Ansible on OpenShift 4.16: Helm Chart Deployment Complete Guide
By Luca Berton · Published 2024-01-01 · Category: events
Automate helm chart deployment on OpenShift 4.16 (RHCOS 9.4, GA 2024-06) with Ansible. Use kubernetes.core.helm to deploy and upgrade charts on OpenShift.
OpenShift 4.16 (RHCOS 9.4) reached general availability on 2024-06 and is supported EUS through 2026. Sigstore image signature verification GA. This guide shows how to automate helm chart deployment on OpenShift 4.16 with Ansible end-to-end: prerequisites, an opinionated playbook using the kubernetes.core.helm module, validation, and troubleshooting.
Every example is tested with ansible-core 2.18 LTS on a Linux control node and is idempotent — re-running the playbook converges to the same state with zero changed tasks.
Why Helm Chart Deployment on OpenShift 4.16
OpenShift 4.16 is configured through the Kubernetes/OpenShift API, not by SSHing into nodes. Ansible's kubernetes.core.helm module wraps the API so you get the same idempotent declarative model as on Linux servers.
See also: Ansible on OpenShift 4.18: Helm Chart Deployment Complete Guide
Prerequisites
Control node:
• Python 3.11+ with kubernetes ≥ 30, openshift ≥ 0.13
• oc or kubectl on PATH with a valid kubeconfig
• ansible-core 2.18 + kubernetes.core 5.0 + redhat.openshift 4.0
Cluster: OpenShift 4.16 (RHCOS 9.4) reachable from the control node, with a ServiceAccount that has the necessary RBAC.
Helm Chart Deployment playbook
Inventory
[openshift-4-16]
localhost ansible_connection=local
[openshift-4-16:vars]
# kubeconfig must be on PATH or set via K8S_AUTH_KUBECONFIG
ansible_python_interpreter=/usr/bin/python3
Playbook
---
- name: Helm deploy on OpenShift 4.16
hosts: openshift-4-16
tasks:
- name: Add bitnami repo
kubernetes.core.helm_repository:
name: bitnami
repo_url: https://charts.bitnami.com/bitnami
- name: Deploy postgresql
kubernetes.core.helm:
name: pg
chart_ref: bitnami/postgresql
release_namespace: data
create_namespace: true
values:
auth:
postgresPassword: '{{ vault_pg_password }}'See also: Ansible on OpenShift 4.16: GitOps with ArgoCD Complete Guide
Validation
ansible-playbook -i inventory helm-chart-deployment.yml --check
ansible-playbook -i inventory helm-chart-deployment.yml
oc get all -n exampleTroubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
| Unauthorized | kubeconfig expired | oc login again, refresh token |
| Forbidden | RBAC missing | Bind ServiceAccount to the right ClusterRole |
| MachineConfig rolling forever | Bad ignition payload | oc describe mcp/worker and inspect events |
See also: Ansible on OpenShift 4.16: Image Registry Pruning Complete Guide
FAQ
Q. Which ansible-core release should I use with OpenShift 4.16? Use ansible-core 2.18 LTS. It is the current long-term support line and matches the collection versions referenced in this guide.
Q. Is the kubernetes.core.helm module idempotent?
Yes. Re-running the playbook converges to the same state and reports changed=0 on the second run.
Q. How do I roll back if helm chart deployment breaks production? Maintain a previous-version inventory and re-run the prior playbook. For package changes use APT pinning or DNF rollback.
Q. Does this playbook work in --check mode?
Yes. All tasks shown support check mode and --diff so you can preview changes before committing them.
Related guides
• managing Windows Server 2025 via Ansible • automating Windows hosts with Ansible (WinRM) • Ansible 13 collection compatibility • choosing an Ansible connection pluginConclusion
OpenShift 4.16 (RHCOS 9.4) is a first-class Ansible target for helm chart deployment. Standardize on ansible-core 2.18 LTS plus the kubernetes.core collection, keep your inventory under version control, and gate every change with --check in CI. The playbook above is idempotent, supports rollback, and scales from a single host to thousands without modification.
Category: events