Hello all,
I have to implement a logic where I need to create a few secrets in kubernetes cluster using ansible. The login I am trying to implement is to get registered all the secrets in a namepsapce first, then create the secrets if that not present. I specifically want to know how I can validate the secret already present.
- name: Get all insights secrets in namespace ‘{{ ansible_operator_meta.namespace }}’
community.kubernetes.k8s_info:
api_version: “v1”
kind: “secrets”
namespace: “{{ ansible_operator_meta.namespace }}”
label_selectors: - project=myproject
register: secrets_register
when: debug is not defined
This will register all the secrets with specific label from the namespace. This will be dictionary with lists as given below.
secrets_register:
resources:
- apiVersion: v1
data:
_DATA_ENCRYPTION_PASSWORD:VTJGc2RHVmtYMS82b2EyOW9CZXNBY3lWTmI4QzBEclZKaW40U2haQ3hTMGl6bUxXMmFmamVVMXNPRC9kQ05kcA==
kind: Secret
metadata:
labels:
name: data-encryption-password
namespace: test - apiVersion: v1
data:
_DATA_ADMIN:VTJGc2RHVmtYMS82b2EyOW9CZXNBY3lWTmI4QzBEclZKaW40U2haQ3hTMGl6bUxXMmFmamVVMXNPRC9kQ05kcA==
kind: Secret
metadata:
labels:
name: mongodb-authsecret
namespace: test - apiVersion: v1
data:
_DATA_TEST:VTJGc2RHVmtYMS82b2EyOW9CZXNBY3lWTmI4QzBEclZKaW40U2haQ3hTMGl6bUxXMmFmamVVMXNPRC9kQ05kcA==
kind: Secret
metadata:
labels:
name: ingressca
namespace: test
And then I need to create secrets with a logic when secret_name not in secrets_register.resources[*].metadata.name is in secrets_register something like below.
- name: Create secret
k8s:
state: present
definition:
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: “{{ secret_name }}”
namespace: “{{ project_name | lower }}”
data:
config_data.json: “{{ lookup(‘template’, mongo_conn_templates_path + ‘/config_data.json’ ) | tojson | b64encode }}”
when: >
debug is not defined
and secret_name not in secrets_register.resources[*].metadata.name is in secrets_register
But unfortunately I can’t get this statement “secret_name not in secrets_register.resources[*].metadata.name is in” working as I am not able to figure out how to check existence of a value in a dictionary of lists in ansible. Can someone help?
Thanks in advance,
Rijesh.