diff --git a/.github/actions/molecule-test/action.yml b/.github/actions/molecule-test/action.yml index 3056c34e..e858e3c9 100644 --- a/.github/actions/molecule-test/action.yml +++ b/.github/actions/molecule-test/action.yml @@ -7,12 +7,10 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - name: Molecule execution inputs: tox-env: description: 'Python TOX environment' - runs: using: "composite" steps: diff --git a/.github/actions/vagrant-setup/action.yml b/.github/actions/vagrant-setup/action.yml index 21d6e825..a1379469 100644 --- a/.github/actions/vagrant-setup/action.yml +++ b/.github/actions/vagrant-setup/action.yml @@ -7,9 +7,7 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - name: Vagrant setup - runs: using: "composite" steps: diff --git a/.github/actions/vagrant-up/action.yml b/.github/actions/vagrant-up/action.yml index b3bb8972..e4ad3026 100644 --- a/.github/actions/vagrant-up/action.yml +++ b/.github/actions/vagrant-up/action.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - name: Vagrant up inputs: debug: @@ -79,7 +78,6 @@ inputs: run-benchmarks: description: 'Run K6 and iperf networking benchmark tools' default: false - runs: using: "composite" steps: diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 351ef4a1..faf09527 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - version: 2 updates: - package-ecosystem: "github-actions" diff --git a/.github/labeler.yml b/.github/labeler.yml index 30cae1c2..6c73d9cc 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -7,19 +7,14 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - documentation: - docs/* - "*.md" - tests: - tests/* - ci: - .github/* - all-in-one: - aio.sh - addons: - playbooks/* diff --git a/.github/workflows/diagram.yml b/.github/workflows/diagram.yml index 0598604f..036d2b55 100644 --- a/.github/workflows/diagram.yml +++ b/.github/workflows/diagram.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - name: Documentation and diagram generation # yamllint disable-line rule:truthy on: @@ -16,7 +15,6 @@ on: - codebase-structure.svg - .github/ workflow_dispatch: - jobs: check-diagram: name: Update the codebase structure diagram diff --git a/.github/workflows/distros.yml b/.github/workflows/distros.yml index d0c687cd..6c88f2e1 100644 --- a/.github/workflows/distros.yml +++ b/.github/workflows/distros.yml @@ -7,14 +7,12 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - name: Scheduled Latest Vagrant Boxes verification # yamllint disable-line rule:truthy on: schedule: - cron: '0 0 1 * *' workflow_dispatch: - jobs: check-versions: permissions: diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 65599398..a8cc4768 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -7,13 +7,11 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - name: Lint Code Base # yamllint disable-line rule:truthy on: push: pull_request: - jobs: check-broken-links: name: Check documentation external links diff --git a/.github/workflows/on-demand_ci.yml b/.github/workflows/on-demand_ci.yml index 13d52be6..de94914b 100644 --- a/.github/workflows/on-demand_ci.yml +++ b/.github/workflows/on-demand_ci.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - name: Integration tests # yamllint disable-line rule:truthy on: @@ -24,7 +23,6 @@ on: pull_request_review: types: - submitted - jobs: check-ci: name: Check Integration tests in an Ubuntu Focal Virtual Machines @@ -32,8 +30,7 @@ jobs: ( github.event_name == 'pull_request_review' && github.event.review.state == 'approved' - ) || - github.event_name != 'pull_request_review' + ) || github.event_name != 'pull_request_review' runs-on: macos-12 strategy: fail-fast: false @@ -77,8 +74,7 @@ jobs: ( github.event_name == 'pull_request_review' && github.event.review.state == 'approved' - ) || - github.event_name != 'pull_request_review' + ) || github.event_name != 'pull_request_review' outputs: scripts: ${{ steps.filter.outputs.scripts }} steps: diff --git a/.github/workflows/on-demand_corner.yml b/.github/workflows/on-demand_corner.yml index a3934c1a..93b7d339 100644 --- a/.github/workflows/on-demand_corner.yml +++ b/.github/workflows/on-demand_corner.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - name: Check Corner cases # yamllint disable-line rule:truthy on: @@ -24,7 +23,6 @@ on: pull_request_review: types: - submitted - jobs: check-corner-cases: name: Check K8s Plugins installation methods in an Ubuntu Bionic All-in-One setup @@ -32,8 +30,7 @@ jobs: ( github.event_name == 'pull_request_review' && github.event.review.state == 'approved' - ) || - github.event_name != 'pull_request_review' + ) || github.event_name != 'pull_request_review' runs-on: macos-12 strategy: fail-fast: false diff --git a/.github/workflows/on-demand_molecule.yml b/.github/workflows/on-demand_molecule.yml index 15fc6cb8..f6c25e08 100644 --- a/.github/workflows/on-demand_molecule.yml +++ b/.github/workflows/on-demand_molecule.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - name: Check All Molecule tests # yamllint disable-line rule:truthy on: @@ -19,7 +18,6 @@ on: pull_request_review: types: - submitted - jobs: bootstrap: name: Pull python dependencies @@ -46,8 +44,7 @@ jobs: ( github.event_name == 'pull_request_review' && github.event.review.state == 'approved' - ) || - github.event_name != 'pull_request_review' + ) || github.event_name != 'pull_request_review' needs: bootstrap outputs: environments: ${{ steps.filter.outputs.changes }} diff --git a/.github/workflows/on-demand_multus.yml b/.github/workflows/on-demand_multus.yml index f36fedd1..e9df2a67 100644 --- a/.github/workflows/on-demand_multus.yml +++ b/.github/workflows/on-demand_multus.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - name: Check Multus CNI # yamllint disable-line rule:truthy on: @@ -24,7 +23,6 @@ on: pull_request_review: types: - submitted - jobs: check-multus: name: Check Multus CNI in an Ubuntu Focal All-in-One setup @@ -32,8 +30,7 @@ jobs: ( github.event_name == 'pull_request_review' && github.event.review.state == 'approved' - ) || - github.event_name != 'pull_request_review' + ) || github.event_name != 'pull_request_review' runs-on: ubuntu-20.04 env: KRD_DEBUG: true diff --git a/.github/workflows/on-demand_virtlet.yml b/.github/workflows/on-demand_virtlet.yml index 0745caae..de37d3f7 100644 --- a/.github/workflows/on-demand_virtlet.yml +++ b/.github/workflows/on-demand_virtlet.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - name: Check Virtlet service # yamllint disable-line rule:truthy on: @@ -19,7 +18,6 @@ on: pull_request_review: types: - submitted - jobs: check-virtlet: name: Check Mirantis Virtlet solution in an Ubuntu Bionic All-in-One setup @@ -27,8 +25,7 @@ jobs: ( github.event_name == 'pull_request_review' && github.event.review.state == 'approved' - ) || - github.event_name != 'pull_request_review' + ) || github.event_name != 'pull_request_review' runs-on: macos-12 steps: - uses: actions/checkout@v4.1.1 diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml index 00ef3b36..7ebf44ff 100644 --- a/.github/workflows/rebase.yml +++ b/.github/workflows/rebase.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - name: Automatic Rebase # yamllint disable-line rule:truthy on: diff --git a/.github/workflows/scheduled_ci.yml b/.github/workflows/scheduled_ci.yml index 16a70e76..f2256236 100644 --- a/.github/workflows/scheduled_ci.yml +++ b/.github/workflows/scheduled_ci.yml @@ -7,14 +7,12 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - name: Scheduled Kubernetes Dashboard + Metrics Server verification # yamllint disable-line rule:truthy on: schedule: - cron: '0 0 * * 5' workflow_dispatch: - jobs: check-dashboard-and-metrics: name: Check All-in-One setup in a Ubuntu Focal virtual environment diff --git a/.github/workflows/scheduled_distros.yml b/.github/workflows/scheduled_distros.yml index abb0df76..dfd27bf0 100644 --- a/.github/workflows/scheduled_distros.yml +++ b/.github/workflows/scheduled_distros.yml @@ -7,14 +7,12 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - name: Scheduled All Linux Distros Supported verification # yamllint disable-line rule:truthy on: schedule: - cron: '0 0 * * 1' workflow_dispatch: - jobs: generate-json-matrix: runs-on: ubuntu-latest diff --git a/.github/workflows/spell.yml b/.github/workflows/spell.yml index def38133..3218d744 100644 --- a/.github/workflows/spell.yml +++ b/.github/workflows/spell.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - name: Run misspell # yamllint disable-line rule:truthy on: @@ -18,7 +17,6 @@ on: pull_request_review: types: - submitted - jobs: check-reviewdog: name: Check spelling (reviewdog) diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml index 357cbea2..19cc6414 100644 --- a/.github/workflows/triage.yml +++ b/.github/workflows/triage.yml @@ -7,11 +7,9 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - name: Triage # yamllint disable-line rule:truthy on: [pull_request] - jobs: assign-label: runs-on: ubuntu-latest diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index c8697eca..bb87b778 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -7,14 +7,12 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - name: Scheduled Versions and Dictionary verification # yamllint disable-line rule:truthy on: schedule: - cron: '0 0 * * *' workflow_dispatch: - jobs: check-versions: permissions: diff --git a/.rubocop.yml b/.rubocop.yml index 96d01e6c..b355cb38 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - AllCops: NewCops: enable Metrics/BlockLength: diff --git a/.spellcheck.yml b/.spellcheck.yml index 58b362d0..77dba739 100644 --- a/.spellcheck.yml +++ b/.spellcheck.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - matrix: - name: markdown dictionary: diff --git a/.yaml-lint.yml b/.yaml-lint.yml index 338c7e24..e704f26f 100644 --- a/.yaml-lint.yml +++ b/.yaml-lint.yml @@ -7,15 +7,11 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - extends: default - yaml-files: - '*.yml' - ignore: | .tox/ *.yaml - rules: line-length: disable diff --git a/.yamlfmt b/.yamlfmt new file mode 100644 index 00000000..f336279a --- /dev/null +++ b/.yamlfmt @@ -0,0 +1,13 @@ +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2020 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +formatter: + type: basic + include_document_start: true + pad_line_comments: 2 + max_line_length: 160 diff --git a/Makefile b/Makefile index aa2fd74e..192fe43b 100644 --- a/Makefile +++ b/Makefile @@ -25,3 +25,5 @@ fmt: sudo -E $(DOCKER_CMD) run --rm -u "$$(id -u):$$(id -g)" \ -v "$$(pwd):/mnt" -v /mnt/spec -v /mnt/playbooks/roles/pmem/files/ \ -w /mnt mvdan/shfmt -l -w -i 4 -s . + command -v yamlfmt > /dev/null || curl -s "https://i.jpillora.com/google/yamlfmt!!" | bash + yamlfmt -dstar **/*.{yaml,yml} diff --git a/build/ci/linter-task.yml b/build/ci/linter-task.yml index 703cdc03..ce675097 100644 --- a/build/ci/linter-task.yml +++ b/build/ci/linter-task.yml @@ -11,26 +11,20 @@ # the following vars must be specified: # # # # ((linter_tool)) the linter tool to be used (tox,shellcheck,hadolint,golangci-lint) - platform: linux - image_resource: type: docker-image source: repository: electrocucaracha/linter tag: 0.0.7 - inputs: - name: src - caches: - path: .tox/lint - params: RELENG_LINTER_TOOL: ((.:linter_tool)) TOXENV: lint DEBUG: true - run: dir: src path: /usr/local/bin/linter.sh diff --git a/config/default.yml b/config/default.yml index bda79ed9..e83b3ade 100644 --- a/config/default.yml +++ b/config/default.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: "controller01" os: name: centos diff --git a/distros_supported.yml b/distros_supported.yml index bb3e680a..5e278e0a 100644 --- a/distros_supported.yml +++ b/distros_supported.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - centos: 7: name: generic/centos7 diff --git a/galaxy-requirements.yml b/galaxy-requirements.yml index ce8f66aa..1812a838 100644 --- a/galaxy-requirements.yml +++ b/galaxy-requirements.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - roles: - name: geerlingguy.docker version: 6.2.0 @@ -19,7 +18,6 @@ roles: version: v1.2.6 - name: andrewrothstein.kubectl version: v1.2.12 - collections: - name: kubernetes.core version: 2.4.0 diff --git a/helm/falco/custom-rules.yml b/helm/falco/custom-rules.yml index 48099567..f5004811 100644 --- a/helm/falco/custom-rules.yml +++ b/helm/falco/custom-rules.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - customRules: k8s_audit_rules.yaml: |- - required_engine_version: 2 diff --git a/helm/kube-ovn/grafana.yml b/helm/kube-ovn/grafana.yml index dd4513ae..c6ce8076 100644 --- a/helm/kube-ovn/grafana.yml +++ b/helm/kube-ovn/grafana.yml @@ -7,13 +7,10 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - persistence: enabled: false - service: type: NodePort nodePort: 30086 - adminUser: admin adminPassword: secret diff --git a/playbooks/configure-addons.yml b/playbooks/configure-addons.yml index b2985ae4..862dadee 100644 --- a/playbooks/configure-addons.yml +++ b/playbooks/configure-addons.