kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improving yamllint configuration (#11389) 

Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>
pull/11392/head
Bas 2024-07-26 03:42:20 +02:00 committed by GitHub
parent 5394715d9b
commit 8f5f75211f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
154 changed files with 342 additions and 334 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.yamllint
View File

@ -6,7 +6,7 @@ ignore: |
.github/ .github/
# Generated file # Generated file
tests/files/custom_cni/cilium.yaml tests/files/custom_cni/cilium.yaml
# https://ansible.readthedocs.io/projects/lint/rules/yaml/
rules: rules:
braces: braces:
min-spaces-inside: 0 min-spaces-inside: 0
@ -14,9 +14,16 @@ rules:
brackets: brackets:
min-spaces-inside: 0 min-spaces-inside: 0
max-spaces-inside: 1 max-spaces-inside: 1
comments:
min-spaces-from-content: 1
# https://github.com/adrienverge/yamllint/issues/384
comments-indentation: false
indentation: indentation:
spaces: 2 spaces: 2
indent-sequences: consistent indent-sequences: consistent
line-length: disable line-length: disable
new-line-at-end-of-file: disable new-line-at-end-of-file: disable
octal-values:
forbid-implicit-octal: true # yamllint defaults to false
forbid-explicit-octal: true # yamllint defaults to false
truthy: disable truthy: disable

2
contrib/azurerm/roles/generate-inventory/tasks/main.yml
View File

@ -12,4 +12,4 @@
template: template:
src: inventory.j2 src: inventory.j2
dest: "{{ playbook_dir }}/inventory" dest: "{{ playbook_dir }}/inventory"
mode: 0644 mode: "0644"

4
contrib/azurerm/roles/generate-inventory_2/tasks/main.yml
View File

@ -22,10 +22,10 @@
template: template:
src: inventory.j2 src: inventory.j2
dest: "{{ playbook_dir }}/inventory" dest: "{{ playbook_dir }}/inventory"
mode: 0644 mode: "0644"
- name: Generate Load Balancer variables - name: Generate Load Balancer variables
template: template:
src: loadbalancer_vars.j2 src: loadbalancer_vars.j2
dest: "{{ playbook_dir }}/loadbalancer_vars.yml" dest: "{{ playbook_dir }}/loadbalancer_vars.yml"
mode: 0644 mode: "0644"

4
contrib/azurerm/roles/generate-templates/tasks/main.yml
View File

@ -8,13 +8,13 @@
path: "{{ base_dir }}" path: "{{ base_dir }}"
state: directory state: directory
recurse: true recurse: true
mode: 0755 mode: "0755"
- name: Store json files in base_dir - name: Store json files in base_dir
template: template:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ base_dir }}/{{ item }}" dest: "{{ base_dir }}/{{ item }}"
mode: 0644 mode: "0644"
with_items: with_items:
- network.json - network.json
- storage.json - storage.json

4
contrib/dind/roles/dind-cluster/tasks/main.yaml
View File

@ -35,7 +35,7 @@
path-exclude=/usr/share/doc/* path-exclude=/usr/share/doc/*
path-include=/usr/share/doc/*/copyright path-include=/usr/share/doc/*/copyright
dest: /etc/dpkg/dpkg.cfg.d/01_nodoc dest: /etc/dpkg/dpkg.cfg.d/01_nodoc
mode: 0644 mode: "0644"
when: when:
- ansible_os_family == 'Debian' - ansible_os_family == 'Debian'
@ -64,7 +64,7 @@
copy: copy:
content: "{{ distro_user }} ALL=(ALL) NOPASSWD:ALL" content: "{{ distro_user }} ALL=(ALL) NOPASSWD:ALL"
dest: "/etc/sudoers.d/{{ distro_user }}" dest: "/etc/sudoers.d/{{ distro_user }}"
mode: 0640 mode: "0640"
- name: "Add my pubkey to {{ distro_user }} user authorized keys" - name: "Add my pubkey to {{ distro_user }} user authorized keys"
ansible.posix.authorized_key: ansible.posix.authorized_key:

2
contrib/dind/roles/dind-host/tasks/main.yaml
View File

@ -42,7 +42,7 @@
template: template:
src: inventory_builder.sh.j2 src: inventory_builder.sh.j2
dest: /tmp/kubespray.dind.inventory_builder.sh dest: /tmp/kubespray.dind.inventory_builder.sh
mode: 0755 mode: "0755"
tags: tags:
- addresses - addresses

2
contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml
View File

@ -20,7 +20,7 @@
br-netfilter br-netfilter
owner: root owner: root
group: root group: root
mode: 0644 mode: "0644"
when: br_netfilter is defined when: br_netfilter is defined

8
contrib/kvm-setup/roles/kvm-setup/tasks/user.yml
View File

@ -11,7 +11,7 @@
state: directory state: directory
owner: "{{ k8s_deployment_user }}" owner: "{{ k8s_deployment_user }}"
group: "{{ k8s_deployment_user }}" group: "{{ k8s_deployment_user }}"
mode: 0700 mode: "0700"
- name: Configure sudo for deployment user - name: Configure sudo for deployment user
copy: copy:
@ -20,13 +20,13 @@
dest: "/etc/sudoers.d/55-k8s-deployment" dest: "/etc/sudoers.d/55-k8s-deployment"
owner: root owner: root
group: root group: root
mode: 0644 mode: "0644"
- name: Write private SSH key - name: Write private SSH key
copy: copy:
src: "{{ k8s_deployment_user_pkey_path }}" src: "{{ k8s_deployment_user_pkey_path }}"
dest: "/home/{{ k8s_deployment_user }}/.ssh/id_rsa" dest: "/home/{{ k8s_deployment_user }}/.ssh/id_rsa"
mode: 0400 mode: "0400"
owner: "{{ k8s_deployment_user }}" owner: "{{ k8s_deployment_user }}"
group: "{{ k8s_deployment_user }}" group: "{{ k8s_deployment_user }}"
when: k8s_deployment_user_pkey_path is defined when: k8s_deployment_user_pkey_path is defined
@ -41,7 +41,7 @@
- name: Fix ssh-pub-key permissions - name: Fix ssh-pub-key permissions
file: file:
path: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys" path: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
mode: 0600 mode: "0600"
owner: "{{ k8s_deployment_user }}" owner: "{{ k8s_deployment_user }}"
group: "{{ k8s_deployment_user }}" group: "{{ k8s_deployment_user }}"
when: k8s_deployment_user_pkey_path is defined when: k8s_deployment_user_pkey_path is defined

6
contrib/mitogen/mitogen.yml
View File

@ -14,7 +14,7 @@
file: file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
mode: 0755 mode: "0755"
become: false become: false
loop: loop:
- "{{ playbook_dir }}/plugins/mitogen" - "{{ playbook_dir }}/plugins/mitogen"
@ -25,7 +25,7 @@
url: "{{ mitogen_url }}" url: "{{ mitogen_url }}"
dest: "{{ playbook_dir }}/dist/mitogen_{{ mitogen_version }}.tar.gz" dest: "{{ playbook_dir }}/dist/mitogen_{{ mitogen_version }}.tar.gz"
validate_certs: true validate_certs: true
mode: 0644 mode: "0644"
- name: Extract archive - name: Extract archive
unarchive: unarchive:
@ -40,7 +40,7 @@
- name: Add strategy to ansible.cfg - name: Add strategy to ansible.cfg
community.general.ini_file: community.general.ini_file:
path: ansible.cfg path: ansible.cfg
mode: 0644 mode: "0644"
section: "{{ item.section | d('defaults') }}" section: "{{ item.section | d('defaults') }}"
option: "{{ item.option }}" option: "{{ item.option }}"
value: "{{ item.value }}" value: "{{ item.value }}"

2
contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/main.yml
View File

@ -15,7 +15,7 @@
file: file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
mode: 0775 mode: "0775"
with_items: with_items:
- "{{ gluster_mount_dir }}" - "{{ gluster_mount_dir }}"
when: ansible_os_family in ["Debian","RedHat"] and groups['gfs-cluster'] is defined when: ansible_os_family in ["Debian","RedHat"] and groups['gfs-cluster'] is defined

4
contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml
View File

@ -49,7 +49,7 @@
file: file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
mode: 0775 mode: "0775"
with_items: with_items:
- "{{ gluster_brick_dir }}" - "{{ gluster_brick_dir }}"
- "{{ gluster_mount_dir }}" - "{{ gluster_mount_dir }}"
@ -101,7 +101,7 @@
template: template:
dest: "{{ gluster_mount_dir }}/.test-file.txt" dest: "{{ gluster_mount_dir }}/.test-file.txt"
src: test-file.txt src: test-file.txt
mode: 0644 mode: "0644"
when: groups['gfs-cluster'] is defined and inventory_hostname == groups['gfs-cluster'][0] when: groups['gfs-cluster'] is defined and inventory_hostname == groups['gfs-cluster'][0]
- name: Unmount glusterfs - name: Unmount glusterfs

2
contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml
View File

@ -3,7 +3,7 @@
template: template:
src: "{{ item.file }}" src: "{{ item.file }}"
dest: "{{ kube_config_dir }}/{{ item.dest }}" dest: "{{ kube_config_dir }}/{{ item.dest }}"
mode: 0644 mode: "0644"
with_items: with_items:
- { file: glusterfs-kubernetes-endpoint.json.j2, type: ep, dest: glusterfs-kubernetes-endpoint.json} - { file: glusterfs-kubernetes-endpoint.json.j2, type: ep, dest: glusterfs-kubernetes-endpoint.json}
- { file: glusterfs-kubernetes-pv.yml.j2, type: pv, dest: glusterfs-kubernetes-pv.yml} - { file: glusterfs-kubernetes-pv.yml.j2, type: pv, dest: glusterfs-kubernetes-pv.yml}

2
contrib/network-storage/heketi/roles/provision/tasks/bootstrap/deploy.yml
View File

@ -4,7 +4,7 @@
template: template:
src: "heketi-bootstrap.json.j2" src: "heketi-bootstrap.json.j2"
dest: "{{ kube_config_dir }}/heketi-bootstrap.json" dest: "{{ kube_config_dir }}/heketi-bootstrap.json"
mode: 0640 mode: "0640"
register: "rendering" register: "rendering"
- name: "Kubernetes Apps | Install and configure Heketi Bootstrap" - name: "Kubernetes Apps | Install and configure Heketi Bootstrap"
kube: kube:

2
contrib/network-storage/heketi/roles/provision/tasks/bootstrap/topology.yml
View File

@ -10,7 +10,7 @@
template: template:
src: "topology.json.j2" src: "topology.json.j2"
dest: "{{ kube_config_dir }}/topology.json" dest: "{{ kube_config_dir }}/topology.json"
mode: 0644 mode: "0644"
- name: "Copy topology configuration into container." - name: "Copy topology configuration into container."
changed_when: false changed_when: false
command: "{{ bin_dir }}/kubectl cp {{ kube_config_dir }}/topology.json {{ initial_heketi_pod_name }}:/tmp/topology.json" command: "{{ bin_dir }}/kubectl cp {{ kube_config_dir }}/topology.json {{ initial_heketi_pod_name }}:/tmp/topology.json"

4
contrib/network-storage/heketi/roles/provision/tasks/glusterfs.yml
View File

@ -3,7 +3,7 @@
template: template:
src: "glusterfs-daemonset.json.j2" src: "glusterfs-daemonset.json.j2"
dest: "{{ kube_config_dir }}/glusterfs-daemonset.json" dest: "{{ kube_config_dir }}/glusterfs-daemonset.json"
mode: 0644 mode: "0644"
become: true become: true
register: "rendering" register: "rendering"
- name: "Kubernetes Apps | Install and configure GlusterFS daemonset" - name: "Kubernetes Apps | Install and configure GlusterFS daemonset"
@ -33,7 +33,7 @@
template: template:
src: "heketi-service-account.json.j2" src: "heketi-service-account.json.j2"
dest: "{{ kube_config_dir }}/heketi-service-account.json" dest: "{{ kube_config_dir }}/heketi-service-account.json"
mode: 0644 mode: "0644"
become: true become: true
register: "rendering" register: "rendering"
- name: "Kubernetes Apps | Install and configure Heketi Service Account" - name: "Kubernetes Apps | Install and configure Heketi Service Account"

2
contrib/network-storage/heketi/roles/provision/tasks/heketi.yml
View File

@ -4,7 +4,7 @@
template: template:
src: "heketi-deployment.json.j2" src: "heketi-deployment.json.j2"
dest: "{{ kube_config_dir }}/heketi-deployment.json" dest: "{{ kube_config_dir }}/heketi-deployment.json"
mode: 0644 mode: "0644"
register: "rendering" register: "rendering"
- name: "Kubernetes Apps | Install and configure Heketi" - name: "Kubernetes Apps | Install and configure Heketi"

2
contrib/network-storage/heketi/roles/provision/tasks/secret.yml
View File

@ -28,7 +28,7 @@
template: template:
src: "heketi.json.j2" src: "heketi.json.j2"
dest: "{{ kube_config_dir }}/heketi.json" dest: "{{ kube_config_dir }}/heketi.json"
mode: 0644 mode: "0644"
- name: "Deploy Heketi config secret" - name: "Deploy Heketi config secret"
when: "secret_state.stdout | length == 0" when: "secret_state.stdout | length == 0"

2
contrib/network-storage/heketi/roles/provision/tasks/storage.yml
View File

@ -5,7 +5,7 @@
template: template:
src: "heketi-storage.json.j2" src: "heketi-storage.json.j2"
dest: "{{ kube_config_dir }}/heketi-storage.json" dest: "{{ kube_config_dir }}/heketi-storage.json"
mode: 0644 mode: "0644"
register: "rendering" register: "rendering"
- name: "Kubernetes Apps | Install and configure Heketi Storage" - name: "Kubernetes Apps | Install and configure Heketi Storage"
kube: kube:

2
contrib/network-storage/heketi/roles/provision/tasks/storageclass.yml
View File

@ -16,7 +16,7 @@
template: template:
src: "storageclass.yml.j2" src: "storageclass.yml.j2"
dest: "{{ kube_config_dir }}/storageclass.yml" dest: "{{ kube_config_dir }}/storageclass.yml"
mode: 0644 mode: "0644"
register: "rendering" register: "rendering"
- name: "Kubernetes Apps | Install and configure Storace Class" - name: "Kubernetes Apps | Install and configure Storace Class"
kube: kube:

2
contrib/network-storage/heketi/roles/provision/tasks/topology.yml
View File

@ -10,7 +10,7 @@
template: template:
src: "topology.json.j2" src: "topology.json.j2"
dest: "{{ kube_config_dir }}/topology.json" dest: "{{ kube_config_dir }}/topology.json"
mode: 0644 mode: "0644"
- name: "Copy topology configuration into container." # noqa no-handler - name: "Copy topology configuration into container." # noqa no-handler
when: "rendering.changed" when: "rendering.changed"
command: "{{ bin_dir }}/kubectl cp {{ kube_config_dir }}/topology.json {{ heketi_pod_name }}:/tmp/topology.json" command: "{{ bin_dir }}/kubectl cp {{ kube_config_dir }}/topology.json {{ heketi_pod_name }}:/tmp/topology.json"

2
contrib/offline/generate_list.yml
View File

@ -16,7 +16,7 @@
template: template:
src: ./contrib/offline/temp/{{ item }}.list.template src: ./contrib/offline/temp/{{ item }}.list.template
dest: ./contrib/offline/temp/{{ item }}.list dest: ./contrib/offline/temp/{{ item }}.list
mode: 0644 mode: "0644"
with_items: with_items:
- files - files
- images - images

2
roles/bastion-ssh-config/molecule/default/converge.yml
View File

@ -12,4 +12,4 @@
dest: "{{ ssh_bastion_confing__name }}" dest: "{{ ssh_bastion_confing__name }}"
owner: "{{ ansible_user }}" owner: "{{ ansible_user }}"
group: "{{ ansible_user }}" group: "{{ ansible_user }}"
mode: 0644 mode: "0644"

2
roles/bastion-ssh-config/tasks/main.yml
View File

@ -19,4 +19,4 @@
template: template:
src: "{{ ssh_bastion_confing__name }}.j2" src: "{{ ssh_bastion_confing__name }}.j2"
dest: "{{ playbook_dir }}/{{ ssh_bastion_confing__name }}" dest: "{{ playbook_dir }}/{{ ssh_bastion_confing__name }}"
mode: 0640 mode: "0640"

10
roles/bootstrap-os/tasks/centos.yml
View File

@ -12,7 +12,7 @@
value: "{{ http_proxy | default(omit) }}" value: "{{ http_proxy | default(omit) }}"
state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}" state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
no_extra_spaces: true no_extra_spaces: true
mode: 0644 mode: "0644"
become: true become: true
when: not skip_http_proxy_on_os_packages when: not skip_http_proxy_on_os_packages
@ -21,7 +21,7 @@
get_url: get_url:
url: https://yum.oracle.com/public-yum-ol7.repo url: https://yum.oracle.com/public-yum-ol7.repo
dest: /etc/yum.repos.d/public-yum-ol7.repo dest: /etc/yum.repos.d/public-yum-ol7.repo
mode: 0644 mode: "0644"
when: when:
- use_oracle_public_repo | default(true) - use_oracle_public_repo | default(true)
- '''ID="ol"'' in os_release.stdout_lines' - '''ID="ol"'' in os_release.stdout_lines'
@ -34,7 +34,7 @@
section: "{{ item }}" section: "{{ item }}"
option: enabled option: enabled
value: "1" value: "1"
mode: 0644 mode: "0644"
with_items: with_items:
- ol7_latest - ol7_latest
- ol7_addons - ol7_addons
@ -59,7 +59,7 @@
section: "ol{{ ansible_distribution_major_version }}_addons" section: "ol{{ ansible_distribution_major_version }}_addons"
option: "{{ item.option }}" option: "{{ item.option }}"
value: "{{ item.value }}" value: "{{ item.value }}"
mode: 0644 mode: "0644"
with_items: with_items:
- { option: "name", value: "ol{{ ansible_distribution_major_version }}_addons" } - { option: "name", value: "ol{{ ansible_distribution_major_version }}_addons" }
- { option: "enabled", value: "1" } - { option: "enabled", value: "1" }
@ -75,7 +75,7 @@
section: "extras" section: "extras"
option: "{{ item.option }}" option: "{{ item.option }}"
value: "{{ item.value }}" value: "{{ item.value }}"
mode: 0644 mode: "0644"
with_items: with_items:
- { option: "name", value: "CentOS-{{ ansible_distribution_major_version }} - Extras" } - { option: "name", value: "CentOS-{{ ansible_distribution_major_version }} - Extras" }
- { option: "enabled", value: "1" } - { option: "enabled", value: "1" }

2
roles/bootstrap-os/tasks/fedora.yml
View File

@ -17,7 +17,7 @@
value: "{{ http_proxy | default(omit) }}" value: "{{ http_proxy | default(omit) }}"
state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}" state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
no_extra_spaces: true no_extra_spaces: true
mode: 0644 mode: "0644"
become: true become: true
when: not skip_http_proxy_on_os_packages when: not skip_http_proxy_on_os_packages

4
roles/bootstrap-os/tasks/main.yml
View File

@ -36,7 +36,7 @@
file: file:
path: "{{ ansible_remote_tmp | default('~/.ansible/tmp') }}" path: "{{ ansible_remote_tmp | default('~/.ansible/tmp') }}"
state: directory state: directory
mode: 0700 mode: "0700"
- name: Gather facts - name: Gather facts
setup: setup:
@ -61,4 +61,4 @@
state: directory state: directory
owner: root owner: root
group: root group: root
mode: 0755 mode: "0755"

2
roles/bootstrap-os/tasks/redhat.yml
View File

@ -12,7 +12,7 @@
value: "{{ http_proxy | default(omit) }}" value: "{{ http_proxy | default(omit) }}"
state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}" state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
no_extra_spaces: true no_extra_spaces: true
mode: 0644 mode: "0644"
become: true become: true
when: not skip_http_proxy_on_os_packages when: not skip_http_proxy_on_os_packages

