Add Ansible playbook

Author: Martin Jackson

scripts/write-token-kubeconfig.yml

@@ -0,0 +1,90 @@
+#!env ansible-playbook
+---
+- name: Test k8s authentication methods
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  become: false
+  vars:
+    kubeconfig_file: '~/.kube/config'
+    k8s_host: '{{ lookup("env", "K8S_AUTH_HOST") }}'
+    k8s_validate_certs: '{{ lookup("env", "K8S_AUTH_VERIFY_SSL") | default(false) | bool }}'
+    k8s_username: '{{ lookup("env", "K8S_AUTH_USERNAME") | default("kubeconfig") }}'
+    k8s_password: '{{ lookup("env", "K8S_AUTH_PASSWORD") | default(omit) }}'
+    k8s_api_key: '{{ lookup("env", "K8S_AUTH_TOKEN") | default(omit) }}'
+    k8s_ca_cert_file: '{{ lookup("env", "K8S_AUTH_SSL_CA_CERT") | default(omit) }}'
+  tasks:
+    - name: Check for pre-existing kubeconfig
+      ansible.builtin.stat:
+        path: '{{ kubeconfig_file }}'
+      register: kubeconfig_stat
+
+    - name: Exit if kubeconfig found
+      ansible.builtin.fail:
+        msg: '{{ kubeconfig_file }} already exists! Exiting'
+      when: kubeconfig_stat.stat.exists
+
+    - name: Get namespaces to test parameters
+      kubernetes.core.k8s_info:
+        host: '{{ k8s_host }}'
+        validate_certs: '{{ k8s_validate_certs }}'
+        username: '{{ k8s_username }}'
+        api_key: '{{ k8s_api_key }}'
+        ca_cert: '{{ k8s_ca_cert_file | default(omit) }}'
+        kind: namespace
+      when: k8s_api_key
+
+    - name: Login explicitly
+      when: not k8s_api_key
+      block:
+        - name: Login explicitly to get token
+          kubernetes.core.k8s_auth:
+            host: '{{ k8s_host }}'
+            validate_certs: '{{ k8s_validate_certs }}'
+            username: '{{ k8s_username }}'
+            password: '{{ k8s_password }}'
+            ca_cert: '{{ k8s_ca_cert_file | default(omit) }}'
+          register: auth
+
+        - name: Set api_key
+          ansible.builtin.set_fact:
+            k8s_api_key: '{{ auth.openshift_auth.api_key }}'
+
+    - name: Update username if needed
+      ansible.builtin.set_fact:
+        config_k8s_username: 'kube:admin'
+      when: k8s_username == 'kubeadmin'
+
+    - name: Determine clustername
+      ansible.builtin.set_fact:
+        config_k8s_clustername: "{{ k8s_host | regex_replace('https://', '') | regex_replace('\\.', '-') }}"
+
+    - name: Write config file
+      ansible.builtin.copy:
+        content: |-
+          apiVersion: v1
+          clusters:
+            - cluster:
+          {% if k8s_validate_certs is false %}
+                insecure-skip-tls-verify: true
+          {% endif %}
+          {% if k8s_ca_cert_file -%}
+                certificate-authority-data: {{ lookup("file", k8s_ca_cert_file) | b64encode }}
+          {% endif %}
+                server: {{ k8s_host }}
+              name: {{ config_k8s_clustername }}
+          contexts:
+            - context:
+                cluster: {{ config_k8s_clustername }}
+                namespace: default
+                user: {{ config_k8s_username | default(k8s_username) }}/{{ config_k8s_clustername }}
+              name: default/{{ config_k8s_clustername }}/{{ config_k8s_username | default(k8s_username) }}
+          current-context: default/{{ config_k8s_clustername }}/{{ config_k8s_username | default(k8s_username) }}
+          kind: Config
+          preferences: {}
+          users:
+            - name: {{ config_k8s_username | default(k8s_username) }}/{{ config_k8s_clustername }}
+              user:
+                token: {{ k8s_api_key }}
+        dest: '{{ kubeconfig_file }}'
+        mode: '0640'