Add ansible-lint job
Sem-Ver: feature
Change-Id: I58c32382b8122c8e56e71c601c64dad411dbb687
diff --git a/roles/kubernetes/files/haproxy.yaml b/roles/kubernetes/files/haproxy.yaml
index 0c8f04f..0d6ea23 100644
--- a/roles/kubernetes/files/haproxy.yaml
+++ b/roles/kubernetes/files/haproxy.yaml
@@ -5,23 +5,23 @@
namespace: kube-system
spec:
containers:
- - image: haproxy:2.5
- name: haproxy
- livenessProbe:
- failureThreshold: 8
- httpGet:
- host: localhost
- path: /healthz
- port: 6443
- scheme: HTTPS
- volumeMounts:
- - mountPath: /usr/local/etc/haproxy/haproxy.cfg
- name: haproxyconf
- readOnly: true
+ - image: haproxy:2.5
+ name: haproxy
+ livenessProbe:
+ failureThreshold: 8
+ httpGet:
+ host: localhost
+ path: /healthz
+ port: 6443
+ scheme: HTTPS
+ volumeMounts:
+ - mountPath: /usr/local/etc/haproxy/haproxy.cfg
+ name: haproxyconf
+ readOnly: true
hostNetwork: true
volumes:
- - hostPath:
- path: /etc/haproxy/haproxy.cfg
- type: FileOrCreate
- name: haproxyconf
+ - hostPath:
+ path: /etc/haproxy/haproxy.cfg
+ type: FileOrCreate
+ name: haproxyconf
status: {}
diff --git a/roles/kubernetes/files/keepalived.yaml b/roles/kubernetes/files/keepalived.yaml
index 643ebbe..5926af8 100644
--- a/roles/kubernetes/files/keepalived.yaml
+++ b/roles/kubernetes/files/keepalived.yaml
@@ -6,27 +6,27 @@
namespace: kube-system
spec:
containers:
- - name: keepalived
- image: us-docker.pkg.dev/vexxhost-infra/openstack/keepalived:2.0.19
- command: ["keepalived", "-f", "/etc/keepalived/keepalived.conf", "--dont-fork", "--log-console", "--log-detail", "--dump-conf"]
- resources: {}
- securityContext:
- capabilities:
- add:
- - NET_ADMIN
- - NET_BROADCAST
- - NET_RAW
- volumeMounts:
- - mountPath: /etc/keepalived/keepalived.conf
- name: config
- - mountPath: /etc/keepalived/check_apiserver.sh
- name: check
+ - name: keepalived
+ image: us-docker.pkg.dev/vexxhost-infra/openstack/keepalived:2.0.19
+ command: ["keepalived", "-f", "/etc/keepalived/keepalived.conf", "--dont-fork", "--log-console", "--log-detail", "--dump-conf"]
+ resources: {}
+ securityContext:
+ capabilities:
+ add:
+ - NET_ADMIN
+ - NET_BROADCAST
+ - NET_RAW
+ volumeMounts:
+ - mountPath: /etc/keepalived/keepalived.conf
+ name: config
+ - mountPath: /etc/keepalived/check_apiserver.sh
+ name: check
hostNetwork: true
volumes:
- - hostPath:
- path: /etc/keepalived/keepalived.conf
- name: config
- - hostPath:
- path: /etc/keepalived/check_apiserver.sh
- name: check
+ - hostPath:
+ path: /etc/keepalived/keepalived.conf
+ name: config
+ - hostPath:
+ path: /etc/keepalived/check_apiserver.sh
+ name: check
status: {}
diff --git a/roles/kubernetes/meta/main.yml b/roles/kubernetes/meta/main.yml
index ca80af7..05a6305 100644
--- a/roles/kubernetes/meta/main.yml
+++ b/roles/kubernetes/meta/main.yml
@@ -12,5 +12,15 @@
# License for the specific language governing permissions and limitations
# under the License.
+galaxy_info:
+ author: VEXXHOST, Inc.
+ description: Ansible role for Kubernetes
+ license: Apache-2.0
+ min_ansible_version: 5.5.0
+ platforms:
+ - name: Ubuntu
+ versions:
+ - focal
+
dependencies:
- role: containerd
diff --git a/roles/kubernetes/tasks/bootstrap-cluster.yml b/roles/kubernetes/tasks/bootstrap-cluster.yml
index 8231267..4696b42 100644
--- a/roles/kubernetes/tasks/bootstrap-cluster.yml
+++ b/roles/kubernetes/tasks/bootstrap-cluster.yml
@@ -20,7 +20,7 @@
register: _kubernetes_stat
loop: "{{ groups[kubernetes_control_plane_group] }}"
delegate_to: "{{ item }}"
- delegate_facts: True
+ delegate_facts: true
- name: Pick node from pre-existing cluster
ansible.builtin.set_fact:
@@ -40,6 +40,9 @@
ansible.builtin.template:
src: kubeadm.yaml.j2
dest: /etc/kubernetes/kubeadm.yaml
+ owner: root
+ group: root
+ mode: 0640
when: inventory_hostname == _kubernetes_bootstrap_node
- name: Initialize cluster
diff --git a/roles/kubernetes/tasks/control-plane.yml b/roles/kubernetes/tasks/control-plane.yml
index cbb8752..829b82f 100644
--- a/roles/kubernetes/tasks/control-plane.yml
+++ b/roles/kubernetes/tasks/control-plane.yml
@@ -18,10 +18,16 @@
ansible.builtin.file:
dest: /etc/keepalived
state: directory
+ owner: root
+ group: root
+ mode: 0755
- name: Upload configuration
ansible.builtin.template:
src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
+ owner: root
+ group: root
+ mode: 0644
- name: Upload health check
ansible.builtin.template:
src: check_apiserver.sh.j2
@@ -31,6 +37,9 @@
ansible.builtin.copy:
src: keepalived.yaml
dest: /etc/kubernetes/manifests/keepalived.yaml
+ owner: root
+ group: root
+ mode: 0644
- name: Upload configuration for HAproxy
block:
@@ -38,14 +47,23 @@
ansible.builtin.file:
dest: /etc/haproxy
state: directory
+ owner: root
+ group: root
+ mode: 0755
- name: Upload configuration
ansible.builtin.template:
src: haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
+ owner: root
+ group: root
+ mode: 0644
- name: Upload Kubernetes manifest
ansible.builtin.copy:
src: haproxy.yaml
dest: /etc/kubernetes/manifests/haproxy.yaml
+ owner: root
+ group: root
+ mode: 0644
- name: Bootstrap cluster
include_tasks: bootstrap-cluster.yml
@@ -54,6 +72,9 @@
ansible.builtin.file:
path: /root/.kube
state: directory
+ owner: root
+ group: root
+ mode: 0750
- name: copy admin configuration file
ansible.builtin.copy:
@@ -75,7 +96,7 @@
run_once: true
ansible.builtin.shell: |
kubectl taint nodes --all node-role.kubernetes.io/master-
- ignore_errors: true
+ failed_when: false
changed_when: false
- name: Add labels to control plane nodes
diff --git a/roles/kubernetes/tasks/join-cluster.yml b/roles/kubernetes/tasks/join-cluster.yml
index b65e347..1b3e6dc 100644
--- a/roles/kubernetes/tasks/join-cluster.yml
+++ b/roles/kubernetes/tasks/join-cluster.yml
@@ -20,8 +20,7 @@
- name: Generate control-plane certificates for joining cluster
run_once: true
delegate_to: "{{ _kubernetes_bootstrap_node | default(groups[kubernetes_control_plane_group][0]) }}"
- ansible.builtin.shell: |
- kubeadm init phase upload-certs --upload-certs 2>/dev/null | grep -v upload-certs
+ ansible.builtin.command: kubeadm init phase upload-certs --upload-certs
changed_when: false
register: _kubeadm_init_upload_certs
when:
@@ -50,6 +49,9 @@
ansible.builtin.template:
src: kubeadm.yaml.j2
dest: /etc/kubernetes/kubeadm.yaml
+ owner: root
+ group: root
+ mode: 0640
when:
- not _stat_etc_kubernetes_kubelet_conf.stat.exists
diff --git a/roles/kubernetes/tasks/main.yml b/roles/kubernetes/tasks/main.yml
index 383ce1f..0195921 100644
--- a/roles/kubernetes/tasks/main.yml
+++ b/roles/kubernetes/tasks/main.yml
@@ -16,12 +16,20 @@
ansible.builtin.copy:
src: apt-key.gpg
dest: /usr/share/keyrings/kubernetes-archive-keyring.gpg
+ owner: root
+ group: root
+ mode: 0644
when:
- kubernetes_repo_url == _kubernetes_upstream_apt_repository
- name: Add repository
ansible.builtin.apt_repository:
- repo: "deb {% if kubernetes_repo_url == _kubernetes_upstream_apt_repository %}[signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg]{% endif %} {{ kubernetes_repo_url }} kubernetes-xenial main"
+ repo:
+ deb
+ {% if kubernetes_repo_url == _kubernetes_upstream_apt_repository %}[signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg]{% endif %}
+ {{ kubernetes_repo_url }}
+ kubernetes-xenial
+ main
state: present
- name: Setup version pins
@@ -43,6 +51,9 @@
ansible.builtin.template:
src: modules-load.conf.j2
dest: /etc/modules-load.d/k8s.conf
+ owner: root
+ group: root
+ mode: 0644
- name: Enable kernel modules in runtime
community.general.modprobe:
diff --git a/roles/kubernetes/tasks/nodes.yml b/roles/kubernetes/tasks/nodes.yml
index bc11ac5..5b4f688 100644
--- a/roles/kubernetes/tasks/nodes.yml
+++ b/roles/kubernetes/tasks/nodes.yml
@@ -13,7 +13,7 @@
# under the License.
- name: Check if Kubernetes is already deployed
- stat:
+ ansible.builtin.stat:
path: /etc/kubernetes/kubelet.conf
register: _kubernetes_kubelet
diff --git a/roles/kubernetes/templates/kubeadm.yaml.j2 b/roles/kubernetes/templates/kubeadm.yaml.j2
index cc30dfd..5598b07 100644
--- a/roles/kubernetes/templates/kubeadm.yaml.j2
+++ b/roles/kubernetes/templates/kubeadm.yaml.j2
@@ -26,7 +26,7 @@
controlPlane:
localAPIEndpoint:
bindPort: 16443
- certificateKey: {{ _kubeadm_init_upload_certs.stdout | trim }}
+ certificateKey: {{ _kubeadm_init_upload_certs.stdout_lines[-1] | trim }}
{% endif %}
{% endif %}
---