Try SpotterTaint a node in a Kubernetes/OpenShift cluster
| "added in version" 2.3.0 of kubernetes.core"
Authors: Alina Buzachis (@alinabuzachis)
Install with ansible-galaxy collection install kubernetes.core:==3.0.1
collections:
- name: kubernetes.core
version: 3.0.1Taint allows a node to refuse Pod to be scheduled unless that Pod has a matching toleration.
Untaint will remove taints from nodes as needed.
- name: Taint node "foo"
kubernetes.core.k8s_taint:
state: present
name: foo
taints:
- effect: NoExecute
key: "key1"
- name: Taint node "foo"
kubernetes.core.k8s_taint:
state: present
name: foo
taints:
- effect: NoExecute
key: "key1"
value: "value1"
- effect: NoSchedule
key: "key1"
value: "value1"
- name: Remove taint from "foo".
kubernetes.core.k8s_taint:
state: absent
name: foo
taints:
- effect: NoExecute
key: "key1"
value: "value1"
host:
description:
- Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment
variable.
type: str
name:
description:
- The name of the node.
required: true
type: str
proxy:
description:
- The URL of an HTTP proxy to use for the connection. Can also be specified via K8S_AUTH_PROXY
environment variable.
- Please note that this module does not pick up typical proxy settings from the environment
(e.g. HTTP_PROXY).
type: str
state:
choices:
- present
- absent
default: present
description:
- Determines whether to add or remove taints.
type: str
taints:
description:
- List containing the taints.
elements: dict
required: true
suboptions:
effect:
choices:
- NoSchedule
- NoExecute
- PreferNoSchedule
description:
- The effect of the taint on Pods that do not tolerate the taint.
- Required when I(state=present).
type: str
key:
description:
- The taint key to be applied to a node.
type: str
value:
description:
- The taint value corresponding to the taint key.
type: str
type: list
api_key:
description:
- Token used to authenticate with the API. Can also be specified via K8S_AUTH_API_KEY
environment variable.
type: str
ca_cert:
aliases:
- ssl_ca_cert
description:
- Path to a CA certificate used to authenticate with the API. The full certificate
chain must be provided to avoid certificate validation errors. Can also be specified
via K8S_AUTH_SSL_CA_CERT environment variable.
type: path
context:
description:
- The name of a context found in the config file. Can also be specified via K8S_AUTH_CONTEXT
environment variable.
type: str
replace:
default: false
description:
- If C(true), allow taints to be replaced.
required: false
type: bool
no_proxy:
description:
- The comma separated list of hosts/domains/IP/CIDR that shouldn't go through proxy.
Can also be specified via K8S_AUTH_NO_PROXY environment variable.
- Please note that this module does not pick up typical proxy settings from the environment
(e.g. NO_PROXY).
- This feature requires kubernetes>=19.15.0. When kubernetes library is less than
19.15.0, it fails even no_proxy set in correct.
- example value is "localhost,.local,.example.com,127.0.0.1,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
type: str
version_added: 2.3.0
version_added_collection: kubernetes.core
password:
description:
- Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD
environment variable.
- Please read the description of the C(username) option for a discussion of when this
option is applicable.
type: str
username:
description:
- Provide a username for authenticating with the API. Can also be specified via K8S_AUTH_USERNAME
environment variable.
- Please note that this only works with clusters configured to use HTTP Basic Auth.
If your cluster has a different form of authentication (e.g. OAuth2 in OpenShift),
this option will not work as expected and you should look into the M(community.okd.k8s_auth)
module, as that might do what you need.
type: str
client_key:
aliases:
- key_file
description:
- Path to a key file used to authenticate with the API. Can also be specified via
K8S_AUTH_KEY_FILE environment variable.
type: path
kubeconfig:
description:
- Path to an existing Kubernetes config file. If not provided, and no other connection
options are provided, the Kubernetes client will attempt to load the default configuration
file from I(~/.kube/config). Can also be specified via K8S_AUTH_KUBECONFIG environment
variable.
- Multiple Kubernetes config file can be provided using separator ';' for Windows
platform or ':' for others platforms.
- The kubernetes configuration can be provided as dictionary. This feature requires
a python kubernetes client version >= 17.17.0. Added in version 2.2.0.
type: raw
client_cert:
aliases:
- cert_file
description:
- Path to a certificate used to authenticate with the API. Can also be specified via
K8S_AUTH_CERT_FILE environment variable.
type: path
proxy_headers:
description:
- The Header used for the HTTP proxy.
- Documentation can be found here U(https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers).
suboptions:
basic_auth:
description:
- Colon-separated username:password for basic authentication header.
- Can also be specified via K8S_AUTH_PROXY_HEADERS_BASIC_AUTH environment.
type: str
proxy_basic_auth:
description:
- Colon-separated username:password for proxy basic authentication header.
- Can also be specified via K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH environment.
type: str
user_agent:
description:
- String representing the user-agent you want, such as foo/1.0.
- Can also be specified via K8S_AUTH_PROXY_HEADERS_USER_AGENT environment.
type: str
type: dict
version_added: 2.0.0
version_added_collection: kubernetes.core
persist_config:
description:
- Whether or not to save the kube config refresh tokens. Can also be specified via
K8S_AUTH_PERSIST_CONFIG environment variable.
- When the k8s context is using a user credentials with refresh tokens (like oidc
or gke/gcloud auth), the token is refreshed by the k8s python client library but
not saved by default. So the old refresh token can expire and the next auth might
fail. Setting this flag to true will tell the k8s python client to save the new
refresh token to the kube config file.
- Default to false.
- Please note that the current version of the k8s python client library does not support
setting this flag to True yet.
- 'The fix for this k8s python library is here: https://github.com/kubernetes-client/python-base/pull/169'
type: bool
validate_certs:
aliases:
- verify_ssl
description:
- Whether or not to verify the API server's SSL certificates. Can also be specified
via K8S_AUTH_VERIFY_SSL environment variable.
type: bool
impersonate_user:
description:
- Username to impersonate for the operation.
- Can also be specified via K8S_AUTH_IMPERSONATE_USER environment.
type: str
version_added: 2.3.0
version_added_collection: kubernetes.core
impersonate_groups:
description:
- Group(s) to impersonate for the operation.
- 'Can also be specified via K8S_AUTH_IMPERSONATE_GROUPS environment. Example: Group1,Group2'
elements: str
type: list
version_added: 2.3.0
version_added_collection: kubernetes.core
result:
contains:
api_version:
description: The versioned schema of this representation of an object.
returned: success
type: str
kind:
description: Represents the REST resource this object represents.
returned: success
type: str
metadata:
description: Standard object metadata. Includes name, namespace, annotations,
labels, etc.
returned: success
type: complex
spec:
description: Specific attributes of the object. Will vary based on the I(api_version)
and I(kind).
returned: success
type: complex
status:
description: Current status details for the object.
returned: success
type: complex
description:
- The tainted Node object. Will be empty in the case of a deletion.
returned: success
type: complex