k8s module search for kubeconfig on the Ansible Controller

[a-meynard]

SUMMARY

I passed my playbooks from community.kubernetes == 0.11.1 to 1.1.1 and the kubeconfig parameter stopped working correctly. This parameter used to search for kubeconfig on the Ansible Target but it seems that it is now searching for kubeconfig path on the Ansible Controller.

ISSUE TYPE

• Bug Report

COMPONENT NAME

community.kubernetes.k8s

ANSIBLE VERSION

ansible 2.10.3
  config file = /Users/ameynard_ext/Documents/provisioning/ansible.cfg
  configured module search path = ['/Users/ameynard_ext/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.9.0 (default, Nov 21 2020, 14:01:50) [Clang 12.0.0 (clang-1200.0.32.27)]

CONFIGURATION

ANSIBLE_SSH_ARGS(/Users/ameynard_ext/Documents/provisioning/ansible.cfg) = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes
DEFAULT_ROLES_PATH(/Users/ameynard_ext/Documents/provisioning/ansible.cfg) = ['/Users/ameynard_ext/Documents/provisioning/galaxy_roles']
HOST_KEY_CHECKING(/Users/ameynard_ext/Documents/provisioning/ansible.cfg) = False

OS / ENVIRONMENT

• Target OS: CentOS Linux release 7.9.2009 (Core)
• Ansible Controller Python version: Python 3.9.0
• Ansible Target Python version: Python 3.6.8
• Python module installed on target:
  • kubernetes==11.0.0
  • openshift==0.11.2

I use kubernetes==11.0.0 because of issue #314

STEPS TO REPRODUCE

Using this playbook, having the kubeconfig file on remote at path /root/.kube/config with a context called kubernetes-admin@kubernetes.

- hosts: target
  become: yes
  become_user: root
  tasks:
  - name: Test k8s module
    community.kubernetes.k8s:
      api_version: v1
      kind: Namespace
      name: test
      kubeconfig: /root/.kube/config
      context: kubernetes-admin@kubernetes

EXPECTED RESULTS

Create the test namespace by using kubeconfig file from the remote.

ACTUAL RESULTS

The module search for kubeconfig file on the Ansible Controller host (which has no kubeconfig files) so it fails by saying that ansible controller has nos valid kubeconfig file at path /root/.kube/config

TASK [Test k8s module] *********************************************************************************************************************************************************************************************************************
task path: /Users/ameynard_ext/Documents/provisioning/playbook-test.yml:7
<192.168.77.21> ESTABLISH SSH CONNECTION FOR USER: root
<192.168.77.21> SSH: EXEC ssh -vvv -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o 'IdentityFile="local_test/centos7/.vagrant/machines/centos7/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/ameynard_ext/.ansible/cp/ab5c685489 192.168.77.21 '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<192.168.77.21> (0, b'/root\n', b'OpenSSH_8.1p1, LibreSSL 2.7.3\r\ndebug1: Reading configuration data /Users/ameynard_ext/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 47: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 192.168.77.21 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 11297\r\ndebug3: mux_client_request_session: session request sent\r\n/etc/profile.d/lang.sh: line 19: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<192.168.77.21> ESTABLISH SSH CONNECTION FOR USER: root
<192.168.77.21> SSH: EXEC ssh -vvv -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o 'IdentityFile="local_test/centos7/.vagrant/machines/centos7/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/ameynard_ext/.ansible/cp/ab5c685489 192.168.77.21 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1608041283.329916-11304-96783889020305 `" && echo ansible-tmp-1608041283.329916-11304-96783889020305="` echo /root/.ansible/tmp/ansible-tmp-1608041283.329916-11304-96783889020305 `" ) && sleep 0'"'"''
<192.168.77.21> (0, b'ansible-tmp-1608041283.329916-11304-96783889020305=/root/.ansible/tmp/ansible-tmp-1608041283.329916-11304-96783889020305\n', b'OpenSSH_8.1p1, LibreSSL 2.7.3\r\ndebug1: Reading configuration data /Users/ameynard_ext/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 47: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 192.168.77.21 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 11297\r\ndebug3: mux_client_request_session: session request sent\r\n/etc/profile.d/lang.sh: line 19: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<192.168.77.21> ESTABLISH SSH CONNECTION FOR USER: root
<192.168.77.21> SSH: EXEC ssh -vvv -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o 'IdentityFile="local_test/centos7/.vagrant/machines/centos7/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/ameynard_ext/.ansible/cp/ab5c685489 192.168.77.21 '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1608041283.329916-11304-96783889020305/ > /dev/null 2>&1 && sleep 0'"'"''
<192.168.77.21> (0, b'', b'OpenSSH_8.1p1, LibreSSL 2.7.3\r\ndebug1: Reading configuration data /Users/ameynard_ext/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 47: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 192.168.77.21 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 11297\r\ndebug3: mux_client_request_session: session request sent\r\n/etc/profile.d/lang.sh: line 19: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
The full traceback is:
Traceback (most recent call last):
  File "/Users/ameynard_ext/.ansible/collections/ansible_collections/community/kubernetes/plugins/action/k8s.py", line 51, in run
    kubeconfig = self._find_needle('files', kubeconfig)
  File "/usr/local/lib/python3.9/site-packages/ansible/plugins/action/__init__.py", line 1232, in _find_needle
    return self._loader.path_dwim_relative_stack(path_stack, dirname, needle)
  File "/usr/local/lib/python3.9/site-packages/ansible/parsing/dataloader.py", line 327, in path_dwim_relative_stack
    raise AnsibleFileNotFound(file_name=source, paths=[to_native(p) for p in search])
ansible.errors.AnsibleFileNotFound: Could not find or access '/root/.kube/config' on the Ansible Controller.
If you are using a module and expect the file to exist on the remote, see the remote_src option
fatal: [centos7]: FAILED! => {
    "changed": false,
    "msg": "Could not find or access '/root/.kube/config' on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"
}

WORKAROUND

Actually, using this playbook (with environment variable) works fine, but I don't know if this is expected. If this is expected, I think that the documentation should mention that the use of environmental variables implies a different behaviour.

- hosts: target
  become: yes
  become_user: root
  tasks:
  - name: Test k8s module
    environment:
      K8S_AUTH_KUBECONFIG: /root/.kube/config
      K8S_AUTH_CONTEXT: kubernetes-admin@kubernetes
    community.kubernetes.k8s:
      api_version: v1
      kind: Namespace
      name: test

[tima]

@a-meynard We appreciate the feedback. It is not ideal so I wouldn't call it expected. It's more of an overlooked use case in our initial work.

This sounds like issue #307 that was fixed in PR #320. While this functionality has been merged, we haven't made a release with it. That will be coming once we get into the new year.

Is this the same issue as #307 that we can close this or is it something more?

[a-meynard]

Hello @tima

I think my issue is different from #307, but it seems that #320 will solve it
I'll give it a try tomorrow and close this issue if it's solved by the PR :)

[a-meynard]

the bug does not appear when using the main branch. I assume #320 resolves the problem
Thank you @tima I will close this Issue and wait for a new release of this repo (I'm using 1.1.1 right now)