15308555518/ kubekey
1
0
Fork 0
mirror of https://github.com/kubesphere/kubekey.git synced 2025-12-25 17:12:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: use empty func in template syntax (#2610) 

Signed-off-by: joyceliu <joyceliu@yunify.com>
This commit is contained in:
liujian 2025-06-11 17:37:46 +08:00 committed by GitHub
parent cfb83de1db
commit e43cf2a5de
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
40 changed files with 122 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
builtin/capkk/roles/precheck/env_check/tasks/network.yaml
View File

@ -1,13 +1,13 @@
---
- name: Should found network interface
command: |
{{- if and .internal_ipv4 (.internal_ipv4 | ne "") }}
{{- if .internal_ipv4 | empty | not }}
if [ ! ip -o addr show | grep -q {{ .internal_ipv4 }} ]; then
echo "No ipv4 network interface found"
exit 1
fi
{{- end }}
{{- if and .internal_ipv6 (.internal_ipv6 | ne "") }}
{{- if .internal_ipv6 | empty | not }}
if [ ! ip -o addr show | grep -q {{ .internal_ipv6 }} ]; then
echo "No ipv6 network interface found"
exit 1
@ -18,20 +18,20 @@
- name: Stop if cidr is not valid
block:
- name: Stop if pod cidr is not valid
when: and .kubernetes.networking.pod_cidr (.kubernetes.networking.pod_cidr | ne "")
when: .kubernetes.networking.pod_cidr | empty | not
assert:
that: .kubernetes.networking.pod_cidr | splitList "," | len | ge 2
fail_msg: >-
"kubernetes.networking.pod_cidr" should be ipv4_cidr/ipv6_cidr or ipv4_cidr,ipv6_cidr
- name: Stop if service cidr is not valid
when: and .kubernetes.networking.service_cidr (.kubernetes.networking.service_cidr | ne "")
when: .kubernetes.networking.service_cidr | empty | not
assert:
that: .kubernetes.networking.service_cidr | splitList "," | len | ge 2
fail_msg: >-
"kubernetes.networking.service_cidr" should be ipv4_cidr/ipv6_cidr or ipv4_cidr,ipv6_cidr
- name: Stop if pod networking is not support dual-stack
when:
- and .kubernetes.networking.pod_cidr (.kubernetes.networking.pod_cidr | ne "")
- .kubernetes.networking.pod_cidr | empty | not
- .kubernetes.networking.pod_cidr | splitList "," | len | eq 2
assert:
that:
@ -42,7 +42,7 @@
Kubernetes introduced support for pod dual-stack networking starting from version v1.20.0.
- name: Stop if service networking is not support dual-stack
when:
- and .kubernetes.networking.service_cidr (.kubernetes.networking.service_cidr | ne "")
- .kubernetes.networking.service_cidr | empty | not
- .kubernetes.networking.service_cidr | splitList "," | len | eq 2
assert:
that:
@ -57,7 +57,7 @@
that: .cluster_require.require_network_plugin | has .kubernetes.kube_network_plugin
fail_msg: >-
kube_network_plugin:"{{ .kubernetes.kube_network_plugin }}" is not supported
when: and .kubernetes.kube_network_plugin (ne .kubernetes.kube_network_plugin "")
when: .kubernetes.kube_network_plugin | empty | not
# This assertion will fail on the safe side: One can indeed schedule more pods
# on a node than the CIDR-range has space for when additional pods use the host

8
builtin/core/playbooks/add_nodes.yaml
View File

@ -83,14 +83,14 @@
- k8s_cluster
roles:
- role: install/cri
when: or (.add_nodes | default list | len | eq 0) (.add_nodes | default list | has .inventory_hostname)
when: or (.add_nodes | default list | empty) (.add_nodes | default list | has .inventory_hostname)
- role: kubernetes/pre-kubernetes
when: or (.add_nodes | default list | len | eq 0) (.add_nodes | default list | has .inventory_hostname)
when: or (.add_nodes | default list | empty) (.add_nodes | default list | has .inventory_hostname)
- role: kubernetes/join-kubernetes
when: or (.add_nodes | default list | len | eq 0) (.add_nodes | default list | has .inventory_hostname)
when: or (.add_nodes | default list | empty) (.add_nodes | default list | has .inventory_hostname)
- role: kubernetes/certs
when:
- or (.add_nodes | default list | len | eq 0) (.add_nodes | default list | has .inventory_hostname)
- or (.add_nodes | default list | empty) (.add_nodes | default list | has .inventory_hostname)
- .groups.kube_control_plane | default list | has .inventory_hostname
- .kubernetes.renew_certs.enabled

4
builtin/core/playbooks/certs_renew.yaml
View File

@ -25,13 +25,13 @@
tags: ["certs"]
roles:
- role: certs/renew-registry
when: and (.groups.image_registry | default list | len | lt 0) .renew_image_registry
when: and (.groups.image_registry | default list | empty | not) .renew_image_registry
- hosts:
- kube_control_plane
tags: ["certs"]
roles:
- role: certs/renew-kubernetes
when: and (.groups.kube_control_plane | default list | len | lt 0) .renew_kubernetes
when: and (.groups.kube_control_plane | default list | empty | not) .renew_kubernetes
- import_playbook: hook/post_install.yaml

2
builtin/core/playbooks/create_cluster.yaml
View File

@ -13,7 +13,7 @@
- localhost
roles:
- role: precheck/artifact_check
when: and .artifact.artifact_file (ne .artifact.artifact_file "")
when: .artifact.artifact_file | empty | not
- hosts:
- k8s_cluster
- etcd

4
builtin/core/playbooks/delete_cluster.yaml
View File

@ -12,7 +12,9 @@
roles:
- uninstall/kubernetes
- role: uninstall/cri
when: .deleteCRI
when:
- .deleteCRI
- .groups.image_registry | default list | has .inventory_hostname | not
post_tasks:
- name: delete localDNS file
ignore_errors: true

2
builtin/core/playbooks/hook/post_install.yaml
View File

@ -14,7 +14,7 @@
register: execute_result
- name: Execute post install scripts
when: .execute_result.stderr | eq ""
when: .execute_result.stderr | empty
command: |
for file in /etc/kubekey/scripts/post_install_*.sh; do
if [ -f $file ]; then

2
builtin/core/playbooks/precheck.yaml
View File

@ -5,7 +5,7 @@
- localhost
roles:
- role: precheck/artifact_check
when: and .artifact.artifact_file (ne .artifact.artifact_file "")
when: .artifact.artifact_file | empty | not
- hosts:
- k8s_cluster

13
builtin/core/playbooks/vars/create_cluster.yaml
View File

@ -2,32 +2,25 @@
global_registry: ""
# dockerio_registry for docker.io image.
dockerio_registry: >-
{{- if ne .global_registry "" -}}
{{- if .global_registry | empty | not -}}
{{ .global_registry }}
{{- else -}}
docker.io
{{- end -}}
# quayio_registry for quay.io image.
quayio_registry: >-
{{- if ne .global_registry "" -}}
{{- if .global_registry | empty | not -}}
{{ .global_registry }}
{{- else -}}
quay.io
{{- end -}}
# ghcrio_registry for ghcr.io image.
ghcrio_registry: >-
{{- if ne .global_registry "" -}}
{{- if .global_registry | empty | not -}}
{{ .global_registry }}
{{- else -}}
ghcr.io
{{- end -}}
# k8s_registry for registry.k8s.io image.
k8s_registry: >-
{{- if ne .global_registry "" -}}
{{ .global_registry }}
{{- else -}}
registry.k8s.io
{{- end -}}
security_enhancement: false

3
builtin/core/roles/certs/renew-kubernetes/tasks/main.yaml
View File

@ -5,7 +5,8 @@
- include_tasks: etcd.yaml
tags: ["certs"]
when:
- and (.kubernetes.etcd.deployment_type | eq "external") (.groups.etcd | default list | len | lt 0)
- .kubernetes.etcd.deployment_type | eq "external"
- .groups.etcd | default list | empty | not
- .renew_etcd
- name: Reload kubernetes pods

28
builtin/core/roles/init/init-artifact/tasks/download_binary.yaml
View File

@ -15,7 +15,7 @@
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.etcd .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: and .etcd_version (ne .etcd_version "")
when: .etcd_version | empty | not
- name: Check binaries for kube
tags: ["kube"]
@ -52,7 +52,7 @@
curl -L -o $kube_path/kubectl {{ get .artifact.artifact_url.kubectl .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: and .kube_version (ne .kube_version "")
when: .kube_version | empty | not
- name: Check binaries for cni
tags: ["cni"]
@ -70,7 +70,7 @@
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.cni_plugins .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: and .cni_plugins_version (ne .cni_plugins_version "")
when: .cni_plugins_version | empty | not
- name: Check binaries for helm
tags: ["helm"]
@ -88,7 +88,7 @@
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.helm .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: and .helm_version (ne .helm_version "")
when: .helm_version | empty | not
- name: Check binaries for crictl
tags: ["crictl"]
@ -106,7 +106,7 @@
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.crictl .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: and .crictl_version (ne .crictl_version "")
when: .crictl_version | empty | not
- name: Check binaries for docker
tags: ["docker"]
@ -124,7 +124,7 @@
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.docker .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: and .docker_version (ne .docker_version "")
when: .docker_version | empty | not
- name: Check binaries for cridockerd
tags: ["cridockerd"]
@ -142,7 +142,7 @@
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.cridockerd .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: and .cridockerd_version (ne .docker_version "")
when: .cridockerd_version | empty | not
- name: Check binaries for containerd
tags: ["containerd"]
@ -160,7 +160,7 @@
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.containerd .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: and .containerd_version (ne .containerd_version "")
when: .containerd_version | empty | not
- name: Check binaries for runc
tags: ["runc"]
@ -178,7 +178,7 @@
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.runc .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: and .runc_version (ne .runc_version "")
when: .runc_version | empty | not
- name: Check binaries for calicoctl
tags: ["calicoctl"]
@ -196,7 +196,7 @@
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.calicoctl .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: and .calico_version (ne .calico_version "")
when: .calico_version | empty | not
- name: Check binaries for registry
tags: ["registry"]
@ -214,7 +214,7 @@
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.registry .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: and .registry_version (ne .registry_version "")
when: .registry_version | empty | not
- name: Check binaries for docker-compose
tags: ["docker-compose"]
@ -227,7 +227,7 @@
curl -L -o $compose_path/$compose_name {{ get .artifact.artifact_url.dockercompose .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: and .dockercompose_version (ne .dockercompose_version "")
when: .dockercompose_version | empty | not
- name: Check binaries for harbor
tags: ["harbor"]
@ -245,7 +245,7 @@
curl -L -o $harbor_path/$harbor_name {{ get .artifact.artifact_url.harbor .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: and .harbor_version (ne .harbor_version "")
when: .harbor_version | empty | not
- name: Check binaries for keepalived
tags: ["keepalived"]
@ -263,4 +263,4 @@
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.keepalived .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: and .keepalived_version (ne .keepalived_version "")
when: .keepalived_version | empty | not

