onedr0p · onedr0p · Jan 29, 2024 · Jan 29, 2024 · Jan 29, 2024 · Jan 29, 2024
diff --git a/bootstrap/templates/.sops.yaml.j2 b/bootstrap/templates/.sops.yaml.j2
@@ -1,22 +1,22 @@
-#% if flux.enabled %#
+{% if flux.enabled %}
 ---
 creation_rules:
-  #% if distribution in ['talos'] %#
+  {% if distribution in ['talos'] %}
   - # IMPORTANT: This rule MUST be above the others
     path_regex: talos/.*\.sops\.ya?ml
     key_groups:
       - age:
-          - "#{ flux.sops_age_public_key }#"
-  #% endif %#
+          - "{{ flux.sops_age_public_key }}"
+  {% endif %}
   - path_regex: kubernetes/.*\.sops\.ya?ml
     encrypted_regex: "^(data|stringData)$"
     key_groups:
       - age:
-          - "#{ flux.sops_age_public_key }#"
-  #% if distribution in ['k0s', 'k3s'] %#
+          - "{{ flux.sops_age_public_key }}"
+  {% if distribution in ['k0s', 'k3s'] %}
   - path_regex: ansible/.*\.sops\.ya?ml
     key_groups:
       - age:
-          - "#{ flux.sops_age_public_key }#"
-  #% endif %#
-#% endif %#
+          - "{{ flux.sops_age_public_key }}"
+  {% endif %}
+{% endif %}
diff --git a/bootstrap/templates/ansible/inventory/group_vars/kubernetes/main.yaml.j2 b/bootstrap/templates/ansible/inventory/group_vars/kubernetes/main.yaml.j2
@@ -2,7 +2,7 @@
 k3s_become: true
 k3s_etcd_datastore: true
 k3s_install_hard_links: true
-k3s_registration_address: "#{ cluster.endpoint_vip }#"
+k3s_registration_address: "{{ cluster.endpoint_vip }}"
 # renovate: datasource=github-releases depName=k3s-io/k3s
 k3s_release_version: v1.29.0+k3s1
 k3s_server_manifests_templates:

diff --git a/bootstrap/templates/ansible/inventory/group_vars/master/main.yaml.j2 b/bootstrap/templates/ansible/inventory/group_vars/master/main.yaml.j2
@@ -1,13 +1,13 @@
 ---
 k3s_control_node: true
 k3s_server:
-  #% if feature_gates.dual_stack_ipv4_first %#
-  cluster-cidr: "#{ cluster.pod_network.split(',')[0] }#,#{ cluster.pod_network.split(',')[1] }#"
-  service-cidr: "#{ cluster.service_network.split(',')[0] }#,#{ cluster.service_network.split(',')[1] }#"
-  #% else %#
-  cluster-cidr: "#{ cluster.pod_network }#"
-  service-cidr: "#{ cluster.service_network }#"
-  #% endif %#
+  {% if feature_gates.dual_stack_ipv4_first %}
+  cluster-cidr: "{{ cluster.pod_network.split(',')[0] }},{{ cluster.pod_network.split(',')[1] }}"
+  service-cidr: "{{ cluster.service_network.split(',')[0] }},{{ cluster.service_network.split(',')[1] }}"
+  {% else %}
+  cluster-cidr: "{{ cluster.pod_network }}"
+  service-cidr: "{{ cluster.service_network }}"
+  {% endif %}
   disable: ["flannel", "local-storage", "metrics-server", "servicelb", "traefik"]
   disable-cloud-controller: true
   disable-kube-proxy: true
@@ -24,16 +24,16 @@ k3s_server:
   kubelet-arg:
     - "image-gc-high-threshold=55"
     - "image-gc-low-threshold=50"
-  #% if feature_gates.dual_stack_ipv4_first %#
-  node-ip: "{{ ansible_host }},{{ ansible_default_ipv6.address }}"
-  #% else %#
-  node-ip: "{{ ansible_host }}"
-  #% endif %#
+  {% if feature_gates.dual_stack_ipv4_first %}
+  node-ip: "{% raw %}{{ ansible_host }}{% endraw %},{% raw %}{{ ansible_default_ipv6.address }}{% endraw %}"
+  {% else %}
+  node-ip: "{% raw %}{{ ansible_host }}{% endraw %}"
+  {% endif %}
   pause-image: registry.k8s.io/pause:3.9
   secrets-encryption: true
   tls-san:
-    - "#{ cluster.endpoint_vip }#"
-    #% for item in cluster.tls_sans %#
+    - "{{ cluster.endpoint_vip }}"
+    {% for item in cluster.tls_sans %}
     - "{{ item }}"
-    #% endfor %#
+    {% endfor %}
   write-kubeconfig-mode: "644"
diff --git a/bootstrap/templates/ansible/inventory/group_vars/worker/main.yaml.j2 b/bootstrap/templates/ansible/inventory/group_vars/worker/main.yaml.j2
@@ -4,9 +4,9 @@ k3s_agent:
   kubelet-arg:
     - "image-gc-high-threshold=55"
     - "image-gc-low-threshold=50"
-  #% if feature_gates.dual_stack_ipv4_first %#
-  node-ip: "{{ ansible_host }},{{ ansible_default_ipv6.address }}"
-  #% else %#
-  node-ip: "{{ ansible_host }}"
-  #% endif %#
+  {% if feature_gates.dual_stack_ipv4_first %}
+  node-ip: "{% raw %}{{ ansible_host }}{% endraw %},{% raw %}{{ ansible_default_ipv6.address }}{% endraw %}"
+  {% else %}
+  node-ip: "{% raw %}{{ ansible_host }}{% endraw %}"
+  {% endif %}
   pause-image: registry.k8s.io/pause:3.9
diff --git a/bootstrap/templates/ansible/inventory/hosts.yaml.j2 b/bootstrap/templates/ansible/inventory/hosts.yaml.j2
@@ -3,21 +3,21 @@ kubernetes:
   children:
     master:
       hosts:
-        #% for item in cluster.nodes.inventory %#
-        #% if item.controller %#
-        "#{ item.name }#":
-          ansible_user: "#{ item.ssh_username }#"
-          ansible_host: "#{ item.address }#"
-        #% endif %#
-        #% endfor %#
-    #% if cluster.nodes.inventory | selectattr('controller', 'equalto', False) | list | length %#
+        {% for item in cluster.nodes.inventory %}
+        {% if item.controller %}
+        "{{ item.name }}":
+          ansible_user: "{{ item.ssh_username }}"
+          ansible_host: "{{ item.address }}"
+        {% endif %}
+        {% endfor %}
+    {% if cluster.nodes.inventory | selectattr('controller', 'equalto', False) | list | length %}
     worker:
       hosts:
-        #% for item in cluster.nodes.inventory %#
-        #% if not item.controller %#
-        "#{ item.name }#":
-          ansible_user: "#{ item.ssh_username }#"
-          ansible_host: "#{ item.address }#"
-        #% endif %#
-        #% endfor %#
-    #% endif %#
+        {% for item in cluster.nodes.inventory %}
+        {% if not item.controller %}
+        "{{ item.name }}":
+          ansible_user: "{{ item.ssh_username }}"
+          ansible_host: "{{ item.address }}"
+        {% endif %}
+        {% endfor %}
+    {% endif %}
diff --git a/bootstrap/templates/ansible/playbooks/cluster-installation.yaml.j2 b/bootstrap/templates/ansible/playbooks/cluster-installation.yaml.j2
@@ -1,4 +1,4 @@
-#% if distribution in ['k3s'] %#
+{% if distribution in ['k3s'] %}
 ---
 - name: Cluster Installation
   hosts: kubernetes
@@ -39,9 +39,9 @@
             or k3s_server_manifests_urls | length > 0)
       kubernetes.core.k8s_info:
         kubeconfig: /etc/rancher/k3s/k3s.yaml
-        kind: "{{ item.kind }}"
-        name: "{{ item.name }}"
-        namespace: "{{ item.namespace | default('') }}"
+        kind: "{% raw %}{{ item.kind }}{% endraw %}"
+        name: "{% raw %}{{ item.name }}{% endraw %}"
+        namespace: "{% raw %}{{ item.namespace | default('') }}{% endraw %}"
         wait: true
         wait_sleep: 10
         wait_timeout: 360
@@ -55,4 +55,4 @@
     - name: Cruft
       when: k3s_primary_control_node
       ansible.builtin.include_tasks: tasks/cruft.yaml
-#% endif %#
+{% endif %}
diff --git a/bootstrap/templates/ansible/playbooks/cluster-kube-vip.yaml.j2 b/bootstrap/templates/ansible/playbooks/cluster-kube-vip.yaml.j2
@@ -10,20 +10,20 @@
       ansible.builtin.pause:
         seconds: 5
   tasks:
-    #% if distribution in ['k3s'] %#
+    {% if distribution in ['k3s'] %}
     - name: Ensure Kubernetes is running
       ansible.builtin.include_role:
         name: xanmanning.k3s
         public: true
       vars:
         k3s_state: started
-    #% endif %#
+    {% endif %}
     - name: Upgrade kube-vip
       ansible.builtin.template:
         src: templates/kube-vip-ds.yaml.j2
-        #% if distribution in ['k3s'] %#
-        dest: "{{ k3s_server_manifests_dir }}/kube-vip-ds.yaml"
-        #% elif distribution in ['k0s'] %#
+        {% if distribution in ['k3s'] %}
+        dest: "{% raw %}{{ k3s_server_manifests_dir }}{% endraw %}/kube-vip-ds.yaml"
+        {% elif distribution in ['k0s'] %}
         dest: "/var/lib/k0s/manifests/kube-vip/kube-vip-ds.yaml"
-        #% endif %#
+        {% endif %}
         mode: preserve
diff --git a/bootstrap/templates/ansible/playbooks/cluster-nuke.yaml.j2 b/bootstrap/templates/ansible/playbooks/cluster-nuke.yaml.j2
@@ -1,4 +1,4 @@
-#% if distribution in ['k3s'] %#
+{% if distribution in ['k3s'] %}
 ---
 - name: Cluster Nuke
   hosts: kubernetes
@@ -37,17 +37,17 @@
       block:
         - name: Networking | Delete Cilium links
           ansible.builtin.command:
-            cmd: "ip link delete {{ item }}"
-            removes: "/sys/class/net/{{ item }}"
+            cmd: "ip link delete {% raw %}{{ item }}{% endraw %}"
+            removes: "/sys/class/net/{% raw %}{{ item }}{% endraw %}"
           loop: ["cilium_host", "cilium_net", "cilium_vxlan"]
         - name: Networking | Flush iptables
           ansible.builtin.iptables:
-            table: "{{ item }}"
+            table: "{% raw %}{{ item }}{% endraw %}"
             flush: true
           loop: ["filter", "nat", "mangle", "raw"]
         - name: Networking | Flush ip6tables
           ansible.builtin.iptables:
-            table: "{{ item }}"
+            table: "{% raw %}{{ item }}{% endraw %}"
             flush: true
             ip_version: ipv6
           loop: ["filter", "nat", "mangle", "raw"]
@@ -87,7 +87,7 @@
         - k3s_install_hard_links
         - not ansible_check_mode
       ansible.builtin.file:
-        path: "{{ k3s_install_dir }}/{{ item }}"
+        path: "{% raw %}{{ k3s_install_dir }}{% endraw %}/{% raw %}{{ item }}{% endraw %}"
         state: absent
       loop: ["kubectl", "crictl", "ctr"]
 
