project: fix var-spacing ansible rule (#10266)

* project: fix var-spacing ansible rule

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing on the beginning/end of jinja template

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing of default filter

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing between filter arguments

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix double space at beginning/end of jinja

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix remaining jinja[spacing] ansible-lint warning

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

roles/kubernetes/client/tasks/main.yml

@@ -1,6 +1,7 @@
 ---
 - name: Set external kube-apiserver endpoint
   set_fact:
+    # noqa: jinja[spacing]
     external_apiserver_address: >-
       {%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.address is defined -%}
       {{ loadbalancer_apiserver.address }}
@@ -9,9 +10,10 @@
       {%- else -%}
       {{ kube_apiserver_access_address }}
       {%- endif -%}
+    # noqa: jinja[spacing]
     external_apiserver_port: >-
       {%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.address is defined and loadbalancer_apiserver.port is defined -%}
-      {{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
+      {{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
       {%- else -%}
       {{ kube_apiserver_port }}
       {%- endif -%}
@@ -69,9 +71,9 @@
     user_certs: "{{ admin_kubeconfig['users'][0]['user'] }}"
     username: "kubernetes-admin-{{ cluster_name }}"
     context: "kubernetes-admin-{{ cluster_name }}@{{ cluster_name }}"
-    override_cluster_name: "{{ { 'clusters': [ { 'cluster': (cluster_infos|combine({'server': 'https://'+external_apiserver_address+':'+(external_apiserver_port|string)})), 'name': cluster_name } ] } }}"
-    override_context: "{{ { 'contexts': [ { 'context': { 'user': username, 'cluster': cluster_name }, 'name': context } ], 'current-context': context } }}"
-    override_user: "{{ { 'users': [ { 'name': username, 'user': user_certs  } ] } }}"
+    override_cluster_name: "{{ {'clusters': [{'cluster': (cluster_infos | combine({'server': 'https://' + external_apiserver_address + ':' + (external_apiserver_port | string)})), 'name': cluster_name}]} }}"
+    override_context: "{{ {'contexts': [{'context': {'user': username, 'cluster': cluster_name}, 'name': context}], 'current-context': context} }}"
+    override_user: "{{ {'users': [{'name': username, 'user': user_certs}]} }}"
   when: kubeconfig_localhost
 
 - name: Write admin kubeconfig on ansible host

roles/kubernetes/control-plane/defaults/main/kube-proxy.yml

@@ -111,4 +111,4 @@ kube_proxy_oom_score_adj: -999
 
 # portRange is the range of host ports (beginPort-endPort, inclusive) that may be consumed
 # in order to proxy service traffic. If unspecified, 0, or (0-0) then ports will be randomly chosen.
-kube_proxy_port_range: ''
+kube_proxy_port_range: ''

roles/kubernetes/control-plane/defaults/main/main.yml

@@ -5,7 +5,7 @@ upgrade_cluster_setup: false
 # By default the external API listens on all interfaces, this can be changed to
 # listen on a specific address/interface.
 # NOTE: If you specific address/interface and use loadbalancer_apiserver_localhost
-# loadbalancer_apiserver_localhost (nginx/haproxy) will deploy on masters on 127.0.0.1:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }} too.
+# loadbalancer_apiserver_localhost (nginx/haproxy) will deploy on masters on 127.0.0.1:{{ loadbalancer_apiserver_port | default(kube_apiserver_port) }} too.
 kube_apiserver_bind_address: 0.0.0.0
 
 # A port range to reserve for services with NodePort visibility.
@@ -181,12 +181,12 @@ kube_encryption_resources: [secrets]
 
 # If non-empty, will use this string as identification instead of the actual hostname
 kube_override_hostname: >-
-  {%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%}
+  {%- if cloud_provider is defined and cloud_provider in ['aws'] -%}
   {%- else -%}
   {{ inventory_hostname }}
   {%- endif -%}
 
-secrets_encryption_query: "resources[*].providers[0].{{kube_encryption_algorithm}}.keys[0].secret"
+secrets_encryption_query: "resources[*].providers[0].{{ kube_encryption_algorithm }}.keys[0].secret"
 
 ## Support tls min version, Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
 # tls_min_version: ""

roles/kubernetes/control-plane/tasks/define-first-kube-control.yml

@@ -8,7 +8,7 @@
 
 - name: Set fact joined_control_panes
   set_fact:
-    joined_control_planes: "{{ ((kube_control_planes_raw.stdout| from_json)['items'])| default([]) | map (attribute='metadata') | map (attribute='name') | list }}"
+    joined_control_planes: "{{ ((kube_control_planes_raw.stdout | from_json)['items']) | default([]) | map(attribute='metadata') | map(attribute='name') | list }}"
   delegate_to: item
   loop: "{{ groups['kube_control_plane'] }}"
   when: kube_control_planes_raw is succeeded
@@ -16,4 +16,4 @@
 
 - name: Set fact first_kube_control_plane
   set_fact:
-    first_kube_control_plane: "{{ joined_control_planes|default([]) | first | default(groups['kube_control_plane']|first) }}"
+    first_kube_control_plane: "{{ joined_control_planes | default([]) | first | default(groups['kube_control_plane'] | first) }}"

roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml

@@ -1,6 +1,7 @@
 ---
 - name: Set kubeadm_discovery_address
   set_fact:
+    # noqa: jinja[spacing]
     kubeadm_discovery_address: >-
       {%- if "127.0.0.1" in kube_apiserver_endpoint or "localhost" in kube_apiserver_endpoint -%}
       {{ first_kube_control_plane_address }}:{{ kube_apiserver_port }}

roles/kubernetes/control-plane/tasks/kubeadm-setup.yml

@@ -52,26 +52,26 @@
     path: "{{ audit_policy_file | dirname }}"
     state: directory
     mode: 0640
-  when: kubernetes_audit|default(false) or kubernetes_audit_webhook|default(false)
+  when: kubernetes_audit | default(false) or kubernetes_audit_webhook | default(false)
 
 - name: Write api audit policy yaml
   template:
     src: apiserver-audit-policy.yaml.j2
     dest: "{{ audit_policy_file }}"
     mode: 0640
-  when: kubernetes_audit|default(false) or kubernetes_audit_webhook|default(false)
+  when: kubernetes_audit | default(false) or kubernetes_audit_webhook | default(false)
 
 - name: Write api audit webhook config yaml
   template:
     src: apiserver-audit-webhook-config.yaml.j2
     dest: "{{ audit_webhook_config_file }}"
     mode: 0640
-  when: kubernetes_audit_webhook|default(false)
+  when: kubernetes_audit_webhook | default(false)
 
 # Nginx LB(default), If kubeadm_config_api_fqdn is defined, use other LB by kubeadm controlPlaneEndpoint.
 - name: set kubeadm_config_api_fqdn define
   set_fact:
-    kubeadm_config_api_fqdn: "{{ apiserver_loadbalancer_domain_name|default('lb-apiserver.kubernetes.local') }}"
+    kubeadm_config_api_fqdn: "{{ apiserver_loadbalancer_domain_name | default('lb-apiserver.kubernetes.local') }}"
   when: loadbalancer_apiserver is defined
 
 - name: Set kubeadm api version to v1beta3
@@ -100,8 +100,8 @@
 
 - name: kubeadm | Push admission control config files
   template:
-    src: "{{ item|lower }}.yaml.j2"
-    dest: "{{ kube_config_dir }}/admission-controls/{{ item|lower }}.yaml"
+    src: "{{ item | lower }}.yaml.j2"
+    dest: "{{ kube_config_dir }}/admission-controls/{{ item | lower }}.yaml"
     mode: 0640
   when:
     - kube_apiserver_admission_control_config_file
@@ -123,8 +123,8 @@
       register: apiserver_sans_host_check
       changed_when: apiserver_sans_host_check.stdout is not search('does match certificate')
   vars:
-    apiserver_ips: "{{ apiserver_sans|map('ipaddr')|reject('equalto', False)|list }}"
-    apiserver_hosts: "{{ apiserver_sans|difference(apiserver_ips) }}"
+    apiserver_ips: "{{ apiserver_sans | map('ipaddr') | reject('equalto', False) | list }}"
+    apiserver_hosts: "{{ apiserver_sans | difference(apiserver_ips) }}"
   when:
     - kubeadm_already_run.stat.exists
     - not kube_external_ca_mode
@@ -186,7 +186,7 @@
 
 - name: set kubeadm certificate key
   set_fact:
-    kubeadm_certificate_key: "{{ item | regex_search('--certificate-key ([^ ]+)','\\1') | first }}"
+    kubeadm_certificate_key: "{{ item | regex_search('--certificate-key ([^ ]+)', '\\1') | first }}"
   with_items: "{{ hostvars[groups['kube_control_plane'][0]]['kubeadm_init'].stdout_lines | default([]) }}"
   when:
     - kubeadm_certificate_key is not defined

roles/kubernetes/control-plane/tasks/main.yml

@@ -8,14 +8,14 @@
     src: webhook-token-auth-config.yaml.j2
     dest: "{{ kube_config_dir }}/webhook-token-auth-config.yaml"
     mode: 0640
-  when: kube_webhook_token_auth|default(false)
+  when: kube_webhook_token_auth | default(false)
 
 - name: Create webhook authorization config
   template:
     src: webhook-authorization-config.yaml.j2
     dest: "{{ kube_config_dir }}/webhook-authorization-config.yaml"
     mode: 0640
-  when: kube_webhook_authorization|default(false)
+  when: kube_webhook_authorization | default(false)
 
 - name: Create kube-scheduler config
   template:

roles/kubernetes/control-plane/tasks/pre-upgrade.yml

@@ -6,7 +6,7 @@
   with_items:
     - ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
   register: kube_apiserver_manifest_replaced
-  when: etcd_secret_changed|default(false)
+  when: etcd_secret_changed | default(false)
 
 - name: "Pre-upgrade | Delete master containers forcefully"  # noqa no-handler
   shell: "set -o pipefail && docker ps -af name=k8s_{{ item }}* -q | xargs --no-run-if-empty docker rm -f"

roles/kubernetes/control-plane/templates/admission-controls.yaml.j2

@@ -4,6 +4,6 @@ plugins:
 {% for plugin in kube_apiserver_enable_admission_plugins %}
 {% if plugin in kube_apiserver_admission_plugins_needs_configuration %}
 - name: {{ plugin }}
-  path: {{ kube_config_dir }}/{{ plugin|lower }}.yaml
+  path: {{ kube_config_dir }}/{{ plugin | lower }}.yaml
 {% endif %}
 {% endfor %}

roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2

@@ -13,7 +13,7 @@ localAPIEndpoint:
 certificateKey: {{ kubeadm_certificate_key }}
 {% endif %}
 nodeRegistration:
-{% if kube_override_hostname|default('') %}
+{% if kube_override_hostname | default('') %}
   name: {{ kube_override_hostname }}
 {% endif %}
 {% if inventory_hostname in groups['kube_control_plane'] and inventory_hostname not in groups['kube_node'] %}
@@ -89,7 +89,7 @@ etcd:
 {% endfor %}
 {% endif %}
 dns:
-  imageRepository: {{ coredns_image_repo | regex_replace('/coredns(?!/coredns).*$','') }}
+  imageRepository: {{ coredns_image_repo | regex_replace('/coredns(?!/coredns).*$', '') }}
   imageTag: {{ coredns_image_tag }}
 networking:
   dnsDomain: {{ dns_domain }}
@@ -100,7 +100,7 @@ networking:
 {% if kubeadm_feature_gates %}
 featureGates:
 {%   for feature in kubeadm_feature_gates %}
-  {{ feature|replace("=", ": ") }}
+  {{ feature | replace("=", ": ") }}
 {%   endfor %}
 {% endif %}
 kubernetesVersion: {{ kube_version }}
@@ -124,13 +124,13 @@ apiServer:
 {% endif %}
     authorization-mode: {{ authorization_modes | join(',') }}
     bind-address: {{ kube_apiserver_bind_address }}
-{% if kube_apiserver_enable_admission_plugins|length > 0 %}
+{% if kube_apiserver_enable_admission_plugins | length > 0 %}
     enable-admission-plugins: {{ kube_apiserver_enable_admission_plugins | join(',') }}
 {% endif %}
 {% if kube_apiserver_admission_control_config_file %}
     admission-control-config-file: {{ kube_config_dir }}/admission-controls.yaml
 {% endif %}
-{% if kube_apiserver_disable_admission_plugins|length > 0 %}
+{% if kube_apiserver_disable_admission_plugins | length > 0 %}
     disable-admission-plugins: {{ kube_apiserver_disable_admission_plugins | join(',') }}
 {% endif %}
     apiserver-count: "{{ kube_apiserver_count }}"
@@ -144,13 +144,13 @@ apiServer:
     profiling: "{{ kube_profiling }}"
     request-timeout: "{{ kube_apiserver_request_timeout }}"
     enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
-{% if kube_token_auth|default(true) %}
+{% if kube_token_auth | default(true) %}
     token-auth-file: {{ kube_token_dir }}/known_tokens.csv
 {% endif %}
 {% if kube_apiserver_service_account_lookup %}
     service-account-lookup: "{{ kube_apiserver_service_account_lookup }}"
 {% endif %}
-{% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %}
+{% if kube_oidc_auth | default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %}
     oidc-issuer-url: "{{ kube_oidc_url }}"
     oidc-client-id: "{{ kube_oidc_client_id }}"
 {%   if kube_oidc_ca_file is defined %}
@@ -169,17 +169,17 @@ apiServer:
     oidc-groups-prefix: "{{ kube_oidc_groups_prefix }}"
 {%   endif %}
 {% endif %}
-{% if kube_webhook_token_auth|default(false) %}
+{% if kube_webhook_token_auth | default(false) %}
     authentication-token-webhook-config-file: {{ kube_config_dir }}/webhook-token-auth-config.yaml
 {% endif %}
-{% if kube_webhook_authorization|default(false) %}
+{% if kube_webhook_authorization | default(false) %}
     authorization-webhook-config-file: {{ kube_config_dir }}/webhook-authorization-config.yaml
 {% endif %}
 {% if kube_encrypt_secret_data %}
     encryption-provider-config: {{ kube_cert_dir }}/secrets_encryption.yaml
 {% endif %}
     storage-backend: {{ kube_apiserver_storage_backend }}
-{% if kube_api_runtime_config|length > 0 %}
+{% if kube_api_runtime_config | length > 0 %}
     runtime-config: {{ kube_api_runtime_config | join(',') }}
 {% endif %}
     allow-privileged: "true"
@@ -223,24 +223,24 @@ apiServer:
 {% if kubelet_rotate_server_certificates %}
     kubelet-certificate-authority: {{ kube_cert_dir }}/ca.crt
 {% endif %}
-{% if kubernetes_audit or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] ) or apiserver_extra_volumes or ssl_ca_dirs|length %}
+{% if kubernetes_audit or kube_token_auth | default(true) or kube_webhook_token_auth | default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] ) or apiserver_extra_volumes or ssl_ca_dirs | length %}
   extraVolumes:
 {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %}
   - name: cloud-config
     hostPath: {{ kube_config_dir }}/cloud_config
     mountPath: {{ kube_config_dir }}/cloud_config
 {% endif %}
-{% if kube_token_auth|default(true) %}
+{% if kube_token_auth | default(true) %}
   - name: token-auth-config
     hostPath: {{ kube_token_dir }}
     mountPath: {{ kube_token_dir }}
 {% endif %}
-{% if kube_webhook_token_auth|default(false) %}
+{% if kube_webhook_token_auth | default(false) %}
   - name: webhook-token-auth-config
     hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
     mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
 {% endif %}
-{% if kube_webhook_authorization|default(false) %}
+{% if kube_webhook_authorization | default(false) %}
   - name: webhook-authorization-config
     hostPath: {{ kube_config_dir }}/webhook-authorization-config.yaml
     mountPath: {{ kube_config_dir }}/webhook-authorization-config.yaml
@@ -269,7 +269,7 @@ apiServer:
     mountPath: {{ volume.mountPath }}
     readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
 {% endfor %}
-{% if ssl_ca_dirs|length %}
+{% if ssl_ca_dirs | length %}
 {% for dir in ssl_ca_dirs %}
   - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
     hostPath: {{ dir }}
@@ -316,7 +316,7 @@ controllerManager:
     configure-cloud-routes: "false"
 {% endif %}
 {% if kubelet_flexvolumes_plugins_dir is defined %}
-    flex-volume-plugin-dir: {{kubelet_flexvolumes_plugins_dir}}
+    flex-volume-plugin-dir: {{ kubelet_flexvolumes_plugins_dir }}
 {% endif %}
 {% if tls_min_version is defined %}
     tls-min-version: {{ tls_min_version }}
@@ -352,7 +352,7 @@ scheduler:
     feature-gates: "{{ kube_scheduler_feature_gates | default(kube_feature_gates, true) | join(',') }}"
 {% endif %}
     profiling: "{{ kube_profiling }}"
-{% if kube_kubeadm_scheduler_extra_args|length > 0 %}
+{% if kube_kubeadm_scheduler_extra_args | length > 0 %}
 {% for key in kube_kubeadm_scheduler_extra_args %}
     {{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
 {% endfor %}
@@ -422,7 +422,7 @@ portRange: {{ kube_proxy_port_range }}
 {% set feature_gates = ( kube_proxy_feature_gates | default(kube_feature_gates, true) ) %}
 featureGates:
 {%   for feature in feature_gates %}
-  {{ feature|replace("=", ": ") }}
+  {{ feature | replace("=", ": ") }}
 {%   endfor %}
 {% endif %}
 {# DNS settings for kubelet #}
@@ -448,6 +448,6 @@ clusterDNS:
 {% set feature_gates = ( kubelet_feature_gates | default(kube_feature_gates, true) ) %}
 featureGates:
 {%   for feature in feature_gates %}
-  {{ feature|replace("=", ": ") }}
+  {{ feature | replace("=", ": ") }}
 {%   endfor %}
 {% endif %}

roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2

@@ -17,7 +17,7 @@ controlPlane:
     bindPort: {{ kube_apiserver_port }}
   certificateKey: {{ kubeadm_certificate_key }}
 nodeRegistration:
-  name: {{ kube_override_hostname|default(inventory_hostname) }}
+  name: {{ kube_override_hostname | default(inventory_hostname) }}
   criSocket: {{ cri_socket }}
 {% if inventory_hostname in groups['kube_control_plane'] and inventory_hostname not in groups['kube_node'] %}
   taints:

roles/kubernetes/control-plane/templates/kubescheduler-config.yaml.j2

@@ -1,5 +1,5 @@
 {% set kubescheduler_config_api_version = "v1beta3" %}
-apiVersion: kubescheduler.config.k8s.io/{{ kubescheduler_config_api_version|d('v1') }}
+apiVersion: kubescheduler.config.k8s.io/{{ kubescheduler_config_api_version | d('v1') }}
 kind: KubeSchedulerConfiguration
 clientConnection:
   kubeconfig: "{{ kube_config_dir }}/scheduler.conf"

roles/kubernetes/control-plane/templates/podsecurity.yaml.j2

@@ -9,9 +9,9 @@ defaults:
   warn: "{{ kube_pod_security_default_warn }}"
   warn-version: "{{ kube_pod_security_default_warn_version }}"
 exemptions:
-  usernames: {{ kube_pod_security_exemptions_usernames|to_json }}
-  runtimeClasses: {{ kube_pod_security_exemptions_runtime_class_names|to_json }}
-  namespaces: {{ kube_pod_security_exemptions_namespaces|to_json }}
+  usernames: {{ kube_pod_security_exemptions_usernames | to_json }}
+  runtimeClasses: {{ kube_pod_security_exemptions_runtime_class_names | to_json }}
+  namespaces: {{ kube_pod_security_exemptions_namespaces | to_json }}
 {% else %}
 # This file is intentinally left empty as kube_pod_security_use_default={{ kube_pod_security_use_default }}
 {% endif %}

roles/kubernetes/control-plane/templates/secrets_encryption.yaml.j2

@@ -2,7 +2,7 @@ apiVersion: apiserver.config.k8s.io/v1
 kind: EncryptionConfiguration
 resources:
   - resources:
-{{ kube_encryption_resources|to_nice_yaml|indent(4, True) }}
+{{ kube_encryption_resources | to_nice_yaml | indent(4, True) }}
     providers:
     - {{ kube_encryption_algorithm }}:
         keys:

roles/kubernetes/kubeadm/defaults/main.yml

@@ -6,7 +6,7 @@ kubeadm_join_timeout: 120s
 
 # If non-empty, will use this string as identification instead of the actual hostname
 kube_override_hostname: >-
-  {%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%}
+  {%- if cloud_provider is defined and cloud_provider in ['aws'] -%}
   {%- else -%}
   {{ inventory_hostname }}
   {%- endif -%}

roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml

@@ -51,7 +51,7 @@
   register: "etcd_client_cert_serial_result"
   changed_when: false
   when:
-    - inventory_hostname in groups['k8s_cluster']|union(groups['calico_rr']|default([]))|unique|sort
+    - inventory_hostname in groups['k8s_cluster'] | union(groups['calico_rr'] | default([])) | unique | sort
   tags:
     - network
 

roles/kubernetes/kubeadm/tasks/main.yml

@@ -1,6 +1,7 @@
 ---
 - name: Set kubeadm_discovery_address
   set_fact:
+    # noqa: jinja[spacing]
     kubeadm_discovery_address: >-
       {%- if "127.0.0.1" in kube_apiserver_endpoint or "localhost" in kube_apiserver_endpoint -%}
       {{ first_kube_control_plane_address }}:{{ kube_apiserver_port }}
@@ -138,7 +139,7 @@
   args:
     executable: /bin/bash
   run_once: true
-  delegate_to: "{{ groups['kube_control_plane']|first }}"
+  delegate_to: "{{ groups['kube_control_plane'] | first }}"
   delegate_facts: false
   when:
     - kubeadm_config_api_fqdn is not defined
@@ -158,7 +159,7 @@
 - name: Restart all kube-proxy pods to ensure that they load the new configmap
   command: "{{ kubectl }} delete pod -n kube-system -l k8s-app=kube-proxy --force --grace-period=0"
   run_once: true
-  delegate_to: "{{ groups['kube_control_plane']|first }}"
+  delegate_to: "{{ groups['kube_control_plane'] | first }}"
   delegate_facts: false
   when:
     - kubeadm_config_api_fqdn is not defined

roles/kubernetes/node-label/tasks/main.yml

@@ -17,10 +17,10 @@
 
 - name: Node label for nvidia GPU nodes
   set_fact:
-    role_node_labels: "{{ role_node_labels + [ 'nvidia.com/gpu=true' ] }}"
+    role_node_labels: "{{ role_node_labels + ['nvidia.com/gpu=true'] }}"
   when:
     - nvidia_gpu_nodes is defined
-    - nvidia_accelerator_enabled|bool
+    - nvidia_accelerator_enabled | bool
     - inventory_hostname in nvidia_gpu_nodes
 
 - name: Set inventory node label to empty list
@@ -29,8 +29,8 @@
 
 - name: Populate inventory node label
   set_fact:
-    inventory_node_labels: "{{ inventory_node_labels + [ '%s=%s'|format(item.key, item.value) ] }}"
-  loop: "{{ node_labels|d({})|dict2items }}"
+    inventory_node_labels: "{{ inventory_node_labels + ['%s=%s' | format(item.key, item.value)] }}"
+  loop: "{{ node_labels | d({}) | dict2items }}"
   when:
     - node_labels is defined
     - node_labels is mapping

roles/kubernetes/node/defaults/main.yml

@@ -141,7 +141,7 @@ kubelet_node_custom_flags: []
 
 # If non-empty, will use this string as identification instead of the actual hostname
 kube_override_hostname: >-
-  {%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%}
+  {%- if cloud_provider is defined and cloud_provider in ['aws'] -%}
   {%- else -%}
   {{ inventory_hostname }}
   {%- endif -%}
@@ -161,14 +161,14 @@ sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
 # For the openstack integration kubelet will need credentials to access
 # openstack apis like nova and cinder. Per default this values will be
 # read from the environment.
-openstack_auth_url: "{{ lookup('env','OS_AUTH_URL')  }}"
-openstack_username: "{{ lookup('env','OS_USERNAME')  }}"
-openstack_password: "{{ lookup('env','OS_PASSWORD')  }}"
-openstack_region: "{{ lookup('env','OS_REGION_NAME')  }}"
-openstack_tenant_id: "{{ lookup('env','OS_TENANT_ID')| default(lookup('env','OS_PROJECT_ID')|default(lookup('env','OS_PROJECT_NAME'),true),true) }}"
-openstack_tenant_name: "{{ lookup('env','OS_TENANT_NAME') }}"
-openstack_domain_name: "{{ lookup('env','OS_USER_DOMAIN_NAME') }}"
-openstack_domain_id: "{{ lookup('env','OS_USER_DOMAIN_ID') }}"
+openstack_auth_url: "{{ lookup('env', 'OS_AUTH_URL') }}"
+openstack_username: "{{ lookup('env', 'OS_USERNAME') }}"
+openstack_password: "{{ lookup('env', 'OS_PASSWORD') }}"
+openstack_region: "{{ lookup('env', 'OS_REGION_NAME') }}"
+openstack_tenant_id: "{{ lookup('env', 'OS_TENANT_ID') | default(lookup('env', 'OS_PROJECT_ID') | default(lookup('env', 'OS_PROJECT_NAME'), true), true) }}"
+openstack_tenant_name: "{{ lookup('env', 'OS_TENANT_NAME') }}"
+openstack_domain_name: "{{ lookup('env', 'OS_USER_DOMAIN_NAME') }}"
+openstack_domain_id: "{{ lookup('env', 'OS_USER_DOMAIN_ID') }}"
 
 # For the vsphere integration, kubelet will need credentials to access
 # vsphere apis
@@ -186,7 +186,7 @@ vsphere_resource_pool: "{{ lookup('env', 'VSPHERE_RESOURCE_POOL') }}"
 
 vsphere_scsi_controller_type: pvscsi
 # vsphere_public_network is name of the network the VMs are joined to
-vsphere_public_network: "{{ lookup('env', 'VSPHERE_PUBLIC_NETWORK')|default('') }}"
+vsphere_public_network: "{{ lookup('env', 'VSPHERE_PUBLIC_NETWORK') | default('') }}"
 
 ## When azure is used, you need to also set the following variables.
 ## see docs/azure.md for details on how to get these values

roles/kubernetes/node/tasks/cloud-credentials/azure-credential-check.yml

@@ -61,15 +61,15 @@
 
 - name: "check azure_exclude_master_from_standard_lb is a bool"
   assert:
-    that: azure_exclude_master_from_standard_lb |type_debug == 'bool'
+    that: azure_exclude_master_from_standard_lb | type_debug == 'bool'
 
 - name: "check azure_disable_outbound_snat is a bool"
   assert:
-    that: azure_disable_outbound_snat |type_debug == 'bool'
+    that: azure_disable_outbound_snat | type_debug == 'bool'
 
 - name: "check azure_use_instance_metadata is a bool"
   assert:
-    that: azure_use_instance_metadata |type_debug == 'bool'
+    that: azure_use_instance_metadata | type_debug == 'bool'
 
