Use resource prefix when apiVersion is v1
SUMMARY
When getting a resource from the core api group, the prefix was not
passed, leading the lookup to happen in all api groups. This broad
search is not really necessary and leads to problems in some corner
cases, for example, when an api is deleted after the api group list is
cached.
This fix uses the 'api' prefix when the apiVersion is 'v1', as this is
almost certainly what the user wants. As a fallback, to retain backwards
compatibility, the old behavior is used if the first lookup failed to
find a resource. Given that the module defaults to 'v1' for the
apiVersion, there are likely many cases where a resource, such as
StatefulSet, is used while failing to provide an apiVersion. While
technically incorrect, this has worked in most cases, so we probably
shouldn't break this behavior.
Fixes#351
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
changelogs/fragments/364-use-resource-prefix.yaml
plugins/module_utils/common.py
Prepare for distutils.version being removed in Python 3.12
SUMMARY
distutils has been deprecafed and will be removed from
Python's stdlib in Python 3.12 (see python.org/dev/peps/pep-0632).
This PR replaces the use of distutils.version.LooseVersion and distutils.version.StrictVersion
with LooseVersion from the vendored copy of distutils.version
included with ansible-core 2.12 (ansible/ansible#74644) if available,
and falls back to distutils.version for ansible-core 2.11 and before.
Since ansible-core 2.11 and earlier do not support Python 3.12 (since
they use LooseVersion itself in various places), this incomplete fix
should be OK for now. Also, the way this PR works (by adding a new
module_utils version that abstracts away where LooseVersion comes from),
it is easy to also fix this for ansible-core 2.11 and earlier later on.
Signed-off-by: Abhijeet Kasurde akasurde@redhat.com
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
changelogs/fragments/disutils.version.yml
molecule/default/roles/helm/library/helm_test_version.py
plugins/module_utils/common.py
plugins/module_utils/version.py
plugins/modules/helm.py
Reviewed-by: Felix Fontein <felix@fontein.de>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
k8s - add support for Server Side apply
SUMMARY
Server side apply is now support for k8s module with this Pull request.
The feature is not yet released on kubernetes-client, once this is done, we can merge this pull request.
closes#87
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
k8s
ADDITIONAL INFORMATION
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
Reviewed-by: None <None>
Fix for common non-ASCII characters in CRDs
This should keep the module safe from digesting non-ASCII chars like here (https://github.com/projectcalico/api/pull/46/files)
SUMMARY
Add support for non-ASCII chars in manifests.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
core.k8s module failing if resources contain non ascii chars
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Alessandro Rossi <None>
Reviewed-by: None <None>
add support for user impersonation for k8s modules
SUMMARY
k8s module should not allow user to perform operation using impersonation as describe here
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#user-impersonation
This pull request closes#40
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: None <None>
add no_proxy support to k8s*
SUMMARY
close#271
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
plugins/module_utils/args_common.py
plugins/modules/k8s*
ADDITIONAL INFORMATION
It requires latest kubernetes library(>=19.15.0) to use this feature.
pip install kubernetes>=19.15.0
then, use following snippet yaml:
- k8s:
state: present
src: "deployment.yaml"
proxy: "http://proxy.yourdomain.com:8080/"
no_proxy: "localhost,.yourdomain.com,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192,168.0.0/16"
or use environment variable K8S_AUTH_NO_PROXY as well as K8S_AUTH_PROXY.
Reviewed-by: None <None>
Reviewed-by: None <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
Don't wait on *List resources for info module
SUMMARY
We can't use the same wait logic on *List resources because they lack
the same metadata that other resources have. We should ensure that we
are waiting on the items in the list, but not the list itself. Waiting
on the list itself results in unexpected behavior.
This fixes the waiting logic when waiting on a list to wait until the
list being queried contains one or more items, or the wait timeout has
been reached. Each item in the list can then be waited on with the usual
wait logic.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: None <None>
Reviewed-by: Alina Buzachis <None>
Reviewed-by: None <None>
Add support for dry run
SUMMARY
Kubernetes server-side dry run will be used when the kubernetes client
version is >=18.20.0. For older versions of the client, the existing
client side speculative change implementation will be used.
The effect of this change should be mostly transparent to the end user
and is reflected in the fact the tests have not changed but should still
pass. With this change, there are a few edge cases that will be
improved. One example of these edge cases is to use check mode on an
existing Service resource. With dry run this will correctly report no
changes, while the older client side implementation will erroneously
report changes to the port spec.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Gonéri Le Bouder <goneri@lebouder.net>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Alina Buzachis <None>
Reviewed-by: None <None>
Reviewed-by: None <None>
common/_wait_for: ensure label_selectors is optional
Depends-On: ansible/ansible-zuul-jobs#1125
The label_selectors is a new parameter for _wait_for that was
introduced in #158.
The value is new and it can be set to None to make it optional. It should
not be mandatory a non optional parameter.
Reviewed-by: None <None>
Reviewed-by: Alina Buzachis <None>
Reviewed-by: None <None>
Fix resource cache not being used
SUMMARY
This was some bad copy/paste from the openshift client. The resource
cache was never being used resulting in unnecessary HTTP requests.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: None <None>
Reviewed-by: Gonéri Le Bouder <goneri@lebouder.net>
Reviewed-by: None <None>
add support for in-memory kubeconfig
SUMMARY
k8s module support now authentication with kubeconfig parameter as file and dict.
