From 80083ff0cc6be04350b420f08f9506633941bff5 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Thu, 1 Dec 2022 23:38:21 -0500
Subject: [PATCH] Add the kubernetes role.

---
 ansible/playbook.yaml                         |  1 +
 .../roles/kubernetes/files/decrypt_k8s_secret |  7 +++
 ansible/roles/kubernetes/files/k              |  7 +++
 ansible/roles/kubernetes/files/ka             |  7 +++
 ansible/roles/kubernetes/files/kd             |  8 +++
 ansible/roles/kubernetes/files/kdel           |  7 +++
 ansible/roles/kubernetes/files/klog           |  7 +++
 ansible/roles/kubernetes/files/ks             |  7 +++
 ansible/roles/kubernetes/files/kshell         | 30 +++++++++++
 ansible/roles/kubernetes/files/kx             |  7 +++
 ansible/roles/kubernetes/meta/main.yaml       |  2 +
 ansible/roles/kubernetes/tasks/common.yaml    | 53 +++++++++++++++++++
 ansible/roles/kubernetes/tasks/freebsd.yaml   |  5 ++
 ansible/roles/kubernetes/tasks/linux.yaml     | 24 +++++++++
 ansible/roles/kubernetes/tasks/main.yaml      |  1 +
 ansible/roles/kubernetes/tasks/peruser.yaml   | 29 ++++++++++
 .../kubernetes/tasks/peruser_freebsd.yaml     |  0
 .../roles/kubernetes/tasks/peruser_linux.yaml |  0
 18 files changed, 202 insertions(+)
 create mode 100644 ansible/roles/kubernetes/files/decrypt_k8s_secret
 create mode 100644 ansible/roles/kubernetes/files/k
 create mode 100644 ansible/roles/kubernetes/files/ka
 create mode 100644 ansible/roles/kubernetes/files/kd
 create mode 100644 ansible/roles/kubernetes/files/kdel
 create mode 100644 ansible/roles/kubernetes/files/klog
 create mode 100644 ansible/roles/kubernetes/files/ks
 create mode 100644 ansible/roles/kubernetes/files/kshell
 create mode 100644 ansible/roles/kubernetes/files/kx
 create mode 100644 ansible/roles/kubernetes/meta/main.yaml
 create mode 100644 ansible/roles/kubernetes/tasks/common.yaml
 create mode 100644 ansible/roles/kubernetes/tasks/freebsd.yaml
 create mode 100644 ansible/roles/kubernetes/tasks/linux.yaml
 create mode 100644 ansible/roles/kubernetes/tasks/main.yaml
 create mode 100644 ansible/roles/kubernetes/tasks/peruser.yaml
 create mode 100644 ansible/roles/kubernetes/tasks/peruser_freebsd.yaml
 create mode 100644 ansible/roles/kubernetes/tasks/peruser_linux.yaml

diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml
index dab11b0..148ef8f 100644
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@@ -29,3 +29,4 @@
     - exfat
     - bhyve
     - media
+    - kubernetes
diff --git a/ansible/roles/kubernetes/files/decrypt_k8s_secret b/ansible/roles/kubernetes/files/decrypt_k8s_secret
new file mode 100644
index 0000000..6f4ee87
--- /dev/null
+++ b/ansible/roles/kubernetes/files/decrypt_k8s_secret
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+kubectl get secret -o json "${@}" | jq '.data[] |= @base64d | .data'
diff --git a/ansible/roles/kubernetes/files/k b/ansible/roles/kubernetes/files/k
new file mode 100644
index 0000000..aad189d
--- /dev/null
+++ b/ansible/roles/kubernetes/files/k
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+exec kubectl "$@"
diff --git a/ansible/roles/kubernetes/files/ka b/ansible/roles/kubernetes/files/ka
new file mode 100644
index 0000000..4ba9c83
--- /dev/null
+++ b/ansible/roles/kubernetes/files/ka
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+exec kubectl "$@" --all-namespaces
diff --git a/ansible/roles/kubernetes/files/kd b/ansible/roles/kubernetes/files/kd
new file mode 100644
index 0000000..255a8df
--- /dev/null
+++ b/ansible/roles/kubernetes/files/kd
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+export KUBECTL_EXTERNAL_DIFF="colordiff -N -u"
+exec kubectl diff "$@"
diff --git a/ansible/roles/kubernetes/files/kdel b/ansible/roles/kubernetes/files/kdel
new file mode 100644
index 0000000..df81a13
--- /dev/null
+++ b/ansible/roles/kubernetes/files/kdel
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+exec kubectl delete --all "$@"
diff --git a/ansible/roles/kubernetes/files/klog b/ansible/roles/kubernetes/files/klog
new file mode 100644
index 0000000..6a7225c
--- /dev/null
+++ b/ansible/roles/kubernetes/files/klog
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+exec kubectl logs --all-containers "$@"
diff --git a/ansible/roles/kubernetes/files/ks b/ansible/roles/kubernetes/files/ks
new file mode 100644
index 0000000..d612667
--- /dev/null
+++ b/ansible/roles/kubernetes/files/ks
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+exec kubens "$@"
diff --git a/ansible/roles/kubernetes/files/kshell b/ansible/roles/kubernetes/files/kshell
new file mode 100644
index 0000000..3326de5
--- /dev/null
+++ b/ansible/roles/kubernetes/files/kshell
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+: ${cpu:="500m"}
+: ${memory:="2Gi"}
+
+overrides=""
+if [ ! -z "${highmem:-}" ]; then
