Google Git
Sign in
gerrit/zuul/ops/refs/heads/master^!/.
commit
c87b47d4a43a69a01b0f8c83636babf5ff70ccc8
[log]
author
James E. Blair <jim@acmegating.com>
Wed Jun 10 14:34:10 2026 -0700
committer
James E. Blair <jim@acmegating.com>
Wed Jun 10 14:39:48 2026 -0700
tree
0d4a17f9da711421cb7bdbefbbdab07845c5772e
parent
b594d10c6299d758b45e84511a230138701b9178 [diff]
Use custom kubeconfig file

This moves the kubeconfig file to a directory in the build work
dir so that it will not collide with zuul's kubeconfig and also
is not stored in the home directory (which Zuul is getting more
aggressive about cleaning up for security reasons).

Change-Id: If2fcdc52fda6506a939dc8c9ca522ea3473fb810

diff --git a/playbooks/checkers.yaml b/playbooks/checkers.yaml
index d3819dd..0b43a6e 100644
--- a/playbooks/checkers.yaml
+++ b/playbooks/checkers.yaml

@@ -1,13 +1,23 @@
+- name: Setup kubeconfig path vars
+  hosts: localhost
+  tasks:
+    - name: Set kubeconfig path fact
+      set_fact:
+        kubeconfig_dir: "{{ zuul.executor.work_root }}/.kube"
+    - name: Set kubeconfig path fact
+      set_fact:
+        kubeconfig_path: "{{ zuul.executor.work_root }}/.kube/config"
+
 - name: Update checkers
   gather_facts: false
   hosts: localhost
   environment:
-    KUBECONFIG: "{{ ansible_user_dir }}/.kube/config"
+    KUBECONFIG: "{{ kubeconfig_path }}"
   tasks:
     - name: Add scheduler to inventory
       add_host:
         name: 'zuul-scheduler-0'
-        ansible_kubectl_config: "{{ ansible_user_dir }}/.kube/config"
+        ansible_kubectl_config: "{{ kubeconfig_path }}"
         ansible_kubectl_namespace: zuul
         ansible_connection: kubectl
     - name: Load checker data

diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml
index 4172e37..f06df6b 100644
--- a/playbooks/deploy.yaml
+++ b/playbooks/deploy.yaml

@@ -1,18 +1,28 @@
+- name: Setup kubeconfig path vars
+  hosts: localhost
+  tasks:
+    - name: Set kubeconfig path fact
+      set_fact:
+        kubeconfig_dir: "{{ zuul.executor.work_root }}/.kube"
+    - name: Set kubeconfig path fact
+      set_fact:
+        kubeconfig_path: "{{ zuul.executor.work_root }}/.kube/config"
+
 - name: Deploy Zuul
   hosts: localhost
   environment:
-    KUBECONFIG: "{{ ansible_user_dir }}/.kube/config"
+    KUBECONFIG: "{{ kubeconfig_path }}"
   vars:
     root: "{{ (zuul.executor.work_root + '/' + zuul.project.src_dir) }}"
   tasks:
     - name: Make kube directory
       file:
-        path: "{{ ansible_user_dir }}/.kube"
+        path: "{{ kubeconfig_dir }}"
         state: directory
     - name: Write kube config
       template:
         src: kubecfg.yaml.j2
-        dest: "{{ ansible_user_dir }}/.kube/config"
+        dest: "{{ kubeconfig_path }}"
       # Set no_log because we are templating in the token
       no_log: true
 
@@ -128,7 +138,7 @@
         - name: Add scheduler to inventory
           add_host:
             name: 'zuul-scheduler-0'
-            ansible_kubectl_config: "{{ ansible_user_dir }}/.kube/config"
+            ansible_kubectl_config: "{{ kubeconfig_path }}"
             ansible_kubectl_namespace: zuul
             ansible_connection: kubectl
         - name: Wait until remote Zuul config is updated