fix: Incorrect indentation causing malformed PEM file

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/filter_plugins/netaddr.py

@@ -1,14 +0,0 @@
-import netaddr
-
-def netaddr_iter_iprange(ip_start, ip_end):
-    return [str(ip) for ip in netaddr.iter_iprange(ip_start, ip_end)]
-
-class FilterModule(object):
-        ''' Ansible filter. Interface to netaddr methods.
-            https://pypi.org/project/netaddr/
-        '''
-
-        def filters(self):
-            return {
-                'netaddr_iter_iprange': netaddr_iter_iprange
-            }

ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2

@@ -3,8 +3,8 @@ kind: Kustomization
 resources:
 - cluster-template.yaml
 
-patchesStrategicMerge:
-  - |-
+patches:
+- patch: |-
     apiVersion: v1
     kind: Secret
     metadata:
@@ -32,7 +32,7 @@ patchesStrategicMerge:
             [Network]
             public-network = "${VSPHERE_NETWORK}"
         type: Opaque
-  - |-
+- patch: |-
     apiVersion: controlplane.cluster.x-k8s.io/v1beta1
     kind: KubeadmControlPlane
     metadata:
@@ -42,7 +42,7 @@ patchesStrategicMerge:
       kubeadmConfigSpec:
         clusterConfiguration:
           imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
-  - |-
+- patch: |-
     apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
     kind: KubeadmConfigTemplate
     metadata:
@@ -53,7 +53,7 @@ patchesStrategicMerge:
         spec:
           clusterConfiguration:
             imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
-  - |-
+- patch: |-
     apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
     kind: KubeadmConfigTemplate
     metadata:
@@ -86,7 +86,7 @@ patchesStrategicMerge:
               {{ _template.rootca | indent(width=14, first=False) | trim }}
             owner: root:root
             path: /usr/local/share/ca-certificates/root_ca.crt
-  - |-
+- patch: |-
     apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
     kind: VSphereMachineTemplate
     metadata:
@@ -105,7 +105,7 @@ patchesStrategicMerge:
               nameservers:
               - {{ _template.network.dnsserver }}
               networkName: '${VSPHERE_NETWORK}'
-  - |-
+- patch: |-
     apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
     kind: VSphereMachineTemplate
     metadata:
@@ -125,132 +125,131 @@ patchesStrategicMerge:
               - {{ _template.network.dnsserver }}
               networkName: '${VSPHERE_NETWORK}'
 
-patchesJson6902:
-  - target:
-      group: controlplane.cluster.x-k8s.io
-      version: v1beta1
-      kind: KubeadmControlPlane
-      name: .*
-    patch: |-
-      - op: add
-        path: /spec/kubeadmConfigSpec/files/-
-        value:
-          content: |
-              [plugins."io.containerd.grpc.v1.cri".registry]
-                config_path = "/etc/containerd/certs.d"
-          append: true
-          path: /etc/containerd/config.toml
+- target:
+    group: controlplane.cluster.x-k8s.io
+    version: v1beta1
+    kind: KubeadmControlPlane
+    name: .*
+  patch: |-
+    - op: add
+      path: /spec/kubeadmConfigSpec/files/-
+      value:
+        content: |
+            [plugins."io.containerd.grpc.v1.cri".registry]
+              config_path = "/etc/containerd/certs.d"
+        append: true
+        path: /etc/containerd/config.toml
 {% for registry in _template.registries %}
-      - op: add
-        path: /spec/kubeadmConfigSpec/files/-
-        value:
-          content: |
-            server = "https://{{ registry }}"
+    - op: add
+      path: /spec/kubeadmConfigSpec/files/-
+      value:
+        content: |
+          server = "https://{{ registry }}"
 
-            [host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"]
-              capabilities = ["pull", "resolve"]
-              override_path = true
-          owner: root:root
-          path: /etc/containerd/certs.d/{{ registry }}/hosts.toml
+          [host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"]
+            capabilities = ["pull", "resolve"]
+            override_path = true
+        owner: root:root
+        path: /etc/containerd/certs.d/{{ registry }}/hosts.toml
 {% endfor %}
-      - op: add
-        path: /spec/kubeadmConfigSpec/files/-
-        value:
-          content: |
-            network: {config: disabled}
-          owner: root:root
-          path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
-      - op: add
-        path: /spec/kubeadmConfigSpec/files/-
-        value:
-          content: |
-            {{ _template.rootca | indent(width=12, first=False) | trim }}
-          owner: root:root
-          path: /usr/local/share/ca-certificates/root_ca.crt
-  - target:
-      group: bootstrap.cluster.x-k8s.io
-      version: v1beta1
-      kind: KubeadmConfigTemplate
-      name: .*
-    patch: |-
+    - op: add
+      path: /spec/kubeadmConfigSpec/files/-
+      value:
+        content: |
+          network: {config: disabled}
+        owner: root:root
+        path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
+    - op: add
+      path: /spec/kubeadmConfigSpec/files/-
+      value:
+        content: |
+          {{ _template.rootca | indent(width=10, first=False) | trim }}
+        owner: root:root
+        path: /usr/local/share/ca-certificates/root_ca.crt
+- target:
+    group: bootstrap.cluster.x-k8s.io
+    version: v1beta1
+    kind: KubeadmConfigTemplate
+    name: .*
+  patch: |-
 {% for cmd in _template.runcmds %}
-      - op: add
-        path: /spec/template/spec/preKubeadmCommands/-
-        value: {{ cmd }}
+    - op: add
+      path: /spec/template/spec/preKubeadmCommands/-
+      value: {{ cmd }}
 {% endfor %}
-  - target:
-      group: controlplane.cluster.x-k8s.io
-      version: v1beta1
-      kind: KubeadmControlPlane
-      name: .*
-    patch: |-
+- target:
+    group: controlplane.cluster.x-k8s.io
+    version: v1beta1
+    kind: KubeadmControlPlane
+    name: .*
+  patch: |-
 {% for cmd in _template.runcmds %}
-      - op: add
-        path: /spec/kubeadmConfigSpec/preKubeadmCommands/-
-        value: {{ cmd }}
+    - op: add
+      path: /spec/kubeadmConfigSpec/preKubeadmCommands/-
+      value: {{ cmd }}
 {% endfor %}
 
-  - target:
-      group: infrastructure.cluster.x-k8s.io
-      version: v1beta1
-      kind: VSphereMachineTemplate
-      name: \${CLUSTER_NAME}
-    patch: |-
-      - op: replace
-        path: /metadata/name
-        value: ${CLUSTER_NAME}-master
-  - target:
-      group: controlplane.cluster.x-k8s.io
-      version: v1beta1
-      kind: KubeadmControlPlane
-      name: \${CLUSTER_NAME}
-    patch: |-
-      - op: replace
-        path: /metadata/name
-        value: ${CLUSTER_NAME}-master
-      - op: replace
-        path: /spec/machineTemplate/infrastructureRef/name
-        value: ${CLUSTER_NAME}-master
-  - target:
-      group: cluster.x-k8s.io
-      version: v1beta1
-      kind: Cluster
-      name: \${CLUSTER_NAME}
-    patch: |-
-      - op: replace
-        path: /spec/controlPlaneRef/name
-        value: ${CLUSTER_NAME}-master
+- target:
+    group: infrastructure.cluster.x-k8s.io
+    version: v1beta1
+    kind: VSphereMachineTemplate
+    name: \${CLUSTER_NAME}
+  patch: |-
+    - op: replace
+      path: /metadata/name
+      value: ${CLUSTER_NAME}-master
+- target:
+    group: controlplane.cluster.x-k8s.io
+    version: v1beta1
+    kind: KubeadmControlPlane
+    name: \${CLUSTER_NAME}
+  patch: |-
+    - op: replace
+      path: /metadata/name
+      value: ${CLUSTER_NAME}-master
+    - op: replace
+      path: /spec/machineTemplate/infrastructureRef/name
+      value: ${CLUSTER_NAME}-master
+- target:
+    group: cluster.x-k8s.io
+    version: v1beta1
+    kind: Cluster
+    name: \${CLUSTER_NAME}
+  patch: |-
+    - op: replace
+      path: /spec/controlPlaneRef/name
+      value: ${CLUSTER_NAME}-master
 
-  - target:
-      group: infrastructure.cluster.x-k8s.io
-      version: v1beta1
-      kind: VSphereMachineTemplate
-      name: \${CLUSTER_NAME}-worker
-    patch: |-
-      - op: replace
-        path: /spec/template/spec/numCPUs
-        value: {{ _template.nodesize.cpu }}
-      - op: replace
-        path: /spec/template/spec/memoryMiB
-        value: {{ _template.nodesize.memory }}
-  - target:
-      group: cluster.x-k8s.io
-      version: v1beta1
-      kind: MachineDeployment
-      name: \${CLUSTER_NAME}-md-0
-    patch: |-
-      - op: replace
-        path: /metadata/name
-        value: ${CLUSTER_NAME}-worker
-      - op: replace
-        path: /spec/template/spec/bootstrap/configRef/name
-        value: ${CLUSTER_NAME}-worker
-  - target:
-      group: bootstrap.cluster.x-k8s.io
-      version: v1beta1
-      kind: KubeadmConfigTemplate
-      name: \${CLUSTER_NAME}-md-0
-    patch: |-
-      - op: replace
-        path: /metadata/name
-        value: ${CLUSTER_NAME}-worker
+- target:
+    group: infrastructure.cluster.x-k8s.io
+    version: v1beta1
+    kind: VSphereMachineTemplate
+    name: \${CLUSTER_NAME}-worker
+  patch: |-
+    - op: replace
+      path: /spec/template/spec/numCPUs
+      value: {{ _template.nodesize.cpu }}
+    - op: replace
+      path: /spec/template/spec/memoryMiB
+      value: {{ _template.nodesize.memory }}
+- target:
+    group: cluster.x-k8s.io
+    version: v1beta1
+    kind: MachineDeployment
+    name: \${CLUSTER_NAME}-md-0
+  patch: |-
+    - op: replace
+      path: /metadata/name
+      value: ${CLUSTER_NAME}-worker
+    - op: replace
+      path: /spec/template/spec/bootstrap/configRef/name
+      value: ${CLUSTER_NAME}-worker
+- target:
+    group: bootstrap.cluster.x-k8s.io
+    version: v1beta1
+    kind: KubeadmConfigTemplate
+    name: \${CLUSTER_NAME}-md-0
+  patch: |-
+    - op: replace
+      path: /metadata/name
+      value: ${CLUSTER_NAME}-worker

ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.nodepool.j2

@@ -5,8 +5,8 @@ resources:
 - manifests/machinedeployment-{{ _template.cluster.name }}-worker.yaml
 - manifests/vspheremachinetemplate-{{ _template.cluster.name }}-worker.yaml
 
-patchesStrategicMerge:
-  - |-
+patches:
+- patch: |-
     apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
     kind: KubeadmConfigTemplate
     metadata:
@@ -31,7 +31,7 @@ patchesStrategicMerge:
           mounts:
           - - LABEL=blockstorage
             - /mnt/blockstorage
-  - |-
+- patch: |-
     apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
     kind: VSphereMachineTemplate
     metadata:
@@ -43,42 +43,41 @@ patchesStrategicMerge:
           additionalDisksGiB:
           - {{ _template.nodepool.additionaldisk }}
 
-patchesJson6902:
-  - target:
-      group: bootstrap.cluster.x-k8s.io
-      version: v1beta1
-      kind: KubeadmConfigTemplate
-      name: {{ _template.cluster.name }}-worker
-    patch: |-
-      - op: replace
-        path: /metadata/name
-        value: {{ _template.cluster.name }}-worker-storage
+- target:
+    group: bootstrap.cluster.x-k8s.io
+    version: v1beta1
+    kind: KubeadmConfigTemplate
+    name: {{ _template.cluster.name }}-worker
+  patch: |-
+    - op: replace
+      path: /metadata/name
+      value: {{ _template.cluster.name }}-worker-storage
 
-  - target:
-      group: cluster.x-k8s.io
-      version: v1beta1
-      kind: MachineDeployment
-      name: {{ _template.cluster.name }}-worker
-    patch: |-
-      - op: replace
-        path: /metadata/name
-        value: {{ _template.cluster.name }}-worker-storage
-      - op: replace
-        path: /spec/template/spec/bootstrap/configRef/name
-        value: {{ _template.cluster.name }}-worker-storage
-      - op: replace
-        path: /spec/template/spec/infrastructureRef/name
-        value: {{ _template.cluster.name }}-worker-storage
-      - op: replace
-        path: /spec/replicas
-        value: {{ _template.nodepool.size }}
+- target:
+    group: cluster.x-k8s.io
+    version: v1beta1
+    kind: MachineDeployment
+    name: {{ _template.cluster.name }}-worker
+  patch: |-
+    - op: replace
+      path: /metadata/name
+      value: {{ _template.cluster.name }}-worker-storage
+    - op: replace
+      path: /spec/template/spec/bootstrap/configRef/name
+      value: {{ _template.cluster.name }}-worker-storage
+    - op: replace
+      path: /spec/template/spec/infrastructureRef/name
+      value: {{ _template.cluster.name }}-worker-storage
+    - op: replace
+      path: /spec/replicas
+      value: {{ _template.nodepool.size }}
 
-  - target:
-      group: infrastructure.cluster.x-k8s.io
-      version: v1beta1
-      kind: VSphereMachineTemplate
-      name: {{ _template.cluster.name }}-worker
-    patch: |-
-      - op: replace
-        path: /metadata/name
-        value: {{ _template.cluster.name }}-worker-storage
+- target:
+    group: infrastructure.cluster.x-k8s.io
+    version: v1beta1
+    kind: VSphereMachineTemplate
+    name: {{ _template.cluster.name }}-worker
+  patch: |-
+    - op: replace
+      path: /metadata/name
+      value: {{ _template.cluster.name }}-worker-storage

ansible/vars/metacluster.yml

@@ -1,7 +1,7 @@
 platform:
 
   k3s:
-    version: v1.26.3+k3s1
+    version: v1.25.9+k3s1
 
   packaged_components:
     - name: traefik
@@ -115,13 +115,13 @@ components:
         infrastructure_vsphere: v1.6.0
         ipam_incluster: v0.1.0-alpha.2
         # Refer to `https://console.cloud.google.com/gcr/images/cloud-provider-vsphere/GLOBAL/cpi/release/manager` for available tags
-        cpi_vsphere: v1.26.0
+        cpi_vsphere: v1.25.2
     workload:
       version:
         calico: v3.25.0
-        k8s: v1.26.3
+        k8s: v1.25.10
       node_template:
-        url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2004-kube-v1.26.3.ova
+        url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2204-kube-v1.25.10.ova
 
   # dex:
   #   helm: