From f1422c76e24a9670b9f338c9c24178891c9ff5f1 Mon Sep 17 00:00:00 2001 From: Louis Tu <92532497+tu1h@users.noreply.github.com> Date: Tue, 31 Oct 2023 00:23:19 +0800 Subject: [PATCH] Add kubectl alias support (#10552) Signed-off-by: tu1h --- docs/vars.md | 1 + .../control-plane/defaults/main/main.yml | 3 +++ roles/kubernetes/control-plane/tasks/main.yml | 20 +++++++++++++++++++ 3 files changed, 24 insertions(+) diff --git a/docs/vars.md b/docs/vars.md index 3431d519499..36dd3621da9 100644 --- a/docs/vars.md +++ b/docs/vars.md @@ -271,6 +271,7 @@ node_taints: * `audit_webhook_mode`: batch * `audit_webhook_batch_max_size`: 100 * `audit_webhook_batch_max_wait`: 1s +* *kubectl_alias* - Bash alias of kubectl to interact with Kubernetes cluster much easier. ### Custom flags for Kube Components diff --git a/roles/kubernetes/control-plane/defaults/main/main.yml b/roles/kubernetes/control-plane/defaults/main/main.yml index 2a9eda14a51..4a9800a6503 100644 --- a/roles/kubernetes/control-plane/defaults/main/main.yml +++ b/roles/kubernetes/control-plane/defaults/main/main.yml @@ -228,3 +228,6 @@ auto_renew_certificates_systemd_calendar: "{{ 'Mon *-*-1,2,3,4,5,6,7 03:' ~ # If we have requirement like without renewing certs upgrade the cluster, # we can opt out from the default behavior by setting kubeadm_upgrade_auto_cert_renewal to false kubeadm_upgrade_auto_cert_renewal: true + +# Bash alias of kubectl to interact with Kubernetes cluster much easier +# kubectl_alias: k diff --git a/roles/kubernetes/control-plane/tasks/main.yml b/roles/kubernetes/control-plane/tasks/main.yml index 4f251a89bad..8f57a04b41e 100644 --- a/roles/kubernetes/control-plane/tasks/main.yml +++ b/roles/kubernetes/control-plane/tasks/main.yml @@ -60,6 +60,26 @@ - upgrade ignore_errors: true # noqa ignore-errors +- name: Set bash alias for kubectl + blockinfile: + path: /etc/bash_completion.d/kubectl.sh + block: |- + alias {{ kubectl_alias }}=kubectl + if [[ $(type -t compopt) = "builtin" ]]; then + complete -o default -F __start_kubectl {{ kubectl_alias }} + else + complete -o default -o nospace -F __start_kubectl {{ kubectl_alias }} + fi + state: present + marker: "# Ansible entries {mark}" + when: + - ansible_os_family in ["Debian","RedHat"] + - kubectl_alias is defined and kubectl_alias != "" + tags: + - kubectl + - upgrade + ignore_errors: true # noqa ignore-errors + - name: Disable SecurityContextDeny admission-controller and enable PodSecurityPolicy set_fact: kube_apiserver_enable_admission_plugins: "{{ kube_apiserver_enable_admission_plugins | difference(['SecurityContextDeny']) | union(['PodSecurityPolicy']) | unique }}"