internet/kubernetes.core
3
0
Fork 0
mirror of https://github.com/ansible-collections/kubernetes.core.git synced 2026-05-11 20:12:18 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: internet:6.4.0
Branches Tags
internet:main internet:stable-5 internet:stable-6 internet:stable-3 internet:stable-4 internet:stable-2.4 internet:stable-2.3 internet:stable-2.2 internet:stable-2.1 internet:stable-1.2
internet:6.4.0 internet:6.3.0 internet:5.4.2 internet:6.2.0 internet:5.4.1 internet:6.1.0 internet:5.4.0 internet:6.0.0 internet:5.3.0 internet:5.2.0 internet:3.3.1 internet:5.1.0 internet:3.3.0 internet:3.2.0 internet:5.0.0 internet:4.0.0 internet:3.1.0 internet:3.0.1 internet:2.4.2 internet:2.4.1 internet:3.0.0 internet:2.4.0 internet:2.3.2 internet:2.3.1 internet:2.3.0 internet:2.2.3 internet:2.2.2 internet:2.2.1 internet:2.2.0 internet:2.1.1 internet:2.1.0 internet:2.0.2 internet:2.0.1 internet:2.0.0 internet:1.2.1
...
compare: internet:5.4.0
Branches Tags
internet:stable-5 internet:stable-6 internet:main internet:stable-3 internet:stable-4 internet:stable-2.4 internet:stable-2.3 internet:stable-2.2 internet:stable-2.1 internet:stable-1.2
internet:6.4.0 internet:6.3.0 internet:5.4.2 internet:6.2.0 internet:5.4.1 internet:6.1.0 internet:5.4.0 internet:6.0.0 internet:5.3.0 internet:5.2.0 internet:3.3.1 internet:5.1.0 internet:3.3.0 internet:3.2.0 internet:5.0.0 internet:4.0.0 internet:3.1.0 internet:3.0.1 internet:2.4.2 internet:2.4.1 internet:3.0.0 internet:2.4.0 internet:2.3.2 internet:2.3.1 internet:2.3.0 internet:2.2.3 internet:2.2.2 internet:2.2.1 internet:2.2.0 internet:2.1.1 internet:2.1.0 internet:2.0.2 internet:2.0.1 internet:2.0.0 internet:1.2.1

54 Commits
6.4.0 ... 5.4.0

Author SHA1 Message Date
Bianca Henderson
dcbe52e722 Prep kubernetes.core 5.4.0 release (#970) 
SUMMARY

Prep kubernetes.core 5.4.0 release

COMPONENT NAME
Multiple

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Alina Buzachis
Reviewed-by: GomathiselviS <gomathiselvi@gmail.com>
 2025-08-12 16:56:58 +00:00
patchback[bot]
1e711d4da8 CI fix for 976 (#982) (#984) 
This is a backport of PR #982 as merged into main (a861079).
SUMMARY
Exclude plugins/connection/kubectl.py from ansible-lint, as this file contains only examples that is simplificated and may not be accordingally to linter rules.
resolves #976
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
CI
ADDITIONAL INFORMATION

Reviewed-by: Alina Buzachis
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-08-12 15:41:03 +00:00
Bianca Henderson
4b2dc4f974 Reapply "Remove kubeconfig value from module invocation log (#826)" (#899) (#965) (#980) 
This reverts commit eb0aeeb from stable-5 (i.e., reapplies the changes from #965); this is a temporary fix for #782 as it will re-introduce #870.

Reviewed-by: Alina Buzachis
Reviewed-by: GomathiselviS <gomathiselvi@gmail.com>
 2025-08-11 16:48:07 +00:00
patchback[bot]
eb0aeeb318 Revert "Remove kubeconfig value from module invocation log (#826)" (#899) (#965) 
This is a backport of PR #899 as merged into main (1705ced).
This reverts commit 6efabd3.
SUMMARY

Fixes #870
A better solution is necessary to address #782. The current code makes getting manifests practically unusable. We need to revert this commit until a better solution is found.

ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

kubeconfig

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-07-22 21:28:48 +00:00
patchback[bot]
f3d3696093 Fix the integration test for helm_registry_auth with helm >= 3.18.0 and clarify idempotency. (#946) (#961) 
This is a backport of PR #946 as merged into main (642eb93).
SUMMARY
Fix the integration test for helm_registry_auth with helm >= 3.18.0 and clarify idempotency.
Fixes #944
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
helm_registry_auth
ADDITIONAL INFORMATION
Caused by the changes in helm starting from 3.18.0

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-07-15 16:01:23 +00:00
patchback[bot]
e3da2f28fd Fix integration test with ansibe-core 2.20 (#951) (#959) 
This is a backport of PR #951 as merged into main (f568c9d).
SUMMARY
Now that ansible-core 2.19.0rc1 has been released, ansible-core’s devel branch has been bumped from 2.19.0.dev0 to 2.20.0.dev0. This potentially requires collection CIs to be updated which rely on devel using tests/sanity/ignore-2.19.txt, for example. Also it’s now time to add stable-2.19 to CI if you relied on devel to cover 2.19 so far. Note that milestone has also been updated to 2.20.0dev0.
During testing, I noticed that the failed test tasks/test_helm_not_installed.yml due to the new error message with ansible 2.20, please find here and following comments.
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
test/CI (tasks/test_helm_not_installed.yml)
ADDITIONAL INFORMATION
to be cherry-picked to the stable-6 and stable-5

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-07-15 15:34:36 +00:00
Yuriy Novostavskiy
bb599542e8 add sanity/ignore for 2.20 and remove 2.16 and 2.14 (#954) 
SUMMARY
Now that ansible-core 2.19.0rc1 has been released, ansible-core’s devel branch has been bumped from 2.19.0.dev0 to 2.20.0.dev0. This  requires collection CI to be updated with using tests/sanity/ignore-2.20.txt. In the same time, ignore-2.14.txt ignore-2.15.txt is not required anymore as they are excluded from the matrix.
This PR is precific to stable-5 (and probably to be cherry-picked to stable-3) and is not required to main and stable-6 and such changes is already here.
ISSUE TYPE

CI Pull Request

COMPONENT NAME
CI
ADDITIONAL INFORMATION
It's required to have passed CI for #952

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Alina Buzachis
 2025-07-15 13:53:17 +00:00
patchback[bot]
6560fb1c53 Fix unit tests (#939) (#940) 
This is a backport of PR #939 as merged into main (34fd40d).
Some unit tests are broken with ansible-core 2.19, this PR aims to fix them.

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-07-11 02:23:06 +00:00
patchback[bot]
20084d119e Push changes from 3.3.1 into main branch (#893) (#894) 
This is a backport of PR #893 as merged into main (0e7229c).
Release 3.3.1 is out; push changes to main branch

Reviewed-by: Bikouo Aubin
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-05-16 18:31:00 +00:00
Bikouo Aubin
c47343d7b6 Prepare release 5.3.0 (#929) 
Release 5.3.0

Update galaxy.yml and README.md
Update release files using antsibull-changelog

Reviewed-by: Alina Buzachis
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Yuriy Novostavskiy
 2025-05-16 08:16:23 +00:00
Bianca Henderson
c213b51741 Add info to the README about stable-4 branch no longer being maintained (#931) 
SUMMARY

Resolves ACA-2383 and #918.
Adjusting the changes made in #926 per #930.

ISSUE TYPE


Docs Pull Request

COMPONENT NAME

README.md
ADDITIONAL INFORMATION
Also made some minor capitalization edits.

Reviewed-by: Bikouo Aubin
 2025-05-15 15:11:28 +00:00
patchback[bot]
60b53b9dc9 Add helm insecure skip tls verify (#901) (#925) 
This is a backport of PR #901 as merged into main (914a16e).
SUMMARY
Added the option insecure_skip_tls_verify  to the following helm modules:

helm_repository
helm
Unified the option with alias in helm_pull

For helm, added the option to the helm diff call, as it got fixed upstream.
Upstream Issue: databus23/helm-diff#503
Fixed with: helm/helm#12856
Fixes #694
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME

kubernetes.core.helm
kubernetes.core.helm_repository
kubernetes.core.helm_pull

ADDITIONAL INFORMATION
Basically the option was added in the parameters set in the ansible job, in the docs and then injected in the helm and helm diff binary calls if set. Defaults to False.
Example
---
- name: Test helm modules
  tasks:
    - name: Test helm repository insecure
      kubernetes.core.helm_repository:
        name: insecure
        repo_url: "<helm-repo-with-self-signed-tls>"
        state: present
        insecure_skip_tls_verify: true
    - name: Test helm pull insecure
      kubernetes.core.helm_pull:
        chart_ref: "oci://<helm-repo-with-self-signed-tls>/ptroject"
        destination: /tmp
        insecure_skip_tls_verify: true
    - name: Test helm insecure
      kubernetes.core.helm:
        name: insecure
        chart_ref: "oci://<helm-repo-with-self-signed-tls>/project"
        namespace: helm-insecure-test
        state: present
        insecure_skip_tls_verify: true
Note
Might need an alias for telm_template, as the option is called insecure_registry, in the manual and docs of helm it would be --insecure-skip-tls-verify as well though.
Not included, as it was recently merged with #805

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Mike Graves <mgraves@redhat.com>
 2025-05-06 23:32:56 +00:00
patchback[bot]
d531368d64 Update ansible-lint version to 25.1.2 (#919) (#921) 
This is a backport of PR #919 as merged into main (b594d35).
Update ansible-lint version to 25.1.2

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-04-29 18:03:42 +00:00
patchback[bot]
c3bf5cc47f add reset_then_reuse_values support to helm module (#802) (#917) 
This is a backport of PR #802 as merged into main (00699ac).
SUMMARY
Starting with version 3.14.0, Helm supports --reset-then-reuse-values. As discussed on the original PR. This greatly improves on --reuse-values as it allows to avoid templates errors when new features are added to an upgraded chart.
Closes #803
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
helm
ADDITIONAL INFORMATION
This PR is greatly 'inspired' by #575 and because I wasn't sure how I could provide additional tests for it, I actually copied those build previously for --reuse-values (as it is an improvement on this feature.

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-04-29 17:54:15 +00:00
patchback[bot]
349534b85b Rebase PR #898 (#905) (#913) 
This is a backport of PR #905 as merged into main (d329e7e).
This PR is a rebase of #898 for CI to pass
Thanks @efussi for your collaboration.
Closes #892

Reviewed-by: Bikouo Aubin
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-04-25 15:59:21 +00:00
patchback[bot]
92e3f98a20 Bugfix: fix unit-source for pre-release of ansible-core 2.20 (devel and milestone branch) (#903) (#909) 
SUMMARY
CI fix for #904
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
tests/unit
ADDITIONAL INFORMATION

Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
(cherry picked from commit d4fc22c74e)

Co-authored-by: Yuriy Novostavskiy <yuriy@novostavskiy.kiev.ua>
 2025-04-25 11:01:13 -04:00
patchback[bot]
d2dcb9e55f Run integration tests using ansible-core 2.19 (#888) (#895) 
* fix integration test ``k8s_full`` running with ansible-core 2.19

* Fix templating issues

* fix test on current ansible version

* fix tests cases

* Fix additional tests

* fix the templating mechanism

* consider using variable_[start/end]_string while parsing template

* Remove support for omit into template option

* Remove unnecessary unit tests

(cherry picked from commit 2cb5d6c316)

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
 2025-04-25 16:49:10 +02:00
Mike Graves
0eff03dd19 Prep 5.2.0 release (#891) 
SUMMARY

Prep 5.2.0 release

ISSUE TYPE

COMPONENT NAME

ADDITIONAL INFORMATION

Reviewed-by: Yuriy Novostavskiy
Reviewed-by: Bikouo Aubin
Reviewed-by: Alina Buzachis
 2025-03-31 17:20:25 +00:00
patchback[bot]
81fb8662da waiter.py Add ClusterOperator Test (#879) (#882) 
This is a backport of PR #879 as merged into main (7cdf0d0).
SUMMARY
Fixes #869
During an OpenShift installation, one of the checks to see that the cluster is ready to proceed with configuration is to check to ensure that the Cluster Operators are in an Available: True Degraded: False Progressing: False state. While you can currently use the k8s_info module to get a json response, the resulting json needs to be iterated over several times to get the appropriate status.
This PR adds functionality into waiter.py which loops over all resource instances of the cluster operators. If any of them is not ready, waiter returns False and the task false. If the task returns, you can assume that all the cluster operators are healthy.


ISSUE TYPE


Feature Pull Request

COMPONENT NAME

waiter.py
ADDITIONAL INFORMATION



A simple playbook will trigger the waiter.py to watch the ClusterOperator object

---
- name: get operators
  hosts: localhost
  gather_facts: false
  tasks:
    - name: Get cluster operators
      kubernetes.core.k8s_info:
        api_version: v1
        kind: ClusterOperator
        kubeconfig: "/home/ocp/one/auth/kubeconfig"
        wait: true
        wait_timeout: 30
      register: cluster_operators


This will produce the simple response if everything is functioning properly:
PLAY [get operators] *************************************************************************************************

TASK [Get cluster operators] *****************************************************************************************
ok: [localhost]

PLAY RECAP ***********************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

If the timeout is reached:
PLAY [get operators] *************************************************************************************************

TASK [Get cluster operators] *****************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible_collections.kubernetes.core.plugins.module_utils.k8s.exceptions.CoreException: Failed to gather information about ClusterOperator(s) even after waiting for 30 seconds
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to gather information about ClusterOperator(s) even after waiting for 30 seconds"}

PLAY RECAP ***********************************************************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

UNSOLVED: How to know which Operators are failing

Reviewed-by: Bikouo Aubin
 2025-03-26 15:50:36 +00:00
patchback[bot]
f74ee14d71 Extend hidden_fields to allow more complicated field definitions (#872) (#887) 
This is a backport of PR #872 as merged into main (9ec6912).
SUMMARY
This allows us to ignore e.g. the last-applied-configuration annotation by specifying
metadata.annotations[kubectl.kubernetes.io/last-applied-configuration]
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
hidden_fields
This replaces #643 as I no longer have permissions to push to branches in this repo

Reviewed-by: Bikouo Aubin
 2025-03-25 13:36:12 +00:00
patchback[bot]
6f75d86954 Fix linters in CI (#873) (#876) 
This is a backport of PR #873 as merged into main (91df2f1).
SUMMARY
It seems that recent updates in linters break CI. Closes #874
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
CI
ADDITIONAL INFORMATION

Reviewed-by: Mike Graves <mgraves@redhat.com>
 2025-02-06 15:45:54 +00:00
Yuriy Novostavskiy
c93a7e2459 prepare release 5.1.0 (#865) 
SUMMARY
This release came with new module helm_registry_auth, and improvements to the error messages in the k8s_drain module, new parameter insecure_registry for helm_template module and several bug fixes.
ISSUE TYPE

New release pull request

Changelog
Minor Changes

Bump version of ansible-lint to minimum 24.7.0 (#765).
Parameter insecure_registry added to helm_template as equivalent of insecure-skip-tls-verify (#805).
connection/kubectl.py - Added an example of using the kubectl connection plugin to the documentation (#741).
k8s_drain - Improve error message for pod disruption budget when draining a node (#797).

Bugfixes

helm - Helm version checks did not support RC versions. They now accept any version tags. (#745).
helm_pull - Apply no_log=True to pass_credentials to silence false positive warning.. (#796).
k8s_drain - Fix k8s_drain does not wait for single pod (#769).
k8s_drain - Fix k8s_drain runs into a timeout when evicting a pod which is part of a stateful set  (#792).
kubeconfig option should not appear in module invocation log (#782).
kustomize - kustomize plugin fails with deprecation warnings (#639).
waiter - Fix waiting for daemonset when desired number of pods is 0. (#756).

New Modules

helm_registry_auth - Helm registry authentication module

ADDITIONAL INFORMATION
Collection kubernets.core version 3.1.0 is compatible with ansible-core>=2.15.0

Reviewed-by: Mike Graves <mgraves@redhat.com>
 2025-01-20 15:23:54 +00:00
patchback[bot]
2d68a37a52 trivial doc: replace 2.5.0 with 3.0.0 (#831) (#856) 
This is a backport of PR #831 as merged into main (bc0de24).
SUMMARY
Some parameters were added to the master in time where the latest version was 2.4.0 with version_added: 2.5.0, however the next version after 2.4.0 was a 3.0.0.
So, with this trivial doc PR (that most probably doesn't require a changelog fragment and including to changelog) I replacing  version_added: 2.5.0 to  version_added: 3.0.0 for:

reuse_values in kubernetes.core.helm module
reset_values in kubernetes.core.helm module
delete_all in  kubernetes.core.k8s module
hidden_fields  in  kubernetes.core.k8s module
hidden_fields   in  kubernetes.core.k8s_info module

All of them are introduced in kubernetes.core 3.0.0
ISSUE TYPE

Docs Pull Request

COMPONENT NAME

helm
k8s
8s_info


ADDITIONAL INFORMATION
PR to be backported to stable-3 and stable-5
 2025-01-17 19:01:57 +00:00
patchback[bot]
c5f5398e9e Remove deprecated .github/stale.yml to address #837 (#838) (#860) 
SUMMARY
I noticed that even config for probot/stale is present in the repo, but the old issues and PRs weren't marked as stale and not closed by the bot. Investigated and found that this bot was added to community.kubernetes as ansible-collections/community.kubernetes#53 but wasn't moved to kubernetes.core and never worked here.
Moreover, this bot is completely deprecated and down, ref: probot/stale#430
So, the config to be removed.
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
.github/stale.yml
ADDITIONAL INFORMATION
Closes #837
Trivial change that not require changelog

Reviewed-by: Mike Graves <mgraves@redhat.com>
(cherry picked from commit eb731cd3a5)

Co-authored-by: Yuriy Novostavskiy <yuriy@novostavskiy.kiev.ua>
 2025-01-17 11:53:31 -05:00
patchback[bot]
05aea7727d helm_pull: Silence false no_log warning (#796) (#858) 
This is a backport of PR #796 as merged into main (ecc64ca).
SUMMARY
Apply no_log=True to pass_credentials to silence false positive warning.
Fixes similar issue to: #423
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
changelog/fragements/796-false-positive-helmull.yaml
plugins/modules/helm_pull.py
 2025-01-17 16:21:23 +00:00
patchback[bot]
d3f6dd186c fix linters in github actions (#848) (#849) 
This is a backport of PR #848 as merged into main (159a63a).
SUMMARY
After the release 25.0.0 of ansible-compat the linters in CI become failing. In the ansible-lint issue already created
COMPONENT NAME
.github/workflows/linters.yaml
ADDITIONAL INFORMATION
Fix bug #846
within this commit ansible/ansible-lint is updated to 24.12.2 and the ansible-lint config moved to the .config folder
 2025-01-17 15:52:51 +00:00
patchback[bot]
8cee9fddbe Clean up test namespace (#852) (#854) 
This is a backport of PR #852 as merged into main (9f60b15).
SUMMARY

The helm_set_values test target did not clean up its namespace which is leading to unstable tests in the k8s_drain target.

ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

ADDITIONAL INFORMATION
 2025-01-17 15:29:22 +00:00
patchback[bot]
05a942e41e helm_registry_auth module to authenticate in OCI registry (#800) (#836) 
* new module helm_registry_auth

* Initial integration tests

* final update copyright and integration test before pr

* update link to pr in changelog fragment

* reformat plugins/module_utils/helm.py with black

to fix linters in actions

* attempt to fix unit test

unit test was missing initially

* fix https://pycqa.github.io/isort/ linter

* next attemp to fix unit-test

* remove unused and unsupported helm_args_common

* remove unused imports and fix other linters errors

* another fix for unit test

* fix issue introducied by commit ff02893a12a31f9c44b5c48f9a8bf85057295961

* add binary_path to arg_spec

* return helm_cmd in the output of check mode

remove changlog fragment

* description suggestion from reviewer/maintainer

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>

* description suggestion from reviewer/maintainer

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>

* description suggestion from reviewer/maintainer

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>

* description suggestion from reviewer/maintainer

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>

* description suggestion from reviewer/maintainer

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>

* description suggestion from reviewer/maintainer

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>

* description suggestion from reviewer/maintainer

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>

* description suggestion from reviewer/maintainer

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>

* remove changed from module return

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>

* remove redundant code

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>

* Update plugins/modules/helm_registry_auth.py

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>

* consider support of logout when user is not logged in

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>

* consider support helm < 3.0.0

* Revert "consider support helm < 3.0.0"

This reverts commit f20004d196.

* reintroduce support of helm version less than 3.8.0

reference: https://helm.sh/docs/topics/registries/#enabling-oci-support-prior-to-v380

* revert reintroducing support of helm < 3.8.0

reason: didn't find a quick way to deal with tests

* update documentation with the recent module updates

* Update plugins/modules/helm_registry_auth.py

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>

* add test of logout impendency

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>

* fix linters

* fix intendations in the integration tests

* create tests/integration/targets/helm_registry_auth/aliases

* fix integration test (typo)

* fix integration tests (test wrong cred)

* add stderr when module fail

* another attempt to fix integration test

* fix assertion in integration test to be not affceted by the #830

---------

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
(cherry picked from commit aee847431a)

Co-authored-by: Yuriy Novostavskiy <yuriy@novostavskiy.kiev.ua>
 2024-12-17 18:33:15 +01:00
patchback[bot]
fcd47ca995 Remove kubeconfig value from module invocation log (#826) (#840) 
(cherry picked from commit 6efabd3418)

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
 2024-12-17 18:32:59 +01:00
patchback[bot]
f1729ce186 fix: typo (#804) (#834) 
* fix: typo

replaces https://github.com/ansible-collections/kubernetes.core/pull/799

* doc: add changelog fragment

* Delete changelogs/fragments/804-drain-typo.yaml

---------

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
(cherry picked from commit 219c747a24)

Co-authored-by: Pierre Ozoux <pierre@ozoux.net>
 2024-12-17 17:49:56 +01:00
patchback[bot]
c37dc5b566 Parameter insecure_registry added to helm_template (#805) (#835) 
* Parameter insecure_registry added to helm_template as equivalent of insecure-skip-tls-verify

(cherry picked from commit 6609abdd5a)

Co-authored-by: Yuriy Novostavskiy <yuriy@novostavskiy.kiev.ua>
 2024-12-17 17:47:35 +01:00
patchback[bot]
410855cd36 Fix helm integration tests (#830) (#833) 
SUMMARY
Fix charts ref on integration tests targets
ISSUE TYPE

Bugfix Pull Request

Reviewed-by: Yuriy Novostavskiy
Reviewed-by: Alina Buzachis
(cherry picked from commit 7559b65946)

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
 2024-12-17 12:16:41 +01:00
patchback[bot]
e1f52ddbee Fix helm tests (#827) (#828) 
This is a backport of PR #827 as merged into main (c8a33c7).
SUMMARY

Some of the charts we've used for testing are no longer available at the old helm repository urls, as they've been moved to oci registries. This updates those charts.
In the longer term, we should find a better way to handle these kinds of test fixtures, probably by switching to local charts as much as possible.

ISSUE TYPE


Bugfix Pull Request
Docs Pull Request
Feature Pull Request
New Module Pull Request

COMPONENT NAME

ADDITIONAL INFORMATION

Reviewed-by: Bikouo Aubin
 2024-12-16 08:32:45 +00:00
patchback[bot]
5d038db848 Update README.md with removing outdated communication channels (#790) (#825) 
This is a backport of PR #790 as merged into main (b8e9873).
SUMMARY
As part of the consolidating Ansible discussion platforms and communication channels was decided to use the Ansible forum as the main place for questions and discussion.
Reference: https://forum.ansible.com/t/proposal-consolidating-ansible-discussion-platforms/6812
As part of this change, the IRC channel was removed by the PRs #778 and #774.
However, the README.md file wasn't fully cleaned up from the outdated information.
The #ansible-kubernetes channel on libera.chat IRC isn't used by maintainers and contributors anymore.
The Wiki page on the https://github.com/ansible/community/ was deprecated a long time ago
ISSUE TYPE

Docs Pull Request

COMPONENT NAME
README.md
 2024-12-11 20:35:22 +00:00
patchback[bot]
9d3195641e CONTRIBUTING.md remove IRC (#778) (#824) 
This is a backport of PR #778 as merged into main (c8a9326).
SUMMARY
As a part of https://forum.ansible.com/t/proposal-consolidating-ansible-discussion-platforms/6812
ISSUE TYPE

Docs Pull Request

COMPONENT NAME
CONTRIBUTING.md
 2024-12-11 20:35:19 +00:00
Yuriy Novostavskiy
dac1448b9c README: Add Communication section with Forum information (#774) (#823) 
SUMMARY


ISSUE TYPE


Bugfix Pull Request
Docs Pull Request
Feature Pull Request
New Module Pull Request

COMPONENT NAME

ADDITIONAL INFORMATION

Reviewed-by: Mike Graves <mgraves@redhat.com>
 2024-12-11 18:54:13 +00:00
patchback[bot]
4bdff5d672 Make k8s_drain work when only one pod is present (#770) (#820) 
This is a backport of PR #770 as merged into main (4c305e7).
SUMMARY
Fixes #769 .
k8s_drain was not checking if a pod has been deleted when there was only one pod on the node to be drained.
The list of pods, pods, was being "popped" before the first iteration of the while loop:
        pod = pods.pop()
        while (_elapsed_time() < wait_timeout or wait_timeout == 0) and pods:
When pods contains only one element, the while loop is skipped.


ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

k8s_drain
 2024-12-11 16:23:41 +00:00
patchback[bot]
19a71c82ba Update Readme to match the template (#767) (#819) 
This is a backport of PR #767 as merged into main (fdb8af7).
SUMMARY


Refer: https://issues.redhat.com/browse/ACA-1749
This PR updates the README doc to match the template
ISSUE TYPE


Bugfix Pull Request
Docs Pull Request
Feature Pull Request
New Module Pull Request

COMPONENT NAME

ADDITIONAL INFORMATION
 2024-12-11 16:17:45 +00:00
patchback[bot]
c73f3e3f75 Bump the ansible-lint version to 24.7.0 (#765) (#818) 
This is a backport of PR #765 as merged into main (a89f19b).
SUMMARY

Bump the ansible-lint version to 24.7.0

ISSUE TYPE

COMPONENT NAME

ADDITIONAL INFORMATION
 2024-12-11 15:58:13 +00:00
patchback[bot]
2cdcc195e6 fix shields.io badges in README.md (#749) (#817) 
This is a backport of PR #749 as merged into main (0afd257).
SUMMARY
This PR fixes shields.io badges in README.md. It's just cosmetic bugfix
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
README.md
ADDITIONAL INFORMATION
Current README.md:

This PR:
 2024-12-11 15:26:43 +00:00
patchback[bot]
e98605eb16 Improve error message for pod disruption budget when draining a node (#798) (#816) 
This is a backport of PR #798 as merged into main (52f2cb5).
SUMMARY
Closes #797 .
The error message "Too Many Requests" is confusing and is changed to a more meaningful message:
TASK [Drain node] *************************************************************************
Montag 25 November 2024  09:20:28 +0100 (0:00:00.014)       0:00:00.014 ******* 
fatal: [host -> localhost]: FAILED! => {"changed": false, "msg": "Failed to delete pod kube-public/draintest-6b84677b99-9jf7m due to: Cannot evict pod as it would violate the pod's disruption budget."}


The new task output would allow to deal with a pod disruption budget with the retries/until logic in a more controlled way:
---
- hosts: "{{ target }}"
  serial: 1
  gather_facts: false
  tasks:
    - name: Drain node
      kubernetes.core.k8s_drain:
        kubeconfig: "{{ kubeconfig_path }}"
        name: "{{ inventory_hostname }}"
        delete_options:
          ignore_daemonsets: true
          delete_emptydir_data: true
          wait_timeout: 100
          disable_eviction: false
          wait_sleep: 1
      delegate_to: localhost
      retries: 10
      delay: 5
      until: drain_result is success or 'disruption budget' not in drain_result.msg
      register: drain_result

ISSUE TYPE


Feature Pull Request

COMPONENT NAME
k8s_drain
 2024-12-11 15:14:49 +00:00
patchback[bot]
e13a7fd0c6 update changelog with release 3.2.0 (#750) (#814) 
This is a backport of PR #750 as merged into main (d192157).
SUMMARY
Minor/cosmetic documentation change with adding release 3.2.0 to changelog for master as the release is from stable-3 branch
ISSUE TYPE

Docs Pull Request

COMPONENT NAME
CHANGELOG.md
ADDITIONAL INFORMATION
Most probably this PR should be backported to the stable-5 branch after the merge to the main and should be with a skip-changelog tag.
 2024-12-11 15:14:44 +00:00
patchback[bot]
2098dfea5e Fix k8s_drain runs into timeout with pods from stateful sets. (#793) (#808) 
This is a backport of PR #793 as merged into main (fca0dc0).
SUMMARY
Fixes #792 .
The function wait_for_pod_deletion in k8s_drain never checks on which node a pod is actually running:
            try:
                response = self._api_instance.read_namespaced_pod(
                    namespace=pod[0], name=pod[1]
                )
                if not response:
                    pod = None
                time.sleep(wait_sleep)
This means that if a pod is successfully evicted and restarted with the same name on a new node, k8s_drain does not notice and thinks that the original pod is still running. This is the case for pods which are part of a stateful set.

ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME
k8s_drain
 2024-12-11 14:12:35 +00:00
patchback[bot]
10a9b9e811 Remove kubevirt integration test workflow (#806) (#810) 
This is a backport of PR #806 as merged into main (513ff66).
SUMMARY

This removes the kubevirt integration tests. We don't maintain that collection or have any permissions on that repo, so there's no reason for these tests to be here.

ISSUE TYPE


Bugfix Pull Request


COMPONENT NAME

ADDITIONAL INFORMATION

Reviewed-by: Mike Graves <mgraves@redhat.com>
 2024-12-10 18:22:42 +00:00
patchback[bot]
67868442f3 [ci] fix github actions post 2.18 (#789) (#812) 
This is a backport of PR #789 as merged into main (cd68631).
This PR includes a trivial fix for the GitHub Actions issue #788 and related to switching milestone and devel branches of ansible/ansible to version 2.19 and prepare repo to be ready to include test with Python 3.13 when ansible-network/github_actions/pull/162 is merged.
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
GitHub actions/test

Reviewed-by: Mike Graves <mgraves@redhat.com>
 2024-12-10 17:13:53 +00:00
patchback[bot]
5eefa9c308 fix: kustomize plugin fails with deprecation warnings (#728) (#764) 
This is a backport of PR #728 as merged into main (5bc53db).
SUMMARY

error judgments are based on the exit codes of command execution, where 0 represents success and non-zero represents failure.
Optimize the run_command function to return a tuple like the run_command method of AnsibleModule.

Fixes #639
ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

kustomize lookup plugin
ADDITIONAL INFORMATION

Reviewed-by: Mike Graves <mgraves@redhat.com>
 2024-07-15 13:56:34 +00:00
patchback[bot]
4ed9105797 Fix waiting for daemonset when desired number of pods is 0 (#756) (#762) 
This is a backport of PR #756 as merged into main (b07fbd6).
Fixes #755
SUMMARY
Because we don't have any node with non_exisiting_label (see code below) desired number of Pods will be 0. Kubernetes won't create .status.updatedNumberScheduled field (at least on version v1.27), because we still are not going to create any Pods. So that if .status.updatedNumberScheduled doesn't exist we should assume that number is 0
Code to reproduce:
- name: Create daemonset
  kubernetes.core.k8s:
    state: present
    wait: true
    definition:
      apiVersion: apps/v1
      kind: DaemonSet
      metadata:
        name: my-daemonset
        namespace: default
      spec:
        selector:
          matchLabels:
            app: my-app
        template:
          metadata:
            labels:
              app: my-app
          spec:
            containers:
              - name: my-container
                image: nginx
            nodeSelector:
              non_exisiting_label: 1
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
kubernetes.core.plugins.module_utils.k8s.waiter
ADDITIONAL INFORMATION



TASK [Create daemonset] **********************************************************************************************************************************
changed: [controlplane] => {"changed": true, "duration": 5, "method": "create", "result": {"apiVersion": "apps/v1", "kind": "DaemonSet", "metadata": {"annotations": {"deprecated.daemonset.template.generation": "1"}, "creationTimestamp": "2024-06-28T08:23:41Z", "generation": 1, "managedFields": [{"apiVersion": "apps/v1", "fieldsType": "FieldsV1", "fieldsV1": {"f:metadata": {"f:annotations": {".": {}, "f:deprecated.daemonset.template.generation": {}}}, "f:spec": {"f:revisionHistoryLimit": {}, "f:selector": {}, "f:template": {"f:metadata": {"f:labels": {".": {}, "f:app": {}}}, "f:spec": {"f:containers": {"k:{\"name\":\"my-container\"}": {".": {}, "f:image": {}, "f:imagePullPolicy": {}, "f:name": {}, "f:resources": {}, "f:terminationMessagePath": {}, "f:terminationMessagePolicy": {}}}, "f:dnsPolicy": {}, "f:nodeSelector": {}, "f:restartPolicy": {}, "f:schedulerName": {}, "f:securityContext": {}, "f:terminationGracePeriodSeconds": {}}}, "f:updateStrategy": {"f:rollingUpdate": {".": {}, "f:maxSurge": {}, "f:maxUnavailable": {}}, "f:type": {}}}}, "manager": "OpenAPI-Generator", "operation": "Update", "time": "2024-06-28T08:23:41Z"}, {"apiVersion": "apps/v1", "fieldsType": "FieldsV1", "fieldsV1": {"f:status": {"f:observedGeneration": {}}}, "manager": "kube-controller-manager", "operation": "Update", "subresource": "status", "time": "2024-06-28T08:23:41Z"}], "name": "my-daemonset", "namespace": "default", "resourceVersion": "1088421", "uid": "faafdbf7-4388-4cec-88d5-84657966312d"}, "spec": {"revisionHistoryLimit": 10, "selector": {"matchLabels": {"app": "my-app"}}, "template": {"metadata": {"creationTimestamp": null, "labels": {"app": "my-app"}}, "spec": {"containers": [{"image": "nginx", "imagePullPolicy": "Always", "name": "my-container", "resources": {}, "terminationMessagePath": "/dev/termination-log", "terminationMessagePolicy": "File"}], "dnsPolicy": "ClusterFirst", "nodeSelector": {"non_exisiting_label": "1"}, "restartPolicy": "Always", "schedulerName": "default-scheduler", "securityContext": {}, "terminationGracePeriodSeconds": 30}}, "updateStrategy": {"rollingUpdate": {"maxSurge": 0, "maxUnavailable": 1}, "type": "RollingUpdate"}}, "status": {"currentNumberScheduled": 0, "desiredNumberScheduled": 0, "numberMisscheduled": 0, "numberReady": 0, "observedGeneration": 1}}}

~$ kubectl get ds
NAME           DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR           AGE
my-daemonset   0         0         0       0            0           non_exisiting_label=1   30s

Reviewed-by: Mike Graves <mgraves@redhat.com>
 2024-07-10 14:32:11 +00:00
patchback[bot]
46f8e4adfb [PR #731/c0666a51 backport][stable-5] kubevirt.core collection cross testing (#760) 
This is a backport of PR #731 as merged into main (c0666a5).
SUMMARY

The kubevirt.core collection has dependency with this collection. We define new workflows to ensure that nothing is broken on that collection when pushing new changes on this collection.

ISSUE TYPE


Feature Pull Request

COMPONENT NAME

CI

Reviewed-by: Mike Graves <mgraves@redhat.com>
 2024-07-10 13:57:49 +00:00
patchback[bot]
5761205513 helm: Accept release candidate versions for compatibility checks (#745) (#754) 
This is a backport of PR #745 as merged into main (6a04f42).
SUMMARY

If the helm CLI version includes -rc.1 for example, the version checks fails due to an incomplete regex.
The error can be triggered if you use helm v3.15.0-rc.1 for example, and apply a helm chart with wait: true 
ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME
helm
helm_pull
ADDITIONAL INFORMATION

Reviewed-by: Mike Graves <mgraves@redhat.com>
 2024-06-18 13:05:55 +00:00
Bikouo Aubin
7b0190f8d5 Prepare release 5.0.0 (#733) 2024-06-10 15:39:42 +02:00
patchback[bot]
c47e691101 Doc: add example of using kubectl connection plugin (#741) (#744) 
[PR #741/fb80d973 backport][stable-5] Doc: add example of using kubectl connection plugin

This is a backport of PR #741 as merged into main (fb80d97).
SUMMARY
Currently documentation for collection don't include any examples of using kubenrenes.core.kubectl connection plugin and it's hard to start using that plugin.
ISSUE TYPE

Docs Pull Request

COMPONENT NAME
kubenrenes.core.kubectl connection plugin
ADDITIONAL INFORMATION
This PR was inspired by #288 and based on feedback on that PR and my own experience. Thanks @tpo for his try and @geerlingguy for his Ansible for DevOps book

Reviewed-by: Mike Graves <mgraves@redhat.com>
 2024-06-06 14:34:01 +00:00
patchback[bot]
8ae6469696 Defer removal of inventory/k8s to 6.0.0 (#734) (#740) 
Defer removal of inventory/k8s to 6.0.0

SUMMARY
Defer removal of inventory plugin k8s to release 6.0.0.

ISSUE TYPE

Feature Pull Request

Reviewed-by: Alina Buzachis
Reviewed-by: Mike Graves <mgraves@redhat.com>
(cherry picked from commit 0c5233a650)

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
 2024-05-31 10:09:39 +02:00
patchback[bot]
1174fee5c9 Remove support for ansible-core<2.15 (#737) (#739) 
Drop support for ansible-core<2.15

SUMMARY

Remove support for ansible-core<2.15

ISSUE TYPE

Feature Pull Request

Reviewed-by: Mike Graves <mgraves@redhat.com>
(cherry picked from commit 8363a4debf)

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
 2024-05-31 10:06:48 +02:00
Bikouo Aubin
f22ffcab18 Prepare release 4.0.0 (#727) 
* Prepare release 4.0.0

* update documentation
 2024-05-28 11:37:32 +02:00
117 changed files with 3178 additions and 660 deletions
Expand all files Collapse all files

3
.ansible-lint
View File

@@ -2,5 +2,8 @@
profile: production
exclude_paths:
- .ansible/
- .github/
- tests/integration
- tests/unit
- tests/sanity

6
.ansible-lint-ignore Normal file
View File

@@ -0,0 +1,6 @@
# https://docs.ansible.com/ansible-lint/docs/rules/
# no-changed-when is not requried for examples
plugins/connection/kubectl.py no-changed-when
# false positive result
plugins/connection/kubectl.py var-naming[no-reserved]
plugins/connection/kubectl.py jinja[invalid]

60
.github/stale.yml vendored
View File

@@ -1,60 +0,0 @@
---
# Configuration for probot-stale - https://github.com/probot/stale
# Number of days of inactivity before an Issue or Pull Request becomes stale
daysUntilStale: 90
# Number of days of inactivity before an Issue or Pull Request with the stale
# label is closed. Set to false to disable. If disabled, issues still need to be
# closed manually, but will remain marked as stale.
daysUntilClose: 30
# Only issues or pull requests with all of these labels are check if stale.
# Defaults to `[]` (disabled)
onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set
# to `[]` to disable
exemptLabels:
- security
- planned
- priority/critical
- lifecycle/frozen
- verified
# Set to true to ignore issues in a project (defaults to false)
exemptProjects: false
# Set to true to ignore issues in a milestone (defaults to false)
exemptMilestones: true
# Set to true to ignore issues with an assignee (defaults to false)
exemptAssignees: false
# Label to use when marking as stale
staleLabel: lifecycle/stale
# Limit the number of actions per hour, from 1-30. Default is 30
limitPerRun: 30
pulls:
markComment: |-
PRs go stale after 90 days of inactivity.
If there is no further activity, the PR will be closed in another 30 days.
unmarkComment: >-
This pull request is no longer stale.
closeComment: >-
This pull request has been closed due to inactivity.
issues:
markComment: |-
Issues go stale after 90 days of inactivity.
If there is no further activity, the issue will be closed in another 30 days.
unmarkComment: >-
This issue is no longer stale.
closeComment: >-
This issue has been closed due to inactivity.

16
.github/workflows/integration-tests.yaml vendored
View File

@@ -50,6 +50,7 @@ jobs:
source: "./source"
cloud_common: "./cloudcommon"
ansible_posix: "./ansible_posix"
community_general: "./community_general"
strategy:
fail-fast: false
matrix:
@@ -61,7 +62,7 @@ jobs:
- true
- false
workflow-id: ${{ fromJson(needs.splitter.outputs.test_jobs) }}
name: "integration-py${{ matrix.python-version }}-${{ matrix.ansible-version }}-${{ matrix.workflow-id }}"
name: "integration-py${{ matrix.python-version }}-${{ matrix.ansible-version }}-${{ matrix.workflow-id }}-enable_turbo=${{ matrix.enable-turbo-mode }}"
steps:
- name: Read target
id: read-targets
@@ -118,6 +119,13 @@ jobs:
path: ${{ env.ansible_posix }}
ref: main
- name: checkout ansible-collections/community.general
uses: ansible-network/github_actions/.github/actions/checkout_dependency@main
with:
repository: ansible-collections/community.general
path: ${{ env.community_general }}
ref: main
- name: install cloud.common collection
uses: ansible-network/github_actions/.github/actions/build_install_collection@main
with:
@@ -130,6 +138,12 @@ jobs:
install_python_dependencies: true
source_path: ${{ env.ansible_posix }}
- name: install community.general collection
uses: ansible-network/github_actions/.github/actions/build_install_collection@main
with:
install_python_dependencies: false
source_path: ${{ env.community_general }}
- name: create kubernetes cluster
uses: helm/kind-action@v1.8.0
with:

7
.github/workflows/linters.yaml vendored
View File

@@ -19,6 +19,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run ansible-lint
uses: ansible/ansible-lint@v24.2.3
- name: run-ansible-lint
uses: ansible/ansible-lint@main
with:
gh_action_ref: "v25.5.0"

1
.gitignore vendored
View File

@@ -13,6 +13,7 @@ changelogs/.plugin-cache.yaml
tests/output
tests/integration/cloud-config-*
.cache
.ansible
# Helm charts
tests/integration/*-chart-*.tgz

9
.yamllint
View File

@@ -5,16 +5,25 @@ rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
comments:
min-spaces-from-content: 1
comments-indentation: false
document-start: disable
line-length: disable
truthy: disable
indentation:
spaces: 2
indent-sequences: consistent
octal-values:
forbid-implicit-octal: true
forbid-explicit-octal: true
ignore: |
.cache
.tox
.ansible
tests/output
plugins/connection/kubectl.py

179
CHANGELOG.rst
View File

@@ -4,6 +4,185 @@ Kubernetes Collection Release Notes
.. contents:: Topics
v5.4.0
======
Release Summary
---------------
This release updates the ``helm_registry_auth`` module to match the behavior of ``helm >= 3.18.0`` which reports a successful logout regardless of the current state (i.e., no idempotency).
Minor Changes
-------------
- Module ``helm_registry_auth`` does not support idempotency with ``helm >= 3.18.0`` (https://github.com/ansible-collections/kubernetes.core/pull/946)
v5.3.0
======
Release Summary
---------------
This release includes minor changes, bug fixes and also bumps ``ansible-lint`` version to ``25.1.2``.
Minor Changes
-------------
- kubernetes.core - Bump version of ``ansible-lint`` to ``25.1.2`` (https://github.com/ansible-collections/kubernetes.core/pull/919).
- action/k8s_info - update templating mechanism with changes from ``ansible-core 2.19`` (https://github.com/ansible-collections/kubernetes.core/pull/888).
- helm - add ``reset_then_reuse_values`` support to helm module (https://github.com/ansible-collections/kubernetes.core/issues/803).
- helm - add support for ``insecure_skip_tls_verify`` option to helm and ``helm_repository`` (https://github.com/ansible-collections/kubernetes.core/issues/694).
Bugfixes
--------
- module_utils/k8s/service - Fix issue when trying to delete resource using ``delete_options`` and ``check_mode=true`` (https://github.com/ansible-collections/kubernetes.core/issues/892).
v5.2.0
======
Release Summary
---------------
This release adds more functionality to the hidden_fields option and support for waiting on ClusterOperators to reach a ready state.
Minor Changes
-------------
- k8s - Extend hidden_fields to allow the expression of more complex field types to be hidden (https://github.com/ansible-collections/kubernetes.core/pull/872)
- k8s_info - Extend hidden_fields to allow the expression of more complex field types to be hidden (https://github.com/ansible-collections/kubernetes.core/pull/872)
- waiter.py - add ClusterOperator support. The module can now check OpenShift cluster health by verifying ClusterOperator status requiring 'Available: True', 'Degraded: False', and 'Progressing: False' for success. (https://github.com/ansible-collections/kubernetes.core/issues/869)
v5.1.0
======
Release Summary
---------------
This release came with new module ``helm_registry_auth``, improvements to the error messages in the k8s_drain module, new parameter ``insecure_registry`` for ``helm_template`` module and several bug fixes.
Minor Changes
-------------
- Bump version of ansible-lint to minimum 24.7.0 (https://github.com/ansible-collections/kubernetes.core/pull/765).
- Parameter insecure_registry added to helm_template as equivalent of insecure-skip-tls-verify (https://github.com/ansible-collections/kubernetes.core/pull/805).
- k8s_drain - Improve error message for pod disruption budget when draining a node (https://github.com/ansible-collections/kubernetes.core/issues/797).
Bugfixes
--------
- helm - Helm version checks did not support RC versions. They now accept any version tags. (https://github.com/ansible-collections/kubernetes.core/pull/745).
- helm_pull - Apply no_log=True to pass_credentials to silence false positive warning. (https://github.com/ansible-collections/kubernetes.core/pull/796).
- k8s_drain - Fix k8s_drain does not wait for single pod (https://github.com/ansible-collections/kubernetes.core/issues/769).
- k8s_drain - Fix k8s_drain runs into a timeout when evicting a pod which is part of a stateful set (https://github.com/ansible-collections/kubernetes.core/issues/792).
- kubeconfig option should not appear in module invocation log (https://github.com/ansible-collections/kubernetes.core/issues/782).
- kustomize - kustomize plugin fails with deprecation warnings (https://github.com/ansible-collections/kubernetes.core/issues/639).
- waiter - Fix waiting for daemonset when desired number of pods is 0. (https://github.com/ansible-collections/kubernetes.core/pull/756).
New Modules
-----------
- helm_registry_auth - Helm registry authentication module
v5.0.0
======
Release Summary
---------------
This major release drops support for ``ansible-core<2.15``.
Minor Changes
-------------
- connection/kubectl.py - Added an example of using the kubectl connection plugin to the documentation (https://github.com/ansible-collections/kubernetes.core/pull/741).
- inventory/k8s.py - Defer removal of k8s inventory plugin to version 6.0.0 (https://github.com/ansible-collections/kubernetes.core/pull/734).
Breaking Changes / Porting Guide
--------------------------------
- Remove support for ``ansible-core<2.15`` (https://github.com/ansible-collections/kubernetes.core/pull/737).
v4.0.0
======
Release Summary
---------------
This major release brings several bug fixes. We have also removed support for ``ansible-core<2.15`` and deprecated functions and class from ``module_utils/common.py``.
Minor Changes
-------------
- inventory/k8s.py - Defer removal of k8s inventory plugin to version 5.0 (https://github.com/ansible-collections/kubernetes.core/pull/723).
- k8s - The module and K8sService were changed so warnings returned by the K8S API are now displayed to the user.
Removed Features (previously deprecated)
----------------------------------------
- k8s - Support for ``merge_type=json`` has been removed in version 4.0.0. Please use ``kubernetes.core.k8s_json_patch`` instead (https://github.com/ansible-collections/kubernetes.core/pull/722).
- k8s_exec - the previously deprecated ``result.return_code`` return value has been removed, consider using ``result.rc`` instead (https://github.com/ansible-collections/kubernetes.core/pull/726).
- module_utils/common.py - the previously deprecated ``K8sAnsibleMixin`` class has been removed (https://github.com/ansible-collections/kubernetes.core/pull/726).
- module_utils/common.py - the previously deprecated ``configuration_digest()`` function has been removed (https://github.com/ansible-collections/kubernetes.core/pull/726).
- module_utils/common.py - the previously deprecated ``get_api_client()`` function has been removed (https://github.com/ansible-collections/kubernetes.core/pull/726).
- module_utils/common.py - the previously deprecated ``unique_string()`` function has been removed (https://github.com/ansible-collections/kubernetes.core/pull/726).
Bugfixes
--------
- Resolve Collections util resource discovery fails when complex subresources present (https://github.com/ansible-collections/kubernetes.core/pull/676).
- align `helmdiff_check()` function commandline rendering with the `deploy()` function (https://github.com/ansible-collections/kubernetes.core/pull/670).
- avoid unsafe conditions in integration tests (https://github.com/ansible-collections/kubernetes.core/pull/665).
- helm - use ``reuse-values`` when running ``helm diff`` command (https://github.com/ansible-collections/kubernetes.core/issues/680).
- integrations test helm_kubeconfig - set helm version to v3.10.3 to avoid incompatability with new bitnami charts (https://github.com/ansible-collections/kubernetes.core/pull/670).
v3.3.1
======
Release Summary
---------------
This release fixes the CI issues with the ``linters`` workflow.
v3.3.0
======
Release Summary
---------------
This release comes with improvements to the error messages in the k8s_drain module and several bug fixes.
Minor Changes
-------------
- k8s_drain - Improve error message for pod disruption budget when draining a node (https://github.com/ansible-collections/kubernetes.core/issues/797).
Bugfixes
--------
- helm - Helm version checks did not support RC versions. They now accept any version tags. (https://github.com/ansible-collections/kubernetes.core/pull/745).
- helm_pull - Apply no_log=True to pass_credentials to silence false positive warning. (https://github.com/ansible-collections/kubernetes.core/pull/796).
- k8s_drain - Fix k8s_drain does not wait for single pod (https://github.com/ansible-collections/kubernetes.core/issues/769).
- k8s_drain - Fix k8s_drain runs into a timeout when evicting a pod which is part of a stateful set (https://github.com/ansible-collections/kubernetes.core/issues/792).
- kubeconfig option should not appear in module invocation log (https://github.com/ansible-collections/kubernetes.core/issues/782).
- kustomize - kustomize plugin fails with deprecation warnings (https://github.com/ansible-collections/kubernetes.core/issues/639).
- waiter - Fix waiting for daemonset when desired number of pods is 0. (https://github.com/ansible-collections/kubernetes.core/pull/756).
v3.2.0
======
Release Summary
---------------
This release comes with documentation updates.
Minor Changes
-------------
- connection/kubectl.py - Added an example of using the kubectl connection plugin to the documentation (https://github.com/ansible-collections/kubernetes.core/pull/741).
- inventory/k8s.py - Defer removal of k8s inventory plugin to version 5.0 (https://github.com/ansible-collections/kubernetes.core/pull/723).
- inventory/k8s.py - Defer removal of k8s inventory plugin to version 6.0.0 (https://github.com/ansible-collections/kubernetes.core/pull/734).
v3.1.0
======

10
CONTRIBUTING.md
View File

@@ -48,7 +48,7 @@ Where modules have multiple parameters we recommend running through the 4-step m
For general information on running the integration tests see the
[Integration Tests page of the Module Development Guide](https://docs.ansible.com/ansible/devel/dev_guide/testing_integration.html#testing-integration),
especially the section on configuration for cloud tests. For questions about writing tests the Ansible Kubernetes community can be found on Libera.Chat IRC as detailed below.
especially the section on configuration for cloud tests.
### Updating documentation
@@ -70,11 +70,3 @@ Review the changes and create a pull request using updated files.
The `kubernetes.core` collection follows the Ansible project's
[Code of Conduct](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html).
Please read and familiarize yourself with this document.
### IRC
Our IRC channels may require you to register your nickname. If you receive an error when you connect, see
[Libera.Chat's Nickname Registration guide](https://libera.chat/guides/registration) for instructions.
The `#ansible-kubernetes` channel on [libera.chat](https://libera.chat/) IRC is the main and official place to discuss use and development of the `kubernetes.core` collection.
For more information about Ansible's Kubernetes integration, browse the resources in the [Kubernetes Working Group](https://github.com/ansible/community/wiki/Kubernetes) Community wiki page.

2
Makefile
View File

@@ -1,5 +1,5 @@
# Also needs to be updated in galaxy.yml
VERSION = 3.0.0
VERSION = 5.4.0
TEST_ARGS ?= ""
PYTHON_VERSION ?= `python -c 'import platform; print(".".join(platform.python_version_tuple()[0:2]))'`

83
README.md
View File

@@ -1,15 +1,29 @@
# Kubernetes Collection for Ansible
[![CI](https://github.com/ansible-collections/kubernetes.core/workflows/CI/badge.svg?event=push)](https://github.com/ansible-collections/kubernetes.core/actions) [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/kubernetes.core)](https://codecov.io/gh/ansible-collections/kubernetes.core)
This repository hosts the `kubernetes.core` (formerly known as `community.kubernetes`) Ansible Collection.
## Description
The collection includes a variety of Ansible content to help automate the management of applications in Kubernetes and OpenShift clusters, as well as the provisioning and maintenance of clusters themselves.
<!--start requires_ansible-->
## Ansible version compatibility
## Communication
This collection has been tested against following Ansible versions: **>=2.14.0**.
* Join the Ansible forum:
* [Get Help](https://forum.ansible.com/c/help/6): get help or help others.
* [Posts tagged with 'kubernetes'](https://forum.ansible.com/tag/kubernetes): subscribe to participate in collection-related conversations.
* [Social Spaces](https://forum.ansible.com/c/chat/4): gather and interact with fellow enthusiasts.
* [News & Announcements](https://forum.ansible.com/c/news/5): track project-wide announcements including social events.
* The Ansible [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn): used to announce releases and important changes.
For more information about communication, see the [Ansible communication guide](https://docs.ansible.com/ansible/devel/community/communication.html).
## Requirements
<!--start requires_ansible-->
## Ansible Version Compatibility
This collection has been tested against following Ansible versions: **>=2.15.0**.
For collections that support Ansible 2.9, please ensure you update your `network_os` to use the
fully qualified collection name (for example, `cisco.ios.ios`).
@@ -18,37 +32,37 @@ A collection may contain metadata that identifies these versions.
PEP440 is the schema used to describe the versions of Ansible.
<!--end requires_ansible-->
## Python Support
### Python Support
* Collection supports 3.9+
Note: Python2 is deprecated from [1st January 2020](https://www.python.org/doc/sunset-python-2/). Please switch to Python3.
## Kubernetes Version Support
### Kubernetes Version Support
This collection supports Kubernetes versions >= 1.24.
## Included content
### Included Content
Click on the name of a plugin or module to view that content's documentation:
<!--start collection content-->
### Connection plugins
### Connection Plugins
Name | Description
--- | ---
[kubernetes.core.kubectl](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.kubectl_connection.rst)|Execute tasks in pods running on Kubernetes.
### K8s filter plugins
### K8s filter Plugins
Name | Description
--- | ---
kubernetes.core.k8s_config_resource_name|Generate resource name for the given resource of type ConfigMap, Secret
### Inventory plugins
### Inventory Plugins
Name | Description
--- | ---
[kubernetes.core.k8s](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.k8s_inventory.rst)|Kubernetes (K8s) inventory source
### Lookup plugins
### Lookup Plugins
Name | Description
--- | ---
[kubernetes.core.k8s](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.k8s_lookup.rst)|Query the K8s API
@@ -62,6 +76,7 @@ Name | Description
[kubernetes.core.helm_plugin](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_plugin_module.rst)|Manage Helm plugins
[kubernetes.core.helm_plugin_info](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_plugin_info_module.rst)|Gather information about Helm plugins
[kubernetes.core.helm_pull](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_pull_module.rst)|download a chart from a repository and (optionally) unpack it in local directory.
[kubernetes.core.helm_registry_auth](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_registry_auth_module.rst)|Helm registry authentication module
[kubernetes.core.helm_repository](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_repository_module.rst)|Manage Helm repositories.
[kubernetes.core.helm_template](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_template_module.rst)|Render chart templates
[kubernetes.core.k8s](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.k8s_module.rst)|Manage Kubernetes (K8s) objects
@@ -79,9 +94,7 @@ Name | Description
<!--end collection content-->
## Installation and Usage
### Installing the Collection from Ansible Galaxy
## Installation
Before using the Kubernetes collection, you need to install it with the Ansible Galaxy CLI:
@@ -93,7 +106,7 @@ You can also include it in a `requirements.yml` file and install it via `ansible
---
collections:
- name: kubernetes.core
version: 3.0.0
version: 5.4.0
```
### Installing the Kubernetes Python Library
@@ -102,7 +115,7 @@ Content in this collection requires the [Kubernetes Python client](https://pypi.
pip3 install kubernetes
### Using modules from the Kubernetes Collection in your playbooks
## Use Cases
It's preferable to use content in this collection using their Fully Qualified Collection Namespace (FQCN), for example `kubernetes.core.k8s_info`:
@@ -170,7 +183,7 @@ If upgrading older playbooks which were built prior to Ansible 2.10 and this col
For documentation on how to use individual modules and other content included in this collection, please see the links in the 'Included content' section earlier in this README.
## Ansible Turbo mode Tech Preview
## Ansible Turbo Mode Tech Preview
The ``kubernetes.core`` collection supports Ansible Turbo mode as a tech preview via the ``cloud.common`` collection. By default, this feature is disabled. To enable Turbo mode for modules, set the environment variable `ENABLE_TURBO_MODE=1` on the managed node. For example:
@@ -189,12 +202,16 @@ defined in the playbook using `environment` keyword as above, you must set it us
Please read more about Ansible Turbo mode - [here](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/ansible_turbo_mode.rst).
## Testing and Development
## Contributing to this Collection
If you want to develop new content for this collection or improve what's already here, the easiest way to work on the collection is to clone it into one of the configured [`COLLECTIONS_PATHS`](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#collections-paths), and work on it there.
See [Contributing to kubernetes.core](CONTRIBUTING.md).
## Testing
[![Linters](https://img.shields.io/github/actions/workflow/status/ansible-collections/kubernetes.core/linters.yaml?label=linters)](https://github.com/ansible-collections/kubernetes.core/actions/workflows/linters.yaml) [![Integration tests](https://img.shields.io/github/actions/workflow/status/ansible-collections/kubernetes.core/integration-tests.yaml?label=integration%20tests)](https://github.com/ansible-collections/kubernetes.core/actions/workflows/integration-tests.yaml) [![Sanity tests](https://img.shields.io/github/actions/workflow/status/ansible-collections/kubernetes.core/sanity-tests.yaml?label=sanity%20tests)](https://github.com/ansible-collections/kubernetes.core/actions/workflows/sanity-tests.yaml) [![Unit tests](https://img.shields.io/github/actions/workflow/status/ansible-collections/kubernetes.core/unit-tests.yaml?label=unit%20tests)](https://github.com/ansible-collections/kubernetes.core/actions/workflows/unit-tests.yaml) [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/kubernetes.core)](https://app.codecov.io/gh/ansible-collections/kubernetes.core)
### Testing with `ansible-test`
The `tests` directory contains configuration for running sanity and integration tests using [`ansible-test`](https://docs.ansible.com/ansible/latest/dev_guide/testing_integration.html).
@@ -231,9 +248,33 @@ After the version is published, verify it exists on the [Kubernetes Collection G
The process for uploading a supported release to Automation Hub is documented separately.
## More Information
## Support
<!--List available communication channels. In addition to channels specific to your collection, we also recommend to use the following ones.-->
> **Note:** The `stable-4` branch, which handles all `4.x.y` releases of this collection, is no longer supported. This means that no backports nor releases will be performed on the `stable-4` branch.
We announce releases and important changes through Ansible's [The Bullhorn newsletter](https://github.com/ansible/community/wiki/News#the-bullhorn). Be sure you are [subscribed](https://eepurl.com/gZmiEP).
We take part in the global quarterly [Ansible Contributor Summit](https://github.com/ansible/community/wiki/Contributor-Summit) virtually or in-person. Track [The Bullhorn newsletter](https://eepurl.com/gZmiEP) and join us.
For more information about communication, refer to the [Ansible Communication guide](https://docs.ansible.com/ansible/devel/community/communication.html).
For the latest supported versions, refer to the release notes below.
If you encounter issues or have questions, you can submit a support request through the following channels:
- GitHub Issues: Report bugs, request features, or ask questions by opening an issue in the [GitHub repository]((https://github.com/ansible-collections/kubernetes.core/).
## Release Notes
See the [raw generated changelog](https://github.com/ansible-collections/kubernetes.core/blob/main/CHANGELOG.rst).
## Code of Conduct
We follow the [Ansible Code of Conduct](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html) in all our interactions within this project.
If you encounter abusive behavior, please refer to the [policy violations](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html#policy-violations) section of the Code for information on how to raise a complaint.
For more information about Ansible's Kubernetes integration, join the `#ansible-kubernetes` channel on [libera.chat](https://libera.chat/) IRC, and browse the resources in the [Kubernetes Working Group](https://github.com/ansible/community/wiki/Kubernetes) Community wiki page.
## License

202
changelogs/changelog.yaml
View File

@@ -854,3 +854,205 @@ releases:
- 652-fix-json-patch-action.yml
- 654-helm-expand-user.yml
release_date: '2024-05-16'
3.2.0:
changes:
minor_changes:
- connection/kubectl.py - Added an example of using the kubectl connection plugin
to the documentation (https://github.com/ansible-collections/kubernetes.core/pull/741).
- inventory/k8s.py - Defer removal of k8s inventory plugin to version 5.0 (https://github.com/ansible-collections/kubernetes.core/pull/723).
- inventory/k8s.py - Defer removal of k8s inventory plugin to version 6.0.0
(https://github.com/ansible-collections/kubernetes.core/pull/734).
release_summary: This release comes with documentation updates.
fragments:
- 20240530-defer-removal-and-ansible-core-support-update.yaml
- 20240601-doc-example-of-using-kubectl.yaml
- 3.2.0.yml
- inventory-update_removal_date.yml
release_date: '2024-06-14'
3.3.0:
changes:
bugfixes:
- helm - Helm version checks did not support RC versions. They now accept any
version tags. (https://github.com/ansible-collections/kubernetes.core/pull/745).
- helm_pull - Apply no_log=True to pass_credentials to silence false positive
warning. (https://github.com/ansible-collections/kubernetes.core/pull/796).
- k8s_drain - Fix k8s_drain does not wait for single pod (https://github.com/ansible-collections/kubernetes.core/issues/769).
- k8s_drain - Fix k8s_drain runs into a timeout when evicting a pod which is
part of a stateful set (https://github.com/ansible-collections/kubernetes.core/issues/792).
- kubeconfig option should not appear in module invocation log (https://github.com/ansible-collections/kubernetes.core/issues/782).
- kustomize - kustomize plugin fails with deprecation warnings (https://github.com/ansible-collections/kubernetes.core/issues/639).
- waiter - Fix waiting for daemonset when desired number of pods is 0. (https://github.com/ansible-collections/kubernetes.core/pull/756).
minor_changes:
- k8s_drain - Improve error message for pod disruption budget when draining
a node (https://github.com/ansible-collections/kubernetes.core/issues/797).
release_summary: This release comes with improvements to the error messages
in the k8s_drain module and several bug fixes.
fragments:
- 20240530-ansible-core-support-update.yaml
- 20240611-helm-rc-version.yaml
- 20240620-fix-kustomize-plugin-fails-with-deprecation-warnings.yml
- 20241102-fix-ci-post-2.18-issue.yaml
- 20241213-kubeconfig-set-no_log-true.yaml
- 756-fix-daemonset-waiting.yaml
- 770-fix-k8s-drain-doesnt-wait-for-single-pod.yaml
- 793-fix-k8s-drain-runs-into-timeout.yaml
- 796-false-positive-helmull.yaml
- 798-drain-pdb-error-message.yaml
- readme_template_update.yml
release_date: '2025-01-20'
3.3.1:
changes:
release_summary: This release fixes the CI issues with the ``linters`` workflow.
fragments:
- release_summary.yml
release_date: '2025-03-26'
4.0.0:
changes:
bugfixes:
- Resolve Collections util resource discovery fails when complex subresources
present (https://github.com/ansible-collections/kubernetes.core/pull/676).
- align `helmdiff_check()` function commandline rendering with the `deploy()`
function (https://github.com/ansible-collections/kubernetes.core/pull/670).
- avoid unsafe conditions in integration tests (https://github.com/ansible-collections/kubernetes.core/pull/665).
- helm - use ``reuse-values`` when running ``helm diff`` command (https://github.com/ansible-collections/kubernetes.core/issues/680).
- integrations test helm_kubeconfig - set helm version to v3.10.3 to avoid incompatability
with new bitnami charts (https://github.com/ansible-collections/kubernetes.core/pull/670).
minor_changes:
- inventory/k8s.py - Defer removal of k8s inventory plugin to version 5.0 (https://github.com/ansible-collections/kubernetes.core/pull/723).
- k8s - The module and K8sService were changed so warnings returned by the K8S
API are now displayed to the user.
release_summary: This major release brings several bug fixes. We have also removed
support for ``ansible-core<2.15`` and deprecated functions and class from
``module_utils/common.py``.
removed_features:
- k8s - Support for ``merge_type=json`` has been removed in version 4.0.0. Please
use ``kubernetes.core.k8s_json_patch`` instead (https://github.com/ansible-collections/kubernetes.core/pull/722).
- k8s_exec - the previously deprecated ``result.return_code`` return value has
been removed, consider using ``result.rc`` instead (https://github.com/ansible-collections/kubernetes.core/pull/726).
- module_utils/common.py - the previously deprecated ``K8sAnsibleMixin`` class
has been removed (https://github.com/ansible-collections/kubernetes.core/pull/726).
- module_utils/common.py - the previously deprecated ``configuration_digest()``
function has been removed (https://github.com/ansible-collections/kubernetes.core/pull/726).
- module_utils/common.py - the previously deprecated ``get_api_client()`` function
has been removed (https://github.com/ansible-collections/kubernetes.core/pull/726).
- module_utils/common.py - the previously deprecated ``unique_string()`` function
has been removed (https://github.com/ansible-collections/kubernetes.core/pull/726).
fragments:
- 20231206-fix-unsafe-condition-in-integration.yml
- 20240117-fix-helm-diff-cmd-line-rendering.yml
- 20240222-Collections-util-resource-discovery-fails-when-complex-subresources-present.yml
- 20240228-fix-helm-diff-with-reuse-values.yml
- 20240423-k8s-display-warnings-to-users.yml
- 4.0.0.yaml
- inventory-update_removal_date.yml
- k8s-merge_type-removed.yml
- module_utils-common-remove-deprecated-functions-and-class.yaml
release_date: '2024-05-24'
5.0.0:
changes:
breaking_changes:
- Remove support for ``ansible-core<2.15`` (https://github.com/ansible-collections/kubernetes.core/pull/737).
minor_changes:
- connection/kubectl.py - Added an example of using the kubectl connection plugin
to the documentation (https://github.com/ansible-collections/kubernetes.core/pull/741).
- inventory/k8s.py - Defer removal of k8s inventory plugin to version 6.0.0
(https://github.com/ansible-collections/kubernetes.core/pull/734).
release_summary: This major release drops support for ``ansible-core<2.15``.
fragments:
- 20240530-ansible-core-support-update.yaml
- 20240530-defer-removal-and-ansible-core-support-update.yaml
- 5.0.0.yml
release_date: '2024-05-31'
5.1.0:
changes:
bugfixes:
- helm - Helm version checks did not support RC versions. They now accept any
version tags. (https://github.com/ansible-collections/kubernetes.core/pull/745).
- helm_pull - Apply no_log=True to pass_credentials to silence false positive
warning. (https://github.com/ansible-collections/kubernetes.core/pull/796).
- k8s_drain - Fix k8s_drain does not wait for single pod (https://github.com/ansible-collections/kubernetes.core/issues/769).
- k8s_drain - Fix k8s_drain runs into a timeout when evicting a pod which is
part of a stateful set (https://github.com/ansible-collections/kubernetes.core/issues/792).
- kubeconfig option should not appear in module invocation log (https://github.com/ansible-collections/kubernetes.core/issues/782).
- kustomize - kustomize plugin fails with deprecation warnings (https://github.com/ansible-collections/kubernetes.core/issues/639).
- waiter - Fix waiting for daemonset when desired number of pods is 0. (https://github.com/ansible-collections/kubernetes.core/pull/756).
minor_changes:
- Bump version of ansible-lint to minimum 24.7.0 (https://github.com/ansible-collections/kubernetes.core/pull/765).
- Parameter insecure_registry added to helm_template as equivalent of insecure-skip-tls-verify
(https://github.com/ansible-collections/kubernetes.core/pull/805).
- k8s_drain - Improve error message for pod disruption budget when draining
a node (https://github.com/ansible-collections/kubernetes.core/issues/797).
release_summary: This release came with new module ``helm_registry_auth``, improvements
to the error messages in the k8s_drain module, new parameter ``insecure_registry``
for ``helm_template`` module and several bug fixes.
fragments:
- 0-readme.yml
- 20240601-doc-example-of-using-kubectl.yaml
- 20240611-helm-rc-version.yaml
- 20240620-fix-kustomize-plugin-fails-with-deprecation-warnings.yml
- 20241102-fix-ci-post-2.18-issue.yaml
- 20241103-completly-remove-obsolate-communication-channel.yaml
- 20241207-add-insecure-skip-tls-verify-to-helm-template.yaml
- 20241213-kubeconfig-set-no_log-true.yaml
- 756-fix-daemonset-waiting.yaml
- 765-bump-ansible-lint-version.yml
- 770-fix-k8s-drain-doesnt-wait-for-single-pod.yaml
- 793-fix-k8s-drain-runs-into-timeout.yaml
- 796-false-positive-helmull.yaml
- 798-drain-pdb-error-message.yaml
- readme_template_update.yml
modules:
- description: Helm registry authentication module
name: helm_registry_auth
namespace: ''
release_date: '2025-01-20'
5.2.0:
changes:
minor_changes:
- k8s - Extend hidden_fields to allow the expression of more complex field types
to be hidden (https://github.com/ansible-collections/kubernetes.core/pull/872)
- k8s_info - Extend hidden_fields to allow the expression of more complex field
types to be hidden (https://github.com/ansible-collections/kubernetes.core/pull/872)
- 'waiter.py - add ClusterOperator support. The module can now check OpenShift
cluster health by verifying ClusterOperator status requiring ''Available:
True'', ''Degraded: False'', and ''Progressing: False'' for success. (https://github.com/ansible-collections/kubernetes.core/issues/869)'
release_summary: This release adds more functionality to the hidden_fields option
and support for waiting on ClusterOperators to reach a ready state.
fragments:
- 5.2.0.yml
- 643-extend-hidden-fields.yaml
- 879-clusteroperator-waiter.py.yaml
release_date: '2025-03-27'
5.3.0:
changes:
bugfixes:
- module_utils/k8s/service - fix issue when trying to delete resource using
`delete_options` and `check_mode=true` (https://github.com/ansible-collections/kubernetes.core/issues/892).
minor_changes:
- kubernetes.core - Bump version of ``ansible-lint`` to ``25.1.2`` (https://github.com/ansible-collections/kubernetes.core/pull/919).
- action/k8s_info - update templating mechanism with changes from ``ansible-core
2.19`` (https://github.com/ansible-collections/kubernetes.core/pull/888).
- helm - add ``reset_then_reuse_values`` support to helm module (https://github.com/ansible-collections/kubernetes.core/issues/803).
- helm - add support for ``insecure_skip_tls_verify`` option to helm and ``helm_repository`` (https://github.com/ansible-collections/kubernetes.core/issues/694).
release_summary: This release includes minor changes, bug fixes and also bumps
``ansible-lint`` version to ``25.1.2``.
fragments:
- 20250324-k8s_info-templating.yaml
- 5.3.0.yml
- 694-add-insecure-skip-tls-verify.yml
- 800-helm-add-reset_then_reuse_values-support.yml
- 898-k8s-dont-delete-in-check-mode.yaml
- 919-update-ansible-lint-version.yaml
release_date: '2025-05-16'
5.4.0:
changes:
minor_changes:
- Module ``helm_registry_auth`` does not support idempotency with ``helm >= 3.18.0``
(https://github.com/ansible-collections/kubernetes.core/pull/946).
release_summary: This release updates the ``helm_registry_auth`` module to match the behavior of ``helm >= 3.18.0`` which reports a successful logout regardless of the current state (i.e., no idempotency).
fragments:
- 20250411-kubeconfig-no_log-revert.yaml
- 20250503-fix-unit-tests.yml
- 20250605-fix-helm_registry_auth-integration_test.yaml
- 5.4.0.yml
release_date: '2025-08-12'

3
changelogs/fragments/20231206-fix-unsafe-condition-in-integration.yml
View File

@@ -1,3 +0,0 @@
---
bugfixes:
- avoid unsafe conditions in integration tests (https://github.com/ansible-collections/kubernetes.core/pull/665).

4
changelogs/fragments/20240117-fix-helm-diff-cmd-line-rendering.yml
View File

@@ -1,4 +0,0 @@
---
bugfixes:
- align `helmdiff_check()` function commandline rendering with the `deploy()` function (https://github.com/ansible-collections/kubernetes.core/pull/670).
- integrations test helm_kubeconfig - set helm version to v3.10.3 to avoid incompatability with new bitnami charts (https://github.com/ansible-collections/kubernetes.core/pull/670).

3
changelogs/fragments/20240222-Collections-util-resource-discovery-fails-when-complex-subresources-present.yml
View File

@@ -1,3 +0,0 @@
---
bugfixes:
- Resolve Collections util resource discovery fails when complex subresources present (https://github.com/ansible-collections/kubernetes.core/pull/676).

3
changelogs/fragments/20240228-fix-helm-diff-with-reuse-values.yml
View File

@@ -1,3 +0,0 @@
---
bugfixes:
- helm - use ``reuse-values`` when running ``helm diff`` command (https://github.com/ansible-collections/kubernetes.core/issues/680).

3
changelogs/fragments/20240423-k8s-display-warnings-to-users.yml
View File

@@ -1,3 +0,0 @@
---
minor_changes:
- k8s - The module and K8sService were changed so warnings returned by the K8S API are now displayed to the user.

2
changelogs/fragments/inventory-update_removal_date.yml
View File

@@ -1,2 +0,0 @@
minor_changes:
- inventory/k8s.py - Defer removal of k8s inventory plugin to version 5.0 (https://github.com/ansible-collections/kubernetes.core/pull/723).

2
changelogs/fragments/k8s-merge_type-removed.yml
View File

@@ -1,2 +0,0 @@
removed_features:
- k8s - Support for ``merge_type=json`` has been removed in version 4.0.0. Please use ``kubernetes.core.k8s_json_patch`` instead (https://github.com/ansible-collections/kubernetes.core/pull/722).

6
changelogs/fragments/module_utils-common-remove-deprecated-functions-and-class.yaml
View File

@@ -1,6 +0,0 @@
removed_features:
- k8s_exec - the previously deprecated ``result.return_code`` return value has been removed, consider using ``result.rc`` instead (https://github.com/ansible-collections/kubernetes.core/pull/726).
- module_utils/common.py - the previously deprecated ``K8sAnsibleMixin`` class has been removed (https://github.com/ansible-collections/kubernetes.core/pull/726).
- module_utils/common.py - the previously deprecated ``configuration_digest()`` function has been removed (https://github.com/ansible-collections/kubernetes.core/pull/726).
- module_utils/common.py - the previously deprecated ``get_api_client()`` function has been removed (https://github.com/ansible-collections/kubernetes.core/pull/726).
- module_utils/common.py - the previously deprecated ``unique_string()`` function has been removed (https://github.com/ansible-collections/kubernetes.core/pull/726).

49
docs/kubernetes.core.helm_module.rst
View File

@@ -289,6 +289,29 @@ Parameters
<div>Provide a URL for accessing the API. Can also be specified via <code>K8S_AUTH_HOST</code> environment variable.</div>
</td>
</tr>
<tr>
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>insecure_skip_tls_verify</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 5.3.0</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
<li>yes</li>
</ul>
</td>
<td>
<div>Skip tls certificate checks for the chart download.</div>
<div>Do not confuse with the <code>validate_certs</code> option.</div>
<div>This option is only available for helm &gt;= 3.16.0.</div>
<div style="font-size: small; color: darkgreen"><br/>aliases: skip_tls_certs_check</div>
</td>
</tr>
<tr>
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
@@ -435,6 +458,28 @@ Parameters
<div>mutually exclusive with with <code>history_max</code>.</div>
</td>
</tr>
<tr>
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>reset_then_reuse_values</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 6.0.0</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
<li>yes</li>
</ul>
</td>
<td>
<div>When upgrading package, reset the values to the ones built into the chart, apply the last release&#x27;s values and merge in any overrides from parameters O(release_values), O(values_files) or O(set_values).</div>
<div>If O(reset_values) or O(reuse_values) is set to V(True), this is ignored.</div>
<div>This feature requires helm diff &gt;= 3.9.12.</div>
</td>
</tr>
<tr>
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
@@ -443,7 +488,7 @@ Parameters
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 2.5.0</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 3.0.0</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
@@ -463,7 +508,7 @@ Parameters
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 2.5.0</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 3.0.0</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>

3
docs/kubernetes.core.helm_pull_module.rst
View File

@@ -279,7 +279,8 @@ Parameters
</td>
<td>
<div>Whether or not to check tls certificate for the chart download.</div>
<div>Requires helm &gt;= 3.3.0.</div>
<div>Requires helm &gt;= 3.3.0. Alias <code>insecure_skip_tls_verify</code> added in 5.3.0.</div>
<div style="font-size: small; color: darkgreen"><br/>aliases: insecure_skip_tls_verify</div>
</td>
</tr>
<tr>

333
docs/kubernetes.core.helm_registry_auth_module.rst Normal file
View File

@@ -0,0 +1,333 @@
.. _kubernetes.core.helm_registry_auth_module:
**********************************
kubernetes.core.helm_registry_auth
**********************************
**Helm registry authentication module**
Version added: 5.1.0
.. contents::
:local:
:depth: 1
Synopsis
--------
- Helm registry authentication module allows you to login ``helm registry login`` and logout ``helm registry logout`` from a Helm registry.
Requirements
------------
The below requirements are needed on the host that executes this module.
- helm (https://github.com/helm/helm/releases) => 3.8.0
Parameters
----------
.. raw:: html
<table border=0 cellpadding=0 class="documentation-table">
<tr>
<th colspan="1">Parameter</th>
<th>Choices/<font color="blue">Defaults</font></th>
<th width="100%">Comments</th>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>binary_path</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">path</span>
</div>
</td>
<td>
</td>
<td>
<div>The path of a helm binary to use.</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>ca_file</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">path</span>
</div>
</td>
<td>
</td>
<td>
<div>Path to the CA certificate SSL file for verify registry server certificate.</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>cert_file</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">path</span>
</div>
</td>
<td>
</td>
<td>
<div>Path to the client certificate SSL file for identify registry client using this certificate file.</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>host</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
/ <span style="color: red">required</span>
</div>
</td>
<td>
</td>
<td>
<div>Provide a URL for accessing the registry.</div>
<div style="font-size: small; color: darkgreen"><br/>aliases: registry_url</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>insecure</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
<li>yes</li>
</ul>
</td>
<td>
<div>Allow connections to SSL sites without certs.</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>key_file</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">path</span>
</div>
</td>
<td>
</td>
<td>
<div>Path to the client key SSL file for identify registry client using this key file.</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>password</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
</div>
</td>
<td>
</td>
<td>
<div>Password for the registry.</div>
<div style="font-size: small; color: darkgreen"><br/>aliases: repo_password</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>state</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li><div style="color: blue"><b>present</b>&nbsp;&larr;</div></li>
<li>absent</li>
</ul>
</td>
<td>
<div>Desired state of the registry.</div>
<div>If set to V(present) attempt to log in to the remote registry server using the URL specified in O(host).</div>
<div>If set to V(absent) attempt to log out from the remote registry server using the URL specified in O(host).</div>
<div>As helm &gt;= 3.18.0 reports successful logout even if the user is not logged in, this module will report a change regardless of the current state.</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>username</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
</div>
</td>
<td>
</td>
<td>
<div>Username for the registry.</div>
<div style="font-size: small; color: darkgreen"><br/>aliases: repo_username</div>
</td>
</tr>
</table>
<br/>
Examples
--------
.. code-block:: yaml
- name: Login to remote registry
kubernetes.core.helm_registry_auth:
username: admin
password: "sample_password"
host: localhost:5000
- name: Logout from remote registry
kubernetes.core.helm_registry_auth:
state: absent
host: localhost:5000
Return Values
-------------
Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module:
.. raw:: html
<table border=0 cellpadding=0 class="documentation-table">
<tr>
<th colspan="1">Key</th>
<th>Returned</th>
<th width="100%">Description</th>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>command</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
</div>
</td>
<td>always</td>
<td>
<div>Full <code>helm</code> command executed</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">/usr/local/bin/helm registry login oci-registry.domain.example --username=admin --password-stdin --insecure</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>failed</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
</td>
<td>always</td>
<td>
<div>Indicate if the <code>helm</code> command failed</div>
<br/>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>stderr</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
</div>
</td>
<td>always</td>
<td>
<div>Full <code>helm</code> command stderr, in case you want to display it or examine the event log. Please be note that helm binnary may print messages to stderr even if the command is successful.</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">Login Succeeded\n</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>stderr_lines</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">list</span>
</div>
</td>
<td>always</td>
<td>
<div>Full <code>helm</code> command stderr, in case you want to display it or examine the event log</div>
<br/>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>stdout</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
</div>
</td>
<td>always</td>
<td>
<div>Full <code>helm</code> command stdout, in case you want to display it or examine the event log</div>
<br/>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>stout_lines</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">list</span>
</div>
</td>
<td>always</td>
<td>
<div>Full <code>helm</code> command stdout, in case you want to display it or examine the event log</div>
<br/>
</td>
</tr>
</table>
<br/><br/>
Status
------
Authors
~~~~~~~
- Yuriy Novostavskiy (@yurnov)

21
docs/kubernetes.core.helm_repository_module.rst
View File

@@ -143,6 +143,27 @@ Parameters
<div>Provide a URL for accessing the API. Can also be specified via <code>K8S_AUTH_HOST</code> environment variable.</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>insecure_skip_tls_verify</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 5.3.0</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
<li>yes</li>
</ul>
</td>
<td>
<div>Skip tls certificate checks for the repository url.</div>
<div style="font-size: small; color: darkgreen"><br/>aliases: skip_tls_certs_check</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>

20
docs/kubernetes.core.helm_template_module.rst
View File

@@ -158,6 +158,26 @@ Parameters
<div>Include custom resource descriptions in rendered templates.</div>
</td>
</tr>
<tr>
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>insecure_registry</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 5.1.0</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
<li>yes</li>
</ul>
</td>
<td>
<div>Skip TLS certificate checks for the chart download</div>
</td>
</tr>
<tr>
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>

3
docs/kubernetes.core.k8s_drain_module.rst
View File

@@ -423,7 +423,7 @@ Parameters
<span style="color: purple">list</span>
/ <span style="color: purple">elements=string</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 2.5.0</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 3.0.0</div>
</td>
<td>
</td>
@@ -595,6 +595,7 @@ Examples
kubernetes.core.k8s_drain:
state: drain
name: foo
delete_options:
force: yes
- name: Drain node "foo", but abort if there are pods not managed by a ReplicationController, Job, or DaemonSet, and use a grace period of 15 minutes.

5
docs/kubernetes.core.k8s_info_module.rst
View File

@@ -168,14 +168,13 @@ Parameters
<span style="color: purple">list</span>
/ <span style="color: purple">elements=string</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 2.5.0</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 3.0.0</div>
</td>
<td>
</td>
<td>
<div>Hide fields matching any of the field definitions in the result</div>
<div>An example might be <code>hidden_fields=[metadata.managedFields]</code></div>
<div>Only field definitions that don&#x27;t reference list items are supported (so V(spec.containers[0]) would not work)</div>
<div>An example might be <code>hidden_fields=[metadata.managedFields]</code> or V(hidden_fields=[spec.containers[0].env[3].value]) or V(hidden_fields=[metadata.annotations[kubectl.kubernetes.io/last-applied-configuration]])</div>
</td>
</tr>
<tr>

4
docs/kubernetes.core.k8s_inventory.rst
View File

@@ -17,7 +17,7 @@ DEPRECATED
----------
:Removed in collection release after
:Why: As discussed in https://github.com/ansible-collections/kubernetes.core/issues/31, we decided to
remove the k8s inventory plugin in release 4.0.0.
remove the k8s inventory plugin in release 6.0.0.
:Alternative: Use :ref:`kubernetes.core.k8s_info <kubernetes.core.k8s_info_module>` and :ref:`ansible.builtin.add_host <ansible.builtin.add_host_module>` instead.
@@ -357,7 +357,7 @@ Status
------
- This inventory will be removed in version 4.0.0. *[deprecated]*
- This inventory will be removed in version 6.0.0. *[deprecated]*
- For more information see `DEPRECATED`_.

16
docs/kubernetes.core.k8s_module.rst
View File

@@ -121,7 +121,7 @@ Parameters
<td>
<div><code>apply</code> compares the desired resource definition with the previously supplied resource definition, ignoring properties that are automatically generated</div>
<div><code>apply</code> works better with Services than &#x27;force=yes&#x27;</div>
<div>mutually exclusive with <code>merge_type</code></div>
<div>Mutually exclusive with <code>merge_type</code>.</div>
</td>
</tr>
<tr>
@@ -216,7 +216,7 @@ Parameters
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 2.5.0</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 3.0.0</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
@@ -389,14 +389,13 @@ Parameters
<span style="color: purple">list</span>
/ <span style="color: purple">elements=string</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 2.5.0</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 3.0.0</div>
</td>
<td>
</td>
<td>
<div>Hide fields matching this option in the result</div>
<div>An example might be <code>hidden_fields=[metadata.managedFields]</code></div>
<div>Only field definitions that don&#x27;t reference list items are supported (so V(spec.containers[0]) would not work)</div>
<div>An example might be <code>hidden_fields=[metadata.managedFields]</code> or V(hidden_fields=[spec.containers[0].env[3].value]) or V(hidden_fields=[metadata.annotations[kubectl.kubernetes.io/last-applied-configuration]])</div>
</td>
</tr>
<tr>
@@ -513,18 +512,17 @@ Parameters
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li>json</li>
<li>merge</li>
<li>strategic-merge</li>
</ul>
</td>
<td>
<div>Whether to override the default patch merge approach with a specific type. By default, the strategic merge will typically be used.</div>
<div>For example, Custom Resource Definitions typically aren&#x27;t updatable by the usual strategic merge. You may want to use <code>merge</code> if you see &quot;strategic merge patch format is not supported&quot;</div>
<div>For example, Custom Resource Definitions typically aren&#x27;t updatable by the usual strategic merge. You may want to use <code>merge</code> if you see &quot;strategic merge patch format is not supported&quot;.</div>
<div>See <a href='https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/#use-a-json-merge-patch-to-update-a-deployment'>https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/#use-a-json-merge-patch-to-update-a-deployment</a></div>
<div>If more than one <code>merge_type</code> is given, the merge_types will be tried in order. This defaults to <code>[&#x27;strategic-merge&#x27;, &#x27;merge&#x27;]</code>, which is ideal for using the same parameters on resource kinds that combine Custom Resources and built-in resources.</div>
<div>mutually exclusive with <code>apply</code></div>
<div><em>merge_type=json</em> is deprecated and will be removed in version 4.0.0. Please use <span class='module'>kubernetes.core.k8s_json_patch</span> instead.</div>
<div>Mutually exclusive with <code>apply</code>.</div>
<div><em>merge_type=json</em> has been removed in version 4.0.0. Please use <span class='module'>kubernetes.core.k8s_json_patch</span> instead.</div>
</td>
</tr>
<tr>