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Install SR-IOV Network CNI hosts: localhost tags: @@ -24,7 +23,6 @@ name: kubernetes==27.2.0 roles: - sriov_cni - - name: Install SR-IOV Network Device Plugin hosts: localhost tags: @@ -41,7 +39,6 @@ name: kubernetes==27.2.0 roles: - sriov_plugin - - name: Install Node Feature Discovery add-on hosts: localhost tags: nfd @@ -56,7 +53,6 @@ name: kubernetes==27.2.0 roles: - nfd - - name: Label worker nodes with pmem devices hosts: all gather_facts: true @@ -83,7 +79,6 @@ labels: storage: pmem when: pmem_dev_check.stat.exists - - name: Install Persistent Memory add-on hosts: localhost pre_tasks: @@ -102,7 +97,6 @@ roles: - role: andrewrothstein.gcc-toolbox - pmem - - name: Install QuickAssist drivers hosts: qat-node become: true @@ -117,7 +111,6 @@ - role: geerlingguy.repo-epel when: ansible_os_family == 'RedHat' - qat_driver - - name: Build intel-qat-plugin in kerneldrv mode vars: qat_plugin_repo_folder: /tmp/intel-device-plugins-for-kubernetes @@ -188,7 +181,6 @@ pull: true name: intel/intel-qat-plugin tag: "{{ qat_plugin_version }}" - - name: Install QuickAssist Plugin hosts: localhost tags: diff --git a/playbooks/configure-criu.yml b/playbooks/configure-criu.yml index d279fc11..71edc007 100644 --- a/playbooks/configure-criu.yml +++ b/playbooks/configure-criu.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Configure CRIU hosts hosts: criu roles: @@ -67,4 +66,5 @@ ansible.builtin.service: name: docker state: restarted + # TODO: Disable seccomp diff --git a/playbooks/configure-virtlet.yml b/playbooks/configure-virtlet.yml index 68a9b92b..e99702eb 100644 --- a/playbooks/configure-virtlet.yml +++ b/playbooks/configure-virtlet.yml @@ -7,13 +7,11 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Install virtlet hosts: localhost tags: virtlet roles: - virtlet - - name: Install virtlet hosts: kube-node tags: virtlet diff --git a/playbooks/krd-vars.yml b/playbooks/krd-vars.yml index a84e304b..d1f7aa4d 100644 --- a/playbooks/krd-vars.yml +++ b/playbooks/krd-vars.yml @@ -7,14 +7,12 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - go_version: 1.15.3 kubespray_version: v2.22.1 istio_version: 1.18.2 cfssl_version: 1.6.4 sonobuoy_version: 0.56.16 mitogen_version: 0.2.10 - # Knative versions kn_version: knative-v1.11.0 knative_serving_version: knative-v1.11.0 @@ -23,7 +21,6 @@ knative_eventing_version: v0.38.0 net_kourier_version: knative-v1.11.1 net_istio_version: vknative-v1.11.0 net_certmanager_version: vknative-v1.11.0 - octant_version: 0.25.1 kube-ovn_version: v1.12.0 prometheus-operator_version: v0.67.1 @@ -31,6 +28,5 @@ kubevirt_version: v1.0.0 virtink_version: v0.15.0 kubesphere_version: v3.4.0 metallb_version: v0.13.10 - qat_plugin_mode: "{{ lookup('env', 'KRD_QAT_PLUGIN_MODE') | default('dpdk') }}" qat_plugin_version: "0.15.0" diff --git a/playbooks/roles/criproxy/defaults/main.yml b/playbooks/roles/criproxy/defaults/main.yml index c438158f..17dd0fe9 100644 --- a/playbooks/roles/criproxy/defaults/main.yml +++ b/playbooks/roles/criproxy/defaults/main.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - criproxy_dest: "/tmp/criproxy" criproxy_version: 0.14.0 criproxy_url: "https://github.com/Mirantis/criproxy/releases/download/v{{ criproxy_version }}/criproxy" diff --git a/playbooks/roles/criproxy/handlers/main.yml b/playbooks/roles/criproxy/handlers/main.yml index ce0896b0..074067d8 100644 --- a/playbooks/roles/criproxy/handlers/main.yml +++ b/playbooks/roles/criproxy/handlers/main.yml @@ -7,13 +7,11 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Restart kubelet service ansible.builtin.systemd: state: restarted daemon_reload: true name: kubelet - - name: Restart criproxy service ansible.builtin.systemd: state: restarted diff --git a/playbooks/roles/criproxy/molecule/default/converge.yml b/playbooks/roles/criproxy/molecule/default/converge.yml index 5fb0e215..bd027d2c 100644 --- a/playbooks/roles/criproxy/molecule/default/converge.yml +++ b/playbooks/roles/criproxy/molecule/default/converge.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Converge hosts: all tasks: diff --git a/playbooks/roles/criproxy/molecule/default/molecule.yml b/playbooks/roles/criproxy/molecule/default/molecule.yml index fbaa3c58..9f9d6032 100644 --- a/playbooks/roles/criproxy/molecule/default/molecule.yml +++ b/playbooks/roles/criproxy/molecule/default/molecule.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - dependency: name: galaxy options: diff --git a/playbooks/roles/criproxy/tasks/main.yml b/playbooks/roles/criproxy/tasks/main.yml index 3538cf70..f6398945 100644 --- a/playbooks/roles/criproxy/tasks/main.yml +++ b/playbooks/roles/criproxy/tasks/main.yml @@ -7,10 +7,8 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Get service status ansible.builtin.service_facts: - - name: Disable AppArmor in all nodes become: true ansible.builtin.service: @@ -20,23 +18,19 @@ when: - ansible_os_family == "Debian" - ansible_facts.services["apparmor.service"] is defined - - name: Disable SELinux in all nodes selinux: # noqa fqcn state: disabled when: - ansible_os_family == "RedHat" - ansible_facts.services["selinux.service"] is defined - - name: Check that kubelet env file exists ansible.builtin.stat: path: /etc/kubernetes/kubelet.env register: criproxy_kubelet_env - - name: Print kubelet_env_stat value ansible.builtin.debug: var: criproxy_kubelet_env - - name: Create dockershim service become: true when: @@ -79,48 +73,40 @@ path: "{{ criproxy_cri_socket_path }}" delay: 5 timeout: 600 - - name: Create CRIProxy binary folder ansible.builtin.file: mode: '0755' state: directory path: "{{ criproxy_dest }}" - - name: Check that criproxy binary exists ansible.builtin.stat: path: "{{ criproxy_dest }}/criproxy" register: criproxy_stat - - name: Print criproxy_stat value ansible.builtin.debug: var: criproxy_stat - - name: Download CRIproxy package ansible.builtin.get_url: url: "{{ criproxy_url }}" dest: "{{ criproxy_dest }}/criproxy" mode: '0755' when: not criproxy_stat.stat.exists - - name: Set criproxy execution permissions ansible.builtin.file: path: "{{ criproxy_dest }}/criproxy" mode: "+x" - - name: Recreate criproxy service become: true ansible.builtin.template: mode: preserve src: criproxy.service.j2 dest: /etc/systemd/system/criproxy.service - - name: Start criproxy service become: true ansible.builtin.service: name: criproxy state: started enabled: true - - name: Modify args for kubelet service become: true ansible.builtin.lineinfile: diff --git a/playbooks/roles/criu/molecule/default/converge.yml b/playbooks/roles/criu/molecule/default/converge.yml index fdb568b4..2179ea5f 100644 --- a/playbooks/roles/criu/molecule/default/converge.yml +++ b/playbooks/roles/criu/molecule/default/converge.