mirror of
https://github.com/ansible-collections/kubernetes.core.git
synced 2026-05-06 21:12:37 +00:00
helm: add support for the K8S_ envvars (#319)
Add support for: - K8S_AUTH_HOST - K8S_AUTH_API_KEY - K8S_AUTH_VERIFY_SSL - K8S_AUTH_SSL_CA_CERT This commit also refactor the way we pass K8S related configuration to `helm`: All the calls are now done in a new module_utils module (`helm.py`). The handling of the `kube_*` variables has also been moved in this new module. We need https://github.com/helm/helm/pull/8622 to be able to ignore the certificate validation. As a workaround, the generate a temporary kubeconfig configuration file. Closes: #279
This commit is contained in:
Gonéri Le Bouder
GitHub
@@ -266,34 +266,7 @@ except ImportError:
|
||||
IMP_YAML = False
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule, missing_required_lib, env_fallback
|
||||
|
||||
module = None
|
||||
|
||||
|
||||
def exec_command(command):
|
||||
rc, out, err = module.run_command(command)
|
||||
if rc != 0:
|
||||
module.fail_json(
|
||||
msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format(rc, out, err),
|
||||
stdout=out,
|
||||
stderr=err,
|
||||
command=command,
|
||||
)
|
||||
return rc, out, err
|
||||
|
||||
|
||||
def get_values(command, release_name):
|
||||
"""
|
||||
Get Values from deployed release
|
||||
"""
|
||||
|
||||
get_command = command + " get values --output=yaml " + release_name
|
||||
|
||||
rc, out, err = exec_command(get_command)
|
||||
# Helm 3 return "null" string when no values are set
|
||||
if out.rstrip("\n") == "null":
|
||||
return {}
|
||||
return yaml.safe_load(out)
|
||||
from ansible_collections.community.kubernetes.plugins.module_utils.helm import run_helm, get_values
|
||||
|
||||
|
||||
def get_release(state, release_name):
|
||||
@@ -308,40 +281,40 @@ def get_release(state, release_name):
|
||||
return None
|
||||
|
||||
|
||||
def get_release_status(command, release_name):
|
||||
def get_release_status(module, command, release_name):
|
||||
"""
|
||||
Get Release state from deployed release
|
||||
"""
|
||||
|
||||
list_command = command + " list --output=yaml --filter " + release_name
|
||||
|
||||
rc, out, err = exec_command(list_command)
|
||||
rc, out, err = run_helm(module, list_command)
|
||||
|
||||
release = get_release(yaml.safe_load(out), release_name)
|
||||
|
||||
if release is None: # not install
|
||||
return None
|
||||
|
||||
release['values'] = get_values(command, release_name)
|
||||
release['values'] = get_values(module, command, release_name)
|
||||
|
||||
return release
|
||||
|
||||
|
||||
def run_repo_update(command):
|
||||
def run_repo_update(module, command):
|
||||
"""
|
||||
Run Repo update
|
||||
"""
|
||||
repo_update_command = command + " repo update"
|
||||
rc, out, err = exec_command(repo_update_command)
|
||||
rc, out, err = run_helm(module, repo_update_command)
|
||||
|
||||
|
||||
def fetch_chart_info(command, chart_ref):
|
||||
def fetch_chart_info(module, command, chart_ref):
|
||||
"""
|
||||
Get chart info
|
||||
"""
|
||||
inspect_command = command + " show chart " + chart_ref
|
||||
|
||||
rc, out, err = exec_command(inspect_command)
|
||||
rc, out, err = run_helm(module, inspect_command)
|
||||
|
||||
return yaml.safe_load(out)
|
||||
|
||||
@@ -440,11 +413,23 @@ def main():
|
||||
atomic=dict(type='bool', default=False),
|
||||
create_namespace=dict(type='bool', default=False),
|
||||
replace=dict(type='bool', default=False),
|
||||
|
||||
# Generic auth key
|
||||
host=dict(type='str', fallback=(env_fallback, ['K8S_AUTH_HOST'])),
|
