Manages Kubernetes resources based on a set of manifest templates
The kube-resource role implements the principles of immutable configmaps and secrets as presented at AnsibleFest 2018
- openshift 0.8.2
- kubernetes-validate (only needed if
kube_resource_validation_options
is set - jmespath (only needed if
kube_resource_set_owner
is set)
-
kube_resource_namespace
- namespace in which to create resources -
kube_resource_create_namespace
- whether to create the namespace (defaults toFalse
) -
kube_resource_name
- name of resource being managed -
kube_resource_configmaps
- a dict of ConfigMaps, mapping a reference name to a ConfigMap definition -
kube_resource_manifest_files
- a list of resource definition template file names -
kube_resource_secrets
- a dict of Secrets, mapping a reference name to a Secret definition -
kube_resource_secrets_files
- a list of Secret definition template file names -
kube_resource_UNSAFE_show_logs
- whether to show the logs when working with secrets. Defaults tono
. For use when troubleshooting problems with secret definitions. -
kube_resource_set_owner
- set owners of configmaps and secrets to the replicaset belonging to the resource (defaultno
). Works only if the replicaset is named the same askube_resource_name
and if the configmaps and secrets are labelled with the label referred to bykube_resource_prefix_label
. e.gkind: ConfigMap metadata: name: "{{ kube_resource_name }}-env" namespace: "{{ kube_resource_namespace }}" labels: kube_resource_prefix: "{{ kube_resource_name }}-env"
This feature is currently experimental (it works in the test suite).
-
kube_resource_prefix_label
- name of label that allows all configmaps of a particular type (e.g. the environment variable configmap) for a particular resource to be found. Defaults tokube_resource_prefix
-
kube_resource_validate_options
- how to validate Kubernetes resources. Defaults to an empty dict, disabling validation. A sensible setting is:kube_resource_validate_options: strict: yes fail_on_error: yes
-
kube_resource_wait
- whether to wait for resources to reach their desired state (defaultno
) -
kube_resource_wait_timeout
- how long to wait in seconds for resources ifkube_resource_wait
is on (default 120) -
kube_resource_deployments_api
- only needed ifkube_resource_set_owner
is set toyes
. Defaults toapps/v1
- might need to beapps/v1beta2
orextensions/v1beta1
for older Kubernetes versions
None
kube_resource_configmaps:
my-resource-env: "{{ lookup('template', template_dir + '/my-resource-env.j2') }}"
kube_resource_manifest_files: "{{ lookup('fileglob', template_dir + '/*manifest.yml') }}"
- hosts: "{{ application }}-{{ env }}-runner"
roles:
- kube-resource
The molecule/default directory now contains a working playbook and inventory suitable for running on Kubernetes for Docker
The role comes with a molecule test suite that should work against any reasonable Kubernetes implementation (it has been tested against Kubernetes for Docker)
K8S_AUTH_CONTEXT=docker-for-desktop molecule test
This module relies on functionality of Ansible that won't be released until Ansible 2.8 in mid 2019. The functionality has been included in this role, but will need to be removed once 2.8 is released. As such, the role will be available by Ansible version.
Versions will be tagged v2.7-x
where x
is the release number of the role for version 2.7, with
a parallel v2.8-y
version for use with Ansible 2.8 (or ansible devel branch before then)
This role contains modules and filters from the Ansible project and thus inherit Ansible's license
GPL 3
Will Thames (@willthames)