一定时间间隔内多次重试是脚本书写中的常见场景,一般就是循环+sleep,这篇文章以kubernetes的证书签名请求自动批准为例介绍一下这种常见的写法。
手动证书签名请求批准
- 使用kubectl get csr获取当前的证书签名请求
[root@host132 ansible]# kubectl get csr
NAME AGE REQUESTOR CONDITION
csr-4mnvj 12m kubelet-bootstrap Approved,Issued
csr-b9mmc 12m kubelet-bootstrap Pending
csr-z2hrz 12m system:node:192.168.163.133 Pending
[root@host132 ansible]#
- 对pending中的请求进行approve动作
[root@host132 ansible]# kubectl certificate approve csr-b9mmc
certificatesigningrequest.certificates.k8s.io/csr-b9mmc approved
[root@host132 ansible]# kubectl get csr
NAME AGE REQUESTOR CONDITION
csr-4mnvj 14m kubelet-bootstrap Approved,Issued
csr-b9mmc 14m kubelet-bootstrap Approved,Issued
csr-mz4bb 4s system:node:192.168.163.132 Pending
csr-z2hrz 14m system:node:192.168.163.133 Pending
[root@host132 ansible]#
retry + sleep
- name: wait for kubelet csr requestor
shell: "kubectl get csr | grep kubelet-bootstrap |grep Pending"
register: csr_status
until: '"Pending" in csr_status.stdout'
retries: "{{ var_retry_max }}"
delay: "{{ var_delay_cnt }}"
tags:
- "csr-approve"
- name: auto approve kubelet csr requestor
shell: "csr_name=`kubectl get csr | grep kubelet-bootstrap |grep Pending|grep -v grep |head -n1 |awk '{print $1}'` \
&& kubectl certificate approve ${csr_name}"
register: approve_status
until: '"approved" in approve_status.stdout'
retries: "{{ var_retry_max }}"
delay: "{{ var_delay_cnt }}"
tags:
- "csr-approve"
总结
可以看到上述的写法基本上已经没有新的知识点,就像前面提到的drop-if-exist的写法那样都是在Ansible的脚本中常见的写法。
来源:CSDN
作者:liumiaocn
链接:https://blog.csdn.net/liumiaocn/article/details/103708513