Template out known_users.csv, optionally add groups
This commit is contained in:
parent
637f445c3f
commit
d1f58fed4c
3 changed files with 8 additions and 4 deletions
|
@ -39,6 +39,7 @@ kube_cert_group: kube-cert
|
||||||
kube_log_level: 2
|
kube_log_level: 2
|
||||||
|
|
||||||
# Users to create for basic auth in Kubernetes API via HTTP
|
# Users to create for basic auth in Kubernetes API via HTTP
|
||||||
|
# Optionally add groups for user
|
||||||
kube_api_pwd: "changeme"
|
kube_api_pwd: "changeme"
|
||||||
kube_users:
|
kube_users:
|
||||||
kube:
|
kube:
|
||||||
|
@ -47,6 +48,8 @@ kube_users:
|
||||||
root:
|
root:
|
||||||
pass: "{{kube_api_pwd}}"
|
pass: "{{kube_api_pwd}}"
|
||||||
role: admin
|
role: admin
|
||||||
|
# groups:
|
||||||
|
# - system:masters
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -27,12 +27,10 @@
|
||||||
group: "{{ kube_cert_group }}"
|
group: "{{ kube_cert_group }}"
|
||||||
|
|
||||||
- name: Populate users for basic auth in API
|
- name: Populate users for basic auth in API
|
||||||
lineinfile:
|
template:
|
||||||
|
src: known_users.csv.j2
|
||||||
dest: "{{ kube_users_dir }}/known_users.csv"
|
dest: "{{ kube_users_dir }}/known_users.csv"
|
||||||
create: yes
|
|
||||||
line: '{{ item.value.pass }},{{ item.key }},{{ item.value.role }}'
|
|
||||||
backup: yes
|
backup: yes
|
||||||
with_dict: "{{ kube_users }}"
|
|
||||||
when: inventory_hostname in "{{ groups['kube-master'] }}" and kube_basic_auth|default(true)
|
when: inventory_hostname in "{{ groups['kube-master'] }}" and kube_basic_auth|default(true)
|
||||||
notify: set secret_changed
|
notify: set secret_changed
|
||||||
|
|
||||||
|
|
3
roles/kubernetes/secrets/templates/known_users.csv.j2
Normal file
3
roles/kubernetes/secrets/templates/known_users.csv.j2
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
{% for user in kube_users %}
|
||||||
|
{{kube_users[user].pass}},{{user}},{{kube_users[user].role}}{% if kube_users[user].groups is defined %},{% set groups_csv = kube_users[user].groups|join(',') -%}"{{groups_csv}}"{% endif %}
|
||||||
|
{% endfor %}
|
Loading…
Reference in a new issue