Using Kubernetes dynamic inventory plugin

From Get docs
Ansible/docs/2.11/scenario guides/kubernetes scenarios/k8s inventory


Using Kubernetes dynamic inventory plugin

Kubernetes dynamic inventory plugin

The best way to interact with your Pods is to use the Kubernetes dynamic inventory plugin, which dynamically queries Kubernetes APIs using kubectl command line available on controller node and tells Ansible what Pods can be managed.

Requirements

To use the Kubernetes dynamic inventory plugins, you must install Kubernetes Python client, kubectl and OpenShift Python client on your control node (the host running Ansible). 

$ pip install kubernetes openshift

Please refer to Kubernetes official documentation for installing kubectl on the given operating systems.

To use this Kubernetes dynamic inventory plugin, you need to enable it first by specifying the following in the ansible.cfg file: 

[inventory]
enable_plugins = community.kubernetes.k8s

Then, create a file that ends in .k8s.yml or .k8s.yaml in your working directory.

The community.kubernetes.k8s inventory plugin takes in the same authentication information as any other Kubernetes modules.

Here’s an example of a valid inventory file: 

plugin: community.kubernetes.k8s

Executing ansible-inventory --list -i <filename>.k8s.yml will create a list of Pods that are ready to be configured using Ansible.

You can also provide the namespace to gather information about specific pods from the given namespace. For example, to gather information about Pods under the test namespace you will specify the namespaces parameter: 

plugin: community.kubernetes.k8s
connections:
- namespaces:
    - test

Using vaulted configuration files

Since the inventory configuration file contains Kubernetes related sensitive information in plain text, a security risk, you may want to encrypt your entire inventory configuration file.

You can encrypt a valid inventory configuration file as follows: 

$ ansible-vault encrypt <filename>.k8s.yml
  New Vault password:
  Confirm New Vault password:
  Encryption successful

$ echo "MySuperSecretPassw0rd!" > /path/to/vault_password_file

And you can use this vaulted inventory configuration file using: 

$ ansible-inventory -i <filename>.k8s.yml --list --vault-password-file=/path/to/vault_password_file

See also

Kubernetes Python client
The GitHub Page of Kubernetes Python client
Kubernetes Python client - Issue Tracker
The issue tracker for Kubernetes Python client
OpenShift Python client
The GitHub Page of OpenShift Dynamic API client
OpenShift Python client - Issue Tracker
The issue tracker for OpenShift Dynamic API client
Kubectl installation
Installation guide for installing Kubectl
Working with playbooks
An introduction to playbooks
Using encrypted variables and files
Using Vault in playbooks


© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/scenario_guides/kubernetes_scenarios/k8s_inventory.html


Retrieved from "https://getdocs.org/index.php?title=Ansible/docs/2.11/scenario_guides/kubernetes_scenarios/k8s_inventory&oldid=65803"
Powered by MediaWiki