archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

K8s retry merge (#44821)

Browse Source 
* Make merge_type a list and apply merge_type in order

Allow use case of preferring strategic-merge and failing
back to merge, or just preferring a different merge type

* Improve k8s module test coverage
pull/26404/head
Will Thames 6 years ago committed by ansibot
parent ac3781d40b
commit ce110ff081
6 changed files with 454 additions and 291 deletions
Show Stats Download Patch File Download Diff File

44
lib/ansible/module_utils/k8s/raw.py
Unescape Escape View File

@ -39,7 +39,7 @@ class KubernetesRawModule(KubernetesAnsibleModule):
def argspec(self): def argspec(self):
argument_spec = copy.deepcopy(COMMON_ARG_SPEC) argument_spec = copy.deepcopy(COMMON_ARG_SPEC)
argument_spec.update(copy.deepcopy(AUTH_ARG_SPEC)) argument_spec.update(copy.deepcopy(AUTH_ARG_SPEC))
argument_spec['merge_type'] = dict(choices=['json', 'merge', 'strategic-merge']) argument_spec['merge_type'] = dict(type='list', choices=['json', 'merge', 'strategic-merge'])
return argument_spec return argument_spec
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
@ -210,19 +210,21 @@ class KubernetesRawModule(KubernetesAnsibleModule):
if self.check_mode: if self.check_mode:
k8s_obj = dict_merge(existing.to_dict(), definition) k8s_obj = dict_merge(existing.to_dict(), definition)
else: else:
try: if self.params['merge_type']:
params = dict(name=name, namespace=namespace) from distutils.version import LooseVersion
if self.params['merge_type']: if LooseVersion(self.openshift_version) < LooseVersion("0.6.2"):
from distutils.version import LooseVersion self.fail_json(msg="openshift >= 0.6.2 is required for merge_type")
if LooseVersion(self.openshift_version) < LooseVersion("0.6.2"): for merge_type in self.params['merge_type']:
self.fail_json(msg="openshift >= 0.6.2 is required for merge_type") k8s_obj, error = self.patch_resource(resource, definition, existing, name,
params['content_type'] = 'application/{0}-patch+json'.format(self.params['merge_type']) namespace, merge_type=merge_type)
k8s_obj = resource.patch(definition, **params).to_dict() if not error:
match, diffs = self.diff_objects(existing.to_dict(), k8s_obj) break
result['result'] = k8s_obj else:
except DynamicApiError as exc: k8s_obj, error = self.patch_resource(resource, definition, existing, name,
self.fail_json(msg="Failed to patch object: {0}".format(exc.body), namespace)
error=exc.status, status=exc.status, reason=exc.reason) if error:
self.fail_json(**error)
match, diffs = self.diff_objects(existing.to_dict(), k8s_obj) match, diffs = self.diff_objects(existing.to_dict(), k8s_obj)
result['result'] = k8s_obj result['result'] = k8s_obj
result['changed'] = not match result['changed'] = not match
@ -230,6 +232,20 @@ class KubernetesRawModule(KubernetesAnsibleModule):
result['diff'] = diffs result['diff'] = diffs
return result return result
def patch_resource(self, resource, definition, existing, name, namespace, merge_type=None):
try:
params = dict(name=name, namespace=namespace)
if merge_type:
params['content_type'] = 'application/{0}-patch+json'.format(merge_type)
k8s_obj = resource.patch(definition, **params).to_dict()
match, diffs = self.diff_objects(existing.to_dict(), k8s_obj)
error = {}
return k8s_obj, {}
except DynamicApiError as exc:
error = dict(msg="Failed to patch object: {0}".format(exc.body),
error=exc.status, status=exc.status, reason=exc.reason)
return None, error
def create_project_request(self, definition): def create_project_request(self, definition):
definition['kind'] = 'ProjectRequest' definition['kind'] = 'ProjectRequest'
result = {'changed': False, 'result': {}} result = {'changed': False, 'result': {}}

2
lib/ansible/modules/clustering/k8s/k8s.py
Unescape Escape View File

@ -49,10 +49,12 @@ options:
want to use C(merge) if you see "strategic merge patch format is not supported" want to use C(merge) if you see "strategic merge patch format is not supported"
- See U(https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/#use-a-json-merge-patch-to-update-a-deployment) - See U(https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/#use-a-json-merge-patch-to-update-a-deployment)
- Requires openshift >= 0.6.2 - Requires openshift >= 0.6.2
- If more than one merge_type is given, the merge_types will be tried in order
choices: choices:
- json - json
- merge - merge
- strategic-merge - strategic-merge
type: list
version_added: "2.7" version_added: "2.7"
requirements: requirements:

20
test/integration/targets/k8s/files/crd-resource.yml
Unescape Escape View File

@ -0,0 +1,20 @@
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: acme-crt
spec:
secretName: acme-crt-secret
dnsNames:
- foo.example.com
- bar.example.com
acme:
config:
- ingressClass: nginx
domains:
- foo.example.com
- bar.example.com
issuerRef:
name: letsencrypt-prod
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
kind: Issuer

14
test/integration/targets/k8s/files/setup-crd.yml
Unescape Escape View File

@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: certificates.certmanager.k8s.io
spec:
group: certmanager.k8s.io
version: v1alpha1
scope: Namespaced
names:
kind: Certificate
plural: certificates
shortNames:
- cert
- certs

664
test/integration/targets/k8s/tasks/main.yml
Unescape Escape View File

@ -1,292 +1,402 @@
# TODO: This is the only way I could get the kubeconfig, I don't know why. Running the lookup outside of debug seems to return an empty string # TODO: This is the only way I could get the kubeconfig, I don't know why. Running the lookup outside of debug seems to return an empty string
- debug: msg={{ lookup('env', 'K8S_AUTH_KUBECONFIG') }} #- debug: msg={{ lookup('env', 'K8S_AUTH_KUBECONFIG') }}
register: kubeconfig # register: kubeconfig
# Kubernetes resources # Kubernetes resources
- name: Create a namespace
k8s: - block:
name: testing - name: Create a namespace
kind: namespace k8s:
register: output name: testing
kind: namespace
- debug: msg={{ lookup("k8s", kind="Namespace", api_version="v1", resource_name='testing', kubeconfig=kubeconfig.msg) }} register: output
- name: show output - name: show output
debug: debug:
var: output var: output
- name: Create a service - name: Create a service
k8s: k8s:
state: present state: present
resource_definition: &svc resource_definition: &svc
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata:
name: web
namespace: testing
labels:
app: galaxy
service: web
spec:
selector:
app: galaxy
service: web
ports:
- protocol: TCP
targetPort: 8000
name: port-8000-tcp
port: 8000
register: output
- name: show output
debug:
var: output
- name: Create the service again
k8s:
state: present
resource_definition: *svc
register: output
- name: Service creation should be idempotent
assert:
that: not output.changed
- name: Create PVC
k8s:
state: present
inline: &pvc
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: elastic-volume
namespace: testing
spec:
resources:
requests:
storage: 5Gi
accessModes:
- ReadWriteOnce
- name: Show output
debug:
var: output
- name: Create the PVC again
k8s:
state: present
inline: *pvc
- name: PVC creation should be idempotent
assert:
that: not output.changed
- name: Create deployment
k8s:
state: present
inline: &deployment
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: elastic
labels:
app: galaxy
service: elastic
namespace: testing
spec:
template:
metadata: metadata:
name: web
namespace: testing
labels:
app: galaxy
service: web
spec:
selector:
app: galaxy
service: web
ports:
- protocol: TCP
targetPort: 8000
name: port-8000-tcp
port: 8000
register: output
- name: show output
debug:
var: output
- name: Create the service again
k8s:
state: present
resource_definition: *svc
register: output
- name: Service creation should be idempotent
assert:
that: not output.changed
- name: Create PVC
k8s:
state: present
inline: &pvc
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: elastic-volume
namespace: testing
spec:
resources:
requests:
storage: 5Gi
accessModes:
- ReadWriteOnce
- name: Show output
debug:
var: output
- name: Create the PVC again
k8s:
state: present
inline: *pvc
- name: PVC creation should be idempotent
assert:
that: not output.changed
- name: Create deployment
k8s:
state: present
inline: &deployment
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: elastic
labels: labels:
app: galaxy app: galaxy
service: elastic service: elastic
namespace: testing
spec: spec:
containers: template:
- name: elastic metadata:
volumeMounts: labels:
- mountPath: /usr/share/elasticsearch/data app: galaxy
name: elastic-volume service: elastic
command: ['elasticsearch'] spec:
image: 'ansible/galaxy-elasticsearch:2.4.6' containers:
volumes: - name: elastic
- name: elastic-volume volumeMounts:
persistentVolumeClaim: - mountPath: /usr/share/elasticsearch/data
claimName: elastic-volume name: elastic-volume
replicas: 1 command: ['elasticsearch']
strategy: image: 'ansible/galaxy-elasticsearch:2.4.6'
type: RollingUpdate volumes:
register: output - name: elastic-volume
persistentVolumeClaim:
- name: Show output claimName: elastic-volume
debug: replicas: 1
var: output strategy:
type: RollingUpdate
- name: Create deployment again register: output
k8s:
state: present - name: Show output
inline: *deployment debug:
register: output var: output
- name: Deployment creation should be idempotent - name: Create deployment again
assert: k8s:
that: not output.changed state: present
inline: *deployment
# OpenShift Resources register: output
- name: Create a project
k8s: - name: Deployment creation should be idempotent
name: testing assert:
kind: project that: not output.changed
api_version: v1
register: output # OpenShift Resources
- name: Create a project
- name: show output k8s:
debug: name: testing
var: output kind: project
api_version: v1
- name: Create deployment config register: output
k8s:
state: present - name: show output
inline: &dc debug:
apiVersion: v1 var: output
kind: DeploymentConfig
metadata: - name: Create deployment config
name: elastic k8s:
labels: state: present
app: galaxy inline: &dc
service: elastic apiVersion: v1
namespace: testing kind: DeploymentConfig
spec:
template:
metadata: metadata:
name: elastic
labels: labels:
app: galaxy app: galaxy
service: elastic service: elastic
namespace: testing
spec: spec:
containers: template:
- name: elastic metadata:
volumeMounts: labels:
- mountPath: /usr/share/elasticsearch/data app: galaxy
name: elastic-volume service: elastic
command: ['elasticsearch'] spec:
image: 'ansible/galaxy-elasticsearch:2.4.6' containers:
volumes: - name: elastic
- name: elastic-volume volumeMounts:
persistentVolumeClaim: - mountPath: /usr/share/elasticsearch/data
claimName: elastic-volume name: elastic-volume
replicas: 1 command: ['elasticsearch']
strategy: image: 'ansible/galaxy-elasticsearch:2.4.6'
type: Rolling volumes:
register: output - name: elastic-volume
persistentVolumeClaim:
- name: Show output claimName: elastic-volume
debug: replicas: 1
var: output strategy:
type: Rolling
- name: Create deployment config again register: output
k8s:
state: present - name: Show output
inline: *dc debug:
register: output var: output
- name: DC creation should be idempotent - name: Create deployment config again
assert: k8s:
that: not output.changed state: present
inline: *dc
### Type tests register: output
- name: Create a namespace from a string
k8s: - name: DC creation should be idempotent
definition: |+ assert:
--- that: not output.changed
kind: Namespace
apiVersion: v1 ### Type tests
metadata: - name: Create a namespace from a string
k8s:
definition: |+
---
kind: Namespace
apiVersion: v1
metadata:
name: testing1
- name: Namespace should exist
k8s_facts:
kind: Namespace
api_version: v1
name: testing1 name: testing1
register: k8s_facts_testing1
failed_when: not k8s_facts_testing1.resources or k8s_facts_testing1.resources[0].status.phase != "Active"
- name: Create resources from a multidocument yaml string
k8s:
definition: |+
---
kind: Namespace
apiVersion: v1
metadata:
name: testing2
---
kind: Namespace
apiVersion: v1
metadata:
name: testing3
- name: Lookup namespaces
k8s_facts:
api_version: v1
kind: Namespace
name: "{{ item }}"
loop:
- testing2
- testing3
register: k8s_namespaces
- name: Resources should exist
assert:
that: item.resources[0].status.phase == 'Active'
loop: "{{ k8s_namespaces.results }}"
- name: Delete resources from a multidocument yaml string
k8s:
state: absent
definition: |+
---
kind: Namespace
apiVersion: v1
metadata:
name: testing2
---
kind: Namespace
apiVersion: v1
metadata:
name: testing3
- name: Lookup namespaces
k8s_facts:
api_version: v1
kind: Namespace
name: "{{ item }}"
loop:
- testing2
- testing3
register: k8s_namespaces
- name: Resources should not exist
assert:
that:
- not item.resources or item.resources[0].status.phase == "Terminating"
loop: "{{ k8s_namespaces.results }}"
- name: Create resources from a list
k8s:
definition:
- kind: Namespace
apiVersion: v1
metadata:
name: testing4
- kind: Namespace
apiVersion: v1
metadata:
name: testing5
- name: Lookup namespaces
k8s_facts:
api_version: v1
kind: Namespace
name: "{{ item }}"
loop:
- testing4
- testing5
register: k8s_namespaces
- name: Resources should exist
assert:
that: item.resources[0].status.phase == 'Active'
loop: "{{ k8s_namespaces.results }}"
- name: install custom resource definitions