12
builtin/core/roles/init/init-artifact/tasks/download_helm.yaml
View File

@ -8,7 +8,7 @@
# download online
curl -Lo $artifact_path/$artifact_name {{ .artifact.artifact_url.calico }}
fi
when: and .calico_version (ne .calico_version "")
when: .calico_version | empty | not
- name: Check binaries for cilium
command: |
@ -19,7 +19,7 @@
# download online
curl -Lo $artifact_path/$artifact_name {{ .artifact.artifact_url.cilium }}
fi
when: and .cilium_version (ne .cilium_version "")
when: .cilium_version | empty | not
- name: Check binaries for flannel
command: |
@ -30,7 +30,7 @@
# download online
curl -Lo $artifact_path/$artifact_name {{ .artifact.artifact_url.flannel }}
fi
when: and .flannel_version (ne .flannel_version "")
when: .flannel_version | empty | not
- name: Check binaries for kubeovn
tags: ["kubeovn"]
@ -42,7 +42,7 @@
# download online
curl -Lo $artifact_path/$artifact_name {{ .artifact.artifact_url.kubeovn }}
fi
when: and .kubeovn_version (ne .kubeovn_version "")
when: .kubeovn_version | empty | not
- name: Check binaries for hybridnet
tags: ["hybridnet"]
@ -54,7 +54,7 @@
# download online
curl -Lo $artifact_path/$artifact_name {{ .artifact.artifact_url.hybridnet }}
fi
when: and .hybridnet_version (ne .hybridnet_version "")
when: .hybridnet_version | empty | not
- name: Check binaries for nfs_provisioner
tags: ["nfs_provisioner"]
@ -66,4 +66,4 @@
# download online
curl -Lo $artifact_path/$artifact_name {{ .artifact.artifact_url.nfs_provisioner }}
fi
when: and .nfs_provisioner_version (ne .nfs_provisioner_version "")
when: .nfs_provisioner_version | empty | not

6
builtin/core/roles/init/init-artifact/tasks/main.yaml
View File

@ -6,9 +6,10 @@
mkdir -p {{ .binary_dir }}
tar -zxvf {{ .artifact_file }} -C {{ .binary_dir }}
fi
when: and .artifact_file (ne .artifact_file "")
when: .artifact_file | empty | not
- name: Download binaries
when: .artifact_file | empty
block:
# the binaries which download binary
- include_tasks: download_binary.yaml
@ -21,7 +22,8 @@
images_dir: >-
{{ .binary_dir }}/images/
manifests: "{{ .image_manifests | toJson }}"
when: .image_manifests | default list | len | lt 0
when:
- .image_manifests | default list | empty | not
- name: Chown work_dir to sudo
tags: ["always"]

4
builtin/core/roles/init/init-cert/tasks/main.yaml
View File

@ -35,7 +35,7 @@
{{ .binary_dir }}/pki/etcd.key
out_cert: >-
{{ .binary_dir }}/pki/etcd.crt
when: .groups.etcd | default list | len | lt 0
when: .groups.etcd | default list | empty | not
- name: Generate registry image cert file
gen_cert:
@ -63,7 +63,7 @@
{{ .binary_dir }}/pki/image_registry.key
out_cert: >-
{{ .binary_dir }}/pki/image_registry.crt
when: and .groups.image_registry (.groups.image_registry | default list | len | lt 0)
when: .groups.image_registry | default list | empty | not
- name: Chown pki to sudo
block:

16
builtin/core/roles/init/init-os/tasks/init_localdns.yaml
View File

@ -12,37 +12,37 @@
{{- $hostname := index $.hostvars . "hostname" -}}
{{- $clusterName := $.kubernetes.cluster_name | default "kubekey" -}}
{{- $dnsDomain := $.kubernetes.networking.dns_domain | default "cluster.local" -}}
{{- if and (index $.hostvars . "internal_ipv4") (ne (index $.hostvars . "internal_ipv4") "") }}
{{- if (index $.hostvars . "internal_ipv4") | empty | not }}
{{ index $.hostvars . "internal_ipv4" }} {{ $hostname }} {{ printf "%s.%s" $hostname $clusterName }} {{ printf "%s.%s.%s" $hostname $clusterName $dnsDomain }}
{{- end }}
{{- if and (index $.hostvars . "internal_ipv6") (ne (index $.hostvars . "internal_ipv6") "") }}
{{- if (index $.hostvars . "internal_ipv6") | empty | not }}
{{ index $.hostvars . "internal_ipv6" }} {{ $hostname }} {{ printf "%s.%s" $hostname $clusterName }} {{ printf "%s.%s.%s" $hostname $clusterName $dnsDomain }}
{{- end }}
{{- end }}
# etcd hosts
{{- range .groups.etcd | default list }}
{{- if and (index $.hostvars . "internal_ipv4") (ne (index $.hostvars . "internal_ipv4") "") }}
{{- if (index $.hostvars . "internal_ipv4") | empty | not }}
{{ index $.hostvars . "internal_ipv4" }} {{ index $.hostvars . "hostname" }}
{{- end }}
{{- if and (index $.hostvars . "internal_ipv6") (ne (index $.hostvars . "internal_ipv6") "") }}
{{- if (index $.hostvars . "internal_ipv6") | empty | not }}
{{ index $.hostvars . "internal_ipv6" }} {{ index $.hostvars . "hostname" }}
{{- end }}
{{- end }}
# image registry hosts
{{- range .groups.image_registry | default list }}
{{- if and (index $.hostvars . "internal_ipv4") (ne (index $.hostvars . "internal_ipv4") "") }}
{{- if (index $.hostvars . "internal_ipv4") | empty | not }}
{{ index $.hostvars . "internal_ipv4" }} {{ index $.hostvars . "hostname" }}
{{- end }}
{{- if and (index $.hostvars . "internal_ipv6") (ne (index $.hostvars . "internal_ipv6") "") }}
{{- if (index $.hostvars . "internal_ipv6") | empty | not }}
{{ index $.hostvars . "internal_ipv6" }} {{ index $.hostvars . "hostname" }}
{{- end }}
{{- end }}
# nfs hosts
{{- range .groups.nfs | default list }}
{{- if and (index $.hostvars . "internal_ipv4") (ne (index $.hostvars . "internal_ipv4") "") }}
{{- if (index $.hostvars . "internal_ipv4") | empty | not }}
{{ index $.hostvars . "internal_ipv4" }} {{ index $.hostvars . "hostname" }}
{{- end }}
{{- if and (index $.hostvars . "internal_ipv6") (ne (index $.hostvars . "internal_ipv6") "") }}
{{- if (index $.hostvars . "internal_ipv6") | empty | not }}
{{ index $.hostvars . "internal_ipv4" }} {{ index $.hostvars . "hostname" }}
{{- end }}
{{- end }}

14
builtin/core/roles/init/init-os/tasks/init_ntpserver.yaml
View File

@ -22,25 +22,25 @@
{{- end }}
{{- end }}
# add ntp server: {{ $server }}
{{- if $internalIPv4 }}
{{- if $internalIPv4 | empty | not }}
grep -q '^server {{ $internalIPv4 }} iburst' $chronyConfigFile || sed '1a server {{ $internalIPv4 }} iburst' -i $chronyConfigFile
{{- end }}
{{- if $internalIPv6 }}
{{- if $internalIPv6 | empty | not }}
grep -q '^server {{ $internalIPv6 }} iburst' $chronyConfigFile || sed '1a server [{{ $internalIPv6 }}] iburst' -i $chronyConfigFile
{{- end }}
{{- if and (eq $internalIPv4 "") (eq $internalIPv6 "") }}
{{- if and ($internalIPv4 | empty) ($internalIPv6 | empty) }}
grep -q '^server {{ $server }} iburst' $chronyConfigFile || sed '1a server {{ $server }} iburst' -i $chronyConfigFile
{{- end }}
{{- end }}
when:
- .ntp.enabled
- .ntp.servers | len | lt 0
- .ntp.servers | empty | not
- name: Set timezone
command: |
timedatectl set-timezone {{ .timezone }}
timedatectl set-ntp {{ and .ntp.enabled (.ntp.servers | len | lt 0) }}
when: or (and .ntp.enabled (.ntp.servers | len | lt 0)) (.timezone | ne "")
timedatectl set-ntp {{ and .ntp.enabled (.ntp.servers | empty | not) }}
when: or (and .ntp.enabled (.ntp.servers | empty | not)) (.timezone | empty | not)
- name: Restart ntp server
command: |
@ -48,4 +48,4 @@
systemctl restart chrony.service
{{- end }}
systemctl restart chronyd.service
when: or (and .ntp.enabled (.ntp.servers | len | lt 0)) (.timezone | ne "")
when: or (and .ntp.enabled (.ntp.servers | empty | not)) (.timezone | empty | not)

12
builtin/core/roles/init/init-os/templates/init-os.sh
View File

@ -47,7 +47,7 @@ echo 'fs.aio-max-nr = 262144' >> /etc/sysctl.conf
echo 'kernel.pid_max = 65535' >> /etc/sysctl.conf
echo 'kernel.watchdog_thresh = 5' >> /etc/sysctl.conf
echo 'kernel.hung_task_timeout_secs = 5' >> /etc/sysctl.conf
{{- if and .internal_ipv4 (.internal_ipv4 | ne "") }}
{{- if .internal_ipv4 | empty | not }}
# add for ipv4
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
@ -68,7 +68,7 @@ echo 'net.ipv4.conf.default.arp_accept = 1' >> /etc/sysctl.conf
echo 'net.ipv4.conf.all.arp_ignore = 1' >> /etc/sysctl.conf
echo 'net.ipv4.conf.default.arp_ignore = 1' >> /etc/sysctl.conf
{{- end }}
{{- if and .internal_ipv6 (.internal_ipv6 | ne "") }}
{{- if .internal_ipv6 | empty | not }}
# add for ipv6
echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf
echo 'net.ipv6.conf.all.disable_ipv6 = 0' >> /etc/sysctl.conf
@ -98,7 +98,7 @@ sed -r -i "s@#{0,}?net.core.somaxconn ?= ?([0-9]{1,})@net.core.somaxconn = 3276
sed -r -i "s@#{0,}?fs.aio-max-nr ?= ?([0-9]{1,})@fs.aio-max-nr = 262144@g" /etc/sysctl.conf
sed -r -i "s@#{0,}?kernel.watchdog_thresh ?= ?([0-9]{1,})@kernel.watchdog_thresh = 5@g" /etc/sysctl.conf
sed -r -i "s@#{0,}?kernel.hung_task_timeout_secs ?= ?([0-9]{1,})@kernel.hung_task_timeout_secs = 5@g" /etc/sysctl.conf
{{- if and .internal_ipv4 (.internal_ipv4 | ne "") }}
{{- if .internal_ipv4 | empty | not }}
sed -r -i "s@#{0,}?net.ipv4.tcp_tw_recycle ?= ?(0|1|2)@net.ipv4.tcp_tw_recycle = 0@g" /etc/sysctl.conf
sed -r -i "s@#{0,}?net.ipv4.tcp_tw_reuse ?= ?(0|1)@net.ipv4.tcp_tw_reuse = 0@g" /etc/sysctl.conf
sed -r -i "s@#{0,}?net.ipv4.conf.all.rp_filter ?= ?(0|1|2)@net.ipv4.conf.all.rp_filter = 1@g" /etc/sysctl.conf
@ -119,7 +119,7 @@ sed -r -i "s@#{0,}?net.ipv4.udp_wmem_min ?= ?([0-9]{1,})@net.ipv4.udp_wmem_min
sed -r -i "s@#{0,}?net.ipv4.conf.all.arp_ignore ?= ??(0|1|2)@net.ipv4.conf.all.arp_ignore = 1@g" /etc/sysctl.conf
sed -r -i "s@#{0,}?net.ipv4.conf.default.arp_ignore ?= ??(0|1|2)@net.ipv4.conf.default.arp_ignore = 1@g" /etc/sysctl.conf
{{- end }}
{{- if and .internal_ipv6 (.internal_ipv6 | ne "") }}
{{- if .internal_ipv6 | empty | not }}
#add for ipv6
sed -r -i "s@#{0,}?net.bridge.bridge-nf-call-ip6tables ?= ?(0|1)@net.bridge.bridge-nf-call-ip6tables = 1@g" /etc/sysctl.conf
sed -r -i "s@#{0,}?net.ipv6.conf.all.disable_ipv6 ?= ?([0-9]{1,})@net.ipv6.conf.all.disable_ipv6 = 0@g" /etc/sysctl.conf
@ -205,10 +205,10 @@ sync
echo 3 > /proc/sys/vm/drop_caches
# Make sure the iptables utility doesn't use the nftables backend.
{{- if and .internal_ipv4 (.internal_ipv4 | ne "") }}
{{- if .internal_ipv4 | empty | not }}
update-alternatives --set iptables /usr/sbin/iptables-legacy >/dev/null 2>&1 || true
{{- end }}
{{- if and .internal_ipv6 (.internal_ipv6 | ne "") }}
{{- if .internal_ipv6 | empty | not }}
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy >/dev/null 2>&1 || true
{{- end }}
update-alternatives --set arptables /usr/sbin/arptables-legacy >/dev/null 2>&1 || true

