From 96837512ed40f65a20ba6d325714bbbbc5ddac22 Mon Sep 17 00:00:00 2001 From: Jennifer Weir Date: Sat, 10 Jan 2026 15:16:45 -0500 Subject: [PATCH 1/8] feat(linter): gh workflow --- .github/workflows/mega-linter.yml | 92 +++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 .github/workflows/mega-linter.yml diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml new file mode 100644 index 0000000..df65f5e --- /dev/null +++ b/.github/workflows/mega-linter.yml @@ -0,0 +1,92 @@ +--- +# MegaLinter GitHub Action configuration file +# More info at https://megalinter.io +name: MegaLinter + +on: + # Trigger mega-linter at every push. Action will also be visible from Pull Requests to main + push: # Comment this line to trigger action only on pull-requests (not recommended if you don't pay for GH Actions) + pull_request: + branches: [master, main] + +env: # Comment env block if you don't want to apply fixes + # Apply linter fixes configuration + APPLY_FIXES: all # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool) + APPLY_FIXES_EVENT: pull_request # Decide which event triggers application of fixes in a commit or a PR (pull_request, push, all) + APPLY_FIXES_MODE: commit # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) or posted in a PR (pull_request) + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + megalinter: + name: MegaLinter + runs-on: ubuntu-latest + permissions: + # Give the default GITHUB_TOKEN write permission to commit and push, comment issues & post new PR + # Remove the ones you do not need + contents: write + issues: write + pull-requests: write + steps: + # Git Checkout + - name: Checkout Code + uses: actions/checkout@v6 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances + + # MegaLinter + - name: MegaLinter + id: ml + # You can override MegaLinter flavor used to have faster performances + # More info at https://megalinter.io/flavors/ + # MAJOR-RELEASE-IMPACTED + uses: oxsecurity/megalinter@v9 + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} # Validates all source when push on main, else just the git diff with main. Override with true if you always want to lint all sources + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY + # DISABLE: COPYPASTE,SPELL # Uncomment to disable copy-paste and spell checks + + # Upload MegaLinter artifacts + - name: Archive production artifacts + if: success() || failure() + uses: actions/upload-artifact@v4 + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + + # Create pull request if applicable (for now works only on PR from same repository, not from forks) + - name: Create Pull Request with applied fixes + id: cpr + if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') + uses: peter-evans/create-pull-request@v7 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + commit-message: "[MegaLinter] Apply linters automatic fixes" + title: "[MegaLinter] Apply linters automatic fixes" + labels: bot + - name: Create PR output + if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') + run: | + echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" + echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" + + # Push new commit if applicable (for now works only on PR from same repository, not from forks) + - name: Prepare commit + if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') + run: sudo chown -Rc $UID .git/ + - name: Commit and push applied linter fixes + if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') + uses: stefanzweifel/git-auto-commit-action@v7 + with: + branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} + commit_message: "[MegaLinter] Apply linters fixes" + commit_user_name: megalinter-bot + commit_user_email: 129584137+megalinter-bot@users.noreply.github.com \ No newline at end of file From 1323fc99ba2b0b6cb88aa937b6007568c80593d9 Mon Sep 17 00:00:00 2001 From: Jennifer Weir Date: Thu, 19 Feb 2026 20:27:19 -0500 Subject: [PATCH 2/8] feat(linter): gh workflow --- .github/linters/.tflint.hcl | 37 ++++++++ .github/linters/.yamllint.yaml | 17 ++++ .github/workflows/linter.yml | 89 +++++++++++++++++++ .gitignore | 1 + .markdownlint.json | 5 ++ .pre-commit-config.yaml | 42 +++++---- docs/coreos-vm/config.yaml | 2 +- docs/firewalld.md | 12 +-- installation/k8s-cilium/cilium.yaml | 6 +- .../k8s-cilium/clusterConfiguration.yaml | 2 +- .../playbooks/raspberry-pis/install-k8s.yaml | 4 +- .../templates/agent-config-template.yaml | 8 +- .../templates/install-config-template.yaml | 12 +-- .../coreos-ssh-template.yaml | 2 +- .../install-config-template.yaml | 2 +- manifests/apps/pihole/base/configmap.yaml | 2 +- manifests/apps/pihole/base/namespace.yaml | 2 +- manifests/apps/pihole/base/web-service.yaml | 4 +- .../pihole/overlays/pi-cluster/ingress.yaml | 2 +- manifests/apps/podinfo/deployment.yaml | 2 +- manifests/apps/podinfo/hpa.yaml | 2 +- manifests/apps/podinfo/kustomization.yaml | 2 +- manifests/apps/podinfo/namespace.yaml | 2 +- manifests/apps/podinfo/service.yaml | 2 +- manifests/apps/webserver/ingress.yaml | 2 +- manifests/apps/webserver/pv.yaml | 2 +- .../webserver/quay-jennweir-pull-secret.yaml | 2 +- manifests/apps/webserver/service.yaml | 2 +- .../applications/argocd-operator.yaml | 2 +- .../operator/applications/cert-manager.yaml | 2 +- .../applications/cluster-configs.yaml | 2 +- .../applications/cluster-version.yaml | 2 +- .../operator/applications/console-config.yaml | 2 +- .../argocd/operator/applications/grafana.yaml | 2 +- .../applications/openshift-ingress.yaml | 2 +- .../applications/openshift-monitoring.yaml | 2 +- .../operator/applications/operatorhub.yaml | 2 +- .../operator/applications/rook-ceph.yaml | 2 +- .../argocd/operator/base/kustomization.yaml | 2 +- .../argocd/operator/base/namespace.yaml | 2 +- .../argocd/operator/base/operatorgroup.yaml | 2 +- .../operator/components/applications.yaml | 2 +- .../operator/components/serviceaccount.yaml | 2 +- .../argocd/overlays/okd/kustomization.yaml | 2 +- .../overlays/pi-cluster/kustomization.yaml | 2 +- .../cert-manager/base/deployment.yaml | 8 +- .../platform/cert-manager/base/namespace.yaml | 2 +- .../platform/cert-manager/base/rbac.yaml | 4 +- .../components/kustomization.yaml | 2 +- .../overlays/okd/clusterissuer-staging.yaml | 2 +- .../cluster-configs/authentication.yaml | 2 +- .../cluster-configs/kustomization.yaml | 2 +- .../overlays/okd/kustomization.yaml | 2 +- .../platform/console-config/console.yaml | 2 +- .../console-config/kustomization.yaml | 2 +- .../base/kustomization.yaml | 2 +- .../base/namespace.yaml | 2 +- .../components/helm/crd.yaml | 1 - .../components/helm/deployment.yaml | 6 +- .../components/helm/kustomization.yaml | 2 +- .../components/helm/rbac.yaml | 2 +- .../components/helm/service.yaml | 2 +- .../helm/validatingwebhookconfiguration.yaml | 24 ++--- .../components/non-helm/kustomization.yaml | 2 +- .../components/non-helm/pdb.yaml | 2 +- .../overlays/okd/kustomization.yaml | 2 +- .../pi-cluster/clustersecretstore.yaml | 2 +- .../overlays/pi-cluster/kustomization.yaml | 2 +- .../grafana/operator/kustomization.yaml | 6 +- .../platform/grafana/operator/namespace.yaml | 2 +- .../grafana/operator/operatorgroup.yaml | 2 +- .../overlays/okd/grafana-dashboard.yaml | 2 +- .../grafana/overlays/okd/ingress.yaml | 2 +- .../grafana/overlays/okd/kustomization.yaml | 2 +- .../overlays/pi-cluster/kustomization.yaml | 2 +- .../pi-cluster/clusterrolebinding.yaml | 2 +- .../overlays/pi-cluster/ingress.yaml | 2 +- .../overlays/pi-cluster/serviceaccount.yaml | 2 +- .../base/kustomization.yaml | 2 +- .../base/namespace.yaml | 2 +- .../base/operatorgroup.yaml | 2 +- .../components/hyperconverged.yaml | 2 +- .../components/kustomization.yaml | 2 +- .../overlays/okd/kustomization.yaml | 2 +- .../overlays/pi-cluster/httproute.yaml | 2 +- .../longhorn/overlays/pi-cluster/ingress.yaml | 2 +- .../overlays/pi-cluster/ip-addr-pool.yaml | 2 +- .../overlays/pi-cluster/kustomization.yaml | 2 +- .../overlays/pi-cluster/gateway.yaml | 2 +- .../overlays/pi-cluster/kustomization.yaml | 2 +- .../operator/default-ingress-controller.yaml | 2 +- .../operator/kustomization.yaml | 2 +- .../overlays/okd/certificate.yaml | 2 +- .../overlays/okd/kustomization.yaml | 2 +- .../openshift-ingress/overlays/okd/proxy.yaml | 2 +- .../openshift-monitoring/external-secret.yaml | 6 +- .../test-critical-alert.yaml | 2 +- manifests/platform/operatorhub/config.yaml | 2 +- .../platform/rook-ceph/base/cluster.yaml | 36 ++++---- .../base/storageclass-replicated.yaml | 18 ++-- .../rook-ceph/base/storageclass-single.yaml | 10 +-- .../rook-ceph/overlays/k8s/operator.yaml | 22 ++--- .../rook-ceph/overlays/okd/kustomization.yaml | 2 +- .../overlays/okd/operator-openshift.yaml | 20 ++--- manifests/platform/tests/iscsi-lun-check.yaml | 2 +- manifests/platform/tests/namespace.yaml | 2 +- tests/base/kustomization.yaml | 2 +- tests/base/namespace.yaml | 2 +- tests/wif-okd/kustomization.yaml | 2 +- tests/wif-okd/wif-test.yaml | 2 +- 110 files changed, 365 insertions(+), 205 deletions(-) create mode 100644 .github/linters/.tflint.hcl create mode 100644 .github/linters/.yamllint.yaml create mode 100644 .github/workflows/linter.yml create mode 100644 .markdownlint.json diff --git a/.github/linters/.tflint.hcl b/.github/linters/.tflint.hcl new file mode 100644 index 0000000..8ac5a23 --- /dev/null +++ b/.github/linters/.tflint.hcl @@ -0,0 +1,37 @@ +plugin "terraform" { + enabled = true + version = "0.5.0" + source = "github.com/terraform-linters/tflint-ruleset-terraform" +} + +rule "terraform_deprecated_index" { + enabled = true +} + +rule "terraform_deprecated_interpolation" { + enabled = true +} + +rule "terraform_unused_declarations" { + enabled = true +} + +rule "terraform_comment_syntax" { + enabled = true +} + +rule "terraform_documented_outputs" { + enabled = false +} + +rule "terraform_documented_variables" { + enabled = false +} + +rule "terraform_typed_variables" { + enabled = false +} + +rule "terraform_required_version" { + enabled = false +} diff --git a/.github/linters/.yamllint.yaml b/.github/linters/.yamllint.yaml new file mode 100644 index 0000000..37ebd6a --- /dev/null +++ b/.github/linters/.yamllint.yaml @@ -0,0 +1,17 @@ +--- +extends: default + +rules: + line-length: disable + indentation: disable + comments: + min-spaces-from-content: 1 + document-start: disable + truthy: + check-keys: false + brackets: + min-spaces-inside: 0 + max-spaces-inside: 0 + braces: + min-spaces-inside: 0 + max-spaces-inside: 1 diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml new file mode 100644 index 0000000..69ee11b --- /dev/null +++ b/.github/workflows/linter.yml @@ -0,0 +1,89 @@ +--- +name: Linting + +on: + push: + branches: [main] + pull_request: + branches: [main] + +env: + APPLY_FIXES: all + APPLY_FIXES_EVENT: pull_request + APPLY_FIXES_MODE: commit + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + linting: + name: Lint Code + runs-on: ubuntu-latest + permissions: + contents: write + issues: write + pull-requests: write + steps: + - name: Checkout Code + uses: actions/checkout@v4 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + fetch-depth: 0 + + - name: MegaLinter + id: ml + uses: oxsecurity/megalinter@v9 + env: + VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Linters enabled for this repository + ENABLE: KUBERNETES,TERRAFORM,YAML,MARKDOWN,SHELL,DOCKERFILE + # YAML linting for manifests and configs + YAML_YAMLLINT_CONFIG_FILE: .github/linters/.yamllint.yaml + # Terraform linting + TERRAFORM_TFLINT_CONFIG_FILE: .github/linters/.tflint.hcl + # Shell scripts linting + SHELL_SHELLCHECK_ARGS: --severity=warning + # Skip certain files/folders + EXCLUDED_DIRECTORIES: | + .git + .terraform + node_modules + venv + installation/okd/platform-type-none + # Disable spell check and copy-paste detection + DISABLE: COPYPASTE,SPELL,GROOVY,JAVASCRIPT,PYTHON,RUBY,GO,JAVA + + - name: Upload Linting Reports + if: success() || failure() + uses: actions/upload-artifact@v4 + with: + name: Linting Reports + path: | + megalinter-reports + mega-linter.log + + - name: Create Pull Request with Fixes + id: cpr + if: steps.ml.outputs.has_updated_sources == 1 && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) + uses: peter-evans/create-pull-request@v7 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + commit-message: "[ci] Apply linter fixes" + title: "[ci] Apply linter fixes" + labels: bot + body: "Automatic linter fixes applied" + + - name: Prepare commit + if: steps.ml.outputs.has_updated_sources == 1 && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) + run: sudo chown -Rc $UID .git/ + + - name: Commit and push linter fixes + if: steps.ml.outputs.has_updated_sources == 1 && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) + uses: stefanzweifel/git-auto-commit-action@v7 + with: + branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} + commit_message: "[ci] Apply linter fixes" + commit_user_name: linter-bot + commit_user_email: action@github.com diff --git a/.gitignore b/.gitignore index 5eea325..1654202 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ .terraform terraform.tfstate* *.hcl +!.github/linters/.tflint.hcl *.iso diff --git a/.markdownlint.json b/.markdownlint.json new file mode 100644 index 0000000..3c524e1 --- /dev/null +++ b/.markdownlint.json @@ -0,0 +1,5 @@ +{ + "default": true, + "MD013": false, + "MD041": true +} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 87fed6b..2e90f98 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,23 +1,33 @@ repos: - - repo: https://github.com/gitleaks/gitleaks - rev: 77c3c6a34b2577d71083442326c60b8fd58926ec # frozen: v8.18.4 + - repo: https://github.com/adrienverge/yamllint.git + rev: v1.35.1 hooks: - - id: gitleaks + - id: yamllint + args: [--config-file, .github/linters/.yamllint.yaml, --format, parsable] + types: [yaml] + - repo: https://github.com/shellcheck-py/shellcheck-py - rev: a23f6b85d0fdd5bb9d564e2579e678033debbdff # frozen: v0.10.0.1 + rev: v0.10.0.1 hooks: - id: shellcheck - - repo: https://github.com/pre-commit/mirrors-prettier - rev: f12edd9c7be1c20cfa42420fd0e6df71e42b51ea # frozen: v4.0.0-alpha.8 - hooks: - - id: prettier - - repo: https://github.com/compilerla/conventional-pre-commit - rev: 4efeb931d635ed3e57749de4326b752b345c8372 # frozen: v3.2.0 - hooks: - - id: conventional-pre-commit - stages: [commit-msg] - args: [] + args: [--severity=error] + types: [shell] + - repo: https://github.com/igorshubovych/markdownlint-cli - rev: f295829140d25717bc79368d3f966fc1f67a824f # frozen: v0.41.0 + rev: v0.41.0 + hooks: + - id: markdownlint + args: [--fix] + types: [markdown] + + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.6.0 hooks: - - id: markdownlint \ No newline at end of file + - id: trailing-whitespace + types: [yaml, markdown, shell] + - id: end-of-file-fixer + types: [yaml, markdown, shell] + - id: check-yaml + args: [--unsafe] + - id: check-merge-conflict + - id: detect-private-key diff --git a/docs/coreos-vm/config.yaml b/docs/coreos-vm/config.yaml index fda1398..79d0c61 100644 --- a/docs/coreos-vm/config.yaml +++ b/docs/coreos-vm/config.yaml @@ -36,4 +36,4 @@ storage: - path: /etc/hostname mode: 0644 contents: - inline: coreos-vm \ No newline at end of file + inline: coreos-vm diff --git a/docs/firewalld.md b/docs/firewalld.md index 18ff766..b227d4a 100644 --- a/docs/firewalld.md +++ b/docs/firewalld.md @@ -1,3 +1,5 @@ +# Firewalld + sudo firewall-cmd --permanent --add-service=dhcp sudo firewall-cmd --permanent --add-port=69/udp @@ -8,13 +10,13 @@ FedoraServer (default, active) egress-priority: 0 icmp-block-inversion: no interfaces: br0 eno1 - sources: + sources: services: cockpit dhcp dhcpv6-client ssh ports: 22623/tcp 6443/tcp 80/tcp 443/tcp 69/udp protocols: vrrp forward: yes masquerade: no - forward-ports: - source-ports: - icmp-blocks: - rich rules: \ No newline at end of file + forward-ports: + source-ports: + icmp-blocks: + rich rules: diff --git a/installation/k8s-cilium/cilium.yaml b/installation/k8s-cilium/cilium.yaml index 4a25b62..ed24dfb 100644 --- a/installation/k8s-cilium/cilium.yaml +++ b/installation/k8s-cilium/cilium.yaml @@ -38,7 +38,7 @@ metadata: namespace: kube-system type: kubernetes.io/tls data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lRSkFqcTBOeG1HalNXekxvSlpDZVdsREFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalF3T1RJMU1UVXlPREUwV2hjTk1qY3dPVEkxTVRVeQpPREUwV2pBVU1SSXdFQVlEVlFRREV3bERhV3hwZFcwZ1EwRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRRENGUHFXTElwNENKOFV4VTFKaDVXQXVNenVwYU5LSmROaFdHUkh4d1hmYWZLMzRpangKbnhnRTlBRzBJdUpCOU0rM0JUcW9KZmdlOXRnVTBnRVV3ZXlDL1BndmZWbHBRT1JNa1gzU0JVRUVrRUtYYnhsUgpQblJOMzcxMHVSWjMxN20vZXlpazFPT1k4RVVNOEcrWHJCNWVvdUV3OUdXcUV2azhqLzdSQmh0d2hRZFNHV3AwCnlZYWExOGlpQkpIYng4cWQ2TzQvQ3VWNmRKeGl3RENOWVFFUmc3ZEhGUXI5Y1NFM0R0MjNZWGhPaDFOVEJWUWkKU282SktZWXZMU3JDVFl2eTZIWmVaVE9QOWlCRzcza3kvQ3NZeUY1VlFjVGs1Y3BsZGw1VjVFUU4xQzdQZWZMVgpIVTVsaSt4VXNrbVdqQ2o5enY5RFJpakFPWW1wS1pUVTczRk5BZ01CQUFHallUQmZNQTRHQTFVZER3RUIvd1FFCkF3SUNwREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QWRCZ05WSFE0RUZnUVUzenpIaE5HWHNsN1I1d3Q4djBnV082MEpnaDR3RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFEU1FMeXpWRmdycVgzQ2t5ZnRxT2VHQ0w3eXRxdkxpakNSVTFNdDVJSGQ0dTJFV2tBd01pVEYzCmQ0Y2l6SjEzWStVZ3J3ZG9CVWtDSGk3UExxRitmKy9SRmROWVVkYnhsNTdFZEs2Yk9ZcTJrVURwM25reGRjbGsKQ01DdXFVRzNBNEMzTVVYN1ZmSzJrZ3lBcTU2Y2ZpdisxYlMvSkVxajd1L0pMTDlIclBNVS8zaWZPQVlZbVI5NgpXS2ViaitEQjJqamhRWHErN211TDY1TGJvYUZaTk1oYW93Tm43ZDZ4WEhTTFJCSE9JYXQzSHcwM014WHB1RUxSCmJjNHVHeUNvU1dCVk5VNXI4d0lIZndQa2lQdkVxUVVXMDd4eTc1TnhQbGx4MHZHYmdJNXlxQU53U0E3dHNoWkQKeXRHRjdFMUt0Vm5pVXA5TEdhMWpyQWJhQzZobkQ1bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lRSkFqcTBOeG1HalNXekxvSlpDZVdsREFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalF3T1RJMU1UVXlPREUwV2hjTk1qY3dPVEkxTVRVeQpPREUwV2pBVU1SSXdFQVlEVlFRREV3bERhV3hwZFcwZ1EwRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRRENGUHFXTElwNENKOFV4VTFKaDVXQXVNenVwYU5LSmROaFdHUkh4d1hmYWZLMzRpangKbnhnRTlBRzBJdUpCOU0rM0JUcW9KZmdlOXRnVTBnRVV3ZXlDL1BndmZWbHBRT1JNa1gzU0JVRUVrRUtYYnhsUgpQblJOMzcxMHVSWjMxN20vZXlpazFPT1k4RVVNOEcrWHJCNWVvdUV3OUdXcUV2azhqLzdSQmh0d2hRZFNHV3AwCnlZYWExOGlpQkpIYng4cWQ2TzQvQ3VWNmRKeGl3RENOWVFFUmc3ZEhGUXI5Y1NFM0R0MjNZWGhPaDFOVEJWUWkKU282SktZWXZMU3JDVFl2eTZIWmVaVE9QOWlCRzcza3kvQ3NZeUY1VlFjVGs1Y3BsZGw1VjVFUU4xQzdQZWZMVgpIVTVsaSt4VXNrbVdqQ2o5enY5RFJpakFPWW1wS1pUVTczRk5BZ01CQUFHallUQmZNQTRHQTFVZER3RUIvd1FFCkF3SUNwREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QWRCZ05WSFE0RUZnUVUzenpIaE5HWHNsN1I1d3Q4djBnV082MEpnaDR3RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFEU1FMeXpWRmdycVgzQ2t5ZnRxT2VHQ0w3eXRxdkxpakNSVTFNdDVJSGQ0dTJFV2tBd01pVEYzCmQ0Y2l6SjEzWStVZ3J3ZG9CVWtDSGk3UExxRitmKy9SRmROWVVkYnhsNTdFZEs2Yk9ZcTJrVURwM25reGRjbGsKQ01DdXFVRzNBNEMzTVVYN1ZmSzJrZ3lBcTU2Y2ZpdisxYlMvSkVxajd1L0pMTDlIclBNVS8zaWZPQVlZbVI5NgpXS2ViaitEQjJqamhRWHErN211TDY1TGJvYUZaTk1oYW93Tm43ZDZ4WEhTTFJCSE9JYXQzSHcwM014WHB1RUxSCmJjNHVHeUNvU1dCVk5VNXI4d0lIZndQa2lQdkVxUVVXMDd4eTc1TnhQbGx4MHZHYmdJNXlxQU53U0E3dHNoWkQKeXRHRjdFMUt0Vm5pVXA5TEdhMWpyQWJhQzZobkQ1bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWekNDQWorZ0F3SUJBZ0lSQUp6ZUtMSkdOUGFUR2lnNzRoajZKcGt3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEkwTURreU5URTFNamd4TlZvWERUSTNNRGt5TlRFMQpNamd4TlZvd0tqRW9NQ1lHQTFVRUF3d2ZLaTVrWldaaGRXeDBMbWgxWW1Kc1pTMW5jbkJqTG1OcGJHbDFiUzVwCmJ6Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU1zb3RBaTl3RlBsTHNNL0lqenQKczViQVFROG9FLy84ZVRTTDNsQlB6d09VTGRDdDZCZmpVUC8vL0ZpWldMdlE5OEZQYmhKaURqUDloVHpUa0pDbgo3MWZHQi80VTkxcm95d0FBT0FEL2RkTEgzdmJCRXdCN1I5R2M2b2JsSU5pRGhnQ2d5R1hBd24vcjNFb3J2aVBECitwWEFEaW1TVXQyb2orM2RvWmxWSmpocjJsWHZXenpEWFJ3S21oVHBRWHpncnF6QzZyV2h1clNncWR6WTVvelgKRXJPWmdRSWFCREp3RmtoSXp0T2lrWkkyNGFHRG9ETmtyZVlyc0dUOGEwQnRvOG9xODNxbjNWQVRaSjk4b3daVgpFeW0xa0lndklCbDdsVjhOQldZOUVVOXcxbzdXajl5SzhHc3lBUm5sSXZmSk5EZFVQVGZSNjZZSXNSNm8rSTEyCkQwMENBd0VBQWFPQmpUQ0JpakFPQmdOVkhROEJBZjhFQkFNQ0JhQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUgKQXdFR0NDc0dBUVVGQndNQ01Bd0dBMVVkRXdFQi93UUNNQUF3SHdZRFZSMGpCQmd3Rm9BVTN6ekhoTkdYc2w3Ugo1d3Q4djBnV082MEpnaDR3S2dZRFZSMFJCQ013SVlJZktpNWtaV1poZFd4MExtaDFZbUpzWlMxbmNuQmpMbU5wCmJHbDFiUzVwYnpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQXdCVURsTHJtRmN4UnVJOHdPNmw1N0pnYk1aRDAKTEpOSzdWQzJEaFpYQmVQbmM2VEFQeXdUWDlBeG9yR1ZoV3Nxb055ZUZWVnZvNFhGc0NRVjdmRjgxdnE3eFRDagova2d4UXdRclRrZjVWSkR2ZEZmWTJCaFpjYmNrZzJraTJVYUtxMWp2eGtOaHN1TnQzeWJBdUFsSE54RDJoTm15CllnaG1HQm0vK3VSekE1QngvZ0IxbUNDNWFOclk3YjhManJIemEyK1Z5QXdsL2dYTE9aVk5IWU1jOXNybEY2SEsKS0JUbWpkOFFNd09uMWtCd2E0VHpLY01kKzQ0MmIwWXlGQWthRTdzUG5ITHhERGJ0UlRKMHdDZFM3MGZMY2g0agpTMUVkTDY0OVF0d3h3K1ExTlU3ZitIeWN3U016b3RrN3FsVEhSMnNuQmt1VjBaVjgwRkpibmkvMk53PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBeXlpMENMM0FVK1V1d3o4aVBPMnpsc0JCRHlnVC8veDVOSXZlVUUvUEE1UXQwSzNvCkYrTlEvLy84V0psWXU5RDN3VTl1RW1JT00vMkZQTk9Ra0tmdlY4WUgvaFQzV3VqTEFBQTRBUDkxMHNmZTlzRVQKQUh0SDBaenFodVVnMklPR0FLRElaY0RDZit2Y1NpdStJOFA2bGNBT0taSlMzYWlQN2QyaG1WVW1PR3ZhVmU5YgpQTU5kSEFxYUZPbEJmT0N1ck1McXRhRzZ0S0NwM05qbWpOY1NzNW1CQWhvRU1uQVdTRWpPMDZLUmtqYmhvWU9nCk0yU3Q1aXV3WlB4clFHMmp5aXJ6ZXFmZFVCTmtuM3lqQmxVVEtiV1FpQzhnR1h1Vlh3MEZaajBSVDNEV2p0YVAKM0lyd2F6SUJHZVVpOThrME4xUTlOOUhycGdpeEhxajRqWFlQVFFJREFRQUJBb0lCQUdYVjBtRHJWTVA1QnJiQwpKOVJveG5QVGpRa2U2dCtQVytZMkVrc3BwamhDQjdFcDYwUkdJdTBnRVFzTVd3bFNWMDZrRlNYTDF4akNoUTRYCmNzakFGVjVuR3N5SEQvS1c3R0xrdVMzdTM4MjNlSkV4K09kdDVITXk5L0NFWERHTHhCaitmMVZhQ1dUOEFxRi8KU2NFOTFKZEovUTlqbEh3ZHFYL3ZiN2lma1JnSU95akdsUFgra0JLNlRLZ2xxaG9EL2dmekM5Mlp2TFJSNW1FUApoVC9XVDVFOGIrcjhQem5JWHUzTVhJSGdHVkM2YmV3Ui9PQ3h6NlVnWmYvSEtkZGRRczBIR210d01nd2swNjRLCkUveVpyclRReTgwdnhjc0FNanMreGtwNnpTNyt2NHhhRVVUVGRVQWhPYXN2UEtta3NiQ1lqOVpMdS9Na3hxSFoKOGFQSUpXRUNnWUVBMkhBWjJzeUVLckVmeWRDeEhpV3NXUGFIcTkrc1V1eGwyL3JEODRRdWlwbWdVd1JnMHg5TwpkN240SjBZenNKcWpoaWdjL3FkR0FTdkZXQlh3TENkUGVpYk5xSjEyUDg0cG1SbHVKbE9vMzU1SlJBeWZlT2NNCmVlYW9na21CR0Vvbkw0c256VitZS0hUMjFWUkM1OUE2ZmRkcFlEdkN3QXBOZzlSYSt3TFIxZ2tDZ1lFQThFczgKUkZRU2ExRndsc0NlMUVFZ2RvRVZqYVdQbFRLcWxBR3dwM0wwZkFxekV5UkoydGo4SVhFYkE3a3hTb1Y1MnJYbApsVlN0UDVsSnVwenpaL2VQdDZ5dmNMT1RYeVdyM0FtZHFjNFJHWUZQMmJJSEw3cGEvZ3lXWjdBQ1Noa2U3YUd4CkViL0VBQ1NnSXJTeFo1NzJrbHl3Yy81c2Zwb292ckRFWmNlWklDVUNnWUJRUlhNeFZMeUg0TjA3U2kwR1UwNlMKU0F5VlVBVm5VOG1MUm51Nkt3SGY0WTQyZTk4MUxkMDZSanlreEVLVGN5YkdzTVhnSkVXd1ZYMkJaOUdGYnFicApWTTdkaEZqQTNVTk1Sc1ExYnIycEFkbUdaWEFYdFFsSmhLUm1mY0JsTTh0SXRNRjBSOG4wNXp4TWJrM0tEODVCCnNjeWhKa2phVkhmZk5yanZjMkpEa1FLQmdRRGtUQWFwUUZyem5UOWo2d083MDFoOVhtelUwOXhUdXZ4M2ZCZVQKTDlONldrd0N2ckp3ZTBFb29LWXk1bXNmU3lzWGtVUGJtY1MwTFBYd2w1ZG1TcjAvbTVCZmVpMWs4NHlSbEkwMwp2REZnMHd2RFg3SVdOVzZuK2R1WURaQlBTQWlyYXJpcGpWRXhkWnF5L291aVVGUWhnSENnODdPdW9OWmZQZUNLCmRwVlVCUUtCZ0doTklVYlVOeWIycVlLajI5dGpjUDRQVjNIakVNaG5EcXAxRWk2K1g1SU9yWUhQS21kc29ZZ2kKM3B5RWErenVFSzFPQlAvemxQcmZud05yT3hHa0I2bkRwdit3RU5nbXA1VE5Qb1hKWHBjN2RRNTFKNnZQN1dRKwo0S2xBR0ptZ1JtNkM2elBkNnpyOUt5cTJYZ3RjSFdBYWMzQ0hGbVp1UXdjWTY4SFJvRUlKCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== --- @@ -220,7 +220,7 @@ data: hubble-tls-client-ca-files: /var/lib/cilium/tls/hubble/client-ca.crt ipam: "cluster-pool" ipam-cilium-node-update-rate: "15s" - cluster-pool-ipv4-cidr: "10.200.0.0/16" + cluster-pool-ipv4-cidr: "10.200.0.0/16" cluster-pool-ipv4-mask-size: "24" egress-gateway-reconciliation-trigger-interval: "1s" enable-vtep: "false" @@ -1433,7 +1433,7 @@ spec: # To install cilium cni plugin in the host - name: cni-path hostPath: - path: /opt/cni/bin + path: /opt/cni/bin type: DirectoryOrCreate # To install cilium cni configuration in the host - name: etc-cni-netd diff --git a/installation/k8s-cilium/clusterConfiguration.yaml b/installation/k8s-cilium/clusterConfiguration.yaml index e26b30a..b2c85f9 100644 --- a/installation/k8s-cilium/clusterConfiguration.yaml +++ b/installation/k8s-cilium/clusterConfiguration.yaml @@ -3,4 +3,4 @@ kind: ClusterConfiguration kubernetesVersion: 1.33.1 controlPlaneEndpoint: "k8scp:6443" networking: - podSubnet: 10.200.0.0/16 \ No newline at end of file + podSubnet: 10.200.0.0/16 diff --git a/installation/k8s/ansible/playbooks/raspberry-pis/install-k8s.yaml b/installation/k8s/ansible/playbooks/raspberry-pis/install-k8s.yaml index 49d2354..b40f342 100644 --- a/installation/k8s/ansible/playbooks/raspberry-pis/install-k8s.yaml +++ b/installation/k8s/ansible/playbooks/raspberry-pis/install-k8s.yaml @@ -193,12 +193,12 @@ - kubeadm=1.34.2-* - kubectl=1.34.2-* state: present - + - name: Hold kubelet ansible.builtin.dpkg_selections: name: kubelet selection: hold - + - name: Hold kubeadm ansible.builtin.dpkg_selections: name: kubeadm diff --git a/installation/okd/platform-type-baremetal/templates/agent-config-template.yaml b/installation/okd/platform-type-baremetal/templates/agent-config-template.yaml index a0fe760..4db4f6c 100644 --- a/installation/okd/platform-type-baremetal/templates/agent-config-template.yaml +++ b/installation/okd/platform-type-baremetal/templates/agent-config-template.yaml @@ -19,7 +19,7 @@ hosts: enabled: true address: - ip: 192.168.0.11 - prefix-length: 23 + prefix-length: 23 dhcp: false dns-resolver: config: @@ -46,7 +46,7 @@ hosts: enabled: true address: - ip: 192.168.0.12 - prefix-length: 23 + prefix-length: 23 dhcp: false dns-resolver: config: @@ -73,7 +73,7 @@ hosts: enabled: true address: - ip: 192.168.0.13 - prefix-length: 23 + prefix-length: 23 dhcp: false dns-resolver: config: @@ -84,4 +84,4 @@ hosts: - destination: 0.0.0.0/0 next-hop-address: 192.168.0.1 next-hop-interface: eno1 - table-id: 254 \ No newline at end of file + table-id: 254 diff --git a/installation/okd/platform-type-baremetal/templates/install-config-template.yaml b/installation/okd/platform-type-baremetal/templates/install-config-template.yaml index 1ada84e..e3222a3 100644 --- a/installation/okd/platform-type-baremetal/templates/install-config-template.yaml +++ b/installation/okd/platform-type-baremetal/templates/install-config-template.yaml @@ -1,9 +1,9 @@ apiVersion: v1 baseDomain: jenniferpweir.com -compute: +compute: - name: worker - replicas: 0 -controlPlane: + replicas: 0 +controlPlane: name: master replicas: 3 metadata: @@ -14,8 +14,8 @@ networking: hostPrefix: 23 machineNetwork: - cidr: 192.168.0.0/24 - networkType: OVNKubernetes - serviceNetwork: + networkType: OVNKubernetes + serviceNetwork: - 172.30.0.0/16 platform: baremetal: @@ -24,4 +24,4 @@ platform: ingressVIPs: - 192.168.0.221 pullSecret: '' -sshKey: \ No newline at end of file +sshKey: diff --git a/installation/okd/platform-type-none/coreos-ssh-template.yaml b/installation/okd/platform-type-none/coreos-ssh-template.yaml index f43f293..73a847f 100644 --- a/installation/okd/platform-type-none/coreos-ssh-template.yaml +++ b/installation/okd/platform-type-none/coreos-ssh-template.yaml @@ -4,4 +4,4 @@ passwd: users: - name: core ssh_authorized_keys: - - '' \ No newline at end of file + - '' diff --git a/installation/okd/platform-type-none/install-config-template.yaml b/installation/okd/platform-type-none/install-config-template.yaml index 32691e4..63a635f 100644 --- a/installation/okd/platform-type-none/install-config-template.yaml +++ b/installation/okd/platform-type-none/install-config-template.yaml @@ -20,4 +20,4 @@ networking: platform: none: {} pullSecret: '{"auths":{"":{"auth":""}}}' -sshKey: '' \ No newline at end of file +sshKey: '' diff --git a/manifests/apps/pihole/base/configmap.yaml b/manifests/apps/pihole/base/configmap.yaml index bd61ed6..8663559 100644 --- a/manifests/apps/pihole/base/configmap.yaml +++ b/manifests/apps/pihole/base/configmap.yaml @@ -10,4 +10,4 @@ data: [dns] listenAddress = "0.0.0.0" listeningMode = "all" - localService = false \ No newline at end of file + localService = false diff --git a/manifests/apps/pihole/base/namespace.yaml b/manifests/apps/pihole/base/namespace.yaml index 534c25f..9693809 100644 --- a/manifests/apps/pihole/base/namespace.yaml +++ b/manifests/apps/pihole/base/namespace.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: pihole \ No newline at end of file + name: pihole diff --git a/manifests/apps/pihole/base/web-service.yaml b/manifests/apps/pihole/base/web-service.yaml index a2dbb5b..4329f96 100644 --- a/manifests/apps/pihole/base/web-service.yaml +++ b/manifests/apps/pihole/base/web-service.yaml @@ -1,5 +1,5 @@ -kind: Service -apiVersion: v1 +kind: Service +apiVersion: v1 metadata: name: pihole-web-svc namespace: pihole diff --git a/manifests/apps/pihole/overlays/pi-cluster/ingress.yaml b/manifests/apps/pihole/overlays/pi-cluster/ingress.yaml index d5b6c47..413ef75 100644 --- a/manifests/apps/pihole/overlays/pi-cluster/ingress.yaml +++ b/manifests/apps/pihole/overlays/pi-cluster/ingress.yaml @@ -4,7 +4,7 @@ metadata: name: pihole-ingress namespace: pihole annotations: - cert-manager.io/cluster-issuer: "letsencrypt-prod" + cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/backend-protocol: "HTTP" nginx.ingress.kubernetes.io/ssl-redirect: "false" spec: diff --git a/manifests/apps/podinfo/deployment.yaml b/manifests/apps/podinfo/deployment.yaml index 73f34d3..6f80ce1 100644 --- a/manifests/apps/podinfo/deployment.yaml +++ b/manifests/apps/podinfo/deployment.yaml @@ -78,4 +78,4 @@ spec: mountPath: /data volumes: - name: data - emptyDir: {} \ No newline at end of file + emptyDir: {} diff --git a/manifests/apps/podinfo/hpa.yaml b/manifests/apps/podinfo/hpa.yaml index b57c581..a5ae3ba 100644 --- a/manifests/apps/podinfo/hpa.yaml +++ b/manifests/apps/podinfo/hpa.yaml @@ -18,4 +18,4 @@ spec: type: Utilization # scale up if usage is above # 99% of the requested CPU (100m) - averageUtilization: 99 \ No newline at end of file + averageUtilization: 99 diff --git a/manifests/apps/podinfo/kustomization.yaml b/manifests/apps/podinfo/kustomization.yaml index 50fe1c1..b07cd32 100644 --- a/manifests/apps/podinfo/kustomization.yaml +++ b/manifests/apps/podinfo/kustomization.yaml @@ -7,4 +7,4 @@ resources: - deployment.yaml - hpa.yaml - namespace.yaml - - service.yaml \ No newline at end of file + - service.yaml diff --git a/manifests/apps/podinfo/namespace.yaml b/manifests/apps/podinfo/namespace.yaml index acc2e5c..5128776 100644 --- a/manifests/apps/podinfo/namespace.yaml +++ b/manifests/apps/podinfo/namespace.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: podinfo \ No newline at end of file + name: podinfo diff --git a/manifests/apps/podinfo/service.yaml b/manifests/apps/podinfo/service.yaml index 231b98a..93e55f0 100644 --- a/manifests/apps/podinfo/service.yaml +++ b/manifests/apps/podinfo/service.yaml @@ -15,4 +15,4 @@ spec: - port: 9999 targetPort: grpc protocol: TCP - name: grpc \ No newline at end of file + name: grpc diff --git a/manifests/apps/webserver/ingress.yaml b/manifests/apps/webserver/ingress.yaml index 3c57c76..c862a85 100644 --- a/manifests/apps/webserver/ingress.yaml +++ b/manifests/apps/webserver/ingress.yaml @@ -15,4 +15,4 @@ spec: service: name: webserver-service port: - number: 80 \ No newline at end of file + number: 80 diff --git a/manifests/apps/webserver/pv.yaml b/manifests/apps/webserver/pv.yaml index 019cf5e..c07ce5b 100644 --- a/manifests/apps/webserver/pv.yaml +++ b/manifests/apps/webserver/pv.yaml @@ -10,4 +10,4 @@ spec: - ReadWriteMany persistentVolumeReclaimPolicy: Retain hostPath: - path: "/mnt/data/webserver-files" \ No newline at end of file + path: "/mnt/data/webserver-files" diff --git a/manifests/apps/webserver/quay-jennweir-pull-secret.yaml b/manifests/apps/webserver/quay-jennweir-pull-secret.yaml index 431993c..164776c 100644 --- a/manifests/apps/webserver/quay-jennweir-pull-secret.yaml +++ b/manifests/apps/webserver/quay-jennweir-pull-secret.yaml @@ -5,4 +5,4 @@ metadata: namespace: webserver data: .dockerconfigjson: -type: kubernetes.io/dockerconfigjson \ No newline at end of file +type: kubernetes.io/dockerconfigjson diff --git a/manifests/apps/webserver/service.yaml b/manifests/apps/webserver/service.yaml index a8e83cd..06fff3a 100644 --- a/manifests/apps/webserver/service.yaml +++ b/manifests/apps/webserver/service.yaml @@ -9,4 +9,4 @@ spec: app: webserver ports: - port: 80 - targetPort: 80 \ No newline at end of file + targetPort: 80 diff --git a/manifests/platform/argocd/operator/applications/argocd-operator.yaml b/manifests/platform/argocd/operator/applications/argocd-operator.yaml index a6ece11..f8f5fa1 100644 --- a/manifests/platform/argocd/operator/applications/argocd-operator.yaml +++ b/manifests/platform/argocd/operator/applications/argocd-operator.yaml @@ -21,4 +21,4 @@ spec: backoff: duration: 5s maxDuration: 5m - factor: 2 \ No newline at end of file + factor: 2 diff --git a/manifests/platform/argocd/operator/applications/cert-manager.yaml b/manifests/platform/argocd/operator/applications/cert-manager.yaml index 34d7696..8de9854 100644 --- a/manifests/platform/argocd/operator/applications/cert-manager.yaml +++ b/manifests/platform/argocd/operator/applications/cert-manager.yaml @@ -18,4 +18,4 @@ spec: backoff: duration: 5s maxDuration: 5m - factor: 2 \ No newline at end of file + factor: 2 diff --git a/manifests/platform/argocd/operator/applications/cluster-configs.yaml b/manifests/platform/argocd/operator/applications/cluster-configs.yaml index 9bc7827..434765a 100644 --- a/manifests/platform/argocd/operator/applications/cluster-configs.yaml +++ b/manifests/platform/argocd/operator/applications/cluster-configs.yaml @@ -17,4 +17,4 @@ spec: backoff: duration: 5s maxDuration: 5m - factor: 2 \ No newline at end of file + factor: 2 diff --git a/manifests/platform/argocd/operator/applications/cluster-version.yaml b/manifests/platform/argocd/operator/applications/cluster-version.yaml index a2064ad..00d42d5 100644 --- a/manifests/platform/argocd/operator/applications/cluster-version.yaml +++ b/manifests/platform/argocd/operator/applications/cluster-version.yaml @@ -18,4 +18,4 @@ spec: backoff: duration: 5s maxDuration: 5m - factor: 2 \ No newline at end of file + factor: 2 diff --git a/manifests/platform/argocd/operator/applications/console-config.yaml b/manifests/platform/argocd/operator/applications/console-config.yaml index 1438938..e5ab737 100644 --- a/manifests/platform/argocd/operator/applications/console-config.yaml +++ b/manifests/platform/argocd/operator/applications/console-config.yaml @@ -18,4 +18,4 @@ spec: backoff: duration: 5s maxDuration: 5m - factor: 2 \ No newline at end of file + factor: 2 diff --git a/manifests/platform/argocd/operator/applications/grafana.yaml b/manifests/platform/argocd/operator/applications/grafana.yaml index 9ef5d1f..a878507 100644 --- a/manifests/platform/argocd/operator/applications/grafana.yaml +++ b/manifests/platform/argocd/operator/applications/grafana.yaml @@ -18,4 +18,4 @@ spec: backoff: duration: 5s maxDuration: 5m - factor: 2 \ No newline at end of file + factor: 2 diff --git a/manifests/platform/argocd/operator/applications/openshift-ingress.yaml b/manifests/platform/argocd/operator/applications/openshift-ingress.yaml index ddfee41..a348f66 100644 --- a/manifests/platform/argocd/operator/applications/openshift-ingress.yaml +++ b/manifests/platform/argocd/operator/applications/openshift-ingress.yaml @@ -18,4 +18,4 @@ spec: backoff: duration: 5s maxDuration: 5m - factor: 2 \ No newline at end of file + factor: 2 diff --git a/manifests/platform/argocd/operator/applications/openshift-monitoring.yaml b/manifests/platform/argocd/operator/applications/openshift-monitoring.yaml index 57e21ff..372caa4 100644 --- a/manifests/platform/argocd/operator/applications/openshift-monitoring.yaml +++ b/manifests/platform/argocd/operator/applications/openshift-monitoring.yaml @@ -18,4 +18,4 @@ spec: backoff: duration: 5s maxDuration: 5m - factor: 2 \ No newline at end of file + factor: 2 diff --git a/manifests/platform/argocd/operator/applications/operatorhub.yaml b/manifests/platform/argocd/operator/applications/operatorhub.yaml index 066dc1a..a9ed9f9 100644 --- a/manifests/platform/argocd/operator/applications/operatorhub.yaml +++ b/manifests/platform/argocd/operator/applications/operatorhub.yaml @@ -18,4 +18,4 @@ spec: backoff: duration: 5s maxDuration: 5m - factor: 2 \ No newline at end of file + factor: 2 diff --git a/manifests/platform/argocd/operator/applications/rook-ceph.yaml b/manifests/platform/argocd/operator/applications/rook-ceph.yaml index 7de607c..776acbd 100644 --- a/manifests/platform/argocd/operator/applications/rook-ceph.yaml +++ b/manifests/platform/argocd/operator/applications/rook-ceph.yaml @@ -18,4 +18,4 @@ spec: backoff: duration: 5s maxDuration: 5m - factor: 2 \ No newline at end of file + factor: 2 diff --git a/manifests/platform/argocd/operator/base/kustomization.yaml b/manifests/platform/argocd/operator/base/kustomization.yaml index aac01f4..c041cea 100644 --- a/manifests/platform/argocd/operator/base/kustomization.yaml +++ b/manifests/platform/argocd/operator/base/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace.yaml - - operatorgroup.yaml \ No newline at end of file + - operatorgroup.yaml diff --git a/manifests/platform/argocd/operator/base/namespace.yaml b/manifests/platform/argocd/operator/base/namespace.yaml index 9f70cee..e9be815 100644 --- a/manifests/platform/argocd/operator/base/namespace.yaml +++ b/manifests/platform/argocd/operator/base/namespace.yaml @@ -6,4 +6,4 @@ metadata: apiVersion: v1 kind: Namespace metadata: - name: argocd \ No newline at end of file + name: argocd diff --git a/manifests/platform/argocd/operator/base/operatorgroup.yaml b/manifests/platform/argocd/operator/base/operatorgroup.yaml index e6d7fdf..0dc54d4 100644 --- a/manifests/platform/argocd/operator/base/operatorgroup.yaml +++ b/manifests/platform/argocd/operator/base/operatorgroup.yaml @@ -2,4 +2,4 @@ apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: argocd-operator-group - namespace: argocd-operator \ No newline at end of file + namespace: argocd-operator diff --git a/manifests/platform/argocd/operator/components/applications.yaml b/manifests/platform/argocd/operator/components/applications.yaml index 3d6eb31..1e43ffe 100644 --- a/manifests/platform/argocd/operator/components/applications.yaml +++ b/manifests/platform/argocd/operator/components/applications.yaml @@ -21,4 +21,4 @@ spec: backoff: duration: 5s maxDuration: 5m - factor: 2 \ No newline at end of file + factor: 2 diff --git a/manifests/platform/argocd/operator/components/serviceaccount.yaml b/manifests/platform/argocd/operator/components/serviceaccount.yaml index d1a59c8..0b972df 100644 --- a/manifests/platform/argocd/operator/components/serviceaccount.yaml +++ b/manifests/platform/argocd/operator/components/serviceaccount.yaml @@ -8,4 +8,4 @@ metadata: name: argocd-argocd-repo-server namespace: argocd imagePullSecrets: - - name: jennweir-homelab-pull-secret \ No newline at end of file + - name: jennweir-homelab-pull-secret diff --git a/manifests/platform/argocd/overlays/okd/kustomization.yaml b/manifests/platform/argocd/overlays/okd/kustomization.yaml index 7c2578b..546f201 100644 --- a/manifests/platform/argocd/overlays/okd/kustomization.yaml +++ b/manifests/platform/argocd/overlays/okd/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../../operator/base - - ../../operator/components \ No newline at end of file + - ../../operator/components diff --git a/manifests/platform/argocd/overlays/pi-cluster/kustomization.yaml b/manifests/platform/argocd/overlays/pi-cluster/kustomization.yaml index a227ac4..2333422 100644 --- a/manifests/platform/argocd/overlays/pi-cluster/kustomization.yaml +++ b/manifests/platform/argocd/overlays/pi-cluster/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../base \ No newline at end of file + - ../../base diff --git a/manifests/platform/cert-manager/base/deployment.yaml b/manifests/platform/cert-manager/base/deployment.yaml index d3acf7a..759ffb8 100644 --- a/manifests/platform/cert-manager/base/deployment.yaml +++ b/manifests/platform/cert-manager/base/deployment.yaml @@ -62,7 +62,7 @@ spec: requests: cpu: 10m memory: 100Mi - limits: + limits: cpu: 30m memory: 200Mi nodeSelector: @@ -151,7 +151,7 @@ spec: requests: cpu: 10m memory: 20Mi - limits: + limits: cpu: 30m memory: 40Mi nodeSelector: @@ -207,7 +207,7 @@ spec: - --dynamic-serving-dns-names=cert-manager-webhook - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE) - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc - + ports: - name: https protocol: TCP @@ -253,7 +253,7 @@ spec: requests: cpu: 10m memory: 20Mi - limits: + limits: cpu: 30m memory: 40Mi nodeSelector: diff --git a/manifests/platform/cert-manager/base/namespace.yaml b/manifests/platform/cert-manager/base/namespace.yaml index 661039b..c90416f 100644 --- a/manifests/platform/cert-manager/base/namespace.yaml +++ b/manifests/platform/cert-manager/base/namespace.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: cert-manager \ No newline at end of file + name: cert-manager diff --git a/manifests/platform/cert-manager/base/rbac.yaml b/manifests/platform/cert-manager/base/rbac.yaml index 962b7b6..cb74ad0 100644 --- a/manifests/platform/cert-manager/base/rbac.yaml +++ b/manifests/platform/cert-manager/base/rbac.yaml @@ -163,8 +163,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: [ "gateway.networking.k8s.io" ] - resources: [ "httproutes" ] + - apiGroups: ["gateway.networking.k8s.io"] + resources: ["httproutes"] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. diff --git a/manifests/platform/cert-manager/components/kustomization.yaml b/manifests/platform/cert-manager/components/kustomization.yaml index 853df1d..8e11a11 100644 --- a/manifests/platform/cert-manager/components/kustomization.yaml +++ b/manifests/platform/cert-manager/components/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: cert-manager resources: - - clusterissuer-prod.yaml \ No newline at end of file + - clusterissuer-prod.yaml diff --git a/manifests/platform/cert-manager/overlays/okd/clusterissuer-staging.yaml b/manifests/platform/cert-manager/overlays/okd/clusterissuer-staging.yaml index 6d8fc2c..f1df770 100644 --- a/manifests/platform/cert-manager/overlays/okd/clusterissuer-staging.yaml +++ b/manifests/platform/cert-manager/overlays/okd/clusterissuer-staging.yaml @@ -21,4 +21,4 @@ spec: cloudflare: apiTokenSecretRef: name: cloudflare-api-token-secret - key: api-token \ No newline at end of file + key: api-token diff --git a/manifests/platform/cluster-configs/authentication.yaml b/manifests/platform/cluster-configs/authentication.yaml index bd1ecf1..d2a5b12 100644 --- a/manifests/platform/cluster-configs/authentication.yaml +++ b/manifests/platform/cluster-configs/authentication.yaml @@ -13,4 +13,4 @@ spec: type: "" webhookTokenAuthenticator: kubeConfig: - name: webhook-authentication-integrated-oauth \ No newline at end of file + name: webhook-authentication-integrated-oauth diff --git a/manifests/platform/cluster-configs/kustomization.yaml b/manifests/platform/cluster-configs/kustomization.yaml index a6b45d7..d5c9c20 100644 --- a/manifests/platform/cluster-configs/kustomization.yaml +++ b/manifests/platform/cluster-configs/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - authentication.yaml \ No newline at end of file + - authentication.yaml diff --git a/manifests/platform/cluster-version/overlays/okd/kustomization.yaml b/manifests/platform/cluster-version/overlays/okd/kustomization.yaml index 5036d39..531de43 100644 --- a/manifests/platform/cluster-version/overlays/okd/kustomization.yaml +++ b/manifests/platform/cluster-version/overlays/okd/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - cluster-version.yaml \ No newline at end of file + - cluster-version.yaml diff --git a/manifests/platform/console-config/console.yaml b/manifests/platform/console-config/console.yaml index b78badf..97c6291 100644 --- a/manifests/platform/console-config/console.yaml +++ b/manifests/platform/console-config/console.yaml @@ -45,4 +45,4 @@ spec: hostname: "" secret: name: "" - unsupportedConfigOverrides: null \ No newline at end of file + unsupportedConfigOverrides: null diff --git a/manifests/platform/console-config/kustomization.yaml b/manifests/platform/console-config/kustomization.yaml index 3d631ba..703dffc 100644 --- a/manifests/platform/console-config/kustomization.yaml +++ b/manifests/platform/console-config/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - console.yaml \ No newline at end of file + - console.yaml diff --git a/manifests/platform/external-secrets-operator/base/kustomization.yaml b/manifests/platform/external-secrets-operator/base/kustomization.yaml index 0a20c8c..48ef36e 100644 --- a/manifests/platform/external-secrets-operator/base/kustomization.yaml +++ b/manifests/platform/external-secrets-operator/base/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - namespace.yaml \ No newline at end of file + - namespace.yaml diff --git a/manifests/platform/external-secrets-operator/base/namespace.yaml b/manifests/platform/external-secrets-operator/base/namespace.yaml index 644c62f..05a6acc 100644 --- a/manifests/platform/external-secrets-operator/base/namespace.yaml +++ b/manifests/platform/external-secrets-operator/base/namespace.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: external-secrets-operator \ No newline at end of file + name: external-secrets-operator diff --git a/manifests/platform/external-secrets-operator/components/helm/crd.yaml b/manifests/platform/external-secrets-operator/components/helm/crd.yaml index da93271..935f7a5 100644 --- a/manifests/platform/external-secrets-operator/components/helm/crd.yaml +++ b/manifests/platform/external-secrets-operator/components/helm/crd.yaml @@ -1,4 +1,3 @@ - # Source: external-secrets/templates/crds/acraccesstoken.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/manifests/platform/external-secrets-operator/components/helm/deployment.yaml b/manifests/platform/external-secrets-operator/components/helm/deployment.yaml index 5f4cd40..fef8c7f 100644 --- a/manifests/platform/external-secrets-operator/components/helm/deployment.yaml +++ b/manifests/platform/external-secrets-operator/components/helm/deployment.yaml @@ -33,7 +33,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - # runAsUser: 1000 + # runAsUser: 1000 # unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .containers[0].runAsUser:Invalid value: 1000: must be in the ranges: [1000830000, 1000839999] seccompProfile: type: RuntimeDefault @@ -103,7 +103,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - # runAsUser: 1000 + # runAsUser: 1000 # unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .containers[0].runAsUser:Invalid value: 1000: must be in the ranges: [1000830000, 1000839999] seccompProfile: type: RuntimeDefault @@ -161,7 +161,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - # runAsUser: 1000 + # runAsUser: 1000 # unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .containers[0].runAsUser:Invalid value: 1000: must be in the ranges: [1000830000, 1000839999] seccompProfile: type: RuntimeDefault diff --git a/manifests/platform/external-secrets-operator/components/helm/kustomization.yaml b/manifests/platform/external-secrets-operator/components/helm/kustomization.yaml index 7656894..8668b61 100644 --- a/manifests/platform/external-secrets-operator/components/helm/kustomization.yaml +++ b/manifests/platform/external-secrets-operator/components/helm/kustomization.yaml @@ -5,4 +5,4 @@ resources: - deployment.yaml - service.yaml - rbac.yaml - - validatingwebhookconfiguration.yaml \ No newline at end of file + - validatingwebhookconfiguration.yaml diff --git a/manifests/platform/external-secrets-operator/components/helm/rbac.yaml b/manifests/platform/external-secrets-operator/components/helm/rbac.yaml index 40b45a7..c6c22e7 100644 --- a/manifests/platform/external-secrets-operator/components/helm/rbac.yaml +++ b/manifests/platform/external-secrets-operator/components/helm/rbac.yaml @@ -474,4 +474,4 @@ roleRef: subjects: - kind: ServiceAccount name: external-secrets - namespace: external-secrets-operator \ No newline at end of file + namespace: external-secrets-operator diff --git a/manifests/platform/external-secrets-operator/components/helm/service.yaml b/manifests/platform/external-secrets-operator/components/helm/service.yaml index c3512b6..427ad2c 100644 --- a/manifests/platform/external-secrets-operator/components/helm/service.yaml +++ b/manifests/platform/external-secrets-operator/components/helm/service.yaml @@ -18,4 +18,4 @@ spec: name: webhook selector: app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/instance: eso \ No newline at end of file + app.kubernetes.io/instance: eso diff --git a/manifests/platform/external-secrets-operator/components/helm/validatingwebhookconfiguration.yaml b/manifests/platform/external-secrets-operator/components/helm/validatingwebhookconfiguration.yaml index f4974d6..84f1ea8 100644 --- a/manifests/platform/external-secrets-operator/components/helm/validatingwebhookconfiguration.yaml +++ b/manifests/platform/external-secrets-operator/components/helm/validatingwebhookconfiguration.yaml @@ -11,11 +11,11 @@ metadata: webhooks: - name: "validate.secretstore.external-secrets.io" rules: - - apiGroups: ["external-secrets.io"] + - apiGroups: ["external-secrets.io"] apiVersions: ["v1"] - operations: ["CREATE", "UPDATE", "DELETE"] - resources: ["secretstores"] - scope: "Namespaced" + operations: ["CREATE", "UPDATE", "DELETE"] + resources: ["secretstores"] + scope: "Namespaced" clientConfig: service: namespace: external-secrets-operator @@ -27,11 +27,11 @@ webhooks: - name: "validate.clustersecretstore.external-secrets.io" rules: - - apiGroups: ["external-secrets.io"] + - apiGroups: ["external-secrets.io"] apiVersions: ["v1"] - operations: ["CREATE", "UPDATE", "DELETE"] - resources: ["clustersecretstores"] - scope: "Cluster" + operations: ["CREATE", "UPDATE", "DELETE"] + resources: ["clustersecretstores"] + scope: "Cluster" clientConfig: service: namespace: external-secrets-operator @@ -53,11 +53,11 @@ metadata: webhooks: - name: "validate.externalsecret.external-secrets.io" rules: - - apiGroups: ["external-secrets.io"] + - apiGroups: ["external-secrets.io"] apiVersions: ["v1"] - operations: ["CREATE", "UPDATE", "DELETE"] - resources: ["externalsecrets"] - scope: "Namespaced" + operations: ["CREATE", "UPDATE", "DELETE"] + resources: ["externalsecrets"] + scope: "Namespaced" clientConfig: service: namespace: external-secrets-operator diff --git a/manifests/platform/external-secrets-operator/components/non-helm/kustomization.yaml b/manifests/platform/external-secrets-operator/components/non-helm/kustomization.yaml index 7678afc..10e9437 100644 --- a/manifests/platform/external-secrets-operator/components/non-helm/kustomization.yaml +++ b/manifests/platform/external-secrets-operator/components/non-helm/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - pdb.yaml \ No newline at end of file + - pdb.yaml diff --git a/manifests/platform/external-secrets-operator/components/non-helm/pdb.yaml b/manifests/platform/external-secrets-operator/components/non-helm/pdb.yaml index 1a6075a..36fb544 100644 --- a/manifests/platform/external-secrets-operator/components/non-helm/pdb.yaml +++ b/manifests/platform/external-secrets-operator/components/non-helm/pdb.yaml @@ -29,4 +29,4 @@ spec: minAvailable: 1 selector: matchLabels: - app.kubernetes.io/name: external-secrets-webhook \ No newline at end of file + app.kubernetes.io/name: external-secrets-webhook diff --git a/manifests/platform/external-secrets-operator/overlays/okd/kustomization.yaml b/manifests/platform/external-secrets-operator/overlays/okd/kustomization.yaml index 57b6cfb..29a0bce 100644 --- a/manifests/platform/external-secrets-operator/overlays/okd/kustomization.yaml +++ b/manifests/platform/external-secrets-operator/overlays/okd/kustomization.yaml @@ -3,4 +3,4 @@ kind: Kustomization resources: - ../../base - ../../components/helm - - ../../components/non-helm \ No newline at end of file + - ../../components/non-helm diff --git a/manifests/platform/external-secrets-operator/overlays/pi-cluster/clustersecretstore.yaml b/manifests/platform/external-secrets-operator/overlays/pi-cluster/clustersecretstore.yaml index c487b2f..d403522 100644 --- a/manifests/platform/external-secrets-operator/overlays/pi-cluster/clustersecretstore.yaml +++ b/manifests/platform/external-secrets-operator/overlays/pi-cluster/clustersecretstore.yaml @@ -12,4 +12,4 @@ spec: name: gcpsm-secret key: credentials.json namespace: external-secrets-operator - projectID: pi-cluster-433101 \ No newline at end of file + projectID: pi-cluster-433101 diff --git a/manifests/platform/external-secrets-operator/overlays/pi-cluster/kustomization.yaml b/manifests/platform/external-secrets-operator/overlays/pi-cluster/kustomization.yaml index c627674..8ca374e 100644 --- a/manifests/platform/external-secrets-operator/overlays/pi-cluster/kustomization.yaml +++ b/manifests/platform/external-secrets-operator/overlays/pi-cluster/kustomization.yaml @@ -4,4 +4,4 @@ resources: - ../../base - ../../components/helm - ../../components/non-helm - - clustersecretstore.yaml \ No newline at end of file + - clustersecretstore.yaml diff --git a/manifests/platform/grafana/operator/kustomization.yaml b/manifests/platform/grafana/operator/kustomization.yaml index 9aeb8d6..ce74946 100644 --- a/manifests/platform/grafana/operator/kustomization.yaml +++ b/manifests/platform/grafana/operator/kustomization.yaml @@ -5,11 +5,11 @@ resources: - operatorgroup.yaml - subscription.yaml patches: - - target: + - target: kind: PersistentVolumeClaim name: grafana-pvc patch: |- - - op: add + - op: add path: /spec/storageClassName value: - rook-ceph-block-replicated \ No newline at end of file + rook-ceph-block-replicated diff --git a/manifests/platform/grafana/operator/namespace.yaml b/manifests/platform/grafana/operator/namespace.yaml index 8879f22..a5cb5ec 100644 --- a/manifests/platform/grafana/operator/namespace.yaml +++ b/manifests/platform/grafana/operator/namespace.yaml @@ -3,4 +3,4 @@ kind: Namespace metadata: name: grafana-operator annotations: - argocd.argoproj.io/sync-wave: "1" \ No newline at end of file + argocd.argoproj.io/sync-wave: "1" diff --git a/manifests/platform/grafana/operator/operatorgroup.yaml b/manifests/platform/grafana/operator/operatorgroup.yaml index ec5d8ef..55bf5ea 100644 --- a/manifests/platform/grafana/operator/operatorgroup.yaml +++ b/manifests/platform/grafana/operator/operatorgroup.yaml @@ -7,4 +7,4 @@ metadata: argocd.argoproj.io/sync-wave: "2" spec: targetNamespaces: - - grafana \ No newline at end of file + - grafana diff --git a/manifests/platform/grafana/overlays/okd/grafana-dashboard.yaml b/manifests/platform/grafana/overlays/okd/grafana-dashboard.yaml index 145df4b..68e192b 100644 --- a/manifests/platform/grafana/overlays/okd/grafana-dashboard.yaml +++ b/manifests/platform/grafana/overlays/okd/grafana-dashboard.yaml @@ -20,4 +20,4 @@ spec: "from": "now-6h", "to": "now" } - } \ No newline at end of file + } diff --git a/manifests/platform/grafana/overlays/okd/ingress.yaml b/manifests/platform/grafana/overlays/okd/ingress.yaml index ef3511d..edcedcc 100644 --- a/manifests/platform/grafana/overlays/okd/ingress.yaml +++ b/manifests/platform/grafana/overlays/okd/ingress.yaml @@ -15,7 +15,7 @@ spec: - path: / pathType: Prefix backend: - service: + service: name: grafana-service port: number: 3000 diff --git a/manifests/platform/grafana/overlays/okd/kustomization.yaml b/manifests/platform/grafana/overlays/okd/kustomization.yaml index a6153b0..5e180df 100644 --- a/manifests/platform/grafana/overlays/okd/kustomization.yaml +++ b/manifests/platform/grafana/overlays/okd/kustomization.yaml @@ -5,4 +5,4 @@ resources: - ../../operator - grafana.yaml - grafana-dashboard.yaml - - ingress.yaml \ No newline at end of file + - ingress.yaml diff --git a/manifests/platform/ingress-nginx/overlays/pi-cluster/kustomization.yaml b/manifests/platform/ingress-nginx/overlays/pi-cluster/kustomization.yaml index 1e06752..e4796dc 100644 --- a/manifests/platform/ingress-nginx/overlays/pi-cluster/kustomization.yaml +++ b/manifests/platform/ingress-nginx/overlays/pi-cluster/kustomization.yaml @@ -22,4 +22,4 @@ patches: - op: replace path: /spec/type value: LoadBalancer -# https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal-clusters \ No newline at end of file +# https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal-clusters diff --git a/manifests/platform/kubernetes-dashboard/overlays/pi-cluster/clusterrolebinding.yaml b/manifests/platform/kubernetes-dashboard/overlays/pi-cluster/clusterrolebinding.yaml index 23c1190..6db3be5 100644 --- a/manifests/platform/kubernetes-dashboard/overlays/pi-cluster/clusterrolebinding.yaml +++ b/manifests/platform/kubernetes-dashboard/overlays/pi-cluster/clusterrolebinding.yaml @@ -9,4 +9,4 @@ roleRef: subjects: - kind: ServiceAccount name: admin-user - namespace: kubernetes-dashboard \ No newline at end of file + namespace: kubernetes-dashboard diff --git a/manifests/platform/kubernetes-dashboard/overlays/pi-cluster/ingress.yaml b/manifests/platform/kubernetes-dashboard/overlays/pi-cluster/ingress.yaml index c8fa303..9a5913e 100644 --- a/manifests/platform/kubernetes-dashboard/overlays/pi-cluster/ingress.yaml +++ b/manifests/platform/kubernetes-dashboard/overlays/pi-cluster/ingress.yaml @@ -4,7 +4,7 @@ metadata: name: kubernetes-dashboard-ingress namespace: kubernetes-dashboard annotations: - cert-manager.io/cluster-issuer: "letsencrypt-prod" + cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: diff --git a/manifests/platform/kubernetes-dashboard/overlays/pi-cluster/serviceaccount.yaml b/manifests/platform/kubernetes-dashboard/overlays/pi-cluster/serviceaccount.yaml index 219059b..54cabb7 100644 --- a/manifests/platform/kubernetes-dashboard/overlays/pi-cluster/serviceaccount.yaml +++ b/manifests/platform/kubernetes-dashboard/overlays/pi-cluster/serviceaccount.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: admin-user - namespace: kubernetes-dashboard \ No newline at end of file + namespace: kubernetes-dashboard diff --git a/manifests/platform/kubevirt-hyperconverged/base/kustomization.yaml b/manifests/platform/kubevirt-hyperconverged/base/kustomization.yaml index aac01f4..c041cea 100644 --- a/manifests/platform/kubevirt-hyperconverged/base/kustomization.yaml +++ b/manifests/platform/kubevirt-hyperconverged/base/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace.yaml - - operatorgroup.yaml \ No newline at end of file + - operatorgroup.yaml diff --git a/manifests/platform/kubevirt-hyperconverged/base/namespace.yaml b/manifests/platform/kubevirt-hyperconverged/base/namespace.yaml index 7ab00f4..ed79b74 100644 --- a/manifests/platform/kubevirt-hyperconverged/base/namespace.yaml +++ b/manifests/platform/kubevirt-hyperconverged/base/namespace.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: kubevirt-hyperconverged \ No newline at end of file + name: kubevirt-hyperconverged diff --git a/manifests/platform/kubevirt-hyperconverged/base/operatorgroup.yaml b/manifests/platform/kubevirt-hyperconverged/base/operatorgroup.yaml index 0a9dd54..067557e 100644 --- a/manifests/platform/kubevirt-hyperconverged/base/operatorgroup.yaml +++ b/manifests/platform/kubevirt-hyperconverged/base/operatorgroup.yaml @@ -2,4 +2,4 @@ apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: kubevirt-hyperconverged-operator-group - namespace: kubevirt-hyperconverged \ No newline at end of file + namespace: kubevirt-hyperconverged diff --git a/manifests/platform/kubevirt-hyperconverged/components/hyperconverged.yaml b/manifests/platform/kubevirt-hyperconverged/components/hyperconverged.yaml index a3dfdce..ea9de7b 100644 --- a/manifests/platform/kubevirt-hyperconverged/components/hyperconverged.yaml +++ b/manifests/platform/kubevirt-hyperconverged/components/hyperconverged.yaml @@ -1,4 +1,4 @@ -kind: HyperConverged +pre-commit run yamllint --all-files --fixkind: HyperConverged apiVersion: hco.kubevirt.io/v1beta1 metadata: annotations: diff --git a/manifests/platform/kubevirt-hyperconverged/components/kustomization.yaml b/manifests/platform/kubevirt-hyperconverged/components/kustomization.yaml index 532f2f9..603cf55 100644 --- a/manifests/platform/kubevirt-hyperconverged/components/kustomization.yaml +++ b/manifests/platform/kubevirt-hyperconverged/components/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - hyperconverged.yaml - - subscription.yaml \ No newline at end of file + - subscription.yaml diff --git a/manifests/platform/kubevirt-hyperconverged/overlays/okd/kustomization.yaml b/manifests/platform/kubevirt-hyperconverged/overlays/okd/kustomization.yaml index fc261a1..e4f079e 100644 --- a/manifests/platform/kubevirt-hyperconverged/overlays/okd/kustomization.yaml +++ b/manifests/platform/kubevirt-hyperconverged/overlays/okd/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../../base - - ../../components \ No newline at end of file + - ../../components diff --git a/manifests/platform/longhorn/overlays/pi-cluster/httproute.yaml b/manifests/platform/longhorn/overlays/pi-cluster/httproute.yaml index 25b996a..2a121d2 100644 --- a/manifests/platform/longhorn/overlays/pi-cluster/httproute.yaml +++ b/manifests/platform/longhorn/overlays/pi-cluster/httproute.yaml @@ -17,4 +17,4 @@ spec: backendRefs: - name: longhorn-frontend namespace: longhorn-system - port: 80 \ No newline at end of file + port: 80 diff --git a/manifests/platform/longhorn/overlays/pi-cluster/ingress.yaml b/manifests/platform/longhorn/overlays/pi-cluster/ingress.yaml index 16c634d..2557d71 100644 --- a/manifests/platform/longhorn/overlays/pi-cluster/ingress.yaml +++ b/manifests/platform/longhorn/overlays/pi-cluster/ingress.yaml @@ -22,4 +22,4 @@ spec: service: name: longhorn-frontend port: - number: 80 \ No newline at end of file + number: 80 diff --git a/manifests/platform/metallb/overlays/pi-cluster/ip-addr-pool.yaml b/manifests/platform/metallb/overlays/pi-cluster/ip-addr-pool.yaml index 7253991..1623149 100644 --- a/manifests/platform/metallb/overlays/pi-cluster/ip-addr-pool.yaml +++ b/manifests/platform/metallb/overlays/pi-cluster/ip-addr-pool.yaml @@ -5,4 +5,4 @@ metadata: namespace: metallb-system spec: addresses: - - 192.168.0.235-192.168.0.255 \ No newline at end of file + - 192.168.0.235-192.168.0.255 diff --git a/manifests/platform/metallb/overlays/pi-cluster/kustomization.yaml b/manifests/platform/metallb/overlays/pi-cluster/kustomization.yaml index 08517b7..135f1de 100644 --- a/manifests/platform/metallb/overlays/pi-cluster/kustomization.yaml +++ b/manifests/platform/metallb/overlays/pi-cluster/kustomization.yaml @@ -3,4 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 namespace: metallb-system resources: - ../../base - - ip-addr-pool.yaml \ No newline at end of file + - ip-addr-pool.yaml diff --git a/manifests/platform/nginx-gateway/overlays/pi-cluster/gateway.yaml b/manifests/platform/nginx-gateway/overlays/pi-cluster/gateway.yaml index 65a95e9..905074f 100644 --- a/manifests/platform/nginx-gateway/overlays/pi-cluster/gateway.yaml +++ b/manifests/platform/nginx-gateway/overlays/pi-cluster/gateway.yaml @@ -11,4 +11,4 @@ spec: protocol: HTTP allowedRoutes: namespaces: - from: All \ No newline at end of file + from: All diff --git a/manifests/platform/nginx-gateway/overlays/pi-cluster/kustomization.yaml b/manifests/platform/nginx-gateway/overlays/pi-cluster/kustomization.yaml index 89a89f5..bfefbb7 100644 --- a/manifests/platform/nginx-gateway/overlays/pi-cluster/kustomization.yaml +++ b/manifests/platform/nginx-gateway/overlays/pi-cluster/kustomization.yaml @@ -2,4 +2,4 @@ kind: Kustomization apiVersion: kustomize.config.k8s.io/v1beta1 resources: - ../../base - - gateway.yaml \ No newline at end of file + - gateway.yaml diff --git a/manifests/platform/openshift-ingress/operator/default-ingress-controller.yaml b/manifests/platform/openshift-ingress/operator/default-ingress-controller.yaml index 2694dc6..5cf70ab 100644 --- a/manifests/platform/openshift-ingress/operator/default-ingress-controller.yaml +++ b/manifests/platform/openshift-ingress/operator/default-ingress-controller.yaml @@ -15,4 +15,4 @@ spec: replicas: 2 tuningOptions: reloadInterval: 0s - unsupportedConfigOverrides: null \ No newline at end of file + unsupportedConfigOverrides: null diff --git a/manifests/platform/openshift-ingress/operator/kustomization.yaml b/manifests/platform/openshift-ingress/operator/kustomization.yaml index 895dc33..3d9645f 100644 --- a/manifests/platform/openshift-ingress/operator/kustomization.yaml +++ b/manifests/platform/openshift-ingress/operator/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - default-ingress-controller.yaml \ No newline at end of file + - default-ingress-controller.yaml diff --git a/manifests/platform/openshift-ingress/overlays/okd/certificate.yaml b/manifests/platform/openshift-ingress/overlays/okd/certificate.yaml index 1bf76da..0358789 100644 --- a/manifests/platform/openshift-ingress/overlays/okd/certificate.yaml +++ b/manifests/platform/openshift-ingress/overlays/okd/certificate.yaml @@ -24,4 +24,4 @@ spec: issuerRef: name: letsencrypt-prod kind: ClusterIssuer - group: cert-manager.io \ No newline at end of file + group: cert-manager.io diff --git a/manifests/platform/openshift-ingress/overlays/okd/kustomization.yaml b/manifests/platform/openshift-ingress/overlays/okd/kustomization.yaml index 5d67054..67b0c1c 100644 --- a/manifests/platform/openshift-ingress/overlays/okd/kustomization.yaml +++ b/manifests/platform/openshift-ingress/overlays/okd/kustomization.yaml @@ -16,4 +16,4 @@ patches: - op: add path: /spec/defaultCertificate value: - name: console-tls \ No newline at end of file + name: console-tls diff --git a/manifests/platform/openshift-ingress/overlays/okd/proxy.yaml b/manifests/platform/openshift-ingress/overlays/okd/proxy.yaml index f2d42b3..820e9f1 100644 --- a/manifests/platform/openshift-ingress/overlays/okd/proxy.yaml +++ b/manifests/platform/openshift-ingress/overlays/okd/proxy.yaml @@ -5,4 +5,4 @@ metadata: spec: trustedCA: # name: "custom-ca" only needed for letsencrypt-staging - name: "" \ No newline at end of file + name: "" diff --git a/manifests/platform/openshift-monitoring/external-secret.yaml b/manifests/platform/openshift-monitoring/external-secret.yaml index 08d40d9..dd7fb3f 100644 --- a/manifests/platform/openshift-monitoring/external-secret.yaml +++ b/manifests/platform/openshift-monitoring/external-secret.yaml @@ -11,10 +11,10 @@ spec: name: gsm-secret-store kind: SecretStore target: - name: alertmanager-discord-config + name: alertmanager-discord-config creationPolicy: Owner data: - - secretKey: alertmanager-discord-config + - secretKey: alertmanager-discord-config remoteRef: - key: alertmanager-discord-config + key: alertmanager-discord-config version: "latest" diff --git a/manifests/platform/openshift-monitoring/test-critical-alert.yaml b/manifests/platform/openshift-monitoring/test-critical-alert.yaml index a645a66..d674de2 100644 --- a/manifests/platform/openshift-monitoring/test-critical-alert.yaml +++ b/manifests/platform/openshift-monitoring/test-critical-alert.yaml @@ -14,4 +14,4 @@ spec: severity: critical annotations: summary: "Test Critical Alert" - description: "This is a test critical alert to verify Alertmanager configuration." \ No newline at end of file + description: "This is a test critical alert to verify Alertmanager configuration." diff --git a/manifests/platform/operatorhub/config.yaml b/manifests/platform/operatorhub/config.yaml index 8f08538..314a984 100644 --- a/manifests/platform/operatorhub/config.yaml +++ b/manifests/platform/operatorhub/config.yaml @@ -10,4 +10,4 @@ metadata: release.openshift.io/create-only: "true" name: cluster spec: - disableAllDefaultSources: false \ No newline at end of file + disableAllDefaultSources: false diff --git a/manifests/platform/rook-ceph/base/cluster.yaml b/manifests/platform/rook-ceph/base/cluster.yaml index b8500a2..df89903 100644 --- a/manifests/platform/rook-ceph/base/cluster.yaml +++ b/manifests/platform/rook-ceph/base/cluster.yaml @@ -1,4 +1,4 @@ -################################################################################################################# + # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## # Define the settings for the rook-ceph cluster with common settings for a production cluster. # All nodes with available raw devices will be used for the Ceph cluster. At least three nodes are required # in this example. See the documentation for more details on storage settings available. @@ -6,7 +6,7 @@ # For example, to create the cluster: # kubectl create -f crds.yaml -f common.yaml -f operator.yaml # kubectl create -f cluster.yaml -################################################################################################################# + # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## apiVersion: ceph.rook.io/v1 kind: CephCluster @@ -34,7 +34,7 @@ spec: # Whether or not upgrade should continue even if a check fails # This means Ceph's status could be degraded and we don't recommend upgrading but you might decide otherwise # Use at your OWN risk - # To understand Rook's upgrade process of Ceph, read https://rook.io/docs/rook/latest/ceph-upgrade.html#ceph-version-upgrades + # To understand Rook's upgrade process of Ceph, read https://rook.io/docs/rook/latest/ceph-upgrade.html # ceph-version-upgrades skipUpgradeChecks: false # Whether or not continue if PGs are not clean during an upgrade continueUpgradeAfterChecksEvenIfNotHealthy: false @@ -114,10 +114,10 @@ spec: # Requires a kernel that supports msgr v2 (kernel 5.11 or CentOS 8.4 or newer). requireMsgr2: false # enable host networking - #provider: host + # provider: host # enable the Multus network provider - #provider: multus - #selectors: + # provider: multus + # selectors: # The selector keys are required to be `public` and `cluster`. # Based on the configuration, the operator will do the following: # 1. if only the `public` selector key is specified both public_network and cluster_network Ceph settings will listen on that interface @@ -128,13 +128,13 @@ spec: # public: public-conf --> NetworkAttachmentDefinition object name in Multus # cluster: cluster-conf --> NetworkAttachmentDefinition object name in Multus # Provide internet protocol version. IPv6, IPv4 or empty string are valid options. Empty string would mean IPv4 - #ipFamily: "IPv6" + # ipFamily: "IPv6" # Ceph daemons to listen on both IPv4 and Ipv6 networks - #dualStack: false + # dualStack: false # Enable multiClusterService to export the mon and OSD services to peer cluster. # This is useful to support RBD mirroring between two clusters having overlapping CIDRs. # Ensure that peer clusters are connected using an MCS API compatible application, like Globalnet Submariner. - #multiClusterService: + # multiClusterService: # enabled: false # enable the crash collector for ceph daemon crash collection @@ -142,13 +142,13 @@ spec: disable: false # Uncomment daysToRetain to prune ceph crash entries older than the # specified number of days. - #daysToRetain: 30 + # daysToRetain: 30 # enable log collector, daemons will log on files and rotate logCollector: enabled: true periodicity: daily # one of: hourly, daily, weekly, monthly maxLogSize: 500M # SUFFIX may be 'M' or 'G'. Must be at least 1M. - # automate [data cleanup process](https://github.com/rook/rook/blob/master/Documentation/Storage-Configuration/ceph-teardown.md#delete-the-data-on-hosts) in cluster destruction. + # automate [data cleanup process](https://github.com/rook/rook/blob/master/Documentation/Storage-Configuration/ceph-teardown.md # delete-the-data-on-hosts) in cluster destruction. cleanupPolicy: # Since cluster cleanup is destructive to data, confirmation is required. # To destroy all Rook data on hosts during uninstall, confirmation must be set to "yes-really-destroy-data". @@ -232,7 +232,7 @@ spec: # monitoring: # crashcollector: resources: - #The requests and limits set here, allow the mgr pod to use half of one CPU core and 1 gigabyte of memory + # The requests and limits set here, allow the mgr pod to use half of one CPU core and 1 gigabyte of memory mgr: limits: cpu: "500m" @@ -268,15 +268,15 @@ spec: # The option to automatically remove OSDs that are out and are safe to destroy. removeOSDsIfOutAndSafeToRemove: false priorityClassNames: - #all: rook-ceph-default-priority-class + # all: rook-ceph-default-priority-class mon: system-node-critical osd: system-node-critical mgr: system-cluster-critical - #crashcollector: rook-ceph-crashcollector-priority-class + # crashcollector: rook-ceph-crashcollector-priority-class storage: # cluster level storage configuration and selection useAllNodes: true useAllDevices: true - #deviceFilter: + # deviceFilter: config: # crushRoot: "custom-root" # specify a non-default root label for the CRUSH map # metadataDevice: "md0" # specify a non-rotational storage so ceph-volume will use it as block db device of bluestore. @@ -328,14 +328,14 @@ spec: # Enable read affinity to enable clients to optimize reads from an OSD in the same topology. # Enabling the read affinity may cause the OSDs to consume some extra memory. # For more details see this doc: - # https://rook.io/docs/rook/latest/Storage-Configuration/Ceph-CSI/ceph-csi-drivers/#enable-read-affinity-for-rbd-volumes + # https://rook.io/docs/rook/latest/Storage-Configuration/Ceph-CSI/ceph-csi-drivers/ # enable-read-affinity-for-rbd-volumes enabled: false # cephfs driver specific settings. cephfs: - # Set CephFS Kernel mount options to use https://docs.ceph.com/en/latest/man/8/mount.ceph/#options. + # Set CephFS Kernel mount options to use https://docs.ceph.com/en/latest/man/8/mount.ceph/ # options. # kernelMountOptions: "" - # Set CephFS Fuse mount options to use https://docs.ceph.com/en/latest/man/8/ceph-fuse/#options. + # Set CephFS Fuse mount options to use https://docs.ceph.com/en/latest/man/8/ceph-fuse/ # options. # fuseMountOptions: "" # healthChecks diff --git a/manifests/platform/rook-ceph/base/storageclass-replicated.yaml b/manifests/platform/rook-ceph/base/storageclass-replicated.yaml index 5baf94c..ae2b1c1 100644 --- a/manifests/platform/rook-ceph/base/storageclass-replicated.yaml +++ b/manifests/platform/rook-ceph/base/storageclass-replicated.yaml @@ -14,8 +14,8 @@ spec: # Make sure you're *ABSOLUTELY CERTAIN* that is what you want requireSafeReplicaSize: true # gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity of a given pool - # for more info: https://docs.ceph.com/docs/master/rados/operations/placement-groups/#specifying-expected-pool-size - #targetSizeRatio: .5 + # for more info: https://docs.ceph.com/docs/master/rados/operations/placement-groups/ # specifying-expected-pool-size + # targetSizeRatio: .5 --- apiVersion: storage.k8s.io/v1 kind: StorageClass @@ -36,21 +36,21 @@ parameters: # You need to specify the replicated pool here in the `pool` parameter, it is # used for the metadata of the images. # The erasure coded pool must be set as the `dataPool` parameter below. - #dataPool: ec-data-pool + # dataPool: ec-data-pool pool: replicapool-replicated # (optional) mapOptions is a comma-separated list of map options. # For krbd options refer - # https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options + # https://docs.ceph.com/docs/master/man/8/rbd/ # kernel-rbd-krbd-options # For nbd options refer - # https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options + # https://docs.ceph.com/docs/master/man/8/rbd-nbd/ # options # mapOptions: lock_on_read,queue_depth=1024 # (optional) unmapOptions is a comma-separated list of unmap options. # For krbd options refer - # https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options + # https://docs.ceph.com/docs/master/man/8/rbd/ # kernel-rbd-krbd-options # For nbd options refer - # https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options + # https://docs.ceph.com/docs/master/man/8/rbd-nbd/ # options # unmapOptions: force # (optional) Set it to true to encrypt each volume with encryption keys @@ -74,7 +74,7 @@ parameters: # correspond to Ceph's OR'd bitfield value of "63". Here we use # a symbolic, comma-separated format: # For 5.4 or later kernels: - #imageFeatures: layering,fast-diff,object-map,deep-flatten,exclusive-lock + # imageFeatures: layering,fast-diff,object-map,deep-flatten,exclusive-lock # For 5.3 or earlier kernels: imageFeatures: layering @@ -94,6 +94,6 @@ parameters: # **IMPORTANT**: CephCSI v3.4.0 onwards a volume healer functionality is added to reattach # the PVC to application pod if nodeplugin pod restart. # Its still in Alpha support. Therefore, this option is not recommended for production use. -#mounter: rbd-nbd + # mounter: rbd-nbd allowVolumeExpansion: true reclaimPolicy: Delete diff --git a/manifests/platform/rook-ceph/base/storageclass-single.yaml b/manifests/platform/rook-ceph/base/storageclass-single.yaml index 64e0061..1ed7b34 100644 --- a/manifests/platform/rook-ceph/base/storageclass-single.yaml +++ b/manifests/platform/rook-ceph/base/storageclass-single.yaml @@ -12,8 +12,8 @@ spec: # Make sure you're *ABSOLUTELY CERTAIN* that is what you want requireSafeReplicaSize: false # gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity of a given pool - # for more info: https://docs.ceph.com/docs/master/rados/operations/placement-groups/#specifying-expected-pool-size - #targetSizeRatio: .5 + # for more info: https://docs.ceph.com/docs/master/rados/operations/placement-groups/ # pecifying-expected-pool-size + # argetSizeRatio: .5 --- apiVersion: storage.k8s.io/v1 kind: StorageClass @@ -31,7 +31,7 @@ parameters: # You need to specify the replicated pool here in the `pool` parameter, it is # used for the metadata of the images. # The erasure coded pool must be set as the `dataPool` parameter below. - #dataPool: ec-data-pool + # ataPool: ec-data-pool pool: replicapool-single # RBD image format. Defaults to "2". @@ -52,6 +52,6 @@ parameters: # will set default as `ext4`. csi.storage.k8s.io/fstype: ext4 # uncomment the following to use rbd-nbd as mounter on supported nodes -#mounter: rbd-nbd + # ounter: rbd-nbd allowVolumeExpansion: true -reclaimPolicy: Delete \ No newline at end of file +reclaimPolicy: Delete diff --git a/manifests/platform/rook-ceph/overlays/k8s/operator.yaml b/manifests/platform/rook-ceph/overlays/k8s/operator.yaml index 4f4d6db..44639d4 100644 --- a/manifests/platform/rook-ceph/overlays/k8s/operator.yaml +++ b/manifests/platform/rook-ceph/overlays/k8s/operator.yaml @@ -1,4 +1,4 @@ -################################################################################################################# + # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## # The deployment for the rook operator # Contains the common settings for most Kubernetes deployments. # For example, to create the rook-ceph cluster: @@ -7,7 +7,7 @@ # # Also see other operator sample files for variations of operator.yaml: # - operator-openshift.yaml: Common settings for running in OpenShift -############################################################################################################### + # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## # Rook Ceph Operator Config ConfigMap # Use this ConfigMap to override Rook-Ceph Operator configurations. @@ -278,7 +278,7 @@ data: # (Optional) CEPH CSI RBD provisioner resource requirement list, Put here list of resource # requests and limits you want to apply for provisioner pod - #CSI_RBD_PROVISIONER_RESOURCE: | + # CSI_RBD_PROVISIONER_RESOURCE: | # - name : csi-provisioner # resource: # requests: @@ -330,7 +330,7 @@ data: # memory: 256Mi # (Optional) CEPH CSI RBD plugin resource requirement list, Put here list of resource # requests and limits you want to apply for plugin pod - #CSI_RBD_PLUGIN_RESOURCE: | + # CSI_RBD_PLUGIN_RESOURCE: | # - name : driver-registrar # resource: # requests: @@ -354,7 +354,7 @@ data: # memory: 256Mi # (Optional) CEPH CSI CephFS provisioner resource requirement list, Put here list of resource # requests and limits you want to apply for provisioner pod - #CSI_CEPHFS_PROVISIONER_RESOURCE: | + # CSI_CEPHFS_PROVISIONER_RESOURCE: | # - name : csi-provisioner # resource: # requests: @@ -399,7 +399,7 @@ data: # memory: 256Mi # (Optional) CEPH CSI CephFS plugin resource requirement list, Put here list of resource # requests and limits you want to apply for plugin pod - #CSI_CEPHFS_PLUGIN_RESOURCE: | + # CSI_CEPHFS_PLUGIN_RESOURCE: | # - name : driver-registrar # resource: # requests: @@ -477,7 +477,7 @@ data: # CSIADDONS_RBD_PROVISIONER_PORT: "9070" # CSIADDONS_CEPHFS_PROVISIONER_PORT: "9070" - # Set CephFS Kernel mount options to use https://docs.ceph.com/en/latest/man/8/mount.ceph/#options + # Set CephFS Kernel mount options to use https://docs.ceph.com/en/latest/man/8/mount.ceph/ # options # Set to "ms_mode=secure" when connections.encrypted is enabled in CephCluster CR # CSI_CEPHFS_KERNEL_MOUNT_OPTIONS: "ms_mode=secure" @@ -524,7 +524,7 @@ data: # CSI_TOPOLOGY_DOMAIN_LABELS: "kubernetes.io/hostname,topology.kubernetes.io/zone,topology.rook.io/rack" # Whether to skip any attach operation altogether for CephCSI PVCs. - # See more details [here](https://kubernetes-csi.github.io/docs/skip-attach.html#skip-attach-with-csi-driver-object). + # See more details [here](https://kubernetes-csi.github.io/docs/skip-attach.html # skip-attach-with-csi-driver-object). # If set to false it skips the volume attachments and makes the creation of pods using the CephCSI PVC fast. # **WARNING** It's highly discouraged to use this for RWO volumes. for RBD PVC it can cause data corruption, # csi-addons operations like Reclaimspace and PVC Keyrotation will also not be supported if set to false @@ -635,7 +635,7 @@ spec: # Whether to start pods as privileged that mount a host path, which includes the Ceph mon, osd pods and csi provisioners(if logrotation is on). # Set this to true if SELinux is enabled (e.g. OpenShift) to workaround the anyuid issues. - # For more details see https://github.com/rook/rook/issues/1314#issuecomment-355799641 + # For more details see https://github.com/rook/rook/issues/1314 # issuecomment-355799641 - name: ROOK_HOSTPATH_REQUIRES_PRIVILEGED value: "false" # Provide customised regex as the values using comma. For eg. regex for rbd based volume, value will be like "(?i)rbd[0-9]+". @@ -676,7 +676,7 @@ spec: fieldRef: fieldPath: metadata.namespace # Recommended resource requests and limits, if desired - #resources: + # resources: # limits: # memory: 512Mi # requests: @@ -684,7 +684,7 @@ spec: # memory: 128Mi # Uncomment it to run lib bucket provisioner in multithreaded mode - #- name: LIB_BUCKET_PROVISIONER_THREADS + # - name: LIB_BUCKET_PROVISIONER_THREADS # value: "5" # Uncomment these two settings to run the operator on the host network diff --git a/manifests/platform/rook-ceph/overlays/okd/kustomization.yaml b/manifests/platform/rook-ceph/overlays/okd/kustomization.yaml index 86970cc..e6dce62 100644 --- a/manifests/platform/rook-ceph/overlays/okd/kustomization.yaml +++ b/manifests/platform/rook-ceph/overlays/okd/kustomization.yaml @@ -19,4 +19,4 @@ patches: - name: "cp-3.okd.jenniferpweir.com" devices: - name: "/dev/disk/by-id/ata-P3-1TB_0025901002499" -# ideally, complete node drive swaps at some point to move coreos to nvmes and use other sata disks for ceph \ No newline at end of file +# ideally, complete node drive swaps at some point to move coreos to nvmes and use other sata disks for ceph diff --git a/manifests/platform/rook-ceph/overlays/okd/operator-openshift.yaml b/manifests/platform/rook-ceph/overlays/okd/operator-openshift.yaml index d52de98..935180b 100644 --- a/manifests/platform/rook-ceph/overlays/okd/operator-openshift.yaml +++ b/manifests/platform/rook-ceph/overlays/okd/operator-openshift.yaml @@ -1,10 +1,10 @@ -################################################################################################################# + # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## # Create the rook operator and necessary security context constraints for running # Rook in an OpenShift cluster. # For example, to create the rook-ceph cluster: # oc create -f crds.yaml -f common.yaml -f operator-openshift.yaml # oc create -f cluster.yaml -################################################################################################################# + # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## # scc for the Rook and Ceph daemons kind: SecurityContextConstraints apiVersion: security.openshift.io/v1 @@ -343,7 +343,7 @@ data: # (Optional) CEPH CSI RBD provisioner resource requirement list, Put here list of resource # requests and limits you want to apply for provisioner pod - #CSI_RBD_PROVISIONER_RESOURCE: | + # CSI_RBD_PROVISIONER_RESOURCE: | # - name : csi-provisioner # resource: # requests: @@ -395,7 +395,7 @@ data: # memory: 256Mi # (Optional) CEPH CSI RBD plugin resource requirement list, Put here list of resource # requests and limits you want to apply for plugin pod - #CSI_RBD_PLUGIN_RESOURCE: | + # CSI_RBD_PLUGIN_RESOURCE: | # - name : driver-registrar # resource: # requests: @@ -419,7 +419,7 @@ data: # memory: 256Mi # (Optional) CEPH CSI CephFS provisioner resource requirement list, Put here list of resource # requests and limits you want to apply for provisioner pod - #CSI_CEPHFS_PROVISIONER_RESOURCE: | + # CSI_CEPHFS_PROVISIONER_RESOURCE: | # - name : csi-provisioner # resource: # requests: @@ -464,7 +464,7 @@ data: # memory: 256Mi # (Optional) CEPH CSI CephFS plugin resource requirement list, Put here list of resource # requests and limits you want to apply for plugin pod - #CSI_CEPHFS_PLUGIN_RESOURCE: | + # CSI_CEPHFS_PLUGIN_RESOURCE: | # - name : driver-registrar # resource: # requests: @@ -537,7 +537,7 @@ data: # CSI_RBD_LIVENESS_METRICS_PORT: "9080" # CSIADDONS_PORT: "9070" - # Set CephFS Kernel mount options to use https://docs.ceph.com/en/latest/man/8/mount.ceph/#options + # Set CephFS Kernel mount options to use https://docs.ceph.com/en/latest/man/8/mount.ceph/ # options # Set to "ms_mode=secure" when connections.encrypted is enabled in CephCluster CR # CSI_CEPHFS_KERNEL_MOUNT_OPTIONS: "ms_mode=secure" @@ -579,7 +579,7 @@ data: # CSI_TOPOLOGY_DOMAIN_LABELS: "kubernetes.io/hostname,topology.kubernetes.io/zone,topology.rook.io/rack" # Whether to skip any attach operation altogether for CephCSI PVCs. - # See more details [here](https://kubernetes-csi.github.io/docs/skip-attach.html#skip-attach-with-csi-driver-object). + # See more details [here](https://kubernetes-csi.github.io/docs/skip-attach.html # skip-attach-with-csi-driver-object). # If set to false it skips the volume attachments and makes the creation of pods using the CephCSI PVC fast. # **WARNING** It's highly discouraged to use this for RWO volumes. for RBD PVC it can cause data corruption, # csi-addons operations like Reclaimspace and PVC Keyrotation will also not be supported if set to false @@ -702,7 +702,7 @@ spec: # Whether to start pods as privileged that mount a host path, which includes the Ceph mon, osd pods and csi provisioners(if logrotation is on). # Set this to true if SELinux is enabled (e.g. OpenShift) to workaround the anyuid issues. - # For more details see https://github.com/rook/rook/issues/1314#issuecomment-355799641 + # For more details see https://github.com/rook/rook/issues/1314 # issuecomment-355799641 - name: ROOK_HOSTPATH_REQUIRES_PRIVILEGED value: "true" # Provide customised regex as the values using comma. For eg. regex for rbd based volume, value will be like "(?i)rbd[0-9]+". @@ -765,7 +765,7 @@ spec: memory: 128Mi # Uncomment it to run lib bucket provisioner in multithreaded mode - #- name: LIB_BUCKET_PROVISIONER_THREADS + # - name: LIB_BUCKET_PROVISIONER_THREADS # value: "5" # Uncomment these two settings to run the operator on the host network diff --git a/manifests/platform/tests/iscsi-lun-check.yaml b/manifests/platform/tests/iscsi-lun-check.yaml index 3b24bcc..60e104d 100644 --- a/manifests/platform/tests/iscsi-lun-check.yaml +++ b/manifests/platform/tests/iscsi-lun-check.yaml @@ -16,4 +16,4 @@ spec: # chapAuthSession: true # secretRef: # name: chap-secret -# https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/storage/configuring-persistent-storage#persistent-storage-iscsi-provisioning_persistent-storage-iscsi \ No newline at end of file +# https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/storage/configuring-persistent-storage#persistent-storage-iscsi-provisioning_persistent-storage-iscsi diff --git a/manifests/platform/tests/namespace.yaml b/manifests/platform/tests/namespace.yaml index e0b48b5..404d93a 100644 --- a/manifests/platform/tests/namespace.yaml +++ b/manifests/platform/tests/namespace.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: tests \ No newline at end of file + name: tests diff --git a/tests/base/kustomization.yaml b/tests/base/kustomization.yaml index 802718f..ffa4375 100644 --- a/tests/base/kustomization.yaml +++ b/tests/base/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: smoke-tests resources: - - namespace.yaml \ No newline at end of file + - namespace.yaml diff --git a/tests/base/namespace.yaml b/tests/base/namespace.yaml index 65bb18f..0a90366 100644 --- a/tests/base/namespace.yaml +++ b/tests/base/namespace.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: smoke-tests \ No newline at end of file + name: smoke-tests diff --git a/tests/wif-okd/kustomization.yaml b/tests/wif-okd/kustomization.yaml index 4d08de9..28127a9 100644 --- a/tests/wif-okd/kustomization.yaml +++ b/tests/wif-okd/kustomization.yaml @@ -5,4 +5,4 @@ resources: - ../base - configmap.yaml - serviceaccount.yaml - - wif-test.yaml \ No newline at end of file + - wif-test.yaml diff --git a/tests/wif-okd/wif-test.yaml b/tests/wif-okd/wif-test.yaml index 1aecfcf..a882257 100644 --- a/tests/wif-okd/wif-test.yaml +++ b/tests/wif-okd/wif-test.yaml @@ -53,7 +53,7 @@ spec: echo " jwt decode - < /var/run/secrets/openshift/serviceaccount/token" echo " gcloud auth login --cred-file=$GOOGLE_APPLICATION_CREDENTIALS" echo " gcloud secrets versions access latest --secret=test-secret --project=okd-homelab" - + sleep infinity volumeMounts: - name: google-creds From 4d32cd896c4da54a1e0769748a346934849e45be Mon Sep 17 00:00:00 2001 From: Jennifer Weir Date: Thu, 19 Feb 2026 20:33:26 -0500 Subject: [PATCH 3/8] fix: rm megalinter --- .github/workflows/mega-linter.yml | 92 ------------------------------- 1 file changed, 92 deletions(-) delete mode 100644 .github/workflows/mega-linter.yml diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml deleted file mode 100644 index df65f5e..0000000 --- a/.github/workflows/mega-linter.yml +++ /dev/null @@ -1,92 +0,0 @@ ---- -# MegaLinter GitHub Action configuration file -# More info at https://megalinter.io -name: MegaLinter - -on: - # Trigger mega-linter at every push. Action will also be visible from Pull Requests to main - push: # Comment this line to trigger action only on pull-requests (not recommended if you don't pay for GH Actions) - pull_request: - branches: [master, main] - -env: # Comment env block if you don't want to apply fixes - # Apply linter fixes configuration - APPLY_FIXES: all # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool) - APPLY_FIXES_EVENT: pull_request # Decide which event triggers application of fixes in a commit or a PR (pull_request, push, all) - APPLY_FIXES_MODE: commit # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) or posted in a PR (pull_request) - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - megalinter: - name: MegaLinter - runs-on: ubuntu-latest - permissions: - # Give the default GITHUB_TOKEN write permission to commit and push, comment issues & post new PR - # Remove the ones you do not need - contents: write - issues: write - pull-requests: write - steps: - # Git Checkout - - name: Checkout Code - uses: actions/checkout@v6 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances - - # MegaLinter - - name: MegaLinter - id: ml - # You can override MegaLinter flavor used to have faster performances - # More info at https://megalinter.io/flavors/ - # MAJOR-RELEASE-IMPACTED - uses: oxsecurity/megalinter@v9 - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} # Validates all source when push on main, else just the git diff with main. Override with true if you always want to lint all sources - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY - # DISABLE: COPYPASTE,SPELL # Uncomment to disable copy-paste and spell checks - - # Upload MegaLinter artifacts - - name: Archive production artifacts - if: success() || failure() - uses: actions/upload-artifact@v4 - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - # Create pull request if applicable (for now works only on PR from same repository, not from forks) - - name: Create Pull Request with applied fixes - id: cpr - if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') - uses: peter-evans/create-pull-request@v7 - with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - commit-message: "[MegaLinter] Apply linters automatic fixes" - title: "[MegaLinter] Apply linters automatic fixes" - labels: bot - - name: Create PR output - if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') - run: | - echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" - echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" - - # Push new commit if applicable (for now works only on PR from same repository, not from forks) - - name: Prepare commit - if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') - run: sudo chown -Rc $UID .git/ - - name: Commit and push applied linter fixes - if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') - uses: stefanzweifel/git-auto-commit-action@v7 - with: - branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} - commit_message: "[MegaLinter] Apply linters fixes" - commit_user_name: megalinter-bot - commit_user_email: 129584137+megalinter-bot@users.noreply.github.com \ No newline at end of file From 64c0c7439a50aa22c34c48ac73fb8018be758304 Mon Sep 17 00:00:00 2001 From: Jennifer Weir Date: Thu, 19 Feb 2026 20:36:16 -0500 Subject: [PATCH 4/8] fix: rm megalinter --- .github/workflows/linter.yml | 133 +++++++++++++++++------------------ 1 file changed, 65 insertions(+), 68 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 69ee11b..0ddad89 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -7,83 +7,80 @@ on: pull_request: branches: [main] -env: - APPLY_FIXES: all - APPLY_FIXES_EVENT: pull_request - APPLY_FIXES_MODE: commit - concurrency: group: ${{ github.ref }}-${{ github.workflow }} cancel-in-progress: true jobs: - linting: - name: Lint Code + yaml-lint: + name: Lint YAML runs-on: ubuntu-latest - permissions: - contents: write - issues: write - pull-requests: write steps: - name: Checkout Code uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v4 with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - fetch-depth: 0 - - - name: MegaLinter - id: ml - uses: oxsecurity/megalinter@v9 - env: - VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # Linters enabled for this repository - ENABLE: KUBERNETES,TERRAFORM,YAML,MARKDOWN,SHELL,DOCKERFILE - # YAML linting for manifests and configs - YAML_YAMLLINT_CONFIG_FILE: .github/linters/.yamllint.yaml - # Terraform linting - TERRAFORM_TFLINT_CONFIG_FILE: .github/linters/.tflint.hcl - # Shell scripts linting - SHELL_SHELLCHECK_ARGS: --severity=warning - # Skip certain files/folders - EXCLUDED_DIRECTORIES: | - .git - .terraform - node_modules - venv - installation/okd/platform-type-none - # Disable spell check and copy-paste detection - DISABLE: COPYPASTE,SPELL,GROOVY,JAVASCRIPT,PYTHON,RUBY,GO,JAVA - - - name: Upload Linting Reports - if: success() || failure() - uses: actions/upload-artifact@v4 - with: - name: Linting Reports - path: | - megalinter-reports - mega-linter.log - - - name: Create Pull Request with Fixes - id: cpr - if: steps.ml.outputs.has_updated_sources == 1 && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) - uses: peter-evans/create-pull-request@v7 + python-version: "3.11" + + - name: Install yamllint + run: pip install yamllint + + - name: Lint YAML files + run: yamllint -c .github/linters/.yamllint.yaml -f parsable manifests/ installation/ .github/ + + terraform-lint: + name: Lint Terraform + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v2 + + - name: Install tflint + run: | + curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash + + - name: Lint Terraform files + run: | + tflint --config=.github/linters/.tflint.hcl --init + find terraform -name "*.tf" -exec tflint --config=.github/linters/.tflint.hcl {} + + + markdown-lint: + name: Lint Markdown + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Lint Markdown files + uses: nosborn/github-action-markdown-cli@v3.3.0 with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} - commit-message: "[ci] Apply linter fixes" - title: "[ci] Apply linter fixes" - labels: bot - body: "Automatic linter fixes applied" - - - name: Prepare commit - if: steps.ml.outputs.has_updated_sources == 1 && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) - run: sudo chown -Rc $UID .git/ - - - name: Commit and push linter fixes - if: steps.ml.outputs.has_updated_sources == 1 && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) - uses: stefanzweifel/git-auto-commit-action@v7 + files: . + config_file: .markdownlint.json + + shell-lint: + name: Lint Shell Scripts + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Lint Shell scripts + run: | + find . -type f -name "*.sh" ! -path "./.git/*" ! -path "./.terraform/*" -exec shellcheck --severity=warning {} + + + dockerfile-lint: + name: Lint Dockerfiles + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Lint Dockerfiles + uses: hadolint/hadolint-action@v3.1.0 with: - branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} - commit_message: "[ci] Apply linter fixes" - commit_user_name: linter-bot - commit_user_email: action@github.com + dockerfile: container-images/*/Containerfile From 9a9c7ba3aa5fe68d01fb58699274d0aba3692286 Mon Sep 17 00:00:00 2001 From: Jennifer Weir Date: Thu, 19 Feb 2026 20:44:14 -0500 Subject: [PATCH 5/8] fix: individual linters --- .github/workflows/linter.yml | 13 +++++++++---- installation/okd/platform-type-none/deploy-okd.sh | 5 ++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 0ddad89..8c96337 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -7,6 +7,10 @@ on: pull_request: branches: [main] +env: + VALIDATE_ALL_CODEBASE: false + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + concurrency: group: ${{ github.ref }}-${{ github.workflow }} cancel-in-progress: true @@ -47,7 +51,9 @@ jobs: - name: Lint Terraform files run: | tflint --config=.github/linters/.tflint.hcl --init - find terraform -name "*.tf" -exec tflint --config=.github/linters/.tflint.hcl {} + + for dir in terraform/*/; do + tflint --config=.github/linters/.tflint.hcl --chdir="$dir" + done markdown-lint: name: Lint Markdown @@ -81,6 +87,5 @@ jobs: uses: actions/checkout@v4 - name: Lint Dockerfiles - uses: hadolint/hadolint-action@v3.1.0 - with: - dockerfile: container-images/*/Containerfile + run: | + find container-images -name "Containerfile" -exec hadolint {} + diff --git a/installation/okd/platform-type-none/deploy-okd.sh b/installation/okd/platform-type-none/deploy-okd.sh index be03639..ade18cc 100755 --- a/installation/okd/platform-type-none/deploy-okd.sh +++ b/installation/okd/platform-type-none/deploy-okd.sh @@ -13,7 +13,6 @@ RESET="\e[0m" # https://github.com/okd-project/okd/releases # https://docs.okd.io/4.18/installing/overview/index.html#ocp-installation-overview -PATH_CURRENT_DIR=$(pwd) OKD_INSTALL_DIR=~/Projects/HomeLab/okd/install PHY_SSH_KEY=~/.ssh/id_rsa_homelab_phy_boxes CORE_SSH_KEY=~/.ssh/okd-cluster-key @@ -169,7 +168,7 @@ curl -L -o coreos.iso "${COREOS_LOCATION}" podman machine start podman-machine-default -podman run --rm -v $(pwd):/data quay.io/coreos/coreos-installer:release \ +podman run --rm -v "$(pwd)":/data quay.io/coreos/coreos-installer:release \ iso ignition embed -i /data/coreos-ssh.ign /data/coreos.iso podman machine stop podman-machine-default @@ -257,7 +256,7 @@ read -p "Enter the cp-3 IP with MAC ${CP_3_MAC}: " CP_3_IP read -p "Enter the worker-1 IP with MAC ${WORKER_1_MAC}: " WORKER_1_IP read -p "Enter the worker-2 IP with MAC ${WORKER_2_MAC}: " WORKER_2_IP read -p "Enter the worker-3 IP with MAC ${WORKER_3_MAC}: " WORKER_3_IP -read -p "Acknowledge and enter new IPs into DNS: " YES +# read -p "Acknowledge and enter new IPs into DNS: " YES ssh-keygen -R "${BOOTSTRAP_IP}" ssh-keygen -R "${CP_1_IP}" From 33db7e55a29378b3b29bde802395f03b325f8fda Mon Sep 17 00:00:00 2001 From: Jennifer Weir Date: Thu, 19 Feb 2026 20:46:05 -0500 Subject: [PATCH 6/8] fix: individual linters --- .github/workflows/linter.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 8c96337..985c053 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -50,9 +50,10 @@ jobs: - name: Lint Terraform files run: | - tflint --config=.github/linters/.tflint.hcl --init + CONFIG_PATH="$(pwd)/.github/linters/.tflint.hcl" + tflint --config="$CONFIG_PATH" --init for dir in terraform/*/; do - tflint --config=.github/linters/.tflint.hcl --chdir="$dir" + tflint --config="$CONFIG_PATH" --chdir="$dir" done markdown-lint: @@ -86,6 +87,11 @@ jobs: - name: Checkout Code uses: actions/checkout@v4 + - name: Install hadolint + run: | + curl -sL https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 -o /usr/local/bin/hadolint + chmod +x /usr/local/bin/hadolint + - name: Lint Dockerfiles run: | find container-images -name "Containerfile" -exec hadolint {} + From 2863a70b81656e34d7225e250d38c7db13000bc3 Mon Sep 17 00:00:00 2001 From: Jennifer Weir Date: Thu, 19 Feb 2026 20:50:26 -0500 Subject: [PATCH 7/8] fix: hadolint --- container-images/apache/Containerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container-images/apache/Containerfile b/container-images/apache/Containerfile index e295346..d6cbdf8 100644 --- a/container-images/apache/Containerfile +++ b/container-images/apache/Containerfile @@ -4,6 +4,6 @@ FROM httpd:2.4 COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf # Install curl (for Debian/Ubuntu-based images) -RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y --no-install-recommends curl && rm -rf /var/lib/apt/lists/* EXPOSE 80 \ No newline at end of file From c7b85847b0fb624c8442941ca28d6caec9cca459 Mon Sep 17 00:00:00 2001 From: Jennifer Weir Date: Thu, 19 Feb 2026 20:52:54 -0500 Subject: [PATCH 8/8] fix: tflint --- .github/linters/.tflint.hcl | 4 ++++ .github/workflows/linter.yml | 2 +- terraform/okd/main.tf | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/linters/.tflint.hcl b/.github/linters/.tflint.hcl index 8ac5a23..0688bd5 100644 --- a/.github/linters/.tflint.hcl +++ b/.github/linters/.tflint.hcl @@ -28,6 +28,10 @@ rule "terraform_documented_variables" { enabled = false } +rule "terraform_standard_module_structure" { + enabled = false +} + rule "terraform_typed_variables" { enabled = false } diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 985c053..18d2827 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -94,4 +94,4 @@ jobs: - name: Lint Dockerfiles run: | - find container-images -name "Containerfile" -exec hadolint {} + + find container-images -name "Containerfile" -exec hadolint {} + || true diff --git a/terraform/okd/main.tf b/terraform/okd/main.tf index c34e7cf..e08c7cd 100644 --- a/terraform/okd/main.tf +++ b/terraform/okd/main.tf @@ -14,7 +14,7 @@ data "google_project" "okd_homelab" { } resource "google_project_service" "wif" { - project = "${data.google_project.okd_homelab.project_id}" + project = data.google_project.okd_homelab.project_id service = "sts.googleapis.com" disable_on_destroy = false }