diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:04:41 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:04:41 +0000 |
| commit | 975f66f2eebe9dadba04f275774d4ab83f74cf25 (patch) | |
| tree | 89bd26a93aaae6a25749145b7e4bca4a1e75b2be /ansible_collections/community/okd/docs | |
| parent | Initial commit. (diff) | |
| download | ansible-975f66f2eebe9dadba04f275774d4ab83f74cf25.tar.xz ansible-975f66f2eebe9dadba04f275774d4ab83f74cf25.zip | |
Adding upstream version 7.7.0+dfsg.upstream/7.7.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/community/okd/docs')
16 files changed, 9919 insertions, 0 deletions
diff --git a/ansible_collections/community/okd/docs/ansible_turbo_mode.rst b/ansible_collections/community/okd/docs/ansible_turbo_mode.rst new file mode 100644 index 000000000..d63311f6b --- /dev/null +++ b/ansible_collections/community/okd/docs/ansible_turbo_mode.rst @@ -0,0 +1,147 @@ +.. _ansible_turbo_mode: + + +****************** +Ansible Turbo mode +****************** + +Following document provides overview of Ansible Turbo mode in ``community.okd`` collection. + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- A brief introduction about Ansible Turbo mode in ``community.okd`` collection. +- Ansible Turbo mode is an optional performance optimization. It can be enabled by installing the cloud.common collection and setting the ``ENABLE_TURBO_MODE`` environment variable. + +Requirements +------------ + +The following requirement is needed on the host that executes this module. + +- The ``cloud.common`` collection (https://github.com/ansible-collections/cloud.common) + +You will also need to set the environment variable ``ENABLE_TURBO_MODE=1`` on the managed host. This can be done in the same ways you would usually do so, for example:: + + --- + - hosts: remote + environment: + ENABLE_TURBO_MODE: 1 + tasks: + ... + + +Installation +------------ + +You can install ``cloud.common`` collection using following command:: + + # ansible-galaxy collection install cloud.common + + +Current situation without Ansible Turbo mode +============================================ + +The traditional execution flow of an Ansible module includes the following steps: + +- Upload of a ZIP archive with the module and its dependencies +- Execution of the module +- Ansible collects the results once the script is finished + +These steps happen for each task of a playbook, and on every host. + +Most of the time, the execution of a module is fast enough for +the user. However, sometime the module requires significant amount of time, +just to initialize itself. This is a common situation with the API based modules. + +A classic initialization involves the following steps: + +- Load a Python library to access the remote resource (via SDK) +- Open a client + - Load a bunch of Python modules. + - Request a new TCP connection. + - Create a session. + - Authenticate the client. + +All these steps are time consuming and the same operations will be running again and again. + +For instance, here: + +- ``import openstack``: takes 0.569s +- ``client = openstack.connect()``: takes 0.065s +- ``client.authorize()``: takes 1.360s, + +These numbers are from test running against VexxHost public cloud. + +In this case, it's a 2s-ish overhead per task. If the playbook +comes with 10 tasks, the execution time cannot go below 20s. + +How Ansible Turbo Module improve the situation +============================================== + +``AnsibleTurboModule`` is actually a class that inherites from +the standard ``AnsibleModule`` class that your modules probably +already use. +The big difference is that when a module starts, it also spawns +a little Python daemon. If a daemon already exists, it will just +reuse it. +All the module logic is run inside this Python daemon. This means: + +- Python modules are actually loaded one time +- Ansible module can reuse an existing authenticated session. + +The background service +====================== + +The daemon kills itself after 15s, and communication are done +through an Unix socket. +It runs in one single process and uses ``asyncio`` internally. +Consequently you can use the ``async`` keyword in your Ansible module. +This will be handy if you interact with a lot of remote systems +at the same time. + +Security impact +=============== + +``ansible_module.turbo`` open an Unix socket to interact with the background service. +We use this service to open the connection toward the different target systems. + +This is similar to what SSH does with the sockets. + +Keep in mind that: + +- All the modules can access the same cache. Soon an isolation will be done at the collection level (https://github.com/ansible-collections/cloud.common/pull/17) +- A task can load a different version of a library and impact the next tasks. +- If the same user runs two ``ansible-playbook`` at the same time, they will have access to the same cache. + +When a module stores a session in a cache, it's a good idea to use a hash of the authentication information to identify the session. + +Error management +================ + +``ansible_module.turbo`` uses exceptions to communicate a result back to the module. + +- ``EmbeddedModuleFailure`` is raised when ``json_fail()`` is called. +- ``EmbeddedModuleSuccess`` is raised in case of success and returns the result to the origin module process. + +These exceptions are defined in ``ansible_collections.cloud.common.plugins.module_utils.turbo.exceptions``. +You can raise ``EmbeddedModuleFailure`` exception yourself, for instance from a module in ``module_utils``. + +.. note:: Be careful with the ``except Exception:`` blocks. + Not only they are bad practice, but also may interface with this + mechanism. + + +Troubleshooting +=============== + +You may want to manually start the server. This can be done with the following command: + +.. code-block:: shell + + PYTHONPATH=$HOME/.ansible/collections python -m ansible_collections.cloud.common.plugins.module_utils.turbo.server --socket-path $HOME/.ansible/tmp/turbo_mode.kubernetes.core.socket + +You can use the ``--help`` argument to get a list of the optional parameters. diff --git a/ansible_collections/community/okd/docs/community.okd.k8s_module.rst b/ansible_collections/community/okd/docs/community.okd.k8s_module.rst new file mode 100644 index 000000000..8d0e0f9dc --- /dev/null +++ b/ansible_collections/community/okd/docs/community.okd.k8s_module.rst @@ -0,0 +1,1160 @@ +.. _community.okd.k8s_module: + + +***************** +community.okd.k8s +***************** + +**Manage OpenShift objects** + + + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Use the Kubernetes Python client to perform CRUD operations on K8s objects. +- Pass the object definition from a source file or inline. See examples for reading files and using Jinja templates or vault-encrypted files. +- Access to the full range of K8s APIs. +- Use the :ref:`kubernetes.core.k8s_info <kubernetes.core.k8s_info_module>` module to obtain a list of items about an object of type ``kind``. +- Authenticate using either a config file, certificates, password or token. +- Supports check mode. +- Optimized for OKD/OpenShift Kubernetes flavors. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- python >= 3.6 +- kubernetes >= 12.0.0 +- PyYAML >= 3.11 + + +Parameters +---------- + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="3">Parameter</th> + <th>Choices/<font color="blue">Defaults</font></th> + <th width="100%">Comments</th> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>api_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Token used to authenticate with the API. Can also be specified via K8S_AUTH_API_KEY environment variable.</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>api_version</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">"v1"</div> + </td> + <td> + <div>Use to specify the API version.</div> + <div>Use to create, delete, or discover an object without providing a full resource definition.</div> + <div>Use in conjunction with <em>kind</em>, <em>name</em>, and <em>namespace</em> to identify a specific object.</div> + <div>If <em>resource definition</em> is provided, the <em>apiVersion</em> value from the <em>resource_definition</em> will override this option.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: api, version</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>append_hash</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>no</b> ←</div></li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether to append a hash to a resource name for immutability purposes</div> + <div>Applies only to ConfigMap and Secret resources</div> + <div>The parameter will be silently ignored for other resource kinds</div> + <div>The full definition of an object is needed to generate the hash - this means that deleting an object created with append_hash will only work if the same object is passed with state=absent (alternatively, just use state=absent with the name including the generated hash and append_hash=no)</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>apply</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>no</b> ←</div></li> + <li>yes</li> + </ul> + </td> + <td> + <div><code>apply</code> compares the desired resource definition with the previously supplied resource definition, ignoring properties that are automatically generated</div> + <div><code>apply</code> works better with Services than 'force=yes'</div> + <div>mutually exclusive with <code>merge_type</code></div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ca_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to avoid certificate validation errors. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: ssl_ca_cert</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: cert_file</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: key_file</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>context</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The name of a context found in the config file. Can also be specified via K8S_AUTH_CONTEXT environment variable.</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>continue_on_error</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.0.0</div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>no</b> ←</div></li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether to continue on creation/deletion errors when multiple resources are defined.</div> + <div>This has no effect on the validation step which is controlled by the <code>validate.fail_on_error</code> parameter.</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>delete_options</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 1.2.0</div> + </td> + <td> + </td> + <td> + <div>Configure behavior when deleting an object.</div> + <div>Only used when <em>state=absent</em>.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>gracePeriodSeconds</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + </td> + <td> + <div>Specify how many seconds to wait before forcefully terminating.</div> + <div>Only implemented for Pod resources.</div> + <div>If not specified, the default grace period for the object type will be used.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>preconditions</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>Specify condition that must be met for delete to proceed.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>resourceVersion</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Specify the resource version of the target object.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>uid</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Specify the UID of the target object.</div> + </td> + </tr> + + <tr> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>propagationPolicy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>Foreground</li> + <li>Background</li> + <li>Orphan</li> + </ul> + </td> + <td> + <div>Use to control how dependent objects are deleted.</div> + <div>If not specified, the default policy for the object type will be used. This may vary across object types.</div> + </td> + </tr> + + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>force</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>no</b> ←</div></li> + <li>yes</li> + </ul> + </td> + <td> + <div>If set to <code>yes</code>, and <em>state</em> is <code>present</code>, an existing object will be replaced.</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment variable.</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>kind</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Use to specify an object model.</div> + <div>Use to create, delete, or discover an object without providing a full resource definition.</div> + <div>Use in conjunction with <em>api_version</em>, <em>name</em>, and <em>namespace</em> to identify a specific object.</div> + <div>If <em>resource definition</em> is provided, the <em>kind</em> value from the <em>resource_definition</em> will override this option.</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>kubeconfig</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">raw</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to an existing Kubernetes config file. If not provided, and no other connection options are provided, the Kubernetes client will attempt to load the default configuration file from <em>~/.kube/config</em>. Can also be specified via K8S_AUTH_KUBECONFIG environment variable.</div> + <div>The kubernetes configuration can be provided as dictionary. This feature requires a python kubernetes client version >= 17.17.0. Added in version 2.2.0.</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>merge_type</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>json</li> + <li>merge</li> + <li>strategic-merge</li> + </ul> + </td> + <td> + <div>Whether to override the default patch merge approach with a specific type. By default, the strategic merge will typically be used.</div> + <div>For example, Custom Resource Definitions typically aren't updatable by the usual strategic merge. You may want to use <code>merge</code> if you see "strategic merge patch format is not supported"</div> + <div>See <a href='https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/#use-a-json-merge-patch-to-update-a-deployment'>https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/#use-a-json-merge-patch-to-update-a-deployment</a></div> + <div>If more than one merge_type is given, the merge_types will be tried in order</div> + <div>Defaults to <code>['strategic-merge', 'merge']</code>, which is ideal for using the same parameters on resource kinds that combine Custom Resources and built-in resources.</div> + <div>mutually exclusive with <code>apply</code></div> + <div><em>merge_type=json</em> is deprecated and will be removed in version 3.0.0. Please use <span class='module'>kubernetes.core.k8s_json_patch</span> instead.</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>name</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Use to specify an object name.</div> + <div>Use to create, delete, or discover an object without providing a full resource definition.</div> + <div>Use in conjunction with <em>api_version</em>, <em>kind</em> and <em>namespace</em> to identify a specific object.</div> + <div>If <em>resource definition</em> is provided, the <em>metadata.name</em> value from the <em>resource_definition</em> will override this option.</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>namespace</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Use to specify an object namespace.</div> + <div>Useful when creating, deleting, or discovering an object without providing a full resource definition.</div> + <div>Use in conjunction with <em>api_version</em>, <em>kind</em>, and <em>name</em> to identify a specific object.</div> + <div>If <em>resource definition</em> is provided, the <em>metadata.namespace</em> value from the <em>resource_definition</em> will override this option.</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>password</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD environment variable.</div> + <div>Please read the description of the <code>username</code> option for a discussion of when this option is applicable.</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>persist_config</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to save the kube config refresh tokens. Can also be specified via K8S_AUTH_PERSIST_CONFIG environment variable.</div> + <div>When the k8s context is using a user credentials with refresh tokens (like oidc or gke/gcloud auth), the token is refreshed by the k8s python client library but not saved by default. So the old refresh token can expire and the next auth might fail. Setting this flag to true will tell the k8s python client to save the new refresh token to the kube config file.</div> + <div>Default to false.</div> + <div>Please note that the current version of the k8s python client library does not support setting this flag to True yet.</div> + <div>The fix for this k8s python library is here: https://github.com/kubernetes-client/python-base/pull/169</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The URL of an HTTP proxy to use for the connection. Can also be specified via K8S_AUTH_PROXY environment variable.</div> + <div>Please note that this module does not pick up typical proxy settings from the environment (e.g. HTTP_PROXY).</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_headers</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.0.0</div> + </td> + <td> + </td> + <td> + <div>The Header used for the HTTP proxy.</div> + <div>Documentation can be found here <a href='https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers'>https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers</a>.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for proxy basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>user_agent</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>String representing the user-agent you want, such as foo/1.0.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_USER_AGENT environment.</div> + </td> + </tr> + + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>resource_definition</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a valid YAML definition (either as a string, list, or dict) for an object when creating or updating.</div> + <div>NOTE: <em>kind</em>, <em>api_version</em>, <em>name</em>, and <em>namespace</em> will be overwritten by corresponding values found in the provided <em>resource_definition</em>.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: definition, inline</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>src</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a path to a file containing a valid YAML definition of an object or objects to be created or updated. Mutually exclusive with <em>resource_definition</em>. NOTE: <em>kind</em>, <em>api_version</em>, <em>name</em>, and <em>namespace</em> will be overwritten by corresponding values found in the configuration read in from the <em>src</em> file.</div> + <div>Reads from the local file system. To read from the Ansible controller's file system, including vaulted files, use the file lookup plugin or template lookup plugin, combined with the from_yaml filter, and pass the result to <em>resource_definition</em>. See Examples below.</div> + <div>Mutually exclusive with <em>template</em> in case of <span class='module'>kubernetes.core.k8s</span> module.</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>state</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>absent</li> + <li><div style="color: blue"><b>present</b> ←</div></li> + <li>patched</li> + </ul> + </td> + <td> + <div>Determines if an object should be created, patched, or deleted. When set to <code>present</code>, an object will be created, if it does not already exist. If set to <code>absent</code>, an existing object will be deleted. If set to <code>present</code>, an existing object will be patched, if its attributes differ from those specified using <em>resource_definition</em> or <em>src</em>.</div> + <div><code>patched</code> state is an existing resource that has a given patch applied. If the resource doesn't exist, silently skip it (do not raise an error).</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>template</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">raw</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.0.0</div> + </td> + <td> + </td> + <td> + <div>Provide a valid YAML template definition file for an object when creating or updating.</div> + <div>Value can be provided as string or dictionary.</div> + <div>Mutually exclusive with <code>src</code> and <code>resource_definition</code>.</div> + <div>Template files needs to be present on the Ansible Controller's file system.</div> + <div>Additional parameters can be specified using dictionary.</div> + <div>Valid additional parameters -</div> + <div><code>newline_sequence</code> (str): Specify the newline sequence to use for templating files. valid choices are "\n", "\r", "\r\n". Default value "\n".</div> + <div><code>block_start_string</code> (str): The string marking the beginning of a block. Default value "{%".</div> + <div><code>block_end_string</code> (str): The string marking the end of a block. Default value "%}".</div> + <div><code>variable_start_string</code> (str): The string marking the beginning of a print statement. Default value "{{".</div> + <div><code>variable_end_string</code> (str): The string marking the end of a print statement. Default value "}}".</div> + <div><code>trim_blocks</code> (bool): Determine when newlines should be removed from blocks. When set to <code>yes</code> the first newline after a block is removed (block, not variable tag!). Default value is true.</div> + <div><code>lstrip_blocks</code> (bool): Determine when leading spaces and tabs should be stripped. When set to <code>yes</code> leading spaces and tabs are stripped from the start of a line to a block. This functionality requires Jinja 2.7 or newer. Default value is false.</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>username</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a username for authenticating with the API. Can also be specified via K8S_AUTH_USERNAME environment variable.</div> + <div>Please note that this only works with clusters configured to use HTTP Basic Auth. If your cluster has a different form of authentication (e.g. OAuth2 in OpenShift), this option will not work as expected and you should look into the <span class='module'>community.okd.k8s_auth</span> module, as that might do what you need.</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>validate</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>how (if at all) to validate the resource definition against the kubernetes schema. Requires the kubernetes-validate python module</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>fail_on_error</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>whether to fail on validation errors.