SUMMARY
Closes#1037
added support for check_mode
Converted warnings into informational display when user has explicitly requested to delete daemontset-managed pods, unmanaged pods or pods with local storage
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
k8s_drain
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
SUMMARY
This PR implements idempotency for the helm_pull module, addressing issue #889.
New force parameter with defaults to False.
implemented chart_exists() function
checks chart existence before downloading, returns changed=False when chart exists
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
helm_pull
ADDITIONAL INFORMATION
Force parameter added for backward compatibility and edge cases.
Implemented with the partial support of GitHub Copilot with Claude Sonnet 4.5 model
Reviewed-by: Bikouo Aubin
Reviewed-by: Yuriy Novostavskiy <yuriy@novostavskiy.kyiv.ua>
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Alina Buzachis
SUMMARY
Using exit_json or fail_json for warnings is deprecated in ansible-core>=2.19.0 and will be removed in ansible-core>=2.23.0
Tested with ansible-core 2.19.3 as the latest released version at the time of the start of this PR and with 2.16.0 as the lowest version supported by kubernetes.core 6.x
Resolves: #1031
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
k8s_drain
k8s_rollback
k8s_scale
ADDITIONAL INFORMATION
The initial version of this PR covers only the module k8s_drain, with the following commits extended to k8s_rollback
k8s_scale
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Alina Buzachis
SUMMARY
Helm v4 is a major version with backward-incompatible changes, including to the flags and output of the Helm CLI and to the SDK. This version is currently not supported in the kubernetes.core. This PR is related to #1038 and is a short-term solution to mark compatibility explicitly
ISSUE TYPE
Bugfix Pull Request
Docs Pull Request
COMPONENT NAME
helm
helm_template
helm_info
helm_repository
helm_pull
helm_registry_auth
helm_plugin
helm_plugin_info
ADDITIONAL INFORMATION
Added `validate_helm_version()`` method to AnsibleHelmModule that enforces version constraint >=3.0.0,<4.0.0.
Fails fast with clear error message: "Helm version must be >=3.0.0,<4.0.0, current version is {version}"
Some modules (i.e. helm_registry_auth) technically is compatible with Helm v4, but validation was added to all helm modules.
Partially coauthored by GitHub Copilot with Claude Sonnet 4 model.
Addresses issue #1038
Reviewed-by: GomathiselviS <gomathiselvi@gmail.com>
Reviewed-by: Yuriy Novostavskiy <yuriy@novostavskiy.kyiv.ua>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Alina Buzachis
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
SUMMARY
Importing from ansible.module_utils._text is deprecated in ansible-core 2.20 and removed in 2.24. All imports of to_bytes, to_native, and to_text now use ansible.module_utils.common.text.converters.
Before:
from ansible.module_utils._text import to_bytes, to_native, to_text
After:
from ansible.module_utils.common.text.converters import to_bytes, to_native, to_text
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
plugins/module_utils/common.py
plugins/action/k8s_info.py
plugins/connection/kubectl.py
plugins/module_utils/{copy.py, k8s/runner.py}
plugins/modules/{k8s_cp.py, k8s_drain.py, k8s_exec.py, k8s_json_patch.py, k8s_scale.py, k8s_taint.py}
ADDITIONAL INFORMATION
It's not an actual Bugfix, more a lifecycle management to ensure compatibility with future Ansible versions.
Tested with ansible-core 2.20 to ensure no deprecation warnings are raised and with ansible-core 2.16 to ensure backward compatibility.
Patrially coauthored-by: GitHub Copilot with Claude Code 4.5 model.
Addresses issue #1052.
Reviewed-by: Bikouo Aubin
Reviewed-by: Alina Buzachis
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
SUMMARY
Fixed a bug where setting K8S_AUTH_VERIFY_SSL=true (or any string value) caused the value to be treated as a separate kubectl command argument instead of being properly converted to a boolean.
The option key name is validate_certs, which does NOT end with "verify_ssl", so the original condition key.endswith("verify_ssl") at line 327 failed. This caused the code to fall through to the else block which added the value as separate
arguments: ["--insecure-skip-tls-verify", "true"], making "true" appear as a kubectl command.
Fixes#1021
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
kubernetes.core.kubectl
ADDITIONAL INFORMATION
Changes Made
Changed condition from key.endswith("verify_ssl") to key == "validate_certs"
Added import of boolean function from ansible.module_utils.parsing.convert_bool
Added proper boolean conversion using boolean(self.get_option(key), strict=False)
Partially used LLM (GitHub Copilot with Claude Sonnet 4).
Before Fix
K8S_AUTH_VERIFY_SSL=true
Command: ['/usr/bin/kubectl', '--insecure-skip-tls-verify', 'true', 'exec', ...]
^^^^^ treated as kubectl command (BUG!)
After Fix
K8S_AUTH_VERIFY_SSL=true
Command: ['/usr/bin/kubectl', '--insecure-skip-tls-verify=false', 'exec', ...]
^^^^^ properly converted (FIXED!)
Reviewed-by: Bikouo Aubin
Reviewed-by: Alina Buzachis
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
SUMMARY
helm/helm_info - Deprecate some parameters and add new ones to resolve sanity issues.
k8s - the return block doc is not aligned with what the module returns
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
helm, helm_info, k8s
Fixes: #1046
Reviewed-by: Yuriy Novostavskiy <yuriy@novostavskiy.kyiv.ua>
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
SUMMARY
Added documentation for no_proxy, proxy, and proxy_headers parameters that were missing from the k8s lookup plugin. These parameters are already implemented in the codebase but were not documented.
no_proxy: Comma separated list of hosts that shouldn't use proxy
proxy: HTTP proxy URL for connections
proxy_headers: Dictionary of proxy headers with suboptions for proxy_basic_auth, basic_auth, and user_agent
Fixes#775
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
k8s lookup
Additional comment
This is a reissue of #993, which was lost during the latest release due to me PR incorrectly from my fork's main branch. Linter errors on the previous PR should already be resolved.
This had the backport-5, backport-6 and skip-changelog labels.
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
SUMMARY
kustomize doesn't support an environment that makes it impossible to use HTTP_PROXY or provide some templatized parameters.
This PR is the result of the issue #783
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
kubernetes.core.kustomize lookup plugin
Reviewed-by: Bikouo Aubin
Reviewed-by: Yuriy Novostavskiy <yuriy@novostavskiy.kyiv.ua>
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
SUMMARY
Was going trough the list with issues and found 958; which seemed a quick fix.
What I fixed with with this PR:
Added support for copying files to init containers.
Fixed the format message when an exec is failing for a pod (the order was wrong).
Added a check if the container that you try to run copy for is started.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
copy.py module
ADDITIONAL INFORMATION
Some testing.
Verify that the pod does not exist:
kubectl -n default get pod/yorick
Output:
Error from server (NotFound): pods "yorick" not found
Run the playbook to create the file, create the deployment, wait for the init container to be ready, copy the created file to the init container, cat the copied file (using kubernetes.core.k8s_exec) that is now in the init container and try to copy the created file to the (not started) container (which fails - to see the new error message for it):
cat << EOF | ansible-playbook /dev/stdin
- hosts: localhost
gather_facts: False
tasks:
- ansible.builtin.copy:
content: |
Hi there
dest: /tmp/yorick.txt
- name: Deploy pod with initContainer with an unlimited while loop
kubernetes.core.k8s:
kubeconfig: "~/.kube/config"
definition:
apiVersion: v1
kind: Pod
metadata:
name: "yorick"
namespace: "default"
spec:
initContainers:
- name: "yorick-init"
image: busybox:latest
command: ["/bin/sh"]
args:
- "-c"
- |
echo "Init container started, waiting for file..."
