Continuous Improvements in Ansible and Kubernetes Automation
Derek Winchester
Enterprise Strategic CTO Leader | Media & Entertainment Thought Leader | Former CCIE Advisory Council member
Written By Derek Winchester
Ansible is, inarguably, the best tool to manage numerous Kubernetes resources. 4-key features that it really helps include:
- Plug-ins and modules to create, update, remove and obtain information pertaining to Kubernetes resources
- Templating resource definition in Kubernetes
- Offering an excellent inventory system
- Secret management
Combined, all of these features help spark-up repeatable management and deployment of applications alongside many Kubernetes clusters as a single job within each resource. Of course, there have been some improvements in Kubernetes capabilities, including (but not limited to):
Optimal Change Management Via Apply Mode
The Kubernetes module will now accept parameters and apply them to approximate ‘kubectl apply’ behavior. If apply has been set at ‘True’, the module will stow the latest configuration by annotating the object.
If the object exists already, the module won’t send the new manifest to its API service. Instead, the module will establish a 3-way merge that combines the existing state of the cluster, the configuration which was applied last and the latest configuration request.
In doing so, the module will be allowed to detect all intentional deletions without so conflicting with server-side defaults and without overriding the non-conflicting changes that were made in the resource (in Ansible Engine 2.9).
Immutable Configuration Via Append_Hash
In addition, the module now also accepts ‘append_hash’ parameters, which can only be used by adding and updating Secrets and ConfigMaps.
When this parameter has been set, the module will take a hash of the Secret or the ConfigMap and append it to its resource’s name. In doing so, a configuration change can now be utilized to enforce changes to Deployment. This maneuver eliminates any problems while Secret or ConfigMap is being updated. Now, Pods will not pick-up on the new configuration.
Here, a helper plugin, ‘k8s_config_resource_name’ may be used to replace the resource’s definition while outputting a hashed name.
Need to Touch-Up On the Basics?
Were you planning to learn about Automation basics: ServiceNow and Ansible Tower Integration? Visit my YouTube channel for answers to numerous questions you may have along the way.