16
roles/container-engine/containerd/tasks/main.yml
View File

@ -35,7 +35,7 @@
unarchive: unarchive:
src: "{{ downloads.containerd.dest }}" src: "{{ downloads.containerd.dest }}"
dest: "{{ containerd_bin_dir }}" dest: "{{ containerd_bin_dir }}"
mode: 0755 mode: "0755"
remote_src: yes remote_src: yes
extra_opts: extra_opts:
- --strip-components=1 - --strip-components=1
@ -60,7 +60,7 @@
template: template:
src: containerd.service.j2 src: containerd.service.j2
dest: /etc/systemd/system/containerd.service dest: /etc/systemd/system/containerd.service
mode: 0644 mode: "0644"
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:containerd.service'" validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:containerd.service'"
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release) # FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
# Remove once we drop support for systemd < 250 # Remove once we drop support for systemd < 250
@ -70,7 +70,7 @@
file: file:
dest: "{{ item }}" dest: "{{ item }}"
state: directory state: directory
mode: 0755 mode: "0755"
owner: root owner: root
group: root group: root
with_items: with_items:
@ -83,7 +83,7 @@
template: template:
src: http-proxy.conf.j2 src: http-proxy.conf.j2
dest: "{{ containerd_systemd_dir }}/http-proxy.conf" dest: "{{ containerd_systemd_dir }}/http-proxy.conf"
mode: 0644 mode: "0644"
notify: Restart containerd notify: Restart containerd
when: http_proxy is defined or https_proxy is defined when: http_proxy is defined or https_proxy is defined
@ -102,7 +102,7 @@
content: "{{ item.value }}" content: "{{ item.value }}"
dest: "{{ containerd_cfg_dir }}/{{ item.key }}" dest: "{{ containerd_cfg_dir }}/{{ item.key }}"
owner: "root" owner: "root"
mode: 0644 mode: "0644"
with_dict: "{{ containerd_base_runtime_specs | default({}) }}" with_dict: "{{ containerd_base_runtime_specs | default({}) }}"
notify: Restart containerd notify: Restart containerd
@ -111,7 +111,7 @@
src: config.toml.j2 src: config.toml.j2
dest: "{{ containerd_cfg_dir }}/config.toml" dest: "{{ containerd_cfg_dir }}/config.toml"
owner: "root" owner: "root"
mode: 0640 mode: "0640"
notify: Restart containerd notify: Restart containerd
- name: Containerd | Configure containerd registries - name: Containerd | Configure containerd registries
@ -121,13 +121,13 @@
file: file:
path: "{{ containerd_cfg_dir }}/certs.d/{{ item.prefix }}" path: "{{ containerd_cfg_dir }}/certs.d/{{ item.prefix }}"
state: directory state: directory
mode: 0755 mode: "0755"
loop: "{{ containerd_registries_mirrors }}" loop: "{{ containerd_registries_mirrors }}"
- name: Containerd | Write hosts.toml file - name: Containerd | Write hosts.toml file
template: template:
src: hosts.toml.j2 src: hosts.toml.j2
dest: "{{ containerd_cfg_dir }}/certs.d/{{ item.prefix }}/hosts.toml" dest: "{{ containerd_cfg_dir }}/certs.d/{{ item.prefix }}/hosts.toml"
mode: 0640 mode: "0640"
loop: "{{ containerd_registries_mirrors }}" loop: "{{ containerd_registries_mirrors }}"
# you can sometimes end up in a state where everything is installed # you can sometimes end up in a state where everything is installed

6
roles/container-engine/cri-dockerd/molecule/default/prepare.yml
View File

@ -28,7 +28,7 @@
src: "{{ item }}" src: "{{ item }}"
dest: "/tmp/{{ item }}" dest: "/tmp/{{ item }}"
owner: root owner: root
mode: 0644 mode: "0644"
with_items: with_items:
- container.json - container.json
- sandbox.json - sandbox.json
@ -37,12 +37,12 @@
path: /etc/cni/net.d path: /etc/cni/net.d
state: directory state: directory
owner: "{{ kube_owner }}" owner: "{{ kube_owner }}"
mode: 0755 mode: "0755"
- name: Setup CNI - name: Setup CNI
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "/etc/cni/net.d/{{ item }}" dest: "/etc/cni/net.d/{{ item }}"
owner: root owner: root
mode: 0644 mode: "0644"
with_items: with_items:
- 10-mynet.conf - 10-mynet.conf

4
roles/container-engine/cri-dockerd/tasks/main.yml
View File

@ -8,7 +8,7 @@
copy: copy:
src: "{{ local_release_dir }}/cri-dockerd" src: "{{ local_release_dir }}/cri-dockerd"
dest: "{{ bin_dir }}/cri-dockerd" dest: "{{ bin_dir }}/cri-dockerd"
mode: 0755 mode: "0755"
remote_src: true remote_src: true
notify: notify:
- Restart and enable cri-dockerd - Restart and enable cri-dockerd
@ -17,7 +17,7 @@
template: template:
src: "{{ item }}.j2" src: "{{ item }}.j2"
dest: "/etc/systemd/system/{{ item }}" dest: "/etc/systemd/system/{{ item }}"
mode: 0644 mode: "0644"
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:{{ item }}'" validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:{{ item }}'"
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release) # FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
# Remove once we drop support for systemd < 250 # Remove once we drop support for systemd < 250

6
roles/container-engine/cri-o/molecule/default/prepare.yml
View File

@ -33,7 +33,7 @@
src: "{{ item }}" src: "{{ item }}"
dest: "/tmp/{{ item }}" dest: "/tmp/{{ item }}"
owner: root owner: root
mode: 0644 mode: "0644"
with_items: with_items:
- container.json - container.json
- sandbox.json - sandbox.json
@ -42,12 +42,12 @@
path: /etc/cni/net.d path: /etc/cni/net.d
state: directory state: directory
owner: "{{ kube_owner }}" owner: "{{ kube_owner }}"
mode: 0755 mode: "0755"
- name: Setup CNI - name: Setup CNI
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "/etc/cni/net.d/{{ item }}" dest: "/etc/cni/net.d/{{ item }}"
owner: root owner: root
mode: 0644 mode: "0644"
with_items: with_items:
- 10-mynet.conf - 10-mynet.conf

28
roles/container-engine/cri-o/tasks/main.yaml
View File

@ -56,27 +56,27 @@
file: file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
mode: 0755 mode: "0755"
- name: Cri-o | install cri-o config - name: Cri-o | install cri-o config
template: template:
src: crio.conf.j2 src: crio.conf.j2
dest: /etc/crio/crio.conf dest: /etc/crio/crio.conf
mode: 0644 mode: "0644"
register: config_install register: config_install
- name: Cri-o | install config.json - name: Cri-o | install config.json
template: template:
src: config.json.j2 src: config.json.j2
dest: /etc/crio/config.json dest: /etc/crio/config.json
mode: 0644 mode: "0644"
register: reg_auth_install register: reg_auth_install
- name: Cri-o | copy binaries - name: Cri-o | copy binaries
copy: copy:
src: "{{ local_release_dir }}/cri-o/bin/{{ item }}" src: "{{ local_release_dir }}/cri-o/bin/{{ item }}"
dest: "{{ bin_dir }}/{{ item }}" dest: "{{ bin_dir }}/{{ item }}"
mode: 0755 mode: "0755"
remote_src: true remote_src: true
with_items: with_items:
- "{{ crio_bin_files }}" - "{{ crio_bin_files }}"
@ -86,7 +86,7 @@
copy: copy:
src: "{{ local_release_dir }}/cri-o/contrib/crio.service" src: "{{ local_release_dir }}/cri-o/contrib/crio.service"
dest: /etc/systemd/system/crio.service dest: /etc/systemd/system/crio.service
mode: 0755 mode: "0755"
remote_src: true remote_src: true
notify: Restart crio notify: Restart crio
@ -115,7 +115,7 @@
copy: copy:
src: "{{ local_release_dir }}/cri-o/contrib/policy.json" src: "{{ local_release_dir }}/cri-o/contrib/policy.json"
dest: /etc/containers/policy.json dest: /etc/containers/policy.json
mode: 0755 mode: "0755"
remote_src: true remote_src: true
notify: Restart crio notify: Restart crio
@ -123,7 +123,7 @@
copy: copy:
src: mounts.conf src: mounts.conf
dest: /etc/containers/mounts.conf dest: /etc/containers/mounts.conf
mode: 0644 mode: "0644"
when: when:
- ansible_os_family == 'RedHat' - ansible_os_family == 'RedHat'
notify: Restart crio notify: Restart crio
@ -133,7 +133,7 @@
path: /etc/containers/oci/hooks.d path: /etc/containers/oci/hooks.d
state: directory state: directory
owner: root owner: root
mode: 0755 mode: "0755"
- name: Cri-o | set overlay driver - name: Cri-o | set overlay driver
community.general.ini_file: community.general.ini_file:
@ -141,7 +141,7 @@
section: storage section: storage
option: "{{ item.option }}" option: "{{ item.option }}"
value: "{{ item.value }}" value: "{{ item.value }}"
mode: 0644 mode: "0644"
with_items: with_items:
- option: driver - option: driver
value: '"overlay"' value: '"overlay"'
@ -157,20 +157,20 @@
section: storage.options.overlay section: storage.options.overlay
option: mountopt option: mountopt
value: '{{ ''"nodev"'' if ansible_kernel is version_compare(("4.18" if ansible_os_family == "RedHat" else "4.19"), "<") else ''"nodev,metacopy=on"'' }}' value: '{{ ''"nodev"'' if ansible_kernel is version_compare(("4.18" if ansible_os_family == "RedHat" else "4.19"), "<") else ''"nodev,metacopy=on"'' }}'
mode: 0644 mode: "0644"
- name: Cri-o | create directory registries configs - name: Cri-o | create directory registries configs
file: file:
path: /etc/containers/registries.conf.d path: /etc/containers/registries.conf.d
state: directory state: directory
owner: root owner: root
mode: 0755 mode: "0755"
- name: Cri-o | write registries configs - name: Cri-o | write registries configs
template: template:
src: registry.conf.j2 src: registry.conf.j2
dest: "/etc/containers/registries.conf.d/10-{{ item.prefix | default(item.location) | regex_replace(':|/', '_') }}.conf" dest: "/etc/containers/registries.conf.d/10-{{ item.prefix | default(item.location) | regex_replace(':|/', '_') }}.conf"
mode: 0644 mode: "0644"
loop: "{{ crio_registries }}" loop: "{{ crio_registries }}"
notify: Restart crio notify: Restart crio
@ -178,14 +178,14 @@
template: template:
src: unqualified.conf.j2 src: unqualified.conf.j2
dest: "/etc/containers/registries.conf.d/01-unqualified.conf" dest: "/etc/containers/registries.conf.d/01-unqualified.conf"
mode: 0644 mode: "0644"
notify: Restart crio notify: Restart crio
- name: Cri-o | write cri-o proxy drop-in - name: Cri-o | write cri-o proxy drop-in
template: template:
src: http-proxy.conf.j2 src: http-proxy.conf.j2
dest: /etc/systemd/system/crio.service.d/http-proxy.conf dest: /etc/systemd/system/crio.service.d/http-proxy.conf
mode: 0644 mode: "0644"
notify: Restart crio notify: Restart crio
when: http_proxy is defined or https_proxy is defined when: http_proxy is defined or https_proxy is defined

2
roles/container-engine/cri-o/tasks/setup-amazon.yaml
View File

@ -20,7 +20,7 @@
option: enabled option: enabled
value: "0" value: "0"
backup: yes backup: yes
mode: 0644 mode: "0644"
when: when:
- amzn2_extras_file_stat.stat.exists - amzn2_extras_file_stat.stat.exists
- not amzn2_extras_docker_repo.changed - not amzn2_extras_docker_repo.changed

2
roles/container-engine/crictl/handlers/main.yml
View File

@ -9,4 +9,4 @@
copy: copy:
dest: /etc/bash_completion.d/crictl dest: /etc/bash_completion.d/crictl
content: "{{ cri_completion.stdout }}" content: "{{ cri_completion.stdout }}"
mode: 0644 mode: "0644"

4
roles/container-engine/crictl/tasks/crictl.yml
View File

@ -9,13 +9,13 @@
src: crictl.yaml.j2 src: crictl.yaml.j2
dest: /etc/crictl.yaml dest: /etc/crictl.yaml
owner: root owner: root
mode: 0644 mode: "0644"
- name: Copy crictl binary from download dir - name: Copy crictl binary from download dir
copy: copy:
src: "{{ local_release_dir }}/crictl" src: "{{ local_release_dir }}/crictl"
dest: "{{ bin_dir }}/crictl" dest: "{{ bin_dir }}/crictl"
mode: 0755 mode: "0755"
remote_src: true remote_src: true
notify: notify:
- Get crictl completion - Get crictl completion

2
roles/container-engine/crun/tasks/main.yml
View File

@ -8,5 +8,5 @@
copy: copy:
src: "{{ downloads.crun.dest }}" src: "{{ downloads.crun.dest }}"
dest: "{{ bin_dir }}/crun" dest: "{{ bin_dir }}/crun"
mode: 0755 mode: "0755"
remote_src: true remote_src: true

6
roles/container-engine/docker-storage/tasks/main.yml
View File

@ -10,12 +10,12 @@
template: template:
src: docker-storage-setup.j2 src: docker-storage-setup.j2
dest: /etc/sysconfig/docker-storage-setup dest: /etc/sysconfig/docker-storage-setup
mode: 0644 mode: "0644"
- name: Docker-storage-override-directory | docker service storage-setup override dir - name: Docker-storage-override-directory | docker service storage-setup override dir
file: file:
dest: /etc/systemd/system/docker.service.d dest: /etc/systemd/system/docker.service.d
mode: 0755 mode: "0755"
owner: root owner: root
group: root group: root
state: directory state: directory
@ -30,7 +30,7 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: "0644"
# https://docs.docker.com/engine/installation/linux/docker-ce/centos/#install-using-the-repository # https://docs.docker.com/engine/installation/linux/docker-ce/centos/#install-using-the-repository
- name: Docker-storage-setup | install lvm2 - name: Docker-storage-setup | install lvm2

4
roles/container-engine/docker/tasks/main.yml
View File

@ -82,14 +82,14 @@
template: template:
src: "fedora_docker.repo.j2" src: "fedora_docker.repo.j2"
dest: "{{ yum_repo_dir }}/docker.repo" dest: "{{ yum_repo_dir }}/docker.repo"
mode: 0644 mode: "0644"
when: ansible_distribution == "Fedora" and not is_ostree when: ansible_distribution == "Fedora" and not is_ostree
- name: Configure docker repository on RedHat/CentOS/OracleLinux/AlmaLinux/KylinLinux - name: Configure docker repository on RedHat/CentOS/OracleLinux/AlmaLinux/KylinLinux
template: template:
src: "rh_docker.repo.j2" src: "rh_docker.repo.j2"
dest: "{{ yum_repo_dir }}/docker-ce.repo" dest: "{{ yum_repo_dir }}/docker-ce.repo"
mode: 0644 mode: "0644"
when: when:
- ansible_os_family == "RedHat" - ansible_os_family == "RedHat"
- ansible_distribution != "Fedora" - ansible_distribution != "Fedora"

14
roles/container-engine/docker/tasks/systemd.yml
View File

@ -3,13 +3,13 @@
file: file:
path: /etc/systemd/system/docker.service.d path: /etc/systemd/system/docker.service.d
state: directory state: directory
mode: 0755 mode: "0755"
- name: Write docker proxy drop-in - name: Write docker proxy drop-in
template: template:
src: http-proxy.conf.j2 src: http-proxy.conf.j2
dest: /etc/systemd/system/docker.service.d/http-proxy.conf dest: /etc/systemd/system/docker.service.d/http-proxy.conf
mode: 0644 mode: "0644"
notify: Restart docker notify: Restart docker
when: http_proxy is defined or https_proxy is defined when: http_proxy is defined or https_proxy is defined
@ -27,7 +27,7 @@
template: template:
src: docker.service.j2 src: docker.service.j2
dest: /etc/systemd/system/docker.service dest: /etc/systemd/system/docker.service
mode: 0644 mode: "0644"
register: docker_service_file register: docker_service_file
notify: Restart docker notify: Restart docker
when: when:
@ -38,14 +38,14 @@
template: template:
src: docker-options.conf.j2 src: docker-options.conf.j2
dest: "/etc/systemd/system/docker.service.d/docker-options.conf" dest: "/etc/systemd/system/docker.service.d/docker-options.conf"
mode: 0644 mode: "0644"
notify: Restart docker notify: Restart docker
- name: Write docker dns systemd drop-in - name: Write docker dns systemd drop-in
template: template:
src: docker-dns.conf.j2 src: docker-dns.conf.j2
dest: "/etc/systemd/system/docker.service.d/docker-dns.conf" dest: "/etc/systemd/system/docker.service.d/docker-dns.conf"
mode: 0644 mode: "0644"
notify: Restart docker notify: Restart docker
when: dns_mode != 'none' and resolvconf_mode == 'docker_dns' when: dns_mode != 'none' and resolvconf_mode == 'docker_dns'
@ -53,14 +53,14 @@
copy: copy:
src: cleanup-docker-orphans.sh src: cleanup-docker-orphans.sh
dest: "{{ bin_dir }}/cleanup-docker-orphans.sh" dest: "{{ bin_dir }}/cleanup-docker-orphans.sh"
mode: 0755 mode: "0755"
when: docker_orphan_clean_up | bool when: docker_orphan_clean_up | bool
- name: Write docker orphan clean up systemd drop-in - name: Write docker orphan clean up systemd drop-in
template: template:
src: docker-orphan-cleanup.conf.j2 src: docker-orphan-cleanup.conf.j2
dest: "/etc/systemd/system/docker.service.d/docker-orphan-cleanup.conf" dest: "/etc/systemd/system/docker.service.d/docker-orphan-cleanup.conf"
mode: 0644 mode: "0644"
notify: Restart docker notify: Restart docker
when: docker_orphan_clean_up | bool when: docker_orphan_clean_up | bool

6
roles/container-engine/gvisor/molecule/default/prepare.yml
View File

@ -29,7 +29,7 @@
src: "{{ item }}" src: "{{ item }}"
dest: "/tmp/{{ item }}" dest: "/tmp/{{ item }}"
owner: root owner: root
mode: 0644 mode: "0644"
with_items: with_items:
- container.json - container.json
- sandbox.json - sandbox.json
@ -38,12 +38,12 @@
path: /etc/cni/net.d path: /etc/cni/net.d
state: directory state: directory
owner: root owner: root
mode: 0755 mode: "0755"
- name: Setup CNI - name: Setup CNI
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "/etc/cni/net.d/{{ item }}" dest: "/etc/cni/net.d/{{ item }}"
owner: root owner: root
mode: 0644 mode: "0644"
with_items: with_items:
- 10-mynet.conf - 10-mynet.conf

2
roles/container-engine/gvisor/tasks/main.yml
View File

@ -13,7 +13,7 @@
copy: copy:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ bin_dir }}/{{ item.dest }}" dest: "{{ bin_dir }}/{{ item.dest }}"
mode: 0755 mode: "0755"
remote_src: yes remote_src: yes
with_items: with_items:
- { src: "{{ downloads.gvisor_runsc.dest }}", dest: "runsc" } - { src: "{{ downloads.gvisor_runsc.dest }}", dest: "runsc" }

6
roles/container-engine/kata-containers/molecule/default/prepare.yml
View File

@ -29,7 +29,7 @@
src: "{{ item }}" src: "{{ item }}"
dest: "/tmp/{{ item }}" dest: "/tmp/{{ item }}"
owner: root owner: root
mode: 0644 mode: "0644"
with_items: with_items:
- container.json - container.json
- sandbox.json - sandbox.json
@ -38,12 +38,12 @@
path: /etc/cni/net.d path: /etc/cni/net.d
state: directory state: directory
owner: "{{ kube_owner }}" owner: "{{ kube_owner }}"
mode: 0755 mode: "0755"
- name: Setup CNI - name: Setup CNI
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "/etc/cni/net.d/{{ item }}" dest: "/etc/cni/net.d/{{ item }}"
owner: root owner: root
mode: 0644 mode: "0644"
with_items: with_items:
- 10-mynet.conf - 10-mynet.conf

10
roles/container-engine/kata-containers/tasks/main.yml
View File

@ -8,7 +8,7 @@
unarchive: unarchive:
src: "{{ downloads.kata_containers.dest }}" src: "{{ downloads.kata_containers.dest }}"
dest: "/" dest: "/"
mode: 0755 mode: "0755"
owner: root owner: root
group: root group: root
remote_src: yes remote_src: yes
@ -17,13 +17,13 @@
file: file:
path: "{{ kata_containers_config_dir }}" path: "{{ kata_containers_config_dir }}"
state: directory state: directory
mode: 0755 mode: "0755"
- name: Kata-containers | Set configuration - name: Kata-containers | Set configuration
template: template:
src: "{{ item }}.j2" src: "{{ item }}.j2"
dest: "{{ kata_containers_config_dir }}/{{ item }}" dest: "{{ kata_containers_config_dir }}/{{ item }}"
mode: 0644 mode: "0644"
with_items: with_items:
- configuration-qemu.toml - configuration-qemu.toml
@ -33,7 +33,7 @@
template: template:
dest: "{{ kata_containers_containerd_bin_dir }}/containerd-shim-kata-{{ item }}-v2" dest: "{{ kata_containers_containerd_bin_dir }}/containerd-shim-kata-{{ item }}-v2"
src: containerd-shim-kata-v2.j2 src: containerd-shim-kata-v2.j2
mode: 0755 mode: "0755"
with_items: with_items:
- qemu - qemu
@ -48,7 +48,7 @@
- name: Kata-containers | Persist vhost kernel modules - name: Kata-containers | Persist vhost kernel modules
copy: copy:
dest: /etc/modules-load.d/kubespray-kata-containers.conf dest: /etc/modules-load.d/kubespray-kata-containers.conf
mode: 0644 mode: "0644"
content: | content: |
vhost_vsock vhost_vsock
vhost_net vhost_net

2
roles/container-engine/nerdctl/handlers/main.yml
View File

@ -9,4 +9,4 @@
copy: copy:
dest: /etc/bash_completion.d/nerdctl dest: /etc/bash_completion.d/nerdctl
content: "{{ nerdctl_completion.stdout }}" content: "{{ nerdctl_completion.stdout }}"
mode: 0644 mode: "0644"

6
roles/container-engine/nerdctl/tasks/main.yml
View File

@ -8,7 +8,7 @@
copy: copy:
src: "{{ local_release_dir }}/nerdctl" src: "{{ local_release_dir }}/nerdctl"
dest: "{{ bin_dir }}/nerdctl" dest: "{{ bin_dir }}/nerdctl"
mode: 0755 mode: "0755"
remote_src: true remote_src: true
owner: root owner: root
group: root group: root
@ -21,7 +21,7 @@
file: file:
path: /etc/nerdctl path: /etc/nerdctl
state: directory state: directory
mode: 0755 mode: "0755"
owner: root owner: root
group: root group: root
become: true become: true
@ -30,7 +30,7 @@
template: template:
src: nerdctl.toml.j2 src: nerdctl.toml.j2
dest: /etc/nerdctl/nerdctl.toml dest: /etc/nerdctl/nerdctl.toml
mode: 0644 mode: "0644"
owner: root owner: root
group: root group: root
become: true become: true

2
roles/container-engine/runc/tasks/main.yml
View File

@ -27,7 +27,7 @@
copy: copy:
src: "{{ downloads.runc.dest }}" src: "{{ downloads.runc.dest }}"
dest: "{{ runc_bin_dir }}/runc" dest: "{{ runc_bin_dir }}/runc"
mode: 0755 mode: "0755"
remote_src: true remote_src: true
- name: Runc | Remove orphaned binary - name: Runc | Remove orphaned binary

2
roles/container-engine/skopeo/tasks/main.yml
View File

@ -28,5 +28,5 @@
copy: copy:
src: "{{ downloads.skopeo.dest }}" src: "{{ downloads.skopeo.dest }}"
dest: "{{ bin_dir }}/skopeo" dest: "{{ bin_dir }}/skopeo"
mode: 0755 mode: "0755"
remote_src: true remote_src: true

6
roles/container-engine/youki/molecule/default/prepare.yml
View File

@ -29,7 +29,7 @@
src: "{{ item }}" src: "{{ item }}"
dest: "/tmp/{{ item }}" dest: "/tmp/{{ item }}"
owner: root owner: root
mode: 0644 mode: "0644"
with_items: with_items:
- container.json - container.json
- sandbox.json - sandbox.json
@ -38,12 +38,12 @@
path: /etc/cni/net.d path: /etc/cni/net.d
state: directory state: directory
owner: root owner: root
mode: 0755 mode: "0755"
- name: Setup CNI - name: Setup CNI
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "/etc/cni/net.d/{{ item }}" dest: "/etc/cni/net.d/{{ item }}"
owner: root owner: root
mode: 0644 mode: "0644"
with_items: with_items:
- 10-mynet.conf - 10-mynet.conf

2
roles/container-engine/youki/tasks/main.yml
View File

@ -8,5 +8,5 @@
copy: copy:
src: "{{ local_release_dir }}/youki_{{ youki_version | regex_replace('\\.', '_') }}_linux/youki-{{ youki_version }}/youki" src: "{{ local_release_dir }}/youki_{{ youki_version | regex_replace('\\.', '_') }}_linux/youki-{{ youki_version }}/youki"
dest: "{{ youki_bin_dir }}/youki" dest: "{{ youki_bin_dir }}/youki"
mode: 0755 mode: "0755"
remote_src: true remote_src: true

2
roles/download/tasks/download_file.yml
View File

@ -22,7 +22,7 @@
file: file:
path: "{{ download.dest | dirname }}" path: "{{ download.dest | dirname }}"
owner: "{{ download.owner | default(omit) }}" owner: "{{ download.owner | default(omit) }}"
mode: 0755 mode: "0755"
state: directory state: directory
recurse: yes recurse: yes

4
roles/download/tasks/prep_download.yml
View File

@ -69,7 +69,7 @@
file: file:
path: "{{ local_release_dir }}/images" path: "{{ local_release_dir }}/images"
state: directory state: directory
mode: 0755 mode: "0755"
owner: "{{ ansible_ssh_user | default(ansible_user_id) }}" owner: "{{ ansible_ssh_user | default(ansible_user_id) }}"
when: when:
- ansible_os_family not in ["Flatcar", "Flatcar Container Linux by Kinvolk"] - ansible_os_family not in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
@ -78,7 +78,7 @@
file: file:
path: "{{ download_cache_dir }}/images" path: "{{ download_cache_dir }}/images"
state: directory state: directory
mode: 0755 mode: "0755"
delegate_to: localhost delegate_to: localhost
connection: local connection: local
delegate_facts: no delegate_facts: no

4
roles/download/tasks/prep_kubeadm_images.yml
View File

@ -18,7 +18,7 @@
template: template:
src: "kubeadm-images.yaml.j2" src: "kubeadm-images.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-images.yaml" dest: "{{ kube_config_dir }}/kubeadm-images.yaml"
mode: 0644 mode: "0644"
when: when:
- not skip_kubeadm_images | default(false) - not skip_kubeadm_images | default(false)
@ -26,7 +26,7 @@
copy: copy:
src: "{{ downloads.kubeadm.dest }}" src: "{{ downloads.kubeadm.dest }}"
dest: "{{ bin_dir }}/kubeadm" dest: "{{ bin_dir }}/kubeadm"
mode: 0755 mode: "0755"
remote_src: true remote_src: true
- name: Prep_kubeadm_images | Set kubeadm binary permissions - name: Prep_kubeadm_images | Set kubeadm binary permissions

2
roles/etcd/handlers/backup.yml
View File

@ -16,7 +16,7 @@
state: directory state: directory
owner: root owner: root
group: root group: root
mode: 0600 mode: "0600"
listen: Restart etcd listen: Restart etcd
when: etcd_cluster_is_healthy.rc == 0 when: etcd_cluster_is_healthy.rc == 0

4
roles/etcd/tasks/configure.yml
View File

@ -50,7 +50,7 @@
src: "etcd-{{ etcd_deployment_type }}.service.j2" src: "etcd-{{ etcd_deployment_type }}.service.j2"
dest: /etc/systemd/system/etcd.service dest: /etc/systemd/system/etcd.service
backup: yes backup: yes
mode: 0644 mode: "0644"
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release) # FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
# Remove once we drop support for systemd < 250 # Remove once we drop support for systemd < 250
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:etcd-{{ etcd_deployment_type }}.service'" validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:etcd-{{ etcd_deployment_type }}.service'"
@ -61,7 +61,7 @@
src: "etcd-events-{{ etcd_deployment_type }}.service.j2" src: "etcd-events-{{ etcd_deployment_type }}.service.j2"
dest: /etc/systemd/system/etcd-events.service dest: /etc/systemd/system/etcd-events.service
backup: yes backup: yes
mode: 0644 mode: "0644"
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:etcd-events-{{ etcd_deployment_type }}.service'" validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:etcd-events-{{ etcd_deployment_type }}.service'"
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release) # FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
# Remove once we drop support for systemd < 250 # Remove once we drop support for systemd < 250

10
roles/etcd/tasks/gen_certs_script.yml
View File

@ -13,7 +13,7 @@
path: "{{ etcd_script_dir }}" path: "{{ etcd_script_dir }}"
state: directory state: directory
owner: root owner: root
mode: 0700 mode: "0700"
run_once: yes run_once: yes
when: inventory_hostname == groups['etcd'][0] when: inventory_hostname == groups['etcd'][0]
@ -21,7 +21,7 @@
template: template:
src: "openssl.conf.j2" src: "openssl.conf.j2"
dest: "{{ etcd_config_dir }}/openssl.conf" dest: "{{ etcd_config_dir }}/openssl.conf"
mode: 0640 mode: "0640"
run_once: yes run_once: yes
delegate_to: "{{ groups['etcd'][0] }}" delegate_to: "{{ groups['etcd'][0] }}"
when: when:
@ -32,7 +32,7 @@
template: template:
src: "make-ssl-etcd.sh.j2" src: "make-ssl-etcd.sh.j2"
dest: "{{ etcd_script_dir }}/make-ssl-etcd.sh" dest: "{{ etcd_script_dir }}/make-ssl-etcd.sh"
mode: 0700 mode: "0700"
run_once: yes run_once: yes
when: when:
- gen_certs | default(false) - gen_certs | default(false)
@ -90,7 +90,7 @@
content: "{{ item.content | b64decode }}" content: "{{ item.content | b64decode }}"
group: "{{ etcd_cert_group }}" group: "{{ etcd_cert_group }}"
owner: "{{ etcd_owner }}" owner: "{{ etcd_owner }}"
mode: 0640 mode: "0640"
with_items: "{{ etcd_master_certs.results }}" with_items: "{{ etcd_master_certs.results }}"
when: when:
- inventory_hostname in groups['etcd'] - inventory_hostname in groups['etcd']
@ -122,7 +122,7 @@
content: "{{ item.content | b64decode }}" content: "{{ item.content | b64decode }}"
group: "{{ etcd_cert_group }}" group: "{{ etcd_cert_group }}"
owner: "{{ etcd_owner }}" owner: "{{ etcd_owner }}"
mode: 0640 mode: "0640"
with_items: "{{ etcd_master_node_certs.results }}" with_items: "{{ etcd_master_node_certs.results }}"
when: when:
- inventory_hostname in groups['etcd'] - inventory_hostname in groups['etcd']

4
roles/etcd/tasks/install_docker.yml
View File

@ -28,7 +28,7 @@
src: etcd.j2 src: etcd.j2
dest: "{{ bin_dir }}/etcd" dest: "{{ bin_dir }}/etcd"
owner: 'root' owner: 'root'
mode: 0750 mode: "0750"
backup: yes backup: yes
when: etcd_cluster_setup when: etcd_cluster_setup
@ -37,6 +37,6 @@
src: etcd-events.j2 src: etcd-events.j2
dest: "{{ bin_dir }}/etcd-events" dest: "{{ bin_dir }}/etcd-events"
owner: 'root' owner: 'root'
mode: 0750 mode: "0750"
backup: yes backup: yes
when: etcd_events_cluster_setup when: etcd_events_cluster_setup

