Creating K8S object

Introduction

This guide will show you how to utilize Ansible to create Kubernetes objects such as Pods, Deployments, and Secrets.

Scenario Requirements

  • Software

    • Ansible 2.9.17 or later must be installed

    • The Python module kubernetes must be installed on the Ansible controller (or Target host if not executing against localhost)

    • Kubernetes Cluster

    • Kubectl binary installed on the Ansible controller

  • Access / Credentials

    • Kubeconfig configured with the given Kubernetes cluster

Assumptions

  • User has required level of authorization to create, delete and update resources on the given Kubernetes cluster.

Caveats

Example Description

In this use case / example, we will create a Pod in the given Kubernetes Cluster. The following Ansible playbook showcases the basic parameters that are needed for this.

---
- hosts: localhost
  collections:
    - kubernetes.core
  tasks:
    - name: Create a pod
      k8s:
        state: present
        definition:
        apiVersion: v1
        kind: Pod
        metadata:
            name: "utilitypod-1"
            namespace: default
            labels:
                app: galaxy
        spec:
            containers:
            - name: utilitypod
              image: busybox

Since Ansible utilizes the Kubernetes API to perform actions, in this use case we will be connecting directly to the Kubernetes cluster.

To begin, there are a few bits of information we will need. Here you are using Kubeconfig which is pre-configured in your machine. The Kubeconfig is generally located at ~/.kube/config. It is highly recommended to store sensitive information such as password, user certificates in a more secure fashion using ansible-vault or using Ansible Tower credentials.

Now you need to supply the information about the Pod which will be created. Using definition parameter of the kubernetes.core.k8s module, you specify PodTemplate. This PodTemplate is identical to what you provide to the kubectl command.

What to expect

  • You will see a bit of JSON output after this playbook completes. This output shows various parameters that are returned from the module and from cluster about the newly created Pod.

{
    "changed": true,
    "method": "create",
    "result": {
        "apiVersion": "v1",
        "kind": "Pod",
        "metadata": {
            "creationTimestamp": "2020-10-03T15:36:25Z",
            "labels": {
                "app": "galaxy"
            },
            "name": "utilitypod-1",
            "namespace": "default",
            "resourceVersion": "4511073",
            "selfLink": "/api/v1/namespaces/default/pods/utilitypod-1",
            "uid": "c7dec819-09df-4efd-9d78-67cf010b4f4e"
        },
        "spec": {
            "containers": [{
                "image": "busybox",
                "imagePullPolicy": "Always",
                "name": "utilitypod",
                "resources": {},
                "terminationMessagePath": "/dev/termination-log",
                "terminationMessagePolicy": "File",
                "volumeMounts": [{
                    "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount",
                    "name": "default-token-6j842",
                    "readOnly": true
                }]
            }],
            "dnsPolicy": "ClusterFirst",
            "enableServiceLinks": true,
            "priority": 0,
            "restartPolicy": "Always",
            "schedulerName": "default-scheduler",
            "securityContext": {},
            "serviceAccount": "default",
            "serviceAccountName": "default",
            "terminationGracePeriodSeconds": 30,
            "tolerations": [{
                    "effect": "NoExecute",
                    "key": "node.kubernetes.io/not-ready",
                    "operator": "Exists",
                    "tolerationSeconds": 300
                },
                {
                    "effect": "NoExecute",
                    "key": "node.kubernetes.io/unreachable",
                    "operator": "Exists",
                    "tolerationSeconds": 300
                }
            ],
            "volumes": [{
                "name": "default-token-6j842",
                "secret": {
                    "defaultMode": 420,
                    "secretName": "default-token-6j842"
                }
            }]
        },
        "status": {
            "phase": "Pending",
            "qosClass": "BestEffort"
        }
    }
}
  • In the above example, ‘changed’ is True which notifies that the Pod creation started on the given cluster. This can take some time depending on your environment.

Troubleshooting

Things to inspect

  • Check if the values provided for username and password are correct

  • Check if the Kubeconfig is populated with correct values

See also

Kubernetes Python client

The GitHub Page of Kubernetes Python client

Kubernetes Python client - Issue Tracker

The issue tracker for Kubernetes Python client

Kubectl installation

Installation guide for installing Kubectl

Working with playbooks

An introduction to playbooks

Using encrypted variables and files

Using Vault in playbooks