build: bump version 1.8.0 -> 1.8.1-a1

!64

.cz.yaml

@@ -4,5 +4,5 @@ commitizen:
   prerelease_offset: 1
   tag_format: $version
   update_changelog_on_bump: false
-  version: 1.6.0
+  version: 1.8.1-a1
   version_scheme: semver

.gitlab-ci.yml

@@ -22,6 +22,40 @@ include:
       - automation/.gitlab-ci-ansible.yaml
 
 
+Build Collection:
+  extends: .ansible_collection_build
+  needs:
+    - job: Ansible Lint
+      optional: true
+    - job: Ansible Lint (galaxy.yml)
+      optional: true
+
+  rules:
+
+    - if: $CI_COMMIT_TAG
+      when: always
+
+    # Needs to run, even by bot as the test results need to be available
+    # - if: "$CI_COMMIT_AUTHOR =='nfc_bot <helpdesk@nofusscomputing.com>'"
+    #   when: never
+
+    - if: # Occur on merge
+        $CI_COMMIT_BRANCH
+          &&
+        $CI_PIPELINE_SOURCE == "push"
+      when: always
+
+    # - if:
+    #     $CI_COMMIT_BRANCH != "development"
+    #       &&
+    #     $CI_COMMIT_BRANCH != "master"
+    #       &&
+    #     $CI_PIPELINE_SOURCE == "push"
+    #   when: always
+
+    - when: never
+
+
 Update Git Submodules:
   extends: .ansible_playbook_git_submodule
 

.gitlab/integration_test.gitlab-ci.yml

@@ -30,6 +30,7 @@
         --env "ANSIBLE_FORCE_COLOR=true" \
         --env "CI_COMMIT_SHA=${CI_COMMIT_SHA}" \
         --env "ANSIBLE_LOG_PATH=/workdir/ansible.log" \
+        --env "PIP_BREAK_SYSTEM_PACKAGES=1" \
         --name test_image_${CI_JOB_ID} \
         nofusscomputing/ansible-docker-os:dev-${test_image}
 
@@ -45,6 +46,10 @@
 
         docker exec -i test_image_${CI_JOB_ID} pip install ansible-core --break-system-packages;
 
+        docker exec -i test_image_${CI_JOB_ID} mkdir -p /etc/iptables;
+
+        docker exec -i test_image_${CI_JOB_ID} touch /etc/iptables/rules.v6;
+
         docker exec -i test_image_${CI_JOB_ID} update-alternatives --set iptables /usr/sbin/iptables-legacy;
 
       else
@@ -124,24 +129,25 @@
       allow_failure: true
       when: on_success
 
-    - if: "$CI_COMMIT_AUTHOR =='nfc_bot <helpdesk@nofusscomputing.com>'"
-      when: never
+    # Needs to run, even by bot as the test results need to be available
+    # - if: "$CI_COMMIT_AUTHOR =='nfc_bot <helpdesk@nofusscomputing.com>'"
+    #   when: never
 
     - if: # Occur on merge
-        $CI_COMMIT_BRANCH == "development"
+        $CI_COMMIT_BRANCH
           &&
         $CI_PIPELINE_SOURCE == "push"
       allow_failure: true
-      when: always
+      when: on_success
 
-    - if:
-        $CI_COMMIT_BRANCH != "development"
-          &&
-        $CI_COMMIT_BRANCH != "master"
-          &&
-        $CI_PIPELINE_SOURCE == "push"
-      allow_failure: true
-      when: always
+    # - if:
+    #     $CI_COMMIT_BRANCH != "development"
+    #       &&
+    #     $CI_COMMIT_BRANCH != "master"
+    #       &&
+    #     $CI_PIPELINE_SOURCE == "push"
+    #   allow_failure: true
+    #   when: always
 
     - when: never
 
@@ -185,23 +191,27 @@ test_results:
   rules:
 
     - if: $CI_COMMIT_TAG
+      allow_failure: true
       when: on_success
 
-    - if: "$CI_COMMIT_AUTHOR =='nfc_bot <helpdesk@nofusscomputing.com>'"
-      when: never
+    # Needs to run, even by bot as the test results need to be available
+    # - if: "$CI_COMMIT_AUTHOR =='nfc_bot <helpdesk@nofusscomputing.com>'"
+    #   when: never
 
