介绍

Ansible Guide: https://docs.ansible.com/ansible/latest/collections/kubernetes/core/index.html#description

code: https://github.com/ansible-collections/kubernetes.core

模块列表:https://github.com/ansible-collections/kubernetes.core#modules

kubernetes.core可以自动化管理kubernetes或openshift集群的应用与资源对象,以及集群的运维管理。

该collection环境要求:
kubernetes >= 1.19
python >= 3.6
ansible >= 2.9.17

Modules

kubernetes.core collection包含有多个模块插件:inventory plugin, lookup plugin, connection plugin, K8s filter plugin以及多个Model

Name Description
kubernetes.core.helm Manages Kubernetes packages with the Helm package manager
kubernetes.core.helm_info Get information from Helm package deployed inside the cluster
kubernetes.core.helm_plugin Manage Helm plugins
kubernetes.core.helm_plugin_info Gather information about Helm plugins
kubernetes.core.helm_pull download a chart from a repository and (optionally) unpack it in local directory.
kubernetes.core.helm_repository Manage Helm repositories.
kubernetes.core.helm_template Render chart templates
kubernetes.core.k8s Manage Kubernetes (K8s) objects
kubernetes.core.k8s_cluster_info Describe Kubernetes (K8s) cluster, APIs available and their respective versions
kubernetes.core.k8s_cp Copy files and directories to and from pod.
kubernetes.core.k8s_drain Drain, Cordon, or Uncordon node in k8s cluster
kubernetes.core.k8s_exec Execute command in Pod
kubernetes.core.k8s_info Describe Kubernetes (K8s) objects
kubernetes.core.k8s_json_patch Apply JSON patch operations to existing objects
kubernetes.core.k8s_log Fetch logs from Kubernetes resources
kubernetes.core.k8s_rollback Rollback Kubernetes (K8S) Deployments and DaemonSets
kubernetes.core.k8s_scale Set a new size for a Deployment, ReplicaSet, Replication Controller, or Job.
kubernetes.core.k8s_service Manage Services on Kubernetes
kubernetes.core.k8s_taint Taint a node in a Kubernetes/OpenShift cluster

准备环境

查看当前支持的inventory插件

1
2
❯ ansible-doc -t inventory -l | grep kubernetes
kubernetes.core.k8s                                     Kubernetes (K8s) in...

判断是否安装了kubernetes.core collection

1
2
❯ ansible-galaxy  collection list | grep kubernetes
kubernetes.core               2.4.0

如果没有的话,需要安装

1
❯ ansible-galaxy collection install kubernetes.core

配置inventory

kubernetes.core.k8s inventory支持多种方式配置,如token, kubeconfig

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
❯ cat k8s.yaml
plugin: kubernetes.core.k8s
connections:
  - kubeconfig: /Users/mpan/.kube/config

# Authenticate with token, and return all pods and services for all namespaces
---
plugin: kubernetes.core.k8s
connections:
  - host: https://192.168.64.4:8443
    api_key: xxxxxxxxxxxxxxxx
    validate_certs: false

# Use default config (~/.kube/config) file and active context, and return objects for a specific namespace
plugin: kubernetes.core.k8s
connections:
  - namespaces:
    - testing

# Use a custom config file, and a specific context.
plugin: kubernetes.core.k8s
connections:
  - kubeconfig: /path/to/config
    context: 'awx/192-168-64-4:8443/developer'

配置完成inventory后,可以查看inventory内容

1
❯ ansible-inventory -i k8s.yaml --list > out

该inventory将根据namespace, 及label信息等为k8s中的资源创建了很多组,方便在运行具体tasks时进行选择。同时为pod默认配置了连接方式 "ansible_connection": "kubernetes.core.kubectl",

运行ansible playbook

ansible将通过kubectl工具,在相关的pod中运行指定的模块,其中pod就相当于一台机器,它必须安装有python环境,才能正常运行模块。

1
2
3
4
5
6
7
8
9
10
11
---
- hosts: namespace_blossom_pods
  gather_facts: false
  tasks:
    - name: debug info
      debug: msg="{{ container_state }}"
      when: container_state == "Running"
    
    - name: Execute a command
      shell: echo "Hello"
      when: container_state == "Running"

运行 playbook

1
ansible-playbook -i k8s.yaml a.yaml

使用kubernetes.core.k8s_exec模块在指定的pod中运行命令

1
2
3
4
5
6
7
8
9
- hosts: localhost
  gather_facts: false
  tasks:
  - name: Execute a command
    kubernetes.core.k8s_exec:
      namespace: myproject
      pod: sample-pod
      command: echo "hello"
      kubeconfig: /path/to/config

运行Playbook

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
❯ ansible-playbook main.yaml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match
'all'

PLAY [localhost] *******************************************************************************************************

TASK [Execute a command] ***********************************************************************************************
[DEPRECATION WARNING]: The 'return_code' return key is being renamed to 'rc'. Both keys are being returned for now to
allow users to migrate their automation. This feature will be removed from kubernetes.core in version 4.0.0.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
changed: [localhost]

PLAY RECAP *************************************************************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

对于其它模块可以参考它的说明,配置相关的参数。