An opinionated runner for Ansible on Kubernetes, inspired by Rancher's system-upgrade-controller.
- Dynamic node-based inventories: Build inventories based on cluster-nodes' labels
- Static hostname-based inventories: Build inventories with arbitrary hostnames or IPs
- Chroot-based node mutation: When targeting a cluster node, a chroot can be used as an alternative to SSH (using a highly-privileged pod)
- Secrets as variables: Kubernetes secrets can be used as Ansible variables
- Volumes as files: Use image volumes to access blobs (e.g. binaries or archives) at runtime without extending the runtime image*
- Time windows: Ensure that playbooks only run at a certain time
- Scheduling: Embrace idempotency and repeat playbook executions based on a schedule
* As of August 2025, image volumes are a beta feature of Kubernetes and not yet supported by all container runtimes.
- Upgrade k3s on all cluster nodes
- Manage node-level configuration files
- Schedule operating system upgrades
- Export certificates created by cert-manager to external devices