From 8b151d12b91f1cf2d56a7cba3a9822bfec4c68e1 Mon Sep 17 00:00:00 2001
From: Brad Beam <bradbeam@users.noreply.github.com>
Date: Thu, 24 Aug 2017 04:09:52 -0500
Subject: [PATCH] Adding yamllinter to ci steps (#1556)
* Adding yaml linter to ci check
* Minor linting fixes from yamllint
* Changing CI to install python pkgs from requirements.txt
- adding in a secondary requirements.txt for tests
- moving yamllint to tests requirements
---
.gitlab-ci.yml | 17 ++--
.yamllint | 16 ++++
roles/bootstrap-os/tasks/bootstrap-coreos.yml | 1 -
roles/bootstrap-os/tasks/main.yml | 1 -
roles/bootstrap-os/tasks/setup-pipelining.yml | 1 -
roles/dnsmasq/defaults/main.yml | 8 +-
roles/dnsmasq/tasks/main.yml | 1 -
.../dnsmasq/templates/dnsmasq-autoscaler.yml | 26 +++---
roles/dnsmasq/templates/dnsmasq-deploy.yml | 2 -
roles/docker/defaults/main.yml | 1 +
roles/docker/handlers/main.yml | 2 +-
roles/docker/tasks/main.yml | 14 +--
roles/docker/tasks/set_facts_dns.yml | 2 +-
roles/docker/vars/debian.yml | 1 +
roles/docker/vars/fedora-20.yml | 1 +
roles/docker/vars/fedora.yml | 1 +
roles/docker/vars/redhat.yml | 3 +-
roles/download/defaults/main.yml | 2 +-
roles/download/tasks/main.yml | 2 +-
roles/etcd/defaults/main.yml | 2 +-
roles/etcd/handlers/backup.yml | 1 -
roles/etcd/handlers/main.yml | 1 -
roles/etcd/tasks/check_certs.yml | 1 -
roles/etcd/tasks/gen_certs_script.yml | 39 ++++-----
roles/etcd/tasks/gen_certs_vault.yml | 11 +--
roles/etcd/tasks/install_docker.yml | 34 ++++----
roles/etcd/tasks/pre_upgrade.yml | 1 +
roles/etcd/tasks/refresh_config.yml | 2 +-
roles/etcd/tasks/sync_etcd_master_certs.yml | 4 +-
roles/etcd/tasks/sync_etcd_node_certs.yml | 6 +-
.../templates/{etcd.env.yml => etcd.env.j2} | 0
roles/kernel-upgrade/defaults/main.yml | 7 +-
.../kubernetes-apps/ansible/defaults/main.yml | 3 +-
roles/kubernetes-apps/ansible/tasks/main.yml | 4 +-
.../ansible/tasks/netchecker.yml | 3 +-
.../kubedns-autoscaler-clusterrole.yml | 1 +
.../kubedns-autoscaler-clusterrolebinding.yml | 1 +
.../templates/kubedns-autoscaler-sa.yml | 1 +
...toscaler.yml => kubedns-autoscaler.yml.j2} | 23 ++---
...bedns-deploy.yml => kubedns-deploy.yml.j2} | 1 +
.../ansible/templates/kubedns-sa.yml | 1 +
.../ansible/templates/kubedns-svc.yml | 2 +-
.../efk/elasticsearch/defaults/main.yml | 2 +-
.../efk/elasticsearch/meta/main.yml | 1 +
.../efk/elasticsearch/tasks/main.yml | 1 -
.../templates/efk-clusterrolebinding.yml | 1 +
.../efk/elasticsearch/templates/efk-sa.yml | 1 +
.../efk/fluentd/defaults/main.yml | 2 +-
.../kubernetes-apps/efk/fluentd/meta/main.yml | 1 +
.../efk/fluentd/tasks/main.yml | 1 -
.../efk/kibana/defaults/main.yml | 2 +-
.../kubernetes-apps/efk/kibana/meta/main.yml | 1 +
.../kubernetes-apps/efk/kibana/tasks/main.yml | 4 +-
roles/kubernetes-apps/efk/meta/main.yml | 1 +
roles/kubernetes-apps/helm/defaults/main.yml | 1 +
roles/kubernetes-apps/helm/meta/main.yml | 1 +
.../templates/tiller-clusterrolebinding.yml | 1 +
.../helm/templates/tiller-sa.yml | 1 +
roles/kubernetes-apps/meta/main.yml | 1 +
.../network_plugin/canal/tasks/main.yml | 4 +-
.../network_plugin/meta/main.yml | 12 +--
.../network_plugin/weave/tasks/main.yml | 5 +-
.../calico/defaults/main.yml | 1 +
.../policy_controller/calico/tasks/main.yml | 1 +
roles/kubernetes/master/defaults/main.yml | 5 +-
roles/kubernetes/master/tasks/main.yml | 1 -
roles/kubernetes/node/defaults/main.yml | 3 +-
roles/kubernetes/node/tasks/install.yml | 1 -
roles/kubernetes/node/tasks/install_rkt.yml | 5 +-
roles/kubernetes/preinstall/handlers/main.yml | 1 +
.../tasks/azure-credential-check.yml | 2 -
roles/kubernetes/preinstall/tasks/main.yml | 16 ++--
.../tasks/vsphere-credential-check.yml | 1 +
roles/kubernetes/preinstall/vars/centos.yml | 1 +
roles/kubernetes/preinstall/vars/debian.yml | 1 +
roles/kubernetes/preinstall/vars/fedora.yml | 1 +
roles/kubernetes/preinstall/vars/redhat.yml | 1 +
.../kubernetes/secrets/tasks/check-certs.yml | 1 -
.../secrets/tasks/gen_certs_script.yml | 45 +++++-----
.../secrets/tasks/gen_certs_vault.yml | 6 +-
.../secrets/tasks/sync_kube_node_certs.yml | 4 +-
roles/kubespray-defaults/defaults/main.yaml | 7 +-
roles/kubespray-defaults/tasks/main.yaml | 1 +
roles/network_plugin/calico/handlers/main.yml | 2 +-
.../calico/rr/handlers/main.yml | 2 +-
roles/network_plugin/calico/rr/meta/main.yml | 1 +
roles/network_plugin/canal/defaults/main.yml | 2 +-
roles/network_plugin/cloud/tasks/main.yml | 1 -
.../network_plugin/flannel/handlers/main.yml | 2 +-
.../flannel/templates/flannel-pod.yml | 86 +++++++++----------
roles/network_plugin/meta/main.yml | 28 +++---
.../weave/tasks/pre-upgrade.yml | 1 +
roles/rkt/tasks/install.yml | 14 +--
roles/upgrade/post-upgrade/tasks/main.yml | 2 -
roles/upgrade/pre-upgrade/defaults/main.yml | 2 +-
roles/vault/defaults/main.yml | 2 +-
.../tasks/bootstrap/create_etcd_role.yml | 3 +-
.../tasks/bootstrap/start_vault_temp.yml | 3 +-
.../tasks/bootstrap/sync_vault_certs.yml | 2 -
roles/vault/tasks/cluster/main.yml | 3 +-
roles/vault/tasks/shared/auth_backend.yml | 3 +-
roles/vault/tasks/shared/check_vault.yml | 5 +-
roles/vault/tasks/shared/find_leader.yml | 2 +-
roles/vault/tasks/shared/gen_userpass.yml | 2 +-
roles/vault/tasks/shared/issue_cert.yml | 2 +-
tests/requirements.txt | 5 ++
106 files changed, 301 insertions(+), 274 deletions(-)
create mode 100644 .yamllint
rename roles/etcd/templates/{etcd.env.yml => etcd.env.j2} (100%)
rename roles/kubernetes-apps/ansible/templates/{kubedns-autoscaler.yml => kubedns-autoscaler.yml.j2} (72%)
rename roles/kubernetes-apps/ansible/templates/{kubedns-deploy.yml => kubedns-deploy.yml.j2} (99%)
create mode 100644 tests/requirements.txt
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 948ef2983..6a456f9df 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -18,10 +18,7 @@ variables:
# us-west1-a
before_script:
- - pip install ansible==2.3.0
- - pip install netaddr
- - pip install apache-libcloud==0.20.1
- - pip install boto==2.9.0
+ - pip install -r tests/requirements.txt
- mkdir -p /.ssh
- cp tests/ansible.cfg .
@@ -75,10 +72,7 @@ before_script:
- $HOME/.cache
before_script:
- docker info
- - pip install ansible==2.3.0
- - pip install netaddr
- - pip install apache-libcloud==0.20.1
- - pip install boto==2.9.0
+ - pip install -r tests/requirements.txt
- mkdir -p /.ssh
- mkdir -p $HOME/.ssh
- echo $PRIVATE_KEY | base64 -d > $HOME/.ssh/id_rsa
@@ -642,6 +636,13 @@ syntax-check:
- ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root extra_playbooks/upgrade-only-k8s.yml -vvv --syntax-check
except: ['triggers', 'master']
+yamllint:
+ <<: *job
+ stage: unit-tests
+ script:
+ - yamllint roles
+ except: ['triggers', 'master']
+
tox-inventory-builder:
stage: unit-tests
<<: *job
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 000000000..50e7b167e
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,16 @@
+---
+extends: default
+
+rules:
+ braces:
+ min-spaces-inside: 0
+ max-spaces-inside: 1
+ brackets:
+ min-spaces-inside: 0
+ max-spaces-inside: 1
+ indentation:
+ spaces: 2
+ indent-sequences: consistent
+ line-length: disable
+ new-line-at-end-of-file: disable
+ truthy: disable
diff --git a/roles/bootstrap-os/tasks/bootstrap-coreos.yml b/roles/bootstrap-os/tasks/bootstrap-coreos.yml
index 892da1c04..2a2271055 100644
--- a/roles/bootstrap-os/tasks/bootstrap-coreos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-coreos.yml
@@ -49,4 +49,3 @@
pip:
name: "{{ item }}"
with_items: "{{pip_python_modules}}"
-
diff --git a/roles/bootstrap-os/tasks/main.yml b/roles/bootstrap-os/tasks/main.yml
index 73268031e..e7cb01b13 100644
--- a/roles/bootstrap-os/tasks/main.yml
+++ b/roles/bootstrap-os/tasks/main.yml
@@ -27,4 +27,3 @@
hostname:
name: "{{inventory_hostname}}"
when: ansible_hostname == 'localhost'
-
diff --git a/roles/bootstrap-os/tasks/setup-pipelining.yml b/roles/bootstrap-os/tasks/setup-pipelining.yml
index 7143f260e..559cef25e 100644
--- a/roles/bootstrap-os/tasks/setup-pipelining.yml
+++ b/roles/bootstrap-os/tasks/setup-pipelining.yml
@@ -6,4 +6,3 @@
regexp: '^\w+\s+requiretty'
