Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modify a ConfigMap value with k8s_json_patch #566

Closed
jgagnon44 opened this issue Jan 13, 2023 · 4 comments
Closed

Modify a ConfigMap value with k8s_json_patch #566

jgagnon44 opened this issue Jan 13, 2023 · 4 comments
Labels
type/question Further information is requested

Comments

@jgagnon44
Copy link

SUMMARY

Getting "422 - Unprocessable Entity" when attempting to modify ConfigMap.

I am wondering if the issue is related to the unique representation of the ConfigMap data. I am not sure if I using the correct path to the element of interest.

For example, the ConfigMap I'm attempting to modify, appears as follows when rendered as JSON:

{
    "apiVersion": "v1",
    "data": {
        "config.conf": "apiVersion: kubeproxy.config.k8s.io/v1alpha1\nbindAddress: 0.0.0.0\nbindAddressHardFail: false\nclientConnection:\n  acceptContentTypes: \"\"\n  burst: 0\n  contentType: \"\"\n  kubeconfig: /var/lib/kube-proxy/kubeconfig.conf\n  qps: 0\nclusterCIDR: \"\"\nconfigSyncPeriod: 0s\nconntrack:\n  maxPerCore: null\n  min: null\n  tcpCloseWaitTimeout: null\n  tcpEstablishedTimeout: null\ndetectLocal:\n  bridgeInterface: \"\"\n  interfaceNamePrefix: \"\"\ndetectLocalMode: \"\"\nenableProfiling: false\nhealthzBindAddress: \"\"\nhostnameOverride: \"\"\niptables:\n  masqueradeAll: false\n  masqueradeBit: null\n  minSyncPeriod: 0s\n  syncPeriod: 0s\nipvs:\n  excludeCIDRs: null\n  minSyncPeriod: 0s\n  scheduler: \"\"\n  strictARP: false\n  syncPeriod: 0s\n  tcpFinTimeout: 0s\n  tcpTimeout: 0s\n  udpTimeout: 0s\nkind: KubeProxyConfiguration\nmetricsBindAddress: 0.0.0.0\nmode: \"\"\nnodePortAddresses: null\noomScoreAdj: null\nportRange: \"\"\nshowHiddenMetricsForVersion: \"\"\nudpIdleTimeout: 0s\nwinkernel:\n  enableDSR: false\n  forwardHealthCheckVip: false\n  networkName: \"\"\n  rootHnsEndpointName: \"\"\n  sourceVip: \"\"",
        "kubeconfig.conf": "apiVersion: v1\nkind: Config\nclusters:\n- cluster:\n    certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n    server: https://172.20.8.68:6443\n  name: default\ncontexts:\n- context:\n    cluster: default\n    namespace: default\n    user: default\n  name: default\ncurrent-context: default\nusers:\n- name: default\n  user:\n    tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token"
    },
    "kind": "ConfigMap",
    "metadata": {
        "annotations": {
            "kubeadm.kubernetes.io/component-config.hash": "sha256:aa87680dfe2321f98df103555d18d439916b19e0bf23bd0f98bb3e27c5adfc08"
        },
        "creationTimestamp": "2022-08-22T12:08:21Z",
        "labels": {
            "app": "kube-proxy"
        },
        "name": "kube-proxy",
        "namespace": "kube-system",
        "resourceVersion": "21706920",
        "uid": "97594de0-5aaa-4ea0-bd8c-a2f5fb357be7"
    }
}
ISSUE TYPE
  • Bug Report
COMPONENT NAME

