mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2025-12-14 05:45:06 +03:00
project: fix var-spacing ansible rule (#10266)
* project: fix var-spacing ansible rule Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix spacing on the beginning/end of jinja template Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix spacing of default filter Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix spacing between filter arguments Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix double space at beginning/end of jinja Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix remaining jinja[spacing] ansible-lint warning Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
This commit is contained in:
Arthur Outhenin-Chalandre
committed by
GitHub
GitHub
parent
f8b93fa88a
commit
5d00b851ce
@@ -6,10 +6,10 @@
|
||||
dns_memory_limit: 300Mi
|
||||
dns_cpu_requests: 100m
|
||||
dns_memory_requests: 70Mi
|
||||
dns_min_replicas: "{{ [ 2, groups['k8s_cluster'] | length ] | min }}"
|
||||
dns_min_replicas: "{{ [2, groups['k8s_cluster'] | length] | min }}"
|
||||
dns_nodes_per_replica: 16
|
||||
dns_cores_per_replica: 256
|
||||
dns_prevent_single_point_failure: "{{ 'true' if dns_min_replicas|int > 1 else 'false' }}"
|
||||
dns_prevent_single_point_failure: "{{ 'true' if dns_min_replicas | int > 1 else 'false' }}"
|
||||
enable_coredns_reverse_dns_lookups: true
|
||||
coredns_ordinal_suffix: ""
|
||||
# dns_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}]
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
---
|
||||
- name: Kubernetes Apps | set up necessary nodelocaldns parameters
|
||||
set_fact:
|
||||
# noqa: jinja[spacing]
|
||||
primaryClusterIP: >-
|
||||
{%- if dns_mode in ['coredns', 'coredns_dual'] -%}
|
||||
{{ skydns_server }}
|
||||
@@ -26,6 +27,7 @@
|
||||
- { name: nodelocaldns, file: nodelocaldns-daemonset.yml, type: daemonset }
|
||||
register: nodelocaldns_manifests
|
||||
vars:
|
||||
# noqa: jinja[spacing]
|
||||
forwardTarget: >-
|
||||
{%- if secondaryclusterIP is defined and dns_mode == 'coredns_dual' -%}
|
||||
{{ primaryClusterIP }} {{ secondaryclusterIP }}
|
||||
@@ -33,8 +35,8 @@
|
||||
{{ primaryClusterIP }}
|
||||
{%- endif -%}
|
||||
upstreamForwardTarget: >-
|
||||
{%- if upstream_dns_servers is defined and upstream_dns_servers|length > 0 -%}
|
||||
{{ upstream_dns_servers|join(' ') }}
|
||||
{%- if upstream_dns_servers is defined and upstream_dns_servers | length > 0 -%}
|
||||
{{ upstream_dns_servers | join(' ') }}
|
||||
{%- else -%}
|
||||
/etc/resolv.conf
|
||||
{%- endif -%}
|
||||
@@ -54,15 +56,17 @@
|
||||
- { name: nodelocaldns, file: nodelocaldns-second-daemonset.yml, type: daemonset }
|
||||
register: nodelocaldns_second_manifests
|
||||
vars:
|
||||
# noqa: jinja[spacing]
|
||||
forwardTarget: >-
|
||||
{%- if secondaryclusterIP is defined and dns_mode == 'coredns_dual' -%}
|
||||
{{ primaryClusterIP }} {{ secondaryclusterIP }}
|
||||
{%- else -%}
|
||||
{{ primaryClusterIP }}
|
||||
{%- endif -%}
|
||||
# noqa: jinja[spacing]
|
||||
upstreamForwardTarget: >-
|
||||
{%- if upstream_dns_servers is defined and upstream_dns_servers|length > 0 -%}
|
||||
{{ upstream_dns_servers|join(' ') }}
|
||||
{%- if upstream_dns_servers is defined and upstream_dns_servers | length > 0 -%}
|
||||
{{ upstream_dns_servers | join(' ') }}
|
||||
{%- else -%}
|
||||
/etc/resolv.conf
|
||||
{%- endif -%}
|
||||
|
||||
@@ -8,12 +8,12 @@ metadata:
|
||||
addonmanager.kubernetes.io/mode: EnsureExists
|
||||
data:
|
||||
Corefile: |
|
||||
{% if coredns_external_zones is defined and coredns_external_zones|length > 0 %}
|
||||
{% if coredns_external_zones is defined and coredns_external_zones | length > 0 %}
|
||||
{% for block in coredns_external_zones %}
|
||||
{{ block['zones'] | join(' ') }} {
|
||||
log
|
||||
errors
|
||||
{% if block['rewrite'] is defined and block['rewrite']|length > 0 %}
|
||||
