feat: add advanced features to config (#1208)

* feat: add advanced features to config

Signed-off-by: Devin Buhl <devin@buhl.casa>

* fix: only enable longhorn if distro is k3s or k0s

Signed-off-by: Devin Buhl <devin@buhl.casa>

* fix: update ansible lint

Signed-off-by: Devin Buhl <devin@buhl.casa>

---------

Signed-off-by: Devin Buhl <devin@buhl.casa>

bootstrap/tasks/validation/cloudflare.yaml

@@ -1,6 +1,6 @@
 ---
 - name: Query Cloudflare zone
-  when: not ci_test | default(false)
+  when: not ci_test|default(false)
   ansible.builtin.uri:
     url: https://api.cloudflare.com/client/v4/zones?name={{ bootstrap_cloudflare_domain }}&status=active
     headers:
@@ -12,14 +12,14 @@
   register: result
 
 - name: Check if Cloudflare zone exists
-  when: not ci_test | default(false)
+  when: not ci_test|default(false)
   ansible.builtin.assert:
     that: result.json.success is true
     success_msg: Cloudflare zone {{ bootstrap_cloudflare_domain }} exists
     fail_msg: Cloudflare zone {{ bootstrap_cloudflare_domain }} does not exist
 
 - name: Query Cloudflared tunnel
-  when: not ci_test | default(false)
+  when: not ci_test|default(false)
   ansible.builtin.uri:
     url: https://api.cloudflare.com/client/v4/accounts/{{ bootstrap_cloudflare_account_tag }}/cfd_tunnel/{{ bootstrap_cloudflare_tunnel_id }}
     headers:
@@ -31,7 +31,7 @@
   register: result
 
 - name: Check if Cloudflared tunnel exists
-  when: not ci_test | default(false)
+  when: not ci_test|default(false)
   ansible.builtin.assert:
     that: result.json.success is true
     success_msg: Cloudflared tunnel {{ bootstrap_cloudflare_tunnel_id }} exists

bootstrap/tasks/validation/github.yaml

@@ -1,6 +1,6 @@
 ---
 - name: Query Github username
-  when: not ci_test | default(false)
+  when: not ci_test|default(false)
   ansible.builtin.uri:
     url: https://api.github.com/users/{{ bootstrap_github_username }}
     timeout: 5
@@ -9,14 +9,14 @@
   register: result
 
 - name: Check if username exists
-  when: not ci_test | default(false)
+  when: not ci_test|default(false)
   ansible.builtin.assert:
     that: result.json.login == bootstrap_github_username
     success_msg: Github user {{ bootstrap_github_username }} exists
     fail_msg: Github user {{ bootstrap_github_username }} does not exist
 
 - name: Query Github repo
-  when: (not ci_test | default(false)) and (not bootstrap_private_github_repo | default(false))
+  when: (not ci_test|default(false)) and (not bootstrap_private_github_repo|default(false))
   ansible.builtin.uri:
     url: https://api.github.com/repos/{{ bootstrap_github_username }}/{{ bootstrap_github_repository_name }}
     timeout: 5
@@ -25,24 +25,24 @@
   register: result
 
 - name: Check if repo exists
-  when: (not ci_test | default(false)) and (not bootstrap_private_github_repo | default(false))
+  when: (not ci_test|default(false)) and (not bootstrap_private_github_repo|default(false))
   ansible.builtin.assert:
     that: result.json.full_name == bootstrap_github_username + '/' + bootstrap_github_repository_name
     success_msg: Github repo {{ bootstrap_github_username }}/{{ bootstrap_github_repository_name }} exists
     fail_msg: Github repo {{ bootstrap_github_username }}/{{ bootstrap_github_repository_name }} does not exist
 
 - name: Query Github repo branch
-  when: (not ci_test | default(false)) and (not bootstrap_private_github_repo | default(false))
+  when: (not ci_test|default(false)) and (not bootstrap_private_github_repo|default(false))
   ansible.builtin.uri:
-    url: https://api.github.com/repos/{{ bootstrap_github_username }}/{{ bootstrap_github_repository_name }}/branches/{{ bootstrap_github_repository_branch | default('main', true) }}
+    url: https://api.github.com/repos/{{ bootstrap_github_username }}/{{ bootstrap_github_repository_name }}/branches/{{ bootstrap_github_repository_branch|default('main', true) }}
     timeout: 5
     return_content: true
     body_format: json
   register: result
 
