Ansible Tower Container Groups with OpenShift
What are they? Serverless functions?.. a new Tower feature?.. Well they are an integration to run your playbooks in OpenShift/Kubernetes pods. Check out this video to see this feature in action.
This is made possible by using Ansible Runner.
The project can be found under the Ansible org on GitHub.
Below I will detail the steps required to set this up. Then show you how to build some Dockerfiles that use Ansible Runner
Let's set up the OpenShift requirements for Container Groups.
1. Create a Project/Namespace in OpenShift named (ansible-tower). This can be done in the OpenShift console or via oc/kubectl.
2. Create a ServiceAccount named (tower).This can be done in the OpenShift console or via oc/kubectl.
3. Create a Role named (pod-manager).This can be done in the OpenShift console or via oc/kubectl.
4. Create a RoleBinding that binds the pod manager role to the tower service account.This can be done in the OpenShift console or via oc/kubectl.
Now let's set up the Ansible Tower requirements for Container Groups.
1. Create the Credential
CREDENTIAL TYPE
Choose the OpenShift or Kubernetes API Bearer Token type.
Copy the token from the service account created in that project (User Management > Service Accounts > (tower) ←The one you made in the earlier steps)
OPENSHIFT OR KUBERNETES API ENDPOINT
I grabbed the short version from the oc login command, it should look like (https://api.foo.openshift.io:6443)
2. Create the Container Group
In Ansible Tower under Instance Groups > The green plus symbol > CREATE CONTAINER GROUP
3. Configure the Container Group
Give it a name and select the OpenShift or Kubernetes API Bearer Token we created earlier in the steps above.
Now the fun part, paste in your Kubernetes Pod manifest. I like to use this one as a default when first getting started.
Pod manifest