dest: /etc/sudoers
state: absent
-
diff --git a/roles/dnsmasq/defaults/main.yml b/roles/dnsmasq/defaults/main.yml
index bf670c788..15fb7f169 100644
--- a/roles/dnsmasq/defaults/main.yml
+++ b/roles/dnsmasq/defaults/main.yml
@@ -4,12 +4,12 @@
# Max of 4 names is allowed and no more than 256 - 17 chars total
# (a 2 is reserved for the 'default.svc.' and'svc.')
-#searchdomains:
-# - foo.bar.lc
+# searchdomains:
+# - foo.bar.lc
# Max of 2 is allowed here (a 1 is reserved for the dns_server)
-#nameservers:
-# - 127.0.0.1
+# nameservers:
+# - 127.0.0.1
dns_forward_max: 150
cache_size: 1000
diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml
index edc50703d..56ec80d98 100644
--- a/roles/dnsmasq/tasks/main.yml
+++ b/roles/dnsmasq/tasks/main.yml
@@ -86,4 +86,3 @@
port: 53
timeout: 180
when: inventory_hostname == groups['kube-node'][0] and groups['kube-node'][0] in ansible_play_hosts
-
diff --git a/roles/dnsmasq/templates/dnsmasq-autoscaler.yml b/roles/dnsmasq/templates/dnsmasq-autoscaler.yml
index 4e5e2ddcc..aff99f08d 100644
--- a/roles/dnsmasq/templates/dnsmasq-autoscaler.yml
+++ b/roles/dnsmasq/templates/dnsmasq-autoscaler.yml
@@ -1,3 +1,4 @@
+---
# Copyright 2016 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,17 +35,16 @@ spec:
- name: autoscaler
image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.1
resources:
- requests:
- cpu: "20m"
- memory: "10Mi"
+ requests:
+ cpu: "20m"
+ memory: "10Mi"
command:
- - /cluster-proportional-autoscaler
- - --namespace=kube-system
- - --configmap=dnsmasq-autoscaler
- - --target=Deployment/dnsmasq
- # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
- # If using small nodes, "nodesPerReplica" should dominate.
- - --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}}
- - --logtostderr=true
- - --v={{ kube_log_level }}
-
+ - /cluster-proportional-autoscaler
+ - --namespace=kube-system
+ - --configmap=dnsmasq-autoscaler
+ - --target=Deployment/dnsmasq
+ # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
+ # If using small nodes, "nodesPerReplica" should dominate.
+ - --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}}
+ - --logtostderr=true
+ - --v={{ kube_log_level }}
diff --git a/roles/dnsmasq/templates/dnsmasq-deploy.yml b/roles/dnsmasq/templates/dnsmasq-deploy.yml
index e811e1995..6f11363b3 100644
--- a/roles/dnsmasq/templates/dnsmasq-deploy.yml
+++ b/roles/dnsmasq/templates/dnsmasq-deploy.yml
@@ -35,7 +35,6 @@ spec:
capabilities:
add:
- NET_ADMIN
- imagePullPolicy: IfNotPresent
resources:
limits:
cpu: {{ dns_cpu_limit }}
@@ -64,4 +63,3 @@ spec:
hostPath:
path: /etc/dnsmasq.d-available
dnsPolicy: Default # Don't use cluster DNS.
-
diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
index e262d908a..fa29b32f2 100644
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -1,3 +1,4 @@
+---
docker_version: '1.13'
docker_package_info:
diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml
index 90d7aacb8..a43d843ee 100644
--- a/roles/docker/handlers/main.yml
+++ b/roles/docker/handlers/main.yml
@@ -8,7 +8,7 @@
- Docker | pause while Docker restarts
- Docker | wait for docker
-- name : Docker | reload systemd
+- name: Docker | reload systemd
shell: systemctl daemon-reload
- name: Docker | reload docker.socket
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 09240bf9d..ef7e7fe8d 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -3,14 +3,14 @@
include_vars: "{{ item }}"
with_first_found:
- files:
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
- - "{{ ansible_distribution|lower }}.yml"
- - "{{ ansible_os_family|lower }}.yml"
- - defaults.yml
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
+ - "{{ ansible_distribution|lower }}.yml"
+ - "{{ ansible_os_family|lower }}.yml"
+ - defaults.yml
paths:
- - ../vars
+ - ../vars
skip: true
tags: facts
diff --git a/roles/docker/tasks/set_facts_dns.yml b/roles/docker/tasks/set_facts_dns.yml
index 64a09bff2..13f342ea9 100644
--- a/roles/docker/tasks/set_facts_dns.yml
+++ b/roles/docker/tasks/set_facts_dns.yml
@@ -48,7 +48,7 @@
- name: add system search domains to docker options
set_fact:
docker_dns_search_domains: "{{ docker_dns_search_domains | union(system_search_domains.stdout.split(' ')|default([])) | unique }}"
- when: system_search_domains.stdout != ""
+ when: system_search_domains.stdout != ""
- name: check number of nameservers
fail:
diff --git a/roles/docker/vars/debian.yml b/roles/docker/vars/debian.yml
index a4689ffbc..240e86ea4 100644
--- a/roles/docker/vars/debian.yml
+++ b/roles/docker/vars/debian.yml
@@ -1,3 +1,4 @@
+---
docker_kernel_min_version: '3.10'
# https://apt.dockerproject.org/repo/dists/debian-wheezy/main/filelist
diff --git a/roles/docker/vars/fedora-20.yml b/roles/docker/vars/fedora-20.yml
index c74cd9f28..31d431ee8 100644
--- a/roles/docker/vars/fedora-20.yml
+++ b/roles/docker/vars/fedora-20.yml
@@ -1,3 +1,4 @@
+---
docker_kernel_min_version: '0'
# versioning: docker-io itself is pinned at docker 1.5
diff --git a/roles/docker/vars/fedora.yml b/roles/docker/vars/fedora.yml
index f89c90a52..b82e5fc30 100644
--- a/roles/docker/vars/fedora.yml
+++ b/roles/docker/vars/fedora.yml
@@ -1,3 +1,4 @@
+---
docker_kernel_min_version: '0'
# https://docs.docker.com/engine/installation/linux/fedora/#install-from-a-package
diff --git a/roles/docker/vars/redhat.yml b/roles/docker/vars/redhat.yml
index 7abf2cda7..8b20def55 100644
--- a/roles/docker/vars/redhat.yml
+++ b/roles/docker/vars/redhat.yml
@@ -1,3 +1,4 @@
+---
docker_kernel_min_version: '0'
# https://yum.dockerproject.org/repo/main/centos/7/Packages/
@@ -8,7 +9,7 @@ docker_versioned_pkg:
'1.12': docker-engine-1.12.6-1.el7.centos
'1.13': docker-engine-1.13.1-1.el7.centos
'stable': docker-engine-17.03.0.ce-1.el7.centos
- 'edge': docker-engine-17.03.0.ce-1.el7.centos
+ 'edge': docker-engine-17.03.0.ce-1.el7.centos
# https://docs.docker.com/engine/installation/linux/centos/#install-from-a-package
# https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index e5a4aa31b..e5d24072b 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -20,7 +20,7 @@ download_always_pull: False
# Versions
kube_version: v1.7.3
etcd_version: v3.2.4
-#TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
+# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
# after migration to container download
calico_version: "v1.1.3"
calico_cni_version: "v1.8.0"
diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml
index 24d1b5bca..f9ae253d1 100644
--- a/roles/download/tasks/main.yml
+++ b/roles/download/tasks/main.yml
@@ -111,7 +111,7 @@
- download.enabled|bool
- download.container|bool
-#NOTE(bogdando) this brings no docker-py deps for nodes
+# NOTE(bogdando) this brings no docker-py deps for nodes
- name: Download containers if pull is required or told to always pull
command: "{{ docker_bin_dir }}/docker pull {{ pull_args }}"
register: pull_task_result
diff --git a/roles/etcd/defaults/main.yml b/roles/etcd/defaults/main.yml
index 7d1d976af..6b6fde38d 100644
--- a/roles/etcd/defaults/main.yml
+++ b/roles/etcd/defaults/main.yml
@@ -21,7 +21,7 @@ etcd_metrics: "basic"
etcd_memory_limit: 512M
# Uncomment to set CPU share for etcd
-#etcd_cpu_limit: 300m
+# etcd_cpu_limit: 300m
etcd_node_cert_hosts: "{{ groups['k8s-cluster'] | union(groups.get('calico-rr', [])) }}"
diff --git a/roles/etcd/handlers/backup.yml b/roles/etcd/handlers/backup.yml
index 68fe71f07..7ec42f4b6 100644
--- a/roles/etcd/handlers/backup.yml
+++ b/roles/etcd/handlers/backup.yml
@@ -43,4 +43,3 @@
ETCDCTL_API: 3
retries: 3
delay: "{{ retry_stagger | random + 3 }}"
-
diff --git a/roles/etcd/handlers/main.yml b/roles/etcd/handlers/main.yml
index 45da999ee..2575c25a4 100644
--- a/roles/etcd/handlers/main.yml
+++ b/roles/etcd/handlers/main.yml
@@ -30,4 +30,3 @@
- name: set etcd_secret_changed
set_fact:
etcd_secret_changed: true
-
diff --git a/roles/etcd/tasks/check_certs.yml b/roles/etcd/tasks/check_certs.yml
