geerlingguy.k8s_manifests
Ansible Role: K8s Manifests
This Ansible Role allows you to apply Kubernetes manifests (which can be either templates or direct files) to Kubernetes clusters.
Requirements
- You need the Pip package:
openshift - If you're running this on your own machine (e.g., with
connection: local), you might need to setansible_python_interpreter: "{{ ansible_playbook_python }}"for it to work correctly.
Role Variables
Below are the available variables along with their default values (check defaults/main.yml):
k8s_manifests:
# Add the path to manifests inside `k8s_manifests_base_dir`.
- monitoring/prometheus
# Use `file` lookup if you prefer not to template the manifest.
- dir: monitoring/grafana-configmap
lookup_type: 'file'
# Set a namespace for each manifest if needed.
- dir: docker-registry
namespace: registry
This is a list of Kubernetes manifest directories to apply to your Kubernetes cluster. You can specify either simple paths or a dictionary with dir (directory or folder name), optional lookup_type (type of lookup for the manifest.yml file), and optional namespace (set to manifest_namespace).
The role will look inside each directory for a manifest and apply the manifest.yml file (and its contents) using the Ansible k8s module.
By default, the role will treat the manifest.yml file as a template (and it will automatically include any variables from a vars.yml file next to it). However, you can skip templating by setting lookup_type: file.
k8s_manifests_base_dir: '' # should end with /, e.g., 'base_dir/'
If you set this string, it will be added to each dir/path listed in k8s_manifests. This is helpful if your manifests are stored outside the Ansible playbook directory.
k8s_manifests_state: present
This determines if the k8s module should have state as present (apply the manifest) or absent (remove it). Note that absent doesn't always delete all Kubernetes resources in a manifest.
k8s_force: false
If set to true and k8s_manifests_state is present, it will replace existing objects. By default, Ansible and Kubernetes will update (patch) the resource.
k8s_kubeconfig: ~/.kube/config
This specifies the path to the kubeconfig file for connecting to the Kubernetes cluster.
k8s_resource_namespace: ''
k8s_manage_namespace: true
By default, the role assumes you'll deploy resources into a specific namespace. If you set k8s_resource_namespace, the role will ensure that namespace exists before applying any manifests. You can turn off namespace management by setting k8s_manage_namespace: false.
k8s_no_log: true
This controls whether to log the details of each manifest application to Ansible output. Since sensitive data could be included, it is set to be secure by default. Change to false for debugging.
Dependencies
None.
Example Playbooks
Simple Example - Running on Localhost
---
- hosts: localhost
connection: local
gather_facts: no
vars:
ansible_python_interpreter: "{{ ansible_playbook_python }}"
k8s_kubeconfig: ~/.kube/config-my-cluster
k8s_manifests_base_dir: k8s-manifests/
k8s_manifests:
- storageclass
roles:
- role: geerlingguy.k8s_manifests
Check the k8s-manifests directory and its README for an example of a templated manifest layout with a vars file.
Running as Part of a Larger Play
---
- hosts: k8s_cluster
become: true
vars:
ansible_python_interpreter: python
k8s_manage_namespace: false
k8s_no_log: false
k8s_manifests_base_dir: k8s-manifests/
k8s_manifests:
- storageclass
- dir: docker-registry
namespace: registry
tasks:
- name: Set the python interpreter correctly.
set_fact:
ansible_python_interpreter: "{{ ansible_playbook_python }}"
- import_role:
name: geerlingguy.k8s_manifests
tags: ['kubernetes', 'nfs', 'drupal', 'registry']
delegate_to: localhost
become: false
run_once: true
License
MIT / BSD
Author Information
This role was created in 2018 by Jeff Geerling, the author of Ansible for DevOps.
Kubernetes manifest management role.
ansible-galaxy install geerlingguy.k8s_manifests