From 058d101bf9684f84c209a2706ecf79f9f56e84fc Mon Sep 17 00:00:00 2001 From: Lovro Seder Date: Wed, 11 Mar 2020 13:17:36 +0100 Subject: [PATCH] Escape dots in jsonpath keys. (#5600) + use more secure `command` instead of `shell` + read-only command doesn't change state - make idempotent + multi-line long string --- roles/win_nodes/kubernetes_patch/tasks/main.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/win_nodes/kubernetes_patch/tasks/main.yml b/roles/win_nodes/kubernetes_patch/tasks/main.yml index 4430b513b..98af1c5a9 100644 --- a/roles/win_nodes/kubernetes_patch/tasks/main.yml +++ b/roles/win_nodes/kubernetes_patch/tasks/main.yml @@ -16,15 +16,21 @@ # Due to https://github.com/kubernetes/kubernetes/issues/58212 we cannot rely on exit code for "kubectl patch" - name: Check current nodeselector for kube-proxy daemonset - shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get ds kube-proxy --namespace=kube-system -o jsonpath='{.spec.template.spec.nodeSelector.beta.kubernetes.io/os}'" + command: >- + {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf + get ds kube-proxy --namespace=kube-system + -o jsonpath='{.spec.template.spec.nodeSelector.beta\.kubernetes\.io/os}' register: current_kube_proxy_state retries: 60 delay: 5 until: current_kube_proxy_state is succeeded - + changed_when: false - name: Apply nodeselector patch for kube-proxy daemonset - shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf patch ds kube-proxy --namespace=kube-system --type=strategic -p \"$(cat nodeselector-os-linux-patch.json)\"" + shell: >- + {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf + patch ds kube-proxy --namespace=kube-system --type=strategic -p + "$(cat nodeselector-os-linux-patch.json)" args: chdir: "{{ kubernetes_user_manifests_path }}" register: patch_kube_proxy_state