onedr0p · onedr0p · Jan 16, 2024 · Jan 16, 2024 · Jan 16, 2024
diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -15,7 +15,6 @@
   "schedule": ["on saturday"],
   "flux": {
     "fileMatch": [
-      "(^|/)addons/.+\\.ya?ml(\\.j2)?(\\.j2)?$",
       "(^|/)ansible/.+\\.ya?ml(\\.j2)?(\\.j2)?$",
       "(^|/)kubernetes/.+\\.ya?ml(\\.j2)?(\\.j2)?$"
     ]
@@ -228,11 +227,16 @@
         "(^|/)k0s-config.ya?ml(\\.j2)?(\\.j2)?$"
       ],
       "matchStrings": [
-        // Example: `k3s_release_version: "v1.27.3+k3s1"`
+        // Example:
+        //   k3s_release_version: "v1.27.3+k3s1"
         "datasource=(?<datasource>\\S+) depName=(?<depName>\\S+)( versioning=(?<versioning>\\S+))?\n.*?\"(?<currentValue>.*)\"\n",
-        // Example: `- https://github.com/rancher/system-upgrade-controller/releases/download/v0.11.0/crd.yaml`
+        // Example:
+        //   - https://github.com/rancher/system-upgrade-controller/releases/download/v0.11.0/crd.yaml
         "datasource=(?<datasource>\\S+) depName=(?<depName>\\S+)( versioning=(?<versioning>\\S+))?\n.*?-\\s(.*?)\/(?<currentValue>[^/]+)\/[^/]+\n",
-        // Example: apiVersion=helm.cattle.io/v1 kind=HelmChart
+        // Example:
+        //   repo: https://helm.cilium.io
+        //   chart: cilium
+        //   version: 1.14.5
         "datasource=(?<datasource>\\S+)\n.*?repo: (?<registryUrl>\\S+)\n.*?chart: (?<depName>\\S+)\n.*?version: (?<currentValue>\\S+)\n"
       ],
       "datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}",

diff --git a/bootstrap/templates/.sops.yaml.j2 b/bootstrap/templates/.sops.yaml.j2
@@ -4,8 +4,8 @@ creation_rules:
     encrypted_regex: "^(data|stringData)$"
     key_groups:
       - age:
-          - "<< bootstrap_age_public_key >>"
+          - "{% bootstrap_age_public_key %}"
   - path_regex: ansible/.*\.sops\.ya?ml
     key_groups:
       - age:
-          - "<< bootstrap_age_public_key >>"
+          - "{% bootstrap_age_public_key %}"
diff --git a/bootstrap/templates/ansible/inventory/group_vars/kubernetes/main.yaml.j2 b/bootstrap/templates/ansible/inventory/group_vars/kubernetes/main.yaml.j2
@@ -1,4 +1,4 @@
-<% if bootstrap_distribution == 'k3s' %>
+#% if bootstrap_distribution == 'k3s' %#
 ---
 #
 # Below vars are for the xanmanning.k3s role
@@ -9,23 +9,23 @@
 k3s_release_version: "v1.29.0+k3s1"
 k3s_install_hard_links: true
 k3s_become: true
-<% if bootstrap_nodes.master | length > 1 %>
+#% if bootstrap_nodes.master | length > 1 %#
 k3s_etcd_datastore: true
-<% else %>
+#% else %#
 k3s_etcd_datastore: false
-<% endif %>
+#% endif %#
 k3s_registration_address: "{{ kube_api_addr }}"
 # /var/lib/rancher/k3s/server/manifests
 k3s_server_manifests_templates:
   - custom-cilium-helmchart.yaml.j2
   - custom-coredns-helmchart.yaml.j2
-<% if bootstrap_nodes.master | length > 1 and not bootstrap_kube_api_addr %>
+#% if bootstrap_nodes.master | length > 1 and not bootstrap_kube_api_addr %#
 # /var/lib/rancher/k3s/server/manifests
 k3s_server_manifests_urls:
   - url: https://raw.githubusercontent.com/kube-vip/website/main/content/manifests/rbac.yaml
     filename: kube-vip-rbac.yaml
 # /var/lib/rancher/k3s/agent/pod-manifests
 k3s_server_pod_manifests_templates:
   - kube-vip-static-pod.yaml.j2
-<% endif %>
-<% endif %>
+#% endif %#
+#% endif %#
diff --git a/bootstrap/templates/ansible/inventory/group_vars/kubernetes/supplemental.yaml.j2 b/bootstrap/templates/ansible/inventory/group_vars/kubernetes/supplemental.yaml.j2
@@ -1,16 +1,16 @@
 ---
-timezone: "<< bootstrap_timezone >>"
-github_username: "<< bootstrap_github_username >>"
-coredns_addr: "<< bootstrap_service_cidr.split(',')[0] | nthhost(10) >>"
-<% if bootstrap_nodes.master | length == 1 and not bootstrap_kube_api_addr %>
-kube_api_addr: "<< bootstrap_nodes.master[0].address >>"
-<% else %>
-kube_api_addr: "<< bootstrap_kube_api_addr >>"
-<% endif %>
-cluster_cidr: "<< bootstrap_cluster_cidr.split(',')[0] >>"
-service_cidr: "<< bootstrap_service_cidr.split(',')[0] >>"
-node_cidr: "<< bootstrap_node_cidr >>"
-<% if bootstrap_ipv6_enabled | default(false) %>
-cluster_cidr_v6: "<< bootstrap_cluster_cidr.split(',')[1] >>"
-service_cidr_v6: "<< bootstrap_service_cidr.split(',')[1] >>"
-<% endif %>
+timezone: "{% bootstrap_timezone %}"
+github_username: "{% bootstrap_github_username %}"
+coredns_addr: "{% bootstrap_service_cidr.split(',')[0] | nthhost(10) %}"
+#% if bootstrap_nodes.master | length == 1 and not bootstrap_kube_api_addr %#
+kube_api_addr: "{% bootstrap_nodes.master[0].address %}"
+#% else %#
+kube_api_addr: "{% bootstrap_kube_api_addr %}"
+#% endif %#
+cluster_cidr: "{% bootstrap_cluster_cidr.split(',')[0] %}"
+service_cidr: "{% bootstrap_service_cidr.split(',')[0] %}"
+node_cidr: "{% bootstrap_node_cidr %}"
+#% if bootstrap_ipv6_enabled | default(false) %#
+cluster_cidr_v6: "{% bootstrap_cluster_cidr.split(',')[1] %}"
+service_cidr_v6: "{% bootstrap_service_cidr.split(',')[1] %}"
+#% endif %#
diff --git a/bootstrap/templates/ansible/inventory/group_vars/master/main.yaml.j2 b/bootstrap/templates/ansible/inventory/group_vars/master/main.yaml.j2
@@ -1,15 +1,15 @@
-<% if bootstrap_distribution == 'k3s' %>
+#% if bootstrap_distribution == 'k3s' %#
 ---
 # https://rancher.com/docs/k3s/latest/en/installation/install-options/server-config/
 # https://github.com/PyratLabs/ansible-role-k3s
 
