Switch away from lookup()

Since we want to run some validations against `architecture` repository, we end calling the role against a remote node instead of localhost. The usage of `lookup()` breaks the loop, especially on Zuul: the `lookup()` is launched onto the zuul-executor node, where we don't manage anything, and may lead to multiple issues such as: - collection not present (it seems to be present, but still) - kubectl being missing from the path (seems to be present for now) - old kubectl not knowing about `kustomize` option Calling plain `shell` ensures we're running the build onto an environment we 100% manage and know.
openstack-k8s-operators · May 14, 2024 · 52c1faa · 52c1faa
1 parent 8958f87
commit 52c1faa
Showing 1 changed file with 10 additions and 10 deletions.
diff --git a/roles/kustomize_deploy/tasks/execute_step.yml b/roles/kustomize_deploy/tasks/execute_step.yml
@@ -192,17 +192,17 @@
              path_join | realpath
           }}
       block:
+        # We have to use plain `kubectl kustomize`: lookup would
+        # be executed locally, on the ansible-controller. In CI,
+        # that would be the zuul-executor, and we don't manage them,
+        # leading to a risk to either NOT have kubectl, or an old,
+        # deprecated version.
         - name: "Build kustomized content for {{ stage.path }}"
-          ansible.builtin.copy:
-            dest: "{{ _output }}"
-            mode: "0644"
-            content: >-
-              {{
-                lookup(
-                  'kubernetes.core.kustomize',
-                  dir=_chdir
-                )
-              }}
+          ansible.builtin.shell:
+            chdir: "{{ _chdir }}"
+            cmd: |-
+              set -o pipefail
+              kubectl kustomize > {{ _output }}
 
         - name: "Store kustomized content in artifacts for {{ stage.path }}"
           ansible.builtin.copy: