mirror of
https://github.com/ansible-collections/kubernetes.core.git
synced 2026-05-15 22:12:06 +00:00
Compare commits
8 Commits
5.4.2
...
patchback/
| Author | SHA1 | Date | |
|---|---|---|---|
|
5a34ce5ed8 | ||
|
|
3328d3dfd8 | ||
|
2b52790a01 | ||
|
|
84cf83fe0f | ||
|
|
a2aa079829 | ||
|
|
ca050aa3f6 | ||
|
|
84249fc4f1 | ||
|
|
229575fe8f |
13
.github/workflows/integration-tests.yaml
vendored
13
.github/workflows/integration-tests.yaml
vendored
@@ -55,13 +55,14 @@ jobs:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
ansible-version:
|
||||
- milestone
|
||||
# Ref must match a branch/tag on github.com/ansible/ansible (e.g. stable-2.18, not 2.18).
|
||||
ansible-version: ["stable-2.18", "milestone"]
|
||||
enable-turbo-mode: [true, false]
|
||||
exclude:
|
||||
- ansible-version: "milestone"
|
||||
enable-turbo-mode: true
|
||||
python-version:
|
||||
- "3.12"
|
||||
enable-turbo-mode:
|
||||
- true
|
||||
- false
|
||||
workflow-id: ${{ fromJson(needs.splitter.outputs.test_jobs) }}
|
||||
name: "integration-py${{ matrix.python-version }}-${{ matrix.ansible-version }}-${{ matrix.workflow-id }}-enable_turbo=${{ matrix.enable-turbo-mode }}"
|
||||
steps:
|
||||
@@ -107,6 +108,7 @@ jobs:
|
||||
source_path: ${{ env.source }}
|
||||
|
||||
- name: checkout ansible-collections/cloud.common
|
||||
if: ${{ matrix.enable-turbo-mode == true }}
|
||||
uses: ansible-network/github_actions/.github/actions/checkout_dependency@main
|
||||
with:
|
||||
repository: ansible-collections/cloud.common
|
||||
@@ -128,6 +130,7 @@ jobs:
|
||||
ref: main
|
||||
|
||||
- name: install cloud.common collection
|
||||
if: ${{ matrix.enable-turbo-mode == true }}
|
||||
uses: ansible-network/github_actions/.github/actions/build_install_collection@main
|
||||
with:
|
||||
install_python_dependencies: true
|
||||
|
||||
70
.github/workflows/sonarcloud.yml
vendored
Normal file
70
.github/workflows/sonarcloud.yml
vendored
Normal file
@@ -0,0 +1,70 @@
|
||||
---
|
||||
# SonarCloud analysis for kubernetes.core
|
||||
#
|
||||
# Uses the same-repo + default-branch push model: GitHub does not expose org secrets to workflows
|
||||
# from fork PRs (see https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions).
|
||||
# This job is gated so the Sonar token is never available in untrusted fork contexts. A follow-up
|
||||
# workflow triggered by workflow_run + artifacts is an alternative if the org later requires Sonar
|
||||
# with coverage on fork PRs (see https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run).
|
||||
name: SonarCloud
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
- stable-*
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
- stable-*
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: read
|
||||
|
||||
jobs:
|
||||
sonarqube:
|
||||
name: SonarCloud Scan
|
||||
runs-on: ubuntu-latest
|
||||
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
|
||||
env:
