Merge branch 'development'

!77

.cz.yaml

@@ -4,5 +4,5 @@ commitizen:
   prerelease_offset: 1
   tag_format: $version
   update_changelog_on_bump: false
-  version: 1.10.1
+  version: 1.13.2
   version_scheme: semver

CHANGELOG.md

@@ -1,3 +1,57 @@
+## 1.13.2 (2024-07-30)
+
+### Fix
+
+- **nfc_kubernetes**: correct logic for prime node to always be labeled prime
+
+## 1.13.1 (2024-07-28)
+
+### Fix
+
+- **nfc_kubernetes**: prime node to always be labeled prime
+
+## 1.13.0 (2024-07-28)
+
+### Feat
+
+- **nfc_kubernetes**: prime node to always be labeled prime
+- **nfc_kubernetes**: ability to add node labels and taints
+
+## 1.12.0 (2024-07-08)
+
+### Fix
+
+- **kubernetes_roles**: conditional checks for prime
+- **kubernetes_roles**: conditional checks for prime
+- **kubernetes_roles**: conditional checks for prime
+- **kubernetes_roles**: clean up white space
+- **kubernetes_roles**: clean up white space
+- **kubernetes_roles**: clean up white space
+- **kubernetes_roles**: clean up white space
+- **kubernetes_role**: delete leftover ]
+- **kubernetes_role**: Change "https://" + hostvars[ns.prime_name].ansible_host + ":6443" -> "https://" + ns.prime_name.ansible_host + ":6443"
+- **kubernetes_role**: get prime hostname
+- **kubernetes_role**: set server var -> "https://" + hostvars[nfc_role_kubernetes_node_prime].ansible_host + ":6443"
+- **kubernetes_role**: remove not nfc_role_kubernetes_cluster_upgraded | default(true) | bool section
+
+## 1.11.0 (2024-06-27)
+
+### Feat
+
+- **firewall**: update collection nfc_firewall 1.1.0 -> 1.1.1
+
+## 1.10.3 (2024-06-27)
+
+### Fix
+
+- **install**: ensure ipv6 is installed before attempting to disable
+
+## 1.10.2 (2024-05-03)
+
+### Fix
+
+- **nfc_kubernetes**: set default for var so task 'Copy Template' when clause doesn't fail task with undefined var
+
 ## 1.10.1 (2024-05-03)
 
 ### Fix
@@ -6,80 +60,12 @@
 
 ## 1.10.0 (2024-05-03)
 
-### Feat
-
-- **nfc_kubernetes**: new variable 'nfc_role_kubernetes_node_prime' to denote the hostname of the prime node
-
 ### Fix
 
 - **nfc_kubernetes**: correct 'Create Required directories' when logic
-- **nfc_kubernetes**: only run tasks on master nodes
-- **nfc_kubernetes**: only run tasks on prime node
-- **nfc_kubernetes**: ensure correct node type selection for installation
-
-### Refactor
-
-- **nfc_kubernetes**: remove usage of prime node name over is_prime var
 
 ## 1.9.0 (2024-05-03)
 
 ### Feat
 
 - **nfc_kubernetes**: add debug out to k3s download on failure
-
-### Fix
-
-- **nfc_kubernetes**: cast url var as list
-- **nfc_kubernetes**: correct url build to loop through all cpu arch
-
-## 1.8.0 (2024-05-02)
-
-### Feat
-
-- **nfc_kubernetes**: build url and on use cast as string
-
-## 1.7.2 (2024-04-25)
-
-### Fix
-
-- **nfc_kubernetes**: adjust some tasks to run during checkmode
-
-## 1.7.1 (2024-04-24)
-
-### Fix
-
-- add role readme
-
-## 1.7.0 (2024-04-24)
-
-### Feat
-
-- **kubernetes_netbox**: custom field bug work around
-
-### Fix
-
-- **nfc_kubernetes**: ensure install tasks run when job_tags specified
-- **facts**: gather required facts if not already available
-
-## 1.6.0 (2024-03-29)
-
-### Feat
-
-- **test**: add integration test. playbook install
-- add retry=3 delay=10 secs to all ansible url modules
-
-### Fix
-
-- **docs**: use correct badge query url
-
-### Refactor
-
-- **galaxy**: for dependent collections prefix with `>=` so as to not cause version lock
-
-## 1.5.0 (2024-03-21)
-
-### Feat
-
-- **collection**: nofusscomputing.firewall update 1.0.1 -> 1.1.0
-
-## 1.4.0 (2024-03-20)

galaxy.yml

@@ -8,7 +8,7 @@ namespace: nofusscomputing
 name: kubernetes
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 1.10.1
+version: 1.13.2
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
@@ -46,7 +46,7 @@ tags:
 dependencies:
   ansible.posix: '>=1.5.4'
   kubernetes.core: '>=3.0.0'
-  nofusscomputing.firewall: '>=1.1.0'
+  nofusscomputing.firewall: '>=1.1.1'
   netbox.netbox: '>=3.16.0'
 
 

roles/nfc_kubernetes/defaults/main.yml

@@ -46,6 +46,8 @@ nfc_role_kubernetes_install_kubevirt: false
 
 nfc_role_kubernetes_kubevirt_operator_replicas: 1
 
+nfc_role_kubernetes_node_labels: {}     # Optional, Dict. Node labels.
+nfc_role_kubernetes_node_taints: {}     # Optional, Dict. Node taints.
 # nfc_role_kubernetes_node_prime: ''    # Mandatory*, string. the inventory_hostname of the prime node. ONLY required for multi-node deployments
 
 nfc_role_kubernetes_oidc_enabled: false

roles/nfc_kubernetes/tasks/k3s/configure.yaml

@@ -40,7 +40,7 @@
         dest: "/etc/iptables-reloader/rules.d/iptables-kubernetes.rules"
         notify: firewall_reloader
         when: |-
-          {%- if firewall_installed -%}
+          {%- if firewall_installed | default(false) -%}
 
             {{ firewall_rules_dir_metadata.stat.exists }}
 
@@ -58,14 +58,32 @@
       kind: Node
       metadata:
         name: "{{ inventory_hostname }}"
-        {% if kubernetes_config.hosts[inventory_hostname].labels | default([]) | list | length > 0 -%}
+        {% if
+          nfc_role_kubernetes_node_labels
+            and
+          not nfc_role_kubernetes_prime | bool
+        -%}
         labels:
-          {{ kubernetes_config.hosts[inventory_hostname].labels | to_nice_yaml | indent(4) }}
+          {{ nfc_role_kubernetes_node_labels | to_nice_yaml(indent=0) | indent(4) }}
+
+        {% elif
+          nfc_role_kubernetes_prime | bool
+        %}
+
+        labels:
+          node-role.kubernetes.io/prime: "true"
+
+          {% if nfc_role_kubernetes_node_labels %}
+
+          {{ nfc_role_kubernetes_node_labels | to_nice_yaml(indent=0) | indent(4) }}
+
+          {% endif %}
+
         {%- endif +%}
-      {% if kubernetes_config.hosts[inventory_hostname].taints | default([]) | list | length > 0 -%}
+      {% if nfc_role_kubernetes_node_taints -%}
       spec:
         taints:
-          {{ kubernetes_config.hosts[inventory_hostname].taints | to_nice_yaml(indent=0) | indent(4) }}
+          {{ nfc_role_kubernetes_node_taints | to_nice_yaml(indent=0) | indent(4) }}
       {% endif %}
     dest: /var/lib/rancher/k3s/server/manifests/node-manifest-{{ inventory_hostname }}.yaml
     owner: root
@@ -73,6 +91,8 @@
     mode: '700'
   delegate_to: "{{ nfc_role_kubernetes_node_prime }}"
   when:
-    kubernetes_config.hosts[inventory_hostname].labels | default([]) | list | length > 0
+    nfc_role_kubernetes_node_labels
       or
-    kubernetes_config.hosts[inventory_hostname].taints | default([]) | list | length > 0
+    nfc_role_kubernetes_node_taints
+      or
+    nfc_role_kubernetes_prime | bool

roles/nfc_kubernetes/tasks/k3s/install.yaml

@@ -128,7 +128,14 @@
     item.when | default(true)
 
 
-- name: Add sysctl net.ipv4.ip_forward
+- name: Check if IPv6 Enabled
+  ansible.builtin.stat:
+    path: /proc/sys/net/ipv6/conf/all/disable_ipv6
+  register: ipv6_file
+  failed_when: false
+
+
+- name: Add sysctl settings
   ansible.posix.sysctl:
     name: "{{ item.name }}"
     value: "{{ item.value }}"
@@ -147,8 +154,11 @@
         value: '512'
       - name: net.ipv6.conf.all.disable_ipv6
         value: '1'
-  when:
-    - ansible_os_family == 'Debian'
+        when: "{{ ipv6_file.stat.exists }}"
+  when: >
+    ansible_os_family == 'Debian'
+      and
+    item.when | default(true) | bool
 
 
 - name: Check for Network Manager Directory
@@ -542,6 +552,14 @@
 #     ipv6: true
 
 
+- name: Set IP6Tables to legacy mode
+  ansible.builtin.command:
+    cmd: update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
+  changed_when: false
+  when: >
+    not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
+
+
 - name: Set IPTables to legacy mode
   ansible.builtin.command:
     cmd: update-alternatives --set iptables /usr/sbin/iptables-legacy

roles/nfc_kubernetes/templates/k3s-config.yaml.j2

@@ -9,9 +9,10 @@
 {%- if 
   nfc_role_kubernetes_master
     or
-  kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
+  nfc_role_kubernetes_prime | default(true) | bool
+    and
+  not nfc_role_kubernetes_worker
 -%}
-
   {%
 
   set kube_apiserver_arg = [
@@ -197,13 +198,28 @@
     }) -%}
 
   {%- elif 
-    kubernetes_config.cluster.prime.name != inventory_hostname
+    nfc_role_kubernetes_prime | default(true) | bool
       and
     not node_k3s.installed
+      and
+    not nfc_role_kubernetes_worker
+
   -%}
 
+    {%- set ns = namespace(prime_name) -%}
+
+    {%- for hostname, values in hostvars.iteritems() -%}
+      
+      {%- if values.nfc_role_kubernetes_node_prime ==true -%}
+
+        {%- set ns.prime_name = hostname -%}
+
+      {%- endif -%}
+
+    {%- endfor -%}
+    
     {%- set server = (server | default([])) + [
-      "https://" + hostvars[kubernetes_config.cluster.prime.name].ansible_host + ":6443"
+      "https://" + ns.prime_name.ansible_host + ":6443"
     ] -%}
 
     {%- set all_nodes_config = all_nodes_config | combine({
@@ -235,13 +251,18 @@
 
 {%- endif -%}
 
+
 {# EoF All Nodes #}
 
 
 {%- if 
-  nfc_role_kubernetes_master
-    or
-  kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
+  (
+    nfc_role_kubernetes_master
+      or
+    nfc_role_kubernetes_prime | default(true) | bool
+  )
+    and
+  not nfc_role_kubernetes_worker
 -%}
 
   {%- set servers_config = servers_config | combine( all_nodes_config ) -%}