# Wait for the file to be copied
while :;do
echo "Waiting for file"
sleep 5
done
echo "File received! Init container completing..."
containers:
- name: "yorick-container"
image: busybox:latest
command: ["/bin/sh"]
args:
- "-c"
- |
# Keep container running for testing
sleep 300
- kubernetes.core.k8s_info:
kubeconfig: "~/.kube/config"
api_version: v1
kind: Pod
name: "yorick"
namespace: "default"
register: pod_status
until: >-
pod_status.resources|length > 0
and 'initContainerStatuses' in pod_status.resources.0.status
and pod_status.resources.0.status.initContainerStatuses|length > 0
and pod_status.resources.0.status.initContainerStatuses.0.started|bool
- name: Copy /tmp/yorick.txt to the yorick-init init container
kubernetes.core.k8s_cp:
kubeconfig: "~/.kube/config"
namespace: default
pod: yorick
remote_path: /tmp/yorick.txt
local_path: /tmp/yorick.txt
container: yorick-init
- name: Execute a command
kubernetes.core.k8s_exec:
kubeconfig: "~/.kube/config"
namespace: default
pod: yorick
container: yorick-init
command: cat /tmp/yorick.txt
register: exec_out
- ansible.builtin.debug:
var: exec_out.stdout
- name: Try to copy /tmp/yorick.txt to the yorick-container container
kubernetes.core.k8s_cp:
kubeconfig: "~/.kube/config"
namespace: default
pod: yorick
remote_path: /tmp/yorick.txt
local_path: /tmp/yorick.txt
container: yorick-container
EOF
Output:
PLAY [localhost] ********************************************************************************************************************************************************************
TASK [ansible.builtin.copy] *********************************************************************************************************************************************************
Thursday 31 July 2025 02:01:21 +0200 (0:00:00.016) 0:00:00.016 *********
ok: [localhost]
TASK [Deploy pod with initContainer with an unlimited while loop] *******************************************************************************************************************
Thursday 31 July 2025 02:01:21 +0200 (0:00:00.788) 0:00:00.804 *********
changed: [localhost]
TASK [kubernetes.core.k8s_info] *****************************************************************************************************************************************************
Thursday 31 July 2025 02:01:25 +0200 (0:00:03.963) 0:00:04.768 *********
FAILED - RETRYING: [localhost]: kubernetes.core.k8s_info (3 retries left).
ok: [localhost]
TASK [Copy /tmp/yorick.txt to the yorick-init init container] ***********************************************************************************************************************
Thursday 31 July 2025 02:01:32 +0200 (0:00:06.598) 0:00:11.366 *********
changed: [localhost]
TASK [Execute a command] ************************************************************************************************************************************************************
Thursday 31 July 2025 02:01:39 +0200 (0:00:07.017) 0:00:18.383 *********
changed: [localhost]
TASK [ansible.builtin.debug] ********************************************************************************************************************************************************
Thursday 31 July 2025 02:01:40 +0200 (0:00:00.644) 0:00:19.028 *********
ok: [localhost] => {
"exec_out.stdout": "Hi there\n"
}
TASK [Try to copy /tmp/yorick.txt to the yorick-container container] ****************************************************************************************************************
Thursday 31 July 2025 02:01:40 +0200 (0:00:00.021) 0:00:19.050 *********
fatal: [localhost]: FAILED! => {
"changed": false
}
MSG:
Pod container yorick-container is not started
PLAY RECAP **************************************************************************************************************************************************************************
localhost : ok=6 changed=3 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Playbook run took 0 days, 0 hours, 0 minutes, 21 seconds
Reviewed-by: spatterlight
Reviewed-by: Yorick Gruijthuijzen <yorick-1989@hotmail.com>
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Bikouo Aubin
SUMMARY
This pull request adds support for a new skip_schema_validation option to the helm module, allowing users to disable JSON schema validation for Helm charts and values (requires helm >= 3.16.0).
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm
ADDITIONAL INFORMATION
Added the skip_schema_validation boolean parameter to the helm module, allowing users to disable JSON schema validation for charts and values. This option is only available with Helm versions >= 3.16.0, and an appropriate error is raised for older versions.
Added integration tests to verify the behavior of the skip_schema_validation option, including cases for both supported and unsupported Helm versions.
Closes#994
Reviewed-by: Bikouo Aubin
SUMMARY
This PR is essentially attempting Option B from issue #996 (Option A is implemented here); this code update accounts for the recent merge of sanity: warn on ansible.module_utils.six imports #85651.
Reviewed-by: Alina Buzachis
Reviewed-by: Yuriy Novostavskiy <yuriy@novostavskiy.kyiv.ua>
This reverts commit 1705ced (i.e., reapplies the changes from #826); this is a temporary fix for #782 as it will re-introduce #870, which will need to be re-opened.
Reviewed-by: Alina Buzachis
Reviewed-by: GomathiselviS <gomathiselvi@gmail.com>
SUMMARY
Add support for hidden_fields on k8s_json_patch
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
k8s_json_patch
ADDITIONAL INFORMATION
Works exactly the same as k8s
Haven't pushed the doc yet, because of many changes. Will do it on a separate commit if the tests pass.
1st commit here, sorry if I forget some things.
Thanks!
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Alina Buzachis
Reviewed-by: Frank Villaro-Dixon <frank@villaro-dixon.eu>
This reverts commit 6efabd3.
SUMMARY
Fixes#870
A better solution is necessary to address #782. The current code makes getting manifests practically unusable. We need to revert this commit until a better solution is found.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
kubeconfig
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
SUMMARY
By hiding fields first before creating a diff hidden fields will not be shown in the resulting diffs and therefore will also not trigger the changed condition.
The issue can only be reproduced when a mutating webhook changes the object while the kubernetes.core.k8s module is working with it.
kubevirt/kubevirt.core#145
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
kubernetes.core.module_utils.k8s.service
ADDITIONAL INFORMATION
Run kubernetes.core.k8s and create object with hidden fields. After run kubernetes.core.k8s again and let a webhook mutate the object that the module is working with. The module should return with changed: no.
Reviewed-by: Bikouo Aubin
Reviewed-by: Mike Graves <mgraves@redhat.com>
SUMMARY
Fix the integration test for helm_registry_auth with helm >= 3.18.0 and clarify idempotency.
Fixes#944
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
helm_registry_auth
ADDITIONAL INFORMATION
Caused by the changes in helm starting from 3.18.0
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Alina Buzachis
Reviewed-by: Yuriy Novostavskiy
Reviewed-by: Bikouo Aubin
SUMMARY
This change introduces the plain_http parameter to modules that can interact with OCI registries. This in needed in cases where the OCI registry does not use SSL encryption, forcing Helm to send HTTP requests instead of HTTPS
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm, helm_pull and helm_template
ADDITIONAL INFORMATION
This is the output when trying to use an OCI registry that is not configured to use SSL certs.
fatal: [localhost]: FAILED! => {"changed": false, "command": "/usr/local/bin/helm show chart 'oci://<http-registry>/charts/foo'", "msg": "Failure when executing Helm command. Exited 1.\nstdout: \nstderr: Error: Get \"https://<http-registry>/v2/charts/foo/tags/list\": http: server gave HTTP response to HTTPS client\n", "stderr": "Error: Get \"https://<http-registry>/v2/charts/foo/tags/list\": http: server gave HTTP response to HTTPS client\n", "stderr_lines": ["Error: Get \"https://<http-registry>/v2/charts/foo/tags/list\": http: server gave HTTP response to HTTPS client"], "stdout": "", "stdout_lines": []}
Reviewed-by: Bikouo Aubin
Reviewed-by: Matteo Danelon
SUMMARY
Added the option insecure_skip_tls_verify to the following helm modules:
helm_repository
helm
Unified the option with alias in helm_pull
For helm, added the option to the helm diff call, as it got fixed upstream.