|
||||
# Pin ansible-test behavior; bump when raising supported ansible-core (see meta/runtime.yml).
|
||||
ANSIBLE_CORE_VERSION: "2.19.5"
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.12"
|
||||
|
||||
- name: Install Ansible (ansible-test)
|
||||
run: |
|
||||
pip install --upgrade pip
|
||||
pip install "ansible-core==${ANSIBLE_CORE_VERSION}"
|
||||
|
||||
- name: Unit tests with coverage
|
||||
run: ansible-test units --venv --coverage --python 3.12 --requirements
|
||||
|
||||
- name: Coverage combine and XML for Sonar
|
||||
run: |
|
||||
ansible-test coverage combine --venv --python 3.12 --requirements
|
||||
ansible-test coverage xml --venv --python 3.12 --requirements
|
||||
|
||||
- name: Copy coverage report to repo root
|
||||
run: |
|
||||
set -euo pipefail
|
||||
ls -la tests/output/reports/
|
||||
xml=$(find tests/output/reports -maxdepth 1 -name '*.xml' ! -name '*powershell*' | head -1)
|
||||
test -n "$xml"
|
||||
cp "$xml" coverage.xml
|
||||
|
||||
- name: SonarCloud Scan
|
||||
# Same pinned version as ansible-collections/amazon.aws sonarcloud.yml
|
||||
uses: SonarSource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9
|
||||
env:
|
||||
SONAR_TOKEN: ${{ secrets.ANSIBLE_COLLECTIONS_ORG_SONAR_TOKEN_CICD_BOT }}
|
||||
3
.gitignore
vendored
3
.gitignore
vendored
@@ -24,3 +24,6 @@ tests/integration/*-*.yml
|
||||
|
||||
# VS Code settings
|
||||
.vscode/
|
||||
|
||||
# Root coverage report for SonarCloud (generated locally or in CI)
|
||||
/coverage.xml
|
||||
|
||||
18
README.md
18
README.md
@@ -6,6 +6,24 @@ This repository hosts the `kubernetes.core` (formerly known as `community.kubern
|
||||
|
||||
The collection includes a variety of Ansible content to help automate the management of applications in Kubernetes and OpenShift clusters, as well as the provisioning and maintenance of clusters themselves.
|
||||
|
||||
## SonarCloud (code quality)
|
||||
|
||||
Static analysis runs on [SonarCloud](https://sonarcloud.io) using `sonar-project.properties` and
|
||||
`.github/workflows/sonarcloud.yml`. Coverage shown in Sonar comes from unit-test coverage exported as
|
||||
`coverage.xml` at the repository root during CI.
|
||||
|
||||
The SonarCloud project key must match `sonar.projectKey` (`ansible-collections_kubernetes.core`). Adding
|
||||
or renaming the project is coordinated via Ansible Collections maintainers.
|
||||
|
||||
GitHub does not expose organization secrets to workflows for pull requests opened from forks. The
|
||||
Sonar job therefore only runs on pushes to this repository's branches and on pull requests where the
|
||||
head branch is on `ansible-collections/kubernetes.core` (not from forks). That matches GitHub's
|
||||
documented behavior for [secrets in Actions](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions).
|
||||
|
||||
If the project later needs Sonar with coverage on **fork** PRs, maintainers typically add a separate
|
||||
trusted job after a workflow that uploads coverage artifacts, using GitHub's `workflow_run` event.
|
||||
See [workflow_run (GitHub Docs)](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run).
|
||||
|
||||
## Communication
|
||||
|
||||
* Join the Ansible forum:
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
---
|
||||
bugfixes:
|
||||
- k8s_drain - Fix logic for handling pods with local storage to correctly check for empty_dir volumes in replicated pods and pods managed by DaemonSets (https://github.com/ansible-collections/kubernetes.core/pull/1095).
|
||||
@@ -0,0 +1,2 @@
|
||||
bugfixes:
|
||||
- helm_repository - correct handling of repository URLs with trailing slashes (https://github.com/ansible-collections/kubernetes.core/pull/1121).
|
||||
@@ -701,6 +701,21 @@ Examples
|
||||
wait_sleep: 10
|
||||
wait_timeout: 360
|
||||
|
||||
- name: Wait for OpenShift bootstrap to complete
|
||||
kubernetes.core.k8s_info:
|
||||
api_version: v1
|
||||
kind: ConfigMap
|
||||
name: bootstrap
|
||||
namespace: kube-system
|
||||
register: ocp_bootstrap_status
|
||||
until: >
|
||||
ocp_bootstrap_status.resources is defined and
|
||||
(ocp_bootstrap_status.resources | length > 0) and
|
||||
(ocp_bootstrap_status.resources[0].data.status is defined) and
|
||||
(ocp_bootstrap_status.resources[0].data.status == 'complete')
|
||||
retries: 60
|
||||
delay: 15
|
||||
|
||||
|
||||
|
||||
Return Values
|
||||
|
||||
@@ -302,6 +302,8 @@ def main():
|
||||
|
||||
repo_name = module.params.get("repo_name")
|
||||
repo_url = module.params.get("repo_url")
|
||||
if repo_url:
|
||||
repo_url = repo_url.rstrip("/")
|
||||
repo_username = module.params.get("repo_username")
|
||||
repo_password = module.params.get("repo_password")
|
||||
repo_state = module.params.get("repo_state")
|
||||
|
||||
@@ -214,21 +214,21 @@ def filter_pods(pods, force, ignore_daemonset, delete_emptydir_data):
|
||||
to_delete.append((pod.metadata.namespace, pod.metadata.name))
|
||||
continue
|
||||
|
||||
# Pod with local storage cannot be deleted
|
||||
if pod.spec.volumes and any(vol.empty_dir for vol in pod.spec.volumes):
|
||||
localStorage.append((pod.metadata.namespace, pod.metadata.name))
|
||||
continue
|
||||
|
||||
# Check replicated Pod
|
||||
owner_ref = pod.metadata.owner_references
|
||||
if not owner_ref:
|
||||
owner_ref = pod.metadata.owner_references or []
|
||||
has_local_storage = bool(
|
||||
pod.spec.volumes and any(vol.empty_dir for vol in pod.spec.volumes)
|
||||
)
|
||||
is_daemonset_managed = any(owner.kind == "DaemonSet" for owner in owner_ref)
|
||||
|
||||
if is_daemonset_managed:
|
||||
daemonSet.append((pod.metadata.namespace, pod.metadata.name))
|
||||
elif has_local_storage:
|
||||
localStorage.append((pod.metadata.namespace, pod.metadata.name))
|
||||
elif not owner_ref:
|
||||
unmanaged.append((pod.metadata.namespace, pod.metadata.name))
|
||||
else:
|
||||
for owner in owner_ref:
|
||||
if owner.kind == "DaemonSet":
|
||||
daemonSet.append((pod.metadata.namespace, pod.metadata.name))
|
||||
else:
|
||||
to_delete.append((pod.metadata.namespace, pod.metadata.name))
|
||||
to_delete.append((pod.metadata.namespace, pod.metadata.name))
|
||||
|
||||
warnings, errors = [], []
|
||||
if unmanaged:
|
||||
|
||||
@@ -120,6 +120,21 @@ EXAMPLES = r"""
|
||||
namespace: default
|
||||
wait_sleep: 10
|
||||
wait_timeout: 360
|
||||
|
||||
- name: Wait for OpenShift bootstrap to complete
|
||||
kubernetes.core.k8s_info:
|
||||
api_version: v1
|
||||
kind: ConfigMap
|
||||
name: bootstrap
|
||||
namespace: kube-system
|
||||
register: ocp_bootstrap_status
|
||||
until: >
|
||||
ocp_bootstrap_status.resources is defined and
|
||||
(ocp_bootstrap_status.resources | length > 0) and
|
||||
(ocp_bootstrap_status.resources[0].data.status is defined) and
|
||||
(ocp_bootstrap_status.resources[0].data.status == 'complete')
|
||||
retries: 60
|
||||
delay: 15
|
||||
"""
|
||||
|
||||
RETURN = r"""
|
||||
|
||||
14
sonar-project.properties
Normal file
14
sonar-project.properties
Normal file
@@ -0,0 +1,14 @@
|
||||
# SonarCloud project configuration for kubernetes.core
|
||||
# Parameters: https://docs.sonarqube.org/latest/analysis/analysis-parameters/
|
||||
|
||||
sonar.projectKey=ansible-collections_kubernetes.core
|
||||
sonar.organization=ansible-collections
|
||||
sonar.sources=.
|
||||
sonar.projectName=kubernetes.core
|
||||
sonar.python.coverage.reportPaths=coverage.xml
|
||||
|
||||
sonar.tests=tests/unit,tests/integration
|
||||
sonar.python.version=3.12
|
||||
sonar.newCode.referenceBranch=stable-5
|
||||
|
||||
sonar.exclusions=tests/**,.tox/**
|
||||
35
tests/sanity/ignore-2.22.txt
Normal file
35
tests/sanity/ignore-2.22.txt
Normal file
@@ -0,0 +1,35 @@
|
||||
plugins/module_utils/client/discovery.py import-3.11!skip
|
||||
plugins/module_utils/client/discovery.py import-3.12!skip
|
||||
plugins/module_utils/client/discovery.py import-3.13!skip
|
||||
plugins/module_utils/client/discovery.py import-3.14!skip
|
||||
plugins/module_utils/client/resource.py import-3.11!skip
|
||||
plugins/module_utils/client/resource.py import-3.12!skip
|
||||
plugins/module_utils/client/resource.py import-3.13!skip
|
||||
plugins/module_utils/client/resource.py import-3.14!skip
|
||||
plugins/module_utils/k8sdynamicclient.py import-3.11!skip
|
||||
plugins/module_utils/k8sdynamicclient.py import-3.12!skip
|
||||
plugins/module_utils/k8sdynamicclient.py import-3.13!skip
|
||||
plugins/module_utils/k8sdynamicclient.py import-3.14!skip
|
||||
plugins/module_utils/version.py pylint!skip
|
||||
plugins/modules/k8s.py validate-modules:parameter-type-not-in-doc
|
||||
plugins/modules/k8s_scale.py validate-modules:parameter-type-not-in-doc
|
||||
plugins/modules/k8s_service.py validate-modules:parameter-type-not-in-doc
|
||||
tests/unit/module_utils/fixtures/clusteroperator.yml yamllint!skip
|
||||
tests/unit/module_utils/fixtures/definitions.yml yamllint!skip
|
||||
tests/unit/module_utils/fixtures/deployments.yml yamllint!skip
|
||||
tests/integration/targets/k8s_delete/files/deployments.yaml yamllint!skip
|
||||
tests/unit/module_utils/fixtures/pods.yml yamllint!skip
|
||||
tests/integration/targets/helm/files/appversionless-chart-v2/templates/configmap.yaml yamllint!skip
|
||||
tests/integration/targets/helm/files/appversionless-chart/templates/configmap.yaml yamllint!skip
|
||||
tests/integration/targets/helm/files/test-chart-v2/templates/configmap.yaml yamllint!skip
|
||||
tests/integration/targets/helm/files/test-chart/templates/configmap.yaml yamllint!skip
|
||||
tests/integration/targets/helm_diff/files/test-chart/templates/configmap.yaml yamllint!skip
|
||||
tests/integration/targets/k8s_scale/files/deployment.yaml yamllint!skip
|
||||
plugins/modules/k8s.py validate-modules:return-syntax-error
|
||||
plugins/modules/k8s_scale.py validate-modules:return-syntax-error
|
||||
plugins/modules/k8s_service.py validate-modules:return-syntax-error
|
||||
plugins/modules/k8s_taint.py validate-modules:return-syntax-error
|
||||
tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip
|
||||
tests/integration/targets/helm_diff/files/test-chart-deployment-time/templates/configmap.yaml yamllint!skip
|
||||
plugins/modules/helm.py validate-modules:bad-return-value-key
|
||||
plugins/modules/helm_info.py validate-modules:bad-return-value-key
|
||||
Reference in New Issue
Block a user