 - name: check azure_vmtype value
   fail:

roles/kubernetes/node/tasks/facts.yml

@@ -52,9 +52,9 @@
   include_vars: "{{ item }}"
   with_first_found:
   - files:
-    - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
-    - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
-    - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
-    - "{{ ansible_distribution|lower }}.yml"
-    - "{{ ansible_os_family|lower }}.yml"
+    - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower | replace('/', '_') }}.yml"
+    - "{{ ansible_distribution | lower }}-{{ ansible_distribution_release }}.yml"
+    - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower | replace('/', '_') }}.yml"
+    - "{{ ansible_distribution | lower }}.yml"
+    - "{{ ansible_os_family | lower }}.yml"
     skip: true

roles/kubernetes/node/tasks/main.yml

@@ -151,7 +151,7 @@
 
 - name: Test if openstack_cacert is a base64 string
   set_fact:
-    openstack_cacert_is_base64: "{% if openstack_cacert is search ('^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$') %}true{% else %}false{% endif %}"
+    openstack_cacert_is_base64: "{% if openstack_cacert is search('^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}= | [A-Za-z0-9+/]{2}==)?$') %}true{% else %}false{% endif %}"
   when:
     - cloud_provider is defined
     - cloud_provider == 'openstack'

roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2

@@ -34,13 +34,13 @@ healthzPort: {{ kubelet_healthz_port }}
 healthzBindAddress: {{ kubelet_healthz_bind_address }}
 kubeletCgroups: {{ kubelet_kubelet_cgroups }}
 clusterDomain: {{ dns_domain }}
-{% if kubelet_protect_kernel_defaults|bool %}
+{% if kubelet_protect_kernel_defaults | bool %}
 protectKernelDefaults: true
 {% endif %}
-{% if kubelet_rotate_certificates|bool %}
+{% if kubelet_rotate_certificates | bool %}
 rotateCertificates: true
 {% endif %}
-{% if kubelet_rotate_server_certificates|bool %}
+{% if kubelet_rotate_server_certificates | bool %}
 serverTLSBootstrap: true
 {% endif %}
 {# DNS settings for kubelet #}
@@ -60,10 +60,10 @@ clusterDNS:
 - {{ dns_address }}
 {% endfor %}
 {# Node reserved CPU/memory #}
-{% if kube_reserved|bool %}
+{% if kube_reserved | bool %}
 kubeReservedCgroup: {{ kube_reserved_cgroups }}
 kubeReserved:
-{% if is_kube_master|bool %}
+{% if is_kube_master | bool %}
   cpu: {{ kube_master_cpu_reserved }}
   memory: {{ kube_master_memory_reserved }}
 {% if kube_master_ephemeral_storage_reserved is defined %}
@@ -83,10 +83,10 @@ kubeReserved:
 {% endif %}
 {% endif %}
 {% endif %}
-{% if system_reserved|bool %}
+{% if system_reserved | bool %}
 systemReservedCgroup: {{ system_reserved_cgroups }}
 systemReserved:
-{% if is_kube_master|bool %}
+{% if is_kube_master | bool %}
   cpu: {{ system_master_cpu_reserved }}
   memory: {{ system_master_memory_reserved }}
 {% if system_master_ephemeral_storage_reserved is defined %}
@@ -106,10 +106,10 @@ systemReserved:
 {% endif %}
 {% endif %}
 {% endif %}
-{% if is_kube_master|bool and eviction_hard_control_plane is defined and eviction_hard_control_plane %}
+{% if is_kube_master | bool and eviction_hard_control_plane is defined and eviction_hard_control_plane %}
 evictionHard:
   {{ eviction_hard_control_plane | to_nice_yaml(indent=2) | indent(2) }}
-{% elif not is_kube_master|bool and eviction_hard is defined and eviction_hard %}
+{% elif not is_kube_master | bool and eviction_hard is defined and eviction_hard %}
 evictionHard:
   {{ eviction_hard | to_nice_yaml(indent=2) | indent(2) }}
 {% endif %}
@@ -123,7 +123,7 @@ resolvConf: "{{ kube_resolv_conf }}"
 {% if kubelet_feature_gates or kube_feature_gates %}
 featureGates:
 {% for feature in (kubelet_feature_gates | default(kube_feature_gates, true)) %}
-  {{ feature|replace("=", ": ") }}
+  {{ feature | replace("=", ": ") }}
 {% endfor %}
 {% endif %}
 {% if tls_min_version is defined %}

roles/kubernetes/preinstall/defaults/main.yml

@@ -73,7 +73,7 @@ ping_access_ip: true
 ntp_enabled: false
 # The package to install which provides NTP functionality.
 # The default is ntp for most platforms, or chrony on RHEL/CentOS 7 and later.
-# The ntp_package can be one of ['ntp','chrony']
+# The ntp_package can be one of ['ntp', 'chrony']
 ntp_package: >-
       {% if ansible_os_family == "RedHat" -%}
       chrony

roles/kubernetes/preinstall/handlers/main.yml

@@ -45,7 +45,7 @@
     - Preinstall | restart kube-controller-manager crio/containerd
     - Preinstall | restart kube-apiserver docker
     - Preinstall | restart kube-apiserver crio/containerd
-  when: not dns_early|bool
+  when: not dns_early | bool
 
 # FIXME(mattymo): Also restart for kubeadm mode
 - name: Preinstall | kube-apiserver configured

roles/kubernetes/preinstall/tasks/0020-set_facts.yml

@@ -84,12 +84,12 @@
 
 - name: Stop if /etc/resolv.conf not configured nameservers
   assert:
-    that: configured_nameservers|length>0
+    that: configured_nameservers | length>0
     fail_msg: "nameserver should not empty in /etc/resolv.conf"
   when:
     - not ignore_assert_errors
     - configured_nameservers is defined
-    - not (upstream_dns_servers is defined and upstream_dns_servers|length > 0)
+    - not (upstream_dns_servers is defined and upstream_dns_servers | length > 0)
     - not (disable_host_nameservers | default(false))
 
 - name: NetworkManager | Check if host has NetworkManager
@@ -111,14 +111,14 @@
 - name: set default dns if remove_default_searchdomains is false
   set_fact:
     default_searchdomains: ["default.svc.{{ dns_domain }}", "svc.{{ dns_domain }}"]
-  when: not remove_default_searchdomains|default()|bool or (remove_default_searchdomains|default()|bool and searchdomains|default([])|length==0)
+  when: not remove_default_searchdomains | default() | bool or (remove_default_searchdomains | default() | bool and searchdomains | default([]) | length==0)
 