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Converge hosts: all tasks: diff --git a/playbooks/roles/criu/molecule/default/molecule.yml b/playbooks/roles/criu/molecule/default/molecule.yml index bb49698d..b0ca5bd8 100644 --- a/playbooks/roles/criu/molecule/default/molecule.yml +++ b/playbooks/roles/criu/molecule/default/molecule.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - dependency: name: galaxy options: diff --git a/playbooks/roles/criu/molecule/default/prepare.yml b/playbooks/roles/criu/molecule/default/prepare.yml index 80466725..ecadb5ba 100644 --- a/playbooks/roles/criu/molecule/default/prepare.yml +++ b/playbooks/roles/criu/molecule/default/prepare.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Boostrap servers hosts: all roles: diff --git a/playbooks/roles/criu/tasks/main.yml b/playbooks/roles/criu/tasks/main.yml index b2f7b61c..4275ee15 100644 --- a/playbooks/roles/criu/tasks/main.yml +++ b/playbooks/roles/criu/tasks/main.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Add ubuntu repo ansible.builtin.apt_repository: repo: ppa:criu/ppa diff --git a/playbooks/roles/nfd/defaults/main.yml b/playbooks/roles/nfd/defaults/main.yml index ecd7ba77..4b6c04e3 100644 --- a/playbooks/roles/nfd/defaults/main.yml +++ b/playbooks/roles/nfd/defaults/main.yml @@ -7,6 +7,5 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - nfd_template_folder: "/tmp/nfd_k8s" nfd_version: v0.13.3 diff --git a/playbooks/roles/nfd/molecule/default/converge.yml b/playbooks/roles/nfd/molecule/default/converge.yml index 417d4167..3ad02c8d 100644 --- a/playbooks/roles/nfd/molecule/default/converge.yml +++ b/playbooks/roles/nfd/molecule/default/converge.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Converge hosts: all tasks: diff --git a/playbooks/roles/nfd/molecule/default/molecule.yml b/playbooks/roles/nfd/molecule/default/molecule.yml index d611b3e2..4b6903b4 100644 --- a/playbooks/roles/nfd/molecule/default/molecule.yml +++ b/playbooks/roles/nfd/molecule/default/molecule.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - dependency: name: galaxy options: diff --git a/playbooks/roles/nfd/tasks/main.yml b/playbooks/roles/nfd/tasks/main.yml index 9e69e8b7..972f327a 100644 --- a/playbooks/roles/nfd/tasks/main.yml +++ b/playbooks/roles/nfd/tasks/main.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Create NFD k8s resources based on templates kubernetes.core.k8s: state: present diff --git a/playbooks/roles/pmem/defaults/main.yml b/playbooks/roles/pmem/defaults/main.yml index 7885ffe9..fe9b7e49 100644 --- a/playbooks/roles/pmem/defaults/main.yml +++ b/playbooks/roles/pmem/defaults/main.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - pmem_template_folder: "/tmp/pmem_k8s" pmem_version: v1.1.0 pmem_driver_registrar_version: v2.8.0 diff --git a/playbooks/roles/pmem/files/pmem-storageclass-ext4.yaml b/playbooks/roles/pmem/files/pmem-storageclass-ext4.yaml index 1b1eeeee..9a20086b 100644 --- a/playbooks/roles/pmem/files/pmem-storageclass-ext4.yaml +++ b/playbooks/roles/pmem/files/pmem-storageclass-ext4.yaml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: diff --git a/playbooks/roles/pmem/files/pmem-storageclass-xfs.yaml b/playbooks/roles/pmem/files/pmem-storageclass-xfs.yaml index c826748b..968a5960 100644 --- a/playbooks/roles/pmem/files/pmem-storageclass-xfs.yaml +++ b/playbooks/roles/pmem/files/pmem-storageclass-xfs.yaml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: diff --git a/playbooks/roles/pmem/molecule/default/converge.yml b/playbooks/roles/pmem/molecule/default/converge.yml index a7097f6e..4cf69a5c 100644 --- a/playbooks/roles/pmem/molecule/default/converge.yml +++ b/playbooks/roles/pmem/molecule/default/converge.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Converge hosts: all tasks: diff --git a/playbooks/roles/pmem/molecule/default/molecule.yml b/playbooks/roles/pmem/molecule/default/molecule.yml index d55eea17..c495a0ee 100644 --- a/playbooks/roles/pmem/molecule/default/molecule.yml +++ b/playbooks/roles/pmem/molecule/default/molecule.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - dependency: name: galaxy options: diff --git a/playbooks/roles/pmem/molecule/default/prepare.yml b/playbooks/roles/pmem/molecule/default/prepare.yml index e162957f..b790f80b 100644 --- a/playbooks/roles/pmem/molecule/default/prepare.yml +++ b/playbooks/roles/pmem/molecule/default/prepare.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Boostrap servers hosts: all vars: diff --git a/playbooks/roles/pmem/tasks/bootstrap.yml b/playbooks/roles/pmem/tasks/bootstrap.yml index b4b9ae60..eb8478de 100644 --- a/playbooks/roles/pmem/tasks/bootstrap.yml +++ b/playbooks/roles/pmem/tasks/bootstrap.yml @@ -7,16 +7,13 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Check if binary exists ansible.builtin.stat: path: /usr/local/bin/{{ pmem_cfssl_binary }} register: pmem_cfssl_binary_location - - name: Print binary value ansible.builtin.debug: var: pmem_cfssl_binary_location - - name: Retrieve binary ansible.builtin.get_url: url: https://github.com/cloudflare/cfssl/releases/download/v{{ pmem_cfssl_version }}/{{ pmem_cfssl_binary }}_{{ pmem_cfssl_version }}_linux_amd64 diff --git a/playbooks/roles/pmem/tasks/main.yml b/playbooks/roles/pmem/tasks/main.yml index 5359ce42..cc9ef734 100644 --- a/playbooks/roles/pmem/tasks/main.yml +++ b/playbooks/roles/pmem/tasks/main.