search

ansible-collections / kubernetes.core

The collection includes a variety of Ansible content to help automate the management of applications in Kubernetes and OpenShift clusters, as well as the provisioning and maintenance of clusters themselves.
Other
213 stars 133 forks source link

Alternative kubeconfig isnt picked up by kubernetes.core.helm module #538

Closed Informize closed 1 year ago

Informize commented 1 year ago
SUMMARY

Alternative kubeconfig isnt picked up by kubernetes.core.helm module. Couldnt get to work fiddling with environment variables.

Note that tasks with module kubernetes.core.k8s does work with alternative kubeconfig.

ISSUE TYPE
COMPONENT NAME
ANSIBLE VERSION
ansible [core 2.13.5]
  config file = /ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.8.10 (default, Jun 22 2022, 20:18:18) [GCC 9.4.0]
  jinja version = 3.1.2
  libyaml = True
COLLECTION VERSION
# /usr/local/lib/python3.8/dist-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    3.5.0
ansible.netcommon             3.1.3
ansible.posix                 1.4.0
ansible.utils                 2.6.1
ansible.windows               1.11.1
arista.eos                    5.0.1
awx.awx                       21.7.0
azure.azcollection            1.13.0
check_point.mgmt              2.3.0
chocolatey.chocolatey         1.3.1
cisco.aci                     2.2.0
cisco.asa                     3.1.0
cisco.dnac                    6.6.0
cisco.intersight              1.0.19
cisco.ios                     3.3.2
cisco.iosxr                   3.3.1
cisco.ise                     2.5.5
cisco.meraki                  2.11.0
cisco.mso                     2.0.0
cisco.nso                     1.0.3
cisco.nxos                    3.2.0
cisco.ucs                     1.8.0
cloud.common                  2.1.2
cloudscale_ch.cloud           2.2.2
community.aws                 3.6.0
community.azure               1.1.0
community.ciscosmb            1.0.5
community.crypto              2.7.0
community.digitalocean        1.22.0
community.dns                 2.3.3
community.docker              2.7.1
community.fortios             1.0.0
community.general             5.7.0
community.google              1.0.0
community.grafana             1.5.3
community.hashi_vault         3.3.1
community.hrobot              1.5.2
community.libvirt             1.2.0
community.mongodb             1.4.2
community.mysql               3.5.1
community.network             4.0.1
community.okd                 2.2.0
community.postgresql          2.2.0
community.proxysql            1.4.0
community.rabbitmq            1.2.2
community.routeros            2.3.0
community.sap                 1.0.0
community.sap_libs            1.3.0
community.skydive             1.0.0
community.sops                1.4.1
community.vmware              2.10.0
community.windows             1.11.0
community.zabbix              1.8.0
containers.podman             1.9.4
cyberark.conjur               1.2.0
cyberark.pas                  1.0.14
dellemc.enterprise_sonic      1.1.2
dellemc.openmanage            5.5.0
dellemc.os10                  1.1.1
dellemc.os6                   1.0.7
dellemc.os9                   1.0.4
f5networks.f5_modules         1.20.0
fortinet.fortimanager         2.1.5
fortinet.fortios              2.1.7
frr.frr                       2.0.0
gluster.gluster               1.0.2
google.cloud                  1.0.2
hetzner.hcloud                1.8.2
hpe.nimble                    1.1.4
ibm.qradar                    2.1.0
ibm.spectrum_virtualize       1.10.0
infinidat.infinibox           1.3.3
infoblox.nios_modules         1.4.0
inspur.ispim                  1.1.0
inspur.sm                     2.2.0
junipernetworks.junos         3.1.0
kubernetes.core               2.3.2
mellanox.onyx                 1.0.0
netapp.aws                    21.7.0
netapp.azure                  21.10.0
netapp.cloudmanager           21.20.1
netapp.elementsw              21.7.0
netapp.ontap                  21.24.1
netapp.storagegrid            21.11.1
netapp.um_info                21.8.0
netapp_eseries.santricity     1.3.1
netbox.netbox                 3.8.0
ngine_io.cloudstack           2.2.4
ngine_io.exoscale             1.0.0
ngine_io.vultr                1.1.2
openstack.cloud               1.10.0
openvswitch.openvswitch       2.1.0
ovirt.ovirt                   2.2.3
purestorage.flasharray        1.14.0
purestorage.flashblade        1.10.0
purestorage.fusion            1.1.1
sensu.sensu_go                1.13.1
servicenow.servicenow         1.0.6
splunk.es                     2.1.0
t_systems_mms.icinga_director 1.31.0
theforeman.foreman            3.7.0
vmware.vmware_rest            2.2.0
vultr.cloud                   1.1.0
vyos.vyos                     3.0.1
wti.remote                    1.0.4
##### CONFIGURATION
ANSIBLE_COW_SELECTION(/ansible/ansible.cfg) = random
CACHE_PLUGIN(/ansible/ansible.cfg) = jsonfile
CACHE_PLUGIN_CONNECTION(/ansible/ansible.cfg) = /tmp
CACHE_PLUGIN_TIMEOUT(/ansible/ansible.cfg) = 86400
DEFAULT_GATHERING(/ansible/ansible.cfg) = smart
DEFAULT_GATHER_TIMEOUT(/ansible/ansible.cfg) = 60
DEFAULT_HOST_LIST(/ansible/ansible.cfg) = ['/ansible/inventory/sandbox']
DEFAULT_MANAGED_STR(/ansible/ansible.cfg) = This file is centrally managed by Ansible, all changes will be lost.
DEFAULT_REMOTE_USER(/ansible/ansible.cfg) = ansible
DEFAULT_ROLES_PATH(/ansible/ansible.cfg) = ['/ansible/roles']
DEFAULT_TIMEOUT(/ansible/ansible.cfg) = 600
DEPRECATION_WARNINGS(/ansible/ansible.cfg) = False
HOST_KEY_CHECKING(/ansible/ansible.cfg) = False
OS / ENVIRONMENT

Containerized ubuntu 20.04 Helm version:

version.BuildInfo{Version:"v3.10.1", GitCommit:"9f88ccb6aee40b9a0535fcc7efea6055e1ef72c9", GitTreeState:"clean", GoVersion:"go1.18.7"}
STEPS TO REPRODUCE
- name: Download helmchart
  run_once: true
  ansible.builtin.command: helm pull oci://harbor.internl/library/ceph-csi-cephfs --version 3.7.2 -d /tmp --untar
  delegate_to: localhost

- name: Deploy ceph-csi-cephfs helmchart
  kubernetes.core.helm:
    name: ceph-csi-cephfs
    chart_ref: /tmp/ceph-csi-cephfs
    release_namespace: ceph-csi-cephfs
    kubeconfig: /tmp/config
    verify_ssl: no
  delegate_to: localhost
  run_once: true
EXPECTED RESULTS

A deployed helm chart

ACTUAL RESULTS
    "command": "/usr/local/bin/helm list --output=yaml --filter ceph-csi-cephfs",
    "invocation": {
        "module_args": {
            "api_key": null,
            "atomic": false,
            "binary_path": null,
            "ca_cert": null,
            "chart_ref": "/tmp/ceph-csi-cephfs",
            "chart_repo_url": null,
            "chart_version": null,
            "context": null,
            "create_namespace": false,
            "disable_hook": false,
            "force": false,
            "history_max": null,
            "host": null,
            "kubeconfig": "/tmp/config",
            "name": "ceph-csi-cephfs",
            "purge": true,
            "release_name": "ceph-csi-cephfs",
            "release_namespace": "ceph-csi-cephfs",
            "release_state": "present",
            "release_values": {},
            "replace": false,
            "skip_crds": false,
            "timeout": null,
            "update_repo_cache": false,
            "validate_certs": false,
            "values_files": [],
            "verify_ssl": false,
            "wait": false,
            "wait_timeout": null
        }
    },
    "msg": "Failure when executing Helm command. Exited 1.\nstdout: \nstderr: Error: Kubernetes cluster unreachable: Get \"http://localhost:8080/version\": dial tcp 127.0.0.1:8080: connect: connection refused\n",
    "stderr": "Error: Kubernetes cluster unreachable: Get \"http://localhost:8080/version\": dial tcp 127.0.0.1:8080: connect: connection refused\n",
    "stderr_lines": [
        "Error: Kubernetes cluster unreachable: Get \"http://localhost:8080/version\": dial tcp 127.0.0.1:8080: connect: connection refused"
    ],

When running actual helm command it works fine:

root@07015dead2e6:/ansible# /usr/local/bin/helm list --output=yaml --filter ceph-csi-cephfs --kubeconfig /tmp/config
[]

It looks like the kubeconfig is not parsed to the actual helm command:

root@07015dead2e6:/ansible# /usr/local/bin/helm list --output=yaml --filter ceph-csi-cephfs
Error: Kubernetes cluster unreachable: Get "http://localhost:8080/version": dial tcp 127.0.0.1:8080: connect: connection refused
gravesm commented 1 year ago

Thanks, it looks like there's currently a bug that does not allow you specify both kubeconfig and verify_ssl=false.