kubernetes.core.k8s_rollback module – Rollback Kubernetes (K8S) Deployments and DaemonSets
Note
This module is part of the kubernetes.core collection (version 2.3.2).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install kubernetes.core
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: kubernetes.core.k8s_rollback
.
New in kubernetes.core 1.0.0
Synopsis
Use the Kubernetes Python client to perform the Rollback.
Authenticate using either a config file, certificates, password or token.
Similar to the
kubectl rollout undo
command.
Note
This module has a corresponding action plugin.
Requirements
The below requirements are needed on the host that executes this module.
python >= 3.6
kubernetes >= 12.0.0
PyYAML >= 3.11
Parameters
Parameter |
Comments |
---|---|
Token used to authenticate with the API. Can also be specified via K8S_AUTH_API_KEY environment variable. |
|
Use to specify the API version. Use to create, delete, or discover an object without providing a full resource definition. Use in conjunction with kind, name, and namespace to identify a specific object. If resource definition is provided, the apiVersion value from the resource_definition will override this option. Default: |
|
Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to avoid certificate validation errors. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable. |
|
Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE environment variable. |
|
Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment variable. |
|
The name of a context found in the config file. Can also be specified via K8S_AUTH_CONTEXT environment variable. |
|
List of field selectors to use to filter results. |
|
Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment variable. |
|
Group(s) to impersonate for the operation. Can also be specified via K8S_AUTH_IMPERSONATE_GROUPS environment. Example: Group1,Group2 |
|
Username to impersonate for the operation. Can also be specified via K8S_AUTH_IMPERSONATE_USER environment. |
|
Use to specify an object model. Use to create, delete, or discover an object without providing a full resource definition. Use in conjunction with api_version, name, and namespace to identify a specific object. If resource definition is provided, the kind value from the resource_definition will override this option. |
|
Path to an existing Kubernetes config file. If not provided, and no other connection options are provided, the Kubernetes client will attempt to load the default configuration file from ~/.kube/config. Can also be specified via K8S_AUTH_KUBECONFIG environment variable. The kubernetes configuration can be provided as dictionary. This feature requires a python kubernetes client version >= 17.17.0. Added in version 2.2.0. |
|
List of label selectors to use to filter results. |
|
Use to specify an object name. Use to create, delete, or discover an object without providing a full resource definition. Use in conjunction with api_version, kind and namespace to identify a specific object. If resource definition is provided, the metadata.name value from the resource_definition will override this option. |
|
Use to specify an object namespace. Useful when creating, deleting, or discovering an object without providing a full resource definition. Use in conjunction with api_version, kind, and name to identify a specific object. If resource definition is provided, the metadata.namespace value from the resource_definition will override this option. |
|
The comma separated list of hosts/domains/IP/CIDR that shouldn’t go through proxy. Can also be specified via K8S_AUTH_NO_PROXY environment variable. Please note that this module does not pick up typical proxy settings from the environment (e.g. NO_PROXY). This feature requires kubernetes>=19.15.0. When kubernetes library is less than 19.15.0, it fails even no_proxy set in correct. example value is “localhost,.local,.example.com,127.0.0.1,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16” |
|
Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD environment variable. Please read the description of the |
|
Whether or not to save the kube config refresh tokens. Can also be specified via K8S_AUTH_PERSIST_CONFIG environment variable. When the k8s context is using a user credentials with refresh tokens (like oidc or gke/gcloud auth), the token is refreshed by the k8s python client library but not saved by default. So the old refresh token can expire and the next auth might fail. Setting this flag to true will tell the k8s python client to save the new refresh token to the kube config file. Default to false. Please note that the current version of the k8s python client library does not support setting this flag to True yet. The fix for this k8s python library is here: https://github.com/kubernetes-client/python-base/pull/169 Choices:
|
|
The URL of an HTTP proxy to use for the connection. Can also be specified via K8S_AUTH_PROXY environment variable. Please note that this module does not pick up typical proxy settings from the environment (e.g. HTTP_PROXY). |
|
The Header used for the HTTP proxy. Documentation can be found here https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight%3Dproxy_headers#urllib3.util.make_headers. |
|
Colon-separated username:password for basic authentication header. Can also be specified via K8S_AUTH_PROXY_HEADERS_BASIC_AUTH environment. |
|
Colon-separated username:password for proxy basic authentication header. Can also be specified via K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH environment. |
|
String representing the user-agent you want, such as foo/1.0. Can also be specified via K8S_AUTH_PROXY_HEADERS_USER_AGENT environment. |
|
Provide a username for authenticating with the API. Can also be specified via K8S_AUTH_USERNAME environment variable. Please note that this only works with clusters configured to use HTTP Basic Auth. If your cluster has a different form of authentication (e.g. OAuth2 in OpenShift), this option will not work as expected and you should look into the community.okd.k8s_auth module, as that might do what you need. |
|
Whether or not to verify the API server’s SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL environment variable. Choices:
|
Notes
Note
To avoid SSL certificate validation errors when
validate_certs
is True, the full certificate chain for the API server must be provided viaca_cert
or in the kubeconfig file.
Examples
- name: Rollback a failed deployment
kubernetes.core.k8s_rollback:
api_version: apps/v1
kind: Deployment
name: web
namespace: testing
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The object that was rolled back. Returned: success |
|
The versioned schema of this representation of an object. Returned: success |
|
The HTTP Code of the response Returned: success |
|
Status Returned: success |
|
Standard object metadata. Includes name, namespace, annotations, labels, etc. Returned: success |
|
Current status details for the object. Returned: success |