chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](26f96dfa69...5d5d22a312)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/cache.yml

@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Check out the codebase
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # 4.1.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -23,7 +23,7 @@ jobs:
 
       - name: Cache Vagrant boxes
         id: cache-vagrant
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0
         with:
           lookup-only: true #if it exists, we don't need to restore and can skip the next step
           path: |

.github/workflows/lint.yml

@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Check out the codebase
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # 4.1.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -22,7 +22,7 @@ jobs:
           cache: 'pip' # caching pip dependencies
 
       - name: Restore Ansible cache
-        uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0
+        uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0
         with:
           path: ~/.ansible/collections
           key: ansible-${{ hashFiles('collections/requirements.yml') }}
@@ -38,14 +38,14 @@ jobs:
           echo "::endgroup::"
 
       - name: Run pre-commit
-        uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # 3.0.1
+        uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # 3.0.0
 
   ensure-pinned-actions:
     name: Ensure SHA Pinned Actions
     runs-on: self-hosted
     steps:
       - name: Checkout code
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # 4.1.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1
       - name: Ensure SHA pinned actions
         uses: zgosalvez/github-actions-ensure-sha-pinned-actions@ba37328d4ea95eaf8b3bd6c6cef308f709a5f2ec # 3.0.3
         with:

.github/workflows/test.yml

@@ -10,7 +10,7 @@ jobs:
       matrix:
         scenario:
           - default
-          # - ipv6
+          - ipv6
           - single_node
           - calico
           - cilium
@@ -21,7 +21,7 @@ jobs:
 
     steps:
       - name: Check out the codebase
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # 4.1.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -65,7 +65,7 @@ jobs:
           cache: 'pip' # caching pip dependencies
 
       - name: Restore vagrant Boxes cache
-        uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0
+        uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0
         with:
           path: ~/.vagrant.d/boxes
           key: vagrant-boxes-${{ hashFiles('**/molecule.yml') }}

README.md

@@ -96,22 +96,8 @@ ansible-playbook reset.yml -i inventory/my-cluster/hosts.ini
 To copy your `kube config` locally so that you can access your **Kubernetes** cluster run:
 
 ```bash
-scp debian@master_ip:/etc/rancher/k3s/k3s.yaml ~/.kube/config
+scp debian@master_ip:~/.kube/config ~/.kube/config
 ```
-If you get file Permission denied, go into the node and temporarly run:
-```bash
-sudo chmod 777 /etc/rancher/k3s/k3s.yaml
-```
-Then copy with the scp command and reset the permissions back to:
-```bash
-sudo chmod 600 /etc/rancher/k3s/k3s.yaml
-```
-
-You'll then want to modify the config to point to master IP by running:
-```bash
-sudo nano ~/.kube/config
-```
-Then change `server: https://127.0.0.1:6443` to match your master IP: `server: https://192.168.1.222:6443`
 
 ### 🔨 Testing your cluster
 

inventory/sample/group_vars/all.yml

@@ -1,5 +1,5 @@
 ---
-k3s_version: v1.29.2+k3s1
+k3s_version: v1.29.0+k3s1
 # this is the user that has ssh access to these machines
 ansible_user: ansibleuser
 systemd_dir: /etc/systemd/system
@@ -13,13 +13,13 @@ flannel_iface: "eth0"
 # uncomment calico_iface to use tigera operator/calico cni instead of flannel https://docs.tigera.io/calico/latest/about
 # calico_iface: "eth0"
 calico_ebpf: false           # use eBPF dataplane instead of iptables
-calico_tag: "v3.27.2"        # calico version tag
+calico_tag: "v3.27.0"        # calico version tag
 
 # uncomment cilium_iface to use cilium cni instead of flannel or calico
 # ensure v4.19.57, v5.1.16, v5.2.0 or more recent kernel
 # cilium_iface: "eth0"
 cilium_mode: "native"        # native when nodes on same subnet or using bgp, else set routed
-cilium_tag: "v1.15.2"        # cilium version tag
+cilium_tag: "v1.14.6"        # cilium version tag
 cilium_hubble: true          # enable hubble observability relay and ui
 
 # if using calico or cilium, you may specify the cluster pod cidr pool
@@ -72,7 +72,7 @@ extra_agent_args: >-
   {{ extra_args }}
 
 # image tag for kube-vip
-kube_vip_tag_version: "v0.7.2"
+kube_vip_tag_version: "v0.6.4"
 
 # tag for kube-vip-cloud-provider manifest
 # kube_vip_cloud_provider_tag_version: "main"
@@ -93,8 +93,8 @@ metal_lb_mode: "layer2"
 # metal_lb_bgp_peer_address: "192.168.30.1"
 
 # image tag for metal lb
-metal_lb_speaker_tag_version: "v0.14.3"
-metal_lb_controller_tag_version: "v0.14.3"
+metal_lb_speaker_tag_version: "v0.13.12"
+metal_lb_controller_tag_version: "v0.13.12"
 
 # metallb ip range for load balancer
 metal_lb_ip_range: "192.168.30.80-192.168.30.90"
@@ -160,10 +160,6 @@ custom_registries_yaml: |
         username: yourusername
         password: yourpassword
 
-# On some distros like Diet Pi, there is no dbus installed. dbus required by the default reboot command.
-# Uncomment if you need a custom reboot command
-# custom_reboot_command: /usr/sbin/shutdown -r now
-
 # Only enable and configure these if you access the internet through a proxy
 # proxy_env:
 #   HTTP_PROXY: "http://proxy.domain.local:3128"

reboot.yml

@@ -6,5 +6,4 @@
     - name: Reboot the nodes (and Wait upto 5 mins max)
       become: true
       reboot:
-        reboot_command: "{{ custom_reboot_command | default(omit) }}"
         reboot_timeout: 300

requirements.txt

@@ -6,7 +6,7 @@
 #
 ansible-compat==4.1.11
     # via molecule
-ansible-core==2.16.4
+ansible-core==2.16.3
     # via
     #   -r requirements.in
     #   ansible-compat
@@ -77,7 +77,7 @@ molecule==6.0.3
     # via
     #   -r requirements.in
     #   molecule-plugins
-molecule-plugins[vagrant]==23.5.3
+molecule-plugins[vagrant]==23.5.0
     # via -r requirements.in
 netaddr==0.10.1
     # via -r requirements.in
@@ -96,7 +96,7 @@ platformdirs==4.1.0
     # via virtualenv
 pluggy==1.3.0
     # via molecule
-pre-commit==3.6.2
+pre-commit==3.6.0
     # via -r requirements.in
 pre-commit-hooks==4.5.0
     # via -r requirements.in

reset.yml

@@ -12,7 +12,6 @@
     - name: Reboot and wait for node to come back up
       become: true
       reboot:
-        reboot_command: "{{ custom_reboot_command | default(omit) }}"
         reboot_timeout: 3600
 
 - name: Revert changes to Proxmox cluster

roles/k3s_agent/tasks/http_proxy.yml

@@ -1,4 +1,5 @@
 ---
+
 - name: Create k3s-node.service.d directory
   file:
     path: '{{ systemd_dir }}/k3s-node.service.d'
@@ -6,7 +7,7 @@
     owner: root
     group: root
     mode: '0755'
-  when: proxy_env is defined
+
 
 - name: Copy K3s http_proxy conf file
   template:
@@ -15,4 +16,3 @@
     owner: root
     group: root
     mode: '0755'
-  when: proxy_env is defined

roles/k3s_agent/tasks/main.yml

@@ -1,35 +1,19 @@
 ---
-- name: Check for PXE-booted system
-  block:
-    - name: Check if system is PXE-booted
-      ansible.builtin.command:
-        cmd: cat /proc/cmdline
-      register: boot_cmdline
-      changed_when: false
-      check_mode: false
-
-    - name: Set fact for PXE-booted system
-      ansible.builtin.set_fact:
-        is_pxe_booted: "{{ 'root=/dev/nfs' in boot_cmdline.stdout }}"
-      when: boot_cmdline.stdout is defined
-
-    - name: Include http_proxy configuration tasks
-      ansible.builtin.include_tasks: http_proxy.yml
 
 - name: Deploy K3s http_proxy conf
   include_tasks: http_proxy.yml
   when: proxy_env is defined
 
-- name: Configure the k3s service
-  ansible.builtin.template:
+- name: Copy K3s service file
+  template:
     src: "k3s.service.j2"
     dest: "{{ systemd_dir }}/k3s-node.service"
     owner: root
     group: root
-    mode: '0755'
+    mode: 0755
 
-- name: Manage k3s service
-  ansible.builtin.systemd:
+- name: Enable and check K3s service
+  systemd:
     name: k3s-node
     daemon_reload: true
     state: restarted

roles/k3s_agent/templates/k3s.service.j2

@@ -7,14 +7,11 @@ After=network-online.target
 Type=notify
 ExecStartPre=-/sbin/modprobe br_netfilter
 ExecStartPre=-/sbin/modprobe overlay
-# Conditional snapshotter based on PXE boot status
-ExecStart=/usr/local/bin/k3s agent \
-  --server https://{{ apiserver_endpoint | ansible.utils.ipwrap }}:6443 \
-  {% if is_pxe_booted | default(false) %}--snapshotter native \
-  {% endif %}--token {{ hostvars[groups[group_name_master | default('master')][0]]['token'] | default(k3s_token) }} \
-  {{ extra_agent_args | default("") }}
+ExecStart=/usr/local/bin/k3s agent --server https://{{ apiserver_endpoint | ansible.utils.ipwrap }}:6443 --token {{ hostvars[groups[group_name_master | default('master')][0]]['token'] | default(k3s_token) }} {{ extra_agent_args | default("") }}
 KillMode=process
 Delegate=yes
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
 LimitNOFILE=1048576
 LimitNPROC=infinity
 LimitCORE=infinity

roles/k3s_server/tasks/vip.yml

@@ -10,7 +10,7 @@
 
 - name: Download vip rbac manifest to first master
   ansible.builtin.get_url:
-    url: "https://kube-vip.io/manifests/rbac.yaml"
+    url: "https://raw.githubusercontent.com/kube-vip/kube-vip/{{ kube_vip_tag_version }}/docs/manifests/rbac.yaml"
     dest: "/var/lib/rancher/k3s/server/manifests/vip-rbac.yaml"
     owner: root
     group: root

roles/k3s_server_post/tasks/calico.yml

@@ -48,7 +48,7 @@
         k3s kubectl wait {{ item.type }}/{{ item.name }}
         --namespace='tigera-operator'
         --for=condition=Available=True
-        --timeout=30s
+        --timeout=7s
       register: tigera_result
       changed_when: false
       until: tigera_result is succeeded
@@ -87,7 +87,7 @@
         --namespace='{{ item.namespace }}'
         --for=condition=Available
         {% endif %}
-        --timeout=30s
+        --timeout=7s
       register: cr_result
       changed_when: false
       until: cr_result is succeeded

roles/k3s_server_post/tasks/cilium.yml

@@ -185,7 +185,7 @@
         --helm-set bpf.loadBalancer.mode={{ bpf_lb_mode | default("hybrid") }}
         {% endif %}
       environment:
-        KUBECONFIG: "{{ ansible_user_dir }}/.kube/config"
+        KUBECONFIG: /home/{{ ansible_user }}/.kube/config
       register: cilium_install_result
       changed_when: cilium_install_result.rc == 0
       when: cilium_installed.rc != 0 or cilium_needs_update
@@ -202,7 +202,7 @@
         --namespace=kube-system
         --for=condition=Available
         {% endif %}
-        --timeout=30s
+        --timeout=7s
       register: cr_result
       changed_when: false
       until: cr_result is succeeded

roles/lxc/handlers/main.yml

@@ -2,5 +2,4 @@
 - name: Reboot server
   become: true
   reboot:
-    reboot_command: "{{ custom_reboot_command | default(omit) }}"
   listen: reboot server

roles/raspberrypi/handlers/main.yml

@@ -1,5 +1,4 @@
 ---
 - name: Reboot
   reboot:
-    reboot_command: "{{ custom_reboot_command | default(omit) }}"
   listen: reboot

roles/raspberrypi/tasks/setup/Raspbian.yml

@@ -1,27 +1,7 @@
 ---
-- name: Test for cmdline path
-  stat:
-    path: /boot/firmware/cmdline.txt
-  register: boot_cmdline_path
-  failed_when: false
-  changed_when: false
-
-- name: Set cmdline path based on Debian version and command result
-  set_fact:
-    cmdline_path: >-
-      {{
-        (
-          boot_cmdline_path.stat.exists and
-          ansible_facts.lsb.description | default('') is match('Debian.*(?!(bookworm|sid))')
-        ) | ternary(
-          '/boot/firmware/cmdline.txt',
-          '/boot/cmdline.txt'
-        )
-      }}
-
 - name: Activating cgroup support
   lineinfile:
-    path: "{{ cmdline_path }}"
+    path: /boot/cmdline.txt
     regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$'
     line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory'
     backrefs: true

site.yml

@@ -1,13 +1,4 @@
 ---
-- name: Pre tasks
-  hosts: all
-  pre_tasks:
-    - name: Verify Ansible is version 2.11 or above. (If this fails you may need to update Ansible)
-      assert:
-        that: "ansible_version.full is version_compare('2.11', '>=')"
-        msg: >
-          "Ansible is out of date. See here for more info: https://docs.technotim.live/posts/ansible-automation/"
-
 - name: Prepare Proxmox cluster
   hosts: proxmox
   gather_facts: true