Escape dots in jsonpath keys. (#5600)

+ use more secure `command` instead of `shell`
+ read-only command doesn't change state - make idempotent
+ multi-line long string
This commit is contained in:
Lovro Seder 2020-03-11 13:17:36 +01:00 committed by GitHub
parent 833794feef
commit 058d101bf9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -16,15 +16,21 @@
# Due to https://github.com/kubernetes/kubernetes/issues/58212 we cannot rely on exit code for "kubectl patch" # Due to https://github.com/kubernetes/kubernetes/issues/58212 we cannot rely on exit code for "kubectl patch"
- name: Check current nodeselector for kube-proxy daemonset - name: Check current nodeselector for kube-proxy daemonset
shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get ds kube-proxy --namespace=kube-system -o jsonpath='{.spec.template.spec.nodeSelector.beta.kubernetes.io/os}'" command: >-
{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf
get ds kube-proxy --namespace=kube-system
-o jsonpath='{.spec.template.spec.nodeSelector.beta\.kubernetes\.io/os}'
register: current_kube_proxy_state register: current_kube_proxy_state
retries: 60 retries: 60
delay: 5 delay: 5
until: current_kube_proxy_state is succeeded until: current_kube_proxy_state is succeeded
changed_when: false
- name: Apply nodeselector patch for kube-proxy daemonset - name: Apply nodeselector patch for kube-proxy daemonset
shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf patch ds kube-proxy --namespace=kube-system --type=strategic -p \"$(cat nodeselector-os-linux-patch.json)\"" shell: >-
{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf
patch ds kube-proxy --namespace=kube-system --type=strategic -p
"$(cat nodeselector-os-linux-patch.json)"
args: args:
chdir: "{{ kubernetes_user_manifests_path }}" chdir: "{{ kubernetes_user_manifests_path }}"
register: patch_kube_proxy_state register: patch_kube_proxy_state