search

redhat-cop / openshift-applier

Used to apply OpenShift objects to an OpenShift Cluster
Apache License 2.0
102 stars 61 forks source link

we should support `action: get` #134

Open etsauer opened 4 years ago

etsauer commented 4 years ago

When writing automation for kubernetes, we often need the ability to grab the value of a field in a resource and use that value in another resource. Applier should support this. Here are a few examples I can think of:

Grab Cluster ID to feed into resources.

cluster_id=$(oc get machinesets -n openshift-machine-api -o jsonpath='{.items[0].metadata.labels.machine\.openshift\.io\/cluster-api-cluster}')
oc process -f machineautoscaler-template.yaml -p CLUSTER_ID=${cluster_id} | oc apply -f -

Copy a token between clusters

token=$(oc get secret $(oc get sa builder -o jsonpath='{.secrets[0].name}') -o jsonpath='{.data.token}')
oc process -f secret-template.yaml -p TOKEN=${token} | oc apply -f-
oybed commented 4 years ago

@etsauer for your two examples, what do you think about an applier inventory like the following? Does this align with what you were thinking? 

openshift_cluster_content:
- object: Machine Autoscaler
  content:
  - name: Fetch cluster id from running cluster
    action: get
    get_vars:
      kind: machinesets
      namespace: openshift-machine-api
      jsonpath: '{.items[0].metadata.labels.machine\.openshift\.io\/cluster-api-cluster}'
      output_name: 'machinesets_output'
  - name: Apply machine autoscaler template
    template: "http://some-url.com/machineautoscaler-template.yaml"
    namespace: openshift-machine-api
    params_from_vars:
      CLUSTER_ID: "{{ machinesets_output }}"
- object: Fetch and apply secret / token
  content:
  - name: Fetch builder SA secret name
    action: get
    get_vars:
      kind: sa
      name: builder
      namespace: somenamespace
      jsonpath: '{.secrets[0].name}'
      output_name: 'builder_sa_secret_name'
  - name: Fetch secret content based on secret name
    action: get
    get_vars:
      kind: secret
      namespace: somenamespace
      name: "{{ builder_sa_secret_name }}"
      jsonpath: '{.data.token}'
      output_name: 'builder_sa_secret_content'
  - name: Apply secret template
    template: "http://some-url.com/secret-template.yaml"
    params_from_vars:
      TOKEN: "{{ builder_sa_secret_content }}"
etsauer commented 4 years ago

@oybed yes that looks perfect

oybed commented 4 years ago

Related Ansible Galaxy role to "get" data: https://galaxy.ansible.com/oybed/openshift_get_resources