76
docs/kubernetes.core.kubectl_connection.rst
View File

@@ -365,6 +365,82 @@ Parameters
Examples
--------
.. code-block:: yaml
- name: Run a command in a pod using local kubectl with kubeconfig file ~/.kube/config
hosts: localhost
gather_facts: no
vars:
ansible_connection: kubernetes.core.kubectl
ansible_kubectl_namespace: my-namespace
ansible_kubectl_pod: my-pod
ansible_kubectl_container: my-container
tasks:
# be aware that the command is executed as the user that started the container
# and requires python to be installed in the image
- name: Run a command in a pod
ansible.builtin.command: echo "Hello, World!"
- name: Run a command in a pod using local kubectl with inventory variables
# Example inventory:
# k8s:
# hosts:
# foo.example.com:
# ansible_connection: kubernetes.core.kubectl
# ansible_kubectl_kubeconfig: /root/.kube/foo.example.com.config
# ansible_kubectl_pod: my-foo-pod
# ansible_kubectl_container: my-foo-container
# ansible_kubectl_namespace: my-foo-namespace
# bar.example.com:
# ansible_connection: kubernetes.core.kubectl
# ansible_kubectl_kubeconfig: /root/.kube/bar.example.com.config
# ansible_kubectl_pod: my-bar-pod
# ansible_kubectl_container: my-bar-container
# ansible_kubectl_namespace: my-bar-namespace
hosts: k8s
gather_facts: no
tasks:
# be aware that the command is executed as the user that started the container
# and requires python to be installed in the image
- name: Run a command in a pod
ansible.builtin.command: echo "Hello, World!"
- name: Run a command in a pod using dynamic inventory
hosts: localhost
gather_facts: no
vars:
kubeconfig: /root/.kube/config
namespace: my-namespace
my_app: my-app
tasks:
- name: Get My App pod info based on label
kubernetes.core.k8s_info:
kubeconfig: "{{ kubeconfig }}"
namespace: "{{ namespace }}"
kind: Pod
label_selectors: app.kubernetes.io/name = "{{ my_app }}"
register: my_app_pod
- name: Get My App pod name
ansible.builtin.set_fact:
my_app_pod_name: "{{ my_app_pod.resources[0].metadata.name }}"
- name: Add My App pod to inventory
ansible.builtin.add_host:
name: "{{ my_app_pod_name }}"
ansible_connection: kubernetes.core.kubectl
ansible_kubectl_kubeconfig: "{{ kubeconfig }}"
ansible_kubectl_pod: "{{ my_app_pod_name }}"
ansible_kubectl_namespace: "{{ namespace }}"
- name: Run a command in My App pod
# be aware that the command is executed as the user that started the container
# and requires python to be installed in the image
ansible.builtin.command: echo "Hello, World!"
delegate_to: "{{ my_app_pod_name }}"

2
galaxy.yml
View File

@@ -25,7 +25,7 @@ tags:
- openshift
- okd
- cluster
version: 3.1.0
version: 5.4.0
build_ignore:
- .DS_Store
- "*.tar.gz"

6
meta/runtime.yml
View File

@@ -1,5 +1,5 @@
---
requires_ansible: '>=2.14.0'
requires_ansible: '>=2.15.0'
action_groups:
helm:
@@ -22,10 +22,10 @@ plugin_routing:
redirect: community.okd.openshift
k8s:
deprecation:
removal_version: 5.0.0
removal_version: 6.0.0
warning_text: >-
The k8s inventory plugin has been deprecated and
will be removed in release 5.0.0.
will be removed in release 6.0.0.
modules:
k8s_auth:
redirect: community.okd.k8s_auth

47
plugins/action/k8s_info.py
View File

@@ -25,30 +25,18 @@ from ansible.module_utils.parsing.convert_bool import boolean
from ansible.module_utils.six import iteritems, string_types
from ansible.plugins.action import ActionBase
try:
from ansible.template import trust_as_template
except ImportError:
trust_as_template = None
class RemoveOmit(object):
def __init__(self, buffer, omit_value):
def _from_yaml_to_definition(buffer):
try:
import yaml
except ImportError:
raise AnsibleError("Failed to import the required Python library (PyYAML).")
self.data = yaml.safe_load_all(buffer)
self.omit = omit_value
def remove_omit(self, data):
if isinstance(data, dict):
result = dict()
for key, value in iteritems(data):
if value == self.omit:
continue
result[key] = self.remove_omit(value)
return result
if isinstance(data, list):
return [self.remove_omit(v) for v in data if v != self.omit]
return data
def output(self):
return [self.remove_omit(d) for d in self.data]
return list(yaml.safe_load_all(buffer))
ENV_KUBECONFIG_PATH_SEPARATOR = ";" if platform.system() == "Windows" else ":"
@@ -207,7 +195,6 @@ class ActionModule(ActionBase):
"'template' is only a supported parameter for the 'k8s' module."
)
omit_value = task_vars.get("omit")
template_params = []
if isinstance(template, string_types) or isinstance(template, dict):
template_params.append(self.get_template_args(template))
@@ -230,6 +217,7 @@ class ActionModule(ActionBase):
old_vars = self._templar.available_variables
default_environment = {}
if trust_as_template is None:
for key in (
"newline_sequence",
"variable_start_string",
@@ -257,26 +245,35 @@ class ActionModule(ActionBase):
with self.get_template_data(template_item["path"]) as template_data:
# add ansible 'template' vars
temp_vars = copy.deepcopy(task_vars)
overrides = {}
for key, value in iteritems(template_item):
if hasattr(self._templar.environment, key):
if value is not None:
overrides[key] = value
if trust_as_template is None:
setattr(self._templar.environment, key, value)
else:
elif trust_as_template is None:
setattr(
self._templar.environment,
key,
default_environment.get(key),
)
self._templar.available_variables = temp_vars
if trust_as_template:
template_data = trust_as_template(template_data)
result = self._templar.template(
template_data,
preserve_trailing_newlines=True,
escape_backslashes=False,
overrides=overrides,
)
else:
result = self._templar.do_template(
template_data,
preserve_trailing_newlines=True,
escape_backslashes=False,
)
if omit_value is not None:
result_template.extend(RemoveOmit(result, omit_value).output())
else:
result_template.append(result)
result_template.extend(_from_yaml_to_definition(result))
self._templar.available_variables = old_vars
resource_definition = self._task.args.get("definition", None)
if not resource_definition:

75
plugins/connection/kubectl.py
View File

@@ -181,6 +181,81 @@ DOCUMENTATION = r"""
aliases: [ kubectl_verify_ssl ]
"""
EXAMPLES = r"""
- name: Run a command in a pod using local kubectl with kubeconfig file ~/.kube/config
hosts: localhost
gather_facts: no
vars:
ansible_connection: kubernetes.core.kubectl
ansible_kubectl_namespace: my-namespace
ansible_kubectl_pod: my-pod
ansible_kubectl_container: my-container
tasks:
# be aware that the command is executed as the user that started the container
# and requires python to be installed in the image
- name: Run a command in a pod
ansible.builtin.command: echo "Hello, World!"
- name: Run a command in a pod using local kubectl with inventory variables
# Example inventory:
# k8s:
# hosts:
# foo.example.com:
# ansible_connection: kubernetes.core.kubectl
# ansible_kubectl_kubeconfig: /root/.kube/foo.example.com.config
# ansible_kubectl_pod: my-foo-pod
# ansible_kubectl_container: my-foo-container
# ansible_kubectl_namespace: my-foo-namespace
# bar.example.com:
# ansible_connection: kubernetes.core.kubectl
# ansible_kubectl_kubeconfig: /root/.kube/bar.example.com.config
# ansible_kubectl_pod: my-bar-pod
# ansible_kubectl_container: my-bar-container
# ansible_kubectl_namespace: my-bar-namespace
hosts: k8s
gather_facts: no
tasks:
# be aware that the command is executed as the user that started the container
# and requires python to be installed in the image
- name: Run a command in a pod
ansible.builtin.command: echo "Hello, World!"
- name: Run a command in a pod using dynamic inventory
hosts: localhost
gather_facts: no
vars:
kubeconfig: /root/.kube/config
namespace: my-namespace
my_app: my-app
tasks:
- name: Get My App pod info based on label
kubernetes.core.k8s_info:
kubeconfig: "{{ kubeconfig }}"
namespace: "{{ namespace }}"
kind: Pod
label_selectors: app.kubernetes.io/name = "{{ my_app }}"
register: my_app_pod
- name: Get My App pod name
ansible.builtin.set_fact:
my_app_pod_name: "{{ my_app_pod.resources[0].metadata.name }}"
- name: Add My App pod to inventory
ansible.builtin.add_host:
name: "{{ my_app_pod_name }}"
ansible_connection: kubernetes.core.kubectl
ansible_kubectl_kubeconfig: "{{ kubeconfig }}"
ansible_kubectl_pod: "{{ my_app_pod_name }}"
ansible_kubectl_namespace: "{{ namespace }}"
- name: Run a command in My App pod
# be aware that the command is executed as the user that started the container
# and requires python to be installed in the image
ansible.builtin.command: echo "Hello, World!"
delegate_to: "{{ my_app_pod_name }}"
"""
import json
import os
import os.path

8
plugins/inventory/k8s.py
View File

@@ -20,10 +20,10 @@ DOCUMENTATION = """
- Uses k8s.(yml|yaml) YAML configuration file to set parameter values.
deprecated:
removed_in: 5.0.0
removed_in: 6.0.0
why: |
As discussed in U(https://github.com/ansible-collections/kubernetes.core/issues/31), we decided to
remove the k8s inventory plugin in release 5.0.0.
remove the k8s inventory plugin in release 6.0.0.
alternative: "Use M(kubernetes.core.k8s_info) and M(ansible.builtin.add_host) instead."
options:
@@ -164,8 +164,8 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
super(InventoryModule, self).parse(inventory, loader, path)
self.display.deprecated(
"The 'k8s' inventory plugin has been deprecated and will be removed in release 5.0.0",
version="5.0.0",
"The 'k8s' inventory plugin has been deprecated and will be removed in release 6.0.0",
version="6.0.0",
collection_name="kubernetes.core",
)
cache_key = self._get_cache_prefix(path)

16
plugins/lookup/kustomize.py
View File

@@ -94,7 +94,8 @@ def get_binary_from_path(name, opt_dirs=None):
def run_command(command):
cmd = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
return cmd.communicate()
stdout, stderr = cmd.communicate()
return cmd.returncode, stdout, stderr
class LookupModule(LookupBase):
@@ -140,9 +141,18 @@ class LookupModule(LookupBase):
if enable_helm:
command += ["--enable-helm"]
(out, err) = run_command(command)
(ret, out, err) = run_command(command)
if ret != 0:
if err:
raise AnsibleLookupError(
"kustomize command failed with: {0}".format(err.decode("utf-8"))
"kustomize command failed. exit code: {0}, error: {1}".format(
ret, err.decode("utf-8")
)
)
else:
raise AnsibleLookupError(
"kustomize command failed with unknown error. exit code: {0}".format(
ret
)
)
return [out.decode("utf-8")]

2
plugins/module_utils/args_common.py
View File

@@ -18,7 +18,7 @@ AUTH_PROXY_HEADERS_SPEC = dict(
)
AUTH_ARG_SPEC = {
"kubeconfig": {"type": "raw"},
"kubeconfig": {"type": "raw", "no_log": True},
"context": {},
"host": {},
"api_key": {"no_log": True},

11
plugins/module_utils/helm.py
View File

@@ -77,7 +77,6 @@ def write_temp_kubeconfig(server, validate_certs=True, ca_cert=None, kubeconfig=
class AnsibleHelmModule(object):
"""
An Ansible module class for Kubernetes.core helm modules
"""
@@ -160,11 +159,13 @@ class AnsibleHelmModule(object):
self.helm_env = self._prepare_helm_environment()
return self.helm_env
def run_helm_command(self, command, fails_on_error=True):
def run_helm_command(self, command, fails_on_error=True, data=None):
if not HAS_YAML:
self.fail_json(msg=missing_required_lib("PyYAML"), exception=YAML_IMP_ERR)
rc, out, err = self.run_command(command, environ_update=self.env_update)
rc, out, err = self.run_command(
command, environ_update=self.env_update, data=data
)
if fails_on_error and rc != 0:
self.fail_json(
msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format(
@@ -184,10 +185,10 @@ class AnsibleHelmModule(object):
def get_helm_version(self):
command = self.get_helm_binary() + " version"
rc, out, err = self.run_command(command)
m = re.match(r'version.BuildInfo{Version:"v([0-9\.]*)",', out)
m = re.match(r'version.BuildInfo{Version:"v(.*?)",', out)
if m:
return m.group(1)
m = re.match(r'Client: &version.Version{SemVer:"v([0-9\.]*)", ', out)
m = re.match(r'Client: &version.Version{SemVer:"v(.*?)", ', out)
if m:
return m.group(1)
return None

1
plugins/module_utils/helm_args_common.py
View File

@@ -16,6 +16,7 @@ HELM_AUTH_ARG_SPEC = dict(
type="raw",
aliases=["kubeconfig_path"],
fallback=(env_fallback, ["K8S_AUTH_KUBECONFIG"]),
no_log=True,
),
host=dict(type="str", fallback=(env_fallback, ["K8S_AUTH_HOST"])),
ca_cert=dict(

144
plugins/module_utils/k8s/service.py
View File

@@ -4,7 +4,7 @@
import copy
from json import loads
from re import compile
from typing import Any, Dict, List, Optional, Tuple
from typing import Any, Dict, List, Optional, Tuple, Union
from ansible.module_utils.common.dict_transformations import dict_merge
from ansible_collections.kubernetes.core.plugins.module_utils.hashes import (
@@ -473,7 +473,7 @@ class K8sService:
if label_selectors:
params["label_selector"] = ",".join(label_selectors)
if delete_options:
if delete_options and not self.module.check_mode:
body = {
"apiVersion": "v1",
"kind": "DeleteOptions",
@@ -501,47 +501,107 @@ def diff_objects(
result["before"] = diff[0]
result["after"] = diff[1]
if list(result["after"].keys()) != ["metadata"] or list(
if list(result["after"].keys()) == ["metadata"] and list(
result["before"].keys()
) != ["metadata"]:
return False, result
) == ["metadata"]:
# If only metadata.generation and metadata.resourceVersion changed, ignore it
ignored_keys = set(["generation", "resourceVersion"])
if not set(result["after"]["metadata"].keys()).issubset(ignored_keys):
return False, result
if not set(result["before"]["metadata"].keys()).issubset(ignored_keys):
return False, result
if set(result["after"]["metadata"].keys()).issubset(ignored_keys) and set(
result["before"]["metadata"].keys()
).issubset(ignored_keys):
return True, result
result["before"] = hide_fields(result["before"], hidden_fields)
result["after"] = hide_fields(result["after"], hidden_fields)
return True, result
return False, result
def hide_fields(definition: dict, hidden_fields: Optional[list]) -> dict:
if not hidden_fields:
return definition
result = copy.deepcopy(definition)
for hidden_field in hidden_fields:
result = hide_field(result, hidden_field)
def hide_field_tree(hidden_field: str) -> List[str]:
result = []
key, rest = hide_field_split2(hidden_field)
result.append(key)
while rest:
key, rest = hide_field_split2(rest)
result.append(key)
return result
# hide_field is not hugely sophisticated and designed to cope
# with e.g. status or metadata.managedFields rather than e.g.
# spec.template.spec.containers[0].env[3].value
def hide_field(definition: dict, hidden_field: str) -> dict:
split = hidden_field.split(".", 1)
if split[0] in definition:
if len(split) == 2:
definition[split[0]] = hide_field(definition[split[0]], split[1])
def build_hidden_field_tree(hidden_fields: List[str]) -> Dict[str, Any]:
"""Group hidden field targeting the same json key
Example:
Input: ['env[3]', 'env[0]']
Output: {'env': [0, 3]}
"""
output = {}
for hidden_field in hidden_fields:
current = output
tree = hide_field_tree(hidden_field)
for idx, key in enumerate(tree):
if current.get(key, "") is None:
break
if idx == (len(tree) - 1):
current[key] = None
elif key not in current:
current[key] = {}
current = current[key]
return output
# hide_field should be able to cope with simple or more complicated
# field definitions
# e.g. status or metadata.managedFields or
# spec.template.spec.containers[0].env[3].value or
# metadata.annotations[kubectl.kubernetes.io/last-applied-configuration]
def hide_field(
definition: Union[Dict[str, Any], List[Any]], hidden_field: Dict[str, Any]
) -> Dict[str, Any]:
def dict_contains_key(obj: Dict[str, Any], key: str) -> bool:
return key in obj
def list_contains_key(obj: List[Any], key: str) -> bool:
return int(key) < len(obj)
hidden_keys = list(hidden_field.keys())
field_contains_key = dict_contains_key
field_get_key = str
if isinstance(definition, list):
# Sort with reverse=true so that when we delete an item from the list, the order is not changed
hidden_keys = sorted(
[k for k in hidden_field.keys() if k.isdecimal()], reverse=True
)
field_contains_key = list_contains_key
field_get_key = int
for key in hidden_keys:
if field_contains_key(definition, key):
value = hidden_field.get(key)
convert_key = field_get_key(key)
if value is None:
del definition[convert_key]
else:
del definition[split[0]]
definition[convert_key] = hide_field(definition[convert_key], value)
if (
definition[convert_key] == dict()
or definition[convert_key] == list()
):
del definition[convert_key]
return definition
def hide_fields(
definition: Dict[str, Any], hidden_fields: Optional[List[str]]
) -> Dict[str, Any]:
if not hidden_fields:
return definition
result = copy.deepcopy(definition)
hidden_field_tree = build_hidden_field_tree(hidden_fields)
return hide_field(result, hidden_field_tree)
def decode_response(resp) -> Tuple[Dict, List[str]]:
"""
This function decodes unserialized responses from the Kubernetes python
@@ -620,3 +680,35 @@ def parse_quoted_string(quoted_string: str) -> Tuple[str, str]:
raise ValueError("invalid quoted string: missing closing quote")
return "".join(result), remainder
# hide_field_split2 returns the first key in hidden_field and the rest of the hidden_field
# We expect the first key to either be in brackets, to be terminated by the start of a left
# bracket, or to be terminated by a dot.
# examples would be:
# field.another.next -> (field, another.next)
# field[key].value -> (field, [key].value)
# [key].value -> (key, value)
# [one][two] -> (one, [two])
def hide_field_split2(hidden_field: str) -> Tuple[str, str]:
lbracket = hidden_field.find("[")
rbracket = hidden_field.find("]")
dot = hidden_field.find(".")
if lbracket == 0:
# skip past right bracket and any following dot
rest = hidden_field[rbracket + 1 :] # noqa: E203
if rest and rest[0] == ".":
rest = rest[1:]
return (hidden_field[lbracket + 1 : rbracket], rest) # noqa: E203
if lbracket != -1 and (dot == -1 or lbracket < dot):
return (hidden_field[:lbracket], hidden_field[lbracket:])
split = hidden_field.split(".", 1)
if len(split) == 1:
return split[0], ""
return split

25
plugins/module_utils/k8s/waiter.py
View File

@@ -51,7 +51,7 @@ def daemonset_ready(daemonset: ResourceInstance) -> bool:
return bool(
daemonset.status
and daemonset.status.desiredNumberScheduled is not None
and daemonset.status.updatedNumberScheduled
and (daemonset.status.updatedNumberScheduled or 0)
== daemonset.status.desiredNumberScheduled
and daemonset.status.numberReady == daemonset.status.desiredNumberScheduled
and daemonset.status.observedGeneration == daemonset.metadata.generation
@@ -117,11 +117,34 @@ def exists(resource: Optional[ResourceInstance]) -> bool:
return bool(resource) and not empty_list(resource)
def cluster_operator_ready(resource: ResourceInstance) -> bool:
"""
Predicate to check if a single ClusterOperator is healthy.
Returns True if:
- "Available" is True
- "Degraded" is False
- "Progressing" is False
"""
if not resource:
return False
# Extract conditions from the resource's status
conditions = resource.get("status", {}).get("conditions", [])
status = {x.get("type", ""): x.get("status") for x in conditions}
return (
(status.get("Degraded") == "False")
and (status.get("Progressing") == "False")
and (status.get("Available") == "True")
)
RESOURCE_PREDICATES = {
"DaemonSet": daemonset_ready,
"Deployment": deployment_ready,
"Pod": pod_ready,
"StatefulSet": statefulset_ready,
"ClusterOperator": cluster_operator_ready,
}

91
plugins/modules/helm.py
View File

@@ -137,14 +137,24 @@ options:
- If I(reset_values) is set to C(True), this is ignored.
type: bool
required: false
version_added: 2.5.0
version_added: 3.0.0
reset_values:
description:
- When upgrading package, reset the values to the ones built into the chart.
type: bool
required: false
default: True
version_added: 2.5.0
version_added: 3.0.0
reset_then_reuse_values:
description:
- When upgrading package, reset the values to the ones built into the chart, apply the last release's values and merge in any overrides from
parameters O(release_values), O(values_files) or O(set_values).
- If O(reset_values) or O(reuse_values) is set to V(True), this is ignored.
- This feature requires helm diff >= 3.9.12.
type: bool
required: false
default: False
version_added: 6.0.0
#Helm options
disable_hook:
@@ -218,6 +228,15 @@ options:
- mutually exclusive with with C(replace).
type: int
version_added: 2.2.0
insecure_skip_tls_verify:
description:
- Skip tls certificate checks for the chart download.
- Do not confuse with the C(validate_certs) option.
- This option is only available for helm >= 3.16.0.
type: bool
default: False
aliases: [ skip_tls_certs_check ]
version_added: 5.3.0
extends_documentation_fragment:
- kubernetes.core.helm_common_options
"""
@@ -476,12 +495,15 @@ def run_dep_update(module, chart_ref):
rc, out, err = module.run_helm_command(dep_update)
def fetch_chart_info(module, command, chart_ref):
def fetch_chart_info(module, command, chart_ref, insecure_skip_tls_verify=False):
"""
Get chart info
"""
inspect_command = command + f" show chart '{chart_ref}'"
if insecure_skip_tls_verify:
inspect_command += " --insecure-skip-tls-verify"
rc, out, err = module.run_helm_command(inspect_command)
return yaml.safe_load(out)
@@ -509,6 +531,8 @@ def deploy(
set_value_args=None,
reuse_values=None,
reset_values=True,
reset_then_reuse_values=False,
insecure_skip_tls_verify=False,
):
"""
Install/upgrade/rollback release chart
@@ -526,6 +550,17 @@ def deploy(
if reuse_values is not None:
deploy_command += " --reuse-values=" + str(reuse_values)
if reset_then_reuse_values:
helm_version = module.get_helm_version()
if LooseVersion(helm_version) < LooseVersion("3.14.0"):
module.fail_json(
msg="reset_then_reuse_values requires helm >= 3.14.0, current version is {0}".format(
helm_version
)
)
else:
deploy_command += " --reset-then-reuse-values"
if wait:
deploy_command += " --wait"
if wait_timeout is not None:
@@ -549,6 +584,17 @@ def deploy(
if create_namespace:
deploy_command += " --create-namespace"
if insecure_skip_tls_verify:
helm_version = module.get_helm_version()
if LooseVersion(helm_version) < LooseVersion("3.16.0"):
module.fail_json(
msg="insecure_skip_tls_verify requires helm >= 3.16.0, current version is {0}".format(
helm_version
)
)
else:
deploy_command += " --insecure-skip-tls-verify"
if values_files:
for value_file in values_files:
deploy_command += " --values=" + value_file
@@ -642,6 +688,8 @@ def helmdiff_check(
set_value_args=None,
reuse_values=None,
reset_values=True,
reset_then_reuse_values=False,
insecure_skip_tls_verify=False,
):
"""
Use helm diff to determine if a release would change by upgrading a chart.
@@ -676,6 +724,27 @@ def helmdiff_check(
if reuse_values:
cmd += " --reuse-values"
if reset_then_reuse_values:
helm_diff_version = get_plugin_version("diff")
helm_version = module.get_helm_version()
fail_msg = ""
if LooseVersion(helm_diff_version) < LooseVersion("3.9.12"):
fail_msg = "reset_then_reuse_values requires helm diff >= 3.9.12, current version is {0}\n".format(
helm_diff_version
)
if LooseVersion(helm_version) < LooseVersion("3.14.0"):
fail_msg += "reset_then_reuse_values requires helm >= 3.14.0, current version is {0}\n".format(
helm_version
)
if fail_msg:
module.fail_json(msg=fail_msg)
else:
cmd += " --reset-then-reuse-values"
if insecure_skip_tls_verify:
cmd += " --insecure-skip-tls-verify"
rc, out, err = module.run_helm_command(cmd)
return (len(out.strip()) > 0, out.strip())
@@ -735,6 +804,10 @@ def argument_spec():
set_values=dict(type="list", elements="dict"),
reuse_values=dict(type="bool"),
reset_values=dict(type="bool", default=True),
reset_then_reuse_values=dict(type="bool", default=False),
insecure_skip_tls_verify=dict(
type="bool", default=False, aliases=["skip_tls_certs_check"]
),
)
)
return arg_spec
@@ -787,6 +860,8 @@ def main():
set_values = module.params.get("set_values")
reuse_values = module.params.get("reuse_values")
reset_values = module.params.get("reset_values")
reset_then_reuse_values = module.params.get("reset_then_reuse_values")
insecure_skip_tls_verify = module.params.get("insecure_skip_tls_verify")
if update_repo_cache:
run_repo_update(module)
@@ -824,7 +899,9 @@ def main():
helm_cmd += " --repo=" + chart_repo_url
# Fetch chart info to have real version and real name for chart_ref from archive, folder or url
chart_info = fetch_chart_info(module, helm_cmd, chart_ref)
chart_info = fetch_chart_info(
module, helm_cmd, chart_ref, insecure_skip_tls_verify
)
if dependency_update:
if chart_info.get("dependencies"):
@@ -883,6 +960,8 @@ def main():
set_value_args=set_value_args,
reuse_values=reuse_values,
reset_values=reset_values,
reset_then_reuse_values=reset_then_reuse_values,
insecure_skip_tls_verify=insecure_skip_tls_verify,
)
changed = True
@@ -908,6 +987,8 @@ def main():
set_value_args,
reuse_values=reuse_values,
reset_values=reset_values,
reset_then_reuse_values=reset_then_reuse_values,
insecure_skip_tls_verify=insecure_skip_tls_verify,
)
if would_change and module._diff:
opt_result["diff"] = {"prepared": prepared}
@@ -943,6 +1024,8 @@ def main():
set_value_args=set_value_args,
reuse_values=reuse_values,
reset_values=reset_values,
reset_then_reuse_values=reset_then_reuse_values,
insecure_skip_tls_verify=insecure_skip_tls_verify,
)
changed = True

9
plugins/modules/helm_pull.py
View File

@@ -75,9 +75,10 @@ options:
skip_tls_certs_check:
description:
- Whether or not to check tls certificate for the chart download.
- Requires helm >= 3.3.0.
- Requires helm >= 3.3.0. Alias C(insecure_skip_tls_verify) added in 5.3.0.
type: bool
default: False
aliases: [ insecure_skip_tls_verify ]
chart_devel:
description:
- Use development versions, too. Equivalent to version '>0.0.0-0'.
@@ -189,8 +190,10 @@ def main():
repo_password=dict(
type="str", no_log=True, aliases=["password", "chart_repo_password"]
),
pass_credentials=dict(type="bool", default=False),
skip_tls_certs_check=dict(type="bool", default=False),
pass_credentials=dict(type="bool", default=False, no_log=False),
skip_tls_certs_check=dict(
type="bool", default=False, aliases=["insecure_skip_tls_verify"]
),
chart_devel=dict(type="bool"),
untar_chart=dict(type="bool", default=False),
destination=dict(type="path", required=True),

249
plugins/modules/helm_registry_auth.py Normal file
View File

@@ -0,0 +1,249 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright: © Ericsson AB 2024
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = r"""
---
module: helm_registry_auth
short_description: Helm registry authentication module
version_added: 5.1.0
author:
- Yuriy Novostavskiy (@yurnov)
requirements:
- "helm (https://github.com/helm/helm/releases) => 3.8.0"
description:
- Helm registry authentication module allows you to login C(helm registry login) and logout C(helm registry logout) from a Helm registry.
options:
state:
description:
- Desired state of the registry.
- If set to V(present) attempt to log in to the remote registry server using the URL specified in O(host).
- If set to V(absent) attempt to log out from the remote registry server using the URL specified in O(host).
- As helm >= 3.18.0 reports successful logout even if the user is not logged in, this module will report a change regardless of the current state.
required: false
default: present
choices: ['present', 'absent']
type: str
host:
description:
- Provide a URL for accessing the registry.
required: true
aliases: [ registry_url ]
type: str
insecure:
description:
- Allow connections to SSL sites without certs.
required: false
default: false
type: bool
username:
description:
- Username for the registry.
required: false
type: str
aliases: [ repo_username ]
password:
description:
- Password for the registry.
required: false
type: str
aliases: [ repo_password ]
key_file:
description:
- Path to the client key SSL file for identify registry client using this key file.
required: false
type: path
cert_file:
description:
- Path to the client certificate SSL file for identify registry client using this certificate file.
required: false
type: path
ca_file:
description:
- Path to the CA certificate SSL file for verify registry server certificate.
required: false
type: path
binary_path:
description:
- The path of a helm binary to use.
required: false
type: path
"""
EXAMPLES = r"""
- name: Login to remote registry
kubernetes.core.helm_registry_auth:
username: admin
password: "sample_password"
host: localhost:5000
- name: Logout from remote registry
kubernetes.core.helm_registry_auth:
state: absent
host: localhost:5000
"""
RETURN = r"""
stdout:
type: str
description: Full C(helm) command stdout, in case you want to display it or examine the event log
returned: always
stout_lines:
type: list
description: Full C(helm) command stdout, in case you want to display it or examine the event log
returned: always
stderr:
type: str
description: >-
Full C(helm) command stderr, in case you want to display it or examine the event log.
Please be note that helm binnary may print messages to stderr even if the command is successful.
returned: always
sample: 'Login Succeeded\n'
stderr_lines:
type: list
description: Full C(helm) command stderr, in case you want to display it or examine the event log
returned: always
command:
type: str
description: Full C(helm) command executed
returned: always
sample: '/usr/local/bin/helm registry login oci-registry.domain.example --username=admin --password-stdin --insecure'
failed:
type: bool
description: Indicate if the C(helm) command failed
returned: always
sample: false
"""
from ansible_collections.kubernetes.core.plugins.module_utils.helm import (
AnsibleHelmModule,
)
from ansible_collections.kubernetes.core.plugins.module_utils.version import (
LooseVersion,
)
def arg_spec():
return dict(
binary_path=dict(type="path", required=False),
host=dict(type="str", aliases=["registry_url"], required=True),
state=dict(default="present", choices=["present", "absent"], required=False),
insecure=dict(type="bool", default=False, required=False),
username=dict(type="str", aliases=["repo_username"], required=False),
password=dict(
type="str", aliases=["repo_password"], no_log=True, required=False
),
key_file=dict(type="path", required=False),
cert_file=dict(type="path", required=False),
ca_file=dict(type="path", required=False),
)
def login(
command,
host,
insecure,
username,
password,
key_file,
cert_file,
ca_file,
):
login_command = command + " registry login " + host
if username is not None and password is not None:
login_command += " --username=" + username + " --password-stdin"
if insecure:
login_command += " --insecure"
if key_file is not None:
login_command += " --key-file=" + key_file
if cert_file is not None:
login_command += " --cert-file=" + cert_file
if ca_file is not None:
login_command += " --ca-file=" + ca_file
return login_command
def logout(command, host):
return command + " registry logout " + host
def main():
global module
module = AnsibleHelmModule(
argument_spec=arg_spec(),
required_together=[["username", "password"]],
supports_check_mode=True,
)
changed = False
host = module.params.get("host")
state = module.params.get("state")
insecure = module.params.get("insecure")
username = module.params.get("username")
password = module.params.get("password")
key_file = module.params.get("key_file")
cert_file = module.params.get("cert_file")
ca_file = module.params.get("ca_file")
helm_cmd = module.get_helm_binary()
if state == "absent":
helm_cmd = logout(helm_cmd, host)
changed = True
elif state == "present":
helm_cmd = login(
helm_cmd, host, insecure, username, password, key_file, cert_file, ca_file
)
changed = True
if module.check_mode:
module.exit_json(changed=changed, command=helm_cmd)
rc, out, err = module.run_helm_command(
helm_cmd, data=password, fails_on_error=False
)
if rc != 0:
if state == "absent" and "Error: not logged in" in err:
changed = False
else:
module.fail_json(
msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format(
rc, out, err
),
stderr=err,
command=helm_cmd,
)
helm_version = module.get_helm_version()
if LooseVersion(helm_version) >= LooseVersion("3.18.0") and state == "absent":
# https://github.com/ansible-collections/kubernetes.core/issues/944
module.warn(
"The helm_registry_auth is not idempotent with helm >= 3.18.0, always report a change."
)
module.exit_json(changed=changed, stdout=out, stderr=err, command=helm_cmd)
if __name__ == "__main__":
main()

16
plugins/modules/helm_repository.py
View File

@@ -119,6 +119,13 @@ options:
aliases: [ force ]
default: False
version_added: 2.4.0
insecure_skip_tls_verify:
description:
- Skip tls certificate checks for the repository url.
type: bool
default: False
aliases: [ skip_tls_certs_check ]
version_added: "5.3.0"
"""
EXAMPLES = r"""
@@ -226,6 +233,7 @@ def install_repository(
repository_password,
pass_credentials,
force_update,
insecure_skip_tls_verify,
):
install_command = command + " repo add " + repository_name + " " + repository_url
@@ -239,6 +247,9 @@ def install_repository(
if force_update:
install_command += " --force-update"
if insecure_skip_tls_verify:
install_command += " --insecure-skip-tls-verify"
return install_command
@@ -262,6 +273,9 @@ def argument_spec():
),
pass_credentials=dict(type="bool", default=False, no_log=True),
force_update=dict(type="bool", default=False, aliases=["force"]),
insecure_skip_tls_verify=dict(
type="bool", default=False, aliases=["skip_tls_certs_check"]
),
)
)
return arg_spec
@@ -290,6 +304,7 @@ def main():
repo_state = module.params.get("repo_state")
pass_credentials = module.params.get("pass_credentials")
force_update = module.params.get("force_update")
insecure_skip_tls_verify = module.params.get("insecure_skip_tls_verify")
helm_cmd = module.get_helm_binary()
@@ -308,6 +323,7 @@ def main():
repo_password,
pass_credentials,
force_update,
insecure_skip_tls_verify,
)
changed = True
elif repository_status["url"] != repo_url:

14
plugins/modules/helm_template.py
View File

@@ -72,6 +72,13 @@ options:
- If the directory already exists, it will be overwritten.
required: false
type: path
insecure_registry:
description:
- Skip TLS certificate checks for the chart download
required: false
type: bool
default: false
version_added: 5.1.0
release_name:
description:
- Release name to use in rendered templates.
@@ -221,6 +228,7 @@ def template(
dependency_update=None,
disable_hook=None,
output_dir=None,
insecure_registry=None,
show_only=None,
release_name=None,
release_namespace=None,
@@ -251,6 +259,9 @@ def template(
if output_dir:
cmd += " --output-dir=" + output_dir
if insecure_registry:
cmd += " --insecure-skip-tls-verify"
if show_only:
for template in show_only:
cmd += " -s " + template
@@ -289,6 +300,7 @@ def main():
include_crds=dict(type="bool", default=False),
release_name=dict(type="str", aliases=["name"]),
output_dir=dict(type="path"),
insecure_registry=dict(type="bool", default=False),
release_namespace=dict(type="str"),
release_values=dict(type="dict", default={}, aliases=["values"]),
show_only=dict(type="list", default=[], elements="str"),
@@ -308,6 +320,7 @@ def main():
include_crds = module.params.get("include_crds")
release_name = module.params.get("release_name")
output_dir = module.params.get("output_dir")
insecure_registry = module.params.get("insecure_registry")
show_only = module.params.get("show_only")
release_namespace = module.params.get("release_namespace")
release_values = module.params.get("release_values")
@@ -337,6 +350,7 @@ def main():
disable_hook=disable_hook,
release_name=release_name,
output_dir=output_dir,
insecure_registry=insecure_registry,
release_namespace=release_namespace,
release_values=release_values,
show_only=show_only,

7
plugins/modules/k8s.py
View File

@@ -181,17 +181,18 @@ options:
- This parameter can be used with C(label_selectors) to restrict the resources to be deleted.
type: bool
default: false
version_added: 2.5.0
version_added: 3.0.0
aliases:
- all
hidden_fields:
description:
- Hide fields matching this option in the result
- An example might be C(hidden_fields=[metadata.managedFields])
- Only field definitions that don't reference list items are supported (so V(spec.containers[0]) would not work)
or V(hidden_fields=[spec.containers[0].env[3].value])
or V(hidden_fields=[metadata.annotations[kubectl.kubernetes.io/last-applied-configuration]])
type: list
elements: str
version_added: 2.5.0
version_added: 3.0.0
requirements:
- "python >= 3.9"

27
plugins/modules/k8s_drain.py
View File

@@ -47,7 +47,7 @@ options:
- This option has effect only when C(state) is set to I(drain).
type: list
elements: str
version_added: 2.5.0
version_added: 3.0.0
aliases:
- label_selectors
delete_options:
@@ -106,6 +106,7 @@ EXAMPLES = r"""
kubernetes.core.k8s_drain:
state: drain
name: foo
delete_options:
force: yes
- name: Drain node "foo", but abort if there are pods not managed by a ReplicationController, Job, or DaemonSet, and use a grace period of 15 minutes.
@@ -143,6 +144,7 @@ result:
"""
import copy
import json
import time
import traceback
from datetime import datetime
@@ -187,6 +189,17 @@ except ImportError:
HAS_EVICTION_API = False
def format_dynamic_api_exc(exc):
if exc.body:
if exc.headers and exc.headers.get("Content-Type") == "application/json":
message = json.loads(exc.body).get("message")
if message:
return message
return exc.body
else:
return "%s Reason: %s" % (exc.status, exc.reason)
def filter_pods(pods, force, ignore_daemonset, delete_emptydir_data):
k8s_kind_mirror = "kubernetes.io/config.mirror"
daemonSet, unmanaged, mirror, localStorage, to_delete = [], [], [], [], []
@@ -291,16 +304,19 @@ class K8sDrainAnsible(object):
return (datetime.now() - start).seconds
response = None
pod = pods.pop()
pod = None
while (_elapsed_time() < wait_timeout or wait_timeout == 0) and pods:
if not pod:
pod = pods.pop()
pod = pods[-1]
try:
response = self._api_instance.read_namespaced_pod(
namespace=pod[0], name=pod[1]
)
if not response:
if not response or response.spec.node_name != self._module.params.get(
"name"
):
pod = None
del pods[-1]
time.sleep(wait_sleep)
except ApiException as exc:
if exc.reason != "Not Found":
@@ -308,6 +324,7 @@ class K8sDrainAnsible(object):
msg="Exception raised: {0}".format(exc.reason)
)
pod = None
del pods[-1]
except Exception as e:
self._module.fail_json(msg="Exception raised: {0}".format(to_native(e)))
if not pods:
@@ -334,7 +351,7 @@ class K8sDrainAnsible(object):
if exc.reason != "Not Found":
self._module.fail_json(
msg="Failed to delete pod {0}/{1} due to: {2}".format(
namespace, name, exc.reason
namespace, name, to_native(format_dynamic_api_exc(exc))
)
)
except Exception as exc:

5
plugins/modules/k8s_info.py
View File

@@ -48,10 +48,11 @@ options:
description:
- Hide fields matching any of the field definitions in the result
- An example might be C(hidden_fields=[metadata.managedFields])
- Only field definitions that don't reference list items are supported (so V(spec.containers[0]) would not work)
or V(hidden_fields=[spec.containers[0].env[3].value])
or V(hidden_fields=[metadata.annotations[kubectl.kubernetes.io/last-applied-configuration]])
type: list
elements: str
version_added: 2.5.0
version_added: 3.0.0
extends_documentation_fragment:
- kubernetes.core.k8s_auth_options

3
tests/integration/targets/helm/defaults/main.yml
View File

@@ -3,6 +3,7 @@ helm_default_archive_name: "helm-{{ helm_version }}-{{ ansible_system | lower }}
helm_binary: "/tmp/helm/{{ ansible_system | lower }}-amd64/helm"
chart_test: "ingress-nginx"
chart_test_oci: "oci://registry-1.docker.io/bitnamicharts/redis"
chart_test_local_path: "nginx-ingress"
chart_test_version: 4.2.4
chart_test_version_local_path: 1.32.0
@@ -26,3 +27,5 @@ test_namespace:
- "helm-from-url"
- "helm-reuse-values"
- "helm-chart-with-space-into-name"
- "helm-reset-then-reuse-values"
- "helm-insecure"

3
tests/integration/targets/helm/tasks/main.yml
View File

@@ -4,4 +4,5 @@
loop_control:
loop_var: helm_version
with_items:
- "v3.7.0"
- "v3.15.4"
- "v3.16.0"

6
tests/integration/targets/helm/tasks/run_test.yml
View File

@@ -28,6 +28,9 @@
- name: test helm upgrade with reuse_values
include_tasks: test_helm_reuse_values.yml
- name: test helm upgrade with reset_then_reuse_values
include_tasks: test_helm_reset_then_reuse_values.yml
- name: test helm dependency update
include_tasks: test_up_dep.yml
@@ -41,6 +44,9 @@
- name: Test Skip CRDS feature in helm chart install
include_tasks: test_crds.yml
- name: Test insecure registry flag feature
include_tasks: test_helm_insecure.yml
- name: Clean helm install
file:
path: "{{ item }}"

11
tests/integration/targets/helm/tasks/test_crds.yml
View File

@@ -3,12 +3,23 @@
vars:
test_chart: "test-crds"
helm_namespace: "{{ test_namespace[0] }}"
helm_binary: helm
block:
- name: Create namespace
k8s:
kind: Namespace
name: "{{ helm_namespace }}"
- name: Check if CRD resource is already present
k8s_info:
namespace: default
kind: Foo
api_version: ansible.com/v1
ignore_errors: true
register: crd_check
- when: crd_check is failed
block:
- name: Copy test chart
copy:
src: "{{ test_chart }}"

52
tests/integration/targets/helm/tasks/test_helm_insecure.yml Normal file
View File

@@ -0,0 +1,52 @@
---
- name: Test helm insecure
vars:
helm_namespace: "{{ test_namespace[12] }}"
block:
- name: Initial chart installation (no flag set)
helm:
binary_path: "{{ helm_binary }}"
chart_ref: "{{ chart_test_oci }}"
release_name: test-secure
release_namespace: "{{ helm_namespace }}"
create_namespace: true
register: install
- name: Validate that insecure flag is not set
assert:
that:
- install is changed
- '"--insecure-skip-tls-verify" not in install.command'
- name: Initial chart installation (insecure flag set)
helm:
binary_path: "{{ helm_binary }}"
chart_ref: "{{ chart_test_oci }}"
release_name: test-insecure
release_namespace: "{{ helm_namespace }}"
insecure_skip_tls_verify: true
register: install
ignore_errors: true
- name: Validate that insecure flag IS set if helm version is >= 3.16.0
assert:
that:
- install is changed
- '"--insecure-skip-tls-verify" in install.command'
when: '"v3.16.0" <= helm_version'
- name: Validate that feature fails for helm < 3.16.0
assert:
that:
- install is failed
- '"insecure_skip_tls_verify requires helm >= 3.16.0" in install.msg'
when: 'helm_version < "v3.16.0"'
always:
- name: Remove helm namespace
k8s:
api_version: v1
kind: Namespace
name: "{{ helm_namespace }}"
state: absent

8
tests/integration/targets/helm/tasks/test_helm_not_installed.yml
View File

@@ -13,3 +13,11 @@
that:
- helm_missing_binary is failed
- "'No such file or directory' in helm_missing_binary.msg"
when: ansible_version.full is version('2.20', '<')
- name: Assert that helm is not installed (ansible 2.20+)
assert:
that:
- helm_missing_binary is failed
- "'Error executing command' in helm_missing_binary.msg"
when: ansible_version.full is version('2.20', '>=')

75
tests/integration/targets/helm/tasks/test_helm_reset_then_reuse_values.yml Normal file
View File

@@ -0,0 +1,75 @@
---
- name: Test helm reset_then_reuse_values
vars:
helm_namespace: "{{ test_namespace[11] }}"
chart_release_values:
replica:
replicaCount: 3
master:
count: 1
kind: Deployment
chart_reset_then_reuse_values:
replica:
replicaCount: 1
master:
count: 3
block:
- name: Initial chart installation
helm:
binary_path: "{{ helm_binary }}"
chart_ref: oci://registry-1.docker.io/bitnamicharts/redis
release_name: test-redis
release_namespace: "{{ helm_namespace }}"
create_namespace: true
release_values: "{{ chart_release_values }}"
register: install
- name: Get value set as string
helm_info:
binary_path: "{{ helm_binary }}"
release_name: test-redis
release_namespace: "{{ helm_namespace }}"
register: release_value
- name: Validate that chart values are as expected
assert:
that:
- install is changed
- '"--reset-then-reuse-values" not in install.command'
- release_value["status"]["values"] == chart_release_values
- name: Upgrade chart using reset_then_reuse_values=true
helm:
binary_path: "{{ helm_binary }}"
chart_ref: oci://registry-1.docker.io/bitnamicharts/redis
release_name: test-redis
release_namespace: "{{ helm_namespace }}"
reuse_values: false
reset_values: false
reset_then_reuse_values: true
release_values: "{{ chart_reset_then_reuse_values }}"
register: upgrade
- name: Get value set as string
helm_info:
binary_path: "{{ helm_binary }}"
release_name: test-redis
release_namespace: "{{ helm_namespace }}"
register: release_value
- name: Validate that chart values are as expected
assert:
that:
- upgrade is changed
- '"--reset-then-reuse-values" in upgrade.command'
- '"--reuse-values " not in upgrade.command'
- '"--reset-values" not in upgrade.command'
- release_value["status"]["values"] == chart_release_values | combine(chart_reset_then_reuse_values, recursive=true)
always:
- name: Remove helm namespace
k8s:
api_version: v1
kind: Namespace
name: "{{ helm_namespace }}"
state: absent