@@ -100,4 +100,4 @@
       ansible.builtin.reboot:
         msg: Rebooting hosts
         reboot_timeout: 3600
-#% endif %#
+{% endif %}
diff --git a/bootstrap/templates/ansible/playbooks/cluster-prepare.yaml.j2 b/bootstrap/templates/ansible/playbooks/cluster-prepare.yaml.j2
@@ -1,4 +1,4 @@
-#% if distribution in ['k3s'] %#
+{% if distribution in ['k3s'] %}
 ---
 - name: Prepare System
   hosts: kubernetes
@@ -16,7 +16,7 @@
       block:
         - name: Locale | Set timezone
           community.general.timezone:
-            name: "#{ timezone }#"
+            name: "{{ timezone }}"
 
     - name: Packages
       block:
@@ -33,12 +33,12 @@
       block:
         - name: Network Configuration | Set hostname
           ansible.builtin.hostname:
-            name: "{{ inventory_hostname }}"
+            name: "{% raw %}{{ inventory_hostname }}{% endraw %}"
         - name: Network Configuration | Update hosts
           ansible.builtin.copy:
             content: |
               127.0.0.1 localhost
-              127.0.1.1 {{ inventory_hostname }}
+              127.0.1.1 {% raw %}{{ inventory_hostname }}{% endraw %}
 
               # The following lines are desirable for IPv6 capable hosts
               ::1     localhost ip6-localhost ip6-loopback
@@ -62,10 +62,10 @@
             mode: '0644'
             dest: /etc/resolv.conf
             content: |
-              search #{ cluster.nodes.search_domain|default('.', true) }#
-              #% for item in cluster.nodes.dns_servers %#
-              nameserver #{ item }#
-              #% endfor %#
+              search {{ cluster.nodes.search_domain|default('.', true) }}
+              {% for item in cluster.nodes.dns_servers %}
+              nameserver {{ item }}
+              {% endfor %}
 
