feat: add support for kubernetes workload maintenance #77
Conversation
jon4hz
force-pushed
the
feat-maintenance-63-k8s-workload
branch
from
b0b255a to
4d8f659
Compare
jon4hz
force-pushed
the
feat-maintenance-63-k8s-workload
branch
from
4d8f659 to
53f302d
Compare
| @@ -0,0 +1 @@ | |||
| # Ansible Role adfinis.maintenance.maintenance_63_kubernetes_workload | |||
There was a problem hiding this comment.
well... none of the other roles have any docs in their README, so I didn't really want to break the pattern :)
| @@ -0,0 +1,181 @@ | |||
| --- | |||
|
|
|||
| - name: This task only serves as a template for the tasks below | |||
There was a problem hiding this comment.
what the ansible?
are we sure there isn't an idiomatic way to do this?
e.g. if it's just about the when: bit, why not put it into a block?
There was a problem hiding this comment.
Nothing in this collection is idiomatic, because it's using Ansible for something that Ansible shouldn't be used for. See https://github.com/adfinis/ansible-collection-maintenance/blob/main/README.md?plain=1#L10-L18
There was a problem hiding this comment.
can you point me towards some documentation on the reasoning for using anchors and aliases?
There was a problem hiding this comment.
I don't think there is any documentation regarding this. From what I saw, it's important that every task has an ID and name as variable because the callback plugin expects this:
and the anchors just provide some reusability for the actual taskname and a simple when condition so you can skip each task based on it's ID.
And generally speaking, I just followed the pattern from the other roles. It probably isn't very idiomatic, but as @s3lph already said, nothing in this collection is really idiomatic...
| @@ -0,0 +1,74 @@ | |||
| from datetime import datetime | |||
|
|
|||
| class FilterModule(object): | |||
There was a problem hiding this comment.
did you consider testing this with pytest-ansible?
|
Can u tell me the reasoning behind writing this? Apparently to run it when maintenance is done in k8s. I am asking this dumb question as most if not all of the checks kinda are taken care of already by proper alerting or proper configuration with gitops. Checking them with ansible feels redundant and prone to give a false sense of security as it would be a whole hell of work to cover all the possible mishap in Configuration that are possible with k8s. |
Ever since the AKS takeover, internal IT is given regular maintenance tickets with a checklist to work through. The goal of this PR is to automate as many of those checks as possible. Of course, we won't be able to check for all possible misconfigurations, but some specific things like checking for a specific And yes, some checks can also be covered by looking at the monitoring, but I think it doesn't hurt to double-check them. Especially because ansible doesn't rely on a proper monitoring setup but communicates with the k8s api directly. |
Hi,
This PR adds basic support for maintenance on kubernetes workloads