diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 948ef2983e10f25d63a206ea0cd4ed40929a93a1..6a456f9df86f71c1e6c4c515bfe9598831b6f9a0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -18,10 +18,7 @@ variables:
# us-west1-a
before_script:
- - pip install ansible==2.3.0
- - pip install netaddr
- - pip install apache-libcloud==0.20.1
- - pip install boto==2.9.0
+ - pip install -r tests/requirements.txt
- mkdir -p /.ssh
- cp tests/ansible.cfg .
@@ -75,10 +72,7 @@ before_script:
- $HOME/.cache
before_script:
- docker info
- - pip install ansible==2.3.0
- - pip install netaddr
- - pip install apache-libcloud==0.20.1
- - pip install boto==2.9.0
+ - pip install -r tests/requirements.txt
- mkdir -p /.ssh
- mkdir -p $HOME/.ssh
- echo $PRIVATE_KEY | base64 -d > $HOME/.ssh/id_rsa
@@ -642,6 +636,13 @@ syntax-check:
- ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root extra_playbooks/upgrade-only-k8s.yml -vvv --syntax-check
except: ['triggers', 'master']
+yamllint:
+ <<: *job
+ stage: unit-tests
+ script:
+ - yamllint roles
+ except: ['triggers', 'master']
+
tox-inventory-builder:
stage: unit-tests
<<: *job
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000000000000000000000000000000000000..50e7b167e88dbfcf78d0776e83438e2e4d2118d1
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,16 @@
+---
+extends: default
+
+rules:
+ braces:
+ min-spaces-inside: 0
+ max-spaces-inside: 1
+ brackets:
+ min-spaces-inside: 0
+ max-spaces-inside: 1
+ indentation:
+ spaces: 2
+ indent-sequences: consistent
+ line-length: disable
+ new-line-at-end-of-file: disable
+ truthy: disable
diff --git a/roles/bootstrap-os/tasks/bootstrap-coreos.yml b/roles/bootstrap-os/tasks/bootstrap-coreos.yml
index 892da1c04463ca106456e4848a3e475ff2bda7f2..2a227105585feba85415ddfffd51c5dbe322a75b 100644
--- a/roles/bootstrap-os/tasks/bootstrap-coreos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-coreos.yml
@@ -49,4 +49,3 @@
pip:
name: "{{ item }}"
with_items: "{{pip_python_modules}}"
-
diff --git a/roles/bootstrap-os/tasks/main.yml b/roles/bootstrap-os/tasks/main.yml
index 73268031e8027076848aa9bda4b177ae41825f78..e7cb01b1394eb539353657fc031764c69df15faa 100644
--- a/roles/bootstrap-os/tasks/main.yml
+++ b/roles/bootstrap-os/tasks/main.yml
@@ -27,4 +27,3 @@
hostname:
name: "{{inventory_hostname}}"
when: ansible_hostname == 'localhost'
-
diff --git a/roles/bootstrap-os/tasks/setup-pipelining.yml b/roles/bootstrap-os/tasks/setup-pipelining.yml
index 7143f260efd28dd92b3a0bc0790eed8d24dcf14e..559cef25e343a1a114167440c4d81daecc7e0828 100644
--- a/roles/bootstrap-os/tasks/setup-pipelining.yml
+++ b/roles/bootstrap-os/tasks/setup-pipelining.yml
@@ -6,4 +6,3 @@
regexp: '^\w+\s+requiretty'
dest: /etc/sudoers
state: absent
-
diff --git a/roles/dnsmasq/defaults/main.yml b/roles/dnsmasq/defaults/main.yml
index bf670c788a9b6fe45f2c38373edbaddf901db757..15fb7f1693879488354f2a2ecc8429e8dc59a7b8 100644
--- a/roles/dnsmasq/defaults/main.yml
+++ b/roles/dnsmasq/defaults/main.yml
@@ -4,12 +4,12 @@
# Max of 4 names is allowed and no more than 256 - 17 chars total
# (a 2 is reserved for the 'default.svc.' and'svc.')
-#searchdomains:
-# - foo.bar.lc
+# searchdomains:
+# - foo.bar.lc
# Max of 2 is allowed here (a 1 is reserved for the dns_server)
-#nameservers:
-# - 127.0.0.1
+# nameservers:
+# - 127.0.0.1
dns_forward_max: 150
cache_size: 1000
diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml
index edc50703ddc829971a843699df3471a9cadcee63..56ec80d98cadbcea249d6ce2ed0818b3bdc031b9 100644
--- a/roles/dnsmasq/tasks/main.yml
+++ b/roles/dnsmasq/tasks/main.yml
@@ -86,4 +86,3 @@
port: 53
timeout: 180
when: inventory_hostname == groups['kube-node'][0] and groups['kube-node'][0] in ansible_play_hosts
-
diff --git a/roles/dnsmasq/templates/dnsmasq-autoscaler.yml b/roles/dnsmasq/templates/dnsmasq-autoscaler.yml
index 4e5e2ddcc82e665c2672a217c0e5ef2ed1178ad2..aff99f08db3e06f5f16c6eea01420d10e5014845 100644
--- a/roles/dnsmasq/templates/dnsmasq-autoscaler.yml
+++ b/roles/dnsmasq/templates/dnsmasq-autoscaler.yml
@@ -1,3 +1,4 @@
+---
# Copyright 2016 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,17 +35,16 @@ spec:
- name: autoscaler
image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.1
resources:
- requests:
- cpu: "20m"
- memory: "10Mi"
+ requests:
+ cpu: "20m"
+ memory: "10Mi"
command:
- - /cluster-proportional-autoscaler
- - --namespace=kube-system
- - --configmap=dnsmasq-autoscaler
- - --target=Deployment/dnsmasq
- # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
- # If using small nodes, "nodesPerReplica" should dominate.
- - --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}}
- - --logtostderr=true
- - --v={{ kube_log_level }}
-
+ - /cluster-proportional-autoscaler
+ - --namespace=kube-system
+ - --configmap=dnsmasq-autoscaler
+ - --target=Deployment/dnsmasq
+ # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
+ # If using small nodes, "nodesPerReplica" should dominate.
+ - --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}}
+ - --logtostderr=true
+ - --v={{ kube_log_level }}
diff --git a/roles/dnsmasq/templates/dnsmasq-deploy.yml b/roles/dnsmasq/templates/dnsmasq-deploy.yml
index e811e199596de09262f0a79865cd99eaae42daf0..6f11363b34f50c7d766439dfe05f135081c27c79 100644
--- a/roles/dnsmasq/templates/dnsmasq-deploy.yml
+++ b/roles/dnsmasq/templates/dnsmasq-deploy.yml
@@ -35,7 +35,6 @@ spec:
capabilities:
add:
- NET_ADMIN
- imagePullPolicy: IfNotPresent
resources:
limits:
cpu: {{ dns_cpu_limit }}
@@ -64,4 +63,3 @@ spec:
hostPath:
path: /etc/dnsmasq.d-available
dnsPolicy: Default # Don't use cluster DNS.
-
diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
index e262d908a65b0f656f9793172a420013a14a02b3..fa29b32f26b3fb4f83ee81050ee3ec7697b21e32 100644
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -1,3 +1,4 @@
+---
docker_version: '1.13'
docker_package_info:
diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml
index 90d7aacb8f41ca99743c7074bab3f24180c0670b..a43d843ee3757533d9b50c7ef8adcbda427e9cb4 100644
--- a/roles/docker/handlers/main.yml
+++ b/roles/docker/handlers/main.yml
@@ -8,7 +8,7 @@
- Docker | pause while Docker restarts
- Docker | wait for docker
-- name : Docker | reload systemd
+- name: Docker | reload systemd
shell: systemctl daemon-reload
- name: Docker | reload docker.socket
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 09240bf9dda739e86303278efeb2efb4e41adc6f..ef7e7fe8d9dde21d0d1c624b3c5af6e2bf32c49a 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -3,14 +3,14 @@
include_vars: "{{ item }}"
with_first_found:
- files:
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
- - "{{ ansible_distribution|lower }}.yml"
- - "{{ ansible_os_family|lower }}.yml"
- - defaults.yml
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
+ - "{{ ansible_distribution|lower }}.yml"
+ - "{{ ansible_os_family|lower }}.yml"
+ - defaults.yml
paths:
- - ../vars
+ - ../vars
skip: true
tags: facts
diff --git a/roles/docker/tasks/set_facts_dns.yml b/roles/docker/tasks/set_facts_dns.yml
index 64a09bff29d4430979416066fe3d0d2545cbbc45..13f342ea9142e0c70657b75d20cb18c5a4283f7f 100644
--- a/roles/docker/tasks/set_facts_dns.yml
+++ b/roles/docker/tasks/set_facts_dns.yml
@@ -48,7 +48,7 @@
- name: add system search domains to docker options
set_fact:
docker_dns_search_domains: "{{ docker_dns_search_domains | union(system_search_domains.stdout.split(' ')|default([])) | unique }}"
- when: system_search_domains.stdout != ""
+ when: system_search_domains.stdout != ""
- name: check number of nameservers
fail:
diff --git a/roles/docker/vars/debian.yml b/roles/docker/vars/debian.yml
index a4689ffbc55ad3feb3d80f72bfa6e3e490e5c104..240e86ea4e60f001e20d0306c3c6404a89f61f11 100644
--- a/roles/docker/vars/debian.yml
+++ b/roles/docker/vars/debian.yml
@@ -1,3 +1,4 @@
+---
docker_kernel_min_version: '3.10'
# https://apt.dockerproject.org/repo/dists/debian-wheezy/main/filelist
diff --git a/roles/docker/vars/fedora-20.yml b/roles/docker/vars/fedora-20.yml
index c74cd9f2829e7ff7fee8f3305fba6f28b6b7cdd1..31d431ee875a3e16457f7f2696af5d2261a339b3 100644