||||
ca_cert=dict(type='path', aliases=['ssl_ca_cert'], fallback=(env_fallback, ['K8S_AUTH_SSL_CA_CERT'])),
|
||||
validate_certs=dict(type='bool', default=True, aliases=['verify_ssl'], fallback=(env_fallback, ['K8S_AUTH_VERIFY_SSL'])),
|
||||
api_key=dict(type='str', no_log=True, fallback=(env_fallback, ['K8S_AUTH_API_KEY']))
|
||||
),
|
||||
required_if=[
|
||||
('release_state', 'present', ['release_name', 'chart_ref']),
|
||||
('release_state', 'absent', ['release_name'])
|
||||
],
|
||||
mutually_exclusive=[
|
||||
("context", "ca_cert"),
|
||||
("context", "validate_certs"),
|
||||
("kubeconfig", "ca_cert"),
|
||||
("kubeconfig", "validate_certs")
|
||||
],
|
||||
supports_check_mode=True,
|
||||
)
|
||||
|
||||
@@ -458,7 +443,6 @@ def main():
|
||||
chart_repo_url = module.params.get('chart_repo_url')
|
||||
chart_version = module.params.get('chart_version')
|
||||
release_name = module.params.get('release_name')
|
||||
release_namespace = module.params.get('release_namespace')
|
||||
release_state = module.params.get('release_state')
|
||||
release_values = module.params.get('release_values')
|
||||
values_files = module.params.get('values_files')
|
||||
@@ -467,8 +451,6 @@ def main():
|
||||
# Helm options
|
||||
disable_hook = module.params.get('disable_hook')
|
||||
force = module.params.get('force')
|
||||
kube_context = module.params.get('context')
|
||||
kubeconfig_path = module.params.get('kubeconfig')
|
||||
purge = module.params.get('purge')
|
||||
wait = module.params.get('wait')
|
||||
wait_timeout = module.params.get('wait_timeout')
|
||||
@@ -481,19 +463,11 @@ def main():
|
||||
else:
|
||||
helm_cmd_common = module.get_bin_path('helm', required=True)
|
||||
|
||||
if kube_context is not None:
|
||||
helm_cmd_common += " --kube-context " + kube_context
|
||||
|
||||
if kubeconfig_path is not None:
|
||||
helm_cmd_common += " --kubeconfig " + kubeconfig_path
|
||||
|
||||
if update_repo_cache:
|
||||
run_repo_update(helm_cmd_common)
|
||||
|
||||
helm_cmd_common += " --namespace=" + release_namespace
|
||||
run_repo_update(module, helm_cmd_common)
|
||||
|
||||
# Get real/deployed release status
|
||||
release_status = get_release_status(helm_cmd_common, release_name)
|
||||
release_status = get_release_status(module, helm_cmd_common, release_name)
|
||||
|
||||
# keep helm_cmd_common for get_release_status in module_exit_json
|
||||
helm_cmd = helm_cmd_common
|
||||
@@ -512,7 +486,7 @@ def main():
|
||||
helm_cmd += " --repo=" + chart_repo_url
|
||||
|
||||
# Fetch chart info to have real version and real name for chart_ref from archive, folder or url
|
||||
chart_info = fetch_chart_info(helm_cmd, chart_ref)
|
||||
chart_info = fetch_chart_info(module, helm_cmd, chart_ref)
|
||||
|
||||
if release_status is None: # Not installed
|
||||
helm_cmd = deploy(helm_cmd, release_name, release_values, chart_ref, wait, wait_timeout,
|
||||
@@ -563,13 +537,13 @@ def main():
|
||||
command=helm_cmd,
|
||||
)
|
||||
|
||||
rc, out, err = exec_command(helm_cmd)
|
||||
rc, out, err = run_helm(module, helm_cmd)
|
||||
|
||||
module.exit_json(
|
||||
changed=changed,
|
||||
stdout=out,
|
||||
stderr=err,
|
||||
status=get_release_status(helm_cmd_common, release_name),
|
||||
status=get_release_status(module, helm_cmd_common, release_name),
|
||||
command=helm_cmd,
|
||||
)
|
||||
|
||||
|
||||
@@ -99,27 +99,7 @@ except ImportError:
|
||||
IMP_YAML = False
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule, missing_required_lib, env_fallback
|
||||
|
||||
module = None
|
||||
|
||||
|
||||