{% if block['rewrite'] is defined and block['rewrite'] | length > 0 %}
|
||||
{% for rewrite_match in block['rewrite'] %}
|
||||
rewrite {{ rewrite_match }}
|
||||
{% endfor %}
|
||||
@@ -57,7 +57,7 @@ data:
|
||||
{% endif %}
|
||||
}
|
||||
prometheus :9153
|
||||
forward . {{ upstream_dns_servers|join(' ') if upstream_dns_servers is defined and upstream_dns_servers|length > 0 else '/etc/resolv.conf' }} {
|
||||
forward . {{ upstream_dns_servers | join(' ') if upstream_dns_servers is defined and upstream_dns_servers | length > 0 else '/etc/resolv.conf' }} {
|
||||
prefer_udp
|
||||
max_concurrent 1000
|
||||
{% if dns_upstream_forward_extra_opts is defined %}
|
||||
|
||||
@@ -32,7 +32,7 @@ spec:
|
||||
annotations:
|
||||
spec:
|
||||
nodeSelector:
|
||||
{{ dns_autoscaler_deployment_nodeselector}}
|
||||
{{ dns_autoscaler_deployment_nodeselector }}
|
||||
priorityClassName: system-cluster-critical
|
||||
securityContext:
|
||||
seccompProfile:
|
||||
|
||||
@@ -15,7 +15,7 @@ spec:
|
||||
labels:
|
||||
app: netchecker-agent
|
||||
spec:
|
||||
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{ '' }}
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
operator: Exists
|
||||
|
||||
@@ -19,7 +19,7 @@ spec:
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{ '' }}
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
operator: Exists
|
||||
|
||||
@@ -16,7 +16,7 @@ spec:
|
||||
labels:
|
||||
app: netchecker-server
|
||||
spec:
|
||||
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{ '' }}
|
||||
volumes:
|
||||
- name: etcd-data
|
||||
emptyDir: {}
|
||||
|
||||
@@ -8,13 +8,13 @@ metadata:
|
||||
|
||||
data:
|
||||
Corefile: |
|
||||
{% if nodelocaldns_external_zones is defined and nodelocaldns_external_zones|length > 0 %}
|
||||
{% if nodelocaldns_external_zones is defined and nodelocaldns_external_zones | length > 0 %}
|
||||
{% for block in nodelocaldns_external_zones %}
|
||||
{{ block['zones'] | join(' ') }} {
|
||||
errors
|
||||
cache {{ block['cache'] | default(30) }}
|
||||
reload
|
||||
{% if block['rewrite'] is defined and block['rewrite']|length > 0 %}
|
||||
{% if block['rewrite'] is defined and block['rewrite'] | length > 0 %}
|
||||
{% for rewrite_match in block['rewrite'] %}
|
||||
rewrite {{ rewrite_match }}
|
||||
{% endfor %}
|
||||
@@ -95,7 +95,7 @@ data:
|
||||
}
|
||||
{% if enable_nodelocaldns_secondary %}
|
||||
Corefile-second: |
|
||||
{% if nodelocaldns_external_zones is defined and nodelocaldns_external_zones|length > 0 %}
|
||||
{% if nodelocaldns_external_zones is defined and nodelocaldns_external_zones | length > 0 %}
|
||||
{% for block in nodelocaldns_external_zones %}
|
||||
{{ block['zones'] | join(' ') }} {
|
||||
errors
|
||||
|
||||
@@ -63,7 +63,7 @@ loadBalancer:
|
||||
# inbound traffic to load balancers.
|
||||
securityListManagementMode: {{ oci_security_list_management }}
|
||||
|
||||
{% if oci_security_lists is defined and oci_security_lists|length > 0 %}
|
||||
{% if oci_security_lists is defined and oci_security_lists | length > 0 %}
|
||||
# Optional specification of which security lists to modify per subnet. This does not apply if security list management is off.
|
||||
securityLists:
|
||||
{% for subnet_ocid, list_ocid in oci_security_lists.items() %}
|
||||
@@ -71,7 +71,7 @@ loadBalancer:
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if oci_rate_limit is defined and oci_rate_limit|length > 0 %}
|
||||
{% if oci_rate_limit is defined and oci_rate_limit | length > 0 %}
|
||||
# Optional rate limit controls for accessing OCI API
|
||||
rateLimiter:
|
||||
{% if oci_rate_limit.rate_limit_qps_read %}
|
||||
|
||||
@@ -30,7 +30,7 @@ spec:
|
||||
spec:
|
||||
{% if oci_cloud_controller_pull_secret is defined %}
|
||||
imagePullSecrets:
|
||||
- name: {{oci_cloud_controller_pull_secret}}
|
||||
- name: {{ oci_cloud_controller_pull_secret }}
|
||||
{% endif %}
