AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Create Kubernetes K8s or OpenShift OCP Secret - Ansible module k8s

By Luca Berton · Published 2024-01-01 · Category: troubleshooting

How to automate the creation of “mysecret” secret in namespace “default” Kubernetes K8s or OpenShift OCP with Ansible module k8s.

Create Kubernetes K8s or OpenShift OCP Secret - Ansible module k8s

How to create Kubernetes K8s or OpenShift OCP secret with Ansible?

I'm going to show you a live Playbook and some simple Ansible code. I'm Luca Berton and welcome to today's episode of Ansible Pilot.

See also: Ansible troubleshooting - Kubernetes K8s or OpenShift OCP 401 Unauthorized

Ansible create Kubernetes or OpenShift secret

kubernetes.core.k8s • Manage Kubernetes (K8s) objects

Let's talk about the Ansible module k8s. The full name is kubernetes.core.k8s, which means that is part of the collection of modules of Ansible to interact with Kubernetes and Red Hat OpenShift clusters. It manages Kubernetes (K8s) objects.

Parameters

• name _string_ /namespace _string_ - object name / namespace • api_version _string_ - "v1" • kind _string_ - object model • state _string_ - present/absent/patched • definition _string_ - YAML definition • src _path_ - path for YAML definition • template _raw_ - YAML template definition • validate _dictionary_ - validate resource definition

There is a long list of parameters of the k8s module. Let me summarize the most used. Most of the parameters are very generic and allow you to combine them for many use-cases. The name and namespace specify object name and/or the object namespace. They are useful to create, delete, or discover an object without providing a full resource definition. The api_version parameter specifies the Kubernetes API version, the default is "v1" for version 1. The kind parameter specifies an object model. The state like for other modules determines if an object should be created - present option, patched - patched option, or deleted - absent option. The definition parameter allows you to provide a valid YAML definition (string, list, or dict) for an object when creating or updating. If you prefer to specify a file for the YAML definition, the src parameter provides a path to a file containing a valid YAML definition of an object or objects to be created or updated. You could also specify a YAML definition template with the template parameter. You might find useful also the validate parameter in order to define how to validate the resource definition against the Kubernetes schema. Please note that requires the kubernetes-validate python module.

See also: Deploy Kubernetes Resources with Ansible Playbook

Links

kubernetes.core.k8sKubernetes Secrets

## Playbook

How to create Kubernetes secret with Ansible Playbook using the module k8s. Specifically, the following example is going to create the "mysecret" secret in namespace "default" in Kubernetes K8s or OpenShift OCP with Ansible.

code

• ansible_playbook.yml 
---
- name: k8s Playbook
  hosts: localhost
  gather_facts: false
  connection: local
  tasks:
    - name: create k8s secret mysecret
      kubernetes.core.k8s:
        src: mysecret.yaml
        state: present
• mysecret.yml

The values for all keys in the data the field has to be base64-encoded strings. username = admin, password = secretpassword

---
apiVersion: v1
kind: Secret
metadata:
  name: mysecret
  namespace: default
type: Opaque
data:
  username: YWRtaW4=
  password: c2VjcmV0cGFzc3dvcmQ=

execution

ansible-pilot $ ansible-playbook kubernetes/secret.yml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit
localhost does not match 'all'
PLAY [k8s Playbook] ***********************************************************************************
TASK [create k8s secret mysecret] *****************************************************************
changed: [localhost]
PLAY RECAP ****************************************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $

idempotency

ansible-pilot $ ansible-playbook kubernetes/secret.yml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit
localhost does not match 'all'
PLAY [k8s Playbook] ***********************************************************************************
TASK [create k8s secret mysecret] *****************************************************************
ok: [localhost]
PLAY RECAP ****************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $

before execution

• Kubernetes (k8s) 
ansible-pilot $ kubectl list secrets          
NAME                       TYPE                                  DATA   AGE
builder-dockercfg-sqm7r    kubernetes.io/dockercfg               1      74d
builder-token-9tg7z        kubernetes.io/service-account-token   4      74d
builder-token-rvhcn        kubernetes.io/service-account-token   4      74d
default-dockercfg-lgth4    kubernetes.io/dockercfg               1      74d
default-token-6g2dp        kubernetes.io/service-account-token   4      74d
default-token-x5l9r        kubernetes.io/service-account-token   4      74d
deployer-dockercfg-9c5n2   kubernetes.io/dockercfg               1      74d
deployer-token-htqht       kubernetes.io/service-account-token   4      74d
deployer-token-q74gz       kubernetes.io/service-account-token   4      74d
example                    Opaque                                2      1m
• OpenShift (OCP) 
ansible-pilot $ oc list secrets          
NAME                       TYPE                                  DATA   AGE
builder-dockercfg-sqm7r    kubernetes.io/dockercfg               1      74d
builder-token-9tg7z        kubernetes.io/service-account-token   4      74d
builder-token-rvhcn        kubernetes.io/service-account-token   4      74d
default-dockercfg-lgth4    kubernetes.io/dockercfg               1      74d
default-token-6g2dp        kubernetes.io/service-account-token   4      74d
default-token-x5l9r        kubernetes.io/service-account-token   4      74d
deployer-dockercfg-9c5n2   kubernetes.io/dockercfg               1      74d
deployer-token-htqht       kubernetes.io/service-account-token   4      74d
deployer-token-q74gz       kubernetes.io/service-account-token   4      74d
example                    Opaque                                2      1m

after execution

• Kubernetes (k8s) 
ansible-pilot $ kubectl list secrets         
NAME                       TYPE                                  DATA   AGE
builder-dockercfg-sqm7r    kubernetes.io/dockercfg               1      74d
builder-token-9tg7z        kubernetes.io/service-account-token   4      74d
builder-token-rvhcn        kubernetes.io/service-account-token   4      74d
default-dockercfg-lgth4    kubernetes.io/dockercfg               1      74d
default-token-6g2dp        kubernetes.io/service-account-token   4      74d
default-token-x5l9r        kubernetes.io/service-account-token   4      74d
deployer-dockercfg-9c5n2   kubernetes.io/dockercfg               1      74d
deployer-token-htqht       kubernetes.io/service-account-token   4      74d
deployer-token-q74gz       kubernetes.io/service-account-token   4      74d
example                    Opaque                                2      10m
mysecret                   Opaque                                2      1m
• OpenShift (OCP) 
ansible-pilot $ oc list secrets         
NAME                       TYPE                                  DATA   AGE
builder-dockercfg-sqm7r    kubernetes.io/dockercfg               1      74d
builder-token-9tg7z        kubernetes.io/service-account-token   4      74d
builder-token-rvhcn        kubernetes.io/service-account-token   4      74d
default-dockercfg-lgth4    kubernetes.io/dockercfg               1      74d
default-token-6g2dp        kubernetes.io/service-account-token   4      74d
default-token-x5l9r        kubernetes.io/service-account-token   4      74d
deployer-dockercfg-9c5n2   kubernetes.io/dockercfg               1      74d
deployer-token-htqht       kubernetes.io/service-account-token   4      74d
deployer-token-q74gz       kubernetes.io/service-account-token   4      74d
example                    Opaque                                2      10m
mysecret                   Opaque                                2      1m
Red Hat CodeReady Containers web UI

Conclusion

Now you know how to create Kubernetes or OpenShift secret with Ansible.

See also: Optimize Kubernetes CPU Resources with Ansible Playbooks

Related Articles

Ansible template guideAnsible Docker patternsAnsible inventory best practices

Category: troubleshooting

Watch the video: Create Kubernetes K8s or OpenShift OCP Secret - Ansible module k8s — Video Tutorial

Browse all Ansible tutorials · AnsiblePilot Home