Upstream Issue: databus23/helm-diff#503
Fixed with: helm/helm#12856
Fixes#694
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
kubernetes.core.helm
kubernetes.core.helm_repository
kubernetes.core.helm_pull
ADDITIONAL INFORMATION
Basically the option was added in the parameters set in the ansible job, in the docs and then injected in the helm and helm diff binary calls if set. Defaults to False.
Example
---
- name: Test helm modules
tasks:
- name: Test helm repository insecure
kubernetes.core.helm_repository:
name: insecure
repo_url: "<helm-repo-with-self-signed-tls>"
state: present
insecure_skip_tls_verify: true
- name: Test helm pull insecure
kubernetes.core.helm_pull:
chart_ref: "oci://<helm-repo-with-self-signed-tls>/ptroject"
destination: /tmp
insecure_skip_tls_verify: true
- name: Test helm insecure
kubernetes.core.helm:
name: insecure
chart_ref: "oci://<helm-repo-with-self-signed-tls>/project"
namespace: helm-insecure-test
state: present
insecure_skip_tls_verify: true
Note
Might need an alias for telm_template, as the option is called insecure_registry, in the manual and docs of helm it would be --insecure-skip-tls-verify as well though.
Not included, as it was recently merged with #805
Reviewed-by: Yuriy Novostavskiy
Reviewed-by: Noah Lehmann
Reviewed-by: Bikouo Aubin
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Mike Graves <mgraves@redhat.com>
SUMMARY
This is initial to prepare the main branch to version 6.0.0 (6.0.0-dev0 in galaxy.yml) and includes following braking changes:
removed support of ansible-core<2.16.0 as 2.15 reach EOL in Nov 2024;
removed the k8s inventory plugin that was deprecated in release 3.0.0.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
Documentation
galaxy.yml
inventory/k8s.py
ADDITIONAL INFORMATION
The initial version of this PR doesn't remove tests/sanity/ignore-2.14.txt and tests/sanity/ignore-2.15.txt, and CI part will require removing version 2.15 from the matrix in https://github.com/ansible-network/github_actions, so, we have external dependency here.
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Yuriy Novostavskiy
Reviewed-by: Mike Graves <mgraves@redhat.com>
SUMMARY
Starting with version 3.14.0, Helm supports --reset-then-reuse-values. As discussed on the original PR. This greatly improves on --reuse-values as it allows to avoid templates errors when new features are added to an upgraded chart.
Closes#803
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm
ADDITIONAL INFORMATION
This PR is greatly 'inspired' by #575 and because I wasn't sure how I could provide additional tests for it, I actually copied those build previously for --reuse-values (as it is an improvement on this feature.
Reviewed-by: Bikouo Aubin
Reviewed-by: Yuriy Novostavskiy
Reviewed-by: b0z02003
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
This PR is a rebase of #898 for CI to pass
Thanks @efussi for your collaboration.
Closes#892
Reviewed-by: Yuriy Novostavskiy
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
* fix integration test ``k8s_full`` running with ansible-core 2.19
* Fix templating issues
* fix test on current ansible version
* fix tests cases
* Fix additional tests
* fix the templating mechanism
* consider using variable_[start/end]_string while parsing template
* Remove support for omit into template option
* Remove unnecessary unit tests
SUMMARY
This allows us to ignore e.g. the last-applied-configuration annotation by specifying
metadata.annotations[kubectl.kubernetes.io/last-applied-configuration]
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
hidden_fields
This replaces #643 as I no longer have permissions to push to branches in this repo
Reviewed-by: Bikouo Aubin
Reviewed-by: Helen Bailey <hebailey@redhat.com>
Reviewed-by: GomathiselviS <gomathiselvi@gmail.com>
Reviewed-by: Alina Buzachis
SUMMARY
Fixes#869
During an OpenShift installation, one of the checks to see that the cluster is ready to proceed with configuration is to check to ensure that the Cluster Operators are in an Available: True Degraded: False Progressing: False state. While you can currently use the k8s_info module to get a json response, the resulting json needs to be iterated over several times to get the appropriate status.
