From 054f7bf07bccbcffa514c16fcdcf6980487e4056 Mon Sep 17 00:00:00 2001 From: Srishti Jaiswal <96656007+Srishti-j18@users.noreply.github.com> Date: Thu, 12 Feb 2026 22:08:01 +0530 Subject: [PATCH] use admin.conf for local kubeconfig (#12997) --- roles/kubernetes/client/tasks/main.yml | 66 +++++++++++++------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/roles/kubernetes/client/tasks/main.yml b/roles/kubernetes/client/tasks/main.yml index a6daf2494..d821d9514 100644 --- a/roles/kubernetes/client/tasks/main.yml +++ b/roles/kubernetes/client/tasks/main.yml @@ -26,21 +26,11 @@ mode: "0700" state: directory -- name: Generate admin kubeconfig using kubeadm - command: >- - {{ bin_dir }}/kubeadm kubeconfig user - --client-name=kubernetes-admin - --org=kubeadm:cluster-admins - --config {{ kube_config_dir }}/kubeadm-config.yaml - register: kubeadm_admin_kubeconfig - changed_when: false - run_once: true - delegate_to: "{{ groups['kube_control_plane'][0] }}" - - name: Write admin kubeconfig to current/ansible become user home copy: - content: "{{ kubeadm_admin_kubeconfig.stdout }}" + src: "{{ kube_config_dir }}/admin.conf" dest: "{{ ansible_env.HOME | default('/root') }}/.kube/config" + remote_src: true mode: "0600" backup: true @@ -61,28 +51,38 @@ port: "{{ kube_apiserver_port }}" timeout: 180 -- name: Write admin kubeconfig on ansible host - copy: - content: "{{ kubeadm_admin_kubeconfig.stdout | from_yaml | combine(override, recursive=true) | to_nice_yaml(indent=2) }}" - dest: "{{ artifacts_dir }}/admin.conf" - mode: "0600" - vars: - admin_kubeconfig: "{{ kubeadm_admin_kubeconfig.stdout | from_yaml }}" - username: "kubernetes-admin-{{ cluster_name }}" - context: "kubernetes-admin-{{ cluster_name }}@{{ cluster_name }}" - override: - clusters: - - "{{ admin_kubeconfig['clusters'][0] | combine({'name': cluster_name, 'cluster': admin_kubeconfig['clusters'][0]['cluster'] | combine({'server': 'https://' + (external_apiserver_address | ansible.utils.ipwrap) + ':' + (external_apiserver_port | string)})}, recursive=true) }}" - contexts: - - "{{ admin_kubeconfig['contexts'][0] | combine({'name': context, 'context': admin_kubeconfig['contexts'][0]['context'] | combine({'user': username, 'cluster': cluster_name})}, recursive=true) }}" - current-context: "{{ context }}" - users: - - "{{ admin_kubeconfig['users'][0] | combine({'name': username}, recursive=true) }}" - delegate_to: localhost - connection: local - become: false - run_once: true +- name: Create kubeconfig localhost artifacts when: kubeconfig_localhost + block: + - name: Generate admin kubeconfig using kubeadm + command: >- + {{ bin_dir }}/kubeadm kubeconfig user + --client-name=kubernetes-admin-{{ cluster_name }} + --org=kubeadm:cluster-admins + --config {{ kube_config_dir }}/kubeadm-config.yaml + register: kubeadm_admin_kubeconfig + changed_when: false + run_once: true + delegate_to: "{{ groups['kube_control_plane'][0] }}" + + - name: Write admin kubeconfig on ansible host + copy: + content: "{{ kubeadm_admin_kubeconfig.stdout | from_yaml | combine(override, recursive=true) | to_nice_yaml(indent=2) }}" + dest: "{{ artifacts_dir }}/admin.conf" + mode: "0600" + vars: + admin_kubeconfig: "{{ kubeadm_admin_kubeconfig.stdout | from_yaml }}" + context: "kubernetes-admin-{{ cluster_name }}@{{ cluster_name }}" + override: + clusters: + - "{{ admin_kubeconfig['clusters'][0] | combine({'name': cluster_name, 'cluster': admin_kubeconfig['clusters'][0]['cluster'] | combine({'server': 'https://' + (external_apiserver_address | ansible.utils.ipwrap) + ':' + (external_apiserver_port | string)})}, recursive=true) }}" + contexts: + - "{{ admin_kubeconfig['contexts'][0] | combine({'name': context, 'context': admin_kubeconfig['contexts'][0]['context'] | combine({'cluster': cluster_name})}, recursive=true) }}" + current-context: "{{ context }}" + delegate_to: localhost + connection: local + become: false + run_once: true - name: Copy kubectl binary to ansible host fetch: