Merge branch 'kubernetes-sigs:master' into master
commit
40cbdceb3c
|
@ -0,0 +1 @@
|
||||||
|
docs/_sidebar.md linguist-generated=true
|
|
@ -3,5 +3,5 @@ updates:
|
||||||
- package-ecosystem: "pip"
|
- package-ecosystem: "pip"
|
||||||
directory: "/"
|
directory: "/"
|
||||||
schedule:
|
schedule:
|
||||||
interval: "daily"
|
interval: "weekly"
|
||||||
labels: [ "dependencies" ]
|
labels: [ "dependencies" ]
|
||||||
|
|
|
@ -61,7 +61,17 @@ packet_ubuntu22-calico-all-in-one:
|
||||||
extends: .packet_pr
|
extends: .packet_pr
|
||||||
when: on_success
|
when: on_success
|
||||||
|
|
||||||
packet_ubuntu22-calico-etcd-datastore:
|
packet_ubuntu24-all-in-one-docker:
|
||||||
|
stage: deploy-part2
|
||||||
|
extends: .packet_pr
|
||||||
|
when: on_success
|
||||||
|
|
||||||
|
packet_ubuntu24-calico-all-in-one:
|
||||||
|
stage: deploy-part2
|
||||||
|
extends: .packet_pr
|
||||||
|
when: on_success
|
||||||
|
|
||||||
|
packet_ubuntu24-calico-etcd-datastore:
|
||||||
stage: deploy-part2
|
stage: deploy-part2
|
||||||
extends: .packet_pr
|
extends: .packet_pr
|
||||||
when: on_success
|
when: on_success
|
||||||
|
@ -174,6 +184,11 @@ packet_almalinux8-docker:
|
||||||
extends: .packet_pr
|
extends: .packet_pr
|
||||||
when: on_success
|
when: on_success
|
||||||
|
|
||||||
|
packet_amazon-linux-2-all-in-one:
|
||||||
|
stage: deploy-part2
|
||||||
|
extends: .packet_pr
|
||||||
|
when: on_success
|
||||||
|
|
||||||
packet_fedora38-docker-weave:
|
packet_fedora38-docker-weave:
|
||||||
stage: deploy-part2
|
stage: deploy-part2
|
||||||
extends: .packet_pr
|
extends: .packet_pr
|
||||||
|
@ -183,7 +198,7 @@ packet_fedora38-docker-weave:
|
||||||
packet_opensuse-docker-cilium:
|
packet_opensuse-docker-cilium:
|
||||||
stage: deploy-part2
|
stage: deploy-part2
|
||||||
extends: .packet_pr
|
extends: .packet_pr
|
||||||
when: manual
|
when: on_success
|
||||||
|
|
||||||
# ### MANUAL JOBS
|
# ### MANUAL JOBS
|
||||||
|
|
||||||
|
@ -240,11 +255,6 @@ packet_fedora37-calico-swap-selinux:
|
||||||
extends: .packet_pr
|
extends: .packet_pr
|
||||||
when: manual
|
when: manual
|
||||||
|
|
||||||
packet_amazon-linux-2-all-in-one:
|
|
||||||
stage: deploy-part2
|
|
||||||
extends: .packet_pr
|
|
||||||
when: manual
|
|
||||||
|
|
||||||
packet_almalinux8-calico-nodelocaldns-secondary:
|
packet_almalinux8-calico-nodelocaldns-secondary:
|
||||||
stage: deploy-part2
|
stage: deploy-part2
|
||||||
extends: .packet_pr
|
extends: .packet_pr
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
---
|
---
|
||||||
repos:
|
repos:
|
||||||
|
|
||||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||||
rev: v3.4.0
|
rev: v3.4.0
|
||||||
hooks:
|
hooks:
|
||||||
|
@ -25,14 +24,14 @@ repos:
|
||||||
rev: v0.11.0
|
rev: v0.11.0
|
||||||
hooks:
|
hooks:
|
||||||
- id: markdownlint
|
- id: markdownlint
|
||||||
args: [ -r, "~MD013,~MD029" ]
|
args: [-r, "~MD013,~MD029"]
|
||||||
exclude: "^.git"
|
exclude: "^.git"
|
||||||
|
|
||||||
- repo: https://github.com/jumanjihouse/pre-commit-hooks
|
- repo: https://github.com/jumanjihouse/pre-commit-hooks
|
||||||
rev: 3.0.0
|
rev: 3.0.0
|
||||||
hooks:
|
hooks:
|
||||||
- id: shellcheck
|
- id: shellcheck
|
||||||
args: [ --severity, "error" ]
|
args: [--severity, "error"]
|
||||||
exclude: "^.git"
|
exclude: "^.git"
|
||||||
files: "\\.sh$"
|
files: "\\.sh$"
|
||||||
|
|
||||||
|
@ -64,6 +63,12 @@ repos:
|
||||||
language: script
|
language: script
|
||||||
pass_filenames: false
|
pass_filenames: false
|
||||||
|
|
||||||
|
- id: generate-docs-sidebar
|
||||||
|
name: generate-docs-sidebar
|
||||||
|
entry: scripts/gen_docs_sidebar.sh
|
||||||
|
language: script
|
||||||
|
pass_filenames: false
|
||||||
|
|
||||||
- id: ci-matrix
|
- id: ci-matrix
|
||||||
name: ci-matrix
|
name: ci-matrix
|
||||||
entry: tests/scripts/md-table/test.sh
|
entry: tests/scripts/md-table/test.sh
|
||||||
|
|
108
README.md
108
README.md
|
@ -5,7 +5,7 @@
|
||||||
If you have questions, check the documentation at [kubespray.io](https://kubespray.io) and join us on the [kubernetes slack](https://kubernetes.slack.com), channel **\#kubespray**.
|
If you have questions, check the documentation at [kubespray.io](https://kubespray.io) and join us on the [kubernetes slack](https://kubernetes.slack.com), channel **\#kubespray**.
|
||||||
You can get your invite [here](http://slack.k8s.io/)
|
You can get your invite [here](http://slack.k8s.io/)
|
||||||
|
|
||||||
- Can be deployed on **[AWS](docs/aws.md), GCE, [Azure](docs/azure.md), [OpenStack](docs/openstack.md), [vSphere](docs/vsphere.md), [Equinix Metal](docs/equinix-metal.md) (bare metal), Oracle Cloud Infrastructure (Experimental), or Baremetal**
|
- Can be deployed on **[AWS](docs/cloud_providers/aws.md), GCE, [Azure](docs/cloud_providers/azure.md), [OpenStack](docs/cloud_providers/openstack.md), [vSphere](docs/cloud_providers/vsphere.md), [Equinix Metal](docs/cloud_providers/equinix-metal.md) (bare metal), Oracle Cloud Infrastructure (Experimental), or Baremetal**
|
||||||
- **Highly available** cluster
|
- **Highly available** cluster
|
||||||
- **Composable** (Choice of the network plugin for instance)
|
- **Composable** (Choice of the network plugin for instance)
|
||||||
- Supports most popular **Linux distributions**
|
- Supports most popular **Linux distributions**
|
||||||
|
@ -19,7 +19,7 @@ Below are several ways to use Kubespray to deploy a Kubernetes cluster.
|
||||||
|
|
||||||
#### Usage
|
#### Usage
|
||||||
|
|
||||||
Install Ansible according to [Ansible installation guide](/docs/ansible.md#installing-ansible)
|
Install Ansible according to [Ansible installation guide](/docs/ansible/ansible.md#installing-ansible)
|
||||||
then run the following steps:
|
then run the following steps:
|
||||||
|
|
||||||
```ShellSession
|
```ShellSession
|
||||||
|
@ -86,7 +86,7 @@ ansible-playbook -i /inventory/inventory.ini --private-key /root/.ssh/id_rsa clu
|
||||||
|
|
||||||
#### Collection
|
#### Collection
|
||||||
|
|
||||||
See [here](docs/ansible_collection.md) if you wish to use this repository as an Ansible collection
|
See [here](docs/ansible/ansible_collection.md) if you wish to use this repository as an Ansible collection
|
||||||
|
|
||||||
### Vagrant
|
### Vagrant
|
||||||
|
|
||||||
|
@ -99,7 +99,7 @@ python -V && pip -V
|
||||||
|
|
||||||
If this returns the version of the software, you're good to go. If not, download and install Python from here <https://www.python.org/downloads/source/>
|
If this returns the version of the software, you're good to go. If not, download and install Python from here <https://www.python.org/downloads/source/>
|
||||||
|
|
||||||
Install Ansible according to [Ansible installation guide](/docs/ansible.md#installing-ansible)
|
Install Ansible according to [Ansible installation guide](/docs/ansible/ansible.md#installing-ansible)
|
||||||
then run the following step:
|
then run the following step:
|
||||||
|
|
||||||
```ShellSession
|
```ShellSession
|
||||||
|
@ -109,62 +109,62 @@ vagrant up
|
||||||
## Documents
|
## Documents
|
||||||
|
|
||||||
- [Requirements](#requirements)
|
- [Requirements](#requirements)
|
||||||
- [Kubespray vs ...](docs/comparisons.md)
|
- [Kubespray vs ...](docs/getting_started/comparisons.md)
|
||||||
- [Getting started](docs/getting-started.md)
|
- [Getting started](docs/getting_started/getting-started.md)
|
||||||
- [Setting up your first cluster](docs/setting-up-your-first-cluster.md)
|
- [Setting up your first cluster](docs/getting_started/setting-up-your-first-cluster.md)
|
||||||
- [Ansible inventory and tags](docs/ansible.md)
|
- [Ansible inventory and tags](docs/ansible/ansible.md)
|
||||||
- [Integration with existing ansible repo](docs/integration.md)
|
- [Integration with existing ansible repo](docs/operations/integration.md)
|
||||||
- [Deployment data variables](docs/vars.md)
|
- [Deployment data variables](docs/ansible/vars.md)
|
||||||
- [DNS stack](docs/dns-stack.md)
|
- [DNS stack](docs/advanced/dns-stack.md)
|
||||||
- [HA mode](docs/ha-mode.md)
|
- [HA mode](docs/operations/ha-mode.md)
|
||||||
- [Network plugins](#network-plugins)
|
- [Network plugins](#network-plugins)
|
||||||
- [Vagrant install](docs/vagrant.md)
|
- [Vagrant install](docs/developers/vagrant.md)
|
||||||
- [Flatcar Container Linux bootstrap](docs/flatcar.md)
|
- [Flatcar Container Linux bootstrap](docs/operating_systems/flatcar.md)
|
||||||
- [Fedora CoreOS bootstrap](docs/fcos.md)
|
- [Fedora CoreOS bootstrap](docs/operating_systems/fcos.md)
|
||||||
- [openSUSE setup](docs/opensuse.md)
|
- [openSUSE setup](docs/operating_systems/opensuse.md)
|
||||||
- [Downloaded artifacts](docs/downloads.md)
|
- [Downloaded artifacts](docs/advanced/downloads.md)
|
||||||
- [Cloud providers](docs/cloud.md)
|
- [Cloud providers](docs/cloud_providers/cloud.md)
|
||||||
- [OpenStack](docs/openstack.md)
|
- [OpenStack](docs/cloud_providers/openstack.md)
|
||||||
- [AWS](docs/aws.md)
|
- [AWS](docs/cloud_providers/aws.md)
|
||||||
- [Azure](docs/azure.md)
|
- [Azure](docs/cloud_providers/azure.md)
|
||||||
- [vSphere](docs/vsphere.md)
|
- [vSphere](docs/cloud_providers/vsphere.md)
|
||||||
- [Equinix Metal](docs/equinix-metal.md)
|
- [Equinix Metal](docs/cloud_providers/equinix-metal.md)
|
||||||
- [Large deployments](docs/large-deployments.md)
|
- [Large deployments](docs/operations/large-deployments.md)
|
||||||
- [Adding/replacing a node](docs/nodes.md)
|
- [Adding/replacing a node](docs/operations/nodes.md)
|
||||||
- [Upgrades basics](docs/upgrades.md)
|
- [Upgrades basics](docs/operations/upgrades.md)
|
||||||
- [Air-Gap installation](docs/offline-environment.md)
|
- [Air-Gap installation](docs/operations/offline-environment.md)
|
||||||
- [NTP](docs/ntp.md)
|
- [NTP](docs/advanced/ntp.md)
|
||||||
- [Hardening](docs/hardening.md)
|
- [Hardening](docs/operations/hardening.md)
|
||||||
- [Mirror](docs/mirror.md)
|
- [Mirror](docs/operations/mirror.md)
|
||||||
- [Roadmap](docs/roadmap.md)
|
- [Roadmap](docs/roadmap/roadmap.md)
|
||||||
|
|
||||||
## Supported Linux Distributions
|
## Supported Linux Distributions
|
||||||
|
|
||||||
- **Flatcar Container Linux by Kinvolk**
|
- **Flatcar Container Linux by Kinvolk**
|
||||||
- **Debian** Bookworm, Bullseye, Buster
|
- **Debian** Bookworm, Bullseye, Buster
|
||||||
- **Ubuntu** 20.04, 22.04
|
- **Ubuntu** 20.04, 22.04
|
||||||
- **CentOS/RHEL** 7, [8, 9](docs/centos.md#centos-8)
|
- **CentOS/RHEL** 7, [8, 9](docs/operating_systems/centos.md#centos-8)
|
||||||
- **Fedora** 37, 38
|
- **Fedora** 37, 38
|
||||||
- **Fedora CoreOS** (see [fcos Note](docs/fcos.md))
|
- **Fedora CoreOS** (see [fcos Note](docs/operating_systems/fcos.md))
|
||||||
- **openSUSE** Leap 15.x/Tumbleweed
|
- **openSUSE** Leap 15.x/Tumbleweed
|
||||||
- **Oracle Linux** 7, [8, 9](docs/centos.md#centos-8)
|
- **Oracle Linux** 7, [8, 9](docs/operating_systems/centos.md#centos-8)
|
||||||
- **Alma Linux** [8, 9](docs/centos.md#centos-8)
|
- **Alma Linux** [8, 9](docs/operating_systems/centos.md#centos-8)
|
||||||
- **Rocky Linux** [8, 9](docs/centos.md#centos-8)
|
- **Rocky Linux** [8, 9](docs/operating_systems/centos.md#centos-8)
|
||||||
- **Kylin Linux Advanced Server V10** (experimental: see [kylin linux notes](docs/kylinlinux.md))
|
- **Kylin Linux Advanced Server V10** (experimental: see [kylin linux notes](docs/operating_systems/kylinlinux.md))
|
||||||
- **Amazon Linux 2** (experimental: see [amazon linux notes](docs/amazonlinux.md))
|
- **Amazon Linux 2** (experimental: see [amazon linux notes](docs/operating_systems/amazonlinux.md))
|
||||||
- **UOS Linux** (experimental: see [uos linux notes](docs/uoslinux.md))
|
- **UOS Linux** (experimental: see [uos linux notes](docs/operating_systems/uoslinux.md))
|
||||||
- **openEuler** (experimental: see [openEuler notes](docs/openeuler.md))
|
- **openEuler** (experimental: see [openEuler notes](docs/operating_systems/openeuler.md))
|
||||||
|
|
||||||
Note: Upstart/SysV init based OS types are not supported.
|
Note: Upstart/SysV init based OS types are not supported.
|
||||||
|
|
||||||
## Supported Components
|
## Supported Components
|
||||||
|
|
||||||
- Core
|
- Core
|
||||||
- [kubernetes](https://github.com/kubernetes/kubernetes) v1.29.3
|
- [kubernetes](https://github.com/kubernetes/kubernetes) v1.29.5
|
||||||
- [etcd](https://github.com/etcd-io/etcd) v3.5.12
|
- [etcd](https://github.com/etcd-io/etcd) v3.5.12
|
||||||
- [docker](https://www.docker.com/) v24.0 (see [Note](#container-runtime-notes))
|
- [docker](https://www.docker.com/) v24.0 (see [Note](#container-runtime-notes))
|
||||||
- [containerd](https://containerd.io/) v1.7.16
|
- [containerd](https://containerd.io/) v1.7.16
|
||||||
- [cri-o](http://cri-o.io/) v1.29.1 (experimental: see [CRI-O Note](docs/cri-o.md). Only on fedora, ubuntu and centos based OS)
|
- [cri-o](http://cri-o.io/) v1.29.1 (experimental: see [CRI-O Note](docs/CRI/cri-o.md). Only on fedora, ubuntu and centos based OS)
|
||||||
- Network Plugin
|
- Network Plugin
|
||||||
- [cni-plugins](https://github.com/containernetworking/plugins) v1.2.0
|
- [cni-plugins](https://github.com/containernetworking/plugins) v1.2.0
|
||||||
- [calico](https://github.com/projectcalico/calico) v3.27.3
|
- [calico](https://github.com/projectcalico/calico) v3.27.3
|
||||||
|
@ -178,9 +178,9 @@ Note: Upstart/SysV init based OS types are not supported.
|
||||||
- Application
|
- Application
|
||||||
- [cert-manager](https://github.com/jetstack/cert-manager) v1.13.2
|
- [cert-manager](https://github.com/jetstack/cert-manager) v1.13.2
|
||||||
- [coredns](https://github.com/coredns/coredns) v1.11.1
|
- [coredns](https://github.com/coredns/coredns) v1.11.1
|
||||||
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.9.6
|
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.10.1
|
||||||
- [krew](https://github.com/kubernetes-sigs/krew) v0.4.4
|
- [krew](https://github.com/kubernetes-sigs/krew) v0.4.4
|
||||||
- [argocd](https://argoproj.github.io/) v2.8.4
|
- [argocd](https://argoproj.github.io/) v2.11.0
|
||||||
- [helm](https://helm.sh/) v3.14.2
|
- [helm](https://helm.sh/) v3.14.2
|
||||||
- [metallb](https://metallb.universe.tf/) v0.13.9
|
- [metallb](https://metallb.universe.tf/) v0.13.9
|
||||||
- [registry](https://github.com/distribution/distribution) v2.8.1
|
- [registry](https://github.com/distribution/distribution) v2.8.1
|
||||||
|
@ -204,7 +204,7 @@ Note: Upstart/SysV init based OS types are not supported.
|
||||||
|
|
||||||
- **Minimum required version of Kubernetes is v1.27**
|
- **Minimum required version of Kubernetes is v1.27**
|
||||||
- **Ansible v2.14+, Jinja 2.11+ and python-netaddr is installed on the machine that will run Ansible commands**
|
- **Ansible v2.14+, Jinja 2.11+ and python-netaddr is installed on the machine that will run Ansible commands**
|
||||||
- The target servers must have **access to the Internet** in order to pull docker images. Otherwise, additional configuration is required (See [Offline Environment](docs/offline-environment.md))
|
- The target servers must have **access to the Internet** in order to pull docker images. Otherwise, additional configuration is required (See [Offline Environment](docs/operations/offline-environment.md))
|
||||||
- The target servers are configured to allow **IPv4 forwarding**.
|
- The target servers are configured to allow **IPv4 forwarding**.
|
||||||
- If using IPv6 for pods and services, the target servers are configured to allow **IPv6 forwarding**.
|
- If using IPv6 for pods and services, the target servers are configured to allow **IPv6 forwarding**.
|
||||||
- The **firewalls are not managed**, you'll need to implement your own rules the way you used to.
|
- The **firewalls are not managed**, you'll need to implement your own rules the way you used to.
|
||||||
|
@ -225,7 +225,7 @@ These limits are safeguarded by Kubespray. Actual requirements for your workload
|
||||||
|
|
||||||
You can choose among ten network plugins. (default: `calico`, except Vagrant uses `flannel`)
|
You can choose among ten network plugins. (default: `calico`, except Vagrant uses `flannel`)
|
||||||
|
|
||||||
- [flannel](docs/flannel.md): gre/vxlan (layer 2) networking.
|
- [flannel](docs/CNI/flannel.md): gre/vxlan (layer 2) networking.
|
||||||
|
|
||||||
- [Calico](https://docs.tigera.io/calico/latest/about/) is a networking and network policy provider. Calico supports a flexible set of networking options
|
- [Calico](https://docs.tigera.io/calico/latest/about/) is a networking and network policy provider. Calico supports a flexible set of networking options
|
||||||
designed to give you the most efficient networking across a range of situations, including non-overlay
|
designed to give you the most efficient networking across a range of situations, including non-overlay
|
||||||
|
@ -234,32 +234,32 @@ You can choose among ten network plugins. (default: `calico`, except Vagrant use
|
||||||
|
|
||||||
- [cilium](http://docs.cilium.io/en/latest/): layer 3/4 networking (as well as layer 7 to protect and secure application protocols), supports dynamic insertion of BPF bytecode into the Linux kernel to implement security services, networking and visibility logic.
|
- [cilium](http://docs.cilium.io/en/latest/): layer 3/4 networking (as well as layer 7 to protect and secure application protocols), supports dynamic insertion of BPF bytecode into the Linux kernel to implement security services, networking and visibility logic.
|
||||||
|
|
||||||
- [weave](docs/weave.md): Weave is a lightweight container overlay network that doesn't require an external K/V database cluster.
|
- [weave](docs/CNI/weave.md): Weave is a lightweight container overlay network that doesn't require an external K/V database cluster.
|
||||||
(Please refer to `weave` [troubleshooting documentation](https://www.weave.works/docs/net/latest/troubleshooting/)).
|
(Please refer to `weave` [troubleshooting documentation](https://www.weave.works/docs/net/latest/troubleshooting/)).
|
||||||
|
|
||||||
- [kube-ovn](docs/kube-ovn.md): Kube-OVN integrates the OVN-based Network Virtualization with Kubernetes. It offers an advanced Container Network Fabric for Enterprises.
|
- [kube-ovn](docs/CNI/kube-ovn.md): Kube-OVN integrates the OVN-based Network Virtualization with Kubernetes. It offers an advanced Container Network Fabric for Enterprises.
|
||||||
|
|
||||||
- [kube-router](docs/kube-router.md): Kube-router is a L3 CNI for Kubernetes networking aiming to provide operational
|
- [kube-router](docs/CNI/kube-router.md): Kube-router is a L3 CNI for Kubernetes networking aiming to provide operational
|
||||||
simplicity and high performance: it uses IPVS to provide Kube Services Proxy (if setup to replace kube-proxy),
|
simplicity and high performance: it uses IPVS to provide Kube Services Proxy (if setup to replace kube-proxy),
|
||||||
iptables for network policies, and BGP for ods L3 networking (with optionally BGP peering with out-of-cluster BGP peers).
|
iptables for network policies, and BGP for ods L3 networking (with optionally BGP peering with out-of-cluster BGP peers).
|
||||||
It can also optionally advertise routes to Kubernetes cluster Pods CIDRs, ClusterIPs, ExternalIPs and LoadBalancerIPs.
|
It can also optionally advertise routes to Kubernetes cluster Pods CIDRs, ClusterIPs, ExternalIPs and LoadBalancerIPs.
|
||||||
|
|
||||||
- [macvlan](docs/macvlan.md): Macvlan is a Linux network driver. Pods have their own unique Mac and Ip address, connected directly the physical (layer 2) network.
|
- [macvlan](docs/CNI/macvlan.md): Macvlan is a Linux network driver. Pods have their own unique Mac and Ip address, connected directly the physical (layer 2) network.
|
||||||
|
|
||||||
- [multus](docs/multus.md): Multus is a meta CNI plugin that provides multiple network interface support to pods. For each interface Multus delegates CNI calls to secondary CNI plugins such as Calico, macvlan, etc.
|
- [multus](docs/CNI/multus.md): Multus is a meta CNI plugin that provides multiple network interface support to pods. For each interface Multus delegates CNI calls to secondary CNI plugins such as Calico, macvlan, etc.
|
||||||
|
|
||||||
- [custom_cni](roles/network-plugin/custom_cni/) : You can specify some manifests that will be applied to the clusters to bring you own CNI and use non-supported ones by Kubespray.
|
- [custom_cni](roles/network-plugin/custom_cni/) : You can specify some manifests that will be applied to the clusters to bring you own CNI and use non-supported ones by Kubespray.
|
||||||
See `tests/files/custom_cni/README.md` and `tests/files/custom_cni/values.yaml`for an example with a CNI provided by a Helm Chart.
|
See `tests/files/custom_cni/README.md` and `tests/files/custom_cni/values.yaml`for an example with a CNI provided by a Helm Chart.
|
||||||
|
|
||||||
The network plugin to use is defined by the variable `kube_network_plugin`. There is also an
|
The network plugin to use is defined by the variable `kube_network_plugin`. There is also an
|
||||||
option to leverage built-in cloud provider networking instead.
|
option to leverage built-in cloud provider networking instead.
|
||||||
See also [Network checker](docs/netcheck.md).
|
See also [Network checker](docs/advanced/netcheck.md).
|
||||||
|
|
||||||
## Ingress Plugins
|
## Ingress Plugins
|
||||||
|
|
||||||
- [nginx](https://kubernetes.github.io/ingress-nginx): the NGINX Ingress Controller.
|
- [nginx](https://kubernetes.github.io/ingress-nginx): the NGINX Ingress Controller.
|
||||||
|
|
||||||
- [metallb](docs/metallb.md): the MetalLB bare-metal service LoadBalancer provider.
|
- [metallb](docs/ingress/metallb.md): the MetalLB bare-metal service LoadBalancer provider.
|
||||||
|
|
||||||
## Community docs and resources
|
## Community docs and resources
|
||||||
|
|
||||||
|
@ -280,4 +280,4 @@ See also [Network checker](docs/netcheck.md).
|
||||||
|
|
||||||
CI/end-to-end tests sponsored by: [CNCF](https://cncf.io), [Equinix Metal](https://metal.equinix.com/), [OVHcloud](https://www.ovhcloud.com/), [ELASTX](https://elastx.se/).
|
CI/end-to-end tests sponsored by: [CNCF](https://cncf.io), [Equinix Metal](https://metal.equinix.com/), [OVHcloud](https://www.ovhcloud.com/), [ELASTX](https://elastx.se/).
|
||||||
|
|
||||||
See the [test matrix](docs/test_cases.md) for details.
|
See the [test matrix](docs/developers/test_cases.md) for details.
|
||||||
|
|
|
@ -21,13 +21,15 @@ SUPPORTED_OS = {
|
||||||
"flatcar-edge" => {box: "flatcar-edge", user: "core", box_url: FLATCAR_URL_TEMPLATE % ["edge"]},
|
"flatcar-edge" => {box: "flatcar-edge", user: "core", box_url: FLATCAR_URL_TEMPLATE % ["edge"]},
|
||||||
"ubuntu2004" => {box: "generic/ubuntu2004", user: "vagrant"},
|
"ubuntu2004" => {box: "generic/ubuntu2004", user: "vagrant"},
|
||||||
"ubuntu2204" => {box: "generic/ubuntu2204", user: "vagrant"},
|
"ubuntu2204" => {box: "generic/ubuntu2204", user: "vagrant"},
|
||||||
|
"ubuntu2404" => {box: "bento/ubuntu-24.04", user: "vagrant"},
|
||||||
"centos" => {box: "centos/7", user: "vagrant"},
|
"centos" => {box: "centos/7", user: "vagrant"},
|
||||||
"centos-bento" => {box: "bento/centos-7.6", user: "vagrant"},
|
"centos-bento" => {box: "bento/centos-7.6", user: "vagrant"},
|
||||||
"centos8" => {box: "centos/8", user: "vagrant"},
|
"centos8" => {box: "centos/8", user: "vagrant"},
|
||||||
"centos8-bento" => {box: "bento/centos-8", user: "vagrant"},
|
"centos8-bento" => {box: "bento/centos-8", user: "vagrant"},
|
||||||
"almalinux8" => {box: "almalinux/8", user: "vagrant"},
|
"almalinux8" => {box: "almalinux/8", user: "vagrant"},
|
||||||
"almalinux8-bento" => {box: "bento/almalinux-8", user: "vagrant"},
|
"almalinux8-bento" => {box: "bento/almalinux-8", user: "vagrant"},
|
||||||
"rockylinux8" => {box: "generic/rocky8", user: "vagrant"},
|
"rockylinux8" => {box: "rockylinux/8", user: "vagrant"},
|
||||||
|
"rockylinux9" => {box: "rockylinux/9", user: "vagrant"},
|
||||||
"fedora37" => {box: "fedora/37-cloud-base", user: "vagrant"},
|
"fedora37" => {box: "fedora/37-cloud-base", user: "vagrant"},
|
||||||
"fedora38" => {box: "fedora/38-cloud-base", user: "vagrant"},
|
"fedora38" => {box: "fedora/38-cloud-base", user: "vagrant"},
|
||||||
"opensuse" => {box: "opensuse/Leap-15.4.x86_64", user: "vagrant"},
|
"opensuse" => {box: "opensuse/Leap-15.4.x86_64", user: "vagrant"},
|
||||||
|
@ -36,6 +38,8 @@ SUPPORTED_OS = {
|
||||||
"oraclelinux8" => {box: "generic/oracle8", user: "vagrant"},
|
"oraclelinux8" => {box: "generic/oracle8", user: "vagrant"},
|
||||||
"rhel7" => {box: "generic/rhel7", user: "vagrant"},
|
"rhel7" => {box: "generic/rhel7", user: "vagrant"},
|
||||||
"rhel8" => {box: "generic/rhel8", user: "vagrant"},
|
"rhel8" => {box: "generic/rhel8", user: "vagrant"},
|
||||||
|
"debian11" => {box: "debian/bullseye64", user: "vagrant"},
|
||||||
|
"debian12" => {box: "debian/bookworm64", user: "vagrant"},
|
||||||
}
|
}
|
||||||
|
|
||||||
if File.exist?(CONFIG)
|
if File.exist?(CONFIG)
|
||||||
|
@ -185,6 +189,14 @@ Vagrant.configure("2") do |config|
|
||||||
lv.storage :file, :device => "hd#{driverletters[d]}", :path => "disk-#{i}-#{d}-#{DISK_UUID}.disk", :size => $kube_node_instances_with_disks_size, :bus => "scsi"
|
lv.storage :file, :device => "hd#{driverletters[d]}", :path => "disk-#{i}-#{d}-#{DISK_UUID}.disk", :size => $kube_node_instances_with_disks_size, :bus => "scsi"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
node.vm.provider :virtualbox do |vb|
|
||||||
|
# always make /dev/sd{a/b/c} so that CI can ensure that
|
||||||
|
# virtualbox and libvirt will have the same devices to use for OSDs
|
||||||
|
(1..$kube_node_instances_with_disks_number).each do |d|
|
||||||
|
vb.customize ['createhd', '--filename', "disk-#{i}-#{driverletters[d]}-#{DISK_UUID}.disk", '--size', $kube_node_instances_with_disks_size] # 10GB disk
|
||||||
|
vb.customize ['storageattach', :id, '--storagectl', 'SATA Controller', '--port', d, '--device', 0, '--type', 'hdd', '--medium', "disk-#{i}-#{driverletters[d]}-#{DISK_UUID}.disk", '--nonrotational', 'on', '--mtype', 'normal']
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
if $expose_docker_tcp
|
if $expose_docker_tcp
|
||||||
|
@ -235,6 +247,13 @@ Vagrant.configure("2") do |config|
|
||||||
SHELL
|
SHELL
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Rockylinux boxes needs UEFI
|
||||||
|
if ["rockylinux8", "rockylinux9"].include? $os
|
||||||
|
config.vm.provider "libvirt" do |domain|
|
||||||
|
domain.loader = "/usr/share/OVMF/x64/OVMF_CODE.fd"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
# Disable firewalld on oraclelinux/redhat vms
|
# Disable firewalld on oraclelinux/redhat vms
|
||||||
if ["oraclelinux","oraclelinux8","rhel7","rhel8","rockylinux8"].include? $os
|
if ["oraclelinux","oraclelinux8","rhel7","rhel8","rockylinux8"].include? $os
|
||||||
node.vm.provision "shell", inline: "systemctl stop firewalld; systemctl disable firewalld"
|
node.vm.provision "shell", inline: "systemctl stop firewalld; systemctl disable firewalld"
|
||||||
|
|
|
@ -49,7 +49,7 @@ If you need to delete all resources from a resource group, simply call:
|
||||||
|
|
||||||
## Installing Ansible and the dependencies
|
## Installing Ansible and the dependencies
|
||||||
|
|
||||||
Install Ansible according to [Ansible installation guide](/docs/ansible.md#installing-ansible)
|
Install Ansible according to [Ansible installation guide](/docs/ansible/ansible.md#installing-ansible)
|
||||||
|
|
||||||
## Generating an inventory for kubespray
|
## Generating an inventory for kubespray
|
||||||
|
|
||||||
|
|
|
@ -35,7 +35,7 @@ now six total etcd replicas.
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
- [Install Terraform](https://www.terraform.io/intro/getting-started/install.html)
|
- [Install Terraform](https://www.terraform.io/intro/getting-started/install.html)
|
||||||
- [Install Ansible dependencies](/docs/ansible.md#installing-ansible)
|
- [Install Ansible dependencies](/docs/ansible/ansible.md#installing-ansible)
|
||||||
- Account with Equinix Metal
|
- Account with Equinix Metal
|
||||||
- An SSH key pair
|
- An SSH key pair
|
||||||
|
|
||||||
|
|
|
@ -619,7 +619,7 @@ Edit `inventory/$CLUSTER/group_vars/k8s_cluster/k8s_cluster.yml`:
|
||||||
|
|
||||||
- Set variable **kube_network_plugin** to your desired networking plugin.
|
- Set variable **kube_network_plugin** to your desired networking plugin.
|
||||||
- **flannel** works out-of-the-box
|
- **flannel** works out-of-the-box
|
||||||
- **calico** requires [configuring OpenStack Neutron ports](/docs/openstack.md) to allow service and pod subnets
|
- **calico** requires [configuring OpenStack Neutron ports](/docs/cloud_providers/openstack.md) to allow service and pod subnets
|
||||||
|
|
||||||
```yml
|
```yml
|
||||||
# Choose network plugin (calico, weave or flannel)
|
# Choose network plugin (calico, weave or flannel)
|
||||||
|
|
|
@ -382,7 +382,7 @@ To clean up any ipvs leftovers:
|
||||||
|
|
||||||
Calico node, typha and kube-controllers need to be able to talk to the kubernetes API. Please reference the [Enabling eBPF Calico Docs](https://docs.projectcalico.org/maintenance/ebpf/enabling-bpf) for guidelines on how to do this.
|
Calico node, typha and kube-controllers need to be able to talk to the kubernetes API. Please reference the [Enabling eBPF Calico Docs](https://docs.projectcalico.org/maintenance/ebpf/enabling-bpf) for guidelines on how to do this.
|
||||||
|
|
||||||
Kubespray sets up the `kubernetes-services-endpoint` configmap based on the contents of the `loadbalancer_apiserver` inventory variable documented in [HA Mode](/docs/ha-mode.md).
|
Kubespray sets up the `kubernetes-services-endpoint` configmap based on the contents of the `loadbalancer_apiserver` inventory variable documented in [HA Mode](/docs/operations/ha-mode.md).
|
||||||
|
|
||||||
If no external loadbalancer is used, Calico eBPF can also use the localhost loadbalancer option. We are able to do so only if you use the same port for the localhost apiserver loadbalancer and the kube-apiserver. In this case Calico Automatic Host Endpoints need to be enabled to allow services like `coredns` and `metrics-server` to communicate with the kubernetes host endpoint. See [this blog post](https://www.projectcalico.org/securing-kubernetes-nodes-with-calico-automatic-host-endpoints/) on enabling automatic host endpoints.
|
If no external loadbalancer is used, Calico eBPF can also use the localhost loadbalancer option. We are able to do so only if you use the same port for the localhost apiserver loadbalancer and the kube-apiserver. In this case Calico Automatic Host Endpoints need to be enabled to allow services like `coredns` and `metrics-server` to communicate with the kubernetes host endpoint. See [this blog post](https://www.projectcalico.org/securing-kubernetes-nodes-with-calico-automatic-host-endpoints/) on enabling automatic host endpoints.
|
||||||
|
|
|
@ -99,7 +99,7 @@ cilium_operator_extra_volume_mounts:
|
||||||
## Choose Cilium version
|
## Choose Cilium version
|
||||||
|
|
||||||
```yml
|
```yml
|
||||||
cilium_version: v1.15.4
|
cilium_version: v1.12.1
|
||||||
```
|
```
|
||||||
|
|
||||||
## Add variable to config
|
## Add variable to config
|
|
@ -1,66 +1,94 @@
|
||||||
* [Readme](/)
|
* [Readme](/)
|
||||||
* [Comparisons](/docs/comparisons.md)
|
|
||||||
* [Getting started](/docs/getting-started.md)
|
|
||||||
* [Ansible](docs/ansible.md)
|
|
||||||
* [Variables](/docs/vars.md)
|
|
||||||
* Operations
|
|
||||||
* [Integration](docs/integration.md)
|
|
||||||
* [Upgrades](/docs/upgrades.md)
|
|
||||||
* [HA Mode](docs/ha-mode.md)
|
|
||||||
* [Adding/replacing a node](docs/nodes.md)
|
|
||||||
* [Large deployments](docs/large-deployments.md)
|
|
||||||
* [Air-Gap Installation](docs/offline-environment.md)
|
|
||||||
* CNI
|
|
||||||
* [Calico](docs/calico.md)
|
|
||||||
* [Flannel](docs/flannel.md)
|
|
||||||
* [Cilium](docs/cilium.md)
|
|
||||||
* [Kube Router](docs/kube-router.md)
|
|
||||||
* [Kube OVN](docs/kube-ovn.md)
|
|
||||||
* [Weave](docs/weave.md)
|
|
||||||
* [Multus](docs/multus.md)
|
|
||||||
* Ingress
|
|
||||||
* [kube-vip](docs/kube-vip.md)
|
|
||||||
* [ALB Ingress](docs/ingress_controller/alb_ingress_controller.md)
|
|
||||||
* [MetalLB](docs/metallb.md)
|
|
||||||
* [Nginx Ingress](docs/ingress_controller/ingress_nginx.md)
|
|
||||||
* [Cloud providers](docs/cloud.md)
|
|
||||||
* [AWS](docs/aws.md)
|
|
||||||
* [Azure](docs/azure.md)
|
|
||||||
* [OpenStack](/docs/openstack.md)
|
|
||||||
* [Equinix Metal](/docs/equinix-metal.md)
|
|
||||||
* [vSphere](/docs/vsphere.md)
|
|
||||||
* [Operating Systems](docs/bootstrap-os.md)
|
|
||||||
* [Flatcar Container Linux](docs/flatcar.md)
|
|
||||||
* [Fedora CoreOS](docs/fcos.md)
|
|
||||||
* [OpenSUSE](docs/opensuse.md)
|
|
||||||
* [RedHat Enterprise Linux](docs/rhel.md)
|
|
||||||
* [CentOS/OracleLinux/AlmaLinux/Rocky Linux](docs/centos.md)
|
|
||||||
* [Kylin Linux Advanced Server V10](docs/kylinlinux.md)
|
|
||||||
* [Amazon Linux 2](docs/amazonlinux.md)
|
|
||||||
* [UOS Linux](docs/uoslinux.md)
|
|
||||||
* [openEuler notes](docs/openeuler.md)
|
|
||||||
* CRI
|
|
||||||
* [Containerd](docs/containerd.md)
|
|
||||||
* [Docker](docs/docker.md)
|
|
||||||
* [CRI-O](docs/cri-o.md)
|
|
||||||
* [Kata Containers](docs/kata-containers.md)
|
|
||||||
* [gVisor](docs/gvisor.md)
|
|
||||||
* Advanced
|
* Advanced
|
||||||
* [Proxy](/docs/proxy.md)
|
* [Arch](/docs/advanced/arch.md)
|
||||||
* [Downloads](docs/downloads.md)
|
* [Cert Manager](/docs/advanced/cert_manager.md)
|
||||||
* [Netcheck](docs/netcheck.md)
|
* [Dns-stack](/docs/advanced/dns-stack.md)
|
||||||
* [Cert Manager](docs/cert_manager.md)
|
* [Downloads](/docs/advanced/downloads.md)
|
||||||
* [DNS Stack](docs/dns-stack.md)
|
* [Gcp-lb](/docs/advanced/gcp-lb.md)
|
||||||
* [Kubernetes reliability](docs/kubernetes-reliability.md)
|
* [Kubernetes-reliability](/docs/advanced/kubernetes-reliability.md)
|
||||||
* [Local Registry](docs/kubernetes-apps/registry.md)
|
* [Mitogen](/docs/advanced/mitogen.md)
|
||||||
* [NTP](docs/ntp.md)
|
* [Netcheck](/docs/advanced/netcheck.md)
|
||||||
* External Storage Provisioners
|
* [Ntp](/docs/advanced/ntp.md)
|
||||||
* [RBD Provisioner](docs/kubernetes-apps/rbd_provisioner.md)
|
* [Proxy](/docs/advanced/proxy.md)
|
||||||
* [CEPHFS Provisioner](docs/kubernetes-apps/cephfs_provisioner.md)
|
* [Registry](/docs/advanced/registry.md)
|
||||||
* [Local Volume Provisioner](docs/kubernetes-apps/local_volume_provisioner.md)
|
* Ansible
|
||||||
|
* [Ansible](/docs/ansible/ansible.md)
|
||||||
|
* [Ansible Collection](/docs/ansible/ansible_collection.md)
|
||||||
|
* [Vars](/docs/ansible/vars.md)
|
||||||
|
* Cloud Providers
|
||||||
|
* [Aws](/docs/cloud_providers/aws.md)
|
||||||
|
* [Azure](/docs/cloud_providers/azure.md)
|
||||||
|
* [Cloud](/docs/cloud_providers/cloud.md)
|
||||||
|
* [Equinix-metal](/docs/cloud_providers/equinix-metal.md)
|
||||||
|
* [Openstack](/docs/cloud_providers/openstack.md)
|
||||||
|
* [Vsphere](/docs/cloud_providers/vsphere.md)
|
||||||
|
* CNI
|
||||||
|
* [Calico](/docs/CNI/calico.md)
|
||||||
|
* [Cilium](/docs/CNI/cilium.md)
|
||||||
|
* [Cni](/docs/CNI/cni.md)
|
||||||
|
* [Flannel](/docs/CNI/flannel.md)
|
||||||
|
* [Kube-ovn](/docs/CNI/kube-ovn.md)
|
||||||
|
* [Kube-router](/docs/CNI/kube-router.md)
|
||||||
|
* [Macvlan](/docs/CNI/macvlan.md)
|
||||||
|
* [Multus](/docs/CNI/multus.md)
|
||||||
|
* [Weave](/docs/CNI/weave.md)
|
||||||
|
* CRI
|
||||||
|
* [Containerd](/docs/CRI/containerd.md)
|
||||||
|
* [Cri-o](/docs/CRI/cri-o.md)
|
||||||
|
* [Docker](/docs/CRI/docker.md)
|
||||||
|
* [Gvisor](/docs/CRI/gvisor.md)
|
||||||
|
* [Kata-containers](/docs/CRI/kata-containers.md)
|
||||||
|
* CSI
|
||||||
|
* [Aws-ebs-csi](/docs/CSI/aws-ebs-csi.md)
|
||||||
|
* [Azure-csi](/docs/CSI/azure-csi.md)
|
||||||
|
* [Cinder-csi](/docs/CSI/cinder-csi.md)
|
||||||
|
* [Gcp-pd-csi](/docs/CSI/gcp-pd-csi.md)
|
||||||
|
* [Vsphere-csi](/docs/CSI/vsphere-csi.md)
|
||||||
* Developers
|
* Developers
|
||||||
* [Test cases](docs/test_cases.md)
|
* [Ci-setup](/docs/developers/ci-setup.md)
|
||||||
* [Vagrant](docs/vagrant.md)
|
* [Ci](/docs/developers/ci.md)
|
||||||
* [CI Matrix](docs/ci.md)
|
* [Test Cases](/docs/developers/test_cases.md)
|
||||||
* [CI Setup](docs/ci-setup.md)
|
* [Vagrant](/docs/developers/vagrant.md)
|
||||||
* [Roadmap](docs/roadmap.md)
|
* External Storage Provisioners
|
||||||
|
* [Cephfs Provisioner](/docs/external_storage_provisioners/cephfs_provisioner.md)
|
||||||
|
* [Local Volume Provisioner](/docs/external_storage_provisioners/local_volume_provisioner.md)
|
||||||
|
* [Rbd Provisioner](/docs/external_storage_provisioners/rbd_provisioner.md)
|
||||||
|
* [Scheduler Plugins](/docs/external_storage_provisioners/scheduler_plugins.md)
|
||||||
|
* Getting Started
|
||||||
|
* [Comparisons](/docs/getting_started/comparisons.md)
|
||||||
|
* [Getting-started](/docs/getting_started/getting-started.md)
|
||||||
|
* [Setting-up-your-first-cluster](/docs/getting_started/setting-up-your-first-cluster.md)
|
||||||
|
* Ingress
|
||||||
|
* [Alb Ingress Controller](/docs/ingress/alb_ingress_controller.md)
|
||||||
|
* [Ingress Nginx](/docs/ingress/ingress_nginx.md)
|
||||||
|
* [Kube-vip](/docs/ingress/kube-vip.md)
|
||||||
|
* [Metallb](/docs/ingress/metallb.md)
|
||||||
|
* Operating Systems
|
||||||
|
* [Amazonlinux](/docs/operating_systems/amazonlinux.md)
|
||||||
|
* [Bootstrap-os](/docs/operating_systems/bootstrap-os.md)
|
||||||
|
* [Centos](/docs/operating_systems/centos.md)
|
||||||
|
* [Fcos](/docs/operating_systems/fcos.md)
|
||||||
|
* [Flatcar](/docs/operating_systems/flatcar.md)
|
||||||
|
* [Kylinlinux](/docs/operating_systems/kylinlinux.md)
|
||||||
|
* [Openeuler](/docs/operating_systems/openeuler.md)
|
||||||
|
* [Opensuse](/docs/operating_systems/opensuse.md)
|
||||||
|
* [Rhel](/docs/operating_systems/rhel.md)
|
||||||
|
* [Uoslinux](/docs/operating_systems/uoslinux.md)
|
||||||
|
* Operations
|
||||||
|
* [Cgroups](/docs/operations/cgroups.md)
|
||||||
|
* [Encrypting-secret-data-at-rest](/docs/operations/encrypting-secret-data-at-rest.md)
|
||||||
|
* [Etcd](/docs/operations/etcd.md)
|
||||||
|
* [Ha-mode](/docs/operations/ha-mode.md)
|
||||||
|
* [Hardening](/docs/operations/hardening.md)
|
||||||
|
* [Integration](/docs/operations/integration.md)
|
||||||
|
* [Large-deployments](/docs/operations/large-deployments.md)
|
||||||
|
* [Mirror](/docs/operations/mirror.md)
|
||||||
|
* [Nodes](/docs/operations/nodes.md)
|
||||||
|
* [Offline-environment](/docs/operations/offline-environment.md)
|
||||||
|
* [Port-requirements](/docs/operations/port-requirements.md)
|
||||||
|
* [Recover-control-plane](/docs/operations/recover-control-plane.md)
|
||||||
|
* [Upgrades](/docs/operations/upgrades.md)
|
||||||
|
* Roadmap
|
||||||
|
* [Roadmap](/docs/roadmap/roadmap.md)
|
||||||
|
* Upgrades
|
||||||
|
* [Migrate Docker2containerd](/docs/upgrades/migrate_docker2containerd.md)
|
||||||
|
|
|
@ -59,7 +59,7 @@ not _kube_node_.
|
||||||
|
|
||||||
There are also two special groups:
|
There are also two special groups:
|
||||||
|
|
||||||
* **calico_rr** : explained for [advanced Calico networking cases](/docs/calico.md)
|
* **calico_rr** : explained for [advanced Calico networking cases](/docs/CNI/calico.md)
|
||||||
* **bastion** : configure a bastion host if your nodes are not directly reachable
|
* **bastion** : configure a bastion host if your nodes are not directly reachable
|
||||||
|
|
||||||
Below is a complete inventory example:
|
Below is a complete inventory example:
|
||||||
|
@ -285,7 +285,7 @@ For more information about Ansible and bastion hosts, read
|
||||||
|
|
||||||
## Mitogen
|
## Mitogen
|
||||||
|
|
||||||
Mitogen support is deprecated, please see [mitogen related docs](/docs/mitogen.md) for usage and reasons for deprecation.
|
Mitogen support is deprecated, please see [mitogen related docs](/docs/advanced/mitogen.md) for usage and reasons for deprecation.
|
||||||
|
|
||||||
## Beyond ansible 2.9
|
## Beyond ansible 2.9
|
||||||
|
|
|
@ -46,11 +46,11 @@ Some variables of note include:
|
||||||
* *loadbalancer_apiserver* - If defined, all hosts will connect to this
|
* *loadbalancer_apiserver* - If defined, all hosts will connect to this
|
||||||
address instead of localhost for kube_control_planes and kube_control_plane[0] for
|
address instead of localhost for kube_control_planes and kube_control_plane[0] for
|
||||||
kube_nodes. See more details in the
|
kube_nodes. See more details in the
|
||||||
[HA guide](/docs/ha-mode.md).
|
[HA guide](/docs/operations/ha-mode.md).
|
||||||
* *loadbalancer_apiserver_localhost* - makes all hosts to connect to
|
* *loadbalancer_apiserver_localhost* - makes all hosts to connect to
|
||||||
the apiserver internally load balanced endpoint. Mutual exclusive to the
|
the apiserver internally load balanced endpoint. Mutual exclusive to the
|
||||||
`loadbalancer_apiserver`. See more details in the
|
`loadbalancer_apiserver`. See more details in the
|
||||||
[HA guide](/docs/ha-mode.md).
|
[HA guide](/docs/operations/ha-mode.md).
|
||||||
|
|
||||||
## Cluster variables
|
## Cluster variables
|
||||||
|
|
|
@ -54,7 +54,7 @@ cd kubespray
|
||||||
|
|
||||||
## Install Ansible
|
## Install Ansible
|
||||||
|
|
||||||
Install Ansible according to [Ansible installation guide](/docs/ansible.md#installing-ansible)
|
Install Ansible according to [Ansible installation guide](/docs/ansible/ansible.md#installing-ansible)
|
||||||
|
|
||||||
## Cluster Definition
|
## Cluster Definition
|
||||||
|
|
|
@ -54,7 +54,7 @@ external_vsphere_kubernetes_cluster_id: "kubernetes-cluster-id"
|
||||||
vsphere_csi_enabled: true
|
vsphere_csi_enabled: true
|
||||||
```
|
```
|
||||||
|
|
||||||
For a more fine-grained CSI setup, refer to the [vsphere-csi](/docs/vsphere-csi.md) documentation.
|
For a more fine-grained CSI setup, refer to the [vsphere-csi](/docs/CSI/vsphere-csi.md) documentation.
