kubevirt – Inventory source for KubeVirt VirtualMachines and VirtualMachineInstances

Note

This inventory plugin is part of the kubevirt.core collection.

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install kubevirt.core. You need further requirements to be able to use this inventory plugin, see Requirements for details.

To use it in a playbook, specify: kubevirt.core.kubevirt.

Synopsis

  • Fetch virtual machines from one or more namespaces with an optional label selector.

  • Groups by cluster name, namespaces and labels.

  • Uses *.kubevirt.[yml|yaml] YAML configuration file to set parameter values.

  • By default it uses the active context in ~/.kube/config and will return all virtual machines for all namespaces the active user is authorized to access.

Requirements

The below requirements are needed on the local controller node that executes this inventory.

  • python >= 3.9

  • kubernetes >= 28.1.0

  • PyYAML >= 3.11

Parameters

Parameter

Comments

api_key

string

Token used to authenticate with the API.

Can also be specified via K8S_AUTH_API_KEY environment variable.

api_version

string

Specify the used KubeVirt API version.

Default: "kubevirt.io/v1"

append_base_domain

boolean

Append the base domain of the cluster to host names constructed from SSH Services of type NodePort.

Choices:

  • false ← (default)

  • true

base_domain

string

Override the base domain used to construct host names. Used in case of kubesecondarydns or Services of type NodePort if append_base_domain is set.

ca_cert

aliases: ssl_ca_cert

path

Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to avoid certificate validation errors.

Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable.

cache

boolean

Toggle to enable/disable the caching of the inventory's source data, requires a cache plugin setup to work.

Choices:

  • false ← (default)

  • true

Configuration:

  • INI entry

    [inventory]
    cache = false
  • Environment variable: ANSIBLE_INVENTORY_CACHE

cache_connection

string

Cache connection data or path, read cache plugin documentation for specifics.

Configuration:

  • INI entries

    [defaults]
    fact_caching_connection = VALUE
    [inventory]
    cache_connection = VALUE
  • Environment variable: ANSIBLE_CACHE_PLUGIN_CONNECTION

  • Environment variable: ANSIBLE_INVENTORY_CACHE_CONNECTION

cache_plugin

string

Cache plugin to use for the inventory's source data.

Default: "memory"

Configuration:

  • INI entries

    [defaults]
    fact_caching = memory
    [inventory]
    cache_plugin = memory
  • Environment variable: ANSIBLE_CACHE_PLUGIN

  • Environment variable: ANSIBLE_INVENTORY_CACHE_PLUGIN

cache_prefix

string

Prefix to use for cache plugin files/tables

Default: "ansible_inventory_"

Configuration:

  • INI entries

    [defaults]
    fact_caching_prefix = ansible_inventory_
    [inventory]
    cache_prefix = ansible_inventory_
  • Environment variable: ANSIBLE_CACHE_PLUGIN_PREFIX

  • Environment variable: ANSIBLE_INVENTORY_CACHE_PLUGIN_PREFIX

cache_timeout

integer

Cache duration in seconds

Default: 3600

Configuration:

  • INI entries

    [defaults]
    fact_caching_timeout = 3600
    [inventory]
    cache_timeout = 3600
  • Environment variable: ANSIBLE_CACHE_PLUGIN_TIMEOUT

  • Environment variable: ANSIBLE_INVENTORY_CACHE_TIMEOUT

client_cert

aliases: cert_file

path

Path to a certificate used to authenticate with the API.

Can also be specified via K8S_AUTH_CERT_FILE environment variable.

client_key

aliases: key_file

path

Path to a key file used to authenticate with the API.

Can also be specified via K8S_AUTH_KEY_FILE environment variable.

compose

dictionary

Create vars from jinja2 expressions.

Default: {}

connections

string

Optional list of cluster connection settings.

This parameter is deprecated. Split your connections into multiple configuration files and move parameters of each connection to the configuration top level.

Deprecated in version 1.5.0, will be removed in version 3.0.0.

context

string

The name of a context found in the config file.

Can also be specified via K8S_AUTH_CONTEXT environment variable.

create_groups

boolean

Enable the creation of groups from labels on VirtualMachines and VirtualMachineInstances.

Choices:

  • false ← (default)

  • true

groups

dictionary

Add hosts to group based on Jinja2 conditionals.

Default: {}

host

string

Provide a URL for accessing the API.

Can also be specified via K8S_AUTH_HOST environment variable.

host_format

string

Specify the format of the host in the inventory group. Available specifiers: name, namespace and uid.

Default: "{namespace}-{name}"

impersonate_groups

list / elements=string

Group(s) to impersonate for the operation.

Can also be specified via K8S_AUTH_IMPERSONATE_GROUPS environment variable, e.g. Group1,Group2.

impersonate_user

string

Username to impersonate for the operation.

Can also be specified via K8S_AUTH_IMPERSONATE_USER environment variable.

keyed_groups

list / elements=dictionary

Add hosts to group based on the values of a variable.

Default: []

default_value

string

added in ansible-core 2.12

The default value when the host variable's value is an empty string.

This option is mutually exclusive with keyed_groups[].trailing_separator.

key

string

The key from input dictionary used to generate groups

parent_group

string

parent group for keyed group

prefix

string

A keyed group name will start with this prefix

Default: ""

separator

string

separator used to build the keyed group name

Default: "_"

trailing_separator

boolean

added in ansible-core 2.12

Set this option to False to omit the keyed_groups[].separator after the host variable when the value is an empty string.

This option is mutually exclusive with keyed_groups[].default_value.

Choices:

  • false

  • true ← (default)

kube_secondary_dns

boolean

Enable kubesecondarydns derived host names when using a secondary network interface.

Choices:

  • false ← (default)

  • true

kubeconfig

any

Path to an existing Kubernetes config file. If not provided, and no other connection options are provided, the Kubernetes client will attempt to load the default configuration file from ~/.kube/config.

Can also be specified via K8S_AUTH_KUBECONFIG environment variable.

Multiple Kubernetes config file can be provided using separator ; for Windows platform or : for others platforms.

The kubernetes configuration can be provided as dictionary. This feature requires a python kubernetes client version >= 17.17.0.

label_selector

string

Define a label selector to select a subset of the fetched virtual machines.

leading_separator

boolean

added in ansible-core 2.11

Use in conjunction with keyed_groups.

By default, a keyed group that does not have a prefix or a separator provided will have a name that starts with an underscore.

This is because the default prefix is "" and the default separator is "_".

Set this option to False to omit the leading underscore (or other separator) if no prefix is given.

If the group name is derived from a mapping the separator is still used to concatenate the items.

To not use a separator in the group name at all, set the separator for the keyed group to an empty string instead.

Choices:

  • false

  • true ← (default)

name

string

Optional name to assign to the cluster. If not provided, a name is constructed from the server and port.

namespaces

string

List of namespaces. If not specified, will fetch virtual machines from all namespaces the user is authorized to access.

network_name

aliases: interface_name

string

In case multiple networks are attached to a virtual machine, define which interface should be returned as primary IP address.

no_proxy

string

The comma separated list of hosts/domains/IP/CIDR that shouldn't go through proxy.

Can also be specified via K8S_AUTH_NO_PROXY environment variable.

Please note that this module does not pick up typical proxy settings from the environment (e.g. NO_PROXY).

This feature requires kubernetes>=19.15.0. When kubernetes library is less than 19.15.0, it fails even no_proxy set in correct.

Example value is localhost,.local,.example.com,127.0.0.1,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16.

password

string

Provide a password for authenticating with the API.

Can also be specified via K8S_AUTH_PASSWORD environment variable.

Please read the description of the username option for a discussion of when this option is applicable.

persist_config

boolean

Whether or not to save the kube config refresh tokens.

Can also be specified via K8S_AUTH_PERSIST_CONFIG environment variable.

When the k8s context is using a user credentials with refresh tokens (like oidc or gke/gcloud auth), the token is refreshed by the k8s python client library but not saved by default. So the old refresh token can expire and the next auth might fail. Setting this flag to true will tell the k8s python client to save the new refresh token to the kube config file.

Disabled by default.

Choices:

  • false

  • true

plugin

string / required

Token that ensures this is a source file for the kubevirt.core.kubevirt plugin.

Choices:

  • "kubevirt"

  • "kubevirt.core.kubevirt"

proxy

string

The URL of an HTTP proxy to use for the connection.

Can also be specified via K8S_AUTH_PROXY environment variable.

Please note that this module does not pick up typical proxy settings from the environment (e.g. HTTP_PROXY).

proxy_headers

dictionary

basic_auth

string

Colon-separated username:password for basic authentication header.

Can also be specified via K8S_AUTH_PROXY_HEADERS_BASIC_AUTH environment variable.

proxy_basic_auth

string

Colon-separated username:password for proxy basic authentication header.

Can also be specified via K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH environment variable.

user_agent

string

String representing the user-agent you want, such as foo/1.0.

Can also be specified via K8S_AUTH_PROXY_HEADERS_USER_AGENT environment variable.

strict

boolean

If yes make invalid entries a fatal error, otherwise skip and continue.

Since it is possible to use facts in the expressions they might not always be available and we ignore those errors by default.

Choices:

  • false ← (default)

  • true

use_extra_vars

boolean

added in ansible-core 2.11

Merge extra vars into the available variables for composition (highest precedence).

Choices:

  • false ← (default)

  • true

Configuration:

  • INI entry

    [inventory_plugins]
    use_extra_vars = false
  • Environment variable: ANSIBLE_INVENTORY_USE_EXTRA_VARS

use_service

boolean

Enable the use of Services to establish an SSH connection to a virtual machine.

Services are only used if no network_name was provided.

Choices:

  • false

  • true ← (default)

username

string

Provide a username for authenticating with the API.

Can also be specified via K8S_AUTH_USERNAME environment variable.

validate_certs

aliases: verify_ssl

boolean

Whether or not to verify the API server's SSL certificates.

Can also be specified via K8S_AUTH_VERIFY_SSL environment variable.

Choices:

  • false

  • true

Notes

Note

  • To avoid SSL certificate validation errors when validate_certs=yes, the full certificate chain for the API server must be provided via ca_cert or in the kubeconfig file.

Examples

# Filename must end with kubevirt.[yml|yaml]

# Authenticate with token and return all virtual machines from all accessible namespaces
- plugin: kubevirt.core.kubevirt
  host: https://192.168.64.4:8443
  api_key: xxxxxxxxxxxxxxxx
  validate_certs: false

# Use default ~/.kube/config and return virtual machines from namespace testing connected to network bridge-network
- plugin: kubevirt.core.kubevirt
  namespaces:
    - testing
  network_name: bridge-network

# Use default ~/.kube/config and return virtual machines from namespace testing with label app=test
- plugin: kubevirt.core.kubevirt
  namespaces:
    - testing
  label_selector: app=test

# Use a custom config file and a specific context
- plugin: kubevirt.core.kubevirt
  kubeconfig: /path/to/config
  context: 'awx/192-168-64-4:8443/developer'

Authors

  • KubeVirt.io Project

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.