/ home / community / community.kubernetes / 1.2.1 / module / k8s_exec

community.kubernetes.k8s_exec (1.2.1) — module

Execute command in Pod

| "added in version" 0.10.0 of community.kubernetes"

Authors: Tristan de Cacqueray (@tristanC)

This plugin has a corresponding action plugin.

Install collection

Install with ansible-galaxy collection install community.kubernetes:==1.2.1

Add to requirements.yml

  collections:
    - name: community.kubernetes
      version: 1.2.1

Description

Use the Kubernetes Python client to execute command on K8s pods.

Requirements

python >= 2.7
openshift == 0.4.3
PyYAML >= 3.11

Usage examples

Scanned by Steampunk Spotter

- name: Execute a command
  community.kubernetes.k8s_exec:
    namespace: myproject
    pod: zuul-scheduler
    command: zuul-scheduler full-reconfigure

Scanned by Steampunk Spotter

- name: Check RC status of command executed
  community.kubernetes.k8s_exec:
    namespace: myproject
    pod: busybox-test
    command: cmd_with_non_zero_exit_code
  register: command_status
  ignore_errors: True

Scanned by Steampunk Spotter

- name: Check last command status
  debug:
    msg: "cmd failed"
  when: command_status.return_code != 0

Inputs

pod:
description:
- The pod name
required: true
type: str

host:
description:
- Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment
variable.
type: str

proxy:
description:
- The URL of an HTTP proxy to use for the connection.
- Can also be specified via I(K8S_AUTH_PROXY) environment variable.
- Please note that this module does not pick up typical proxy settings from the environment
(e.g. HTTP_PROXY).
type: str

api_key:
description:
- Token used to authenticate with the API. Can also be specified via K8S_AUTH_API_KEY
environment variable.
type: str

ca_cert:
aliases:
- ssl_ca_cert
description:
- Path to a CA certificate used to authenticate with the API. The full certificate
chain must be provided to avoid certificate validation errors. Can also be specified
via K8S_AUTH_SSL_CA_CERT environment variable.
type: path

command:
description:
- The command to execute
required: true
type: str

context:
description:
- The name of a context found in the config file. Can also be specified via K8S_AUTH_CONTEXT
environment variable.
type: str

password:
description:
- Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD
environment variable.
- Please read the description of the C(username) option for a discussion of when this
option is applicable.
type: str

username:
description:
- Provide a username for authenticating with the API. Can also be specified via K8S_AUTH_USERNAME
environment variable.
- Please note that this only works with clusters configured to use HTTP Basic Auth.
If your cluster has a different form of authentication (e.g. OAuth2 in OpenShift),
this option will not work as expected and you should look into the C(k8s_auth) module,
as that might do what you need.
type: str

container:
description:
- The name of the container in the pod to connect to.
- Defaults to only container if there is only one container in the pod.
required: false
type: str

namespace:
description:
- The pod namespace name
required: true
type: str

client_key:
aliases:
- key_file
description:
- Path to a key file used to authenticate with the API. Can also be specified via
K8S_AUTH_KEY_FILE environment variable.
type: path

kubeconfig:
description:
- Path to an existing Kubernetes config file. If not provided, and no other connection
options are provided, the openshift client will attempt to load the default configuration
file from I(~/.kube/config.json). Can also be specified via K8S_AUTH_KUBECONFIG
environment variable.
type: path

client_cert:
aliases:
- cert_file
description:
- Path to a certificate used to authenticate with the API. Can also be specified via
K8S_AUTH_CERT_FILE environment variable.
type: path

persist_config:
description:
- Whether or not to save the kube config refresh tokens. Can also be specified via
K8S_AUTH_PERSIST_CONFIG environment variable.
- When the k8s context is using a user credentials with refresh tokens (like oidc
or gke/gcloud auth), the token is refreshed by the k8s python client library but
not saved by default. So the old refresh token can expire and the next auth might
fail. Setting this flag to true will tell the k8s python client to save the new
refresh token to the kube config file.
- Default to false.
- Please note that the current version of the k8s python client library does not support
setting this flag to True yet.
- 'The fix for this k8s python library is here: https://github.com/kubernetes-client/python-base/pull/169'
type: bool

validate_certs:
aliases:
- verify_ssl
description:
- Whether or not to verify the API server's SSL certificates. Can also be specified
via K8S_AUTH_VERIFY_SSL environment variable.
type: bool

Outputs

result:
  contains:
    return_code:
      description: The command status code
      type: int
    stderr:
      description: The command stderr
      type: str
    stderr_lines:
      description: The command stderr
      type: str
    stdout:
      description: The command stdout
      type: str
    stdout_lines:
      description: The command stdout
      type: str
  description:
  - The command object
  returned: success
  type: complex