2
builtin/core/roles/install/cni/tasks/calico.yaml
View File

@ -5,7 +5,7 @@
register: calicoctl_install_version
register_type: yaml
- name: Install calicoctl
when: .calicoctl_install_version.stderr | ne ""
when: .calicoctl_install_version.stderr | empty | not
block:
- name: Sync calicoctl to remote
copy:

2
builtin/core/roles/install/cni/tasks/cilium.yaml
View File

@ -1,6 +1,6 @@
---
- name: Sync cilium cli package
when: and .ciliumcli_version (ne .ciliumcli_version "")
when: .ciliumcli_version | empty | not
copy:
src: >-
{{ .binary_dir }}/cni/cilium/ciliumcli-{{ .ciliumcli_version }}/{{ .item }}

6
builtin/core/roles/install/cri/tasks/install_containerd.yaml
View File

@ -4,7 +4,7 @@
command: runc --version
register: runc_install_version
- name: Sync runc binary to remote
when: or (.runc_install_version.stderr | ne "") (.runc_install_version.stdout | contains (printf "runc version %s\n" (.runc_version | default "" | trimPrefix "v" )) | not)
when: or (.runc_install_version.stderr | empty | not) (.runc_install_version.stdout | contains (printf "runc version %s\n" (.runc_version | default "" | trimPrefix "v" )) | not)
copy:
src: >-
{{ .binary_dir }}/runc/{{ .runc_version }}/{{ .binary_type.stdout }}/runc.{{ .binary_type.stdout }}
@ -16,7 +16,7 @@
command: containerd --version
register: containerd_install_version
- name: Install containerd
when: or (.containerd_install_version.stderr | ne "") (.containerd_install_version.stdout | contains (printf " %s " .containerd_version) | not)
when: or (.containerd_install_version.stderr | empty | not) (.containerd_install_version.stdout | contains (printf " %s " .containerd_version) | not)
block:
- name: Sync containerd binary to remote
copy:
@ -40,7 +40,7 @@
systemctl daemon-reload && systemctl start containerd.service && systemctl enable containerd.service
- name: Sync image registry tls to remote
when: .groups.image_registry | default list | len | lt 0
when: .groups.image_registry | default list | empty | not
block:
- name: Sync image registry cert file to remote
copy:

2
builtin/core/roles/install/cri/tasks/install_crictl.yaml
View File

@ -5,7 +5,7 @@
register: crictl_install_version
- name: Install crictl
when: or (.crictl_install_version.stderr | ne "") (.crictl_install_version.stdout | ne (printf "crictl version %s" .crictl_version))
when: or (.crictl_install_version.stderr | empty | not) (.crictl_install_version.stdout | ne (printf "crictl version %s" .crictl_version))
block:
- name: Sync crictl binary to remote
copy:

2
builtin/core/roles/install/cri/tasks/install_cridockerd.yaml
View File

@ -5,7 +5,7 @@
register: cridockerd_install_version
- name: Install cri-dockerd
when: or (.cridockerd_install_version.stderr | ne "") (.cridockerd_install_version.stdout | hasPrefix (printf "cri-dockerd %s " .cridockerd_version) | not)
when: or (.cridockerd_install_version.stderr | empty | not) (.cridockerd_install_version.stdout | hasPrefix (printf "cri-dockerd %s " .cridockerd_version) | not)
block:
- name: Sync cri-dockerd Binary to remote
copy:

4
builtin/core/roles/install/cri/tasks/install_docker.yaml
View File

@ -5,7 +5,7 @@
register: docker_install_version
- name: Install docker
when: or (.docker_install_version.stderr | ne "") (.docker_install_version.stdout | hasPrefix (printf "Docker version %s," .docker_version) | not)
when: or (.docker_install_version.stderr | empty | not) (.docker_install_version.stdout | hasPrefix (printf "Docker version %s," .docker_version) | not)
block:
- name: Sync docker binary to remote
copy:
@ -34,7 +34,7 @@
systemctl daemon-reload && systemctl start docker.service && systemctl enable docker.service
- name: Sync image registry tls to remote
when: .groups.image_registry | default list | len | lt 0
when: .groups.image_registry | default list | empty | not
block:
- name: Sync image registry cert file to remote
copy:

2
builtin/core/roles/install/etcd/tasks/main.yaml
View File

@ -1,6 +1,6 @@
---
- name: Install etcd
when: .etcd_install_version.stderr | ne ""
when: .etcd_install_version.stderr | empty | not
block:
- name: Init etcd
block:

4
builtin/core/roles/install/etcd/templates/backup.sh
View File

@ -5,9 +5,9 @@ set -o nounset
set -o pipefail
ETCDCTL_PATH='/usr/local/bin/etcdctl'
{{- if and .internal_ipv4 (ne .internal_ipv4 "") }}
{{- if .internal_ipv4 | empty | not }}
ENDPOINTS='https://{{ .internal_ipv4 }}:2379'
{{- else if and .internal_ipv6 (ne .internal_ipv6 "") }}
{{- else if .internal_ipv6 | empty | not }}
ENDPOINTS='https://{{ .internal_ipv6 }}:2379'
{{- end }}
ETCD_DATA_DIR="{{ .etcd.env.data_dir }}"

8
builtin/core/roles/install/etcd/templates/etcd.env
View File

@ -1,12 +1,12 @@
ETCD_DATA_DIR={{ .etcd.env.data_dir }}
ETCD_INITIAL_CLUSTER_STATE={{ .etcd.state }}
ETCD_INITIAL_CLUSTER_TOKEN={{ .etcd.env.token }}
{{- if and .internal_ipv4 (ne .internal_ipv4 "") }}
{{- if .internal_ipv4 | empty | not }}
ETCD_ADVERTISE_CLIENT_URLS={{ printf "https://%s:2379" .internal_ipv4 }}
ETCD_INITIAL_ADVERTISE_PEER_URLS={{ printf "https://%s:2380" .internal_ipv4 }}
ETCD_LISTEN_CLIENT_URLS={{ printf "https://%s:2379" .internal_ipv4 }},https://127.0.0.1:2379
ETCD_LISTEN_PEER_URLS={{ printf "https://%s:2380" .internal_ipv4 }}
{{- else if and .internal_ipv6 (ne .internal_ipv6 "") }}
{{- else if .internal_ipv6 | empty | not }}
ETCD_ADVERTISE_CLIENT_URLS={{ printf "https://%s:2379" .internal_ipv6 }}
ETCD_INITIAL_ADVERTISE_PEER_URLS={{ printf "https://%s:2380" .internal_ipv6 }}
ETCD_LISTEN_CLIENT_URLS={{ printf "https://%s:2379" .internal_ipv6 }},https://::1:2379
@ -20,9 +20,9 @@ ETCD_ENABLE_V2=true
{{- range .groups.etcd | default list }}
{{- $internalIPv4 := index $.hostvars . "internal_ipv4" | default "" }}
{{- $internalIPv6 := index $.hostvars . "internal_ipv6" | default "" }}
{{- if ne $internalIPv4 "" }}
{{- if $internalIPv4 | empty | not }}
{{- $ips = append $ips (printf "%s=https://%s:2380" (index $.hostvars . "hostname") $internalIPv4) }}
{{- else if ne $internalIPv6 "" }}
{{- else if $internalIPv6 | empty | not }}
{{- $ips = append $ips (printf "%s=https://%s:2380" (index $.hostvars . "hostname") $internalIPv6) }}
{{- end }}
{{- end }}

2
builtin/core/roles/install/image-registry/tasks/install_docker_compose.yaml
View File

@ -5,7 +5,7 @@
register: dockercompose_install_version
- name: Sync docker-compose to remote
when: or (.dockercompose_install_version.stderr | ne "") (.dockercompose_install_version.stdout | ne (printf "Docker Compose version %s" .dockercompose_version))
when: or (.dockercompose_install_version.stderr | empty | not) (.dockercompose_install_version.stdout | ne (printf "Docker Compose version %s" .dockercompose_version))
copy:
src: >-
{{ .binary_dir }}/image-registry/docker-compose/{{ .dockercompose_version }}/{{ .binary_type.stdout }}/docker-compose

4
builtin/core/roles/install/image-registry/tasks/install_harbor.yaml
View File

@ -36,8 +36,8 @@
dest: >-
/opt/harbor/{{ .harbor_version }}/harbor/docker-compose-keepalived.yml
when:
- and .image_registry.ha_vip (ne .image_registry.ha_vip "")
- .image_registry_service.stderr | ne ""
- .image_registry.ha_vip | empty | not
- .image_registry_service.stderr | empty | not
- name: Install harbor
command: |

6
builtin/core/roles/install/image-registry/tasks/install_registry.yaml
View File

@ -16,16 +16,16 @@
{{- if }}
{{- $internalIPv4 := index .hostvars (.groups.nfs | default list | first) "internal_ipv4" | default "" }}
{{- $internalIPv6 := index .hostvars (.groups.nfs | default list | first) "internal_ipv6" | default "" }}
{{- if ne $internalIPv4 "" }}
{{- if $internalIPv4 | empty | not }}
mount -t nfs {{ $internalIPv4 }}:{{ .image_registry.registry.storage.filesystem.nfs_mount }} {{ .image_registry.registry.storage.filesystem.rootdir }}
{{- else if ne $internalIPv6 "" }}
{{ $internalIPv6 }}
{{ $internalIPv6 | empty | not }}
mount -t nfs {{ $internalIPv6 }}:{{ .image_registry.registry.storage.filesystem.nfs_mount }} {{ .image_registry.registry.storage.filesystem.rootdir }}
{{- end }}
when:
- and .image_registry.registry.storage.filesystem.nfs_mount (ne .image_registry.registry.storage.filesystem.nfs_mount "")
- .groups.nfs | default list | len | eq 1
- .image_registry_service.stderr | ne ""
- .image_registry_service.stderr | empty | not
- name: Load registry image
command: |

