From 4c1e0b188de11161c694746eb9e6e1a10d33252e Mon Sep 17 00:00:00 2001 From: Joel Seguillon Date: Mon, 29 Jun 2020 21:39:59 +0200 Subject: [PATCH] Add .editorconfig file (#6307) --- .editorconfig | 15 ++++++++ .gitlab-ci/terraform.yml | 2 +- .gitlab-ci/vagrant.yml | 2 +- Dockerfile | 12 +++---- _config.yml | 2 +- .../glusterfs-kubernetes-endpoint.json.j2 | 2 +- .../templates/glusterfs-kubernetes-pv.yml.j2 | 2 +- .../tasks/bootstrap/start_vault_temp.yml | 10 +++--- .../vault/tasks/bootstrap/sync_secrets.yml | 6 ++-- .../roles/vault/tasks/shared/check_etcd.yml | 4 +-- .../roles/vault/tasks/shared/check_vault.yml | 4 +-- .../roles/vault/tasks/shared/create_role.yml | 20 +++++------ .../roles/vault/tasks/shared/gen_userpass.yml | 8 ++--- .../roles/vault/templates/http-proxy.conf.j2 | 2 +- inventory/sample/group_vars/etcd.yml | 2 +- .../apt_preferences.d/debian_containerd.j2 | 6 ++-- .../containerd/vars/debian.yml | 6 ++-- .../containerd/vars/ubuntu-amd64.yml | 6 ++-- roles/container-engine/docker/vars/debian.yml | 12 +++---- .../docker/vars/ubuntu-amd64.yml | 12 +++---- .../docker/vars/ubuntu-arm64.yml | 12 +++---- roles/etcd/tasks/check_certs.yml | 16 ++++----- roles/etcd/tasks/gen_certs_script.yml | 6 ++-- roles/etcd/tasks/install_etcdctl_docker.yml | 6 ++-- .../controller-manager-config.yml.j2 | 14 ++++---- .../templates/node-webhook-cr.yml.j2 | 2 +- .../csi_driver/cinder/defaults/main.yml | 2 +- .../cinder-csi-controllerplugin-rbac.yml.j2 | 2 +- .../gcp_pd/templates/gcp-pd-csi-setup.yml.j2 | 2 +- .../local_path_provisioner/defaults/main.yml | 2 +- .../templates/local-path-storage-ns.yml.j2 | 2 +- .../templates/local-path-storage-sa.yml.j2 | 2 +- .../templates/alb-ingress-clusterrole.yml.j2 | 2 +- .../templates/alb-ingress-deploy.yml.j2 | 6 ++-- .../templates/crd-certificate.yml.j2 | 2 +- .../templates/kubeadm-config.v1beta2.yaml.j2 | 36 +++++++++---------- .../webhook-token-auth-config.yaml.j2 | 2 +- roles/kubernetes/node-label/tasks/main.yml | 2 +- .../preinstall/tasks/0090-etchosts.yml | 4 +-- .../kubernetes/tokens/tasks/check-tokens.yml | 6 ++-- roles/kubespray-defaults/defaults/main.yaml | 8 ++--- roles/network_plugin/calico/tasks/install.yml | 36 +++++++++---------- .../calico/templates/calico-node.yml.j2 | 8 ++--- .../calico/templates/calico-typha.yml.j2 | 22 ++++++------ .../calico/templates/kdd-crds.yml.j2 | 2 +- roles/network_plugin/contiv/tasks/main.yml | 6 ++-- .../contiv/templates/contiv-cleanup.yml.j2 | 18 +++++----- .../contiv/templates/contiv-config.yml.j2 | 12 +++---- .../contiv/templates/contiv-etcd-proxy.yml.j2 | 12 +++---- .../contiv/templates/contiv-netplugin.yml.j2 | 4 +-- .../contiv/templates/contiv-ovs.yml.j2 | 18 +++++----- .../network_plugin/kube-ovn/defaults/main.yml | 2 +- .../templates/cni-kube-ovn-crd.yml.j2 | 2 +- .../kube-ovn/templates/cni-ovn.yml.j2 | 2 +- .../kube-router/defaults/main.yml | 2 +- .../multus/files/multus-clusterrole.yml | 2 +- roles/upgrade/pre-upgrade/tasks/main.yml | 8 ++--- .../roles/kubevirt-images/defaults/main.yml | 2 +- .../files/packet_centos7-weave-upgrade-ha.yml | 2 +- tests/files/packet_centos8-kube-ovn.yml | 2 +- tests/files/packet_debian10-containerd.yml | 2 +- tests/files/tf-elastx_ubuntu18-calico.yml | 2 +- tests/files/vagrant_ubuntu18-flannel.yml | 2 +- tests/files/vagrant_ubuntu20-flannel.yml | 2 +- tests/testcases/010_check-apiserver.yml | 2 +- tests/testcases/015_check-nodes-ready.yml | 2 +- tests/testcases/030_check-network.yml | 4 +-- 67 files changed, 232 insertions(+), 217 deletions(-) create mode 100644 .editorconfig diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 000000000..6da030f91 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,15 @@ +root = true + +[*.{yaml,yml,yml.j2,yaml.j2}] +indent_style = space +indent_size = 2 +trim_trailing_whitespace = true +insert_final_newline = true +charset = utf-8 + +[{Dockerfile}] +indent_style = space +indent_size = 2 +trim_trailing_whitespace = true +insert_final_newline = true +charset = utf-8 diff --git a/.gitlab-ci/terraform.yml b/.gitlab-ci/terraform.yml index 0bd133f0d..241cbe53e 100644 --- a/.gitlab-ci/terraform.yml +++ b/.gitlab-ci/terraform.yml @@ -171,4 +171,4 @@ tf-elastx_ubuntu18-calico: TF_VAR_flavor_k8s_master: 3f73fc93-ec61-4808-88df-2580d94c1a9b # v1-standard-2 TF_VAR_flavor_k8s_node: 3f73fc93-ec61-4808-88df-2580d94c1a9b # v1-standard-2 TF_VAR_image: ubuntu-18.04-server-latest - TF_VAR_k8s_allowed_remote_ips: '["0.0.0.0/0"]' \ No newline at end of file + TF_VAR_k8s_allowed_remote_ips: '["0.0.0.0/0"]' diff --git a/.gitlab-ci/vagrant.yml b/.gitlab-ci/vagrant.yml index fcc5de459..7861dbe3c 100644 --- a/.gitlab-ci/vagrant.yml +++ b/.gitlab-ci/vagrant.yml @@ -51,4 +51,4 @@ vagrant_ubuntu18-weave-medium: vagrant_ubuntu20-flannel: stage: deploy-part2 extends: .vagrant - when: on_success \ No newline at end of file + when: on_success diff --git a/Dockerfile b/Dockerfile index 67ac6f81b..fd3eec5a6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,12 +6,12 @@ RUN apt update -y && \ apt install -y \ libssl-dev python3-dev sshpass apt-transport-https jq moreutils \ ca-certificates curl gnupg2 software-properties-common python3-pip rsync -RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && \ - add-apt-repository \ - "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ - $(lsb_release -cs) \ - stable" \ - && apt update -y && apt-get install docker-ce -y +RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && \ + add-apt-repository \ + "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ + $(lsb_release -cs) \ + stable" \ + && apt update -y && apt-get install docker-ce -y COPY . . RUN /usr/bin/python3 -m pip install pip -U && /usr/bin/python3 -m pip install -r tests/requirements.txt && python3 -m pip install -r requirements.txt && update-alternatives --install /usr/bin/python python /usr/bin/python3 1 RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.17.5/bin/linux/amd64/kubectl \ diff --git a/_config.yml b/_config.yml index a2b6bf07e..9b686697c 100644 --- a/_config.yml +++ b/_config.yml @@ -1,2 +1,2 @@ --- -theme: jekyll-theme-slate \ No newline at end of file +theme: jekyll-theme-slate diff --git a/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/templates/glusterfs-kubernetes-endpoint.json.j2 b/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/templates/glusterfs-kubernetes-endpoint.json.j2 index 9619139e4..866c09f3e 100644 --- a/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/templates/glusterfs-kubernetes-endpoint.json.j2 +++ b/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/templates/glusterfs-kubernetes-endpoint.json.j2 @@ -8,7 +8,7 @@ {% for host in groups['gfs-cluster'] %} { "addresses": [ - { + { "ip": "{{hostvars[host]['ip']|default(hostvars[host].ansible_default_ipv4['address'])}}" } ], diff --git a/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/templates/glusterfs-kubernetes-pv.yml.j2 b/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/templates/glusterfs-kubernetes-pv.yml.j2 index 4eef00535..f6ba4358e 100644 --- a/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/templates/glusterfs-kubernetes-pv.yml.j2 +++ b/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/templates/glusterfs-kubernetes-pv.yml.j2 @@ -1,7 +1,7 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: glusterfs + name: glusterfs spec: capacity: storage: "{{ hostvars[groups['gfs-cluster'][0]].gluster_disk_size_gb }}Gi" diff --git a/contrib/vault/roles/vault/tasks/bootstrap/start_vault_temp.yml b/contrib/vault/roles/vault/tasks/bootstrap/start_vault_temp.yml index 9ff327366..77398009c 100644 --- a/contrib/vault/roles/vault/tasks/bootstrap/start_vault_temp.yml +++ b/contrib/vault/roles/vault/tasks/bootstrap/start_vault_temp.yml @@ -6,11 +6,11 @@ - name: bootstrap/start_vault_temp | Start single node Vault with file backend command: > - docker run -d --cap-add=IPC_LOCK --name {{ vault_temp_container_name }} - -p {{ vault_port }}:{{ vault_port }} - -e 'VAULT_LOCAL_CONFIG={{ vault_temp_config|to_json }}' - -v /etc/vault:/etc/vault - {{ vault_image_repo }}:{{ vault_version }} server + docker run -d --cap-add=IPC_LOCK --name {{ vault_temp_container_name }} + -p {{ vault_port }}:{{ vault_port }} + -e 'VAULT_LOCAL_CONFIG={{ vault_temp_config|to_json }}' + -v /etc/vault:/etc/vault + {{ vault_image_repo }}:{{ vault_version }} server - name: bootstrap/start_vault_temp | Start again single node Vault with file backend command: docker start {{ vault_temp_container_name }} diff --git a/contrib/vault/roles/vault/tasks/bootstrap/sync_secrets.yml b/contrib/vault/roles/vault/tasks/bootstrap/sync_secrets.yml index dff1f16dd..5471ea520 100644 --- a/contrib/vault/roles/vault/tasks/bootstrap/sync_secrets.yml +++ b/contrib/vault/roles/vault/tasks/bootstrap/sync_secrets.yml @@ -21,9 +21,9 @@ - name: bootstrap/sync_secrets | Print out warning message if secrets are not available and vault is initialized pause: prompt: > - Vault orchestration may not be able to proceed. The Vault cluster is initialized, but - 'root_token' or 'unseal_keys' were not found in {{ vault_secrets_dir }}. These are - needed for many vault orchestration steps. + Vault orchestration may not be able to proceed. The Vault cluster is initialized, but + 'root_token' or 'unseal_keys' were not found in {{ vault_secrets_dir }}. These are + needed for many vault orchestration steps. when: vault_cluster_is_initialized and not vault_secrets_available - name: bootstrap/sync_secrets | Cat root_token from a vault host diff --git a/contrib/vault/roles/vault/tasks/shared/check_etcd.yml b/contrib/vault/roles/vault/tasks/shared/check_etcd.yml index f8599d536..444228701 100644 --- a/contrib/vault/roles/vault/tasks/shared/check_etcd.yml +++ b/contrib/vault/roles/vault/tasks/shared/check_etcd.yml @@ -25,6 +25,6 @@ - name: check_etcd | Fail if etcd is not available and needed fail: msg: > - Unable to start Vault cluster! Etcd is not available at - {{ vault_etcd_url.split(',') | first }} however it is needed by Vault as a backend. + Unable to start Vault cluster! Etcd is not available at + {{ vault_etcd_url.split(',') | first }} however it is needed by Vault as a backend. when: vault_etcd_needed|d() and not vault_etcd_available diff --git a/contrib/vault/roles/vault/tasks/shared/check_vault.yml b/contrib/vault/roles/vault/tasks/shared/check_vault.yml index c10904801..32571f479 100644 --- a/contrib/vault/roles/vault/tasks/shared/check_vault.yml +++ b/contrib/vault/roles/vault/tasks/shared/check_vault.yml @@ -46,7 +46,7 @@ set_fact: vault_cluster_is_initialized: >- {{ vault_is_initialized or - hostvars[item]['vault_is_initialized'] or - ('value' in vault_etcd_exists.stdout|default('')) }} + hostvars[item]['vault_is_initialized'] or + ('value' in vault_etcd_exists.stdout|default('')) }} with_items: "{{ groups.vault }}" run_once: true diff --git a/contrib/vault/roles/vault/tasks/shared/create_role.yml b/contrib/vault/roles/vault/tasks/shared/create_role.yml index d3aa3e441..792f75484 100644 --- a/contrib/vault/roles/vault/tasks/shared/create_role.yml +++ b/contrib/vault/roles/vault/tasks/shared/create_role.yml @@ -6,9 +6,9 @@ ca_cert: "{{ vault_cert_dir }}/ca.pem" name: "{{ create_role_name }}" rules: >- - {%- if create_role_policy_rules|d("default") == "default" -%} - {{ - { 'path': { + {%- if create_role_policy_rules|d("default") == "default" -%} + {{ + { 'path': { create_role_mount_path + '/issue/' + create_role_name: {'policy': 'write'}, create_role_mount_path + '/roles/' + create_role_name: {'policy': 'read'} }} | to_json + '\n' @@ -24,13 +24,13 @@ ca_cert: "{{ vault_cert_dir }}/ca.pem" secret: "{{ create_role_mount_path }}/roles/{{ create_role_name }}" data: | - {%- if create_role_options|d("default") == "default" -%} - { - allow_any_name: true - } - {%- else -%} - {{ create_role_options | to_json }} - {%- endif -%} + {%- if create_role_options|d("default") == "default" -%} + { + allow_any_name: true + } + {%- else -%} + {{ create_role_options | to_json }} + {%- endif -%} ## Userpass based auth method diff --git a/contrib/vault/roles/vault/tasks/shared/gen_userpass.yml b/contrib/vault/roles/vault/tasks/shared/gen_userpass.yml index a49b443e3..e609fc41a 100644 --- a/contrib/vault/roles/vault/tasks/shared/gen_userpass.yml +++ b/contrib/vault/roles/vault/tasks/shared/gen_userpass.yml @@ -18,8 +18,8 @@ - name: shared/gen_userpass | Copy credentials to all hosts in the group copy: content: > - {{ - {'username': gen_userpass_username, - 'password': gen_userpass_password} | to_nice_json(indent=4) - }} + {{ + {'username': gen_userpass_username, + 'password': gen_userpass_password} | to_nice_json(indent=4) + }} dest: "{{ vault_roles_dir }}/{{ gen_userpass_role }}/userpass" diff --git a/contrib/vault/roles/vault/templates/http-proxy.conf.j2 b/contrib/vault/roles/vault/templates/http-proxy.conf.j2 index 0e24a9d77..e79047771 100644 --- a/contrib/vault/roles/vault/templates/http-proxy.conf.j2 +++ b/contrib/vault/roles/vault/templates/http-proxy.conf.j2 @@ -1,2 +1,2 @@ [Service] -Environment={% if http_proxy %}"HTTP_PROXY={{ http_proxy }}"{% endif %} {% if https_proxy %}"HTTPS_PROXY={{ https_proxy }}"{% endif %} {% if