# Get Values from deployed release
|
||||
def get_values(command, release_name):
|
||||
get_command = command + " get values --output=yaml " + release_name
|
||||
|
||||
rc, out, err = module.run_command(get_command)
|
||||
|
||||
if rc != 0:
|
||||
module.fail_json(
|
||||
msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format(rc, out, err),
|
||||
command=get_command
|
||||
)
|
||||
|
||||
# Helm 3 return "null" string when no values are set
|
||||
if out.rstrip("\n") == "null":
|
||||
return {}
|
||||
else:
|
||||
return yaml.safe_load(out)
|
||||
from ansible_collections.community.kubernetes.plugins.module_utils.helm import run_helm, get_values
|
||||
|
||||
|
||||
# Get Release from all deployed releases
|
||||
@@ -132,10 +112,10 @@ def get_release(state, release_name):
|
||||
|
||||
|
||||
# Get Release state from deployed release
|
||||
def get_release_status(command, release_name):
|
||||
def get_release_status(module, command, release_name):
|
||||
list_command = command + " list --output=yaml --filter " + release_name
|
||||
|
||||
rc, out, err = module.run_command(list_command)
|
||||
rc, out, err = run_helm(module, list_command)
|
||||
|
||||
if rc != 0:
|
||||
module.fail_json(
|
||||
@@ -148,7 +128,7 @@ def get_release_status(command, release_name):
|
||||
if release is None: # not install
|
||||
return None
|
||||
|
||||
release['values'] = get_values(command, release_name)
|
||||
release['values'] = get_values(module, command, release_name)
|
||||
|
||||
return release
|
||||
|
||||
@@ -165,7 +145,19 @@ def main():
|
||||
# Helm options
|
||||
context=dict(type='str', aliases=['kube_context'], fallback=(env_fallback, ['K8S_AUTH_CONTEXT'])),
|
||||
kubeconfig=dict(type='path', aliases=['kubeconfig_path'], fallback=(env_fallback, ['K8S_AUTH_KUBECONFIG'])),
|
||||
|
||||
# Generic auth key
|
||||
host=dict(type='str', fallback=(env_fallback, ['K8S_AUTH_HOST'])),
|
||||
ca_cert=dict(type='path', aliases=['ssl_ca_cert'], fallback=(env_fallback, ['K8S_AUTH_SSL_CA_CERT'])),
|
||||
validate_certs=dict(type='bool', default=True, aliases=['verify_ssl'], fallback=(env_fallback, ['K8S_AUTH_VERIFY_SSL'])),
|
||||
api_key=dict(type='str', no_log=True, fallback=(env_fallback, ['K8S_AUTH_API_KEY']))
|
||||
),
|
||||
mutually_exclusive=[
|
||||
("context", "ca_cert"),
|
||||
("context", "validate_certs"),
|
||||
("kubeconfig", "ca_cert"),
|
||||
("kubeconfig", "validate_certs")
|
||||
],
|
||||
supports_check_mode=True,
|
||||
)
|
||||
|
||||
@@ -174,26 +166,13 @@ def main():
|
||||
|
||||
bin_path = module.params.get('binary_path')
|
||||
release_name = module.params.get('release_name')
|
||||
release_namespace = module.params.get('release_namespace')
|
||||
|
||||
# Helm options
|
||||
kube_context = module.params.get('context')
|
||||
kubeconfig_path = module.params.get('kubeconfig')
|
||||
|
||||
if bin_path is not None:
|
||||
helm_cmd_common = bin_path
|
||||
else:
|
||||
helm_cmd_common = module.get_bin_path('helm', required=True)
|
||||
|
||||
if kube_context is not None:
|
||||
helm_cmd_common += " --kube-context " + kube_context
|
||||
|
||||
if kubeconfig_path is not None:
|
||||
helm_cmd_common += " --kubeconfig " + kubeconfig_path
|
||||
|
||||
helm_cmd_common += " --namespace=" + release_namespace
|
||||
|
||||
release_status = get_release_status(helm_cmd_common, release_name)
|
||||
release_status = get_release_status(module, helm_cmd_common, release_name)
|
||||
|
||||
if release_status is not None:
|
||||
module.exit_json(changed=False, status=release_status)
|
||||
|
||||
@@ -96,6 +96,7 @@ rc:
|
||||