kubernetes.core.k8s_json_patch

ANSIBLE VERSION
ansible [core 2.14.1]
  config file = /play-config/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.10/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.10.9 (main, Dec 10 2022, 13:54:12) [GCC 11.2.1 20220219] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True
COLLECTION VERSION
# /usr/lib/python3.10/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    5.1.0
ansible.netcommon             4.1.0
ansible.posix                 1.4.0
ansible.utils                 2.8.0
ansible.windows               1.12.0
arista.eos                    6.0.0
awx.awx                       21.10.0
azure.azcollection            1.14.0
check_point.mgmt              4.0.0
chocolatey.chocolatey         1.3.1
cisco.aci                     2.3.0
cisco.asa                     4.0.0
cisco.dnac                    6.6.1
cisco.intersight              1.0.22
cisco.ios                     4.0.0
cisco.iosxr                   4.0.3
cisco.ise                     2.5.9
cisco.meraki                  2.13.0
cisco.mso                     2.1.0
cisco.nso                     1.0.3
cisco.nxos                    4.0.1
cisco.ucs                     1.8.0
cloud.common                  2.1.2
cloudscale_ch.cloud           2.2.3
community.aws                 5.0.0
community.azure               2.0.0
community.ciscosmb            1.0.5
community.crypto              2.9.0
community.digitalocean        1.22.0
community.dns                 2.4.2
community.docker              3.3.1
community.fortios             1.0.0
community.general             6.1.0
community.google              1.0.0
community.grafana             1.5.3
community.hashi_vault         4.0.0
community.hrobot              1.6.0
community.libvirt             1.2.0
community.mongodb             1.4.2
community.mysql               3.5.1
community.network             5.0.0
community.okd                 2.2.0
community.postgresql          2.3.1
community.proxysql            1.4.0
community.rabbitmq            1.2.3
community.routeros            2.5.0
community.sap                 1.0.0
community.sap_libs            1.4.0
community.skydive             1.0.0
community.sops                1.5.0
community.vmware              3.2.0
community.windows             1.11.1
community.zabbix              1.9.0
containers.podman             1.10.1
cyberark.conjur               1.2.0
cyberark.pas                  1.0.14
dellemc.enterprise_sonic      2.0.0
dellemc.openmanage            6.3.0
dellemc.os10                  1.1.1
dellemc.os6                   1.0.7
dellemc.os9                   1.0.4
f5networks.f5_modules         1.21.0
fortinet.fortimanager         2.1.7
fortinet.fortios              2.2.1
frr.frr                       2.0.0
gluster.gluster               1.0.2
google.cloud                  1.0.2
grafana.grafana               1.1.0
hetzner.hcloud                1.9.0
hpe.nimble                    1.1.4
ibm.qradar                    2.1.0
ibm.spectrum_virtualize       1.10.0
infinidat.infinibox           1.3.12
infoblox.nios_modules         1.4.1
inspur.ispim                  1.2.0
inspur.sm                     2.3.0
junipernetworks.junos         4.1.0
kubernetes.core               2.3.2
lowlydba.sqlserver            1.2.1
mellanox.onyx                 1.0.0
netapp.aws                    21.7.0
netapp.azure                  21.10.0
netapp.cloudmanager           21.21.0
netapp.elementsw              21.7.0
netapp.ontap                  22.0.1
netapp.storagegrid            21.11.1
netapp.um_info                21.8.0
netapp_eseries.santricity     1.3.1
netbox.netbox                 3.9.0
ngine_io.cloudstack           2.3.0
ngine_io.exoscale             1.0.0
ngine_io.vultr                1.1.2
openstack.cloud               1.10.0
openvswitch.openvswitch       2.1.0
ovirt.ovirt                   2.4.1
purestorage.flasharray        1.15.0
purestorage.flashblade        1.10.0
purestorage.fusion            1.2.0
sensu.sensu_go                1.13.1
splunk.es                     2.1.0
t_systems_mms.icinga_director 1.31.4
theforeman.foreman            3.7.0
vmware.vmware_rest            2.2.0
vultr.cloud                   1.3.1
vyos.vyos                     4.0.0
wti.remote                    1.0.4
CONFIGURATION
CACHE_PLUGIN(/play-config/ansible.cfg) = jsonfile
CACHE_PLUGIN_CONNECTION(/play-config/ansible.cfg) = .ansible_cache
CACHE_PLUGIN_TIMEOUT(/play-config/ansible.cfg) = 86400
CONFIG_FILE() = /play-config/ansible.cfg
DEFAULT_ASK_PASS(/play-config/ansible.cfg) = True
DEFAULT_BECOME_ASK_PASS(/play-config/ansible.cfg) = True
DEFAULT_BECOME_METHOD(/play-config/ansible.cfg) = sudo
DEFAULT_GATHERING(/play-config/ansible.cfg) = smart
DEFAULT_HOST_LIST(/play-config/ansible.cfg) = ['/play-config/gagnon-inventory.yaml']
DEFAULT_TIMEOUT(/play-config/ansible.cfg) = 30
DEFAULT_TRANSPORT(/play-config/ansible.cfg) = paramiko
HOST_KEY_CHECKING(/play-config/ansible.cfg) = False
INTERPRETER_PYTHON(/play-config/ansible.cfg) = /usr/bin/python3
TAGS_SKIP(/play-config/ansible.cfg) = ['never', 'set_to_skip_in_ansible_cfg']
OS / ENVIRONMENT

"Launch" computer:
Windows 11 21H2, OS build: 22000.1455

Ansible "node":
Docker image: cytopia/ansible:latest-tools
Linux ec1303bf69ab 5.10.104-linuxkit #1 SMP Thu Mar 17 17:08:06 UTC 2022 x86_64 Linux

Kubernetes node (control plane):
Linux gagnon-m1 5.4.0-126-generic #142-Ubuntu SMP Fri Aug 26 12:12:57 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

STEPS TO REPRODUCE

This is being run via a Docker image that contains an Ansible installation. I am running the container and then inside the container, running the playbook. The commands below summarize the process.

docker run --rm -it -e ANSIBLE_CONFIG=/play-config/ansible.cfg -e K8S_AUTH_KUBECONFIG=/home/jgagnon/.kube/config -e K8S_AUTH_CONTEXT=kubernetes-admin@kubernetes -v "C:\Users\jgagnon\gagnon-test\local-kube-prometheus-stack\ansible":/play-config cytopia/ansible:latest-tools

In the container:

ansible-playbook /play-config/playbook-arc-control-plane.yaml -u jgagnon -vvv

- name: "Make kube-proxy visible to Prometheus"
  hosts: control_planes

  become_user: root
  become: true

  tasks:
    - name: "Install pip"
      shell:
        cmd: "apt-get install -y python3-pip"

    - name: "Install jsonpatch"
      shell:
        cmd: "apt-get install -y python3-jsonpatch"

    - name: "Install kubernetes Ansible module"
      pip:
        name:
          kubernetes

    - debug:
        var: lookup('env', 'K8S_AUTH_KUBECONFIG')
    - debug:
        var: lookup('env', 'K8S_AUTH_CONTEXT')

    - name: "Patch kube-proxy ConfigMap metricsBindAddress"
      kubernetes.core.k8s_json_patch:
        kind: ConfigMap
        name: kube-proxy
        namespace: kube-system
        context: "{{ lookup('env', 'K8S_AUTH_CONTEXT') }}"
        kubeconfig: "{{ lookup('env', 'K8S_AUTH_KUBECONFIG') }}"
        patch:
          - op: replace
            path: /data/config.conf/metricsBindAddress
            value: 0.0.0.0
EXPECTED RESULTS

The metricsBindAddress in the config.conf entry in the ConfigMap data to be changed to 0.0.0.0.

ACTUAL RESULTS
PLAY [Make kube-proxy visible to Prometheus] ***************************************************************************************************

TASK [Install pip] *****************************************************************************************************************************
task path: /play-config/playbook-arc-control-plane.yaml:167
<172.20.8.68> ESTABLISH PARAMIKO SSH CONNECTION FOR USER: jgagnon on PORT 22 TO 172.20.8.68
<172.20.8.68> EXEC /bin/sh -c 'echo ~jgagnon && sleep 0'
<172.20.8.68> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/jgagnon/.ansible/tmp `"&& mkdir "` echo /home/jgagnon/.ansible/tmp/ansible-tmp-1673627363.3019648-63-49144126121956 `" && echo ansible-tmp-1673627363.3019648-63-49144126121956="` echo /home/jgagnon/.ansible/tmp/ansible-tmp-1673627363.3019648-63-49144126121956 `" ) && sleep 0'
Using module file /usr/lib/python3.10/site-packages/ansible/modules/command.py
<172.20.8.68> PUT /root/.ansible/tmp/ansible-local-13xq0p_zjl/tmp6wxd9om2 TO /home/jgagnon/.ansible/tmp/ansible-tmp-1673627363.3019648-63-49144126121956/AnsiballZ_command.py
<172.20.8.68> EXEC /bin/sh -c 'chmod u+x /home/jgagnon/.ansible/tmp/ansible-tmp-1673627363.3019648-63-49144126121956/ /home/jgagnon/.ansible/tmp/ansible-tmp-1673627363.3019648-63-49144126121956/AnsiballZ_command.py && sleep 0'
<172.20.8.68> EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=ytqwkbmpzmaelxqixdqdignzfmidksrh] password:" -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-ytqwkbmpzmaelxqixdqdignzfmidksrh ; /usr/bin/python3 /home/jgagnon/.ansible/tmp/ansible-tmp-1673627363.3019648-63-49144126121956/AnsiballZ_command.py'"'"' && sleep 0'
<172.20.8.68> EXEC /bin/sh -c 'rm -f -r /home/jgagnon/.ansible/tmp/ansible-tmp-1673627363.3019648-63-49144126121956/ > /dev/null 2>&1 && sleep 0'
changed: [gagnon-m1] => {
    "changed": true,
    "cmd": "apt-get install -y python3-pip",
    "delta": "0:00:00.510044",
    "end": "2023-01-13 16:29:24.065183",
    "invocation": {
        "module_args": {
            "_raw_params": "apt-get install -y python3-pip",
            "_uses_shell": true,
            "argv": null,
            "chdir": null,
            "creates": null,
            "executable": null,
            "removes": null,
            "stdin": null,
            "stdin_add_newline": true,
            "strip_empty_ends": true
        }
    },
    "msg": "",
    "rc": 0,
    "start": "2023-01-13 16:29:23.555139",
    "stderr": "",
    "stderr_lines": [],
    "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\npython3-pip is already the newest version (20.0.2-5ubuntu1.6).\n0 upgraded, 0 newly installed, 0 to remove and 110 not upgraded.",
    "stdout_lines": [
        "Reading package lists...",
        "Building dependency tree...",
        "Reading state information...",
        "python3-pip is already the newest version (20.0.2-5ubuntu1.6).",
        "0 upgraded, 0 newly installed, 0 to remove and 110 not upgraded."
    ]
}

TASK [Install jsonpatch] ***********************************************************************************************************************
task path: /play-config/playbook-arc-control-plane.yaml:171
<172.20.8.68> ESTABLISH PARAMIKO SSH CONNECTION FOR USER: jgagnon on PORT 22 TO 172.20.8.68
<172.20.8.68> EXEC /bin/sh -c 'echo ~jgagnon && sleep 0'
<172.20.8.68> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/jgagnon/.ansible/tmp `"&& mkdir "` echo /home/jgagnon/.ansible/tmp/ansible-tmp-1673627364.5502672-67-151879004558417 `" && echo ansible-tmp-1673627364.5502672-67-151879004558417="` echo /home/jgagnon/.ansible/tmp/ansible-tmp-1673627364.5502672-67-151879004558417 `" ) && sleep 0'
Using module file /usr/lib/python3.10/site-packages/ansible/modules/command.py
<172.20.8.68> PUT /root/.ansible/tmp/ansible-local-13xq0p_zjl/tmpn4khinuq TO /home/jgagnon/.ansible/tmp/ansible-tmp-1673627364.5502672-67-151879004558417/AnsiballZ_command.py
<172.20.8.68> EXEC /bin/sh -c 'chmod u+x /home/jgagnon/.ansible/tmp/ansible-tmp-1673627364.5502672-67-151879004558417/ /home/jgagnon/.ansible/tmp/ansible-tmp-1673627364.5502672-67-151879004558417/AnsiballZ_command.py && sleep 0'
<172.20.8.68> EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=lljfzsvfvvupwpioopwhwuunmdvuojrr] password:" -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-lljfzsvfvvupwpioopwhwuunmdvuojrr ; /usr/bin/python3 /home/jgagnon/.ansible/tmp/ansible-tmp-1673627364.5502672-67-151879004558417/AnsiballZ_command.py'"'"' && sleep 0'
<172.20.8.68> EXEC /bin/sh -c 'rm -f -r /home/jgagnon/.ansible/tmp/ansible-tmp-1673627364.5502672-67-151879004558417/ > /dev/null 2>&1 && sleep 0'
changed: [gagnon-m1] => {
    "changed": true,
    "cmd": "apt-get install -y python3-jsonpatch",
    "delta": "0:00:00.538495",
    "end": "2023-01-13 16:29:25.233121",
    "invocation": {
        "module_args": {
            "_raw_params": "apt-get install -y python3-jsonpatch",
            "_uses_shell": true,
            "argv": null,
            "chdir": null,
            "creates": null,
            "executable": null,
            "removes": null,
            "stdin": null,
            "stdin_add_newline": true,
            "strip_empty_ends": true
        }
    },
    "msg": "",
    "rc": 0,
    "start": "2023-01-13 16:29:24.694626",
    "stderr": "",
    "stderr_lines": [],
    "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\npython3-jsonpatch is already the newest version (1.23-3).\n0 upgraded, 0 newly installed, 0 to remove and 110 not upgraded.",
    "stdout_lines": [
        "Reading package lists...",
        "Building dependency tree...",
        "Reading state information...",
        "python3-jsonpatch is already the newest version (1.23-3).",
        "0 upgraded, 0 newly installed, 0 to remove and 110 not upgraded."
    ]
}

TASK [Install kubernetes Ansible module] *******************************************************************************************************
task path: /play-config/playbook-arc-control-plane.yaml:175
<172.20.8.68> ESTABLISH PARAMIKO SSH CONNECTION FOR USER: jgagnon on PORT 22 TO 172.20.8.68
<172.20.8.68> EXEC /bin/sh -c 'echo ~jgagnon && sleep 0'
<172.20.8.68> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/jgagnon/.ansible/tmp `"&& mkdir "` echo /home/jgagnon/.ansible/tmp/ansible-tmp-1673627365.6894112-71-227391649567635 `" && echo ansible-tmp-1673627365.6894112-71-227391649567635="` echo /home/jgagnon/.ansible/tmp/ansible-tmp-1673627365.6894112-71-227391649567635 `" ) && sleep 0'
Using module file /usr/lib/python3.10/site-packages/ansible/modules/pip.py
<172.20.8.68> PUT /root/.ansible/tmp/ansible-local-13xq0p_zjl/tmpsod0r3pa TO /home/jgagnon/.ansible/tmp/ansible-tmp-1673627365.6894112-71-227391649567635/AnsiballZ_pip.py
<172.20.8.68> EXEC /bin/sh -c 'chmod u+x /home/jgagnon/.ansible/tmp/ansible-tmp-1673627365.6894112-71-227391649567635/ /home/jgagnon/.ansible/tmp/ansible-tmp-1673627365.6894112-71-227391649567635/AnsiballZ_pip.py && sleep 0'
<172.20.8.68> EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=pvfmqhmjlklkkocqrrqoiwdyxroyqrmf] password:" -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-pvfmqhmjlklkkocqrrqoiwdyxroyqrmf ; /usr/bin/python3 /home/jgagnon/.ansible/tmp/ansible-tmp-1673627365.6894112-71-227391649567635/AnsiballZ_pip.py'"'"' && sleep 0'
<172.20.8.68> EXEC /bin/sh -c 'rm -f -r /home/jgagnon/.ansible/tmp/ansible-tmp-1673627365.6894112-71-227391649567635/ > /dev/null 2>&1 && sleep 0'
ok: [gagnon-m1] => {
    "changed": false,
    "cmd": [
        "/usr/bin/python3",
        "-m",
        "pip.__main__",
        "install",
        "kubernetes"
    ],
    "invocation": {
        "module_args": {
            "chdir": null,
            "editable": false,
            "executable": null,
            "extra_args": null,
            "name": [
                "kubernetes"
            ],
            "requirements": null,
            "state": "present",
            "umask": null,
            "version": null,
            "virtualenv": null,
            "virtualenv_command": "virtualenv",
            "virtualenv_python": null,
            "virtualenv_site_packages": false
        }
    },
    "name": [
        "kubernetes"
    ],
    "requirements": null,
    "state": "present",
    "stderr": "",
    "stderr_lines": [],
    "stdout": "Requirement already satisfied: kubernetes in /usr/local/lib/python3.8/dist-packages (25.3.0)\nRequirement already satisfied: certifi>=14.05.14 in /usr/lib/python3/dist-packages (from kubernetes) (2019.11.28)\nRequirement already satisfied: urllib3>=1.24.2 in /usr/lib/python3/dist-packages (from kubernetes) (1.25.8)\nRequirement already satisfied: requests-oauthlib in /usr/local/lib/python3.8/dist-packages (from kubernetes) (1.3.1)\nRequirement already satisfied: requests in /usr/lib/python3/dist-packages (from kubernetes) (2.22.0)\nRequirement already satisfied: six>=1.9.0 in /usr/lib/python3/dist-packages (from kubernetes) (1.14.0)\nRequirement already satisfied: websocket-client!=0.40.0,!=0.41.*,!=0.42.*,>=0.32.0 in /usr/local/lib/python3.8/dist-packages (from kubernetes) (1.4.2)\nRequirement already satisfied: setuptools>=21.0.0 in /usr/lib/python3/dist-packages (from kubernetes) (45.2.0)\nRequirement already satisfied: google-auth>=1.0.1 in /usr/local/lib/python3.8/dist-packages (from kubernetes) (2.16.0)\nRequirement already satisfied: python-dateutil>=2.5.3 in /usr/local/lib/python3.8/dist-packages (from kubernetes) (2.8.2)\nRequirement already satisfied: pyyaml>=5.4.1 in /usr/local/lib/python3.8/dist-packages (from kubernetes) (6.0)\nRequirement already satisfied: oauthlib>=3.0.0 in /usr/lib/python3/dist-packages (from requests-oauthlib->kubernetes) (3.1.0)\nRequirement already satisfied: cachetools<6.0,>=2.0.0 in /usr/local/lib/python3.8/dist-packages (from google-auth>=1.0.1->kubernetes) (5.2.1)\nRequirement already satisfied: rsa<5,>=3.1.4; python_version >= \"3.6\" in /usr/local/lib/python3.8/dist-packages (from google-auth>=1.0.1->kubernetes) (4.9)\nRequirement already satisfied: pyasn1-modules>=0.2.1 in /usr/lib/python3/dist-packages (from google-auth>=1.0.1->kubernetes) (0.2.1)\nRequirement already satisfied: pyasn1>=0.1.3 in /usr/lib/python3/dist-packages (from rsa<5,>=3.1.4; python_version >= \"3.6\"->google-auth>=1.0.1->kubernetes) (0.4.2)\n",
    "stdout_lines": [
        "Requirement already satisfied: kubernetes in /usr/local/lib/python3.8/dist-packages (25.3.0)",
        "Requirement already satisfied: certifi>=14.05.14 in /usr/lib/python3/dist-packages (from kubernetes) (2019.11.28)",
        "Requirement already satisfied: urllib3>=1.24.2 in /usr/lib/python3/dist-packages (from kubernetes) (1.25.8)",
        "Requirement already satisfied: requests-oauthlib in /usr/local/lib/python3.8/dist-packages (from kubernetes) (1.3.1)",
        "Requirement already satisfied: requests in /usr/lib/python3/dist-packages (from kubernetes) (2.22.0)",
        "Requirement already satisfied: six>=1.9.0 in /usr/lib/python3/dist-packages (from kubernetes) (1.14.0)",
        "Requirement already satisfied: websocket-client!=0.40.0,!=0.41.*,!=0.42.*,>=0.32.0 in /usr/local/lib/python3.8/dist-packages (from kubernetes) (1.4.2)",
        "Requirement already satisfied: setuptools>=21.0.0 in /usr/lib/python3/dist-packages (from kubernetes) (45.2.0)",
        "Requirement already satisfied: google-auth>=1.0.1 in /usr/local/lib/python3.8/dist-packages (from kubernetes) (2.16.0)",
        "Requirement already satisfied: python-dateutil>=2.5.3 in /usr/local/lib/python3.8/dist-packages (from kubernetes) (2.8.2)",
        "Requirement already satisfied: pyyaml>=5.4.1 in /usr/local/lib/python3.8/dist-packages (from kubernetes) (6.0)",
        "Requirement already satisfied: oauthlib>=3.0.0 in /usr/lib/python3/dist-packages (from requests-oauthlib->kubernetes) (3.1.0)",
        "Requirement already satisfied: cachetools<6.0,>=2.0.0 in /usr/local/lib/python3.8/dist-packages (from google-auth>=1.0.1->kubernetes) (5.2.1)",
        "Requirement already satisfied: rsa<5,>=3.1.4; python_version >= \"3.6\" in /usr/local/lib/python3.8/dist-packages (from google-auth>=1.0.1->kubernetes) (4.9)",
        "Requirement already satisfied: pyasn1-modules>=0.2.1 in /usr/lib/python3/dist-packages (from google-auth>=1.0.1->kubernetes) (0.2.1)",
        "Requirement already satisfied: pyasn1>=0.1.3 in /usr/lib/python3/dist-packages (from rsa<5,>=3.1.4; python_version >= \"3.6\"->google-auth>=1.0.1->kubernetes) (0.4.2)"
    ],
    "version": null,
    "virtualenv": null
}

