Add ansible-lint job Sem-Ver: feature Change-Id: I58c32382b8122c8e56e71c601c64dad411dbb687

commit: 511c3fa653f2b3f8d706a8d189ef20bce13c0baa [log] [tgz]
author: Mohammed Naser <mnaser@vexxhost.com> Thu Mar 17 17:54:10 2022 -0400
committer: Mohammed Naser <mnaser@vexxhost.com> Thu Mar 17 23:28:57 2022 -0400
tree: c7c2408bb74f46e9e8314f214fc7b834472e5d09
parent: 498593aa86872c8fdfaa9dfcf07b0c71261b7db5 [diff]
diff --git a/roles/kubernetes/tasks/bootstrap-cluster.yml b/roles/kubernetes/tasks/bootstrap-cluster.yml
index 8231267..4696b42 100644
--- a/roles/kubernetes/tasks/bootstrap-cluster.yml
+++ b/roles/kubernetes/tasks/bootstrap-cluster.yml

@@ -20,7 +20,7 @@
       register: _kubernetes_stat
       loop: "{{ groups[kubernetes_control_plane_group] }}"
       delegate_to: "{{ item }}"
-      delegate_facts: True
+      delegate_facts: true
 
 - name: Pick node from pre-existing cluster
   ansible.builtin.set_fact:
@@ -40,6 +40,9 @@
   ansible.builtin.template:
     src: kubeadm.yaml.j2
     dest: /etc/kubernetes/kubeadm.yaml
+    owner: root
+    group: root
+    mode: 0640
   when: inventory_hostname == _kubernetes_bootstrap_node
 
 - name: Initialize cluster

diff --git a/roles/kubernetes/tasks/control-plane.yml b/roles/kubernetes/tasks/control-plane.yml
index cbb8752..829b82f 100644
--- a/roles/kubernetes/tasks/control-plane.yml
+++ b/roles/kubernetes/tasks/control-plane.yml

@@ -18,10 +18,16 @@
       ansible.builtin.file:
         dest: /etc/keepalived
         state: directory
+        owner: root
+        group: root
+        mode: 0755
     - name: Upload configuration
       ansible.builtin.template:
         src: keepalived.conf.j2
         dest: /etc/keepalived/keepalived.conf
+        owner: root
+        group: root
+        mode: 0644
     - name: Upload health check
       ansible.builtin.template:
         src: check_apiserver.sh.j2
@@ -31,6 +37,9 @@
       ansible.builtin.copy:
         src: keepalived.yaml
         dest: /etc/kubernetes/manifests/keepalived.yaml
+        owner: root
+        group: root
+        mode: 0644
 
 - name: Upload configuration for HAproxy
   block:
@@ -38,14 +47,23 @@
       ansible.builtin.file:
         dest: /etc/haproxy
         state: directory
+        owner: root
+        group: root
+        mode: 0755
     - name: Upload configuration
       ansible.builtin.template:
         src: haproxy.cfg.j2
         dest: /etc/haproxy/haproxy.cfg
+        owner: root
+        group: root
+        mode: 0644
     - name: Upload Kubernetes manifest
       ansible.builtin.copy:
         src: haproxy.yaml
         dest: /etc/kubernetes/manifests/haproxy.yaml
+        owner: root
+        group: root
+        mode: 0644
 
 - name: Bootstrap cluster
   include_tasks: bootstrap-cluster.yml
@@ -54,6 +72,9 @@
   ansible.builtin.file:
     path: /root/.kube
     state: directory
+    owner: root
+    group: root
+    mode: 0750
 
 - name: copy admin configuration file
   ansible.builtin.copy:
@@ -75,7 +96,7 @@
   run_once: true
   ansible.builtin.shell: |
     kubectl taint nodes --all node-role.kubernetes.io/master-
-  ignore_errors: true
+  failed_when: false
   changed_when: false
 
 - name: Add labels to control plane nodes

diff --git a/roles/kubernetes/tasks/join-cluster.yml b/roles/kubernetes/tasks/join-cluster.yml
index b65e347..1b3e6dc 100644
--- a/roles/kubernetes/tasks/join-cluster.yml
+++ b/roles/kubernetes/tasks/join-cluster.yml

@@ -20,8 +20,7 @@
 - name: Generate control-plane certificates for joining cluster
   run_once: true
   delegate_to: "{{ _kubernetes_bootstrap_node | default(groups[kubernetes_control_plane_group][0]) }}"
-  ansible.builtin.shell: |
-    kubeadm init phase upload-certs --upload-certs 2>/dev/null | grep -v upload-certs
+  ansible.builtin.command: kubeadm init phase upload-certs --upload-certs
   changed_when: false
   register: _kubeadm_init_upload_certs
   when:
@@ -50,6 +49,9 @@
   ansible.builtin.template:
     src: kubeadm.yaml.j2
     dest: /etc/kubernetes/kubeadm.yaml
+    owner: root
+    group: root
+    mode: 0640
   when:
     - not _stat_etc_kubernetes_kubelet_conf.stat.exists
 

diff --git a/roles/kubernetes/tasks/main.yml b/roles/kubernetes/tasks/main.yml
index 383ce1f..0195921 100644
--- a/roles/kubernetes/tasks/main.yml
+++ b/roles/kubernetes/tasks/main.yml

@@ -16,12 +16,20 @@
   ansible.builtin.copy:
     src: apt-key.gpg
     dest: /usr/share/keyrings/kubernetes-archive-keyring.gpg
+    owner: root
+    group: root
+    mode: 0644
   when:
     - kubernetes_repo_url == _kubernetes_upstream_apt_repository
 
 - name: Add repository
   ansible.builtin.apt_repository:
-    repo: "deb {% if kubernetes_repo_url == _kubernetes_upstream_apt_repository %}[signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg]{% endif %} {{ kubernetes_repo_url }} kubernetes-xenial main"
+    repo:
+      deb
+      {% if kubernetes_repo_url == _kubernetes_upstream_apt_repository %}[signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg]{% endif %}
+      {{ kubernetes_repo_url }}
+      kubernetes-xenial
+      main
     state: present
 
 - name: Setup version pins
@@ -43,6 +51,9 @@
   ansible.builtin.template:
     src: modules-load.conf.j2
     dest: /etc/modules-load.d/k8s.conf
+    owner: root
+    group: root
+    mode: 0644
 
 - name: Enable kernel modules in runtime
   community.general.modprobe:

diff --git a/roles/kubernetes/tasks/nodes.yml b/roles/kubernetes/tasks/nodes.yml
index bc11ac5..5b4f688 100644
--- a/roles/kubernetes/tasks/nodes.yml
+++ b/roles/kubernetes/tasks/nodes.yml

@@ -13,7 +13,7 @@
 # under the License.
 
 - name: Check if Kubernetes is already deployed
-  stat:
+  ansible.builtin.stat:
     path: /etc/kubernetes/kubelet.conf
   register: _kubernetes_kubelet
commit	511c3fa653f2b3f8d706a8d189ef20bce13c0baa	[log] [tgz]
author	Mohammed Naser <mnaser@vexxhost.com>	Thu Mar 17 17:54:10 2022 -0400
committer	Mohammed Naser <mnaser@vexxhost.com>	Thu Mar 17 23:28:57 2022 -0400
tree	c7c2408bb74f46e9e8314f214fc7b834472e5d09
parent	498593aa86872c8fdfaa9dfcf07b0c71261b7db5 [diff]