|
|
@ -74,42 +74,37 @@ requirements:
|
|
|
|
'''
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
|
|
EXAMPLES = '''
|
|
|
|
EXAMPLES = '''
|
|
|
|
- block:
|
|
|
|
- hosts: localhost
|
|
|
|
# It's good practice to store login credentials in a secure vault and not
|
|
|
|
module_defaults:
|
|
|
|
# directly in playbooks.
|
|
|
|
group/k8s:
|
|
|
|
- include_vars: k8s_passwords.yml
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Log in (obtain access token)
|
|
|
|
|
|
|
|
k8s_auth:
|
|
|
|
|
|
|
|
host: https://k8s.example.com/
|
|
|
|
host: https://k8s.example.com/
|
|
|
|
ssl_ca_cert: ca.pem
|
|
|
|
ssl_ca_cert: ca.pem
|
|
|
|
username: admin
|
|
|
|
tasks:
|
|
|
|
password: "{{ k8s_admin_password }}"
|
|
|
|
- block:
|
|
|
|
register: k8s_auth_results
|
|
|
|
# It's good practice to store login credentials in a secure vault and not
|
|
|
|
|
|
|
|
# directly in playbooks.
|
|
|
|
- name: Preserve auth info as both a fact and a yaml anchor for easy access later
|
|
|
|
- include_vars: k8s_passwords.yml
|
|
|
|
# Both the fact and the anchor are called 'k8s_auth_params'
|
|
|
|
|
|
|
|
set_fact:
|
|
|
|
- name: Log in (obtain access token)
|
|
|
|
k8s_auth_params: &k8s_auth_params
|
|
|
|
k8s_auth:
|
|
|
|
host: "{{ k8s_auth_results.k8s_auth.host }}"
|
|
|
|
username: admin
|
|
|
|
ssl_ca_cert: "{{ k8s_auth_results.k8s_auth.ssl_ca_cert }}"
|
|
|
|
password: "{{ k8s_admin_password }}"
|
|
|
|
verify_ssl: "{{ k8s_auth_results.k8s_auth.verify_ssl }}"
|
|
|
|
register: k8s_auth_results
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Previous task provides the token/api_key, while all other parameters
|
|
|
|
|
|
|
|
# are taken from module_defaults
|
|
|
|
|
|
|
|
- name: Get a list of all pods from any namespace
|
|
|
|
|
|
|
|
k8s_facts:
|
|
|
|
|
|
|
|
api_key: "{{ k8s_auth_results.k8s_auth.api_key }}"
|
|
|
|
|
|
|
|
kind: Pod
|
|
|
|
|
|
|
|
register: pod_list
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
always:
|
|
|
|
|
|
|
|
- name: If login succeeded, try to log out (revoke access token)
|
|
|
|
|
|
|
|
when: k8s_auth_results.k8s_auth.api_key is defined
|
|
|
|
|
|
|
|
k8s_auth:
|
|
|
|
|
|
|
|
state: absent
|
|
|
|
api_key: "{{ k8s_auth_results.k8s_auth.api_key }}"
|
|
|
|
api_key: "{{ k8s_auth_results.k8s_auth.api_key }}"
|
|
|
|
|
|
|
|
|
|
|
|
# Previous task generated I(k8s_auth) fact, which you can then use
|
|
|
|
|
|
|
|
# in k8s modules like this:
|
|
|
|
|
|
|
|
- name: Get a list of all pods from any namespace
|
|
|
|
|
|
|
|
k8s_facts:
|
|
|
|
|
|
|
|
<<: *k8s_auth_params
|
|
|
|
|
|
|
|
kind: Pod
|
|
|
|
|
|
|
|
register: pod_list
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
always:
|
|
|
|
|
|
|
|
- name: If login succeeded, try to log out (revoke access token)
|
|
|
|
|
|
|
|
when: k8s_auth_params is defined
|
|
|
|
|
|
|
|
k8s_auth:
|
|
|
|
|
|
|
|
state: absent
|
|
|
|
|
|
|
|
<<: *k8s_auth_params
|
|
|
|
|
|
|
|
'''
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
|
|
# Returned value names need to match k8s modules parameter names, to make it
|
|
|
|
# Returned value names need to match k8s modules parameter names, to make it
|
|
|
|