rlex · rlex · Dec 11, 2023 · Dec 11, 2023 · Dec 11, 2023
diff --git a/.ansible-lint b/.ansible-lint
@@ -0,0 +1,2 @@
+exclude_paths:
+  - meta/
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,92 @@
+name: CI
+'on':
+  pull_request:
+  push:
+    branches:
+      - master
+
+defaults:
+  run:
+    working-directory: 'rlex.k3s'
+
+jobs:
+
+  yaml-lint:
+    name: YAML lint
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Check out the codebase
+        uses: actions/checkout@v4
+        with:
+          path: 'rlex.k3s'
+
+      - name: Set up Python 3
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies
+        run: pip3 install yamllint
+
+      - name: Lint code.
+        run: |
+          yamllint .
+
+  ansible-lint:
+    name: Ansible lint
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Check out the codebase
+        uses: actions/checkout@v4
+        with:
+          path: 'rlex.k3s'
+
+      - name: Set up Python 3
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies
+        run: pip3 install ansible-lint
+
+      - name: Lint code
+        run: |
+          ansible-lint .
+
+  molecule:
+    name: Molecule
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        include:
+          - distro: ubuntu2204
+            scenario: single-node
+          - distro: debian11
+            scenario: single-node
+          - distro: ubuntu2204
+            scenario: cluster
+          - distro: debian11
+            scenario: cluster
+          - distro: ubuntu2204
+            scenario: extended-settings
+
+    steps:
+      - name: Checkout codebase
+        uses: actions/checkout@v4
+        with:
+          path: 'rlex.k3s'
+
+      - name: Setup python 3
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install ansible molecule molecule-plugins[docker] docker
+
+      - name: Run Molecule tests.
+        run: molecule test --scenario-name "${{ matrix.scenario }}"
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+          MOLECULE_DISTRO: ${{ matrix.distro }}
diff --git a/.yamllint.yml b/.yamllint.yml
@@ -0,0 +1,9 @@
+---
+
+yaml-files:
+  - '*.yaml'
+  - '*.yml'
+  - '.yamllint'
+
+rules:
+  line-length: disable
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -6,6 +6,7 @@ k3s_master_port: 6443
 k3s_flannel_backend: vxlan
 k3s_master_disable: []
 k3s_master_extra_args: []
+k3s_mount_bpffs: false
 k3s_agent_extra_args: ""
 k3s_agent_additional_config: ""
 k3s_master_additional_config: ""
@@ -28,15 +29,15 @@ k3s_gvisor: false
 k3s_gvisor_platform: systrap
 k3s_gvisor_create_runtimeclass: true
 k3s_gvisor_config: {}
-#https://github.com/google/gvisor/tags
+# https://github.com/google/gvisor/tags
 k3s_gvisor_version: 20231113
 k3s_sysctl_config: {}
 k3s_registries: ""
 k3s_kubeconfig: false
 k3s_kubeconfig_server: "{{ hostvars[groups[k3s_master_group][0]]['ansible_host'] | default(groups[k3s_master_group][0]) }}:{{ k3s_master_port }}"
 k3s_kubeconfig_context: k3s
 k3s_kubeconfig_target: "{{ k3s_kubeconfig_context }}"
-#backwards compatibility
+# backwards compatibility
 k3s_node_extra_args: "{{ k3s_agent_extra_args }}"
 k3s_node_external_ip: "{{ k3s_external_ip }}"
 k3s_node_ip: "{{ k3s_internal_ip }}"

diff --git a/molecule/cluster/converge.yml b/molecule/cluster/converge.yml
@@ -0,0 +1,20 @@
+---
+- name: Converge
+  hosts: all
+  vars:
+    k3s_internal_ip: "{{ ansible_default_ipv4.address }}"
+    k3s_agent_extra_args:
+      - "--snapshotter=native"
+    k3s_master_extra_args:
+      - "--snapshotter=native"
+
+  pre_tasks:
+    - name: Update apt cache.
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 600
+      when: ansible_os_family == 'Debian'
+      changed_when: false
+
+  roles:
+    - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
diff --git a/molecule/cluster/molecule.yml b/molecule/cluster/molecule.yml
@@ -0,0 +1,67 @@
+---
+role_name_check: 1
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: master-1
+    groups:
+      - k3s_master
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
+    privileged: true
+    pre_build_image: true
+    networks:
+      - name: k3s
+  - name: master-2
+    groups:
+      - k3s_master
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
+    privileged: true
+    pre_build_image: true
+    networks:
+      - name: k3s
+  - name: master-3
+    groups:
+      - k3s_master
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
+    privileged: true
+    pre_build_image: true
+    networks:
+      - name: k3s
+  - name: node-1
+    groups:
+      - k3s_agent
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
+    privileged: true
+    pre_build_image: true
+    networks:
+      - name: k3s
+provisioner:
+  name: ansible
+  options:
+    diff: true
+  inventory:
+    group_vars:
+      k3s_master:
+        k3s_master: true
+      k3s_agent:
+        k3s_agent: true
+  playbooks:
+    converge: ${MOLECULE_PLAYBOOK:-converge.yml}
diff --git a/molecule/extended-settings/converge.yml b/molecule/extended-settings/converge.yml
@@ -0,0 +1,49 @@
+---
+- name: Converge
+  hosts: all
+  vars:
+    k3s_agent_extra_args:
+      - "--snapshotter=native"
+    k3s_master_extra_args:
+      - "--snapshotter=native"
+    # test adding additonal manifests
+    k3s_additional_manifests:
+      - name: kata
+        state: present
+        definition:
+          apiVersion: node.k8s.io/v1
+          kind: RuntimeClass
+          metadata:
+            name: kata
+          handler: kata
+    # test adding additional configfiles
+    k3s_additional_config_files:
+      - name: apiserver-tracing.yaml
+        content: |
+          apiVersion: apiserver.config.k8s.io/v1alpha1
+          kind: TracingConfiguration
+          endpoint: 127.0.0.1:4317
+          samplingRatePerMillion: 100
+    k3s_master_additional_config:
+      disable-cloud-controller: true
+    k3s_kubelet_additional_config:
+      - "cloud-provider=external"
+    k3s_additional_packages:
+      - open-iscsi
+    k3s_gvisor: true
+    k3s_gvisor_config:
+      network: host
+    k3s_server_disable:
+      - metrics-server
+      - traefik
+
+  pre_tasks:
+    - name: Update apt cache.
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 600
+      when: ansible_os_family == 'Debian'
+      changed_when: false
+
+  roles:
+    - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
diff --git a/molecule/extended-settings/molecule.yml b/molecule/extended-settings/molecule.yml
@@ -0,0 +1,29 @@
+---
+role_name_check: 1
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    groups:
+      - k3s_master
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  options:
+    diff: true
+  inventory:
+    group_vars:
+      k3s_master:
+        k3s_master: true
+      k3s_agent:
+        k3s_agent: true
+  playbooks:
+    converge: ${MOLECULE_PLAYBOOK:-converge.yml}
diff --git a/molecule/requirements.yml b/molecule/requirements.yml
@@ -0,0 +1 @@
+molecule-plugins[docker]
diff --git a/molecule/single-node/converge.yml b/molecule/single-node/converge.yml
@@ -0,0 +1,19 @@
+---
+- name: Converge
+  hosts: all
+  vars:
+    k3s_agent_extra_args:
+      - "--snapshotter=native"
+    k3s_master_extra_args:
+      - "--snapshotter=native"
+
+  pre_tasks:
+    - name: Update apt cache.
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 600
+      when: ansible_os_family == 'Debian'
+      changed_when: false
+
+  roles:
+    - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
diff --git a/molecule/single-node/molecule.yml b/molecule/single-node/molecule.yml
@@ -0,0 +1,29 @@
+---
+role_name_check: 1
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    groups:
+      - k3s_master
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  options:
+    diff: true
+  inventory:
+    group_vars:
+      k3s_master:
+        k3s_master: true
+      k3s_agent:
+        k3s_agent: true
+  playbooks:
+    converge: ${MOLECULE_PLAYBOOK:-converge.yml}
diff --git a/tasks/additional-configs.yml b/tasks/additional-configs.yml
@@ -6,5 +6,5 @@
     owner: root
     group: root
     mode: "0600"
-  notify: restart k3s
+  notify: Restart k3s
   with_items: "{{ k3s_additional_config_files }}"
diff --git a/tasks/additional-masters.yml b/tasks/additional-masters.yml
@@ -6,7 +6,7 @@
     owner: root
     group: root
     mode: "0600"
-  notify: restart k3s
+  notify: Restart k3s
 
 - name: Copy k3s service file
   register: k3s_service
@@ -16,7 +16,7 @@
     owner: root
     group: root
     mode: "0600"
-  notify: restart k3s
+  notify: Restart k3s
 
 - name: Enable and start k3s (additional masters)
   ansible.builtin.systemd:

diff --git a/tasks/agent.yml b/tasks/agent.yml
@@ -6,7 +6,7 @@
     owner: root
     group: root
     mode: "0600"
-  notify: restart k3s
+  notify: Restart k3s
 
 - name: Copy k3s service file
   ansible.builtin.template:
@@ -15,7 +15,7 @@
     owner: root
     group: root
     mode: "0600"
-  notify: restart k3s
+  notify: Restart k3s
 
 - name: Enable and start k3s (workers)
   ansible.builtin.systemd: