From 058d101bf9684f84c209a2706ecf79f9f56e84fc Mon Sep 17 00:00:00 2001
From: Lovro Seder <vrovro@gmail.com>
Date: Wed, 11 Mar 2020 13:17:36 +0100
Subject: [PATCH] Escape dots in jsonpath keys. (#5600)
+ use more secure `command` instead of `shell`
+ read-only command doesn't change state - make idempotent
+ multi-line long string
---
roles/win_nodes/kubernetes_patch/tasks/main.yml | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/roles/win_nodes/kubernetes_patch/tasks/main.yml b/roles/win_nodes/kubernetes_patch/tasks/main.yml
index 4430b513b..98af1c5a9 100644
--- a/roles/win_nodes/kubernetes_patch/tasks/main.yml
+++ b/roles/win_nodes/kubernetes_patch/tasks/main.yml
@@ -16,15 +16,21 @@
# Due to https://github.com/kubernetes/kubernetes/issues/58212 we cannot rely on exit code for "kubectl patch"
- name: Check current nodeselector for kube-proxy daemonset
- shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get ds kube-proxy --namespace=kube-system -o jsonpath='{.spec.template.spec.nodeSelector.beta.kubernetes.io/os}'"
+ command: >-
+ {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf
+ get ds kube-proxy --namespace=kube-system
+ -o jsonpath='{.spec.template.spec.nodeSelector.beta\.kubernetes\.io/os}'
register: current_kube_proxy_state
retries: 60
delay: 5
until: current_kube_proxy_state is succeeded
-
+ changed_when: false
- name: Apply nodeselector patch for kube-proxy daemonset
- shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf patch ds kube-proxy --namespace=kube-system --type=strategic -p \"$(cat nodeselector-os-linux-patch.json)\""
+ shell: >-
+ {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf
+ patch ds kube-proxy --namespace=kube-system --type=strategic -p
+ "$(cat nodeselector-os-linux-patch.json)"
args:
chdir: "{{ kubernetes_user_manifests_path }}"
register: patch_kube_proxy_state
--
GitLab