-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
connection plugin kubectl for kubernetes. #26668
Conversation
@bcoca Pls review and check. Kubernetes is more and more popular. I hope this could be merged to help kubernetes users. |
The test
|
Replacing python api with kubectl is a good idea |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did a cursory connection test using the raw module and several Openshift containers. Worked good for that.
@@ -0,0 +1,179 @@ | |||
# Based on the kubernetes connection plugin |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this based on JCPowermac's connection plugin?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
based on docker connection. I missed it. I will fix it right now.
Wonderful feature. I cannot wait to use this plugin. |
Did some testing with OpenShift as well. I could only get it to work with the To get it to work I created a soft link for kubectl -> oc, as I don't have kubectl installed. Then I created the following inventory file:
In the above Again, the question is, why does the In both cases (i.e. using
FWIW, here's my playbook using
UPDATE: I think the issue is likely that the container is running as an unknown user. That's the default OpenShift behavior. It runs your container as a random user. So perhaps the only thing that will ever work in a default OpenShift installation is the
|
UPDATE: Hi Chris, I am testing on my local minishift, using a
|
@chouseknecht I don't know about how
and my playbook:
And here is my result:
|
@chouseknecht BTW, as I know, the |
@chouseknecht take a look at my test project for my iteration for the kube connection plugin. I used an example from my team's repo that deals with arbitrary uid. Arbitrary uid just needs to be handled in the Docker image. I would figure this implementation would have no problem with any modules as long as the uid issue was handled. |
Will work on pushing these changes into your branch today. As far as discussion around parameter specifics, totally open to a discussion. If anyone has ideas, or wants to make changes, now's the time. I've simply attempted to surface the Python client parameters, keeping the names and meaning consistent with the client. But again, open to modifying this approach, and iterating on it to make it better. |
Maybe add the |
Good idea. Namespace is definitely included. Added a bunch of variables, and support for env variables too. I think parameters are now pretty well aligned with the modules. |
- name: ansible_kubectl_cert_file | ||
env: | ||
- name: K8S_AUTH_SSL_CA_CERT | ||
verify_ssl: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about using kubectl_verify_ssl
instead of verify_ssl
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep. That's a bug. Fixing.
- name: ansible_kubectl_context | ||
env: | ||
- name: k8S_AUTH_CONTEXT | ||
kubectl_host: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I prefer to use server
instead of host
. Because host
in ansible points to the target of operation.
BTW, kubectl also use -s, --server string The address and port of the Kubernetes API server
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know. There's an alias for 'server'. Calling it host
keeps it consistent with the modules and Python client. As a user, you can use server
or host
. The Python client calls it host
, and uses HOST
in the env variable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about adding a SERVER
env variable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
default: '' | ||
vars: | ||
- name: ansible_kube_namespace | ||
- name: ansible_kubectl_namespace | ||
- name: ansible_kubectl_container |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we also provide a env option for kubectl_container
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doesn't seem like it would be necessary, as container names aren't really known ahead of time. I'm envisioning pod and container names coming from an inventory script.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If pod has only one container, container name can be ignored. But if pod has more than one container, container name is necessary to be specified.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added.
Added an |
@@ -23,47 +23,127 @@ | |||
DOCUMENTATION = """ | |||
author: | |||
- xuxinkun | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove these blank lines.
e14d549
to
da04e3b
Compare
SUMMARY
This PR is the connection plugin for kubernetes. It can deploy the playbook directly into containers of kubernetes pod using the local
kubectl
.kubernetes has a tool to enter container called
kubectl
. It has similar feature asdocker exec
.So, by making use of
kubectl
, we can alse achieve the goal treating thekubernetes pod
as container of docker.After this PR, inventory example could be like this.
The following parameters are processed by this connector:
default
.kubectl
.ISSUE TYPE
COMPONENT NAME
ANSIBLE VERSION
ADDITIONAL INFORMATION
I also see that there is a similar PR #24960. But I do not agree with it. First, kubernetes version has changed almost every two months. So, using python library
kubernetes
can not be compatible with each version. And it did not implementfetch_file
.I take use of
kubectl
instead of python librarykubernetes
.And this has not been changed and will not be changed for a long period of time.
But the options has been changed a lot. So, I set
ansible_kubernetes_extra_args
to replace it. Ansible user can set it easily.