--- a/roles/docker/vars/fedora-20.yml
+++ b/roles/docker/vars/fedora-20.yml
@@ -1,3 +1,4 @@
+---
docker_kernel_min_version: '0'
# versioning: docker-io itself is pinned at docker 1.5
diff --git a/roles/docker/vars/fedora.yml b/roles/docker/vars/fedora.yml
index f89c90a5216f8c6a1209912cd09f06f63a15cfc7..b82e5fc30e31dc93f8052c2e226bc94967ffed21 100644
--- a/roles/docker/vars/fedora.yml
+++ b/roles/docker/vars/fedora.yml
@@ -1,3 +1,4 @@
+---
docker_kernel_min_version: '0'
# https://docs.docker.com/engine/installation/linux/fedora/#install-from-a-package
diff --git a/roles/docker/vars/redhat.yml b/roles/docker/vars/redhat.yml
index 7abf2cda700fb9108a95b37a4c57f13a78c16921..8b20def55799d139d382fdf50b92b99141696346 100644
--- a/roles/docker/vars/redhat.yml
+++ b/roles/docker/vars/redhat.yml
@@ -1,3 +1,4 @@
+---
docker_kernel_min_version: '0'
# https://yum.dockerproject.org/repo/main/centos/7/Packages/
@@ -8,7 +9,7 @@ docker_versioned_pkg:
'1.12': docker-engine-1.12.6-1.el7.centos
'1.13': docker-engine-1.13.1-1.el7.centos
'stable': docker-engine-17.03.0.ce-1.el7.centos
- 'edge': docker-engine-17.03.0.ce-1.el7.centos
+ 'edge': docker-engine-17.03.0.ce-1.el7.centos
# https://docs.docker.com/engine/installation/linux/centos/#install-from-a-package
# https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index e5a4aa31b8c547a6f5375aa1bf593844bfc2de97..e5d24072b5a335b1ba76f285120be9773e604b2d 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -20,7 +20,7 @@ download_always_pull: False
# Versions
kube_version: v1.7.3
etcd_version: v3.2.4
-#TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
+# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
# after migration to container download
calico_version: "v1.1.3"
calico_cni_version: "v1.8.0"
diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml
index 24d1b5bcabd24405d49172c28f592cf9705b50ae..f9ae253d12335f84f8accc333a3cb9e81ad5654e 100644
--- a/roles/download/tasks/main.yml
+++ b/roles/download/tasks/main.yml
@@ -111,7 +111,7 @@
- download.enabled|bool
- download.container|bool
-#NOTE(bogdando) this brings no docker-py deps for nodes
+# NOTE(bogdando) this brings no docker-py deps for nodes
- name: Download containers if pull is required or told to always pull
command: "{{ docker_bin_dir }}/docker pull {{ pull_args }}"
register: pull_task_result
diff --git a/roles/etcd/defaults/main.yml b/roles/etcd/defaults/main.yml
index 7d1d976afaa636fcab0435830b338f37a982ef3c..6b6fde38d16af7e07a92d124535c53741a8ebdf7 100644
--- a/roles/etcd/defaults/main.yml
+++ b/roles/etcd/defaults/main.yml
@@ -21,7 +21,7 @@ etcd_metrics: "basic"
etcd_memory_limit: 512M
# Uncomment to set CPU share for etcd
-#etcd_cpu_limit: 300m
+# etcd_cpu_limit: 300m
etcd_node_cert_hosts: "{{ groups['k8s-cluster'] | union(groups.get('calico-rr', [])) }}"
diff --git a/roles/etcd/handlers/backup.yml b/roles/etcd/handlers/backup.yml
index 68fe71f07f47d3d4424375e0ee9d90e358fe32d3..7ec42f4b6e0c4cd30760a7624afa0b517917bc4c 100644
--- a/roles/etcd/handlers/backup.yml
+++ b/roles/etcd/handlers/backup.yml
@@ -43,4 +43,3 @@
ETCDCTL_API: 3
retries: 3
delay: "{{ retry_stagger | random + 3 }}"
-
diff --git a/roles/etcd/handlers/main.yml b/roles/etcd/handlers/main.yml
index 45da999ee678aac3eebed9ffdbd4810252b01b30..2575c25a4900f7cb4c9895d41e50bf0713518f00 100644
--- a/roles/etcd/handlers/main.yml
+++ b/roles/etcd/handlers/main.yml
@@ -30,4 +30,3 @@
- name: set etcd_secret_changed
set_fact:
etcd_secret_changed: true
-
diff --git a/roles/etcd/tasks/check_certs.yml b/roles/etcd/tasks/check_certs.yml
index fe96ea01c42cd78528816cff3e7f0656883ae50e..8795fe820cbc3681dbf9c4ac9469d519b0e858b8 100644
--- a/roles/etcd/tasks/check_certs.yml
+++ b/roles/etcd/tasks/check_certs.yml
@@ -66,4 +66,3 @@
{%- set _ = certs.update({'sync': True}) -%}
{% endif %}
{{ certs.sync }}
-
diff --git a/roles/etcd/tasks/gen_certs_script.yml b/roles/etcd/tasks/gen_certs_script.yml
index f70c6ee212c47de0aad7f93c0006487460505c9f..000f6842bf592fc348d904b2aee15c7ca8340006 100644
--- a/roles/etcd/tasks/gen_certs_script.yml
+++ b/roles/etcd/tasks/gen_certs_script.yml
@@ -73,11 +73,10 @@
'member-{{ node }}-key.pem',
{% endfor %}]"
my_master_certs: ['ca-key.pem',
- 'admin-{{ inventory_hostname }}.pem',
- 'admin-{{ inventory_hostname }}-key.pem',
- 'member-{{ inventory_hostname }}.pem',
- 'member-{{ inventory_hostname }}-key.pem'
- ]
+ 'admin-{{ inventory_hostname }}.pem',
+ 'admin-{{ inventory_hostname }}-key.pem',
+ 'member-{{ inventory_hostname }}.pem',
+ 'member-{{ inventory_hostname }}-key.pem']
all_node_certs: "['ca.pem',
{% for node in (groups['k8s-cluster'] + groups['calico-rr']|default([]))|unique %}
'node-{{ node }}.pem',
@@ -111,22 +110,22 @@
sync_certs|default(false) and inventory_hostname not in groups['etcd']
notify: set etcd_secret_changed
-#NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
-#char limit when using shell command
-
-#FIXME(mattymo): Use tempfile module in ansible 2.3
-- name: Gen_certs | Prepare tempfile for unpacking certs
- shell: mktemp /tmp/certsXXXXX.tar.gz
- register: cert_tempfile
+# NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
+# char limit when using shell command
+
+# FIXME(mattymo): Use tempfile module in ansible 2.3
+- name: Gen_certs | Prepare tempfile for unpacking certs
+ shell: mktemp /tmp/certsXXXXX.tar.gz
+ register: cert_tempfile
when: inventory_hostname in groups['etcd'] and sync_certs|default(false) and
- inventory_hostname != groups['etcd'][0]
-
-- name: Gen_certs | Write master certs to tempfile
- copy:
- content: "{{etcd_master_cert_data.stdout}}"
- dest: "{{cert_tempfile.stdout}}"
- owner: root
- mode: "0600"
+ inventory_hostname != groups['etcd'][0]
+
+- name: Gen_certs | Write master certs to tempfile
+ copy:
+ content: "{{etcd_master_cert_data.stdout}}"
+ dest: "{{cert_tempfile.stdout}}"
+ owner: root
+ mode: "0600"
when: inventory_hostname in groups['etcd'] and sync_certs|default(false) and
inventory_hostname != groups['etcd'][0]
diff --git a/roles/etcd/tasks/gen_certs_vault.yml b/roles/etcd/tasks/gen_certs_vault.yml
index a0bf6cfdcede2d771e1c4e3bc066aeacb9e97304..e59d376e9f51e63086cba1e5614d0a15c579155e 100644
--- a/roles/etcd/tasks/gen_certs_vault.yml
+++ b/roles/etcd/tasks/gen_certs_vault.yml
@@ -7,7 +7,6 @@
when: inventory_hostname in etcd_node_cert_hosts
tags: etcd-secrets
-
- name: gen_certs_vault | Read in the local credentials
command: cat /etc/vault/roles/etcd/userpass
register: etcd_vault_creds_cat
@@ -33,15 +32,15 @@
- name: gen_certs_vault | Set fact for vault_client_token
set_fact:
- vault_client_token: "{{ etcd_vault_login_result.get('json', {}).get('auth', {}).get('client_token') }}"
+ vault_client_token: "{{ etcd_vault_login_result.get('json', {}).get('auth', {}).get('client_token') }}"
run_once: true
- name: gen_certs_vault | Set fact for Vault API token
set_fact:
etcd_vault_headers:
- Accept: application/json
- Content-Type: application/json
- X-Vault-Token: "{{ vault_client_token }}"
+ Accept: application/json
+ Content-Type: application/json
+ X-Vault-Token: "{{ vault_client_token }}"
run_once: true
when: vault_client_token != ""
@@ -96,5 +95,3 @@
with_items: "{{ etcd_node_certs_needed|d([]) }}"
when: inventory_hostname in etcd_node_cert_hosts
notify: set etcd_secret_changed
-
-
diff --git a/roles/etcd/tasks/install_docker.yml b/roles/etcd/tasks/install_docker.yml
index f87caeb4c2fb306ac1cc89d0e092d72b9f112358..76eead2a26ffb84ae1307a58be103a8386ec5b18 100644
--- a/roles/etcd/tasks/install_docker.yml
+++ b/roles/etcd/tasks/install_docker.yml
@@ -1,5 +1,5 @@
---
-#Plan A: no docker-py deps
+# Plan A: no docker-py deps
- name: Install | Copy etcdctl binary from docker container
command: sh -c "{{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy;
{{ docker_bin_dir }}/docker create --name etcdctl-binarycopy {{ etcd_image_repo }}:{{ etcd_image_tag }} &&
@@ -12,21 +12,21 @@
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false
-#Plan B: looks nicer, but requires docker-py on all hosts:
-#- name: Install | Set up etcd-binarycopy container
-# docker:
-# name: etcd-binarycopy
-# state: present
-# image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
-# when: etcd_deployment_type == "docker"
+# Plan B: looks nicer, but requires docker-py on all hosts:
+# - name: Install | Set up etcd-binarycopy container
+# docker:
+# name: etcd-binarycopy
+# state: present
+# image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
+# when: etcd_deployment_type == "docker"
#
-#- name: Install | Copy etcdctl from etcd-binarycopy container
-# command: /usr/bin/docker cp "etcd-binarycopy:{{ etcd_container_bin_dir }}etcdctl" "{{ bin_dir }}/etcdctl"
-# when: etcd_deployment_type == "docker"
+# - name: Install | Copy etcdctl from etcd-binarycopy container
+# command: /usr/bin/docker cp "etcd-binarycopy:{{ etcd_container_bin_dir }}etcdctl" "{{ bin_dir }}/etcdctl"
+# when: etcd_deployment_type == "docker"
#
-#- name: Install | Clean up etcd-binarycopy container
-# docker:
-# name: etcd-binarycopy
-# state: absent
-# image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
-# when: etcd_deployment_type == "docker"
+# - name: Install | Clean up etcd-binarycopy container
+# docker:
+# name: etcd-binarycopy
+# state: absent
+# image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
+# when: etcd_deployment_type == "docker"
diff --git a/roles/etcd/tasks/pre_upgrade.yml b/roles/etcd/tasks/pre_upgrade.yml
index 0f171094ac088393697f27056b21fa7f69689699..e86a0d947dbe230cb3199c88f5b9165bdd86363b 100644
--- a/roles/etcd/tasks/pre_upgrade.yml
+++ b/roles/etcd/tasks/pre_upgrade.yml
@@ -1,3 +1,4 @@
+---
- name: "Pre-upgrade | check for etcd-proxy unit file"
stat:
path: /etc/systemd/system/etcd-proxy.service
diff --git a/roles/etcd/tasks/refresh_config.yml b/roles/etcd/tasks/refresh_config.yml
index e6f8186d3534ac1cf0d7f1fdd2f679ee3cbbf54d..0691d1df9bd80bdeac2a2655dc148be1dbe424cc 100644
--- a/roles/etcd/tasks/refresh_config.yml
+++ b/roles/etcd/tasks/refresh_config.yml
@@ -1,7 +1,7 @@
---
- name: Refresh config | Create etcd config file
template:
- src: etcd.env.yml
+ src: etcd.env.j2
dest: /etc/etcd.env
notify: restart etcd
when: is_etcd_master
diff --git a/roles/etcd/tasks/sync_etcd_master_certs.yml b/roles/etcd/tasks/sync_etcd_master_certs.yml
index 27ce303e99dd30c9848e4a22806f917d86b6357b..d436c97f56367580054f46736d5cfce5acbdcf67 100644
--- a/roles/etcd/tasks/sync_etcd_master_certs.yml
+++ b/roles/etcd/tasks/sync_etcd_master_certs.yml
@@ -1,7 +1,7 @@
---
- name: sync_etcd_master_certs | Create list of master certs needing creation
- set_fact:
+ set_fact:
etcd_master_cert_list: >-
{{ etcd_master_cert_list|default([]) + [
"admin-" + item + ".pem",
@@ -11,7 +11,7 @@
run_once: true
- include: ../../vault/tasks/shared/sync_file.yml
- vars:
+ vars:
sync_file: "{{ item }}"
sync_file_dir: "{{ etcd_cert_dir }}"
sync_file_hosts: "{{ groups.etcd }}"
diff --git a/roles/etcd/tasks/sync_etcd_node_certs.yml b/roles/etcd/tasks/sync_etcd_node_certs.yml
index 2f82dcffd84ca9b8c3760281a6e193af67aa9deb..e535168fcb6fb94da6e9eb4113e6b4c28bd2db3a 100644
--- a/roles/etcd/tasks/sync_etcd_node_certs.yml
+++ b/roles/etcd/tasks/sync_etcd_node_certs.yml
@@ -1,12 +1,12 @@
---
- name: sync_etcd_node_certs | Create list of node certs needing creation
- set_fact:
+ set_fact:
etcd_node_cert_list: "{{ etcd_node_cert_list|default([]) + ['node-' + item + '.pem'] }}"
with_items: "{{ etcd_node_cert_hosts }}"
- include: ../../vault/tasks/shared/sync_file.yml
- vars:
+ vars:
sync_file: "{{ item }}"
sync_file_dir: "{{ etcd_cert_dir }}"
sync_file_hosts: "{{ etcd_node_cert_hosts }}"
@@ -24,7 +24,7 @@
sync_file_results: []
- include: ../../vault/tasks/shared/sync_file.yml
- vars:
+ vars:
sync_file: ca.pem
sync_file_dir: "{{ etcd_cert_dir }}"
sync_file_hosts: "{{ etcd_node_cert_hosts }}"
diff --git a/roles/etcd/templates/etcd.env.yml b/roles/etcd/templates/etcd.env.j2
similarity index 100%
rename from roles/etcd/templates/etcd.env.yml
rename to roles/etcd/templates/etcd.env.j2
diff --git a/roles/kernel-upgrade/defaults/main.yml b/roles/kernel-upgrade/defaults/main.yml
index 8a111678513d61686367e29cdb3d9acc1268ac96..688e6e01855281d7b41029baee6311f037fc9b74 100644
--- a/roles/kernel-upgrade/defaults/main.yml
+++ b/roles/kernel-upgrade/defaults/main.yml
@@ -1,9 +1,8 @@
---
-
elrepo_key_url: 'https://www.elrepo.org/RPM-GPG-KEY-elrepo.org'
-elrepo_rpm : elrepo-release-7.0-3.el7.elrepo.noarch.rpm
-elrepo_mirror : http://www.elrepo.org
+elrepo_rpm: elrepo-release-7.0-3.el7.elrepo.noarch.rpm
+elrepo_mirror: http://www.elrepo.org
-elrepo_url : '{{elrepo_mirror}}/{{elrepo_rpm}}'
+elrepo_url: '{{elrepo_mirror}}/{{elrepo_rpm}}'
elrepo_kernel_package: "kernel-lt"
diff --git a/roles/kubernetes-apps/ansible/defaults/main.yml b/roles/kubernetes-apps/ansible/defaults/main.yml
index d42b2ffed23e2785e6150ccf0ab2a2fc47ca00fd..42c4a027dee2bb438106aee4909456fab892d51b 100644
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@@ -1,5 +1,6 @@
+---
# Versions
-kubedns_version : 1.14.2
+kubedns_version: 1.14.2
kubednsautoscaler_version: 1.1.1
# Limits for dnsmasq/kubedns apps
diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml
index e7bd934de3e489afb0a20a843e584856de24c53b..4f9b6ef1dc290639a8a5b0acd0c7e3752c22eafc 100644
--- a/roles/kubernetes-apps/ansible/tasks/main.yml
+++ b/roles/kubernetes-apps/ansible/tasks/main.yml
@@ -14,12 +14,12 @@
dest: "{{kube_config_dir}}/{{item.file}}"
with_items:
- {name: kubedns, file: kubedns-sa.yml, type: sa}
- - {name: kubedns, file: kubedns-deploy.yml, type: deployment}
+ - {name: kubedns, file: kubedns-deploy.yml.j2, type: deployment}
- {name: kubedns, file: kubedns-svc.yml, type: svc}
- {name: kubedns-autoscaler, file: kubedns-autoscaler-sa.yml, type: sa}
- {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrole.yml, type: clusterrole}
- {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding}
- - {name: kubedns-autoscaler, file: kubedns-autoscaler.yml, type: deployment}
+ - {name: kubedns-autoscaler, file: kubedns-autoscaler.yml.j2, type: deployment}
register: manifests
when:
- dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
diff --git a/roles/kubernetes-apps/ansible/tasks/netchecker.yml b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
index 2d88b288c0c41c98c5445ee0c64f1c6465d3fafd..ca8535c2ade5f1e713c1fd6e310353339bce8cab 100644
--- a/roles/kubernetes-apps/ansible/tasks/netchecker.yml
+++ b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
@@ -1,3 +1,4 @@
+---
- name: Kubernetes Apps | Lay Down Netchecker Template
template:
src: "{{item.file}}"
@@ -24,7 +25,7 @@
state: absent
when: inventory_hostname == groups['kube-master'][0]
-#FIXME: remove if kubernetes/features#124 is implemented
+# FIXME: remove if kubernetes/features#124 is implemented
- name: Kubernetes Apps | Purge old Netchecker daemonsets
kube:
name: "{{item.item.name}}"
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml
index a194426c666e811e0304c351bc1606045f402245..f80d3d90c17f95a79b448dc41fcd5c891bf463b1 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml
@@ -1,3 +1,4 @@
+---
# Copyright 2016 The Kubernetes Authors. All rights reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml
index a368ae333b8d8bd18ae9df5a3e81b4ba866fdb57..eb76f2d4ecbcbf5b3623cde5c1b0c864c47cbbc7 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml
@@ -1,3 +1,4 @@
+---
# Copyright 2016 The Kubernetes Authors. All rights reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml
index 9544a7dd9760d27079bdacda9f42331c56950457..542ae86cec4c8af60cd6eba5efc5fc33a3213912 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml
@@ -1,3 +1,4 @@
+---
# Copyright 2016 The Kubernetes Authors. All rights reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
similarity index 72%
rename from roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml
rename to roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
index 9e046229025c0544072ab90370cee91be2df7672..04f93fd84cc045fb9d9fb03cfe584f1ffc54bc01 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
@@ -1,3 +1,4 @@
+---
# Copyright 2016 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,18 +35,18 @@ spec:
- name: autoscaler
image: "{{ kubednsautoscaler_image_repo }}:{{ kubednsautoscaler_image_tag }}"
resources:
- requests:
- cpu: "20m"
- memory: "10Mi"
+ requests:
+ cpu: "20m"
+ memory: "10Mi"
command:
- - /cluster-proportional-autoscaler
- - --namespace={{ system_namespace }}
- - --configmap=kubedns-autoscaler
- # Should keep target in sync with cluster/addons/dns/kubedns-controller.yaml.base
- - --target=Deployment/kube-dns
- - --default-params={"linear":{"nodesPerReplica":{{ kubedns_nodes_per_replica }},"min":{{ kubedns_min_replicas }}}}
- - --logtostderr=true
- - --v=2
+ - /cluster-proportional-autoscaler
+ - --namespace={{ system_namespace }}
+ - --configmap=kubedns-autoscaler
+ # Should keep target in sync with cluster/addons/dns/kubedns-controller.yaml.base
+ - --target=Deployment/kube-dns
+ - --default-params={"linear":{"nodesPerReplica":{{ kubedns_nodes_per_replica }},"min":{{ kubedns_min_replicas }}}}
+ - --logtostderr=true
+ - --v=2
{% if rbac_enabled %}
serviceAccountName: cluster-proportional-autoscaler
{% endif %}
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
similarity index 99%
rename from roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml
rename to roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
index 7e4615676f918e10301b5d4d7985a81a67431571..149a16ebd302c21cb5d4f9b283061c10fe646c20 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
@@ -1,3 +1,4 @@
+---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml b/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml
index e520ccbfcd9df09fd556ae4427808aa925967668..f399fd6f4b400453aaece8f61807b5cad5b55b28 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml
@@ -1,3 +1,4 @@
+---
apiVersion: v1
kind: ServiceAccount
metadata:
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml b/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml
index 0565a01e87553ad62fea4f6b2c103d67bba58cbf..1c4710db13b20db82fba293c29a0f92b1fbec7e0 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml
@@ -1,3 +1,4 @@
+---
apiVersion: v1
kind: Service
metadata:
@@ -19,4 +20,3 @@ spec:
- name: dns-tcp
port: 53
protocol: TCP
-
diff --git a/roles/kubernetes-apps/efk/elasticsearch/defaults/main.yml b/roles/kubernetes-apps/efk/elasticsearch/defaults/main.yml
index e5af874252fcd83a49b4299d98c45f41b997f2e0..d38ba6a6b6ede21a45232087235a95ea9ef976e7 100644
--- a/roles/kubernetes-apps/efk/elasticsearch/defaults/main.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/defaults/main.yml
@@ -1,5 +1,5 @@
---
-elasticsearch_cpu_limit: 1000m
+elasticsearch_cpu_limit: 1000m
elasticsearch_mem_limit: 0M
elasticsearch_cpu_requests: 100m
elasticsearch_mem_requests: 0M
diff --git a/roles/kubernetes-apps/efk/elasticsearch/meta/main.yml b/roles/kubernetes-apps/efk/elasticsearch/meta/main.yml
index cd0a806063757b20a3e3fb625755f2bd49d3dc07..3dc6f3ca125d2be7b346ceb7fc44d841a4e6e83f 100644
--- a/roles/kubernetes-apps/efk/elasticsearch/meta/main.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/meta/main.yml
@@ -1,3 +1,4 @@
+---
dependencies:
- role: download
file: "{{ downloads.elasticsearch }}"
diff --git a/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml b/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml
index 7e36265715332e9f3d45220016725fe6510c0f22..de514b5636127ea7f3f8a70f461f35eca3d43f4d 100644
--- a/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml
@@ -38,4 +38,3 @@
command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/elasticsearch-service.yaml -n {{ system_namespace }}"
run_once: true
when: es_service_manifest.changed
-
diff --git a/roles/kubernetes-apps/efk/elasticsearch/templates/efk-clusterrolebinding.yml b/roles/kubernetes-apps/efk/elasticsearch/templates/efk-clusterrolebinding.yml
index 2c11e566b5f97e73a5f20e069e565370dc0a98c5..a5aba61aef5500c5fbfc6486fa3171275b75a3e6 100644
--- a/roles/kubernetes-apps/efk/elasticsearch/templates/efk-clusterrolebinding.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/templates/efk-clusterrolebinding.yml
@@ -1,3 +1,4 @@
+---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
diff --git a/roles/kubernetes-apps/efk/elasticsearch/templates/efk-sa.yml b/roles/kubernetes-apps/efk/elasticsearch/templates/efk-sa.yml
index b73c2a49d585a771dec3e8333de0ee0f233e7200..e79e26be87f8045a1e17a820c45bcd20a1f74596 100644
--- a/roles/kubernetes-apps/efk/elasticsearch/templates/efk-sa.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/templates/efk-sa.yml
@@ -1,3 +1,4 @@
+---
apiVersion: v1
kind: ServiceAccount
metadata:
diff --git a/roles/kubernetes-apps/efk/fluentd/defaults/main.yml b/roles/kubernetes-apps/efk/fluentd/defaults/main.yml
index eeb95b71aedf3a8b6c6376cce6d2fe5980f10b4a..e8d93732c575ba0b92ef7dde303eb365fade2f63 100644
--- a/roles/kubernetes-apps/efk/fluentd/defaults/main.yml
+++ b/roles/kubernetes-apps/efk/fluentd/defaults/main.yml
@@ -1,5 +1,5 @@
---
-fluentd_cpu_limit: 0m
+fluentd_cpu_limit: 0m
fluentd_mem_limit: 200Mi
fluentd_cpu_requests: 100m
fluentd_mem_requests: 200Mi
diff --git a/roles/kubernetes-apps/efk/fluentd/meta/main.yml b/roles/kubernetes-apps/efk/fluentd/meta/main.yml
index 1ba777c766c92e531fd4b6dcdc74c3eeaa8673ea..0e1e03813307e0b1b4e5f18f642ad4a30f23c081 100644
--- a/roles/kubernetes-apps/efk/fluentd/meta/main.yml
+++ b/roles/kubernetes-apps/efk/fluentd/meta/main.yml
@@ -1,3 +1,4 @@
+---
dependencies:
- role: download
file: "{{ downloads.fluentd }}"
diff --git a/roles/kubernetes-apps/efk/fluentd/tasks/main.yml b/roles/kubernetes-apps/efk/fluentd/tasks/main.yml
index 31b41412e06c234337df2a535af1d7e385e98c4f..c91bf68276e8a7af6837a719f743aa935dde8b3a 100644
--- a/roles/kubernetes-apps/efk/fluentd/tasks/main.yml
+++ b/roles/kubernetes-apps/efk/fluentd/tasks/main.yml
@@ -20,4 +20,3 @@
command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/fluentd-ds.yaml -n {{ system_namespace }}"
run_once: true
when: fluentd_ds_manifest.changed
-
diff --git a/roles/kubernetes-apps/efk/kibana/defaults/main.yml b/roles/kubernetes-apps/efk/kibana/defaults/main.yml
index ad6215c93c006a07ee5ead01c9f2709bfede1a32..baf07cdf23e31ef4df16b845a312ae4eea251c42 100644
--- a/roles/kubernetes-apps/efk/kibana/defaults/main.yml
+++ b/roles/kubernetes-apps/efk/kibana/defaults/main.yml
@@ -1,5 +1,5 @@
---
-kibana_cpu_limit: 100m
+kibana_cpu_limit: 100m
kibana_mem_limit: 0M
kibana_cpu_requests: 100m
kibana_mem_requests: 0M
diff --git a/roles/kubernetes-apps/efk/kibana/meta/main.yml b/roles/kubernetes-apps/efk/kibana/meta/main.yml
index 34d0ab21a6106a42706513a76f7fa4e76e52f409..775880d545f4af2bb211906e98ba2f5ed5c924c9 100644
--- a/roles/kubernetes-apps/efk/kibana/meta/main.yml
+++ b/roles/kubernetes-apps/efk/kibana/meta/main.yml
@@ -1,3 +1,4 @@
+---
dependencies:
- role: download
file: "{{ downloads.kibana }}"
diff --git a/roles/kubernetes-apps/efk/kibana/tasks/main.yml b/roles/kubernetes-apps/efk/kibana/tasks/main.yml
index 5e2b15f715b634ff8572476dc82da9f2e5066bde..4c14d19453d0950422aebe0f54ee6e3036b4b680 100644
--- a/roles/kubernetes-apps/efk/kibana/tasks/main.yml
+++ b/roles/kubernetes-apps/efk/kibana/tasks/main.yml
@@ -1,6 +1,6 @@
---
- name: "Kibana | Write Kibana deployment"
- template:
+ template:
src: kibana-deployment.yml.j2
dest: "{{ kube_config_dir }}/kibana-deployment.yaml"
register: kibana_deployment_manifest
@@ -17,7 +17,7 @@
run_once: true
- name: "Kibana | Write Kibana service "
- template:
+ template:
src: kibana-service.yml.j2
dest: "{{ kube_config_dir }}/kibana-service.yaml"
register: kibana_service_manifest
diff --git a/roles/kubernetes-apps/efk/meta/main.yml b/roles/kubernetes-apps/efk/meta/main.yml
index e11bbae296d8c572137c64b93527a925fbddadc6..550ba94975cb8040e87768ce92a907e13f9265d2 100644
--- a/roles/kubernetes-apps/efk/meta/main.yml
+++ b/roles/kubernetes-apps/efk/meta/main.yml
@@ -1,3 +1,4 @@
+---
dependencies:
- role: kubernetes-apps/efk/elasticsearch
- role: kubernetes-apps/efk/fluentd
diff --git a/roles/kubernetes-apps/helm/defaults/main.yml b/roles/kubernetes-apps/helm/defaults/main.yml
index b1b2dfca97295639d872c4fb7603904607acc14b..bb7ca244efce4d78a0ee2a82034ec64b68ee39f3 100644
--- a/roles/kubernetes-apps/helm/defaults/main.yml
+++ b/roles/kubernetes-apps/helm/defaults/main.yml
@@ -1,3 +1,4 @@
+---
helm_enabled: false
# specify a dir and attach it to helm for HELM_HOME.
diff --git a/roles/kubernetes-apps/helm/meta/main.yml b/roles/kubernetes-apps/helm/meta/main.yml
index 8054392507ec70c422ed29c9a8e65589a5092ac1..5092ec83b18ab32f6d8b7097db0bbd8a35b62d5b 100644
--- a/roles/kubernetes-apps/helm/meta/main.yml
+++ b/roles/kubernetes-apps/helm/meta/main.yml
@@ -1,3 +1,4 @@
+---
dependencies:
- role: download
file: "{{ downloads.helm }}"
diff --git a/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml b/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml
index 0ac9341eebb4a552cb21c758d8826005a2110db7..0c8db4c78fe4697caf6341b3667bef8295cb92f3 100644
--- a/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml
+++ b/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml
@@ -1,3 +1,4 @@
+---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
diff --git a/roles/kubernetes-apps/helm/templates/tiller-sa.yml b/roles/kubernetes-apps/helm/templates/tiller-sa.yml
index c840f57f8c5ed8be940b99c46fee9763ca45f205..26e575fb6a338703903eb09aaa772f55554df4c9 100644
--- a/roles/kubernetes-apps/helm/templates/tiller-sa.yml
+++ b/roles/kubernetes-apps/helm/templates/tiller-sa.yml
@@ -1,3 +1,4 @@
+---
apiVersion: v1
kind: ServiceAccount
metadata:
diff --git a/roles/kubernetes-apps/meta/main.yml b/roles/kubernetes-apps/meta/main.yml
index c2dd39d73988ba828050a6d05a8f5ea5efe46b5b..9652e1a9602dd0e001806a9f6c739216e65fa9a6 100644
--- a/roles/kubernetes-apps/meta/main.yml
+++ b/roles/kubernetes-apps/meta/main.yml
@@ -1,3 +1,4 @@
+---
dependencies:
- role: download
file: "{{ downloads.netcheck_server }}"
diff --git a/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml b/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
index f5ffc4393e2d656a67ad97e37003393ef8b50f27..a65a86c4328dcd77ce0de5197dc855dae77383f7 100644
--- a/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
@@ -1,3 +1,4 @@
+---
- name: Create canal ConfigMap
run_once: true
kube:
@@ -7,7 +8,7 @@
resource: "configmap"
namespace: "{{system_namespace}}"
-#FIXME: remove if kubernetes/features#124 is implemented
+# FIXME: remove if kubernetes/features#124 is implemented
- name: Purge old flannel and canal-node
run_once: true
kube:
@@ -29,4 +30,3 @@
namespace: "{{system_namespace}}"
state: "{{ item | ternary('latest','present') }}"
with_items: "{{ canal_node_manifest.changed }}"
-
diff --git a/roles/kubernetes-apps/network_plugin/meta/main.yml b/roles/kubernetes-apps/network_plugin/meta/main.yml
index 43382f2ae7dd5442eebc63a3001abcfe0cf064cb..4559d25c6adf8955617ee16ec0bac2589954ab3c 100644
--- a/roles/kubernetes-apps/network_plugin/meta/main.yml
+++ b/roles/kubernetes-apps/network_plugin/meta/main.yml
@@ -1,8 +1,8 @@
---
dependencies:
- - role: kubernetes-apps/network_plugin/canal
- when: kube_network_plugin == 'canal'
- tags: canal
- - role: kubernetes-apps/network_plugin/weave
- when: kube_network_plugin == 'weave'
- tags: weave
+ - role: kubernetes-apps/network_plugin/canal
+ when: kube_network_plugin == 'canal'
+ tags: canal
+ - role: kubernetes-apps/network_plugin/weave
+ when: kube_network_plugin == 'weave'
+ tags: weave
diff --git a/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
index 232f2d78138a4255d289dfb484d1c299e31fcfbf..c25702b443050995af0e4f703a056137b5870a1c 100644
--- a/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
@@ -1,4 +1,5 @@
-#FIXME: remove if kubernetes/features#124 is implemented
+---
+# FIXME: remove if kubernetes/features#124 is implemented
- name: Weave | Purge old weave daemonset
kube:
name: "weave-net"
@@ -9,7 +10,6 @@
state: absent
when: inventory_hostname == groups['kube-master'][0] and weave_manifest.changed
-
- name: Weave | Start Resources
kube:
name: "weave-net"
@@ -21,7 +21,6 @@
with_items: "{{ weave_manifest.changed }}"
when: inventory_hostname == groups['kube-master'][0]
-
- name: "Weave | wait for weave to become available"
uri:
url: http://127.0.0.1:6784/status
diff --git a/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml b/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml
index 7a4db0ea8311c8efb7fe77ad6a19c6e689e868b8..93d12c901353196ff441b1d1882199a1316e0a15 100644
--- a/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml
+++ b/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml
@@ -1,3 +1,4 @@
+---
# Limits for calico apps
calico_policy_controller_cpu_limit: 100m
calico_policy_controller_memory_limit: 256M
diff --git a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
index 8b4271d6a76bd59280472668c4d125884384a3ae..de102f31da0a3845c8657939a7f2b5be662fb8fa 100644
--- a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
+++ b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
@@ -1,3 +1,4 @@
+---
- set_fact:
calico_cert_dir: "{{ canal_cert_dir }}"
when: kube_network_plugin == 'canal'
diff --git a/roles/kubernetes/master/defaults/main.yml b/roles/kubernetes/master/defaults/main.yml
index 7cfe9cc9aa7b4fa67a73bd5bab215725b2c07e95..97962273187b4676cc0a03aef31b86478a81c9c5 100644
--- a/roles/kubernetes/master/defaults/main.yml
+++ b/roles/kubernetes/master/defaults/main.yml
@@ -1,3 +1,4 @@
+---
# An experimental dev/test only dynamic volumes provisioner,
# for PetSets. Works for kube>=v1.3 only.
kube_hostpath_dynamic_provisioner: "false"
@@ -52,14 +53,14 @@ kube_oidc_auth: false
## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/
## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...)
-#kube_oidc_url: https:// ...
+# kube_oidc_url: https:// ...
# kube_oidc_client_id: kubernetes
## Optional settings for OIDC
# kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem
# kube_oidc_username_claim: sub
# kube_oidc_groups_claim: groups
-##Variables for custom flags
+## Variables for custom flags
apiserver_custom_flags: []
controller_mgr_custom_flags: []
diff --git a/roles/kubernetes/master/tasks/main.yml b/roles/kubernetes/master/tasks/main.yml
index 6922e6a518db416d1bd038aa89e6ebc62a5c72dd..24a3a495a72524d35242c08a7d1430c34784e2fa 100644
--- a/roles/kubernetes/master/tasks/main.yml
+++ b/roles/kubernetes/master/tasks/main.yml
@@ -88,4 +88,3 @@
- include: post-upgrade.yml
tags: k8s-post-upgrade
-
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index 6e2ff835fc4ff2376b33fe7462d48c1b8c67ffe4..940bdfff4c4cbc5ae06c3f212f751b81a0f7052d 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -1,3 +1,4 @@
+---
# Valid options: docker (default), rkt, or host
kubelet_deployment_type: host
@@ -49,7 +50,7 @@ kube_apiserver_node_port_range: "30000-32767"
kubelet_load_modules: false
-##Support custom flags to be passed to kubelet
+## Support custom flags to be passed to kubelet
kubelet_custom_flags: []
# This setting is used for rkt based kubelet for deploying hyperkube
diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml
index ad4cbacf1bc850ff775e81ad8cf8c90b9defe5ab..692f8247cc2a3974e6217f668f9bcd5b5bfc20a6 100644
--- a/roles/kubernetes/node/tasks/install.yml
+++ b/roles/kubernetes/node/tasks/install.yml
@@ -21,4 +21,3 @@
dest: "/etc/systemd/system/kubelet.service"
backup: "yes"
notify: restart kubelet
-
diff --git a/roles/kubernetes/node/tasks/install_rkt.yml b/roles/kubernetes/node/tasks/install_rkt.yml
index 68e90860c1b9b923c0bb82051625fd94f75f9a44..d19b099bdb40003f7c55026d5e235a43dcd12d88 100644
--- a/roles/kubernetes/node/tasks/install_rkt.yml
+++ b/roles/kubernetes/node/tasks/install_rkt.yml
@@ -20,8 +20,8 @@
path: /var/lib/kubelet
- name: Create kubelet service systemd directory
- file:
- path: /etc/systemd/system/kubelet.service.d
+ file:
+ path: /etc/systemd/system/kubelet.service.d
state: directory
- name: Write kubelet proxy drop-in
@@ -30,4 +30,3 @@
dest: /etc/systemd/system/kubelet.service.d/http-proxy.conf
when: http_proxy is defined or https_proxy is defined or no_proxy is defined
notify: restart kubelet
-
diff --git a/roles/kubernetes/preinstall/handlers/main.yml b/roles/kubernetes/preinstall/handlers/main.yml
index 35fec7d94d2f9823b5549933dc12bad9bc34ad8f..dab1bf7de651676fcc573b88297c40b0fc590021 100644
--- a/roles/kubernetes/preinstall/handlers/main.yml
+++ b/roles/kubernetes/preinstall/handlers/main.yml
@@ -1,3 +1,4 @@
+---
- name: Preinstall | restart network
command: /bin/true
notify:
diff --git a/roles/kubernetes/preinstall/tasks/azure-credential-check.yml b/roles/kubernetes/preinstall/tasks/azure-credential-check.yml
index ca50d58431a6b4e1479d642803bf213acb868625..fa2d82fd221d6b8b0009ab0db52b998ff6ad49d3 100644
--- a/roles/kubernetes/preinstall/tasks/azure-credential-check.yml
+++ b/roles/kubernetes/preinstall/tasks/azure-credential-check.yml
@@ -48,5 +48,3 @@
fail:
msg: "azure_route_table_name is missing"
when: azure_route_table_name is not defined or azure_route_table_name == ""
-
-
diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
index e3f27192f9ccf04fa7ddeb30a20eefcc82912f44..b6a2466840818823d9d1f9c174b0d34481915c07 100644
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -1,6 +1,6 @@
---
- include: pre-upgrade.yml
- tags: [upgrade, bootstrap-os]
+ tags: [upgrade, bootstrap-os]
- name: Force binaries directory for Container Linux by CoreOS
set_fact:
@@ -27,14 +27,14 @@
include_vars: "{{ item }}"
with_first_found:
- files:
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
- - "{{ ansible_distribution|lower }}.yml"
- - "{{ ansible_os_family|lower }}.yml"
- - defaults.yml
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
+ - "{{ ansible_distribution|lower }}.yml"
+ - "{{ ansible_os_family|lower }}.yml"
+ - defaults.yml
paths:
- - ../vars
+ - ../vars
skip: true
tags: facts
diff --git a/roles/kubernetes/preinstall/tasks/vsphere-credential-check.yml b/roles/kubernetes/preinstall/tasks/vsphere-credential-check.yml
index b91726d50ad722c27781b71aa0937ed0ae03d20f..9beeb6b501bd80652b36baa7e07fe9618a068809 100644
--- a/roles/kubernetes/preinstall/tasks/vsphere-credential-check.yml
+++ b/roles/kubernetes/preinstall/tasks/vsphere-credential-check.yml
@@ -1,3 +1,4 @@
+---
- name: check vsphere environment variables
fail:
msg: "{{ item.name }} is missing"
diff --git a/roles/kubernetes/preinstall/vars/centos.yml b/roles/kubernetes/preinstall/vars/centos.yml
index c1be4b9b353bcd478302b47dbaab426213804ef2..b2fbcd80af1c29efcdfa141c5a991f393da3bd83 100644
--- a/roles/kubernetes/preinstall/vars/centos.yml
+++ b/roles/kubernetes/preinstall/vars/centos.yml
@@ -1,3 +1,4 @@
+---
required_pkgs:
- libselinux-python
- device-mapper-libs
diff --git a/roles/kubernetes/preinstall/vars/debian.yml b/roles/kubernetes/preinstall/vars/debian.yml
index 596d2ac8bc218d77c2c2bacc72c6bc79fec83e2b..dfcb0bc34a279eef939f4ea7d8e8c836b0a0ff89 100644
--- a/roles/kubernetes/preinstall/vars/debian.yml
+++ b/roles/kubernetes/preinstall/vars/debian.yml
@@ -1,3 +1,4 @@
+---
required_pkgs:
- python-apt
- aufs-tools
diff --git a/roles/kubernetes/preinstall/vars/fedora.yml b/roles/kubernetes/preinstall/vars/fedora.yml
index c1be4b9b353bcd478302b47dbaab426213804ef2..b2fbcd80af1c29efcdfa141c5a991f393da3bd83 100644
--- a/roles/kubernetes/preinstall/vars/fedora.yml
+++ b/roles/kubernetes/preinstall/vars/fedora.yml
@@ -1,3 +1,4 @@
+---
required_pkgs:
- libselinux-python
- device-mapper-libs
diff --git a/roles/kubernetes/preinstall/vars/redhat.yml b/roles/kubernetes/preinstall/vars/redhat.yml
index c1be4b9b353bcd478302b47dbaab426213804ef2..b2fbcd80af1c29efcdfa141c5a991f393da3bd83 100644
--- a/roles/kubernetes/preinstall/vars/redhat.yml
+++ b/roles/kubernetes/preinstall/vars/redhat.yml
@@ -1,3 +1,4 @@
+---
required_pkgs:
- libselinux-python
- device-mapper-libs
diff --git a/roles/kubernetes/secrets/tasks/check-certs.yml b/roles/kubernetes/secrets/tasks/check-certs.yml
index 69b82d957caa3eac9a07ee778860604bcf6f641f..3870a3e9616bd74836dac28a8abace3bf7948d33 100644
--- a/roles/kubernetes/secrets/tasks/check-certs.yml
+++ b/roles/kubernetes/secrets/tasks/check-certs.yml
@@ -105,4 +105,3 @@
{%- set _ = certs.update({'sync': True}) -%}
{% endif %}
{{ certs.sync }}
-
diff --git a/roles/kubernetes/secrets/tasks/gen_certs_script.yml b/roles/kubernetes/secrets/tasks/gen_certs_script.yml
index 80fb4a50649cc5a7b0feb577567e9e70f86c0ca5..41d91362b61b9f12fb87f19bd2dd69cdba007a7b 100644
--- a/roles/kubernetes/secrets/tasks/gen_certs_script.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs_script.yml
@@ -56,26 +56,25 @@
- set_fact:
all_master_certs: "['ca-key.pem',
+ 'apiserver.pem',
+ 'apiserver-key.pem',
+ 'kube-scheduler.pem',
+ 'kube-scheduler-key.pem',
+ 'kube-controller-manager.pem',
+ 'kube-controller-manager-key.pem',
+ {% for node in groups['kube-master'] %}
+ 'admin-{{ node }}.pem',
+ 'admin-{{ node }}-key.pem',
+ {% endfor %}]"
+ my_master_certs: ['ca-key.pem',
+ 'admin-{{ inventory_hostname }}.pem',
+ 'admin-{{ inventory_hostname }}-key.pem',
'apiserver.pem',
'apiserver-key.pem',
'kube-scheduler.pem',
'kube-scheduler-key.pem',
'kube-controller-manager.pem',
- 'kube-controller-manager-key.pem',
- {% for node in groups['kube-master'] %}
- 'admin-{{ node }}.pem',
- 'admin-{{ node }}-key.pem',
- {% endfor %}]"
- my_master_certs: ['ca-key.pem',
- 'admin-{{ inventory_hostname }}.pem',
- 'admin-{{ inventory_hostname }}-key.pem',
- 'apiserver.pem',
- 'apiserver-key.pem',
- 'kube-scheduler.pem',
- 'kube-scheduler-key.pem',
- 'kube-controller-manager.pem',
- 'kube-controller-manager-key.pem',
- ]
+ 'kube-controller-manager-key.pem']
all_node_certs: "['ca.pem',
{% for node in groups['k8s-cluster'] %}
'node-{{ node }}.pem',
@@ -84,11 +83,10 @@
'kube-proxy-{{ node }}-key.pem',
{% endfor %}]"
my_node_certs: ['ca.pem',
- 'node-{{ inventory_hostname }}.pem',
- 'node-{{ inventory_hostname }}-key.pem',
- 'kube-proxy-{{ inventory_hostname }}.pem',
- 'kube-proxy-{{ inventory_hostname }}-key.pem',
- ]
+ 'node-{{ inventory_hostname }}.pem',
+ 'node-{{ inventory_hostname }}-key.pem',
+ 'kube-proxy-{{ inventory_hostname }}.pem',
+ 'kube-proxy-{{ inventory_hostname }}-key.pem']
tags: facts
- name: Gen_certs | Gather master certs
@@ -114,10 +112,10 @@
sync_certs|default(false) and
inventory_hostname != groups['kube-master'][0]
-#NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
-#char limit when using shell command
+# NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
+# char limit when using shell command
-#FIXME(mattymo): Use tempfile module in ansible 2.3
+# FIXME(mattymo): Use tempfile module in ansible 2.3
- name: Gen_certs | Prepare tempfile for unpacking certs
shell: mktemp /tmp/certsXXXXX.tar.gz
register: cert_tempfile
@@ -195,4 +193,3 @@
- name: Gen_certs | update ca-certificates (RedHat)
command: update-ca-trust extract
when: kube_ca_cert.changed and ansible_os_family == "RedHat"
-
diff --git a/roles/kubernetes/secrets/tasks/gen_certs_vault.yml b/roles/kubernetes/secrets/tasks/gen_certs_vault.yml
index e516db0f28ac497c6d34a0c7a1061e63fa1c9103..308ac9260c2364a98d09ff28a4f315e763e1ad5c 100644
--- a/roles/kubernetes/secrets/tasks/gen_certs_vault.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs_vault.yml
@@ -33,9 +33,9 @@
- name: gen_certs_vault | Set fact for Vault API token
set_fact:
kube_vault_headers:
- Accept: application/json
- Content-Type: application/json
- X-Vault-Token: "{{ kube_vault_login_result.get('json',{}).get('auth', {}).get('client_token') }}"
+ Accept: application/json
+ Content-Type: application/json
+ X-Vault-Token: "{{ kube_vault_login_result.get('json',{}).get('auth', {}).get('client_token') }}"
run_once: true
# Issue certs to kube-master nodes
diff --git a/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml b/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml
index b97b85e17885a57b81f3f7b1c9f1f8b884febe8c..7aafab5c891c81e27a30f034366581d84f15a6d8 100644
--- a/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml
+++ b/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml
@@ -6,7 +6,7 @@
with_items: "{{ groups['k8s-cluster'] }}"
- include: ../../../vault/tasks/shared/sync_file.yml
- vars:
+ vars:
sync_file: "{{ item }}"
sync_file_dir: "{{ kube_cert_dir }}"
sync_file_group: "{{ kube_cert_group }}"
@@ -26,7 +26,7 @@
sync_file_results: []
- include: ../../../vault/tasks/shared/sync_file.yml
- vars:
+ vars:
sync_file: ca.pem
sync_file_dir: "{{ kube_cert_dir }}"
sync_file_group: "{{ kube_cert_group }}"
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index c2152814fa0f3aeb91f0f0004d653df392fcac4d..03b05c5bd982f14df4edcb2a0c8b47234ccb983a 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -1,3 +1,4 @@
+---
## Required for bootstrap-os/preinstall/download roles and setting facts
# Valid bootstrap options (required): ubuntu, coreos, centos, none
bootstrap_os: none
@@ -88,8 +89,10 @@ kube_network_node_prefix: 24
# The port the API Server will be listening on.
kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
-kube_apiserver_port: 6443 # (https)
-kube_apiserver_insecure_port: 8080 # (http)
+# https
+kube_apiserver_port: 6443
+# http
+kube_apiserver_insecure_port: 8080
# Path used to store Docker data
docker_daemon_graph: "/var/lib/docker"
diff --git a/roles/kubespray-defaults/tasks/main.yaml b/roles/kubespray-defaults/tasks/main.yaml
index 5b2cb96a071093552b61efcbbb43a6a6bb6b388b..11b9e36536eccedf020ed236fbfebc7402d5f20e 100644
--- a/roles/kubespray-defaults/tasks/main.yaml
+++ b/roles/kubespray-defaults/tasks/main.yaml
@@ -1,3 +1,4 @@
+---
- name: Configure defaults
debug:
msg: "Check roles/kubespray-defaults/defaults/main.yml"
diff --git a/roles/network_plugin/calico/handlers/main.yml b/roles/network_plugin/calico/handlers/main.yml
index 78dad7505d479f35f6e8aa411266352df0f6f8e5..05cc73289072edc86aa4f88ea7a03085d4a11a2d 100644
--- a/roles/network_plugin/calico/handlers/main.yml
+++ b/roles/network_plugin/calico/handlers/main.yml
@@ -5,7 +5,7 @@
- Calico | reload systemd
- Calico | reload calico-node
-- name : Calico | reload systemd
+- name: Calico | reload systemd
shell: systemctl daemon-reload
- name: Calico | reload calico-node
diff --git a/roles/network_plugin/calico/rr/handlers/main.yml b/roles/network_plugin/calico/rr/handlers/main.yml
index efd0e12ac4a6be9073000b9c6a1885096205fa66..cb166bda1da5b82106f51ec9ed9b210b6632cc50 100644
--- a/roles/network_plugin/calico/rr/handlers/main.yml
+++ b/roles/network_plugin/calico/rr/handlers/main.yml
@@ -5,7 +5,7 @@
- Calico-rr | reload systemd
- Calico-rr | reload calico-rr
-- name : Calico-rr | reload systemd
+- name: Calico-rr | reload systemd
shell: systemctl daemon-reload
- name: Calico-rr | reload calico-rr
diff --git a/roles/network_plugin/calico/rr/meta/main.yml b/roles/network_plugin/calico/rr/meta/main.yml
index 55104953ec9d507bfe4d3670e2133795177131d6..511b89744cdb3331acb4a946236362e2164b7836 100644
--- a/roles/network_plugin/calico/rr/meta/main.yml
+++ b/roles/network_plugin/calico/rr/meta/main.yml
@@ -1,3 +1,4 @@
+---
dependencies:
- role: etcd
- role: docker
diff --git a/roles/network_plugin/canal/defaults/main.yml b/roles/network_plugin/canal/defaults/main.yml
index d4018db4d083eecd07f09a886c53b537fb9b48a0..38696b87a1a5af788ab45f9eef0b8b486303b280 100644
--- a/roles/network_plugin/canal/defaults/main.yml
+++ b/roles/network_plugin/canal/defaults/main.yml
@@ -1,3 +1,4 @@
+---
# The interface used by canal for host <-> host communication.
# If left blank, then the interface is chosing using the node's
# default route.
@@ -30,4 +31,3 @@ calicoctl_memory_limit: 170M
calicoctl_cpu_limit: 100m
calicoctl_memory_requests: 32M
calicoctl_cpu_requests: 25m
-
diff --git a/roles/network_plugin/cloud/tasks/main.yml b/roles/network_plugin/cloud/tasks/main.yml
index 36fa8e57d1d6cd1ce70c8e6b6b8a6d188cdc7130..7b66503720f926b769e868f3e0c19ea0e6684863 100644
--- a/roles/network_plugin/cloud/tasks/main.yml
+++ b/roles/network_plugin/cloud/tasks/main.yml
@@ -14,4 +14,3 @@
owner: kube
recurse: true
mode: "u=rwX,g-rwx,o-rwx"
-
diff --git a/roles/network_plugin/flannel/handlers/main.yml b/roles/network_plugin/flannel/handlers/main.yml
index bd4058976d6379274e9fe250a4c7b9657d36d725..3726c900e669e4fb0e105b4f5164c51e07c5f05e 100644
--- a/roles/network_plugin/flannel/handlers/main.yml
+++ b/roles/network_plugin/flannel/handlers/main.yml
@@ -18,7 +18,7 @@
- Flannel | pause while Docker restarts
- Flannel | wait for docker
-- name : Flannel | reload systemd
+- name: Flannel | reload systemd
shell: systemctl daemon-reload
- name: Flannel | reload docker.socket
diff --git a/roles/network_plugin/flannel/templates/flannel-pod.yml b/roles/network_plugin/flannel/templates/flannel-pod.yml
index 92ecada69a8265d7b8d02416275e3b85d4ed78d3..5ca78ae1d57f6f3b06928330ac10e5512ba56093 100644
--- a/roles/network_plugin/flannel/templates/flannel-pod.yml
+++ b/roles/network_plugin/flannel/templates/flannel-pod.yml
@@ -1,44 +1,44 @@
---
- kind: "Pod"
- apiVersion: "v1"
- metadata:
- name: "flannel"
- namespace: "{{system_namespace}}"
- labels:
- app: "flannel"
- version: "v0.1"
- spec:
- volumes:
- - name: "subnetenv"
- hostPath:
- path: "/run/flannel"
- - name: "etcd-certs"
- hostPath:
- path: "{{ flannel_cert_dir }}"
- containers:
- - name: "flannel-container"
- image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
- imagePullPolicy: {{ k8s_image_pull_policy }}
- resources:
- limits:
- cpu: {{ flannel_cpu_limit }}
- memory: {{ flannel_memory_limit }}
- requests:
- cpu: {{ flannel_cpu_requests }}
- memory: {{ flannel_memory_requests }}
- command:
- - "/bin/sh"
- - "-c"
- - "/opt/bin/flanneld -etcd-endpoints {{ etcd_access_endpoint }} -etcd-prefix /{{ cluster_name }}/network -etcd-cafile {{ flannel_cert_dir }}/ca_cert.crt -etcd-certfile {{ flannel_cert_dir }}/cert.crt -etcd-keyfile {{ flannel_cert_dir }}/key.pem {% if flannel_interface is defined %}-iface {{ flannel_interface }}{% endif %} {% if flannel_public_ip is defined %}-public-ip {{ flannel_public_ip }}{% endif %}"
- ports:
- - hostPort: 10253
- containerPort: 10253
- volumeMounts:
- - name: "subnetenv"
- mountPath: "/run/flannel"
- - name: "etcd-certs"
- mountPath: "{{ flannel_cert_dir }}"
- readOnly: true
- securityContext:
- privileged: true
- hostNetwork: true
+kind: "Pod"
+apiVersion: "v1"
+metadata:
+ name: "flannel"
+ namespace: "{{system_namespace}}"
+ labels:
+ app: "flannel"
+ version: "v0.1"
+spec:
+ volumes:
+ - name: "subnetenv"
+ hostPath:
+ path: "/run/flannel"
+ - name: "etcd-certs"
+ hostPath:
+ path: "{{ flannel_cert_dir }}"
+ containers:
+ - name: "flannel-container"
+ image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
+ imagePullPolicy: {{ k8s_image_pull_policy }}
+ resources:
+ limits:
+ cpu: {{ flannel_cpu_limit }}
+ memory: {{ flannel_memory_limit }}
+ requests:
+ cpu: {{ flannel_cpu_requests }}
+ memory: {{ flannel_memory_requests }}
+ command:
+ - "/bin/sh"
+ - "-c"
+ - "/opt/bin/flanneld -etcd-endpoints {{ etcd_access_endpoint }} -etcd-prefix /{{ cluster_name }}/network -etcd-cafile {{ flannel_cert_dir }}/ca_cert.crt -etcd-certfile {{ flannel_cert_dir }}/cert.crt -etcd-keyfile {{ flannel_cert_dir }}/key.pem {% if flannel_interface is defined %}-iface {{ flannel_interface }}{% endif %} {% if flannel_public_ip is defined %}-public-ip {{ flannel_public_ip }}{% endif %}"
+ ports:
+ - hostPort: 10253
+ containerPort: 10253
+ volumeMounts:
+ - name: "subnetenv"
+ mountPath: "/run/flannel"
+ - name: "etcd-certs"
+ mountPath: "{{ flannel_cert_dir }}"
+ readOnly: true
+ securityContext:
+ privileged: true
+ hostNetwork: true
diff --git a/roles/network_plugin/meta/main.yml b/roles/network_plugin/meta/main.yml
index a1c970efe24da49bb23d37de125405849d8577e1..d9834a3cd95c76eb4d9f9696cfd81744012556f7 100644
--- a/roles/network_plugin/meta/main.yml
+++ b/roles/network_plugin/meta/main.yml
@@ -1,16 +1,16 @@
---
dependencies:
- - role: network_plugin/calico
- when: kube_network_plugin == 'calico'
- tags: calico
- - role: network_plugin/flannel
- when: kube_network_plugin == 'flannel'
- tags: flannel
- - role: network_plugin/weave
- when: kube_network_plugin == 'weave'
- tags: weave
- - role: network_plugin/canal
- when: kube_network_plugin == 'canal'
- tags: canal
- - role: network_plugin/cloud
- when: kube_network_plugin == 'cloud'
+ - role: network_plugin/calico
+ when: kube_network_plugin == 'calico'
+ tags: calico
+ - role: network_plugin/flannel
+ when: kube_network_plugin == 'flannel'
+ tags: flannel
+ - role: network_plugin/weave
+ when: kube_network_plugin == 'weave'
+ tags: weave
+ - role: network_plugin/canal
+ when: kube_network_plugin == 'canal'
+ tags: canal
+ - role: network_plugin/cloud
+ when: kube_network_plugin == 'cloud'
diff --git a/roles/network_plugin/weave/tasks/pre-upgrade.yml b/roles/network_plugin/weave/tasks/pre-upgrade.yml
index 0b10a7551da6c1fee4baf18127e35167482fa85d..bcf3c2af248bcd6bd765cced974274299802e982 100644
--- a/roles/network_plugin/weave/tasks/pre-upgrade.yml
+++ b/roles/network_plugin/weave/tasks/pre-upgrade.yml
@@ -1,3 +1,4 @@
+---
- name: Weave pre-upgrade | Stop legacy weave
command: weave stop
failed_when: false
diff --git a/roles/rkt/tasks/install.yml b/roles/rkt/tasks/install.yml
index 76719eebb46fd7b379c1e408f1dd6a96aa854499..0cc8f8898f936fd87632eb778127a1d862e989df 100644
--- a/roles/rkt/tasks/install.yml
+++ b/roles/rkt/tasks/install.yml
@@ -3,14 +3,14 @@
include_vars: "{{ item }}"
with_first_found:
- files:
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
- - "{{ ansible_distribution|lower }}.yml"
- - "{{ ansible_os_family|lower }}.yml"
- - defaults.yml
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
+ - "{{ ansible_distribution|lower }}.yml"
+ - "{{ ansible_os_family|lower }}.yml"
+ - defaults.yml
paths:
- - ../vars
+ - ../vars
skip: true
tags: facts
diff --git a/roles/upgrade/post-upgrade/tasks/main.yml b/roles/upgrade/post-upgrade/tasks/main.yml
index e7efa0601db2df910c9911ff9c5e5c4d738b9f1d..ec6fdcf90723734bb04ae8f9f1d91988bea37f00 100644
--- a/roles/upgrade/post-upgrade/tasks/main.yml
+++ b/roles/upgrade/post-upgrade/tasks/main.yml
@@ -1,7 +1,5 @@
---
-
- name: Uncordon node
command: "{{ bin_dir }}/kubectl uncordon {{ inventory_hostname }}"
delegate_to: "{{ groups['kube-master'][0] }}"
when: (needs_cordoning|default(false)) and ( {%- if inventory_hostname in groups['kube-node'] -%} true {%- else -%} false {%- endif -%} )
-
diff --git a/roles/upgrade/pre-upgrade/defaults/main.yml b/roles/upgrade/pre-upgrade/defaults/main.yml
index c87b7e9eaf9dcdbb7392d5613dcacb3c9b2a9a51..89334f87c9201f5531345687073418a5626124fa 100644
--- a/roles/upgrade/pre-upgrade/defaults/main.yml
+++ b/roles/upgrade/pre-upgrade/defaults/main.yml
@@ -1,3 +1,3 @@
+---
drain_grace_period: 90
drain_timeout: 120s
-
diff --git a/roles/vault/defaults/main.yml b/roles/vault/defaults/main.yml
index 7e14374bf801c57576f793c145c1c2f33c9c3270..47bb39d4427dfdff65ea141a188ddcd1946e10c4 100644
--- a/roles/vault/defaults/main.yml
+++ b/roles/vault/defaults/main.yml
@@ -63,7 +63,7 @@ vault_needs_gen: false
vault_port: 8200
# Although "cert" is an option, ansible has no way to auth via cert until
# upstream merges: https://github.com/ansible/ansible/pull/18141
-vault_role_auth_method: userpass
+vault_role_auth_method: userpass
vault_roles:
- name: etcd
group: etcd
diff --git a/roles/vault/tasks/bootstrap/create_etcd_role.yml b/roles/vault/tasks/bootstrap/create_etcd_role.yml
index 57518f94401d4aa8c489d3e7fe2118f20273fa4c..5e0b88a39e0bde3fc8b6e371fe19fb90f90d3d11 100644
--- a/roles/vault/tasks/bootstrap/create_etcd_role.yml
+++ b/roles/vault/tasks/bootstrap/create_etcd_role.yml
@@ -1,8 +1,7 @@
---
-
- include: ../shared/create_role.yml
vars:
- create_role_name: "{{ item.name }}"
+ create_role_name: "{{ item.name }}"
create_role_group: "{{ item.group }}"
create_role_policy_rules: "{{ item.policy_rules }}"
create_role_options: "{{ item.role_options }}"
diff --git a/roles/vault/tasks/bootstrap/start_vault_temp.yml b/roles/vault/tasks/bootstrap/start_vault_temp.yml
index 4a5e6bc5ed0c2006a4f1bf326eab14004042eca2..49585a5d9f6408c7c0aea7110b6c543e2aeb5756 100644
--- a/roles/vault/tasks/bootstrap/start_vault_temp.yml
+++ b/roles/vault/tasks/bootstrap/start_vault_temp.yml
@@ -1,5 +1,4 @@
---
-
- name: bootstrap/start_vault_temp | Ensure vault-temp isn't already running
shell: if docker rm -f {{ vault_temp_container_name }} 2>&1 1>/dev/null;then echo true;else echo false;fi
register: vault_temp_stop_check
@@ -13,7 +12,7 @@
-v /etc/vault:/etc/vault
{{ vault_image_repo }}:{{ vault_version }} server
-#FIXME(mattymo): Crashes on first start with aufs docker storage. See hashicorp/docker-vault#19
+# FIXME(mattymo): Crashes on first start with aufs docker storage. See hashicorp/docker-vault#19
- name: bootstrap/start_vault_temp | Start again single node Vault with file backend
command: docker start {{ vault_temp_container_name }}
diff --git a/roles/vault/tasks/bootstrap/sync_vault_certs.yml b/roles/vault/tasks/bootstrap/sync_vault_certs.yml
index ab088753f830018d85455e993add6bb4018fa46a..9e6eff05c318953183bb20cd3b5487c1947de6ce 100644
--- a/roles/vault/tasks/bootstrap/sync_vault_certs.yml
+++ b/roles/vault/tasks/bootstrap/sync_vault_certs.yml
@@ -1,5 +1,4 @@
---
-
- include: ../shared/sync_file.yml
vars:
sync_file: "ca.pem"
@@ -29,4 +28,3 @@
- name: bootstrap/sync_vault_certs | Unset sync_file_results after api.pem sync
set_fact:
sync_file_results: []
-
diff --git a/roles/vault/tasks/cluster/main.yml b/roles/vault/tasks/cluster/main.yml
index db97dd0781b53fdb2eb018c20e8b6cd4e84ab587..c21fd0d736d90d218e6ab95541a5d471edf116e8 100644
--- a/roles/vault/tasks/cluster/main.yml
+++ b/roles/vault/tasks/cluster/main.yml
@@ -1,5 +1,4 @@
---
-
- include: ../shared/check_vault.yml
when: inventory_hostname in groups.vault
@@ -26,7 +25,7 @@
- include: ../shared/find_leader.yml
when: inventory_hostname in groups.vault
-- include: ../shared/pki_mount.yml
+- include: ../shared/pki_mount.yml
when: inventory_hostname == groups.vault|first
- include: ../shared/config_ca.yml
diff --git a/roles/vault/tasks/shared/auth_backend.yml b/roles/vault/tasks/shared/auth_backend.yml
index ad5b191c94cef5fc5d3eea781b52900b163e531d..82a4c94fbf24c76fb9e3454477f477070f025eb6 100644
--- a/roles/vault/tasks/shared/auth_backend.yml
+++ b/roles/vault/tasks/shared/auth_backend.yml
@@ -1,11 +1,10 @@
---
-
- name: shared/auth_backend | Test if the auth backend exists
uri:
url: "{{ vault_leader_url }}/v1/sys/auth/{{ auth_backend_path }}/tune"
headers: "{{ vault_headers }}"
validate_certs: false
- ignore_errors: true
+ ignore_errors: true
register: vault_auth_backend_check
- name: shared/auth_backend | Add the cert auth backend if needed
diff --git a/roles/vault/tasks/shared/check_vault.yml b/roles/vault/tasks/shared/check_vault.yml
index 257843d950b1c52ae48b539aedc620dff00e17c3..83328768ad52cf95744f501bcc43f26de0801190 100644
--- a/roles/vault/tasks/shared/check_vault.yml
+++ b/roles/vault/tasks/shared/check_vault.yml
@@ -1,5 +1,4 @@
---
-
# Stop temporary Vault if it's running (can linger if playbook fails out)
- name: stop vault-temp container
shell: docker stop {{ vault_temp_container_name }} || rkt stop {{ vault_temp_container_name }}
@@ -22,8 +21,8 @@
vault_is_running: "{{ vault_local_service_health|succeeded }}"
vault_is_initialized: "{{ vault_local_service_health.get('json', {}).get('initialized', false) }}"
vault_is_sealed: "{{ vault_local_service_health.get('json', {}).get('sealed', true) }}"
- #vault_in_standby: "{{ vault_local_service_health.get('json', {}).get('standby', true) }}"
- #vault_run_version: "{{ vault_local_service_health.get('json', {}).get('version', '') }}"
+ # vault_in_standby: "{{ vault_local_service_health.get('json', {}).get('standby', true) }}"
+ # vault_run_version: "{{ vault_local_service_health.get('json', {}).get('version', '') }}"
- name: check_vault | Set fact about the Vault cluster's initialization state
set_fact:
diff --git a/roles/vault/tasks/shared/find_leader.yml b/roles/vault/tasks/shared/find_leader.yml
index 1aaa8513e666e3e980370f7a18cc12d9276ec75c..3afee482d176bdfc01c4b4f149dfa50f2b8e2e83 100644
--- a/roles/vault/tasks/shared/find_leader.yml
+++ b/roles/vault/tasks/shared/find_leader.yml
@@ -15,7 +15,7 @@
vault_leader_url: "{{ vault_config.listener.tcp.tls_disable|d()|ternary('http', 'https') }}://{{ item }}:{{ vault_port }}"
with_items: "{{ groups.vault }}"
when: "hostvars[item]['vault_leader_check'].get('status') in [200,503]"
- #run_once: true
+ # run_once: true
- name: find_leader| show vault_leader_url
debug: var=vault_leader_url verbosity=2
diff --git a/roles/vault/tasks/shared/gen_userpass.yml b/roles/vault/tasks/shared/gen_userpass.yml
index ab3d171b89d22c987d22b3747af9efb6644ca72d..4ef3011717804dbfb81197ba726ddf0c21689814 100644
--- a/roles/vault/tasks/shared/gen_userpass.yml
+++ b/roles/vault/tasks/shared/gen_userpass.yml
@@ -22,7 +22,7 @@
- name: shared/gen_userpass | Copy credentials to all hosts in the group
copy:
content: >
- {{
+ {{
{'username': gen_userpass_username,
'password': gen_userpass_password} | to_nice_json(indent=4)
}}
diff --git a/roles/vault/tasks/shared/issue_cert.yml b/roles/vault/tasks/shared/issue_cert.yml
index 4854e8b9e5b6c8265523c17bfe98835b06536842..3b6b6d315294654dd706305ab8b918c8ccdc6160 100644
--- a/roles/vault/tasks/shared/issue_cert.yml
+++ b/roles/vault/tasks/shared/issue_cert.yml
@@ -26,7 +26,7 @@
- name: issue_cert | Ensure target directory exists
file:
- path: "{{ issue_cert_path | dirname }}"
+ path: "{{ issue_cert_path | dirname }}"
state: directory
group: "{{ issue_cert_file_group | d('root' )}}"
mode: "{{ issue_cert_dir_mode | d('0755') }}"
diff --git a/tests/requirements.txt b/tests/requirements.txt
new file mode 100644
index 0000000000000000000000000000000000000000..77b7f586868619ceadf58a145cad0d328e6d46d5
--- /dev/null
+++ b/tests/requirements.txt
@@ -0,0 +1,5 @@
+-r ../requirements.txt
+yamllint
+apache-libcloud==0.20.1
+boto==2.9.0
+tox