no_proxy %}"NO_PROXY={{ no_proxy }}"{% endif %} \ No newline at end of file +Environment={% if http_proxy %}"HTTP_PROXY={{ http_proxy }}"{% endif %} {% if https_proxy %}"HTTPS_PROXY={{ https_proxy }}"{% endif %} {% if no_proxy %}"NO_PROXY={{ no_proxy }}"{% endif %} diff --git a/inventory/sample/group_vars/etcd.yml b/inventory/sample/group_vars/etcd.yml index 737482f7e..cbc388e43 100644 --- a/inventory/sample/group_vars/etcd.yml +++ b/inventory/sample/group_vars/etcd.yml @@ -19,4 +19,4 @@ # etcd_peer_client_auth: true ## Settings for etcd deployment type -etcd_deployment_type: docker \ No newline at end of file +etcd_deployment_type: docker diff --git a/roles/container-engine/containerd/templates/apt_preferences.d/debian_containerd.j2 b/roles/container-engine/containerd/templates/apt_preferences.d/debian_containerd.j2 index 896d70ff9..5299573b3 100644 --- a/roles/container-engine/containerd/templates/apt_preferences.d/debian_containerd.j2 +++ b/roles/container-engine/containerd/templates/apt_preferences.d/debian_containerd.j2 @@ -1,3 +1,3 @@ -Package: {{ containerd_package }} -Pin: version {{ containerd_version }}* -Pin-Priority: 1001 +Package: {{ containerd_package }} +Pin: version {{ containerd_version }}* +Pin-Priority: 1001 diff --git a/roles/container-engine/containerd/vars/debian.yml b/roles/container-engine/containerd/vars/debian.yml index 66aa5f08c..108625d32 100644 --- a/roles/container-engine/containerd/vars/debian.yml +++ b/roles/container-engine/containerd/vars/debian.yml @@ -15,8 +15,8 @@ containerd_repo_info: pkg_repo: apt_repository repos: - > - deb {{ containerd_debian_repo_base_url }} - {{ ansible_distribution_release|lower }} - {{ containerd_debian_repo_component }} + deb {{ containerd_debian_repo_base_url }} + {{ ansible_distribution_release|lower }} + {{ containerd_debian_repo_component }} runc_binary: /usr/bin/runc diff --git a/roles/container-engine/containerd/vars/ubuntu-amd64.yml b/roles/container-engine/containerd/vars/ubuntu-amd64.yml index a57cf5030..013df1537 100644 --- a/roles/container-engine/containerd/vars/ubuntu-amd64.yml +++ b/roles/container-engine/containerd/vars/ubuntu-amd64.yml @@ -15,8 +15,8 @@ containerd_repo_info: pkg_repo: apt_repository repos: - > - deb {{ containerd_ubuntu_repo_base_url }} - {{ ansible_distribution_release|lower }} - {{ containerd_ubuntu_repo_component }} + deb {{ containerd_ubuntu_repo_base_url }} + {{ ansible_distribution_release|lower }} + {{ containerd_ubuntu_repo_component }} runc_binary: /usr/bin/runc diff --git a/roles/container-engine/docker/vars/debian.yml b/roles/container-engine/docker/vars/debian.yml index e19c090a3..c266302eb 100644 --- a/roles/container-engine/docker/vars/debian.yml +++ b/roles/container-engine/docker/vars/debian.yml @@ -41,9 +41,9 @@ docker_repo_info: pkg_repo: apt_repository repos: - > - deb {{ docker_debian_repo_base_url }} - {{ ansible_distribution_release|lower }} - stable + deb {{ docker_debian_repo_base_url }} + {{ ansible_distribution_release|lower }} + stable dockerproject_repo_key_info: pkg_key: apt_key @@ -55,6 +55,6 @@ dockerproject_repo_info: pkg_repo: apt_repository repos: - > - deb {{ docker_debian_repo_base_url }} - {{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }} - main + deb {{ docker_debian_repo_base_url }} + {{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }} + main diff --git a/roles/container-engine/docker/vars/ubuntu-amd64.yml b/roles/container-engine/docker/vars/ubuntu-amd64.yml index ea9f143d0..0f264e5e3 100644 --- a/roles/container-engine/docker/vars/ubuntu-amd64.yml +++ b/roles/container-engine/docker/vars/ubuntu-amd64.yml @@ -41,9 +41,9 @@ docker_repo_info: pkg_repo: apt_repository repos: - > - deb [arch={{ host_architecture }}] {{ docker_ubuntu_repo_base_url }} - {{ ansible_distribution_release|lower }} - stable + deb [arch={{ host_architecture }}] {{ docker_ubuntu_repo_base_url }} + {{ ansible_distribution_release|lower }} + stable dockerproject_repo_key_info: pkg_key: apt_key @@ -55,6 +55,6 @@ dockerproject_repo_info: pkg_repo: apt_repository repos: - > - deb [arch={{ host_architecture }}] {{ docker_ubuntu_repo_base_url }} - {{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }} - main + deb [arch={{ host_architecture }}] {{ docker_ubuntu_repo_base_url }} + {{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }} + main diff --git a/roles/container-engine/docker/vars/ubuntu-arm64.yml b/roles/container-engine/docker/vars/ubuntu-arm64.yml index fd25b6bcb..bd35458e5 100644 --- a/roles/container-engine/docker/vars/ubuntu-arm64.yml +++ b/roles/container-engine/docker/vars/ubuntu-arm64.yml @@ -37,9 +37,9 @@ docker_repo_info: pkg_repo: apt_repository repos: - > - deb [arch={{ host_architecture }}] {{ docker_ubuntu_repo_base_url }} - {{ ansible_distribution_release|lower }} - stable + deb [arch={{ host_architecture }}] {{ docker_ubuntu_repo_base_url }} + {{ ansible_distribution_release|lower }} + stable dockerproject_repo_key_info: pkg_key: apt_key @@ -51,6 +51,6 @@ dockerproject_repo_info: pkg_repo: apt_repository repos: - > - deb [arch={{ host_architecture }}] {{ docker_ubuntu_repo_base_url }} - {{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }} - main + deb [arch={{ host_architecture }}] {{ docker_ubuntu_repo_base_url }} + {{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }} + main diff --git a/roles/etcd/tasks/check_certs.yml b/roles/etcd/tasks/check_certs.yml index aa77e4d09..d3aaa9c23 100644 --- a/roles/etcd/tasks/check_certs.yml +++ b/roles/etcd/tasks/check_certs.yml @@ -30,14 +30,14 @@ with_items: "{{ expected_files }}" vars: expected_files: >- - ['{{ etcd_cert_dir }}/ca.pem', - {% set all_etcd_hosts = groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort %} - {% for host in all_etcd_hosts %} - '{{ etcd_cert_dir }}/node-{{ host }}-key.pem', - '{{ etcd_cert_dir }}/admin-{{ host }}-key.pem', - '{{ etcd_cert_dir }}/member-{{ host }}-key.pem' - {% if not loop.last %}{{','}}{% endif %} - {% endfor %}] + ['{{ etcd_cert_dir }}/ca.pem', + {% set all_etcd_hosts = groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort %} + {% for host in all_etcd_hosts %} + '{{ etcd_cert_dir }}/node-{{ host }}-key.pem', + '{{ etcd_cert_dir }}/admin-{{ host }}-key.pem', + '{{ etcd_cert_dir }}/member-{{ host }}-key.pem' + {% if not loop.last %}{{','}}{% endif %} + {% endfor %}] - name: "Check_certs | Set 'gen_master_certs' to true" set_fact: diff --git a/roles/etcd/tasks/gen_certs_script.yml b/roles/etcd/tasks/gen_certs_script.yml index adc7c99e8..651b76719 100644 --- a/roles/etcd/tasks/gen_certs_script.yml +++ b/roles/etcd/tasks/gen_certs_script.yml @@ -111,9 +111,9 @@ - name: Gen_certs | Set cert names per node set_fact: - my_etcd_node_certs: ['ca.pem', - 'node-{{ inventory_hostname }}.pem', - 'node-{{ inventory_hostname }}-key.pem'] + my_etcd_node_certs: [ 'ca.pem', + 'node-{{ inventory_hostname }}.pem', + 'node-{{ inventory_hostname }}-key.pem'] tags: - facts diff --git a/roles/etcd/tasks/install_etcdctl_docker.yml b/roles/etcd/tasks/install_etcdctl_docker.yml index 1d87ccc8e..74ae07f18 100644 --- a/roles/etcd/tasks/install_etcdctl_docker.yml +++ b/roles/etcd/tasks/install_etcdctl_docker.yml @@ -1,9 +1,9 @@ --- - name: Install | Copy etcdctl binary from docker container command: sh -c "{{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy; - {{ docker_bin_dir }}/docker create --name etcdctl-binarycopy {{ etcd_image_repo }}:{{ etcd_image_tag }} && - {{ docker_bin_dir }}/docker cp etcdctl-binarycopy:/usr/local/bin/etcdctl {{ bin_dir }}/etcdctl && - {{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy" + {{ docker_bin_dir }}/docker create --name etcdctl-binarycopy {{ etcd_image_repo }}:{{ etcd_image_tag }} && + {{ docker_bin_dir }}/docker cp etcdctl-binarycopy:/usr/local/bin/etcdctl {{ bin_dir }}/etcdctl && + {{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy" register: etcdctl_install_result until: etcdctl_install_result.rc == 0 retries: "{{ etcd_retries }}" diff --git a/roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2 b/roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2 index 695cc55b4..b8dcc60fa 100644 --- a/roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2 +++ b/roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2 @@ -18,14 +18,14 @@ auth: useInstancePrincipals: true {% else %} useInstancePrincipals: false - + region: {{ oci_region_id }} tenancy: {{ oci_tenancy_id }} user: {{ oci_user_id }} - key: | + key: | {{ oci_private_key }} - {% if oci_private_key_passphrase is defined %} + {% if oci_private_key_passphrase is defined %} passphrase: {{ oci_private_key_passphrase }} {% endif %} @@ -75,16 +75,16 @@ loadBalancer: # Optional rate limit controls for accessing OCI API rateLimiter: {% if oci_rate_limit.rate_limit_qps_read %} - rateLimitQPSRead: {{ oci_rate_limit.rate_limit_qps_read }} + rateLimitQPSRead: {{ oci_rate_limit.rate_limit_qps_read }} {% endif %} {% if oci_rate_limit.rate_limit_qps_write %} - rateLimitQPSWrite: {{ oci_rate_limit.rate_limit_qps_write }} + rateLimitQPSWrite: {{ oci_rate_limit.rate_limit_qps_write }} {% endif %} {% if oci_rate_limit.rate_limit_bucket_read %} - rateLimitBucketRead: {{ oci_rate_limit.rate_limit_bucket_read }} + rateLimitBucketRead: {{ oci_rate_limit.rate_limit_bucket_read }} {% endif %} {% if oci_rate_limit.rate_limit_bucket_write %} - rateLimitBucketWrite: {{ oci_rate_limit.rate_limit_bucket_write }} + rateLimitBucketWrite: {{ oci_rate_limit.rate_limit_bucket_write }} {% endif %} {% endif %} diff --git a/roles/kubernetes-apps/cluster_roles/templates/node-webhook-cr.yml.j2 b/roles/kubernetes-apps/cluster_roles/templates/node-webhook-cr.yml.j2 index 8c339235d..bf9aaf73f 100644 --- a/roles/kubernetes-apps/cluster_roles/templates/node-webhook-cr.yml.j2 +++ b/roles/kubernetes-apps/cluster_roles/templates/node-webhook-cr.yml.j2 @@ -17,4 +17,4 @@ rules: - nodes/spec - nodes/metrics verbs: - - "*" \ No newline at end of file + - "*" diff --git a/roles/kubernetes-apps/csi_driver/cinder/defaults/main.yml b/roles/kubernetes-apps/csi_driver/cinder/defaults/main.yml index 9aa039339..5444f33c5 100644 --- a/roles/kubernetes-apps/csi_driver/cinder/defaults/main.yml +++ b/roles/kubernetes-apps/csi_driver/cinder/defaults/main.yml @@ -14,4 +14,4 @@ cinder_cacert: "{{ lookup('env','OS_CACERT') }}" # For now, only Cinder v3 is supported in Cinder CSI driver cinder_blockstorage_version: "v3" -cinder_csi_controller_replicas: 1 \ No newline at end of file +cinder_csi_controller_replicas: 1 diff --git a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin-rbac.yml.j2 b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin-rbac.yml.j2 index 241c67af3..2ca3e4486 100644 --- a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin-rbac.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin-rbac.yml.j2 @@ -8,7 +8,7 @@ metadata: namespace: kube-system --- -# external attacher +# external attacher kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: diff --git a/roles/kubernetes-apps/csi_driver/gcp_pd/templates/gcp-pd-csi-setup.yml.j2 b/roles/kubernetes-apps/csi_driver/gcp_pd/templates/gcp-pd-csi-setup.yml.j2 index 65018ffab..4c693b3fd 100644 --- a/roles/kubernetes-apps/csi_driver/gcp_pd/templates/gcp-pd-csi-setup.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/gcp_pd/templates/gcp-pd-csi-setup.yml.j2 @@ -197,4 +197,4 @@ roleRef: subjects: - kind: ServiceAccount name: csi-gce-pd-node-sa - namespace: kube-system \ No newline at end of file + namespace: kube-system diff --git a/roles/kubernetes-apps/external_provisioner/local_path_provisioner/defaults/main.yml b/roles/kubernetes-apps/external_provisioner/local_path_provisioner/defaults/main.yml index fa7b8b3a5..278518b15 100644 --- a/roles/kubernetes-apps/external_provisioner/local_path_provisioner/defaults/main.yml +++ b/roles/kubernetes-apps/external_provisioner/local_path_provisioner/defaults/main.yml @@ -6,4 +6,4 @@ local_path_provisioner_reclaim_policy: Delete local_path_provisioner_claim_root: /opt/local-path-provisioner/ local_path_provisioner_is_default_storageclass: "true" local_path_provisioner_debug: false -local_path_provisioner_helper_image_tag: "latest" \ No newline at end of file +local_path_provisioner_helper_image_tag: "latest" diff --git a/roles/kubernetes-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-ns.yml.j2 b/roles/kubernetes-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-ns.yml.j2 index 5f178256f..1e8c6ceda 100644 --- a/roles/kubernetes-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-ns.yml.j2 +++ b/roles/kubernetes-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-ns.yml.j2 @@ -2,4 +2,4 @@ apiVersion: v1 kind: Namespace metadata: - name: {{ local_path_provisioner_namespace }} \ No newline at end of file + name: {{ local_path_provisioner_namespace }} diff --git a/roles/kubernetes-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-sa.yml.j2 b/roles/kubernetes-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-sa.yml.j2 index d126a5b34..128a106d0 100644 --- a/roles/kubernetes-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-sa.yml.j2 +++ b/roles/kubernetes-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-sa.yml.j2 @@ -3,4 +3,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: local-path-provisioner-service-account - namespace: {{ local_path_provisioner_namespace }} \ No newline at end of file + namespace: {{ local_path_provisioner_namespace }} diff --git a/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-clusterrole.yml.j2 b/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-clusterrole.yml.j2 index 4d776f149..bc030950e 100644 --- a/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-clusterrole.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-clusterrole.yml.j2 @@ -10,4 +10,4 @@ rules: verbs: ["list", "create", "get", "update", "watch", "patch"] - apiGroups: ["", "extensions"] resources: ["nodes", "pods", "secrets", "services", "namespaces"] - verbs: ["get", "list", "watch"] \ No newline at end of file + verbs: ["get", "list", "watch"] diff --git a/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-deploy.yml.j2 b/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-deploy.yml.j2 index dc95b1df1..a3d2834ac 100644 --- a/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-deploy.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-deploy.yml.j2 @@ -33,7 +33,7 @@ spec: # Limit the namespace where this ALB Ingress Controller deployment will # resolve ingress resources. If left commented, all namespaces are used. #- --watch-namespace=your-k8s-namespace - + # Setting the ingress-class flag below will ensure that only ingress resources with the # annotation kubernetes.io/ingress.class: "alb" are respected by the controller. You may # choose any class you'd like for this controller to respect. @@ -42,7 +42,7 @@ spec: # by the ALB Ingress Controller, providing distinction between # clusters. - --cluster-name={{ cluster_name }} - + # Enables logging on all outbound requests sent to the AWS API. # If logging is desired, set to true. # - ---aws-api-debug @@ -71,4 +71,4 @@ spec: terminationGracePeriodSeconds: 30 {% if rbac_enabled %} serviceAccountName: alb-ingress -{% endif %} \ No newline at end of file +{% endif %} diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-certificate.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-certificate.yml.j2 index 2b5b40005..9b6fcd252 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-certificate.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/crd-certificate.yml.j2 @@ -20,4 +20,4 @@ spec: shortNames: - cert - certs - + diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2 index 19619d763..25a71c073 100644 --- a/roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2 +++ b/roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2 @@ -325,32 +325,32 @@ apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration bindAddress: {{ kube_proxy_bind_address }} clientConnection: - acceptContentTypes: {{ kube_proxy_client_accept_content_types }} - burst: {{ kube_proxy_client_burst }} - contentType: {{ kube_proxy_client_content_type }} - kubeconfig: {{ kube_proxy_client_kubeconfig }} - qps: {{ kube_proxy_client_qps }} + acceptContentTypes: {{ kube_proxy_client_accept_content_types }} + burst: {{ kube_proxy_client_burst }} + contentType: {{ kube_proxy_client_content_type }} + kubeconfig: {{ kube_proxy_client_kubeconfig }} + qps: {{ kube_proxy_client_qps }} clusterCIDR: {{ kube_pods_subnet }} configSyncPeriod: {{ kube_proxy_config_sync_period }} conntrack: - maxPerCore: {{ kube_proxy_conntrack_max_per_core }} - min: {{ kube_proxy_conntrack_min }} - tcpCloseWaitTimeout: {{ kube_proxy_conntrack_tcp_close_wait_timeout }} - tcpEstablishedTimeout: {{ kube_proxy_conntrack_tcp_established_timeout }} + maxPerCore: {{ kube_proxy_conntrack_max_per_core }} + min: {{ kube_proxy_conntrack_min }} + tcpCloseWaitTimeout: {{ kube_proxy_conntrack_tcp_close_wait_timeout }} + tcpEstablishedTimeout: {{ kube_proxy_conntrack_tcp_established_timeout }} enableProfiling: {{ kube_proxy_enable_profiling }} healthzBindAddress: {{ kube_proxy_healthz_bind_address }} hostnameOverride: {{ kube_override_hostname }} iptables: - masqueradeAll: {{ kube_proxy_masquerade_all }} - masqueradeBit: {{ kube_proxy_masquerade_bit }} - minSyncPeriod: {{ kube_proxy_min_sync_period }} - syncPeriod: {{ kube_proxy_sync_period }} + masqueradeAll: {{ kube_proxy_masquerade_all }} + masqueradeBit: {{ kube_proxy_masquerade_bit }} + minSyncPeriod: {{ kube_proxy_min_sync_period }} + syncPeriod: {{ kube_proxy_sync_period }} ipvs: - excludeCIDRs: {{ kube_proxy_exclude_cidrs }} - minSyncPeriod: {{ kube_proxy_min_sync_period }} - scheduler: {{ kube_proxy_scheduler }} - syncPeriod: {{ kube_proxy_sync_period }} - strictARP: {{ kube_proxy_strict_arp }} + excludeCIDRs: {{ kube_proxy_exclude_cidrs }} + minSyncPeriod: {{ kube_proxy_min_sync_period }} + scheduler: {{ kube_proxy_scheduler }} + syncPeriod: {{ kube_proxy_sync_period }} + strictARP: {{ kube_proxy_strict_arp }} metricsBindAddress: {{ kube_proxy_metrics_bind_address }} mode: {{ kube_proxy_mode }} nodePortAddresses: {{ kube_proxy_nodeport_addresses }} diff --git a/roles/kubernetes/master/templates/webhook-token-auth-config.yaml.j2 b/roles/kubernetes/master/templates/webhook-token-auth-config.yaml.j2 index 15559732c..265a91cc3 100644 --- a/roles/kubernetes/master/templates/webhook-token-auth-config.yaml.j2 +++ b/roles/kubernetes/master/templates/webhook-token-auth-config.yaml.j2 @@ -14,4 +14,4 @@ contexts: - context: cluster: webhook-token-auth-cluster user: webhook-token-auth-user - name: webhook-token-auth \ No newline at end of file + name: webhook-token-auth diff --git a/roles/kubernetes/node-label/tasks/main.yml b/roles/kubernetes/node-label/tasks/main.yml index 646fd0981..aa5ffe815 100644 --- a/roles/kubernetes/node-label/tasks/main.yml +++ b/roles/kubernetes/node-label/tasks/main.yml @@ -40,7 +40,7 @@ - name: Set label to node command: >- - {{ bin_dir }}/kubectl label node {{ inventory_hostname }} {{ item }} --overwrite=true + {{ bin_dir }}/kubectl label node {{ inventory_hostname }} {{ item }} --overwrite=true loop: "{{ role_node_labels + inventory_node_labels }}" delegate_to: "{{ groups['kube-master'][0] }}" changed_when: false diff --git a/roles/kubernetes/preinstall/tasks/0090-etchosts.yml b/roles/kubernetes/preinstall/tasks/0090-etchosts.yml index 5b34d2d75..a8c40f6f9 100644 --- a/roles/kubernetes/preinstall/tasks/0090-etchosts.yml +++ b/roles/kubernetes/preinstall/tasks/0090-etchosts.yml @@ -44,8 +44,8 @@ - name: Hosts | Extract existing entries for localhost from hosts file set_fact: etc_hosts_localhosts_dict: >- - {%- set splitted = (item | regex_replace('[ \t]+', ' ')|regex_replace('#.