containers.podman.podman_play module – Play kubernetes YAML file using podman

Note

This module is part of the containers.podman collection (version 1.16.2).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install containers.podman. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: containers.podman.podman_play.

Synopsis

  • The module reads in a structured file of Kubernetes YAML. It will then recreate the pod and containers described in the YAML.

Requirements

The below requirements are needed on the host that executes this module.

  • Podman installed on host

Parameters

Parameter

Comments

annotation

aliases: annotations

dictionary

Add an annotation to the container or pod.

authfile

path

Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json, which is set using podman login. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using docker login. Note - You can also override the default path of the authentication file by setting the REGISTRY_AUTH_FILE environment variable. export REGISTRY_AUTH_FILE=path

build

boolean

Build images even if they are found in the local storage.

It is required to exist subdirectories matching the image names to be build.

Choices:

  • false

  • true

cert_dir

path

Use certificates at path (*.crt, *.cert, *.key) to connect to the registry. Default certificates directory is /etc/containers/certs.d. (This option is not available with the remote Podman client)

configmap

list / elements=path

Use Kubernetes configmap YAML at path to provide a source for environment variable values within the containers of the pod. Note - The configmap option can be used multiple times to pass multiple Kubernetes configmap YAMLs

context_dir

path

Use path as the build context directory for each image. Requires build option be true.

debug

boolean

Enable debug for the module.

Choices:

  • false

  • true

executable

string

Name of executable to run, by default ‘podman’

Default: "podman"

kube_file

path

Path to file with YAML configuration for a Pod.

kube_file_content

string

Content of the kube file.

log_driver

string

Set logging driver for all created containers.

log_level

string

Set logging level for podman calls. Log messages above specified level (“debug”|”info”|”warn”|”error”|”fatal”|”panic”) (default “error”)

Choices:

  • "debug"

  • "info"

  • "warn"

  • "error"

  • "fatal"

  • "panic"

log_opt

aliases: log_options

dictionary

Logging driver specific options. Set custom logging configuration.

max_size

string

Specify a max size of the log file (e.g 10mb).

path

string

specify a path to the log file (e.g. /var/log/container/mycontainer.json).

tag

string

Specify a custom log tag for the container. This option is currently supported only by the journald log driver in Podman.

network

list / elements=string

List of the names of CNI networks the pod should join.

password

string

The username and password to use to authenticate with the registry if required.

quadlet_dir

path

Path to the directory to write quadlet file in. By default, it will be set as /etc/containers/systemd/ for root user, ~/.config/containers/systemd/ for non-root users.

quadlet_file_mode

any

The permissions of the quadlet file.

The quadlet_file_mode can be specied as octal numbers or as a symbolic mode (for example, u+rwx or u=rw,g=r,o=r). For octal numbers format, you must either add a leading zero so that Ansible’s YAML parser knows it is an octal number (like 0644 or 01777) or quote it (like '644' or '1777') so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results.

If quadlet_file_mode is not specified and the quadlet file does not exist, the default '0640' mask will be used when setting the mode for the newly created file.

If quadlet_file_mode is not specified and the quadlet file does exist, the mode of the existing file will be used.

Specifying quadlet_file_mode is the best way to ensure files are created with the correct permissions.

quadlet_filename

string

Name of quadlet file to write. Must be specified if state is quadlet.

quadlet_options

list / elements=string

Options for the quadlet file. Provide missing in usual network args options as a list of lines to add.

quiet

boolean

Hide image pulls logs from output.

Choices:

  • false

  • true

recreate

boolean

If pod already exists, delete it and run the new one.

Choices:

  • false

  • true

seccomp_profile_root

path

Directory path for seccomp profiles (default is “/var/lib/kubelet/seccomp”). This option is not available with the remote Podman client

state

string / required

Start the pod after creating it, or to leave it created only.

Choices:

  • "created"

  • "started"

  • "absent"

  • "quadlet"

tls_verify

boolean

Require HTTPS and verify certificates when contacting registries (default is true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf.

Choices:

  • false

  • true

username

string

The username and password to use to authenticate with the registry if required.

userns

string

Set the user namespace mode for all the containers in a pod. It defaults to the PODMAN_USERNS environment variable. An empty value (“”) means user namespaces are disabled.

Examples

- name: Play kube file
  containers.podman.podman_play:
    kube_file: ~/kube.yaml
    state: started

- name: Recreate pod from a kube file with options
  containers.podman.podman_play:
    kube_file: ~/kube.yaml
    state: started
    recreate: true
    annotations:
      greeting: hello
      greet_to: world
    userns: host
    log_opt:
      path: /tmp/my-container.log
      max_size: 10mb

- name: Create a Quadlet file
  containers.podman.podman_play:
    kube_file: ~/kube.yaml
    state: quadlet
    annotations:
      greeting: hello
      greet_to: world
    userns: host
    quadlet_filename: kube-pod
    quadlet_file_mode: '0640'
    quadlet_options:
      - "SetWorkingDirectory=yaml"
      - "ExitCodePropagation=any"

Authors

  • Sagi Shnaidman (@sshnaidm)