Add calico-apiserver check

Merge branch 'techno-tim:master' into calico
Update truthy values to true/false only, #204 (#387 )
2025-12-25 18:23:05 +01:00 · 2024-01-17 10:14:04 -06:00 · 2024-01-17 09:46:24 -06:00 · 2024-01-15 12:43:44 -06:00
13 changed files with 29 additions and 27 deletions
--- a/.yamllint
+++ b/.yamllint
@@ -6,4 +6,4 @@ rules:
    max: 120
    level: warning
  truthy:
-    allowed-values: ['true', 'false', 'yes', 'no']
+    allowed-values: ['true', 'false']
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
@@ -17,6 +17,6 @@
      # and security needs.
      ansible.builtin.systemd:
        name: firewalld
-        enabled: no
+        enabled: false
        state: stopped
      become: true
--- a/molecule/resources/verify_from_outside/tasks/test/deploy-example.yml
+++ b/molecule/resources/verify_from_outside/tasks/test/deploy-example.yml
@@ -35,7 +35,7 @@
    - name: Assert that the nginx welcome page is available
      ansible.builtin.uri:
        url: http://{{ ip | ansible.utils.ipwrap }}:{{ port_ }}/
-        return_content: yes
+        return_content: true
      register: result
      failed_when: "'Welcome to nginx!' not in result.content"
      vars:
--- a/reboot.yml
+++ b/reboot.yml
@@ -1,7 +1,7 @@
 ---
 - name: Reboot k3s_cluster
  hosts: k3s_cluster
-  gather_facts: yes
+  gather_facts: true
  tasks:
    - name: Reboot the nodes (and Wait upto 5 mins max)
      become: true
--- a/reset.yml
+++ b/reset.yml
@@ -1,7 +1,7 @@
 ---
 - name: Reset k3s cluster
  hosts: k3s_cluster
-  gather_facts: yes
+  gather_facts: true
  roles:
    - role: reset
      become: true
@@ -17,7 +17,7 @@
 - name: Revert changes to Proxmox cluster
  hosts: proxmox
  gather_facts: true
-  become: yes
+  become: true
  remote_user: "{{ proxmox_lxc_ssh_user }}"
  roles:
    - role: reset_proxmox_lxc
--- a/roles/k3s_agent/tasks/main.yml
+++ b/roles/k3s_agent/tasks/main.yml
@@ -15,6 +15,6 @@
 - name: Enable and check K3s service
  systemd:
    name: k3s-node
-    daemon_reload: yes
+    daemon_reload: true
    state: restarted
-    enabled: yes
+    enabled: true
--- a/roles/k3s_server/tasks/main.yml
+++ b/roles/k3s_server/tasks/main.yml
@@ -67,9 +67,9 @@
 - name: Enable and check K3s service
  systemd:
    name: k3s
-    daemon_reload: yes
+    daemon_reload: true
    state: restarted
-    enabled: yes
+    enabled: true

 - name: Wait for node-token
  wait_for:
@@ -110,7 +110,7 @@
  copy:
    src: /etc/rancher/k3s/k3s.yaml
    dest: "{{ ansible_user_dir }}/.kube/config"
-    remote_src: yes
+    remote_src: true
    owner: "{{ ansible_user_id }}"
    mode: "u=rw,g=,o="

--- a/roles/k3s_server_post/tasks/calico.yml
+++ b/roles/k3s_server_post/tasks/calico.yml
@@ -73,12 +73,12 @@
      command: >-
        {% if item.type == 'daemonset' %}
        k3s kubectl wait pods
-        --namespace='calico-system'
+        --namespace='{{ item.namespace }}'
        --selector={{ item.selector }}
        --for=condition=Ready
        {% else %}
        k3s kubectl wait {{ item.type }}/{{ item.name }}
-        --namespace='calico-system'
+        --namespace='{{ item.namespace }}'
        --for=condition=Available
        {% endif %}
        --timeout=7s
@@ -88,10 +88,12 @@
      retries: 30
      delay: 7
      with_items:
-        - { name: calico-typha, type: deployment }
-        - { name: calico-kube-controllers, type: deployment }
-        - { name: csi-node-driver, type: daemonset, selector: 'k8s-app=csi-node-driver' }
-        - { name: calico-node, type: daemonset, selector: 'k8s-app=calico-node' }
+        - { name: calico-typha, type: deployment, namespace: calico-system }
+        - { name: calico-kube-controllers, type: deployment, namespace: calico-system }
+        - { name: csi-node-driver, type: daemonset, selector: 'k8s-app=csi-node-driver', namespace: calico-system }
+        - { name: calico-node, type: daemonset, selector: 'k8s-app=calico-node', namespace: calico-system }
+        - { name: calico-apiserver, type: deployment, selector: 'k8s-app=calico-apiserver', namespace: calico-apiserver }
      loop_control:
        label: "{{ item.type }}/{{ item.name }}"
  when: ansible_hostname == hostvars[groups[group_name_master | default('master')][0]]['ansible_hostname']
+  run_once: true # stops "skipped" log spam
--- a/roles/prereq/tasks/main.yml
+++ b/roles/prereq/tasks/main.yml
@@ -14,7 +14,7 @@
    name: net.ipv4.ip_forward
    value: "1"
    state: present
-    reload: yes
+    reload: true
  tags: sysctl

 - name: Enable IPv6 forwarding
@@ -22,7 +22,7 @@
    name: net.ipv6.conf.all.forwarding
    value: "1"
    state: present
-    reload: yes
+    reload: true
  tags: sysctl

 - name: Enable IPv6 router advertisements
@@ -30,7 +30,7 @@
    name: net.ipv6.conf.all.accept_ra
    value: "2"
    state: present
-    reload: yes
+    reload: true
  tags: sysctl

 - name: Add br_netfilter to /etc/modules-load.d/
@@ -51,7 +51,7 @@
    name: "{{ item }}"
    value: "1"
    state: present
-    reload: yes
+    reload: true
  when: ansible_os_family == "RedHat"
  loop:
    - net.bridge.bridge-nf-call-iptables
--- a/roles/raspberrypi/tasks/setup/Rocky.yml
+++ b/roles/raspberrypi/tasks/setup/Rocky.yml
@@ -2,7 +2,7 @@
 - name: Enable cgroup via boot commandline if not already enabled for Rocky
  lineinfile:
    path: /boot/cmdline.txt
-    backrefs: yes
+    backrefs: true
    regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$'
    line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory'
  notify: reboot
--- a/roles/raspberrypi/tasks/setup/Ubuntu.yml
+++ b/roles/raspberrypi/tasks/setup/Ubuntu.yml
@@ -2,7 +2,7 @@
 - name: Enable cgroup via boot commandline if not already enabled for Ubuntu on a Raspberry Pi
  lineinfile:
    path: /boot/firmware/cmdline.txt
-    backrefs: yes
+    backrefs: true
    regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$'
    line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory'
  notify: reboot
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -3,7 +3,7 @@
  systemd:
    name: "{{ item }}"
    state: stopped
-    enabled: no
+    enabled: false
  failed_when: false
  with_items:
    - k3s
@@ -57,7 +57,7 @@

 - name: Reload daemon_reload
  systemd:
-    daemon_reload: yes
+    daemon_reload: true

 - name: Remove tmp directory used for manifests
  file:
--- a/site.yml
+++ b/site.yml
@@ -2,7 +2,7 @@
 - name: Prepare Proxmox cluster
  hosts: proxmox
  gather_facts: true
-  become: yes
+  become: true
  environment: "{{ proxy_env | default({}) }}"
  roles:
    - role: proxmox_lxc
@@ -10,7 +10,7 @@

 - name: Prepare k3s nodes
  hosts: k3s_cluster
-  gather_facts: yes
+  gather_facts: true
  environment: "{{ proxy_env | default({}) }}"
  roles:
    - role: lxc
Author	SHA1	Message	Date
Ethan Shold	2cd03f38f2	Add calico-apiserver check	2024-01-17 10:14:04 -06:00
sholdee	8e1265fbae	Merge branch 'techno-tim:master' into calico	2024-01-17 09:46:24 -06:00
Balázs Hasprai	cddbfc8e40	Update truthy values to true/false only, #204 (#387 ) Co-authored-by: Techno Tim <timothystewart6@gmail.com>	2024-01-15 12:43:44 -06:00