6
tests/integration/targets/helm/tasks/test_helm_reuse_values.yml
View File

@@ -17,8 +17,7 @@
- name: Initial chart installation
helm:
binary_path: "{{ helm_binary }}"
chart_ref: redis
chart_repo_url: https://charts.bitnami.com/bitnami
chart_ref: oci://registry-1.docker.io/bitnamicharts/redis
release_name: test-redis
release_namespace: "{{ helm_namespace }}"
create_namespace: true
@@ -42,8 +41,7 @@
- name: Upgrade chart using reuse_values=true
helm:
binary_path: "{{ helm_binary }}"
chart_ref: redis
chart_repo_url: https://charts.bitnami.com/bitnami
chart_ref: oci://registry-1.docker.io/bitnamicharts/redis
release_name: test-redis
release_namespace: "{{ helm_namespace }}"
reuse_values: true

6
tests/integration/targets/helm/tasks/tests_chart.yml
View File

@@ -374,8 +374,8 @@
chart_ref: "{{ chart_source }}"
chart_version: "{{ chart_source_version | default(omit) }}"
disable_hook: True
release_name: "MyRelease"
release_namespace: "MyReleaseNamespace"
release_name: "myrelease"
release_namespace: "myreleasenamespace"
show_only:
- "templates/configmap.yaml"
release_values:
@@ -388,7 +388,7 @@
- result is changed
- result is not failed
- result.rc == 0
- result.command is match(helm_binary+" template MyRelease "+chart_source)
- result.command is match(helm_binary+" template myrelease "+chart_source)
- result.stdout is search("ThisValue")
when: chart_source is search("test-chart")
# limit assertion of test result to controlled (local) chart_source

6
tests/integration/targets/helm_diff/files/test-chart-deployment-time/Chart.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v2
name: test-chart-deployment-time
description: A chart with a config map containing the deployment time in data
type: application
version: 0.1.0
appVersion: "default"

7
tests/integration/targets/helm_diff/files/test-chart-deployment-time/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ default "ansible-configmap" .Values.myConfigmapName }}
data:
myValue: {{ default "test" .Values.myValue }}
deploymentTime: {{ now }}

1
tests/integration/targets/helm_diff/meta/main.yml
View File

@@ -2,3 +2,4 @@
dependencies:
- remove_namespace
- install_helm
- setup_helm_registry

146
tests/integration/targets/helm_diff/tasks/main.yml
View File

@@ -2,7 +2,6 @@
- name: Test helm diff functionality
vars:
test_chart_ref: "/tmp/test-chart"
redis_chart_version: '17.0.5'
block:
@@ -11,7 +10,7 @@
binary_path: "{{ helm_binary }}"
state: present
plugin_path: https://github.com/databus23/helm-diff
plugin_version: 3.4.0
plugin_version: 3.9.13
- name: Copy test chart
copy:
@@ -24,7 +23,7 @@
name: test-chart
namespace: "{{ helm_namespace }}"
chart_ref: "{{ test_chart_ref }}"
create_namespace: yes
create_namespace: true
register: install
- assert:
@@ -49,8 +48,8 @@
name: test-chart
namespace: "{{ helm_namespace }}"
chart_ref: "{{ test_chart_ref }}"
check_mode: yes
diff: yes
check_mode: true
diff: true
register: diff_result
- name: Check if helm diff check is correct
@@ -79,7 +78,7 @@
namespace: "{{ helm_namespace }}"
chart_ref: "{{ test_chart_ref }}"
check_mode: yes
diff: yes
diff: true
register: diff_result
- name: Check if no diff in check mode when no change
@@ -101,7 +100,7 @@
- name: Modify values
blockinfile:
create: yes
create: true
path: "{{ test_chart_ref }}/values.yml"
block: |
---
@@ -206,52 +205,76 @@
- install is not changed
# Test helm diff with chart_repo_url
- name: Define Redis chart values
set_fact:
redis_chart_values:
commonLabels:
phase: testing
company: RedHat
image:
tag: 6.2.6-debian-10-r135
architecture: standalone
- name: Install Redis chart
helm:
binary_path: "{{ helm_binary }}"
chart_repo_url: https://charts.bitnami.com/bitnami
chart_ref: redis
namespace: "{{ helm_namespace }}"
name: redis-chart
chart_version: "{{ redis_chart_version }}"
release_values: "{{ redis_chart_values }}"
- name: Upgrade Redis chart
helm:
binary_path: "{{ helm_binary }}"
chart_repo_url: https://charts.bitnami.com/bitnami
chart_ref: redis
namespace: "{{ helm_namespace }}"
name: redis-chart
chart_version: "{{ redis_chart_version }}"
release_values: "{{ redis_chart_values }}"
check_mode: yes
register: redis_upgrade
- name: Assert that module raised a warning
assert:
that:
- not redis_upgrade.changed
- redis_upgrade.warnings is defined
- redis_upgrade.warnings | length == 1
- redis_upgrade.warnings[0] == "The default idempotency check can fail to report changes in certain cases. Install helm diff >= 3.4.1 for better results."
- name: Uninstall helm diff
helm_plugin:
binary_path: "{{ helm_binary }}"
state: absent
plugin_name: diff
ignore_errors: yes
ignore_errors: true
- name: Define chart variables
set_fact:
test_chart_values:
myValue: 'Some ConfigMap data value'
myConfigmapName: 'ansible-config-from-url'
test_chart_version: 0.1.0
test_chart_ref_url: "oci://localhost:6035/testing/test-chart-deployment-time"
- name: Deploy chart to remote registry
block:
- name: Create local directory to copy chart in
ansible.builtin.tempfile:
suffix: .chart
state: directory
register: _tmpd
- name: Copy local registry
ansible.builtin.copy:
dest: "{{ _tmpd.path }}"
src: '{{ role_path }}/files/test-chart-deployment-time'
- name: Push chart to helm registry
ansible.builtin.include_role:
name: push_to_helm_registry
vars:
chart_local_path: '{{ _tmpd.path }}/test-chart-deployment-time'
chart_repo_path: 'testing'
always:
- name: Delete temporary directory
ansible.builtin.file:
state: absent
path: '{{ _tmpd.path }}'
- name: Log into Helm registry
ansible.builtin.command: "{{ helm_binary }} registry login -u testuser -p 'pass123!' localhost:6035"
- name: Install chart from remote URL
helm:
binary_path: "{{ helm_binary }}"
chart_ref: "{{ test_chart_ref_url }}"
chart_version: 0.1.0
namespace: "{{ helm_namespace }}"
name: another-chart
release_values: "{{ test_chart_values }}"
- name: Upgrade chart
helm:
binary_path: "{{ helm_binary }}"
chart_ref: "{{ test_chart_ref_url }}"
chart_version: 0.1.0
namespace: "{{ helm_namespace }}"
name: another-chart
release_values: "{{ test_chart_values }}"
check_mode: true
register: _upgrade
- name: Assert that module raised a warning
assert:
that:
- not _upgrade.changed
- _upgrade.warnings is defined
- _upgrade.warnings | length == 1
- _upgrade.warnings[0] == "The default idempotency check can fail to report changes in certain cases. Install helm diff >= 3.4.1 for better results."
- name: Install helm diff (version=3.4.1)
helm_plugin:
@@ -260,37 +283,36 @@
plugin_path: https://github.com/databus23/helm-diff
plugin_version: 3.4.1
- name: Upgrade Redis chart once again
- name: Upgrade chart once again
helm:
binary_path: "{{ helm_binary }}"
chart_repo_url: https://charts.bitnami.com/bitnami
chart_ref: redis
chart_ref: "{{ test_chart_ref_url }}"
chart_version: 0.1.0
namespace: "{{ helm_namespace }}"
name: redis-chart
chart_version: "{{ redis_chart_version }}"
release_values: "{{ redis_chart_values }}"
check_mode: yes
register: redis_upgrade_2
name: another-chart
release_values: "{{ test_chart_values }}"
check_mode: true
register: _upgrade_2
- name: Assert that module raised a warning
assert:
that:
- redis_upgrade_2.changed
- redis_upgrade_2.warnings is not defined
- _upgrade_2.changed
- _upgrade_2.warnings is not defined
always:
- name: Remove chart directory
file:
path: "{{ test_chart_ref }}"
state: absent
ignore_errors: yes
ignore_errors: true
- name: Uninstall helm diff
helm_plugin:
binary_path: "{{ helm_binary }}"
state: absent
plugin_name: diff
ignore_errors: yes
ignore_errors: true
- name: Remove helm namespace
k8s:
@@ -299,6 +321,8 @@
name: "{{ helm_namespace }}"
state: absent
wait: true
ignore_errors: yes
ignore_errors: true
- include_tasks: reuse_values.yml
- include_tasks: reset_then_reuse_values.yml

189
tests/integration/targets/helm_diff/tasks/reset_then_reuse_values.yml Normal file
View File

@@ -0,0 +1,189 @@
---
- name: Create temporary directory for helm chart
tempfile:
suffix: .helm
state: directory
register: helm_dir
- name: Test helm diff functionality
vars:
test_chart_path: "{{ helm_dir.path }}/test-chart-reuse-values"
test_release_name: "myrelease"
block:
- name: Install helm diff
kubernetes.core.helm_plugin:
binary_path: "{{ helm_binary }}"
state: present
plugin_path: https://github.com/databus23/helm-diff
plugin_version: 3.9.14
- name: Copy test chart
ansible.builtin.copy:
src: "test-chart-reuse-values"
dest: "{{ helm_dir.path }}"
- name: Delete existing namespace
kubernetes.core.k8s:
state: absent
wait: true
kind: Namespace
name: "{{ helm_namespace }}"
ignore_errors: true
- name: Create helm release
kubernetes.core.helm:
state: present
binary_path: "{{ helm_binary }}"
chart_ref: "{{ test_chart_path }}"
release_name: "{{ test_release_name }}"
release_namespace: "{{ helm_namespace }}"
create_namespace: true
release_values:
ansible_version: devel
phase: ci
wait: true
- name: Upgrade helm release (reset_values=false and reuse_values=false and reset_then_reuse_values=true)
kubernetes.core.helm:
binary_path: "{{ helm_binary }}"
chart_ref: "{{ test_chart_path }}"
reset_values: false
reuse_values: false
reset_then_reuse_values: true
release_name: "{{ test_release_name }}"
release_namespace: "{{ helm_namespace }}"
values:
ansible_version: devel
register: helm_upgrade
- name: Ensure task did not reported change
assert:
that:
- helm_upgrade is not changed
- name: Upgrade helm release (reset_then_reuse_values=true with default value for reset_values and reuse_values=false)
kubernetes.core.helm:
binary_path: "{{ helm_binary }}"
chart_ref: "{{ test_chart_path }}"
reuse_values: false
reset_then_reuse_values: true
release_name: "{{ test_release_name }}"
release_namespace: "{{ helm_namespace }}"
values:
ansible_version: devel
register: helm_upgrade
- name: Ensure task reported change
assert:
that:
- helm_upgrade is changed
# Delete helm and helm diff to install older version
- name: Uninstall helm diff
helm_plugin:
binary_path: "{{ helm_binary }}"
state: absent
plugin_name: diff
ignore_errors: true
- name: Delete Helm folders
file:
path: /tmp/helm/
state: absent
- name: Init Helm folders
file:
path: /tmp/helm
state: directory
- name: Set Helm old version
set_fact:
helm_archive_name: "helm-v3.8.0-linux-amd64.tar.gz"
helm_diff_old_version: "3.8.0"
- name: Unarchive Helm binary
unarchive:
src: "https://get.helm.sh/{{ helm_archive_name | default(helm_default_archive_name) }}"
dest: /tmp/helm/
remote_src: yes
retries: 10
delay: 5
register: result
until: result is not failed
- name: Upgrade helm release (with reset_then_reuse_values=true)
kubernetes.core.helm:
binary_path: "{{ helm_binary }}"
chart_ref: "{{ test_chart_path }}"
reuse_values: false
reset_then_reuse_values: true
release_name: "{{ test_release_name }}"
release_namespace: "{{ helm_namespace }}"
values:
ansible_version: test
register: helm_upgrade
ignore_errors: true
- name: Debug
debug:
var: helm_upgrade
- name: Ensure warning for Helm version
assert:
that:
- helm_upgrade is failed
- '"reset_then_reuse_values requires helm >= 3.14.0, current version is" in helm_upgrade.msg'
- name: Install helm diff
helm_plugin:
binary_path: "{{ helm_binary }}"
state: present
plugin_path: https://github.com/databus23/helm-diff
plugin_version: "{{ helm_diff_old_version }}"
- name: Upgrade helm release (with reset_then_reuse_values=true)
kubernetes.core.helm:
binary_path: "{{ helm_binary }}"
chart_ref: "{{ test_chart_path }}"
reuse_values: false
reset_then_reuse_values: true
release_name: "{{ test_release_name }}"
release_namespace: "{{ helm_namespace }}"
values:
ansible_version: devel
register: helm_upgrade
ignore_errors: true
- name: Debug
debug:
var: helm_upgrade
- name: Ensure warning for Helm Diff version
assert:
that:
- helm_upgrade is failed
- '"reset_then_reuse_values requires helm diff >= 3.9.12, current version is" in helm_upgrade.msg'
always:
- name: Remove temporary directory
file:
path: "{{ helm_dir.path }}"
state: absent
ignore_errors: true
- name: Uninstall helm diff
kubernetes.core.helm_plugin:
binary_path: "{{ helm_binary }}"
state: absent
plugin_name: diff
ignore_errors: true
- name: Remove helm namespace
kubernetes.core.k8s:
api_version: v1
kind: Namespace
name: "{{ helm_namespace }}"
state: absent
wait: true
ignore_errors: true

1
tests/integration/targets/helm_diff/tasks/reuse_values.yml
View File

@@ -90,4 +90,5 @@
kind: Namespace
name: "{{ helm_namespace }}"
state: absent
wait: true
ignore_errors: true

27
tests/integration/targets/helm_kubeconfig/tasks/tests_helm_auth.yml
View File

@@ -18,7 +18,12 @@
- set_fact:
saved_kubeconfig_path: "{{ _dir.path }}/config"
- block:
- vars:
helm_repo_name: autoscaler
helm_repo_url: "https://kubernetes.github.io/autoscaler"
helm_release_name: "autoscaler"
helm_chart_name: "cluster-autoscaler"
block:
- name: Copy default kubeconfig
copy:
remote_src: true
@@ -59,14 +64,14 @@
- plugin_info.plugin_list != []
# helm_repository, helm, helm_info
- name: Add test_bitnami chart repository
- name: 'Add "{{ helm_repo_name }}" chart repository'
helm_repository:
binary_path: "{{ helm_binary }}"
name: test_bitnami
name: "{{ helm_repo_name }}"
kubeconfig: "{{ test_kubeconfig | default(omit) }}"
validate_certs: "{{ test_validate_certs | default(omit) }}"
ca_cert: "{{ test_ca_cert | default(omit) }}"
repo_url: https://charts.bitnami.com/bitnami
repo_url: "{{ helm_repo_url }}"
register: repository
- name: Assert that repository was added
@@ -77,8 +82,8 @@
- name: Install chart from repository added before
helm:
binary_path: "{{ helm_binary }}"
name: rabbitmq
chart_ref: test_bitnami/rabbitmq
name: "{{ helm_release_name }}"
chart_ref: "{{ helm_repo_name }}/{{ helm_chart_name }}"
namespace: "{{ helm_namespace }}"
update_repo_cache: true
kubeconfig: "{{ test_kubeconfig | default(omit) }}"
@@ -98,7 +103,7 @@
kubeconfig: "{{ test_kubeconfig | default(omit) }}"
validate_certs: "{{ test_validate_certs | default(omit) }}"
ca_cert: "{{ test_ca_cert | default(omit) }}"
name: "rabbitmq"
name: "{{ helm_release_name }}"
namespace: "{{ helm_namespace }}"
register: chart_info
@@ -112,7 +117,7 @@
- name: Remove chart
helm:
binary_path: "{{ helm_binary }}"
name: rabbitmq
name: "{{ helm_release_name }}"
namespace: "{{ helm_namespace }}"
kubeconfig: "{{ test_kubeconfig | default(omit) }}"
validate_certs: "{{ test_validate_certs | default(omit) }}"
@@ -131,7 +136,7 @@
kubeconfig: "{{ test_kubeconfig | default(omit) }}"
validate_certs: "{{ test_validate_certs | default(omit) }}"
ca_cert: "{{ test_ca_cert | default(omit) }}"
name: "rabbitmq"
name: "{{ helm_release_name }}"
namespace: "{{ helm_namespace }}"
register: chart_info
@@ -143,7 +148,7 @@
- name: Remove chart repository
helm_repository:
binary_path: "{{ helm_binary }}"
name: test_bitnami
name: "{{ helm_repo_name }}"
kubeconfig: "{{ test_kubeconfig | default(omit) }}"
validate_certs: "{{ test_validate_certs | default(omit) }}"
ca_cert: "{{ test_ca_cert | default(omit) }}"
@@ -192,6 +197,6 @@
- name: Delete helm repository
helm_repository:
binary_path: "{{ helm_binary }}"
name: test_bitnami
name: "{{ helm_repo_name }}"
state: absent
ignore_errors: true

4
tests/integration/targets/helm_pull/tasks/main.yml
View File

@@ -180,6 +180,7 @@
- '"--username ansible" in _result.command'
- '"--password ***" in _result.command'
- '"--keyring pubring.gpg" in _result.command'
- '"Module did not set no_log for pass_credentials" not in _result.stderr'
- name: Download chart using chart_ref
helm_pull:
@@ -203,9 +204,8 @@
- name: Download chart using untar_chart
helm_pull:
binary_path: "{{ helm_path }}"
chart_ref: redis
chart_ref: "oci://registry-1.docker.io/bitnamicharts/redis"
destination: "{{ destination }}"
repo_url: "https://charts.bitnami.com/bitnami"
untar_chart: true
register: _result

2
tests/integration/targets/helm_registry_auth/aliases Normal file
View File

@@ -0,0 +1,2 @@
time=16
helm_registry_auth

9
tests/integration/targets/helm_registry_auth/defaults/main.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
# Username and password for the registry
# ../files/registry.password contains username and hashed password
username: testuser
password: testpassword
wrong_password: 'WrongPassword'
registry_name: oci_registry
registry_port: 5000
test_chart: https://github.com/grafana/helm-charts/releases/download/k8s-monitoring-1.6.8/k8s-monitoring-1.6.8.tgz

1
tests/integration/targets/helm_registry_auth/files/registry.password Normal file
View File

@@ -0,0 +1 @@
testuser:$2y$05$PmdUjSCJYdRUZlsYy8QGWuJDiwuHtWXa28YrELlN5haeHkZ1seZZG

3
tests/integration/targets/helm_registry_auth/meta/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
dependencies:
- install_helm

7
tests/integration/targets/helm_registry_auth/playbook.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
- name: Test helm_registry_auth module
hosts: localhost
connection: local
gather_facts: true
roles:
- helm_registry_auth

5
tests/integration/targets/helm_registry_auth/runme.sh Executable file
View File

@@ -0,0 +1,5 @@
#!/usr/bin/env bash
set -eux
export ANSIBLE_CALLBACKS_ENABLED=profile_tasks
export ANSIBLE_ROLES_PATH=../
ansible-playbook playbook.yaml "$@"

182
tests/integration/targets/helm_registry_auth/tasks/main.yaml Normal file
View File

