mirror of
https://github.com/ansible-collections/kubernetes.core.git
synced 2026-03-27 05:43:02 +00:00
363 lines
13 KiB
Python
363 lines
13 KiB
Python
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
# (c) 2018, Chris Houseknecht <@chouseknecht>
|
|
# (c) 2021, Aubin Bikouo <@abikouo>
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
from __future__ import absolute_import, division, print_function
|
|
|
|
__metaclass__ = type
|
|
|
|
|
|
DOCUMENTATION = r'''
|
|
|
|
module: k8s
|
|
|
|
short_description: Manage Kubernetes (K8s) objects
|
|
|
|
author:
|
|
- "Chris Houseknecht (@chouseknecht)"
|
|
- "Fabian von Feilitzsch (@fabianvf)"
|
|
|
|
description:
|
|
- Use the OpenShift Python client to perform CRUD operations on K8s objects.
|
|
- Pass the object definition from a source file or inline. See examples for reading
|
|
files and using Jinja templates or vault-encrypted files.
|
|
- Access to the full range of K8s APIs.
|
|
- Use the M(kubernetes.core.k8s_info) module to obtain a list of items about an object of type C(kind)
|
|
- Authenticate using either a config file, certificates, password or token.
|
|
- Supports check mode.
|
|
|
|
extends_documentation_fragment:
|
|
- kubernetes.core.k8s_state_options
|
|
- kubernetes.core.k8s_name_options
|
|
- kubernetes.core.k8s_resource_options
|
|
- kubernetes.core.k8s_auth_options
|
|
- kubernetes.core.k8s_wait_options
|
|
- kubernetes.core.k8s_delete_options
|
|
|
|
notes:
|
|
- If your OpenShift Python library is not 0.9.0 or newer and you are trying to
|
|
remove an item from an associative array/dictionary, for example a label or
|
|
an annotation, you will need to explicitly set the value of the item to be
|
|
removed to `null`. Simply deleting the entry in the dictionary will not
|
|
remove it from openshift or kubernetes.
|
|
|
|
options:
|
|
merge_type:
|
|
description:
|
|
- Whether to override the default patch merge approach with a specific type. By default, the strategic
|
|
merge will typically be used.
|
|
- For example, Custom Resource Definitions typically aren't updatable by the usual strategic merge. You may
|
|
want to use C(merge) if you see "strategic merge patch format is not supported"
|
|
- See U(https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/#use-a-json-merge-patch-to-update-a-deployment)
|
|
- Requires openshift >= 0.6.2
|
|
- If more than one merge_type is given, the merge_types will be tried in order
|
|
- If openshift >= 0.6.2, this defaults to C(['strategic-merge', 'merge']), which is ideal for using the same parameters
|
|
on resource kinds that combine Custom Resources and built-in resources. For openshift < 0.6.2, the default
|
|
is simply C(strategic-merge).
|
|
- mutually exclusive with C(apply)
|
|
choices:
|
|
- json
|
|
- merge
|
|
- strategic-merge
|
|
type: list
|
|
elements: str
|
|
validate:
|
|
description:
|
|
- how (if at all) to validate the resource definition against the kubernetes schema.
|
|
Requires the kubernetes-validate python module and openshift >= 0.8.0
|
|
suboptions:
|
|
fail_on_error:
|
|
description: whether to fail on validation errors.
|
|
type: bool
|
|
version:
|
|
description: version of Kubernetes to validate against. defaults to Kubernetes server version
|
|
type: str
|
|
strict:
|
|
description: whether to fail when passing unexpected properties
|
|
default: True
|
|
type: bool
|
|
type: dict
|
|
append_hash:
|
|
description:
|
|
- Whether to append a hash to a resource name for immutability purposes
|
|
- Applies only to ConfigMap and Secret resources
|
|
- The parameter will be silently ignored for other resource kinds
|
|
- The full definition of an object is needed to generate the hash - this means that deleting an object created with append_hash
|
|
will only work if the same object is passed with state=absent (alternatively, just use state=absent with the name including
|
|
the generated hash and append_hash=no)
|
|
- Requires openshift >= 0.7.2
|
|
default: False
|
|
type: bool
|
|
apply:
|
|
description:
|
|
- C(apply) compares the desired resource definition with the previously supplied resource definition,
|
|
ignoring properties that are automatically generated
|
|
- C(apply) works better with Services than 'force=yes'
|
|
- Requires openshift >= 0.9.2
|
|
- mutually exclusive with C(merge_type)
|
|
default: False
|
|
type: bool
|
|
template:
|
|
description:
|
|
- Provide a valid YAML template definition file for an object when creating or updating.
|
|
- Value can be provided as string or dictionary.
|
|
- Mutually exclusive with C(src) and C(resource_definition).
|
|
- Template files needs to be present on the Ansible Controller's file system.
|
|
- Additional parameters can be specified using dictionary.
|
|
- 'Valid additional parameters - '
|
|
- 'C(newline_sequence) (str): Specify the newline sequence to use for templating files.
|
|
valid choices are "\n", "\r", "\r\n". Default value "\n".'
|
|
- 'C(block_start_string) (str): The string marking the beginning of a block.
|
|
Default value "{%".'
|
|
- 'C(block_end_string) (str): The string marking the end of a block.
|
|
Default value "%}".'
|
|
- 'C(variable_start_string) (str): The string marking the beginning of a print statement.
|
|
Default value "{{".'
|
|
- 'C(variable_end_string) (str): The string marking the end of a print statement.
|
|
Default value "}}".'
|
|
- 'C(trim_blocks) (bool): Determine when newlines should be removed from blocks. When set to C(yes) the first newline
|
|
after a block is removed (block, not variable tag!). Default value is true.'
|
|
- 'C(lstrip_blocks) (bool): Determine when leading spaces and tabs should be stripped.
|
|
When set to C(yes) leading spaces and tabs are stripped from the start of a line to a block.
|
|
This functionality requires Jinja 2.7 or newer. Default value is false.'
|
|
type: raw
|
|
continue_on_error:
|
|
description:
|
|
- Whether to continue on creation/deletion errors when multiple resources are defined.
|
|
- This has no effect on the validation step which is controlled by the C(validate.fail_on_error) parameter.
|
|
type: bool
|
|
default: False
|
|
version_added: 2.0.0
|
|
|
|
requirements:
|
|
- "python >= 2.7"
|
|
- "openshift >= 0.6"
|
|
- "PyYAML >= 3.11"
|
|
- "jsonpatch"
|
|
'''
|
|
|
|
EXAMPLES = r'''
|
|
- name: Create a k8s namespace
|
|
kubernetes.core.k8s:
|
|
name: testing
|
|
api_version: v1
|
|
kind: Namespace
|
|
state: present
|
|
|
|
- name: Create a Service object from an inline definition
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: web
|
|
namespace: testing
|
|
labels:
|
|
app: galaxy
|
|
service: web
|
|
spec:
|
|
selector:
|
|
app: galaxy
|
|
service: web
|
|
ports:
|
|
- protocol: TCP
|
|
targetPort: 8000
|
|
name: port-8000-tcp
|
|
port: 8000
|
|
|
|
- name: Remove an existing Service object
|
|
kubernetes.core.k8s:
|
|
state: absent
|
|
api_version: v1
|
|
kind: Service
|
|
namespace: testing
|
|
name: web
|
|
|
|
# Passing the object definition from a file
|
|
|
|
- name: Create a Deployment by reading the definition from a local file
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
src: /testing/deployment.yml
|
|
|
|
- name: >-
|
|
Read definition file from the Ansible controller file system.
|
|
If the definition file has been encrypted with Ansible Vault it will automatically be decrypted.
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition: "{{ lookup('file', '/testing/deployment.yml') | from_yaml }}"
|
|
|
|
- name: Read definition template file from the Ansible controller file system
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
template: '/testing/deployment.j2'
|
|
|
|
- name: Read definition template file from the Ansible controller file system that uses custom start/end strings
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
template:
|
|
path: '/testing/deployment.j2'
|
|
variable_start_string: '[['
|
|
variable_end_string: ']]'
|
|
|
|
- name: fail on validation errors
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition: "{{ lookup('template', '/testing/deployment.yml') | from_yaml }}"
|
|
validate:
|
|
fail_on_error: yes
|
|
|
|
- name: warn on validation errors, check for unexpected properties
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition: "{{ lookup('template', '/testing/deployment.yml') | from_yaml }}"
|
|
validate:
|
|
fail_on_error: no
|
|
strict: yes
|
|
|
|
# Download and apply manifest
|
|
- name: Download metrics-server manifest to the cluster.
|
|
ansible.builtin.get_url:
|
|
url: https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
|
|
dest: ~/metrics-server.yaml
|
|
mode: '0664'
|
|
|
|
- name: Apply metrics-server manifest to the cluster.
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
src: ~/metrics-server.yaml
|
|
|
|
# Wait for a Deployment to pause before continuing
|
|
- name: Pause a Deployment.
|
|
kubernetes.core.k8s:
|
|
definition:
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: example
|
|
namespace: testing
|
|
spec:
|
|
paused: True
|
|
wait: yes
|
|
wait_condition:
|
|
type: Progressing
|
|
status: Unknown
|
|
reason: DeploymentPaused
|
|
'''
|
|
|
|
RETURN = r'''
|
|
result:
|
|
description:
|
|
- The created, patched, or otherwise present object. Will be empty in the case of a deletion.
|
|
returned: success
|
|
type: complex
|
|
contains:
|
|
api_version:
|
|
description: The versioned schema of this representation of an object.
|
|
returned: success
|
|
type: str
|
|
kind:
|
|
description: Represents the REST resource this object represents.
