Try SpotterCreate/update/delete Illumio PCE container clusters
| "added in version" 0.2.0 of illumio.core"
Authors: Duncan Sommerville (@dsommerville-illumio)
Install with ansible-galaxy collection install illumio.core:==0.2.6
collections:
- name: illumio.core
version: 0.2.6This module allows you to create and manipulate container cluster objects on the Illumio PCE to sync with Kubernetes or OpenShift clusters.
Only the name and description values for the cluster can be set when creating or updating a cluster. All other values are computed based on the sync data from a Kubelink pod installed in the cluster.
Supports check mode.
- name: "Create container cluster"
illumio.core.container_cluster:
name: CC-KUBE
description: Kubernetes cluster
state: present
register: container_cluster_result
- name: "Store container cluster token"
set_fact:
kube_cluster_token: "{{ container_cluster_result.container_cluster['container_cluster_token'] }}"
- name: "Remove existing cluster"
illumio.core.pairing_profile:
name: CC-KUBE
state: absent
- name: "Remove cluster by HREF"
illumio.core.pairing_profile:
href: /orgs/1/container_clusters/f5bef182-8c55-4219-b35b-0a50b707e434
state: absent
href:
description: HREF of an existing container cluster.
type: str
name:
description:
- Container cluster display name.
- Required for creating a container cluster or when C(href) is not specified.
type: str
state:
choices:
- present
- absent
default: present
description:
- Desired container cluster state.
- If C(present), the cluster will be created if it does not exist, or updated to match
the provided parameters if it does.
- If C(absent), the cluster will be removed if it exists.
type: str
pce_port:
default: 443
description:
- HTTP(S) port used by the PCE.
- Can be set with the environment variable C(ILLUMIO_PCE_PORT).
type: int
pce_org_id:
default: 1
description:
- PCE Organization ID.
- Can be set with the environment variable C(ILLUMIO_PCE_ORG_ID).
type: int
pce_tls_ca:
description:
- Path to a custom root CA certificate bundle to use for the PCE connection.
- If set, overrides C(pce_tls_verify).
type: str
description:
default: ''
description: Container cluster description.
type: str
pce_hostname:
aliases:
- pce_url
description:
- URL or FQDN of Illumio Policy Compute Engine. C(pce_url) is an alias for C(pce_hostname).
- Can be set with the environment variable C(ILLUMIO_PCE_HOST).
required: true
type: str
api_key_secret:
description:
- Illumio PCE API key secret.
- Can be set with the environment variable C(ILLUMIO_API_KEY_SECRET).
required: true
type: str
pce_http_proxy:
description:
- HTTP proxy server to use when connecting to the PCE.
- If not set, it will use the default C(http_proxy) environment variable.
type: str
pce_tls_verify:
default: true
description:
- Flag denoting whether TLS verification should be enabled on the PCE connection.
type: bool
pce_https_proxy:
description:
- HTTPS proxy server to use when connecting to the PCE.
- If not set, it will use the default C(https_proxy) environment variable.
type: str
api_key_username:
description:
- Illumio PCE API key username.
- Can be set with the environment variable C(ILLUMIO_API_KEY_USERNAME).
required: true
type: str
pce_tls_client_certs:
description:
- Optional paths to client-side certificate files.
- May point to separate cert and private key files or a PEM bundle containing both.
elements: str
type: list
container_cluster:
contains:
caps:
description:
- Array of permissions on the entity held by the requesting user.
- An empty array implies readonly permission.
elements: str
returned: always
type: list
container_cluster_token:
description:
- The pairing token for the cluster.
- This token is only returned once when the cluster is created.
- It cannot be retrieved through the API after this, so make sure to store it
in a secure, persistent form.
returned: on successful creation
type: str
container_runtime:
description: Default container runtime for the cluster.
returned: always
sample: containerd
type: str
description:
description: A description of the container cluster.
returned: always
type: str
errors:
description: List of errors to do with the container cluster.
elements: dict
returned: always
sample:
- audit_event:
href: /orgs/1/events/daa015a0-257a-4d43-874f-64039742c482
duplicate_ids: []
error_type: container_cluster.duplicate_machine_id
type: list
href:
description: The container cluster's HREF.
returned: always
type: str
kubelink_version:
description: Version of the Kubelink software used to pair this cluster to the
PCE.
returned: always
sample: 2.0.2.d53d7f
type: str
last_connected:
description: ISO date-timestamp of the last heartbeat from the container cluster
to the PCE.
returned: always
sample: '2022-06-23T20:53:57.885Z'
type: str
manager_type:
description: Container cluster type and version.
returned: always
sample: Kubernetes v1.24.1
type: str
name:
description: The container cluster's name.
returned: always
type: str
nodes:
description: List of node names and pod subnets belonging to the cluster.
elements: dict
returned: always
sample:
- name: kube-leader
pod_subnet: 192.168.0.0/24
type: list
online:
description: Whether or not the container cluster is online.
returned: always
type: bool
pce_fqdn:
description: PCE fully-qualified domain name.
returned: always
type: str
description: Information about the container cluster that was created or updated.
returned: success
sample:
container_cluster:
caps:
- write
container_cluster_token: 1_0dfec0acb8e4bc53e052874874da0c24e7ac98da3b3954e3c9ea6f9860722e84
container_runtime: containerd
description: Lab Kubernetes cluster in AWS
errors: []
href: /orgs/1/container_clusters/f5bef182-8c55-4219-b35b-0a50b707e434
kubelink_version: 2.0.2.d53d7f
last_connected: '2022-06-23T20:53:57.885Z'
manager_type: Kubernetes v1.24.1
name: CC-EKS-LAB
nodes:
- name: kube-leader
pod_subnet: 192.168.0.0/24
online: true
pce_fqdn: null
type: complex