* Cleanup gha
* test by removing matrix excludes
* Rename sanity tests
* trigger integration tests
* Fix ansible-lint workflow
* Fix concurrency
* Add ansible-lint config
* Add ansible-lint config
* Fix integration and lint issues
* integration wf
* fix yamllint issues
* fix yamllint issues
* update readme and add ignore-2.16.txt
* fix ansible-doc
* Add version
* Use /dev/random to generate random data
The GHA environment has difficultly generating entropy. Trying to read
from /dev/urandom just blocks forever. We don't care if the random data
is cryptographically secure; it's just garbage data for the test. Read
from /dev/random, instead. This is only used during the k8s_copy test
target.
This also removes the custom test module that was being used to generate
the files. It's not worth maintaining this for two task that can be
replaced with some simple command/shell tasks.
* Fix saniry errors
* test github_action fix
* Address review comments
* Remove default types
* review comments
* isort fixes
* remove tags
* Add setuptools to venv
* Test gh changes
* update changelog
* update ignore-2.16
* Fix indentation in inventory plugin example
* Update .github/workflows/integration-tests.yaml
* Update integration-tests.yaml
---------
Co-authored-by: Mike Graves <mgraves@redhat.com>
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
k8s - fix issue when try to delete resources using label_selectors
SUMMARY
The kubernetes dynamic client has label_selector parameter for the delete method, however based on the documentation of REST API we cannot delete resources using labelSelector option, this fix update the way the resources are deleted. The list of resources are deleted one after another like in the kubectl go client.
Fixes#428
ISSUE TYPE
Bugfix Pull Request
Reviewed-by: Abhijeet Kasurde <None>
Upgrade black version
SUMMARY
Move off of beta version of black and pin to current calendar year
version.
The only manual changes here are to tox.ini. Everything else is from running the new version of black.
ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Abhijeet Kasurde <None>
Continue waiting when an exception is raised
SUMMARY
When an exception is raised and the wait_timeout is not reached, we should continue waiting as this may occurs due to temporary issue on cluster
Fixes#407
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Abhijeet Kasurde <None>
Fix waiting on StatefulSet scale down
SUMMARY
When scaling a StatefulSet down to 0 replicas the wait will fail
because some properties of the status (readyReplicas, updatedReplicas)
will not exist. These are probably defined as omitempty in the API and
since the value is zero are not present in the response.
Fixes#203
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
k8s_scale
ADDITIONAL INFORMATION
Reviewed-by: Gonéri Le Bouder <goneri@lebouder.net>
Use resource prefix when apiVersion is v1
SUMMARY
When getting a resource from the core api group, the prefix was not
passed, leading the lookup to happen in all api groups. This broad
search is not really necessary and leads to problems in some corner
cases, for example, when an api is deleted after the api group list is
cached.
This fix uses the 'api' prefix when the apiVersion is 'v1', as this is
almost certainly what the user wants. As a fallback, to retain backwards
compatibility, the old behavior is used if the first lookup failed to
find a resource. Given that the module defaults to 'v1' for the
apiVersion, there are likely many cases where a resource, such as
StatefulSet, is used while failing to provide an apiVersion. While
technically incorrect, this has worked in most cases, so we probably
shouldn't break this behavior.
Fixes#351
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
changelogs/fragments/364-use-resource-prefix.yaml
plugins/module_utils/common.py
Prepare for distutils.version being removed in Python 3.12
SUMMARY
distutils has been deprecafed and will be removed from
Python's stdlib in Python 3.12 (see python.org/dev/peps/pep-0632).
This PR replaces the use of distutils.version.LooseVersion and distutils.version.StrictVersion
with LooseVersion from the vendored copy of distutils.version
included with ansible-core 2.12 (ansible/ansible#74644) if available,
and falls back to distutils.version for ansible-core 2.11 and before.
Since ansible-core 2.11 and earlier do not support Python 3.12 (since
they use LooseVersion itself in various places), this incomplete fix
should be OK for now. Also, the way this PR works (by adding a new
module_utils version that abstracts away where LooseVersion comes from),
it is easy to also fix this for ansible-core 2.11 and earlier later on.
Signed-off-by: Abhijeet Kasurde akasurde@redhat.com
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
changelogs/fragments/disutils.version.yml
molecule/default/roles/helm/library/helm_test_version.py
plugins/module_utils/common.py
plugins/module_utils/version.py
plugins/modules/helm.py
Reviewed-by: Felix Fontein <felix@fontein.de>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
k8s - add support for Server Side apply
SUMMARY
Server side apply is now support for k8s module with this Pull request.
The feature is not yet released on kubernetes-client, once this is done, we can merge this pull request.
closes#87
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
k8s
ADDITIONAL INFORMATION
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
Reviewed-by: None <None>
Fix for common non-ASCII characters in CRDs
This should keep the module safe from digesting non-ASCII chars like here (https://github.com/projectcalico/api/pull/46/files)
SUMMARY
Add support for non-ASCII chars in manifests.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
core.k8s module failing if resources contain non ascii chars
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Alessandro Rossi <None>
Reviewed-by: None <None>
add support for user impersonation for k8s modules
SUMMARY
k8s module should not allow user to perform operation using impersonation as describe here
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#user-impersonation
This pull request closes#40
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: None <None>
add no_proxy support to k8s*
SUMMARY
close#271
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
plugins/module_utils/args_common.py
plugins/modules/k8s*
ADDITIONAL INFORMATION
It requires latest kubernetes library(>=19.15.0) to use this feature.
pip install kubernetes>=19.15.0
then, use following snippet yaml:
- k8s:
state: present
src: "deployment.yaml"
proxy: "http://proxy.yourdomain.com:8080/"
no_proxy: "localhost,.yourdomain.com,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192,168.0.0/16"
or use environment variable K8S_AUTH_NO_PROXY as well as K8S_AUTH_PROXY.
Reviewed-by: None <None>
Reviewed-by: None <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
Don't wait on *List resources for info module
SUMMARY
We can't use the same wait logic on *List resources because they lack
the same metadata that other resources have. We should ensure that we
are waiting on the items in the list, but not the list itself. Waiting
on the list itself results in unexpected behavior.
This fixes the waiting logic when waiting on a list to wait until the
list being queried contains one or more items, or the wait timeout has
been reached. Each item in the list can then be waited on with the usual
wait logic.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: None <None>
Reviewed-by: Alina Buzachis <None>
Reviewed-by: None <None>
Add support for dry run
SUMMARY
Kubernetes server-side dry run will be used when the kubernetes client
version is >=18.20.0. For older versions of the client, the existing
client side speculative change implementation will be used.
The effect of this change should be mostly transparent to the end user
and is reflected in the fact the tests have not changed but should still
pass. With this change, there are a few edge cases that will be
improved. One example of these edge cases is to use check mode on an
existing Service resource. With dry run this will correctly report no
changes, while the older client side implementation will erroneously
report changes to the port spec.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Gonéri Le Bouder <goneri@lebouder.net>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Alina Buzachis <None>
Reviewed-by: None <None>
Reviewed-by: None <None>
common/_wait_for: ensure label_selectors is optional
Depends-On: ansible/ansible-zuul-jobs#1125
The label_selectors is a new parameter for _wait_for that was
introduced in #158.
The value is new and it can be set to None to make it optional. It should
not be mandatory a non optional parameter.
Reviewed-by: None <None>
Reviewed-by: Alina Buzachis <None>
Reviewed-by: None <None>
add support for in-memory kubeconfig
SUMMARY
k8s module support now authentication with kubeconfig parameter as file and dict.
Closes#139
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
Fix network_sanity_ee_tests
SUMMARY
Network sanity ee tests are broken
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: None <None>
Add support for waiting on a StatefulSet.
SUMMARY
This PR implements support for waiting on StatefulSet for readiness similar to how the other waiters currently work.
ISSUE TYPE
Feature Pull Request
ADDITIONAL INFORMATION
This was designed to (mostly) mimic the behaviour of the StatefulSetStatusViewer used by kubectl rollout status -w.