This PR adds functionality into waiter.py which loops over all resource instances of the cluster operators. If any of them is not ready, waiter returns False and the task false. If the task returns, you can assume that all the cluster operators are healthy.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
waiter.py
ADDITIONAL INFORMATION
A simple playbook will trigger the waiter.py to watch the ClusterOperator object
---
- name: get operators
hosts: localhost
gather_facts: false
tasks:
- name: Get cluster operators
kubernetes.core.k8s_info:
api_version: v1
kind: ClusterOperator
kubeconfig: "/home/ocp/one/auth/kubeconfig"
wait: true
wait_timeout: 30
register: cluster_operators
This will produce the simple response if everything is functioning properly:
PLAY [get operators] *************************************************************************************************
TASK [Get cluster operators] *****************************************************************************************
ok: [localhost]
PLAY RECAP ***********************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
If the timeout is reached:
PLAY [get operators] *************************************************************************************************
TASK [Get cluster operators] *****************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible_collections.kubernetes.core.plugins.module_utils.k8s.exceptions.CoreException: Failed to gather information about ClusterOperator(s) even after waiting for 30 seconds
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to gather information about ClusterOperator(s) even after waiting for 30 seconds"}
PLAY RECAP ***********************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
UNSOLVED: How to know which Operators are failing
Reviewed-by: Mandar Kulkarni <mandar242@gmail.com>
Reviewed-by: Bikouo Aubin
SUMMARY
Apply no_log=True to pass_credentials to silence false positive warning.
Fixes similar issue to: #423
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
changelog/fragements/796-false-positive-helmull.yaml
plugins/modules/helm_pull.py
Reviewed-by: Yuriy Novostavskiy
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Irum Malik
SUMMARY
Some parameters were added to the master in time where the latest version was 2.4.0 with version_added: 2.5.0, however the next version after 2.4.0 was a 3.0.0.
So, with this trivial doc PR (that most probably doesn't require a changelog fragment and including to changelog) I replacing version_added: 2.5.0 to version_added: 3.0.0 for:
reuse_values in kubernetes.core.helm module
reset_values in kubernetes.core.helm module
delete_all in kubernetes.core.k8s module
hidden_fields in kubernetes.core.k8s module
hidden_fields in kubernetes.core.k8s_info module
All of them are introduced in kubernetes.core 3.0.0
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
helm
k8s
8s_info
ADDITIONAL INFORMATION
PR to be backported to stable-3 and stable-5
Reviewed-by: Mike Graves <mgraves@redhat.com>
* new module helm_registry_auth
* Initial integration tests
* final update copyright and integration test before pr
* update link to pr in changelog fragment
* reformat plugins/module_utils/helm.py with black
to fix linters in actions
* attempt to fix unit test
unit test was missing initially
* fix https://pycqa.github.io/isort/ linter
* next attemp to fix unit-test
* remove unused and unsupported helm_args_common
* remove unused imports and fix other linters errors
* another fix for unit test
* fix issue introducied by commit ff02893a12a31f9c44b5c48f9a8bf85057295961
* add binary_path to arg_spec
* return helm_cmd in the output of check mode
remove changlog fragment
* description suggestion from reviewer/maintainer
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
* description suggestion from reviewer/maintainer
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
* description suggestion from reviewer/maintainer
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
* description suggestion from reviewer/maintainer
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
* description suggestion from reviewer/maintainer
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
* description suggestion from reviewer/maintainer
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
* description suggestion from reviewer/maintainer
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
* description suggestion from reviewer/maintainer
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
* remove changed from module return
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
* remove redundant code
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
* Update plugins/modules/helm_registry_auth.py
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
* consider support of logout when user is not logged in
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
* consider support helm < 3.0.0
* Revert "consider support helm < 3.0.0"
This reverts commit f20004d196.
* reintroduce support of helm version less than 3.8.0
reference: https://helm.sh/docs/topics/registries/#enabling-oci-support-prior-to-v380
* revert reintroducing support of helm < 3.8.0
reason: didn't find a quick way to deal with tests
* update documentation with the recent module updates
* Update plugins/modules/helm_registry_auth.py
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
* add test of logout impendency
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
* fix linters
* fix intendations in the integration tests
* create tests/integration/targets/helm_registry_auth/aliases
* fix integration test (typo)
* fix integration tests (test wrong cred)
* add stderr when module fail
* another attempt to fix integration test
* fix assertion in integration test to be not affceted by the #830
---------
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
SUMMARY
Closes#797 .
The error message "Too Many Requests" is confusing and is changed to a more meaningful message:
TASK [Drain node] *************************************************************************
Montag 25 November 2024 09:20:28 +0100 (0:00:00.014) 0:00:00.014 *******
fatal: [host -> localhost]: FAILED! => {"changed": false, "msg": "Failed to delete pod kube-public/draintest-6b84677b99-9jf7m due to: Cannot evict pod as it would violate the pod's disruption budget."}
The new task output would allow to deal with a pod disruption budget with the retries/until logic in a more controlled way:
---
- hosts: "{{ target }}"
serial: 1
gather_facts: false
tasks:
- name: Drain node
kubernetes.core.k8s_drain:
kubeconfig: "{{ kubeconfig_path }}"
name: "{{ inventory_hostname }}"
delete_options:
ignore_daemonsets: true
delete_emptydir_data: true
wait_timeout: 100
disable_eviction: false
wait_sleep: 1
delegate_to: localhost
retries: 10
delay: 5
until: drain_result is success or 'disruption budget' not in drain_result.msg
register: drain_result
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
k8s_drain
Reviewed-by: Mike Graves <mgraves@redhat.com>
SUMMARY
Fixes#792 .
The function wait_for_pod_deletion in k8s_drain never checks on which node a pod is actually running:
try:
response = self._api_instance.read_namespaced_pod(
namespace=pod[0], name=pod[1]
)
if not response:
pod = None
time.sleep(wait_sleep)
This means that if a pod is successfully evicted and restarted with the same name on a new node, k8s_drain does not notice and thinks that the original pod is still running. This is the case for pods which are part of a stateful set.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
k8s_drain
Reviewed-by: Mike Graves <mgraves@redhat.com>
SUMMARY
Fixes#769 .
k8s_drain was not checking if a pod has been deleted when there was only one pod on the node to be drained.
The list of pods, pods, was being "popped" before the first iteration of the while loop:
pod = pods.pop()
while (_elapsed_time() < wait_timeout or wait_timeout == 0) and pods:
When pods contains only one element, the while loop is skipped.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
k8s_drain
Reviewed-by: Mike Graves <mgraves@redhat.com>
SUMMARY
error judgments are based on the exit codes of command execution, where 0 represents success and non-zero represents failure.
Optimize the run_command function to return a tuple like the run_command method of AnsibleModule.
Fixes#639
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
kustomize lookup plugin
ADDITIONAL INFORMATION
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: QCU
SUMMARY
If the helm CLI version includes -rc.1 for example, the version checks fails due to an incomplete regex.
The error can be triggered if you use helm v3.15.0-rc.1 for example, and apply a helm chart with wait: true
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
helm
helm_pull
ADDITIONAL INFORMATION
Reviewed-by: Yuriy Novostavskiy
Reviewed-by: Eric G.