     - name: System Configuration
       notify: Reboot
@@ -78,15 +78,15 @@
             masked: true
         - name: System Configuration | Disable swap
           ansible.posix.mount:
-            name: "{{ item }}"
+            name: "{% raw %}{{ item }}{% endraw %}"
             fstype: swap
             state: absent
           loop: ["none", "swap"]
         - name: System Configuration | Create Kernel modules
           ansible.builtin.copy:
-            dest: "/etc/modules-load.d/{{ item }}.conf"
+            dest: "/etc/modules-load.d/{% raw %}{{ item }}{% endraw %}.conf"
             mode: "0644"
-            content: "{{ item }}"
+            content: "{% raw %}{{ item }}{% endraw %}"
           loop: ["br_netfilter", "ceph", "ip_vs", "ip_vs_rr", "nbd", "overlay", "rbd"]
           register: modules_status
         - name: System Configuration | Reload Kernel modules # noqa: no-changed-when no-handler
@@ -96,11 +96,11 @@
             state: restarted
         - name: System Configuration | Sysctl
           ansible.posix.sysctl:
-            name: "{{ item.key }}"
-            value: "{{ item.value }}"
+            name: "{% raw %}{{ item.key }}{% endraw %}"
+            value: "{% raw %}{{ item.value }}{% endraw %}"
             sysctl_file: /etc/sysctl.d/99-kubernetes.conf
             reload: true
-          with_dict: "{{ sysctl_config }}"
+          with_dict: "{% raw %}{{ sysctl_config }}{% endraw %}"
           vars:
             sysctl_config:
               fs.inotify.max_queued_events: 65536
@@ -112,4 +112,4 @@
       ansible.builtin.reboot:
         msg: Rebooting hosts
         reboot_timeout: 3600
-#% endif %#
+{% endif %}
diff --git a/bootstrap/templates/ansible/playbooks/cluster-rollout-update.yaml.j2 b/bootstrap/templates/ansible/playbooks/cluster-rollout-update.yaml.j2
@@ -12,13 +12,13 @@
         seconds: 5
   tasks:
     - name: Details
-      #% if distribution in ['k3s'] %#
-      ansible.builtin.command: "k3s kubectl get node {{ inventory_hostname }} -o json"
-      #% elif distribution in ['k0s'] %#
-      ansible.builtin.command: "k0s kubectl get node {{ inventory_hostname }} -o json"
-      #% endif %#
+      {% if distribution in ['k3s'] %}
+      ansible.builtin.command: "k3s kubectl get node {% raw %}{{ inventory_hostname }}{% endraw %} -o json"
+      {% elif distribution in ['k0s'] %}
+      ansible.builtin.command: "k0s kubectl get node {% raw %}{{ inventory_hostname }}{% endraw %} -o json"
+      {% endif %}
       register: kubectl_get_node
-      delegate_to: "{{ groups['master'][0] }}"
+      delegate_to: "{% raw %}{{ groups['master'][0] }}{% endraw %}"
       failed_when: false
       changed_when: false
 
@@ -31,23 +31,23 @@
       block:
         - name: Cordon
           kubernetes.core.k8s_drain:
-            name: "{{ inventory_hostname }}"
-            #% if distribution in ['k3s'] %#
+            name: "{% raw %}{{ inventory_hostname }}{% endraw %}"
+            {% if distribution in ['k3s'] %}
             kubeconfig: /etc/rancher/k3s/k3s.yaml
-            #% elif distribution in ['k0s'] %#
+            {% elif distribution in ['k0s'] %}
             kubeconfig: /var/lib/k0s/pki/admin.conf
-            #% endif %#
+            {% endif %}
             state: cordon
-          delegate_to: "{{ groups['master'][0] }}"
+          delegate_to: "{% raw %}{{ groups['master'][0] }}{% endraw %}"
 
         - name: Drain
           kubernetes.core.k8s_drain:
-            name: "{{ inventory_hostname }}"
-            #% if distribution in ['k3s'] %#
+            name: "{% raw %}{{ inventory_hostname }}{% endraw %}"
+            {% if distribution in ['k3s'] %}
             kubeconfig: /etc/rancher/k3s/k3s.yaml
-            #% elif distribution in ['k0s'] %#
+            {% elif distribution in ['k0s'] %}
             kubeconfig: /var/lib/k0s/pki/admin.conf
-            #% endif %#
+            {% endif %}
             state: drain
             delete_options:
               delete_emptydir_data: true
@@ -56,7 +56,7 @@
               wait_timeout: 900
             pod_selectors:
               - app!=rook-ceph-osd # Rook Ceph
-          delegate_to: "{{ groups['master'][0] }}"
+          delegate_to: "{% raw %}{{ groups['master'][0] }}{% endraw %}"
 
         - name: Update
           ansible.builtin.apt:
@@ -77,11 +77,11 @@
 
         - name: Uncordon
           kubernetes.core.k8s_drain:
-            name: "{{ inventory_hostname }}"
-            #% if distribution  in ['k3s'] %#
+            name: "{% raw %}{{ inventory_hostname }}{% endraw %}"
+            {% if distribution  in ['k3s'] %}
             kubeconfig: /etc/rancher/k3s/k3s.yaml
-            #% elif distribution in ['k0s'] %#
+            {% elif distribution in ['k0s'] %}
             kubeconfig: /var/lib/k0s/pki/admin.conf
-            #% endif %#
+            {% endif %}
             state: uncordon
-          delegate_to: "{{ groups['master'][0] }}"
+          delegate_to: "{% raw %}{{ groups['master'][0] }}{% endraw %}"