 - name: Check if repo branch exists
-  when: (not ci_test | default(false)) and (not bootstrap_private_github_repo | default(false))
+  when: (not ci_test|default(false)) and (not bootstrap_private_github_repo|default(false))
   ansible.builtin.assert:
-    that: result.json.name == bootstrap_github_repository_branch | default('main', true)
-    success_msg: Github repo branch {{ bootstrap_github_repository_branch | default('main', true) }} exists
-    fail_msg: Github repo branch {{ bootstrap_github_repository_branch | default('main', true) }} does not exist
+    that: result.json.name == bootstrap_github_repository_branch|default('main', true)
+    success_msg: Github repo branch {{ bootstrap_github_repository_branch|default('main', true) }} exists
+    fail_msg: Github repo branch {{ bootstrap_github_repository_branch|default('main', true) }} does not exist

bootstrap/tasks/validation/net.yaml

@@ -14,21 +14,21 @@
     fail_msg: Node CIDR {{ bootstrap_node_cidr }} is invalid.
 
 - name: Check if cluster CIDR is ipv4 OR ipv6
-  when: not bootstrap_ipv6_enabled | default(false)
+  when: not bootstrap_ipv6_enabled|default(false)
   ansible.builtin.assert:
     that: bootstrap_cluster_cidr is ansible.utils.ipv4 or bootstrap_cluster_cidr is ansible.utils.ipv6
     success_msg: Cluster CIDR {{ bootstrap_cluster_cidr }} is valid.
     fail_msg: Cluster CIDR {{ bootstrap_cluster_cidr }} is invalid.
 
 - name: Check if service CIDR is ipv4 OR ipv6
-  when: not bootstrap_ipv6_enabled | default(false)
+  when: not bootstrap_ipv6_enabled|default(false)
   ansible.builtin.assert:
     that: bootstrap_service_cidr is ansible.utils.ipv4 or bootstrap_service_cidr is ansible.utils.ipv6
     success_msg: Service CIDR {{ bootstrap_service_cidr }} is valid.
     fail_msg: Service CIDR {{ bootstrap_service_cidr }} is invalid.
 
 - name: Check if cluster CIDR is ipv4 AND ipv6
-  when: bootstrap_ipv6_enabled | default(false)
+  when: bootstrap_ipv6_enabled|default(false)
   ansible.builtin.assert:
     that: >
       (
@@ -42,7 +42,7 @@
     fail_msg: Cluster CIDR {{ bootstrap_cluster_cidr }} is invalid.
 
 - name: Check if service CIDR is ipv4 AND ipv6
-  when: bootstrap_ipv6_enabled | default(false)
+  when: bootstrap_ipv6_enabled|default(false)
   ansible.builtin.assert:
     that: >
       (
@@ -122,24 +122,24 @@
     fail_msg: All IP addresses are not unique.
 
 - name: Check if nodes are not the same IPs as k8s_gateway or ingress external/internal
-  when: not bootstrap_kube_vip_enabled | default(true)
+  when: not bootstrap_kube_vip_enabled|default(true)
   ansible.builtin.assert:
     that: item.address not in (bootstrap_k8s_gateway_addr, bootstrap_external_ingress_addr, bootstrap_internal_ingress_addr)
     success_msg: Node address {{ item.address }} is different than k8s_gateway or ingress-nginx.
     fail_msg: Node address {{ item.address }} is not different than k8s_gateway or ingress-nginx.
     quiet: true
-  loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker | default([]) }}"
+  loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker|default([]) }}"
   loop_control:
     label: "{{ item.address }}"
 
 - name: Check if nodes are not the same IPs as k8s_gateway, ingress external/internal or Kube API address
-  when: (bootstrap_distribution == "k3s") and (bootstrap_kube_vip_enabled | default(true))
+  when: (bootstrap_distribution == "k3s") and (bootstrap_kube_vip_enabled|default(true))
   ansible.builtin.assert:
     that: item.address not in (bootstrap_k8s_gateway_addr, bootstrap_external_ingress_addr, bootstrap_internal_ingress_addr, bootstrap_kube_api_addr)
     success_msg: Node address {{ item.address }} is different than k8s_gateway, ingress-nginx or Kube API.
     fail_msg: Node address {{ item.address }} is not different than k8s_gateway, ingress-nginx or Kube API.
     quiet: true
-  loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker | default([]) }}"
+  loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker|default([]) }}"
   loop_control:
     label: "{{ item.address }}"
 