index fe96ea01c..8795fe820 100644
--- a/roles/etcd/tasks/check_certs.yml
+++ b/roles/etcd/tasks/check_certs.yml
@@ -66,4 +66,3 @@
{%- set _ = certs.update({'sync': True}) -%}
{% endif %}
{{ certs.sync }}
-
diff --git a/roles/etcd/tasks/gen_certs_script.yml b/roles/etcd/tasks/gen_certs_script.yml
index f70c6ee21..000f6842b 100644
--- a/roles/etcd/tasks/gen_certs_script.yml
+++ b/roles/etcd/tasks/gen_certs_script.yml
@@ -73,11 +73,10 @@
'member-{{ node }}-key.pem',
{% endfor %}]"
my_master_certs: ['ca-key.pem',
- 'admin-{{ inventory_hostname }}.pem',
- 'admin-{{ inventory_hostname }}-key.pem',
- 'member-{{ inventory_hostname }}.pem',
- 'member-{{ inventory_hostname }}-key.pem'
- ]
+ 'admin-{{ inventory_hostname }}.pem',
+ 'admin-{{ inventory_hostname }}-key.pem',
+ 'member-{{ inventory_hostname }}.pem',
+ 'member-{{ inventory_hostname }}-key.pem']
all_node_certs: "['ca.pem',
{% for node in (groups['k8s-cluster'] + groups['calico-rr']|default([]))|unique %}
'node-{{ node }}.pem',
@@ -111,22 +110,22 @@
sync_certs|default(false) and inventory_hostname not in groups['etcd']
notify: set etcd_secret_changed
-#NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
-#char limit when using shell command
-
-#FIXME(mattymo): Use tempfile module in ansible 2.3
-- name: Gen_certs | Prepare tempfile for unpacking certs
- shell: mktemp /tmp/certsXXXXX.tar.gz
- register: cert_tempfile
+# NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
+# char limit when using shell command
+
+# FIXME(mattymo): Use tempfile module in ansible 2.3
+- name: Gen_certs | Prepare tempfile for unpacking certs
+ shell: mktemp /tmp/certsXXXXX.tar.gz
+ register: cert_tempfile
when: inventory_hostname in groups['etcd'] and sync_certs|default(false) and
- inventory_hostname != groups['etcd'][0]
-
-- name: Gen_certs | Write master certs to tempfile
- copy:
- content: "{{etcd_master_cert_data.stdout}}"
- dest: "{{cert_tempfile.stdout}}"
- owner: root
- mode: "0600"
+ inventory_hostname != groups['etcd'][0]
+
+- name: Gen_certs | Write master certs to tempfile
+ copy:
+ content: "{{etcd_master_cert_data.stdout}}"
+ dest: "{{cert_tempfile.stdout}}"
+ owner: root
+ mode: "0600"
when: inventory_hostname in groups['etcd'] and sync_certs|default(false) and
inventory_hostname != groups['etcd'][0]
diff --git a/roles/etcd/tasks/gen_certs_vault.yml b/roles/etcd/tasks/gen_certs_vault.yml
index a0bf6cfdc..e59d376e9 100644
--- a/roles/etcd/tasks/gen_certs_vault.yml
+++ b/roles/etcd/tasks/gen_certs_vault.yml
@@ -7,7 +7,6 @@
when: inventory_hostname in etcd_node_cert_hosts
tags: etcd-secrets
-
- name: gen_certs_vault | Read in the local credentials
command: cat /etc/vault/roles/etcd/userpass
register: etcd_vault_creds_cat
@@ -33,15 +32,15 @@
- name: gen_certs_vault | Set fact for vault_client_token
set_fact:
- vault_client_token: "{{ etcd_vault_login_result.get('json', {}).get('auth', {}).get('client_token') }}"
+ vault_client_token: "{{ etcd_vault_login_result.get('json', {}).get('auth', {}).get('client_token') }}"
run_once: true
- name: gen_certs_vault | Set fact for Vault API token
set_fact:
etcd_vault_headers:
- Accept: application/json
- Content-Type: application/json
- X-Vault-Token: "{{ vault_client_token }}"
+ Accept: application/json
+ Content-Type: application/json
+ X-Vault-Token: "{{ vault_client_token }}"
run_once: true
when: vault_client_token != ""
@@ -96,5 +95,3 @@
with_items: "{{ etcd_node_certs_needed|d([]) }}"
when: inventory_hostname in etcd_node_cert_hosts
notify: set etcd_secret_changed
-
-
diff --git a/roles/etcd/tasks/install_docker.yml b/roles/etcd/tasks/install_docker.yml
index f87caeb4c..76eead2a2 100644
--- a/roles/etcd/tasks/install_docker.yml
+++ b/roles/etcd/tasks/install_docker.yml
@@ -1,5 +1,5 @@
---
-#Plan A: no docker-py deps
+# Plan A: no docker-py deps
- name: Install | Copy etcdctl binary from docker container
command: sh -c "{{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy;
{{ docker_bin_dir }}/docker create --name etcdctl-binarycopy {{ etcd_image_repo }}:{{ etcd_image_tag }} &&
@@ -12,21 +12,21 @@
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false
-#Plan B: looks nicer, but requires docker-py on all hosts:
-#- name: Install | Set up etcd-binarycopy container
-# docker:
-# name: etcd-binarycopy
-# state: present
-# image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
-# when: etcd_deployment_type == "docker"
+# Plan B: looks nicer, but requires docker-py on all hosts:
+# - name: Install | Set up etcd-binarycopy container
+# docker:
+# name: etcd-binarycopy
+# state: present
+# image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
+# when: etcd_deployment_type == "docker"
#
-#- name: Install | Copy etcdctl from etcd-binarycopy container
-# command: /usr/bin/docker cp "etcd-binarycopy:{{ etcd_container_bin_dir }}etcdctl" "{{ bin_dir }}/etcdctl"
-# when: etcd_deployment_type == "docker"
+# - name: Install | Copy etcdctl from etcd-binarycopy container
+# command: /usr/bin/docker cp "etcd-binarycopy:{{ etcd_container_bin_dir }}etcdctl" "{{ bin_dir }}/etcdctl"
+# when: etcd_deployment_type == "docker"
#
-#- name: Install | Clean up etcd-binarycopy container
-# docker:
-# name: etcd-binarycopy
-# state: absent
-# image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
-# when: etcd_deployment_type == "docker"
+# - name: Install | Clean up etcd-binarycopy container
+# docker:
+# name: etcd-binarycopy
+# state: absent
+# image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
+# when: etcd_deployment_type == "docker"
diff --git a/roles/etcd/tasks/pre_upgrade.yml b/roles/etcd/tasks/pre_upgrade.yml
index 0f171094a..e86a0d947 100644
--- a/roles/etcd/tasks/pre_upgrade.yml
+++ b/roles/etcd/tasks/pre_upgrade.yml
@@ -1,3 +1,4 @@
+---
- name: "Pre-upgrade | check for etcd-proxy unit file"
stat:
path: /etc/systemd/system/etcd-proxy.service
diff --git a/roles/etcd/tasks/refresh_config.yml b/roles/etcd/tasks/refresh_config.yml
index e6f8186d3..0691d1df9 100644
--- a/roles/etcd/tasks/refresh_config.yml
+++ b/roles/etcd/tasks/refresh_config.yml
@@ -1,7 +1,7 @@
---
- name: Refresh config | Create etcd config file
template:
- src: etcd.env.yml
+ src: etcd.env.j2
dest: /etc/etcd.env
notify: restart etcd
when: is_etcd_master
diff --git a/roles/etcd/tasks/sync_etcd_master_certs.yml b/roles/etcd/tasks/sync_etcd_master_certs.yml
index 27ce303e9..d436c97f5 100644
--- a/roles/etcd/tasks/sync_etcd_master_certs.yml
+++ b/roles/etcd/tasks/sync_etcd_master_certs.yml
@@ -1,7 +1,7 @@
---
- name: sync_etcd_master_certs | Create list of master certs needing creation
- set_fact:
+ set_fact:
etcd_master_cert_list: >-
{{ etcd_master_cert_list|default([]) + [
"admin-" + item + ".pem",
@@ -11,7 +11,7 @@
run_once: true
- include: ../../vault/tasks/shared/sync_file.yml
- vars:
+ vars:
sync_file: "{{ item }}"
sync_file_dir: "{{ etcd_cert_dir }}"
sync_file_hosts: "{{ groups.etcd }}"
diff --git a/roles/etcd/tasks/sync_etcd_node_certs.yml b/roles/etcd/tasks/sync_etcd_node_certs.yml
index 2f82dcffd..e535168fc 100644
--- a/roles/etcd/tasks/sync_etcd_node_certs.yml
+++ b/roles/etcd/tasks/sync_etcd_node_certs.yml
@@ -1,12 +1,12 @@
---
- name: sync_etcd_node_certs | Create list of node certs needing creation
- set_fact:
+ set_fact:
etcd_node_cert_list: "{{ etcd_node_cert_list|default([]) + ['node-' + item + '.pem'] }}"
with_items: "{{ etcd_node_cert_hosts }}"
- include: ../../vault/tasks/shared/sync_file.yml
- vars:
+ vars:
sync_file: "{{ item }}"
sync_file_dir: "{{ etcd_cert_dir }}"
sync_file_hosts: "{{ etcd_node_cert_hosts }}"
@@ -24,7 +24,7 @@
sync_file_results: []
- include: ../../vault/tasks/shared/sync_file.yml
- vars:
+ vars:
sync_file: ca.pem
sync_file_dir: "{{ etcd_cert_dir }}"
sync_file_hosts: "{{ etcd_node_cert_hosts }}"
diff --git a/roles/etcd/templates/etcd.env.yml b/roles/etcd/templates/etcd.env.j2
similarity index 100%
rename from roles/etcd/templates/etcd.env.yml
rename to roles/etcd/templates/etcd.env.j2
diff --git a/roles/kernel-upgrade/defaults/main.yml b/roles/kernel-upgrade/defaults/main.yml
index 8a1116785..688e6e018 100644
--- a/roles/kernel-upgrade/defaults/main.yml
+++ b/roles/kernel-upgrade/defaults/main.yml
@@ -1,9 +1,8 @@
---
-
elrepo_key_url: 'https://www.elrepo.org/RPM-GPG-KEY-elrepo.org'
-elrepo_rpm : elrepo-release-7.0-3.el7.elrepo.noarch.rpm
-elrepo_mirror : http://www.elrepo.org
+elrepo_rpm: elrepo-release-7.0-3.el7.elrepo.noarch.rpm
+elrepo_mirror: http://www.elrepo.org
-elrepo_url : '{{elrepo_mirror}}/{{elrepo_rpm}}'
+elrepo_url: '{{elrepo_mirror}}/{{elrepo_rpm}}'
elrepo_kernel_package: "kernel-lt"
diff --git a/roles/kubernetes-apps/ansible/defaults/main.yml b/roles/kubernetes-apps/ansible/defaults/main.yml
index d42b2ffed..42c4a027d 100644
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@@ -1,5 +1,6 @@
+---
# Versions
-kubedns_version : 1.14.2
+kubedns_version: 1.14.2
kubednsautoscaler_version: 1.1.1
# Limits for dnsmasq/kubedns apps
diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml
index e7bd934de..4f9b6ef1d 100644
--- a/roles/kubernetes-apps/ansible/tasks/main.yml
+++ b/roles/kubernetes-apps/ansible/tasks/main.yml
@@ -14,12 +14,12 @@
dest: "{{kube_config_dir}}/{{item.file}}"
with_items:
- {name: kubedns, file: kubedns-sa.yml, type: sa}
- - {name: kubedns, file: kubedns-deploy.yml, type: deployment}
+ - {name: kubedns, file: kubedns-deploy.yml.j2, type: deployment}
- {name: kubedns, file: kubedns-svc.yml, type: svc}
- {name: kubedns-autoscaler, file: kubedns-autoscaler-sa.yml, type: sa}
- {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrole.yml, type: clusterrole}
- {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding}
- - {name: kubedns-autoscaler, file: kubedns-autoscaler.yml, type: deployment}
+ - {name: kubedns-autoscaler, file: kubedns-autoscaler.yml.j2, type: deployment}
register: manifests
when:
- dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
diff --git a/roles/kubernetes-apps/ansible/tasks/netchecker.yml b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
index 2d88b288c..ca8535c2a 100644
--- a/roles/kubernetes-apps/ansible/tasks/netchecker.yml
+++ b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
@@ -1,3 +1,4 @@
+---
- name: Kubernetes Apps | Lay Down Netchecker Template
template:
src: "{{item.file}}"
@@ -24,7 +25,7 @@
state: absent
when: inventory_hostname == groups['kube-master'][0]
-#FIXME: remove if kubernetes/features#124 is implemented
+# FIXME: remove if kubernetes/features#124 is implemented
- name: Kubernetes Apps | Purge old Netchecker daemonsets
kube:
name: "{{item.item.name}}"
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml
index a194426c6..f80d3d90c 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml
@@ -1,3 +1,4 @@
+---
# Copyright 2016 The Kubernetes Authors. All rights reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml
index a368ae333..eb76f2d4e 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml
@@ -1,3 +1,4 @@
+---
# Copyright 2016 The Kubernetes Authors. All rights reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml
index 9544a7dd9..542ae86ce 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml
@@ -1,3 +1,4 @@
+---
# Copyright 2016 The Kubernetes Authors. All rights reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
similarity index 72%
rename from roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml
rename to roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
index 9e0462290..04f93fd84 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
@@ -1,3 +1,4 @@
+---
# Copyright 2016 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,18 +35,18 @@ spec:
- name: autoscaler
image: "{{ kubednsautoscaler_image_repo }}:{{ kubednsautoscaler_image_tag }}"
resources:
- requests:
- cpu: "20m"
- memory: "10Mi"
+ requests:
+ cpu: "20m"
+ memory: "10Mi"
command:
- - /cluster-proportional-autoscaler
- - --namespace={{ system_namespace }}
- - --configmap=kubedns-autoscaler
- # Should keep target in sync with cluster/addons/dns/kubedns-controller.yaml.base
- - --target=Deployment/kube-dns
- - --default-params={"linear":{"nodesPerReplica":{{ kubedns_nodes_per_replica }},"min":{{ kubedns_min_replicas }}}}
- - --logtostderr=true
- - --v=2
+ - /cluster-proportional-autoscaler
+ - --namespace={{ system_namespace }}
+ - --configmap=kubedns-autoscaler
+ # Should keep target in sync with cluster/addons/dns/kubedns-controller.yaml.base
+ - --target=Deployment/kube-dns
+ - --default-params={"linear":{"nodesPerReplica":{{ kubedns_nodes_per_replica }},"min":{{ kubedns_min_replicas }}}}
+ - --logtostderr=true
+ - --v=2
{% if rbac_enabled %}
serviceAccountName: cluster-proportional-autoscaler
{% endif %}
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
similarity index 99%
rename from roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml
rename to roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
index 7e4615676..149a16ebd 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
@@ -1,3 +1,4 @@
+---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml b/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml
index e520ccbfc..f399fd6f4 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml
@@ -1,3 +1,4 @@
+---
apiVersion: v1
kind: ServiceAccount
metadata:
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml b/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml
index 0565a01e8..1c4710db1 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml
@@ -1,3 +1,4 @@
+---
apiVersion: v1
kind: Service
metadata:
@@ -19,4 +20,3 @@ spec:
- name: dns-tcp
port: 53
protocol: TCP
-
diff --git a/roles/kubernetes-apps/efk/elasticsearch/defaults/main.yml b/roles/kubernetes-apps/efk/elasticsearch/defaults/main.yml
index e5af87425..d38ba6a6b 100644
--- a/roles/kubernetes-apps/efk/elasticsearch/defaults/main.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/defaults/main.yml
@@ -1,5 +1,5 @@
---
-elasticsearch_cpu_limit: 1000m
+elasticsearch_cpu_limit: 1000m
elasticsearch_mem_limit: 0M
elasticsearch_cpu_requests: 100m
elasticsearch_mem_requests: 0M
diff --git a/roles/kubernetes-apps/efk/elasticsearch/meta/main.yml b/roles/kubernetes-apps/efk/elasticsearch/meta/main.yml
index cd0a80606..3dc6f3ca1 100644
--- a/roles/kubernetes-apps/efk/elasticsearch/meta/main.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/meta/main.yml
@@ -1,3 +1,4 @@
+---
dependencies:
- role: download
file: "{{ downloads.elasticsearch }}"
diff --git a/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml b/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml
index 7e3626571..de514b563 100644
--- a/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml
@@ -38,4 +38,3 @@
command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/elasticsearch-service.yaml -n {{ system_namespace }}"
run_once: true
when: es_service_manifest.changed
-
diff --git a/roles/kubernetes-apps/efk/elasticsearch/templates/efk-clusterrolebinding.yml b/roles/kubernetes-apps/efk/elasticsearch/templates/efk-clusterrolebinding.yml
index 2c11e566b..a5aba61ae 100644
--- a/roles/kubernetes-apps/efk/elasticsearch/templates/efk-clusterrolebinding.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/templates/efk-clusterrolebinding.yml
@@ -1,3 +1,4 @@
+---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
diff --git a/roles/kubernetes-apps/efk/elasticsearch/templates/efk-sa.yml b/roles/kubernetes-apps/efk/elasticsearch/templates/efk-sa.yml
index b73c2a49d..e79e26be8 100644
--- a/roles/kubernetes-apps/efk/elasticsearch/templates/efk-sa.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/templates/efk-sa.yml
@@ -1,3 +1,4 @@
+---
apiVersion: v1
kind: ServiceAccount
metadata:
diff --git a/roles/kubernetes-apps/efk/fluentd/defaults/main.yml b/roles/kubernetes-apps/efk/fluentd/defaults/main.yml
index eeb95b71a..e8d93732c 100644
--- a/roles/kubernetes-apps/efk/fluentd/defaults/main.yml
+++ b/roles/kubernetes-apps/efk/fluentd/defaults/main.yml
@@ -1,5 +1,5 @@
---
-fluentd_cpu_limit: 0m
+fluentd_cpu_limit: 0m
fluentd_mem_limit: 200Mi
fluentd_cpu_requests: 100m
fluentd_mem_requests: 200Mi
diff --git a/roles/kubernetes-apps/efk/fluentd/meta/main.yml b/roles/kubernetes-apps/efk/fluentd/meta/main.yml
index 1ba777c76..0e1e03813 100644
--- a/roles/kubernetes-apps/efk/fluentd/meta/main.yml
+++ b/roles/kubernetes-apps/efk/fluentd/meta/main.yml
@@ -1,3 +1,4 @@
+---
dependencies:
- role: download
file: "{{ downloads.fluentd }}"
diff --git a/roles/kubernetes-apps/efk/fluentd/tasks/main.yml b/roles/kubernetes-apps/efk/fluentd/tasks/main.yml
index 31b41412e..c91bf6827 100644
--- a/roles/kubernetes-apps/efk/fluentd/tasks/main.yml
+++ b/roles/kubernetes-apps/efk/fluentd/tasks/main.yml
@@ -20,4 +20,3 @@
command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/fluentd-ds.yaml -n {{ system_namespace }}"
run_once: true
when: fluentd_ds_manifest.changed
-
diff --git a/roles/kubernetes-apps/efk/kibana/defaults/main.yml b/roles/kubernetes-apps/efk/kibana/defaults/main.yml
index ad6215c93..baf07cdf2 100644
--- a/roles/kubernetes-apps/efk/kibana/defaults/main.yml
+++ b/roles/kubernetes-apps/efk/kibana/defaults/main.yml
@@ -1,5 +1,5 @@
---
-kibana_cpu_limit: 100m
+kibana_cpu_limit: 100m
kibana_mem_limit: 0M
kibana_cpu_requests: 100m
kibana_mem_requests: 0M
diff --git a/roles/kubernetes-apps/efk/kibana/meta/main.yml b/roles/kubernetes-apps/efk/kibana/meta/main.yml
index 34d0ab21a..775880d54 100644
--- a/roles/kubernetes-apps/efk/kibana/meta/main.yml
+++ b/roles/kubernetes-apps/efk/kibana/meta/main.yml
@@ -1,3 +1,4 @@
+---
dependencies:
- role: download
file: "{{ downloads.kibana }}"
diff --git a/roles/kubernetes-apps/efk/kibana/tasks/main.yml b/roles/kubernetes-apps/efk/kibana/tasks/main.yml
index 5e2b15f71..4c14d1945 100644
--- a/roles/kubernetes-apps/efk/kibana/tasks/main.yml
+++ b/roles/kubernetes-apps/efk/kibana/tasks/main.yml
@@ -1,6 +1,6 @@
---
- name: "Kibana | Write Kibana deployment"
- template:
+ template:
src: kibana-deployment.yml.j2
dest: "{{ kube_config_dir }}/kibana-deployment.yaml"
register: kibana_deployment_manifest
@@ -17,7 +17,7 @@
run_once: true
- name: "Kibana | Write Kibana service "
- template:
+ template:
src: kibana-service.yml.j2
dest: "{{ kube_config_dir }}/kibana-service.yaml"
register: kibana_service_manifest
diff --git a/roles/kubernetes-apps/efk/meta/main.yml b/roles/kubernetes-apps/efk/meta/main.yml
index e11bbae29..550ba9497 100644
--- a/roles/kubernetes-apps/efk/meta/main.yml
+++ b/roles/kubernetes-apps/efk/meta/main.yml
@@ -1,3 +1,4 @@
+---
dependencies:
- role: kubernetes-apps/efk/elasticsearch
- role: kubernetes-apps/efk/fluentd
diff --git a/roles/kubernetes-apps/helm/defaults/main.yml b/roles/kubernetes-apps/helm/defaults/main.yml
index b1b2dfca9..bb7ca244e 100644
--- a/roles/kubernetes-apps/helm/defaults/main.yml
+++ b/roles/kubernetes-apps/helm/defaults/main.yml
@@ -1,3 +1,4 @@
+---
helm_enabled: false
# specify a dir and attach it to helm for HELM_HOME.
diff --git a/roles/kubernetes-apps/helm/meta/main.yml b/roles/kubernetes-apps/helm/meta/main.yml
index 805439250..5092ec83b 100644
--- a/roles/kubernetes-apps/helm/meta/main.yml
+++ b/roles/kubernetes-apps/helm/meta/main.yml
@@ -1,3 +1,4 @@
+---
dependencies:
- role: download
file: "{{ downloads.helm }}"
diff --git a/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml b/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml
index 0ac9341ee..0c8db4c78 100644
--- a/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml
+++ b/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml
@@ -1,3 +1,4 @@
+---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
diff --git a/roles/kubernetes-apps/helm/templates/tiller-sa.yml b/roles/kubernetes-apps/helm/templates/tiller-sa.yml
index c840f57f8..26e575fb6 100644
--- a/roles/kubernetes-apps/helm/templates/tiller-sa.yml
+++ b/roles/kubernetes-apps/helm/templates/tiller-sa.yml
@@ -1,3 +1,4 @@
+---
apiVersion: v1
kind: ServiceAccount
metadata:
diff --git a/roles/kubernetes-apps/meta/main.yml b/roles/kubernetes-apps/meta/main.yml
index c2dd39d73..9652e1a96 100644
--- a/roles/kubernetes-apps/meta/main.yml
+++ b/roles/kubernetes-apps/meta/main.yml
@@ -1,3 +1,4 @@
+---
dependencies:
- role: download
file: "{{ downloads.netcheck_server }}"
diff --git a/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml b/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
index f5ffc4393..a65a86c43 100644
--- a/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
@@ -1,3 +1,4 @@
+---
- name: Create canal ConfigMap
run_once: true
kube:
@@ -7,7 +8,7 @@
resource: "configmap"
namespace: "{{system_namespace}}"
-#FIXME: remove if kubernetes/features#124 is implemented
+# FIXME: remove if kubernetes/features#124 is implemented
- name: Purge old flannel and canal-node
run_once: true
kube:
@@ -29,4 +30,3 @@
namespace: "{{system_namespace}}"
state: "{{ item | ternary('latest','present') }}"
with_items: "{{ canal_node_manifest.changed }}"
-
diff --git a/roles/kubernetes-apps/network_plugin/meta/main.yml b/roles/kubernetes-apps/network_plugin/meta/main.yml
index 43382f2ae..4559d25c6 100644
--- a/roles/kubernetes-apps/network_plugin/meta/main.yml
+++ b/roles/kubernetes-apps/network_plugin/meta/main.yml
@@ -1,8 +1,8 @@
---
dependencies:
- - role: kubernetes-apps/network_plugin/canal
- when: kube_network_plugin == 'canal'
- tags: canal
- - role: kubernetes-apps/network_plugin/weave
- when: kube_network_plugin == 'weave'
- tags: weave
+ - role: kubernetes-apps/network_plugin/canal
+ when: kube_network_plugin == 'canal'
+ tags: canal
+ - role: kubernetes-apps/network_plugin/weave
+ when: kube_network_plugin == 'weave'
+ tags: weave
diff --git a/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
index 232f2d781..c25702b44 100644
--- a/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
@@ -1,4 +1,5 @@
-#FIXME: remove if kubernetes/features#124 is implemented
+---
+# FIXME: remove if kubernetes/features#124 is implemented
- name: Weave | Purge old weave daemonset
kube:
name: "weave-net"
@@ -9,7 +10,6 @@
state: absent
when: inventory_hostname == groups['kube-master'][0] and weave_manifest.changed
-
- name: Weave | Start Resources
kube:
name: "weave-net"
@@ -21,7 +21,6 @@
with_items: "{{ weave_manifest.changed }}"
when: inventory_hostname == groups['kube-master'][0]
-
- name: "Weave | wait for weave to become available"
uri:
url: http://127.0.0.1:6784/status
diff --git a/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml b/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml
index 7a4db0ea8..93d12c901 100644
--- a/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml
+++ b/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml
@@ -1,3 +1,4 @@
+---
# Limits for calico apps
calico_policy_controller_cpu_limit: 100m
calico_policy_controller_memory_limit: 256M
diff --git a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
index 8b4271d6a..de102f31d 100644
--- a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
+++ b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
@@ -1,3 +1,4 @@
+---
- set_fact:
calico_cert_dir: "{{ canal_cert_dir }}"
when: kube_network_plugin == 'canal'
diff --git a/roles/kubernetes/master/defaults/main.yml b/roles/kubernetes/master/defaults/main.yml
index 7cfe9cc9a..979622731 100644
--- a/roles/kubernetes/master/defaults/main.yml
+++ b/roles/kubernetes/master/defaults/main.yml
@@ -1,3 +1,4 @@
+---
# An experimental dev/test only dynamic volumes provisioner,
# for PetSets. Works for kube>=v1.3 only.
kube_hostpath_dynamic_provisioner: "false"
@@ -52,14 +53,14 @@ kube_oidc_auth: false
## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/
## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...)
-#kube_oidc_url: https:// ...
+# kube_oidc_url: https:// ...