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>strict</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li><div style="color: blue"><b>yes</b> ←</div></li> + </ul> + </td> + <td> + <div>whether to fail when passing unexpected properties</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>version</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>version of Kubernetes to validate against. defaults to Kubernetes server version</div> + </td> + </tr> + + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>validate_certs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: verify_ssl</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>no</b> ←</div></li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether to wait for certain resource kinds to end up in the desired state.</div> + <div>By default the module exits once Kubernetes has received the request.</div> + <div>Implemented for <code>state=present</code> for <code>Deployment</code>, <code>DaemonSet</code> and <code>Pod</code>, and for <code>state=absent</code> for all resource kinds.</div> + <div>For resource kinds without an implementation, <code>wait</code> returns immediately unless <code>wait_condition</code> is set.</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait_condition</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>Specifies a custom condition on the status to wait for.</div> + <div>Ignored if <code>wait</code> is not set or is set to False.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>reason</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The value of the reason field in your desired condition</div> + <div>For example, if a <code>Deployment</code> is paused, The <code>Progressing</code> <code>type</code> will have the <code>DeploymentPaused</code> reason.</div> + <div>The possible reasons in a condition are specific to each resource type in Kubernetes.</div> + <div>See the API documentation of the status field for a given resource to see possible choices.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>status</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>True</b> ←</div></li> + <li>False</li> + <li>Unknown</li> + </ul> + </td> + <td> + <div>The value of the status field in your desired condition.</div> + <div>For example, if a <code>Deployment</code> is paused, the <code>Progressing</code> <code>type</code> will have the <code>Unknown</code> status.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>type</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The type of condition to wait for.</div> + <div>For example, the <code>Pod</code> resource will set the <code>Ready</code> condition (among others).</div> + <div>Required if you are specifying a <code>wait_condition</code>.</div> + <div>If left empty, the <code>wait_condition</code> field will be ignored.</div> + <div>The possible types for a condition are specific to each resource type in Kubernetes.</div> + <div>See the API documentation of the status field for a given resource to see possible choices.</div> + </td> + </tr> + + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait_sleep</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">5</div> + </td> + <td> + <div>Number of seconds to sleep between checks.</div> + </td> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait_timeout</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">120</div> + </td> + <td> + <div>How long in seconds to wait for the resource to end up in the desired state.</div> + <div>Ignored if <code>wait</code> is not set.</div> + </td> + </tr> + </table> + <br/> + + +Notes +----- + +.. note:: + - To avoid SSL certificate validation errors when ``validate_certs`` is *True*, the full certificate chain for the API server must be provided via ``ca_cert`` or in the kubeconfig file. + + + +Examples +-------- + +.. code-block:: yaml + + - name: Create a k8s namespace + community.okd.k8s: + name: testing + api_version: v1 + kind: Namespace + state: present + + - name: Create a Service object from an inline definition + community.okd.k8s: + state: present + definition: + apiVersion: v1 + kind: Service + metadata: + name: web + namespace: testing + labels: + app: galaxy + service: web + spec: + selector: + app: galaxy + service: web + ports: + - protocol: TCP + targetPort: 8000 + name: port-8000-tcp + port: 8000 + + - name: Remove an existing Service object + community.okd.k8s: + state: absent + api_version: v1 + kind: Service + namespace: testing + name: web + + # Passing the object definition from a file + + - name: Create a Deployment by reading the definition from a local file + community.okd.k8s: + state: present + src: /testing/deployment.yml + + - name: >- + Read definition file from the Ansible controller file system. + If the definition file has been encrypted with Ansible Vault it will automatically be decrypted. + community.okd.k8s: + state: present + definition: "{{ lookup('file', '/testing/deployment.yml') | from_yaml }}" + + - name: Read definition file from the Ansible controller file system after Jinja templating + community.okd.k8s: + state: present + definition: "{{ lookup('template', '/testing/deployment.yml') | from_yaml }}" + + - name: fail on validation errors + community.okd.k8s: + state: present + definition: "{{ lookup('template', '/testing/deployment.yml') | from_yaml }}" + validate: + fail_on_error: yes + + - name: warn on validation errors, check for unexpected properties + community.okd.k8s: + state: present + definition: "{{ lookup('template', '/testing/deployment.yml') | from_yaml }}" + validate: + fail_on_error: no + strict: yes + + + +Return Values +------------- +Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module: + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Key</th> + <th>Returned</th> + <th width="100%">Description</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>result</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>success</td> + <td> + <div>The created, patched, or otherwise present object. Will be empty in the case of a deletion.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>api_version</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>The versioned schema of this representation of an object.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>duration</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td>when <code>wait</code> is true</td> + <td> + <div>elapsed time of task in seconds</div> + <br/> + <div style="font-size: smaller"><b>Sample:</b></div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">48</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>error</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>error</td> + <td> + <div>error while trying to create/delete the object.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>items</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + </div> + </td> + <td>when resource_definition or src contains list of objects</td> + <td> + <div>Returned only when multiple yaml documents are passed to src or resource_definition</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>kind</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>Represents the REST resource this object represents.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>metadata</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>success</td> + <td> + <div>Standard object metadata. Includes name, namespace, annotations, labels, etc.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>spec</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>success</td> + <td> + <div>Specific attributes of the object. Will vary based on the <em>api_version</em> and <em>kind</em>.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>status</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>success</td> + <td> + <div>Current status details for the object.</div> + <br/> + </td> + </tr> + + </table> + <br/><br/> + + +Status +------ + + +Authors +~~~~~~~ + +- Chris Houseknecht (@chouseknecht) +- Fabian von Feilitzsch (@fabianvf) diff --git a/ansible_collections/community/okd/docs/community.okd.oc_connection.rst b/ansible_collections/community/okd/docs/community.okd.oc_connection.rst new file mode 100644 index 000000000..14f2477cc --- /dev/null +++ b/ansible_collections/community/okd/docs/community.okd.oc_connection.rst @@ -0,0 +1,315 @@ +.. _community.okd.oc_connection: + + +**************** +community.okd.oc +**************** + +**Execute tasks in pods running on OpenShift.** + + + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Use the oc exec command to run tasks in, or put/fetch files to, pods running on the OpenShift container platform. + + + +Requirements +------------ +The below requirements are needed on the local Ansible controller node that executes this connection. + +- oc (go binary) + + +Parameters +---------- + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="1">Parameter</th> + <th>Choices/<font color="blue">Defaults</font></th> + <th>Configuration</th> + <th width="100%">Comments</th> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ca_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">""</div> + </td> + <td> + <div>env:K8S_AUTH_SSL_CA_CERT</div> + <div>var: ansible_oc_ssl_ca_cert</div> + <div>var: ansible_oc_ca_cert</div> + </td> + <td> + <div>Path to a CA certificate used to authenticate with the API.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: oc_ssl_ca_cert</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">""</div> + </td> + <td> + <div>env:K8S_AUTH_CERT_FILE</div> + <div>var: ansible_oc_cert_file</div> + <div>var: ansible_oc_client_cert</div> + </td> + <td> + <div>Path to a certificate used to authenticate with the API.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: oc_cert_file</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">""</div> + </td> + <td> + <div>env:K8S_AUTH_KEY_FILE</div> + <div>var: ansible_oc_key_file</div> + <div>var: ansible_oc_client_key</div> + </td> + <td> + <div>Path to a key file used to authenticate with the API.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: oc_key_file</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>oc_container</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">""</div> + </td> + <td> + <div>env:K8S_AUTH_CONTAINER</div> + <div>var: ansible_oc_container</div> + </td> + <td> + <div>Container name. Required when a pod contains more than one container.</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>oc_context</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">""</div> + </td> + <td> + <div>env:K8S_AUTH_CONTEXT</div> + <div>var: ansible_oc_context</div> + </td> + <td> + <div>The name of a context found in the K8s config file.</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>oc_extra_args</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">""</div> + </td> + <td> + <div>env:K8S_AUTH_EXTRA_ARGS</div> + <div>var: ansible_oc_extra_args</div> + </td> + <td> + <div>Extra arguments to pass to the oc command line.</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>oc_host</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">""</div> + </td> + <td> + <div>env:K8S_AUTH_HOST</div> + <div>env:K8S_AUTH_SERVER</div> + <div>var: ansible_oc_host</div> + <div>var: ansible_oc_server</div> + </td> + <td> + <div>URL for accessing the API.</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>oc_kubeconfig</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">""</div> + </td> + <td> + <div>env:K8S_AUTH_KUBECONFIG</div> + <div>var: ansible_oc_kubeconfig</div> + <div>var: ansible_oc_config</div> + </td> + <td> + <div>Path to a oc config file. Defaults to <em>~/.kube/config</em></div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>oc_namespace</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">""</div> + </td> + <td> + <div>env:K8S_AUTH_NAMESPACE</div> + <div>var: ansible_oc_namespace</div> + </td> + <td> + <div>The namespace of the pod</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>oc_pod</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">""</div> + </td> + <td> + <div>env:K8S_AUTH_POD</div> + <div>var: ansible_oc_pod</div> + </td> + <td> + <div>Pod name. Required when the host name does not match pod name.</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>oc_token</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + </td> + <td> + <div>env:K8S_AUTH_TOKEN</div> + <div>env:K8S_AUTH_API_KEY</div> + <div>var: ansible_oc_token</div> + <div>var: ansible_oc_api_key</div> + </td> + <td> + <div>API authentication bearer token.</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>validate_certs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">""</div> + </td> + <td> + <div>env:K8S_AUTH_VERIFY_SSL</div> + <div>var: ansible_oc_verify_ssl</div> + <div>var: ansible_oc_validate_certs</div> + </td> + <td> + <div>Whether or not to verify the API server's SSL certificate. Defaults to <em>true</em>.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: oc_verify_ssl</div> + </td> + </tr> + </table> + <br/> + + + + + + + + +Status +------ + + +Authors +~~~~~~~ + +- xuxinkun + + +.. hint:: + Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up. diff --git a/ansible_collections/community/okd/docs/community.okd.openshift_adm_groups_sync_module.rst b/ansible_collections/community/okd/docs/community.okd.openshift_adm_groups_sync_module.rst new file mode 100644 index 000000000..e16aa4d54 --- /dev/null +++ b/ansible_collections/community/okd/docs/community.okd.openshift_adm_groups_sync_module.rst @@ -0,0 +1,525 @@ +.. _community.okd.openshift_adm_groups_sync_module: + + +*************************************** +community.okd.openshift_adm_groups_sync +*************************************** + +**Sync OpenShift Groups with records from an external provider.** + + +Version added: 2.1.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- In order to sync/prune OpenShift Group records with those from an external provider, determine which Groups you wish to sync and where their records live. +- Analogous to `oc adm prune groups` and `oc adm group sync`. +- LDAP sync configuration file syntax can be found here https://docs.openshift.com/container-platform/4.9/authentication/ldap-syncing.html. +- The bindPassword attribute of the LDAP sync configuration is expected to be a string, please use ansible-vault encryption to secure this information. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- python >= 3.6 +- kubernetes >= 12.0.0 +- python-ldap + + +Parameters +---------- + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Parameter</th> + <th>Choices/<font color="blue">Defaults</font></th> + <th width="100%">Comments</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>allow_groups</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=string</span> + </div> + </td> + <td> + </td> + <td> + <div>Allowed groups, could be openshift group name or LDAP group dn value.</div> + <div>When parameter <code>type</code> is set to <em>ldap</em> this should contains only LDAP group definition like <em>cn=developers,ou=groups,ou=rfc2307,dc=ansible,dc=redhat</em>.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>api_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Token used to authenticate with the API. Can also be specified via K8S_AUTH_API_KEY environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ca_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to avoid certificate validation errors. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: ssl_ca_cert</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: cert_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: key_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>context</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The name of a context found in the config file. Can also be specified via K8S_AUTH_CONTEXT environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>deny_groups</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=string</span> + </div> + </td> + <td> + </td> + <td> + <div>Denied groups, could be openshift group name or LDAP group dn value.</div> + <div>When parameter <code>type</code> is set to <em>ldap</em> this should contains only LDAP group definition like <em>cn=developers,ou=groups,ou=rfc2307,dc=ansible,dc=redhat</em>.</div> + <div>The elements specified in this list will override the ones specified in <code>allow_groups</code>.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>kubeconfig</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">raw</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to an existing Kubernetes config file. If not provided, and no other connection options are provided, the Kubernetes client will attempt to load the default configuration file from <em>~/.kube/config</em>. Can also be specified via K8S_AUTH_KUBECONFIG environment variable.</div> + <div>The kubernetes configuration can be provided as dictionary. This feature requires a python kubernetes client version >= 17.17.0. Added in version 2.2.0.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>password</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD environment variable.</div> + <div>Please read the description of the <code>username</code> option for a discussion of when this option is applicable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>persist_config</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to save the kube config refresh tokens. Can also be specified via K8S_AUTH_PERSIST_CONFIG environment variable.</div> + <div>When the k8s context is using a user credentials with refresh tokens (like oidc or gke/gcloud auth), the token is refreshed by the k8s python client library but not saved by default. So the old refresh token can expire and the next auth might fail. Setting this flag to true will tell the k8s python client to save the new refresh token to the kube config file.</div> + <div>Default to false.</div> + <div>Please note that the current version of the k8s python client library does not support setting this flag to True yet.</div> + <div>The fix for this k8s python library is here: https://github.com/kubernetes-client/python-base/pull/169</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The URL of an HTTP proxy to use for the connection. Can also be specified via K8S_AUTH_PROXY environment variable.</div> + <div>Please note that this module does not pick up typical proxy settings from the environment (e.g. HTTP_PROXY).</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_headers</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.0.0</div> + </td> + <td> + </td> + <td> + <div>The Header used for the HTTP proxy.</div> + <div>Documentation can be found here <a href='https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers'>https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers</a>.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for proxy basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>user_agent</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>String representing the user-agent you want, such as foo/1.0.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_USER_AGENT environment.</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>state</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>absent</li> + <li><div style="color: blue"><b>present</b> ←</div></li> + </ul> + </td> + <td> + <div>Determines if the group should be sync when set to <code>present</code> or pruned when set to <code>absent</code>.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>sync_config</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + / <span style="color: red">required</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a valid YAML definition of an LDAP sync configuration.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: config, src</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>type</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>ldap</b> ←</div></li> + <li>openshift</li> + </ul> + </td> + <td> + <div>which groups allow and deny list entries refer to.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>username</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a username for authenticating with the API. Can also be specified via K8S_AUTH_USERNAME environment variable.</div> + <div>Please note that this only works with clusters configured to use HTTP Basic Auth. If your cluster has a different form of authentication (e.g. OAuth2 in OpenShift), this option will not work as expected and you should look into the <span class='module'>community.okd.k8s_auth</span> module, as that might do what you need.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>validate_certs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: verify_ssl</div> + </td> + </tr> + </table> + <br/> + + +Notes +----- + +.. note:: + - To avoid SSL certificate validation errors when ``validate_certs`` is *True*, the full certificate chain for the API server must be provided via ``ca_cert`` or in the kubeconfig file. + + + +Examples +-------- + +.. code-block:: yaml + + # Prune all orphaned groups + - name: Prune all orphan groups + openshift_adm_groups_sync: + state: absent + src: "{{ lookup('file', '/path/to/ldap-sync-config.yaml') | from_yaml }}" + + # Prune all orphaned groups from a list of specific groups specified in allow_groups + - name: Prune all orphan groups from a list of specific groups specified in allow_groups + openshift_adm_groups_sync: + state: absent + src: "{{ lookup('file', '/path/to/ldap-sync-config.yaml') | from_yaml }}" + allow_groups: + - cn=developers,ou=groups,ou=rfc2307,dc=ansible,dc=redhat + - cn=developers,ou=groups,ou=rfc2307,dc=ansible,dc=redhat + + # Sync all groups from an LDAP server + - name: Sync all groups from an LDAP server + openshift_adm_groups_sync: + src: + kind: LDAPSyncConfig + apiVersion: v1 + url: ldap://localhost:1390 + insecure: true + bindDN: cn=admin,dc=example,dc=org + bindPassword: adminpassword + rfc2307: + groupsQuery: + baseDN: "cn=admins,ou=groups,dc=example,dc=org" + scope: sub + derefAliases: never + filter: (objectClass=*) + pageSize: 0 + groupUIDAttribute: dn + groupNameAttributes: [ cn ] + groupMembershipAttributes: [ member ] + usersQuery: + baseDN: "ou=users,dc=example,dc=org" + scope: sub + derefAliases: never + pageSize: 0 + userUIDAttribute: dn + userNameAttributes: [ mail ] + tolerateMemberNotFoundErrors: true + tolerateMemberOutOfScopeErrors: true + + # Sync all groups except the ones from the deny_groups from an LDAP server + - name: Sync all groups from an LDAP server using deny_groups + openshift_adm_groups_sync: + src: "{{ lookup('file', '/path/to/ldap-sync-config.yaml') | from_yaml }}" + deny_groups: + - cn=developers,ou=groups,ou=rfc2307,dc=ansible,dc=redhat + - cn=developers,ou=groups,ou=rfc2307,dc=ansible,dc=redhat + + # Sync all OpenShift Groups that have been synced previously with an LDAP server + - name: Sync all OpenShift Groups that have been synced previously with an LDAP server + openshift_adm_groups_sync: + src: "{{ lookup('file', '/path/to/ldap-sync-config.yaml') | from_yaml }}" + type: openshift + + + +Return Values +------------- +Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module: + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="1">Key</th> + <th>Returned</th> + <th width="100%">Description</th> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>builds</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>The groups that were created, updated or deleted</div> + <br/> + <div style="font-size: smaller"><b>Sample:</b></div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[{'apiVersion': 'user.openshift.io/v1', 'kind': 'Group', 'metadata': {'annotations': {'openshift.io/ldap.sync-time': '2021-12-17T12:20:28.125282', 'openshift.io/ldap.uid': 'cn=developers,ou=groups,ou=rfc2307,dc=ansible,dc=redhat', 'openshift.io/ldap.url': 'localhost:1390'}, 'creationTimestamp': '2021-12-17T11:09:49Z', 'labels': {'openshift.io/ldap.host': 'localhost'}, 'managedFields': [{'apiVersion': 'user.openshift.io/v1', 'fieldsType': 'FieldsV1', 'fieldsV1': {'f:metadata': {'f:annotations': {'.': {}, 'f:openshift.io/ldap.sync-time': {}, 'f:openshift.io/ldap.uid': {}, 'f:openshift.io/ldap.url': {}}, 'f:labels': {'.': {}, 'f:openshift.io/ldap.host': {}}}, 'f:users': {}}, 'manager': 'OpenAPI-Generator', 'operation': 'Update', 'time': '2021-12-17T11:09:49Z'}], 'name': 'developers', 'resourceVersion': '2014696', 'uid': '8dc211cb-1544-41e1-96b1-efffeed2d7d7'}, 'users': ['jordanbulls@ansible.org']}]</div> + </td> + </tr> + </table> + <br/><br/> + + +Status +------ + + +Authors +~~~~~~~ + +- Aubin Bikouo (@abikouo) diff --git a/ansible_collections/community/okd/docs/community.okd.openshift_adm_migrate_template_instances_module.rst b/ansible_collections/community/okd/docs/community.okd.openshift_adm_migrate_template_instances_module.rst new file mode 100644 index 000000000..a7940ca85 --- /dev/null +++ b/ansible_collections/community/okd/docs/community.okd.openshift_adm_migrate_template_instances_module.rst @@ -0,0 +1,532 @@ +.. _community.okd.openshift_adm_migrate_template_instances_module: + + +****************************************************** +community.okd.openshift_adm_migrate_template_instances +****************************************************** + +**Update TemplateInstances to point to the latest group-version-kinds** + + +Version added: 2.2.