This role provides one library for the purposes of creating, modifying and/or deleting objects in the OpenShift Container Platform. The oc.py library relies on an OpenShift service account and token for access and authorization.
Ansible 2.3
No specific role variables.
This role depends on a service account to be created in each OpenShift cluster. This can be accomplished similar to the following.
$ oc project default
$ oc create serviceaccount ansible-sa
$ oadm policy add-cluster-role-to-user cluster-admin system:serviceaccount:default:ansible-sa
Please keep in mind that the above commands will create an extremely permissive service account. It is recommended you tailor access controls as you deem necessary.
When the service account is created, OpenShift automatically creates a token in the form of a secret. Use this token and create a variable to use in your playbooks.
This is how a project might be deleted.
---
# file: oc.yml
- hosts: oc
roles:
- role: kevensen.oc
tasks:
- name: Delete "{{ project_name }}" Project
oc:
state: absent
name: "{{ project_name }}"
kind: project
token: abcdefg
validate_certs: false
register: result
- debug:
var: result
any_errors_fatal: true
vars:
ansible_become: true
project_name: ansibletest
GPLv3.
Ken Evensen is a Solutions Architect with Red Hat.