如何在 Ansible 中检索已创建的 Google Kubernetes (GKE) 集群的凭据? [英] How to retrieve credentials of a created Google Kubernetes (GKE) cluster in Ansible?
问题描述
我正在创建一个集群和节点池
I'm creating a cluster and node pool with
- name: "Create Google Kubernetes Engine Cluster to be setup with with kubectl"
gcp_container_cluster:
name: "{{cluster_name}}"
project: "{{project_id}}"
auth_kind: "serviceaccount"
location: "{{cluster_location}}"
logging_service: "none"
monitoring_service: "none"
service_account_contents: "{{service_account_contents}}"
initial_node_count: 1
register: cluster
- name: "Create node pool for system pods"
gcp_container_node_pool:
name: "default-pool"
project: "{{project_id}}"
cluster: "{{ cluster }}"
auth_kind: "serviceaccount"
location: "{{cluster_location}}"
autoscaling:
enabled: "no"
initial_node_count: 1
service_account_contents: "{{service_account_contents}}"
config:
machine_type: "g1-small"
disk_size_gb: 25
preemptible: "no"
management:
auto_repair: "yes"
auto_upgrade: "yes"
工作正常,但是我没有找到有关如何对使用 Ansible k8s 模块执行的 kubectl 命令进行身份验证并获得授权的信息.
which works fine, however I find no information how to authenticate and thus gain authorization for kubectl commands executed with the Ansible k8s module.
首先,文档在措辞和示例方面都没有帮助.我没有找到任何指南、博文或其他内容,感觉我是第一个使用 Ansible 执行此任务的人.我仔细检查了返回的集群对象(与上面的 register 一起存储),但没有找到任何合适的东西.这适用于 gcp_container_cluster 和 gcp_container_cluster_info.
First of all, the documentation is not helpful both in terms of wording and examples. I didn't find any guide, blogpost or else and feel like I'm the first person performing this tasks with Ansible. I examined the returned cluster object (stored with register above) closely, but didn't find anything suitable. This applies to both gcp_container_cluster and gcp_container_cluster_info.
据我所知,我需要通过 Ansible 模块以某种方式获取 kubeconfig,我可以在 k8s 模块中使用该模块,就像我对 gcloud 容器集群 get-credentials 所做的那样.在我使用 Ansible 中的 shell 命令进行 hacky 解决方法之前,我想先看看是否有内置方法.
As far as I understand I need to obtain a kubeconfig somehow with an Ansible module which I can use in the k8s module, like I'd do with gcloud container clusters get-credentials. I'd like to see if there's a built-in way first before I do a hacky workaround using shell commands in Ansible.
我在 Ubuntu 20.04 上使用 Ansible 2.9.10.
I'm using Ansible 2.9.10 on Ubuntu 20.04.
推荐答案
当您使用 gcp_container_cluster 创建集群时,返回值将包括 kubeconfig 文件的存储路径.您可以使用带有 {{ cluster.kubectlPath }} 的示例引用此路径.
When you create the cluster using the gcp_container_cluster, the return value will include the path where the kubeconfig file is stored. You can refer to this path using your example with {{ cluster.kubectlPath }}.
当你想使用k8s模块时,你可以定义kubeconfig 文件路径 用于模块.. 它看起来像这样:
When you want to use the k8s module, you can define the kubeconfig file path to use for the module.. It will look something like this:
- name: "Create Google Kubernetes Engine Cluster to be setup with with kubectl"
gcp_container_cluster:
name: "{{cluster_name}}"
kubectlPath: /path/to/save/config
[...]
register: cluster
- name: "Create k8s resource"
k8s:
kubeconfig: "{{ cluster.kubectlPath }}"
definition:
[...]
我在回应"中误读了该文件部分阐明了要写入此路径的文件必须设置此字段,此字段没有默认值.
I misread the document, in the "response" section it clarifies that this field must be set for the file to be written in this path, there is no default value for this field.
这篇关于如何在 Ansible 中检索已创建的 Google Kubernetes (GKE) 集群的凭据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