TASK [debug] ***********************************************************************************************************************************
task path: /play-config/playbook-arc-control-plane.yaml:180
ok: [gagnon-m1] => {
    "lookup('env', 'K8S_AUTH_KUBECONFIG')": "/home/jgagnon/.kube/config"
}

TASK [debug] ***********************************************************************************************************************************
task path: /play-config/playbook-arc-control-plane.yaml:182
ok: [gagnon-m1] => {
    "lookup('env', 'K8S_AUTH_CONTEXT')": "kubernetes-admin@kubernetes"
}

TASK [Patch kube-proxy ConfigMap metricsBindAddress] *******************************************************************************************
task path: /play-config/playbook-arc-control-plane.yaml:185
<172.20.8.68> ESTABLISH PARAMIKO SSH CONNECTION FOR USER: jgagnon on PORT 22 TO 172.20.8.68
<172.20.8.68> EXEC /bin/sh -c 'echo ~jgagnon && sleep 0'
<172.20.8.68> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/jgagnon/.ansible/tmp `"&& mkdir "` echo /home/jgagnon/.ansible/tmp/ansible-tmp-1673627367.5772753-79-56987276901864 `" && echo ansible-tmp-1673627367.5772753-79-56987276901864="` echo /home/jgagnon/.ansible/tmp/ansible-tmp-1673627367.5772753-79-56987276901864 `" ) && sleep 0'
Loading collection cloud.common from /usr/lib/python3.10/site-packages/ansible_collections/cloud/common
Using module file /usr/lib/python3.10/site-packages/ansible_collections/kubernetes/core/plugins/modules/k8s_json_patch.py
<172.20.8.68> PUT /root/.ansible/tmp/ansible-local-13xq0p_zjl/tmpf6b1hu38 TO /home/jgagnon/.ansible/tmp/ansible-tmp-1673627367.5772753-79-56987276901864/AnsiballZ_k8s_json_patch.py
<172.20.8.68> EXEC /bin/sh -c 'chmod u+x /home/jgagnon/.ansible/tmp/ansible-tmp-1673627367.5772753-79-56987276901864/ /home/jgagnon/.ansible/tmp/ansible-tmp-1673627367.5772753-79-56987276901864/AnsiballZ_k8s_json_patch.py && sleep 0'
<172.20.8.68> EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=nkyrpuhmzeqazkucskxiqmbqcfzksvex] password:" -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-nkyrpuhmzeqazkucskxiqmbqcfzksvex ; /usr/bin/python3 /home/jgagnon/.ansible/tmp/ansible-tmp-1673627367.5772753-79-56987276901864/AnsiballZ_k8s_json_patch.py'"'"' && sleep 0'
<172.20.8.68> EXEC /bin/sh -c 'rm -f -r /home/jgagnon/.ansible/tmp/ansible-tmp-1673627367.5772753-79-56987276901864/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
  File "/tmp/ansible_kubernetes.core.k8s_json_patch_payload_5igfywxi/ansible_kubernetes.core.k8s_json_patch_payload.zip/ansible_collections/kubernetes/core/plugins/modules/k8s_json_patch.py", line 239, in execute_module
  File "/usr/local/lib/python3.8/dist-packages/kubernetes/dynamic/client.py", line 150, in patch
    return self.request('patch', path, body=body, content_type=content_type, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/kubernetes/dynamic/client.py", line 57, in inner
    raise api_exception(e)
fatal: [gagnon-m1]: FAILED! => {
    "changed": false,
    "error": 422,
    "invocation": {
        "module_args": {
            "api_key": null,
            "api_version": "v1",
            "ca_cert": null,
            "client_cert": null,
            "client_key": null,
            "context": "kubernetes-admin@kubernetes",