# kube_oidc_client_id: kubernetes
## Optional settings for OIDC
# kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem
# kube_oidc_username_claim: sub
# kube_oidc_groups_claim: groups
-##Variables for custom flags
+## Variables for custom flags
apiserver_custom_flags: []
controller_mgr_custom_flags: []
diff --git a/roles/kubernetes/master/tasks/main.yml b/roles/kubernetes/master/tasks/main.yml
index 6922e6a51..24a3a495a 100644
--- a/roles/kubernetes/master/tasks/main.yml
+++ b/roles/kubernetes/master/tasks/main.yml
@@ -88,4 +88,3 @@
- include: post-upgrade.yml
tags: k8s-post-upgrade
-
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index 6e2ff835f..940bdfff4 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -1,3 +1,4 @@
+---
# Valid options: docker (default), rkt, or host
kubelet_deployment_type: host
@@ -49,7 +50,7 @@ kube_apiserver_node_port_range: "30000-32767"
kubelet_load_modules: false
-##Support custom flags to be passed to kubelet
+## Support custom flags to be passed to kubelet
kubelet_custom_flags: []
# This setting is used for rkt based kubelet for deploying hyperkube
diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml
index ad4cbacf1..692f8247c 100644
--- a/roles/kubernetes/node/tasks/install.yml
+++ b/roles/kubernetes/node/tasks/install.yml
@@ -21,4 +21,3 @@
dest: "/etc/systemd/system/kubelet.service"
backup: "yes"
notify: restart kubelet
-
diff --git a/roles/kubernetes/node/tasks/install_rkt.yml b/roles/kubernetes/node/tasks/install_rkt.yml
index 68e90860c..d19b099bd 100644
--- a/roles/kubernetes/node/tasks/install_rkt.yml
+++ b/roles/kubernetes/node/tasks/install_rkt.yml
@@ -20,8 +20,8 @@
path: /var/lib/kubelet
- name: Create kubelet service systemd directory
- file:
- path: /etc/systemd/system/kubelet.service.d
+ file:
+ path: /etc/systemd/system/kubelet.service.d
state: directory
- name: Write kubelet proxy drop-in
@@ -30,4 +30,3 @@
dest: /etc/systemd/system/kubelet.service.d/http-proxy.conf
when: http_proxy is defined or https_proxy is defined or no_proxy is defined
notify: restart kubelet
-
diff --git a/roles/kubernetes/preinstall/handlers/main.yml b/roles/kubernetes/preinstall/handlers/main.yml
index 35fec7d94..dab1bf7de 100644
--- a/roles/kubernetes/preinstall/handlers/main.yml
+++ b/roles/kubernetes/preinstall/handlers/main.yml
@@ -1,3 +1,4 @@
+---
- name: Preinstall | restart network
command: /bin/true
notify:
diff --git a/roles/kubernetes/preinstall/tasks/azure-credential-check.yml b/roles/kubernetes/preinstall/tasks/azure-credential-check.yml
index ca50d5843..fa2d82fd2 100644
--- a/roles/kubernetes/preinstall/tasks/azure-credential-check.yml
+++ b/roles/kubernetes/preinstall/tasks/azure-credential-check.yml
@@ -48,5 +48,3 @@
fail:
msg: "azure_route_table_name is missing"
when: azure_route_table_name is not defined or azure_route_table_name == ""
-
-
diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
index e3f27192f..b6a246684 100644
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -1,6 +1,6 @@
---
- include: pre-upgrade.yml
- tags: [upgrade, bootstrap-os]
+ tags: [upgrade, bootstrap-os]
- name: Force binaries directory for Container Linux by CoreOS
set_fact:
@@ -27,14 +27,14 @@
include_vars: "{{ item }}"
with_first_found:
- files:
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
- - "{{ ansible_distribution|lower }}.yml"
- - "{{ ansible_os_family|lower }}.yml"
- - defaults.yml
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
+ - "{{ ansible_distribution|lower }}.yml"
+ - "{{ ansible_os_family|lower }}.yml"
+ - defaults.yml
paths:
- - ../vars
+ - ../vars
skip: true
tags: facts
diff --git a/roles/kubernetes/preinstall/tasks/vsphere-credential-check.yml b/roles/kubernetes/preinstall/tasks/vsphere-credential-check.yml
index b91726d50..9beeb6b50 100644
--- a/roles/kubernetes/preinstall/tasks/vsphere-credential-check.yml
+++ b/roles/kubernetes/preinstall/tasks/vsphere-credential-check.yml
@@ -1,3 +1,4 @@
+---
- name: check vsphere environment variables
fail:
msg: "{{ item.name }} is missing"
diff --git a/roles/kubernetes/preinstall/vars/centos.yml b/roles/kubernetes/preinstall/vars/centos.yml
index c1be4b9b3..b2fbcd80a 100644
--- a/roles/kubernetes/preinstall/vars/centos.yml
+++ b/roles/kubernetes/preinstall/vars/centos.yml
@@ -1,3 +1,4 @@
+---
required_pkgs:
- libselinux-python
- device-mapper-libs
diff --git a/roles/kubernetes/preinstall/vars/debian.yml b/roles/kubernetes/preinstall/vars/debian.yml
index 596d2ac8b..dfcb0bc34 100644
--- a/roles/kubernetes/preinstall/vars/debian.yml
+++ b/roles/kubernetes/preinstall/vars/debian.yml
@@ -1,3 +1,4 @@
+---
required_pkgs:
- python-apt
- aufs-tools
diff --git a/roles/kubernetes/preinstall/vars/fedora.yml b/roles/kubernetes/preinstall/vars/fedora.yml
index c1be4b9b3..b2fbcd80a 100644
--- a/roles/kubernetes/preinstall/vars/fedora.yml
+++ b/roles/kubernetes/preinstall/vars/fedora.yml
@@ -1,3 +1,4 @@
+---
required_pkgs:
- libselinux-python
- device-mapper-libs
diff --git a/roles/kubernetes/preinstall/vars/redhat.yml b/roles/kubernetes/preinstall/vars/redhat.yml
index c1be4b9b3..b2fbcd80a 100644
--- a/roles/kubernetes/preinstall/vars/redhat.yml
+++ b/roles/kubernetes/preinstall/vars/redhat.yml
@@ -1,3 +1,4 @@
+---
required_pkgs:
- libselinux-python
- device-mapper-libs
diff --git a/roles/kubernetes/secrets/tasks/check-certs.yml b/roles/kubernetes/secrets/tasks/check-certs.yml
index 69b82d957..3870a3e96 100644
--- a/roles/kubernetes/secrets/tasks/check-certs.yml
+++ b/roles/kubernetes/secrets/tasks/check-certs.yml
@@ -105,4 +105,3 @@
{%- set _ = certs.update({'sync': True}) -%}
{% endif %}
{{ certs.sync }}
-
diff --git a/roles/kubernetes/secrets/tasks/gen_certs_script.yml b/roles/kubernetes/secrets/tasks/gen_certs_script.yml
index 80fb4a506..41d91362b 100644
--- a/roles/kubernetes/secrets/tasks/gen_certs_script.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs_script.yml
@@ -56,26 +56,25 @@
- set_fact:
all_master_certs: "['ca-key.pem',
+ 'apiserver.pem',
+ 'apiserver-key.pem',
+ 'kube-scheduler.pem',
+ 'kube-scheduler-key.pem',
+ 'kube-controller-manager.pem',
+ 'kube-controller-manager-key.pem',
+ {% for node in groups['kube-master'] %}
+ 'admin-{{ node }}.pem',
+ 'admin-{{ node }}-key.pem',
+ {% endfor %}]"
+ my_master_certs: ['ca-key.pem',
+ 'admin-{{ inventory_hostname }}.pem',
+ 'admin-{{ inventory_hostname }}-key.pem',
'apiserver.pem',
'apiserver-key.pem',
'kube-scheduler.pem',
'kube-scheduler-key.pem',
'kube-controller-manager.pem',
- 'kube-controller-manager-key.pem',
- {% for node in groups['kube-master'] %}
- 'admin-{{ node }}.pem',
- 'admin-{{ node }}-key.pem',
- {% endfor %}]"
- my_master_certs: ['ca-key.pem',
- 'admin-{{ inventory_hostname }}.pem',
- 'admin-{{ inventory_hostname }}-key.pem',
- 'apiserver.pem',
- 'apiserver-key.pem',
- 'kube-scheduler.pem',
- 'kube-scheduler-key.pem',
- 'kube-controller-manager.pem',
- 'kube-controller-manager-key.pem',
- ]
+ 'kube-controller-manager-key.pem']
all_node_certs: "['ca.pem',
{% for node in groups['k8s-cluster'] %}
'node-{{ node }}.pem',
@@ -84,11 +83,10 @@
'kube-proxy-{{ node }}-key.pem',
{% endfor %}]"
my_node_certs: ['ca.pem',
- 'node-{{ inventory_hostname }}.pem',
- 'node-{{ inventory_hostname }}-key.pem',
- 'kube-proxy-{{ inventory_hostname }}.pem',
- 'kube-proxy-{{ inventory_hostname }}-key.pem',
- ]
+ 'node-{{ inventory_hostname }}.pem',
+ 'node-{{ inventory_hostname }}-key.pem',
+ 'kube-proxy-{{ inventory_hostname }}.pem',
+ 'kube-proxy-{{ inventory_hostname }}-key.pem']
tags: facts
- name: Gen_certs | Gather master certs
@@ -114,10 +112,10 @@
sync_certs|default(false) and
inventory_hostname != groups['kube-master'][0]
-#NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
-#char limit when using shell command
+# NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
+# char limit when using shell command
-#FIXME(mattymo): Use tempfile module in ansible 2.3
+# FIXME(mattymo): Use tempfile module in ansible 2.3
- name: Gen_certs | Prepare tempfile for unpacking certs
shell: mktemp /tmp/certsXXXXX.tar.gz
register: cert_tempfile
@@ -195,4 +193,3 @@
- name: Gen_certs | update ca-certificates (RedHat)
command: update-ca-trust extract
when: kube_ca_cert.changed and ansible_os_family == "RedHat"
-
diff --git a/roles/kubernetes/secrets/tasks/gen_certs_vault.yml b/roles/kubernetes/secrets/tasks/gen_certs_vault.yml
index e516db0f2..308ac9260 100644
--- a/roles/kubernetes/secrets/tasks/gen_certs_vault.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs_vault.yml
@@ -33,9 +33,9 @@
- name: gen_certs_vault | Set fact for Vault API token
set_fact:
kube_vault_headers:
- Accept: application/json
- Content-Type: application/json
- X-Vault-Token: "{{ kube_vault_login_result.get('json',{}).get('auth', {}).get('client_token') }}"
+ Accept: application/json
+ Content-Type: application/json
+ X-Vault-Token: "{{ kube_vault_login_result.get('json',{}).get('auth', {}).get('client_token') }}"
run_once: true
# Issue certs to kube-master nodes
diff --git a/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml b/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml
index b97b85e17..7aafab5c8 100644
--- a/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml
+++ b/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml
@@ -6,7 +6,7 @@
with_items: "{{ groups['k8s-cluster'] }}"
- include: ../../../vault/tasks/shared/sync_file.yml
- vars:
+ vars:
sync_file: "{{ item }}"
sync_file_dir: "{{ kube_cert_dir }}"
sync_file_group: "{{ kube_cert_group }}"
@@ -26,7 +26,7 @@
sync_file_results: []
- include: ../../../vault/tasks/shared/sync_file.yml
- vars:
+ vars:
sync_file: ca.pem
sync_file_dir: "{{ kube_cert_dir }}"
sync_file_group: "{{ kube_cert_group }}"
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index c2152814f..03b05c5bd 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -1,3 +1,4 @@
+---
## Required for bootstrap-os/preinstall/download roles and setting facts
# Valid bootstrap options (required): ubuntu, coreos, centos, none
bootstrap_os: none
@@ -88,8 +89,10 @@ kube_network_node_prefix: 24
# The port the API Server will be listening on.
kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
-kube_apiserver_port: 6443 # (https)
-kube_apiserver_insecure_port: 8080 # (http)
+# https
+kube_apiserver_port: 6443
+# http
+kube_apiserver_insecure_port: 8080
# Path used to store Docker data
docker_daemon_graph: "/var/lib/docker"
diff --git a/roles/kubespray-defaults/tasks/main.yaml b/roles/kubespray-defaults/tasks/main.yaml
index 5b2cb96a0..11b9e3653 100644
--- a/roles/kubespray-defaults/tasks/main.yaml
+++ b/roles/kubespray-defaults/tasks/main.yaml
@@ -1,3 +1,4 @@
+---
- name: Configure defaults
debug:
msg: "Check roles/kubespray-defaults/defaults/main.yml"
diff --git a/roles/network_plugin/calico/handlers/main.yml b/roles/network_plugin/calico/handlers/main.yml
index 78dad7505..05cc73289 100644
--- a/roles/network_plugin/calico/handlers/main.yml
+++ b/roles/network_plugin/calico/handlers/main.yml
@@ -5,7 +5,7 @@
- Calico | reload systemd
- Calico | reload calico-node
-- name : Calico | reload systemd
+- name: Calico | reload systemd
shell: systemctl daemon-reload
- name: Calico | reload calico-node
diff --git a/roles/network_plugin/calico/rr/handlers/main.yml b/roles/network_plugin/calico/rr/handlers/main.yml
index efd0e12ac..cb166bda1 100644
--- a/roles/network_plugin/calico/rr/handlers/main.yml
+++ b/roles/network_plugin/calico/rr/handlers/main.yml
@@ -5,7 +5,7 @@
- Calico-rr | reload systemd
- Calico-rr | reload calico-rr
-- name : Calico-rr | reload systemd
+- name: Calico-rr | reload systemd
shell: systemctl daemon-reload
- name: Calico-rr | reload calico-rr
diff --git a/roles/network_plugin/calico/rr/meta/main.yml b/roles/network_plugin/calico/rr/meta/main.yml
index 55104953e..511b89744 100644
--- a/roles/network_plugin/calico/rr/meta/main.yml
+++ b/roles/network_plugin/calico/rr/meta/main.yml
@@ -1,3 +1,4 @@
+---
dependencies:
- role: etcd
- role: docker
diff --git a/roles/network_plugin/canal/defaults/main.yml b/roles/network_plugin/canal/defaults/main.yml
index d4018db4d..38696b87a 100644
--- a/roles/network_plugin/canal/defaults/main.yml
+++ b/roles/network_plugin/canal/defaults/main.yml
@@ -1,3 +1,4 @@
+---
# The interface used by canal for host <-> host communication.
# If left blank, then the interface is chosing using the node's
# default route.
@@ -30,4 +31,3 @@ calicoctl_memory_limit: 170M
calicoctl_cpu_limit: 100m
calicoctl_memory_requests: 32M
calicoctl_cpu_requests: 25m
-
diff --git a/roles/network_plugin/cloud/tasks/main.yml b/roles/network_plugin/cloud/tasks/main.yml
index 36fa8e57d..7b6650372 100644
--- a/roles/network_plugin/cloud/tasks/main.yml
+++ b/roles/network_plugin/cloud/tasks/main.yml
@@ -14,4 +14,3 @@
owner: kube
recurse: true
mode: "u=rwX,g-rwx,o-rwx"
-
diff --git a/roles/network_plugin/flannel/handlers/main.yml b/roles/network_plugin/flannel/handlers/main.yml
index bd4058976..3726c900e 100644
--- a/roles/network_plugin/flannel/handlers/main.yml
+++ b/roles/network_plugin/flannel/handlers/main.yml
@@ -18,7 +18,7 @@
- Flannel | pause while Docker restarts
- Flannel | wait for docker
-- name : Flannel | reload systemd
+- name: Flannel | reload systemd
shell: systemctl daemon-reload
- name: Flannel | reload docker.socket
diff --git a/roles/network_plugin/flannel/templates/flannel-pod.yml b/roles/network_plugin/flannel/templates/flannel-pod.yml
index 92ecada69..5ca78ae1d 100644
--- a/roles/network_plugin/flannel/templates/flannel-pod.yml
+++ b/roles/network_plugin/flannel/templates/flannel-pod.yml
@@ -1,44 +1,44 @@
---
- kind: "Pod"
- apiVersion: "v1"
- metadata:
- name: "flannel"
- namespace: "{{system_namespace}}"
- labels:
- app: "flannel"
- version: "v0.1"
- spec:
- volumes:
- - name: "subnetenv"
- hostPath:
- path: "/run/flannel"
- - name: "etcd-certs"
- hostPath:
- path: "{{ flannel_cert_dir }}"
- containers:
- - name: "flannel-container"
- image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
- imagePullPolicy: {{ k8s_image_pull_policy }}
- resources:
- limits:
- cpu: {{ flannel_cpu_limit }}
- memory: {{ flannel_memory_limit }}
- requests:
- cpu: {{ flannel_cpu_requests }}
- memory: {{ flannel_memory_requests }}
- command:
- - "/bin/sh"
- - "-c"
- - "/opt/bin/flanneld -etcd-endpoints {{ etcd_access_endpoint }} -etcd-prefix /{{ cluster_name }}/network -etcd-cafile {{ flannel_cert_dir }}/ca_cert.crt -etcd-certfile {{ flannel_cert_dir }}/cert.crt -etcd-keyfile {{ flannel_cert_dir }}/key.pem {% if flannel_interface is defined %}-iface {{ flannel_interface }}{% endif %} {% if flannel_public_ip is defined %}-public-ip {{ flannel_public_ip }}{% endif %}"
- ports:
- - hostPort: 10253
- containerPort: 10253
- volumeMounts:
- - name: "subnetenv"
- mountPath: "/run/flannel"
- - name: "etcd-certs"
- mountPath: "{{ flannel_cert_dir }}"
- readOnly: true
- securityContext:
- privileged: true
- hostNetwork: true
+kind: "Pod"
+apiVersion: "v1"
+metadata:
+ name: "flannel"
+ namespace: "{{system_namespace}}"
+ labels:
+ app: "flannel"
+ version: "v0.1"
+spec:
+ volumes:
+ - name: "subnetenv"
+ hostPath:
+ path: "/run/flannel"
+ - name: "etcd-certs"
+ hostPath:
+ path: "{{ flannel_cert_dir }}"
+ containers:
+ - name: "flannel-container"
+ image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
+ imagePullPolicy: {{ k8s_image_pull_policy }}
+ resources:
+ limits:
+ cpu: {{ flannel_cpu_limit }}
+ memory: {{ flannel_memory_limit }}
+ requests:
+ cpu: {{ flannel_cpu_requests }}
+ memory: {{ flannel_memory_requests }}
+ command:
+ - "/bin/sh"
+ - "-c"
+ - "/opt/bin/flanneld -etcd-endpoints {{ etcd_access_endpoint }} -etcd-prefix /{{ cluster_name }}/network -etcd-cafile {{ flannel_cert_dir }}/ca_cert.crt -etcd-certfile {{ flannel_cert_dir }}/cert.crt -etcd-keyfile {{ flannel_cert_dir }}/key.pem {% if flannel_interface is defined %}-iface {{ flannel_interface }}{% endif %} {% if flannel_public_ip is defined %}-public-ip {{ flannel_public_ip }}{% endif %}"
+ ports:
+ - hostPort: 10253
+ containerPort: 10253
+ volumeMounts:
+ - name: "subnetenv"
+ mountPath: "/run/flannel"
+ - name: "etcd-certs"
+ mountPath: "{{ flannel_cert_dir }}"
+ readOnly: true
+ securityContext:
+ privileged: true
+ hostNetwork: true
diff --git a/roles/network_plugin/meta/main.yml b/roles/network_plugin/meta/main.yml
index a1c970efe..d9834a3cd 100644
--- a/roles/network_plugin/meta/main.yml
+++ b/roles/network_plugin/meta/main.yml
@@ -1,16 +1,16 @@
---
dependencies:
- - role: network_plugin/calico
- when: kube_network_plugin == 'calico'
- tags: calico
- - role: network_plugin/flannel
- when: kube_network_plugin == 'flannel'
- tags: flannel
- - role: network_plugin/weave
- when: kube_network_plugin == 'weave'
- tags: weave
- - role: network_plugin/canal
- when: kube_network_plugin == 'canal'
- tags: canal
- - role: network_plugin/cloud
- when: kube_network_plugin == 'cloud'
+ - role: network_plugin/calico
+ when: kube_network_plugin == 'calico'
+ tags: calico
+ - role: network_plugin/flannel
+ when: kube_network_plugin == 'flannel'
+ tags: flannel
+ - role: network_plugin/weave
+ when: kube_network_plugin == 'weave'
+ tags: weave
+ - role: network_plugin/canal
+ when: kube_network_plugin == 'canal'
+ tags: canal
+ - role: network_plugin/cloud
+ when: kube_network_plugin == 'cloud'
diff --git a/roles/network_plugin/weave/tasks/pre-upgrade.yml b/roles/network_plugin/weave/tasks/pre-upgrade.yml
index 0b10a7551..bcf3c2af2 100644
--- a/roles/network_plugin/weave/tasks/pre-upgrade.yml
+++ b/roles/network_plugin/weave/tasks/pre-upgrade.yml
@@ -1,3 +1,4 @@
+---
- name: Weave pre-upgrade | Stop legacy weave
command: weave stop
failed_when: false
diff --git a/roles/rkt/tasks/install.yml b/roles/rkt/tasks/install.yml
index 76719eebb..0cc8f8898 100644
--- a/roles/rkt/tasks/install.yml
+++ b/roles/rkt/tasks/install.yml
@@ -3,14 +3,14 @@
include_vars: "{{ item }}"
with_first_found:
- files:
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
- - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
- - "{{ ansible_distribution|lower }}.yml"
- - "{{ ansible_os_family|lower }}.yml"
- - defaults.yml
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
+ - "{{ ansible_distribution|lower }}.yml"
+ - "{{ ansible_os_family|lower }}.yml"
+ - defaults.yml
paths:
- - ../vars
+ - ../vars
skip: true
tags: facts
diff --git a/roles/upgrade/post-upgrade/tasks/main.yml b/roles/upgrade/post-upgrade/tasks/main.yml
index e7efa0601..ec6fdcf90 100644
--- a/roles/upgrade/post-upgrade/tasks/main.yml
+++ b/roles/upgrade/post-upgrade/tasks/main.yml
@@ -1,7 +1,5 @@
---
-
- name: Uncordon node
command: "{{ bin_dir }}/kubectl uncordon {{ inventory_hostname }}"
delegate_to: "{{ groups['kube-master'][0] }}"
when: (needs_cordoning|default(false)) and ( {%- if inventory_hostname in groups['kube-node'] -%} true {%- else -%} false {%- endif -%} )
-
diff --git a/roles/upgrade/pre-upgrade/defaults/main.yml b/roles/upgrade/pre-upgrade/defaults/main.yml
index c87b7e9ea..89334f87c 100644
--- a/roles/upgrade/pre-upgrade/defaults/main.yml
+++ b/roles/upgrade/pre-upgrade/defaults/main.yml
@@ -1,3 +1,3 @@
+---
drain_grace_period: 90
drain_timeout: 120s
-
diff --git a/roles/vault/defaults/main.yml b/roles/vault/defaults/main.yml
index 7e14374bf..47bb39d44 100644
--- a/roles/vault/defaults/main.yml
+++ b/roles/vault/defaults/main.yml
@@ -63,7 +63,7 @@ vault_needs_gen: false
vault_port: 8200
# Although "cert" is an option, ansible has no way to auth via cert until
# upstream merges: https://github.com/ansible/ansible/pull/18141
-vault_role_auth_method: userpass
+vault_role_auth_method: userpass
vault_roles:
- name: etcd
group: etcd
diff --git a/roles/vault/tasks/bootstrap/create_etcd_role.yml b/roles/vault/tasks/bootstrap/create_etcd_role.yml
index 57518f944..5e0b88a39 100644
--- a/roles/vault/tasks/bootstrap/create_etcd_role.yml
+++ b/roles/vault/tasks/bootstrap/create_etcd_role.yml
@@ -1,8 +1,7 @@
---
-
- include: ../shared/create_role.yml
vars:
- create_role_name: "{{ item.name }}"
+ create_role_name: "{{ item.name }}"
create_role_group: "{{ item.group }}"
create_role_policy_rules: "{{ item.policy_rules }}"
create_role_options: "{{ item.role_options }}"
diff --git a/roles/vault/tasks/bootstrap/start_vault_temp.yml b/roles/vault/tasks/bootstrap/start_vault_temp.yml
index 4a5e6bc5e..49585a5d9 100644
--- a/roles/vault/tasks/bootstrap/start_vault_temp.yml
+++ b/roles/vault/tasks/bootstrap/start_vault_temp.yml
@@ -1,5 +1,4 @@
---
-
- name: bootstrap/start_vault_temp | Ensure vault-temp isn't already running
shell: if docker rm -f {{ vault_temp_container_name }} 2>&1 1>/dev/null;then echo true;else echo false;fi
register: vault_temp_stop_check
@@ -13,7 +12,7 @@
-v /etc/vault:/etc/vault
{{ vault_image_repo }}:{{ vault_version }} server
-#FIXME(mattymo): Crashes on first start with aufs docker storage. See hashicorp/docker-vault#19
+# FIXME(mattymo): Crashes on first start with aufs docker storage. See hashicorp/docker-vault#19
- name: bootstrap/start_vault_temp | Start again single node Vault with file backend
command: docker start {{ vault_temp_container_name }}
diff --git a/roles/vault/tasks/bootstrap/sync_vault_certs.yml b/roles/vault/tasks/bootstrap/sync_vault_certs.yml
index ab088753f..9e6eff05c 100644
--- a/roles/vault/tasks/bootstrap/sync_vault_certs.yml
+++ b/roles/vault/tasks/bootstrap/sync_vault_certs.yml
@@ -1,5 +1,4 @@
---
-
- include: ../shared/sync_file.yml
vars:
sync_file: "ca.pem"
@@ -29,4 +28,3 @@
- name: bootstrap/sync_vault_certs | Unset sync_file_results after api.pem sync
set_fact:
sync_file_results: []
-
diff --git a/roles/vault/tasks/cluster/main.yml b/roles/vault/tasks/cluster/main.yml
index db97dd078..c21fd0d73 100644
--- a/roles/vault/tasks/cluster/main.yml
+++ b/roles/vault/tasks/cluster/main.yml
@@ -1,5 +1,4 @@
---
-
- include: ../shared/check_vault.yml
when: inventory_hostname in groups.vault
@@ -26,7 +25,7 @@
- include: ../shared/find_leader.yml
when: inventory_hostname in groups.vault
-- include: ../shared/pki_mount.yml
+- include: ../shared/pki_mount.yml
when: inventory_hostname == groups.vault|first
- include: ../shared/config_ca.yml
diff --git a/roles/vault/tasks/shared/auth_backend.yml b/roles/vault/tasks/shared/auth_backend.yml
index ad5b191c9..82a4c94fb 100644
--- a/roles/vault/tasks/shared/auth_backend.yml
+++ b/roles/vault/tasks/shared/auth_backend.yml
@@ -1,11 +1,10 @@
---
-
- name: shared/auth_backend | Test if the auth backend exists
uri:
url: "{{ vault_leader_url }}/v1/sys/auth/{{ auth_backend_path }}/tune"
headers: "{{ vault_headers }}"
validate_certs: false
- ignore_errors: true
+ ignore_errors: true
register: vault_auth_backend_check
- name: shared/auth_backend | Add the cert auth backend if needed
diff --git a/roles/vault/tasks/shared/check_vault.yml b/roles/vault/tasks/shared/check_vault.yml
index 257843d95..83328768a 100644
--- a/roles/vault/tasks/shared/check_vault.yml
+++ b/roles/vault/tasks/shared/check_vault.yml
@@ -1,5 +1,4 @@
---
-
# Stop temporary Vault if it's running (can linger if playbook fails out)
- name: stop vault-temp container
shell: docker stop {{ vault_temp_container_name }} || rkt stop {{ vault_temp_container_name }}
@@ -22,8 +21,8 @@
vault_is_running: "{{ vault_local_service_health|succeeded }}"
vault_is_initialized: "{{ vault_local_service_health.get('json', {}).get('initialized', false) }}"
vault_is_sealed: "{{ vault_local_service_health.get('json', {}).get('sealed', true) }}"
- #vault_in_standby: "{{ vault_local_service_health.get('json', {}).get('standby', true) }}"
- #vault_run_version: "{{ vault_local_service_health.get('json', {}).get('version', '') }}"
+ # vault_in_standby: "{{ vault_local_service_health.get('json', {}).get('standby', true) }}"
+ # vault_run_version: "{{ vault_local_service_health.get('json', {}).get('version', '') }}"
- name: check_vault | Set fact about the Vault cluster's initialization state
set_fact:
diff --git a/roles/vault/tasks/shared/find_leader.yml b/roles/vault/tasks/shared/find_leader.yml
index 1aaa8513e..3afee482d 100644
--- a/roles/vault/tasks/shared/find_leader.yml
+++ b/roles/vault/tasks/shared/find_leader.yml
@@ -15,7 +15,7 @@
vault_leader_url: "{{ vault_config.listener.tcp.tls_disable|d()|ternary('http', 'https') }}://{{ item }}:{{ vault_port }}"
with_items: "{{ groups.vault }}"
when: "hostvars[item]['vault_leader_check'].get('status') in [200,503]"
- #run_once: true
+ # run_once: true
- name: find_leader| show vault_leader_url
debug: var=vault_leader_url verbosity=2
diff --git a/roles/vault/tasks/shared/gen_userpass.yml b/roles/vault/tasks/shared/gen_userpass.yml
index ab3d171b8..4ef301171 100644
--- a/roles/vault/tasks/shared/gen_userpass.yml
+++ b/roles/vault/tasks/shared/gen_userpass.yml
@@ -22,7 +22,7 @@
- name: shared/gen_userpass | Copy credentials to all hosts in the group
copy:
content: >
- {{
+ {{
{'username': gen_userpass_username,
'password': gen_userpass_password} | to_nice_json(indent=4)
}}
diff --git a/roles/vault/tasks/shared/issue_cert.yml b/roles/vault/tasks/shared/issue_cert.yml
index 4854e8b9e..3b6b6d315 100644
--- a/roles/vault/tasks/shared/issue_cert.yml
+++ b/roles/vault/tasks/shared/issue_cert.yml
@@ -26,7 +26,7 @@
- name: issue_cert | Ensure target directory exists
file:
- path: "{{ issue_cert_path | dirname }}"
+ path: "{{ issue_cert_path | dirname }}"
state: directory
group: "{{ issue_cert_file_group | d('root' )}}"
mode: "{{ issue_cert_dir_mode | d('0755') }}"
diff --git a/tests/requirements.txt b/tests/requirements.txt
new file mode 100644
index 000000000..77b7f5868
--- /dev/null
+++ b/tests/requirements.txt
@@ -0,0 +1,5 @@
+-r ../requirements.txt
+yamllint
+apache-libcloud==0.20.1
+boto==2.9.0
+tox
--
GitLab