|
|
returned: success
|
|
type: str
|
|
metadata:
|
|
description: Standard object metadata. Includes name, namespace, annotations, labels, etc.
|
|
returned: success
|
|
type: complex
|
|
spec:
|
|
description: Specific attributes of the object. Will vary based on the I(api_version) and I(kind).
|
|
returned: success
|
|
type: complex
|
|
status:
|
|
description: Current status details for the object.
|
|
returned: success
|
|
type: complex
|
|
items:
|
|
description: Returned only when multiple yaml documents are passed to src or resource_definition
|
|
returned: when resource_definition or src contains list of objects
|
|
type: list
|
|
duration:
|
|
description: elapsed time of task in seconds
|
|
returned: when C(wait) is true
|
|
type: int
|
|
sample: 48
|
|
error:
|
|
description: error while trying to create/delete the object.
|
|
returned: error
|
|
type: complex
|
|
'''
|
|
|
|
import copy
|
|
|
|
from ansible_collections.kubernetes.core.plugins.module_utils.ansiblemodule import AnsibleModule
|
|
from ansible_collections.kubernetes.core.plugins.module_utils.args_common import (
|
|
AUTH_ARG_SPEC, WAIT_ARG_SPEC, NAME_ARG_SPEC, COMMON_ARG_SPEC, RESOURCE_ARG_SPEC, DELETE_OPTS_ARG_SPEC)
|
|
|
|
|
|
def validate_spec():
|
|
return dict(
|
|
fail_on_error=dict(type='bool'),
|
|
version=dict(),
|
|
strict=dict(type='bool', default=True)
|
|
)
|
|
|
|
|
|
def argspec():
|
|
argument_spec = copy.deepcopy(COMMON_ARG_SPEC)
|
|
argument_spec.update(copy.deepcopy(NAME_ARG_SPEC))
|
|
argument_spec.update(copy.deepcopy(RESOURCE_ARG_SPEC))
|
|
argument_spec.update(copy.deepcopy(AUTH_ARG_SPEC))
|
|
argument_spec.update(copy.deepcopy(WAIT_ARG_SPEC))
|
|
argument_spec['merge_type'] = dict(type='list', elements='str', choices=['json', 'merge', 'strategic-merge'])
|
|
argument_spec['validate'] = dict(type='dict', default=None, options=validate_spec())
|
|
argument_spec['append_hash'] = dict(type='bool', default=False)
|
|
argument_spec['apply'] = dict(type='bool', default=False)
|
|
argument_spec['template'] = dict(type='raw', default=None)
|
|
argument_spec['delete_options'] = dict(type='dict', default=None, options=copy.deepcopy(DELETE_OPTS_ARG_SPEC))
|
|
argument_spec['continue_on_error'] = dict(type='bool', default=False)
|
|
return argument_spec
|
|
|
|
|
|
def execute_module(module, k8s_ansible_mixin):
|
|
k8s_ansible_mixin.module = module
|
|
k8s_ansible_mixin.argspec = module.argument_spec
|
|
k8s_ansible_mixin.check_mode = k8s_ansible_mixin.module.check_mode
|
|
k8s_ansible_mixin.params = k8s_ansible_mixin.module.params
|
|
k8s_ansible_mixin.fail_json = k8s_ansible_mixin.module.fail_json
|
|
k8s_ansible_mixin.fail = k8s_ansible_mixin.module.fail_json
|
|
k8s_ansible_mixin.exit_json = k8s_ansible_mixin.module.exit_json
|
|
k8s_ansible_mixin.warnings = []
|
|
|
|
k8s_ansible_mixin.kind = k8s_ansible_mixin.params.get('kind')
|
|
k8s_ansible_mixin.api_version = k8s_ansible_mixin.params.get('api_version')
|
|
k8s_ansible_mixin.name = k8s_ansible_mixin.params.get('name')
|
|
k8s_ansible_mixin.namespace = k8s_ansible_mixin.params.get('namespace')
|
|
|
|
k8s_ansible_mixin.check_library_version()
|
|
k8s_ansible_mixin.set_resource_definitions(module)
|
|
k8s_ansible_mixin.execute_module()
|
|
|
|
|
|
def main():
|
|
mutually_exclusive = [
|
|
('resource_definition', 'src'),
|
|
('merge_type', 'apply'),
|
|
('template', 'resource_definition'),
|
|
('template', 'src'),
|
|
]
|
|
module = AnsibleModule(argument_spec=argspec(), mutually_exclusive=mutually_exclusive, supports_check_mode=True)
|
|
from ansible_collections.kubernetes.core.plugins.module_utils.common import (
|
|
K8sAnsibleMixin, get_api_client)
|
|
|
|
k8s_ansible_mixin = K8sAnsibleMixin(module)
|
|
k8s_ansible_mixin.client = get_api_client(module=module)
|
|
execute_module(module, k8s_ansible_mixin)
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|