illumio / illumio.core / 0.2.6 / module / container_cluster Create/update/delete Illumio PCE container clusters | "added in version" 0.2.0 of illumio.core" Authors: Duncan Sommerville (@dsommerville-illumio)illumio.core.container_cluster (0.2.6) — module
Install with ansible-galaxy collection install illumio.core:==0.2.6
collections: - name: illumio.core version: 0.2.6
This module allows you to create and manipulate container cluster objects on the Illumio PCE to sync with Kubernetes or OpenShift clusters.
Only the name and description values for the cluster can be set when creating or updating a cluster. All other values are computed based on the sync data from a Kubelink pod installed in the cluster.
Supports check mode.
- name: "Create container cluster" illumio.core.container_cluster: name: CC-KUBE description: Kubernetes cluster state: present register: container_cluster_result
- name: "Store container cluster token" set_fact: kube_cluster_token: "{{ container_cluster_result.container_cluster['container_cluster_token'] }}"
- name: "Remove existing cluster" illumio.core.pairing_profile: name: CC-KUBE state: absent
- name: "Remove cluster by HREF" illumio.core.pairing_profile: href: /orgs/1/container_clusters/f5bef182-8c55-4219-b35b-0a50b707e434 state: absent
href: description: HREF of an existing container cluster. type: str name: description: - Container cluster display name. - Required for creating a container cluster or when C(href) is not specified. type: str state: choices: - present - absent default: present description: - Desired container cluster state. - If C(present), the cluster will be created if it does not exist, or updated to match the provided parameters if it does. - If C(absent), the cluster will be removed if it exists. type: str pce_port: default: 443 description: - HTTP(S) port used by the PCE. - Can be set with the environment variable C(ILLUMIO_PCE_PORT). type: int pce_org_id: default: 1 description: - PCE Organization ID. - Can be set with the environment variable C(ILLUMIO_PCE_ORG_ID). type: int pce_tls_ca: description: - Path to a custom root CA certificate bundle to use for the PCE connection. - If set, overrides C(pce_tls_verify). type: str description: default: '' description: Container cluster description. type: str pce_hostname: aliases: - pce_url description: - URL or FQDN of Illumio Policy Compute Engine. C(pce_url) is an alias for C(pce_hostname). - Can be set with the environment variable C(ILLUMIO_PCE_HOST). required: true type: str api_key_secret: description: - Illumio PCE API key secret. - Can be set with the environment variable C(ILLUMIO_API_KEY_SECRET). required: true type: str pce_http_proxy: description: - HTTP proxy server to use when connecting to the PCE. - If not set, it will use the default C(http_proxy) environment variable. type: str pce_tls_verify: default: true description: - Flag denoting whether TLS verification should be enabled on the PCE connection. type: bool pce_https_proxy: description: - HTTPS proxy server to use when connecting to the PCE. - If not set, it will use the default C(https_proxy) environment variable. type: str api_key_username: description: - Illumio PCE API key username. - Can be set with the environment variable C(ILLUMIO_API_KEY_USERNAME). required: true type: str pce_tls_client_certs: description: - Optional paths to client-side certificate files. - May point to separate cert and private key files or a PEM bundle containing both. elements: str type: list
container_cluster: contains: caps: description: - Array of permissions on the entity held by the requesting user. - An empty array implies readonly permission. elements: str returned: always type: list container_cluster_token: description: - The pairing token for the cluster. - This token is only returned once when the cluster is created. - It cannot be retrieved through the API after this, so make sure to store it in a secure, persistent form. returned: on successful creation type: str container_runtime: description: Default container runtime for the cluster. returned: always sample: containerd type: str description: description: A description of the container cluster. returned: always type: str errors: description: List of errors to do with the container cluster. elements: dict returned: always sample: - audit_event: href: /orgs/1/events/daa015a0-257a-4d43-874f-64039742c482 duplicate_ids: [] error_type: container_cluster.duplicate_machine_id type: list href: description: The container cluster's HREF. returned: always type: str kubelink_version: description: Version of the Kubelink software used to pair this cluster to the PCE. returned: always sample: 2.0.2.d53d7f type: str last_connected: description: ISO date-timestamp of the last heartbeat from the container cluster to the PCE. returned: always sample: '2022-06-23T20:53:57.885Z' type: str manager_type: description: Container cluster type and version. returned: always sample: Kubernetes v1.24.1 type: str name: description: The container cluster's name. returned: always type: str nodes: description: List of node names and pod subnets belonging to the cluster. elements: dict returned: always sample: - name: kube-leader pod_subnet: 192.168.0.0/24 type: list online: description: Whether or not the container cluster is online. returned: always type: bool pce_fqdn: description: PCE fully-qualified domain name. returned: always type: str description: Information about the container cluster that was created or updated. returned: success sample: container_cluster: caps: - write container_cluster_token: 1_0dfec0acb8e4bc53e052874874da0c24e7ac98da3b3954e3c9ea6f9860722e84 container_runtime: containerd description: Lab Kubernetes cluster in AWS errors: [] href: /orgs/1/container_clusters/f5bef182-8c55-4219-b35b-0a50b707e434 kubelink_version: 2.0.2.d53d7f last_connected: '2022-06-23T20:53:57.885Z' manager_type: Kubernetes v1.24.1 name: CC-EKS-LAB nodes: - name: kube-leader pod_subnet: 192.168.0.0/24 online: true pce_fqdn: null type: complex