k8s:
definition: "{{ lookup('file', role_path + '/files/setup-crd.yml') }}"
- name: create custom resource definition
k8s:
definition: "{{ lookup('file', role_path + '/files/crd-resource.yml') }}"
namespace: testing4
register: create_crd
- name: recreate custom resource definition
k8s:
definition: "{{ lookup('file', role_path + '/files/crd-resource.yml') }}"
namespace: testing4
register: recreate_crd
ignore_errors: yes
- name: assert that recreating crd fails
assert:
that:
- recreate_crd is failed
- name: recreate custom resource definition with merge_type
k8s:
definition: "{{ lookup('file', role_path + '/files/crd-resource.yml') }}"
merge_type: merge
namespace: testing4
register: recreate_crd_with_merge
- name: recreate custom resource definition with merge_type list
k8s:
definition: "{{ lookup('file', role_path + '/files/crd-resource.yml') }}"
merge_type:
- strategic-merge
- merge
namespace: testing4
register: recreate_crd_with_merge_list
- name: remove crd
k8s:
definition: "{{ lookup('file', role_path + '/files/crd-resource.yml') }}"
namespace: testing4
state: absent
- name: Delete resources from a list
k8s:
state: absent
definition:
- kind: Namespace
apiVersion: v1
metadata:
name: testing4
- kind: Namespace
apiVersion: v1
metadata:
name: testing5
- k8s_facts:
api_version: v1
kind: Namespace
name: "{{ item }}"
loop:
- testing4
- testing5
register: k8s_facts
- name: Resources are terminating if still in results
assert:
that: not item.resources or item.resources[0].status.phase == "Terminating"
loop: "{{ k8s_facts.results }}"
always:
- name: remove crd
k8s:
definition: "{{ lookup('file', role_path + '/files/crd-resource.yml') }}"
namespace: testing4
state: absent
ignore_errors: yes
- name: Namespace should exist - name: Delete all namespaces
assert: k8s:
that: '{{ lookup("k8s", kind="Namespace", api_version="v1", resource_name="testing1", kubeconfig=kubeconfig.msg).status.phase == "Active" }}' state: absent
definition:
- name: Create resources from a multidocument yaml string - kind: Namespace
k8s: apiVersion: v1
definition: |+ metadata:
--- name: testing1
kind: Namespace - kind: Namespace
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: testing2 name: testing2
--- - kind: Namespace
kind: Namespace apiVersion: v1
apiVersion: v1 metadata:
metadata: name: testing3
name: testing3 - kind: Namespace
apiVersion: v1
- name: Resources should exist metadata:
assert: name: testing4
that: lookup("k8s", kind="Namespace", api_version="v1", resource_name=item, kubeconfig=kubeconfig.msg).status.phase == "Active" - kind: Namespace
loop: apiVersion: v1
- testing2 metadata:
- testing3 name: testing5
ignore_errors: yes
- name: Delete resources from a multidocument yaml string
k8s:
state: absent
definition: |+
---
kind: Namespace
apiVersion: v1
metadata:
name: testing2
---
kind: Namespace
apiVersion: v1
metadata:
name: testing3
- name: Resources should not exist
assert:
that: not ns or ns.status.phase == "Terminating"
loop:
- testing2
- testing3
vars:
ns: '{{ lookup("k8s", kind="Namespace", api_version="v1", resource_name=item, kubeconfig=kubeconfig.msg) }}'
- name: Create resources from a list
k8s:
definition:
- kind: Namespace
apiVersion: v1
metadata:
name: testing4
- kind: Namespace
apiVersion: v1
metadata:
name: testing5
- name: Resources should exist
assert:
that: lookup("k8s", kind="Namespace", api_version="v1", resource_name=item, kubeconfig=kubeconfig.msg).status.phase == "Active"
loop:
- testing4
- testing5
- name: Delete resources from a list
k8s:
state: absent
definition:
- kind: Namespace
apiVersion: v1
metadata:
name: testing4
- kind: Namespace
apiVersion: v1
metadata:
name: testing5
- name: Resources should not exist
assert:
that: not ns or ns.status.phase == "Terminating"
loop:
- testing4
- testing5
vars:
ns: '{{ lookup("k8s", kind="Namespace", api_version="v1", resource_name=item, kubeconfig=kubeconfig.msg) }}'

1
test/runner/requirements/constraints.txt
Unescape Escape View File

@ -17,3 +17,4 @@ ntlm-auth >= 1.0.6 # message encryption support
requests-ntlm >= 1.1.0 # message encryption support requests-ntlm >= 1.1.0 # message encryption support
requests-credssp >= 0.1.0 # message encryption support requests-credssp >= 0.1.0 # message encryption support
voluptuous >= 0.11.0 # Schema recursion via Self voluptuous >= 0.11.0 # Schema recursion via Self
openshift >= 0.6.2 # merge_type support

Write Preview
Loading…
Cancel
Save