     - if: # Occur on merge
-        $CI_COMMIT_BRANCH == "development"
+        $CI_COMMIT_BRANCH
           &&
         $CI_PIPELINE_SOURCE == "push"
-      when: always
+      allow_failure: true
+      when: on_success
 
-    - if:
-        $CI_COMMIT_BRANCH != "development"
-          &&
-        $CI_COMMIT_BRANCH != "master"
-          &&
-        $CI_PIPELINE_SOURCE == "push"
-      when: always
+    # - if:
+    #     $CI_COMMIT_BRANCH != "development"
+    #       &&
+    #     $CI_COMMIT_BRANCH != "master"
+    #       &&
+    #     $CI_PIPELINE_SOURCE == "push"
+    #   allow_failure: true
+    #   when: always
 
     - when: never

.gitlab/integration_test_trace.sh

@@ -31,7 +31,7 @@ cmd "journalctl -xeu k3s.service"
 
 cmd "systemctl status netfilter-persistent.service"
 
-cmd "systemctl status iptables.servic"
+cmd "systemctl status iptables.service"
 
 cmd "systemctl status k3s.service"
 

.gitlab/merge_request_templates/default.md

@@ -0,0 +1,22 @@
+### :books: Summary
+<!-- your summary here emojis ref: https://github.com/yodamad/gitlab-emoji -->
+
+
+
+### :link: Links / References
+<!-- using a list as any links to other references or links as required. if relevent, describe the link/reference -->
+
+
+### :construction_worker: Tasks
+
+ - [ ] Add your tasks here if required (delete)
+
+<!-- dont remove tasks below strike through including the checkbox by enclosing in double tidle '~~' -->
+
+- [ ] Playbook Update
+
+    This collection has a [corresponding playbook](https://gitlab.com/nofusscomputing/projects/ansible/ansible_playbooks/-/blob/development/role.yaml) that may need to be updated (Ansible Role), specifically [Role Validation](https://gitlab.com/nofusscomputing/projects/ansible/ansible_playbooks/-/blob/development/tasks/role/validation/nfc_kubernetes.yaml).
+
+- [ ] NetBox Rendered Config Update
+
+    This Collection has a [NetBox Rendered Config template](https://gitlab.com/nofusscomputing/infrastructure/configuration-management/netbox/-/blob/development/templates/cluster.json.j2) that may need to be updated. Specifically Section `cluster.type == 'kubernetes'`

CHANGELOG.md

@@ -1,3 +1,42 @@
+## 1.8.1-a1 (2024-05-02)
+
+### Fix
+
+- **nfc_kubernetes**: correct url build to loop through all cpu arch
+
+## 1.8.0 (2024-05-02)
+
+### Feat
+
+- **nfc_kubernetes**: build url and on use cast as string
+
+## 1.7.2 (2024-04-25)
+
+### Fix
+
+- **nfc_kubernetes**: adjust some tasks to run during checkmode
+
+## 1.7.1 (2024-04-24)
+
+### Fix
+
+- add role readme
+
+## 1.7.0 (2024-04-24)
+
+### Feat
+
+- **kubernetes_netbox**: custom field bug work around
+- **services**: add netbox service fields
+- **role**: New role kubernetes_netbox
+
+### Fix
+
+- **nfc_kubernetes**: ensure install tasks run when job_tags specified
+- **facts**: gather required facts if not already available
+- **install**: correct template installed var
+- **install**: as part of install check, confirm service
+
 ## 1.6.0 (2024-03-29)
 
 ### Feat
@@ -29,10 +68,6 @@
 
 ## 1.3.0 (2024-03-18)
 
-### Feat
-
-- dont attempt to install if already installed
-
 ### Fix
 
 - **handler**: add missing 'reboot_host' handler
@@ -48,35 +83,3 @@
 ### Fix
 
 - **config**: use correct var name when setting node name
-
-## 1.1.2 (2024-03-13)
-
-### Fix
-
-- **readme**: update gitlab links to new loc
-- **configure**: dont attempt to configure firewall if install=false
-- **handler**: remove old k8s code causing handler to fail
-- **handler**: kubernetes restart handler now using updated node type vars
-- **config**: if hostname=localhost use hostname command to fetch hostname
-- limit the use of master group
-- add missing dependency ansible.posix
-
-## 1.1.1 (2024-03-13)
-
-### Fix
-
-- don't check hostname for localhost
-
-## 1.1.0 (2024-03-13)
-
-### Feat
-
-- add role readme and fix gitlab release job
-
-## 1.0.1 (2024-03-13)
-
-### Fix
-
-- **ci**: ensure correct package name is used
-
-## 1.0.0 (2024-03-13)

docs/projects/ansible/collection/kubernetes/roles/kubernetes_netbox/index.md

@@ -0,0 +1,46 @@
+---
+title: NetBox Kubernetes
+description: No Fuss Computings Ansible role kubernetes_netbox
+date: 2023-10-24
+template: project.html
+about: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
+---
+
+This Ansible role as part of our collection `nofusscomputing.kubernetes` is intended to be used to setup NetBox so that the settings for deploying a kubernetes cluster can be stored within NetBox.
+
+
+## Role Details
+
+| Item| Value | Description |
+|:---|:---:|:---|
+| Dependent Roles | _None_ | |
+| Optional Roles | _None_ | |
+| Idempotent | _Yes_ |  |
+| Stats Available | _Not Yet_ |  |
+| Tags | _Nil_ |  |
+| Requirements | _None_  |  |
+
+
+## Features
+
+- Adds custom fields to `cluster` object within NetBox that this collection can use to deploy a kubernetes cluster.
+
+!!! info
+    Due to a bug in ansible module `netbox.netbox.netbox_custom_field` The fields are not created as they should be. For example, the fields are supposed to be set to only display when not empty. for more information see [Github #1210](https://github.com/netbox-community/ansible_modules/issues/1210). We have [added a workaround](https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes/-/merge_requests/56#note_1876912267) so the fields are created.
+    
+    Other than that, the fields are created as they should.
+
+
+## Usage
+
+To configure NetBox, ensure that the NetBox Access variables are set and run playbook `nofusscomputing.netbox.kubernetes_netbox`. This will setup NetBox with the required fields that role [nfc_kubernetes](../nfc_kubernetes/index.md) uses.
+
+
+## Default Variables
+
+
+``` yaml title="defaults/main.yaml" linenums="1"
+
+--8<-- "roles/kubernetes_netbox/defaults/main.yaml"
+
+```

galaxy.yml

@@ -8,7 +8,7 @@ namespace: nofusscomputing
 name: kubernetes
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 1.6.0
+version: 1.8.1-a1
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
@@ -47,6 +47,7 @@ dependencies:
   ansible.posix: '>=1.5.4'
   kubernetes.core: '>=3.0.0'
   nofusscomputing.firewall: '>=1.1.0'
+  netbox.netbox: '>=3.16.0'
 
 
 # The URL of the originating SCM repository

mkdocs.yml

@@ -49,6 +49,9 @@ nav:
 
           - projects/ansible/collection/kubernetes/roles/nfc_kubernetes/release_notes.md
 
+        - Role kubernetes_netbox:
+
+          - projects/ansible/collection/kubernetes/roles/kubernetes_netbox/index.md
 
 - Operations: 
 

playbooks/netbox.yaml

@@ -0,0 +1,64 @@
+---
+- name: Install K3s Kubernetes
+  hosts: |-
+    {%- if nfc_pb_host is defined -%}
+
+      {{ nfc_pb_host }}
+
+    {%- elif nfc_pb_kubernetes_cluster_name is defined -%}
+
+      kubernetes_cluster_{{ nfc_pb_kubernetes_cluster_name | lower }}
+
+    {%- else -%}
+
+      {%- if ansible_limit is defined -%}
+
+        {{ ansible_limit }}
+
+      {%- else -%}
+
+        localhost
+
+      {%- endif -%}
+
+    {%- endif %}
+  become: false
+  gather_facts: false
+
+
+  tasks:
+
+
+    - name: Configure NetBox for Kubernetes Deployment(s)
+      ansible.builtin.include_role:
+        name: kubernetes_netbox
+      tags:
+        - always
+
+
+  # vars:
+
+  #
+  #   Future feature, add playbook to import to awx
+  #
+  #   nfc_pb_awx_tower_template:
+
+
+  #     - name: "Collection/NoFussComputing/Kubernetes/NetBox/Configure"
+  #       ask_credential_on_launch: true
+  #       ask_job_type_on_launch: true
+  #       ask_limit_on_launch: true
+  #       ask_tags_on_launch: true
+  #       ask_variables_on_launch: true
+  #       description: |
+  #         Playbook to Install/Configure Kubernetes using configuration
+  #         from code.
+  #       execution_environment: "No Fuss Computing EE"
+  #       job_type: "check"
+  #       labels:
+  #         - cluster
+  #         - k3s
+  #         - kubernetes
+  #       verbosity: 2
+  #       use_fact_cache: true
+  #       survey_enabled: false

requirements.txt

@@ -0,0 +1,2 @@
+pynetbox
+pytz

roles/defaults/main.yaml

@@ -0,0 +1,9 @@
+---
+
+#
+# NetBox Access Variables. Required
+#
+
+# nfc_pb_api_netbox_url:                   # ENV [NETBOX_API]
+# nfc_pb_api_netbox_token:                 # ENV [NETBOX_TOKEN]
+# nfc_pb_api_netbox_validate_cert: true    # ENV [NETBOX_VALIDATE_CERT]

roles/kubernetes_netbox/README.md

@@ -0,0 +1,3 @@
+## No Fuss Computing - Ansible Role kubernetes_netbox
+
+Nothing to see here

roles/kubernetes_netbox/meta/main.yaml

@@ -0,0 +1,30 @@
+galaxy_info:
+
+  role_name: kubernetes_netbox
+
+  author: No Fuss Computing
+
+  description: Configure the required items within Netbox to support deploying kubernetes from Netbox configuration.
+
+  issue_tracker_url: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
+
+  license: MIT
+
+  min_ansible_version: '2.15'
+
+  platforms:
+
+    - name: Debian
+      versions:
+        - bullseye
+        - bookworm
+
+    - name: Ubuntu
+      versions:
+        - 21
+
+  galaxy_tags:
+    - cluster
+    - k3s
+    - kubernetes
+    - netbox

roles/kubernetes_netbox/tasks/cluster.yaml

@@ -0,0 +1,255 @@
+---
+
+# add cluster type kubernetes
+
+- name: Create Custom Field - Configure Firewall
+  netbox.netbox.netbox_custom_field:
+    netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
+    netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
+    data:
+      content_types:
+        - virtualization.cluster
+      default: null
+      group_name: Kubernetes
+      label: Configure Firewall
+      name: nfc_role_kubernetes_configure_firewall
+      type: boolean
+      ui_visibility: 'hidden-ifunset'
+      # is_cloneable: false
+      weight: 100
+    state: present
+    validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
+  delegate_to: localhost
+  failed_when: >
+    custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
+      and
+    custom_field_tmp.diff is not defined
+  register: custom_field_tmp
+
+
+- name: Create Custom Field - ETCD Enabled
+  netbox.netbox.netbox_custom_field:
+    netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
+    netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
+    data:
+      content_types:
+        - virtualization.cluster
+      default: null
+      group_name: Kubernetes
+      label: ETCD Enabled
+      name: nfc_role_kubernetes_etcd_enabled
+      type: boolean
+      ui_visibility: hidden-ifunset
+      # is_cloneable: false
+      weight: 100
+    state: present
+    validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
+  delegate_to: localhost
+  failed_when: >
+    custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
+      and
+    custom_field_tmp.diff is not defined
+  register: custom_field_tmp
+
+
+- name: Create Custom Field - Install OLM
+  netbox.netbox.netbox_custom_field:
+    netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
+    netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
+    data:
+      content_types:
+        - virtualization.cluster
+      default: null
+      group_name: Kubernetes
+      label: Install OLM
+      name: nfc_role_kubernetes_install_olm
+      type: boolean
+      ui_visibility: hidden-ifunset
+      # is_cloneable: false
+      weight: 100
+    state: present
+    validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
+  delegate_to: localhost
+  failed_when: >
+    custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
+      and
+    custom_field_tmp.diff is not defined
+  register: custom_field_tmp
+
+
+- name: Create Custom Field - Install Helm
+  netbox.netbox.netbox_custom_field:
+    netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
+    netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
+    data:
+      content_types:
+        - virtualization.cluster
+      default: null
+      group_name: Kubernetes
+      label: Install Helm
+      name: nfc_role_kubernetes_install_helm
+      type: boolean
+      ui_visibility: hidden-ifunset
+      # is_cloneable: false
+      weight: 100
+    state: present
+    validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
+  delegate_to: localhost
+  failed_when: >
+    custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
+      and
+    custom_field_tmp.diff is not defined
+  register: custom_field_tmp
+
+
+- name: Create Custom Field - Install KubeVirt
+  netbox.netbox.netbox_custom_field:
+    netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
+    netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
+    data:
+      content_types:
+        - virtualization.cluster
+      default: null
+      group_name: Kubernetes
+      label: Install KubeVirt
+      name: nfc_role_kubernetes_install_kubevirt
+      type: boolean
+      ui_visibility: hidden-ifunset
+      # is_cloneable: false
+      weight: 100
+    state: present
+    validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
+  delegate_to: localhost
+  failed_when: >
+    custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
+      and
+    custom_field_tmp.diff is not defined
+  register: custom_field_tmp
+
+
+- name: Create Custom Field - KubeVirt Operator Replicas
+  netbox.netbox.netbox_custom_field:
+    netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
+    netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
+    data:
+      content_types:
+        - virtualization.cluster
+      default: null
+      group_name: Kubernetes
+      label: KubeVirt Operator Replicas
+      name: nfc_role_kubernetes_kubevirt_operator_replicas
+      type: integer
+      ui_visibility: hidden-ifunset
+      # is_cloneable: false
+      validation_minimum: 1
+      weight: 100
+    state: present
+    validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
+  delegate_to: localhost
+  failed_when: >
+    custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
+      and
+    custom_field_tmp.diff is not defined
+  register: custom_field_tmp
+
+
+- name: Create Custom Field - Enable MetalLB
+  netbox.netbox.netbox_custom_field:
+    netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
+    netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
+    data:
+      content_types:
+        - virtualization.cluster
+      default: null
+      group_name: Kubernetes
+      label: Enable MetalLB
+      name: nfc_kubernetes_enable_metallb
+      type: boolean
+      ui_visibility: hidden-ifunset
+      # is_cloneable: false
+      weight: 100
+    state: present
+    validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
+  delegate_to: localhost
+  failed_when: >
+    custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
+      and
+    custom_field_tmp.diff is not defined
+  register: custom_field_tmp
+
+
+- name: Create Custom Field - Enable ServiceLB (klipper)
+  netbox.netbox.netbox_custom_field:
+    netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
+    netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
+    data:
+      content_types:
+        - virtualization.cluster
+      default: null
+      group_name: Kubernetes
+      label: Enable ServiceLB (klipper)
+      name: nfc_kubernetes_enable_servicelb
+      type: boolean
+      ui_visibility: hidden-ifunset
+      # is_cloneable: false
+      weight: 100
+    state: present
+    validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
+  delegate_to: localhost
+  failed_when: >
+    custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
+      and
+    custom_field_tmp.diff is not defined
+  register: custom_field_tmp
+
+
+- name: Create Custom Field - Pod Subnet
+  netbox.netbox.netbox_custom_field:
+    netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
+    netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
+    data:
+      content_types:
+        - virtualization.cluster
+      default: null
+      group_name: Kubernetes
+      label: Pod Subnet
+      name: nfc_role_kubernetes_pod_subnet
+      object_type: ipam.prefix
+      type: object
+      ui_visibility: hidden-ifunset
+      # is_cloneable: false
+      weight: 100
+    state: present
+    validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
+  delegate_to: localhost
+  failed_when: >
+    custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
+      and
+    custom_field_tmp.diff is not defined
+  register: custom_field_tmp
+
+
+- name: Create Custom Field - Service Subnet
+  netbox.netbox.netbox_custom_field:
+    netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
+    netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
+    data:
+      content_types:
+        - virtualization.cluster
+      default: null
+      group_name: Kubernetes
+      label: Service Subnet
+      name: nfc_role_kubernetes_service_subnet
+      object_type: ipam.prefix
+      type: object
+      ui_visibility: hidden-ifunset
+      # is_cloneable: false
+      weight: 100
+    state: present
+    validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
+  delegate_to: localhost
+  failed_when: >
+    custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
+      and
+    custom_field_tmp.diff is not defined
+  register: custom_field_tmp

roles/kubernetes_netbox/tasks/main.yaml

@@ -0,0 +1,21 @@
+---
+
+- name: Setup NetBox for Kubernetes Cluster Deployments
+  ansible.builtin.include_tasks:
+    file: cluster.yaml
+    apply:
+      tags:
+        - always
+  tags:
+    - always
+
+
+- name: Setup NetBox for Kubernetes Service Deployments
+  ansible.builtin.include_tasks:
+    file: services.yaml
+    apply:
+      tags:
+        - always
+  tags:
+    - never
+    - services

roles/kubernetes_netbox/tasks/services.yaml

@@ -0,0 +1,50 @@
+---
+
+- name: Create Custom Field - Instance
+  netbox.netbox.netbox_custom_field:
+    netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
+    netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
+    data:
+      content_types:
+        - ipam.service
+      group_name: Kubernetes
+      label: Instance Name
+      description: "Name of the Instance to be deployed"
+      name: service_kubernetes_instance
+      type: text
+      ui_visibility: hidden-ifunset
+      # is_cloneable: true
+      weight: 100
+    state: present
+    validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
+  delegate_to: localhost
+  failed_when: >
+    custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
+      and
+    custom_field_tmp.diff is not defined
+  register: custom_field_tmp
+
+
+- name: Create Custom Field - Namespace
+  netbox.netbox.netbox_custom_field:
+    netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
+    netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
+    data:
+      content_types:
+        - ipam.service
+      group_name: Kubernetes
+      label: Service Namespace
+      description: "Deployment Namespace"
+      name: service_kubernetes_namespace
+      type: text
+      ui_visibility: hidden-ifunset
+      # is_cloneable: true
+      weight: 100
+    state: present
+    validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
+  delegate_to: localhost
+  failed_when: >
+    custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
+      and
+    custom_field_tmp.diff is not defined
+  register: custom_field_tmp

roles/nfc_kubernetes/defaults/main.yml

@@ -48,6 +48,8 @@ nfc_role_kubernetes_kubevirt_operator_replicas: 1
 
 nfc_role_kubernetes_oidc_enabled: false
 
+nfc_role_kubernetes_resolv_conf_file: /etc/resolv.conf
+
 nfc_role_kubernetes_pod_subnet: 172.16.248.0/21
 nfc_role_kubernetes_service_subnet: 172.16.244.0/22
 

roles/nfc_kubernetes/tasks/helm/main.yaml

@@ -5,6 +5,7 @@
     url: https://baltocdn.com/helm/signing.asc
     dest: /usr/share/keyrings/helm.asc
     mode: 740
+  changed_when: not ansible_check_mode
   delay: 10
   retries: 3
 

roles/nfc_kubernetes/tasks/install.yaml

@@ -4,7 +4,10 @@
   ansible.builtin.command:
     cmd: hostname
   changed_when: false
+  check_mode: false
   register: hostname_to_check
+  tags:
+    - always
 
 
 - name: Hostname Check
@@ -12,10 +15,10 @@
     that:
       - hostname_to_check.stdout == inventory_hostname
     msg: The hostname must match the inventory_hostname
+  tags:
+    - always
   when: >
     inventory_hostname != 'localhost'
-      and
-    not ansible_check_mode
 
 
 - name: Testing Env Variables
@@ -23,13 +26,34 @@
     ansible_default_ipv4: {
       "address": "127.0.0.1"
     }
+  check_mode: false
+  tags:
+    - always
   when: >
     lookup('ansible.builtin.env', 'CI_COMMIT_SHA') | default('') != ''
 
 
+- name: Gather Facts required by role
+  ansible.builtin.setup:
+    gather_subset:
+      - all_ipv4_addresses
+      - os_family
+      - processor
+  tags:
+    - always
+  when: >
+    ansible_architecture is not defined
+      or
+    ansible_default_ipv4 is not defined
+      or
+    ansible_os_family is not defined
+
+
 - name: Check Machine Architecture
   ansible.builtin.set_fact:
     nfc_kubernetes_install_architectures: "{{ nfc_kubernetes_install_architectures | default({}) | combine({ansible_architecture: ''}) }}"
+  tags:
+    - always
 
 
 - name: Configure Kubernetes Firewall Rules

roles/nfc_kubernetes/tasks/k3s/install.yaml

@@ -243,6 +243,12 @@
         false
       {%- endif -%}";
 
+      if ! service k3s status > /dev/null; then
+
+        export installed='false';
+
+      fi
+
       export running_version="{{ kubernetes_node.resources[0].status.nodeInfo.kubeletVersion | default('0') }}";
 
       export correct_hash=$(wget -q https://github.com/k3s-io/k3s/releases/download/v
@@ -268,6 +274,7 @@
 
     executable: /bin/bash
   changed_when: false
+  check_mode: false
   failed_when: false
   register: k3s_metadata
 
@@ -297,29 +304,49 @@
   when: >
     file_cached_k3s_binary.stat.checksum | default('0') != node_k3s.desired_hash
 
+  # Workaround. See: https://github.com/ansible/awx/issues/15161
+- name: Build K3s Download URL
+  ansible.builtin.set_fact:
+    cacheable: false
+    url_download_k3s: |-
+      [
+        {%- for key, value in nfc_kubernetes_install_architectures | dict2items -%}
+        "https://github.com/k3s-io/k3s/releases/download/
+          {{- node_k3s.desired_version | urlencode -}}
+        /k3s
+        {%- if key == 'aarch64' -%}
+        -arm64
+        {%- endif %}",
+        {%- endfor -%}
+      ]
+  changed_when: false
+  check_mode: false
+  delegate_to: localhost
+  loop: "{{ nfc_kubernetes_install_architectures | dict2items }}"
+  loop_control:
+    loop_var: cpu_arch
+  vars:
+    ansible_connection: local
+
 
 - name: Download K3s Binary
   ansible.builtin.uri:
-    url: |-
-      https://github.com/k3s-io/k3s/releases/download/
-        {{- node_k3s.desired_version | urlencode -}}
-      /k3s
-      {%- if cpu_arch.key == 'aarch64' -%}
-      -arm64
-      {%- endif %}
+    url: "{{ url | string }}"
     method: GET
     return_content: false
     status_code:
       - 200
       - 304
-    dest: "/tmp/k3s.{{ cpu_arch.key }}"
+    dest: "/tmp/k3s.{{ ansible_architecture }}"
     mode: "744"
+  changed_when: not ansible_check_mode
+  check_mode: false
   delay: 10
   retries: 3
   register: k3s_download_files
   delegate_to: localhost
   failed_when: >
-    (lookup('ansible.builtin.file', '/tmp/k3s.' + cpu_arch.key) | hash('sha256') | string) != node_k3s.desired_hash
+    (lookup('ansible.builtin.file', '/tmp/k3s.' + ansible_architecture) | hash('sha256') | string) != node_k3s.desired_hash
       and
     (
       k3s_download_files.status | int != 200
@@ -328,9 +355,9 @@
     )
   run_once: true
   when: ansible_os_family == 'Debian'
-  loop: "{{ nfc_kubernetes_install_architectures | dict2items }}"
+  loop: "{{ url_download_k3s }}"
   loop_control:
-    loop_var: cpu_arch
+    loop_var: url
   vars:
     ansible_connection: local
 
@@ -389,6 +416,7 @@
       - 304
     dest: "{{ item.dest }}"
     mode: "744"
+  check_mode: false
   changed_when: false
   delay: 10
   retries: 3
@@ -594,6 +622,8 @@
   failed_when: kubernetes_ready_check.rc != 0
   when: >
     not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
+      and
+    not ansible_check_mode
 
 
 - name: Config Link

roles/nfc_kubernetes/tasks/k3s/migrate_to_operator.yaml

@@ -110,6 +110,7 @@
         owner: root
         group: 'root'
       changed_when: false
+      check_mode: false
       become: true
       delegate_to: localhost
       loop: "{{ nfc_kubernetes_install_architectures | dict2items }}"

roles/nfc_kubernetes/templates/k3s-config.yaml.j2

@@ -146,6 +146,7 @@
       ",ephemeral-storage=" + kubelet_arg_system_reserved_storage
     ],
     "node-name": node_name,
+    "resolv-conf": nfc_role_kubernetes_resolv_conf_file,
   }
 
 -%}
@@ -153,7 +154,7 @@
 
 {%- if groups[kubernetes_config.cluster.group_name | default('make_me_optional')] | default([]) | list | length > 0 -%}
   
-  {%- if k3s_installed.rc == 0 -%}
+  {%- if node_k3s.installed -%}
 
     {%- set ns = namespace(server=[]) -%}
 
@@ -198,7 +199,7 @@
   {%- elif 
     kubernetes_config.cluster.prime.name != inventory_hostname
       and
-    k3s_installed.rc == 1
+    not node_k3s.installed
   -%}
 
     {%- set server = (server | default([])) + [