Ansible on Kubernetes 1.32 Automation Complete Guide
By Luca Berton · Published 2024-01-01 · Category: installation
Automate Kubernetes 1.32 with Ansible: kubeadm bootstrap, structured auth, ImageVolume beta, dynamic resource allocation.
Kubernetes 1.32 "Penelope" (released December 2024) brings Dynamic Resource Allocation (DRA) v1beta1, ImageVolume beta, structured authorization configuration GA, and many cleanups. Ansible's kubernetes.core collection drives bootstrap (kubeadm) and day-2 workload delivery (manifests, Helm). This is the master Ansible guide for Kubernetes 1.32.
Kubernetes 1.32 release facts
| Item | Value | |---|---| | Codename | Penelope | | Released | 2024-12-11 | | Support | through 2026-02 (standard) | | New | DRA v1beta1, ImageVolume beta, structured auth GA |
See also: Ansible on Kubernetes 1.31 Automation Complete Guide
Ansible-core compatibility
Use ansible-core 2.18 LTS with Python kubernetes>=31.0.0:
pip install kubernetes openshift jsonpatchCollections:
collections:
- name: kubernetes.core
version: ">=5.2.0"Inventory
[k8s_control]
cp01 ansible_host=10.0.1.11
cp02 ansible_host=10.0.1.12
cp03 ansible_host=10.0.1.13
[k8s_workers]
w01 ansible_host=10.0.2.11
w02 ansible_host=10.0.2.12
See also: Ansible for Kubernetes: Automate K8s Cluster Management and Application Deployment
kubeadm bootstrap (1.32)
- name: Bootstrap K8s 1.32
hosts: k8s_control:k8s_workers
become: true
tasks:
- name: Repo (pkgs.k8s.io)
ansible.builtin.copy:
dest: /etc/apt/sources.list.d/kubernetes.list
content: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /\n"
- name: Install
ansible.builtin.apt:
name:
- kubeadm=1.32.*
- kubelet=1.32.*
- kubectl=1.32.*
state: present
update_cache: true
- name: Hold packages
ansible.builtin.dpkg_selections:
name: "{{ item }}"
selection: hold
loop: [kubeadm, kubelet, kubectl]
Initialize control plane with structured authorization
- name: Init CP with auth-config
hosts: cp01
become: true
tasks:
- name: Push authorization config
ansible.builtin.copy:
dest: /etc/kubernetes/auth-config.yaml
content: |
apiVersion: apiserver.config.k8s.io/v1
kind: AuthorizationConfiguration
authorizers:
- type: Node
- type: RBAC
- name: kubeadm init
ansible.builtin.command: >
kubeadm init
--kubernetes-version=1.32.0
--pod-network-cidr=10.244.0.0/16
--apiserver-extra-args=authorization-config=/etc/kubernetes/auth-config.yaml
args:
creates: /etc/kubernetes/admin.conf
See also: Ansible for Kubernetes: Deploy, Manage, and Automate K8s Clusters Complete Guide
Workload using ImageVolume
- name: Pod with ImageVolume
hosts: localhost
gather_facts: false
tasks:
- name: Pod
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
state: present
definition:
apiVersion: v1
kind: Pod
metadata:
name: app-with-image-vol
namespace: default
spec:
containers:
- name: app
image: registry.example.com/app:1.0.0
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
image:
reference: registry.example.com/data:1.0.0
pullPolicy: IfNotPresentDRA example
- name: DRA ResourceClaim
hosts: localhost
gather_facts: false
tasks:
- name: ResourceClaim
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
state: present
definition:
apiVersion: resource.k8s.io/v1beta1
kind: ResourceClaim
metadata:
name: gpu-claim
namespace: ml
spec:
resourceClassName: nvidia-a100Best practices
• For 1.32, prefer structured authorization config over flag-based settings. • Usekubernetes.core.k8s apply: true to behave like kubectl apply (server-side apply).
• Pin *kube package versions** and hold them; upgrade across one minor at a time.
• Validate manifests with kubeconform in CI before Ansible applies them.
Conclusion
Kubernetes 1.32 + Ansible's kubernetes.core collection brings new APIs (DRA, ImageVolume) into reach with the same playbook patterns. Pin versions, use structured authorization, and let Ansible bootstrap clusters while GitOps owns day-2 application state.
Prerequisites for Ansible + Kubernetes
# Install the kubernetes.core collection
ansible-galaxy collection install kubernetes.core
# Install Python dependencies
pip install kubernetes openshift PyYAML
Managing Kubernetes Resources
- name: Manage Kubernetes 1.32 cluster
hosts: localhost
connection: local
tasks:
- name: Create a namespace
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: my-app
- name: Deploy nginx
kubernetes.core.k8s:
state: present
definition:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: my-app
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.27
ports:
- containerPort: 80
- name: Expose nginx as a service
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
namespace: my-app
spec:
selector:
app: nginx
ports:
- port: 80
targetPort: 80
type: ClusterIP
Using kubectl with Ansible
- name: Get pods in namespace
kubernetes.core.k8s_info:
kind: Pod
namespace: my-app
register: pod_list
- name: Show running pods
ansible.builtin.debug:
msg: "{{ item.metadata.name }} — {{ item.status.phase }}"
loop: "{{ pod_list.resources }}"
Helm Chart Management
- name: Deploy chart via Helm
kubernetes.core.helm:
name: ingress-nginx
chart_ref: ingress-nginx/ingress-nginx
release_namespace: ingress-nginx
create_namespace: true
values:
controller:
replicaCount: 2FAQ
What changed in Kubernetes 1.32?
Kubernetes 1.32 includes improvements to Pod lifecycle, enhanced sidecar containers (stable), and updates to the Gateway API. Check the official changelog for full details.
Do I need kubectl installed to use Ansible with Kubernetes?
No. The kubernetes.core.k8s module uses the Python kubernetes library directly. However, kubectl is useful for debugging and manual verification.
How do I authenticate Ansible with multiple clusters?
Use the kubeconfig parameter or K8S_AUTH_KUBECONFIG environment variable to specify different kubeconfig files per task or play.
Category: installation