Adding yamllinter to ci steps (#1556)

* Adding yaml linter to ci check * Minor linting fixes from yamllint * Changing CI to install python pkgs from requirements.txt - adding in a secondary requirements.txt for tests - moving yamllint to tests requirements
2017-08-24 04:09:52 -05:00 · 2017-08-24 04:09:52 -05:00 · 8b151d12b9
commit 8b151d12b9
parent ecb6dc3679
106 changed files with 301 additions and 274 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -18,10 +18,7 @@ variables:
 # us-west1-a
 before_script:
-    - pip install ansible==2.3.0
+    - pip install -r tests/requirements.txt
    - pip install netaddr
    - pip install apache-libcloud==0.20.1
    - pip install boto==2.9.0
    - mkdir -p /.ssh
    - cp tests/ansible.cfg .
@ -75,10 +72,7 @@ before_script:
      - $HOME/.cache
  before_script:
    - docker info
-    - pip install ansible==2.3.0
+    - pip install -r tests/requirements.txt
    - pip install netaddr
    - pip install apache-libcloud==0.20.1
    - pip install boto==2.9.0
    - mkdir -p /.ssh
    - mkdir -p $HOME/.ssh
    - echo $PRIVATE_KEY | base64 -d > $HOME/.ssh/id_rsa
@ -642,6 +636,13 @@ syntax-check:
    - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root  -b --become-user=root extra_playbooks/upgrade-only-k8s.yml -vvv  --syntax-check
  except: ['triggers', 'master']
 yamllint:
  <<: *job
  stage: unit-tests
  script:
    - yamllint roles
  except: ['triggers', 'master']
 tox-inventory-builder:
  stage: unit-tests
  <<: *job
--- a/.yamllint
+++ b/.yamllint
@ -0,0 +1,16 @@
 ---
 extends: default
 rules:
  braces:
    min-spaces-inside: 0
    max-spaces-inside: 1
  brackets:
    min-spaces-inside: 0
    max-spaces-inside: 1
  indentation:
    spaces: 2
    indent-sequences: consistent
  line-length: disable
  new-line-at-end-of-file: disable
  truthy: disable
--- a/roles/bootstrap-os/tasks/bootstrap-coreos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-coreos.yml
@ -49,4 +49,3 @@
  pip:
    name: "{{ item }}"
  with_items: "{{pip_python_modules}}"
--- a/roles/bootstrap-os/tasks/main.yml
+++ b/roles/bootstrap-os/tasks/main.yml
@ -27,4 +27,3 @@
  hostname:
    name: "{{inventory_hostname}}"
  when: ansible_hostname == 'localhost'
--- a/roles/bootstrap-os/tasks/setup-pipelining.yml
+++ b/roles/bootstrap-os/tasks/setup-pipelining.yml
@ -6,4 +6,3 @@
    regexp: '^\w+\s+requiretty'
    dest: /etc/sudoers
    state: absent
--- a/roles/dnsmasq/defaults/main.yml
+++ b/roles/dnsmasq/defaults/main.yml
@ -4,12 +4,12 @@
 # Max of 4 names is allowed and no more than 256 - 17 chars total
 # (a 2 is reserved for the 'default.svc.' and'svc.')
-#searchdomains:
+# searchdomains:
-#  - foo.bar.lc
+#   - foo.bar.lc
 # Max of 2 is allowed here (a 1 is reserved for the dns_server)
-#nameservers:
+# nameservers:
-#  - 127.0.0.1
+#   - 127.0.0.1
 dns_forward_max: 150
 cache_size: 1000
--- a/roles/dnsmasq/tasks/main.yml
+++ b/roles/dnsmasq/tasks/main.yml
@ -86,4 +86,3 @@
    port: 53
    timeout: 180
  when: inventory_hostname == groups['kube-node'][0] and groups['kube-node'][0] in ansible_play_hosts
--- a/roles/dnsmasq/templates/dnsmasq-autoscaler.yml
+++ b/roles/dnsmasq/templates/dnsmasq-autoscaler.yml
@ -1,3 +1,4 @@
 ---
 # Copyright 2016 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@ -34,17 +35,16 @@ spec:
      - name: autoscaler
        image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.1
        resources:
-            requests:
+          requests:
-                cpu: "20m"
+            cpu: "20m"
-                memory: "10Mi"
+            memory: "10Mi"
        command:
-          - /cluster-proportional-autoscaler
+        - /cluster-proportional-autoscaler
-          - --namespace=kube-system
+        - --namespace=kube-system
-          - --configmap=dnsmasq-autoscaler
+        - --configmap=dnsmasq-autoscaler
-          - --target=Deployment/dnsmasq
+        - --target=Deployment/dnsmasq
-          # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
+        # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
-          # If using small nodes, "nodesPerReplica" should dominate.
+        # If using small nodes, "nodesPerReplica" should dominate.
-          - --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}}
+        - --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}}
-          - --logtostderr=true
+        - --logtostderr=true
-          - --v={{ kube_log_level }}
+        - --v={{ kube_log_level }}
--- a/roles/dnsmasq/templates/dnsmasq-deploy.yml
+++ b/roles/dnsmasq/templates/dnsmasq-deploy.yml
@ -35,7 +35,6 @@ spec:
            capabilities:
              add:
                - NET_ADMIN
          imagePullPolicy: IfNotPresent
          resources:
            limits:
              cpu: {{ dns_cpu_limit }}
@ -64,4 +63,3 @@ spec:
          hostPath:
            path: /etc/dnsmasq.d-available
      dnsPolicy: Default  # Don't use cluster DNS.
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@ -1,3 +1,4 @@
 ---
 docker_version: '1.13'
 docker_package_info:
--- a/roles/docker/handlers/main.yml
+++ b/roles/docker/handlers/main.yml
@ -8,7 +8,7 @@
    - Docker | pause while Docker restarts
    - Docker | wait for docker
- name : Docker | reload systemd
+- name: Docker | reload systemd
  shell: systemctl daemon-reload
 - name: Docker | reload docker.socket
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -3,14 +3,14 @@
  include_vars: "{{ item }}"
  with_first_found:
    - files:
-      - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
-      - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
-      - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
-      - "{{ ansible_distribution|lower }}.yml"
+        - "{{ ansible_distribution|lower }}.yml"
-      - "{{ ansible_os_family|lower }}.yml"
+        - "{{ ansible_os_family|lower }}.yml"
-      - defaults.yml
+        - defaults.yml
      paths:
-      - ../vars
+        - ../vars
      skip: true
  tags: facts
--- a/roles/docker/tasks/set_facts_dns.yml
+++ b/roles/docker/tasks/set_facts_dns.yml
@ -48,7 +48,7 @@
 - name: add system search domains to docker options
  set_fact:
    docker_dns_search_domains: "{{ docker_dns_search_domains | union(system_search_domains.stdout.split(' ')|default([])) | unique }}"
-  when: system_search_domains.stdout != "" 
+  when: system_search_domains.stdout != ""
 - name: check number of nameservers
  fail:
--- a/roles/docker/vars/debian.yml
+++ b/roles/docker/vars/debian.yml
@ -1,3 +1,4 @@
 ---
 docker_kernel_min_version: '3.10'
 # https://apt.dockerproject.org/repo/dists/debian-wheezy/main/filelist
--- a/roles/docker/vars/fedora-20.yml
+++ b/roles/docker/vars/fedora-20.yml
@ -1,3 +1,4 @@
 ---
 docker_kernel_min_version: '0'
 # versioning: docker-io itself is pinned at docker 1.5
--- a/roles/docker/vars/fedora.yml
+++ b/roles/docker/vars/fedora.yml
@ -1,3 +1,4 @@
 ---
 docker_kernel_min_version: '0'
 # https://docs.docker.com/engine/installation/linux/fedora/#install-from-a-package
--- a/roles/docker/vars/redhat.yml
+++ b/roles/docker/vars/redhat.yml
@ -1,3 +1,4 @@
 ---
 docker_kernel_min_version: '0'
 # https://yum.dockerproject.org/repo/main/centos/7/Packages/
@ -8,7 +9,7 @@ docker_versioned_pkg:
  '1.12': docker-engine-1.12.6-1.el7.centos
  '1.13': docker-engine-1.13.1-1.el7.centos
  'stable': docker-engine-17.03.0.ce-1.el7.centos
-  'edge':  docker-engine-17.03.0.ce-1.el7.centos
+  'edge': docker-engine-17.03.0.ce-1.el7.centos
 # https://docs.docker.com/engine/installation/linux/centos/#install-from-a-package
 # https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@ -20,7 +20,7 @@ download_always_pull: False
 # Versions
 kube_version: v1.7.3
 etcd_version: v3.2.4
-#TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
+# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
 # after migration to container download
 calico_version: "v1.1.3"
 calico_cni_version: "v1.8.0"
--- a/roles/download/tasks/main.yml
+++ b/roles/download/tasks/main.yml
@ -111,7 +111,7 @@
    - download.enabled|bool
    - download.container|bool
-#NOTE(bogdando) this brings no docker-py deps for nodes
+# NOTE(bogdando) this brings no docker-py deps for nodes
 - name: Download containers if pull is required or told to always pull
  command: "{{ docker_bin_dir }}/docker pull {{ pull_args }}"
  register: pull_task_result
--- a/roles/etcd/defaults/main.yml
+++ b/roles/etcd/defaults/main.yml
@ -21,7 +21,7 @@ etcd_metrics: "basic"
 etcd_memory_limit: 512M
 # Uncomment to set CPU share for etcd
-#etcd_cpu_limit: 300m
+# etcd_cpu_limit: 300m
 etcd_node_cert_hosts: "{{ groups['k8s-cluster'] | union(groups.get('calico-rr', [])) }}"
--- a/roles/etcd/handlers/backup.yml
+++ b/roles/etcd/handlers/backup.yml
@ -43,4 +43,3 @@
    ETCDCTL_API: 3
  retries: 3
  delay: "{{ retry_stagger | random + 3 }}"
--- a/roles/etcd/handlers/main.yml
+++ b/roles/etcd/handlers/main.yml
@ -30,4 +30,3 @@
 - name: set etcd_secret_changed
  set_fact:
    etcd_secret_changed: true
--- a/roles/etcd/tasks/check_certs.yml
+++ b/roles/etcd/tasks/check_certs.yml
@ -66,4 +66,3 @@
              {%- set _ = certs.update({'sync': True}) -%}
      {% endif %}
      {{ certs.sync }}
--- a/roles/etcd/tasks/gen_certs_script.yml
+++ b/roles/etcd/tasks/gen_certs_script.yml
@ -73,11 +73,10 @@
                      'member-{{ node }}-key.pem',
                      {% endfor %}]"
    my_master_certs: ['ca-key.pem',
-                     'admin-{{ inventory_hostname }}.pem',
+                      'admin-{{ inventory_hostname }}.pem',
-                     'admin-{{ inventory_hostname }}-key.pem',
+                      'admin-{{ inventory_hostname }}-key.pem',
-                     'member-{{ inventory_hostname }}.pem',
+                      'member-{{ inventory_hostname }}.pem',
-                     'member-{{ inventory_hostname }}-key.pem'
+                      'member-{{ inventory_hostname }}-key.pem']
                     ]
    all_node_certs: "['ca.pem',
                    {% for node in (groups['k8s-cluster'] + groups['calico-rr']|default([]))|unique %}
                    'node-{{ node }}.pem',
@ -111,22 +110,22 @@
        sync_certs|default(false) and inventory_hostname not in groups['etcd']
  notify: set etcd_secret_changed
-#NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k 
+# NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
-#char limit when using shell command                                            
+# char limit when using shell command
 #FIXME(mattymo): Use tempfile module in ansible 2.3                             
 - name: Gen_certs | Prepare tempfile for unpacking certs                        
  shell: mktemp /tmp/certsXXXXX.tar.gz                                          
  register: cert_tempfile                                                       
  when: inventory_hostname in groups['etcd'] and sync_certs|default(false) and
        inventory_hostname != groups['etcd'][0]                          
- name: Gen_certs | Write master certs to tempfile                              
+# FIXME(mattymo): Use tempfile module in ansible 2.3
-  copy:                                                                         
+- name: Gen_certs | Prepare tempfile for unpacking certs
-    content: "{{etcd_master_cert_data.stdout}}"                                      
+  shell: mktemp /tmp/certsXXXXX.tar.gz
-    dest: "{{cert_tempfile.stdout}}"                                            
+  register: cert_tempfile