'''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule, env_fallback
|
||||
from ansible_collections.community.kubernetes.plugins.module_utils.helm import run_helm
|
||||
|
||||
|
||||
def main():
|
||||
@@ -109,6 +110,12 @@ def main():
|
||||
# Helm options
|
||||
context=dict(type='str', aliases=['kube_context'], fallback=(env_fallback, ['K8S_AUTH_CONTEXT'])),
|
||||
kubeconfig=dict(type='path', aliases=['kubeconfig_path'], fallback=(env_fallback, ['K8S_AUTH_KUBECONFIG'])),
|
||||
|
||||
# Generic auth key
|
||||
host=dict(type='str', fallback=(env_fallback, ['K8S_AUTH_HOST'])),
|
||||
ca_cert=dict(type='path', aliases=['ssl_ca_cert'], fallback=(env_fallback, ['K8S_AUTH_SSL_CA_CERT'])),
|
||||
validate_certs=dict(type='bool', default=True, aliases=['verify_ssl'], fallback=(env_fallback, ['K8S_AUTH_VERIFY_SSL'])),
|
||||
api_key=dict(type='str', no_log=True, fallback=(env_fallback, ['K8S_AUTH_API_KEY']))
|
||||
),
|
||||
supports_check_mode=True,
|
||||
required_if=[
|
||||
@@ -116,18 +123,17 @@ def main():
|
||||
("state", "absent", ("plugin_name",)),
|
||||
],
|
||||
mutually_exclusive=[
|
||||
['plugin_name', 'plugin_path'],
|
||||
('plugin_name', 'plugin_path'),
|
||||
("context", "ca_cert"),
|
||||
("context", "validate_certs"),
|
||||
("kubeconfig", "ca_cert"),
|
||||
("kubeconfig", "validate_certs")
|
||||
],
|
||||
)
|
||||
|
||||
bin_path = module.params.get('binary_path')
|
||||
release_namespace = module.params.get('release_namespace')
|
||||
state = module.params.get('state')
|
||||
|
||||
# Helm options
|
||||
kube_context = module.params.get('context')
|
||||
kubeconfig_path = module.params.get('kubeconfig')
|
||||
|
||||
if bin_path is not None:
|
||||
helm_cmd_common = bin_path
|
||||
else:
|
||||
@@ -137,18 +143,10 @@ def main():
|
||||
|
||||
helm_cmd_common += " plugin"
|
||||
|
||||
if kube_context is not None:
|
||||
helm_cmd_common += " --kube-context " + kube_context
|
||||
|
||||
if kubeconfig_path is not None:
|
||||
helm_cmd_common += " --kubeconfig " + kubeconfig_path
|
||||
|
||||
helm_cmd_common += " --namespace=" + release_namespace
|
||||
|
||||
if state == 'present':
|
||||
helm_cmd_common += " install %s" % module.params.get('plugin_path')
|
||||
if not module.check_mode:
|
||||
rc, out, err = module.run_command(helm_cmd_common)
|
||||
rc, out, err = run_helm(module, helm_cmd_common, fails_on_error=False)
|
||||
else:
|
||||
rc, out, err = (0, '', '')
|
||||
|
||||
@@ -183,7 +181,7 @@ def main():
|
||||
elif state == 'absent':
|
||||
plugin_name = module.params.get('plugin_name')
|
||||
helm_plugin_list = helm_cmd_common + " list"
|
||||
rc, out, err = module.run_command(helm_plugin_list)
|
||||
rc, out, err = run_helm(module, helm_plugin_list)
|
||||
if rc != 0 or (out == '' and err == ''):
|
||||
module.fail_json(
|
||||
msg="Failed to get Helm plugin info",
|
||||
@@ -206,7 +204,7 @@ def main():
|
||||
if found:
|
||||
helm_uninstall_cmd = "%s uninstall %s" % (helm_cmd_common, plugin_name)
|
||||
if not module.check_mode:
|
||||
rc, out, err = module.run_command(helm_uninstall_cmd)
|
||||
rc, out, err = run_helm(module, helm_uninstall_cmd, fails_on_error=False)
|
||||
else:
|
||||
rc, out, err = (0, '', '')
|
||||
|
||||
|
||||
@@ -77,6 +77,7 @@ rc:
|
||||
'''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule, env_fallback
|
||||
from ansible_collections.community.kubernetes.plugins.module_utils.helm import run_helm
|
||||
|
||||
|
||||
def main():
|
||||
@@ -88,16 +89,23 @@ def main():
|
||||
# Helm options
|
||||
context=dict(type='str', aliases=['kube_context'], fallback=(env_fallback, ['K8S_AUTH_CONTEXT'])),