            "host": null,
            "impersonate_groups": null,
            "impersonate_user": null,
            "kind": "ConfigMap",
            "kubeconfig": "/home/jgagnon/.kube/config",
            "name": "kube-proxy",
            "namespace": "kube-system",
            "no_proxy": null,
            "password": null,
            "patch": [
                {
                    "op": "replace",
                    "path": "/data/config.conf/metricsBindAddress",
                    "value": "0.0.0.0"
                }
            ],
            "persist_config": null,
            "proxy": null,
            "proxy_headers": null,
            "username": null,
            "validate_certs": null,
            "wait": false,
            "wait_condition": null,
            "wait_sleep": 5,
            "wait_timeout": 120
        }
    },
    "msg": "Failed to patch existing object: b'{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"the server rejected our request due to an error in our request\",\"reason\":\"Invalid\",\"details\":{},\"code\":422}\\n'",
    "reason": "Unprocessable Entity",
    "status": 422
}
@gravesm
Copy link
Member

gravesm commented Jan 13, 2023

@jgagnon44 A ConfigMap is just key/value data. It's not structured. The path /data/config.conf/metricsBindAddress doesn't exist. If you want to modify that yaml string you will have to read that string in as yaml, change it how you want, and then pass the entire modified yaml string to your json patch using the path /data/config.conf.

@gravesm gravesm added the type/question Further information is requested label Jan 13, 2023
@jgagnon44
Copy link
Author

OK. I was suspecting something along these lines, but wasn't sure. I'm very new to Ansible. How could I pull the config.conf "data", change it and then replace the existing with the modified?

@gravesm
Copy link
Member

gravesm commented Jan 13, 2023

I would probably do something like:

- hosts: localhost
  gather_facts: false
  tasks:
    - kubernetes.core.k8s:
        kind: Namespace
        name: testing

    - kubernetes.core.k8s:
        definition:
          apiVersion: v1
          kind: ConfigMap
          metadata:
            name: test-map
            namespace: testing
          data:
            config.conf: |
              apiVersion: v1
              kind: Pod
              metadata:
                name: my-pod

    - kubernetes.core.k8s_info:
        kind: ConfigMap
        name: test-map
        namespace: testing
      register: result

    - set_fact:
        new_data: "{{ result.resources[0].data['config.conf'] | from_yaml | combine(patch, recursive=true) }}"
      vars:
        patch:
          kind: Secret
          metadata:
            namespace: some-ns

    - kubernetes.core.k8s_json_patch:
        kind: ConfigMap
        name: test-map
        namespace: testing
        patch:
          - op: replace
            path: /data/config.conf
            value: "{{ new_data | to_nice_yaml(indent=2) }}"

Do note the limitation with string width: https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html#formatting-data-yaml-and-json.

@jgagnon44
Copy link
Author

Took me a bit, but got it work. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gravesm @jgagnon44