K
Q

login automation for aks in ansible pod

5/28/2020

I have a ansible pod which has playbooks and python scripts for management of the our k8s cluster. I have this manifest for ansible and also my image dockerfile like that:

apiVersion: v1 
kind: Pod 
metadata:   
  name: ansible 
spec:   
  volumes:
    - name: ansible-data
      persistentVolumeClaim:
        claimName: ansible-data   
  containers:
    - name: ansible
      image: foo.azurecr.io/foo:latest
      command: [ "/bin/bash", "-c", "--" ]
      args: [ "while true; do sleep 30; done;" ]
      volumeMounts:
        - mountPath: /scripts
          name: ansible-data   
  restartPolicy: Never

---

apiVersion: v1 
kind: PersistentVolumeClaim 
metadata:   
  name: ansible-data 
spec:   
  accessModes:
    - ReadWriteOnce   
  resources: 
    requests:
      storage: 1Gi

and here is my dockerfile for ansible image

FROM ubuntu:16.04

RUN apt-get update && apt-get install -y --no-install-recommends \
    python3.5 \
    python3-pip \
    python3-setuptools \
    curl \
    sudo \
    nano \
    && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*
RUN pip3 install --upgrade pip
RUN pip3 install ansible
RUN pip3 install openshift
RUN pip3 install clickhouse-driver
RUN pip3 install jmespath
RUN ansible-galaxy collection install community.kubernetes
RUN curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
RUN chmod +x ./kubectl
RUN sudo mv ./kubectl /usr/local/bin/kubectl
# Define working directory.
WORKDIR /

# Define default command.
CMD ["bash"]

I want to make this pod can use for each cluster in our company ecosystem, so when I want use this pod I have to login azure aks and get context of my aks cluster, here is what I am doing after I login ansible pod

az login -u foo@company.com
password:

and after login I get the context with :

az aks get-credentials --resource-group foo --name fooCluster

I want to automate those two commands by giving password with k8s secret and context command by configmap?

Should I make this in pod manifest level or image dockerfile level?

And should I use init or sidecar container to inject secret and configmap whether args/env mechanism?

Thanks!

-- Bora Özkan
ansible
azure-aks
kubernetes

Similar Questions

Stop all Pods in a StatefulSet before scaling it up or down
edit pvc from ReadWriteOnce to ReadWriteMany
K8s pod connection with camera connected in same network
Would be possible to discover the addresses of PODS using one of its labels?

0 Answers