AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on OpenShift 4.18 Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate Red Hat OpenShift 4.18 with Ansible: redhat.openshift collection, MachineConfig, Operators, GitOps/ArgoCD bootstrap, projects, RBAC.

Red Hat OpenShift 4.18 (EUS, released early 2025) is the enterprise Kubernetes distribution built on RHEL CoreOS. It bundles RHCOS, OperatorHub, OpenShift GitOps (Argo CD), OpenShift Pipelines (Tekton), and the Machine Config Operator. Ansible automates OpenShift via the redhat.openshift collection (a vendored superset of kubernetes.core with OpenShift-specific resources like Route, Project, ImageStream). This is the master Ansible guide for OpenShift 4.18.

OpenShift 4.18 release facts

| Item | Value | |---|---| | Kubernetes | 1.31 | | RHCOS | RHEL 9.4-based | | Release type | EUS (Extended Update Support) | | Lifecycle | Full Support 18 months + Maintenance Support | | Ecosystem | OperatorHub, GitOps, Pipelines, Service Mesh, Virtualization |

See also: Ansible OpenShift Automation: Deploy, Manage, and Scale Kubernetes Workloads

Ansible-core compatibility

Use ansible-core 2.18 LTS. Required:

pip install kubernetes openshift jsonpatch

Collections:

collections:
  - name: redhat.openshift
    version: ">=4.0.0"
  - name: kubernetes.core
    version: ">=5.2.0"

Authentication

# group_vars/openshift.yml
ocp_host: https://api.ocp01.lab.example.com:6443
ocp_token: "{{ vault_ocp_token }}"
ocp_validate_certs: false

See also: Ansible for Kubernetes: Automate K8s Cluster Management and Application Deployment

Create a project (namespace)

- name: Create OpenShift project
  hosts: localhost
  gather_facts: false
  tasks:
    - name: Project
      redhat.openshift.openshift_project:
        host: "{{ ocp_host }}"
        api_key: "{{ ocp_token }}"
        validate_certs: "{{ ocp_validate_certs }}"
        name: web
        state: present

Deploy app + Route

- name: Deploy app and expose Route
  hosts: localhost
  gather_facts: false
  tasks:
    - name: Deployment
      kubernetes.core.k8s:
        host: "{{ ocp_host }}"
        api_key: "{{ ocp_token }}"
        validate_certs: false
        namespace: web
        state: present
        definition:
          apiVersion: apps/v1
          kind: Deployment
          metadata: { name: nginx }
          spec:
            replicas: 2
            selector: { matchLabels: { app: nginx } }
            template:
              metadata: { labels: { app: nginx } }
              spec:
                containers:
                  - name: nginx
                    image: registry.access.redhat.com/ubi9/nginx-122:latest
                    ports: [ { containerPort: 8080 } ]

- name: Service
      kubernetes.core.k8s:
        host: "{{ ocp_host }}"
        api_key: "{{ ocp_token }}"
        validate_certs: false
        namespace: web
        state: present
        definition:
          apiVersion: v1
          kind: Service
          metadata: { name: nginx }
          spec:
            selector: { app: nginx }
            ports: [ { port: 8080, targetPort: 8080 } ]


- name: Route
      kubernetes.core.k8s:
        host: "{{ ocp_host }}"
        api_key: "{{ ocp_token }}"
        validate_certs: false
        namespace: web
        state: present
        definition:
          apiVersion: route.openshift.io/v1
          kind: Route
          metadata: { name: nginx }
          spec:
            host: nginx.apps.ocp01.lab.example.com
            tls: { termination: edge }
            to: { kind: Service, name: nginx }
            port: { targetPort: 8080 }

See also: Ansible for Kubernetes: Deploy, Manage, and Automate K8s Clusters Complete Guide

Install OpenShift GitOps Operator

- name: Install OpenShift GitOps
  hosts: localhost
  gather_facts: false
  tasks:
    - name: Subscription
      kubernetes.core.k8s:
        host: "{{ ocp_host }}"
        api_key: "{{ ocp_token }}"
        validate_certs: false
        state: present
        definition:
          apiVersion: operators.coreos.com/v1alpha1
          kind: Subscription
          metadata:
            name: openshift-gitops-operator
            namespace: openshift-operators
          spec:
            channel: latest
            name: openshift-gitops-operator
            source: redhat-operators
            sourceNamespace: openshift-marketplace

MachineConfig: kernel arg via MCO

- name: Apply MachineConfig (kernel arg)
  hosts: localhost
  gather_facts: false
  tasks:
    - name: MC
      kubernetes.core.k8s:
        host: "{{ ocp_host }}"
        api_key: "{{ ocp_token }}"
        validate_certs: false
        state: present
        definition:
          apiVersion: machineconfiguration.openshift.io/v1
          kind: MachineConfig
          metadata:
            name: 99-worker-kargs
            labels:
              machineconfiguration.openshift.io/role: worker
          spec:
            kernelArguments:
              - "audit=1"

Best practices

• Use redhat.openshift for OpenShift-specific resources (Route, Project, ImageStream); kubernetes.core for the rest. • Bootstrap OpenShift GitOps via Ansible, then manage workloads through ArgoCD. • Drive cluster-level config (MCO, NodeNetworkConfig, OperatorHub) through Ansible with strict approval gates. • Use service accounts + bound tokens instead of long-lived kubeadmin tokens.

Conclusion

OpenShift 4.18 + redhat.openshift gives you enterprise Kubernetes with a cohesive Ansible automation surface — projects, routes, operators, MachineConfigs. Bootstrap GitOps with Ansible, hand off day-2 to ArgoCD, and keep cluster-level changes governed through AAP.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home