhost
   gather_facts: false
   roles:
-    - cluster_workloads
+    - core

roles/cluster_user/tasks/main.yaml → roles/user/tasks/main.yaml

@@ -1,27 +1,27 @@
 ---
 - name: Create local kubeconfig directory
   ansible.builtin.file:
-    path: "{{ cluster_user_kube_dir }}"
+    path: "{{ user_kube_dir }}"
     state: directory
     mode: "0755"
 
 - name: Set owner of local kubeconfig directory to {{ ansible_user }}
   become: true
   ansible.builtin.file:
-    path: "{{ cluster_user_kube_dir }}"
+    path: "{{ user_kube_dir }}"
     state: directory
     owner: "{{ ansible_user }}"
     recurse: true
 
 - name: Generate User Private Key
   community.crypto.openssl_privatekey:
-    path: "{{ cluster_user_key }}"
+    path: "{{ user_key }}"
     size: 2048
 
 - name: Generate User CSR
   community.crypto.openssl_csr:
-    path: "{{ cluster_user_csr }}"
-    privatekey_path: "{{ cluster_user_key }}"
+    path: "{{ user_csr }}"
+    privatekey_path: "{{ user_key }}"
     common_name: "{{ cluster_user }}"
 
 - name: Get admin kubeconfig
@@ -40,7 +40,7 @@
     state: present
     template: csr-user.yaml.j2
   vars:
-    user_csr_base64: "{{ lookup('file', '{{ cluster_user_csr }}') | b64encode }}"
+    user_csr_base64: "{{ lookup('file', '{{ user_csr }}') | b64encode }}"
 
 - name: Install kubectl locally
   become: true
@@ -70,13 +70,13 @@
 - name: Save User Certificate
   ansible.builtin.copy:
     content: "{{ user_cert.resources[0].status.certificate | b64decode }}"
-    dest: "{{ cluster_user_crt }}"
+    dest: "{{ user_crt }}"
     mode: "0644"
 
 - name: Save Cluster Certificate
   ansible.builtin.copy:
     content: "{{ cluster_cert.resources[0]['data']['ca.crt'] }}"
-    dest: "{{ cluster_user_api_crt }}"
+    dest: "{{ user_api_crt }}"
     mode: "0644"
 
 - name: Create User Cluster Role Binding
@@ -87,24 +87,5 @@
 - name: Create User Kubeconfig
   ansible.builtin.template:
     src: user-kubeconfig.yaml
-    dest: "{{ cluster_user_kube_dir }}/config"
+    dest: "{{ user_kube_dir }}/config"
     mode: "0600"
-
-- name: Create User Namespace
-  kubernetes.core.k8s:
-    state: present
-    definition:
-      apiVersion: v1
-      kind: Namespace
-      metadata:
-        name: "{{ workload_namespace }}"
-
-- name: Create User Resource Quota
-  kubernetes.core.k8s:
-    state: present
-    template: resourcequota-user.yaml
-
-- name: Create User Limit Range
-  kubernetes.core.k8s:
-    state: present
-    template: limitrange-user.yaml

roles/cluster_user/templates/clusterrolebinding-user.yaml → roles/user/templates/clusterrolebinding-user.yaml

@@ -2,7 +2,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: namespace-admin
+  name: "{{ cluster_user }}-cluster-admin"
 subjects:
   - kind: User
     name: "{{ cluster_user }}"

roles/user/templates/user-kubeconfig.yaml

@@ -0,0 +1,21 @@
+# vim: ft=yaml
+---
+apiVersion: v1
+kind: Config
+preferences: {}
+current-context: {{ cluster_user }}-{{ cluster_host }}
+clusters:
+  - name: {{ cluster_host }}
+    cluster:
+      certificate-authority: {{ user_api_crt }}
+      server: https://kube.{{ cluster_domain }}:{{ cluster_port }}
+users:
+  - name: {{ cluster_user }}
+    user:
+      client-certificate: {{ user_crt }}
+      client-key: {{ user_key }}
+contexts:
+  - name: {{ cluster_user }}-{{ cluster_host }}
+    context:
+      cluster: {{ cluster_host }}
+      user: {{ cluster_user }}

roles/user/vars/main.yaml

@@ -0,0 +1,6 @@
+---
+user_kube_dir: "{{ ansible_env.HOME }}/.kube"
+user_key: "{{ user_kube_dir }}/{{ cluster_user }}.key"
+user_csr: "{{ user_kube_dir }}/{{ cluster_user }}.csr"
+user_crt: "{{ user_kube_dir }}/{{ cluster_user }}.crt"
+user_api_crt: "{{ user_kube_dir }}/cluster.crt"

roles/cluster_workloads/tasks/main.yaml → roles/workloads/tasks/main.yaml

@@ -1,4 +1,30 @@
 ---
+- name: Create User Namespace
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Namespace
+      metadata:
+        name: "{{ workload_namespace }}"
+
+- name: Set Namespace in kubectl context
+  changed_when: true
+  ansible.builtin.command: >
+    kubectl config set-context
+    --current
+    "--namespace={{ workload_namespace }}"
+
+- name: Create User Resource Quota
+  kubernetes.core.k8s:
+    state: present
+    template: resourcequota-user.yaml
+
+- name: Create User Limit Range
+  kubernetes.core.k8s:
+    state: present
+    template: limitrange-user.yaml
+
 - name: Install Helm
   become: true
   community.general.snap:

setup.yaml

@@ -0,0 +1,5 @@
+---
+- name: Setup for cluster creation
+  hosts: localhost
+  roles:
+    - setup

site.yaml

@@ -1,9 +1,9 @@
 ---
-- name: Set Talos
-  import_playbook: talos_setup.yaml
-- name: Setup Cluster User
-  import_playbook: cluster_user.yaml
-- name: Setup Cluster Services
-  import_playbook: cluster_services.yaml
-- name: Deploy Workloads
-  import_playbook: cluster_workloads.yaml
+- name: Setup for cluster creation
+  import_playbook: setup.yaml
+- name: Create cluster user
+  import_playbook: user.yaml
+- name: Deploy core services
+  import_playbook: core.yaml
+- name: Deploy workloads
+  import_playbook: workloads.yaml

user.yaml

@@ -0,0 +1,5 @@
+---
+- name: Create cluster user
+  hosts: localhost
+  roles:
+    - user

cluster_services.yaml → workloads.yaml

@@ -1,6 +1,6 @@
 ---
-- name: Setup Cluster Services
+- name: Deploy workloads
   hosts: localhost
   gather_facts: false
   roles:
-    - cluster_services
+    - workloads