@@ -0,0 +1,182 @@
---
- name: Run module test
# using a shell and command module to run the test as test can be non-idempotent
# and it allow to not install any additional dependencies
block:
- name: Ensure that helm is installed
ansible.builtin.shell: helm version --client --short | grep v3
register: _helm_version
failed_when: _helm_version.rc != 0
- name: Ensure that Docker demon is running
ansible.builtin.command: "docker info"
register: _docker_info
failed_when: _docker_info.rc != 0
- name: Create a tmpfile htpasswd directory
ansible.builtin.tempfile:
state: directory
suffix: .httppasswd
register: _tmpfile
- name: Copy htpasswd to the tmpfile directory
ansible.builtin.copy:
src: registry.password
dest: "{{ _tmpfile.path }}/registry.password"
- name: Setup the registry
ansible.builtin.command: >-
docker run -d --rm
-p {{ registry_port }}:5000
--name "{{ registry_name }}"
-v "{{ _tmpfile.path }}:/auth"
-e "REGISTRY_AUTH=htpasswd"
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/registry.password
registry:2
register: _setup_registry
failed_when: _setup_registry.rc != 0
- name: Ensure that the registry is running and rechable
ansible.builtin.wait_for:
host: localhost
port: "{{ registry_port }}"
- name: Test the registry with correct credentials to ensure that the registry is running
ansible.builtin.shell: >-
echo {{ password | quote }} | helm registry login localhost:{{ registry_port }}
-u {{ username }} --password-stdin
register: _login_correct
failed_when: _login_correct.rc != 0
- name: Clean up credentials to run test on clean environment
ansible.builtin.shell: >-
helm registry logout localhost:{{ registry_port }}
register: _logout
failed_when: _logout.rc != 0
- name: Create directory for helm chart
ansible.builtin.tempfile:
state: directory
suffix: ".helm"
register: _destination
- name: Pull test helm chart
ansible.builtin.uri:
url: "{{ test_chart }}"
dest: "{{ _destination.path }}/k8s-monitoring-1.6.8.tgz"
return_content: no
status_code: 200
- name: Test module helm_registry_auth with correct credentials
helm_registry_auth:
username: "{{ username }}"
password: "{{ password }}"
host: localhost:{{ registry_port }}
state: present
register: _helm_registry_auth_correct
- name: Assert that the registry is logged in
# Helm binary prints the message to stderr, refence: https://github.com/helm/helm/issues/13464
assert:
that:
- "'Login Succeeded' in _helm_registry_auth_correct.stderr"
- "'{{ password }}' not in _helm_registry_auth_correct.command"
- "'{{ password }}' not in _helm_registry_auth_correct.stdout"
- "'{{ password }}' not in _helm_registry_auth_correct.stderr"
- name: Ensure that push to the registry is working
ansible.builtin.shell: >-
helm push "{{ _destination.path }}/k8s-monitoring-1.6.8.tgz" oci://localhost:{{ registry_port }}/test/
register: _save_chart
failed_when: _save_chart.rc != 0
- name: Assert that the chart is saved
# Helm binary prints the message to stderr, refence: https://github.com/helm/helm/issues/13464
assert:
that: "'Pushed: localhost:{{ registry_port }}/test/k8s-monitoring' in _save_chart.stderr"
- name: Test logout
helm_registry_auth:
host: localhost:{{ registry_port }}
state: absent
register: _helm_registry_auth_logout
- name: Assert logout
# Helm binary prints the message to stderr
assert:
that: "'Removing login credentials' in _helm_registry_auth_logout.stderr"
- name: Test idempotency of logout with helm < 3.18.0
when: _helm_version.stdout is ansible.builtin.version('v3.18.0', '<')
block:
- name: Test logout idempotency
helm_registry_auth:
host: localhost:{{ registry_port }}
state: absent
register: _helm_registry_auth_logout_idempotency
- name: Assert logout operation did not report change
ansible.builtin.assert:
that: _helm_registry_auth_logout_idempotency is not changed
- name: Ensure that not able to push to the registry
ansible.builtin.shell: >-
helm push "{{ _destination.path }}/k8s-monitoring-1.6.8.tgz" oci://localhost:{{ registry_port }}/test/
register: _save_chart
failed_when: _save_chart.rc == 0
- name: Read content of ~/.config/helm/registry/config.json
ansible.builtin.slurp:
src: ~/.config/helm/registry/config.json
register: _config_json
- name: Assert that auth data is remove and the chart is not saved
# Helm binary prints the message to stderr
ansible.builtin.assert:
that:
- "'push access denied' in _save_chart.stderr or 'basic credential not found' in _save_chart.stderr"
- "_save_chart.rc != 0"
- "'localhost:{{ registry_port }}' not in _config_json.content | b64decode"
- name: Test module helm_registry_auth with wrong credentials
helm_registry_auth:
username: "{{ username }}"
password: "{{ wrong_password }}"
host: localhost:{{ registry_port }}
state: present
register: _helm_registry_auth_wrong
ignore_errors: true
- name: Read content of ~/.config/helm/registry/config.json
ansible.builtin.slurp:
src: ~/.config/helm/registry/config.json
register: _config_json
- name: Assert that the registry is not logged in and auth data is not saved
ansible.builtin.assert:
that:
- "'401' in _helm_registry_auth_wrong.stderr"
- "'unauthorized' in _helm_registry_auth_wrong.stderr | lower"
- "'{{ wrong_password }}' not in _helm_registry_auth_correct.command"
- "'{{ wrong_password }}' not in _helm_registry_auth_correct.stdout"
- "'{{ wrong_password }}' not in _helm_registry_auth_correct.stderr"
- "'localhost:{{ registry_port }}' not in _config_json.content | b64decode"
# Clean up
always:
- name: Stop and remove the registry
ansible.builtin.command: docker stop {{ registry_name }}
ignore_errors: true
- name: Remove the tmpfile
ansible.builtin.file:
state: absent
path: "{{ item }}"
force: true
loop:
- "{{ _tmpfile.path }}"
- "{{ _destination.path }}"
ignore_errors: true

2
tests/integration/targets/helm_repository/meta/main.yml
View File

@@ -1,3 +1,5 @@
---
collections:
- kubernetes.core
dependencies:
- install_helm

21
tests/integration/targets/helm_repository/tasks/main.yml
View File

@@ -16,6 +16,7 @@
assert:
that:
- repository is changed
- '"--insecure-skip-tls-verify" not in repository.command'
- name: Check idempotency
helm_repository:
@@ -78,3 +79,23 @@
assert:
that:
- repository is not changed
- name: Add test_helm_repo chart repository as insecure
helm_repository:
binary_path: "{{ helm_binary }}"
name: test_helm_repo
repo_url: "{{ chart_test_repo }}"
insecure_skip_tls_verify: true
register: repository
- name: Assert that repository added and flag set
assert:
that:
- repository is changed
- '"--insecure-skip-tls-verify" in repository.command'
- name: Clean test_helm_repo chart repository
helm_repository:
binary_path: "{{ helm_binary }}"
name: test_helm_repo
state: absent

17
tests/integration/targets/helm_set_values/tasks/main.yml
View File

@@ -1,8 +1,7 @@
- name: Install helm using set_values parameters
helm:
binary_path: "{{ helm_binary }}"
chart_ref: mariadb
chart_repo_url: https://charts.bitnami.com/bitnami
chart_ref: oci://registry-1.docker.io/bitnamicharts/mariadb
release_name: test-mariadb
release_namespace: "{{ helm_namespace }}"
create_namespace: true
@@ -36,8 +35,7 @@
- name: Install helm using set_values parameters
helm:
binary_path: "{{ helm_binary }}"
chart_ref: apache
chart_repo_url: https://charts.bitnami.com/bitnami
chart_ref: oci://registry-1.docker.io/bitnamicharts/apache
release_name: test-apache
release_namespace: "{{ helm_namespace }}"
create_namespace: true
@@ -79,8 +77,7 @@
- name: Install helm using set_values parameters
helm:
binary_path: "{{ helm_binary }}"
chart_ref: minio
chart_repo_url: https://charts.bitnami.com/bitnami
chart_ref: oci://registry-1.docker.io/bitnamicharts/minio
release_name: test-minio
release_namespace: "{{ helm_namespace }}"
create_namespace: true
@@ -107,3 +104,11 @@
file:
state: absent
path: "{{ ymlfile.path }}"
ignore_errors: true
- name: Delete namespace
k8s:
state: absent
kind: namespace
name: "{{ helm_namespace }}"
ignore_errors: true

2
tests/integration/targets/install_helm/defaults/main.yml
View File

@@ -1,4 +1,4 @@
---
helm_version: v3.7.0
helm_version: v3.16.4
helm_install_path: /tmp/helm
helm_default_archive_name: "helm-{{ helm_version }}-{{ ansible_system | lower }}-amd64.tar.gz"

7
tests/integration/targets/k8s_apply/tasks/main.yml
View File

@@ -26,7 +26,8 @@
assert:
that:
- k8s_configmap is changed
- k8s_configmap.result.metadata.annotations|default(False)
- '"annotations" in k8s_configmap.result.metadata'
- k8s_configmap.result.metadata.annotations != {}
- name: Add same configmap again
k8s:
@@ -467,7 +468,7 @@
assert:
that:
- k8s_secret is changed
- k8s_secret.result.data.foo
- k8s_secret.result.data.foo != ""
- name: Add same secret
k8s:
@@ -748,7 +749,7 @@
assert:
that:
- _create is changed
- not _info.resources
- _info.resources | length == 0
# server side apply over kubernetes client releases
- name: Create temporary directory

25
tests/integration/targets/k8s_delete/tasks/main.yml
View File

@@ -38,7 +38,7 @@
- name: Assert that there are pods
assert:
that:
- pods_create.resources
- pods_create.resources | length > 0
- name: Remove the daemonset
k8s:
@@ -74,7 +74,7 @@
- name: Assert that deleting the daemonset deleted the pods
assert:
that:
- not pods_delete.resources
- pods_delete.resources | length == 0
# test deletion using label selector
- name: Deploy load balancer
@@ -152,6 +152,27 @@
register: _deployment
failed_when: _deployment.resources | length == 0
- name: Trying to delete nginx deployment in check mode and with deleteOptions set
k8s:
kind: Deployment
api_version: apps/v1
namespace: "{{ test_namespace }}"
name: nginx-d
state: absent
delete_options:
propagationPolicy: Foreground
check_mode: true
register: _delete
- name: Validate that Deployment nginx-d still exists
k8s_info:
kind: Deployment
api_version: apps/v1
namespace: "{{ test_namespace }}"
name: nginx-d
register: _deployment
failed_when: _deployment.resources | length != 1
- name: Trying to delete using delete_all=true but missing kind option
k8s:
api_version: apps/v1

4
tests/integration/targets/k8s_drain/tasks/main.yml
View File

@@ -244,7 +244,7 @@
kind: Pod
name: '{{ drain_pod_name }}'
register: _result
failed_when: _result.resources
failed_when: _result.resources | length > 0
- name: assert that emptyDir pod was deleted
k8s_info:
@@ -346,7 +346,7 @@
kind: Pod
name: '{{ drain_pod_name }}-01'
register: _result
failed_when: _result.resources
failed_when: _result.resources | length > 0
# test: drain using pod_selectors
- name: Uncordon node

12
tests/integration/targets/k8s_full/tasks/main.yml
View File

@@ -394,9 +394,11 @@
register: k8s_info_testing6
failed_when: not k8s_info_testing6.resources or k8s_info_testing6.resources[0].status.phase != "Active"
- name: Create large configmap data
command: dd if=/dev/urandom bs=500K count=1
register: cmap_data
- name: Create a file with specific size and attributes, to be used as swap space
community.general.filesize:
path: /tmp/configmap.bin
size: 500K
source: /dev/urandom
- name: Create configmap with large value
k8s:
@@ -407,7 +409,7 @@
name: testmap
namespace: testing
data:
testkey: "{{ cmap_data.stdout | b64encode }}"
testkey: "{{ lookup('file', '/tmp/configmap.bin') | b64encode }}"
wait: true
register: result
@@ -424,7 +426,7 @@
- assert:
that:
- result.resources[0].data.testkey == (cmap_data.stdout | b64encode)
- result.resources[0].data.testkey == (lookup('file', '/tmp/configmap.bin') | b64encode)
# test setting module defaults for kubernetes.core.k8s_info
- block:

8
tests/integration/targets/k8s_gc/tasks/main.yml
View File

@@ -36,7 +36,7 @@
label_selectors:
- "job=gc"
register: wait_job
until: wait_job.resources
until: wait_job.resources | length > 0
retries: 5
delay: 10
@@ -87,7 +87,7 @@
label_selectors:
- "job=gc"
register: wait_job
until: wait_job.resources
until: wait_job.resources | length > 0
retries: 5
delay: 10
@@ -139,7 +139,7 @@
label_selectors:
- "job=gc"
register: wait_job
until: wait_job.resources
until: wait_job.resources | length > 0
retries: 5
delay: 10
@@ -225,7 +225,7 @@
- name: Assert job is deleted
assert:
that: not job.resources
that: job.resources | length == 0
always:
- name: Delete namespace

17
tests/integration/targets/k8s_hide_fields/tasks/main.yml
View File

@@ -77,6 +77,7 @@
definition: "{{ hide_fields_base_configmap | combine({'data':{'anew':'value'}}) }}"
hidden_fields:
- data
- metadata.annotations[kubectl.kubernetes.io/last-applied-configuration]
apply: true
register: hf6
diff: true
@@ -86,6 +87,22 @@
that:
- hf6.changed
- name: Ensure hidden fields are not present
assert:
that:
- >-
'annotations' not in hf6.result.metadata or
'kubectl.kubernetes.io/last-applied-configuration'
not in hf6.result.metadata.annotations
- >-
'annotations' not in hf6.diff.before.metadata or
'kubectl.kubernetes.io/last-applied-configuration'
not in hf6.diff.before.metadata.annotations
- >-
'annotations' not in hf6.diff.after.metadata or
'kubectl.kubernetes.io/last-applied-configuration'
not in hf6.diff.after.metadata.annotations
- name: Hidden field should not show up in deletion
k8s:
definition: "{{ hide_fields_base_configmap}}"

2
tests/integration/targets/k8s_json_patch/tasks/main.yml
View File

@@ -47,7 +47,7 @@
- result.changed
- result.result.metadata.labels.label2 == "bar"
- result.result.spec.containers[0].image == "busybox:glibc"
- result.diff
- result.diff != {}
- name: Describe pod
kubernetes.core.k8s_info:

2
tests/integration/targets/k8s_manifest_url/tasks/main.yml
View File

@@ -23,7 +23,7 @@
- name: Update directory permissions
file:
path: "{{ manifests_dir.path }}"
mode: 0755
mode: '0755'
- name: Create manifests files
copy:

4
tests/integration/targets/k8s_scale/tasks/main.yml
View File

@@ -129,7 +129,7 @@
that:
- scale_down is changed
- '"duration" in scale_down'
- scale_down.diff
- scale_down.diff != {}
- name: Scale the deployment once again (idempotency)
k8s_scale:
@@ -274,7 +274,7 @@
assert:
that:
- scale_down_no_wait is changed
- scale_down_no_wait.diff
- scale_down_no_wait.diff != {}
- scale_down_no_wait_pods.resources | length == 1
# scale multiple resource using label selectors

2
tests/integration/targets/k8s_taint/tasks/main.yml
View File

@@ -421,7 +421,7 @@
- name: Assert that taints have been removed
assert:
that:
- _result.resources | selectattr('spec.taints', 'undefined')
- _result.resources | selectattr('spec.taints', 'undefined') | list | length > 0
always:

78
tests/integration/targets/k8s_template/tasks/main.yml
View File

@@ -7,7 +7,7 @@
kubernetes.core.k8s_service:
template: "pod_one.j2"
state: present
ignore_errors: yes
ignore_errors: true
register: r
- name: Check for expected failures in last tasks
@@ -35,7 +35,7 @@
k8s_pod_name_one: pod
k8s_pod_namespace: "{{ template_namespace }}"
register: r
ignore_errors: yes
ignore_errors: true
- name: Check if definition and template are mutually exclusive
assert:
@@ -52,7 +52,7 @@
k8s_pod_name_one: pod
k8s_pod_namespace: "{{ template_namespace }}"
register: r
ignore_errors: yes
ignore_errors: true
- name: Check if src and template are mutually exclusive
assert:
@@ -63,7 +63,7 @@
- name: Create pod using template (direct specification)
kubernetes.core.k8s:
template: "pod_one.j2"
wait: yes
wait: true
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name_one: pod-1
@@ -79,7 +79,7 @@
kubernetes.core.k8s:
template:
- default
wait: yes
wait: true
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name_one: pod-2
@@ -96,7 +96,7 @@
kubernetes.core.k8s:
template:
path: "pod_one.j2"
wait: yes
wait: true
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name_one: pod-3
@@ -114,12 +114,11 @@
path: "pod_two.j2"
variable_start_string: '[['
variable_end_string: ']]'
wait: yes
wait: true
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name_two: pod-4
k8s_pod_namespace: "[[ template_namespace ]]"
ansible_python_interpreter: "[[ ansible_playbook_python ]]"
k8s_pod_namespace: "template-test"
register: r
- name: Assert that pod creation succeeded using template
@@ -131,7 +130,7 @@
kubernetes.core.k8s:
template:
path: "pod_three.j2"
wait: yes
wait: true
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name_three_one: pod-5
@@ -152,7 +151,7 @@
variable_start_string: '[['
variable_end_string: ']]'
- path: "pod_three.j2"
wait: yes
wait: true
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name_one: pod-7
@@ -239,63 +238,6 @@
- resource.result.results | selectattr('changed') | list | length == 1
- resource.result.results | selectattr('error', 'defined') | list | length == 1
# Test resource definition using template with 'omit'
- name: Deploy configmap using template
k8s:
namespace: "{{ template_namespace }}"
name: test-data
template: configmap.yml.j2
- name: Read configmap created
k8s_info:
kind: configmap
namespace: "{{ template_namespace }}"
name: test-data
register: _configmap
- name: Validate that the configmap does not contains annotations
assert:
that:
- '"annotations" not in _configmap.resources.0.metadata'
- name: Create resource once again
k8s:
namespace: "{{ template_namespace }}"
name: test-data
template: configmap.yml.j2
register: _configmap
- name: assert that nothing changed
assert:
that:
- _configmap is not changed
- name: Create resource once again (using description)
k8s:
namespace: "{{ template_namespace }}"
name: test-data
template: configmap.yml.j2
register: _configmap
vars:
k8s_configmap_desc: "This is a simple configmap used to test ansible k8s collection"
- name: assert that configmap was changed
assert:
that:
- _configmap is changed
- name: Read configmap created
k8s_info:
kind: configmap
namespace: "{{ template_namespace }}"
name: test-data
register: _configmap
- name: Validate that the configmap does not contains annotations
assert:
that:
- _configmap.resources.0.metadata.annotations.description == "This is a simple configmap used to test ansible k8s collection"
always:
- name: Remove namespace (Cleanup)
kubernetes.core.k8s:

7
tests/integration/targets/k8s_template/templates/configmap.yml.j2
View File

@@ -1,7 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
annotations:
description: "{{ k8s_configmap_desc | default(omit) }}"
data:
key: "testing-template"

3
tests/integration/targets/k8s_waiter/defaults/main.yml
View File

@@ -5,6 +5,7 @@ k8s_pod_metadata:
k8s_pod_spec:
serviceAccount: "{{ k8s_pod_service_account }}"
nodeSelector: "{{ k8s_pod_node_selector }}"
containers:
- image: "{{ k8s_pod_image }}"
imagePullPolicy: Always
@@ -33,6 +34,8 @@ k8s_pod_ports: []
k8s_pod_env: []
k8s_pod_node_selector: {}
k8s_pod_template:
metadata: "{{ k8s_pod_metadata }}"
spec: "{{ k8s_pod_spec }}"

42
tests/integration/targets/k8s_waiter/tasks/main.yml
View File

@@ -127,6 +127,48 @@
- ds.result.status.currentNumberScheduled == ds.result.status.desiredNumberScheduled
- updated_ds_pods.resources[0].spec.containers[0].image.endswith(":3")
- name: Create daemonset with nodeSelector and not existing label
k8s:
definition:
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: wait-daemonset-not-existing-label
namespace: "{{ wait_namespace }}"
spec:
selector:
matchLabels:
app: "{{ k8s_pod_name }}"
template: "{{ k8s_pod_template }}"
wait: yes
wait_sleep: 5
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name: wait-daemonset-not-existing-label
k8s_pod_image: gcr.io/kuar-demo/kuard-amd64:1
k8s_pod_command:
- sleep
- "600"
k8s_pod_node_selector:
nonExisitingLabel: test-not-exiting-label
register: ds_not_existing_label
- name: Get updated pods
k8s_info:
api_version: v1
kind: Pod
namespace: "{{ wait_namespace }}"
label_selectors:
- app=wait-daemonset-not-existing-label
register: updated_ds_pods_not_existing_label
- name: Check that daemonset wait worked (when desired number is 0)
assert:
that:
- ds_not_existing_label.result.status.currentNumberScheduled == ds_not_existing_label.result.status.desiredNumberScheduled
- ds_not_existing_label.result.status.desiredNumberScheduled == 0
- updated_ds_pods_not_existing_label.resources | length == 0
- name: Add a statefulset
k8s:
definition:

4
tests/integration/targets/lookup_k8s/tasks/main.yml
View File

@@ -56,8 +56,8 @@
# Without wantlist=True lookup should return mapping
- test5 is mapping
- test6 is mapping
# errors='ignore'
- test7 is string
# errors='ignore' (return null with ansible-core 2.19)
- test7 is string or not test7
- test8 is not defined
- name: Create another namespace with label

2
tests/integration/targets/lookup_kustomize/tasks/main.yml
View File

@@ -45,7 +45,7 @@
- name: make script as executable
file:
path: "{{ tmp_dir_path }}/install_kustomize.sh"
mode: 0755
mode: '0755'
- name: Install kustomize
command: "{{ tmp_dir_path }}/install_kustomize.sh"

1
tests/integration/targets/push_to_helm_registry/aliases Normal file
View File

@@ -0,0 +1 @@
disabled

5
tests/integration/targets/push_to_helm_registry/defaults/main.yml Normal file
View File

@@ -0,0 +1,5 @@
---
helm_binary_path: "helm"
chart_repo_url: 'localhost:6035'
chart_repo_username: testuser
chart_repo_password: 'pass123!'

38
tests/integration/targets/push_to_helm_registry/tasks/main.yml Normal file
View File

@@ -0,0 +1,38 @@
---
- name: Ensure we can log into the helm registry
command: >-
{{ helm_binary_path }} registry login
-u {{ chart_repo_username }}
-p {{ chart_repo_password }}
{{ chart_repo_url }}
- name: Package chart and push to helm registry
block:
- name: Create temporary directory to store chart
ansible.builtin.tempfile:
state: directory
suffix: .chart
register: _tmpfile
- name: Package helm chart
command: '{{ helm_binary_path }} package {{ chart_local_path }} --destination {{ _tmpfile.path }}'
- name: Locate helm chart package
ansible.builtin.find:
paths: "{{ _tmpfile.path }}"
patterns: '*.tgz'
register: _files
- name: Helm push chart to the registry
command: '{{ helm_binary_path }} push {{ _files.files.0.path }} oci://{{ chart_repo_url }}/{{ chart_repo_path }}'
always:
- name: Logout from registry
command: '{{ helm_binary_path }} registry logout {{ chart_repo_url }}'
ignore_errors: true
- name: Delete temporary directory
ansible.builtin.file:
state: absent
path: '{{ _tmpfile.path }}'
ignore_errors: true

1
tests/integration/targets/setup_helm_registry/aliases Normal file
View File

@@ -0,0 +1 @@
disabled

5
tests/integration/targets/setup_helm_registry/defaults/main.yml Normal file
View File

@@ -0,0 +1,5 @@
---
# user: testuser, password: pass123!
registry_credentials: testuser:$2y$05$d8tw6L1hojRFW.FjHOAnIOihJWAvFb0/Pu/30hLbQNJIYzCmlyBCi
registry_name: helm_registry
registry_port: 6035

3
tests/integration/targets/setup_helm_registry/handlers/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
- name: Teardown registry
include_tasks: teardown_registry.yml

32
tests/integration/targets/setup_helm_registry/tasks/main.yml Normal file
View File

@@ -0,0 +1,32 @@
---
- name: Ensure we can talk to docker daemon
ansible.builtin.shell:
cmd: docker ps
- name: Create temporary directory to store file in
tempfile:
state: directory
suffix: .helm_registry
register: _tmpfile
# notify:
# - Teardown registry
- name: Create authentication file
copy:
content: "{{ registry_credentials }}"
dest: "{{ _tmpfile.path }}/htpasswd"
- name: Remove existing registry
ansible.builtin.include_tasks: remove_docker_container.yml
- name: Create registry container
command: >-
docker run -d
-p {{ registry_port }}:5000
--restart=always
--name "{{ registry_name }}"
-v "{{ _tmpfile.path }}:/auth"
-e "REGISTRY_AUTH=htpasswd"
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
registry:2

Some files were not shown because too many files have changed in this diff Show More