2
roles/etcd/tasks/install_host.yml
View File

@ -24,7 +24,7 @@
copy: copy:
src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}" src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}"
dest: "{{ bin_dir }}/{{ item }}" dest: "{{ bin_dir }}/{{ item }}"
mode: 0755 mode: "0755"
remote_src: yes remote_src: yes
with_items: with_items:
- etcd - etcd

4
roles/etcd/tasks/refresh_config.yml
View File

@ -3,7 +3,7 @@
template: template:
src: etcd.env.j2 src: etcd.env.j2
dest: /etc/etcd.env dest: /etc/etcd.env
mode: 0640 mode: "0640"
notify: Restart etcd notify: Restart etcd
when: is_etcd_master and etcd_cluster_setup when: is_etcd_master and etcd_cluster_setup
@ -11,6 +11,6 @@
template: template:
src: etcd-events.env.j2 src: etcd-events.env.j2
dest: /etc/etcd-events.env dest: /etc/etcd-events.env
mode: 0640 mode: "0640"
notify: Restart etcd-events notify: Restart etcd-events
when: is_etcd_master and etcd_events_cluster_setup when: is_etcd_master and etcd_events_cluster_setup

2
roles/etcd/tasks/upd_ca_trust.yml
View File

@ -21,7 +21,7 @@
src: "{{ etcd_cert_dir }}/ca.pem" src: "{{ etcd_cert_dir }}/ca.pem"
dest: "{{ ca_cert_path }}" dest: "{{ ca_cert_path }}"
remote_src: true remote_src: true
mode: 0640 mode: "0640"
register: etcd_ca_cert register: etcd_ca_cert
- name: Gen_certs | update ca-certificates (Debian/Ubuntu/SUSE/Flatcar) # noqa no-handler - name: Gen_certs | update ca-certificates (Debian/Ubuntu/SUSE/Flatcar) # noqa no-handler

4
roles/etcdctl_etcdutl/tasks/main.yml
View File

@ -31,7 +31,7 @@
copy: copy:
src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}" src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}"
dest: "{{ bin_dir }}/{{ item }}" dest: "{{ bin_dir }}/{{ item }}"
mode: 0755 mode: "0755"
remote_src: yes remote_src: yes
with_items: with_items:
- etcdctl - etcdctl
@ -42,4 +42,4 @@
template: template:
src: etcdctl.sh.j2 src: etcdctl.sh.j2
dest: "{{ bin_dir }}/etcdctl.sh" dest: "{{ bin_dir }}/etcdctl.sh"
mode: 0755 mode: "0755"

4
roles/kubernetes-apps/ansible/tasks/coredns.yml
View File

@ -3,7 +3,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
mode: 0644 mode: "0644"
loop: loop:
- { name: coredns, file: coredns-clusterrole.yml, type: clusterrole } - { name: coredns, file: coredns-clusterrole.yml, type: clusterrole }
- { name: coredns, file: coredns-clusterrolebinding.yml, type: clusterrolebinding } - { name: coredns, file: coredns-clusterrolebinding.yml, type: clusterrolebinding }
@ -31,7 +31,7 @@
template: template:
src: "{{ item.src }}.j2" src: "{{ item.src }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: with_items:
- { name: coredns, src: coredns-deployment.yml, file: coredns-deployment-secondary.yml, type: deployment } - { name: coredns, src: coredns-deployment.yml, file: coredns-deployment-secondary.yml, type: deployment }
- { name: coredns, src: coredns-svc.yml, file: coredns-svc-secondary.yml, type: svc } - { name: coredns, src: coredns-svc.yml, file: coredns-svc-secondary.yml, type: svc }

2
roles/kubernetes-apps/ansible/tasks/dashboard.yml
View File

@ -3,7 +3,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: with_items:
- { file: dashboard.yml, type: deploy, name: kubernetes-dashboard } - { file: dashboard.yml, type: deploy, name: kubernetes-dashboard }
register: manifests register: manifests

2
roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml
View File

@ -3,7 +3,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: with_items:
- { file: etcd_metrics-endpoints.yml, type: endpoints, name: etcd-metrics } - { file: etcd_metrics-endpoints.yml, type: endpoints, name: etcd-metrics }
- { file: etcd_metrics-service.yml, type: service, name: etcd-metrics } - { file: etcd_metrics-service.yml, type: service, name: etcd-metrics }

2
roles/kubernetes-apps/ansible/tasks/netchecker.yml
View File

@ -29,7 +29,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: "{{ netchecker_templates }}" with_items: "{{ netchecker_templates }}"
register: manifests register: manifests
when: when:

4
roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
View File

@ -20,7 +20,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: with_items:
- { name: nodelocaldns, file: nodelocaldns-config.yml, type: configmap } - { name: nodelocaldns, file: nodelocaldns-config.yml, type: configmap }
- { name: nodelocaldns, file: nodelocaldns-sa.yml, type: sa } - { name: nodelocaldns, file: nodelocaldns-sa.yml, type: sa }
@ -51,7 +51,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: with_items:
- { name: nodelocaldns, file: nodelocaldns-second-daemonset.yml, type: daemonset } - { name: nodelocaldns, file: nodelocaldns-second-daemonset.yml, type: daemonset }
register: nodelocaldns_second_manifests register: nodelocaldns_second_manifests

4
roles/kubernetes-apps/argocd/tasks/main.yml
View File

@ -36,7 +36,7 @@
url: "{{ item.url }}" url: "{{ item.url }}"
unarchive: false unarchive: false
owner: "root" owner: "root"
mode: 0644 mode: "0644"
sha256: "" sha256: ""
download: "{{ download_defaults | combine(download_argocd) }}" download: "{{ download_defaults | combine(download_argocd) }}"
with_items: "{{ argocd_templates | selectattr('url', 'defined') | list }}" with_items: "{{ argocd_templates | selectattr('url', 'defined') | list }}"
@ -73,7 +73,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: "{{ argocd_templates | selectattr('url', 'undefined') | list }}" with_items: "{{ argocd_templates | selectattr('url', 'undefined') | list }}"
loop_control: loop_control:
label: "{{ item.file }}" label: "{{ item.file }}"

4
roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml
View File

@ -7,7 +7,7 @@
template: template:
src: controller-manager-config.yml.j2 src: controller-manager-config.yml.j2
dest: "{{ kube_config_dir }}/controller-manager-config.yml" dest: "{{ kube_config_dir }}/controller-manager-config.yml"
mode: 0644 mode: "0644"
when: inventory_hostname == groups['kube_control_plane'][0] when: inventory_hostname == groups['kube_control_plane'][0]
- name: "OCI Cloud Controller | Slurp Configuration" - name: "OCI Cloud Controller | Slurp Configuration"
@ -24,7 +24,7 @@
template: template:
src: oci-cloud-provider.yml.j2 src: oci-cloud-provider.yml.j2
dest: "{{ kube_config_dir }}/oci-cloud-provider.yml" dest: "{{ kube_config_dir }}/oci-cloud-provider.yml"
mode: 0644 mode: "0644"
when: inventory_hostname == groups['kube_control_plane'][0] when: inventory_hostname == groups['kube_control_plane'][0]
- name: "OCI Cloud Controller | Apply Manifests" - name: "OCI Cloud Controller | Apply Manifests"

4
roles/kubernetes-apps/cluster_roles/tasks/main.yml
View File

@ -15,7 +15,7 @@
template: template:
src: "node-crb.yml.j2" src: "node-crb.yml.j2"
dest: "{{ kube_config_dir }}/node-crb.yml" dest: "{{ kube_config_dir }}/node-crb.yml"
mode: 0640 mode: "0640"
register: node_crb_manifest register: node_crb_manifest
when: when:
- rbac_enabled - rbac_enabled
@ -70,7 +70,7 @@
copy: copy:
src: k8s-cluster-critical-pc.yml src: k8s-cluster-critical-pc.yml
dest: "{{ kube_config_dir }}/k8s-cluster-critical-pc.yml" dest: "{{ kube_config_dir }}/k8s-cluster-critical-pc.yml"
mode: 0640 mode: "0640"
when: inventory_hostname == groups['kube_control_plane'] | last when: inventory_hostname == groups['kube_control_plane'] | last
- name: PriorityClass | Create k8s-cluster-critical - name: PriorityClass | Create k8s-cluster-critical

2
roles/kubernetes-apps/cluster_roles/tasks/oci.yml
View File

@ -3,7 +3,7 @@
copy: copy:
src: "oci-rbac.yml" src: "oci-rbac.yml"
dest: "{{ kube_config_dir }}/oci-rbac.yml" dest: "{{ kube_config_dir }}/oci-rbac.yml"
mode: 0640 mode: "0640"
when: when:
- cloud_provider is defined - cloud_provider is defined
- cloud_provider == 'oci' - cloud_provider == 'oci'

4
roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml
View File

@ -26,14 +26,14 @@
path: "{{ kube_config_dir }}/addons/container_engine_accelerator" path: "{{ kube_config_dir }}/addons/container_engine_accelerator"
owner: root owner: root
group: root group: root
mode: 0755 mode: "0755"
recurse: true recurse: true
- name: Container Engine Acceleration Nvidia GPU | Create manifests for nvidia accelerators - name: Container Engine Acceleration Nvidia GPU | Create manifests for nvidia accelerators
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/container_engine_accelerator/{{ item.file }}" dest: "{{ kube_config_dir }}/addons/container_engine_accelerator/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: with_items:
- { name: nvidia-driver-install-daemonset, file: nvidia-driver-install-daemonset.yml, type: daemonset } - { name: nvidia-driver-install-daemonset, file: nvidia-driver-install-daemonset.yml, type: daemonset }
- { name: k8s-device-plugin-nvidia-daemonset, file: k8s-device-plugin-nvidia-daemonset.yml, type: daemonset } - { name: k8s-device-plugin-nvidia-daemonset, file: k8s-device-plugin-nvidia-daemonset.yml, type: daemonset }

4
roles/kubernetes-apps/container_runtimes/gvisor/tasks/main.yaml
View File

@ -4,7 +4,7 @@
path: "{{ kube_config_dir }}/addons/gvisor" path: "{{ kube_config_dir }}/addons/gvisor"
owner: root owner: root
group: root group: root
mode: 0755 mode: "0755"
recurse: true recurse: true
- name: GVisor | Templates List - name: GVisor | Templates List
@ -16,7 +16,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/gvisor/{{ item.file }}" dest: "{{ kube_config_dir }}/addons/gvisor/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: "{{ gvisor_templates }}" with_items: "{{ gvisor_templates }}"
register: gvisor_manifests register: gvisor_manifests
when: when:

4
roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml
View File

@ -5,7 +5,7 @@
path: "{{ kube_config_dir }}/addons/kata_containers" path: "{{ kube_config_dir }}/addons/kata_containers"
owner: root owner: root
group: root group: root
mode: 0755 mode: "0755"
recurse: true recurse: true
- name: Kata Containers | Templates list - name: Kata Containers | Templates list
@ -17,7 +17,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/kata_containers/{{ item.file }}" dest: "{{ kube_config_dir }}/addons/kata_containers/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: "{{ kata_containers_templates }}" with_items: "{{ kata_containers_templates }}"
register: kata_containers_manifests register: kata_containers_manifests
when: when:

2
roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml
View File

@ -3,7 +3,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: with_items:
- {name: aws-ebs-csi-driver, file: aws-ebs-csi-driver.yml} - {name: aws-ebs-csi-driver, file: aws-ebs-csi-driver.yml}
- {name: aws-ebs-csi-controllerservice, file: aws-ebs-csi-controllerservice-rbac.yml} - {name: aws-ebs-csi-controllerservice, file: aws-ebs-csi-controllerservice-rbac.yml}

4
roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml
View File

@ -7,7 +7,7 @@
src: "azure-csi-cloud-config.j2" src: "azure-csi-cloud-config.j2"
dest: "{{ kube_config_dir }}/azure_csi_cloud_config" dest: "{{ kube_config_dir }}/azure_csi_cloud_config"
group: "{{ kube_cert_group }}" group: "{{ kube_cert_group }}"
mode: 0640 mode: "0640"
when: inventory_hostname == groups['kube_control_plane'][0] when: inventory_hostname == groups['kube_control_plane'][0]
- name: Azure CSI Driver | Get base64 cloud-config - name: Azure CSI Driver | Get base64 cloud-config
@ -20,7 +20,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: with_items:
- {name: azure-csi-azuredisk-driver, file: azure-csi-azuredisk-driver.yml} - {name: azure-csi-azuredisk-driver, file: azure-csi-azuredisk-driver.yml}
- {name: azure-csi-cloud-config-secret, file: azure-csi-cloud-config-secret.yml} - {name: azure-csi-cloud-config-secret, file: azure-csi-cloud-config-secret.yml}

2
roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml
View File

@ -7,5 +7,5 @@
src: "{{ cinder_cacert }}" src: "{{ cinder_cacert }}"
dest: "{{ kube_config_dir }}/cinder-cacert.pem" dest: "{{ kube_config_dir }}/cinder-cacert.pem"
group: "{{ kube_cert_group }}" group: "{{ kube_cert_group }}"
mode: 0640 mode: "0640"
delegate_to: "{{ delegate_host_to_write_cacert }}" delegate_to: "{{ delegate_host_to_write_cacert }}"

4
roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml
View File

@ -18,7 +18,7 @@
src: "cinder-csi-cloud-config.j2" src: "cinder-csi-cloud-config.j2"
dest: "{{ kube_config_dir }}/cinder_cloud_config" dest: "{{ kube_config_dir }}/cinder_cloud_config"
group: "{{ kube_cert_group }}" group: "{{ kube_cert_group }}"
mode: 0640 mode: "0640"
when: inventory_hostname == groups['kube_control_plane'][0] when: inventory_hostname == groups['kube_control_plane'][0]
- name: Cinder CSI Driver | Get base64 cloud-config - name: Cinder CSI Driver | Get base64 cloud-config
@ -31,7 +31,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: with_items:
- {name: cinder-csi-driver, file: cinder-csi-driver.yml} - {name: cinder-csi-driver, file: cinder-csi-driver.yml}
- {name: cinder-csi-cloud-config-secret, file: cinder-csi-cloud-config-secret.yml} - {name: cinder-csi-cloud-config-secret, file: cinder-csi-cloud-config-secret.yml}

2
roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml
View File

@ -3,7 +3,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: with_items:
- {name: volumesnapshotclasses, file: volumesnapshotclasses.yml} - {name: volumesnapshotclasses, file: volumesnapshotclasses.yml}
- {name: volumesnapshotcontents, file: volumesnapshotcontents.yml} - {name: volumesnapshotcontents, file: volumesnapshotcontents.yml}

4
roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml
View File

@ -9,7 +9,7 @@
src: "{{ gcp_pd_csi_sa_cred_file }}" src: "{{ gcp_pd_csi_sa_cred_file }}"
dest: "{{ kube_config_dir }}/cloud-sa.json" dest: "{{ kube_config_dir }}/cloud-sa.json"
group: "{{ kube_cert_group }}" group: "{{ kube_cert_group }}"
mode: 0640 mode: "0640"
when: inventory_hostname == groups['kube_control_plane'][0] when: inventory_hostname == groups['kube_control_plane'][0]
- name: GCP PD CSI Driver | Get base64 cloud-sa.json - name: GCP PD CSI Driver | Get base64 cloud-sa.json
@ -22,7 +22,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: with_items:
- {name: gcp-pd-csi-cred-secret, file: gcp-pd-csi-cred-secret.yml} - {name: gcp-pd-csi-cred-secret, file: gcp-pd-csi-cred-secret.yml}
- {name: gcp-pd-csi-setup, file: gcp-pd-csi-setup.yml} - {name: gcp-pd-csi-setup, file: gcp-pd-csi-setup.yml}

2
roles/kubernetes-apps/csi_driver/upcloud/tasks/main.yml
View File

@ -16,7 +16,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: with_items:
- {name: upcloud-csi-cred-secret, file: upcloud-csi-cred-secret.yml} - {name: upcloud-csi-cred-secret, file: upcloud-csi-cred-secret.yml}
- {name: upcloud-csi-setup, file: upcloud-csi-setup.yml} - {name: upcloud-csi-setup, file: upcloud-csi-setup.yml}

4
roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml
View File

@ -6,7 +6,7 @@
template: template:
src: "{{ item }}.j2" src: "{{ item }}.j2"
dest: "{{ kube_config_dir }}/{{ item }}" dest: "{{ kube_config_dir }}/{{ item }}"
mode: 0640 mode: "0640"
with_items: with_items:
- vsphere-csi-cloud-config - vsphere-csi-cloud-config
when: inventory_hostname == groups['kube_control_plane'][0] when: inventory_hostname == groups['kube_control_plane'][0]
@ -15,7 +15,7 @@
template: template:
src: "{{ item }}.j2" src: "{{ item }}.j2"
dest: "{{ kube_config_dir }}/{{ item }}" dest: "{{ kube_config_dir }}/{{ item }}"
mode: 0644 mode: "0644"
with_items: with_items:
- vsphere-csi-namespace.yml - vsphere-csi-namespace.yml
- vsphere-csi-driver.yml - vsphere-csi-driver.yml

2
roles/kubernetes-apps/external_cloud_controller/hcloud/tasks/main.yml
View File

@ -4,7 +4,7 @@
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
group: "{{ kube_cert_group }}" group: "{{ kube_cert_group }}"
mode: 0640 mode: "0640"
with_items: with_items:
- {name: external-hcloud-cloud-secret, file: external-hcloud-cloud-secret.yml} - {name: external-hcloud-cloud-secret, file: external-hcloud-cloud-secret.yml}
- {name: external-hcloud-cloud-service-account, file: external-hcloud-cloud-service-account.yml} - {name: external-hcloud-cloud-service-account, file: external-hcloud-cloud-service-account.yml}

2
roles/kubernetes-apps/external_cloud_controller/huaweicloud/tasks/main.yml
View File

@ -24,7 +24,7 @@
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
group: "{{ kube_cert_group }}" group: "{{ kube_cert_group }}"
mode: 0640 mode: "0640"
with_items: with_items:
- {name: external-huawei-cloud-config-secret, file: external-huawei-cloud-config-secret.yml} - {name: external-huawei-cloud-config-secret, file: external-huawei-cloud-config-secret.yml}
- {name: external-huawei-cloud-controller-manager-roles, file: external-huawei-cloud-controller-manager-roles.yml} - {name: external-huawei-cloud-controller-manager-roles, file: external-huawei-cloud-controller-manager-roles.yml}

2
roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml
View File

@ -24,7 +24,7 @@
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
group: "{{ kube_cert_group }}" group: "{{ kube_cert_group }}"
mode: 0640 mode: "0640"
with_items: with_items:
- {name: external-openstack-cloud-config-secret, file: external-openstack-cloud-config-secret.yml} - {name: external-openstack-cloud-config-secret, file: external-openstack-cloud-config-secret.yml}
- {name: external-openstack-cloud-controller-manager-roles, file: external-openstack-cloud-controller-manager-roles.yml} - {name: external-openstack-cloud-controller-manager-roles, file: external-openstack-cloud-controller-manager-roles.yml}

4
roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml
View File

@ -6,7 +6,7 @@
template: template:
src: "{{ item }}.j2" src: "{{ item }}.j2"
dest: "{{ kube_config_dir }}/{{ item }}" dest: "{{ kube_config_dir }}/{{ item }}"
mode: 0640 mode: "0640"
with_items: with_items:
- external-vsphere-cpi-cloud-config - external-vsphere-cpi-cloud-config
when: inventory_hostname == groups['kube_control_plane'][0] when: inventory_hostname == groups['kube_control_plane'][0]
@ -15,7 +15,7 @@
template: template:
src: "{{ item }}.j2" src: "{{ item }}.j2"
dest: "{{ kube_config_dir }}/{{ item }}" dest: "{{ kube_config_dir }}/{{ item }}"
mode: 0644 mode: "0644"
with_items: with_items:
- external-vsphere-cpi-cloud-config-secret.yml - external-vsphere-cpi-cloud-config-secret.yml
- external-vsphere-cloud-controller-manager-roles.yml - external-vsphere-cloud-controller-manager-roles.yml

4
roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml
View File

@ -33,7 +33,7 @@
state: directory state: directory
owner: root owner: root
group: root group: root
mode: 0755 mode: "0755"
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]
@ -54,7 +54,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/cephfs_provisioner/{{ item.file }}" dest: "{{ kube_config_dir }}/addons/cephfs_provisioner/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: "{{ cephfs_provisioner_templates }}" with_items: "{{ cephfs_provisioner_templates }}"
register: cephfs_provisioner_manifests register: cephfs_provisioner_manifests
when: inventory_hostname == groups['kube_control_plane'][0] when: inventory_hostname == groups['kube_control_plane'][0]