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Deploy cfssl binaries ansible.builtin.include_tasks: bootstrap.yml vars: @@ -15,13 +14,11 @@ with_items: - cfssl - cfssljson - - name: Ensure destination folder exists ansible.builtin.file: mode: '0755' state: directory path: "{{ pmem_template_folder }}" - - name: Copy shell scripts ansible.builtin.copy: src: "{{ item }}" @@ -31,35 +28,30 @@ - setup-ca-kubernetes - setup-ca - test-config - - name: Create a PMEM namespace kubernetes.core.k8s: name: "{{ pmem_namespace }}" api_version: v1 kind: Namespace state: present - - name: Get PMEM CSI node secret kubernetes.core.k8s_info: kind: Secret name: pmem-csi-intel-com-controller-secret namespace: "{{ pmem_namespace }}" register: pmem_node_secret - - name: Get PMEM CSI registry secret kubernetes.core.k8s_info: kind: Secret name: pmem-csi-intel-com-controller-secret namespace: "{{ pmem_namespace }}" register: pmem_registry_secret - - name: Print node and registry values ansible.builtin.debug: var: '{{ item }}_secret' with_items: - node - registry - - name: Create PMEM secrets become: true ansible.builtin.shell: 'PATH=$PATH:/usr/local/bin/ {{ pmem_template_folder }}/setup-ca-kubernetes.sh' @@ -71,12 +63,10 @@ - pmem_node_secret.resources | length == 0 - pmem_registry_secret.resources | length == 0 changed_when: true - - name: Create PMEM CSI for LVM driver kubernetes.core.k8s: state: present definition: "{{ lookup('template', 'pmem-csi-lvm.yaml.j2') }}" - - name: Create PMEM storage classes kubernetes.core.k8s: state: present diff --git a/playbooks/roles/qat_driver/defaults/main.yml b/playbooks/roles/qat_driver/defaults/main.yml index 62493320..ba216ae7 100644 --- a/playbooks/roles/qat_driver/defaults/main.yml +++ b/playbooks/roles/qat_driver/defaults/main.yml @@ -7,13 +7,11 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - qat_driver_version: 4.22.0 qat_driver_revision: "00001" qat_driver_dest: "/tmp/qat_driver" qat_driver_url: "https://downloadmirror.intel.com/780675/QAT.L.{{ qat_driver_version }}-{{ qat_driver_revision }}.tar.gz" qat_driver_plugin_mode: dpdk - # User process configuration qat_driver_shim: num_crypto_instances: 1 diff --git a/playbooks/roles/qat_driver/handlers/main.yml b/playbooks/roles/qat_driver/handlers/main.yml index 80405de2..85fde5e5 100644 --- a/playbooks/roles/qat_driver/handlers/main.yml +++ b/playbooks/roles/qat_driver/handlers/main.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Start qat_service service become: true ansible.builtin.service: diff --git a/playbooks/roles/qat_driver/molecule/default/converge.yml b/playbooks/roles/qat_driver/molecule/default/converge.yml index c871e156..14d544bc 100644 --- a/playbooks/roles/qat_driver/molecule/default/converge.yml +++ b/playbooks/roles/qat_driver/molecule/default/converge.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Converge hosts: all tasks: diff --git a/playbooks/roles/qat_driver/molecule/default/molecule.yml b/playbooks/roles/qat_driver/molecule/default/molecule.yml index 8d42f88d..01c3d494 100644 --- a/playbooks/roles/qat_driver/molecule/default/molecule.yml +++ b/playbooks/roles/qat_driver/molecule/default/molecule.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - dependency: name: galaxy options: diff --git a/playbooks/roles/qat_driver/tasks/bootstrap.yml b/playbooks/roles/qat_driver/tasks/bootstrap.yml index 4b304412..0830100a 100644 --- a/playbooks/roles/qat_driver/tasks/bootstrap.yml +++ b/playbooks/roles/qat_driver/tasks/bootstrap.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Install SuSE build tools become: true community.general.zypper: @@ -16,39 +15,33 @@ type: pattern update_cache: true when: ansible_os_family == 'Suse' - - name: Install RedHat build tools become: true ansible.builtin.yum: name: "@Development tools" state: present when: ansible_os_family == 'RedHat' - - name: Load distro variables ansible.builtin.include_vars: file: "{{ ansible_os_family }}.yml" - - name: Update apt packages become: true ansible.builtin.apt: update_cache: true cache_valid_time: 3600 when: ansible_os_family == 'Debian' - - name: Install qat compilation packages become: true ansible.builtin.package: name: "{{ item }}" state: present with_items: "{{ qat_driver_pkgs }}" - - name: Install Debian kernel development tools become: true ansible.builtin.package: name: "linux-headers-{{ ansible_kernel }}" state: present when: ansible_os_family == 'Debian' - - name: Install RedHat kernel development tools ansible.builtin.package: name: kernel-devel diff --git a/playbooks/roles/qat_driver/tasks/build.yml b/playbooks/roles/qat_driver/tasks/build.yml index 58a8b2f7..3abe80d9 100644 --- a/playbooks/roles/qat_driver/tasks/build.yml +++ b/playbooks/roles/qat_driver/tasks/build.yml @@ -7,13 +7,11 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Create qat folder ansible.builtin.file: mode: '0755' state: directory path: "{{ qat_driver_dest }}" - - name: Extract qat driver source code ansible.builtin.unarchive: mode: '0755' @@ -21,12 +19,10 @@ dest: "{{ qat_driver_dest }}" remote_src: true creates: "{{ qat_driver_dest }}/configure" - - name: Check if configure was executed ansible.builtin.stat: path: "{{ qat_driver_dest }}/config.log" register: qat_driver_configure_log - - name: Configure qat driver source code ansible.builtin.command: ./configure args: @@ -35,12 +31,10 @@ PATH: "{{ ansible_env.PATH }}:/usr/sbin" when: not qat_driver_configure_log.stat.exists changed_when: true - - name: Check if there is a adf_ctl binary ansible.builtin.stat: path: /usr/local/bin/adf_ctl register: qat_driver_adf_ctl - - name: Build qat driver become: true community.general.make: diff --git a/playbooks/roles/qat_driver/tasks/cleanup.yml b/playbooks/roles/qat_driver/tasks/cleanup.yml index 54c5bde6..353636cb 100644 --- a/playbooks/roles/qat_driver/tasks/cleanup.yml +++ b/playbooks/roles/qat_driver/tasks/cleanup.yml @@ -7,17 +7,14 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Get service status ansible.builtin.service_facts: - - name: Stop qat_service service become: true ansible.builtin.service: name: qat_service state: stopped when: ansible_facts.services["qat_service.service"] is defined - - name: Get intel_qat kernel module dependencies ansible.builtin.shell: | set -o pipefail @@ -27,18 +24,15 @@ register: qat_driver_deps changed_when: false failed_when: (qat_driver_deps.rc not in [0, 1]) - - name: Print intel_qat_deps value ansible.builtin.debug: var: qat_driver_deps - - name: Remove intel_qat kernel module dependencies become: true community.general.modprobe: name: "{{ item }}" state: absent loop: "{{ qat_driver_deps.stdout_lines }}" - - name: Remove kernel module become: true community.general.modprobe: diff --git a/playbooks/roles/qat_driver/tasks/main.yml b/playbooks/roles/qat_driver/tasks/main.yml index 0991789b..cc39cb00 100644 --- a/playbooks/roles/qat_driver/tasks/main.yml +++ b/playbooks/roles/qat_driver/tasks/main.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Get intel_qat version ansible.builtin.shell: | set -o pipefail @@ -16,23 +15,18 @@ executable: /bin/bash register: qat_driver_installed_version changed_when: false - - name: Print intel_qat_version value ansible.builtin.debug: var: qat_driver_installed_version - - name: Clean up ansible.builtin.include_tasks: cleanup.yml when: qat_driver_installed_version.stdout != qat_driver_version - - name: Bootstrap QAT drivers source code ansible.builtin.include_tasks: bootstrap.yml when: qat_driver_installed_version.stdout != qat_driver_version - - name: Build QAT drivers source code ansible.builtin.include_tasks: build.yml when: qat_driver_installed_version.stdout != qat_driver_version - - name: Create qat_service systemd wrapper become: true ansible.builtin.copy: @@ -42,15 +36,13 @@ when: ansible_os_family in ['ClearLinux', 'Suse'] notify: - Start qat_service service - - name: Configure number of processes per qat device when: qat_driver_plugin_mode == "kernel" block: - name: Get qat devices ansible.builtin.shell: > - set -o pipefail ; - /usr/local/bin/adf_ctl status | grep up | - awk '{print $4 substr($1, 4)}' | tr -d ',' + set -o pipefail ; /usr/local/bin/adf_ctl status | grep up | awk '{print $4 substr($1, 4)}' | tr -d ',' + args: executable: /bin/bash register: qat_driver_devices diff --git a/playbooks/roles/qat_plugin/defaults/main.yml b/playbooks/roles/qat_plugin/defaults/main.yml index d7a41111..d00924e2 100644 --- a/playbooks/roles/qat_plugin/defaults/main.yml +++ b/playbooks/roles/qat_plugin/defaults/main.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - qat_plugin_tmpl_dir: /tmp/qat_k8s qat_plugin_version: "0.17.0" qat_plugin_mode: dpdk diff --git a/playbooks/roles/qat_plugin/tasks/cleanup.yml b/playbooks/roles/qat_plugin/tasks/cleanup.yml index 0d359e5b..e0c6b20f 100644 --- a/playbooks/roles/qat_plugin/tasks/cleanup.yml +++ b/playbooks/roles/qat_plugin/tasks/cleanup.yml @@ -7,18 +7,14 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - - name: Remove the PyYAML package ansible.builtin.package: name: python3-yaml state: absent when: ansible_distribution == 'Ubuntu' - - name: Install kubernetes python package ansible.builtin.pip: name: kubernetes - - name: Delete qat plugin daemonset kubernetes.core.k8s: state: absent diff --git a/playbooks/roles/qat_plugin/tasks/main.yml b/playbooks/roles/qat_plugin/tasks/main.yml index 16a34874..a4b33e30 100644 --- a/playbooks/roles/qat_plugin/tasks/main.yml +++ b/playbooks/roles/qat_plugin/tasks/main.yml @@ -7,36 +7,30 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Clean up ansible.builtin.import_tasks: cleanup.yml - - name: Ensure destination folder exists ansible.builtin.file: mode: '0755' state: directory path: "{{ qat_plugin_tmpl_dir }}" - - name: Generate QAT DPDK k8s resources based on templates ansible.builtin.template: mode: preserve src: plugin.yaml.j2 dest: "{{ qat_plugin_tmpl_dir }}/plugin.yml" when: qat_plugin_mode == "dpdk" - - name: Generate QAT kernel k8s resources based on templates ansible.builtin.template: mode: preserve src: plugin_kernel_mode.yaml.j2 dest: "{{ qat_plugin_tmpl_dir }}/plugin.yml" when: qat_plugin_mode == "kernel" - - name: Get QAT configmap files ansible.builtin.copy: mode: preserve src: configmap.yaml dest: "{{ qat_plugin_tmpl_dir }}/configmap.yaml" - - name: Create QAT k8s resources kubernetes.core.k8s: state: present diff --git a/playbooks/roles/sriov_cni/defaults/main.yml b/playbooks/roles/sriov_cni/defaults/main.yml index 32b344fe..8320f974 100644 --- a/playbooks/roles/sriov_cni/defaults/main.yml +++ b/playbooks/roles/sriov_cni/defaults/main.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - sriov_cni_version: v2.6 sriov_cni_network_attachment_definitions: - name: sriov-net diff --git a/playbooks/roles/sriov_cni/files/net-attach-def.yml b/playbooks/roles/sriov_cni/files/net-attach-def.yml index 716390e5..6af369df 100644 --- a/playbooks/roles/sriov_cni/files/net-attach-def.yml +++ b/playbooks/roles/sriov_cni/files/net-attach-def.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -27,9 +26,8 @@ spec: storage: true schema: openAPIV3Schema: - description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing - Working Group to express the intent for attaching pods to one or more logical or physical - networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec' + description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing Working Group to express the intent for attaching pods to one + or more logical or physical networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec' type: object properties: spec: diff --git a/playbooks/roles/sriov_cni/molecule/default/converge.yml b/playbooks/roles/sriov_cni/molecule/default/converge.yml index 80594cf7..e283e9dd 100644 --- a/playbooks/roles/sriov_cni/molecule/default/converge.yml +++ b/playbooks/roles/sriov_cni/molecule/default/converge.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Converge hosts: all tasks: diff --git a/playbooks/roles/sriov_cni/molecule/default/molecule.yml b/playbooks/roles/sriov_cni/molecule/default/molecule.yml index d611b3e2..4b6903b4 100644 --- a/playbooks/roles/sriov_cni/molecule/default/molecule.yml +++ b/playbooks/roles/sriov_cni/molecule/default/molecule.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - dependency: name: galaxy options: diff --git a/playbooks/roles/sriov_cni/tasks/main.yml b/playbooks/roles/sriov_cni/tasks/main.yml index f699cefb..e3c2805e 100644 --- a/playbooks/roles/sriov_cni/tasks/main.yml +++ b/playbooks/roles/sriov_cni/tasks/main.yml @@ -7,13 +7,11 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Create CRD for Network Attachment Definition kubernetes.core.k8s: state: present definition: "{{ lookup('file', 'net-attach-def.yml') }}" namespace: kube-system - - name: Create SR-IOV k8s resources kubernetes.core.k8s: state: present diff --git a/playbooks/roles/sriov_plugin/defaults/main.yml b/playbooks/roles/sriov_plugin/defaults/main.yml index 46a13b9b..6a5c040c 100644 --- a/playbooks/roles/sriov_plugin/defaults/main.yml +++ b/playbooks/roles/sriov_plugin/defaults/main.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - sriov_plugin_version: v3.3.2 sriov_plugin_sriovdp_config: resourceList: diff --git a/playbooks/roles/sriov_plugin/molecule/default/converge.yml b/playbooks/roles/sriov_plugin/molecule/default/converge.yml index fb26b71f..10863b3f 100644 --- a/playbooks/roles/sriov_plugin/molecule/default/converge.yml +++ b/playbooks/roles/sriov_plugin/molecule/default/converge.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Converge hosts: all tasks: diff --git a/playbooks/roles/sriov_plugin/molecule/default/molecule.yml b/playbooks/roles/sriov_plugin/molecule/default/molecule.yml index d611b3e2..4b6903b4 100644 --- a/playbooks/roles/sriov_plugin/molecule/default/molecule.yml +++ b/playbooks/roles/sriov_plugin/molecule/default/molecule.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - dependency: name: galaxy options: diff --git a/playbooks/roles/sriov_plugin/tasks/main.yml b/playbooks/roles/sriov_plugin/tasks/main.yml index 144b1a6c..7b55c006 100644 --- a/playbooks/roles/sriov_plugin/tasks/main.yml +++ b/playbooks/roles/sriov_plugin/tasks/main.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Create SR-IOV k8s resources kubernetes.core.k8s: state: present diff --git a/playbooks/roles/virtlet/defaults/main.yml b/playbooks/roles/virtlet/defaults/main.yml index 4a96dd3d..61207ab8 100644 --- a/playbooks/roles/virtlet/defaults/main.yml +++ b/playbooks/roles/virtlet/defaults/main.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - virtlet_dest: "/tmp/virtlet" virtlet_version: 1.5.1 virtlet_url: "https://github.com/Mirantis/virtlet/releases/download/v{{ virtlet_version }}/virtletctl" diff --git a/playbooks/roles/virtlet/tasks/main.yml b/playbooks/roles/virtlet/tasks/main.yml index cbea10f4..4b9929a9 100644 --- a/playbooks/roles/virtlet/tasks/main.yml +++ b/playbooks/roles/virtlet/tasks/main.yml @@ -7,24 +7,20 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Apply virtlet extraRuntime label ansible.builtin.command: "/usr/local/bin/kubectl label node {{ item }} extraRuntime=virtlet --overwrite" with_inventory_hostnames: kube-node changed_when: false - - name: Create Virtlet binary folder ansible.builtin.file: mode: '0755' state: directory path: "{{ virtlet_dest }}" - - name: Generate image translations confimap file ansible.builtin.template: mode: preserve src: "images.yaml.j2" dest: "{{ virtlet_dest }}/images.yml" - - name: Get kubectl version ansible.builtin.shell: | set -o pipefail @@ -33,47 +29,42 @@ executable: /bin/bash register: virtlet_kubectl_version changed_when: false - - name: Print out kubectl client version ansible.builtin.debug: msg: "{{ virtlet_kubectl_version.stdout }}" - # NOTE: Deprecated kubectl --dry-run values(https://github.com/kubernetes/kubernetes/pull/105327) - name: Install image translations configmap ansible.builtin.shell: > set -o pipefail - /usr/local/bin/kubectl create configmap -n kube-system virtlet-image-translations - --from-file {{ virtlet_dest }}/images.yml --dry-run='client' -o yaml | /usr/local/bin/kubectl apply -f - + /usr/local/bin/kubectl create configmap -n kube-system virtlet-image-translations --from-file {{ virtlet_dest }}/images.yml --dry-run='client' -o yaml | /usr/local/bin/kubectl + apply -f - + args: executable: /bin/bash when: virtlet_kubectl_version.stdout is version('1.23', '>=') changed_when: true - - name: Install image translations configmap ansible.builtin.shell: > set -o pipefail - /usr/local/bin/kubectl create configmap -n kube-system virtlet-image-translations - --from-file {{ virtlet_dest }}/images.yml --dry-run -o yaml | /usr/local/bin/kubectl apply -f - + /usr/local/bin/kubectl create configmap -n kube-system virtlet-image-translations --from-file {{ virtlet_dest }}/images.yml --dry-run -o yaml | /usr/local/bin/kubectl + apply -f - + args: executable: /bin/bash when: virtlet_kubectl_version.stdout is version('1.23', '<') changed_when: true - - name: Download virtletctl ansible.builtin.command: curl -Ls -o {{ virtlet_dest }}/virtletctl {{ virtlet_url }} # noqa command-instead-of-module changed_when: false - - name: Set virtletctl execution permissions ansible.builtin.file: path: "{{ virtlet_dest }}/virtletctl" mode: "+x" - - name: Install virtletctl as kubectl plugin ansible.builtin.command: "mv {{ virtlet_dest }}/virtletctl /usr/local/bin/kubectl-virt" changed_when: false - - name: Create Virtlet k8s objects ansible.builtin.shell: | set -o pipefail @@ -81,7 +72,6 @@ args: executable: /bin/bash changed_when: false - - name: Wait for Virtlet daemonset ansible.builtin.shell: "/usr/local/bin/kubectl get ds virtlet -n=kube-system -o=jsonpath --template={.status.numberReady}" changed_when: false diff --git a/resources/checkov-job.yaml b/resources/checkov-job.yaml index b197ded4..f66a6e33 100644 --- a/resources/checkov-job.yaml +++ b/resources/checkov-job.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Namespace metadata: @@ -15,140 +16,140 @@ kind: ClusterRole metadata: name: checkov-view rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - persistentvolumeclaims - - pods - - replicationcontrollers - - replicationcontrollers/scale - - serviceaccounts - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - bindings - - events - - limitranges - - namespaces/status - - pods/log - - pods/status - - replicationcontrollers/status - - resourcequotas - - resourcequotas/status - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - apps - resources: - - controllerrevisions - - daemonsets - - deployments - - deployments/scale - - replicasets - - replicasets/scale - - statefulsets - - statefulsets/scale - verbs: - - get - - list - - watch -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - daemonsets - - deployments - - deployments/scale - - ingresses - - networkpolicies - - podsecuritypolicies - - replicasets - - replicasets/scale - - replicationcontrollers/scale - verbs: - - get - - list - - watch -- apiGroups: - - policy - resources: - - poddisruptionbudgets - - podsecuritypolicies - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - - networkpolicies - verbs: - - get - - list - - watch -- apiGroups: - - metrics.k8s.io - resources: - - pods - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - - roles - - clusterrolebindings - - clusterroles - verbs: - - get - - list - - watch + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - persistentvolumeclaims + - pods + - replicationcontrollers + - replicationcontrollers/scale + - serviceaccounts + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - bindings + - events + - limitranges + - namespaces/status + - pods/log + - pods/status + - replicationcontrollers/status + - resourcequotas + - resourcequotas/status + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - controllerrevisions + - daemonsets + - deployments + - deployments/scale + - replicasets + - replicasets/scale + - statefulsets + - statefulsets/scale + verbs: + - get + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - deployments/scale + - ingresses + - networkpolicies + - podsecuritypolicies + - replicasets + - replicasets/scale + - replicationcontrollers/scale + verbs: + - get + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + - podsecuritypolicies + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - get + - list + - watch + - apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + - clusterrolebindings + - clusterroles + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: checkov subjects: -- kind: ServiceAccount - name: checkov - namespace: checkov + - kind: ServiceAccount + name: checkov + namespace: checkov roleRef: kind: ClusterRole name: checkov-view @@ -195,4 +196,3 @@ spec: capabilities: drop: - ALL - diff --git a/resources/cockpit.yml b/resources/cockpit.yml index a0822cb6..907b998b 100644 --- a/resources/cockpit.yml +++ b/resources/cockpit.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - apiVersion: apps/v1 kind: Deployment metadata: diff --git a/resources/dashboard-ingress.yml b/resources/dashboard-ingress.yml index bdafb7e5..1d6dc390 100644 --- a/resources/dashboard-ingress.yml +++ b/resources/dashboard-ingress.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - apiVersion: networking.k8s.io/v1 kind: Ingress metadata: diff --git a/resources/demo_app.yml b/resources/demo_app.yml index 483feeda..4d152bc7 100644 --- a/resources/demo_app.yml +++ b/resources/demo_app.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - apiVersion: apps/v1 kind: Deployment metadata: diff --git a/resources/ingress-class.yml b/resources/ingress-class.yml index d305c0fc..108da814 100644 --- a/resources/ingress-class.yml +++ b/resources/ingress-class.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: diff --git a/resources/ingress-class_v1beta1.yml b/resources/ingress-class_v1beta1.yml index dede7e93..3b66adae 100644 --- a/resources/ingress-class_v1beta1.yml +++ b/resources/ingress-class_v1beta1.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - apiVersion: networking.k8s.io/v1beta1 kind: IngressClass metadata: diff --git a/resources/iperf.yml b/resources/iperf.yml index 6732dfe0..91921290 100644 --- a/resources/iperf.yml +++ b/resources/iperf.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - apiVersion: apps/v1 kind: Deployment metadata: diff --git a/resources/k6.yml b/resources/k6.yml index 25da870d..0f270c85 100644 --- a/resources/k6.yml +++ b/resources/k6.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - apiVersion: v1 kind: ConfigMap metadata: diff --git a/resources/storageclass.yml b/resources/storageclass.yml index bbe79582..16fcf9b1 100644 --- a/resources/storageclass.yml +++ b/resources/storageclass.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - apiVersion: ceph.rook.io/v1 kind: CephBlockPool metadata: diff --git a/rundeck/Deploy_Kubernetes.yaml b/rundeck/Deploy_Kubernetes.yaml index 4248a1f2..6359a4ae 100644 --- a/rundeck/Deploy_Kubernetes.yaml +++ b/rundeck/Deploy_Kubernetes.yaml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - name: Deploy Kubernetes nodefilters: filter: .* diff --git a/tests/configure-envoy.yml b/tests/configure-envoy.yml index b28fc962..558746ac 100644 --- a/tests/configure-envoy.yml +++ b/tests/configure-envoy.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - - hosts: kube-node vars: qat_envoy_dest: /tmp/kubernetes-qat-envoy diff --git a/tests/resources/gatekeeper/lb-constraint.yml b/tests/resources/gatekeeper/lb-constraint.yml index 99c35689..a4ac1793 100644 --- a/tests/resources/gatekeeper/lb-constraint.yml +++ b/tests/resources/gatekeeper/lb-constraint.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - apiVersion: constraints.gatekeeper.sh/v1beta1 kind: LoadBalancerConstraint metadata: diff --git a/tests/resources/gatekeeper/template.yml b/tests/resources/gatekeeper/template.yml index 893adefd..6907097a 100644 --- a/tests/resources/gatekeeper/template.yml +++ b/tests/resources/gatekeeper/template.yml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - apiVersion: templates.gatekeeper.sh/v1beta1 kind: ConstraintTemplate metadata: diff --git a/tests/resources/kubewarden/privileged-pod.yaml b/tests/resources/kubewarden/privileged-pod.yaml index 98546fbd..e4c719e2 100644 --- a/tests/resources/kubewarden/privileged-pod.yaml +++ b/tests/resources/kubewarden/privileged-pod.yaml @@ -7,7 +7,6 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - apiVersion: v1 kind: Pod metadata: diff --git a/tests/resources/rook/cluster-test.yaml b/tests/resources/rook/cluster-test.yaml index 58c91545..5863d5e6 100644 --- a/tests/resources/rook/cluster-test.yaml +++ b/tests/resources/rook/cluster-test.yaml @@ -1,3 +1,4 @@ +--- ################################################################################################################# # Define the settings for the rook-ceph cluster with common settings for a small test cluster. # All nodes with available raw devices will be used for the Ceph cluster. One node is sufficient @@ -11,7 +12,7 @@ kind: ConfigMap apiVersion: v1 metadata: name: rook-config-override - namespace: rook-ceph # namespace:cluster + namespace: rook-ceph # namespace:cluster data: config: | [global] @@ -25,7 +26,7 @@ apiVersion: ceph.rook.io/v1 kind: CephCluster metadata: name: my-cluster - namespace: rook-ceph # namespace:cluster + namespace: rook-ceph # namespace:cluster spec: dataDirHostPath: /var/lib/rook cephVersion: @@ -62,7 +63,7 @@ apiVersion: ceph.rook.io/v1 kind: CephBlockPool metadata: name: builtin-mgr - namespace: rook-ceph # namespace:cluster + namespace: rook-ceph # namespace:cluster spec: name: .mgr replicated: diff --git a/tests/resources/rook/toolbox.yaml b/tests/resources/rook/toolbox.yaml index 3a083259..6ebd858c 100644 --- a/tests/resources/rook/toolbox.yaml +++ b/tests/resources/rook/toolbox.yaml @@ -1,8 +1,9 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: name: rook-ceph-tools - namespace: rook-ceph # namespace:cluster + namespace: rook-ceph # namespace:cluster labels: app: rook-ceph-tools spec: