Refactor(defaults): centralize etcd defaults (#13161)

Bumps [stefanbuck/github-issue-parser](https://github.com/stefanbuck/github-issue-parser) from 3.2.3 to 3.2.5.
- [Release notes](https://github.com/stefanbuck/github-issue-parser/releases)
- [Commits](10dcc54158...cb6e97157c)

---
updated-dependencies:
- dependency-name: stefanbuck/github-issue-parser
  dependency-version: 3.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/auto-label-os.yml

@@ -16,7 +16,7 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
 
       - name: Parse issue form
-        uses: stefanbuck/github-issue-parser@10dcc54158ba4c137713d9d69d70a2da63b6bda3
+        uses: stefanbuck/github-issue-parser@cb6e97157cbf851e3a393ff8d57c93a484cc323f
         id: issue-parser
         with:
           template-path: .github/ISSUE_TEMPLATE/bug-report.yaml

OWNERS_ALIASES

@@ -8,6 +8,7 @@ aliases:
   kubespray-reviewers:
     - cyclinder
     - erikjiang
+    - guoard
     - mzaian
     - tico88612
     - vannten

RELEASE.md

@@ -58,7 +58,7 @@ You can create a release note with:
 export GITHUB_TOKEN=<your-github-token>
 export ORG=kubernetes-sigs
 export REPO=kubespray
-release-notes --start-sha <The start commit-id> --end-sha <The end commit-id> --dependencies=false --output=/tmp/kubespray-release-note --required-author=""
+release-notes generate --org "${ORG}" --repo "${REPO}" --repo-path "${PWD}" --start-sha <The start commit-id> --end-sha <The end commit-id> --dependencies=false --output=/tmp/kubespray-release-note
 ```
 
 If the release note file(/tmp/kubespray-release-note) contains "### Uncategorized" pull requests, those pull requests don't have a valid kind label(`kind/feature`, etc.).

galaxy.yml

@@ -2,7 +2,7 @@
 namespace: kubernetes_sigs
 description: Deploy a production ready Kubernetes cluster
 name: kubespray
-version: 2.31.0
+version: 2.32.0
 readme: README.md
 authors:
   - The Kubespray maintainers (https://kubernetes.slack.com/channels/kubespray)

requirements.txt

@@ -1,6 +1,6 @@
 ansible==11.13.0
 # Needed for community.crypto module
-cryptography==46.0.7
+cryptography==47.0.0
 # Needed for jinja2 json_query templating
 jmespath==1.1.0
 # Needed for ansible.utils.ipaddr

roles/etcd/tasks/check_certs.yml

@@ -13,6 +13,8 @@
     sync_certs: false
     gen_certs: false
     etcd_secret_changed: false
+    etcd_member_requires_sync: false
+    kubernetes_host_requires_sync: false
 
 - name: "Check certs | Register ca and etcd admin/member certs on etcd hosts"
   stat:
@@ -128,7 +130,7 @@
   set_fact:
     sync_certs: true
   when:
-    - etcd_member_requires_sync | default(false) or
-      kubernetes_host_requires_sync | default(false) or
+    - etcd_member_requires_sync or
+      kubernetes_host_requires_sync or
       'gen_master_certs_True' in group_names or
       'gen_node_certs_True' in group_names

roles/etcd/tasks/gen_certs_script.yml

@@ -24,7 +24,7 @@
   run_once: true
   delegate_to: "{{ groups['etcd'][0] }}"
   when:
-    - gen_certs | default(false)
+    - gen_certs
     - inventory_hostname == groups['etcd'][0]
 
 - name: Gen_certs | copy certs generation script
@@ -43,7 +43,7 @@
     HOSTS: "{{ groups['gen_node_certs_True'] | ansible.builtin.intersect(groups['kube_control_plane']) | join(' ') }}"
   run_once: true
   delegate_to: "{{ groups['etcd'][0] }}"
-  when: gen_certs | default(false)
+  when: gen_certs
   notify: Set etcd_secret_changed
 
 - name: Gen_certs | run cert generation script for all clients
@@ -55,7 +55,7 @@
   when:
     - kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally
     - kube_network_plugin != "calico" or calico_datastore == "etcd"
-    - gen_certs | default(false)
+    - gen_certs
   notify: Set etcd_secret_changed
 
 - name: Gen_certs | Gather etcd member/admin and kube_control_plane client certs from first etcd node
@@ -78,7 +78,7 @@
   delegate_to: "{{ groups['etcd'][0] }}"
   when:
     - ('etcd' in group_names)
-    - sync_certs | default(false)
+    - sync_certs
     - inventory_hostname != groups['etcd'][0]
   notify: Set etcd_secret_changed
 
@@ -92,7 +92,7 @@
   with_items: "{{ etcd_master_certs.results }}"
   when:
     - ('etcd' in group_names)
-    - sync_certs | default(false)
+    - sync_certs
     - inventory_hostname != groups['etcd'][0]
   loop_control:
     label: "{{ item.item }}"
@@ -134,7 +134,7 @@
   include_tasks: gen_nodes_certs_script.yml
   when:
     - ('kube_control_plane' in group_names) and
-        sync_certs | default(false) and inventory_hostname not in groups['etcd']
+        sync_certs and inventory_hostname not in groups['etcd']
 
 - name: Gen_certs | Generate etcd certs on nodes if needed
   include_tasks: gen_nodes_certs_script.yml
@@ -142,7 +142,7 @@
     - kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally
     - kube_network_plugin != "calico" or calico_datastore == "etcd"
     - ('k8s_cluster' in group_names) and
-        sync_certs | default(false) and inventory_hostname not in groups['etcd']
+        sync_certs and inventory_hostname not in groups['etcd']
 
 # This is a hack around the fact kubeadm expect the same certs path on all kube_control_plane
 # TODO: fix certs generation to have the same file everywhere

roles/etcd/tasks/main.yml

@@ -84,7 +84,7 @@
   when:
     - ('etcd' in group_names)
     - etcd_cluster_setup
-    - etcd_secret_changed | default(false)
+    - etcd_secret_changed
 
 - name: Restart etcd-events if certs changed
   command: /bin/true
@@ -92,7 +92,7 @@
   when:
     - ('etcd' in group_names)
     - etcd_events_cluster_setup
-    - etcd_secret_changed | default(false)
+    - etcd_secret_changed
 
 # After etcd cluster is assembled, make sure that
 # initial state of the cluster is in `existing`