Fix naming

.gitlab-ci.yml

@@ -77,6 +77,7 @@ ci-authorized:
 include:
   - .gitlab-ci/build.yml
   - .gitlab-ci/lint.yml
+  - .gitlab-ci/shellcheck.yml
   - .gitlab-ci/terraform.yml
   - .gitlab-ci/packet.yml
   - .gitlab-ci/vagrant.yml

.gitlab-ci/lint.yml

@@ -1,24 +1,13 @@
 ---
-generate-pre-commit:
+yamllint:
-  image: 'mikefarah/yq@sha256:bcb889a1f9bdb0613c8a054542d02360c2b1b35521041be3e1bd8fbd0534d411'
+  extends: .job
-  stage: build
-  before_script: []
-  script:
-    - >
-      yq -r < .pre-commit-config.yaml '.repos[].hooks[].id' |
-      sed 's/^/      - /' |
-      cat .gitlab-ci/pre-commit-dynamic-stub.yml - > pre-commit-generated.yml
-  artifacts:
-    paths:
-      - pre-commit-generated.yml
-
-run-pre-commit:
   stage: unit-tests
-  trigger:
+  tags: [light]
-    include:
+  variables:
-      - artifact: pre-commit-generated.yml
+    LANG: C.UTF-8
-        job: generate-pre-commit
+  script:
-    strategy: depend
+    - yamllint --strict .
+  except: ['triggers', 'master']
 
 vagrant-validate:
   extends: .job
@@ -30,11 +19,108 @@ vagrant-validate:
     - ./tests/scripts/vagrant-validate.sh
   except: ['triggers', 'master']
 
+ansible-lint:
+  extends: .job
+  stage: unit-tests
+  tags: [light]
+  script:
+    - ansible-lint -v
+  except: ['triggers', 'master']
+
+jinja-syntax-check:
+  extends: .job
+  stage: unit-tests
+  tags: [light]
+  script:
+    - "find -name '*.j2' -exec tests/scripts/check-templates.py {} +"
+  except: ['triggers', 'master']
+
+syntax-check:
+  extends: .job
+  stage: unit-tests
+  tags: [light]
+  variables:
+    ANSIBLE_INVENTORY: inventory/local-tests.cfg
+    ANSIBLE_REMOTE_USER: root
+    ANSIBLE_BECOME: "true"
+    ANSIBLE_BECOME_USER: root
+    ANSIBLE_VERBOSITY: "3"
+  script:
+    - ansible-playbook --syntax-check cluster.yml
+    - ansible-playbook --syntax-check playbooks/cluster.yml
+    - ansible-playbook --syntax-check upgrade-cluster.yml
+    - ansible-playbook --syntax-check playbooks/upgrade_cluster.yml
+    - ansible-playbook --syntax-check reset.yml
+    - ansible-playbook --syntax-check playbooks/reset.yml
+    - ansible-playbook --syntax-check extra_playbooks/upgrade-only-k8s.yml
+  except: ['triggers', 'master']
+
+collection-build-install-sanity-check:
+  extends: .job
+  stage: unit-tests
+  tags: [light]
+  variables:
+    ANSIBLE_COLLECTIONS_PATH: "./ansible_collections"
+  script:
+    - ansible-galaxy collection build
+    - ansible-galaxy collection install kubernetes_sigs-kubespray-$(grep "^version:" galaxy.yml | awk '{print $2}').tar.gz
+    - ansible-galaxy collection list $(egrep -i '(name:\s+|namespace:\s+)' galaxy.yml | awk '{print $2}' | tr '\n' '.' | sed 's|\.$||g') | grep "^kubernetes_sigs.kubespray"
+    - test -f ansible_collections/kubernetes_sigs/kubespray/playbooks/cluster.yml
+    - test -f ansible_collections/kubernetes_sigs/kubespray/playbooks/reset.yml
+  except: ['triggers', 'master']
+
+tox-inventory-builder:
+  stage: unit-tests
+  tags: [light]
+  extends: .job
+  before_script:
+    - ./tests/scripts/rebase.sh
+  script:
+    - pip3 install tox
+    - cd contrib/inventory_builder && tox
+  except: ['triggers', 'master']
+
+markdownlint:
+  stage: unit-tests
+  tags: [light]
+  image: node
+  before_script:
+    - npm install -g markdownlint-cli@0.22.0
+  script:
+    - markdownlint $(find . -name '*.md' | grep -vF './.git') --ignore docs/_sidebar.md --ignore contrib/dind/README.md
+
+generate-sidebar:
+  extends: .job
+  stage: unit-tests
+  tags: [light]
+  script:
+    - scripts/gen_docs_sidebar.sh
+    - git diff --exit-code
+
+check-readme-versions:
+  stage: unit-tests
+  tags: [light]
+  image: python:3
+  script:
+    - tests/scripts/check_readme_versions.sh
 
-# TODO: convert to pre-commit hook
 check-galaxy-version:
   stage: unit-tests
   tags: [light]
   image: python:3
   script:
     - tests/scripts/check_galaxy_version.sh
+
+check-typo:
+  stage: unit-tests
+  tags: [light]
+  image: python:3
+  script:
+    - tests/scripts/check_typo.sh
+
+ci-matrix:
+  stage: unit-tests
+  tags: [light]
+  image: python:3
+  script:
+    - tests/scripts/md-table/test.sh

.gitlab-ci/packet.yml

@@ -32,7 +32,7 @@ packet_cleanup_old:
   after_script: []
 
 # The ubuntu20-calico-all-in-one jobs are meant as early stages to prevent running the full CI if something is horribly broken
-packet_ubuntu20-calico-all-in-one:
+packet_ubuntu24-calico-all-in-one:
   stage: deploy-part1
   extends: .packet_pr
   when: on_success
@@ -46,6 +46,11 @@ packet_ubuntu20-all-in-one-docker:
   extends: .packet_pr
   when: on_success
 
+packet_ubuntu20-calico-all-in-one:
+  stage: deploy-part1
+  extends: .packet_pr
+  when: on_success
+
 packet_ubuntu20-calico-all-in-one-hardening:
   stage: deploy-part2
   extends: .packet_pr
@@ -66,11 +71,6 @@ packet_ubuntu24-all-in-one-docker:
   extends: .packet_pr
   when: on_success
 
-packet_ubuntu24-calico-all-in-one:
-  stage: deploy-part2
-  extends: .packet_pr
-  when: on_success
-
 packet_ubuntu24-calico-etcd-datastore:
   stage: deploy-part2
   extends: .packet_pr

.gitlab-ci/pre-commit-dynamic-stub.yml

@@ -1,17 +0,0 @@
----
-# stub pipeline for dynamic generation
-pre-commit:
-  tags:
-  - light
-  image: 'ghcr.io/pre-commit-ci/runner-image@sha256:aaf2c7b38b22286f2d381c11673bec571c28f61dd086d11b43a1c9444a813cef'
-  variables:
-    PRE_COMMIT_HOME: /pre-commit-cache
-  script:
-  - pre-commit run -a $HOOK_ID
-  cache:
-    key: pre-commit-$HOOK_ID
-    paths:
-    - /pre-commit-cache
-  parallel:
-    matrix:
-    - HOOK_ID:

.gitlab-ci/shellcheck.yml

@@ -0,0 +1,16 @@
+---
+shellcheck:
+  extends: .job
+  stage: unit-tests
+  tags: [light]
+  variables:
+    SHELLCHECK_VERSION: v0.7.1
+  before_script:
+    - ./tests/scripts/rebase.sh
+    - curl --silent --location "https://github.com/koalaman/shellcheck/releases/download/"${SHELLCHECK_VERSION}"/shellcheck-"${SHELLCHECK_VERSION}".linux.x86_64.tar.xz" | tar -xJv
+    - cp shellcheck-"${SHELLCHECK_VERSION}"/shellcheck /usr/bin/
+    - shellcheck --version
+  script:
+    # Run shellcheck for all *.sh
+    - find . -name '*.sh' -not -path './.git/*' | xargs shellcheck --severity error
+  except: ['triggers', 'master']

.markdownlint.yaml

@@ -0,0 +1,3 @@
+---
+MD013: false
+MD029: false

.md_style.rb

@@ -1,4 +0,0 @@
-all
-exclude_rule 'MD013'
-exclude_rule 'MD029'
-rule 'MD007', :indent => 2

.mdlrc

@@ -1 +0,0 @@
-style "#{File.dirname(__FILE__)}/.md_style.rb"

.pre-commit-config.yaml

@@ -1,7 +1,7 @@
 ---
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v3.4.0
     hooks:
       - id: check-added-large-files
       - id: check-case-conflict
@@ -15,60 +15,47 @@ repos:
       - id: trailing-whitespace
 
   - repo: https://github.com/adrienverge/yamllint.git
-    rev: v1.35.1
+    rev: v1.27.1
     hooks:
       - id: yamllint
         args: [--strict]
 
   - repo: https://github.com/markdownlint/markdownlint
-    rev: v0.12.0
+    rev: v0.11.0
     hooks:
       - id: markdownlint
-        exclude: "^.github|(^docs/_sidebar\\.md$)"
+        args: [-r, "~MD013,~MD029"]
+        exclude: "^.git"
 
-  - repo: https://github.com/shellcheck-py/shellcheck-py
+  - repo: https://github.com/jumanjihouse/pre-commit-hooks
-    rev: v0.10.0.1
+    rev: 3.0.0
     hooks:
       - id: shellcheck
-        args: ["--severity=error"]
+        args: [--severity, "error"]
         exclude: "^.git"
         files: "\\.sh$"
 
