Fix/fix partition rke2

.editorconfig

@@ -0,0 +1,7 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "weekly"

.github/workflows/ci.yml

@@ -24,20 +24,20 @@ jobs:
       fail-fast: ${{ !contains(github.event_name, 'pull_request') }}
       matrix:
         config:
-          - image: "rockylinux8"
+          - image: "rockylinux9"
             cgroup_mode: "host"
             volumes: "rw"
-          - image: "ubuntu2204"
+          - image: "ubuntu2404"
             cgroup_mode: "host"
             volumes: "rw"
     steps:
       - name: checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           path: 'lablabs.rke2'
 
       - name: Set up Python 3
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: '3.x'
 
@@ -62,17 +62,17 @@ jobs:
     strategy:
       matrix:
         config:
-          - image: "ubuntu2204"
+          - image: "ubuntu2404"
             cgroup_mode: "host"
             volumes: "rw"
     steps:
       - name: checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           path: 'lablabs.rke2'
 
       - name: Set up Python 3
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: '3.x'
 
@@ -104,12 +104,12 @@ jobs:
   #           volumes: "rw"
   #   steps:
   #     - name: checkout
-  #       uses: actions/checkout@v3
+  #       uses: actions/checkout@v4
   #       with:
   #         path: 'lablabs.rke2'
 
   #     - name: Set up Python 3
-  #       uses: actions/setup-python@v4
+  #       uses: actions/setup-python@v5
   #       with:
   #         python-version: '3.x'
 
@@ -142,12 +142,12 @@ jobs:
   #           volumes: "rw"
   #   steps:
   #     - name: checkout
-  #       uses: actions/checkout@v3
+  #       uses: actions/checkout@v4
   #       with:
   #         path: 'lablabs.rke2'
 
   #     - name: Set up Python 3
-  #       uses: actions/setup-python@v4
+  #       uses: actions/setup-python@v5
   #       with:
   #         python-version: '3.x'
 

.github/workflows/lint.yml

@@ -12,10 +12,18 @@ jobs:
       fail-fast: true
     steps:
       - name: checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
-          path: "${{ github.repository }}"
-      - name: Molecule for Ansible - lint
-        uses: MonolithProjects/[email protected]
+          path: 'lablabs.rke2'
+
+      - name: Set up Python 3
+        uses: actions/setup-python@v5
         with:
-          molecule_command: lint
+          python-version: '3.x'
+
+      - name: Install ansible-lint
+        run: pip3 install ansible-lint
+
+      - name: Run ansible-lint
+        run: ansible-lint --profile production ./tasks
+        working-directory: ./lablabs.rke2

.github/workflows/pre-commit.yml

@@ -9,8 +9,8 @@ jobs:
   pre-commit:
     runs-on: ubuntu-20.04
     steps:
-    - uses: actions/checkout@v3
-    - uses: actions/setup-python@v2
+    - uses: actions/checkout@v4
+    - uses: actions/setup-python@v5
 
     - name: Run pre-commit
-      uses: pre-commit/action@v2.0.3
+      uses: pre-commit/action@v3.0.1

.github/workflows/release-drafter.yml

@@ -16,7 +16,7 @@ jobs:
   update_release_draft:
     runs-on: ubuntu-latest
     steps:
-      - uses: release-drafter/release-drafter@v5
+      - uses: release-drafter/release-drafter@v6
         with:
           config-name: RELEASE_DRAFTER.yml
         env:

.yamllint

@@ -3,6 +3,11 @@
 extends: default
 
 rules:
+  comments:
+    min-spaces-from-content: 1
+  octal-values:
+    forbid-implicit-octal: false
+    forbid-explicit-octal: true
   braces:
     max-spaces-inside: 1
     level: error
@@ -15,7 +20,6 @@ rules:
   commas:
     max-spaces-after: -1
     level: error
-  comments: disable
   comments-indentation: disable
   document-start: disable
   empty-lines:

README.md

@@ -28,9 +28,8 @@ The Role can install the RKE2 in 3 modes:
 
 ## Tested on
 
-* Rocky Linux 8
-* Ubuntu 20.04 LTS
-* Ubuntu 22.04 LTS
+* Rocky Linux 9
+* Ubuntu 24.04 LTS
 