 k3s_control_node: true
 k3s_server:
-  <% if bootstrap_ipv6_enabled | default(false) %>
+  #% if bootstrap_ipv6_enabled | default(false) %#
   node-ip: "{{ ansible_host }},{{ ansible_default_ipv6.address }}"
-  <% else %>
+  #% else %#
   node-ip: "{{ ansible_host }}"
-  <% endif %>
+  #% endif %#
   tls-san:
     - "{{ kube_api_addr }}"
   docker: false
@@ -27,13 +27,13 @@ k3s_server:
   write-kubeconfig-mode: "644"
   pause-image: registry.k8s.io/pause:3.9
   secrets-encryption: true
-  <% if bootstrap_ipv6_enabled | default(false) %>
+  #% if bootstrap_ipv6_enabled | default(false) %#
   cluster-cidr: "{{ cluster_cidr }},{{ cluster_cidr_v6 }}"
   service-cidr: "{{ service_cidr }},{{ service_cidr_v6 }}"
-  <% else %>
+  #% else %#
   cluster-cidr: "{{ cluster_cidr }}"
   service-cidr: "{{ service_cidr }}"
-  <% endif %>
+  #% endif %#
   etcd-expose-metrics: true           # Required to monitor etcd with kube-prometheus-stack
   kube-controller-manager-arg:
     - "bind-address=0.0.0.0"          # Required to monitor kube-controller-manager with kube-prometheus-stack
@@ -45,4 +45,4 @@ k3s_server:
   kubelet-arg:
     - "image-gc-high-threshold=55"
     - "image-gc-low-threshold=50"
-<% endif %>
+#% endif %#
diff --git a/bootstrap/templates/ansible/inventory/group_vars/worker/main.yaml.j2 b/bootstrap/templates/ansible/inventory/group_vars/worker/main.yaml.j2
@@ -1,18 +1,18 @@
-<% if bootstrap_distribution == 'k3s' %>
+#% if bootstrap_distribution == 'k3s' %#
 ---
 # https://rancher.com/docs/k3s/latest/en/installation/install-options/agent-config/
 # https://github.com/PyratLabs/ansible-role-k3s
 
 k3s_control_node: false
 k3s_agent:
-  <% if bootstrap_ipv6_enabled | default(false) %>
+  #% if bootstrap_ipv6_enabled | default(false) %#
   node-ip: "{{ ansible_host }},{{ ansible_default_ipv6.address }}"
-  <% else %>
+  #% else %#
   node-ip: "{{ ansible_host }}"
-  <% endif %>
+  #% endif %#
   pause-image: registry.k8s.io/pause:3.9
   # TODO: Move these options to a kubelet config file
   kubelet-arg:
     - "image-gc-high-threshold=55"
     - "image-gc-low-threshold=50"
-<% endif %>
+#% endif %#
diff --git a/bootstrap/templates/ansible/inventory/hosts.yaml.j2 b/bootstrap/templates/ansible/inventory/hosts.yaml.j2
@@ -3,25 +3,25 @@ kubernetes:
   children:
     master:
       hosts:
-      <% for item in bootstrap_nodes.master %>
-        << item.name >>:
-          ansible_user: << item.username >>
-      <% if item.external_address is defined %>
-          ansible_host: << item.external_address >>
-      <% else %>
-          ansible_host: << item.address >>
-      <% endif %>
-      <% endfor %>
-    <% if bootstrap_nodes.worker | default([]) | length > 0 %>
+      #% for item in bootstrap_nodes.master %#
+        "{% item.name %}":
+          ansible_user: "{% item.username %}"
+      #% if item.external_address is defined %#
+          ansible_host: "{% item.external_address %}"
+      #% else %#
+          ansible_host: "{% item.address %}"
+      #% endif %#
+      #% endfor %#
+    #% if bootstrap_nodes.worker | default([]) | length > 0 %#
     worker:
       hosts:
-      <% for item in bootstrap_nodes.worker %>
-        << item.name >>:
-          ansible_user: << item.username >>
-      <% if item.external_address is defined %>
-          ansible_host: << item.external_address >>
-      <% else %>
-          ansible_host: << item.address >>
-      <% endif %>
-      <% endfor %>
-    <% endif %>
+      #% for item in bootstrap_nodes.worker %#
+        "{% item.name %}":
+          ansible_user: "{% item.username %}"
+      #% if item.external_address is defined %#
+          ansible_host: "{% item.external_address %}"
+      #% else %#
+          ansible_host: "{% item.address %}"
+      #% endif %#
+      #% endfor %#
+    #% endif %#
diff --git a/bootstrap/templates/ansible/playbooks/cluster-installation.yaml.j2 b/bootstrap/templates/ansible/playbooks/cluster-installation.yaml.j2
@@ -1,4 +1,4 @@
-<% if bootstrap_distribution == 'k3s' %>
+#% if bootstrap_distribution == 'k3s' %#
 ---
 - name: Cluster Installation
   hosts: kubernetes
@@ -60,4 +60,4 @@
     - name: Cruft
       when: k3s_primary_control_node
       ansible.builtin.include_tasks: tasks/cruft.yaml
-<% endif %>
+#% endif %#
diff --git a/bootstrap/templates/ansible/playbooks/cluster-kube-vip.yaml.j2 b/bootstrap/templates/ansible/playbooks/cluster-kube-vip.yaml.j2
@@ -1,4 +1,4 @@
-<% if bootstrap_distribution == 'k3s' %>
+#% if bootstrap_distribution == 'k3s' %#
 ---
 - name: Cluster kube-vip
   hosts: master
@@ -23,4 +23,4 @@
         src: templates/kube-vip-static-pod.yaml.j2
         dest: "{{ k3s_server_pod_manifests_dir }}/kube-vip-static-pod.yaml"
         mode: preserve
-<% endif %>
+#% endif %#
diff --git a/bootstrap/templates/ansible/playbooks/cluster-nuke.yaml.j2 b/bootstrap/templates/ansible/playbooks/cluster-nuke.yaml.j2
@@ -21,7 +21,7 @@
       ansible.builtin.pause:
         seconds: 5
   tasks:
-    <% if bootstrap_distribution == "k3s" %>
+    #% if bootstrap_distribution == "k3s" %#
     - name: Stop Kubernetes # noqa: ignore-errors
       ignore_errors: true
       block:
@@ -31,7 +31,7 @@
             public: true
           vars:
             k3s_state: stopped
-    <% endif %>
+    #% endif %#
 
     # https://github.com/k3s-io/docs/blob/main/docs/installation/network-options.md
     - name: Networking
@@ -57,7 +57,7 @@
             path: /etc/cni/net.d
             state: absent
 
-    <% if bootstrap_distribution == "k3s" %>
+    #% if bootstrap_distribution == "k3s" %#
     - name: Check to see if k3s-killall.sh exits
       ansible.builtin.stat:
         path: /usr/local/bin/k3s-killall.sh
@@ -92,11 +92,11 @@
         path: "{{ k3s_install_dir }}/{{ item }}"
         state: absent
       loop: ["kubectl", "crictl", "ctr"]
-    <% endif %>
+    #% endif %#
 
     - name: Remove local storage path
       ansible.builtin.file:
-        path: "<< bootstrap_local_storage_path >>"
+        path: "{% bootstrap_local_storage_path %}"
         state: absent
 
     - name: Reboot

diff --git a/bootstrap/templates/ansible/playbooks/cluster-rollout-update.yaml.j2 b/bootstrap/templates/ansible/playbooks/cluster-rollout-update.yaml.j2
@@ -12,11 +12,11 @@
         seconds: 5
   tasks:
     - name: Details
-      <% if bootstrap_distribution == 'k3s' %>
+      #% if bootstrap_distribution == 'k3s' %#
       ansible.builtin.command: "k3s kubectl get node {{ inventory_hostname }} -o json"
-      <% elif bootstrap_distribution == 'k0s' %>
+      #% elif bootstrap_distribution == 'k0s' %#
       ansible.builtin.command: "k0s kubectl get node {{ inventory_hostname }} -o json"
-      <% endif %>
+      #% endif %#
       register: kubectl_get_node
       delegate_to: "{{ groups['master'][0] }}"
       failed_when: false
@@ -32,22 +32,22 @@
         - name: Cordon
           kubernetes.core.k8s_drain:
             name: "{{ inventory_hostname }}"
-            <% if bootstrap_distribution == 'k3s' %>
+            #% if bootstrap_distribution == 'k3s' %#
             kubeconfig: /etc/rancher/k3s/k3s.yaml
-            <% elif bootstrap_distribution == 'k0s' %>
+            #% elif bootstrap_distribution == 'k0s' %#
             kubeconfig: /var/lib/k0s/pki/admin.conf
-            <% endif %>
+            #% endif %#
             state: cordon
           delegate_to: "{{ groups['master'][0] }}"
 
         - name: Drain
           kubernetes.core.k8s_drain:
             name: "{{ inventory_hostname }}"
-            <% if bootstrap_distribution == 'k3s' %>
+            #% if bootstrap_distribution == 'k3s' %#
             kubeconfig: /etc/rancher/k3s/k3s.yaml
-            <% elif bootstrap_distribution == 'k0s' %>
+            #% elif bootstrap_distribution == 'k0s' %#
             kubeconfig: /var/lib/k0s/pki/admin.conf
-            <% endif %>
+            #% endif %#
             state: drain
             delete_options:
               delete_emptydir_data: true
@@ -79,10 +79,10 @@
         - name: Uncordon
           kubernetes.core.k8s_drain:
             name: "{{ inventory_hostname }}"
-            <% if bootstrap_distribution == 'k3s' %>
+            #% if bootstrap_distribution == 'k3s' %#
             kubeconfig: /etc/rancher/k3s/k3s.yaml
-            <% elif bootstrap_distribution == 'k0s' %>
+            #% elif bootstrap_distribution == 'k0s' %#
             kubeconfig: /var/lib/k0s/pki/admin.conf
-            <% endif %>
+            #% endif %#
             state: uncordon
           delegate_to: "{{ groups['master'][0] }}"
diff --git a/bootstrap/templates/ansible/playbooks/tasks/cilium.yaml.j2 b/bootstrap/templates/ansible/playbooks/tasks/cilium.yaml.j2
@@ -1,4 +1,4 @@
-<% if bootstrap_distribution == 'k3s' %>
+#% if bootstrap_distribution == 'k3s' %#
 ---
 - name: Cilium
   block:
@@ -55,4 +55,4 @@
         definition:
           metadata:
             finalizers: []
-<% endif %>
+#% endif %#
diff --git a/bootstrap/templates/ansible/playbooks/tasks/coredns.yaml.j2 b/bootstrap/templates/ansible/playbooks/tasks/coredns.yaml.j2
@@ -1,4 +1,4 @@
-<% if bootstrap_distribution == 'k3s' %>
+#% if bootstrap_distribution == 'k3s' %#
 ---
 - name: Coredns
   block:
@@ -55,4 +55,4 @@
         definition:
           metadata:
             finalizers: []
-<% endif %>
+#% endif %#
diff --git a/bootstrap/templates/ansible/playbooks/tasks/cruft.yaml.j2 b/bootstrap/templates/ansible/playbooks/tasks/cruft.yaml.j2
@@ -1,4 +1,4 @@
-<% if bootstrap_distribution == 'k3s' %>
+#% if bootstrap_distribution == 'k3s' %#
 ---
 # https://github.com/k3s-io/k3s/issues/1971
 - name: Cruft
@@ -31,4 +31,4 @@
         namespace: kube-system
         state: absent
       loop: "{{ addons_list.resources | selectattr('metadata.name', 'match', '^custom-.*') | list }}"
-<% endif %>
+#% endif %#
diff --git a/bootstrap/templates/ansible/playbooks/tasks/kubeconfig.yaml.j2 b/bootstrap/templates/ansible/playbooks/tasks/kubeconfig.yaml.j2
@@ -1,4 +1,4 @@
-<% if bootstrap_distribution == 'k3s' %>
+#% if bootstrap_distribution == 'k3s' %#
 ---
 - name: Get absolute path to this Git repository # noqa: command-instead-of-module
   ansible.builtin.command: git rev-parse --show-toplevel
@@ -25,4 +25,4 @@
     path: "{{ repository_path.stdout }}/kubeconfig"
     regexp: https://127.0.0.1:6443
     replace: "https://{{ k3s_registration_address }}:6443"
-<% endif %>
+#% endif %#