With the cilium_bgp_neighbors parameter it is possible to define
multiple BGP peer ASN & address pairs for Cilium.
Sample:
```
cilium_bgp_neighbors:
- peer_address: 192.168.128.10
peer_asn: 64512
- peer_address: 192.168.128.11
peer_asn: 64512
- peer_address: 192.168.128.12
peer_asn: 64512
```
It is possible to merge further lists with cilium_bgp_neighbors__*
parameters.
Sample:
```
cilium_bgp_neighbors__extra:
- peer_address: 192.168.128.10
peer_asn: 64512
cilium_bgp_neighbors:
- peer_address: 192.168.128.11
peer_asn: 64512
- peer_address: 192.168.128.12
peer_asn: 64512
```
This will result in the following list of BGP peer ASN & address pairs:
```
- peer_address: 192.168.128.10
peer_asn: 64512
- peer_address: 192.168.128.11
peer_asn: 64512
- peer_address: 192.168.128.12
peer_asn: 64512
```
Signed-off-by: Christian Berendt <berendt@osism.tech>
* Change to FQCN with ansible-lint fixer
Since ansible-base 2.10 (later ansible-core), FQCN is the new way to go.
Updated .ansible-lint with a production profile and removed fqcn in skip_list.
Updated .yamllint with rules needed.
Ran ansible-lint --fix=all, then manually applied some minor changes.
* Changed octal value in molecule/ipv6/prepare.yml
The commit 3a20500f9c has introduced
argument specs in the role meta information. These two parameters
were still missing there.
Realted to 2d0596209e
Signed-off-by: Christian Berendt <berendt@osism.tech>
Co-authored-by: Techno Tim <timothystewart6@gmail.com>
With the kube_vip_bgp parameter it is possible to enable the kube-vip
BGP support (https://kube-vip.io/docs/modes/bgp/).
The configuration is possible with the following new parameters:
* kube_vip_bgp_routerid
* kube_vip_bgp_as
* kube_vip_bgp_peeraddress
* kube_vip_bgp_peeras
Signed-off-by: Christian Berendt <berendt@osism.tech>
If k3s_create_kubectl_symlink is set to false the kubectl symlink will
not be created.
If k3s_create_crictl_symlink is set to false the crictl symlink will not
be created.
By default the symlinks will be created. The default behavior is not
changed.
Signed-off-by: Christian Berendt <berendt@osism.tech>
Co-authored-by: Techno Tim <timothystewart6@gmail.com>
* ➕ Add default values to roles
* 🚚 Move to use meta files for roles
* 🛠 Fix descriptions
* ➕ Add meta for server
* 🚧 WIP
* 🌟 Complete
* 🧹 Ran and fix lint errors
* 🔨 Fix required and default conflict
---------
Co-authored-by: Techno Tim <timothystewart6@gmail.com>
With the kube_vip_arp parameter it is possible to set or unset the
vip_arp environment variable of the kube-vip-ds daemonset. The value of
the kube_vip_arp is true by default to not change the existing default.
Signed-off-by: Christian Berendt <berendt@osism.tech>
Co-authored-by: Techno Tim <timothystewart6@gmail.com>
* Fix cgroups cmdline path
* Add check and variable so that we write to the correct file
* Add LSB release checks. This is untested atm.
* Break test into multiple lines so that we can pass lint checks
* Flip logic on its head and check for existence only rather than content per contributor suggestion
---------
Co-authored-by: Techno Tim <timothystewart6@gmail.com>
* Add conditional snapshotter for PXE-booted systems
**Added:**
- PXE Boot Check - Introduced tasks to check if the system is PXE-booted by
analyzing `/proc/cmdline` in `roles/k3s_agent/tasks/main.yml`.
- Conditional Snapshotter in Template - Added logic in `k3s.service.j2` template
to conditionally set `--snapshotter native` for PXE-booted systems.
**Changed:**
- `k3s.service.j2` Template Update - Modified the `ExecStart` line to include a
conditional check for `is_pxe_booted` fact, dynamically setting the
`--snapshotter` option for NFS-mounted systems.
- `main.yml` Task Modification - Added tasks to set `is_pxe_booted` fact based
on the presence of `root=/dev/nfs` in the system's boot command line.
This update allows k3s agents on PXE-booted systems to use the native snapshotter
when running on NFS, addressing compatibility issues with OverlayFS.
* Introduce idiomatic practices for affected areas from previous commits
**Added:**
- Structured HTTP Proxy Configuration Block - Added a structured block in
`http_proxy.yml` for managing HTTP proxy settings, aligning with Ansible's
recommended practices. This includes creating directories and deploying
configuration files in a clear, modular fashion.
- Conditional Execution for Proxy Setup - Implemented conditional execution
for the proxy setup in `http_proxy.yml`, utilizing `proxy_env` to adhere
to Ansible's best practices for conditional tasks.
- Improved PXE-Boot System Check Block - Introduced a more structured approach
in `main.yml` for checking PXE-booted systems, enhancing readability and
maintainability.
**Changed:**
- Adopted Ansible Builtin Modules - Transitioned existing tasks to use
`ansible.builtin` modules, ensuring compatibility and future-proofing the
role.
- Refined Task Grouping - Reorganized tasks into logical blocks, improving
the overall structure and readability, and showcasing Ansible's capabilities
for efficient task management.