 ## Role Variables
 
@@ -39,7 +38,7 @@ This is a copy of `defaults/main.yml`
 ```yaml
 ---
 # The node type - server or agent
-rke2_type: server
+rke2_type: "{{ 'server' if inventory_hostname in groups[rke2_servers_group_name] else 'agent' if inventory_hostname in groups[rke2_agents_group_name] }}"
 
 # Deploy the control plane in HA mode
 rke2_ha_mode: false
@@ -111,6 +110,9 @@ rke2_kubevip_metrics_port: 2112
 # Add additional SANs in k8s API TLS cert
 rke2_additional_sans: []
 
+# Configure cluster domain
+# rke2_cluster_domain: cluster.example.net
+
 # API Server destination port
 rke2_apiserver_dest_port: 6443
 
@@ -189,7 +191,7 @@ rke2_disable_cloud_controller: false
 
 # Cloud provider to use for the cluster (aws, azure, gce, openstack, vsphere, external)
 # applicable only if rke2_disable_cloud_controller is true
-rke2_cloud_provider_name: "rke2"
+rke2_cloud_provider_name: "external"
 
 # Path to custom manifests deployed during the RKE2 installation
 # It is possible to use Jinja2 templating in the manifests
@@ -242,10 +244,11 @@ rke2_etcd_snapshot_destination_dir: "{{ rke2_data_path }}/server/db/snapshots"
   # region: "" # optional - defaults to us-east-1
   # folder: "" # optional - defaults to top level of bucket
 # Override default containerd snapshotter
-rke2_snapshooter: overlayfs
+rke2_snapshotter: "{{ rke2_snapshooter }}"
+rke2_snapshooter: overlayfs # legacy variable that only exists to keep backward compatibility with previous configurations
 
-# Deploy RKE2 with default CNI canal
-rke2_cni: canal
+# Deploy RKE2 with default CNI canal (should be a list)
+rke2_cni: [canal]
 
 # Validate system configuration against the selected benchmark
 # (Supported value is "cis-1.23" or eventually "cis-1.6" if you are running RKE2 prior 1.25)
@@ -304,6 +307,13 @@ rke2_agents_group_name: workers
 # rke2_kube_scheduler_arg:
 #   - "bind-address=0.0.0.0"
 
+# (Optional) Configure nginx via HelmChartConfig: https://docs.rke2.io/networking/networking_services#nginx-ingress-controller
+# rke2_ingress_nginx_values:
+#   controller:
+#     config:
+#       use-forwarded-headers: "true"
+rke2_ingress_nginx_values: {}
+
 # Cordon, drain the node which is being upgraded. Uncordon the node once the RKE2 upgraded
 rke2_drain_node_during_upgrade: false
 
@@ -323,6 +333,17 @@ rke2_debug: false
 
 # The value for the node-name configuration item
 rke2_node_name: "{{ inventory_hostname }}"
+
+# the network to use for Pods.. Set to '10.42.0.0/16' by default.
+rke2_cluster_cidr:
+  - 10.42.0.0/16
+
+# the network to use for ClusterIP Services. Set to '10.43.0.0/16' by default.
+rke2_service_cidr:
+  - 10.43.0.0/16
+
+# Enable SELinux for rke2
+rke2_selinux: false
 ```
 
 ## Inventory file example
@@ -332,14 +353,14 @@ The RKE2 Kubernetes master/server nodes must belong to `masters` group and worke
 
 ```ini
 [masters]
-master-01 ansible_host=192.168.123.1 rke2_type=server
-master-02 ansible_host=192.168.123.2 rke2_type=server
-master-03 ansible_host=192.168.123.3 rke2_type=server
+master-01 ansible_host=192.168.123.1
+master-02 ansible_host=192.168.123.2
+master-03 ansible_host=192.168.123.3
 
 [workers]
-worker-01 ansible_host=192.168.123.11 rke2_type=agent
-worker-02 ansible_host=192.168.123.12 rke2_type=agent
-worker-03 ansible_host=192.168.123.13 rke2_type=agent
+worker-01 ansible_host=192.168.123.11
+worker-02 ansible_host=192.168.123.12
+worker-03 ansible_host=192.168.123.13
 
 [k8s_cluster:children]
 masters

defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # The node type - server or agent
-rke2_type: server
+rke2_type: "{{ 'server' if inventory_hostname in groups[rke2_servers_group_name] else 'agent' if inventory_hostname in groups[rke2_agents_group_name] }}"
 
 # Deploy the control plane in HA mode
 rke2_ha_mode: false
@@ -72,6 +72,9 @@ rke2_kubevip_metrics_port: 2112
 # Add additional SANs in k8s API TLS cert
 rke2_additional_sans: []
 
+# Configure cluster domain
+# rke2_cluster_domain: cluster.example.net
+
 # API Server destination port
 rke2_apiserver_dest_port: 6443
 
@@ -203,7 +206,8 @@ rke2_etcd_snapshot_destination_dir: "{{ rke2_data_path }}/server/db/snapshots"
   # region: "" # optional - defaults to us-east-1
   # folder: "" # optional - defaults to top level of bucket
 # Override default containerd snapshotter
-rke2_snapshooter: overlayfs
+rke2_snapshotter: "{{ rke2_snapshooter }}"
+rke2_snapshooter: overlayfs # legacy variable that only exists to keep backward compatibility with previous configurations
 
 # Deploy RKE2 with default CNI canal
 rke2_cni: canal
@@ -265,6 +269,13 @@ rke2_agents_group_name: workers
 # rke2_kube_scheduler_arg:
 #   - "bind-address=0.0.0.0"
 
+# (Optional) Configure nginx via HelmChartConfig: https://docs.rke2.io/networking/networking_services#nginx-ingress-controller
+# rke2_ingress_nginx_values:
+#   controller:
+#     config:
+#       use-forwarded-headers: "true"
+rke2_ingress_nginx_values: {}
+
 # Cordon, drain the node which is being upgraded. Uncordon the node once the RKE2 upgraded
 rke2_drain_node_during_upgrade: false
 
@@ -284,3 +295,14 @@ rke2_debug: false
 
 # The value for the node-name configuration item
 rke2_node_name: "{{ inventory_hostname }}"
+
+# default pod network range for rke2
+rke2_cluster_cidr:
+  - 10.42.0.0/16
+
+# default service network range for rke2
+rke2_service_cidr:
+  - 10.43.0.0/16
+
+# Enable SELinux for rke2
+rke2_selinux: false

molecule/cluster/converge.yml

@@ -4,7 +4,7 @@
   become: yes
   vars:
     rke2_version: v1.22.12+rke2r1
-    rke2_snapshooter: native
+    rke2_snapshotter: native
     rke2_server_node_taints:
       - 'CriticalAddonsOnly=true:NoExecute'
   roles:

molecule/cluster/prepare.yml

@@ -3,10 +3,16 @@
   hosts: node*
   become: true
   tasks:
-    - name: Install packages
+    - name: Install wget for Ubuntu
       ansible.builtin.package:
         update_cache: true
-        name: "{{ item }}"
-      loop:
-        - wget
-        - curl
+        name:
+          - wget
+      when: ansible_distribution == "Ubuntu"
+
+    - name: Install iproute for RockyLinux
+      ansible.builtin.package:
+        update_cache: true
+        name:
+          - iproute
+      when: ansible_distribution == "Rocky"

molecule/default/converge.yml

@@ -4,6 +4,6 @@
   become: yes
   vars:
     rke2_version: v1.27.1+rke2r1
-    rke2_snapshooter: native
+    rke2_snapshotter: native
   roles:
     - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"

molecule/default/prepare.yml

@@ -3,14 +3,14 @@
   hosts: node*
   become: true
   tasks:
-    - name: Install packages
+    - name: Install wget for Ubuntu
       ansible.builtin.package:
         update_cache: true
         name:
           - wget
-          - curl
+      when: ansible_distribution == "Ubuntu"
 
-    - name: Install special packages for RockyLinux
+    - name: Install iproute for RockyLinux
       ansible.builtin.package:
         update_cache: true
         name:

molecule/ha_cluster/converge.yml

@@ -6,7 +6,7 @@
     rke2_version: v1.22.12+rke2r1
     rke2_ha_mode: true
     rke2_api_ip: 192.168.123.100
-    rke2_snapshooter: native
+    rke2_snapshotter: native
     rke2_server_node_taints:
       - 'CriticalAddonsOnly=true:NoExecute'
   roles: