Add the kubernetes role.

ansible/playbook.yaml

@@ -29,3 +29,4 @@
     - exfat
     - bhyve
     - media
+    - kubernetes

ansible/roles/kubernetes/files/decrypt_k8s_secret

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+kubectl get secret -o json "${@}" | jq '.data[] |= @base64d | .data'

ansible/roles/kubernetes/files/k

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+exec kubectl "$@"

ansible/roles/kubernetes/files/ka

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+exec kubectl "$@" --all-namespaces

ansible/roles/kubernetes/files/kd

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+export KUBECTL_EXTERNAL_DIFF="colordiff -N -u"
+exec kubectl diff "$@"

ansible/roles/kubernetes/files/kdel

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+exec kubectl delete --all "$@"

ansible/roles/kubernetes/files/klog

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+exec kubectl logs --all-containers "$@"

ansible/roles/kubernetes/files/ks

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+exec kubens "$@"

ansible/roles/kubernetes/files/kshell

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+: ${cpu:="500m"}
+: ${memory:="2Gi"}
+
+overrides=""
+if [ ! -z "${highmem:-}" ]; then
+    overrides=$(jq --compact-output '.' <<EOF
+{
+  "spec": {
+    "tolerations": [
+      {
+        "key": "dedicated",
+        "operator": "Equal",
+        "value": "background-highmem",
+        "effect": "NoSchedule"
+      }
+    ],
+    "nodeSelector": {"dedicated": "background-highmem"}
+  }
+}
+EOF
+)
+fi
+
+exec kubectl run --rm -i -t --image alpine:3.13 --overrides="$overrides" --requests "cpu=$cpu,memory=$memory" --limits "cpu=$cpu,memory=$memory" --pod-running-timeout 10m "tom-$(uuidgen | cut -d '-' -f 1)" -- /bin/sh "$@"

ansible/roles/kubernetes/files/kx

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+exec kubectx "$@"

ansible/roles/kubernetes/meta/main.yaml

@@ -0,0 +1,2 @@
+dependencies:
+  - build

ansible/roles/kubernetes/tasks/common.yaml

@@ -0,0 +1,53 @@
+- name: Install packages
+  package:
+    name:
+      - kubectl
+      - jq # for decrypt_k8s_secret
+      - helm
+      - sops # Encrypt secrets
+    state: present
+
+# TODO: Make a FreeBSD package for kubeswitch or kubectx
+# TODO: Make a FreeBSD package for stern
+
+- name: Install scripts
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0755
+    owner: root
+    group: wheel
+  loop:
+    - src: k
+      dest: /usr/local/bin/k
+    - src: ka
+      dest: /usr/local/bin/ka
+    - src: kd
+      dest: /usr/local/bin/kd
+    - src: kdel
+      dest: /usr/local/bin/kdel
+    - src: klog
+      dest: /usr/local/bin/klog
+    - src: ks
+      dest: /usr/local/bin/ks
+    - src: kshell
+      dest: /usr/local/bin/kshell
+    - src: kx
+      dest: /usr/local/bin/kx
+    - src: decrypt_k8s_secret
+      dest: /usr/local/bin/decrypt_k8s_secret
+
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'
+
+- include_tasks:
+    file: tasks/peruser.yaml
+    apply:
+      become: yes
+      become_user: "{{ initialize_user }}"
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
+  loop_control:
+    loop_var: initialize_user

ansible/roles/kubernetes/tasks/freebsd.yaml

@@ -0,0 +1,5 @@
+- name: Install packages
+  package:
+    name:
+      - py39-yamllint
+    state: present

ansible/roles/kubernetes/tasks/linux.yaml

@@ -0,0 +1,24 @@
+- name: Build aur packages
+  register: buildaur
+  become_user: "{{ build_user.name }}"
+  command: "aurutils-sync --no-view {{ item }}"
+  args:
+    creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
+  loop:
+    - kubeswitch
+
+- name: Update cache
+  when: buildaur.changed
+  pacman:
+    name: []
+    state: present
+    update_cache: true
+    
+- name: Install packages
+  package:
+    name:
+      - yamllint
+      - stern
+      - kubectx
+      - kubeswitch
+    state: present

ansible/roles/kubernetes/tasks/main.yaml

@@ -0,0 +1 @@
+- import_tasks: tasks/common.yaml

ansible/roles/kubernetes/tasks/peruser.yaml

@@ -0,0 +1,29 @@
+- include_role:
+    name: per_user
+
+# - name: Create directories
+#   file:
+#     name: "{{ account_homedir.stdout }}/{{ item }}"
+#     state: directory
+#     mode: 0700
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - ".config/foo"
+
+# - name: Copy files
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
+#     mode: 0600
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - src: foo.conf
+#       dest: .config/foo/foo.conf
+
+- import_tasks: tasks/peruser_freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/peruser_linux.yaml
+  when: 'os_flavor == "linux"'