[MediaWiki-commits] [Gerrit] operations/puppet[production]: Add k8s::kubeconfig define

Thu, 16 Nov 2017 07:11:17 -0800 

Alexandros Kosiaris has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391804 )

Change subject: Add k8s::kubeconfig define
......................................................................


Add k8s::kubeconfig define

Add a simple define that allows to specify a kubeconfig file. It will
prove useful for splitting the kubeconfig files used by the various
kubernetes components in the future for the purposes of fully utilizing
RBAC. Modify the k8s::infrastructure_config class to use that define to
specify the config

Bug: T177393
Change-Id: Ic5600cc6bf63adb4cda5bce2bc981b5f07fa1411
---
M modules/k8s/manifests/infrastructure_config.pp
A modules/k8s/manifests/kubeconfig.pp
M modules/k8s/templates/kubeconfig-client.yaml.erb
3 files changed, 19 insertions(+), 8 deletions(-)

Approvals:
  Alexandros Kosiaris: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/k8s/manifests/infrastructure_config.pp 
b/modules/k8s/manifests/infrastructure_config.pp
index 694ae33..8c54a7b 100644
--- a/modules/k8s/manifests/infrastructure_config.pp
+++ b/modules/k8s/manifests/infrastructure_config.pp
@@ -10,12 +10,9 @@
     }
 
     $users = hiera('k8s_infrastructure_users')
-    file { '/etc/kubernetes/kubeconfig':
-        ensure  => present,
-        content => template('k8s/kubeconfig-client.yaml.erb'),
-        owner   => 'root',
-        group   => 'root',
-        mode    => '0400',
-        require => File['/etc/kubernetes'],
+    k8s::kubeconfig { '/etc/kubernetes/kubeconfig':
+        master_host => $master_host,
+        username    => $username,
+        token       => $users[$username]['token'],
     }
 }
diff --git a/modules/k8s/manifests/kubeconfig.pp 
b/modules/k8s/manifests/kubeconfig.pp
new file mode 100644
index 0000000..b5d1b6e
--- /dev/null
+++ b/modules/k8s/manifests/kubeconfig.pp
@@ -0,0 +1,14 @@
+define k8s::kubeconfig(
+    $master_host,
+    $username,
+    $token,
+) {
+    file { $title:
+        ensure  => present,
+        content => template('k8s/kubeconfig-client.yaml.erb'),
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0400',
+        require => File['/etc/kubernetes'],
+    }
+}
diff --git a/modules/k8s/templates/kubeconfig-client.yaml.erb 
b/modules/k8s/templates/kubeconfig-client.yaml.erb
index e10bcdd..5a1cbbd 100644
--- a/modules/k8s/templates/kubeconfig-client.yaml.erb
+++ b/modules/k8s/templates/kubeconfig-client.yaml.erb
@@ -14,4 +14,4 @@
 users:
   - name: <%= @username %>
     user:
-      token: <%= @users[@username]['token'] %>
+      token: <%= @token %>

-- 
To view, visit https://gerrit.wikimedia.org/r/391804
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ic5600cc6bf63adb4cda5bce2bc981b5f07fa1411
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Gehel <guillaume.leder...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to