Creating K8S object¶
Introduction¶
This guide will show you how to utilize Ansible to create Kubernetes objects such as Pods, Deployments, and Secrets.
Scenario Requirements¶
Software
- Ansible 2.9.10 or later must be installed
- The Python modules
openshift
andkubernetes
must be installed on the Ansible controller (or Target host if not executing against localhost) - Kubernetes Cluster
- Kubectl binary installed on the Ansible controller
Access / Credentials
- Kubeconfig configured with the given Kubernetes cluster
Assumptions¶
- User has required level of authorization to create, delete and update resources on the given Kubernetes cluster.
Caveats¶
- community.kubernetes 1.1.0 is going to migrate to kubernetes.core
Example Description¶
In this use case / example, we will create a Pod in the given Kubernetes Cluster. The following Ansible playbook showcases the basic parameters that are needed for this.
---
- hosts: localhost
collections:
- community.kubernetes
tasks:
- name: Create a pod
k8s:
state: present
definition:
apiVersion: v1
kind: Pod
metadata:
name: "utilitypod-1"
namespace: default
labels:
app: galaxy
spec:
containers:
- name: utilitypod
image: busybox
Since Ansible utilizes the Kubernetes API to perform actions, in this use case we will be connecting directly to the Kubernetes cluster.
To begin, there are a few bits of information we will need. Here you are using Kubeconfig which is pre-configured in your machine. The Kubeconfig is generally located at ~/.kube/config
. It is highly recommended to store sensitive information such as password, user certificates in a more secure fashion using ansible-vault or using Ansible Tower credentials.
Now you need to supply the information about the Pod which will be created. Using definition
parameter of the community.kubernetes.k8s
module, you specify PodTemplate. This PodTemplate is identical to what you provide to the kubectl
command.
What to expect¶
- You will see a bit of JSON output after this playbook completes. This output shows various parameters that are returned from the module and from cluster about the newly created Pod.
{
"changed": true,
"method": "create",
"result": {
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"creationTimestamp": "2020-10-03T15:36:25Z",
"labels": {
"app": "galaxy"
},
"name": "utilitypod-1",
"namespace": "default",
"resourceVersion": "4511073",
"selfLink": "/api/v1/namespaces/default/pods/utilitypod-1",
"uid": "c7dec819-09df-4efd-9d78-67cf010b4f4e"
},
"spec": {
"containers": [{
"image": "busybox",
"imagePullPolicy": "Always",
"name": "utilitypod",
"resources": {},
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File",
"volumeMounts": [{
"mountPath": "/var/run/secrets/kubernetes.io/serviceaccount",
"name": "default-token-6j842",
"readOnly": true
}]
}],
"dnsPolicy": "ClusterFirst",
"enableServiceLinks": true,
"priority": 0,
"restartPolicy": "Always",
"schedulerName": "default-scheduler",
"securityContext": {},
"serviceAccount": "default",
"serviceAccountName": "default",
"terminationGracePeriodSeconds": 30,
"tolerations": [{
"effect": "NoExecute",
"key": "node.kubernetes.io/not-ready",
"operator": "Exists",
"tolerationSeconds": 300
},
{
"effect": "NoExecute",
"key": "node.kubernetes.io/unreachable",
"operator": "Exists",
"tolerationSeconds": 300
}
],
"volumes": [{
"name": "default-token-6j842",
"secret": {
"defaultMode": 420,
"secretName": "default-token-6j842"
}
}]
},
"status": {
"phase": "Pending",
"qosClass": "BestEffort"
}
}
}
- In the above example, ‘changed’ is
True
which notifies that the Pod creation started on the given cluster. This can take some time depending on your environment.
Troubleshooting¶
Things to inspect
- Check if the values provided for username and password are correct
- Check if the Kubeconfig is populated with correct values
See also
- Kubernetes Python client
- The GitHub Page of Kubernetes Python client
- Kubernetes Python client - Issue Tracker
- The issue tracker for Kubernetes Python client
- OpenShift Python client
- The GitHub Page of OpenShift Dynamic API client
- OpenShift Python client - Issue Tracker
- The issue tracker for OpenShift Dynamic API client
- Kubectl installation
- Installation guide for installing Kubectl
- Working with playbooks
- An introduction to playbooks
- Using encrypted variables and files
- Using Vault in playbooks