From d5b91828a3e259931fe83f4bbaabf859b1ddab1f Mon Sep 17 00:00:00 2001 From: Srishti Jaiswal <96656007+Srishti-j18@users.noreply.github.com> Date: Thu, 12 Feb 2026 15:16:01 +0530 Subject: [PATCH] Use kubeam kubeconfig user instead of generating a kubeconfig with Ansible (#12958) --- roles/kubernetes/client/tasks/main.yml | 55 ++++++++++++-------------- 1 file changed, 26 insertions(+), 29 deletions(-) diff --git a/roles/kubernetes/client/tasks/main.yml b/roles/kubernetes/client/tasks/main.yml index bb0786d1a..296dfab04 100644 --- a/roles/kubernetes/client/tasks/main.yml +++ b/roles/kubernetes/client/tasks/main.yml @@ -26,11 +26,21 @@ mode: "0700" state: directory -- name: Copy admin kubeconfig to current/ansible become user home +- name: Generate admin kubeconfig using kubeadm + command: >- + {{ bin_dir }}/kubeadm kubeconfig user + --client-name=kubernetes-admin + --org=system:masters + --config {{ kube_config_dir }}/kubeadm-config.yaml + register: kubeadm_admin_kubeconfig + changed_when: false + run_once: true + delegate_to: "{{ groups['kube_control_plane'][0] }}" + +- name: Write admin kubeconfig to current/ansible become user home copy: - src: "{{ kube_config_dir }}/admin.conf" + content: "{{ kubeadm_admin_kubeconfig.stdout }}" dest: "{{ ansible_env.HOME | default('/root') }}/.kube/config" - remote_src: true mode: "0600" backup: true @@ -51,36 +61,23 @@ port: "{{ kube_apiserver_port }}" timeout: 180 -- name: Get admin kubeconfig from remote host - slurp: - src: "{{ kube_config_dir }}/admin.conf" - run_once: true - register: raw_admin_kubeconfig - when: kubeconfig_localhost - -- name: Convert kubeconfig to YAML - set_fact: - admin_kubeconfig: "{{ raw_admin_kubeconfig.content | b64decode | from_yaml }}" - when: kubeconfig_localhost - -- name: Override username in kubeconfig - set_fact: - final_admin_kubeconfig: "{{ admin_kubeconfig | combine(override_cluster_name, recursive=true) | combine(override_context, recursive=true) | combine(override_user, recursive=true) }}" - vars: - cluster_infos: "{{ admin_kubeconfig['clusters'][0]['cluster'] }}" - user_certs: "{{ admin_kubeconfig['users'][0]['user'] }}" - username: "kubernetes-admin-{{ cluster_name }}" - context: "kubernetes-admin-{{ cluster_name }}@{{ cluster_name }}" - override_cluster_name: "{{ {'clusters': [{'cluster': (cluster_infos | combine({'server': 'https://' + (external_apiserver_address | ansible.utils.ipwrap) + ':' + (external_apiserver_port | string)})), 'name': cluster_name}]} }}" - override_context: "{{ {'contexts': [{'context': {'user': username, 'cluster': cluster_name}, 'name': context}], 'current-context': context} }}" - override_user: "{{ {'users': [{'name': username, 'user': user_certs}]} }}" - when: kubeconfig_localhost - - name: Write admin kubeconfig on ansible host copy: - content: "{{ final_admin_kubeconfig | to_nice_yaml(indent=2) }}" + content: "{{ kubeadm_admin_kubeconfig.stdout | from_yaml | combine(override, recursive=true) | to_nice_yaml(indent=2) }}" dest: "{{ artifacts_dir }}/admin.conf" mode: "0600" + vars: + admin_kubeconfig: "{{ kubeadm_admin_kubeconfig.stdout | from_yaml }}" + username: "kubernetes-admin-{{ cluster_name }}" + context: "kubernetes-admin-{{ cluster_name }}@{{ cluster_name }}" + override: + clusters: + - "{{ admin_kubeconfig['clusters'][0] | combine({'name': cluster_name, 'cluster': admin_kubeconfig['clusters'][0]['cluster'] | combine({'server': 'https://' + (external_apiserver_address | ansible.utils.ipwrap) + ':' + (external_apiserver_port | string)})}, recursive=true) }}" + contexts: + - "{{ admin_kubeconfig['contexts'][0] | combine({'name': context, 'context': admin_kubeconfig['contexts'][0]['context'] | combine({'user': username, 'cluster': cluster_name})}, recursive=true) }}" + current-context: "{{ context }}" + users: + - "{{ admin_kubeconfig['users'][0] | combine({'name': username}, recursive=true) }}" delegate_to: localhost connection: local become: false