6
roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml
View File

@ -5,7 +5,7 @@
state: directory state: directory
owner: root owner: root
group: root group: root
mode: 0755 mode: "0755"
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]
@ -13,7 +13,7 @@
file: file:
path: "{{ local_path_provisioner_claim_root }}" path: "{{ local_path_provisioner_claim_root }}"
state: directory state: directory
mode: 0755 mode: "0755"
- name: Local Path Provisioner | Render Template - name: Local Path Provisioner | Render Template
set_fact: set_fact:
@ -30,7 +30,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/local_path_provisioner/{{ item.file }}" dest: "{{ kube_config_dir }}/addons/local_path_provisioner/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: "{{ local_path_provisioner_templates }}" with_items: "{{ local_path_provisioner_templates }}"
register: local_path_provisioner_manifests register: local_path_provisioner_manifests
when: inventory_hostname == groups['kube_control_plane'][0] when: inventory_hostname == groups['kube_control_plane'][0]

4
roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml
View File

@ -12,7 +12,7 @@
state: directory state: directory
owner: root owner: root
group: root group: root
mode: 0755 mode: "0755"
- name: Local Volume Provisioner | Templates list - name: Local Volume Provisioner | Templates list
set_fact: set_fact:
@ -29,7 +29,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/local_volume_provisioner/{{ item.file }}" dest: "{{ kube_config_dir }}/addons/local_volume_provisioner/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: "{{ local_volume_provisioner_templates }}" with_items: "{{ local_volume_provisioner_templates }}"
register: local_volume_provisioner_manifests register: local_volume_provisioner_manifests
when: inventory_hostname == groups['kube_control_plane'][0] when: inventory_hostname == groups['kube_control_plane'][0]

4
roles/kubernetes-apps/external_provisioner/rbd_provisioner/tasks/main.yml
View File

@ -33,7 +33,7 @@
state: directory state: directory
owner: root owner: root
group: root group: root
mode: 0755 mode: "0755"
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]
@ -54,7 +54,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/rbd_provisioner/{{ item.file }}" dest: "{{ kube_config_dir }}/addons/rbd_provisioner/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: "{{ rbd_provisioner_templates }}" with_items: "{{ rbd_provisioner_templates }}"
register: rbd_provisioner_manifests register: rbd_provisioner_manifests
when: inventory_hostname == groups['kube_control_plane'][0] when: inventory_hostname == groups['kube_control_plane'][0]

4
roles/kubernetes-apps/helm/tasks/main.yml
View File

@ -32,7 +32,7 @@
copy: copy:
src: "{{ local_release_dir }}/helm-{{ helm_version }}/linux-{{ image_arch }}/helm" src: "{{ local_release_dir }}/helm-{{ helm_version }}/linux-{{ image_arch }}/helm"
dest: "{{ bin_dir }}/helm" dest: "{{ bin_dir }}/helm"
mode: 0755 mode: "0755"
remote_src: true remote_src: true
- name: Helm | Get helm completion - name: Helm | Get helm completion
@ -45,5 +45,5 @@
copy: copy:
dest: /etc/bash_completion.d/helm.sh dest: /etc/bash_completion.d/helm.sh
content: "{{ helm_completion.stdout }}" content: "{{ helm_completion.stdout }}"
mode: 0755 mode: "0755"
become: True become: True

4
roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml
View File

@ -6,13 +6,13 @@
state: directory state: directory
owner: root owner: root
group: root group: root
mode: 0755 mode: "0755"
- name: ALB Ingress Controller | Create manifests - name: ALB Ingress Controller | Create manifests
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/alb_ingress/{{ item.file }}" dest: "{{ kube_config_dir }}/addons/alb_ingress/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: with_items:
- { name: alb-ingress-clusterrole, file: alb-ingress-clusterrole.yml, type: clusterrole } - { name: alb-ingress-clusterrole, file: alb-ingress-clusterrole.yml, type: clusterrole }
- { name: alb-ingress-clusterrolebinding, file: alb-ingress-clusterrolebinding.yml, type: clusterrolebinding } - { name: alb-ingress-clusterrolebinding, file: alb-ingress-clusterrolebinding.yml, type: clusterrolebinding }

4
roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml
View File

@ -24,7 +24,7 @@
state: directory state: directory
owner: root owner: root
group: root group: root
mode: 0755 mode: "0755"
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]
@ -38,7 +38,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/cert_manager/{{ item.file }}" dest: "{{ kube_config_dir }}/addons/cert_manager/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: "{{ cert_manager_templates }}" with_items: "{{ cert_manager_templates }}"
register: cert_manager_manifests register: cert_manager_manifests
when: when:

4
roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml
View File

@ -6,7 +6,7 @@
state: directory state: directory
owner: root owner: root
group: root group: root
mode: 0755 mode: "0755"
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]
@ -50,7 +50,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/ingress_nginx/{{ item.file }}" dest: "{{ kube_config_dir }}/addons/ingress_nginx/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: "{{ ingress_nginx_templates }}" with_items: "{{ ingress_nginx_templates }}"
register: ingress_nginx_manifests register: ingress_nginx_manifests
when: when:

6
roles/kubernetes-apps/krew/tasks/krew.yml
View File

@ -8,13 +8,13 @@
template: template:
src: krew.j2 src: krew.j2
dest: /etc/bash_completion.d/krew dest: /etc/bash_completion.d/krew
mode: 0644 mode: "0644"
- name: Krew | Copy krew manifest - name: Krew | Copy krew manifest
template: template:
src: krew.yml.j2 src: krew.yml.j2
dest: "{{ local_release_dir }}/krew.yml" dest: "{{ local_release_dir }}/krew.yml"
mode: 0644 mode: "0644"
- name: Krew | Install krew # noqa command-instead-of-shell - name: Krew | Install krew # noqa command-instead-of-shell
shell: "{{ local_release_dir }}/krew-{{ host_os }}_{{ image_arch }} install --archive={{ local_release_dir }}/krew-{{ host_os }}_{{ image_arch }}.tar.gz --manifest={{ local_release_dir }}/krew.yml" shell: "{{ local_release_dir }}/krew-{{ host_os }}_{{ image_arch }} install --archive={{ local_release_dir }}/krew-{{ host_os }}_{{ image_arch }}.tar.gz --manifest={{ local_release_dir }}/krew.yml"
@ -33,6 +33,6 @@
copy: copy:
dest: /etc/bash_completion.d/krew.sh dest: /etc/bash_completion.d/krew.sh
content: "{{ krew_completion.stdout }}" content: "{{ krew_completion.stdout }}"
mode: 0755 mode: "0755"
become: True become: True
when: krew_completion.rc == 0 when: krew_completion.rc == 0

8
roles/kubernetes-apps/metallb/tasks/main.yml
View File

@ -16,7 +16,7 @@
template: template:
src: "metallb.yaml.j2" src: "metallb.yaml.j2"
dest: "{{ kube_config_dir }}/metallb.yaml" dest: "{{ kube_config_dir }}/metallb.yaml"
mode: 0644 mode: "0644"
register: metallb_rendering register: metallb_rendering
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]
@ -47,7 +47,7 @@
ansible.builtin.template: ansible.builtin.template:
src: pools.yaml.j2 src: pools.yaml.j2
dest: "{{ kube_config_dir }}/pools.yaml" dest: "{{ kube_config_dir }}/pools.yaml"
mode: 0644 mode: "0644"
register: pools_rendering register: pools_rendering
- name: MetalLB | Create address pools configuration - name: MetalLB | Create address pools configuration
@ -67,7 +67,7 @@
ansible.builtin.template: ansible.builtin.template:
src: layer2.yaml.j2 src: layer2.yaml.j2
dest: "{{ kube_config_dir }}/layer2.yaml" dest: "{{ kube_config_dir }}/layer2.yaml"
mode: 0644 mode: "0644"
register: layer2_rendering register: layer2_rendering
- name: MetalLB | Create layer2 configuration - name: MetalLB | Create layer2 configuration
@ -87,7 +87,7 @@
ansible.builtin.template: ansible.builtin.template:
src: layer3.yaml.j2 src: layer3.yaml.j2
dest: "{{ kube_config_dir }}/layer3.yaml" dest: "{{ kube_config_dir }}/layer3.yaml"
mode: 0644 mode: "0644"
register: layer3_rendering register: layer3_rendering
- name: MetalLB | Create layer3 configuration - name: MetalLB | Create layer3 configuration

4
roles/kubernetes-apps/metrics_server/tasks/main.yml
View File

@ -19,7 +19,7 @@
state: directory state: directory
owner: root owner: root
group: root group: root
mode: 0755 mode: "0755"
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]
@ -39,7 +39,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/metrics_server/{{ item.file }}" dest: "{{ kube_config_dir }}/addons/metrics_server/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: "{{ metrics_server_templates }}" with_items: "{{ metrics_server_templates }}"
register: metrics_server_manifests register: metrics_server_manifests
when: when:

4
roles/kubernetes-apps/node_feature_discovery/tasks/main.yml
View File

@ -5,7 +5,7 @@
state: directory state: directory
owner: root owner: root
group: root group: root
mode: 0755 mode: "0755"
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]
@ -31,7 +31,7 @@
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/node_feature_discovery/{{ item.file }}" dest: "{{ kube_config_dir }}/addons/node_feature_discovery/{{ item.file }}"
mode: 0644 mode: "0644"
with_items: "{{ node_feature_discovery_templates }}" with_items: "{{ node_feature_discovery_templates }}"
register: node_feature_discovery_manifests register: node_feature_discovery_manifests
when: when:

2
roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml
View File

@ -3,7 +3,7 @@
template: template:
src: "aws-ebs-csi-storage-class.yml.j2" src: "aws-ebs-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/aws-ebs-csi-storage-class.yml" dest: "{{ kube_config_dir }}/aws-ebs-csi-storage-class.yml"
mode: 0644 mode: "0644"
register: manifests register: manifests
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]

2
roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml
View File

@ -3,7 +3,7 @@
template: template:
src: "azure-csi-storage-class.yml.j2" src: "azure-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/azure-csi-storage-class.yml" dest: "{{ kube_config_dir }}/azure-csi-storage-class.yml"
mode: 0644 mode: "0644"
register: manifests register: manifests
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]

2
roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml
View File

@ -3,7 +3,7 @@
template: template:
src: "cinder-csi-storage-class.yml.j2" src: "cinder-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/cinder-csi-storage-class.yml" dest: "{{ kube_config_dir }}/cinder-csi-storage-class.yml"
mode: 0644 mode: "0644"
register: manifests register: manifests
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]

2
roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml
View File

@ -3,7 +3,7 @@
template: template:
src: "gcp-pd-csi-storage-class.yml.j2" src: "gcp-pd-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/gcp-pd-csi-storage-class.yml" dest: "{{ kube_config_dir }}/gcp-pd-csi-storage-class.yml"
mode: 0644 mode: "0644"
register: manifests register: manifests
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]

Some files were not shown because too many files have changed in this diff Show More