|
||||
kubeconfig=dict(type='path', aliases=['kubeconfig_path'], fallback=(env_fallback, ['K8S_AUTH_KUBECONFIG'])),
|
||||
|
||||
# Generic auth key
|
||||
host=dict(type='str', fallback=(env_fallback, ['K8S_AUTH_HOST'])),
|
||||
ca_cert=dict(type='path', aliases=['ssl_ca_cert'], fallback=(env_fallback, ['K8S_AUTH_SSL_CA_CERT'])),
|
||||
validate_certs=dict(type='bool', default=True, aliases=['verify_ssl'], fallback=(env_fallback, ['K8S_AUTH_VERIFY_SSL'])),
|
||||
api_key=dict(type='str', no_log=True, fallback=(env_fallback, ['K8S_AUTH_API_KEY']))
|
||||
),
|
||||
mutually_exclusive=[
|
||||
("context", "ca_cert"),
|
||||
("context", "validate_certs"),
|
||||
("kubeconfig", "ca_cert"),
|
||||
("kubeconfig", "validate_certs")
|
||||
],
|
||||
supports_check_mode=True,
|
||||
)
|
||||
|
||||
bin_path = module.params.get('binary_path')
|
||||
release_namespace = module.params.get('release_namespace')
|
||||
|
||||
# Helm options
|
||||
kube_context = module.params.get('context')
|
||||
kubeconfig_path = module.params.get('kubeconfig')
|
||||
|
||||
if bin_path is not None:
|
||||
helm_cmd_common = bin_path
|
||||
@@ -108,17 +116,9 @@ def main():
|
||||
|
||||
helm_cmd_common += " plugin"
|
||||
|
||||
if kube_context is not None:
|
||||
helm_cmd_common += " --kube-context " + kube_context
|
||||
|
||||
if kubeconfig_path is not None:
|
||||
helm_cmd_common += " --kubeconfig " + kubeconfig_path
|
||||
|
||||
helm_cmd_common += " --namespace=" + release_namespace
|
||||
|
||||
plugin_name = module.params.get('plugin_name')
|
||||
helm_plugin_list = helm_cmd_common + " list"
|
||||
rc, out, err = module.run_command(helm_plugin_list)
|
||||
rc, out, err = run_helm(module, helm_plugin_list)
|
||||
if rc != 0 or (out == '' and err == ''):
|
||||
module.fail_json(
|
||||
msg="Failed to get Helm plugin info",
|
||||
|
||||
@@ -121,8 +121,7 @@ except ImportError:
|
||||
IMP_YAML = False
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule, missing_required_lib
|
||||
|
||||
module = None
|
||||
from ansible_collections.community.kubernetes.plugins.module_utils.helm import run_helm
|
||||
|
||||
|
||||
# Get repository from all repositories added
|
||||
@@ -135,10 +134,10 @@ def get_repository(state, repo_name):
|
||||
|
||||
|
||||
# Get repository status
|
||||
def get_repository_status(command, repository_name):
|
||||
def get_repository_status(module, command, repository_name):
|
||||
list_command = command + " repo list --output=yaml"
|
||||
|
||||
rc, out, err = module.run_command(list_command)
|
||||
rc, out, err = run_helm(module, list_command, fails_on_error=False)
|
||||
|
||||
# no repo => rc=1 and 'no repositories to show' in output
|
||||
if rc == 1 and "no repositories to show" in err:
|
||||
@@ -208,7 +207,7 @@ def main():
|
||||
else:
|
||||
helm_cmd = module.get_bin_path('helm', required=True)
|
||||
|
||||
repository_status = get_repository_status(helm_cmd, repo_name)
|
||||
repository_status = get_repository_status(module, helm_cmd, repo_name)
|
||||
|
||||
if repo_state == "absent" and repository_status is not None:
|
||||
helm_cmd = delete_repository(helm_cmd, repo_name)
|
||||
@@ -225,7 +224,7 @@ def main():
|
||||
elif not changed:
|
||||
module.exit_json(changed=False, repo_name=repo_name, repo_url=repo_url)
|
||||
|
||||
rc, out, err = module.run_command(helm_cmd)
|
||||
rc, out, err = run_helm(module, helm_cmd)
|
||||
|
||||
if repo_password is not None:
|
||||
helm_cmd = helm_cmd.replace(repo_password, '******')
|
||||
|
||||
Reference in New Issue
Block a user