+    overrides=$(jq --compact-output '.' <<EOF
+{
+  "spec": {
+    "tolerations": [
+      {
+        "key": "dedicated",
+        "operator": "Equal",
+        "value": "background-highmem",
+        "effect": "NoSchedule"
+      }
+    ],
+    "nodeSelector": {"dedicated": "background-highmem"}
+  }
+}
+EOF
+)
+fi
+
+exec kubectl run --rm -i -t --image alpine:3.13 --overrides="$overrides" --requests "cpu=$cpu,memory=$memory" --limits "cpu=$cpu,memory=$memory" --pod-running-timeout 10m "tom-$(uuidgen | cut -d '-' -f 1)" -- /bin/sh "$@"
diff --git a/ansible/roles/kubernetes/files/kx b/ansible/roles/kubernetes/files/kx
new file mode 100644
index 0000000..d22a01c
--- /dev/null
+++ b/ansible/roles/kubernetes/files/kx
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+exec kubectx "$@"
diff --git a/ansible/roles/kubernetes/meta/main.yaml b/ansible/roles/kubernetes/meta/main.yaml
new file mode 100644
index 0000000..1674b55
--- /dev/null
+++ b/ansible/roles/kubernetes/meta/main.yaml
@@ -0,0 +1,2 @@
+dependencies:
+  - build
diff --git a/ansible/roles/kubernetes/tasks/common.yaml b/ansible/roles/kubernetes/tasks/common.yaml
new file mode 100644
index 0000000..63a3576
--- /dev/null
+++ b/ansible/roles/kubernetes/tasks/common.yaml
@@ -0,0 +1,53 @@
+- name: Install packages
+  package:
+    name:
+      - kubectl
+      - jq # for decrypt_k8s_secret
+      - helm
+      - sops # Encrypt secrets
+    state: present
+
+# TODO: Make a FreeBSD package for kubeswitch or kubectx
+# TODO: Make a FreeBSD package for stern
+
+- name: Install scripts
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0755
+    owner: root
+    group: wheel
+  loop:
+    - src: k
+      dest: /usr/local/bin/k
+    - src: ka
+      dest: /usr/local/bin/ka
+    - src: kd
+      dest: /usr/local/bin/kd
+    - src: kdel
+      dest: /usr/local/bin/kdel
+    - src: klog
+      dest: /usr/local/bin/klog
+    - src: ks
+      dest: /usr/local/bin/ks
+    - src: kshell
+      dest: /usr/local/bin/kshell
+    - src: kx
+      dest: /usr/local/bin/kx
+    - src: decrypt_k8s_secret
+      dest: /usr/local/bin/decrypt_k8s_secret
+
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'
+
+- include_tasks:
+    file: tasks/peruser.yaml
+    apply:
+      become: yes
+      become_user: "{{ initialize_user }}"
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
+  loop_control:
+    loop_var: initialize_user
diff --git a/ansible/roles/kubernetes/tasks/freebsd.yaml b/ansible/roles/kubernetes/tasks/freebsd.yaml
new file mode 100644
index 0000000..b9ab790
--- /dev/null
+++ b/ansible/roles/kubernetes/tasks/freebsd.yaml
@@ -0,0 +1,5 @@
+- name: Install packages
+  package:
+    name:
+      - py39-yamllint
+    state: present
diff --git a/ansible/roles/kubernetes/tasks/linux.yaml b/ansible/roles/kubernetes/tasks/linux.yaml
new file mode 100644
index 0000000..c9f0cbb
--- /dev/null
+++ b/ansible/roles/kubernetes/tasks/linux.yaml
@@ -0,0 +1,24 @@
+- name: Build aur packages
+  register: buildaur
+  become_user: "{{ build_user.name }}"
+  command: "aurutils-sync --no-view {{ item }}"
+  args:
+    creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
+  loop:
+    - kubeswitch
+
+- name: Update cache
+  when: buildaur.changed
+  pacman:
+    name: []
+    state: present
+    update_cache: true
+    
+- name: Install packages
+  package:
+    name:
+      - yamllint
+      - stern
+      - kubectx
+      - kubeswitch
+    state: present
diff --git a/ansible/roles/kubernetes/tasks/main.yaml b/ansible/roles/kubernetes/tasks/main.yaml
new file mode 100644
index 0000000..5c1df6c
--- /dev/null
+++ b/ansible/roles/kubernetes/tasks/main.yaml
@@ -0,0 +1 @@
+- import_tasks: tasks/common.yaml
diff --git a/ansible/roles/kubernetes/tasks/peruser.yaml b/ansible/roles/kubernetes/tasks/peruser.yaml
new file mode 100644
index 0000000..111e886
--- /dev/null
+++ b/ansible/roles/kubernetes/tasks/peruser.yaml
@@ -0,0 +1,29 @@
+- include_role:
+    name: per_user
+
+# - name: Create directories
+#   file:
+#     name: "{{ account_homedir.stdout }}/{{ item }}"
+#     state: directory
+#     mode: 0700
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - ".config/foo"
+
+# - name: Copy files
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
+#     mode: 0600
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - src: foo.conf
+#       dest: .config/foo/foo.conf
+
+- import_tasks: tasks/peruser_freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/peruser_linux.yaml
+  when: 'os_flavor == "linux"'
diff --git a/ansible/roles/kubernetes/tasks/peruser_freebsd.yaml b/ansible/roles/kubernetes/tasks/peruser_freebsd.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/kubernetes/tasks/peruser_linux.yaml b/ansible/roles/kubernetes/tasks/peruser_linux.yaml
new file mode 100644
index 0000000..e69de29