@@ -149,7 +149,7 @@
     success_msg: Node address {{ item.address }} is valid.
     fail_msg: Node address {{ item.address }} is invalid.
     quiet: true
-  loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker | default([]) }}"
+  loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker|default([]) }}"
   loop_control:
     label: "{{ item.address }}"
 
@@ -159,19 +159,19 @@
     success_msg: Node address {{ item.address }} is within {{ bootstrap_node_cidr }}.
     fail_msg: Node address {{ item.address }} is not within {{ bootstrap_node_cidr }}.
     quiet: true
-  loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker | default([]) }}"
+  loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker|default([]) }}"
   loop_control:
     label: "{{ item.address }}"
 
 - name: Check if node IP addresses are unique
   ansible.builtin.assert:
     that: >
       (
-        (bootstrap_nodes.master + bootstrap_nodes.worker | default([])) | map(attribute='address') | list
+        (bootstrap_nodes.master + bootstrap_nodes.worker|default([])) | map(attribute='address') | list
       ) | unique | length
       ==
       (
-        (bootstrap_nodes.master + bootstrap_nodes.worker | default([])) | map(attribute='address') | list
+        (bootstrap_nodes.master + bootstrap_nodes.worker|default([])) | map(attribute='address') | list
       ) | length
     success_msg: All node IP addresses are unique.
     fail_msg: All node IP addresses are not unique.
@@ -181,34 +181,34 @@
   ansible.builtin.assert:
     that: >
       (
-        (bootstrap_nodes.master + bootstrap_nodes.worker | default([])) | map(attribute='name') | list
+        (bootstrap_nodes.master + bootstrap_nodes.worker|default([])) | map(attribute='name') | list
       ) | unique | length
       ==
       (
-        (bootstrap_nodes.master + bootstrap_nodes.worker | default([])) | map(attribute='name') | list
+        (bootstrap_nodes.master + bootstrap_nodes.worker|default([])) | map(attribute='name') | list
       ) | length
     success_msg: All node names are unique.
     fail_msg: All node names are not unique.
     quiet: true
 
 - name: Check if SSH ports are reachable
-  when: (not ci_test | default(false)) and (not bootstrap_distribution == "talos")
+  when: (not ci_test|default(false)) and (not bootstrap_distribution == "talos")
   ansible.builtin.wait_for:
     host: "{{ item.address }}"
     port: 22
     timeout: 10
   connection: local
-  loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker | default([]) }}"
+  loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker|default([]) }}"
   loop_control:
     label: "{{ item.address }}"
 
 - name: Check if Talos ports are reachable
-  when: (not ci_test | default(false)) and (bootstrap_distribution == "talos")
+  when: (not ci_test|default(false)) and (bootstrap_distribution == "talos")
   ansible.builtin.wait_for:
     host: "{{ item.address }}"
     port: 50000
     timeout: 10
   connection: local
-  loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker | default([]) }}"
+  loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker|default([]) }}"
   loop_control:
     label: "{{ item.address }}"

bootstrap/tasks/validation/vars.yaml

@@ -43,6 +43,6 @@
     that: item.name is match('^[a-z0-9-\.]+$')
     success_msg: Node name {{ item.name }} is valid
     fail_msg: Node name {{ item.name }} is not valid
-  loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker | default([]) }}"
+  loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker|default([]) }}"
   loop_control:
     label: "{{ item.name }}"

bootstrap/templates/ansible/.ansible-lint.j2

@@ -1,5 +1,6 @@
-#% if bootstrap_distribution == 'k3s' or bootstrap_distribution == 'k0s' %#
+#% if bootstrap_distribution in ['k3s', 'k0s'] %#
 skip_list:
+  - jinja[spacing]
   - yaml[commas]
   - yaml[line-length]
   - var-naming

bootstrap/templates/ansible/inventory/group_vars/kubernetes/main.yaml.j2

@@ -11,7 +11,7 @@ k3s_registration_address: "{{ kube_api_addr }}"
 # /var/lib/rancher/k3s/server/manifests
 k3s_server_manifests_templates:
   - custom-cilium-helmchart.yaml.j2
-#% if bootstrap_nodes.master | length > 1 or bootstrap_kube_api_addr | default('') %#
+#% if bootstrap_nodes.master | length > 1 or bootstrap_kube_api_addr|default('') %#
 # /var/lib/rancher/k3s/server/manifests
 k3s_server_manifests_urls:
   - url: https://raw.githubusercontent.com/kube-vip/website/main/content/manifests/rbac.yaml

bootstrap/templates/ansible/inventory/group_vars/kubernetes/supplemental.yaml.j2

@@ -1,20 +1,20 @@
-#% if bootstrap_distribution == 'k3s' or bootstrap_distribution == 'k0s' %#
+#% if bootstrap_distribution in ['k3s', 'k0s'] %#
 ---
 timezone: "#{ bootstrap_timezone }#"
 github_username: "#{ bootstrap_github_username }#"
 coredns_addr: "#{ bootstrap_service_cidr.split(',')[0] | nthhost(10) }#"
-#% if bootstrap_nodes.master | length > 1 or bootstrap_kube_api_addr | default('') %#
+#% if bootstrap_nodes.master | length > 1 or bootstrap_kube_api_addr|default('') %#
 kube_api_addr: "#{ bootstrap_kube_api_addr }#"
 #% else %#
 kube_api_addr: "#{ bootstrap_nodes.master[0].address }#"
 #% endif %#
-#% if bootstrap_kube_api_hostname | default('') %#
+#% if bootstrap_kube_api_hostname|default('') %#
 kube_api_hostname: "#{ bootstrap_kube_api_hostname }#"
 #% endif %#
 cluster_cidr: "#{ bootstrap_cluster_cidr.split(',')[0] }#"
 service_cidr: "#{ bootstrap_service_cidr.split(',')[0] }#"
 node_cidr: "#{ bootstrap_node_cidr }#"
-#% if bootstrap_ipv6_enabled | default(false) %#
+#% if bootstrap_ipv6_enabled|default(false) %#
 cluster_cidr_v6: "#{ bootstrap_cluster_cidr.split(',')[1] }#"
 service_cidr_v6: "#{ bootstrap_service_cidr.split(',')[1] }#"
 #% endif %#

bootstrap/templates/ansible/inventory/group_vars/master/main.yaml.j2

@@ -4,14 +4,14 @@
 # https://github.com/PyratLabs/ansible-role-k3s
 k3s_control_node: true
 k3s_server:
-  #% if bootstrap_ipv6_enabled | default(false) %#
+  #% if bootstrap_ipv6_enabled|default(false) %#
   node-ip: "{{ ansible_host }},{{ ansible_default_ipv6.address }}"
   #% else %#
   node-ip: "{{ ansible_host }}"
   #% endif %#
   tls-san:
     - "{{ kube_api_addr }}"
-    #% if bootstrap_kube_api_hostname | default('') %#
+    #% if bootstrap_kube_api_hostname|default('') %#
     - "{{ kube_api_hostname }}"
     #% endif %#
   docker: false
@@ -23,7 +23,7 @@ k3s_server:
   write-kubeconfig-mode: "644"
   pause-image: registry.k8s.io/pause:3.9
   secrets-encryption: true
-  #% if bootstrap_ipv6_enabled | default(false) %#
+  #% if bootstrap_ipv6_enabled|default(false) %#
   cluster-cidr: "{{ cluster_cidr }},{{ cluster_cidr_v6 }}"
   service-cidr: "{{ service_cidr }},{{ service_cidr_v6 }}"
   #% else %#

bootstrap/templates/ansible/inventory/group_vars/worker/main.yaml.j2

@@ -4,7 +4,7 @@
 # https://github.com/PyratLabs/ansible-role-k3s
 k3s_control_node: false
 k3s_agent:
-  #% if bootstrap_ipv6_enabled | default(false) %#
+  #% if bootstrap_ipv6_enabled|default(false) %#
   node-ip: "{{ ansible_host }},{{ ansible_default_ipv6.address }}"
   #% else %#
   node-ip: "{{ ansible_host }}"

bootstrap/templates/ansible/inventory/hosts.yaml.j2

@@ -1,4 +1,4 @@
-#% if bootstrap_distribution == 'k3s' or bootstrap_distribution == 'k0s' %#
+#% if bootstrap_distribution in ['k3s', 'k0s'] %#
 ---
 kubernetes:
   children:
@@ -9,7 +9,7 @@ kubernetes:
           ansible_user: "#{ item.username }#"
           ansible_host: "#{ item.address }#"
       #% endfor %#
-    #% if bootstrap_nodes.worker | default([]) | length > 0 %#
+    #% if bootstrap_nodes.worker|default([]) | length > 0 %#
     worker:
       hosts:
       #% for item in bootstrap_nodes.worker %#

bootstrap/templates/ansible/playbooks/cluster-installation.yaml.j2

@@ -41,7 +41,7 @@
         kubeconfig: /etc/rancher/k3s/k3s.yaml
         kind: "{{ item.kind }}"
         name: "{{ item.name }}"
-        namespace: "{{ item.namespace | default('') }}"
+        namespace: "{{ item.namespace|default('') }}"
         wait: true
         wait_sleep: 10
         wait_timeout: 360

bootstrap/templates/ansible/playbooks/cluster-prepare.yaml.j2

@@ -16,7 +16,7 @@
       block:
         - name: Locale | Set timezone
           community.general.timezone:
-            name: "{{ timezone | default('Etc/UTC') }}"
+            name: "{{ timezone|default('Etc/UTC') }}"
 
     - name: Packages
       block:
@@ -62,6 +62,7 @@
               ff02::2 ip6-allrouters
             dest: /etc/hosts
             mode: preserve
+        #% if bootstrap_advanced_flags|default({}) and bootstrap_advanced_flags.update_resolv_conf|default(true) %#
         # https://github.com/onedr0p/flux-cluster-template/discussions/635
         - name: Network Configuration | Remove immutable flag from /etc/resolv.conf
           ansible.builtin.file:
@@ -79,7 +80,8 @@
             dest: /etc/resolv.conf
             content: |
               search .
-              nameserver #{ bootstrap_dns_server | default('1.1.1.1', true) }#
+              nameserver #{ bootstrap_dns_server|default('1.1.1.1', true) }#
+        #% endif %#
 
     - name: System Configuration
       notify: Reboot

bootstrap/templates/ansible/playbooks/cluster-reboot.yaml.j2

@@ -1,4 +1,4 @@
-#% if bootstrap_distribution == 'k3s' or bootstrap_distribution == 'k0s' %#
+#% if bootstrap_distribution in ['k3s', 'k0s'] %#
 ---
 - name: Reboot
   hosts: kubernetes

bootstrap/templates/ansible/playbooks/cluster-rollout-update.yaml.j2

@@ -1,4 +1,4 @@
-#% if bootstrap_distribution == 'k3s' or bootstrap_distribution == 'k0s' %#
+#% if bootstrap_distribution in ['k3s', 'k0s'] %#
 ---
 # https://github.com/kevincoakley/ansible-role-k8s-rolling-update
 - name: Cluster rollout update

bootstrap/templates/ansible/playbooks/templates/kube-vip-static-pod.yaml.j2.j2

@@ -1,4 +1,4 @@
-#% if bootstrap_distribution == 'k3s' and (bootstrap_nodes.master | length > 1 or bootstrap_kube_api_addr | default('')) %#
+#% if bootstrap_distribution == 'k3s' and (bootstrap_nodes.master | length > 1 or bootstrap_kube_api_addr|default('')) %#
 ---
 apiVersion: v1
 kind: Pod

bootstrap/templates/kubernetes/apps/default/discord-template-notifier/app/helmrelease.yaml.j2

@@ -1,4 +1,4 @@
-#% if discord_template_notifier.enabled | default(false) %#
+#% if discord_template_notifier|default({}) and discord_template_notifier.enabled|default(false) %#
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease

bootstrap/templates/kubernetes/apps/default/discord-template-notifier/app/kustomization.yaml.j2

@@ -1,4 +1,4 @@
-#% if discord_template_notifier.enabled | default(false) %#
+#% if discord_template_notifier|default({}) and discord_template_notifier.enabled|default(false) %#
 ---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

bootstrap/templates/kubernetes/apps/default/discord-template-notifier/app/secret.sops.yaml.j2

@@ -1,4 +1,4 @@
-#% if discord_template_notifier.enabled | default(false) %#
+#% if discord_template_notifier|default({}) and discord_template_notifier.enabled|default(false) %#
 ---
 apiVersion: v1
 kind: Secret