Deploy coredns with kubernetes.core.k8s template fails.

[jpm38]

SUMMARY

Deploy coredns with kubernetes.core.k8s template fails.

ISSUE TYPE

• Bug Report

COMPONENT NAME

kubernetes.core.k8s

ANSIBLE VERSION

ansible 2.9.25 config file = /etc/bluebanquise/ansible.cfg configured module search path = ['/usr/share/ceph-ansible/library'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible python version = 3.6.8 (default, Sep 9 2021, 07:49:02) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]

COLLECTION VERSION

kubernetes-core-2.2.3

CONFIGURATION

ANSIBLE_PIPELINING(/etc/bluebanquise/ansible.cfg) = True ANSIBLE_SSH_ARGS(/etc/bluebanquise/ansible.cfg) = -C -o ControlMaster=auto -o ControlPersist=60s -o PreferredAuthentications=publickey DEFAULT_CALLBACK_WHITELIST(/etc/bluebanquise/ansible.cfg) = ['profile_roles'] DEFAULT_FORKS(/etc/bluebanquise/ansible.cfg) = 32 DEFAULT_HOST_LIST(/etc/bluebanquise/ansible.cfg) = ['/etc/bluebanquise/inventory', '/etc/bluebanquise/internal'] DEFAULT_JINJA2_EXTENSIONS(/etc/bluebanquise/ansible.cfg) = jinja2.ext.loopcontrols DEFAULT_LOAD_CALLBACK_PLUGINS(/etc/bluebanquise/ansible.cfg) = True DEFAULT_MANAGED_STR(/etc/bluebanquise/ansible.cfg) = Ansible managed file, do not edit DEFAULT_MODULE_PATH(/etc/bluebanquise/ansible.cfg) = ['/usr/share/ceph-ansible/library'] DEFAULT_ROLES_PATH(/etc/bluebanquise/ansible.cfg) = ['/etc/bluebanquise/roles/core', '/etc/bluebanquise/roles/addons', '/etc/bluebanquise/roles/customs', '/etc/bluebanquise/roles/advanced-c> DEFAULT_SELINUX_SPECIAL_FS(/etc/bluebanquise/ansible.cfg) = ['ceph'] DEFAULT_STDOUT_CALLBACK(/etc/bluebanquise/ansible.cfg) = yaml DEFAULT_VAULT_PASSWORD_FILE(/etc/bluebanquise/ansible.cfg) = /root/.vault_password_file DEPRECATION_WARNINGS(/etc/bluebanquise/ansible.cfg) = False RETRY_FILES_ENABLED(/etc/bluebanquise/ansible.cfg) = False

OS / ENVIRONMENT

Red Hat Enterprise Linux release 8.5 (Ootpa)

STEPS TO REPRODUCE

kubernetes_coredns/tasks/main.yml:

- name: Create coredns resources
  kubernetes.core.k8s:
    state: present
    apply: true
    template: "coredns.yml.j2"

playbook kube_coredns.yml

---
- name: Playbook coreDNS
  hosts: "localhost"
  roles:
    - role: kubernetes_coredns
      tags: kubernetes_coredns

coredns.yml.j2:

---

apiVersion: apps/v1 kind: Deployment metadata: labels: k8s-app: "{{ kubernetes.service.coredns_local.name }}" name: "{{ kubernetes.service.coredns_local.name }}" namespace: kube-system spec: progressDeadlineSeconds: 600 replicas: 2 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: "{{ kubernetes.service.coredns_local.name }}" strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 1 type: RollingUpdate template: metadata: creationTimestamp: null labels: k8s-app: "{{ kubernetes.service.coredns_local.name }}" spec: containers:

• args:
  • -conf
  • /etc/coredns/Corefile image: {{ registry.user_path }}{{ kubernetes['images']['coredns']['name'] }}:{{ kubernetes['images']['coredns']['tag'] }} imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 5 httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: coredns ports:
  • containerPort: 53 name: dns protocol: UDP
  • containerPort: 53 name: dns-tcp protocol: TCP
  • containerPort: 9153 name: metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /ready port: 8181 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: memory: 170Mi requests: cpu: 100m memory: 70Mi securityContext: allowPrivilegeEscalation: false capabilities: add:
    • NET_BIND_SERVICE drop:
    • all readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts:
  • mountPath: /etc/coredns name: config-volume readOnly: true
  • mountPath: /etc/localtime name: tz-config readOnly: true dnsPolicy: Default nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/master: "" priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: coredns serviceAccountName: coredns terminationGracePeriodSeconds: 30 tolerations:
• key: CriticalAddonsOnly operator: Exists
• effect: NoSchedule key: node-role.kubernetes.io/master
• effect: NoSchedule key: node-role.kubernetes.io/control-plane volumes:
• configMap: defaultMode: 420 items:
  • key: Corefile path: Corefile name: coredns name: config-volume
• name: tz-config hostPath: path: /etc/localtime

---

apiVersion: v1 kind: Service metadata: annotations: prometheus.io/port: "9153" prometheus.io/scrape: "true" labels: k8s-app: "{{ kubernetes.service.coredns_local.name }}" kubernetes.io/cluster-service: "true" kubernetes.io/name: CoreDNS name: "{{ kubernetes.service.coredns_local.name }}" namespace: kube-system spec: clusterIP: "{{ kubernetes.service.coredns_local.cluster_ip }}" loadBalancerIP: "{ kubernetes.service.coredns_local.ip }}" ports:

• name: dns-udp port: 53 protocol: UDP targetPort: 53 selector: k8s-app: "{{ kubernetes.service.coredns_local.name }}" sessionAffinity: None type: LoadBalancer

EXPECTED RESULTS

The coredns resources deployed

ACTUAL RESULTS

Error when deploying the coredns resources

TASK [kubernetes_coredns : Create coredns kubernetes resources] ******************************************************************************************************************************
Thursday 03 November 2022  13:22:08 +0100 (0:00:00.752)       0:00:03.375 ***** 
ok: [apoc1] => (item=coredns-config.yml.j2)
failed: [apoc1] (item=coredns.yml.j2) => changed=false 
  ansible_loop_var: item
  error: 422
  item: coredns.yml.j2
  msg: 'Deployment kube-dns: Failed to apply object: b''{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Deployment.apps \\"kube-dns\\" is invalid: [spec.template.spec.volumes[1].hostPath: Forbidden: may not specify more than 1 volume type, spec.template.spec.containers[0].volumeMounts[1].name: Not found: \\"tz-config\\"]","reason":"Invalid","details":{"name":"kube-dns","group":"apps","kind":"Deployment","causes":[{"reason":"FieldValueForbidden","message":"Forbidden: may not specify more than 1 volume type","field":"spec.template.spec.volumes[1].hostPath"},{"reason":"FieldValueNotFound","message":"Not found: \\"tz-config\\"","field":"spec.template.spec.containers[0].volumeMounts[1].name"}]},"code":422}\n'''
  reason: Unprocessable Entity
  status: 422

[gravesm]

The formatting for the template you posted makes it hard to read, but going by the error message you posted, your resource definition is invalid.