Title Text

Managing Kubernetes from the Inside

Jonathan Seth Mainguy

Engineer @ Bandwidth

May 8th, 2019

Title Text

What?

I created a container for openshift / k8s,

 That has ansible / oc client installed in it.

This allows us a disposable, repeatable, environment we can trust to work the same way no matter who on the team is using it.

Title Text

Why?

Because Python is terrible at dependency management.

Ansible is written in python.

The ansible playbook performs one way on my laptop, but quite differently, or not at all on other team members laptops.

 

With infrastructure as code, it is important it works the same no matter who is running it.

Title Text

How do I use it?

The code is at

https://github.com/jmainguy/openshift-ansible-container

 

And you can start using it right away with just the oc command.

# Create a project to work out of
oc new-project jmainguy-ansible
# Build the container
oc new-build https://github.com/Jmainguy/openshift-ansible-container
# Run the pod, but delete it when we are done with it
oc run -i -t ansible \
--image=docker-registry.default.svc:5000/jmainguy-ansible/openshift-ansible-container:latest \
--restart=Never --rm

Title Text

run.sh?

Because openshift runs as a random uid, and I want to use a pretty name

#!/bin/bash
# who are we, root or random user
okd_uid=$(id | awk -F'd=' '{print $2}' | awk '{print $1}')
if [ $okd_uid == '0(root)' ]; then
    # k8s module tries to use serviceaccount if we are root
    # We want to be ansible
    sed -i "s_ansible:x:1000:1000::/opt:/bin/bash_ansible:x:1000:0::/opt:/bin/bash_g" /etc/passwd
    su - ansible
    /bin/bash
else
    # Otherwise name our random uid ansible
    sed -i "s_ansible:x:1000:1000::/opt:/bin/bash_ansible:x:$okd_uid:0::/opt:/bin/bash_g" /etc/passwd
    # Give us a shell bae
    /bin/bash
fi

Title Text

Once inside the pod, you will need to git clone your infrastructure as code, and then run it with ansible as you normally would anywhere else.

 

And now you are managing kubernetes, with ansible, from inside kubernetes

Title Text

Live Demo of what you just saw

Title Text

Questions?

Title Text

Thank you

 

Twitter: @standouthost

Cool Website: https://soh.re

Github: https://github.com/Jmainguy/

Manage Kubernetes from the inside

By jsmainguy

Made with Slides.com

Manage Kubernetes from the inside

Managing kubernetes, with ansible, from inside kubernetes.

  • 149

More from jsmainguy