*$')|trim).split( ' ') -%} - {{ etc_hosts_localhosts_dict|default({}) | combine({splitted[0]: splitted[1::] }) }} + {%- set splitted = (item | regex_replace('[ \t]+', ' ')|regex_replace('#.*$')|trim).split( ' ') -%} + {{ etc_hosts_localhosts_dict|default({}) | combine({splitted[0]: splitted[1::] }) }} with_items: "{{ (etc_hosts_content['content'] | b64decode).splitlines() }}" when: - etc_hosts_content.content is defined diff --git a/roles/kubernetes/tokens/tasks/check-tokens.yml b/roles/kubernetes/tokens/tasks/check-tokens.yml index 5d2792873..160f46bb8 100644 --- a/roles/kubernetes/tokens/tasks/check-tokens.yml +++ b/roles/kubernetes/tokens/tasks/check-tokens.yml @@ -27,9 +27,9 @@ sync_tokens: >- {%- set tokens = {'sync': False} -%} {%- for server in groups['kube-master'] | intersect(ansible_play_batch) - if (not hostvars[server].known_tokens.stat.exists) or - (hostvars[server].known_tokens.stat.checksum|default('') != known_tokens_master.stat.checksum|default('')) -%} - {%- set _ = tokens.update({'sync': True}) -%} + if (not hostvars[server].known_tokens.stat.exists) or + (hostvars[server].known_tokens.stat.checksum|default('') != known_tokens_master.stat.checksum|default('')) -%} + {%- set _ = tokens.update({'sync': True}) -%} {%- endfor -%} {{ tokens.sync }} run_once: true diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index c794c6404..c659d3cf9 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -434,13 +434,13 @@ loadbalancer_apiserver_type: "nginx" apiserver_loadbalancer_domain_name: "lb-apiserver.kubernetes.local" kube_apiserver_endpoint: |- {% if loadbalancer_apiserver is defined -%} - https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }} + https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }} {%- elif not is_kube_master and loadbalancer_apiserver_localhost -%} - https://localhost:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }} + https://localhost:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }} {%- elif is_kube_master -%} - https://{{ kube_apiserver_bind_address | regex_replace('0\.0\.0\.0','127.0.0.1') }}:{{ kube_apiserver_port }} + https://{{ kube_apiserver_bind_address | regex_replace('0\.0\.0\.0','127.0.0.1') }}:{{ kube_apiserver_port }} {%- else -%} - https://{{ first_kube_master }}:{{ kube_apiserver_port }} + https://{{ first_kube_master }}:{{ kube_apiserver_port }} {%- endif %} kube_apiserver_insecure_endpoint: >- http://{{ kube_apiserver_insecure_bind_address | regex_replace('0\.0\.0\.0','127.0.0.1') }}:{{ kube_apiserver_insecure_port }} diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml index 838e134a9..77aeba6ef 100644 --- a/roles/network_plugin/calico/tasks/install.yml +++ b/roles/network_plugin/calico/tasks/install.yml @@ -198,11 +198,11 @@ "apiVersion": "projectcalico.org/v3", "kind": "BGPPeer", "metadata": { - "name": "global-{{ item.router_id }}" + "name": "global-{{ item.router_id }}" }, "spec": { - "asNumber": "{{ item.as }}", - "peerIP": "{{ item.router_id }}" + "asNumber": "{{ item.as }}", + "peerIP": "{{ item.router_id }}" }}' | {{ bin_dir }}/calicoctl.sh apply -f - register: output retries: 4 @@ -220,11 +220,11 @@ "apiVersion": "projectcalico.org/v3", "kind": "BGPPeer", "metadata": { - "name": "peer-to-rrs" + "name": "peer-to-rrs" }, "spec": { - "nodeSelector": "!has(i-am-a-route-reflector)", - "peerSelector": "has(i-am-a-route-reflector)" + "nodeSelector": "!has(i-am-a-route-reflector)", + "peerSelector": "has(i-am-a-route-reflector)" }}' | {{ bin_dir }}/calicoctl.sh apply -f - register: output retries: 4 @@ -242,11 +242,11 @@ "apiVersion": "projectcalico.org/v3", "kind": "BGPPeer", "metadata": { - "name": "rr-mesh" + "name": "rr-mesh" }, "spec": { - "nodeSelector": "has(i-am-a-route-reflector)", - "peerSelector": "has(i-am-a-route-reflector)" + "nodeSelector": "has(i-am-a-route-reflector)", + "peerSelector": "has(i-am-a-route-reflector)" }}' | {{ bin_dir }}/calicoctl.sh apply -f - register: output retries: 4 @@ -315,13 +315,13 @@ "apiVersion": "projectcalico.org/v3", "kind": "Node", "metadata": { - "name": "{{ inventory_hostname }}" + "name": "{{ inventory_hostname }}" }, "spec": { - "bgp": { - "asNumber": "{{ local_as }}" - }, - "orchRefs":[{"nodeName":"{{ inventory_hostname }}","orchestrator":"k8s"}] + "bgp": { + "asNumber": "{{ local_as }}" + }, + "orchRefs":[{"nodeName":"{{ inventory_hostname }}","orchestrator":"k8s"}] }}' | {{ bin_dir }}/calicoctl.sh apply -f - register: output retries: 4 @@ -339,12 +339,12 @@ "apiVersion": "projectcalico.org/v3", "kind": "BGPPeer", "metadata": { - "name": "{{ inventory_hostname }}-{{ item.router_id }}" + "name": "{{ inventory_hostname }}-{{ item.router_id }}" }, "spec": { - "asNumber": "{{ item.as }}", - "node": "{{ inventory_hostname }}", - "peerIP": "{{ item.router_id }}" + "asNumber": "{{ item.as }}", + "node": "{{ inventory_hostname }}", + "peerIP": "{{ item.router_id }}" }}' | {{ bin_dir }}/calicoctl.sh apply -f - register: output retries: 4 diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2 index 6e3f19d8e..7413a8fad 100644 --- a/roles/network_plugin/calico/templates/calico-node.yml.j2 +++ b/roles/network_plugin/calico/templates/calico-node.yml.j2 @@ -368,10 +368,10 @@ spec: secret: secretName: typha-client items: - - key: tls.crt - path: typha-client.crt - - key: tls.key - path: typha-client.key + - key: tls.crt + path: typha-client.crt + - key: tls.key + path: typha-client.key - name: typha-cacert hostPath: path: "/etc/kubernetes/ssl/" diff --git a/roles/network_plugin/calico/templates/calico-typha.yml.j2 b/roles/network_plugin/calico/templates/calico-typha.yml.j2 index 279e694c1..31cce13aa 100644 --- a/roles/network_plugin/calico/templates/calico-typha.yml.j2 +++ b/roles/network_plugin/calico/templates/calico-typha.yml.j2 @@ -145,17 +145,17 @@ spec: periodSeconds: 10 {% if typha_secure %} volumes: - - name: typha-server - secret: - secretName: typha-server - items: - - key: tls.crt - path: server_certificate.pem - - key: tls.key - path: server_key.pem - - name: cacert - hostPath: - path: "{{ kube_cert_dir }}" + - name: typha-server + secret: + secretName: typha-server + items: + - key: tls.crt + path: server_certificate.pem + - key: tls.key + path: server_key.pem + - name: cacert + hostPath: + path: "{{ kube_cert_dir }}" {% endif %} --- diff --git a/roles/network_plugin/calico/templates/kdd-crds.yml.j2 b/roles/network_plugin/calico/templates/kdd-crds.yml.j2 index 7decacc49..88294a887 100644 --- a/roles/network_plugin/calico/templates/kdd-crds.yml.j2 +++ b/roles/network_plugin/calico/templates/kdd-crds.yml.j2 @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: - name: felixconfigurations.crd.projectcalico.org + name: felixconfigurations.crd.projectcalico.org spec: scope: Cluster group: crd.projectcalico.org diff --git a/roles/network_plugin/contiv/tasks/main.yml b/roles/network_plugin/contiv/tasks/main.yml index 81ca64bdc..f79e1e6fd 100644 --- a/roles/network_plugin/contiv/tasks/main.yml +++ b/roles/network_plugin/contiv/tasks/main.yml @@ -146,9 +146,9 @@ - name: Contiv | Copy netctl binary from docker container command: sh -c "{{ docker_bin_dir }}/docker rm -f netctl-binarycopy; - {{ docker_bin_dir }}/docker create --name netctl-binarycopy {{ contiv_image_repo }}:{{ contiv_image_tag }} && - {{ docker_bin_dir }}/docker cp netctl-binarycopy:/contiv/bin/netctl {{ bin_dir }}/netctl && - {{ docker_bin_dir }}/docker rm -f netctl-binarycopy" + {{ docker_bin_dir }}/docker create --name netctl-binarycopy {{ contiv_image_repo }}:{{ contiv_image_tag }} && + {{ docker_bin_dir }}/docker cp netctl-binarycopy:/contiv/bin/netctl {{ bin_dir }}/netctl && + {{ docker_bin_dir }}/docker rm -f netctl-binarycopy" register: contiv_task_result until: contiv_task_result.rc == 0 retries: 4 diff --git a/roles/network_plugin/contiv/templates/contiv-cleanup.yml.j2 b/roles/network_plugin/contiv/templates/contiv-cleanup.yml.j2 index 80884d719..5909e461f 100644 --- a/roles/network_plugin/contiv/templates/contiv-cleanup.yml.j2 +++ b/roles/network_plugin/contiv/templates/contiv-cleanup.yml.j2 @@ -29,15 +29,15 @@ spec: securityContext: privileged: true volumeMounts: - - mountPath: /etc/openvswitch - name: etc-openvswitch - readOnly: false - - mountPath: /var/run - name: var-run - readOnly: false - - mountPath: /opt/cni/bin - name: cni-bin-dir - readOnly: false + - mountPath: /etc/openvswitch + name: etc-openvswitch + readOnly: false + - mountPath: /var/run + name: var-run + readOnly: false + - mountPath: /opt/cni/bin + name: cni-bin-dir + readOnly: false readinessProbe: exec: command: diff --git a/roles/network_plugin/contiv/templates/contiv-config.yml.j2 b/roles/network_plugin/contiv/templates/contiv-config.yml.j2 index 18b7748eb..48f128ee7 100644 --- a/roles/network_plugin/contiv/templates/contiv-config.yml.j2 +++ b/roles/network_plugin/contiv/templates/contiv-config.yml.j2 @@ -22,10 +22,10 @@ data: } contiv_k8s_config: |- { - "K8S_API_SERVER": "{{ kube_apiserver_endpoint_for_contiv }}", - "K8S_CA": "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt", - "K8S_KEY": "", - "K8S_CERT": "", - "K8S_TOKEN": "", - "SVC_SUBNET": "{{ kube_service_addresses }}" + "K8S_API_SERVER": "{{ kube_apiserver_endpoint_for_contiv }}", + "K8S_CA": "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt", + "K8S_KEY": "", + "K8S_CERT": "", + "K8S_TOKEN": "", + "SVC_SUBNET": "{{ kube_service_addresses }}" } diff --git a/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2 b/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2 index 9725a0f2a..675d1cd6d 100644 --- a/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2 +++ b/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2 @@ -20,12 +20,12 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostPID: true affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: DoesNotExist + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: DoesNotExist containers: - name: contiv-etcd-proxy image: {{ contiv_etcd_image_repo }}:{{ contiv_etcd_image_tag }} diff --git a/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2 b/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2 index c21399fb6..b5b21fcb8 100644 --- a/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2 +++ b/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2 @@ -78,8 +78,8 @@ spec: value: kubernetes - name: CONTIV_NETPLUGIN_VTEP_IP valueFrom: - fieldRef: - fieldPath: status.podIP + fieldRef: + fieldPath: status.podIP - name: CONTIV_NETPLUGIN_ETCD_ENDPOINTS valueFrom: configMapKeyRef: diff --git a/roles/network_plugin/contiv/templates/contiv-ovs.yml.j2 b/roles/network_plugin/contiv/templates/contiv-ovs.yml.j2 index 0b05588ba..edebbeaeb 100644 --- a/roles/network_plugin/contiv/templates/contiv-ovs.yml.j2 +++ b/roles/network_plugin/contiv/templates/contiv-ovs.yml.j2 @@ -57,15 +57,15 @@ spec: name: contiv-config key: contiv_ovs_vswitchd_extra_flags volumeMounts: - - mountPath: /etc/openvswitch - name: etc-openvswitch - readOnly: false - - mountPath: /lib/modules - name: lib-modules - readOnly: true - - mountPath: /var/run - name: var-run - readOnly: false + - mountPath: /etc/openvswitch + name: etc-openvswitch + readOnly: false + - mountPath: /lib/modules + name: lib-modules + readOnly: true + - mountPath: /var/run + name: var-run + readOnly: false volumes: # Used by contiv-ovs - name: etc-openvswitch diff --git a/roles/network_plugin/kube-ovn/defaults/main.yml b/roles/network_plugin/kube-ovn/defaults/main.yml index 9cc4c5c84..8f02a8cf1 100644 --- a/roles/network_plugin/kube-ovn/defaults/main.yml +++ b/roles/network_plugin/kube-ovn/defaults/main.yml @@ -13,4 +13,4 @@ kube_ovn_pinger_cpu_limit: 200m kube_ovn_pinger_memory_limit: 400Mi traffic_mirror: true -encap_checksum: true \ No newline at end of file +encap_checksum: true diff --git a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2 index fc6eba4bc..8e58ed272 100644 --- a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2 +++ b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2 @@ -104,4 +104,4 @@ spec: JSONPath: .spec.providerInterfaceName - name: Subnet type: string - JSONPath: .spec.subnet \ No newline at end of file + JSONPath: .spec.subnet diff --git a/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 index 7b639d6d2..2ffe0dd61 100644 --- a/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 +++ b/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 @@ -349,4 +349,4 @@ spec: path: /var/log/openvswitch - name: host-log-ovn hostPath: - path: /var/log/ovn \ No newline at end of file + path: /var/log/ovn diff --git a/roles/network_plugin/kube-router/defaults/main.yml b/roles/network_plugin/kube-router/defaults/main.yml index 885e3474e..a1e68feea 100644 --- a/roles/network_plugin/kube-router/defaults/main.yml +++ b/roles/network_plugin/kube-router/defaults/main.yml @@ -57,4 +57,4 @@ kube_router_enable_metrics: false kube_router_metrics_path: /metrics # Prometheus metrics port to use -kube_router_metrics_port: 9255 \ No newline at end of file +kube_router_metrics_port: 9255 diff --git a/roles/network_plugin/multus/files/multus-clusterrole.yml b/roles/network_plugin/multus/files/multus-clusterrole.yml index ec2ec3a06..b574069cd 100644 --- a/roles/network_plugin/multus/files/multus-clusterrole.yml +++ b/roles/network_plugin/multus/files/multus-clusterrole.yml @@ -25,4 +25,4 @@ rules: verbs: - create - patch - - update \ No newline at end of file + - update diff --git a/roles/upgrade/pre-upgrade/tasks/main.yml b/roles/upgrade/pre-upgrade/tasks/main.yml index a8b149394..f47954b1c 100644 --- a/roles/upgrade/pre-upgrade/tasks/main.yml +++ b/roles/upgrade/pre-upgrade/tasks/main.yml @@ -3,8 +3,8 @@ # Node NotReady: type = ready, status = Unknown - name: See if node is in ready state shell: >- - {{ bin_dir }}/kubectl get node {{ inventory_hostname }} - -o jsonpath='{ range .status.conditions[?