2
builtin/core/roles/install/image-registry/tasks/main.yaml
View File

@ -4,7 +4,7 @@
- include_tasks: install_docker_compose.yaml
- include_tasks: install_keepalived.yaml
when: and .image_registry.ha_vip (ne .image_registry.ha_vip "")
when: .image_registry.ha_vip | empty | not
- name: Install harbor
when: .image_registry.type | eq "harbor"

8
builtin/core/roles/install/image-registry/templates/docker.config
View File

@ -3,16 +3,16 @@
"max-size": "5m",
"max-file":"3"
},
{{- if and .cri.docker.data_root (ne .cri.docker.data_root "") }}
{{- if .cri.docker.data_root | empty | not }}
"data-root": "{{ .cri.docker.data_root }}",
{{- end }}
{{- if and .cri.registry.mirrors (ne .cri.registry.mirrors "") }}
{{- if .cri.registry.mirrors | empty | not }}
"registry-mirrors": {{ .cri.registry.mirrors | toJson }},
{{- end }}
{{- if and .cri.registry.insecure_registries (ne .cri.registry.insecure_registries "") }}
{{- if .cri.registry.insecure_registries | empty | not }}
"insecure-registries": {{ .cri.registry.insecure_registries | toJson }},
{{- end }}
{{- if and .cri.docker.bridge_ip (ne .cri.docker.bridge_ip "") }}
{{- if .cri.docker.bridge_ip | empty | not }}
"bip": "{{ .cri.docker.bridge_ip }}",
{{- end }}
"exec-opts": ["native.cgroupdriver={{ .cri.cgroup_driver | default "systemd" }}"]

6
builtin/core/roles/install/image-registry/templates/registry.config
View File

@ -22,7 +22,7 @@ log:
# to:
# - errors@example.com
storage:
{{- if and .image_registry.registry.storage.filesystem.rootdirectory (ne .image_registry.registry.storage.filesystem.rootdirectory "") }}
{{- if .image_registry.registry.storage.filesystem.rootdirectory | empty | not }}
filesystem:
rootdirectory: {{ .image_registry.registry.storage.filesystem.rootdirectory }}
maxthreads: 100
@ -33,7 +33,7 @@ storage:
accountkey: {{ .image_registry.registry.storage.azure.accountkey }}
container: {{ .image_registry.registry.storage.azure.container }}
{{- end }}
{{- if .image_registry.registry.storage.gcs }}
{{- if .image_registry.registry.storage.gcs | empty | not }}
gcs:
bucket: {{ .image_registry.registry.storage.gcs.bucket }}
keyfile: {{ .image_registry.registry.storage.gcs.keyfile }}
@ -50,7 +50,7 @@ storage:
client_x509_cert_url: {{ .image_registry.registry.storage.gcs.credentials.client_x509_cert_url }}
rootdirectory: {{ .image_registry.registry.storage.gcs.rootdirectory }}
{{- end }}
{{- if .image_registry.registry.storage.s3 }}
{{- if .image_registry.registry.storage.s3 | empty | not }}
s3:
accesskey: {{ .image_registry.registry.storage.s3.accesskey }}
secretkey: {{ .image_registry.registry.storage.s3.secretkey }}

2
builtin/core/roles/install/image-registry/templates/registry.docker-compose
View File

@ -24,7 +24,7 @@ services:
- 443:5000
networks:
- registry
{{- if and .image_registry.ha_vip (ne .image_registry.ha_vip "") }}
{{- if .image_registry.ha_vip | empty | not }}
keepalived:
image: osixia/keepalived:{{ .keepalived_version }}
container_name: keepalived

2
builtin/core/roles/kubernetes/init-kubernetes/tasks/init_kubernetes.yaml
View File

@ -1,7 +1,7 @@
---
- name: Sync external etcd config
when:
- and (.kubernetes.etcd.deployment_type | eq "external") (.groups.etcd | default list | len | lt 0)
- and (.kubernetes.etcd.deployment_type | eq "external") (.groups.etcd | default list | empty | not)
- .groups.kube_control_plane | default list | has .inventory_hostname
block:
- name: Sync etcd ca file to remote

6
builtin/core/roles/kubernetes/init-kubernetes/templates/dns/coredns.yaml
View File

@ -56,7 +56,7 @@ data:
lameduck 5s
}
{{- if .kubernetes.zones | len | lt 0 }}
{{- if .kubernetes.zones | empty | not }}
kubernetes {{ .kubernetes.zones | join " " }} in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
@ -99,7 +99,7 @@ data:
}
{{- end }}
{{- if $.kubernetes.coredns.dns_etc_hosts | len | lt 0 }}
{{- if $.kubernetes.coredns.dns_etc_hosts | empty | not }}
hosts /etc/coredns/hosts {
fallthrough
}
@ -107,7 +107,7 @@ data:
}
{{- end }}
{{- if .kubernetes.coredns.dns_etc_hosts | len | lt 0 }}
{{- if .kubernetes.coredns.dns_etc_hosts | empty | not }}
hosts: |
{{- range .kubernetes.coredns.dns_etc_hosts }}
{{ . }}

10
builtin/core/roles/kubernetes/pre-kubernetes/tasks/install_binaries.yaml
View File

