From f93f7eb4ece0163e1645e9bc5c5465f1b3b0273f Mon Sep 17 00:00:00 2001
From: Keith Suderman <suderman@jhu.edu>
Date: Thu, 2 Sep 2021 10:08:46 -0400
Subject: [PATCH 1/3] Ensure certificate is valid for public IP

---
 roles/rke/templates/rke2_config.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/rke/templates/rke2_config.j2 b/roles/rke/templates/rke2_config.j2
index 8c90161..ed83d6b 100644
--- a/roles/rke/templates/rke2_config.j2
+++ b/roles/rke/templates/rke2_config.j2
@@ -6,6 +6,7 @@ write-kubeconfig-mode: "0600"
 disable: rke2-ingress-nginx
 tls-san:
   - {{ cluster_hostname }}
+  - {{ ansible_ssh_host }}
 {% endif %}
 
 {% if not is_rke_registration_server %}

From beb31397833df66ab808195cc76365bc0640570b Mon Sep 17 00:00:00 2001
From: Keith Suderman <suderman@jhu.edu>
Date: Thu, 2 Sep 2021 13:33:46 -0400
Subject: [PATCH 2/3] Add playbook to download kubeconfig file

---
 fetch.yml | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 fetch.yml

diff --git a/fetch.yml b/fetch.yml
new file mode 100644
index 0000000..affda7a
--- /dev/null
+++ b/fetch.yml
@@ -0,0 +1,40 @@
+---
+# Playbook used to download a copy of the kubeconfig file from a RKE cluster.
+- name: Ensure outputs directory exists
+  hosts: localhost
+  vars:
+    output_directory: outputs
+  tasks:
+    - name: Create outputs directory
+      file:
+        path: "{{ outputs_directory }}"
+        state: directory
+
+- name: Patch and download the kubeconfig
+  hosts: controllers[0]
+  vars:
+    temp_file: /tmp/kubeconfig
+  tasks:
+    - name: Copy kubeconfig file for patching and download
+      copy:
+        src: /etc/rancher/rke2/rke2.yaml
+        dest: "{{ temp_file }}"
+        mode: 0600
+        remote_src: yes
+
+    - name: Patch the server address in the original kubeconfig
+      lineinfile:
+        path: "{{ temp_file }}"
+        regexp: 'server: https://127\.0\.0\.1:6443'
+        line: "    server: https://{{ ansible_ssh_host }}:6443"
+
+    - name: Download the kubeconfig
+      fetch:
+        src: "{{ temp_file }}"
+        dest: outputs/{{ ansible_hostname }}.kube.config
+        flat: yes
+
+    - name: Cleanup the temp file
+      file:
+        path: "{{ temp_file }}"
+        state: absent

From 582f71177e7a8e68d4a8102e718cb307c233e7fe Mon Sep 17 00:00:00 2001
From: Keith Suderman <suderman@jhu.edu>
Date: Thu, 2 Sep 2021 13:46:56 -0400
Subject: [PATCH 3/3] Use output_directory variable from localhost

---
 fetch.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fetch.yml b/fetch.yml
index affda7a..402f5fb 100644
--- a/fetch.yml
+++ b/fetch.yml
@@ -7,7 +7,7 @@
   tasks:
     - name: Create outputs directory
       file:
-        path: "{{ outputs_directory }}"
+        path: "{{ output_directory }}"
         state: directory
 
 - name: Patch and download the kubeconfig
@@ -31,7 +31,7 @@
     - name: Download the kubeconfig
       fetch:
         src: "{{ temp_file }}"
-        dest: outputs/{{ ansible_hostname }}.kube.config
+        dest: "{{ hostvars['localhost']['output_directory']}}/{{ ansible_hostname }}.kube.config"
         flat: yes
 
     - name: Cleanup the temp file