Managing Kubernetes from the Inside
Jonathan Seth Mainguy
Engineer @ Bandwidth
May 8th, 2019
What?
I created a container for openshift / k8s,
That has ansible / oc client installed in it.
This allows us a disposable, repeatable, environment we can trust to work the same way no matter who on the team is using it.
Why?
Because Python is terrible at dependency management.
Ansible is written in python.
The ansible playbook performs one way on my laptop, but quite differently, or not at all on other team members laptops.
With infrastructure as code, it is important it works the same no matter who is running it.
How do I use it?
The code is at
https://github.com/jmainguy/openshift-ansible-container
And you can start using it right away with just the oc command.
# Create a project to work out of
oc new-project jmainguy-ansible
# Build the container
oc new-build https://github.com/Jmainguy/openshift-ansible-container
# Run the pod, but delete it when we are done with it
oc run -i -t ansible \
--image=docker-registry.default.svc:5000/jmainguy-ansible/openshift-ansible-container:latest \
--restart=Never --rm
run.sh?
Because openshift runs as a random uid, and I want to use a pretty name
#!/bin/bash
# who are we, root or random user
okd_uid=$(id | awk -F'd=' '{print $2}' | awk '{print $1}')
if [ $okd_uid == '0(root)' ]; then
# k8s module tries to use serviceaccount if we are root
# We want to be ansible
sed -i "s_ansible:x:1000:1000::/opt:/bin/bash_ansible:x:1000:0::/opt:/bin/bash_g" /etc/passwd
su - ansible
/bin/bash
else
# Otherwise name our random uid ansible
sed -i "s_ansible:x:1000:1000::/opt:/bin/bash_ansible:x:$okd_uid:0::/opt:/bin/bash_g" /etc/passwd
# Give us a shell bae
/bin/bash
fi
Once inside the pod, you will need to git clone your infrastructure as code, and then run it with ansible as you normally would anywhere else.
And now you are managing kubernetes, with ansible, from inside kubernetes
Live Demo of what you just saw
Questions?