 - name: set dns facts
   set_fact:
     resolvconf: >-
       {%- if resolvconf.rc == 0 and resolvconfd_path.stat.isdir is defined and resolvconfd_path.stat.isdir -%}true{%- else -%}false{%- endif -%}
     bogus_domains: |-
-      {% for d in default_searchdomains|default([]) + searchdomains|default([]) -%}
+      {% for d in default_searchdomains | default([]) + searchdomains | default([]) -%}
       {{ dns_domain }}.{{ d }}./{{ d }}.{{ d }}./com.{{ d }}./
       {%- endfor %}
     cloud_resolver: "{{ ['169.254.169.254'] if cloud_provider is defined and cloud_provider == 'gce' else
@@ -142,9 +142,9 @@
   set_fact:
     resolvconffile: /etc/resolv.conf
     base: >-
-      {%- if resolvconf|bool -%}/etc/resolvconf/resolv.conf.d/base{%- endif -%}
+      {%- if resolvconf | bool -%}/etc/resolvconf/resolv.conf.d/base{%- endif -%}
     head: >-
-      {%- if resolvconf|bool -%}/etc/resolvconf/resolv.conf.d/head{%- endif -%}
+      {%- if resolvconf | bool -%}/etc/resolvconf/resolv.conf.d/head{%- endif -%}
   when: not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] and not is_fedora_coreos
 
 - name: target temporary resolvconf cloud init file (Flatcar Container Linux by Kinvolk / Fedora CoreOS)
@@ -191,36 +191,36 @@
 - name: generate search domains to resolvconf
   set_fact:
     searchentries:
-      search {{ (default_searchdomains|default([]) + searchdomains|default([])) | join(' ') }}
+      search {{ (default_searchdomains | default([]) + searchdomains | default([])) | join(' ') }}
     domainentry:
       domain {{ dns_domain }}
     supersede_search:
-      supersede domain-search "{{ (default_searchdomains|default([]) + searchdomains|default([])) | join('", "') }}";
+      supersede domain-search "{{ (default_searchdomains | default([]) + searchdomains | default([])) | join('", "') }}";
     supersede_domain:
       supersede domain-name "{{ dns_domain }}";
 
 - name: pick coredns cluster IP or default resolver
   set_fact:
     coredns_server: |-
-      {%- if dns_mode == 'coredns' and not dns_early|bool -%}
-        {{ [ skydns_server ] }}
-      {%- elif dns_mode == 'coredns_dual' and not dns_early|bool -%}
-        {{ [ skydns_server ] + [ skydns_server_secondary ] }}
-      {%- elif dns_mode == 'manual' and not dns_early|bool -%}
-        {{ ( manual_dns_server.split(',') | list) }}
-      {%- elif dns_mode == 'none' and not dns_early|bool -%}
+      {%- if dns_mode == 'coredns' and not dns_early | bool -%}
+        {{ [skydns_server] }}
+      {%- elif dns_mode == 'coredns_dual' and not dns_early | bool -%}
+        {{ [skydns_server] + [skydns_server_secondary] }}
+      {%- elif dns_mode == 'manual' and not dns_early | bool -%}
+        {{ (manual_dns_server.split(',') | list) }}
+      {%- elif dns_mode == 'none' and not dns_early | bool -%}
         []
-      {%- elif dns_early|bool -%}
-        {{ upstream_dns_servers|default([]) }}
+      {%- elif dns_early | bool -%}
+        {{ upstream_dns_servers | default([]) }}
       {%- endif -%}
 
 # This task should only run after cluster/nodelocal DNS is up, otherwise all DNS lookups will timeout
 - name: generate nameservers for resolvconf, including cluster DNS
   set_fact:
     nameserverentries: |-
-      {{ (([nodelocaldns_ip] if enable_nodelocaldns else []) + (coredns_server|d([]) if not enable_nodelocaldns else []) + nameservers|d([]) + cloud_resolver|d([]) + (configured_nameservers|d([]) if not disable_host_nameservers|d()|bool else [])) | unique | join(',') }}
+      {{ (([nodelocaldns_ip] if enable_nodelocaldns else []) + (coredns_server | d([]) if not enable_nodelocaldns else []) + nameservers | d([]) + cloud_resolver | d([]) + (configured_nameservers | d([]) if not disable_host_nameservers | d() | bool else [])) | unique | join(',') }}
     supersede_nameserver:
-      supersede domain-name-servers {{ ( ( [nodelocaldns_ip] if enable_nodelocaldns else []) + (coredns_server|d([]) if not enable_nodelocaldns else []) + nameservers|d([]) + cloud_resolver|d([])) | unique | join(', ') }};
+      supersede domain-name-servers {{ (([nodelocaldns_ip] if enable_nodelocaldns else []) + (coredns_server | d([]) if not enable_nodelocaldns else []) + nameservers | d([]) + cloud_resolver | d([])) | unique | join(', ') }};
   when: not dns_early or dns_late
 
 # This task should run instead of the above task when cluster/nodelocal DNS hasn't
@@ -228,20 +228,20 @@
 - name: generate nameservers for resolvconf, not including cluster DNS
   set_fact:
     nameserverentries: |-
-      {{ ( nameservers|d([]) + cloud_resolver|d([]) + configured_nameservers|d([])) | unique | join(',') }}
+      {{ (nameservers | d([]) + cloud_resolver | d([]) + configured_nameservers | d([])) | unique | join(',') }}
     supersede_nameserver:
-      supersede domain-name-servers {{ ( nameservers|d([]) + cloud_resolver|d([])) | unique | join(', ') }};
+      supersede domain-name-servers {{ (nameservers | d([]) + cloud_resolver | d([])) | unique | join(', ') }};
   when: dns_early and not dns_late
 
 - name: gather os specific variables
   include_vars: "{{ item }}"
   with_first_found:
     - files:
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
-        - "{{ ansible_distribution|lower }}.yml"
-        - "{{ ansible_os_family|lower }}.yml"
+        - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower | replace('/', '_') }}.yml"
+        - "{{ ansible_distribution | lower }}-{{ ansible_distribution_release }}.yml"
+        - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower | replace('/', '_') }}.yml"
+        - "{{ ansible_distribution | lower }}.yml"
+        - "{{ ansible_os_family | lower }}.yml"
         - defaults.yml
       paths:
         - ../vars

roles/kubernetes/preinstall/tasks/0040-verify-settings.yml

@@ -45,7 +45,7 @@
 # simplify this items-list when   https://github.com/ansible/ansible/issues/15753  is resolved
 - name: "Stop if known booleans are set as strings (Use JSON format on CLI: -e \"{'key': true }\")"
   assert:
-    that: item.value|type_debug == 'bool'
+    that: item.value | type_debug == 'bool'
     msg: "{{ item.value }} isn't a bool"
   run_once: yes
   with_items:
@@ -58,7 +58,7 @@
 
 - name: Stop if even number of etcd hosts
   assert:
-    that: groups.etcd|length is not divisibleby 2
+    that: groups.etcd | length is not divisibleby 2
   when:
     - not ignore_assert_errors
     - inventory_hostname in groups.get('etcd',[])
@@ -102,6 +102,7 @@
 
 - name: Ensure ping package
   package:
+    # noqa: jinja[spacing]
     name: >-
           {%- if ansible_os_family == 'Debian' -%}
           iputils-ping
@@ -207,7 +208,7 @@
 
 - name: Stop if unknown cert_management
   assert:
-    that: cert_management|d('script') in ['script', 'none']
+    that: cert_management | d('script') in ['script', 'none']
     msg: "cert_management can only be 'script' or 'none'"
   run_once: true
 

roles/kubernetes/preinstall/tasks/0060-resolvconf.yml

@@ -13,7 +13,7 @@
       {% for item in nameserverentries.split(',') %}
       nameserver {{ item }}
       {% endfor %}
-      options ndots:{{ ndots }} timeout:{{ dns_timeout|default('2') }} attempts:{{ dns_attempts|default('2') }}
+      options ndots:{{ ndots }} timeout:{{ dns_timeout | default('2') }} attempts:{{ dns_attempts | default('2') }}
     state: present
     insertbefore: BOF
     create: yes
@@ -28,7 +28,7 @@
     regexp: '^{{ item[1] }}[^#]*(?=# Ansible entries BEGIN)'
     backup: "{{ not resolvconf_stat.stat.islnk }}"
   with_nested:
-    - "{{ [resolvconffile, base|default(''), head|default('')] | difference(['']) }}"
+    - "{{ [resolvconffile, base | default(''), head | default('')] | difference(['']) }}"
     - [ 'search\s', 'nameserver\s', 'domain\s', 'options\s' ]
   notify: Preinstall | propagate resolvconf to k8s components
 
@@ -39,7 +39,7 @@
     replace: '\1'
     backup: "{{ not resolvconf_stat.stat.islnk }}"
   with_nested:
-    - "{{ [resolvconffile, base|default(''), head|default('')] | difference(['']) }}"
+    - "{{ [resolvconffile, base | default(''), head | default('')] | difference(['']) }}"
     - [ 'search\s', 'nameserver\s', 'domain\s', 'options\s' ]
   notify: Preinstall | propagate resolvconf to k8s components
 

roles/kubernetes/preinstall/tasks/0063-networkmanager-dns.yml

@@ -12,14 +12,14 @@
 - name: set default dns if remove_default_searchdomains is false
   set_fact:
     default_searchdomains: ["default.svc.{{ dns_domain }}", "svc.{{ dns_domain }}"]
-  when: not remove_default_searchdomains|default()|bool or (remove_default_searchdomains|default()|bool and searchdomains|default([])|length==0)
+  when: not remove_default_searchdomains | default() | bool or (remove_default_searchdomains | default() | bool and searchdomains | default([]) | length==0)
 
 - name: NetworkManager | Add DNS search to NM configuration
   community.general.ini_file:
     path: /etc/NetworkManager/conf.d/dns.conf
     section: global-dns
     option: searches
-    value: "{{ (default_searchdomains|default([]) + searchdomains|default([])) | join(',') }}"
+    value: "{{ (default_searchdomains | default([]) + searchdomains | default([])) | join(',') }}"
     mode: '0600'
     backup: yes
   notify: Preinstall | update resolvconf for networkmanager
@@ -29,7 +29,7 @@
     path: /etc/NetworkManager/conf.d/dns.conf
     section: global-dns
     option: options
-    value: "ndots:{{ ndots }},timeout:{{ dns_timeout|default('2') }},attempts:{{ dns_attempts|default('2') }}"
+    value: "ndots:{{ ndots }},timeout:{{ dns_timeout | default('2') }},attempts:{{ dns_attempts | default('2') }}"
     mode: '0600'
     backup: yes
   notify: Preinstall | update resolvconf for networkmanager

roles/kubernetes/preinstall/tasks/0070-system-packages.yml

@@ -55,7 +55,7 @@
   delay: "{{ retry_stagger | random + 3 }}"
   when:
     - ansible_distribution == "Fedora"
-    - ansible_distribution_major_version|int >= 30
+    - ansible_distribution_major_version | int >= 30
     - not is_fedora_coreos
   changed_when: False
   tags:
@@ -68,18 +68,18 @@
   when:
     - ansible_os_family == "RedHat"
     - not is_fedora_coreos
-    - epel_enabled|bool
+    - epel_enabled | bool
   tags:
     - bootstrap-os
 
 - name: Update common_required_pkgs with ipvsadm when kube_proxy_mode is ipvs
   set_fact:
-    common_required_pkgs: "{{ common_required_pkgs|default([]) + ['ipvsadm', 'ipset'] }}"
+    common_required_pkgs: "{{ common_required_pkgs | default([]) + ['ipvsadm', 'ipset'] }}"
   when: kube_proxy_mode == 'ipvs'
 
 - name: Install packages requirements
   package:
-    name: "{{ required_pkgs | default([]) | union(common_required_pkgs|default([])) }}"
+    name: "{{ required_pkgs | default([]) | union(common_required_pkgs | default([])) }}"
     state: present
   register: pkgs_task_result
   until: pkgs_task_result is succeeded

roles/kubernetes/preinstall/tasks/0080-system-configurations.yml

@@ -119,7 +119,7 @@
     - { name: kernel.panic_on_oops, value: 1 }
     - { name: vm.overcommit_memory, value: 1 }
     - { name: vm.panic_on_oom, value: 0 }
-  when: kubelet_protect_kernel_defaults|bool
+  when: kubelet_protect_kernel_defaults | bool
 
 - name: Check dummy module
   community.general.modprobe:

roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml

@@ -17,6 +17,7 @@
 
 - name: Set fact NTP settings
   set_fact:
+    # noqa: jinja[spacing]
     ntp_config_file: >-
       {% if ntp_package == "ntp" -%}
       /etc/ntp.conf
@@ -25,6 +26,7 @@
       {%- else -%}
       /etc/chrony/chrony.conf
       {%- endif -%}
+    # noqa: jinja[spacing]
     ntp_service_name: >-
       {% if ntp_package == "chrony" -%}
       chronyd
@@ -51,6 +53,7 @@
     - ntp_force_sync_immediately
 
 - name: Force Sync NTP Immediately
+  # noqa: jinja[spacing]
   command: >-
       timeout -k 60s 60s
       {% if ntp_package == "ntp" -%}