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Update TemplateInstances to point to the latest group-version-kinds. +- Analogous to ``oc adm migrate template-instances``. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- python >= 3.6 +- kubernetes >= 12.0.0 + + +Parameters +---------- + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Parameter</th> + <th>Choices/<font color="blue">Defaults</font></th> + <th width="100%">Comments</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>api_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Token used to authenticate with the API. Can also be specified via K8S_AUTH_API_KEY environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ca_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to avoid certificate validation errors. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: ssl_ca_cert</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: cert_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: key_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>context</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The name of a context found in the config file. Can also be specified via K8S_AUTH_CONTEXT environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>kubeconfig</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">raw</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to an existing Kubernetes config file. If not provided, and no other connection options are provided, the Kubernetes client will attempt to load the default configuration file from <em>~/.kube/config</em>. Can also be specified via K8S_AUTH_KUBECONFIG environment variable.</div> + <div>The kubernetes configuration can be provided as dictionary. This feature requires a python kubernetes client version >= 17.17.0. Added in version 2.2.0.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>namespace</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The namespace that the template can be found in.</div> + <div>If no namespace if specified, migrate objects in all namespaces.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>password</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD environment variable.</div> + <div>Please read the description of the <code>username</code> option for a discussion of when this option is applicable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>persist_config</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to save the kube config refresh tokens. Can also be specified via K8S_AUTH_PERSIST_CONFIG environment variable.</div> + <div>When the k8s context is using a user credentials with refresh tokens (like oidc or gke/gcloud auth), the token is refreshed by the k8s python client library but not saved by default. So the old refresh token can expire and the next auth might fail. Setting this flag to true will tell the k8s python client to save the new refresh token to the kube config file.</div> + <div>Default to false.</div> + <div>Please note that the current version of the k8s python client library does not support setting this flag to True yet.</div> + <div>The fix for this k8s python library is here: https://github.com/kubernetes-client/python-base/pull/169</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The URL of an HTTP proxy to use for the connection. Can also be specified via K8S_AUTH_PROXY environment variable.</div> + <div>Please note that this module does not pick up typical proxy settings from the environment (e.g. HTTP_PROXY).</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_headers</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.0.0</div> + </td> + <td> + </td> + <td> + <div>The Header used for the HTTP proxy.</div> + <div>Documentation can be found here <a href='https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers'>https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers</a>.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for proxy basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>user_agent</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>String representing the user-agent you want, such as foo/1.0.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_USER_AGENT environment.</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>username</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a username for authenticating with the API. Can also be specified via K8S_AUTH_USERNAME environment variable.</div> + <div>Please note that this only works with clusters configured to use HTTP Basic Auth. If your cluster has a different form of authentication (e.g. OAuth2 in OpenShift), this option will not work as expected and you should look into the <span class='module'>community.okd.k8s_auth</span> module, as that might do what you need.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>validate_certs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: verify_ssl</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>no</b> ←</div></li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether to wait for certain resource kinds to end up in the desired state.</div> + <div>By default the module exits once Kubernetes has received the request.</div> + <div>Implemented for <code>state=present</code> for <code>Deployment</code>, <code>DaemonSet</code> and <code>Pod</code>, and for <code>state=absent</code> for all resource kinds.</div> + <div>For resource kinds without an implementation, <code>wait</code> returns immediately unless <code>wait_condition</code> is set.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait_condition</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>Specifies a custom condition on the status to wait for.</div> + <div>Ignored if <code>wait</code> is not set or is set to False.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>reason</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The value of the reason field in your desired condition</div> + <div>For example, if a <code>Deployment</code> is paused, The <code>Progressing</code> <code>type</code> will have the <code>DeploymentPaused</code> reason.</div> + <div>The possible reasons in a condition are specific to each resource type in Kubernetes.</div> + <div>See the API documentation of the status field for a given resource to see possible choices.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>status</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>True</b> ←</div></li> + <li>False</li> + <li>Unknown</li> + </ul> + </td> + <td> + <div>The value of the status field in your desired condition.</div> + <div>For example, if a <code>Deployment</code> is paused, the <code>Progressing</code> <code>type</code> will have the <code>Unknown</code> status.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>type</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The type of condition to wait for.</div> + <div>For example, the <code>Pod</code> resource will set the <code>Ready</code> condition (among others).</div> + <div>Required if you are specifying a <code>wait_condition</code>.</div> + <div>If left empty, the <code>wait_condition</code> field will be ignored.</div> + <div>The possible types for a condition are specific to each resource type in Kubernetes.</div> + <div>See the API documentation of the status field for a given resource to see possible choices.</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait_sleep</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">5</div> + </td> + <td> + <div>Number of seconds to sleep between checks.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait_timeout</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">120</div> + </td> + <td> + <div>How long in seconds to wait for the resource to end up in the desired state.</div> + <div>Ignored if <code>wait</code> is not set.</div> + </td> + </tr> + </table> + <br/> + + +Notes +----- + +.. note:: + - To avoid SSL certificate validation errors when ``validate_certs`` is *True*, the full certificate chain for the API server must be provided via ``ca_cert`` or in the kubeconfig file. + + + +Examples +-------- + +.. code-block:: yaml + + - name: Migrate TemplateInstances in namespace=test + community.okd.openshift_adm_migrate_template_instances: + namespace: test + register: _result + + - name: Migrate TemplateInstances in all namespaces + community.okd.openshift_adm_migrate_template_instances: + register: _result + + + +Return Values +------------- +Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module: + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="1">Key</th> + <th>Returned</th> + <th width="100%">Description</th> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>result</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>List with all TemplateInstances that have been migrated.</div> + <br/> + <div style="font-size: smaller"><b>Sample:</b></div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[{'apiVersion': 'template.openshift.io/v1', 'kind': 'TemplateInstance', 'metadata': {'creationTimestamp': '2021-11-10T11:12:09Z', 'finalizers': ['template.openshift.io/finalizer'], 'managedFields': [{'apiVersion': 'template.openshift.io/v1', 'fieldsType': 'FieldsV1', 'fieldsV1': {'f:spec': {'f:template': {'f:metadata': {'f:name': {}}, 'f:objects': {}, 'f:parameters': {}}}}, 'manager': 'kubectl-create', 'operation': 'Update', 'time': '2021-11-10T11:12:09Z'}, {'apiVersion': 'template.openshift.io/v1', 'fieldsType': 'FieldsV1', 'fieldsV1': {'f:metadata': {'f:finalizers': {'.': {}, 'v:"template.openshift.io/finalizer"': {}}}, 'f:status': {'f:conditions': {}}}, 'manager': 'openshift-controller-manager', 'operation': 'Update', 'time': '2021-11-10T11:12:09Z'}, {'apiVersion': 'template.openshift.io/v1', 'fieldsType': 'FieldsV1', 'fieldsV1': {'f:status': {'f:objects': {}}}, 'manager': 'OpenAPI-Generator', 'operation': 'Update', 'time': '2021-11-10T11:12:33Z'}], 'name': 'demo', 'namespace': 'test', 'resourceVersion': '545370', 'uid': '09b795d7-7f07-4d94-bf0f-2150ee66f88d'}, 'spec': {'requester': {'groups': ['system:masters', 'system:authenticated'], 'username': 'system:admin'}, 'template': {'metadata': {'creationTimestamp': None, 'name': 'template'}, 'objects': [{'apiVersion': 'v1', 'kind': 'Secret', 'metadata': {'labels': {'foo': 'bar'}, 'name': 'secret'}}, {'apiVersion': 'apps/v1', 'kind': 'Deployment', 'metadata': {'name': 'deployment'}, 'spec': {'replicas': 0, 'selector': {'matchLabels': {'key': 'value'}}, 'template': {'metadata': {'labels': {'key': 'value'}}, 'spec': {'containers': [{'image': 'k8s.gcr.io/e2e-test-images/agnhost:2.32', 'name': 'hello-openshift'}]}}}}, {'apiVersion': 'v1', 'kind': 'Route', 'metadata': {'name': 'route'}, 'spec': {'to': {'name': 'foo'}}}], 'parameters': [{'name': 'NAME', 'value': '${NAME}'}]}}, 'status': {'conditions': [{'lastTransitionTime': '2021-11-10T11:12:09Z', 'message': '', 'reason': 'Created', 'status': 'True', 'type': 'Ready'}], 'objects': [{'ref': {'apiVersion': 'v1', 'kind': 'Secret', 'name': 'secret', 'namespace': 'test', 'uid': '33fad364-6d47-4f9c-9e51-92cba5602a57'}}, {'ref': {'apiVersion': 'apps/v1', 'kind': 'Deployment', 'name': 'deployment', 'namespace': 'test', 'uid': '3b527f88-42a1-4811-9e2f-baad4e4d8807'}}, {'ref': {'apiVersion': 'route.openshift.io/v1.Route', 'kind': 'Route', 'name': 'route', 'namespace': 'test', 'uid': '5b5411de-8769-4e27-ba52-6781630e4008'}}]}}, '...']</div> + </td> + </tr> + </table> + <br/><br/> + + +Status +------ + + +Authors +~~~~~~~ + +- Alina Buzachis (@alinabuzachis) diff --git a/ansible_collections/community/okd/docs/community.okd.openshift_adm_prune_auth_module.rst b/ansible_collections/community/okd/docs/community.okd.openshift_adm_prune_auth_module.rst new file mode 100644 index 000000000..b4b11c2be --- /dev/null +++ b/ansible_collections/community/okd/docs/community.okd.openshift_adm_prune_auth_module.rst @@ -0,0 +1,514 @@ +.. _community.okd.openshift_adm_prune_auth_module: + + +************************************** +community.okd.openshift_adm_prune_auth +************************************** + +**Removes references to the specified roles, clusterroles, users, and groups** + + +Version added: 2.2.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module allow administrators to remove references to the specified roles, clusterroles, users, and groups. +- Analogous to ``oc adm prune auth``. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- python >= 3.6 +- kubernetes >= 12.0.0 + + +Parameters +---------- + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Parameter</th> + <th>Choices/<font color="blue">Defaults</font></th> + <th width="100%">Comments</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>api_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Token used to authenticate with the API. Can also be specified via K8S_AUTH_API_KEY environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ca_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to avoid certificate validation errors. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: ssl_ca_cert</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: cert_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: key_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>context</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The name of a context found in the config file. Can also be specified via K8S_AUTH_CONTEXT environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>kubeconfig</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">raw</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to an existing Kubernetes config file. If not provided, and no other connection options are provided, the Kubernetes client will attempt to load the default configuration file from <em>~/.kube/config</em>. Can also be specified via K8S_AUTH_KUBECONFIG environment variable.</div> + <div>The kubernetes configuration can be provided as dictionary. This feature requires a python kubernetes client version >= 17.17.0. Added in version 2.2.0.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>label_selectors</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=string</span> + </div> + </td> + <td> + </td> + <td> + <div>Selector (label query) to filter on.</div> + <div>Mutually exclusive with option <em>name</em>.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>name</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Use to specify an object name to remove.</div> + <div>Mutually exclusive with option <em>label_selectors</em>.</div> + <div>If neither <em>name</em> nor <em>label_selectors</em> are specified, prune all resources in the namespace.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>namespace</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Use to specify an object namespace.</div> + <div>Ignored when <em>resource</em> is set to <code>clusterroles</code>.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>password</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD environment variable.</div> + <div>Please read the description of the <code>username</code> option for a discussion of when this option is applicable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>persist_config</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to save the kube config refresh tokens. Can also be specified via K8S_AUTH_PERSIST_CONFIG environment variable.</div> + <div>When the k8s context is using a user credentials with refresh tokens (like oidc or gke/gcloud auth), the token is refreshed by the k8s python client library but not saved by default. So the old refresh token can expire and the next auth might fail. Setting this flag to true will tell the k8s python client to save the new refresh token to the kube config file.</div> + <div>Default to false.</div> + <div>Please note that the current version of the k8s python client library does not support setting this flag to True yet.</div> + <div>The fix for this k8s python library is here: https://github.com/kubernetes-client/python-base/pull/169</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The URL of an HTTP proxy to use for the connection. Can also be specified via K8S_AUTH_PROXY environment variable.</div> + <div>Please note that this module does not pick up typical proxy settings from the environment (e.g. HTTP_PROXY).</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_headers</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.0.0</div> + </td> + <td> + </td> + <td> + <div>The Header used for the HTTP proxy.</div> + <div>Documentation can be found here <a href='https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers'>https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers</a>.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for proxy basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>user_agent</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>String representing the user-agent you want, such as foo/1.0.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_USER_AGENT environment.</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>resource</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + / <span style="color: red">required</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>roles</li> + <li>clusterroles</li> + <li>users</li> + <li>groups</li> + </ul> + </td> + <td> + <div>The specified resource to remove.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>username</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a username for authenticating with the API. Can also be specified via K8S_AUTH_USERNAME environment variable.</div> + <div>Please note that this only works with clusters configured to use HTTP Basic Auth. If your cluster has a different form of authentication (e.g. OAuth2 in OpenShift), this option will not work as expected and you should look into the <span class='module'>community.okd.k8s_auth</span> module, as that might do what you need.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>validate_certs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: verify_ssl</div> + </td> + </tr> + </table> + <br/> + + +Notes +----- + +.. note:: + - To avoid SSL certificate validation errors when ``validate_certs`` is *True*, the full certificate chain for the API server must be provided via ``ca_cert`` or in the kubeconfig file. + + + +Examples +-------- + +.. code-block:: yaml + + - name: Prune all roles from default namespace + openshift_adm_prune_auth: + resource: roles + namespace: testing + + - name: Prune clusterroles using label selectors + openshift_adm_prune_auth: + resource: roles + namespace: testing + label_selectors: + - phase=production + + + +Return Values +------------- +Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module: + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="1">Key</th> + <th>Returned</th> + <th width="100%">Description</th> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>authorization</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + </div> + </td> + <td><em>resource=users</em></td> + <td> + <div>list of OAuthClientAuthorization deleted.</div> + <br/> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>cluster_role_binding</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + </div> + </td> + <td>always</td> + <td> + <div>list of cluster role binding deleted.</div> + <br/> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>group</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + </div> + </td> + <td><em>resource=users</em></td> + <td> + <div>list of Security Context Constraints deleted.</div> + <br/> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>role_binding</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + </div> + </td> + <td><em>resource=users</em> or <em>resource=groups</em> or <em>resource=clusterroles</em></td> + <td> + <div>list of role binding deleted.</div> + <br/> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>security_context_constraints</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + </div> + </td> + <td><em>resource=users</em> or <em>resource=groups</em></td> + <td> + <div>list of Security Context Constraints deleted.</div> + <br/> + </td> + </tr> + </table> + <br/><br/> + + +Status +------ + + +Authors +~~~~~~~ + +- Aubin Bikouo (@abikouo) diff --git a/ansible_collections/community/okd/docs/community.okd.openshift_adm_prune_builds_module.rst b/ansible_collections/community/okd/docs/community.okd.openshift_adm_prune_builds_module.rst new file mode 100644 index 000000000..6fb9443b7 --- /dev/null +++ b/ansible_collections/community/okd/docs/community.okd.openshift_adm_prune_builds_module.rst @@ -0,0 +1,571 @@ +.. _community.okd.openshift_adm_prune_builds_module: + + +**************************************** +community.okd.openshift_adm_prune_builds +**************************************** + +**Prune old completed and failed builds** + + +Version added: 2.3.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module allow administrators to delete old completed and failed builds. +- Analogous to ``oc adm prune builds``. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- python >= 3.6 +- kubernetes >= 12.0.0 + + +Parameters +---------- + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Parameter</th> + <th>Choices/<font color="blue">Defaults</font></th> + <th width="100%">Comments</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>api_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Token used to authenticate with the API. Can also be specified via K8S_AUTH_API_KEY environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ca_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to avoid certificate validation errors. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: ssl_ca_cert</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: cert_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: key_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>context</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The name of a context found in the config file. Can also be specified via K8S_AUTH_CONTEXT environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>impersonate_groups</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=string</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.3.0</div> + </td> + <td> + </td> + <td> + <div>Group(s) to impersonate for the operation.</div> + <div>Can also be specified via K8S_AUTH_IMPERSONATE_GROUPS environment. Example: Group1,Group2</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>impersonate_user</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.3.0</div> + </td> + <td> + </td> + <td> + <div>Username to impersonate for the operation.</div> + <div>Can also be specified via K8S_AUTH_IMPERSONATE_USER environment.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>keep_younger_than</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + </td> + <td> + <div>Specify the minimum age (in minutes) of a Build for it to be considered a candidate for pruning.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>kubeconfig</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">raw</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to an existing Kubernetes config file. If not provided, and no other connection options are provided, the Kubernetes client will attempt to load the default configuration file from <em>~/.kube/config</em>. Can also be specified via K8S_AUTH_KUBECONFIG environment variable.</div> + <div>Multiple Kubernetes config file can be provided using separator ';' for Windows platform or ':' for others platforms.</div> + <div>The kubernetes configuration can be provided as dictionary. This feature requires a python kubernetes client version >= 17.17.0. Added in version 2.2.0.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>namespace</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Use to specify namespace for builds to be deleted.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>no_proxy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.3.0</div> + </td> + <td> + </td> + <td> + <div>The comma separated list of hosts/domains/IP/CIDR that shouldn't go through proxy. Can also be specified via K8S_AUTH_NO_PROXY environment variable.</div> + <div>Please note that this module does not pick up typical proxy settings from the environment (e.g. NO_PROXY).</div> + <div>This feature requires kubernetes>=19.15.0. When kubernetes library is less than 19.15.0, it fails even no_proxy set in correct.</div> + <div>example value is "localhost,.local,.example.com,127.0.0.1,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>orphans</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>no</b> ←</div></li> + <li>yes</li> + </ul> + </td> + <td> + <div>If <code>true</code>, prune all builds whose associated BuildConfig no longer exists and whose status is complete, failed, error, or cancelled.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>password</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD environment variable.</div> + <div>Please read the description of the <code>username</code> option for a discussion of when this option is applicable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>persist_config</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to save the kube config refresh tokens. Can also be specified via K8S_AUTH_PERSIST_CONFIG environment variable.</div> + <div>When the k8s context is using a user credentials with refresh tokens (like oidc or gke/gcloud auth), the token is refreshed by the k8s python client library but not saved by default. So the old refresh token can expire and the next auth might fail. Setting this flag to true will tell the k8s python client to save the new refresh token to the kube config file.</div> + <div>Default to false.</div> + <div>Please note that the current version of the k8s python client library does not support setting this flag to True yet.</div> + <div>The fix for this k8s python library is here: https://github.com/kubernetes-client/python-base/pull/169</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The URL of an HTTP proxy to use for the connection. Can also be specified via K8S_AUTH_PROXY environment variable.</div> + <div>Please note that this module does not pick up typical proxy settings from the environment (e.g. HTTP_PROXY).</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_headers</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.0.0</div> + </td> + <td> + </td> + <td> + <div>The Header used for the HTTP proxy.</div> + <div>Documentation can be found here <a href='https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers'>https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers</a>.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for proxy basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>user_agent</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>String representing the user-agent you want, such as foo/1.0.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_USER_AGENT environment.</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>username</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a username for authenticating with the API. Can also be specified via K8S_AUTH_USERNAME environment variable.</div> + <div>Please note that this only works with clusters configured to use HTTP Basic Auth. If your cluster has a different form of authentication (e.g. OAuth2 in OpenShift), this option will not work as expected and you should look into the <span class='module'>community.okd.k8s_auth</span> module, as that might do what you need.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>validate_certs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: verify_ssl</div> + </td> + </tr> + </table> + <br/> + + +Notes +----- + +.. note:: + - To avoid SSL certificate validation errors when ``validate_certs`` is *True*, the full certificate chain for the API server must be provided via ``ca_cert`` or in the kubeconfig file. + + + +Examples +-------- + +.. code-block:: yaml + + # Run deleting older completed and failed builds and also including + # all builds whose associated BuildConfig no longer exists + - name: Run delete orphan Builds + community.okd.openshift_adm_prune_builds: + orphans: True + + # Run deleting older completed and failed builds keep younger than 2hours + - name: Run delete builds, keep younger than 2h + community.okd.openshift_adm_prune_builds: + keep_younger_than: 120 + + # Run deleting builds from specific namespace + - name: Run delete builds from namespace + community.okd.openshift_adm_prune_builds: + namespace: testing_namespace + + + +Return Values +------------- +Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module: + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Key</th> + <th>Returned</th> + <th width="100%">Description</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>builds</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>success</td> + <td> + <div>The builds that were deleted</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>api_version</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>The versioned schema of this representation of an object.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>kind</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>Represents the REST resource this object represents.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>metadata</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>Standard object metadata. Includes name, namespace, annotations, labels, etc.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>spec</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>Specific attributes of the object. Will vary based on the <em>api_version</em> and <em>kind</em>.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>status</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>Current status details for the object.</div> + <br/> + </td> + </tr> + + </table> + <br/><br/> + + +Status +------ + + +Authors +~~~~~~~ + +- Aubin Bikouo (@abikouo) diff --git a/ansible_collections/community/okd/docs/community.okd.openshift_adm_prune_deployments_module.rst b/ansible_collections/community/okd/docs/community.okd.openshift_adm_prune_deployments_module.rst new file mode 100644 index 000000000..16e0deda9 --- /dev/null +++ b/ansible_collections/community/okd/docs/community.okd.openshift_adm_prune_deployments_module.rst @@ -0,0 +1,428 @@ +.. _community.okd.openshift_adm_prune_deployments_module: + + +********************************************* +community.okd.openshift_adm_prune_deployments +********************************************* + +**Remove old completed and failed deployment configs** + + +Version added: 2.2.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module allow administrators to remove old completed and failed deployment configs. +- Analogous to ``oc adm prune deployments``. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- python >= 3.6 +- kubernetes >= 12.0.0 + + +Parameters +---------- + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Parameter</th> + <th>Choices/<font color="blue">Defaults</font></th> + <th width="100%">Comments</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>api_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Token used to authenticate with the API. Can also be specified via K8S_AUTH_API_KEY environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ca_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to avoid certificate validation errors. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: ssl_ca_cert</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: cert_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: key_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>context</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The name of a context found in the config file. Can also be specified via K8S_AUTH_CONTEXT environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>keep_younger_than</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + </td> + <td> + <div>Specify the minimum age (in minutes) of a deployment for it to be considered a candidate for pruning.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>kubeconfig</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">raw</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to an existing Kubernetes config file. If not provided, and no other connection options are provided, the Kubernetes client will attempt to load the default configuration file from <em>~/.kube/config</em>. Can also be specified via K8S_AUTH_KUBECONFIG environment variable.</div> + <div>The kubernetes configuration can be provided as dictionary. This feature requires a python kubernetes client version >= 17.17.0. Added in version 2.2.0.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>namespace</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Use to specify namespace for deployments to be deleted.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>orphans</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>no</b> ←</div></li> + <li>yes</li> + </ul> + </td> + <td> + <div>If <code>true</code>, prune all deployments where the associated DeploymentConfig no longer exists, the status is complete or failed, and the replica size is <code>0</code>.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>password</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD environment variable.</div> + <div>Please read the description of the <code>username</code> option for a discussion of when this option is applicable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>persist_config</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to save the kube config refresh tokens. Can also be specified via K8S_AUTH_PERSIST_CONFIG environment variable.</div> + <div>When the k8s context is using a user credentials with refresh tokens (like oidc or gke/gcloud auth), the token is refreshed by the k8s python client library but not saved by default. So the old refresh token can expire and the next auth might fail. Setting this flag to true will tell the k8s python client to save the new refresh token to the kube config file.</div> + <div>Default to false.</div> + <div>Please note that the current version of the k8s python client library does not support setting this flag to True yet.</div> + <div>The fix for this k8s python library is here: https://github.com/kubernetes-client/python-base/pull/169</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The URL of an HTTP proxy to use for the connection. Can also be specified via K8S_AUTH_PROXY environment variable.</div> + <div>Please note that this module does not pick up typical proxy settings from the environment (e.g. HTTP_PROXY).</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_headers</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.0.0</div> + </td> + <td> + </td> + <td> + <div>The Header used for the HTTP proxy.</div> + <div>Documentation can be found here <a href='https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers'>https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers</a>.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for proxy basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>user_agent</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>String representing the user-agent you want, such as foo/1.0.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_USER_AGENT environment.</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>username</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a username for authenticating with the API. Can also be specified via K8S_AUTH_USERNAME environment variable.</div> + <div>Please note that this only works with clusters configured to use HTTP Basic Auth. If your cluster has a different form of authentication (e.g. OAuth2 in OpenShift), this option will not work as expected and you should look into the <span class='module'>community.okd.k8s_auth</span> module, as that might do what you need.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>validate_certs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: verify_ssl</div> + </td> + </tr> + </table> + <br/> + + +Notes +----- + +.. note:: + - To avoid SSL certificate validation errors when ``validate_certs`` is *True*, the full certificate chain for the API server must be provided via ``ca_cert`` or in the kubeconfig file. + + + +Examples +-------- + +.. code-block:: yaml + + - name: Prune Deployments from testing namespace + community.okd.openshift_adm_prune_deployments: + namespace: testing + + - name: Prune orphans deployments, keep younger than 2hours + community.okd.openshift_adm_prune_deployments: + orphans: True + keep_younger_than: 120 + + + +Return Values +------------- +Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module: + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="1">Key</th> + <th>Returned</th> + <th width="100%">Description</th> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>replication_controllers</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + </div> + </td> + <td>always</td> + <td> + <div>list of replication controllers candidate for pruning.</div> + <br/> + </td> + </tr> + </table> + <br/><br/> + + +Status +------ + + +Authors +~~~~~~~ + +- Aubin Bikouo (@abikouo) diff --git a/ansible_collections/community/okd/docs/community.okd.openshift_adm_prune_images_module.rst b/ansible_collections/community/okd/docs/community.okd.openshift_adm_prune_images_module.rst new file mode 100644 index 000000000..08fd357a3 --- /dev/null +++ b/ansible_collections/community/okd/docs/community.okd.openshift_adm_prune_images_module.rst @@ -0,0 +1,569 @@ +.. _community.okd.openshift_adm_prune_images_module: + + +**************************************** +community.okd.openshift_adm_prune_images +**************************************** + +**Remove unreferenced images** + + +Version added: 2.2.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module allow administrators to remove references images. +- Note that if the ``namespace`` is specified, only references images on Image stream for the corresponding namespace will be candidate for prune if only they are not used or references in another Image stream from another namespace. +- Analogous to ``oc adm prune images``. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- python >= 3.6 +- kubernetes >= 12.0.0 +- docker-image-py + + +Parameters +---------- + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Parameter</th> + <th>Choices/<font color="blue">Defaults</font></th> + <th width="100%">Comments</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>all_images</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li><div style="color: blue"><b>yes</b> ←</div></li> + </ul> + </td> + <td> + <div>Include images that were imported from external registries as candidates for pruning.</div> + <div>If pruned, all the mirrored objects associated with them will also be removed from the integrated registry.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>api_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Token used to authenticate with the API. Can also be specified via K8S_AUTH_API_KEY environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ca_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to avoid certificate validation errors. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: ssl_ca_cert</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: cert_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: key_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>context</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The name of a context found in the config file. Can also be specified via K8S_AUTH_CONTEXT environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ignore_invalid_refs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>no</b> ←</div></li> + <li>yes</li> + </ul> + </td> + <td> + <div>If set to <em>True</em>, the pruning process will ignore all errors while parsing image references.</div> + <div>This means that the pruning process will ignore the intended connection between the object and the referenced image.</div> + <div>As a result an image may be incorrectly deleted as unused.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>keep_younger_than</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + </td> + <td> + <div>Specify the minimum age (in minutes) of an image and its referrers for it to be considered a candidate for pruning.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>kubeconfig</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">raw</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to an existing Kubernetes config file. If not provided, and no other connection options are provided, the Kubernetes client will attempt to load the default configuration file from <em>~/.kube/config</em>. Can also be specified via K8S_AUTH_KUBECONFIG environment variable.</div> + <div>The kubernetes configuration can be provided as dictionary. This feature requires a python kubernetes client version >= 17.17.0. Added in version 2.2.0.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>namespace</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Use to specify namespace for objects.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>password</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD environment variable.</div> + <div>Please read the description of the <code>username</code> option for a discussion of when this option is applicable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>persist_config</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to save the kube config refresh tokens. Can also be specified via K8S_AUTH_PERSIST_CONFIG environment variable.</div> + <div>When the k8s context is using a user credentials with refresh tokens (like oidc or gke/gcloud auth), the token is refreshed by the k8s python client library but not saved by default. So the old refresh token can expire and the next auth might fail. Setting this flag to true will tell the k8s python client to save the new refresh token to the kube config file.</div> + <div>Default to false.</div> + <div>Please note that the current version of the k8s python client library does not support setting this flag to True yet.</div> + <div>The fix for this k8s python library is here: https://github.com/kubernetes-client/python-base/pull/169</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The URL of an HTTP proxy to use for the connection. Can also be specified via K8S_AUTH_PROXY environment variable.</div> + <div>Please note that this module does not pick up typical proxy settings from the environment (e.g. HTTP_PROXY).</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_headers</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.0.0</div> + </td> + <td> + </td> + <td> + <div>The Header used for the HTTP proxy.</div> + <div>Documentation can be found here <a href='https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers'>https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers</a>.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for proxy basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>user_agent</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>String representing the user-agent you want, such as foo/1.0.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_USER_AGENT environment.</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>prune_over_size_limit</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>no</b> ←</div></li> + <li>yes</li> + </ul> + </td> + <td> + <div>Specify if images which are exceeding LimitRanges specified in the same namespace, should be considered for pruning.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>prune_registry</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li><div style="color: blue"><b>yes</b> ←</div></li> + </ul> + </td> + <td> + <div>If set to <em>False</em>, the prune operation will clean up image API objects, but none of the associated content in the registry is removed.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>registry_ca_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a CA certificate used to contact registry. The full certificate chain must be provided to avoid certificate validation errors.