Merge e7ee4362d5 into b86156b995

Co-authored-by: Techno Tim <timothystewart6@gmail.com>

.github/workflows/cache.yml

@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Check out the codebase
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # 4.1.4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -23,7 +23,7 @@ jobs:
 
       - name: Cache Vagrant boxes
         id: cache-vagrant
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0.2
         with:
           lookup-only: true #if it exists, we don't need to restore and can skip the next step
           path: |

.github/workflows/lint.yml

@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Check out the codebase
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # 4.1.4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -22,7 +22,7 @@ jobs:
           cache: 'pip' # caching pip dependencies
 
       - name: Restore Ansible cache
-        uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0
+        uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0.2
         with:
           path: ~/.ansible/collections
           key: ansible-${{ hashFiles('collections/requirements.yml') }}
@@ -45,9 +45,9 @@ jobs:
     runs-on: self-hosted
     steps:
       - name: Checkout code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # 4.1.4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
       - name: Ensure SHA pinned actions
-        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@40e45e738b3cad2729f599d8afc6ed02184e1dbd # 3.0.5
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@2f2ebc6d914ab515939dc13f570f91baeb2c194c # 3.0.6
         with:
           allowlist: |
             aws-actions/

.github/workflows/test.yml

@@ -21,7 +21,7 @@ jobs:
 
     steps:
       - name: Check out the codebase
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # 4.1.4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -65,7 +65,7 @@ jobs:
           cache: 'pip' # caching pip dependencies
 
       - name: Restore vagrant Boxes cache
-        uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0
+        uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0.2
         with:
           path: ~/.vagrant.d/boxes
           key: vagrant-boxes-${{ hashFiles('**/molecule.yml') }}

requirements.txt

@@ -6,7 +6,7 @@
 #
 ansible-compat==4.1.11
     # via molecule
-ansible-core==2.16.6
+ansible-core==2.17.0
     # via
     #   -r requirements.in
     #   ansible-compat
@@ -96,7 +96,7 @@ platformdirs==4.1.0
     # via virtualenv
 pluggy==1.3.0
     # via molecule
-pre-commit==3.7.0
+pre-commit==3.7.1
     # via -r requirements.in
 pre-commit-hooks==4.6.0
     # via -r requirements.in

roles/k3s_agent/meta/main.yml

@@ -32,3 +32,4 @@ argument_specs:
       systemd_dir:
         description: Path to systemd services
         default: /etc/systemd/system
+        required: true

roles/k3s_server/meta/main.yml

@@ -83,3 +83,4 @@ argument_specs:
       systemd_dir:
         description: Path to systemd services
         default: /etc/systemd/system
+        required: true

roles/k3s_server/tasks/main.yml

@@ -28,7 +28,7 @@
 - name: Deploy metallb manifest
   include_tasks: metallb.yml
   tags: metallb
-  when: kube_vip_lb_ip_range is not defined and (not cilium_bgp or cilium_iface is not defined)
+  when: kube_vip_lb_ip_range is not defined and (cilium_bgp is not defined or cilium_iface is not defined)
 
 - name: Deploy kube-vip manifest
   include_tasks: kube-vip.yml

roles/k3s_server_post/defaults/main.yml

@@ -2,11 +2,18 @@
 bpf_lb_algorithm: maglev
 bpf_lb_mode: hybrid
 
+calico_blockSize: 26
 calico_ebpf: false
+calico_encapsulation: VXLANCrossSubnet
+calico_natOutgoing: Enabled
+calico_nodeSelector: all()
 calico_tag: v3.27.2
 
 cilium_bgp: false
 cilium_exportPodCIDR: true
+cilium_bgp_my_asn: 64513
+cilium_bgp_peer_asn: 64512
+cilium_bgp_lb_cidr: 192.168.31.0/24
 cilium_hubble: true
 cilium_mode: native
 
@@ -18,3 +25,4 @@ group_name_master: master
 metal_lb_mode: layer2
 metal_lb_available_timeout: 240s
 metal_lb_controller_tag_version: v0.14.3
+metal_lb_ip_range: 192.168.30.80-192.168.30.90

roles/k3s_server_post/meta/main.yml

@@ -15,11 +15,28 @@ argument_specs:
         description: BPF lb mode
         default: hybrid
 
+      calico_blockSize:
+        description: IP pool block size
+        type: int
+        default: 26
+
       calico_ebpf:
         description: Use eBPF dataplane instead of iptables
         type: bool
         default: false
 
+      calico_encapsulation:
+        description: IP pool encapsulation
+        default: VXLANCrossSubnet
+
+      calico_natOutgoing:
+        description: IP pool NAT outgoing
+        default: Enabled
+
+      calico_nodeSelector:
+        description: IP pool node selector
+        default: all()
+
       calico_iface:
         description: The network interface used for when Calico is enabled
         default: ~
@@ -35,6 +52,24 @@ argument_specs:
         type: bool
         default: false
 
+      cilium_bgp_my_asn:
+        description: Local ASN for BGP peer
+        type: int
+        default: 64513
+
+      cilium_bgp_peer_asn:
+        description: BGP peer ASN
+        type: int
+        default: 64512
+
+      cilium_bgp_peer_address:
+        description: BGP peer address
+        default: ~
+
+      cilium_bgp_lb_cidr:
+        description: BGP load balancer IP range
+        default: 192.168.31.0/24
+
       cilium_exportPodCIDR:
         description: Export pod CIDR
         type: bool
@@ -82,6 +117,10 @@ argument_specs:
         description: Wait for MetalLB resources
         default: 240s
 
+      metal_lb_ip_range:
+        description: MetalLB ip range for load balancer
+        default: 192.168.30.80-192.168.30.90
+
       metal_lb_controller_tag_version:
         description: Image tag for MetalLB
         default: v0.14.3
@@ -92,3 +131,15 @@ argument_specs:
         choices:
           - bgp
           - layer2
+
+      metal_lb_bgp_my_asn:
+        description: BGP ASN configurations
+        default: ~
+
+      metal_lb_bgp_peer_asn:
+        description: BGP peer ASN configurations
+        default: ~
+
+      metal_lb_bgp_peer_address:
+        description: BGP peer address
+        default: ~

roles/k3s_server_post/tasks/main.yml

@@ -12,7 +12,7 @@
 - name: Deploy metallb pool
   include_tasks: metallb.yml
   tags: metallb
-  when: kube_vip_lb_ip_range is not defined and (not cilium_bgp or cilium_iface is not defined)
+  when: kube_vip_lb_ip_range is not defined and (cilium_bgp is not defined or cilium_iface is not defined)
 
 - name: Remove tmp directory used for manifests
   file:

roles/k3s_server_post/templates/calico.crs.j2

@@ -9,11 +9,11 @@ spec:
   calicoNetwork:
     # Note: The ipPools section cannot be modified post-install.
     ipPools:
-    - blockSize: {{ calico_blockSize | default('26') }}
-      cidr: {{ cluster_cidr | default('10.52.0.0/16') }}
-      encapsulation: {{ calico_encapsulation | default('VXLANCrossSubnet') }}
-      natOutgoing: {{ calico_natOutgoing | default('Enabled') }}
-      nodeSelector: {{ calico_nodeSelector | default('all()') }}
+    - blockSize: {{ calico_blockSize }}
+      cidr: {{ cluster_cidr }}
+      encapsulation: {{ calico_encapsulation }}
+      natOutgoing: {{ calico_natOutgoing }}
+      nodeSelector: {{ calico_nodeSelector }}
     nodeAddressAutodetectionV4:
       interface: {{ calico_iface  }}
     linuxDataplane: {{ 'BPF' if calico_ebpf else 'Iptables' }}

roles/k3s_server_post/templates/cilium.crs.j2

@@ -25,5 +25,10 @@ kind: CiliumLoadBalancerIPPool
 metadata:
   name: "01-lb-pool"
 spec:
-  cidrs:
-  - cidr: "{{ cilium_bgp_lb_cidr }}"
+  blocks:
+{% if "/" in cilium_bgp_lb_cidr %}
+  - cidr: {{ cilium_bgp_lb_cidr }}
+{% else %}
+  - start: {{ cilium_bgp_lb_cidr.split('-')[0] }}
+    stop: {{ cilium_bgp_lb_cidr.split('-')[1] }}
+{% endif %}

roles/lxc/meta/main.yml

@@ -0,0 +1,7 @@
+---
+argument_specs:
+  main:
+    short_description: Configure LXC
+    options:
+      custom_reboot_command:
+        default: ~

roles/prereq/defaults/main.yml

@@ -1,4 +1,4 @@
 ---
 secure_path:
-  RedHat: '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin'
-  Suse: '/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin'
+  RedHat: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
+  Suse: /usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin

roles/prereq/meta/main.yml

@@ -0,0 +1,7 @@
+---
+argument_specs:
+  main:
+    short_description: Prerequisites
+    options:
+      system_timezone:
+        description: Timezone to be set on all nodes

roles/reset/meta/main.yml

@@ -0,0 +1,9 @@
+---
+argument_specs:
+  main:
+    short_description: Reset all nodes
+    options:
+      systemd_dir:
+        description: Path to systemd services
+        default: /etc/systemd/system
+        required: true