shift priviledge escalation away from the execution environment
This commit is contained in:
parent
4fcb767d1f
commit
ae2ce25e24
@ -1,11 +1,11 @@
|
|||||||
---
|
---
|
||||||
- name: adds the kubernetes repo and installs kubectl
|
- name: adds the kubernetes repo and installs kubectl
|
||||||
hosts: localhost
|
hosts: all
|
||||||
become: true
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: update apt cache
|
- name: update apt cache
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
become: true
|
||||||
|
|
||||||
- name: install core pre-reqs
|
- name: install core pre-reqs
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
@ -14,28 +14,33 @@
|
|||||||
- ca-certificates
|
- ca-certificates
|
||||||
- curl
|
- curl
|
||||||
- gnupg
|
- gnupg
|
||||||
|
become: true
|
||||||
|
|
||||||
- name: check to see if gpg key exists
|
- name: check to see if gpg key exists
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
|
path: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
|
||||||
register: st
|
register: st
|
||||||
|
become: true
|
||||||
|
|
||||||
- name: download the key and install it
|
- name: download the key and install it
|
||||||
ansible.builtin.shell: |
|
ansible.builtin.shell: |
|
||||||
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
|
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
|
||||||
sudo chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg # allow unprivileged APT programs to read this keyring
|
sudo chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg # allow unprivileged APT programs to read this keyring
|
||||||
when: st.stat.exists != true
|
when: st.stat.exists != true
|
||||||
|
become: true
|
||||||
|
|
||||||
- name: add the kubernetes apt repository
|
- name: add the kubernetes apt repository
|
||||||
ansible.builtin.apt_repository:
|
ansible.builtin.apt_repository:
|
||||||
repo: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /"
|
repo: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /"
|
||||||
state: present
|
state: present
|
||||||
filename: kubernetes.list
|
filename: kubernetes.list
|
||||||
|
become: true
|
||||||
|
|
||||||
- name: update apt cache and install kubectl
|
- name: update apt cache and install kubectl
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name: kubectl
|
name: kubectl
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
become: true
|
||||||
|
|
||||||
|
|
||||||
- name: does argocd exists
|
- name: does argocd exists
|
||||||
@ -49,4 +54,4 @@
|
|||||||
sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
|
sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
|
||||||
rm argocd-linux-amd64
|
rm argocd-linux-amd64
|
||||||
when: st.stat.exists != true
|
when: st.stat.exists != true
|
||||||
|
become: true
|
||||||
|
Loading…
Reference in New Issue
Block a user