From fa3d94f79359ab890f7c156634e7a6ec5dee68fe Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Tue, 12 Aug 2025 20:25:31 +0200 Subject: [PATCH] Prep kubernetes.core 6.1.0 (#977) SUMMARY ISSUE TYPE Bugfix Pull Request Docs Pull Request Feature Pull Request New Module Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: Yuriy Novostavskiy Reviewed-by: Bianca Henderson Reviewed-by: GomathiselviS --- CHANGELOG.rst | 33 +++- Makefile | 2 +- README.md | 14 +- changelogs/changelog.yaml | 29 ++++ ...0250428-k8s-service-hide-fields-first.yaml | 3 - ...522-add-plain-http-for-oci-registries.yaml | 4 - ...x-helm_registry_auth-integration_test.yaml | 2 - ...8s-rollback-integration-test-coverage.yaml | 2 - .../20250720-k8s-patch-add-hidden-fields.yaml | 3 - ...50911-add-support-helm-take-ownership.yaml | 2 - docs/ansible_turbo_mode.rst | 147 ------------------ docs/kubernetes.core.helm_module.rst | 47 +++--- docs/kubernetes.core.helm_pull_module.rst | 41 ++--- docs/kubernetes.core.helm_template_module.rst | 41 ++--- .../kubernetes.core.k8s_json_patch_module.rst | 19 +++ galaxy.yml | 2 +- 16 files changed, 151 insertions(+), 240 deletions(-) delete mode 100644 changelogs/fragments/20250428-k8s-service-hide-fields-first.yaml delete mode 100644 changelogs/fragments/20250522-add-plain-http-for-oci-registries.yaml delete mode 100644 changelogs/fragments/20250605-fix-helm_registry_auth-integration_test.yaml delete mode 100644 changelogs/fragments/20250704-k8s-rollback-integration-test-coverage.yaml delete mode 100644 changelogs/fragments/20250720-k8s-patch-add-hidden-fields.yaml delete mode 100644 changelogs/fragments/20250911-add-support-helm-take-ownership.yaml delete mode 100644 docs/ansible_turbo_mode.rst diff --git a/CHANGELOG.rst b/CHANGELOG.rst index c915a13a..37b81620 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -4,13 +4,32 @@ Kubernetes Collection Release Notes .. contents:: Topics -v6.0.0 + +v6.1.0 ====== Release Summary --------------- -This major release removes the deprecated ``k8s`` inventory plugin and also removes ``ansible-core<2.16`` support. +This release includes a fix for kubeconfig output, added ``plain_http`` and ``take_ownership`` parameters for helm modules, support for ``hidden_fields`` in ``k8s_json_patch``, documented lack of idempotency support in ``helm_registry_auth`` with ``helm ≥ 3.18.0``, and improved ``k8s_rollback`` test coverage. + +Minor Changes +------------- + +- Module helm_registry_auth do not support idempotency with `helm >= 3.18.0` (https://github.com/ansible-collections/kubernetes.core/pull/946) +- Module k8s_json_patch - Add support for `hidden_fields` (https://github.com/ansible-collections/kubernetes.core/pull/964). +- helm - Parameter plain_http added for working with insecure OCI registries (https://github.com/ansible-collections/kubernetes.core/pull/934). +- helm - Parameter take_ownership added (https://github.com/ansible-collections/kubernetes.core/pull/957). +- helm_pull - Parameter plain_http added for working with insecure OCI registries (https://github.com/ansible-collections/kubernetes.core/pull/934). +- helm_template - Parameter plain_http added for working with insecure OCI registries (https://github.com/ansible-collections/kubernetes.core/pull/934). + +Bugfixes +-------- + +- module_utils/k8s/service - hide fields first before creating diffs (https://github.com/ansible-collections/kubernetes.core/pull/915). + +v6.0.0 +====== Breaking Changes / Porting Guide -------------------------------- @@ -24,20 +43,20 @@ v5.3.0 Release Summary --------------- -This release includes minor changes, bug fixes and also bumps ``ansible-lint`` version to ``25.1.2``. +This release includes minor changes, bug fixes and also bumps ansible-lint version to ``25.1.2``. Minor Changes ------------- -- kubernetes.core - Bump version of ``ansible-lint`` to ``25.1.2`` (https://github.com/ansible-collections/kubernetes.core/pull/919). +- Bump version of ansible-lint to 25.1.2 (https://github.com/ansible-collections/kubernetes.core/pull/919). - action/k8s_info - update templating mechanism with changes from ``ansible-core 2.19`` (https://github.com/ansible-collections/kubernetes.core/pull/888). -- helm - add ``reset_then_reuse_values`` support to helm module (https://github.com/ansible-collections/kubernetes.core/issues/803). -- helm - add support for ``insecure_skip_tls_verify`` option to helm and ``helm_repository`` (https://github.com/ansible-collections/kubernetes.core/issues/694). +- helm - add reset_then_reuse_values support to helm module (https://github.com/ansible-collections/kubernetes.core/issues/803). +- helm - add support for ``insecure_skip_tls_verify`` option to helm and helm_repository(https://github.com/ansible-collections/kubernetes.core/issues/694). Bugfixes -------- -- module_utils/k8s/service - Fix issue when trying to delete resource using ``delete_options`` and ``check_mode=true`` (https://github.com/ansible-collections/kubernetes.core/issues/892). +- module_utils/k8s/service - fix issue when trying to delete resource using `delete_options` and `check_mode=true` (https://github.com/ansible-collections/kubernetes.core/issues/892). v5.2.0 ====== diff --git a/Makefile b/Makefile index 31f827f7..2487af6f 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ # Also needs to be updated in galaxy.yml -VERSION = 6.0.0 +VERSION = 6.1.0 TEST_ARGS ?= "" PYTHON_VERSION ?= `python -c 'import platform; print(".".join(platform.python_version_tuple()[0:2]))'` diff --git a/README.md b/README.md index c6e21f38..eccfcc5e 100644 --- a/README.md +++ b/README.md @@ -21,12 +21,10 @@ For more information about communication, see the [Ansible communication guide]( ## Requirements -### Ansible Version Compatibility +## Ansible version compatibility -This collection has been tested against following Ansible versions: **>=2.16.0**. +This collection has been tested against the following Ansible versions: **>=2.16.0**. -For collections that support Ansible 2.9, please ensure you update your `network_os` to use the -fully qualified collection name (for example, `cisco.ios.ios`). Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions. PEP440 is the schema used to describe the versions of Ansible. @@ -47,17 +45,17 @@ This collection supports Kubernetes versions >= 1.24. Click on the name of a plugin or module to view that content's documentation: -### Connection Plugins +### Connection plugins Name | Description --- | --- [kubernetes.core.kubectl](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.kubectl_connection.rst)|Execute tasks in pods running on Kubernetes. -### K8s Filter Plugins +### K8s filter plugins Name | Description --- | --- kubernetes.core.k8s_config_resource_name|Generate resource name for the given resource of type ConfigMap, Secret -### Lookup Plugins +### Lookup plugins Name | Description --- | --- [kubernetes.core.k8s](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.k8s_lookup.rst)|Query the K8s API @@ -101,7 +99,7 @@ You can also include it in a `requirements.yml` file and install it via `ansible --- collections: - name: kubernetes.core - version: 6.0.0 + version: 6.1.0 ``` ### Installing the Kubernetes Python Library diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index ea81ac8d..025e74dc 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -1052,3 +1052,32 @@ releases: fragments: - 20250121-breaking-changes-6.0.0.yml release_date: '2025-05-19' + 6.1.0: + changes: + bugfixes: + - module_utils/k8s/service - hide fields first before creating diffs (https://github.com/ansible-collections/kubernetes.core/pull/915). + minor_changes: + - Module helm_registry_auth do not support idempotency with `helm >= 3.18.0` + (https://github.com/ansible-collections/kubernetes.core/pull/946) + - Module k8s_json_patch - Add support for `hidden_fields` (https://github.com/ansible-collections/kubernetes.core/pull/964). + - helm - Parameter plain_http added for working with insecure OCI registries + (https://github.com/ansible-collections/kubernetes.core/pull/934). + - helm - Parameter take_ownership added (https://github.com/ansible-collections/kubernetes.core/pull/957). + - helm_pull - Parameter plain_http added for working with insecure OCI registries + (https://github.com/ansible-collections/kubernetes.core/pull/934). + - helm_template - Parameter plain_http added for working with insecure OCI registries + (https://github.com/ansible-collections/kubernetes.core/pull/934). + release_summary: "This release includes a fix for kubeconfig output, added ``plain_http`` + and ``take_ownership`` parameters for helm modules, support for ``hidden_fields`` + in ``k8s_json_patch``, documented lack of idempotency support in ``helm_registry_auth`` + with ``helm \u2265 3.18.0``, and improved ``k8s_rollback`` test coverage." + fragments: + - 20250411-kubeconfig-no_log-revert.yaml + - 20250428-k8s-service-hide-fields-first.yaml + - 20250522-add-plain-http-for-oci-registries.yaml + - 20250605-fix-helm_registry_auth-integration_test.yaml + - 20250704-k8s-rollback-integration-test-coverage.yaml + - 20250720-k8s-patch-add-hidden-fields.yaml + - 20250911-add-support-helm-take-ownership.yaml + - release_summary.yml + release_date: '2025-08-12' diff --git a/changelogs/fragments/20250428-k8s-service-hide-fields-first.yaml b/changelogs/fragments/20250428-k8s-service-hide-fields-first.yaml deleted file mode 100644 index 4d1bc200..00000000 --- a/changelogs/fragments/20250428-k8s-service-hide-fields-first.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -bugfixes: - - module_utils/k8s/service - hide fields first before creating diffs (https://github.com/ansible-collections/kubernetes.core/pull/915). diff --git a/changelogs/fragments/20250522-add-plain-http-for-oci-registries.yaml b/changelogs/fragments/20250522-add-plain-http-for-oci-registries.yaml deleted file mode 100644 index 7b170280..00000000 --- a/changelogs/fragments/20250522-add-plain-http-for-oci-registries.yaml +++ /dev/null @@ -1,4 +0,0 @@ -minor_changes: - - helm - Parameter plain_http added for working with insecure OCI registries (https://github.com/ansible-collections/kubernetes.core/pull/934). - - helm_pull - Parameter plain_http added for working with insecure OCI registries (https://github.com/ansible-collections/kubernetes.core/pull/934). - - helm_template - Parameter plain_http added for working with insecure OCI registries (https://github.com/ansible-collections/kubernetes.core/pull/934). diff --git a/changelogs/fragments/20250605-fix-helm_registry_auth-integration_test.yaml b/changelogs/fragments/20250605-fix-helm_registry_auth-integration_test.yaml deleted file mode 100644 index 35be708a..00000000 --- a/changelogs/fragments/20250605-fix-helm_registry_auth-integration_test.yaml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - Module helm_registry_auth do not support idempotency with `helm >= 3.18.0` (https://github.com/ansible-collections/kubernetes.core/pull/946) diff --git a/changelogs/fragments/20250704-k8s-rollback-integration-test-coverage.yaml b/changelogs/fragments/20250704-k8s-rollback-integration-test-coverage.yaml deleted file mode 100644 index b338971f..00000000 --- a/changelogs/fragments/20250704-k8s-rollback-integration-test-coverage.yaml +++ /dev/null @@ -1,2 +0,0 @@ -trivial: - - k8s_rollback - Increase integration test coverage for k8s_rollback module (https://github.com/ansible-collections/kubernetes.core/pull/950). diff --git a/changelogs/fragments/20250720-k8s-patch-add-hidden-fields.yaml b/changelogs/fragments/20250720-k8s-patch-add-hidden-fields.yaml deleted file mode 100644 index aeae63b2..00000000 --- a/changelogs/fragments/20250720-k8s-patch-add-hidden-fields.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -minor_changes: - - Module k8s_json_patch - Add support for `hidden_fields` (https://github.com/ansible-collections/kubernetes.core/pull/964). diff --git a/changelogs/fragments/20250911-add-support-helm-take-ownership.yaml b/changelogs/fragments/20250911-add-support-helm-take-ownership.yaml deleted file mode 100644 index bd4d16ca..00000000 --- a/changelogs/fragments/20250911-add-support-helm-take-ownership.yaml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - helm - Parameter take_ownership added (https://github.com/ansible-collections/kubernetes.core/pull/957). diff --git a/docs/ansible_turbo_mode.rst b/docs/ansible_turbo_mode.rst deleted file mode 100644 index 6e0c990e..00000000 --- a/docs/ansible_turbo_mode.rst +++ /dev/null @@ -1,147 +0,0 @@ -.. _ansible_turbo_mode: - - -****************** -Ansible Turbo mode -****************** - -Following document provides overview of Ansible Turbo mode in ``kubernetes.core`` collection. - -.. contents:: - :local: - :depth: 1 - - -Synopsis --------- -- A brief introduction about Ansible Turbo mode in ``kuberentes.core`` collection. -- Ansible Turbo mode is an optional performance optimization. It can be enabled by installing the cloud.common collection and setting the ``ENABLE_TURBO_MODE`` environment variable. - -Requirements ------------- - -The following requirement is needed on the host that executes this module. - -- The ``cloud.common`` collection (https://github.com/ansible-collections/cloud.common) - -You will also need to set the environment variable ``ENABLE_TURBO_MODE=1`` on the managed host. This can be done in the same ways you would usually do so, for example:: - - --- - - hosts: remote - environment: - ENABLE_TURBO_MODE: 1 - tasks: - ... - - -Installation ------------- - -You can install ``cloud.common`` collection using following command:: - - # ansible-galaxy collection install cloud.common - - -Current situation without Ansible Turbo mode -============================================ - -The traditional execution flow of an Ansible module includes the following steps: - -- Upload of a ZIP archive with the module and its dependencies -- Execution of the module -- Ansible collects the results once the script is finished - -These steps happen for each task of a playbook, and on every host. - -Most of the time, the execution of a module is fast enough for -the user. However, sometime the module requires significant amount of time, -just to initialize itself. This is a common situation with the API based modules. - -A classic initialization involves the following steps: - -- Load a Python library to access the remote resource (via SDK) -- Open a client - - Load a bunch of Python modules. - - Request a new TCP connection. - - Create a session. - - Authenticate the client. - -All these steps are time consuming and the same operations will be running again and again. - -For instance, here: - -- ``import openstack``: takes 0.569s -- ``client = openstack.connect()``: takes 0.065s -- ``client.authorize()``: takes 1.360s, - -These numbers are from test running against VexxHost public cloud. - -In this case, it's a 2s-ish overhead per task. If the playbook -comes with 10 tasks, the execution time cannot go below 20s. - -How Ansible Turbo Module improve the situation -============================================== - -``AnsibleTurboModule`` is actually a class that inherites from -the standard ``AnsibleModule`` class that your modules probably -already use. -The big difference is that when a module starts, it also spawns -a little Python daemon. If a daemon already exists, it will just -reuse it. -All the module logic is run inside this Python daemon. This means: - -- Python modules are actually loaded one time -- Ansible module can reuse an existing authenticated session. - -The background service -====================== - -The daemon kills itself after 15s, and communication are done -through an Unix socket. -It runs in one single process and uses ``asyncio`` internally. -Consequently you can use the ``async`` keyword in your Ansible module. -This will be handy if you interact with a lot of remote systems -at the same time. - -Security impact -=============== - -``ansible_module.turbo`` open an Unix socket to interact with the background service. -We use this service to open the connection toward the different target systems. - -This is similar to what SSH does with the sockets. - -Keep in mind that: - -- All the modules can access the same cache. Soon an isolation will be done at the collection level (https://github.com/ansible-collections/cloud.common/pull/17) -- A task can load a different version of a library and impact the next tasks. -- If the same user runs two ``ansible-playbook`` at the same time, they will have access to the same cache. - -When a module stores a session in a cache, it's a good idea to use a hash of the authentication information to identify the session. - -Error management -================ - -``ansible_module.turbo`` uses exceptions to communicate a result back to the module. - -- ``EmbeddedModuleFailure`` is raised when ``json_fail()`` is called. -- ``EmbeddedModuleSuccess`` is raised in case of success and returns the result to the origin module process. - -These exceptions are defined in ``ansible_collections.cloud.common.plugins.module_utils.turbo.exceptions``. -You can raise ``EmbeddedModuleFailure`` exception yourself, for instance from a module in ``module_utils``. - -.. note:: Be careful with the ``except Exception:`` blocks. - Not only they are bad practice, but also may interface with this - mechanism. - - -Troubleshooting -=============== - -You may want to manually start the server. This can be done with the following command: - -.. code-block:: shell - - PYTHONPATH=$HOME/.ansible/collections python -m ansible_collections.cloud.common.plugins.module_utils.turbo.server --socket-path $HOME/.ansible/tmp/turbo_mode.kubernetes.core.socket - -You can use the ``--help`` argument to get a list of the optional parameters. diff --git a/docs/kubernetes.core.helm_module.rst b/docs/kubernetes.core.helm_module.rst index 22c366f1..87147138 100644 --- a/docs/kubernetes.core.helm_module.rst +++ b/docs/kubernetes.core.helm_module.rst @@ -330,6 +330,27 @@ Parameters

aliases: kubeconfig_path
+ + +
+ plain_http + +
+ boolean +
+
added in 6.1.0
+ + +
    Choices: +
  • no ←
    • +
  • yes
    • +
+ + +
Use HTTP instead of HTTPS when working with OCI registries
+
Requires Helm >= 3.13.0
+ +
@@ -737,26 +758,6 @@ Parameters
The use of wait_timeout to wait for kubernetes commands to complete has been deprecated and will be removed after 2022-12-01.
- - -
- plain_http - -
- boolean -
-
added in 5.1.0
- - -
    Choices: -
  • no ←
    • -
  • yes
    • -
- - -
Use HTTP instead of HTTPS when working with OCI registries
- -
@@ -851,6 +852,12 @@ Examples chart_ref: "https://github.com/grafana/helm-charts/releases/download/grafana-5.6.0/grafana-5.6.0.tgz" release_namespace: monitoring + - name: Deploy Bitnami's MongoDB latest chart from OCI registry + kubernetes.core.helm: + name: test + chart_ref: "oci://registry-1.docker.io/bitnamicharts/mongodb" + release_namespace: database + # Using complex Values - name: Deploy new-relic client chart kubernetes.core.helm: diff --git a/docs/kubernetes.core.helm_pull_module.rst b/docs/kubernetes.core.helm_pull_module.rst index 0ccdec76..bab8b6da 100644 --- a/docs/kubernetes.core.helm_pull_module.rst +++ b/docs/kubernetes.core.helm_pull_module.rst @@ -193,6 +193,27 @@ Parameters
Pass credentials to all domains.
+ + +
+ plain_http + +
+ boolean +
+
added in 6.1.0
+ + +
    Choices: +
  • no ←
    • +
  • yes
    • +
+ + +
Use HTTP instead of HTTPS when working with OCI registries
+
Requires Helm >= 3.13.0
+ +
@@ -336,26 +357,6 @@ Parameters
location of public keys used for verification.
- - -
- plain_http - -
- boolean -
-
added in 5.1.0
- - -
    Choices: -
  • no ←
    • -
  • yes
    • -
- - -
Use HTTP instead of HTTPS when working with OCI registries
- -
diff --git a/docs/kubernetes.core.helm_template_module.rst b/docs/kubernetes.core.helm_template_module.rst index 9bb5398f..ffdc7cc5 100644 --- a/docs/kubernetes.core.helm_template_module.rst +++ b/docs/kubernetes.core.helm_template_module.rst @@ -194,6 +194,27 @@ Parameters
If the directory already exists, it will be overwritten.
+ + +
+ plain_http + +
+ boolean +
+
added in 6.1.0
+ + +
    Choices: +
  • no ←
    • +
  • yes
    • +
+ + +
Use HTTP instead of HTTPS when working with OCI registries
+
Requires Helm >= 3.13.0
+ +
@@ -361,26 +382,6 @@ Parameters
Paths are evaluated in the order the paths are specified.
- - -
- plain_http - -
- boolean -
-
added in 5.1.0
- - -
    Choices: -
  • no ←
    • -
  • yes
    • -
- - -
Use HTTP instead of HTTPS when working with OCI registries
- -
diff --git a/docs/kubernetes.core.k8s_json_patch_module.rst b/docs/kubernetes.core.k8s_json_patch_module.rst index 3ab82a1b..1a737fc7 100644 --- a/docs/kubernetes.core.k8s_json_patch_module.rst +++ b/docs/kubernetes.core.k8s_json_patch_module.rst @@ -140,6 +140,25 @@ Parameters
The name of a context found in the config file. Can also be specified via K8S_AUTH_CONTEXT environment variable.
+ + +
+ hidden_fields + +
+ list + / elements=string +
+
added in 6.1.0
+ + + Default:
[]
+ + +
List of fields to hide from the diff output.
+
This is useful for fields that are not relevant to the patch operation, such as `metadata.managedFields`.
+ +
diff --git a/galaxy.yml b/galaxy.yml index 79689671..34b52450 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -25,7 +25,7 @@ tags: - openshift - okd - cluster -version: 6.0.0 +version: 6.1.0 build_ignore: - .DS_Store - "*.tar.gz"