Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use kubectl_or_oc in role tasks in preference to any other mechanism #5587

Closed
alanbchristie opened this issue Jan 3, 2020 · 1 comment
Closed

Use kubectl_or_oc in role tasks in preference to any other mechanism #5587

alanbchristie opened this issue Jan 3, 2020 · 1 comment

Comments

@alanbchristie
Copy link

ISSUE TYPE
  • Feature Idea
SUMMARY

A policy declaration (and a change to the installation task Get kube version from api server) ... the policy is ... use kubectl_or_oc in role tasks in preference to any other mechanism unless you cannot.

This is driven by a frustration with 9.1.0 and its use of the Ansible uri module in the Get kube version from api server task while deploying to Kubernetes. My cluster is perfectly functional but I do not have authenticated users for the URL/URI-based queries. Consequently this task fails in the following way: -

TASK [kubernetes : Get kube version from api server] ***************************
fatal: [localhost]: FAILED! => {"changed": false, "connection": "close", "content": "{\"type\":\"error\",\"status\":\"401\",\"message\":\"must authenticate\"}\n", "content_length": "62", "content_type": "application/json", "date": "Fri, 03 Jan 2020 09:37:27 GMT", "elapsed": 0, "json": {"message": "must authenticate", "status": "401", "type": "error"}, "msg": "Status code was 401 and not [200]: HTTP Error 401: Unauthorized", "redirected": false, "status": 401, "url": "https://rancher.informaticsmatters.org/k8s/clusters/c-wblsr/version", "x_content_type_options": "nosniff"}

Of course I get unauthorised but I don't need any additional authorisation to get the kubernetes cluster version - I can just use kubectl: -

$ kubectl version --short
Client Version: v1.17.0
Server Version: v1.16.3

...or oc: -

$ oc version
oc v3.11.0+0cbc58b
kubernetes v1.11.0+d4cacc0
features: Basic-Auth

Server https://x.x.x.x:6443
kubernetes v1.16.3

So, to avoid potentially unnecessary extra Kubernetes cluster configuration (and to promote a more consistent role implementation) you should be using kubectl_or_oc unless it cannot provide the required results.

Basically - don't use uri module when kubectl can provides the answer.

This policy and suggested implementation change may help with issue #5574
@shanemcd
Copy link
Member

shanemcd commented Jan 3, 2020

Hello. I don’t see how this is different from #5574, which you have already linked to. Patches are welcome.

@shanemcd shanemcd closed this as completed Jan 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shanemcd @alanbchristie