kubernetes.core
kubernetes.core copied to clipboard
ansible-collections
not possible to replace/update objects via "apply: yes" or "force: yes" in OpenShift 3.11
SUMMARY
There are actually 2 problems we face. The first one is that large definitions are not updated at all when apply: yes is used. We have a file with CRD definition that has over 7500 lines. Ansible does not show any errors and it looks like the the update was made. However after inspecting the CRD on the server you can see that no update took place. You can use the Kafka CRD from the Strimzi project at https://github.com/strimzi/strimzi-kafka-operator/releases/download/0.21.1/strimzi-crds-0.21.1.yaml to reproduce the issue. We tried force: yes but you can't really use it because the resourceVersion property is missing in the definition but is needed for force: yes.
The second problem is that objects are not really updated when using apply: yes (and yet again we can't use force: yes because the resourceVersion property is missing in the definition). We have a definition like the following one (few fields removed for simplification) on our OpenShift 3.11 cluster.
apiVersion: kafka.strimzi.io/v1beta1
kind: Kafka
metadata:
name: my-name
namespace: my-name-space
spec:
entityOperator:
template:
tlsSidecarContainer:
env:
- name: TZ
value: Europe/Zurich
[...]
Our new definition does not contain the path spec.entityOperator.template.tlsSidecarContainer anymore but after the following task runs, it is still in place and not removed on the server.
- name: deploy cluster
k8s:
namespace: "{{ project }}"
state: present
apply: yes
definition: "{{ lookup('template', 'definition.j2') }}"
ISSUE TYPE
- Bug Report
COMPONENT NAME
k8s module
ANSIBLE VERSION
ansible 2.10.5
config file = ~/Code/Ansible/playbooks/ansible.cfg
configured module search path = ['~/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = ~/.pyenv/versions/3.9.1/envs/default/lib/python3.9/site-packages/ansible
executable location = ~/.pyenv/versions/default/bin/ansible
python version = 3.9.1 (default, Jan 30 2021, 21:53:22) [Clang 12.0.0 (clang-1200.0.32.29)]
CONFIGURATION
ANSIBLE_PIPELINING(~/Code/Ansible/playbooks/ansible.cfg) = True
DEFAULT_LOAD_CALLBACK_PLUGINS(~/Code/Ansible/playbooks/ansible.cfg) = True
DEFAULT_ROLES_PATH(~/Code/Ansible/playbooks/ansible.cfg) = ['/Users/b0rski/Code/Ansible/playbooks/roles']
DEFAULT_STDOUT_CALLBACK(~/Code/Ansible/playbooks/ansible.cfg) = yaml
INTERPRETER_PYTHON(~/Code/Ansible/playbooks/ansible.cfg) = ~/.pyenv/shims/python
OS / ENVIRONMENT
MacOS X Big Sur and Redhat Linux 7
STEPS TO REPRODUCE
Please use files and examples from description above (Strimzi CRDs).
EXPECTED RESULTS
We expect that paths get deleted if they're not defined in a definition anymore. No merge but replace must be done.
ACTUAL RESULTS
As described above fields are not removed and remain untouched in the definition on server.
@abikouo: I don't have the depth of knowledge and expertise to resolve this myself, but here are some initial thoughts to put out there n trying to work towards something.
- We are not testing Kubernetes 1.11 (the version that shipped OCP 3.11) at this point. That said, I have it on good word that the K8s API shouldn't have changed in this particular area. It may be challenging for us to reproduce this issue.
- If you're working with OpenShift, I suggest creating a ticket with Red Hat support to better track and attend to this issue. As the upstream project we aren't setup like Red Hat support for the level of response a subscriber like yourself would receive.
- Ansible 2.10 is not supported by Red Hat. It is a community only release because the transitory nature the Ansible projects are in at the moment. Ansible 2.9 is what is supported. You may be asked to downgrade to that version of the core engine.
- Please install the latest version of kubernetes.core, v1.2. While your issue doesn't sound like some of the fixes in that release perhaps it will help? You will also need to use the FQCN (
kubernetes.core.k8s) to assure the newest module from the collection is used as opposed to the built-ink8smodule.
Please give at least 4 a try and let us know here if that gives you a different result. Once we here back from you and if that doesn't resolve things, we'll go from there.