-  - repo: https://github.com/ansible/ansible-lint
-    rev: v24.5.0
-    hooks:
-      - id: ansible-lint
-        additional_dependencies:
-          - ansible==9.5.1
-          - jsonschema==4.22.0
-          - jmespath==1.0.1
-          - netaddr==1.2.1
-          - distlib
-
-  - repo: https://github.com/VannTen/misspell
-    # Waiting on https://github.com/golangci/misspell/pull/19 to get merged
-    rev: 8592a4e
-    hooks:
-      - id: misspell
-        exclude: "OWNERS_ALIASES$"
-
   - repo: local
     hooks:
+      - id: ansible-lint
+        name: ansible-lint
+        entry: ansible-lint -v
+        language: python
+        pass_filenames: false
+        additional_dependencies:
+          - .[community]
+
       - id: ansible-syntax-check
         name: ansible-syntax-check
         entry: env ANSIBLE_INVENTORY=inventory/local-tests.cfg ANSIBLE_REMOTE_USER=root ANSIBLE_BECOME="true" ANSIBLE_BECOME_USER=root ANSIBLE_VERBOSITY="3" ansible-playbook --syntax-check
         language: python
         files: "^cluster.yml|^upgrade-cluster.yml|^reset.yml|^extra_playbooks/upgrade-only-k8s.yml"
-        additional_dependencies:
-          - ansible==9.5.1
 
       - id: tox-inventory-builder
         name: tox-inventory-builder
         entry: bash -c "cd contrib/inventory_builder && tox"
         language: python
         pass_filenames: false
-        additional_dependencies:
-          - tox==4.15.0
 
       - id: check-readme-versions
         name: check-readme-versions
@@ -76,15 +63,6 @@ repos:
         language: script
         pass_filenames: false
 
-      - id: collection-build-install
-        name: Build and install kubernetes-sigs.kubespray Ansible collection
-        language: python
-        additional_dependencies:
-          - ansible-core>=2.16.4
-          - distlib
-        entry: tests/scripts/collection-build-install.sh
-        pass_filenames: false
-
       - id: generate-docs-sidebar
         name: generate-docs-sidebar
         entry: scripts/gen_docs_sidebar.sh
@@ -93,13 +71,9 @@ repos:
 
       - id: ci-matrix
         name: ci-matrix
-        entry: tests/scripts/md-table/main.py
+        entry: tests/scripts/md-table/test.sh
-        language: python
+        language: script
         pass_filenames: false
-        additional_dependencies:
-          - jinja2
-          - pathlib
-          - pyaml
 
       - id: jinja-syntax-check
         name: jinja-syntax-check
@@ -108,4 +82,4 @@ repos:
         types:
           - jinja
         additional_dependencies:
-          - jinja2
+          - Jinja2

OWNERS_ALIASES

@@ -6,7 +6,6 @@ aliases:
     - mzaian
     - oomichi
     - yankay
-    - ant31
   kubespray-reviewers:
     - cyclinder
     - erikjiang
@@ -15,6 +14,7 @@ aliases:
     - vannten
     - yankay
   kubespray-emeritus_approvers:
+    - ant31
     - atoms
     - chadswen
     - luckysb

contrib/terraform/nifcloud/README.md

@@ -72,7 +72,6 @@ The setup looks like following
 
   ```bash
   ./generate-inventory.sh > sample-inventory/inventory.ini
-  ```
 
 * Export Variables:
 

contrib/terraform/upcloud/cluster-settings.tfvars

@@ -146,4 +146,4 @@ server_groups = {
   #   ]
   #   anti_affinity_policy = "yes"
   # }
-}
+}

contrib/terraform/upcloud/modules/kubernetes-cluster/main.tf

@@ -558,4 +558,4 @@ resource "upcloud_server_group" "server_groups" {
   anti_affinity_policy = each.value.anti_affinity_policy
   labels               = {}
   members              = [for server in each.value.servers : merge(upcloud_server.master, upcloud_server.worker)[server].id]
-}
+}

contrib/terraform/upcloud/modules/kubernetes-cluster/variables.tf

@@ -106,4 +106,4 @@ variable "server_groups" {
     anti_affinity_policy = string
     servers              = list(string)
   }))
-}
+}

contrib/terraform/upcloud/sample-inventory/cluster.tfvars

@@ -146,4 +146,4 @@ server_groups = {
   #   ]
   #   anti_affinity_policy = "yes"
   # }
-}
+}

docs/ansible/ansible.md

@@ -231,7 +231,6 @@ The following tags are defined in playbooks:
 | services                       | Remove services (etcd, kubelet etc...) when resetting |
 | snapshot                       | Enabling csi snapshot                                 |
 | snapshot-controller            | Configuring csi snapshot controller                   |
-| system-packages                | Install packages using OS package manager             |
 | upgrade                        | Upgrading, f.e. container images/binaries             |
 | upload                         | Distributing images/binaries across hosts             |
 | vsphere-csi-driver             | Configuring csi driver: vsphere                       |

docs/cloud_providers/openstack.md

@@ -1,3 +1,4 @@
+
 # OpenStack
 
 ## Known compatible public clouds

docs/operations/offline-environment.md

@@ -103,9 +103,7 @@ If you use the settings like the one above, you'll need to define in your invent
   can store them anywhere as long as it's accessible by kubespray. It's recommended to use `*_version` in the path so
   that you don't need to modify this setting everytime kubespray upgrades one of these components.
 * `yum_repo`/`debian_repo`/`ubuntu_repo`: OS package repository depending on your OS, should point to your internal
-  repository. Adjust the path accordingly. Used only for Docker/Containerd packages (if needed); other packages might
+  repository. Adjust the path accordingly.
-  be installed from other repositories. You might disable installing packages from other repositories by skipping
-  the `system-packages` tag
 
 ## Install Kubespray Python Packages
 

docs/operations/recover-control-plane.md

@@ -1,3 +1,4 @@
+
 # Recovering the control plane
 
 To recover from broken nodes in the control plane use the "recover\-control\-plane.yml" playbook.
@@ -7,6 +8,7 @@ Examples of what broken means in this context:
 * One or more bare metal node(s) suffer from unrecoverable hardware failure
 * One or more node(s) fail during patching or upgrading
 * Etcd database corruption
+  
 * Other node related failures leaving your control plane degraded or nonfunctional
 
 __Note that you need at least one functional node to be able to recover using this method.__

galaxy.yml

@@ -9,12 +9,42 @@ authors:
 tags:
   - infrastructure
 repository: https://github.com/kubernetes-sigs/kubespray
-issues: https://github.com/kubernetes-sigs/kubespray/issues
-documentation: https://kubespray.io
 license_file: LICENSE
 dependencies:
   ansible.utils: '>=2.5.0'
   community.general: '>=3.0.0'
-manifest:
+build_ignore:
-  directives:
+  - .github
-    - recursive-exclude tests **
+  - '*.tar.gz'
+  - extra_playbooks
+  - inventory
+  - scripts
+  - test-infra
+  - .ansible-lint
+  - .editorconfig
+  - .gitignore
+  - .gitlab-ci
+  - .gitlab-ci.yml
+  - .gitmodules
+  - .markdownlint.yaml
+  - .nojekyll
+  - .pre-commit-config.yaml
+  - .yamllint
+  - Dockerfile
+  - FILES.json
+  - MANIFEST.json
+  - Makefile
+  - Vagrantfile
+  - _config.yml
+  - ansible.cfg
+  - requirements*txt
+  - setup.cfg
+  - setup.py
+  - index.html
+  - reset.yml
+  - cluster.yml
+  - scale.yml
+  - recover-control-plane.yml
+  - remove-node.yml
+  - upgrade-cluster.yml
+  - library

inventory/sample/group_vars/etcd.yml

@@ -32,4 +32,4 @@
 # etcd_experimental_enable_distributed_tracing: false
 # etcd_experimental_distributed_tracing_sample_rate: 100
 # etcd_experimental_distributed_tracing_address: "localhost:4317"
-# etcd_experimental_distributed_tracing_service_name: etcd
+# etcd_experimental_distributed_tracing_service_name: etcd

requirements.txt

@@ -1,10 +1,10 @@
-ansible==9.6.0
+ansible==9.5.1
 cryptography==42.0.7
 jinja2==3.1.4
 jmespath==1.0.1
-jsonschema==4.22.0
 MarkupSafe==2.1.5
 netaddr==1.2.1
 pbr==6.0.0
 ruamel.yaml==0.18.6
 ruamel.yaml.clib==0.2.8
+jsonschema==4.22.0

roles/container-engine/containerd/defaults/main.yml

@@ -116,4 +116,4 @@ containerd_tracing_enabled: false
 containerd_tracing_endpoint: "0.0.0.0:4317"
 containerd_tracing_protocol: "grpc"
 containerd_tracing_sampling_ratio: 1.0
-containerd_tracing_service_name: "containerd"
+containerd_tracing_service_name: "containerd"

roles/container-engine/containerd/templates/config.toml.j2

@@ -107,3 +107,4 @@ oom_score = {{ containerd_oom_score }}
     sampling_ratio = {{ containerd_tracing_sampling_ratio }}
     service_name = "{{ containerd_tracing_service_name }}"
 {% endif %}
+

roles/etcd/defaults/main.yml

@@ -124,4 +124,4 @@ unsafe_show_logs: false
 etcd_experimental_enable_distributed_tracing: false
 etcd_experimental_distributed_tracing_sample_rate: 100
 etcd_experimental_distributed_tracing_address: "localhost:4317"
-etcd_experimental_distributed_tracing_service_name: etcd
+etcd_experimental_distributed_tracing_service_name: etcd

roles/kubernetes-apps/csi_driver/gcp_pd/templates/gcp-pd-csi-controller.yml.j2

@@ -162,4 +162,4 @@ metadata:
   name: pd.csi.storage.gke.io
 spec:
   attachRequired: true
-  podInfoOnMount: false
+  podInfoOnMount: false

roles/kubernetes-apps/csi_driver/gcp_pd/templates/gcp-pd-csi-node.yml.j2

@@ -109,4 +109,4 @@ spec:
       # See "special case". This will tolerate everything. Node component should
       # be scheduled on all nodes.
       tolerations:
-      - operator: Exists
+      - operator: Exists

roles/kubernetes-apps/csi_driver/gcp_pd/templates/gcp-pd-csi-sc-regional.yml.j2

@@ -6,4 +6,4 @@ provisioner: pd.csi.storage.gke.io
 parameters:
   type: pd-balanced
   replication-type: regional-pd
-volumeBindingMode: WaitForFirstConsumer
+volumeBindingMode: WaitForFirstConsumer