Closes#139
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
Re-enable support for turbo mode
SUMMARY
This re-enables the ability to add turbo mode. It also adds a few more
tests to cover some cases that had been broken in turbo mode previously.
Testing with turbo mode is not currently enabled, and would fail until ansible-collections/cloud.common#69 can be merged and a new cloud.common release is done. This also does not add cloud.common to the collection dependencies until a decision has been made about how enabling/disabling turbo mode will work when cloud.common is already installed.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Gonéri Le Bouder <goneri@lebouder.net>
Reviewed-by: None <None>
Fix network_sanity_ee_tests
SUMMARY
Network sanity ee tests are broken
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: None <None>
Add support for waiting on a StatefulSet.
SUMMARY
This PR implements support for waiting on StatefulSet for readiness similar to how the other waiters currently work.
ISSUE TYPE
Feature Pull Request
ADDITIONAL INFORMATION
This was designed to (mostly) mimic the behaviour of the StatefulSetStatusViewer used by kubectl rollout status -w.
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: Joshua K <None>
Reviewed-by: None <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
k8s - add label_selectors options
SUMMARY
k8s now support label_selectors options same as k8s_info
Resolves#43
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
k8s
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
* support diff mode for k8s module
* Update and rename 145-k8s-add-support-diff-mode.yml to 146-k8s-add-support-diff-mode.yml
* Update 146-k8s-add-support-diff-mode.yml
* Update changelogs/fragments/146-k8s-add-support-diff-mode.yml
Co-authored-by: Mike Graves <mgraves@redhat.com>
* update k8s_scale and k8s_json_patch
* diff for k8s_scale and k8s_json_patch
Co-authored-by: Mike Graves <mgraves@redhat.com>
* Check that auth value is not None
The previous check for truth prevented the verify_ssl param from being
set to false, thus forcing ssl verfication in every case.
* Add changelog fragment
* Fix linting
* Fix apply on Ansible 2.9
For some reason the apply function can't be correctly imported in
Ansible 2.9. This just renames it to get it to import. I've also added
molecule testing on multiple Ansible versions.
* Add changelog fragment
In replicating the openshift client functionality we forgot to bring
over a fix for multiple resources with the same group version and kind.
This is specifically a problem for openshift templates.
* Account for updated pods when waiting on DaemonSet
The exising logic that's used to determine when a DaemonSet is ready
fails to account for the fact that a RollingUpdate first kills the pod
and then creates a new one. Simply checking if the
desiredNumberScheduled equals the numberReady will succeed in cases
when the old pod takes time to shut down, and would report that the new
Deployment is ready despite the fact that the old pod has not been
replaced, yet.
* Add changelog fragment
* Replace openshift client with kubernetes client
This commit primarily just removes mentions of openshift from the docs
and updates the requirements. Most of the work to replace the client has
been done through the following commits:
edc48ee577c214376cac48c51700182b6a989cf9
* Add changelog fragment
* Update changelogs/fragments/96-replace-openshift-client.yaml
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* Update plugins/modules/k8s.py
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* Update plugins/modules/k8s_info.py
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* Update plugins/modules/k8s_service.py
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* Bump minimum kubernetes version to 12.0.0
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* Replicate base resource for lists functionality
This replicates specific functionality from the openshift client to more
reliably retrieve the base resource from a resource list.
* Add changelog fragment
- enable the AnsibleTurboModule: Use AnsibleTurboModule when the `cloud.common` collection is available.
- Add dependency install step to molecule: Molecule won't install dependencies from galaxy.yml. We need to explicitly list them in a requirements.yml file and then enable the dependency step for molecule test.
* Fix client regression from turbo mode refactor
The turbo mode refactoring introduced a regression where the kubernetes
client can fail to find the kubeconfig. This happens because
get_api_client is called twice and the second time it is called without
the module being passed as an argument. Without this, the configuration
will use defaults. This will be a problem if the user has specified a
location for the kubeconfig that's different from default, for example.
* Add tests
When the user provides a hostname with trailing slashes like
https://localhost:6443/, the openshift library fails to
enumerate the APIs from the given cluster.
This fix removes any extra trailing slashes before sending it
to the openshift DynamicClient.
Fixes: #52
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Rename from community.kubernetes to kubernetes.core
This goes through and renames community.kubernetes to kubernetes.core.
Most of this was generated from the downstream build script that was
used on the community repository, plus whatever hand edits I could find
that were needed.
The downstream build and test process has also been removed as this
repository is now the downstream repository.
* Fix CONTRIBUTING.md
* refactoring for ansible_module.turbo integration
This refactoring prepares the integration of `ansible_module.turbo`
- Delay the loading of `common.py`, move the shared structure in
`args_common`.
- Avoid the use of one single object per module, this to increase the
amount of Python structure that we can cache.
- Cache the Kubernetes client.
See: https://github.com/ansible-collections/community.kubernetes/pull/270
Co-authored-by: Jill Rouleau <jill.rouleau@bespokess.com>
* Honor wait in k8s_info for missing resource
The wait logic in the k8s_info module immediately returns when no
resources are found, regardless whether a wait_timeout has been
specified. This expands the logic to wait when a name has been provided.
The case this is specifically meant to address is when querying for a
resource that is indirectly created by another resource, for example, a
pod created by a deployment or an operator.
The existing logic in every other case should remain as it was before.
This means if a query might return more than one resource--all pods with
some label, for example--the module will return immediately if no pods
are found, even if a wait_timeout has been provided.
* Add changelog fragment