roles/kubernetes/preinstall/tasks/0090-etchosts.yml

@@ -4,7 +4,7 @@
     - name: Hosts | create list from inventory
       set_fact:
         etc_hosts_inventory_block: |-
-          {% for item in (groups['k8s_cluster'] + groups['etcd']|default([]) + groups['calico_rr']|default([]))|unique -%}
+          {% for item in (groups['k8s_cluster'] + groups['etcd'] | default([]) + groups['calico_rr'] | default([])) | unique -%}
           {% if 'access_ip' in hostvars[item] or 'ip' in hostvars[item] or 'ansible_default_ipv4' in hostvars[item] -%}
           {{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(hostvars[item]['ansible_default_ipv4']['address'])) }}
           {%- if ('ansible_hostname' in hostvars[item] and item != hostvars[item]['ansible_hostname']) %} {{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }} {{ hostvars[item]['ansible_hostname'] }} {% else %} {{ item }}.{{ dns_domain }} {{ item }} {% endif %}
@@ -51,8 +51,8 @@
     - name: Hosts | Extract existing entries for localhost from hosts file
       set_fact:
         etc_hosts_localhosts_dict: >-
-          {%- set splitted = (item | regex_replace('[ \t]+', ' ')|regex_replace('#.*$')|trim).split( ' ') -%}
-          {{ etc_hosts_localhosts_dict|default({}) | combine({splitted[0]: splitted[1::] }) }}
+          {%- set splitted = (item | regex_replace('[ \t]+', ' ') | regex_replace('#.*$') | trim).split(' ') -%}
+          {{ etc_hosts_localhosts_dict | default({}) | combine({splitted[0]: splitted[1::]}) }}
       with_items: "{{ (etc_hosts_content['content'] | b64decode).splitlines() }}"
       when:
         - etc_hosts_content.content is defined
@@ -61,19 +61,19 @@
     - name: Hosts | Update target hosts file entries dict with required entries
       set_fact:
         etc_hosts_localhosts_dict_target: >-
-          {%- set target_entries = (etc_hosts_localhosts_dict|default({})).get(item.key, []) | difference(item.value.get('unexpected' ,[])) -%}
-          {{ etc_hosts_localhosts_dict_target|default({}) | combine({item.key: (target_entries + item.value.expected)|unique}) }}
-      loop: "{{ etc_hosts_localhost_entries|dict2items }}"
+          {%- set target_entries = (etc_hosts_localhosts_dict | default({})).get(item.key, []) | difference(item.value.get('unexpected', [])) -%}
+          {{ etc_hosts_localhosts_dict_target | default({}) | combine({item.key: (target_entries + item.value.expected) | unique}) }}
+      loop: "{{ etc_hosts_localhost_entries | dict2items }}"
 
     - name: Hosts | Update (if necessary) hosts file
       lineinfile:
         dest: /etc/hosts
-        line: "{{ item.key }} {{ item.value|join(' ') }}"
+        line: "{{ item.key }} {{ item.value | join(' ') }}"
         regexp: "^{{ item.key }}.*$"
         state: present
         backup: yes
         unsafe_writes: yes
-      loop: "{{ etc_hosts_localhosts_dict_target|default({})|dict2items }}"
+      loop: "{{ etc_hosts_localhosts_dict_target | default({}) | dict2items }}"
   when: populate_localhost_entries_to_hosts_file
 
 # gather facts to update ansible_fqdn

roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml

@@ -2,7 +2,7 @@
 - name: Configure dhclient to supersede search/domain/nameservers
   blockinfile:
     block: |-
-      {% for item in [ supersede_domain, supersede_search, supersede_nameserver ] -%}
+      {% for item in [supersede_domain, supersede_search, supersede_nameserver] -%}
       {{ item }}
       {% endfor %}
     path: "{{ dhclientconffile }}"

roles/kubernetes/preinstall/tasks/0120-growpart-azure-centos-7.yml

@@ -14,7 +14,7 @@
 - name: Search root filesystem device
   vars:
     query: "[?mount=='/'].device"
-    _root_device: "{{ ansible_mounts|json_query(query) }}"
+    _root_device: "{{ ansible_mounts | json_query(query) }}"
   set_fact:
     device: "{{ _root_device | first | regex_replace('([^0-9]+)[0-9]+', '\\1') }}"
     partition: "{{ _root_device | first | regex_replace('[^0-9]+([0-9]+)', '\\1') }}"

roles/kubernetes/preinstall/vars/centos.yml

@@ -1,6 +1,6 @@
 ---
 required_pkgs:
-  - "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}"
+  - "{{ ((ansible_distribution_major_version | int) < 8) | ternary('libselinux-python', 'python3-libselinux') }}"
   - device-mapper-libs
   - nss
   - conntrack

roles/kubernetes/preinstall/vars/redhat.yml

@@ -1,6 +1,6 @@
 ---
 required_pkgs:
-  - "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}"
+  - "{{ ((ansible_distribution_major_version | int) < 8) | ternary('libselinux-python', 'python3-libselinux') }}"
   - device-mapper-libs
   - nss
   - conntrack

roles/kubernetes/tokens/tasks/check-tokens.yml

@@ -17,7 +17,7 @@
 - name: "Check_tokens | Set 'sync_tokens' and 'gen_tokens' to true"
   set_fact:
     gen_tokens: true
-  when: not known_tokens_master.stat.exists and kube_token_auth|default(true)
+  when: not known_tokens_master.stat.exists and kube_token_auth | default(true)
   run_once: true
 
 - name: "Check tokens | check if a cert already exists"
@@ -34,7 +34,7 @@
       {%- set tokens = {'sync': False} -%}
       {%- for server in groups['kube_control_plane'] | intersect(ansible_play_batch)
         if (not hostvars[server].known_tokens.stat.exists) or
-        (hostvars[server].known_tokens.stat.checksum|default('') != known_tokens_master.stat.checksum|default('')) -%}
+        (hostvars[server].known_tokens.stat.checksum | default('') != known_tokens_master.stat.checksum | default('')) -%}
         {%- set _ = tokens.update({'sync': True}) -%}
       {%- endfor -%}
       {{ tokens.sync }}

roles/kubernetes/tokens/tasks/gen_tokens.yml

@@ -6,7 +6,7 @@
     mode: 0700
   run_once: yes
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
-  when: gen_tokens|default(false)
+  when: gen_tokens | default(false)
 
 - name: Gen_tokens | generate tokens for master components
   command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
@@ -19,7 +19,7 @@
   changed_when: "'Added' in gentoken_master.stdout"
   run_once: yes
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
-  when: gen_tokens|default(false)
+  when: gen_tokens | default(false)
 
 - name: Gen_tokens | generate tokens for node components
   command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
@@ -32,7 +32,7 @@
   changed_when: "'Added' in gentoken_node.stdout"
   run_once: yes
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
-  when: gen_tokens|default(false)
+  when: gen_tokens | default(false)
 
 - name: Gen_tokens | Get list of tokens from first master
   command: "find {{ kube_token_dir }} -maxdepth 1 -type f"
@@ -40,7 +40,7 @@
   check_mode: no
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
   run_once: true
-  when: sync_tokens|default(false)
+  when: sync_tokens | default(false)
 
 - name: Gen_tokens | Gather tokens
   shell: "set -o pipefail && tar cfz - {{ tokens_list.stdout_lines | join(' ') }} | base64 --wrap=0"
@@ -50,14 +50,14 @@
   check_mode: no
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
   run_once: true
-  when: sync_tokens|default(false)
+  when: sync_tokens | default(false)
 
 - name: Gen_tokens | Copy tokens on masters
-  shell: "set -o pipefail && echo '{{ tokens_data.stdout|quote }}' | base64 -d | tar xz -C /"
+  shell: "set -o pipefail && echo '{{ tokens_data.stdout | quote }}' | base64 -d | tar xz -C /"
   args:
     executable: /bin/bash
   when:
     - inventory_hostname in groups['kube_control_plane']
-    - sync_tokens|default(false)
+    - sync_tokens | default(false)
     - inventory_hostname != groups['kube_control_plane'][0]
     - tokens_data.stdout