@ -4,7 +4,7 @@
command: helm version
register: helm_install_version
- name: Install helm
when: or (.helm_install_version.stderr | ne "") (.helm_install_version.stdout | contains (printf "Version:\"%s\"" .helm_version) | not)
when: or (.helm_install_version.stderr | empty | not) (.helm_install_version.stdout | contains (printf "Version:\"%s\"" .helm_version) | not)
block:
- name: Sync helm to remote
copy:
@ -21,7 +21,7 @@
command: kubeadm version -o short
register: kubeadm_install_version
- name: Install kubeadm
when: or (.kubeadm_install_version.stderr | ne "") (.kubeadm_install_version.stdout | ne .kube_version)
when: or (.kubeadm_install_version.stderr | empty | not) (.kubeadm_install_version.stdout | ne .kube_version)
copy:
src: >-
{{ .binary_dir }}/kube/{{ .kube_version }}/{{ .binary_type.stdout }}/kubeadm
@ -35,7 +35,7 @@
register_type: yaml
- name: Sync kubectl to remote
when: |
or (.kubectl_install_version.stderr | ne "") ((get .kubectl_install_version.stdout "Server Version") | ne .kube_version)
or (.kubectl_install_version.stderr | empty | not) ((get .kubectl_install_version.stdout "Server Version") | ne .kube_version)
copy:
src: >-
{{ .binary_dir }}/kube/{{ .kube_version }}/{{ .binary_type.stdout }}/kubectl
@ -47,7 +47,7 @@
command: kubelet --version
register: kubelet_install_version
- name: Install kubelet
when: or (.kubelet_install_version.stderr | ne "") (.kubelet_install_version.stdout | ne (printf "Kubernetes %s" .kube_version))
when: or (.kubelet_install_version.stderr | empty | not) (.kubelet_install_version.stdout | ne (printf "Kubernetes %s" .kube_version))
block:
- name: Sync kubelet to remote
copy:
@ -67,7 +67,7 @@
command: systemctl daemon-reload && systemctl enable kubelet.service
- name: Install cni plugins
when: and .cni_plugins_version (ne .cni_plugins_version "")
when: .cni_plugins_version | empty | not
block:
- name: Sync cni-plugin to remote
copy:

2
builtin/core/roles/precheck/artifact_check/tasks/main.yaml
View File

@ -18,4 +18,4 @@
exit 1
fi
when:
- and .artifact.artifact_md5 (ne .artifact.artifact_md5 "")
- .artifact.artifact_md5 | empty | not

4
builtin/core/roles/precheck/env_check/tasks/cri.yaml
View File

@ -5,7 +5,7 @@
fail_msg: >-
the container manager:{{ .cri.container_manager }}, must in "{{ .cluster_require.require_container_manager | toJson }}"
run_once: true
when: and .cri.container_manager (ne .cri.container_manager "")
when: .cri.container_manager | empty | not
- name: Ensure minimum containerd version
assert:
@ -14,5 +14,5 @@
containerd_version is too low. Minimum version {{ .cluster_require.containerd_min_version_required }}
run_once: true
when:
- and .containerd_version (ne .containerd_version "")
- .containerd_version | empty | not
- .cri.container_manager | eq "containerd"

4
builtin/core/roles/precheck/env_check/tasks/etcd.yaml
View File

@ -5,7 +5,7 @@
fail_msg: >-
the etcd deployment type, should be internal or external but got {{ .kubernetes.etcd.deployment_type }}
run_once: true
when: and .kubernetes.etcd.deployment_type (ne .kubernetes.etcd.deployment_type "")
when: .kubernetes.etcd.deployment_type | empty | not
- name: Stop if etcd group is empty in external etcd mode
assert:
@ -31,7 +31,7 @@
command: fio --version
register: fio_install_version
- name: Test dev io by fio
when: .fio_install_version.stderr | eq ""
when: .fio_install_version.stderr | empty
block:
- name: Get fio result
command: |

4
builtin/core/roles/precheck/env_check/tasks/kubernetes.yaml
View File

@ -1,6 +1,6 @@
- name: Should defined internal_ipv4 or internal_ipv6
assert:
that: or (and .internal_ipv4 (ne .internal_ipv4 "")) (and .internal_ipv6 (ne .internal_ipv6 ""))
that: or (.internal_ipv4 | empty | not) (.internal_ipv6 | empty | not)
fail_msg: >-
"internal_ipv4" and "internal_ipv6" cannot both be empty
@ -28,7 +28,7 @@
that: .kube_version | semverCompare (printf ">=%s" .cluster_require.kube_version_min_required)
fail_msg: >-
the current release of KubeKey only support newer version of Kubernetes than {{ .cluster_require.kube_version_min_required }} - You are trying to apply {{ .kube_version }}
when: and .kube_version (ne .kube_version "")
when: .kube_version | empty | not
- name: Check if kubernetes installed
when: .groups.k8s_cluster | default list | has .inventory_hostname

8
builtin/core/roles/precheck/env_check/tasks/network.yaml
View File

@ -1,13 +1,13 @@
---
- name: Should found network interface
command: |
{{- if and .internal_ipv4 (.internal_ipv4 | ne "") }}
{{- if .internal_ipv4 | empty | not }}
if [ ! ip -o addr show | grep -q {{ .internal_ipv4 }} ]; then
echo 'No ipv4 network interface found'
exit 1
fi
{{- end }}
{{- if and .internal_ipv6 (.internal_ipv6 | ne "") }}
{{- if .internal_ipv6 | empty | not }}
if [ ! ip -o addr show | grep -q {{ .internal_ipv6 }} ]; then
echo 'No ipv6 network interface found'
exit 1
@ -43,7 +43,7 @@
Kubernetes introduced support for pod dual-stack networking starting from version v1.20.0.
- name: Stop if service networking is not support dual-stack
when:
- and .kubernetes.networking.service_cidr (.kubernetes.networking.service_cidr | ne "")
- .kubernetes.networking.service_cidr | empty | not
- .kubernetes.networking.service_cidr | splitList "," | len | eq 2
assert:
that:
@ -59,7 +59,7 @@
that: .cluster_require.require_network_plugin | has .kubernetes.kube_network_plugin
fail_msg: >-
kube_network_plugin:"{{ .kubernetes.kube_network_plugin }}" is not supported
when: and .kubernetes.kube_network_plugin (ne .kubernetes.kube_network_plugin "")
when: .kubernetes.kube_network_plugin | empty | not
# This assertion will fail on the safe side: One can indeed schedule more pods
# on a node than the CIDR-range has space for when additional pods use the host