roles/kubernetes-apps/csi_driver/gcp_pd/templates/gcp-pd-csi-sc-zonal.yml.j2

@@ -5,4 +5,4 @@ metadata:
 provisioner: pd.csi.storage.gke.io
 parameters:
   type: pd-balanced
-volumeBindingMode: WaitForFirstConsumer
+volumeBindingMode: WaitForFirstConsumer

roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2

@@ -18,7 +18,7 @@ data:
   "max-pvscsi-targets-per-vm": "true"
   "multi-vcenter-csi-topology": "true"
   "csi-internal-generated-cluster-id": "true"
-  "listview-tasks": "true"
+  "listview-tasks": "true" 
 {% if vsphere_csi_controller is version('v2.7.0', '>=') %}
   "improved-csi-idempotency": "true"
   "improved-volume-topology": "true"

roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2

@@ -9,4 +9,4 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: cloud-controller-manager
-    namespace: kube-system
+    namespace: kube-system

roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2

@@ -110,4 +110,4 @@ rules:
       - list
       - watch
     apiGroups:
-      - discovery.k8s.io
+      - discovery.k8s.io

roles/kubernetes-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-cm.yml.j2

@@ -32,3 +32,4 @@ data:
       - name: helper-pod
         image: "{{ local_path_provisioner_helper_image_repo }}:{{ local_path_provisioner_helper_image_tag }}"
         imagePullPolicy: IfNotPresent
+

roles/kubernetes-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-cr.yml.j2

@@ -15,4 +15,4 @@ rules:
     verbs: [ "create", "patch" ]
   - apiGroups: [ "storage.k8s.io" ]
     resources: [ "storageclasses" ]
-    verbs: [ "get", "list", "watch" ]
+    verbs: [ "get", "list", "watch" ]

roles/kubernetes-apps/metallb/defaults/main.yml

@@ -13,4 +13,4 @@ metallb_speaker_tolerations:
     key: node-role.kubernetes.io/control-plane
     operator: Exists
 metallb_controller_tolerations: []
-metallb_loadbalancer_class: ""
+metallb_loadbalancer_class: ""

roles/kubernetes-apps/node_feature_discovery/templates/nfd-rolebinding.yaml.j2

@@ -11,3 +11,4 @@ subjects:
 - kind: ServiceAccount
   name: {{ node_feature_discovery_worker_sa_name }}
   namespace: {{ node_feature_discovery_namespace }}
+

roles/kubernetes-apps/scheduler_plugins/templates/appgroup.diktyo.x-k8s.io_appgroups.yaml.j2

@@ -194,4 +194,4 @@ spec:
             type: object
         type: object
     served: true
-    storage: true
+    storage: true

roles/kubernetes-apps/scheduler_plugins/templates/cm-scheduler-plugins.yaml.j2

@@ -25,4 +25,4 @@ data:
 {% if scheduler_plugins_plugin_config is defined and scheduler_plugins_plugin_config | length != 0 %}
       pluginConfig:
 {{ scheduler_plugins_plugin_config | to_nice_yaml(indent=2, width=256) | indent(6, true) }}
-{% endif %}
+{% endif %}

roles/kubernetes-apps/scheduler_plugins/templates/deploy-scheduler-plugins.yaml.j2

@@ -71,4 +71,4 @@ spec:
       volumes:
       - name: scheduler-config
         configMap:
-          name: scheduler-config
+          name: scheduler-config

roles/kubernetes-apps/scheduler_plugins/templates/namespace.yaml.j2

@@ -4,4 +4,4 @@ kind: Namespace
 metadata:
   name: {{ scheduler_plugins_namespace }}
   labels:
-    name: {{ scheduler_plugins_namespace }}
+    name: {{ scheduler_plugins_namespace }}

roles/kubernetes-apps/scheduler_plugins/templates/networktopology.diktyo.x-k8s.io_networktopologies.yaml.j2

@@ -145,4 +145,4 @@ spec:
             type: object
         type: object
     served: true
-    storage: true
+    storage: true

roles/kubernetes-apps/scheduler_plugins/templates/rbac-scheduler-plugins.yaml.j2

@@ -137,4 +137,4 @@ subjects:
   namespace: {{ scheduler_plugins_namespace }}
 - kind: ServiceAccount
   name: scheduler-plugins-controller
-  namespace: {{ scheduler_plugins_namespace }}
+  namespace: {{ scheduler_plugins_namespace }}

roles/kubernetes-apps/scheduler_plugins/templates/sa-scheduler-plugins.yaml.j2

@@ -8,4 +8,4 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: scheduler-plugins-controller
-  namespace: {{ scheduler_plugins_namespace }}
+  namespace: {{ scheduler_plugins_namespace }}

roles/kubernetes-apps/scheduler_plugins/templates/scheduling.x-k8s.io_elasticquotas.yaml.j2

@@ -79,4 +79,4 @@ spec:
     served: true
     storage: true
     subresources:
-      status: {}
+      status: {}

roles/kubernetes-apps/scheduler_plugins/templates/scheduling.x-k8s.io_podgroups.yaml.j2

@@ -94,4 +94,4 @@ spec:
     served: true
     storage: true
     subresources:
-      status: {}
+      status: {}

roles/kubernetes-apps/scheduler_plugins/templates/topology.node.k8s.io_noderesourcetopologies.yaml.j2

@@ -150,4 +150,4 @@ spec:
         - zones
         type: object
     served: true
-    storage: true
+    storage: true

roles/kubernetes/control-plane/templates/apiserver-tracing.yaml.j2

@@ -1,4 +1,4 @@
 apiVersion: apiserver.config.k8s.io/v1beta1
 kind: TracingConfiguration
 endpoint: {{ kube_apiserver_tracing_endpoint }}
-samplingRatePerMillion: {{ kube_apiserver_tracing_sampling_rate_per_million }}
+samplingRatePerMillion: {{ kube_apiserver_tracing_sampling_rate_per_million }}

roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2

@@ -174,4 +174,4 @@ topologyManagerScope: {{ kubelet_topology_manager_scope }}
 tracing:
   endpoint: {{ kubelet_tracing_endpoint }}
   samplingRatePerMillion: {{ kubelet_tracing_sampling_rate_per_million }}
-{% endif %}
+{% endif %}

roles/kubernetes/preinstall/tasks/0040-verify-settings.yml

@@ -1,7 +1,10 @@
 ---
 - name: Stop if either kube_control_plane or kube_node group is empty
   assert:
-    that: groups.get( 'kube_control_plane' )
+    that: "groups.get( item )"
+  with_items:
+    - kube_control_plane
+    - kube_node
   run_once: true
   when: not ignore_assert_errors
 

roles/kubernetes/preinstall/tasks/main.yml

@@ -68,7 +68,6 @@
     - not dns_late
   tags:
     - bootstrap-os
-    - system-packages
 
 - name: Apply system configurations
   import_tasks: 0080-system-configurations.yml

roles/network_plugin/calico/templates/calico-config.yml.j2

@@ -102,3 +102,4 @@ data:
         }
       ]
     }
+

roles/network_plugin/cilium/templates/cilium/config.yml.j2

@@ -134,7 +134,7 @@ data:
   ## DSR setting
   bpf-lb-mode: "{{ cilium_loadbalancer_mode }}"
 
-  # l2
+  # l2 
   enable-l2-announcements: "{{ cilium_l2announcements }}"
 
   # Enable Bandwidth Manager

roles/network_plugin/cilium/templates/cilium/cr.yml.j2

@@ -140,7 +140,7 @@ rules:
   verbs:
   - list
   - watch
-{% if cilium_version %}
+{% if cilium_version %} 
 - apiGroups:
   - coordination.k8s.io
   resources:

roles/network_plugin/cilium/templates/hubble/config.yml.j2

@@ -12,10 +12,10 @@ data:
     peer-service: "hubble-peer.kube-system.svc.{{ dns_domain }}:443"
     listen-address: :4245
     metrics-listen-address: ":9966"
-    dial-timeout:
+    dial-timeout: 
-    retry-timeout:
+    retry-timeout: 
-    sort-buffer-len-max:
+    sort-buffer-len-max: 
-    sort-buffer-drain-timeout:
+    sort-buffer-drain-timeout: 
     tls-client-cert-file: /var/lib/hubble-relay/tls/client.crt
     tls-client-key-file: /var/lib/hubble-relay/tls/client.key
     tls-server-cert-file: /var/lib/hubble-relay/tls/server.crt

roles/network_plugin/cilium/templates/hubble/service.yml.j2

@@ -102,3 +102,4 @@ spec:
     protocol: TCP
     targetPort: 4244
   internalTrafficPolicy: Local
+

roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2

@@ -1530,4 +1530,4 @@ spec:
       subresources:
         status: {}
   conversion:
-    strategy: None
+    strategy: None

scale.yml

@@ -1,3 +1,3 @@
 ---
 - name: Scale the cluster
-  ansible.builtin.import_playbook: playbooks/scale.yml
+  ansible.builtin.import_playbook: playbooks/scale.yml

scripts/openstack-cleanup/main.py

@@ -61,7 +61,7 @@ def main():
 
         for ip in conn.network.ips():
             fn_if_old(conn.network.delete_ip, ip)
-
+                
         # After removing unnecessary subnet from router, retry to delete ports
         map_if_old(conn.network.delete_port,
                    conn.network.ports())

tests/cloud_playbooks/roles/packet-ci/defaults/main.yml

@@ -4,14 +4,15 @@
 vm_cpu_cores: 2
 vm_cpu_sockets: 1
 vm_cpu_threads: 2
-vm_memory: 2048
+vm_memory: 2048Mi
 
 # Replace invalid characters so that we can use the branch name in kubernetes labels
 branch_name_sane: "{{ branch | regex_replace('/', '-') }}"
 
 # Request/Limit allocation settings
-cpu_allocation_ratio: 0.25
+
-memory_allocation_ratio: 0.5
+cpu_allocation_ratio: 0.5
+memory_allocation_ratio: 1
 
 # Default path for inventory
 inventory_path: "/tmp/{{ test_name }}/inventory"

tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2

@@ -4,8 +4,6 @@ kind: VirtualMachine
 metadata:
   name: "instance-{{ vm_id }}"
   namespace: "{{ test_name }}"
-  annotations:
-    kubespray.com/ci.template-path: "tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2"
   labels:
     kubevirt.io/os: {{ cloud_image }}
 spec:
@@ -36,10 +34,10 @@ spec:
             threads: {{ vm_cpu_threads }}
         resources:
           requests:
-            memory: "{{ vm_memory * memory_allocation_ratio }}Mi"
+            memory: {{ vm_memory * memory_allocation_ratio }}
             cpu: {{ vm_cpu_cores * cpu_allocation_ratio }}
           limits:
-            memory: "{{ vm_memory }}Mi"
+            memory: {{ vm_memory }}
             cpu: {{ vm_cpu_cores }}
       networks:
       - name: default

tests/files/packet_almalinux8-calico-ha-ebpf.yml

@@ -2,7 +2,7 @@
 # Instance settings
 cloud_image: almalinux-8
 mode: ha
-vm_memory: 3072
+vm_memory: 3072Mi
 
 # Kubespray settings
 calico_bpf_enabled: true

tests/files/packet_almalinux8-calico-nodelocaldns-secondary.yml

@@ -2,7 +2,7 @@
 # Instance settings
 cloud_image: almalinux-8
 mode: default
-vm_memory: 3072
+vm_memory: 3072Mi
 
 # Kubespray settings
 enable_nodelocaldns_secondary: true

tests/files/packet_almalinux8-calico.yml

@@ -2,7 +2,7 @@
 # Instance settings
 cloud_image: almalinux-8
 mode: default
-vm_memory: 3072
+vm_memory: 3072Mi
 
 # Kubespray settings
 metrics_server_enabled: true

tests/files/packet_almalinux8-docker.yml

@@ -2,7 +2,7 @@
 # Instance settings
 cloud_image: almalinux-8
 mode: default
-vm_memory: 3072
+vm_memory: 3072Mi
 
 # Use docker
 container_manager: docker

tests/files/packet_almalinux8-kube-ovn.yml

@@ -2,7 +2,7 @@
 # Instance settings
 cloud_image: almalinux-8
 mode: default
-vm_memory: 3072
+vm_memory: 3072Mi
 
 # Kubespray settings
 kube_network_plugin: kube-ovn

tests/files/packet_rockylinux8-calico.yml

@@ -2,7 +2,7 @@
 # Instance settings
 cloud_image: rockylinux-8
 mode: default
-vm_memory: 3072
+vm_memory: 3072Mi
 
 # Kubespray settings
 metrics_server_enabled: true

tests/files/packet_rockylinux9-calico.yml

@@ -2,7 +2,7 @@
 # Instance settings
 cloud_image: rockylinux-9
 mode: default
-vm_memory: 3072
+vm_memory: 3072Mi
 
 # Kubespray settings
 metrics_server_enabled: true

tests/files/packet_rockylinux9-cilium.yml

@@ -2,7 +2,7 @@
 # Instance settings
 cloud_image: rockylinux-9
 mode: default
-vm_memory: 3072
+vm_memory: 3072Mi
 
 # Kubespray settings
 kube_network_plugin: cilium

tests/files/packet_ubuntu22-all-in-one-docker.yml

@@ -2,7 +2,7 @@
 # Instance settings
 cloud_image: ubuntu-2204
 mode: all-in-one
-vm_memory: 1600
+vm_memory: 1600Mi
 
 # Kubespray settings
 auto_renew_certificates: true

tests/files/packet_ubuntu22-calico-all-in-one.yml

@@ -2,7 +2,7 @@
 # Instance settings
 cloud_image: ubuntu-2204
 mode: all-in-one
-vm_memory: 1600
+vm_memory: 1600Mi
 
 # Kubespray settings
 auto_renew_certificates: true

tests/files/packet_ubuntu24-all-in-one-docker.yml

@@ -2,7 +2,7 @@
 # Instance settings
 cloud_image: ubuntu-2404
 mode: all-in-one
-vm_memory: 1600
+vm_memory: 1600Mi
 
 # Kubespray settings
 auto_renew_certificates: true

tests/files/packet_ubuntu24-calico-all-in-one.yml

@@ -2,7 +2,7 @@
 # Instance settings
 cloud_image: ubuntu-2404
 mode: all-in-one
-vm_memory: 1600
+vm_memory: 1600Mi
 
 # Kubespray settings
 auto_renew_certificates: true

tests/files/packet_ubuntu24-calico-etcd-datastore.yml

@@ -2,7 +2,7 @@
 # Instance settings
 cloud_image: ubuntu-2404
 mode: node-etcd-client
-vm_memory: 1600
+vm_memory: 1600Mi
 
 # Kubespray settings
 auto_renew_certificates: true

tests/files/vagrant_ubuntu20-flannel-collection.rb

@@ -6,4 +6,4 @@ $libvirt_volume_cache = "unsafe"
 # Checking for box update can trigger API rate limiting
 # https://www.vagrantup.com/docs/vagrant-cloud/request-limits.html
 $box_check_update = false
-$vm_cpus = 2
+$vm_cpus = 2

tests/requirements.txt

@@ -5,8 +5,8 @@ ara[server]==1.7.1
 dopy==0.3.7
 molecule==24.2.1
 molecule-plugins[vagrant]==23.5.3
-pytest-testinfra==10.1.0
 python-vagrant==1.0.0
+pytest-testinfra==10.1.0
 tox==4.15.0
-tzdata==2024.1
 yamllint==1.35.1
+tzdata==2024.1

tests/scripts/check_typo.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# cd to the root directory of kubespray
+cd $(dirname $0)/../../
+
+rm ./misspell*
+
+set -e
+wget https://github.com/client9/misspell/releases/download/v0.3.4/misspell_0.3.4_linux_64bit.tar.gz
+tar -zxvf ./misspell_0.3.4_linux_64bit.tar.gz
+chmod 755 ./misspell
+git ls-files | grep -v OWNERS_ALIASES | xargs ./misspell -error

tests/scripts/collection-build-install.sh

@@ -1,7 +0,0 @@
-#!/bin/sh -e
-export ANSIBLE_COLLECTIONS_PATH="./ansible_collections"
-ansible-galaxy collection build --force
-ansible-galaxy collection install kubernetes_sigs-kubespray-$(grep "^version:" galaxy.yml | awk '{print $2}').tar.gz
-ansible-galaxy collection list $(egrep -i '(name:\s+|namespace:\s+)' galaxy.yml | awk '{print $2}' | tr '\n' '.' | sed 's|\.$||g') | grep "^kubernetes_sigs.kubespray"
-test -f ansible_collections/kubernetes_sigs/kubespray/playbooks/cluster.yml
-test -f ansible_collections/kubernetes_sigs/kubespray/playbooks/reset.yml

tests/scripts/md-table/main.py

@@ -4,6 +4,7 @@ import sys
 import glob
 from pathlib import Path
 import yaml
+from pydblite import Base
 import re
 import jinja2
 import sys
@@ -13,7 +14,6 @@ from pprint import pprint
 
 parser = argparse.ArgumentParser(description='Generate a Markdown table representing the CI test coverage')
 parser.add_argument('--dir', default='tests/files/', help='folder with test yml files')
-parser.add_argument('--output', default='docs/developers/ci.md', help='output file')
 
 
 args = parser.parse_args()
@@ -24,26 +24,25 @@ env = jinja2.Environment(loader=jinja2.FileSystemLoader(searchpath=sys.path[0]))
 # Data represents CI coverage data matrix
 class Data:
     def __init__(self):
-        self.container_managers = set()
+        self.db = Base(':memory:')
-        self.network_plugins = set()
+        self.db.create('container_manager', 'network_plugin', 'operating_system')
-        self.os = set()
-        self.combination = set()
 
 
-    def set(self, container_manager, network_plugin, os):
+    def set(self, container_manager, network_plugin, operating_system):
-        self.container_managers.add(container_manager)
+        self.db.insert(container_manager=container_manager, network_plugin=network_plugin, operating_system=operating_system)
-        self.network_plugins.add(network_plugin)
+        self.db.commit()
-        self.os.add(os)
+    def exists(self, container_manager, network_plugin, operating_system):
-        self.combination.add(container_manager+network_plugin+os)
+        return len((self.db("container_manager") == container_manager) & (self.db("network_plugin") == network_plugin) & (self.db("operating_system") == operating_system)) > 0
-
-    def exists(self, container_manager, network_plugin, os):
-        return (container_manager+network_plugin+os) in self.combination
 
     def jinja(self):
         template = env.get_template('table.md.j2')
-        container_engines = sorted(self.container_managers)
+        container_engines = list(self.db.get_unique_ids('container_manager'))
-        network_plugins = sorted(self.network_plugins)
+        network_plugins = list(self.db.get_unique_ids("network_plugin"))
-        operating_systems = sorted(self.os)
+        operating_systems = list(self.db.get_unique_ids("operating_system"))
+
+        container_engines.sort()
+        network_plugins.sort()
+        operating_systems.sort()
 
         return template.render(
             container_engines=container_engines,
@@ -92,5 +91,6 @@ for f in files:
     network_plugin = y.get('kube_network_plugin', 'calico')
     x = re.match(r"^[a-z-]+_([a-z0-9]+).*", f.name)
     operating_system = x.group(1)
-    data.set(container_manager=container_manager, network_plugin=network_plugin, os=operating_system)
+    data.set(container_manager=container_manager, network_plugin=network_plugin, operating_system=operating_system)
-print(data.jinja(), file=open(args.output, 'w'))
+#print(data.markdown())
+print(data.jinja())

tests/scripts/md-table/requirements.txt

@@ -0,0 +1,4 @@
+jinja2
+pathlib ; python_version < '3.10'
+pyaml
+pydblite

tests/scripts/md-table/test.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+set -euxo pipefail
+
+echo "Install requirements..."
+pip install -r ./tests/scripts/md-table/requirements.txt
+
+echo "Generate current file..."
+./tests/scripts/md-table/main.py > tmp.md
+
+echo "Compare docs/developers/ci.md with actual tests in tests/files/*.yml ..."
+cmp docs/developers/ci.md tmp.md