kubespray 2.24 추가

tests/Makefile

@@ -0,0 +1,90 @@
+INVENTORY=$(PWD)/../inventory/sample/${CI_JOB_NAME}-${BUILD_NUMBER}.ini
+
+$(HOME)/.ssh/id_rsa:
+	mkdir -p $(HOME)/.ssh
+	echo $(PRIVATE_KEY) | base64 -d > $(HOME)/.ssh/id_rsa
+	chmod 400 $(HOME)/.ssh/id_rsa
+
+init-gce: $(HOME)/.ssh/id_rsa
+	# echo $(GCE_PEM_FILE) | base64 -d > $(HOME)/.ssh/gce
+	echo "$(GCE_CREDENTIALS_B64)" | base64 -d > $(HOME)/.ssh/gce.json
+
+init-do: $(HOME)/.ssh/id_rsa
+	echo $(DO_PRIVATE_KEY) | base64 -d > $(HOME)/.ssh/id_rsa
+
+init-packet:
+	echo $(PACKET_VM_SSH_PRIVATE_KEY) | base64 -d > $(HOME)/.ssh/id_rsa
+	chmod 400 $(HOME)/.ssh/id_rsa
+
+create-tf:
+	./scripts/create-tf.sh
+
+delete-tf:
+	./scripts/delete-tf.sh
+
+create-gce: init-gce
+	ansible-playbook cloud_playbooks/create-gce.yml -i local_inventory/hosts.cfg -c local \
+	$(ANSIBLE_LOG_LEVEL) \
+	-e @"files/${CI_JOB_NAME}.yml" \
+	-e gce_credentials_file=$(HOME)/.ssh/gce.json \
+	-e gce_project_id=$(GCE_PROJECT_ID) \
+	-e gce_service_account_email=$(GCE_ACCOUNT) \
+	-e inventory_path=$(INVENTORY) \
+	-e test_id=$(TEST_ID) \
+	-e preemptible=$(GCE_PREEMPTIBLE)
+
+
+delete-gce:
+	ansible-playbook -i $(INVENTORY) cloud_playbooks/delete-gce.yml -c local \
+	$(ANSIBLE_LOG_LEVEL) \
+	-e @"files/${CI_JOB_NAME}.yml" \
+	-e test_id=$(TEST_ID) \
+	-e gce_project_id=$(GCE_PROJECT_ID) \
+	-e gce_service_account_email=$(GCE_ACCOUNT) \
+	-e gce_credentials_file=$(HOME)/.ssh/gce.json \
+	-e inventory_path=$(INVENTORY)
+
+create-do: init-do
+	ansible-playbook cloud_playbooks/create-do.yml -i local_inventory/hosts.cfg -c local \
+	${ANSIBLE_LOG_LEVEL} \
+	-e @"files/${CI_JOB_NAME}.yml" \
+	-e inventory_path=$(INVENTORY) \
+	-e test_id=${TEST_ID}
+
+delete-do:
+	ansible-playbook -i $(INVENTORY) cloud_playbooks/create-do.yml -c local \
+	$(ANSIBLE_LOG_LEVEL) \
+	-e @"files/${CI_JOB_NAME}.yml" \
+	-e state=absent \
+	-e test_id=${TEST_ID} \
+	-e inventory_path=$(INVENTORY)
+
+create-packet: init-packet
+	ansible-playbook cloud_playbooks/create-packet.yml -c local \
+	$(ANSIBLE_LOG_LEVEL) \
+	-e @"files/${CI_JOB_NAME}.yml" \
+	-e test_id=$(TEST_ID) \
+	-e branch="$(CI_COMMIT_BRANCH)" \
+	-e pipeline_id="$(CI_PIPELINE_ID)" \
+	-e inventory_path=$(INVENTORY)
+
+delete-packet:
+	ansible-playbook cloud_playbooks/delete-packet.yml -c local \
+	$(ANSIBLE_LOG_LEVEL) \
+	-e @"files/${CI_JOB_NAME}.yml" \
+	-e test_id=$(TEST_ID) \
+	-e branch="$(CI_COMMIT_BRANCH)" \
+	-e pipeline_id="$(CI_PIPELINE_ID)" \
+	-e inventory_path=$(INVENTORY)
+
+cleanup-packet:
+	ansible-playbook cloud_playbooks/cleanup-packet.yml -c local \
+	$(ANSIBLE_LOG_LEVEL)
+
+create-vagrant:
+	vagrant up
+	find / -name vagrant_ansible_inventory
+	cp  /builds/kargo-ci/kubernetes-sigs-kubespray/inventory/sample/vagrant_ansible_inventory $(INVENTORY)
+
+delete-vagrant:
+	vagrant destroy -f

tests/README.md

@@ -0,0 +1,40 @@
+# Kubespray cloud deployment tests
+
+## Amazon Web Service
+
+|              | Calico        | Flannel       | Weave         |
+------------- | ------------- | ------------- | ------------- |
+Debian Jessie | [![Build Status](https://ci.kubespray.io/job/kubespray-aws-calico-jessie/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-calico-jessie)  | [![Build Status](https://ci.kubespray.io/job/kubespray-aws-flannel-jessie/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-flannel-jessie/) | [![Build Status](https://ci.kubespray.io/job/kubespray-aws-weave-jessie/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-weave-jessie/) |
+Ubuntu Trusty |[![Build Status](https://ci.kubespray.io/job/kubespray-aws-calico-trusty/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-calico-trusty/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-flannel-trusty/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-flannel-trusty/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-weave-trusty/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-weave-trusty)|
+RHEL 7.2      |[![Build Status](https://ci.kubespray.io/job/kubespray-aws-calico-rhel72/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-calico-rhel72/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-flannel-rhel72/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-flannel-rhel72/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-weave-rhel72/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-weave-rhel72/)|
+CentOS 7      |[![Build Status](https://ci.kubespray.io/job/kubespray-aws-calico-centos7/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-calico-centos7/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-flannel-centos7/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-flannel-centos7/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-weave-centos7/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-weave-centos7/)|
+
+## Test environment variables
+
+### Common
+
+Variable              | Description                            | Required   | Default
+--------------------- | -------------------------------------- | ---------- | --------
+`TEST_ID`             | A unique execution ID for this test    | Yes        |
+`KUBE_NETWORK_PLUGIN` | The network plugin (calico or flannel) | Yes        |
+`PRIVATE_KEY_FILE`    | The path to the SSH private key file   | No         |
+
+### AWS Tests
+
+Variable              | Description                                     | Required   | Default
+--------------------- | ----------------------------------------------- | ---------- | ---------
+`AWS_ACCESS_KEY`      | The Amazon Access Key ID                        | Yes        |
+`AWS_SECRET_KEY`      | The Amazon Secret Access Key                    | Yes        |
+`AWS_AMI_ID`          | The AMI ID to deploy                            | Yes        |
+`AWS_KEY_PAIR_NAME`   | The name of the EC2 key pair to use             | Yes        |
+`AWS_SECURITY_GROUP`  | The EC2 Security Group to use                   | No         | default
+`AWS_REGION`          | The EC2 region                                  | No         | eu-central-1
+
+#### Use private ssh key
+
+##### Key
+
+```bash
+openssl pkcs12 -in gce-secure.p12 -passin pass:notasecret -nodes -nocerts | openssl rsa -out gce-secure.pem
+cat gce-secure.pem |base64 -w0 > GCE_PEM_FILE`
+```

tests/ansible.cfg

@@ -0,0 +1,16 @@
+[ssh_connection]
+pipelining=True
+ansible_ssh_common_args = -o ControlMaster=auto -o ControlPersist=30m -o ConnectionAttempts=100
+retries=2
+[defaults]
+forks = 20
+host_key_checking=False
+gathering = smart
+fact_caching = jsonfile
+fact_caching_connection = /tmp
+stdout_callback = default
+display_skipped_hosts = no
+library = ./library:../library
+callbacks_enabled = profile_tasks
+jinja2_extensions = jinja2.ext.do
+roles_path = ../roles

tests/cloud_playbooks/cleanup-packet.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Cleanup packet vms
+  hosts: localhost
+  gather_facts: no
+  become: true
+  roles:
+    - { role: cleanup-packet-ci }

tests/cloud_playbooks/create-aws.yml

@@ -0,0 +1,26 @@
+---
+- name: Provision AWS VMs
+  hosts: localhost
+  become: False
+  gather_facts: False
+
+  tasks:
+  - name: Provision a set of instances
+    amazon.aws.ec2_instance:
+      key_name: "{{ aws.key_name }}"
+      aws_access_key: "{{ aws.access_key }}"
+      aws_secret_key: "{{ aws.secret_key }}"
+      region: "{{ aws.region }}"
+      group_id: "{{ aws.group }}"
+      instance_type: "{{ aws.instance_type }}"
+      image: "{{ aws.ami_id }}"
+      wait: true
+      count: "{{ aws.count }}"
+      instance_tags: "{{ aws.tags }}"
+    register: ec2
+
+  - name: Template the inventory
+    template:
+      src: ../templates/inventory-aws.j2  # noqa no-relative-paths - CI inventory templates are not in role_path
+      dest: "{{ inventory_path }}"
+      mode: 0644

tests/cloud_playbooks/create-do.yml

@@ -0,0 +1,94 @@
+---
+- name: Provision Digital Ocean VMs
+  hosts: localhost
+  become: false
+  gather_facts: no
+  vars:
+    state: "present"
+    ssh_key_id: "6536865"
+    cloud_machine_type: 2gb
+    regions:
+      - nyc1
+      - sfo1
+      - nyc2
+      - ams2
+      - sgp1
+      - lon1
+      - nyc3
+      - ams3
+      - fra1
+      - tor1
+      - sfo2
+      - blr1
+    cloud_images:
+      - fedora-24-x64
+      - centos-5-x64
+      - centos-5-x32
+      - fedora-25-x64
+      - debian-7-x64
+      - debian-7-x32
+      - debian-8-x64
+      - debian-8-x32
+      - centos-6-x32
+      - centos-6-x64
+      - ubuntu-16-10-x32
+      - ubuntu-16-10-x64
+      - freebsd-11-0-x64-zfs
+      - freebsd-10-3-x64-zfs
+      - ubuntu-12-04-x32
+      - ubuntu-12-04-x64
+      - ubuntu-16-04-x64
+      - ubuntu-16-04-x32
+      - ubuntu-14-04-x64
+      - ubuntu-14-04-x32
+      - centos-7-x64
+      - freebsd-11-0-x64
+      - freebsd-10-3-x64
+      - centos-7-3-1611-x64
+    mode: default
+
+  tasks:
+    - name: Replace_test_id
+      set_fact:
+        test_name: "{{ test_id | regex_replace('\\.', '-') }}"
+
+    - name: Show vars
+      debug:
+        msg: "{{ cloud_region }}, {{ cloud_image }}"
+
+    - name: Set instance names
+      set_fact:
+        # noqa: jinja[spacing]
+        instance_names: >-
+          {%- if mode in ['separate', 'ha'] -%}
+          ["k8s-{{ test_name }}-1", "k8s-{{ test_name }}-2", "k8s-{{ test_name }}-3"]
+          {%- else -%}
+          ["k8s-{{ test_name }}-1", "k8s-{{ test_name }}-2"]
+          {%- endif -%}
+
+    - name: Manage DO instances | {{ state }}
+      community.digitalocean.digital_ocean:
+        unique_name: yes
+        api_token: "{{ lookup('env', 'DO_API_TOKEN') }}"
+        command: "droplet"
+        image_id: "{{ cloud_image }}"
+        name: "{{ item }}"
+        private_networking: no
+        region_id: "{{ cloud_region }}"
+        size_id: "{{ cloud_machine_type }}"
+        ssh_key_ids: "{{ ssh_key_id }}"
+        state: "{{ state }}"
+        wait: yes
+      register: droplets
+      with_items: "{{ instance_names }}"
+
+    - debug:  # noqa unnamed-task
+        msg: "{{ droplets }}, {{ inventory_path }}"
+      when: state == 'present'
+
+    - name: Template the inventory
+      template:
+        src: ../templates/inventory-do.j2  # noqa no-relative-paths - CI templates are not in role_path
+        dest: "{{ inventory_path }}"
+        mode: 0644
+      when: state == 'present'

tests/cloud_playbooks/create-gce.yml

@@ -0,0 +1,81 @@
+---
+- name: Provision Google Cloud VMs
+  hosts: localhost
+  become: false
+  gather_facts: no
+  vars:
+    cloud_machine_type: g1-small
+    mode: default
+    preemptible: no
+    ci_job_name: "{{ lookup('env', 'CI_JOB_NAME') }}"
+    delete_group_vars: no
+  tasks:
+    - name: Include vars for test {{ ci_job_name }}
+      include_vars: "../files/{{ ci_job_name }}.yml"
+
+    - name: Replace_test_id
+      set_fact:
+        test_name: "{{ test_id | regex_replace('\\.', '-') }}"
+
+    - name: Set instance names
+      set_fact:
+        # noqa: jinja[spacing]
+        instance_names: >-
+          {%- if mode in ['separate', 'separate-scale', 'ha', 'ha-scale'] -%}
+          k8s-{{ test_name }}-1,k8s-{{ test_name }}-2,k8s-{{ test_name }}-3
+          {%- elif mode == 'all-in-one' -%}
+          k8s-{{ test_name }}-1
+          {%- else -%}
+          k8s-{{ test_name }}-1,k8s-{{ test_name }}-2
+          {%- endif -%}
+
+    - name: Create gce instances
+      google.cloud.gcp_compute_instance:  # noqa args[module] - Probably doesn't work
+        instance_names: "{{ instance_names }}"
+        machine_type: "{{ cloud_machine_type }}"
+        image: "{{ cloud_image | default(omit) }}"
+        image_family: "{{ cloud_image_family | default(omit) }}"
+        preemptible: "{{ preemptible }}"
+        service_account_email: "{{ gce_service_account_email }}"
+        pem_file: "{{ gce_pem_file | default(omit) }}"
+        credentials_file: "{{ gce_credentials_file | default(omit) }}"
+        project_id: "{{ gce_project_id }}"
+        zone: "{{ cloud_region }}"
+        metadata: '{"test_id": "{{ test_id }}", "network": "{{ kube_network_plugin }}", "startup-script": "{{ startup_script | default("") }}"}'
+        tags: "build-{{ test_name }},{{ kube_network_plugin }}"
+        ip_forward: yes
+        service_account_permissions: ['compute-rw']
+      register: gce
+
+    - name: Add instances to host group
+      add_host:
+        hostname: "{{ item.public_ip }}"
+        groupname: "waitfor_hosts"
+      with_items: '{{ gce.instance_data }}'
+
+    - name: Template the inventory  # noqa no-relative-paths - CI inventory templates are not in role_path
+      template:
+        src: ../templates/inventory-gce.j2
+        dest: "{{ inventory_path }}"
+        mode: 0644
+
+    - name: Make group_vars directory
+      file:
+        path: "{{ inventory_path | dirname }}/group_vars"
+        state: directory
+        mode: 0755
+      when: mode in ['scale', 'separate-scale', 'ha-scale']
+
+    - name: Template fake hosts group vars  # noqa no-relative-paths - CI templates are not in role_path
+      template:
+        src: ../templates/fake_hosts.yml.j2
+        dest: "{{ inventory_path | dirname }}/group_vars/fake_hosts.yml"
+        mode: 0644
+      when: mode in ['scale', 'separate-scale', 'ha-scale']
+
+    - name: Delete group_vars directory
+      file:
+        path: "{{ inventory_path | dirname }}/group_vars"
+        state: absent
+        recurse: yes
+      when: delete_group_vars

tests/cloud_playbooks/create-packet.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Provision Packet VMs
+  hosts: localhost
+  gather_facts: no
+  become: true
+  vars:
+    ci_job_name: "{{ lookup('env', 'CI_JOB_NAME') }}"
+    test_name: "{{ test_id | regex_replace('\\.', '-') }}"
+  roles:
+    - { role: packet-ci, vm_cleanup: false }

tests/cloud_playbooks/delete-aws.yml

@@ -0,0 +1,19 @@
+---
+- name: Terminate AWS VMs
+  hosts: kube_node
+  become: False
+
+  tasks:
+  - name: Gather EC2 facts
+    amazon.aws.ec2_metadata_facts:
+
+  - name: Terminate EC2 instances
+    amazon.aws.ec2_instance:
+      aws_access_key: "{{ aws_access_key }}"
+      aws_secret_key: "{{ aws_secret_key }}"
+      state: absent
+      instance_ids: "{{ ansible_ec2_instance_id }}"
+      region: "{{ ansible_ec2_placement_region }}"
+      wait: True
+    delegate_to: localhost
+    connection: local

tests/cloud_playbooks/delete-gce.yml

@@ -0,0 +1,50 @@
+---
+- name: Terminate Google Cloud VMs
+  hosts: localhost
+  become: false
+  gather_facts: no
+  vars:
+    mode: default
+
+  tasks:
+    - name: Replace_test_id
+      set_fact:
+        test_name: "{{ test_id | regex_replace('\\.', '-') }}"
+
+    - name: Set instance names
+      set_fact:
+        # noqa: jinja[spacing]
+        instance_names: >-
+          {%- if mode in ['separate', 'ha'] -%}
+          k8s-{{ test_name }}-1,k8s-{{ test_name }}-2,k8s-{{ test_name }}-3
+          {%- else -%}
+          k8s-{{ test_name }}-1,k8s-{{ test_name }}-2
+          {%- endif -%}
+
+    - name: Stop gce instances  # noqa args[module] - Probably doesn't work
+      google.cloud.gcp_compute_instance:
+        instance_names: "{{ instance_names }}"
+        image: "{{ cloud_image | default(omit) }}"
+        service_account_email: "{{ gce_service_account_email }}"
+        pem_file: "{{ gce_pem_file | default(omit) }}"
+        credentials_file: "{{ gce_credentials_file | default(omit) }}"
+        project_id: "{{ gce_project_id }}"
+        zone: "{{ cloud_region | default('europe-west1-b') }}"
+        state: 'stopped'
+      async: 120
+      poll: 3
+      register: gce
+
+    - name: Delete gce instances  # noqa args[module] - Probably doesn't work
+      google.cloud.gcp_compute_instance:
+        instance_names: "{{ instance_names }}"
+        image: "{{ cloud_image | default(omit) }}"
+        service_account_email: "{{ gce_service_account_email }}"
+        pem_file: "{{ gce_pem_file | default(omit) }}"
+        credentials_file: "{{ gce_credentials_file | default(omit) }}"
+        project_id: "{{ gce_project_id }}"
+        zone: "{{ cloud_region | default('europe-west1-b') }}"
+        state: 'absent'
+      async: 120
+      poll: 3
+      register: gce

tests/cloud_playbooks/delete-packet.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Terminate Packet VMs
+  hosts: localhost
+  gather_facts: no
+  become: true
+  vars:
+    ci_job_name: "{{ lookup('env', 'CI_JOB_NAME') }}"
+    test_name: "{{ test_id | regex_replace('\\.', '-') }}"
+  roles:
+    - { role: packet-ci, vm_cleanup: true }

tests/cloud_playbooks/roles/cleanup-packet-ci/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+
+- name: Fetch a list of namespaces
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: Namespace
+    label_selectors:
+      - cijobs = true
+  register: namespaces
+
+- name: Delete stale namespaces for more than 2 hours
+  command: "kubectl delete namespace {{ item.metadata.name }}"
+  failed_when: false
+  loop: "{{ namespaces.resources }}"
+  when:
+    - (now() - (item.metadata.creationTimestamp | to_datetime("%Y-%m-%dT%H:%M:%SZ"))).total_seconds() >= 7200

tests/cloud_playbooks/roles/packet-ci/defaults/main.yml

@@ -0,0 +1,44 @@
+---
+
+# VM sizing
+vm_cpu_cores: 2
+vm_cpu_sockets: 1
+vm_cpu_threads: 2
+vm_memory: 2048Mi
+
+# Replace invalid characters so that we can use the branch name in kubernetes labels
+branch_name_sane: "{{ branch | regex_replace('/', '-') }}"
+
+# Request/Limit allocation settings
+
+cpu_allocation_ratio: 0.5
+memory_allocation_ratio: 1
+
+# Default path for inventory
+inventory_path: "/tmp/{{ test_name }}/inventory"
+
+# Deployment mode
+mode: all-in-one
+
+# Cloud init config for each os type
+# distro: fedora -> I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IGZlZG9yYQp1c2VyczoKIC0gbmFtZToga3ViZXNwcmF5CiAgIGdyb3Vwczogd2hlZWwKICAgc3VkbzogJ0FMTD0oQUxMKSBOT1BBU1NXRDpBTEwnCiAgIHNoZWxsOiAvYmluL2Jhc2gKICAgbG9ja19wYXNzd2Q6IEZhbHNlCiAgIGhvbWU6IC9ob21lL2t1YmVzcHJheQogICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgIC0gc3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDYW5UaS9lS3gwK3RIWUpBZURocStzRlMyT2JVUDEvSTY5ZjdpVjNVdGtLbFQyMEpmVzFmNkZlWHQvMDRWZjI3V1FxK05xczZ2R0JxRDlRWFNZdWYrdDAvczdFUExqVGVpOW1lMW1wcXIrdVRlK0tEdFRQMzlwZkQzL2VWQ2FlQjcyNkdQMkZrYUQwRnpwbUViNjZPM05xaHhPUTk2R3gvOVhUdXcvSzNsbGo0T1ZENkdyalIzQjdjNFh0RUJzWmNacHBNSi9vSDFtR3lHWGRoMzFtV1FTcUFSTy9QOFU4R3d0MCtIR3BVd2gvaGR5M3QrU1lvVEIyR3dWYjB6b3lWd3RWdmZEUXpzbThmcTNhdjRLdmV6OGtZdU5ESnYwNXg0bHZVWmdSMTVaRFJYc0FuZGhReXFvWGRDTEFlMCtlYUtYcTlCa1d4S0ZiOWhQZTBBVWpqYTU=
+# distro: rhel: -> I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo=
+# distro: rhel (+ sudo and hostname packages): -> I2Nsb3VkLWNvbmZpZwpwYWNrYWdlczoKIC0gc3VkbwogLSBob3N0bmFtZQpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo=
+# generic one -> I2Nsb3VkLWNvbmZpZwogdXNlcnM6CiAgLSBuYW1lOiBrdWJlc3ByYXkKICAgIHN1ZG86IEFMTD0oQUxMKSBOT1BBU1NXRDpBTEwKICAgIHNoZWxsOiAvYmluL2Jhc2gKICAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICAgaG9tZTogL2hvbWUva3ViZXNwcmF5CiAgICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1
+cloud_init:
+  centos-7: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo="
+  centos-8: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo="
+  almalinux-8: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo="
+  rockylinux-8: "I2Nsb3VkLWNvbmZpZwpwYWNrYWdlczoKIC0gc3VkbwogLSBob3N0bmFtZQpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo="
+  rockylinux-9: "I2Nsb3VkLWNvbmZpZwpwYWNrYWdlczoKIC0gc3VkbwogLSBob3N0bmFtZQpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo="
+  debian-10: "I2Nsb3VkLWNvbmZpZwogdXNlcnM6CiAgLSBuYW1lOiBrdWJlc3ByYXkKICAgIHN1ZG86IEFMTD0oQUxMKSBOT1BBU1NXRDpBTEwKICAgIHNoZWxsOiAvYmluL2Jhc2gKICAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICAgaG9tZTogL2hvbWUva3ViZXNwcmF5CiAgICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1"
+  debian-11: "I2Nsb3VkLWNvbmZpZwogdXNlcnM6CiAgLSBuYW1lOiBrdWJlc3ByYXkKICAgIHN1ZG86IEFMTD0oQUxMKSBOT1BBU1NXRDpBTEwKICAgIHNoZWxsOiAvYmluL2Jhc2gKICAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICAgaG9tZTogL2hvbWUva3ViZXNwcmF5CiAgICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1"
+  debian-12: "I2Nsb3VkLWNvbmZpZwogdXNlcnM6CiAgLSBuYW1lOiBrdWJlc3ByYXkKICAgIHN1ZG86IEFMTD0oQUxMKSBOT1BBU1NXRDpBTEwKICAgIHNoZWxsOiAvYmluL2Jhc2gKICAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICAgaG9tZTogL2hvbWUva3ViZXNwcmF5CiAgICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1"
+  fedora-37: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IGZlZG9yYQp1c2VyczoKIC0gbmFtZToga3ViZXNwcmF5CiAgIGdyb3Vwczogd2hlZWwKICAgc3VkbzogJ0FMTD0oQUxMKSBOT1BBU1NXRDpBTEwnCiAgIHNoZWxsOiAvYmluL2Jhc2gKICAgbG9ja19wYXNzd2Q6IEZhbHNlCiAgIGhvbWU6IC9ob21lL2t1YmVzcHJheQogICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgIC0gc3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDYW5UaS9lS3gwK3RIWUpBZURocStzRlMyT2JVUDEvSTY5ZjdpVjNVdGtLbFQyMEpmVzFmNkZlWHQvMDRWZjI3V1FxK05xczZ2R0JxRDlRWFNZdWYrdDAvczdFUExqVGVpOW1lMW1wcXIrdVRlK0tEdFRQMzlwZkQzL2VWQ2FlQjcyNkdQMkZrYUQwRnpwbUViNjZPM05xaHhPUTk2R3gvOVhUdXcvSzNsbGo0T1ZENkdyalIzQjdjNFh0RUJzWmNacHBNSi9vSDFtR3lHWGRoMzFtV1FTcUFSTy9QOFU4R3d0MCtIR3BVd2gvaGR5M3QrU1lvVEIyR3dWYjB6b3lWd3RWdmZEUXpzbThmcTNhdjRLdmV6OGtZdU5ESnYwNXg0bHZVWmdSMTVaRFJYc0FuZGhReXFvWGRDTEFlMCtlYUtYcTlCa1d4S0ZiOWhQZTBBVWpqYTU="
+  fedora-38: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IGZlZG9yYQp1c2VyczoKIC0gbmFtZToga3ViZXNwcmF5CiAgIGdyb3Vwczogd2hlZWwKICAgc3VkbzogJ0FMTD0oQUxMKSBOT1BBU1NXRDpBTEwnCiAgIHNoZWxsOiAvYmluL2Jhc2gKICAgbG9ja19wYXNzd2Q6IEZhbHNlCiAgIGhvbWU6IC9ob21lL2t1YmVzcHJheQogICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgIC0gc3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDYW5UaS9lS3gwK3RIWUpBZURocStzRlMyT2JVUDEvSTY5ZjdpVjNVdGtLbFQyMEpmVzFmNkZlWHQvMDRWZjI3V1FxK05xczZ2R0JxRDlRWFNZdWYrdDAvczdFUExqVGVpOW1lMW1wcXIrdVRlK0tEdFRQMzlwZkQzL2VWQ2FlQjcyNkdQMkZrYUQwRnpwbUViNjZPM05xaHhPUTk2R3gvOVhUdXcvSzNsbGo0T1ZENkdyalIzQjdjNFh0RUJzWmNacHBNSi9vSDFtR3lHWGRoMzFtV1FTcUFSTy9QOFU4R3d0MCtIR3BVd2gvaGR5M3QrU1lvVEIyR3dWYjB6b3lWd3RWdmZEUXpzbThmcTNhdjRLdmV6OGtZdU5ESnYwNXg0bHZVWmdSMTVaRFJYc0FuZGhReXFvWGRDTEFlMCtlYUtYcTlCa1d4S0ZiOWhQZTBBVWpqYTU="
+  opensuse-leap-15: "I2Nsb3VkLWNvbmZpZwogdXNlcnM6CiAgLSBuYW1lOiBrdWJlc3ByYXkKICAgIHN1ZG86IEFMTD0oQUxMKSBOT1BBU1NXRDpBTEwKICAgIHNoZWxsOiAvYmluL2Jhc2gKICAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICAgaG9tZTogL2hvbWUva3ViZXNwcmF5CiAgICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1"
+  rhel-server-7: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo="
+  amazon-linux-2: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo="
+  ubuntu-2004: "I2Nsb3VkLWNvbmZpZwogdXNlcnM6CiAgLSBuYW1lOiBrdWJlc3ByYXkKICAgIHN1ZG86IEFMTD0oQUxMKSBOT1BBU1NXRDpBTEwKICAgIHNoZWxsOiAvYmluL2Jhc2gKICAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICAgaG9tZTogL2hvbWUva3ViZXNwcmF5CiAgICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1"
+  ubuntu-2204: "I2Nsb3VkLWNvbmZpZwogdXNlcnM6CiAgLSBuYW1lOiBrdWJlc3ByYXkKICAgIHN1ZG86IEFMTD0oQUxMKSBOT1BBU1NXRDpBTEwKICAgIHNoZWxsOiAvYmluL2Jhc2gKICAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICAgaG9tZTogL2hvbWUva3ViZXNwcmF5CiAgICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1"
+  oracle-7: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo="

tests/cloud_playbooks/roles/packet-ci/tasks/cleanup-old-vms.yml

@@ -0,0 +1,17 @@
+---
+
+- name: Fetch a list of namespaces
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: Namespace
+    label_selectors:
+      - cijobs = true
+      - branch = {{ branch_name_sane }}
+  register: namespaces
+
+- name: Delete older namespaces
+  command: "kubectl delete namespace {{ item.metadata.name }}"
+  failed_when: false
+  loop: "{{ namespaces.resources }}"
+  when:
+    - (item.metadata.labels.pipeline_id | int) < (pipeline_id | int)

tests/cloud_playbooks/roles/packet-ci/tasks/create-vms.yml

@@ -0,0 +1,50 @@
+---
+
+- name: "Create CI namespace {{ test_name }} for test vms"
+  shell: |-
+    kubectl create namespace {{ test_name }} &&
+      kubectl label namespace {{ test_name }} cijobs=true branch="{{ branch_name_sane }}" pipeline_id="{{ pipeline_id }}"
+  changed_when: false
+
+- name: "Create temp dir /tmp/{{ test_name }} for CI files"
+  file:
+    path: "/tmp/{{ test_name }}"
+    state: directory
+    mode: 0755
+
+- name: Template vm files for CI job
+  set_fact:
+    vms_files: "{{ vms_files + [lookup('ansible.builtin.template', 'vm.yml.j2') | from_yaml] }}"
+  vars:
+    vms_files: []
+  loop: "{{ range(1, vm_count | int + 1, 1) | list }}"
+  loop_control:
+    index_var: vm_id
+
+- name: Start vms for CI job
+  kubernetes.core.k8s:
+    definition: "{{ item }}"
+  changed_when: false
+  loop: "{{ vms_files }}"
+
+- name: Wait for vms to have ipaddress assigned
+  shell: "set -o pipefail && kubectl get vmis -n {{ test_name }} instance-{{ vm_id }} -o json | jq '.status.interfaces[].ipAddress' | tr -d '\"'"
+  args:
+    executable: /bin/bash
+  changed_when: false
+  register: vm_ips
+  loop: "{{ range(1, vm_count | int + 1, 1) | list }}"
+  loop_control:
+    index_var: vm_id
+  retries: 20
+  delay: 15
+  until:
+    - vm_ips.stdout | ansible.utils.ipaddr
+
+- name: "Create inventory for CI test in file /tmp/{{ test_name }}/inventory"
+  template:
+    src: "inventory.j2"
+    dest: "{{ inventory_path }}"
+    mode: 0644
+  vars:
+    vms: "{{ vm_ips }}"

tests/cloud_playbooks/roles/packet-ci/tasks/delete-vms.yml

@@ -0,0 +1,30 @@
+---
+
+- name: Check if temp directory for {{ test_name }} exists
+  stat:
+    path: "/tmp/{{ test_name }}"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
+  register: temp_dir_details
+
+- name: "Cleanup temp directory for {{ test_name }}"
+  file:
+    path: "/tmp/{{ test_name }}"
+    state: absent
+
+- name: "Cleanup namespace for {{ test_name }}"
+  command: "kubectl delete namespace {{ test_name }}"
+  changed_when: false
+
+- name: Wait for namespace {{ test_name }} to be fully deleted
+  command: kubectl get ns {{ test_name }}
+  register: delete_namespace
+  failed_when:
+    - delete_namespace.rc == 0
+  changed_when:
+    - delete_namespace.rc == 0
+  retries: 12
+  delay: 10
+  until:
+    - delete_namespace.rc != 0

tests/cloud_playbooks/roles/packet-ci/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+
+- name: "Include custom vars for ci job: {{ ci_job_name }}"
+  include_vars: "../files/{{ ci_job_name }}.yml"
+
+- name: Cleamup old VMs
+  import_tasks: cleanup-old-vms.yml
+
+- name: Create VMs
+  import_tasks: create-vms.yml
+  when:
+    - not vm_cleanup
+
+- name: Delete VMs
+  import_tasks: delete-vms.yml
+  when:
+    - vm_cleanup | default(false)

tests/cloud_playbooks/roles/packet-ci/templates/inventory.j2

@@ -0,0 +1,107 @@
+[all]
+{% for instance in vms.results %}
+instance-{{ loop.index }} ansible_host={{instance.stdout}}
+{% endfor %}
+
+{% if mode is defined and mode in ["separate", "separate-scale"] %}
+[kube_control_plane]
+instance-1
+
+[kube_node]
+instance-2
+
+[etcd]
+instance-3
+{% elif mode is defined and mode in ["ha", "ha-scale"] %}
+[kube_control_plane]
+instance-1
+instance-2
+
+[kube_node]
+instance-3
+
+[etcd]
+instance-1
+instance-2
+instance-3
+{% elif mode == "default" %}
+[kube_control_plane]
+instance-1
+
+[kube_node]
+instance-2
+
+[etcd]
+instance-1
+{% elif mode == "all-in-one" %}
+[kube_control_plane]
+instance-1
+
+[kube_node]
+instance-1
+
+[etcd]
+instance-1
+{% elif mode == "ha-recover" %}
+[kube_control_plane]
+instance-1
+instance-2
+
+[kube_node]
+instance-3
+
+[etcd]
+instance-3
+instance-1
+instance-2
+
+[broken_kube_control_plane]
+instance-2
+
+[broken_etcd]
+instance-2 etcd_member_name=etcd3
+{% elif mode == "ha-recover-noquorum" %}
+[kube_control_plane]
+instance-3
+instance-1
+instance-2
+
+[kube_node]
+instance-3
+
+[etcd]
+instance-3
+instance-1
+instance-2
+
+[broken_kube_control_plane]
+instance-1
+instance-2
+
+[broken_etcd]
+instance-1 etcd_member_name=etcd2
+instance-2 etcd_member_name=etcd3
+{% elif mode == "node-etcd-client" %}
+[kube_control_plane]
+instance-1
+
+[etcd]
+instance-1
+instance-2
+instance-3
+
+[kube_node]
+instance-1
+instance-2
+instance-3
+instance-4
+{% endif %}
+
+[k8s_cluster:children]
+kube_node
+kube_control_plane
+calico_rr
+
+[calico_rr]
+
+[fake_hosts]

tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2

@@ -0,0 +1,52 @@
+---
+apiVersion: kubevirt.io/v1alpha3
+kind: VirtualMachine
+metadata:
+  name: "instance-{{ vm_id }}"
+  namespace: "{{ test_name }}"
+  labels:
+    kubevirt.io/os: {{ cloud_image }}
+spec:
+  running: true
+  template:
+    metadata:
+      labels:
+        kubevirt.io/size: small
+        kubevirt.io/domain: "{{ test_name }}"
+    spec:
+      domain:
+        devices:
+          blockMultiQueue: true
+          disks:
+            - disk:
+                bus: virtio
+              name: containervolume
+              cache: writethrough
+            - disk:
+                bus: virtio
+              name: cloudinitvolume
+          interfaces:
+          - name: default
+            bridge: {}
+        cpu:
+            cores: {{ vm_cpu_cores }}
+            sockets: {{ vm_cpu_sockets }}
+            threads: {{ vm_cpu_threads }}
+        resources:
+          requests:
+            memory: {{ vm_memory * memory_allocation_ratio }}
+            cpu: {{ vm_cpu_cores * cpu_allocation_ratio }}
+          limits:
+            memory: {{ vm_memory }}
+            cpu: {{ vm_cpu_cores }}
+      networks:
+      - name: default
+        pod: {}
+      terminationGracePeriodSeconds: 0
+      volumes:
+        - name: containervolume
+          containerDisk:
+            image: quay.io/kubespray/vm-{{ cloud_image }}
+        - name: cloudinitvolume
+          cloudInitNoCloud:
+            userDataBase64: {{ cloud_init[cloud_image] }}

tests/cloud_playbooks/roles/packet-ci/vars/main.yml

@@ -0,0 +1,13 @@
+---
+_vm_count_dict:
+  separate: 3
+  separate-scale: 3
+  ha: 3
+  ha-scale: 3
+  ha-recover: 3
+  ha-recover-noquorum: 3
+  all-in-one: 1
+  node-etcd-client: 4
+  default: 2
+
+vm_count: "{{ _vm_count_dict[mode | d('default')] }}"

tests/cloud_playbooks/templates/boto.j2

@@ -0,0 +1,11 @@
+[Credentials]
+gs_access_key_id = {{ gs_key }}
+gs_secret_access_key = {{ gs_skey }}
+[Boto]
+https_validate_certificates = True
+[GoogleCompute]
+[GSUtil]
+default_project_id = {{ gce_project_id }}
+content_language = en
+default_api_version = 2
+[OAuth2]

tests/cloud_playbooks/templates/gcs_life.json.j2

@@ -0,0 +1,9 @@
+{
+	"rule":
+	[
+		{
+			"action": {"type": "Delete"},
+			"condition": {"age": {{expire_days}}}
+		}
+	]
+}

tests/cloud_playbooks/upload-logs-gcs.yml

@@ -0,0 +1,82 @@
+---
+- name: Upload logs to GCS
+  hosts: localhost
+  become: false
+  gather_facts: no
+
+  vars:
+    expire_days: 2
+
+  tasks:
+    - name: Generate uniq bucket name prefix
+      raw: date +%Y%m%d
+      changed_when: false
+      register: out
+
+    - name: Replace_test_id
+      set_fact:
+        test_name: "kargo-ci-{{ out.stdout_lines[0] }}"
+
+    - name: Set file_name for logs
+      set_fact:
+        file_name: "{{ ostype }}-{{ kube_network_plugin }}-{{ commit }}-logs.tar.gz"
+
+    - name: Create a bucket
+      community.google.gc_storage:
+        bucket: "{{ test_name }}"
+        mode: create
+        permission: public-read
+        gs_access_key: "{{ gs_key }}"
+        gs_secret_key: "{{ gs_skey }}"
+      no_log: True
+
+    - name: Create a lifecycle template for the bucket
+      template:
+        src: gcs_life.json.j2
+        dest: "{{ dir }}/gcs_life.json"
+        mode: 0644
+
+    - name: Create a boto config to access GCS
+      template:
+        src: boto.j2
+        dest: "{{ dir }}/.boto"
+        mode: 0640
+      no_log: True
+
+    - name: Download gsutil cp installer
+      get_url:
+        url: https://dl.google.com/dl/cloudsdk/channels/rapid/install_google_cloud_sdk.bash
+        dest: "{{ dir }}/gcp-installer.sh"
+        mode: 0644
+
+    - name: Get gsutil tool
+      command: "{{ dir }}/gcp-installer.sh"
+      environment:
+        CLOUDSDK_CORE_DISABLE_PROMPTS: "1"
+        CLOUDSDK_INSTALL_DIR: "{{ dir }}"
+      no_log: True
+      failed_when: false
+
+    - name: Apply the lifecycle rules
+      command: "{{ dir }}/google-cloud-sdk/bin/gsutil lifecycle set {{ dir }}/gcs_life.json gs://{{ test_name }}"
+      changed_when: false
+      environment:
+        BOTO_CONFIG: "{{ dir }}/.boto"
+      no_log: True
+
+    - name: Upload collected diagnostic info
+      community.google.gc_storage:
+        bucket: "{{ test_name }}"
+        mode: put
+        permission: public-read
+        object: "{{ file_name }}"
+        src: "{{ dir }}/logs.tar.gz"
+        headers: '{"Content-Encoding": "x-gzip"}'
+        gs_access_key: "{{ gs_key }}"
+        gs_secret_key: "{{ gs_skey }}"
+        expiration: "{{ expire_days * 36000 | int }}"
+      failed_when: false
+      no_log: True
+
+    - debug:  # noqa name[missing]
+        msg: "A public url https://storage.googleapis.com/{{ test_name }}/{{ file_name }}"

tests/cloud_playbooks/wait-for-ssh.yml

@@ -0,0 +1,13 @@
+---
+- name: Wait until SSH is available
+  hosts: all
+  become: False
+  gather_facts: False
+
+  tasks:
+  - name: Wait until SSH is available
+    wait_for:
+      host: "{{ ansible_host }}"
+      port: 22
+      timeout: 240
+    delegate_to: localhost

tests/common/_docker_hub_registry_mirror.yml

@@ -0,0 +1,40 @@
+---
+docker_registry_mirrors:
+  - "https://mirror.gcr.io"
+
+containerd_grpc_max_recv_message_size: 16777216
+containerd_grpc_max_send_message_size: 16777216
+
+containerd_registries_mirrors:
+  - prefix: docker.io
+    mirrors:
+      - host: https://mirror.gcr.io
+        capabilities: ["pull", "resolve"]
+        skip_verify: false
+      - host: https://registry-1.docker.io
+        capabilities: ["pull", "resolve"]
+        skip_verify: false
+
+containerd_max_container_log_line_size: -1
+
+crio_registries:
+  - prefix: docker.io
+    insecure: false
+    blocked: false
+    unqualified: false
+    location: registry-1.docker.io
+    mirrors:
+      - location: mirror.gcr.io
+        insecure: false
+
+netcheck_agent_image_repo: "{{ quay_image_repo }}/kubespray/k8s-netchecker-agent"
+netcheck_server_image_repo: "{{ quay_image_repo }}/kubespray/k8s-netchecker-server"
+
+nginx_image_repo: "{{ quay_image_repo }}/kubespray/nginx"
+
+flannel_image_repo: "{{ quay_image_repo }}/kubespray/flannel"
+flannel_init_image_repo: "{{ quay_image_repo }}/kubespray/flannel-cni-plugin"
+
+# Kubespray settings for tests
+deploy_netchecker: true
+dns_min_replicas: 1

tests/common/_kubespray_test_settings.yml

@@ -0,0 +1,5 @@
+---
+# Kubespray settings for tests
+deploy_netchecker: true
+dns_min_replicas: 1
+unsafe_show_logs: true

tests/files/custom_cni/README.md

@@ -0,0 +1,11 @@
+# Custom CNI manifest generation
+
+As an example we are using Cilium for testing the network_plugins/custom_cni.
+
+To update the generated manifests to the latest version do the following:
+
+```sh
+helm repo add cilium https://helm.cilium.io/
+helm repo update
+helm template cilium/cilium -n kube-system -f values.yaml > cilium.yaml
+```

tests/files/custom_cni/values.yaml

@@ -0,0 +1,11 @@
+---
+
+# We disable hubble so that helm doesn't try to generate any certificate.
+# This is not needed to test network_plugin/custom_cni anyway.
+hubble:
+  enabled: false
+
+ipam:
+  operator:
+    # Set the appropriate pods subnet
+    clusterPoolIPv4PodCIDR: "{{ kube_pods_subnet }}"

tests/files/packet_almalinux8-calico-ha-ebpf.yml

@@ -0,0 +1,10 @@
+---
+# Instance settings
+cloud_image: almalinux-8
+mode: ha
+vm_memory: 3072Mi
+
+# Kubespray settings
+calico_bpf_enabled: true
+loadbalancer_apiserver_localhost: true
+auto_renew_certificates: true

tests/files/packet_almalinux8-calico-nodelocaldns-secondary.yml

@@ -0,0 +1,9 @@
+---
+# Instance settings
+cloud_image: almalinux-8
+mode: default
+vm_memory: 3072Mi
+
+# Kubespray settings
+enable_nodelocaldns_secondary: true
+loadbalancer_apiserver_type: haproxy

tests/files/packet_almalinux8-calico-remove-node.yml

@@ -0,0 +1,7 @@
+---
+# Instance settings
+cloud_image: almalinux-8
+mode: ha
+
+# Kubespray settings
+auto_renew_certificates: true

tests/files/packet_almalinux8-calico.yml

@@ -0,0 +1,19 @@
+---
+# Instance settings
+cloud_image: almalinux-8
+mode: default
+vm_memory: 3072Mi
+
+# Kubespray settings
+metrics_server_enabled: true
+dashboard_namespace: "kube-dashboard"
+dashboard_enabled: true
+loadbalancer_apiserver_type: haproxy
+local_path_provisioner_enabled: true
+
+# NTP mangement
+ntp_enabled: true
+ntp_timezone: Etc/UTC
+ntp_manage_config: true
+ntp_tinker_panic: true
+ntp_force_sync_immediately: true

tests/files/packet_almalinux8-crio.yml

@@ -0,0 +1,8 @@
+---
+# Instance settings
+cloud_image: almalinux-8
+mode: default
+
+# Kubespray settings
+container_manager: crio
+auto_renew_certificates: true

tests/files/packet_almalinux8-docker.yml

@@ -0,0 +1,10 @@
+---
+# Instance settings
+cloud_image: almalinux-8
+mode: default
+vm_memory: 3072Mi
+
+# Use docker
+container_manager: docker
+etcd_deployment_type: docker
+resolvconf_mode: docker_dns

tests/files/packet_almalinux8-kube-ovn.yml

@@ -0,0 +1,8 @@
+---
+# Instance settings
+cloud_image: almalinux-8
+mode: default
+vm_memory: 3072Mi
+
+# Kubespray settings
+kube_network_plugin: kube-ovn

tests/files/packet_amazon-linux-2-all-in-one.yml

@@ -0,0 +1,4 @@
+---
+# Instance settings
+cloud_image: amazon-linux-2
+mode: all-in-one

tests/files/packet_centos7-calico-ha-once-localhost.yml

@@ -0,0 +1,18 @@
+---
+# Instance settings
+cloud_image: centos-7
+mode: ha
+
+# Kubespray settings
+download_localhost: true
+download_run_once: true
+typha_enabled: true
+calico_apiserver_enabled: true
+calico_backend: kdd
+typha_secure: true
+disable_ipv6_dns: true
+auto_renew_certificates: true
+
+# Docker settings
+container_manager: docker
+etcd_deployment_type: docker

tests/files/packet_centos7-calico-ha.yml

@@ -0,0 +1,13 @@
+---
+# Instance settings
+cloud_image: centos-7
+mode: ha
+
+# Kubespray settings
+download_localhost: false
+download_run_once: true
+typha_enabled: true
+calico_apiserver_enabled: true
+calico_backend: kdd
+typha_secure: true
+auto_renew_certificates: true

tests/files/packet_centos7-flannel-addons-ha.yml

@@ -0,0 +1,74 @@
+---
+# Instance settings
+cloud_image: centos-7
+mode: ha
+
+# Kubespray settings
+kubeadm_certificate_key: 3998c58db6497dd17d909394e62d515368c06ec617710d02edea31c06d741085
+kube_proxy_mode: iptables
+kube_network_plugin: flannel
+download_localhost: false
+download_run_once: true
+helm_enabled: true
+krew_enabled: true
+kubernetes_audit: true
+etcd_events_cluster_enabled: true
+local_volume_provisioner_enabled: true
+kube_encrypt_secret_data: true
+ingress_nginx_enabled: true
+ingress_nginx_webhook_enabled: true
+ingress_nginx_webhook_job_ttl: 30
+cert_manager_enabled: true
+# Disable as health checks are still unstable and slow to respond.
+metrics_server_enabled: false
+metrics_server_kubelet_insecure_tls: true
+kube_token_auth: true
+enable_nodelocaldns: false
+kubelet_rotate_server_certificates: true
+kubelet_csr_approver_enabled: false
+
+kube_oidc_url: https://accounts.google.com/.well-known/openid-configuration
+kube_oidc_client_id: kubespray-example
+
+tls_min_version: "VersionTLS12"
+tls_cipher_suites:
+  - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+
+# test etcd tls cipher suites
+etcd_tls_cipher_suites:
+  - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+  - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+
+# Containerd
+containerd_storage_dir: /var/data/containerd
+containerd_state_dir: /run/cri/containerd
+containerd_oom_score: -999
+
+# Kube-vip
+kube_vip_enabled: true
+kube_vip_arp_enabled: true
+kube_vip_controlplane_enabled: true
+kube_vip_address: 192.168.1.100
+
+# MetalLB
+metallb_enabled: true
+metallb_speaker_enabled: true
+metallb_config:
+  address_pools:
+    primary:
+      ip_range:
+        - 192.0.1.0-192.0.1.254
+      auto_assign: true
+    pool1:
+      ip_range:
+        - 192.0.2.1-192.0.2.1
+      auto_assign: false
+    pool2:
+      ip_range:
+        - 192.0.2.2-192.0.2.2
+      auto_assign: false
+
+  layer2:
+    - primary
+    - pool1
+    - pool2

tests/files/packet_centos7-multus-calico.yml

@@ -0,0 +1,7 @@
+---
+# Instance settings
+cloud_image: centos-7
+mode: default
+
+# Kubespray settings
+kube_network_plugin_multus: true

tests/files/packet_centos7-weave-upgrade-ha.yml

@@ -0,0 +1,11 @@
+---
+# Instance settings
+cloud_image: centos-7
+mode: ha
+
+# Kubespray settings
+kube_network_plugin: weave
+kubernetes_audit: true
+
+# Needed to upgrade from 1.16 to 1.17, otherwise upgrade is partial and bug followed
+upgrade_cluster_setup: true

tests/files/packet_debian10-calico.yml

@@ -0,0 +1,11 @@
+---
+# Instance settings
+cloud_image: debian-10
+mode: default
+
+# Kubespray settings
+auto_renew_certificates: true
+
+# plugins
+helm_enabled: true
+krew_enabled: true

tests/files/packet_debian10-cilium-svc-proxy.yml

@@ -0,0 +1,10 @@
+---
+# Instance settings
+cloud_image: debian-10
+mode: ha
+
+# Kubespray settings
+kube_network_plugin: cilium
+enable_network_policy: true
+
+cilium_kube_proxy_replacement: strict

tests/files/packet_debian10-docker.yml

@@ -0,0 +1,9 @@
+---
+# Instance settings
+cloud_image: debian-10
+mode: default
+
+# Use docker
+container_manager: docker
+etcd_deployment_type: docker
+resolvconf_mode: docker_dns

tests/files/packet_debian10-macvlan.yml

@@ -0,0 +1,11 @@
+---
+# Instance settings
+cloud_image: debian-10
+mode: default
+
+# Kubespray settings
+kube_network_plugin: macvlan
+enable_nodelocaldns: false
+kube_proxy_masquerade_all: true
+macvlan_interface: "eth0"
+auto_renew_certificates: true

tests/files/packet_debian11-calico-upgrade-once.yml

@@ -0,0 +1,16 @@
+---
+# Instance settings
+cloud_image: debian-11
+mode: default
+
+# Kubespray settings
+download_run_once: true
+
+# Pin disabling ipip mode to ensure proper upgrade
+ipip: false
+calico_pool_blocksize: 26
+calico_vxlan_mode: Always
+calico_network_backend: bird
+
+# Needed to bypass deprecation check
+ignore_assert_errors: true

tests/files/packet_debian11-calico-upgrade.yml

@@ -0,0 +1,13 @@
+---
+# Instance settings
+cloud_image: debian-11
+mode: default
+
+# Pin disabling ipip mode to ensure proper upgrade
+ipip: false
+calico_pool_blocksize: 26
+calico_vxlan_mode: Always
+calico_network_backend: bird
+
+# Needed to bypass deprecation check
+ignore_assert_errors: true

tests/files/packet_debian11-calico.yml

@@ -0,0 +1,4 @@
+---
+# Instance settings
+cloud_image: debian-11
+mode: default

tests/files/packet_debian11-custom-cni.yml

@@ -0,0 +1,9 @@
+---
+# Instance settings
+cloud_image: debian-11
+mode: default
+
+# Kubespray settings
+kube_network_plugin: custom_cni
+custom_cni_manifests:
+  - "{{ playbook_dir }}/../tests/files/custom_cni/cilium.yaml"

tests/files/packet_debian11-docker.yml

@@ -0,0 +1,9 @@
+---
+# Instance settings
+cloud_image: debian-11
+mode: default
+
+# Use docker
+container_manager: docker
+etcd_deployment_type: docker
+resolvconf_mode: docker_dns

tests/files/packet_debian11-kubelet-csr-approver.yml

@@ -0,0 +1,11 @@
+---
+# Instance settings
+cloud_image: debian-11
+mode: default
+
+# Kubespray settings
+kubelet_rotate_server_certificates: true
+kubelet_csr_approver_enabled: true
+kubelet_csr_approver_values:
+  # Do not check DNS resolution in testing (not recommended in production)
+  bypassDnsResolution: true

tests/files/packet_debian12-calico.yml

@@ -0,0 +1,4 @@
+---
+# Instance settings
+cloud_image: debian-12
+mode: default

tests/files/packet_debian12-cilium.yml

@@ -0,0 +1,7 @@
+---
+# Instance settings
+cloud_image: debian-12
+mode: default
+
+# Kubespray settings
+kube_network_plugin: cilium

tests/files/packet_debian12-custom-cni-helm.yml

@@ -0,0 +1,23 @@
+---
+# Instance settings
+cloud_image: debian-12
+mode: default
+
+# Kubespray settings
+kube_owner: root
+kube_network_plugin: custom_cni
+custom_cni_chart_namespace: kube-system
+custom_cni_chart_release_name: cilium
+custom_cni_chart_repository_name: cilium
+custom_cni_chart_repository_url: https://helm.cilium.io
+custom_cni_chart_ref: cilium/cilium
+custom_cni_chart_version: 1.14.3
+custom_cni_chart_values:
+  cluster:
+    name: kubespray
+  hubble:
+    enabled: false
+  ipam:
+    operator:
+      clusterPoolIPv4PodCIDRList:
+        - "{{ kube_pods_subnet }}"

tests/files/packet_debian12-docker.yml

@@ -0,0 +1,10 @@
+---
+# Instance settings
+cloud_image: debian-12
+mode: default
+
+# Use docker
+container_manager: docker
+etcd_deployment_type: docker
+resolvconf_mode: docker_dns
+docker_repo_key_keyring: /etc/apt/trusted.gpg.d/docker.gpg

tests/files/packet_fedora37-calico-selinux.yml

@@ -0,0 +1,14 @@
+---
+# Instance settings
+cloud_image: fedora-37
+mode: default
+
+# Kubespray settings
+auto_renew_certificates: true
+# Switching to iptable due to https://github.com/projectcalico/calico/issues/5011
+# Kubernetes v1.23.0 kube-proxy does use v.7.x now. Calico v3.20.x/v3.21.x Pods show the following error
+# Bad return code from 'ipset list'. error=exit status 1 family="inet" stderr="ipset v7.1: Kernel and userspace incompatible: settype hash:ip,port with revision 6 not supported by userspace.
+kube_proxy_mode: iptables
+
+# Test with SELinux in enforcing mode
+preinstall_selinux_state: enforcing

tests/files/packet_fedora37-calico-swap-selinux.yml

@@ -0,0 +1,19 @@
+---
+# Instance settings
+cloud_image: fedora-37
+mode: default
+
+# Kubespray settings
+auto_renew_certificates: true
+# Switching to iptable due to https://github.com/projectcalico/calico/issues/5011
+# Kubernetes v1.23.0 kube-proxy does use v.7.x now. Calico v3.20.x/v3.21.x Pods show the following error
+# Bad return code from 'ipset list'. error=exit status 1 family="inet" stderr="ipset v7.1: Kernel and userspace incompatible: settype hash:ip,port with revision 6 not supported by userspace.
+kube_proxy_mode: iptables
+
+# Test with SELinux in enforcing mode
+preinstall_selinux_state: enforcing
+
+# Test Alpha swap feature by leveraging zswap default config in Fedora 35
+kubelet_fail_swap_on: false
+kube_feature_gates:
+  - "NodeSwap=True"

tests/files/packet_fedora37-crio.yml

@@ -0,0 +1,15 @@
+---
+# Instance settings
+cloud_image: fedora-37
+mode: default
+
+# Kubespray settings
+container_manager: crio
+auto_renew_certificates: true
+# Switching to iptable due to https://github.com/projectcalico/calico/issues/5011
+# Kubernetes v1.23.0 kube-proxy does use v.7.x now. Calico v3.20.x/v3.21.x Pods show the following error
+# Bad return code from 'ipset list'. error=exit status 1 family="inet" stderr="ipset v7.1: Kernel and userspace incompatible: settype hash:ip,port with revision 6 not supported by userspace.
+kube_proxy_mode: iptables
+
+# Test with SELinux in enforcing mode
+preinstall_selinux_state: enforcing

tests/files/packet_fedora38-docker-calico.yml

@@ -0,0 +1,15 @@
+---
+# Instance settings
+cloud_image: fedora-38
+mode: default
+
+# Kubespray settings
+auto_renew_certificates: true
+# Switching to iptable due to https://github.com/projectcalico/calico/issues/5011
+# Kubernetes v1.23.0 kube-proxy does use v.7.x now. Calico v3.20.x/v3.21.x Pods show the following error
+# Bad return code from 'ipset list'. error=exit status 1 family="inet" stderr="ipset v7.1: Kernel and userspace incompatible: settype hash:ip,port with revision 6 not supported by userspace.
+kube_proxy_mode: iptables
+
+# Docker specific settings:
+container_manager: docker
+etcd_deployment_type: docker

tests/files/packet_fedora38-docker-weave.yml

@@ -0,0 +1,12 @@
+---
+# Instance settings
+cloud_image: fedora-38
+mode: default
+
+# Kubespray settings
+kube_network_plugin: weave
+
+# Docker specific settings:
+container_manager: docker
+etcd_deployment_type: docker
+resolvconf_mode: docker_dns

tests/files/packet_fedora38-kube-ovn.yml

@@ -0,0 +1,7 @@
+---
+# Instance settings
+cloud_image: fedora-38
+mode: default
+
+# Kubespray settings
+kube_network_plugin: kube-ovn

tests/files/packet_opensuse-docker-cilium.yml

@@ -0,0 +1,11 @@
+---
+# Instance settings
+cloud_image: opensuse-leap-15
+mode: default
+
+# Kubespray settings
+kube_network_plugin: cilium
+
+# Docker specific settings:
+container_manager: docker
+etcd_deployment_type: docker

tests/files/packet_rockylinux8-calico.yml

@@ -0,0 +1,11 @@
+---
+# Instance settings
+cloud_image: rockylinux-8
+mode: default
+vm_memory: 3072Mi
+
+# Kubespray settings
+metrics_server_enabled: true
+dashboard_namespace: "kube-dashboard"
+dashboard_enabled: true
+loadbalancer_apiserver_type: haproxy

tests/files/packet_rockylinux9-calico.yml

@@ -0,0 +1,11 @@
+---
+# Instance settings
+cloud_image: rockylinux-9
+mode: default
+vm_memory: 3072Mi
+
+# Kubespray settings
+metrics_server_enabled: true
+dashboard_namespace: "kube-dashboard"
+dashboard_enabled: true
+loadbalancer_apiserver_type: haproxy

tests/files/packet_rockylinux9-cilium.yml

@@ -0,0 +1,10 @@
+---
+# Instance settings
+cloud_image: rockylinux-9
+mode: default
+vm_memory: 3072Mi
+
+# Kubespray settings
+kube_network_plugin: cilium
+
+cilium_kube_proxy_replacement: strict

tests/files/packet_ubuntu20-all-in-one-docker.yml

@@ -0,0 +1,16 @@
+---
+# Instance settings
+cloud_image: ubuntu-2004
+mode: all-in-one
+
+# Kubespray settings
+auto_renew_certificates: true
+
+# Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko
+kube_proxy_mode: iptables
+enable_nodelocaldns: False
+
+# Use docker
+container_manager: docker
+etcd_deployment_type: docker
+resolvconf_mode: docker_dns

tests/files/packet_ubuntu20-calico-all-in-one-ansible-2_11.yml

@@ -0,0 +1 @@
+packet_ubuntu20-calico-all-in-one.yml

tests/files/packet_ubuntu20-calico-all-in-one-hardening.yml

@@ -0,0 +1,106 @@
+---
+# Instance settings
+cloud_image: ubuntu-2004
+mode: all-in-one
+
+# Kubespray settings
+auto_renew_certificates: true
+
+# Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko
+kube_proxy_mode: iptables
+enable_nodelocaldns: False
+
+# The followings are for hardening
+## kube-apiserver
+authorization_modes: ['Node', 'RBAC']
+# AppArmor-based OS
+kube_apiserver_feature_gates: ['AppArmor=true']
+kube_apiserver_request_timeout: 120s
+kube_apiserver_service_account_lookup: true
+
+# enable kubernetes audit
+kubernetes_audit: true
+audit_log_path: "/var/log/kube-apiserver-log.json"
+audit_log_maxage: 30
+audit_log_maxbackups: 10
+audit_log_maxsize: 100
+
+tls_min_version: VersionTLS12
+tls_cipher_suites:
+  - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+  - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+  - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+
+# enable encryption at rest
+kube_encrypt_secret_data: true
+kube_encryption_resources: [secrets]
+kube_encryption_algorithm: "secretbox"
+
+kube_apiserver_enable_admission_plugins:
+  - EventRateLimit
+  - AlwaysPullImages
+  - ServiceAccount
+  - NamespaceLifecycle
+  - NodeRestriction
+  - LimitRanger
+  - ResourceQuota
+  - MutatingAdmissionWebhook
+  - ValidatingAdmissionWebhook
+  - PodNodeSelector
+  - PodSecurity
+kube_apiserver_admission_control_config_file: true
+# EventRateLimit plugin configuration
+kube_apiserver_admission_event_rate_limits:
+  limit_1:
+    type: Namespace
+    qps: 50
+    burst: 100
+    cache_size: 2000
+  limit_2:
+    type: User
+    qps: 50
+    burst: 100
+kube_profiling: false
+
+## kube-controller-manager
+kube_controller_manager_bind_address: 127.0.0.1
+kube_controller_terminated_pod_gc_threshold: 50
+# AppArmor-based OS
+kube_controller_feature_gates: ["RotateKubeletServerCertificate=true", "AppArmor=true"]
+
+## kube-scheduler
+kube_scheduler_bind_address: 127.0.0.1
+# AppArmor-based OS
+kube_scheduler_feature_gates: ["AppArmor=true"]
+
+## etcd
+etcd_deployment_type: kubeadm
+
+## kubelet
+kubelet_authentication_token_webhook: true
+kube_read_only_port: 0
+kubelet_rotate_server_certificates: true
+kubelet_csr_approver_enabled: false
+kubelet_protect_kernel_defaults: true
+kubelet_event_record_qps: 1
+kubelet_rotate_certificates: true
+kubelet_streaming_connection_idle_timeout: "5m"
+kubelet_make_iptables_util_chains: true
+kubelet_feature_gates: ["RotateKubeletServerCertificate=true", "SeccompDefault=true"]
+kubelet_seccomp_default: true
+kubelet_systemd_hardening: true
+# In case you have multiple interfaces in your
+# control plane nodes and you want to specify the right
+# IP addresses, kubelet_secure_addresses allows you
+# to specify the IP from which the kubelet
+# will receive the packets.
+# kubelet_secure_addresses: "192.168.10.110 192.168.10.111 192.168.10.112"
+
+# additional configurations
+kube_owner: root
+kube_cert_group: root
+
+# create a default Pod Security Configuration and deny running of insecure pods
+# kube-system namespace is exempted by default
+kube_pod_security_use_default: true
+kube_pod_security_default_enforce: restricted

tests/files/packet_ubuntu20-calico-all-in-one.yml

@@ -0,0 +1,11 @@
+---
+# Instance settings
+cloud_image: ubuntu-2004
+mode: all-in-one
+
+# Kubespray settings
+auto_renew_certificates: true
+
+# Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko
+kube_proxy_mode: iptables
+enable_nodelocaldns: False

tests/files/packet_ubuntu20-calico-etcd-kubeadm-upgrade-ha.yml

@@ -0,0 +1,24 @@
+---
+# Instance settings
+cloud_image: ubuntu-2004
+mode: ha
+
+# use the kubeadm etcd setting to test the upgrade
+etcd_deployment_type: kubeadm
+
+upgrade_cluster_setup: true
+
+# Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko
+kube_proxy_mode: iptables
+enable_nodelocaldns: False
+
+# Pin disabling ipip mode to ensure proper upgrade
+ipip: false
+calico_vxlan_mode: Always
+calico_network_backend: bird
+
+# Needed to bypass deprecation check
+ignore_assert_errors: true
+### FIXME FLORYUT Needed for upgrade job, will be removed when releasing kubespray 2.20
+calico_pool_blocksize: 24
+### /FIXME

tests/files/packet_ubuntu20-calico-etcd-kubeadm.yml

@@ -0,0 +1,11 @@
+---
+# Instance settings
+cloud_image: ubuntu-2004
+mode: default
+
+# use the kubeadm etcd setting to test the upgrade
+etcd_deployment_type: kubeadm
+
+# Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko
+kube_proxy_mode: iptables
+enable_nodelocaldns: False

tests/files/packet_ubuntu20-calico-ha-recover-noquorum.yml

@@ -0,0 +1,4 @@
+---
+# Instance settings
+cloud_image: ubuntu-2004
+mode: ha-recover-noquorum

tests/files/packet_ubuntu20-calico-ha-recover.yml

@@ -0,0 +1,4 @@
+---
+# Instance settings
+cloud_image: ubuntu-2004
+mode: ha-recover

tests/files/packet_ubuntu20-calico-ha-wireguard.yml

@@ -0,0 +1,13 @@
+---
+# Instance settings
+cloud_image: ubuntu-2004
+mode: ha
+
+# Kubespray settings
+calico_wireguard_enabled: true
+auto_renew_certificates: true
+
+# Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko
+kube_proxy_mode: iptables
+# KVM kernel used by packet instances is missing the dummy.ko kernel module so it cannot enable nodelocaldns
+enable_nodelocaldns: false

tests/files/packet_ubuntu20-cilium-sep.yml

@@ -0,0 +1,9 @@
+---
+# Instance settings
+cloud_image: ubuntu-2004
+mode: separate
+
+# Kubespray settings
+kube_network_plugin: cilium
+enable_network_policy: true
+auto_renew_certificates: true

tests/files/packet_ubuntu20-crio.yml

@@ -0,0 +1,10 @@
+---
+# Instance settings
+cloud_image: ubuntu-2004
+mode: default
+
+# Kubespray settings
+container_manager: crio
+
+download_localhost: false
+download_run_once: true

tests/files/packet_ubuntu20-docker-weave-sep.yml

@@ -0,0 +1,16 @@
+---
+# Instance settings
+cloud_image: ubuntu-2004
+mode: separate
+
+# Kubespray settings
+kube_network_plugin: weave
+auto_renew_certificates: true
+
+# Docker specific settings:
+container_manager: docker
+etcd_deployment_type: docker
+resolvconf_mode: docker_dns
+
+# Ubuntu 16 - docker containerd package available stopped at 1.4.6
+docker_containerd_version: latest

tests/files/packet_ubuntu20-flannel-ha-once.yml

@@ -0,0 +1,22 @@
+---
+# Instance settings
+cloud_image: ubuntu-2004
+mode: ha
+
+# Kubespray settings
+kubeadm_certificate_key: 3998c58db6497dd17d909394e62d515368c06ec617710d02edea31c06d741085
+kube_proxy_mode: iptables
+kube_network_plugin: flannel
+helm_enabled: true
+krew_enabled: true
+kubernetes_audit: true
+etcd_events_cluster_enabled: true
+local_volume_provisioner_enabled: true
+kube_encrypt_secret_data: true
+ingress_nginx_enabled: true
+cert_manager_enabled: true
+# Disable as health checks are still unstable and slow to respond.
+metrics_server_enabled: false
+metrics_server_kubelet_insecure_tls: true
+kube_token_auth: true
+enable_nodelocaldns: false

tests/files/packet_ubuntu20-flannel-ha.yml

@@ -0,0 +1,10 @@
+---
+# Instance settings
+cloud_image: ubuntu-2004
+mode: ha
+
+# Kubespray settings
+kube_network_plugin: flannel
+etcd_deployment_type: kubeadm
+kubeadm_certificate_key: 3998c58db6497dd17d909394e62d515368c06ec617710d02edea31c06d741085
+skip_non_kubeadm_warning: true

tests/files/packet_ubuntu22-all-in-one-docker.yml

@@ -0,0 +1,18 @@
+---
+# Instance settings
+cloud_image: ubuntu-2204
+mode: all-in-one
+vm_memory: 1600Mi
+
+# Kubespray settings
+auto_renew_certificates: true
+
+# Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko
+kube_proxy_mode: iptables
+enable_nodelocaldns: False
+
+# Use docker
+container_manager: docker
+etcd_deployment_type: docker
+resolvconf_mode: docker_dns
+docker_repo_key_keyring: /etc/apt/trusted.gpg.d/docker.gpg

tests/files/packet_ubuntu22-calico-all-in-one.yml

@@ -0,0 +1,24 @@
+---
+# Instance settings
+cloud_image: ubuntu-2204
+mode: all-in-one
+vm_memory: 1600Mi
+
+# Kubespray settings
+auto_renew_certificates: true
+
+# Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko
+kube_proxy_mode: iptables
+enable_nodelocaldns: False
+
+containerd_registries_mirrors:
+  - prefix: docker.io
+    mirrors:
+      - host: https://mirror.gcr.io
+        capabilities: ["pull", "resolve"]
+        skip_verify: false
+  - prefix: 172.19.16.11:5000
+    mirrors:
+      - host: http://172.19.16.11:5000
+        capabilities: ["pull", "resolve", "push"]
+        skip_verify: true

tests/files/packet_ubuntu22-calico-etcd-datastore.yml

@@ -0,0 +1,29 @@
+---
+# Instance settings
+cloud_image: ubuntu-2204
+mode: node-etcd-client
+vm_memory: 1600Mi
+
+# Kubespray settings
+auto_renew_certificates: true
+
+# Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko
+kube_proxy_mode: iptables
+enable_nodelocaldns: False
+
+containerd_registries:
+  "docker.io": "https://mirror.gcr.io"
+
+containerd_registries_mirrors:
+  - prefix: docker.io
+    mirrors:
+      - host: https://mirror.gcr.io
+        capabilities: ["pull", "resolve"]
+        skip_verify: false
+  - prefix: 172.19.16.11:5000
+    mirrors:
+      - host: http://172.19.16.11:5000
+        capabilities: ["pull", "resolve", "push"]
+        skip_verify: true
+
+calico_datastore: "etcd"

tests/files/tf-elastx_ubuntu20-calico.yml

@@ -0,0 +1,5 @@
+---
+sonobuoy_enabled: true
+
+# Ignore ping errors
+ignore_assert_errors: true

tests/files/tf-ovh_ubuntu20-calico.yml

@@ -0,0 +1,7 @@
+---
+sonobuoy_enabled: true
+pkg_install_retries: 25
+retry_stagger: 10
+
+# Ignore ping errors
+ignore_assert_errors: true

tests/files/vagrant_centos7-kube-router.rb

@@ -0,0 +1,15 @@
+$num_instances = 2
+$vm_memory ||= 2048
+$os = "centos"
+
+$kube_master_instances = 1
+$etcd_instances = 1
+
+# For CI we are not worried about data persistence across reboot
+$libvirt_volume_cache = "unsafe"
+
+# Checking for box update can trigger API rate limiting
+# https://www.vagrantup.com/docs/vagrant-cloud/request-limits.html
+$box_check_update = false
+
+$network_plugin = "kube-router"

tests/files/vagrant_centos7-kube-router.yml

@@ -0,0 +1,8 @@
+---
+# Instance settings
+cloud_image: centos-7
+mode: default
+
+# Kubespray settings
+kube_network_plugin: kube-router
+enable_network_policy: true

tests/files/vagrant_fedora37-kube-router.rb

@@ -0,0 +1,15 @@
+$num_instances = 2
+$vm_memory ||= 2048
+$os = "fedora37"
+
+$kube_master_instances = 1
+$etcd_instances = 1
+
+# For CI we are not worried about data persistence across reboot
+$libvirt_volume_cache = "unsafe"
+
+# Checking for box update can trigger API rate limiting
+# https://www.vagrantup.com/docs/vagrant-cloud/request-limits.html
+$box_check_update = false
+
+$network_plugin = "kube-router"

tests/files/vagrant_fedora37-kube-router.yml

@@ -0,0 +1,7 @@
+---
+# Instance settings
+cloud_image: fedora-37
+mode: default
+
+# Kubespray settings
+kube_network_plugin: kube-router

tests/files/vagrant_ubuntu20-calico-dual-stack.rb

@@ -0,0 +1,7 @@
+# For CI we are not worried about data persistence across reboot
+$libvirt_volume_cache = "unsafe"
+
+# Checking for box update can trigger API rate limiting
+# https://www.vagrantup.com/docs/vagrant-cloud/request-limits.html
+$box_check_update = false
+$network_plugin = "calico"

tests/files/vagrant_ubuntu20-calico-dual-stack.yml

@@ -0,0 +1,3 @@
+---
+# Kubespray settings
+enable_dual_stack_networks: true

tests/files/vagrant_ubuntu20-flannel-collection.rb

@@ -0,0 +1,9 @@
+$os = "ubuntu2004"
+
+# For CI we are not worries about data persistence across reboot
+$libvirt_volume_cache = "unsafe"
+
+# Checking for box update can trigger API rate limiting
+# https://www.vagrantup.com/docs/vagrant-cloud/request-limits.html
+$box_check_update = false
+$vm_cpus = 2

tests/files/vagrant_ubuntu20-flannel-collection.yml

@@ -0,0 +1,3 @@
+---
+# Kubespray settings
+kube_network_plugin: flannel

tests/files/vagrant_ubuntu20-flannel.rb

@@ -0,0 +1,9 @@
+$os = "ubuntu2004"
+
+# For CI we are not worries about data persistence across reboot
+$libvirt_volume_cache = "unsafe"
+
+# Checking for box update can trigger API rate limiting
+# https://www.vagrantup.com/docs/vagrant-cloud/request-limits.html
+$box_check_update = false
+$vm_cpus = 2

tests/files/vagrant_ubuntu20-flannel.yml

@@ -0,0 +1,3 @@
+---
+# Kubespray settings
+kube_network_plugin: flannel

tests/files/vagrant_ubuntu20-kube-router-sep.rb

@@ -0,0 +1,15 @@
+$num_instances = 2
+$vm_memory ||= 2048
+$os = "ubuntu2004"
+
+$kube_master_instances = 1
+$etcd_instances = 1
+
+# For CI we are not worried about data persistence across reboot
+$libvirt_volume_cache = "unsafe"
+
+# Checking for box update can trigger API rate limiting
+# https://www.vagrantup.com/docs/vagrant-cloud/request-limits.html
+$box_check_update = false
+
+$network_plugin = "kube-router"

tests/files/vagrant_ubuntu20-kube-router-sep.yml

@@ -0,0 +1,8 @@
+---
+# Instance settings
+cloud_image: ubuntu-2004
+mode: separate
+
+# Kubespray settings
+bootstrap_os: ubuntu
+kube_network_plugin: kube-router

tests/files/vagrant_ubuntu20-kube-router-svc-proxy.rb

@@ -0,0 +1,10 @@
+$os = "ubuntu2004"
+
+# For CI we are not worried about data persistence across reboot
+$libvirt_volume_cache = "unsafe"
+
+# Checking for box update can trigger API rate limiting
+# https://www.vagrantup.com/docs/vagrant-cloud/request-limits.html
+$box_check_update = false
+
+$network_plugin = "kube-router"

tests/files/vagrant_ubuntu20-kube-router-svc-proxy.yml

@@ -0,0 +1,10 @@
+---
+# Instance settings
+cloud_image: ubuntu-2004
+mode: separate
+
+# Kubespray settings
+bootstrap_os: ubuntu
+kube_network_plugin: kube-router
+
+kube_router_run_service_proxy: true

tests/files/vagrant_ubuntu20-weave-medium.rb

@@ -0,0 +1,7 @@
+$num_instances = 16
+$vm_memory ||= 2048
+$os = "ubuntu2004"
+$network_plugin = "weave"
+$kube_master_instances = 1
+$etcd_instances = 1
+$playbook = "tests/cloud_playbooks/wait-for-ssh.yml"