- Updated K3s Service Configuration - Modified the K3s service configuration
task in `main.yml` for a more streamlined approach using Ansible's template
module, reflecting community-driven best practices.
**Removed:**
- Streamlined Task Definitions - Optimized task definitions to reduce
redundancy, focusing on clarity and adherence to the evolving Ansible
community standards.
* Added missing checks causing failures for agents
* added fix for metallb version upgrades
* use bash to allow pipefail
---------
Co-authored-by: Harald Fielker <harald.fielker@gmail.com>
Co-authored-by: Techno Tim <timothystewart6@gmail.com>
* Add Tigera Operator/Calico CNI option
Small tweak to reduce delta from head
Set calico option to be disabled by default
Add rescue blocks in case updating existing
Refactor items and update comments
Refactor and consolidate calico.yml into block
Refactor to use template for Calico CRs
Revert use_calico to false
Template blockSize
Align default cidr in template with all.yml sample
Apply upstream version tags
Revert to current ver tags. Upstream's don't work.
Update template address detection
Add Tigera Operator/Calico CNI option
* Add calico-apiserver check
* Add eBPF dataplane option
* Add kube svc endpoint configmap when ebpf enabled
* Add /etc/cni/net.d to reset task
* Refactor based on comments
* Add molecule scenario
* Fix lint
---------
Co-authored-by: Techno Tim <timothystewart6@gmail.com>
* feat(k3s): added support for latest raspberrypi os (debian 12 bookworm)
* Update test.yml
* Revert test workflow
---------
Co-authored-by: Techno Tim <timothystewart6@gmail.com>
* Fix http_proxy service dir in k3s_agent role
* Fix http_proxy reset: rm conf files before dirs
* Fix http_proxy reset rm order
---------
Co-authored-by: Techno Tim <timothystewart6@gmail.com>
* Add option to disable MetalLB, for use w/ ext LBs
* Add option to disable MetalLB, for use w/ ext LBs - add defaults
* Skip MetalLB with tags instead of flag
* fixes: ERROR! The requested handler <'Reboot containers' / 'Reboot server' / 'Reboot>' was not found in either the main handlers list nor in the listening handlers list
* Update main.yml
For improved flexibility and maintainability.
* Update tasks in node role to use 'group_name_master' variable instead
of hardcoded 'master' group name
* Update tasks in master role to use 'group_name_master' variable instead
of hardcoded 'master' group name
* Update tasks in post role to use 'group_name_master' variable instead of
hardcoded 'master' group name
Signed-off-by: Christian Berendt <berendt@23technologies.cloud>
* Update pre-commit actions
This was done by running "pre-commit autoupdate --freeze".
* Remove pre-commit only dependencies from requirements.in
Including them in the file would create the illusion that those were the
versions actually used in CI, but they are not. The exact versions are
determined by the pre-commit hooks which are pinned in
.pre-commit-config.yaml.
* Ansible Lint: Fix role-name[path]
* Ansible Lint: Fix name[play]
* Ansible Lint: Fix key-order[task]
* Ansible Lint: Fix jinja[spacing]
* Ansible Lint: Fix no-free-form
* Ansible Lint: Fix var-naming[no-reserved]
* Ansible Lint: Fix yaml[comments]
* Ansible Lint: Fix yaml[line-length]
* Ansible Lint: Fix name[casing]
* Ansible Lint: Fix no-changed-when
* Ansible Lint: Fix fqcn[action]
* Ansible Lint: Fix args[module]
* Improve task naming
* Need to become to reboot
* Fix rc.local insertion of script
* Fix syntax
Add new line to lxc.yml
* Remove need to set fact
* Add reset for LXC container config
* Fix syntax
Its always the newlines..
* remove fact setting from reset task
We should mirror the deployment task
* Proxmox LXC reset functions
* Handle if rc.local already has data
* Dont compare literal
* Cleanup Erroneous newline
* Handle rc.local not present on a hybrid cluster
* Update roles/reset/tasks/main.yml
Co-authored-by: Simon Leiner <simon@leiner.me>
* Update roles/lxc/tasks/main.yml
Co-authored-by: Simon Leiner <simon@leiner.me>
---------
Co-authored-by: Techno Tim <timothystewart6@gmail.com>
Co-authored-by: Simon Leiner <simon@leiner.me>
* Add metallb frr and bgp support
* Set metallb mode to layer2 as default in sample
* Add BGP resource check
* Add automatic downloading of metallb-frr
* Remove frr manifest
* Download MetalLB CRDs for respective versions
This ensures that the CRDs match the actual MetalLB controller version,
as given by the user.
* Download VIP RBAC definitions for respective version
* Apply "become" on roles instead of plays
This leads to facts being gathered for the "regular" login user, instead
of root.
* Do not rely on ansible_user
Instead of reading ansible_user (which may or may not be defined), this
patch lets the roles rely on Ansible facts [1].
[1]: https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html
* chore(dependencies): updated kube-vip to 0.5.6
* fix(pre-commit): pin to hash
* fix(pre-commit): added more hooks and fixed lint
* fix(pre-commit): added pre-commit hook so we don't have to run it manually
* fix(pre-commit): Added docs to readme
* fix(pre-commit): added texthooks
* fix(pre-commit): pin to hash
* fix(pre-commit): added mor hooks and fixed lint
* fix(lint): Fixing quotes
* fix(ci): only run test if linting passes
* fix(ci): convert to reusable workflows
* fix(pr template): Reorder steps