|
||||
serviceAccountName: cloud-controller-manager
|
||||
hostNetwork: true
|
||||
@@ -56,7 +56,7 @@ spec:
|
||||
path: /etc/kubernetes
|
||||
containers:
|
||||
- name: oci-cloud-controller-manager
|
||||
image: {{oci_cloud_controller_pull_source}}:{{oci_cloud_controller_version}}
|
||||
image: {{ oci_cloud_controller_pull_source }}:{{ oci_cloud_controller_version }}
|
||||
command: ["/usr/local/bin/oci-cloud-controller-manager"]
|
||||
args:
|
||||
- --cloud-config=/etc/oci/cloud-provider.yaml
|
||||
|
||||
@@ -70,7 +70,7 @@
|
||||
src: k8s-cluster-critical-pc.yml
|
||||
dest: "{{ kube_config_dir }}/k8s-cluster-critical-pc.yml"
|
||||
mode: 0640
|
||||
when: inventory_hostname == groups['kube_control_plane']|last
|
||||
when: inventory_hostname == groups['kube_control_plane'] | last
|
||||
|
||||
- name: PriorityClass | Create k8s-cluster-critical
|
||||
kube:
|
||||
@@ -79,4 +79,4 @@
|
||||
resource: "PriorityClass"
|
||||
filename: "{{ kube_config_dir }}/k8s-cluster-critical-pc.yml"
|
||||
state: latest
|
||||
when: inventory_hostname == groups['kube_control_plane']|last
|
||||
when: inventory_hostname == groups['kube_control_plane'] | last
|
||||
|
||||
@@ -1,25 +1,25 @@
|
||||
---
|
||||
|
||||
- name: Container Engine Acceleration Nvidia GPU| gather os specific variables
|
||||
- name: Container Engine Acceleration Nvidia GPU | gather os specific variables
|
||||
include_vars: "{{ item }}"
|
||||
with_first_found:
|
||||
- files:
|
||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
|
||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
||||
- "{{ ansible_distribution|lower }}.yml"
|
||||
- "{{ ansible_os_family|lower }}.yml"
|
||||
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower | replace('/', '_') }}.yml"
|
||||
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_release }}.yml"
|
||||
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower | replace('/', '_') }}.yml"
|
||||
- "{{ ansible_distribution | lower }}.yml"
|
||||
- "{{ ansible_os_family | lower }}.yml"
|
||||
skip: true
|
||||
|
||||
- name: Container Engine Acceleration Nvidia GPU | Set fact of download url Tesla
|
||||
set_fact:
|
||||
nvidia_driver_download_url_default: "{{ nvidia_gpu_tesla_base_url }}{{ nvidia_url_end }}"
|
||||
when: nvidia_gpu_flavor|lower == "tesla"
|
||||
when: nvidia_gpu_flavor | lower == "tesla"
|
||||
|
||||
- name: Container Engine Acceleration Nvidia GPU | Set fact of download url GTX
|
||||
set_fact:
|
||||
nvidia_driver_download_url_default: "{{ nvidia_gpu_gtx_base_url }}{{ nvidia_url_end }}"
|
||||
when: nvidia_gpu_flavor|lower == "gtx"
|
||||
when: nvidia_gpu_flavor | lower == "gtx"
|
||||
|
||||
- name: Container Engine Acceleration Nvidia GPU | Create addon dir
|
||||
file:
|
||||
|
||||
@@ -2,18 +2,18 @@
|
||||
# To access Cinder, the CSI controller will need credentials to access
|
||||
# openstack apis. Per default this values will be
|
||||
# read from the environment.
|
||||
cinder_auth_url: "{{ lookup('env','OS_AUTH_URL') }}"
|
||||
cinder_username: "{{ lookup('env','OS_USERNAME') }}"
|
||||
cinder_password: "{{ lookup('env','OS_PASSWORD') }}"
|
||||
cinder_application_credential_id: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_ID') }}"
|
||||
cinder_application_credential_name: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_NAME') }}"
|
||||
cinder_application_credential_secret: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_SECRET') }}"
|
||||
cinder_region: "{{ lookup('env','OS_REGION_NAME') }}"
|
||||
cinder_tenant_id: "{{ lookup('env','OS_TENANT_ID')| default(lookup('env','OS_PROJECT_ID'),true) }}"
|
||||
cinder_tenant_name: "{{ lookup('env','OS_TENANT_NAME')| default(lookup('env','OS_PROJECT_NAME'),true) }}"
|
||||
cinder_domain_name: "{{ lookup('env','OS_USER_DOMAIN_NAME') }}"
|
||||
cinder_domain_id: "{{ lookup('env','OS_USER_DOMAIN_ID') }}"
|
||||
cinder_cacert: "{{ lookup('env','OS_CACERT') }}"
|
||||
cinder_auth_url: "{{ lookup('env', 'OS_AUTH_URL') }}"
|
||||
cinder_username: "{{ lookup('env', 'OS_USERNAME') }}"
|
||||
cinder_password: "{{ lookup('env', 'OS_PASSWORD') }}"
|
||||
cinder_application_credential_id: "{{ lookup('env', 'OS_APPLICATION_CREDENTIAL_ID') }}"
|
||||
cinder_application_credential_name: "{{ lookup('env', 'OS_APPLICATION_CREDENTIAL_NAME') }}"
|
||||
cinder_application_credential_secret: "{{ lookup('env', 'OS_APPLICATION_CREDENTIAL_SECRET') }}"
|
||||
cinder_region: "{{ lookup('env', 'OS_REGION_NAME') }}"
|
||||
cinder_tenant_id: "{{ lookup('env', 'OS_TENANT_ID') | default(lookup('env', 'OS_PROJECT_ID'), true) }}"
|
||||
cinder_tenant_name: "{{ lookup('env', 'OS_TENANT_NAME') | default(lookup('env', 'OS_PROJECT_NAME'), true) }}"
|
||||
cinder_domain_name: "{{ lookup('env', 'OS_USER_DOMAIN_NAME') }}"
|
||||
cinder_domain_id: "{{ lookup('env', 'OS_USER_DOMAIN_ID') }}"
|
||||
cinder_cacert: "{{ lookup('env', 'OS_CACERT') }}"
|
||||
|
||||
# For now, only Cinder v3 is supported in Cinder CSI driver
|
||||
cinder_blockstorage_version: "v3"
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
msg: "cinder_application_credential_id is missing"
|
||||
when:
|
||||
- cinder_application_credential_name is defined
|
||||
- cinder_application_credential_name|length > 0
|
||||
- cinder_application_credential_name | length > 0
|
||||
- cinder_application_credential_id is not defined or not cinder_application_credential_id
|
||||
|
||||
- name: Cinder CSI Driver | check cinder_application_credential_secret value
|
||||
@@ -24,7 +24,7 @@
|
||||
msg: "cinder_application_credential_secret is missing"
|
||||
when:
|
||||
- cinder_application_credential_name is defined
|
||||
- cinder_application_credential_name|length > 0
|
||||
- cinder_application_credential_name | length > 0
|
||||
- cinder_application_credential_secret is not defined or not cinder_application_credential_secret
|
||||
|
||||
- name: Cinder CSI Driver | check cinder_password value
|
||||
@@ -32,7 +32,7 @@
|
||||
msg: "cinder_password is missing"
|
||||
when:
|
||||
- cinder_username is defined
|
||||
- cinder_username|length > 0
|
||||
- cinder_username | length > 0
|
||||
- cinder_application_credential_name is not defined or not cinder_application_credential_name
|
||||
- cinder_application_credential_secret is not defined or not cinder_application_credential_secret
|
||||
- cinder_password is not defined or not cinder_password
|
||||
|
||||
@@ -133,7 +133,7 @@ spec:
|
||||
- name: ca-certs
|
||||
mountPath: /etc/ssl/certs
|
||||
readOnly: true
|
||||
{% if ssl_ca_dirs|length %}
|
||||
{% if ssl_ca_dirs | length %}
|
||||
{% for dir in ssl_ca_dirs %}
|
||||
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
|
||||
mountPath: {{ dir }}
|
||||
@@ -155,7 +155,7 @@ spec:
|
||||
hostPath:
|
||||
path: /etc/ssl/certs
|
||||
type: DirectoryOrCreate
|
||||
{% if ssl_ca_dirs|length %}
|
||||
{% if ssl_ca_dirs | length %}
|
||||
{% for dir in ssl_ca_dirs %}
|
||||
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
|
||||
hostPath:
|
||||
|
||||
@@ -89,7 +89,7 @@ spec:
|
||||
- name: ca-certs
|
||||
mountPath: /etc/ssl/certs
|
||||
readOnly: true
|
||||
{% if ssl_ca_dirs|length %}
|
||||
{% if ssl_ca_dirs | length %}
|
||||
{% for dir in ssl_ca_dirs %}
|
||||
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
|
||||
mountPath: {{ dir }}
|
||||
@@ -125,7 +125,7 @@ spec:
|
||||
hostPath:
|
||||
path: /etc/ssl/certs
|
||||
type: DirectoryOrCreate
|
||||
{% if ssl_ca_dirs|length %}
|
||||
{% if ssl_ca_dirs | length %}
|
||||
{% for dir in ssl_ca_dirs %}
|
||||
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
|
||||
hostPath:
|
||||
|
||||
@@ -5,12 +5,12 @@ upcloud_csi_attacher_image_tag: "v3.4.0"
|
||||
upcloud_csi_resizer_image_tag: "v1.4.0"
|
||||
upcloud_csi_plugin_image_tag: "v0.3.3"
|
||||
upcloud_csi_node_image_tag: "v2.5.0"
|
||||
upcloud_username: "{{ lookup('env','UPCLOUD_USERNAME') }}"
|
||||
upcloud_password: "{{ lookup('env','UPCLOUD_PASSWORD') }}"
|
||||
upcloud_username: "{{ lookup('env', 'UPCLOUD_USERNAME') }}"
|
||||
upcloud_password: "{{ lookup('env', 'UPCLOUD_PASSWORD') }}"
|
||||
upcloud_tolerations: []
|
||||
upcloud_csi_enable_volume_snapshot: false
|
||||
upcloud_csi_snapshot_controller_replicas: 2
|
||||
upcloud_csi_snapshotter_image_tag: "v4.2.1"
|
||||
upcloud_csi_snapshot_controller_image_tag: "v4.2.1"
|
||||
upcloud_csi_snapshot_validation_webhook_image_tag: "v4.2.1"
|
||||
upcloud_cacert: "{{ lookup('env','OS_CACERT') }}"
|
||||
upcloud_cacert: "{{ lookup('env', 'OS_CACERT') }}"
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
msg: "UpCloud password is missing. Env UPCLOUD_PASSWORD is mandatory"
|
||||
when:
|
||||
- upcloud_username is defined
|
||||
- upcloud_username|length > 0
|
||||
- upcloud_username | length > 0
|
||||
- upcloud_password is not defined or not upcloud_password
|
||||
|
||||
- name: UpCloud CSI Driver | Generate Manifests
|
||||
|
||||
@@ -36,8 +36,8 @@ unsafe_show_logs: false
|
||||
# according to the above link , we can controler the block-volume-snapshot parameter
|
||||
vsphere_csi_block_volume_snapshot: false
|
||||
|
||||
external_vsphere_user: "{{ lookup('env','VSPHERE_USER') }}"
|
||||
external_vsphere_password: "{{ lookup('env','VSPHERE_PASSWORD') }}"
|
||||
external_vsphere_user: "{{ lookup('env', 'VSPHERE_USER') }}"
|
||||
external_vsphere_password: "{{ lookup('env', 'VSPHERE_PASSWORD') }}"
|
||||
|
||||
# Controller resources
|
||||
vsphere_csi_snapshotter_resources: {}
|
||||
|
||||
@@ -44,11 +44,11 @@
|
||||
command: "{{ kubectl }} create secret generic vsphere-config-secret --from-file=csi-vsphere.conf={{ kube_config_dir }}/vsphere-csi-cloud-config -n {{ vsphere_csi_namespace }} --dry-run --save-config -o yaml"
|
||||
register: vsphere_csi_secret_manifest
|
||||
when: inventory_hostname == groups['kube_control_plane'][0]
|
||||
no_log: "{{ not (unsafe_show_logs|bool) }}"
|
||||
no_log: "{{ not (unsafe_show_logs | bool) }}"
|
||||
|
||||
- name: vSphere CSI Driver | Apply a CSI secret manifest
|
||||
command:
|
||||
cmd: "{{ kubectl }} apply -f -"
|
||||
stdin: "{{ vsphere_csi_secret_manifest.stdout }}"
|
||||
when: inventory_hostname == groups['kube_control_plane'][0]
|
||||
no_log: "{{ not (unsafe_show_logs|bool) }}"
|
||||
no_log: "{{ not (unsafe_show_logs | bool) }}"
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
- {name: external-hcloud-cloud-secret, file: external-hcloud-cloud-secret.yml}
|
||||
- {name: external-hcloud-cloud-service-account, file: external-hcloud-cloud-service-account.yml}
|
||||
- {name: external-hcloud-cloud-role-bindings, file: external-hcloud-cloud-role-bindings.yml}
|
||||
- {name: "{{ 'external-hcloud-cloud-controller-manager-ds-with-networks' if external_hcloud_cloud.with_networks else 'external-hcloud-cloud-controller-manager-ds' }}", file: "{{ 'external-hcloud-cloud-controller-manager-ds-with-networks.yml' if external_hcloud_cloud.with_networks else 'external-hcloud-cloud-controller-manager-ds.yml' }}"}
|
||||
- {name: "{{ 'external-hcloud-cloud-controller-manager-ds-with-networks' if external_hcloud_cloud.with_networks else 'external-hcloud-cloud-controller-manager-ds' }}", file: "{{ 'external-hcloud-cloud-controller-manager-ds-with-networks.yml' if external_hcloud_cloud.with_networks else 'external-hcloud-cloud-controller-manager-ds.yml' }}"}
|
||||
|
||||
register: external_hcloud_manifests
|
||||
when: inventory_hostname == groups['kube_control_plane'][0]
|
||||
|
||||
@@ -7,5 +7,5 @@ metadata:
|
||||
data:
|
||||
token: "{{ external_hcloud_cloud.hcloud_api_token | b64encode }}"
|
||||
{% if external_hcloud_cloud.with_networks %}
|
||||
network: "{{ network_id|b64encode }}"
|
||||
network: "{{ network_id | b64encode }}"
|
||||
{% endif %}
|
||||
|
||||
@@ -2,18 +2,18 @@
|
||||
# The external cloud controller will need credentials to access
|
||||
# openstack apis. Per default these values will be
|
||||
# read from the environment.
|
||||
external_openstack_auth_url: "{{ lookup('env','OS_AUTH_URL') }}"
|
||||
external_openstack_username: "{{ lookup('env','OS_USERNAME') }}"
|
||||
external_openstack_password: "{{ lookup('env','OS_PASSWORD') }}"
|
||||
external_openstack_application_credential_id: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_ID') }}"
|
||||
external_openstack_application_credential_name: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_NAME') }}"
|
||||
external_openstack_application_credential_secret: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_SECRET') }}"
|
||||
external_openstack_region: "{{ lookup('env','OS_REGION_NAME') }}"
|
||||
external_openstack_tenant_id: "{{ lookup('env','OS_TENANT_ID')| default(lookup('env','OS_PROJECT_ID'),true) }}"
|
||||
external_openstack_tenant_name: "{{ lookup('env','OS_TENANT_NAME')| default(lookup('env','OS_PROJECT_NAME'),true) }}"
|
||||
external_openstack_domain_name: "{{ lookup('env','OS_USER_DOMAIN_NAME') }}"
|
||||
external_openstack_domain_id: "{{ lookup('env','OS_USER_DOMAIN_ID') }}"
|
||||
external_openstack_cacert: "{{ lookup('env','OS_CACERT') }}"
|
||||
external_openstack_auth_url: "{{ lookup('env', 'OS_AUTH_URL') }}"
|
||||
external_openstack_username: "{{ lookup('env', 'OS_USERNAME') }}"
|
||||
external_openstack_password: "{{ lookup('env', 'OS_PASSWORD') }}"
|
||||
external_openstack_application_credential_id: "{{ lookup('env', 'OS_APPLICATION_CREDENTIAL_ID') }}"
|
||||
external_openstack_application_credential_name: "{{ lookup('env', 'OS_APPLICATION_CREDENTIAL_NAME') }}"
|
||||
external_openstack_application_credential_secret: "{{ lookup('env', 'OS_APPLICATION_CREDENTIAL_SECRET') }}"
|
||||
external_openstack_region: "{{ lookup('env', 'OS_REGION_NAME') }}"
|
||||
external_openstack_tenant_id: "{{ lookup('env', 'OS_TENANT_ID') | default(lookup('env', 'OS_PROJECT_ID'), true) }}"
|
||||
external_openstack_tenant_name: "{{ lookup('env', 'OS_TENANT_NAME') | default(lookup('env', 'OS_PROJECT_NAME'), true) }}"
|
||||
external_openstack_domain_name: "{{ lookup('env', 'OS_USER_DOMAIN_NAME') }}"
|
||||
external_openstack_domain_id: "{{ lookup('env', 'OS_USER_DOMAIN_ID') }}"
|
||||
external_openstack_cacert: "{{ lookup('env', 'OS_CACERT') }}"
|
||||
|
||||
## A dictionary of extra arguments to add to the openstack cloud controller manager daemonset
|
||||
## Format:
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
msg: "external_openstack_application_credential_id is missing"
|
||||
when:
|
||||
- external_openstack_application_credential_name is defined
|
||||
- external_openstack_application_credential_name|length > 0
|
||||
- external_openstack_application_credential_name | length > 0
|
||||
- external_openstack_application_credential_id is not defined or not external_openstack_application_credential_id
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@
|
||||
msg: "external_openstack_application_credential_secret is missing"
|
||||
when:
|
||||
- external_openstack_application_credential_name is defined
|
||||
- external_openstack_application_credential_name|length > 0
|
||||
- external_openstack_application_credential_name | length > 0
|
||||
- external_openstack_application_credential_secret is not defined or not external_openstack_application_credential_secret
|
||||
|
||||
|
||||
@@ -36,7 +36,7 @@
|
||||
msg: "external_openstack_password is missing"
|
||||
when:
|
||||
- external_openstack_username is defined
|
||||
- external_openstack_username|length > 0
|
||||
- external_openstack_username | length > 0
|
||||
- external_openstack_application_credential_name is not defined or not external_openstack_application_credential_name
|
||||
- external_openstack_application_credential_secret is not defined or not external_openstack_application_credential_secret
|
||||
- external_openstack_password is not defined or not external_openstack_password
|
||||
|
||||
@@ -57,7 +57,7 @@ spec:
|
||||
- mountPath: /etc/ssl/certs
|
||||
name: ca-certs
|
||||
readOnly: true
|
||||
{% if ssl_ca_dirs|length %}
|
||||
{% if ssl_ca_dirs | length %}
|
||||
{% for dir in ssl_ca_dirs %}
|
||||
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
|
||||
mountPath: {{ dir }}
|
||||
@@ -98,7 +98,7 @@ spec:
|
||||
hostPath:
|
||||
path: /etc/ssl/certs
|
||||
type: DirectoryOrCreate
|
||||
{% if ssl_ca_dirs|length %}
|
||||
{% if ssl_ca_dirs | length %}
|
||||
{% for dir in ssl_ca_dirs %}
|
||||
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
|
||||
hostPath:
|
||||
|
||||
@@ -10,5 +10,5 @@ external_vsphere_insecure: "true"
|
||||
external_vsphere_cloud_controller_extra_args: {}
|
||||
external_vsphere_cloud_controller_image_tag: "latest"
|
||||
|
||||
external_vsphere_user: "{{ lookup('env','VSPHERE_USER') }}"
|
||||
external_vsphere_password: "{{ lookup('env','VSPHERE_PASSWORD') }}"
|
||||
external_vsphere_user: "{{ lookup('env', 'VSPHERE_USER') }}"
|
||||
external_vsphere_password: "{{ lookup('env', 'VSPHERE_PASSWORD') }}"
|
||||
|
||||
@@ -19,7 +19,7 @@ spec:
|
||||
app: cephfs-provisioner
|
||||
version: {{ cephfs_provisioner_image_tag }}
|
||||
spec:
|
||||
priorityClassName: {% if cephfs_provisioner_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
priorityClassName: {% if cephfs_provisioner_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{ '' }}
|
||||
serviceAccount: cephfs-provisioner
|
||||
containers:
|
||||
- name: cephfs-provisioner
|
||||
|
||||
@@ -24,7 +24,7 @@ spec:
|
||||
- start
|
||||
- --config
|
||||
- /etc/config/config.json
|
||||
{% if local_path_provisioner_debug|default(false) %}
|
||||
{% if local_path_provisioner_debug | default(false) %}
|
||||
- --debug
|
||||
{% endif %}
|
||||
volumeMounts:
|
||||
|
||||
@@ -12,7 +12,7 @@ local_volume_provisioner_use_node_name_only: false
|
||||
local_volume_provisioner_storage_classes: |
|
||||
{
|
||||
"{{ local_volume_provisioner_storage_class | default('local-storage') }}": {
|
||||
"host_dir": "{{ local_volume_provisioner_base_dir | default ('/mnt/disks') }}",
|
||||
"host_dir": "{{ local_volume_provisioner_base_dir | default('/mnt/disks') }}",
|
||||
"mount_dir": "{{ local_volume_provisioner_mount_dir | default('/mnt/disks') }}",
|
||||
"volume_mode": "Filesystem",
|
||||
"fs_type": "ext4"
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
# Macro to convert camelCase dictionary keys to snake_case keys
|
||||
{% macro convert_keys(mydict) -%}
|
||||
{% for key in mydict.keys()|list -%}
|
||||
{% for key in mydict.keys() | list -%}
|
||||
{% set key_split = key.split('_') -%}
|
||||
{% set new_key = key_split[0] + key_split[1:]|map('capitalize')|join -%}
|
||||
{% set new_key = key_split[0] + key_split[1:] | map('capitalize') | join -%}
|
||||
{% set value = mydict.pop(key) -%}
|
||||
{{ mydict.__setitem__(new_key, value) -}}
|
||||
{{ convert_keys(value) if value is mapping else None -}}
|
||||
|
||||
@@ -18,7 +18,7 @@ spec:
|
||||
k8s-app: local-volume-provisioner
|
||||
version: {{ local_volume_provisioner_image_tag }}
|
||||
spec:
|
||||
priorityClassName: {% if local_volume_provisioner_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
priorityClassName: {% if local_volume_provisioner_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{ '' }}
|
||||
serviceAccountName: local-volume-provisioner
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
|
||||
@@ -21,7 +21,7 @@ spec:
|
||||
app: rbd-provisioner
|
||||
version: {{ rbd_provisioner_image_tag }}
|
||||
spec:
|
||||
priorityClassName: {% if rbd_provisioner_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
priorityClassName: {% if rbd_provisioner_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{ '' }}
|
||||
serviceAccount: rbd-provisioner
|
||||
containers:
|
||||
- name: rbd-provisioner
|
||||
|
||||
@@ -3,11 +3,11 @@
|
||||
include_vars: "{{ item }}"
|
||||
with_first_found:
|
||||
- files:
|
||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
|
||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
||||
- "{{ ansible_distribution|lower }}.yml"
|
||||
- "{{ ansible_os_family|lower }}.yml"
|
||||
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower | replace('/', '_') }}.yml"
|
||||
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_release }}.yml"
|
||||
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower | replace('/', '_') }}.yml"
|
||||
- "{{ ansible_distribution | lower }}.yml"
|
||||
- "{{ ansible_os_family | lower }}.yml"
|
||||
- defaults.yml
|
||||
paths:
|
||||
- ../vars
|
||||
|
||||
@@ -10,9 +10,9 @@ cert_manager_controller_extra_args: []
|
||||
|
||||
## Allow http_proxy, https_proxy and no_proxy environment variables
|
||||
## Details https://github.com/kubernetes-sigs/kubespray/blob/master/docs/proxy.md
|
||||
cert_manager_http_proxy: "{{ http_proxy|default('') }}"
|
||||
cert_manager_https_proxy: "{{ https_proxy|default('') }}"
|
||||
cert_manager_no_proxy: "{{ no_proxy|default('') }}"
|
||||
cert_manager_http_proxy: "{{ http_proxy | default('') }}"
|
||||
cert_manager_https_proxy: "{{ https_proxy | default('') }}"
|
||||
cert_manager_no_proxy: "{{ no_proxy | default('') }}"
