epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-28 09:39:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Improving yamllint configuration (#11389)

Browse Source 
Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>
This commit is contained in:
Bas
2024-07-26 03:42:20 +02:00
committed by GitHub
parent 5394715d9b
commit 8f5f75211f
154 changed files with 342 additions and 334 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml
View File

@@ -37,4 +37,4 @@
dest: "{{ kube_cert_dir }}/secrets_encryption.yaml"
owner: root
group: "{{ kube_cert_group }}"
mode: 0640
mode: "0640"

2
roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml
View File

@@ -25,5 +25,5 @@
path: "{{ etcd_data_dir }}"
owner: "{{ etcd_owner }}"
group: "{{ etcd_owner }}"
mode: 0700
mode: "0700"
when: etcd_deployment_type == "kubeadm"

4
roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml
View File

@@ -34,7 +34,7 @@
template:
src: "kubeadm-controlplane.{{ kubeadmConfig_api_version }}.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-controlplane.yaml"
mode: 0640
mode: "0640"
backup: yes
when:
- inventory_hostname != first_kube_control_plane
@@ -77,7 +77,7 @@
dest: "{{ kube_config_dir }}/cluster-info-discovery-kubeconfig.yaml"
content: "{{ kubeconfig_file_discovery.stdout }}"
owner: "root"
mode: 0644
mode: "0644"
when:
- inventory_hostname != first_kube_control_plane
- kubeadm_use_file_discovery

24
roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
View File

@@ -51,35 +51,35 @@
file:
path: "{{ audit_policy_file | dirname }}"
state: directory
mode: 0640
mode: "0640"
when: kubernetes_audit | default(false) or kubernetes_audit_webhook | default(false)
- name: Write api audit policy yaml
template:
src: apiserver-audit-policy.yaml.j2
dest: "{{ audit_policy_file }}"
mode: 0640
mode: "0640"
when: kubernetes_audit | default(false) or kubernetes_audit_webhook | default(false)
- name: Write api audit webhook config yaml
template:
src: apiserver-audit-webhook-config.yaml.j2
dest: "{{ audit_webhook_config_file }}"
mode: 0640
mode: "0640"
when: kubernetes_audit_webhook | default(false)
- name: Create apiserver tracing config directory
file:
path: "{{ kube_config_dir }}/tracing"
state: directory
mode: 0640
mode: "0640"
when: kube_apiserver_tracing
- name: Write apiserver tracing config yaml
template:
src: apiserver-tracing.yaml.j2
dest: "{{ kube_config_dir }}/tracing/apiserver-tracing.yaml"
mode: 0640
mode: "0640"
when: kube_apiserver_tracing
# Nginx LB(default), If kubeadm_config_api_fqdn is defined, use other LB by kubeadm controlPlaneEndpoint.
@@ -96,27 +96,27 @@
template:
src: "kubeadm-config.{{ kubeadmConfig_api_version }}.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-config.yaml"
mode: 0640
mode: "0640"
- name: Kubeadm | Create directory to store admission control configurations
file:
path: "{{ kube_config_dir }}/admission-controls"
state: directory
mode: 0640
mode: "0640"
when: kube_apiserver_admission_control_config_file
- name: Kubeadm | Push admission control config file
template:
src: "admission-controls.yaml.j2"
dest: "{{ kube_config_dir }}/admission-controls/admission-controls.yaml"
mode: 0640
mode: "0640"
when: kube_apiserver_admission_control_config_file
- name: Kubeadm | Push admission control config files
template:
src: "{{ item | lower }}.yaml.j2"
dest: "{{ kube_config_dir }}/admission-controls/{{ item | lower }}.yaml"
mode: 0640
mode: "0640"
when:
- kube_apiserver_admission_control_config_file
- item in kube_apiserver_admission_plugins_needs_configuration
@@ -126,7 +126,7 @@
template:
src: "podnodeselector.yaml.j2"
dest: "{{ kube_config_dir }}/admission-controls/podnodeselector.yaml"
mode: 0640
mode: "0640"
when:
- kube_apiserver_admission_plugins_podnodeselector_default_node_selector is defined
- kube_apiserver_admission_plugins_podnodeselector_default_node_selector | length > 0
@@ -178,7 +178,7 @@
file:
path: "{{ kubeadm_patches.dest_dir }}"
state: directory
mode: 0640
mode: "0640"
when: kubeadm_patches is defined and kubeadm_patches.enabled
- name: Kubeadm | Copy kubeadm patches from inventory files
@@ -186,7 +186,7 @@
src: "{{ kubeadm_patches.source_dir }}/"
dest: "{{ kubeadm_patches.dest_dir }}"
owner: "root"
mode: 0644
mode: "0644"
when: kubeadm_patches is defined and kubeadm_patches.enabled
- name: Kubeadm | Initialize first master

14
roles/kubernetes/control-plane/tasks/main.yml
View File

@@ -8,21 +8,21 @@
template:
src: webhook-token-auth-config.yaml.j2
dest: "{{ kube_config_dir }}/webhook-token-auth-config.yaml"
mode: 0640
mode: "0640"
when: kube_webhook_token_auth | default(false)
- name: Create webhook authorization config
template:
src: webhook-authorization-config.yaml.j2
dest: "{{ kube_config_dir }}/webhook-authorization-config.yaml"
mode: 0640
mode: "0640"
when: kube_webhook_authorization | default(false)
- name: Create kube-scheduler config
template:
src: kubescheduler-config.yaml.j2
dest: "{{ kube_config_dir }}/kubescheduler-config.yaml"
mode: 0644
mode: "0644"
- name: Apply Kubernetes encrypt at rest config
import_tasks: encrypt-at-rest.yml
@@ -35,7 +35,7 @@
copy:
src: "{{ downloads.kubectl.dest }}"
dest: "{{ bin_dir }}/kubectl"
mode: 0755
mode: "0755"
remote_src: true
tags:
- kubectl
@@ -53,7 +53,7 @@
path: /etc/bash_completion.d/kubectl.sh
owner: root
group: root
mode: 0755
mode: "0755"
when: ansible_os_family in ["Debian","RedHat"]
tags:
- kubectl
@@ -101,13 +101,13 @@
template:
src: k8s-certs-renew.sh.j2
dest: "{{ bin_dir }}/k8s-certs-renew.sh"
mode: 0755
mode: "0755"
- name: Renew K8S control plane certificates monthly 1/2
template:
src: "{{ item }}.j2"
dest: "/etc/systemd/system/{{ item }}"
mode: 0644
mode: "0644"
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:{{item}}'"
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
# Remove once we drop support for systemd < 250