(@.type == "Ready")].status }{ @ }{ end }' + {{ bin_dir }}/kubectl get node {{ inventory_hostname }} + -o jsonpath='{ range .status.conditions[?(@.type == "Ready")].status }{ @ }{ end }' register: kubectl_node_ready delegate_to: "{{ groups['kube-master'][0] }}" failed_when: false @@ -14,8 +14,8 @@ # else unschedulable key doesn't exist - name: See if node is schedulable shell: >- - {{ bin_dir }}/kubectl get node {{ inventory_hostname }} - -o jsonpath='{ .spec.unschedulable }' + {{ bin_dir }}/kubectl get node {{ inventory_hostname }} + -o jsonpath='{ .spec.unschedulable }' register: kubectl_node_schedulable delegate_to: "{{ groups['kube-master'][0] }}" failed_when: false diff --git a/test-infra/image-builder/roles/kubevirt-images/defaults/main.yml b/test-infra/image-builder/roles/kubevirt-images/defaults/main.yml index 8c5b3bf94..4798b539d 100644 --- a/test-infra/image-builder/roles/kubevirt-images/defaults/main.yml +++ b/test-infra/image-builder/roles/kubevirt-images/defaults/main.yml @@ -70,4 +70,4 @@ images: filename: openSUSE-Leap-15.1-OpenStack.x86_64-0.0.4-Build6.106.qcow2 url: https://download.opensuse.org/repositories/Cloud:/Images:/Leap_15.1/images/openSUSE-Leap-15.1-OpenStack.x86_64-0.0.4-Build6.106.qcow2 checksum: sha256:e3c016a889505c5ae51dafe6eedc836a9e9546ab951fdc96f07eb35e34d12b8c - converted: true \ No newline at end of file + converted: true diff --git a/tests/files/packet_centos7-weave-upgrade-ha.yml b/tests/files/packet_centos7-weave-upgrade-ha.yml index 8a2576532..d455a9f7a 100644 --- a/tests/files/packet_centos7-weave-upgrade-ha.yml +++ b/tests/files/packet_centos7-weave-upgrade-ha.yml @@ -10,4 +10,4 @@ kubernetes_audit: true dns_min_replicas: 1 # Needed to upgrade from 1.16 to 1.17, otherwise upgrade is partial and bug followed -upgrade_cluster_setup: true \ No newline at end of file +upgrade_cluster_setup: true diff --git a/tests/files/packet_centos8-kube-ovn.yml b/tests/files/packet_centos8-kube-ovn.yml index 6fab50204..a58dc0c69 100644 --- a/tests/files/packet_centos8-kube-ovn.yml +++ b/tests/files/packet_centos8-kube-ovn.yml @@ -6,4 +6,4 @@ mode: default # Kubespray settings kube_network_plugin: kube-ovn deploy_netchecker: true -dns_min_replicas: 1 \ No newline at end of file +dns_min_replicas: 1 diff --git a/tests/files/packet_debian10-containerd.yml b/tests/files/packet_debian10-containerd.yml index e00a2904f..4503f71b0 100644 --- a/tests/files/packet_debian10-containerd.yml +++ b/tests/files/packet_debian10-containerd.yml @@ -14,4 +14,4 @@ helm_version: v3.1.0 # https://gitlab.com/miouge/kubespray-ci/-/blob/a4fd5ed6857807f1c353cb60848aedebaf7d2c94/manifests/http-proxy.yml#L42 http_proxy: http://172.30.30.30:8888 -https_proxy: http://172.30.30.30:8888 \ No newline at end of file +https_proxy: http://172.30.30.30:8888 diff --git a/tests/files/tf-elastx_ubuntu18-calico.yml b/tests/files/tf-elastx_ubuntu18-calico.yml index 53e03d7fe..43ef55aa3 100644 --- a/tests/files/tf-elastx_ubuntu18-calico.yml +++ b/tests/files/tf-elastx_ubuntu18-calico.yml @@ -4,4 +4,4 @@ deploy_netchecker: true sonobuoy_enabled: true # Ignore ping errors -ignore_assert_errors: true \ No newline at end of file +ignore_assert_errors: true diff --git a/tests/files/vagrant_ubuntu18-flannel.yml b/tests/files/vagrant_ubuntu18-flannel.yml index e878a5e38..d4543a901 100644 --- a/tests/files/vagrant_ubuntu18-flannel.yml +++ b/tests/files/vagrant_ubuntu18-flannel.yml @@ -4,4 +4,4 @@ kube_network_plugin: flannel deploy_netchecker: true -dns_min_replicas: 1 \ No newline at end of file +dns_min_replicas: 1 diff --git a/tests/files/vagrant_ubuntu20-flannel.yml b/tests/files/vagrant_ubuntu20-flannel.yml index e878a5e38..d4543a901 100644 --- a/tests/files/vagrant_ubuntu20-flannel.yml +++ b/tests/files/vagrant_ubuntu20-flannel.yml @@ -4,4 +4,4 @@ kube_network_plugin: flannel deploy_netchecker: true -dns_min_replicas: 1 \ No newline at end of file +dns_min_replicas: 1 diff --git a/tests/testcases/010_check-apiserver.yml b/tests/testcases/010_check-apiserver.yml index bb865727d..330e5e6bf 100644 --- a/tests/testcases/010_check-apiserver.yml +++ b/tests/testcases/010_check-apiserver.yml @@ -17,4 +17,4 @@ that: - apiserver_response.json.gitVersion == kube_version fail_msg: "apiserver version different than expected {{ kube_version }}" - when: kube_version is defined \ No newline at end of file + when: kube_version is defined diff --git a/tests/testcases/015_check-nodes-ready.yml b/tests/testcases/015_check-nodes-ready.yml index 14a3468f5..be8370cc3 100644 --- a/tests/testcases/015_check-nodes-ready.yml +++ b/tests/testcases/015_check-nodes-ready.yml @@ -30,4 +30,4 @@ # Check that all nodes are Status=Ready - '(get_nodes_yaml.stdout | from_yaml)["items"] | map(attribute = "status.conditions") | map("items2dict", key_name="type", value_name="status") | map(attribute="Ready") | list | min' retries: 30 - delay: 10 \ No newline at end of file + delay: 10 diff --git a/tests/testcases/030_check-network.yml b/tests/testcases/030_check-network.yml index 4e8903439..bee470ef7 100644 --- a/tests/testcases/030_check-network.yml +++ b/tests/testcases/030_check-network.yml @@ -51,13 +51,13 @@ - name: Get hostnet pods command: "{{ bin_dir }}/kubectl get pods -n test -o - jsonpath='{range .items[?(.spec.hostNetwork)]}{.metadata.name} {.status.podIP} {.status.containerStatuses} {end}'" + jsonpath='{range .items[?(.spec.hostNetwork)]}{.metadata.name} {.status.podIP} {.status.containerStatuses} {end}'" register: hostnet_pods no_log: true - name: Get running pods command: "{{ bin_dir }}/kubectl get pods -n test -o - jsonpath='{range .items[?(.status.phase==\"Running\")]}{.metadata.name} {.status.podIP} {.status.containerStatuses} {end}'" + jsonpath='{range .items[?(.status.phase==\"Running\")]}{.metadata.name} {.status.podIP} {.status.containerStatuses} {end}'" register: running_pods no_log: true