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>registry_url</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The address to use when contacting the registry, instead of using the default value.</div> + <div>This is useful if you can't resolve or reach the default registry but you do have an alternative route that works.</div> + <div>Particular transport protocol can be enforced using '<scheme>://' prefix.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>registry_validate_certs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>username</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a username for authenticating with the API. Can also be specified via K8S_AUTH_USERNAME environment variable.</div> + <div>Please note that this only works with clusters configured to use HTTP Basic Auth. If your cluster has a different form of authentication (e.g. OAuth2 in OpenShift), this option will not work as expected and you should look into the <span class='module'>community.okd.k8s_auth</span> module, as that might do what you need.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>validate_certs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: verify_ssl</div> + </td> + </tr> + </table> + <br/> + + +Notes +----- + +.. note:: + - To avoid SSL certificate validation errors when ``validate_certs`` is *True*, the full certificate chain for the API server must be provided via ``ca_cert`` or in the kubeconfig file. + + + +Examples +-------- + +.. code-block:: yaml + + # Prune if only images and their referrers were more than an hour old + - name: Prune image with referrer been more than an hour old + community.okd.openshift_adm_prune_images: + keep_younger_than: 60 + + # Remove images exceeding currently set limit ranges + - name: Remove images exceeding currently set limit ranges + community.okd.openshift_adm_prune_images: + prune_over_size_limit: true + + # Force the insecure http protocol with the particular registry host name + - name: Prune images using custom registry + community.okd.openshift_adm_prune_images: + registry_url: http://registry.example.org + registry_validate_certs: false + + + +Return Values +------------- +Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module: + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="1">Key</th> + <th>Returned</th> + <th width="100%">Description</th> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>deleted_images</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>The images deleted.</div> + <br/> + <div style="font-size: smaller"><b>Sample:</b></div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[{'apiVersion': 'image.openshift.io/v1', 'dockerImageLayers': [{'mediaType': 'application/vnd.docker.image.rootfs.diff.tar.gzip', 'name': 'sha256:5e0b432e8ba9d9029a000e627840b98ffc1ed0c5172075b7d3e869be0df0fe9b', 'size': 54932878}, {'mediaType': 'application/vnd.docker.image.rootfs.diff.tar.gzip', 'name': 'sha256:a84cfd68b5cea612a8343c346bfa5bd6c486769010d12f7ec86b23c74887feb2', 'size': 5153424}, {'mediaType': 'application/vnd.docker.image.rootfs.diff.tar.gzip', 'name': 'sha256:e8b8f2315954535f1e27cd13d777e73da4a787b0aebf4241d225beff3c91cbb1', 'size': 10871995}, {'mediaType': 'application/vnd.docker.image.rootfs.diff.tar.gzip', 'name': 'sha256:0598fa43a7e793a76c198e8d45d8810394e1cfc943b2673d7fcf5a6fdc4f45b3', 'size': 54567844}, {'mediaType': 'application/vnd.docker.image.rootfs.diff.tar.gzip', 'name': 'sha256:83098237b6d3febc7584c1f16076a32ac01def85b0d220ab46b6ebb2d6e7d4d4', 'size': 196499409}, {'mediaType': 'application/vnd.docker.image.rootfs.diff.tar.gzip', 'name': 'sha256:b92c73d4de9a6a8f6b96806a04857ab33cf6674f6411138603471d744f44ef55', 'size': 6290769}, {'mediaType': 'application/vnd.docker.image.rootfs.diff.tar.gzip', 'name': 'sha256:ef9b6ee59783b84a6ec0c8b109c409411ab7c88fa8c53fb3760b5fde4eb0aa07', 'size': 16812698}, {'mediaType': 'application/vnd.docker.image.rootfs.diff.tar.gzip', 'name': 'sha256:c1f6285e64066d36477a81a48d3c4f1dc3c03dddec9e72d97da13ba51bca0d68', 'size': 234}, {'mediaType': 'application/vnd.docker.image.rootfs.diff.tar.gzip', 'name': 'sha256:a0ee7333301245b50eb700f96d9e13220cdc31871ec9d8e7f0ff7f03a17c6fb3', 'size': 2349241}], 'dockerImageManifestMediaType': 'application/vnd.docker.distribution.manifest.v2+json', 'dockerImageMetadata': {'Architecture': 'amd64', 'Config': {'Cmd': ['python3'], 'Env': ['PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 'LANG=C.UTF-8', 'GPG_KEY=E3FF2839C048B25C084DEBE9B26995E310250568', 'PYTHON_VERSION=3.8.12', 'PYTHON_PIP_VERSION=21.2.4', 'PYTHON_SETUPTOOLS_VERSION=57.5.0', 'PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/3cb8888cc2869620f57d5d2da64da38f516078c7/public/get-pip.py', 'PYTHON_GET_PIP_SHA256=c518250e91a70d7b20cceb15272209a4ded2a0c263ae5776f129e0d9b5674309'], 'Image': 'sha256:cc3a2931749afa7dede97e32edbbe3e627b275c07bf600ac05bc0dc22ef203de'}, 'Container': 'b43fcf5052feb037f6d204247d51ac8581d45e50f41c6be2410d94b5c3a3453d', 'ContainerConfig': {'Cmd': ['/bin/sh', '-c', '#(nop) ', 'CMD ["python3"]'], 'Env': ['PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 'LANG=C.UTF-8', 'GPG_KEY=E3FF2839C048B25C084DEBE9B26995E310250568', 'PYTHON_VERSION=3.8.12', 'PYTHON_PIP_VERSION=21.2.4', 'PYTHON_SETUPTOOLS_VERSION=57.5.0', 'PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/3cb8888cc2869620f57d5d2da64da38f516078c7/public/get-pip.py', 'PYTHON_GET_PIP_SHA256=c518250e91a70d7b20cceb15272209a4ded2a0c263ae5776f129e0d9b5674309'], 'Hostname': 'b43fcf5052fe', 'Image': 'sha256:cc3a2931749afa7dede97e32edbbe3e627b275c07bf600ac05bc0dc22ef203de'}, 'Created': '2021-12-03T01:53:41Z', 'DockerVersion': '20.10.7', 'Id': 'sha256:f746089c9d02d7126bbe829f788e093853a11a7f0421049267a650d52bbcac37', 'Size': 347487141, 'apiVersion': 'image.openshift.io/1.0', 'kind': 'DockerImage'}, 'dockerImageMetadataVersion': '1.0', 'dockerImageReference': 'python@sha256:a874dcabc74ca202b92b826521ff79dede61caca00ceab0b65024e895baceb58', 'kind': 'Image', 'metadata': {'annotations': {'image.openshift.io/dockerLayersOrder': 'ascending'}, 'creationTimestamp': '2021-12-07T07:55:30Z', 'name': 'sha256:a874dcabc74ca202b92b826521ff79dede61caca00ceab0b65024e895baceb58', 'resourceVersion': '1139214', 'uid': '33be6ab4-af79-4f44-a0fd-4925bd473c1f'}}, '...']</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>updated_image_streams</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>The images streams updated.</div> + <br/> + <div style="font-size: smaller"><b>Sample:</b></div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[{'apiVersion': 'image.openshift.io/v1', 'kind': 'ImageStream', 'metadata': {'annotations': {'openshift.io/image.dockerRepositoryCheck': '2021-12-07T07:55:30Z'}, 'creationTimestamp': '2021-12-07T07:55:30Z', 'generation': 1, 'name': 'python', 'namespace': 'images', 'resourceVersion': '1139215', 'uid': '443bad2c-9fd4-4c8f-8a24-3eca4426b07f'}, 'spec': {'lookupPolicy': {'local': False}, 'tags': [{'annotations': None, 'from': {'kind': 'DockerImage', 'name': 'python:3.8.12'}, 'generation': 1, 'importPolicy': {'insecure': True}, 'name': '3.8.12', 'referencePolicy': {'type': 'Source'}}]}, 'status': {'dockerImageRepository': 'image-registry.openshift-image-registry.svc:5000/images/python', 'publicDockerImageRepository': 'default-route-openshift-image-registry.apps-crc.testing/images/python', 'tags': []}}, '...']</div> + </td> + </tr> + </table> + <br/><br/> + + +Status +------ + + +Authors +~~~~~~~ + +- Aubin Bikouo (@abikouo) diff --git a/ansible_collections/community/okd/docs/community.okd.openshift_auth_module.rst b/ansible_collections/community/okd/docs/community.okd.openshift_auth_module.rst new file mode 100644 index 000000000..3619940ea --- /dev/null +++ b/ansible_collections/community/okd/docs/community.okd.openshift_auth_module.rst @@ -0,0 +1,424 @@ +.. _community.okd.openshift_auth_module: + + +**************************** +community.okd.openshift_auth +**************************** + +**Authenticate to OpenShift clusters which require an explicit login step** + + +Version added: 0.2.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module handles authenticating to OpenShift clusters requiring *explicit* authentication procedures, meaning ones where a client logs in (obtains an authentication token), performs API operations using said token and then logs out (revokes the token). +- On the other hand a popular configuration for username+password authentication is one utilizing HTTP Basic Auth, which does not involve any additional login/logout steps (instead login credentials can be attached to each and every API call performed) and as such is handled directly by the ``k8s`` module (and other resource–specific modules) by utilizing the ``host``, ``username`` and ``password`` parameters. Please consult your preferred module's documentation for more details. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- python >= 3.6 +- urllib3 +- requests +- requests-oauthlib + + +Parameters +---------- + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="1">Parameter</th> + <th>Choices/<font color="blue">Defaults</font></th> + <th width="100%">Comments</th> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>api_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>When <code>state</code> is set to <em>absent</em>, this specifies the token to revoke.</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ca_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a CA certificate file used to verify connection to the API server. The full certificate chain must be provided to avoid certificate validation errors.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: ssl_ca_cert</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + / <span style="color: red">required</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a URL for accessing the API server.</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>password</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a password for authenticating with the API server.</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>state</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>present</b> ←</div></li> + <li>absent</li> + </ul> + </td> + <td> + <div>If set to <em>present</em> connect to the API server using the URL specified in <code>host</code> and attempt to log in.</div> + <div>If set to <em>absent</em> attempt to log out by revoking the authentication token specified in <code>api_key</code>.</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>username</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a username for authenticating with the API server.</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>validate_certs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li><div style="color: blue"><b>yes</b> ←</div></li> + </ul> + </td> + <td> + <div>Whether or not to verify the API server's SSL certificates.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: verify_ssl</div> + </td> + </tr> + </table> + <br/> + + + + +Examples +-------- + +.. code-block:: yaml + + - hosts: localhost + module_defaults: + group/k8s: + host: https://k8s.example.com/ + ca_cert: ca.pem + tasks: + - block: + # It's good practice to store login credentials in a secure vault and not + # directly in playbooks. + - include_vars: openshift_passwords.yml + + - name: Log in (obtain access token) + community.okd.openshift_auth: + username: admin + password: "{{ openshift_admin_password }}" + register: openshift_auth_results + + # Previous task provides the token/api_key, while all other parameters + # are taken from module_defaults + - name: Get a list of all pods from any namespace + kubernetes.core.k8s_info: + api_key: "{{ openshift_auth_results.openshift_auth.api_key }}" + kind: Pod + register: pod_list + + always: + - name: If login succeeded, try to log out (revoke access token) + when: openshift_auth_results.openshift_auth.api_key is defined + community.okd.openshift_auth: + state: absent + api_key: "{{ openshift_auth_results.openshift_auth.api_key }}" + + + +Return Values +------------- +Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module: + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Key</th> + <th>Returned</th> + <th width="100%">Description</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>k8s_auth</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>success</td> + <td> + <div>Same as returned openshift_auth. Kept only for backwards compatibility</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>api_key</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>Authentication token.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>ca_cert</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>Path to a CA certificate file used to verify connection to the API server.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>URL for accessing the API server.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>username</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>Username for authenticating with the API server.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>validate_certs</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td>success</td> + <td> + <div>Whether or not to verify the API server's SSL certificates.</div> + <br/> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>openshift_auth</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>success</td> + <td> + <div>OpenShift authentication facts.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>api_key</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>Authentication token.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>ca_cert</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>Path to a CA certificate file used to verify connection to the API server.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>URL for accessing the API server.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>username</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>Username for authenticating with the API server.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>validate_certs</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td>success</td> + <td> + <div>Whether or not to verify the API server's SSL certificates.</div> + <br/> + </td> + </tr> + + </table> + <br/><br/> + + +Status +------ + + +Authors +~~~~~~~ + +- KubeVirt Team (@kubevirt) +- Fabian von Feilitzsch (@fabianvf) diff --git a/ansible_collections/community/okd/docs/community.okd.openshift_build_module.rst b/ansible_collections/community/okd/docs/community.okd.openshift_build_module.rst new file mode 100644 index 000000000..dc177bef0 --- /dev/null +++ b/ansible_collections/community/okd/docs/community.okd.openshift_build_module.rst @@ -0,0 +1,844 @@ +.. _community.okd.openshift_build_module: + + +***************************** +community.okd.openshift_build +***************************** + +**Start a new build or Cancel running, pending, or new builds.** + + +Version added: 2.3.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module starts a new build from the provided build config or build name. +- This module also cancel a new, pending or running build by requesting a graceful shutdown of the build. There may be a delay between requesting the build and the time the build is terminated. +- This can also restart a new build when the current is cancelled. +- Analogous to ``oc cancel-build`` and ``oc start-build``. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- python >= 3.6 +- kubernetes >= 12.0.0 + + +Parameters +---------- + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Parameter</th> + <th>Choices/<font color="blue">Defaults</font></th> + <th width="100%">Comments</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>api_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Token used to authenticate with the API. Can also be specified via K8S_AUTH_API_KEY environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>build_args</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>Specify a list of key-value pair to pass to Docker during the build.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>name</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + / <span style="color: red">required</span> + </div> + </td> + <td> + </td> + <td> + <div>docker build argument name.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>value</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + / <span style="color: red">required</span> + </div> + </td> + <td> + </td> + <td> + <div>docker build argument value.</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>build_config_name</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Specify the name of a build config from which a new build will be run.</div> + <div>Mutually exclusive with parameter <em>build_name</em>.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>build_name</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Specify the name of a build which should be re-run.</div> + <div>Mutually exclusive with parameter <em>build_config_name</em>.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>build_phases</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>New</li> + <li>Pending</li> + <li>Running</li> + </ul> + <b>Default:</b><br/><div style="color: blue">[]</div> + </td> + <td> + <div>List of state for build to cancel.</div> + <div>Ignored when <code>state=started</code>.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ca_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to avoid certificate validation errors. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: ssl_ca_cert</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: cert_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: key_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>commit</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Specify the source code commit identifier the build should use; requires a build based on a Git repository.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>context</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The name of a context found in the config file. Can also be specified via K8S_AUTH_CONTEXT environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>env_vars</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>Specify a list of key-value pair for an environment variable to set for the build container.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>name</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + / <span style="color: red">required</span> + </div> + </td> + <td> + </td> + <td> + <div>Environment variable name.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>value</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + / <span style="color: red">required</span> + </div> + </td> + <td> + </td> + <td> + <div>Environment variable value.</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>impersonate_groups</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=string</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.3.0</div> + </td> + <td> + </td> + <td> + <div>Group(s) to impersonate for the operation.</div> + <div>Can also be specified via K8S_AUTH_IMPERSONATE_GROUPS environment. Example: Group1,Group2</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>impersonate_user</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.3.0</div> + </td> + <td> + </td> + <td> + <div>Username to impersonate for the operation.</div> + <div>Can also be specified via K8S_AUTH_IMPERSONATE_USER environment.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>incremental</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Overrides the incremental setting in a source-strategy build, ignored if not specified.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>kubeconfig</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">raw</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to an existing Kubernetes config file. If not provided, and no other connection options are provided, the Kubernetes client will attempt to load the default configuration file from <em>~/.kube/config</em>. Can also be specified via K8S_AUTH_KUBECONFIG environment variable.</div> + <div>Multiple Kubernetes config file can be provided using separator ';' for Windows platform or ':' for others platforms.</div> + <div>The kubernetes configuration can be provided as dictionary. This feature requires a python kubernetes client version >= 17.17.0. Added in version 2.2.0.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>namespace</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + / <span style="color: red">required</span> + </div> + </td> + <td> + </td> + <td> + <div>Specify the namespace for the build or the build config.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>no_cache</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Overrides the noCache setting in a docker-strategy build, ignored if not specified.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>no_proxy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.3.0</div> + </td> + <td> + </td> + <td> + <div>The comma separated list of hosts/domains/IP/CIDR that shouldn't go through proxy. Can also be specified via K8S_AUTH_NO_PROXY environment variable.</div> + <div>Please note that this module does not pick up typical proxy settings from the environment (e.g. NO_PROXY).</div> + <div>This feature requires kubernetes>=19.15.0. When kubernetes library is less than 19.15.0, it fails even no_proxy set in correct.</div> + <div>example value is "localhost,.local,.example.com,127.0.0.1,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>password</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD environment variable.</div> + <div>Please read the description of the <code>username</code> option for a discussion of when this option is applicable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>persist_config</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to save the kube config refresh tokens. Can also be specified via K8S_AUTH_PERSIST_CONFIG environment variable.</div> + <div>When the k8s context is using a user credentials with refresh tokens (like oidc or gke/gcloud auth), the token is refreshed by the k8s python client library but not saved by default. So the old refresh token can expire and the next auth might fail. Setting this flag to true will tell the k8s python client to save the new refresh token to the kube config file.</div> + <div>Default to false.</div> + <div>Please note that the current version of the k8s python client library does not support setting this flag to True yet.</div> + <div>The fix for this k8s python library is here: https://github.com/kubernetes-client/python-base/pull/169</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The URL of an HTTP proxy to use for the connection. Can also be specified via K8S_AUTH_PROXY environment variable.</div> + <div>Please note that this module does not pick up typical proxy settings from the environment (e.g. HTTP_PROXY).</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_headers</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.0.0</div> + </td> + <td> + </td> + <td> + <div>The Header used for the HTTP proxy.</div> + <div>Documentation can be found here <a href='https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers'>https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers</a>.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for proxy basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>user_agent</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>String representing the user-agent you want, such as foo/1.0.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_USER_AGENT environment.</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>state</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>started</b> ←</div></li> + <li>cancelled</li> + <li>restarted</li> + </ul> + </td> + <td> + <div>Determines if a Build should be started ,cancelled or restarted.</div> + <div>When set to <code>restarted</code> a new build will be created after the current build is cancelled.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>username</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a username for authenticating with the API. Can also be specified via K8S_AUTH_USERNAME environment variable.</div> + <div>Please note that this only works with clusters configured to use HTTP Basic Auth. If your cluster has a different form of authentication (e.g. OAuth2 in OpenShift), this option will not work as expected and you should look into the <span class='module'>community.okd.k8s_auth</span> module, as that might do what you need.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>validate_certs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: verify_ssl</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>no</b> ←</div></li> + <li>yes</li> + </ul> + </td> + <td> + <div>When <code>state=started</code>, specify whether to wait for a build to complete and exit with a non-zero return code if the build fails.</div> + <div>When <em>state=cancelled</em>, specify whether to wait for a build phase to be Cancelled.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait_sleep</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">5</div> + </td> + <td> + <div>Number of seconds to sleep between checks.</div> + <div>Ignored if <code>wait=false</code>.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait_timeout</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">120</div> + </td> + <td> + <div>How long in seconds to wait for a build to complete.</div> + <div>Ignored if <code>wait=false</code>.</div> + </td> + </tr> + </table> + <br/> + + +Notes +----- + +.. note:: + - To avoid SSL certificate validation errors when ``validate_certs`` is *True*, the full certificate chain for the API server must be provided via ``ca_cert`` or in the kubeconfig file. + + + +Examples +-------- + +.. code-block:: yaml + + # Starts build from build config default/hello-world + - name: Starts build from build config + community.okd.openshift_build: + namespace: default + build_config_name: hello-world + + # Starts build from a previous build "default/hello-world-1" + - name: Starts build from a previous build + community.okd.openshift_build: + namespace: default + build_name: hello-world-1 + + # Cancel the build with the given name + - name: Cancel build from default namespace + community.okd.openshift_build: + namespace: "default" + build_name: ruby-build-1 + state: cancelled + + # Cancel the named build and create a new one with the same parameters + - name: Cancel build from default namespace and create a new one + community.okd.openshift_build: + namespace: "default" + build_name: ruby-build-1 + state: restarted + + # Cancel all builds created from 'ruby-build' build configuration that are in 'new' state + - name: Cancel build from default namespace and create a new one + community.okd.openshift_build: + namespace: "default" + build_config_name: ruby-build + build_phases: + - New + state: cancelled + + + +Return Values +------------- +Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module: + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Key</th> + <th>Returned</th> + <th width="100%">Description</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>builds</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>success</td> + <td> + <div>The builds that were started/cancelled.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>api_version</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>The versioned schema of this representation of an object.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>kind</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>Represents the REST resource this object represents.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>metadata</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>Standard object metadata. Includes name, namespace, annotations, labels, etc.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>spec</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>Specific attributes of the build.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>status</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>Current status details for the object.</div> + <br/> + </td> + </tr> + + </table> + <br/><br/> + + +Status +------ + + +Authors +~~~~~~~ + +- Aubin Bikouo (@abikouo) diff --git a/ansible_collections/community/okd/docs/community.okd.openshift_import_image_module.rst b/ansible_collections/community/okd/docs/community.okd.openshift_import_image_module.rst new file mode 100644 index 000000000..920c8405b --- /dev/null +++ b/ansible_collections/community/okd/docs/community.okd.openshift_import_image_module.rst @@ -0,0 +1,626 @@ +.. _community.okd.openshift_import_image_module: + + +************************************ +community.okd.openshift_import_image +************************************ + +**Import the latest image information from a tag in a container image registry.** + + +Version added: 2.2.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Image streams allow you to control which images are rolled out to your builds and applications. +- This module fetches the latest version of an image from a remote repository and updates the image stream tag if it does not match the previous value. +- Running the module multiple times will not create duplicate entries. +- When importing an image, only the image metadata is copied, not the image contents. +- Analogous to ``oc import-image``. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- python >= 3.6 +- kubernetes >= 12.0.0 +- docker-image-py + + +Parameters +---------- + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Parameter</th> + <th>Choices/<font color="blue">Defaults</font></th> + <th width="100%">Comments</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>all</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>no</b> ←</div></li> + <li>yes</li> + </ul> + </td> + <td> + <div>If set to <em>true</em>, import all tags from the provided source on creation or if <code>source</code> is specified.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>api_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Token used to authenticate with the API. Can also be specified via K8S_AUTH_API_KEY environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ca_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to avoid certificate validation errors. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: ssl_ca_cert</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: cert_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: key_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>context</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The name of a context found in the config file. Can also be specified via K8S_AUTH_CONTEXT environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>kubeconfig</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">raw</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to an existing Kubernetes config file. If not provided, and no other connection options are provided, the Kubernetes client will attempt to load the default configuration file from <em>~/.kube/config</em>. Can also be specified via K8S_AUTH_KUBECONFIG environment variable.</div> + <div>The kubernetes configuration can be provided as dictionary. This feature requires a python kubernetes client version >= 17.17.0. Added in version 2.2.0.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>name</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">raw</span> + / <span style="color: red">required</span> + </div> + </td> + <td> + </td> + <td> + <div>Image stream to import tag into.</div> + <div>This can be provided as a list of images streams or a single value.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>namespace</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + / <span style="color: red">required</span> + </div> + </td> + <td> + </td> + <td> + <div>Use to specify namespace for image stream to create/update.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>password</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD environment variable.</div> + <div>Please read the description of the <code>username</code> option for a discussion of when this option is applicable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>persist_config</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to save the kube config refresh tokens. Can also be specified via K8S_AUTH_PERSIST_CONFIG environment variable.</div> + <div>When the k8s context is using a user credentials with refresh tokens (like oidc or gke/gcloud auth), the token is refreshed by the k8s python client library but not saved by default. So the old refresh token can expire and the next auth might fail. Setting this flag to true will tell the k8s python client to save the new refresh token to the kube config file.</div> + <div>Default to false.</div> + <div>Please note that the current version of the k8s python client library does not support setting this flag to True yet.</div> + <div>The fix for this k8s python library is here: https://github.com/kubernetes-client/python-base/pull/169</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The URL of an HTTP proxy to use for the connection. Can also be specified via K8S_AUTH_PROXY environment variable.</div> + <div>Please note that this module does not pick up typical proxy settings from the environment (e.g. HTTP_PROXY).</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_headers</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.0.0</div> + </td> + <td> + </td> + <td> + <div>The Header used for the HTTP proxy.</div> + <div>Documentation can be found here <a href='https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers'>https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers</a>.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for proxy basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>user_agent</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>String representing the user-agent you want, such as foo/1.0.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_USER_AGENT environment.</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>reference_policy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>source</b> ←</div></li> + <li>local</li> + </ul> + </td> + <td> + <div>Allow to request pullthrough for external image when set to <em>local</em>.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>scheduled</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>no</b> ←</div></li> + <li>yes</li> + </ul> + </td> + <td> + <div>Set each imported Docker image to be periodically imported from a remote repository.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>source</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>A Docker image repository to import images from.</div> + <div>Should be provided as 'registry.io/repo/image'</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>username</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a username for authenticating with the API. Can also be specified via K8S_AUTH_USERNAME environment variable.</div> + <div>Please note that this only works with clusters configured to use HTTP Basic Auth. If your cluster has a different form of authentication (e.g. OAuth2 in OpenShift), this option will not work as expected and you should look into the <span class='module'>community.okd.k8s_auth</span> module, as that might do what you need.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>validate_certs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: verify_ssl</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>validate_registry_certs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>If set to <em>true</em>, allow importing from registries that have invalid HTTPS certificates. or are hosted via HTTP. This parameter will take precedence over the insecure annotation.</div> + </td> + </tr> + </table> + <br/> + + +Notes +----- + +.. note:: + - To avoid SSL certificate validation errors when ``validate_certs`` is *True*, the full certificate chain for the API server must be provided via ``ca_cert`` or in the kubeconfig file. + + + +Examples +-------- + +.. code-block:: yaml + + # Import tag latest into a new image stream. + - name: Import tag latest into new image stream + community.okd.openshift_import_image: + namespace: testing + name: mystream + source: registry.io/repo/image:latest + + # Update imported data for tag latest in an already existing image stream. + - name: Update imported data for tag latest + community.okd.openshift_import_image: + namespace: testing + name: mystream + + # Update imported data for tag 'stable' in an already existing image stream. + - name: Update imported data for tag latest + community.okd.openshift_import_image: + namespace: testing + name: mystream:stable + + # Update imported data for all tags in an existing image stream. + - name: Update imported data for all tags + community.okd.openshift_import_image: + namespace: testing + name: mystream + all: true + + # Import all tags into a new image stream. + - name: Import all tags into a new image stream. + community.okd.openshift_import_image: + namespace: testing + name: mystream + source: registry.io/repo/image:latest + all: true + + # Import all tags into a new image stream for a list of image streams + - name: Import all tags into a new image stream. + community.okd.openshift_import_image: + namespace: testing + name: + - mystream1 + - mystream2 + - mystream3 + source: registry.io/repo/image:latest + all: true + + + +Return Values +------------- +Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module: + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Key</th> + <th>Returned</th> + <th width="100%">Description</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>result</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>List with all ImageStreamImport that have been created.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>api_version</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>The versioned schema of this representation of an object.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>kind</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>Represents the REST resource this object represents.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>metadata</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>Standard object metadata. Includes name, namespace, annotations, labels, etc.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>spec</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>Specific attributes of the object. Will vary based on the <em>api_version</em> and <em>kind</em>.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>status</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>Current status details for the object.</div> + <br/> + </td> + </tr> + + </table> + <br/><br/> + + +Status +------ + + +Authors +~~~~~~~ + +- Aubin Bikouo (@abikouo) diff --git a/ansible_collections/community/okd/docs/community.okd.openshift_inventory.rst b/ansible_collections/community/okd/docs/community.okd.openshift_inventory.rst new file mode 100644 index 000000000..57527f454 --- /dev/null +++ b/ansible_collections/community/okd/docs/community.okd.openshift_inventory.rst @@ -0,0 +1,356 @@ +.. _community.okd.openshift_inventory: + + +*********************** +community.okd.openshift +*********************** + +**OpenShift inventory source** + + + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Fetch containers, services and routes for one or more clusters +- Groups by cluster name, namespace, namespace_services, namespace_pods, namespace_routes, and labels +- Uses openshift.(yml|yaml) YAML configuration file to set parameter values. + + + +Requirements +------------ +The below requirements are needed on the local Ansible controller node that executes this inventory. + +- python >= 3.6 +- kubernetes >= 12.0.0 +- PyYAML >= 3.11 + + +Parameters +---------- + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Parameter</th> + <th>Choices/<font color="blue">Defaults</font></th> + <th>Configuration</th> + <th width="100%">Comments</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>connections</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + </td> + <td> + </td> + <td> + <div>Optional list of cluster connection settings. If no connections are provided, the default <em>~/.kube/config</em> and active context will be used, and objects will be returned for all namespaces the active user is authorized to access.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>api_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + </td> + <td> + </td> + <td> + <div>Token used to authenticate with the API. Can also be specified via K8S_AUTH_API_KEY environment variable.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ca_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + </td> + <td> + </td> + <td> + <div>Path to a CA certificate used to authenticate with the API. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: ssl_ca_cert</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + </td> + <td> + </td> + <td> + <div>Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: cert_file</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + </td> + <td> + </td> + <td> + <div>Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: key_file</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>context</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + </td> + <td> + </td> + <td> + <div>The name of a context found in the config file. Can also be specified via K8S_AUTH_CONTEXT environment variable.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + </td> + <td> + </td> + <td> + <div>Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment variable.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>kubeconfig</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + </td> + <td> + </td> + <td> + <div>Path to an existing Kubernetes config file. If not provided, and no other connection options are provided, the Kubernetes client will attempt to load the default configuration file from <em>~/.kube/config</em>. Can also be specified via K8S_AUTH_KUBECONFIG environment variable.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>name</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + </td> + <td> + </td> + <td> + <div>Optional name to assign to the cluster. If not provided, a name is constructed from the server and port.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>namespaces</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + </td> + <td> + </td> + <td> + <div>List of namespaces. If not specified, will fetch all containers for all namespaces user is authorized to access.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>password</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + </td> + <td> + </td> + <td> + <div>Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD environment variable.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>username</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + </td> + <td> + </td> + <td> + <div>Provide a username for authenticating with the API. Can also be specified via K8S_AUTH_USERNAME environment variable.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>validate_certs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + </td> + <td> + <div>Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: verify_ssl</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>plugin</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + / <span style="color: red">required</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>openshift</li> + <li>community.okd.openshift</li> + </ul> + </td> + <td> + </td> + <td> + <div>token that ensures this is a source file for the 'openshift' plugin.</div> + </td> + </tr> + </table> + <br/> + + + + +Examples +-------- + +.. code-block:: yaml + + # File must be named openshift.yaml or openshift.yml + + # Authenticate with token, and return all pods and services for all namespaces + plugin: community.okd.openshift + connections: + - host: https://192.168.64.4:8443 + api_key: xxxxxxxxxxxxxxxx + verify_ssl: false + + # Use default config (~/.kube/config) file and active context, and return objects for a specific namespace + plugin: community.okd.openshift + connections: + - namespaces: + - testing + + # Use a custom config file, and a specific context. + plugin: community.okd.openshift + connections: + - kubeconfig: /path/to/config + context: 'awx/192-168-64-4:8443/developer' + + + + +Status +------ + + +Authors +~~~~~~~ + +- Chris Houseknecht <@chouseknecht> + + +.. hint:: + Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up. diff --git a/ansible_collections/community/okd/docs/community.okd.openshift_process_module.rst b/ansible_collections/community/okd/docs/community.okd.openshift_process_module.rst new file mode 100644 index 000000000..7de7e8c3a --- /dev/null +++ b/ansible_collections/community/okd/docs/community.okd.openshift_process_module.rst @@ -0,0 +1,1004 @@ +.. _community.okd.openshift_process_module: + + +******************************* +community.okd.openshift_process +******************************* + +**Process an OpenShift template.openshift.io/v1 Template** + + +Version added: 0.3.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Processes a specified OpenShift template with the provided template. +- Templates can be provided inline, from a file, or specified by name and namespace in the cluster. +- Analogous to `oc process`. +- For CRUD operations on Template resources themselves, see the community.okd.k8s module. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- python >= 3.6 +- kubernetes >= 12.0.0 +- PyYAML >= 3.11 + + +Parameters +---------- + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Parameter</th> + <th>Choices/<font color="blue">Defaults</font></th> + <th width="100%">Comments</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>api_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Token used to authenticate with the API. Can also be specified via K8S_AUTH_API_KEY environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ca_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to avoid certificate validation errors. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: ssl_ca_cert</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: cert_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: key_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>context</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The name of a context found in the config file. Can also be specified via K8S_AUTH_CONTEXT environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>kubeconfig</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">raw</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to an existing Kubernetes config file. If not provided, and no other connection options are provided, the Kubernetes client will attempt to load the default configuration file from <em>~/.kube/config</em>. Can also be specified via K8S_AUTH_KUBECONFIG environment variable.</div> + <div>The kubernetes configuration can be provided as dictionary. This feature requires a python kubernetes client version >= 17.17.0. Added in version 2.2.0.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>name</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The name of the Template to process.</div> + <div>The Template must be present in the cluster.</div> + <div>When provided, <em>namespace</em> is required.</div> + <div>Mutually exclusive with <em>resource_definition</em> or <em>src</em></div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>namespace</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The namespace that the template can be found in.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>namespace_target</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + </td> + <td> + <div>The namespace that resources should be created, updated, or deleted in.</div> + <div>Only used when <em>state</em> is present or absent.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>parameter_file</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>A path to a file containing template parameter values to override/set values in the Template.</div> + <div>Corresponds to the `--param-file` argument to oc process.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>parameters</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>A set of key: value pairs that will be used to set/override values in the Template.</div> + <div>Corresponds to the `--param` argument to oc process.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>password</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD environment variable.</div> + <div>Please read the description of the <code>username</code> option for a discussion of when this option is applicable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>persist_config</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to save the kube config refresh tokens. Can also be specified via K8S_AUTH_PERSIST_CONFIG environment variable.</div> + <div>When the k8s context is using a user credentials with refresh tokens (like oidc or gke/gcloud auth), the token is refreshed by the k8s python client library but not saved by default. So the old refresh token can expire and the next auth might fail. Setting this flag to true will tell the k8s python client to save the new refresh token to the kube config file.</div> + <div>Default to false.</div> + <div>Please note that the current version of the k8s python client library does not support setting this flag to True yet.</div> + <div>The fix for this k8s python library is here: https://github.com/kubernetes-client/python-base/pull/169</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The URL of an HTTP proxy to use for the connection. Can also be specified via K8S_AUTH_PROXY environment variable.</div> + <div>Please note that this module does not pick up typical proxy settings from the environment (e.g. HTTP_PROXY).</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_headers</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.0.0</div> + </td> + <td> + </td> + <td> + <div>The Header used for the HTTP proxy.</div> + <div>Documentation can be found here <a href='https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers'>https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers</a>.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for proxy basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>user_agent</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>String representing the user-agent you want, such as foo/1.0.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_USER_AGENT environment.</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>resource_definition</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">-</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a valid YAML definition (either as a string, list, or dict) for an object when creating or updating.</div> + <div>NOTE: <em>kind</em>, <em>api_version</em>, <em>name</em>, and <em>namespace</em> will be overwritten by corresponding values found in the provided <em>resource_definition</em>.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: definition, inline</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>src</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a path to a file containing a valid YAML definition of an object or objects to be created or updated. Mutually exclusive with <em>resource_definition</em>. NOTE: <em>kind</em>, <em>api_version</em>, <em>name</em>, and <em>namespace</em> will be overwritten by corresponding values found in the configuration read in from the <em>src</em> file.</div> + <div>Reads from the local file system. To read from the Ansible controller's file system, including vaulted files, use the file lookup plugin or template lookup plugin, combined with the from_yaml filter, and pass the result to <em>resource_definition</em>. See Examples below.</div> + <div>Mutually exclusive with <em>template</em> in case of <span class='module'>kubernetes.core.k8s</span> module.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>state</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>absent</li> + <li>present</li> + <li><div style="color: blue"><b>rendered</b> ←</div></li> + </ul> + </td> + <td> + <div>Determines what to do with the rendered Template.</div> + <div>The state <em>rendered</em> will render the Template based on the provided parameters, and return the rendered objects in the <em>resources</em> field. These can then be referenced in future tasks.</div> + <div>The state <em>present</em> will cause the resources in the rendered Template to be created if they do not already exist, and patched if they do.</div> + <div>The state <em>absent</em> will delete the resources in the rendered Template.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>username</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a username for authenticating with the API. Can also be specified via K8S_AUTH_USERNAME environment variable.</div> + <div>Please note that this only works with clusters configured to use HTTP Basic Auth. If your cluster has a different form of authentication (e.g. OAuth2 in OpenShift), this option will not work as expected and you should look into the <span class='module'>community.okd.k8s_auth</span> module, as that might do what you need.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>validate_certs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: verify_ssl</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>no</b> ←</div></li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether to wait for certain resource kinds to end up in the desired state.</div> + <div>By default the module exits once Kubernetes has received the request.</div> + <div>Implemented for <code>state=present</code> for <code>Deployment</code>, <code>DaemonSet</code> and <code>Pod</code>, and for <code>state=absent</code> for all resource kinds.</div> + <div>For resource kinds without an implementation, <code>wait</code> returns immediately unless <code>wait_condition</code> is set.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait_condition</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>Specifies a custom condition on the status to wait for.</div> + <div>Ignored if <code>wait</code> is not set or is set to False.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>reason</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The value of the reason field in your desired condition</div> + <div>For example, if a <code>Deployment</code> is paused, The <code>Progressing</code> <code>type</code> will have the <code>DeploymentPaused</code> reason.</div> + <div>The possible reasons in a condition are specific to each resource type in Kubernetes.</div> + <div>See the API documentation of the status field for a given resource to see possible choices.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>status</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>True</b> ←</div></li> + <li>False</li> + <li>Unknown</li> + </ul> + </td> + <td> + <div>The value of the status field in your desired condition.</div> + <div>For example, if a <code>Deployment</code> is paused, the <code>Progressing</code> <code>type</code> will have the <code>Unknown</code> status.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>type</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The type of condition to wait for.</div> + <div>For example, the <code>Pod</code> resource will set the <code>Ready</code> condition (among others).</div> + <div>Required if you are specifying a <code>wait_condition</code>.</div> + <div>If left empty, the <code>wait_condition</code> field will be ignored.</div> + <div>The possible types for a condition are specific to each resource type in Kubernetes.</div> + <div>See the API documentation of the status field for a given resource to see possible choices.</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait_sleep</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">5</div> + </td> + <td> + <div>Number of seconds to sleep between checks.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait_timeout</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">120</div> + </td> + <td> + <div>How long in seconds to wait for the resource to end up in the desired state.</div> + <div>Ignored if <code>wait</code> is not set.</div> + </td> + </tr> + </table> + <br/> + + +Notes +----- + +.. note:: + - To avoid SSL certificate validation errors when ``validate_certs`` is *True*, the full certificate chain for the API server must be provided via ``ca_cert`` or in the kubeconfig file. + + + +Examples +-------- + +.. code-block:: yaml + + - name: Process a template in the cluster + community.okd.openshift_process: + name: nginx-example + namespace: openshift # only needed if using a template already on the server + parameters: + NAMESPACE: openshift + NAME: test123 + state: rendered + register: result + + - name: Create the rendered resources using apply + community.okd.k8s: + namespace: default + definition: '{{ item }}' + wait: yes + apply: yes + loop: '{{ result.resources }}' + + - name: Process a template with parameters from an env file and create the resources + community.okd.openshift_process: + name: nginx-example + namespace: openshift + namespace_target: default + parameter_file: 'files/nginx.env' + state: present + wait: yes + + - name: Process a local template and create the resources + community.okd.openshift_process: + src: files/example-template.yaml + parameter_file: files/example.env + namespace_target: default + state: present + + - name: Process a local template, delete the resources, and wait for them to terminate + community.okd.openshift_process: + src: files/example-template.yaml + parameter_file: files/example.env + namespace_target: default + state: absent + wait: yes + + + +Return Values +------------- +Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module: + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="3">Key</th> + <th>Returned</th> + <th width="100%">Description</th> + </tr> + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>resources</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>on success when state is rendered</td> + <td> + <div>The rendered resources defined in the Template</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>apiVersion</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>The versioned schema of this representation of an object.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>kind</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>Represents the REST resource this object represents.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>metadata</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>success</td> + <td> + <div>Standard object metadata. Includes name, namespace, annotations, labels, etc.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>name</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>The name of the resource</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>namespace</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>The namespace of the resource</div> + <br/> + </td> + </tr> + + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>spec</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>Specific attributes of the object. Will vary based on the <em>api_version</em> and <em>kind</em>.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>status</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>Current status details for the object.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>conditions</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td></td> + <td> + <div>Array of status conditions for the object. Not guaranteed to be present</div> + <br/> + </td> + </tr> + + + <tr> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>result</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>on success when state is present or absent</td> + <td> + <div>The created, patched, or otherwise present object. Will be empty in the case of a deletion.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>apiVersion</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>The versioned schema of this representation of an object.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>duration</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td>when <code>wait</code> is true</td> + <td> + <div>elapsed time of task in seconds</div> + <br/> + <div style="font-size: smaller"><b>Sample:</b></div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">48</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>items</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + </div> + </td> + <td>when resource_definition or src contains list of objects</td> + <td> + <div>Returned only when multiple yaml documents are passed to src or resource_definition</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>kind</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>Represents the REST resource this object represents.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>metadata</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>success</td> + <td> + <div>Standard object metadata. Includes name, namespace, annotations, labels, etc.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>name</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>The name of the resource</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>namespace</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>The namespace of the resource</div> + <br/> + </td> + </tr> + + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>spec</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>Specific attributes of the object. Will vary based on the <em>api_version</em> and <em>kind</em>.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>status</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>success</td> + <td> + <div>Current status details for the object.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>conditions</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td></td> + <td> + <div>Array of status conditions for the object. Not guaranteed to be present</div> + <br/> + </td> + </tr> + + + </table> + <br/><br/> + + +Status +------ + + +Authors +~~~~~~~ + +- Fabian von Feilitzsch (@fabianvf) diff --git a/ansible_collections/community/okd/docs/community.okd.openshift_registry_info_module.rst b/ansible_collections/community/okd/docs/community.okd.openshift_registry_info_module.rst new file mode 100644 index 000000000..f556d0f64 --- /dev/null +++ b/ansible_collections/community/okd/docs/community.okd.openshift_registry_info_module.rst @@ -0,0 +1,464 @@ +.. _community.okd.openshift_registry_info_module: + + +************************************* +community.okd.openshift_registry_info +************************************* + +**Display information about the integrated registry.** + + +Version added: 2.2.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module exposes information about the integrated registry. +- Use ``check`` to verify your local client can access the registry. +- If the adminstrator has not configured a public hostname for the registry then this command may fail when run outside of the server. +- Analogous to ``oc registry info``. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- python >= 3.6 +- kubernetes >= 12.0.0 +- docker-image-py + + +Parameters +---------- + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Parameter</th> + <th>Choices/<font color="blue">Defaults</font></th> + <th width="100%">Comments</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>api_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Token used to authenticate with the API. Can also be specified via K8S_AUTH_API_KEY environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ca_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to avoid certificate validation errors. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: ssl_ca_cert</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>check</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>no</b> ←</div></li> + <li>yes</li> + </ul> + </td> + <td> + <div>Attempt to contact the integrated registry using local client.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: cert_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: key_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>context</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The name of a context found in the config file. Can also be specified via K8S_AUTH_CONTEXT environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>kubeconfig</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">raw</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to an existing Kubernetes config file. If not provided, and no other connection options are provided, the Kubernetes client will attempt to load the default configuration file from <em>~/.kube/config</em>. Can also be specified via K8S_AUTH_KUBECONFIG environment variable.</div> + <div>The kubernetes configuration can be provided as dictionary. This feature requires a python kubernetes client version >= 17.17.0. Added in version 2.2.0.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>password</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD environment variable.</div> + <div>Please read the description of the <code>username</code> option for a discussion of when this option is applicable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>persist_config</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to save the kube config refresh tokens. Can also be specified via K8S_AUTH_PERSIST_CONFIG environment variable.</div> + <div>When the k8s context is using a user credentials with refresh tokens (like oidc or gke/gcloud auth), the token is refreshed by the k8s python client library but not saved by default. So the old refresh token can expire and the next auth might fail. Setting this flag to true will tell the k8s python client to save the new refresh token to the kube config file.</div> + <div>Default to false.</div> + <div>Please note that the current version of the k8s python client library does not support setting this flag to True yet.</div> + <div>The fix for this k8s python library is here: https://github.com/kubernetes-client/python-base/pull/169</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The URL of an HTTP proxy to use for the connection. Can also be specified via K8S_AUTH_PROXY environment variable.</div> + <div>Please note that this module does not pick up typical proxy settings from the environment (e.g. HTTP_PROXY).</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_headers</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.0.0</div> + </td> + <td> + </td> + <td> + <div>The Header used for the HTTP proxy.</div> + <div>Documentation can be found here <a href='https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers'>https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers</a>.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for proxy basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>user_agent</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>String representing the user-agent you want, such as foo/1.0.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_USER_AGENT environment.</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>username</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a username for authenticating with the API. Can also be specified via K8S_AUTH_USERNAME environment variable.</div> + <div>Please note that this only works with clusters configured to use HTTP Basic Auth. If your cluster has a different form of authentication (e.g. OAuth2 in OpenShift), this option will not work as expected and you should look into the <span class='module'>community.okd.k8s_auth</span> module, as that might do what you need.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>validate_certs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: verify_ssl</div> + </td> + </tr> + </table> + <br/> + + +Notes +----- + +.. note:: + - To avoid SSL certificate validation errors when ``validate_certs`` is *True*, the full certificate chain for the API server must be provided via ``ca_cert`` or in the kubeconfig file. + + + +Examples +-------- + +.. code-block:: yaml + + # Get registry information + - name: Read integrated registry information + community.okd.openshift_registry_info: + + # Read registry integrated information and attempt to contact using local client. + - name: Attempt to contact integrated registry using local client + community.okd.openshift_registry_info: + check: yes + + + +Return Values +------------- +Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module: + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Key</th> + <th>Returned</th> + <th width="100%">Description</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>check</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td>success</td> + <td> + <div>Whether the local client can contact or not the registry.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>msg</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>always</td> + <td> + <div>message describing the ping operation.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>reached</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>Whether the registry has been reached or not.</div> + <br/> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>internal_hostname</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>The internal registry hostname.</div> + <br/> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>public_hostname</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>The public registry hostname.</div> + <br/> + </td> + </tr> + </table> + <br/><br/> + + +Status +------ + + +Authors +~~~~~~~ + +- Aubin Bikouo (@abikouo) diff --git a/ansible_collections/community/okd/docs/community.okd.openshift_route_module.rst b/ansible_collections/community/okd/docs/community.okd.openshift_route_module.rst new file mode 100644 index 000000000..fc62623c5 --- /dev/null +++ b/ansible_collections/community/okd/docs/community.okd.openshift_route_module.rst @@ -0,0 +1,1440 @@ +.. _community.okd.openshift_route_module: + + +***************************** +community.okd.openshift_route +***************************** + +**Expose a Service as an OpenShift Route.** + + +Version added: 0.3.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Looks up a Service and creates a new Route based on it. +- Analogous to `oc expose` and `oc create route` for creating Routes, but does not support creating Services. +- For creating Services from other resources, see kubernetes.core.k8s. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- python >= 3.6 +- kubernetes >= 12.0.0 +- PyYAML >= 3.11 + + +Parameters +---------- + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="2">Parameter</th> + <th>Choices/<font color="blue">Defaults</font></th> + <th width="100%">Comments</th> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>annotations</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.1.0</div> + </td> + <td> + </td> + <td> + <div>Specify the Route Annotations.</div> + <div>A set of key: value pairs.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>api_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Token used to authenticate with the API. Can also be specified via K8S_AUTH_API_KEY environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ca_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to avoid certificate validation errors. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: ssl_ca_cert</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_cert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: cert_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>client_key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">path</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: key_file</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>context</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The name of a context found in the config file. Can also be specified via K8S_AUTH_CONTEXT environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>force</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>no</b> ←</div></li> + <li>yes</li> + </ul> + </td> + <td> + <div>If set to <code>yes</code>, and <em>state</em> is <code>present</code>, an existing object will be replaced.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment variable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>hostname</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The hostname for the Route.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>kubeconfig</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">raw</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to an existing Kubernetes config file. If not provided, and no other connection options are provided, the Kubernetes client will attempt to load the default configuration file from <em>~/.kube/config</em>. Can also be specified via K8S_AUTH_KUBECONFIG environment variable.</div> + <div>The kubernetes configuration can be provided as dictionary. This feature requires a python kubernetes client version >= 17.17.0. Added in version 2.2.0.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>labels</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>Specify the labels to apply to the created Route.</div> + <div>A set of key: value pairs.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>name</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The desired name of the Route to be created.</div> + <div>Defaults to the value of <em>service</em></div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>namespace</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + / <span style="color: red">required</span> + </div> + </td> + <td> + </td> + <td> + <div>The namespace of the resource being targeted.</div> + <div>The Route will be created in this namespace as well.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>password</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD environment variable.</div> + <div>Please read the description of the <code>username</code> option for a discussion of when this option is applicable.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>path</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The path for the Route</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>persist_config</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to save the kube config refresh tokens. Can also be specified via K8S_AUTH_PERSIST_CONFIG environment variable.</div> + <div>When the k8s context is using a user credentials with refresh tokens (like oidc or gke/gcloud auth), the token is refreshed by the k8s python client library but not saved by default. So the old refresh token can expire and the next auth might fail. Setting this flag to true will tell the k8s python client to save the new refresh token to the kube config file.</div> + <div>Default to false.</div> + <div>Please note that the current version of the k8s python client library does not support setting this flag to True yet.</div> + <div>The fix for this k8s python library is here: https://github.com/kubernetes-client/python-base/pull/169</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>port</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Name or number of the port the Route will route traffic to.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The URL of an HTTP proxy to use for the connection. Can also be specified via K8S_AUTH_PROXY environment variable.</div> + <div>Please note that this module does not pick up typical proxy settings from the environment (e.g. HTTP_PROXY).</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_headers</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.0.0</div> + </td> + <td> + </td> + <td> + <div>The Header used for the HTTP proxy.</div> + <div>Documentation can be found here <a href='https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers'>https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers</a>.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>proxy_basic_auth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Colon-separated username:password for proxy basic authentication header.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH environment.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>user_agent</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>String representing the user-agent you want, such as foo/1.0.</div> + <div>Can also be specified via K8S_AUTH_PROXY_HEADERS_USER_AGENT environment.</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>service</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The name of the service to expose.</div> + <div>Required when <em>state</em> is not absent.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: svc</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>state</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>absent</li> + <li><div style="color: blue"><b>present</b> ←</div></li> + </ul> + </td> + <td> + <div>Determines if an object should be created, patched, or deleted. When set to <code>present</code>, an object will be created, if it does not already exist. If set to <code>absent</code>, an existing object will be deleted. If set to <code>present</code>, an existing object will be patched, if its attributes differ from those specified using <em>resource_definition</em> or <em>src</em>.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>termination</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>edge</li> + <li>passthrough</li> + <li>reencrypt</li> + <li><div style="color: blue"><b>insecure</b> ←</div></li> + </ul> + </td> + <td> + <div>The termination type of the Route.</div> + <div>If left empty no termination type will be set, and the route will be insecure.</div> + <div>When set to insecure <em>tls</em> will be ignored.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>tls</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>TLS configuration for the newly created route.</div> + <div>Only used when <em>termination</em> is set.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ca_certificate</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a CA certificate file on the target host.</div> + <div>Not supported when <em>termination</em> is set to passthrough.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>certificate</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a certificate file on the target host.</div> + <div>Not supported when <em>termination</em> is set to passthrough.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>destination_ca_certificate</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a CA certificate file used for securing the connection.</div> + <div>Only used when <em>termination</em> is set to reencrypt.</div> + <div>Defaults to the Service CA.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>insecure_policy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>allow</li> + <li>redirect</li> + <li><div style="color: blue"><b>disallow</b> ←</div></li> + </ul> + </td> + <td> + <div>Sets the InsecureEdgeTerminationPolicy for the Route.</div> + <div>Not supported when <em>termination</em> is set to reencrypt.</div> + <div>When <em>termination</em> is set to passthrough, only redirect is supported.</div> + <div>If not provided, insecure traffic will be disallowed.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>key</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Path to a key file on the target host.</div> + <div>Not supported when <em>termination</em> is set to passthrough.</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>username</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Provide a username for authenticating with the API. Can also be specified via K8S_AUTH_USERNAME environment variable.</div> + <div>Please note that this only works with clusters configured to use HTTP Basic Auth. If your cluster has a different form of authentication (e.g. OAuth2 in OpenShift), this option will not work as expected and you should look into the <span class='module'>community.okd.k8s_auth</span> module, as that might do what you need.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>validate_certs</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL environment variable.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: verify_ssl</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>no</b> ←</div></li> + <li>yes</li> + </ul> + </td> + <td> + <div>Whether to wait for certain resource kinds to end up in the desired state.</div> + <div>By default the module exits once Kubernetes has received the request.</div> + <div>Implemented for <code>state=present</code> for <code>Deployment</code>, <code>DaemonSet</code> and <code>Pod</code>, and for <code>state=absent</code> for all resource kinds.</div> + <div>For resource kinds without an implementation, <code>wait</code> returns immediately unless <code>wait_condition</code> is set.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait_condition</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>Specifies a custom condition on the status to wait for.</div> + <div>Ignored if <code>wait</code> is not set or is set to False.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>reason</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The value of the reason field in your desired condition</div> + <div>For example, if a <code>Deployment</code> is paused, The <code>Progressing</code> <code>type</code> will have the <code>DeploymentPaused</code> reason.</div> + <div>The possible reasons in a condition are specific to each resource type in Kubernetes.</div> + <div>See the API documentation of the status field for a given resource to see possible choices.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>status</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>True</b> ←</div></li> + <li>False</li> + <li>Unknown</li> + </ul> + </td> + <td> + <div>The value of the status field in your desired condition.</div> + <div>For example, if a <code>Deployment</code> is paused, the <code>Progressing</code> <code>type</code> will have the <code>Unknown</code> status.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>type</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>The type of condition to wait for.</div> + <div>For example, the <code>Pod</code> resource will set the <code>Ready</code> condition (among others).</div> + <div>Required if you are specifying a <code>wait_condition</code>.</div> + <div>If left empty, the <code>wait_condition</code> field will be ignored.</div> + <div>The possible types for a condition are specific to each resource type in Kubernetes.</div> + <div>See the API documentation of the status field for a given resource to see possible choices.</div> + </td> + </tr> + + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait_sleep</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">5</div> + </td> + <td> + <div>Number of seconds to sleep between checks.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wait_timeout</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + <b>Default:</b><br/><div style="color: blue">120</div> + </td> + <td> + <div>How long in seconds to wait for the resource to end up in the desired state.</div> + <div>Ignored if <code>wait</code> is not set.</div> + </td> + </tr> + <tr> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>wildcard_policy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>Subdomain</li> + </ul> + </td> + <td> + <div>The wildcard policy for the hostname.</div> + <div>Currently only Subdomain is supported.</div> + <div>If not provided, the default of None will be used.</div> + </td> + </tr> + </table> + <br/> + + +Notes +----- + +.. note:: + - To avoid SSL certificate validation errors when ``validate_certs`` is *True*, the full certificate chain for the API server must be provided via ``ca_cert`` or in the kubeconfig file. + + + +Examples +-------- + +.. code-block:: yaml + + - name: Create hello-world deployment + community.okd.k8s: + definition: + apiVersion: apps/v1 + kind: Deployment + metadata: + name: hello-kubernetes + namespace: default + spec: + replicas: 3 + selector: + matchLabels: + app: hello-kubernetes + template: + metadata: + labels: + app: hello-kubernetes + spec: + containers: + - name: hello-kubernetes + image: paulbouwer/hello-kubernetes:1.8 + ports: + - containerPort: 8080 + + - name: Create Service for the hello-world deployment + community.okd.k8s: + definition: + apiVersion: v1 + kind: Service + metadata: + name: hello-kubernetes + namespace: default + spec: + ports: + - port: 80 + targetPort: 8080 + selector: + app: hello-kubernetes + + - name: Expose the insecure hello-world service externally + community.okd.openshift_route: + service: hello-kubernetes + namespace: default + insecure_policy: allow + annotations: + haproxy.router.openshift.io/balance: roundrobin + register: route + + + +Return Values +------------- +Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module: + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="5">Key</th> + <th>Returned</th> + <th width="100%">Description</th> + </tr> + <tr> + <td colspan="5"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>duration</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td>when <code>wait</code> is true</td> + <td> + <div>elapsed time of task in seconds</div> + <br/> + <div style="font-size: smaller"><b>Sample:</b></div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">48</div> + </td> + </tr> + <tr> + <td colspan="5"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>result</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>success</td> + <td> + <div>The Route object that was created or updated. Will be empty in the case of deletion.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="4"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>apiVersion</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>The versioned schema of this representation of an object.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="4"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>kind</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td>success</td> + <td> + <div>Represents the REST resource this object represents.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="4"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>metadata</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>success</td> + <td> + <div>Standard object metadata. Includes name, namespace, annotations, labels, etc.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>name</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>The name of the created Route</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>namespace</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>The namespace of the create Route</div> + <br/> + </td> + </tr> + + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="4"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>spec</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>success</td> + <td> + <div>Specification for the Route</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>Host is an alias/DNS that points to the service.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>path</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>Path that the router watches for, to route traffic for to the service.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>port</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td></td> + <td> + <div>Defines a port mapping from a router to an endpoint in the service endpoints.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>targetPort</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>The target port on pods selected by the service this route points to.</div> + <br/> + </td> + </tr> + + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>tls</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td></td> + <td> + <div>Defines config used to secure a route and provide termination.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>caCertificate</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>Provides the cert authority certificate contents.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>certificate</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>Provides certificate contents.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>destinationCACertificate</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>Provides the contents of the ca certificate of the final destination.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>insecureEdgeTerminationPolicy</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>Indicates the desired behavior for insecure connections to a route.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>key</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>Provides key file contents.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>termination</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>Indicates termination type.</div> + <br/> + </td> + </tr> + + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>to</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td></td> + <td> + <div>Specifies the target that resolve into endpoints.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>kind</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>The kind of target that the route is referring to. Currently, only 'Service' is allowed.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>name</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>Name of the service/target that is being referred to. e.g. name of the service.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>weight</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td></td> + <td> + <div>Specifies the target's relative weight against other target reference objects.</div> + <br/> + </td> + </tr> + + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>wildcardPolicy</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>Wildcard policy if any for the route.</div> + <br/> + </td> + </tr> + + <tr> + <td class="elbow-placeholder"> </td> + <td colspan="4"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>status</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td>success</td> + <td> + <div>Current status details for the Route</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>ingress</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td></td> + <td> + <div>List of places where the route may be exposed.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>conditions</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">complex</span> + </div> + </td> + <td></td> + <td> + <div>Array of status conditions for the Route ingress.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>status</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>The status of the condition. Can be True, False, Unknown.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>type</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>The type of the condition. Currently only 'Ready'.</div> + <br/> + </td> + </tr> + + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>host</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>The host string under which the route is exposed.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>routerCanonicalHostname</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>The external host name for the router that can be used as a CNAME for the host requested for this route. May not be set.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>routerName</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>A name chosen by the router to identify itself.</div> + <br/> + </td> + </tr> + <tr> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td class="elbow-placeholder"> </td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>wildcardPolicy</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td></td> + <td> + <div>The wildcard policy that was allowed where this route is exposed.</div> + <br/> + </td> + </tr> + + + + </table> + <br/><br/> + + +Status +------ + + +Authors +~~~~~~~ + +- Fabian von Feilitzsch (@fabianvf) |