add setup non-root kubeconfig
This commit is contained in:
parent
8ceb8fa23a
commit
45336082e2
@ -51,9 +51,6 @@
|
|||||||
msg: "{{ item.stdout_lines }}"
|
msg: "{{ item.stdout_lines }}"
|
||||||
loop: "{{ script_output.results }}"
|
loop: "{{ script_output.results }}"
|
||||||
|
|
||||||
- name: Add Kubeconfig to User
|
|
||||||
shell: "rm -rf /home/ubuntu/.kube/config && mkdir -p /home/ubuntu/.kube/ && cp /etc/kubernetes/adminf.conf /home/ubuntu/.kube/config"
|
|
||||||
|
|
||||||
- name: Clean up temporary directory
|
- name: Clean up temporary directory
|
||||||
file:
|
file:
|
||||||
path: /tmp/downloaded_scripts
|
path: /tmp/downloaded_scripts
|
||||||
|
|||||||
@ -57,6 +57,40 @@ echo "Provision Kubernetes With IP $VM_IP"
|
|||||||
KUBEVERSION="1.32.3-1.1"
|
KUBEVERSION="1.32.3-1.1"
|
||||||
HELMVERSION="3.14.2"
|
HELMVERSION="3.14.2"
|
||||||
|
|
||||||
|
setup_kube_config() {
|
||||||
|
# Source admin.conf location
|
||||||
|
local admin_conf=${1:-"/etc/kubernetes/admin.conf"}
|
||||||
|
|
||||||
|
# Check if admin.conf exists
|
||||||
|
if [ ! -f "$admin_conf" ]; then
|
||||||
|
echo "Error: Admin config file not found at $admin_conf" >&2
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Ensure running as root
|
||||||
|
if [ "$(id -u)" -ne 0 ]; then
|
||||||
|
echo "Error: This function must be run as root" >&2
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Process regular users (UID >= 1000)
|
||||||
|
while IFS=: read -r username _ uid _ _ home_dir _; do
|
||||||
|
if [ "$uid" -ge 1000 ] && [ -d "$home_dir" ] && [ "$home_dir" != "/nonexistent" ]; then
|
||||||
|
# Create .kube directory if needed
|
||||||
|
local kube_dir="$home_dir/.kube"
|
||||||
|
local kube_config="$kube_dir/config"
|
||||||
|
|
||||||
|
echo "Setting up Kubernetes config for user: $username"
|
||||||
|
mkdir -p "$kube_dir" || true
|
||||||
|
cp -f "$admin_conf" "$kube_config"
|
||||||
|
chown -R "$username":"$username" "$kube_dir"
|
||||||
|
chmod 600 "$kube_config"
|
||||||
|
fi
|
||||||
|
done </etc/passwd
|
||||||
|
|
||||||
|
echo "Kubernetes config setup completed for all regular users."
|
||||||
|
}
|
||||||
|
|
||||||
command_exists() {
|
command_exists() {
|
||||||
command -v "$1" >/dev/null 2>&1
|
command -v "$1" >/dev/null 2>&1
|
||||||
}
|
}
|
||||||
@ -290,6 +324,7 @@ kubeadm init --apiserver-advertise-address=${VM_IP} --pod-network-cidr=10.244.0.
|
|||||||
mkdir -p $HOME/.kube
|
mkdir -p $HOME/.kube
|
||||||
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
|
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
|
||||||
chown $(id -u):$(id -g) $HOME/.kube/config
|
chown $(id -u):$(id -g) $HOME/.kube/config
|
||||||
|
|
||||||
export KUBECONFIG=/etc/kubernetes/admin.conf
|
export KUBECONFIG=/etc/kubernetes/admin.conf
|
||||||
|
|
||||||
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
|
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
|
||||||
@ -306,3 +341,6 @@ echo "**************************************************************************
|
|||||||
kubectl get pods -A
|
kubectl get pods -A
|
||||||
|
|
||||||
echo "***************************************************************************************************************"
|
echo "***************************************************************************************************************"
|
||||||
|
|
||||||
|
# Distribute kubeconfig among non-root users
|
||||||
|
setup_kube_config
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user