|
||||
|
||||
## Change leader election namespace when deploying on GKE Autopilot that forbid the changes on kube-system namespace.
|
||||
## See https://github.com/jetstack/cert-manager/issues/3717
|
||||
|
||||
@@ -35,7 +35,7 @@ spec:
|
||||
tolerations:
|
||||
{{ ingress_nginx_tolerations | to_nice_yaml(indent=2) | indent(width=8) }}
|
||||
{% endif %}
|
||||
priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{ '' }}
|
||||
containers:
|
||||
- name: ingress-nginx-controller
|
||||
image: {{ ingress_nginx_controller_image_repo }}:{{ ingress_nginx_controller_image_tag }}
|
||||
|
||||
@@ -41,7 +41,7 @@
|
||||
name: "MetalLB"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
filename: "{{ kube_config_dir }}/metallb.yaml"
|
||||
state: "{{ metallb_rendering.changed | ternary('latest','present') }}"
|
||||
state: "{{ metallb_rendering.changed | ternary('latest', 'present') }}"
|
||||
wait: true
|
||||
become: true
|
||||
when:
|
||||
@@ -67,7 +67,7 @@
|
||||
name: "MetalLB"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
filename: "{{ kube_config_dir }}/pools.yaml"
|
||||
state: "{{ pools_rendering.changed | ternary('latest','present') }}"
|
||||
state: "{{ pools_rendering.changed | ternary('latest', 'present') }}"
|
||||
become: true
|
||||
when:
|
||||
- inventory_hostname == groups['kube_control_plane'][0]
|
||||
@@ -87,7 +87,7 @@
|
||||
name: "MetalLB"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
filename: "{{ kube_config_dir }}/layer2.yaml"
|
||||
state: "{{ layer2_rendering.changed | ternary('latest','present') }}"
|
||||
state: "{{ layer2_rendering.changed | ternary('latest', 'present') }}"
|
||||
become: true
|
||||
when:
|
||||
- inventory_hostname == groups['kube_control_plane'][0]
|
||||
@@ -107,7 +107,7 @@
|
||||
name: "MetalLB"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
filename: "{{ kube_config_dir }}/layer3.yaml"
|
||||
state: "{{ layer3_rendering.changed | ternary('latest','present') }}"
|
||||
state: "{{ layer3_rendering.changed | ternary('latest', 'present') }}"
|
||||
become: true
|
||||
when:
|
||||
- inventory_hostname == groups['kube_control_plane'][0]
|
||||
|
||||
@@ -57,7 +57,7 @@ spec:
|
||||
aggregationLengthV6: 128
|
||||
communities:
|
||||
- no-advertise
|
||||
localpref: "{{ peer.localpref | default ("100") }}"
|
||||
localpref: "{{ peer.localpref | default("100") }}"
|
||||
ipAddressPools:
|
||||
{% for address_pool in peer.address_pool %}
|
||||
- "{{ address_pool }}"
|
||||
|
||||
@@ -9,10 +9,10 @@
|
||||
state: "latest"
|
||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||
run_once: true
|
||||
with_items: "{{ multus_manifest_1.results + (multus_nodes_list|map('extract', hostvars, 'multus_manifest_2')|list|json_query('[].results')) }}"
|
||||
with_items: "{{ multus_manifest_1.results + (multus_nodes_list | map('extract', hostvars, 'multus_manifest_2') | list | json_query('[].results')) }}"
|
||||
loop_control:
|
||||
label: "{{ item.item.name }}"
|
||||
vars:
|
||||
multus_nodes_list: "{{ groups['k8s_cluster'] if ansible_play_batch|length == ansible_play_hosts_all|length else ansible_play_batch }}"
|
||||
multus_nodes_list: "{{ groups['k8s_cluster'] if ansible_play_batch | length == ansible_play_hosts_all | length else ansible_play_batch }}"
|
||||
when:
|
||||
- not item is skipped
|
||||
|
||||
@@ -8,21 +8,21 @@
|
||||
fail:
|
||||
msg: "registry_service_cluster_ip support only compatible with ClusterIP."
|
||||
when:
|
||||
- registry_service_cluster_ip is defined and registry_service_cluster_ip|length > 0
|
||||
- registry_service_cluster_ip is defined and registry_service_cluster_ip | length > 0
|
||||
- registry_service_type != "ClusterIP"
|
||||
|
||||
- name: Registry | Stop if registry_service_loadbalancer_ip is defined when registry_service_type is not 'LoadBalancer'
|
||||
fail:
|
||||
msg: "registry_service_loadbalancer_ip support only compatible with LoadBalancer."
|
||||
when:
|
||||
- registry_service_loadbalancer_ip is defined and registry_service_loadbalancer_ip|length > 0
|
||||
- registry_service_loadbalancer_ip is defined and registry_service_loadbalancer_ip | length > 0
|
||||
- registry_service_type != "LoadBalancer"
|
||||
|
||||
- name: Registry | Stop if registry_service_nodeport is defined when registry_service_type is not 'NodePort'
|
||||
fail:
|
||||
msg: "registry_service_nodeport support only compatible with NodePort."
|
||||
when:
|
||||
- registry_service_nodeport is defined and registry_service_nodeport|length > 0
|
||||
- registry_service_nodeport is defined and registry_service_nodeport | length > 0
|
||||
- registry_service_type != "NodePort"
|
||||
|
||||
- name: Registry | Create addon dir
|
||||
|
||||
@@ -24,7 +24,7 @@ spec:
|
||||
k8s-app: registry
|
||||
version: v{{ registry_image_tag }}
|
||||
spec:
|
||||
priorityClassName: {% if registry_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
|
||||
priorityClassName: {% if registry_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{ '' }}
|
||||
serviceAccountName: registry
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
|
||||
Reference in New Issue
Block a user