build(deps): bump molecule from 25.1.0 to 25.9.0 in the molecule group

Bumps the molecule group with 1 update: [molecule](https://github.com/ansible-community/molecule). Updates `molecule` from 25.1.0 to 25.9.0 - [Release notes](https://github.com/ansible-community/molecule/releases) - [Commits](https://github.com/ansible-community/molecule/compare/v25.1.0...v25.9.0) --- updated-dependencies: - dependency-name: molecule dependency-version: 25.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: molecule ... Signed-off-by: dependabot[bot] <support@github.com>
2025-12-14 13:54:37 +03:00 · 2025-12-08 03:01:01 +00:00
8 changed files with 22 additions and 31 deletions
--- a/.github/workflows/auto-label-os.yml
+++ b/.github/workflows/auto-label-os.yml
@@ -13,10 +13,10 @@ jobs:
      issues: write

    steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3

      - name: Parse issue form
-        uses: stefanbuck/github-issue-parser@25f1485edffc1fee3ea68eb9f59a72e58720ffc4
+        uses: stefanbuck/github-issue-parser@2ea9b35a8c584529ed00891a8f7e41dc46d0441e
        id: issue-parser
        with:
          template-path: .github/ISSUE_TEMPLATE/bug-report.yaml
--- a/.github/workflows/upgrade-patch-versions.yml
+++ b/.github/workflows/upgrade-patch-versions.yml
@@ -11,7 +11,7 @@ jobs:
  update-patch-versions:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+    - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
      with:
        ref: ${{ inputs.branch }}
    - uses: actions/setup-python@v6
@@ -29,7 +29,7 @@ jobs:
          ~/.cache/pre-commit
    - run: pre-commit run --all-files propagate-ansible-variables
      continue-on-error: true
-    - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676
+    - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412
      with:
        commit-message: Patch versions updates
        title: Patch versions updates - ${{ inputs.branch }}
--- a/.gitlab-ci/terraform.yml
+++ b/.gitlab-ci/terraform.yml
@@ -116,5 +116,5 @@ tf-elastx_ubuntu20-calico:
    TF_VAR_az_list_node: '["sto1"]'
    TF_VAR_flavor_k8s_master: 3f73fc93-ec61-4808-88df-2580d94c1a9b    # v1-standard-2
    TF_VAR_flavor_k8s_node: 3f73fc93-ec61-4808-88df-2580d94c1a9b      # v1-standard-2
-    TF_VAR_image: ubuntu-24.04-server-latest
+    TF_VAR_image: ubuntu-20.04-server-latest
    TF_VAR_k8s_allowed_remote_ips: '["0.0.0.0/0"]'
--- a/docs/CNI/cilium.md
+++ b/docs/CNI/cilium.md
@@ -1,13 +1,5 @@
 # Cilium

-## Unprivileged agent configuration
-
-By default, Cilium is installed with `securityContext.privileged: false`. You need to set the `kube_owner` variable to `root` in the inventory:
-
-```yml
-kube_owner: root
-```
-
 ## IP Address Management (IPAM)

 IP Address Management (IPAM) is responsible for the allocation and management of IP addresses used by network endpoints (container and others) managed by Cilium. The default mode is "Cluster Scope".
--- a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
@@ -22,8 +22,7 @@ local_release_dir: "/tmp/releases"
 # Random shifts for retrying failed ops like pushing/downloading
 retry_stagger: 5

-# This is the user that owns the cluster installation.
-# Note: cilium needs to set kube_owner to root https://kubespray.io/#/docs/CNI/cilium?id=unprivileged-agent-configuration
+# This is the user that owns tha cluster installation.
 kube_owner: kube

 # This is the group that the cert creation scripts chgrp the
--- a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml
@@ -11,23 +11,24 @@
  tags:
    - facts

- name: Obtain kubeadm certificate key for joining control planes nodes
+- name: Upload certificates so they are fresh and not expired
+  command: >-
+    {{ bin_dir }}/kubeadm init phase
+    --config {{ kube_config_dir }}/kubeadm-config.yaml
+    upload-certs
+    --upload-certs
+  register: kubeadm_upload_cert
  when:
+    - inventory_hostname == first_kube_control_plane
    - not kube_external_ca_mode
-  run_once: true
-  block:
-    - name: Upload certificates so they are fresh and not expired
-      command: >-
-        {{ bin_dir }}/kubeadm init phase
-        --config {{ kube_config_dir }}/kubeadm-config.yaml
-        upload-certs
-        --upload-certs
-      register: kubeadm_upload_cert
-      delegate_to: "{{ first_kube_control_plane }}"

-    - name: Parse certificate key if not set
-      set_fact:
-        kubeadm_certificate_key: "{{ kubeadm_upload_cert.stdout_lines[-1] | trim }}"
+- name: Parse certificate key if not set
+  set_fact:
+    kubeadm_certificate_key: "{{ hostvars[first_kube_control_plane]['kubeadm_upload_cert'].stdout_lines[-1] | trim }}"
+  run_once: true
+  when:
+    - hostvars[first_kube_control_plane]['kubeadm_upload_cert'] is defined
+    - hostvars[first_kube_control_plane]['kubeadm_upload_cert'] is not skipped

 - name: Wait for k8s apiserver
  wait_for:
--- a/roles/network_plugin/calico/tasks/check.yml
+++ b/roles/network_plugin/calico/tasks/check.yml
@@ -61,7 +61,6 @@
        executable: /bin/bash
      register: calico_version_on_server
      changed_when: false
-      check_mode: false

    - name: Assert that current calico version is enough for upgrade
      assert:
--- a/tests/requirements.txt
+++ b/tests/requirements.txt
@@ -1,4 +1,4 @@
 -r ../requirements.txt
 distlib==0.4.0 # required for building collections
-molecule==25.1.0
+molecule==25.12.0
 pytest-testinfra==10.2.2