'create k8s secrets by using nested ansible loops
I am trying to create k8s secrets with the storing username and secret in results module of ansible but i created one loop for the name and namespace section and i am trying to create one more loop from the json results output. but it was taking one secret for all the projects
variables:
project_namespaces:
- projectName: helm
Namespaces:
- default
- core
- projectName: proxy
Namespaces:
- default
- core
robot_result:
ok: [harbor_stg1_dkp1] => {
"robot_result": {
"changed": false,
"msg": "All items completed",
"results": [
{
"ansible_loop_var": "item",
"content_type": "application/json",
"cookies": {
"sid": "557b377ba2bbe3f054d68bd56b0e10ef"
},
"invocation": {
"module_args": {
"attributes": null,
"body": {
"description": "pull artifacts for helm",
"disable": true,
"duration": -1,
"level": "system",
"name": "helm-robot",
"permissions": [
{
"access": [
{
"action": "pull",
"resource": "repository"
}
],
"kind": "project",
"namespace": "helm"
}
]
},
"body_format": "json",
"headers": {
"Accept": "application/json",
"Authorization": "Basic ",
"Content-Type": "application/json"
},
"http_agent": "ansible-httpget",
"status_code": [
201
],
"timeout": 30,
"unix_socket": null,
"validate_certs": false
}
},
"item": {
"name": "helm-robot",
"projectName": "helm"
},
"json": {
"creation_time": "2022-03-21T10:05:49.248Z",
"expires_at": -1,
"id": 67,
"name": "robot@helm-robot",
"secret": "Q8mjthgRJFmscjfmqW1QzXEyKjmLEPQm"
},
"x_envoy_upstream_service_time": "18",
"x_request_id": "496faaa6-bdc4-4e83-890a-2c577576f16b"
},
{
"ansible_loop_var": "item",
"content_type": "application/json",
"cookies": {
"sid": "6275d7bfe74e71db0a3947f4beb1e159"
},
"cookies_string": "sid=6275d7bfe74e71db0a3947f4beb1e159",
"date": "Mon, 21 Mar 2022 10:05:56 GMT",
"elapsed": 1,
"failed": false,
"failed_when_result": false,
"invocation": {
"module_args": {
"attributes": null,
"body": {
"description": "pull artifacts for proxy",
"disable": true,
"duration": -1,
"level": "system",
"name": "proxy-robot",
"permissions": [
{
"access": [
{
"action": "pull",
"resource": "repository"
}
],
"kind": "project",
"namespace": "proxy"
}
]
},
"body_format": "json",
"group": null,
"headers": {
"Accept": "application/json",
"Authorization": "Basic ",
"Content-Type": "application/json"
},
"http_agent": "ansible-httpget",
"method": "POST"
],
"timeout": 30,
"unix_socket": null,
"validate_certs": false
}
},
"item": {
"name": "proxy-robot",
"projectName": "proxy"
},
"json": {
"creation_time": "2022-03-21T10:05:56.807Z",
"expires_at": -1,
"id": 68,
"name": "robot@proxy-robot",
"secret": "slPnm8Zkp0OGBLec6tTcPuPITgOU2PAn"
},
"msg": "OK (144 bytes)",
"x_envoy_upstream_service_time": "15",
"x_request_id": "93478b05-897b-4df9-abb4-e07e03723af0"
}
task.yaml
- name: Create secrets
k8s:
state: present
definition:
apiVersion: v1
kind: Secret
metadata:
name: "{{ item.0.projectName }}"
namespace: "{{ item.1 }}"
stringData:
password: "{{ project.secret }}"
username: "{{ project.name }}"
type: Opaque
vars:
project: "{{ (robot_result.results | json_query('[*].json'))[ansible_loop.index0] }}"
loop: "{{ project_namespaces | subelements('Namespaces') }}"
loop_control:
extended: yes
label: "{{ item.0.projectName }}"
when i executing this task i was getting the output like
ok: [localhost] => (item=helm) => {
"msg": "name: helm, namespace: default, password: Q8mjthgRJFmscjfmqW1QzXEyKjmLEPQm, username: robot@helm-robot"
}
ok: [localhost] => (item=helm) => {
"msg": "name: helm, namespace: core, password: slPnm8Zkp0OGBLec6tTcPuPITgOU2PAn, username: robot@proxy-robot"
}
fatal: [harbor_shiplab_stg1_dkp1]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: {{ (robot_result.results | json_query('[*].json'))[ansible_loop.index0] }}: list object has no element 2\n\nThe error appears to be in '/home/ubuntu/konvoy/ansible/roles/harbor-gc/tasks/main.yml': line 47, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Create secrets\n ^ here\n"}
but my requirement would be like this
ok: [localhost] => (item=helm) => {
"msg": "name: helm, namespace: default, password: Q8mjthgRJFmscjfmqW1QzXEyKjmLEPQm, username: robot@helm-robot"
}
ok: [localhost] => (item=helm) => {
"msg": "name: helm, namespace: core, password: Q8mjthgRJFmscjfmqW1QzXEyKjmLEPQm, username: robot@helm-robot"
}
ok: [localhost] => (item=proxy) => {
"msg": "name: proxy, namespace: default, password: slPnm8Zkp0OGBLec6tTcPuPITgOU2PAn, username: robot@proxy-robot"
}
ok: [localhost] => (item=proxy) => {
"msg": "name: proxy, namespace: core, password: slPnm8Zkp0OGBLec6tTcPuPITgOU2PAn, username: robot@proxy-robot"
}
As i am new to this ansible i was not much understanding this loops.Any help or suggestions would be appreciated and Thank you
Solution 1:[1]
You have to link secret with projectName:
- name: link projectname and json
set_fact:
dico: "{{ dico | d({}) | combine({item.projectName: project[ansible_loop.index0]}) }}"
vars:
project: "{{ (robot_result.results | json_query('[*].json')) }}"
it: "{{ (robot_result.results | json_query('[*].item')) }}"
loop: "{{ it }}"
loop_control:
extended: yes
- debug:
msg: "name: {{ item.0.projectName }}, namespace: {{ item.1 }}, password: {{ dico[item.0.projectName].secret }}, username: {{ dico[item.0.projectName].username }}" #{{ ansible_loop.index0 }}"
vars:
project: "{{ (robot_result.results | json_query('[*].json')) }}"
loop: "{{ project_namespaces | subelements('Namespaces') }}"
loop_control:
label: "{{ item.0.projectName }}"
result:
ok: [localhost] => (item=helm) => {
"msg": "name: helm, namespace: default, password: YzDDEtJcqYoBL2soZHfTqZxvhIfGKURT, username: robot@helm-robot"
}
ok: [localhost] => (item=helm) => {
"msg": "name: helm, namespace: core, password: YzDDEtJcqYoBL2soZHfTqZxvhIfGKURT, username: robot@helm-robot"
}
ok: [localhost] => (item=proxy) => {
"msg": "name: proxy, namespace: default, password: 7imXCVAGHV91AkeN7LAhWxQHabmYDRmg, username: robot@proxy-robot"
}
ok: [localhost] => (item=proxy) => {
"msg": "name: proxy, namespace: core, password: 7imXCVAGHV91AkeN7LAhWxQHabmYDRmg, username: robot@proxy-robot"
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Frenchy |