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: Joshua K <None>
Reviewed-by: None <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
k8s - add label_selectors options
SUMMARY
k8s now support label_selectors options same as k8s_info
Resolves#43
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
k8s
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
* support diff mode for k8s module
* Update and rename 145-k8s-add-support-diff-mode.yml to 146-k8s-add-support-diff-mode.yml
* Update 146-k8s-add-support-diff-mode.yml
* Update changelogs/fragments/146-k8s-add-support-diff-mode.yml
Co-authored-by: Mike Graves <mgraves@redhat.com>
* update k8s_scale and k8s_json_patch
* diff for k8s_scale and k8s_json_patch
Co-authored-by: Mike Graves <mgraves@redhat.com>
* Check that auth value is not None
The previous check for truth prevented the verify_ssl param from being
set to false, thus forcing ssl verfication in every case.
* Add changelog fragment
* Fix linting
* Account for updated pods when waiting on DaemonSet
The exising logic that's used to determine when a DaemonSet is ready
fails to account for the fact that a RollingUpdate first kills the pod
and then creates a new one. Simply checking if the
desiredNumberScheduled equals the numberReady will succeed in cases
when the old pod takes time to shut down, and would report that the new
Deployment is ready despite the fact that the old pod has not been
replaced, yet.
* Add changelog fragment
* Replace openshift client with kubernetes client
This commit primarily just removes mentions of openshift from the docs
and updates the requirements. Most of the work to replace the client has
been done through the following commits:
edc48ee577c214376cac48c51700182b6a989cf9
* Add changelog fragment
* Update changelogs/fragments/96-replace-openshift-client.yaml
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* Update plugins/modules/k8s.py
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* Update plugins/modules/k8s_info.py
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* Update plugins/modules/k8s_service.py
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* Bump minimum kubernetes version to 12.0.0
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* Replicate base resource for lists functionality
This replicates specific functionality from the openshift client to more
reliably retrieve the base resource from a resource list.
* Add changelog fragment
* Fix client regression from turbo mode refactor
The turbo mode refactoring introduced a regression where the kubernetes
client can fail to find the kubeconfig. This happens because
get_api_client is called twice and the second time it is called without
the module being passed as an argument. Without this, the configuration
will use defaults. This will be a problem if the user has specified a
location for the kubeconfig that's different from default, for example.
* Add tests
When the user provides a hostname with trailing slashes like
https://localhost:6443/, the openshift library fails to
enumerate the APIs from the given cluster.
This fix removes any extra trailing slashes before sending it
to the openshift DynamicClient.
Fixes: #52
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Rename from community.kubernetes to kubernetes.core
This goes through and renames community.kubernetes to kubernetes.core.
Most of this was generated from the downstream build script that was
used on the community repository, plus whatever hand edits I could find
that were needed.
The downstream build and test process has also been removed as this
repository is now the downstream repository.
* Fix CONTRIBUTING.md
* refactoring for ansible_module.turbo integration
This refactoring prepares the integration of `ansible_module.turbo`
- Delay the loading of `common.py`, move the shared structure in
`args_common`.
- Avoid the use of one single object per module, this to increase the
amount of Python structure that we can cache.
- Cache the Kubernetes client.
See: https://github.com/ansible-collections/community.kubernetes/pull/270
Co-authored-by: Jill Rouleau <jill.rouleau@bespokess.com>
* Honor wait in k8s_info for missing resource
The wait logic in the k8s_info module immediately returns when no
resources are found, regardless whether a wait_timeout has been
specified. This expands the logic to wait when a name has been provided.
The case this is specifically meant to address is when querying for a
resource that is indirectly created by another resource, for example, a
pod created by a deployment or an operator.
The existing logic in every other case should remain as it was before.
This means if a query might return more than one resource--all pods with
some label, for example--the module will return immediately if no pods
are found, even if a wait_timeout has been provided.
* Add changelog fragment
When adding a Secret and using stringData, check_mode will always show
changes. An existing resource fetched from Kubernetes will have the
stringData already base64 encoded and merged into the data attribute.
This change performs the base64 encoding and merging with the provided
definition to more accurately represent the current state of the
cluster.
This change only affects check_mode. When making any changes to the
cluster the stringData is passed along as provided in the definition.
Closes#282.
* Add support for configuring garbage collection
This surfaces deleteOptions functionality in a top-level delete_options
parameter.
* Add changelog fragment
* Remove kind and apiVersion from delete_options
* Add release version to docs