-    owner: root                                                                 
+  when: inventory_hostname in groups['etcd'] and sync_certs|default(false) and
-    mode: "0600"                                                                
+        inventory_hostname != groups['etcd'][0]
 - name: Gen_certs | Write master certs to tempfile
  copy:
    content: "{{etcd_master_cert_data.stdout}}"
    dest: "{{cert_tempfile.stdout}}"
    owner: root
    mode: "0600"
  when: inventory_hostname in groups['etcd'] and sync_certs|default(false) and
        inventory_hostname != groups['etcd'][0]
--- a/roles/etcd/tasks/gen_certs_vault.yml
+++ b/roles/etcd/tasks/gen_certs_vault.yml
@ -7,7 +7,6 @@
  when: inventory_hostname in etcd_node_cert_hosts
  tags: etcd-secrets
 - name: gen_certs_vault | Read in the local credentials
  command: cat /etc/vault/roles/etcd/userpass
  register: etcd_vault_creds_cat
@ -33,15 +32,15 @@
 - name: gen_certs_vault | Set fact for vault_client_token
  set_fact:
-    vault_client_token:  "{{ etcd_vault_login_result.get('json', {}).get('auth', {}).get('client_token') }}"
+    vault_client_token: "{{ etcd_vault_login_result.get('json', {}).get('auth', {}).get('client_token') }}"
  run_once: true
 - name: gen_certs_vault | Set fact for Vault API token
  set_fact:
    etcd_vault_headers:
-        Accept: application/json
+      Accept: application/json
-        Content-Type: application/json
+      Content-Type: application/json
-        X-Vault-Token: "{{ vault_client_token }}"
+      X-Vault-Token: "{{ vault_client_token }}"
  run_once: true
  when: vault_client_token != ""
@ -96,5 +95,3 @@
  with_items: "{{ etcd_node_certs_needed|d([]) }}"
  when: inventory_hostname in etcd_node_cert_hosts
  notify: set etcd_secret_changed
--- a/roles/etcd/tasks/install_docker.yml
+++ b/roles/etcd/tasks/install_docker.yml
@ -1,5 +1,5 @@
 ---
-#Plan A: no docker-py deps
+# Plan A: no docker-py deps
 - name: Install | Copy etcdctl binary from docker container
  command: sh -c "{{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy;
           {{ docker_bin_dir }}/docker create --name etcdctl-binarycopy {{ etcd_image_repo }}:{{ etcd_image_tag }} &&
@ -12,21 +12,21 @@
  delay: "{{ retry_stagger | random + 3 }}"
  changed_when: false
-#Plan B: looks nicer, but requires docker-py on all hosts:
+# Plan B: looks nicer, but requires docker-py on all hosts:
-#- name: Install | Set up etcd-binarycopy container
+# - name: Install | Set up etcd-binarycopy container
-#  docker:
+#   docker:
-#    name: etcd-binarycopy
+#     name: etcd-binarycopy
-#    state: present
+#     state: present
-#    image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
+#     image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
-#  when: etcd_deployment_type == "docker"
+#   when: etcd_deployment_type == "docker"
 #
-#- name: Install | Copy etcdctl from etcd-binarycopy container
+# - name: Install | Copy etcdctl from etcd-binarycopy container
-#  command: /usr/bin/docker cp "etcd-binarycopy:{{ etcd_container_bin_dir }}etcdctl" "{{ bin_dir }}/etcdctl"
+#   command: /usr/bin/docker cp "etcd-binarycopy:{{ etcd_container_bin_dir }}etcdctl" "{{ bin_dir }}/etcdctl"
-#  when: etcd_deployment_type == "docker"
+#   when: etcd_deployment_type == "docker"
 #
-#- name: Install | Clean up etcd-binarycopy container
+# - name: Install | Clean up etcd-binarycopy container
-#  docker:
+#   docker:
-#    name: etcd-binarycopy
+#     name: etcd-binarycopy
-#    state: absent
+#     state: absent
-#    image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
+#     image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
-#  when: etcd_deployment_type == "docker"
+#   when: etcd_deployment_type == "docker"
--- a/roles/etcd/tasks/pre_upgrade.yml
+++ b/roles/etcd/tasks/pre_upgrade.yml
@ -1,3 +1,4 @@
 ---
 - name: "Pre-upgrade | check for etcd-proxy unit file"
  stat:
    path: /etc/systemd/system/etcd-proxy.service
--- a/roles/etcd/tasks/refresh_config.yml
+++ b/roles/etcd/tasks/refresh_config.yml
@ -1,7 +1,7 @@
 ---
 - name: Refresh config | Create etcd config file
  template:
-    src: etcd.env.yml
+    src: etcd.env.j2
    dest: /etc/etcd.env
  notify: restart etcd
  when: is_etcd_master
--- a/roles/etcd/tasks/sync_etcd_master_certs.yml
+++ b/roles/etcd/tasks/sync_etcd_master_certs.yml
@ -1,7 +1,7 @@
 ---
 - name: sync_etcd_master_certs | Create list of master certs needing creation
-  set_fact: 
+  set_fact:
    etcd_master_cert_list: >-
        {{ etcd_master_cert_list|default([]) +  [
        "admin-" + item + ".pem",
@ -11,7 +11,7 @@
  run_once: true
 - include: ../../vault/tasks/shared/sync_file.yml
-  vars: 
+  vars:
    sync_file: "{{ item }}"
    sync_file_dir: "{{ etcd_cert_dir }}"
    sync_file_hosts: "{{ groups.etcd }}"
--- a/roles/etcd/tasks/sync_etcd_node_certs.yml
+++ b/roles/etcd/tasks/sync_etcd_node_certs.yml
@ -1,12 +1,12 @@
 ---
 - name: sync_etcd_node_certs | Create list of node certs needing creation
-  set_fact: 
+  set_fact:
    etcd_node_cert_list: "{{ etcd_node_cert_list|default([]) +  ['node-' + item + '.pem'] }}"
  with_items: "{{ etcd_node_cert_hosts }}"
 - include: ../../vault/tasks/shared/sync_file.yml
-  vars: 
+  vars:
    sync_file: "{{ item }}"
    sync_file_dir: "{{ etcd_cert_dir }}"
    sync_file_hosts: "{{ etcd_node_cert_hosts }}"
@ -24,7 +24,7 @@
    sync_file_results: []
 - include: ../../vault/tasks/shared/sync_file.yml
-  vars: 
+  vars:
    sync_file: ca.pem
    sync_file_dir: "{{ etcd_cert_dir }}"
    sync_file_hosts: "{{ etcd_node_cert_hosts }}"
--- a/roles/etcd/templates/etcd.env.yml
+++ b/roles/etcd/templates/etcd.env.yml
--- a/roles/kernel-upgrade/defaults/main.yml
+++ b/roles/kernel-upgrade/defaults/main.yml
@ -1,9 +1,8 @@
 ---
 elrepo_key_url: 'https://www.elrepo.org/RPM-GPG-KEY-elrepo.org'
-elrepo_rpm : elrepo-release-7.0-3.el7.elrepo.noarch.rpm
+elrepo_rpm: elrepo-release-7.0-3.el7.elrepo.noarch.rpm
-elrepo_mirror : http://www.elrepo.org
+elrepo_mirror: http://www.elrepo.org
-elrepo_url : '{{elrepo_mirror}}/{{elrepo_rpm}}'
+elrepo_url: '{{elrepo_mirror}}/{{elrepo_rpm}}'
 elrepo_kernel_package: "kernel-lt"
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@ -1,5 +1,6 @@
 ---
 # Versions
-kubedns_version : 1.14.2
+kubedns_version: 1.14.2
 kubednsautoscaler_version: 1.1.1
 # Limits for dnsmasq/kubedns apps
--- a/roles/kubernetes-apps/ansible/tasks/main.yml
+++ b/roles/kubernetes-apps/ansible/tasks/main.yml
@ -14,12 +14,12 @@
    dest: "{{kube_config_dir}}/{{item.file}}"
  with_items:
    - {name: kubedns, file: kubedns-sa.yml, type: sa}
-    - {name: kubedns, file: kubedns-deploy.yml, type: deployment}
+    - {name: kubedns, file: kubedns-deploy.yml.j2, type: deployment}
    - {name: kubedns, file: kubedns-svc.yml, type: svc}
    - {name: kubedns-autoscaler, file: kubedns-autoscaler-sa.yml, type: sa}
    - {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrole.yml, type: clusterrole}
    - {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding}
-    - {name: kubedns-autoscaler, file: kubedns-autoscaler.yml, type: deployment}
+    - {name: kubedns-autoscaler, file: kubedns-autoscaler.yml.j2, type: deployment}
  register: manifests
  when:
    - dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
--- a/roles/kubernetes-apps/ansible/tasks/netchecker.yml
+++ b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
@ -1,3 +1,4 @@
 ---
 - name: Kubernetes Apps | Lay Down Netchecker Template
  template:
    src: "{{item.file}}"
@ -24,7 +25,7 @@
    state: absent
  when: inventory_hostname == groups['kube-master'][0]
-#FIXME: remove if kubernetes/features#124 is implemented
+# FIXME: remove if kubernetes/features#124 is implemented
 - name: Kubernetes Apps | Purge old Netchecker daemonsets
  kube:
    name: "{{item.item.name}}"
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml
@ -1,3 +1,4 @@
 ---
 # Copyright 2016 The Kubernetes Authors. All rights reserved
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml
@ -1,3 +1,4 @@
 ---
 # Copyright 2016 The Kubernetes Authors. All rights reserved
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml
@ -1,3 +1,4 @@
 ---
 # Copyright 2016 The Kubernetes Authors. All rights reserved
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
@ -1,3 +1,4 @@
 ---
 # Copyright 2016 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@ -34,18 +35,18 @@ spec:
      - name: autoscaler
        image: "{{ kubednsautoscaler_image_repo }}:{{ kubednsautoscaler_image_tag }}"
        resources:
-            requests:
+          requests:
-                cpu: "20m"
+            cpu: "20m"
-                memory: "10Mi"
+            memory: "10Mi"
        command:
-          - /cluster-proportional-autoscaler
+        - /cluster-proportional-autoscaler
-          - --namespace={{ system_namespace }}
+        - --namespace={{ system_namespace }}
-          - --configmap=kubedns-autoscaler
+        - --configmap=kubedns-autoscaler
-          # Should keep target in sync with cluster/addons/dns/kubedns-controller.yaml.base
+        # Should keep target in sync with cluster/addons/dns/kubedns-controller.yaml.base
-          - --target=Deployment/kube-dns
+        - --target=Deployment/kube-dns
-          - --default-params={"linear":{"nodesPerReplica":{{ kubedns_nodes_per_replica }},"min":{{ kubedns_min_replicas }}}}
+        - --default-params={"linear":{"nodesPerReplica":{{ kubedns_nodes_per_replica }},"min":{{ kubedns_min_replicas }}}}
-          - --logtostderr=true
+        - --logtostderr=true
-          - --v=2
+        - --v=2
 {% if rbac_enabled %}
      serviceAccountName: cluster-proportional-autoscaler
 {% endif %}
--- a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
@ -1,3 +1,4 @@
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
--- a/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
--- a/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Service
 metadata:
@ -19,4 +20,3 @@ spec:
  - name: dns-tcp
    port: 53
    protocol: TCP
--- a/roles/kubernetes-apps/efk/elasticsearch/defaults/main.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-elasticsearch_cpu_limit: 1000m 
+elasticsearch_cpu_limit: 1000m
 elasticsearch_mem_limit: 0M
 elasticsearch_cpu_requests: 100m
 elasticsearch_mem_requests: 0M
--- a/roles/kubernetes-apps/efk/elasticsearch/meta/main.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/meta/main.yml
@ -1,3 +1,4 @@
 ---
 dependencies:
  - role: download
    file: "{{ downloads.elasticsearch }}"
--- a/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml
@ -38,4 +38,3 @@
  command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/elasticsearch-service.yaml -n {{ system_namespace }}"
  run_once: true
  when: es_service_manifest.changed
--- a/roles/kubernetes-apps/efk/elasticsearch/templates/efk-clusterrolebinding.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/templates/efk-clusterrolebinding.yml
@ -1,3 +1,4 @@
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
--- a/roles/kubernetes-apps/efk/elasticsearch/templates/efk-sa.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/templates/efk-sa.yml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
--- a/roles/kubernetes-apps/efk/fluentd/defaults/main.yml
+++ b/roles/kubernetes-apps/efk/fluentd/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-fluentd_cpu_limit: 0m 
+fluentd_cpu_limit: 0m
 fluentd_mem_limit: 200Mi
 fluentd_cpu_requests: 100m
 fluentd_mem_requests: 200Mi
--- a/roles/kubernetes-apps/efk/fluentd/meta/main.yml
+++ b/roles/kubernetes-apps/efk/fluentd/meta/main.yml
@ -1,3 +1,4 @@
 ---
 dependencies:
  - role: download
    file: "{{ downloads.fluentd }}"
--- a/roles/kubernetes-apps/efk/fluentd/tasks/main.yml
+++ b/roles/kubernetes-apps/efk/fluentd/tasks/main.yml
@ -20,4 +20,3 @@
  command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/fluentd-ds.yaml -n {{ system_namespace }}"
  run_once: true
  when: fluentd_ds_manifest.changed
--- a/roles/kubernetes-apps/efk/kibana/defaults/main.yml
+++ b/roles/kubernetes-apps/efk/kibana/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-kibana_cpu_limit: 100m 
+kibana_cpu_limit: 100m
 kibana_mem_limit: 0M
 kibana_cpu_requests: 100m
 kibana_mem_requests: 0M
--- a/roles/kubernetes-apps/efk/kibana/meta/main.yml
+++ b/roles/kubernetes-apps/efk/kibana/meta/main.yml
@ -1,3 +1,4 @@
 ---
 dependencies:
  - role: download
    file: "{{ downloads.kibana }}"
--- a/roles/kubernetes-apps/efk/kibana/tasks/main.yml
+++ b/roles/kubernetes-apps/efk/kibana/tasks/main.yml
@ -1,6 +1,6 @@
 ---
 - name: "Kibana | Write Kibana deployment"
-  template: 
+  template:
    src: kibana-deployment.yml.j2
    dest: "{{ kube_config_dir }}/kibana-deployment.yaml"
  register: kibana_deployment_manifest
@ -17,7 +17,7 @@
  run_once: true
 - name: "Kibana | Write Kibana service "
-  template: 
+  template:
    src: kibana-service.yml.j2
    dest: "{{ kube_config_dir }}/kibana-service.yaml"
  register: kibana_service_manifest
--- a/roles/kubernetes-apps/efk/meta/main.yml
+++ b/roles/kubernetes-apps/efk/meta/main.yml
@ -1,3 +1,4 @@
 ---
 dependencies:
  - role: kubernetes-apps/efk/elasticsearch
  - role: kubernetes-apps/efk/fluentd
--- a/roles/kubernetes-apps/helm/defaults/main.yml
+++ b/roles/kubernetes-apps/helm/defaults/main.yml
@ -1,3 +1,4 @@
 ---
 helm_enabled: false
 # specify a dir and attach it to helm for HELM_HOME.
--- a/roles/kubernetes-apps/helm/meta/main.yml
+++ b/roles/kubernetes-apps/helm/meta/main.yml
@ -1,3 +1,4 @@
 ---
 dependencies:
  - role: download
    file: "{{ downloads.helm }}"
--- a/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml
+++ b/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml
@ -1,3 +1,4 @@
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
--- a/roles/kubernetes-apps/helm/templates/tiller-sa.yml
+++ b/roles/kubernetes-apps/helm/templates/tiller-sa.yml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
--- a/roles/kubernetes-apps/meta/main.yml
+++ b/roles/kubernetes-apps/meta/main.yml
@ -1,3 +1,4 @@
 ---
 dependencies:
  - role: download
    file: "{{ downloads.netcheck_server }}"
--- a/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
@ -1,3 +1,4 @@
 ---
 - name: Create canal ConfigMap
  run_once: true
  kube:
@ -7,7 +8,7 @@
    resource: "configmap"
    namespace: "{{system_namespace}}"
-#FIXME: remove if kubernetes/features#124 is implemented
+# FIXME: remove if kubernetes/features#124 is implemented
 - name: Purge old flannel and canal-node
  run_once: true
  kube:
@ -29,4 +30,3 @@
    namespace: "{{system_namespace}}"
    state: "{{ item | ternary('latest','present') }}"
  with_items: "{{ canal_node_manifest.changed }}"
--- a/roles/kubernetes-apps/network_plugin/meta/main.yml
+++ b/roles/kubernetes-apps/network_plugin/meta/main.yml
@ -1,8 +1,8 @@
 ---
 dependencies:
- - role: kubernetes-apps/network_plugin/canal
+  - role: kubernetes-apps/network_plugin/canal
-   when: kube_network_plugin == 'canal'
+    when: kube_network_plugin == 'canal'
-   tags: canal
+    tags: canal
- - role: kubernetes-apps/network_plugin/weave
+  - role: kubernetes-apps/network_plugin/weave
-   when: kube_network_plugin == 'weave'
+    when: kube_network_plugin == 'weave'
-   tags: weave
+    tags: weave
--- a/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
@ -1,4 +1,5 @@
-#FIXME: remove if kubernetes/features#124 is implemented
+---
 # FIXME: remove if kubernetes/features#124 is implemented
 - name: Weave | Purge old weave daemonset
  kube:
    name: "weave-net"
@ -9,7 +10,6 @@
    state: absent
  when: inventory_hostname == groups['kube-master'][0] and weave_manifest.changed
 - name: Weave | Start Resources
  kube:
    name: "weave-net"
@ -21,7 +21,6 @@
  with_items: "{{ weave_manifest.changed }}"
  when: inventory_hostname == groups['kube-master'][0]
 - name: "Weave | wait for weave to become available"
  uri:
    url: http://127.0.0.1:6784/status
--- a/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml
+++ b/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml
@ -1,3 +1,4 @@
 ---
 # Limits for calico apps
 calico_policy_controller_cpu_limit: 100m
 calico_policy_controller_memory_limit: 256M
--- a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
+++ b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
@ -1,3 +1,4 @@
 ---
 - set_fact:
    calico_cert_dir: "{{ canal_cert_dir }}"
  when: kube_network_plugin == 'canal'
--- a/roles/kubernetes/master/defaults/main.yml
+++ b/roles/kubernetes/master/defaults/main.yml
@ -1,3 +1,4 @@
 ---
 # An experimental dev/test only dynamic volumes provisioner,
 # for PetSets. Works for kube>=v1.3 only.
 kube_hostpath_dynamic_provisioner: "false"
@ -52,14 +53,14 @@ kube_oidc_auth: false
 ## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/
 ## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...)
-#kube_oidc_url: https:// ...
+# kube_oidc_url: https:// ...
 # kube_oidc_client_id: kubernetes
 ## Optional settings for OIDC
 # kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem
 # kube_oidc_username_claim: sub
 # kube_oidc_groups_claim: groups
-##Variables for custom flags
+## Variables for custom flags
 apiserver_custom_flags: []
 controller_mgr_custom_flags: []
--- a/roles/kubernetes/master/tasks/main.yml
+++ b/roles/kubernetes/master/tasks/main.yml
@ -88,4 +88,3 @@
 - include: post-upgrade.yml
  tags: k8s-post-upgrade
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@ -1,3 +1,4 @@
 ---
 # Valid options: docker (default), rkt, or host
 kubelet_deployment_type: host
@ -49,7 +50,7 @@ kube_apiserver_node_port_range: "30000-32767"
 kubelet_load_modules: false
-##Support custom flags to be passed to kubelet
+## Support custom flags to be passed to kubelet
 kubelet_custom_flags: []
 # This setting is used for rkt based kubelet for deploying hyperkube
--- a/roles/kubernetes/node/tasks/install.yml
+++ b/roles/kubernetes/node/tasks/install.yml
@ -21,4 +21,3 @@
    dest: "/etc/systemd/system/kubelet.service"
    backup: "yes"
  notify: restart kubelet
--- a/roles/kubernetes/node/tasks/install_rkt.yml
+++ b/roles/kubernetes/node/tasks/install_rkt.yml
@ -20,8 +20,8 @@
    path: /var/lib/kubelet
 - name: Create kubelet service systemd directory
-  file: 
+  file:
-    path: /etc/systemd/system/kubelet.service.d 
+    path: /etc/systemd/system/kubelet.service.d
    state: directory
 - name: Write kubelet proxy drop-in
@ -30,4 +30,3 @@
    dest: /etc/systemd/system/kubelet.service.d/http-proxy.conf
  when: http_proxy is defined or https_proxy is defined or no_proxy is defined
  notify: restart kubelet
--- a/roles/kubernetes/preinstall/handlers/main.yml
+++ b/roles/kubernetes/preinstall/handlers/main.yml
@ -1,3 +1,4 @@
 ---
 - name: Preinstall | restart network
  command: /bin/true
  notify:
--- a/roles/kubernetes/preinstall/tasks/azure-credential-check.yml
+++ b/roles/kubernetes/preinstall/tasks/azure-credential-check.yml
@ -48,5 +48,3 @@
  fail:
    msg: "azure_route_table_name is missing"
  when: azure_route_table_name is not defined or azure_route_table_name == ""
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@ -1,6 +1,6 @@
 ---
 - include: pre-upgrade.yml
-  tags: [upgrade,  bootstrap-os]
+  tags: [upgrade, bootstrap-os]
 - name: Force binaries directory for Container Linux by CoreOS
  set_fact:
@ -27,14 +27,14 @@
  include_vars: "{{ item }}"
  with_first_found:
    - files:
-      - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
-      - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
-      - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
-      - "{{ ansible_distribution|lower }}.yml"
+        - "{{ ansible_distribution|lower }}.yml"
-      - "{{ ansible_os_family|lower }}.yml"
+        - "{{ ansible_os_family|lower }}.yml"
-      - defaults.yml
+        - defaults.yml
      paths:
-      - ../vars
+        - ../vars
      skip: true
  tags: facts
--- a/roles/kubernetes/preinstall/tasks/vsphere-credential-check.yml
+++ b/roles/kubernetes/preinstall/tasks/vsphere-credential-check.yml
@ -1,3 +1,4 @@
 ---
 - name: check vsphere environment variables
  fail:
    msg: "{{ item.name }} is missing"
--- a/roles/kubernetes/preinstall/vars/centos.yml
+++ b/roles/kubernetes/preinstall/vars/centos.yml
@ -1,3 +1,4 @@
 ---
 required_pkgs:
  - libselinux-python
  - device-mapper-libs
--- a/roles/kubernetes/preinstall/vars/debian.yml
+++ b/roles/kubernetes/preinstall/vars/debian.yml
@ -1,3 +1,4 @@
 ---
 required_pkgs:
  - python-apt
  - aufs-tools
--- a/roles/kubernetes/preinstall/vars/fedora.yml
+++ b/roles/kubernetes/preinstall/vars/fedora.yml
@ -1,3 +1,4 @@
 ---
 required_pkgs:
  - libselinux-python
  - device-mapper-libs
--- a/roles/kubernetes/preinstall/vars/redhat.yml
+++ b/roles/kubernetes/preinstall/vars/redhat.yml
@ -1,3 +1,4 @@
 ---
 required_pkgs:
  - libselinux-python
  - device-mapper-libs
--- a/roles/kubernetes/secrets/tasks/check-certs.yml
+++ b/roles/kubernetes/secrets/tasks/check-certs.yml
@ -105,4 +105,3 @@
              {%- set _ = certs.update({'sync': True}) -%}
      {% endif %}
      {{ certs.sync }}
--- a/roles/kubernetes/secrets/tasks/gen_certs_script.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs_script.yml
@ -56,26 +56,25 @@
 - set_fact:
    all_master_certs: "['ca-key.pem',
                       'apiserver.pem',
                       'apiserver-key.pem',
                       'kube-scheduler.pem',
                       'kube-scheduler-key.pem',
                       'kube-controller-manager.pem',
                       'kube-controller-manager-key.pem',
                       {% for node in groups['kube-master'] %}
                       'admin-{{ node }}.pem',
                       'admin-{{ node }}-key.pem',
                      {% endfor %}]"
    my_master_certs: ['ca-key.pem',
                      'admin-{{ inventory_hostname }}.pem',
                      'admin-{{ inventory_hostname }}-key.pem',
                      'apiserver.pem',
                      'apiserver-key.pem',
                      'kube-scheduler.pem',
                      'kube-scheduler-key.pem',
                      'kube-controller-manager.pem',
-                      'kube-controller-manager-key.pem',
+                      'kube-controller-manager-key.pem']
                      {% for node in groups['kube-master'] %}
                      'admin-{{ node }}.pem',
                      'admin-{{ node }}-key.pem',
                      {% endfor %}]"
    my_master_certs: ['ca-key.pem',
                     'admin-{{ inventory_hostname }}.pem',
                     'admin-{{ inventory_hostname }}-key.pem',
                     'apiserver.pem',
                     'apiserver-key.pem',
                     'kube-scheduler.pem',
                     'kube-scheduler-key.pem',
                     'kube-controller-manager.pem',
                     'kube-controller-manager-key.pem',
                     ]
    all_node_certs: "['ca.pem',
                    {% for node in groups['k8s-cluster'] %}
                    'node-{{ node }}.pem',
@ -84,11 +83,10 @@
                    'kube-proxy-{{ node }}-key.pem',
                    {% endfor %}]"
    my_node_certs: ['ca.pem',
-                   'node-{{ inventory_hostname }}.pem',
+                    'node-{{ inventory_hostname }}.pem',
-                   'node-{{ inventory_hostname }}-key.pem',
+                    'node-{{ inventory_hostname }}-key.pem',
-                   'kube-proxy-{{ inventory_hostname }}.pem',
+                    'kube-proxy-{{ inventory_hostname }}.pem',
-                   'kube-proxy-{{ inventory_hostname }}-key.pem',
+                    'kube-proxy-{{ inventory_hostname }}-key.pem']
                   ]
  tags: facts
 - name: Gen_certs | Gather master certs
@ -114,10 +112,10 @@
        sync_certs|default(false) and
        inventory_hostname != groups['kube-master'][0]
-#NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
+# NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
-#char limit when using shell command
+# char limit when using shell command
-#FIXME(mattymo): Use tempfile module in ansible 2.3
+# FIXME(mattymo): Use tempfile module in ansible 2.3
 - name: Gen_certs | Prepare tempfile for unpacking certs
  shell: mktemp /tmp/certsXXXXX.tar.gz
  register: cert_tempfile
@ -195,4 +193,3 @@
 - name: Gen_certs | update ca-certificates (RedHat)
  command: update-ca-trust extract
  when: kube_ca_cert.changed and ansible_os_family == "RedHat"
--- a/roles/kubernetes/secrets/tasks/gen_certs_vault.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs_vault.yml
@ -33,9 +33,9 @@
 - name: gen_certs_vault | Set fact for Vault API token
  set_fact:
    kube_vault_headers:
-        Accept: application/json
+      Accept: application/json
-        Content-Type: application/json
+      Content-Type: application/json
-        X-Vault-Token: "{{ kube_vault_login_result.get('json',{}).get('auth', {}).get('client_token') }}"
+      X-Vault-Token: "{{ kube_vault_login_result.get('json',{}).get('auth', {}).get('client_token') }}"
  run_once: true
 # Issue certs to kube-master nodes
--- a/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml
+++ b/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml
@ -6,7 +6,7 @@
  with_items: "{{ groups['k8s-cluster'] }}"
 - include: ../../../vault/tasks/shared/sync_file.yml
-  vars: 
+  vars:
    sync_file: "{{ item }}"
    sync_file_dir: "{{ kube_cert_dir }}"
    sync_file_group: "{{ kube_cert_group }}"
@ -26,7 +26,7 @@
    sync_file_results: []
 - include: ../../../vault/tasks/shared/sync_file.yml
-  vars: 
+  vars:
    sync_file: ca.pem
    sync_file_dir: "{{ kube_cert_dir }}"
    sync_file_group: "{{ kube_cert_group }}"
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@ -1,3 +1,4 @@
 ---
 ## Required for bootstrap-os/preinstall/download roles and setting facts
 # Valid bootstrap options (required): ubuntu, coreos, centos, none
 bootstrap_os: none
@ -88,8 +89,10 @@ kube_network_node_prefix: 24
 # The port the API Server will be listening on.
 kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
-kube_apiserver_port: 6443 # (https)
+# https
-kube_apiserver_insecure_port: 8080 # (http)
+kube_apiserver_port: 6443
 # http
 kube_apiserver_insecure_port: 8080
 # Path used to store Docker data
 docker_daemon_graph: "/var/lib/docker"
--- a/roles/kubespray-defaults/tasks/main.yaml
+++ b/roles/kubespray-defaults/tasks/main.yaml
@ -1,3 +1,4 @@
 ---
 - name: Configure defaults
  debug:
    msg: "Check roles/kubespray-defaults/defaults/main.yml"
--- a/roles/network_plugin/calico/handlers/main.yml
+++ b/roles/network_plugin/calico/handlers/main.yml
@ -5,7 +5,7 @@
    - Calico | reload systemd
    - Calico | reload calico-node
- name : Calico | reload systemd
+- name: Calico | reload systemd
  shell: systemctl daemon-reload
 - name: Calico | reload calico-node
--- a/roles/network_plugin/calico/rr/handlers/main.yml
+++ b/roles/network_plugin/calico/rr/handlers/main.yml
@ -5,7 +5,7 @@
    - Calico-rr | reload systemd
    - Calico-rr | reload calico-rr
- name : Calico-rr | reload systemd
+- name: Calico-rr | reload systemd
  shell: systemctl daemon-reload
 - name: Calico-rr | reload calico-rr
--- a/roles/network_plugin/calico/rr/meta/main.yml
+++ b/roles/network_plugin/calico/rr/meta/main.yml
@ -1,3 +1,4 @@
 ---
 dependencies:
  - role: etcd
  - role: docker
--- a/roles/network_plugin/canal/defaults/main.yml
+++ b/roles/network_plugin/canal/defaults/main.yml
@ -1,3 +1,4 @@
 ---
 # The interface used by canal for host <-> host communication.
 # If left blank, then the interface is chosing using the node's
 # default route.
@ -30,4 +31,3 @@ calicoctl_memory_limit: 170M
 calicoctl_cpu_limit: 100m
 calicoctl_memory_requests: 32M
 calicoctl_cpu_requests: 25m
--- a/roles/network_plugin/cloud/tasks/main.yml
+++ b/roles/network_plugin/cloud/tasks/main.yml
@ -14,4 +14,3 @@
    owner: kube
    recurse: true
    mode: "u=rwX,g-rwx,o-rwx"
--- a/roles/network_plugin/flannel/handlers/main.yml
+++ b/roles/network_plugin/flannel/handlers/main.yml
@ -18,7 +18,7 @@
    - Flannel | pause while Docker restarts
    - Flannel | wait for docker
- name : Flannel | reload systemd
+- name: Flannel | reload systemd
  shell: systemctl daemon-reload
 - name: Flannel | reload docker.socket
--- a/roles/network_plugin/flannel/templates/flannel-pod.yml
+++ b/roles/network_plugin/flannel/templates/flannel-pod.yml
@ -1,44 +1,44 @@
 ---
-  kind: "Pod"
+kind: "Pod"
-  apiVersion: "v1"
+apiVersion: "v1"
-  metadata:
+metadata:
-    name: "flannel"
+  name: "flannel"
-    namespace: "{{system_namespace}}"
+  namespace: "{{system_namespace}}"
-    labels:
+  labels:
-      app: "flannel"
+    app: "flannel"
-      version: "v0.1"
+    version: "v0.1"
-  spec:
+spec:
-    volumes:
+  volumes:
-      - name: "subnetenv"
+    - name: "subnetenv"
-        hostPath:
+      hostPath:
-          path: "/run/flannel"
+        path: "/run/flannel"
-      - name: "etcd-certs"
+    - name: "etcd-certs"
-        hostPath:
+      hostPath:
-          path: "{{ flannel_cert_dir }}"
+        path: "{{ flannel_cert_dir }}"
-    containers:
+  containers:
-      - name: "flannel-container"
+    - name: "flannel-container"
-        image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
+      image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
-        imagePullPolicy: {{ k8s_image_pull_policy }}
+      imagePullPolicy: {{ k8s_image_pull_policy }}
-        resources:
+      resources:
-          limits:
+        limits:
-            cpu: {{ flannel_cpu_limit }}
+          cpu: {{ flannel_cpu_limit }}
-            memory: {{ flannel_memory_limit }}
+          memory: {{ flannel_memory_limit }}
-          requests:
+        requests:
-            cpu: {{ flannel_cpu_requests }}
+          cpu: {{ flannel_cpu_requests }}
-            memory: {{ flannel_memory_requests }}
+          memory: {{ flannel_memory_requests }}
-        command:
+      command:
-          - "/bin/sh"
+        - "/bin/sh"
-          - "-c"
+        - "-c"
-          - "/opt/bin/flanneld -etcd-endpoints {{ etcd_access_endpoint }} -etcd-prefix /{{ cluster_name }}/network -etcd-cafile {{ flannel_cert_dir }}/ca_cert.crt -etcd-certfile {{ flannel_cert_dir }}/cert.crt -etcd-keyfile {{ flannel_cert_dir }}/key.pem {% if flannel_interface is defined %}-iface {{ flannel_interface }}{% endif %} {% if flannel_public_ip is defined %}-public-ip {{ flannel_public_ip }}{% endif %}"
+        - "/opt/bin/flanneld -etcd-endpoints {{ etcd_access_endpoint }} -etcd-prefix /{{ cluster_name }}/network -etcd-cafile {{ flannel_cert_dir }}/ca_cert.crt -etcd-certfile {{ flannel_cert_dir }}/cert.crt -etcd-keyfile {{ flannel_cert_dir }}/key.pem {% if flannel_interface is defined %}-iface {{ flannel_interface }}{% endif %} {% if flannel_public_ip is defined %}-public-ip {{ flannel_public_ip }}{% endif %}"
-        ports:
+      ports:
-          - hostPort: 10253
+        - hostPort: 10253
-            containerPort: 10253
+          containerPort: 10253
-        volumeMounts:
+      volumeMounts:
-          - name: "subnetenv"
+        - name: "subnetenv"
-            mountPath: "/run/flannel"
+          mountPath: "/run/flannel"
-          - name: "etcd-certs"
+        - name: "etcd-certs"
-            mountPath: "{{ flannel_cert_dir }}"
+          mountPath: "{{ flannel_cert_dir }}"
-            readOnly: true
+          readOnly: true
-        securityContext:
+      securityContext:
-          privileged: true
+        privileged: true
-    hostNetwork: true
+  hostNetwork: true
--- a/roles/network_plugin/meta/main.yml
+++ b/roles/network_plugin/meta/main.yml
@ -1,16 +1,16 @@
 ---
 dependencies:
- - role: network_plugin/calico
+  - role: network_plugin/calico
-   when: kube_network_plugin == 'calico'
+    when: kube_network_plugin == 'calico'
-   tags: calico
+    tags: calico
- - role: network_plugin/flannel
+  - role: network_plugin/flannel
-   when: kube_network_plugin == 'flannel'
+    when: kube_network_plugin == 'flannel'
-   tags: flannel
+    tags: flannel
- - role: network_plugin/weave
+  - role: network_plugin/weave
-   when: kube_network_plugin == 'weave'
+    when: kube_network_plugin == 'weave'
-   tags: weave
+    tags: weave
- - role: network_plugin/canal
+  - role: network_plugin/canal
-   when: kube_network_plugin == 'canal'
+    when: kube_network_plugin == 'canal'
-   tags: canal
+    tags: canal
- - role: network_plugin/cloud
+  - role: network_plugin/cloud
-   when: kube_network_plugin == 'cloud'
+    when: kube_network_plugin == 'cloud'
--- a/roles/network_plugin/weave/tasks/pre-upgrade.yml
+++ b/roles/network_plugin/weave/tasks/pre-upgrade.yml
@ -1,3 +1,4 @@
 ---
 - name: Weave pre-upgrade | Stop legacy weave
  command: weave stop
  failed_when: false
--- a/roles/rkt/tasks/install.yml
+++ b/roles/rkt/tasks/install.yml
@ -3,14 +3,14 @@
  include_vars: "{{ item }}"
  with_first_found:
    - files:
-      - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
-      - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
-      - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
-      - "{{ ansible_distribution|lower }}.yml"
+        - "{{ ansible_distribution|lower }}.yml"
-      - "{{ ansible_os_family|lower }}.yml"
+        - "{{ ansible_os_family|lower }}.yml"
-      - defaults.yml
+        - defaults.yml
      paths:
-      - ../vars
+        - ../vars
      skip: true
  tags: facts
--- a/roles/upgrade/post-upgrade/tasks/main.yml
+++ b/roles/upgrade/post-upgrade/tasks/main.yml
@ -1,7 +1,5 @@
 ---
 - name: Uncordon node
  command: "{{ bin_dir }}/kubectl uncordon {{ inventory_hostname }}"
  delegate_to: "{{ groups['kube-master'][0] }}"
  when: (needs_cordoning|default(false)) and ( {%- if inventory_hostname in groups['kube-node'] -%} true {%- else -%} false {%- endif -%} )
--- a/roles/upgrade/pre-upgrade/defaults/main.yml
+++ b/roles/upgrade/pre-upgrade/defaults/main.yml
@ -1,3 +1,3 @@
 ---
 drain_grace_period: 90
 drain_timeout: 120s
--- a/roles/vault/defaults/main.yml
+++ b/roles/vault/defaults/main.yml
@ -63,7 +63,7 @@ vault_needs_gen: false
 vault_port: 8200
 # Although "cert" is an option, ansible has no way to auth via cert until
 # upstream merges: https://github.com/ansible/ansible/pull/18141
-vault_role_auth_method: userpass 
+vault_role_auth_method: userpass
 vault_roles:
  - name: etcd
    group: etcd
--- a/roles/vault/tasks/bootstrap/create_etcd_role.yml
+++ b/roles/vault/tasks/bootstrap/create_etcd_role.yml
@ -1,8 +1,7 @@
 ---
 - include: ../shared/create_role.yml
  vars:
-    create_role_name: "{{ item.name }}" 
+    create_role_name: "{{ item.name }}"
    create_role_group: "{{ item.group }}"
    create_role_policy_rules: "{{ item.policy_rules }}"
    create_role_options: "{{ item.role_options }}"
--- a/roles/vault/tasks/bootstrap/start_vault_temp.yml
+++ b/roles/vault/tasks/bootstrap/start_vault_temp.yml
@ -1,5 +1,4 @@
 ---
 - name: bootstrap/start_vault_temp | Ensure vault-temp isn't already running
  shell: if docker rm -f {{ vault_temp_container_name }} 2>&1 1>/dev/null;then echo true;else echo false;fi
  register: vault_temp_stop_check
@ -13,7 +12,7 @@
           -v /etc/vault:/etc/vault
           {{ vault_image_repo }}:{{ vault_version }} server
-#FIXME(mattymo): Crashes on first start with aufs docker storage. See hashicorp/docker-vault#19
+# FIXME(mattymo): Crashes on first start with aufs docker storage. See hashicorp/docker-vault#19
 - name: bootstrap/start_vault_temp | Start again single node Vault with file backend
  command: docker start {{ vault_temp_container_name }}
--- a/roles/vault/tasks/bootstrap/sync_vault_certs.yml
+++ b/roles/vault/tasks/bootstrap/sync_vault_certs.yml
@ -1,5 +1,4 @@
 ---
 - include: ../shared/sync_file.yml
  vars:
    sync_file: "ca.pem"
@ -29,4 +28,3 @@
 - name: bootstrap/sync_vault_certs | Unset sync_file_results after api.pem sync
  set_fact:
    sync_file_results: []
--- a/roles/vault/tasks/cluster/main.yml
+++ b/roles/vault/tasks/cluster/main.yml
@ -1,5 +1,4 @@
 ---
 - include: ../shared/check_vault.yml
  when: inventory_hostname in groups.vault
@ -26,7 +25,7 @@
 - include: ../shared/find_leader.yml
  when: inventory_hostname in groups.vault
- include: ../shared/pki_mount.yml 
+- include: ../shared/pki_mount.yml
  when: inventory_hostname == groups.vault|first
 - include: ../shared/config_ca.yml
--- a/Show more
+++ b/Show more
`@ -88,4 +88,3 @@`

	`- include: post-upgrade.yml`	`- include: post-upgrade.yml`
	`tags: k8s-post-upgrade`	`tags: k8s-post-upgrade`