Adding yamllinter to ci steps (#1556)

* Adding yaml linter to ci check

* Minor linting fixes from yamllint

* Changing CI to install python pkgs from requirements.txt

- adding in a secondary requirements.txt for tests
- moving yamllint to tests requirements

roles/kubernetes/master/defaults/main.yml

@@ -1,3 +1,4 @@
+---
 # An experimental dev/test only dynamic volumes provisioner,
 # for PetSets. Works for kube>=v1.3 only.
 kube_hostpath_dynamic_provisioner: "false"
@@ -52,14 +53,14 @@ kube_oidc_auth: false
 ## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/
 ## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...)
 
-#kube_oidc_url: https:// ...
+# kube_oidc_url: https:// ...
 # kube_oidc_client_id: kubernetes
 ## Optional settings for OIDC
 # kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem
 # kube_oidc_username_claim: sub
 # kube_oidc_groups_claim: groups
 
-##Variables for custom flags
+## Variables for custom flags
 apiserver_custom_flags: []
 
 controller_mgr_custom_flags: []

roles/kubernetes/master/tasks/main.yml

@@ -88,4 +88,3 @@
 
 - include: post-upgrade.yml
   tags: k8s-post-upgrade
-

roles/kubernetes/node/defaults/main.yml

@@ -1,3 +1,4 @@
+---
 # Valid options: docker (default), rkt, or host
 kubelet_deployment_type: host
 
@@ -49,7 +50,7 @@ kube_apiserver_node_port_range: "30000-32767"
 
 kubelet_load_modules: false
 
-##Support custom flags to be passed to kubelet
+## Support custom flags to be passed to kubelet
 kubelet_custom_flags: []
 
 # This setting is used for rkt based kubelet for deploying hyperkube

roles/kubernetes/node/tasks/install.yml

@@ -21,4 +21,3 @@
     dest: "/etc/systemd/system/kubelet.service"
     backup: "yes"
   notify: restart kubelet
-

roles/kubernetes/node/tasks/install_rkt.yml

@@ -20,8 +20,8 @@
     path: /var/lib/kubelet
 
 - name: Create kubelet service systemd directory
-  file: 
-    path: /etc/systemd/system/kubelet.service.d 
+  file:
+    path: /etc/systemd/system/kubelet.service.d
     state: directory
 
 - name: Write kubelet proxy drop-in
@@ -30,4 +30,3 @@
     dest: /etc/systemd/system/kubelet.service.d/http-proxy.conf
   when: http_proxy is defined or https_proxy is defined or no_proxy is defined
   notify: restart kubelet
-

roles/kubernetes/preinstall/handlers/main.yml

@@ -1,3 +1,4 @@
+---
 - name: Preinstall | restart network
   command: /bin/true
   notify:

roles/kubernetes/preinstall/tasks/azure-credential-check.yml

@@ -48,5 +48,3 @@
   fail:
     msg: "azure_route_table_name is missing"
   when: azure_route_table_name is not defined or azure_route_table_name == ""
-
-

roles/kubernetes/preinstall/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 - include: pre-upgrade.yml
-  tags: [upgrade,  bootstrap-os]
+  tags: [upgrade, bootstrap-os]
 
 - name: Force binaries directory for Container Linux by CoreOS
   set_fact:
@@ -27,14 +27,14 @@
   include_vars: "{{ item }}"
   with_first_found:
     - files:
-      - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
-      - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
-      - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
-      - "{{ ansible_distribution|lower }}.yml"
-      - "{{ ansible_os_family|lower }}.yml"
-      - defaults.yml
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
+        - "{{ ansible_distribution|lower }}.yml"
+        - "{{ ansible_os_family|lower }}.yml"
+        - defaults.yml
       paths:
-      - ../vars
+        - ../vars
       skip: true
   tags: facts
 

roles/kubernetes/preinstall/tasks/vsphere-credential-check.yml

@@ -1,3 +1,4 @@
+---
 - name: check vsphere environment variables
   fail:
     msg: "{{ item.name }} is missing"

roles/kubernetes/preinstall/vars/centos.yml

@@ -1,3 +1,4 @@
+---
 required_pkgs:
   - libselinux-python
   - device-mapper-libs

roles/kubernetes/preinstall/vars/debian.yml

@@ -1,3 +1,4 @@
+---
 required_pkgs:
   - python-apt
   - aufs-tools

roles/kubernetes/preinstall/vars/fedora.yml

@@ -1,3 +1,4 @@
+---
 required_pkgs:
   - libselinux-python
   - device-mapper-libs

roles/kubernetes/preinstall/vars/redhat.yml

@@ -1,3 +1,4 @@
+---
 required_pkgs:
   - libselinux-python
   - device-mapper-libs

roles/kubernetes/secrets/tasks/check-certs.yml

@@ -105,4 +105,3 @@
               {%- set _ = certs.update({'sync': True}) -%}
       {% endif %}
       {{ certs.sync }}
-

roles/kubernetes/secrets/tasks/gen_certs_script.yml

@@ -56,26 +56,25 @@
 
 - set_fact:
     all_master_certs: "['ca-key.pem',
+                       'apiserver.pem',
+                       'apiserver-key.pem',
+                       'kube-scheduler.pem',
+                       'kube-scheduler-key.pem',
+                       'kube-controller-manager.pem',
+                       'kube-controller-manager-key.pem',
+                       {% for node in groups['kube-master'] %}
+                       'admin-{{ node }}.pem',
+                       'admin-{{ node }}-key.pem',
+                      {% endfor %}]"
+    my_master_certs: ['ca-key.pem',
+                      'admin-{{ inventory_hostname }}.pem',
+                      'admin-{{ inventory_hostname }}-key.pem',
                       'apiserver.pem',
                       'apiserver-key.pem',
                       'kube-scheduler.pem',
                       'kube-scheduler-key.pem',
                       'kube-controller-manager.pem',
-                      'kube-controller-manager-key.pem',
-                      {% for node in groups['kube-master'] %}
-                      'admin-{{ node }}.pem',
-                      'admin-{{ node }}-key.pem',
-                      {% endfor %}]"
-    my_master_certs: ['ca-key.pem',
-                     'admin-{{ inventory_hostname }}.pem',
-                     'admin-{{ inventory_hostname }}-key.pem',
-                     'apiserver.pem',
-                     'apiserver-key.pem',
-                     'kube-scheduler.pem',
-                     'kube-scheduler-key.pem',
-                     'kube-controller-manager.pem',
-                     'kube-controller-manager-key.pem',
-                     ]
+                      'kube-controller-manager-key.pem']
     all_node_certs: "['ca.pem',
                     {% for node in groups['k8s-cluster'] %}
                     'node-{{ node }}.pem',
@@ -84,11 +83,10 @@
                     'kube-proxy-{{ node }}-key.pem',
                     {% endfor %}]"
     my_node_certs: ['ca.pem',
-                   'node-{{ inventory_hostname }}.pem',
-                   'node-{{ inventory_hostname }}-key.pem',
-                   'kube-proxy-{{ inventory_hostname }}.pem',
-                   'kube-proxy-{{ inventory_hostname }}-key.pem',
-                   ]
+                    'node-{{ inventory_hostname }}.pem',
+                    'node-{{ inventory_hostname }}-key.pem',
+                    'kube-proxy-{{ inventory_hostname }}.pem',
+                    'kube-proxy-{{ inventory_hostname }}-key.pem']
   tags: facts
 
 - name: Gen_certs | Gather master certs
@@ -114,10 +112,10 @@
         sync_certs|default(false) and
         inventory_hostname != groups['kube-master'][0]
 
-#NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
-#char limit when using shell command
+# NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
+# char limit when using shell command
 
-#FIXME(mattymo): Use tempfile module in ansible 2.3
+# FIXME(mattymo): Use tempfile module in ansible 2.3
 - name: Gen_certs | Prepare tempfile for unpacking certs
   shell: mktemp /tmp/certsXXXXX.tar.gz
   register: cert_tempfile
@@ -195,4 +193,3 @@
 - name: Gen_certs | update ca-certificates (RedHat)
   command: update-ca-trust extract
   when: kube_ca_cert.changed and ansible_os_family == "RedHat"
-

roles/kubernetes/secrets/tasks/gen_certs_vault.yml

@@ -33,9 +33,9 @@
 - name: gen_certs_vault | Set fact for Vault API token
   set_fact:
     kube_vault_headers:
-        Accept: application/json
-        Content-Type: application/json
-        X-Vault-Token: "{{ kube_vault_login_result.get('json',{}).get('auth', {}).get('client_token') }}"
+      Accept: application/json
+      Content-Type: application/json
+      X-Vault-Token: "{{ kube_vault_login_result.get('json',{}).get('auth', {}).get('client_token') }}"
   run_once: true
 
 # Issue certs to kube-master nodes

roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml

@@ -6,7 +6,7 @@
   with_items: "{{ groups['k8s-cluster'] }}"
 
 - include: ../../../vault/tasks/shared/sync_file.yml
-  vars: 
+  vars:
     sync_file: "{{ item }}"
     sync_file_dir: "{{ kube_cert_dir }}"
     sync_file_group: "{{ kube_cert_group }}"
@@ -26,7 +26,7 @@
     sync_file_results: []
 
 - include: ../../../vault/tasks/shared/sync_file.yml
-  vars: 
+  vars:
     sync_file: ca.pem
     sync_file_dir: "{{ kube_cert_dir }}"
     sync_file_group: "{{ kube_cert_group }}"