Reviewed-by: Mike Graves <mgraves@redhat.com>
Doc: add example of using kubectl connection plugin
SUMMARY
Currently documentation for collection don't include any examples of using kubenrenes.core.kubectl connection plugin and it's hard to start using that plugin.
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
kubenrenes.core.kubectl connection plugin
ADDITIONAL INFORMATION
This PR was inspired by #288 and based on feedback on that PR and my own experience. Thanks @tpo for his try and @geerlingguy for his Ansible for DevOps book
Reviewed-by: Bikouo Aubin
Reviewed-by: Sandra McCann <samccann@redhat.com>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Yuriy Novostavskiy
Reviewed-by: purdzan
Defer removal of inventory/k8s to 6.0.0
SUMMARY
Defer removal of inventory plugin k8s to release 6.0.0.
ISSUE TYPE
Feature Pull Request
Reviewed-by: Alina Buzachis
Reviewed-by: Mike Graves <mgraves@redhat.com>
Remove deprecated function from module_utils/common.py
SUMMARY
Remove deprecated functions and class from module_utils/common.py in order to prepare release 4.0.0
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
module_utils/common.py
Reviewed-by: Alina Buzachis
Defer removal of k8s inventory plugin to version 5.0.
SUMMARY
Defer removal of k8s inventory plugin to version 5.0.
ISSUE TYPE
Bugfix Pull Request
Docs Pull Request
Feature Pull Request
New Module Pull Request
COMPONENT NAME
inventory/k8s.py
ADDITIONAL INFORMATION
Reviewed-by: Bikouo Aubin
Reviewed-by: Mike Graves <mgraves@redhat.com>
k8s - remove support for merge_type=json
SUMMARY
Support for merge_type=json has been removed in version 4.0.0. Please use kubernetes.core.k8s_json_patch instead.
ISSUE TYPE
Bugfix Pull Request
Docs Pull Request
Feature Pull Request
New Module Pull Request
COMPONENT NAME
k8s.py
ADDITIONAL INFORMATION
Reviewed-by: Bikouo Aubin
Reviewed-by: Mike Graves <mgraves@redhat.com>
Update deprecation version for merge_type=json
SUMMARY
When looking at the parts of plugins/module_utils/common.py and plugins/module_utils/k8s/service.py during the post 3.0.0 release (see https://github.com/ansible-collections/kubernetes.core/pull/663/files#diff-9ee2d0860a5643da4e1f35136e9e7c3a41c5f2fd2952c197e7e32b941e5a301c) that affect merge_type when set to json, I don't believe merge_type=json was deprecated for (and removed from) the k8s module, and instead the deprecation version has moved to 4.0.0. Hence, the documentation update.
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
k8s module
Reviewed-by: Mike Graves <mgraves@redhat.com>
minor(doc): use the same style of version_added across repo
SUMMARY
Currently is no single style of version_added, in some places it's unquoted, somewhere single quote is used, in another places it's double quoted. Moreover, some file had different styles in one single file.
The aim of this PR is to update whole repo to single style for version_added
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
kustomize
helm
helm_info
helm_plugin
helm_plugin_info
helm_pull
helm_repository
helm_template
k8s_cluster_info
k8s_cp
k8s_drain
k8s_exec
k8s_log
k8s_rollback
k8s_taint
ADDITIONAL INFORMATION
The same style is proposed as used in amazon.aws collections
Reviewed-by: Kelv Gooding
Reviewed-by: Alina Buzachis
Reviewed-by: Mike Graves <mgraves@redhat.com>
fixed typo in filename of 'k8s_json_patch'-action
SUMMARY
The filename/symlink of the action for the 'k8s_json_patch'-module was wrong. Renamed file from 'ks8_json_patch.py' to ' k8s_json_patch.py'
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
k8s_json_patch
ADDITIONAL INFORMATION
Because of the wrong filename things like unvaulting kubeconfig files did not worked.
Reviewed-by: Mike Graves <mgraves@redhat.com>