|
||||||
|
|
||||||
### Deployment
|
### Deployment
|
||||||
|
|
|
@ -19,6 +19,7 @@ rockylinux8 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||||
rockylinux9 | :white_check_mark: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
|
rockylinux9 | :white_check_mark: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||||
ubuntu20 | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: |
|
ubuntu20 | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: |
|
||||||
ubuntu22 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
ubuntu22 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||||
|
ubuntu24 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||||
|
|
||||||
## crio
|
## crio
|
||||||
|
|
||||||
|
@ -37,6 +38,7 @@ rockylinux8 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||||
rockylinux9 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
rockylinux9 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||||
ubuntu20 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
ubuntu20 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||||
ubuntu22 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
ubuntu22 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||||
|
ubuntu24 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||||
|
|
||||||
## docker
|
## docker
|
||||||
|
|
||||||
|
@ -55,3 +57,4 @@ rockylinux8 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||||
rockylinux9 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
rockylinux9 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||||
ubuntu20 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: |
|
ubuntu20 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: |
|
||||||
ubuntu22 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
ubuntu22 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||||
|
ubuntu24 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
|
@ -25,7 +25,7 @@ Note, the canal network plugin deploys flannel as well plus calico policy contro
|
||||||
|
|
||||||
## Test cases
|
## Test cases
|
||||||
|
|
||||||
The [CI Matrix](/docs/ci.md) displays OS, Network Plugin and Container Manager tested.
|
The [CI Matrix](/docs/developers/ci.md) displays OS, Network Plugin and Container Manager tested.
|
||||||
|
|
||||||
All tests are breakdown into 3 "stages" ("Stage" means a build step of the build pipeline) as follows:
|
All tests are breakdown into 3 "stages" ("Stage" means a build step of the build pipeline) as follows:
|
||||||
|
|
|
@ -52,7 +52,7 @@ speed, the variable 'download_run_once' is set. This will make kubespray
|
||||||
download all files and containers just once and then redistributes them to
|
download all files and containers just once and then redistributes them to
|
||||||
the other nodes and as a bonus, also cache all downloads locally and re-use
|
the other nodes and as a bonus, also cache all downloads locally and re-use
|
||||||
them on the next provisioning run. For more information on download settings
|
them on the next provisioning run. For more information on download settings
|
||||||
see [download documentation](/docs/downloads.md).
|
see [download documentation](/docs/advanced/downloads.md).
|
||||||
|
|
||||||
## Example use of Vagrant
|
## Example use of Vagrant
|
||||||
|
|
|
@ -24,8 +24,8 @@ There are requirements for the version of Kubernetes, please see [Compatibility
|
||||||
|
|
||||||
| Scheduler Plugins | Compiled With K8s Version |
|
| Scheduler Plugins | Compiled With K8s Version |
|
||||||
| ----------------- | ------------------------- |
|
| ----------------- | ------------------------- |
|
||||||
|
| v0.28.9 | v1.28.9 |
|
||||||
| v0.27.8 | v1.27.8 |
|
| v0.27.8 | v1.27.8 |
|
||||||
| v0.26.8 | v1.26.7 |
|
|
||||||
|
|
||||||
## Turning it on
|
## Turning it on
|
||||||
|
|
|
@ -36,7 +36,7 @@ ansible-playbook -i inventory/mycluster/hosts.yml cluster.yml -b -v \
|
||||||
--private-key=~/.ssh/private_key
|
--private-key=~/.ssh/private_key
|
||||||
```
|
```
|
||||||
|
|
||||||
See more details in the [ansible guide](/docs/ansible.md).
|
See more details in the [ansible guide](/docs/ansible/ansible.md).
|
||||||
|
|
||||||
### Adding nodes
|
### Adding nodes
|
||||||
|
|
||||||
|
@ -81,7 +81,7 @@ kube-apiserver via port 8080. A kubeconfig file is not necessary in this case,
|
||||||
because kubectl will use <http://localhost:8080> to connect. The kubeconfig files
|
because kubectl will use <http://localhost:8080> to connect. The kubeconfig files
|
||||||
generated will point to localhost (on kube_control_planes) and kube_node hosts will
|
generated will point to localhost (on kube_control_planes) and kube_node hosts will
|
||||||
connect either to a localhost nginx proxy or to a loadbalancer if configured.
|
connect either to a localhost nginx proxy or to a loadbalancer if configured.
|
||||||
More details on this process are in the [HA guide](/docs/ha-mode.md).
|
More details on this process are in the [HA guide](/docs/operations/ha-mode.md).
|
||||||
|
|
||||||
Kubespray permits connecting to the cluster remotely on any IP of any
|
Kubespray permits connecting to the cluster remotely on any IP of any
|
||||||
kube_control_plane host on port 6443 by default. However, this requires
|
kube_control_plane host on port 6443 by default. However, this requires
|
||||||
|
@ -140,5 +140,5 @@ If desired, copy admin.conf to ~/.kube/config.
|
||||||
|
|
||||||
## Setting up your first cluster
|
## Setting up your first cluster
|
||||||
|
|
||||||
[Setting up your first cluster](/docs/setting-up-your-first-cluster.md) is an
|
[Setting up your first cluster](/docs/getting_started/setting-up-your-first-cluster.md) is an
|
||||||
applied step-by-step guide for setting up your first cluster with Kubespray.
|
applied step-by-step guide for setting up your first cluster with Kubespray.
|
|
@ -35,7 +35,7 @@ kubectl create clusterrolebinding cluster-admin-binding \
|
||||||
The following **Mandatory Command** is required for all deployments except for AWS. See below for the AWS version.
|
The following **Mandatory Command** is required for all deployments except for AWS. See below for the AWS version.
|
||||||
|
|
||||||
```console
|
```console
|
||||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.9.6/deploy/static/provider/cloud/deploy.yaml
|
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
### Provider Specific Steps
|
### Provider Specific Steps
|
|
@ -9,7 +9,7 @@ For a large scaled deployments, consider the following configuration changes:
|
||||||
* Override containers' `foo_image_repo` vars to point to intranet registry.
|
* Override containers' `foo_image_repo` vars to point to intranet registry.
|
||||||
|
|
||||||
* Override the ``download_run_once: true`` and/or ``download_localhost: true``.
|
* Override the ``download_run_once: true`` and/or ``download_localhost: true``.
|
||||||
See [Downloading binaries and containers](/docs/downloads.md) for details.
|
See [Downloading binaries and containers](/docs/advanced/downloads.md) for details.
|
||||||
|
|
||||||
* Adjust the `retry_stagger` global var as appropriate. It should provide sane
|
* Adjust the `retry_stagger` global var as appropriate. It should provide sane
|
||||||
load on a delegate (the first K8s control plane node) then retrying failed
|
load on a delegate (the first K8s control plane node) then retrying failed
|
||||||
|
@ -32,7 +32,7 @@ For a large scaled deployments, consider the following configuration changes:
|
||||||
``kube_controller_node_monitor_period``,
|
``kube_controller_node_monitor_period``,
|
||||||
``kube_apiserver_pod_eviction_not_ready_timeout_seconds`` &
|
``kube_apiserver_pod_eviction_not_ready_timeout_seconds`` &
|
||||||
``kube_apiserver_pod_eviction_unreachable_timeout_seconds`` for better Kubernetes reliability.
|
``kube_apiserver_pod_eviction_unreachable_timeout_seconds`` for better Kubernetes reliability.
|
||||||
Check out [Kubernetes Reliability](/docs/kubernetes-reliability.md)
|
Check out [Kubernetes Reliability](/docs/advanced/kubernetes-reliability.md)
|
||||||
|
|
||||||
* Tune network prefix sizes. Those are ``kube_network_node_prefix``,
|
* Tune network prefix sizes. Those are ``kube_network_node_prefix``,
|
||||||
``kube_service_addresses`` and ``kube_pods_subnet``.
|
``kube_service_addresses`` and ``kube_pods_subnet``.
|
||||||
|
@ -41,7 +41,7 @@ For a large scaled deployments, consider the following configuration changes:
|
||||||
from host/network interruption much quicker with calico_rr.
|
from host/network interruption much quicker with calico_rr.
|
||||||
|
|
||||||
* Check out the
|
* Check out the
|
||||||
[Inventory](/docs/getting-started.md#building-your-own-inventory)
|
[Inventory](/docs/getting_started/getting-started.md#building-your-own-inventory)
|
||||||
section of the Getting started guide for tips on creating a large scale
|
section of the Getting started guide for tips on creating a large scale
|
||||||
Ansible inventory.
|
Ansible inventory.
|
||||||
|
|
|
@ -8,6 +8,7 @@ Examples of what broken means in this context:
|
||||||
* One or more bare metal node(s) suffer from unrecoverable hardware failure
|
* One or more bare metal node(s) suffer from unrecoverable hardware failure
|
||||||
* One or more node(s) fail during patching or upgrading
|
* One or more node(s) fail during patching or upgrading
|
||||||
* Etcd database corruption
|
* Etcd database corruption
|
||||||
|
|
||||||
* Other node related failures leaving your control plane degraded or nonfunctional
|
* Other node related failures leaving your control plane degraded or nonfunctional
|
||||||
|
|
||||||
__Note that you need at least one functional node to be able to recover using this method.__
|
__Note that you need at least one functional node to be able to recover using this method.__
|
||||||
|
@ -16,8 +17,8 @@ __Note that you need at least one functional node to be able to recover using th
|
||||||
|
|
||||||
* Backup what you can
|
* Backup what you can
|
||||||
* Provision new nodes to replace the broken ones
|
* Provision new nodes to replace the broken ones
|
||||||
* Move any broken etcd nodes into the "broken\_etcd" group, make sure the "etcd\_member\_name" variable is set.
|
* Copy any broken etcd nodes into the "broken\_etcd" group, make sure the "etcd\_member\_name" variable is set.
|
||||||
* Move any broken control plane nodes into the "broken\_kube\_control\_plane" group.
|
* Copy any broken control plane nodes into the "broken\_kube\_control\_plane" group.
|
||||||
* Place the surviving nodes of the control plane first in the "etcd" and "kube\_control\_plane" groups
|
* Place the surviving nodes of the control plane first in the "etcd" and "kube\_control\_plane" groups
|
||||||
* Add the new nodes below the surviving control plane nodes in the "etcd" and "kube\_control\_plane" groups
|
* Add the new nodes below the surviving control plane nodes in the "etcd" and "kube\_control\_plane" groups
|
||||||
|
|
|
@ -14,4 +14,4 @@
|
||||||
|
|
||||||
## The repo and tag of the external Huawei Cloud Controller image
|
## The repo and tag of the external Huawei Cloud Controller image
|
||||||
# external_huawei_cloud_controller_image_repo: "swr.ap-southeast-1.myhuaweicloud.com"
|
# external_huawei_cloud_controller_image_repo: "swr.ap-southeast-1.myhuaweicloud.com"
|
||||||
# external_huawei_cloud_controller_image_tag: "v0.26.6"
|
# external_huawei_cloud_controller_image_tag: "v0.26.8"
|
||||||
|
|
|
@ -26,10 +26,10 @@
|
||||||
## Two options - Override entire repository or override only a single binary.
|
## Two options - Override entire repository or override only a single binary.
|
||||||
|
|
||||||
## [Optional] 1 - Override entire binary repository
|
## [Optional] 1 - Override entire binary repository
|
||||||
# github_url = "https://my_github_proxy"
|
# github_url: "https://my_github_proxy"
|
||||||
# dl_k8s_io_url = "https://my_dl_k8s_io_proxy"
|
# dl_k8s_io_url: "https://my_dl_k8s_io_proxy"
|
||||||
# storage_googleapis_url = "https://my_storage_googleapi_proxy"
|
# storage_googleapis_url: "https://my_storage_googleapi_proxy"
|
||||||
# get_helm_url = "https://my_helm_sh_proxy"
|
# get_helm_url: "https://my_helm_sh_proxy"
|
||||||
|
|
||||||
## [Optional] 2 - Override a specific binary
|
## [Optional] 2 - Override a specific binary
|
||||||
## CNI Plugins
|
## CNI Plugins
|
||||||
|
|
|
@ -25,9 +25,9 @@
|
||||||
# external_openstack_lbaas_network_id: "Neutron network ID to create LBaaS VIP"
|
# external_openstack_lbaas_network_id: "Neutron network ID to create LBaaS VIP"
|
||||||
# external_openstack_lbaas_manage_security_groups: false
|
# external_openstack_lbaas_manage_security_groups: false
|
||||||
# external_openstack_lbaas_create_monitor: false
|
# external_openstack_lbaas_create_monitor: false
|
||||||
# external_openstack_lbaas_monitor_delay: 5
|
# external_openstack_lbaas_monitor_delay: 5s
|
||||||
# external_openstack_lbaas_monitor_max_retries: 1
|
# external_openstack_lbaas_monitor_max_retries: 1
|
||||||
# external_openstack_lbaas_monitor_timeout: 3
|
# external_openstack_lbaas_monitor_timeout: 3s
|
||||||
# external_openstack_lbaas_internal_lb: false
|
# external_openstack_lbaas_internal_lb: false
|
||||||
# external_openstack_network_ipv6_disabled: false
|
# external_openstack_network_ipv6_disabled: false
|
||||||
# external_openstack_network_internal_networks: []
|
# external_openstack_network_internal_networks: []
|
||||||
|
@ -42,7 +42,7 @@
|
||||||
# external_openstack_application_credential_secret:
|
# external_openstack_application_credential_secret:
|
||||||
|
|
||||||
## The tag of the external OpenStack Cloud Controller image
|
## The tag of the external OpenStack Cloud Controller image
|
||||||
# external_openstack_cloud_controller_image_tag: "latest"
|
# external_openstack_cloud_controller_image_tag: "v1.28.2"
|
||||||
|
|
||||||
## Tags for the Cinder CSI images
|
## Tags for the Cinder CSI images
|
||||||
## registry.k8s.io/sig-storage/csi-attacher
|
## registry.k8s.io/sig-storage/csi-attacher
|
||||||
|
|
|
@ -28,7 +28,7 @@ local_path_provisioner_enabled: false
|
||||||
# local_path_provisioner_reclaim_policy: Delete
|
# local_path_provisioner_reclaim_policy: Delete
|
||||||
# local_path_provisioner_claim_root: /opt/local-path-provisioner/
|
# local_path_provisioner_claim_root: /opt/local-path-provisioner/
|
||||||
# local_path_provisioner_debug: false
|
# local_path_provisioner_debug: false
|
||||||
# local_path_provisioner_image_repo: "rancher/local-path-provisioner"
|
# local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner"
|
||||||
# local_path_provisioner_image_tag: "v0.0.24"
|
# local_path_provisioner_image_tag: "v0.0.24"
|
||||||
# local_path_provisioner_helper_image_repo: "busybox"
|
# local_path_provisioner_helper_image_repo: "busybox"
|
||||||
# local_path_provisioner_helper_image_tag: "latest"
|
# local_path_provisioner_helper_image_tag: "latest"
|
||||||
|
@ -171,6 +171,7 @@ cert_manager_enabled: false
|
||||||
# MetalLB deployment
|
# MetalLB deployment
|
||||||
metallb_enabled: false
|
metallb_enabled: false
|
||||||
metallb_speaker_enabled: "{{ metallb_enabled }}"
|
metallb_speaker_enabled: "{{ metallb_enabled }}"
|
||||||
|
metallb_namespace: "metallb-system"
|
||||||
# metallb_version: v0.13.9
|
# metallb_version: v0.13.9
|
||||||
# metallb_protocol: "layer2"
|
# metallb_protocol: "layer2"
|
||||||
# metallb_port: "7472"
|
# metallb_port: "7472"
|
||||||
|
@ -233,7 +234,7 @@ metallb_speaker_enabled: "{{ metallb_enabled }}"
|
||||||
# - pool2
|
# - pool2
|
||||||
|
|
||||||
argocd_enabled: false
|
argocd_enabled: false
|
||||||
# argocd_version: v2.8.4
|
# argocd_version: v2.11.0
|
||||||
# argocd_namespace: argocd
|
# argocd_namespace: argocd
|
||||||
# Default password:
|
# Default password:
|
||||||
# - https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli
|
# - https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli
|
||||||
|
|
|
@ -17,7 +17,7 @@ kube_token_dir: "{{ kube_config_dir }}/tokens"
|
||||||
kube_api_anonymous_auth: true
|
kube_api_anonymous_auth: true
|
||||||
|
|
||||||
## Change this to use another Kubernetes version, e.g. a current beta release
|
## Change this to use another Kubernetes version, e.g. a current beta release
|
||||||
kube_version: v1.29.3
|
kube_version: v1.29.5
|
||||||
|
|
||||||
# Where the binaries will be downloaded.
|
# Where the binaries will be downloaded.
|
||||||
# Note: ensure that you've enough disk space (about 1G)
|
# Note: ensure that you've enough disk space (about 1G)
|
||||||
|
|
|
@ -19,7 +19,7 @@ calico_cni_name: k8s-pod-network
|
||||||
# add default ippool name
|
# add default ippool name
|
||||||
# calico_pool_name: "default-pool"
|
# calico_pool_name: "default-pool"
|
||||||
|
|
||||||
# add default ippool blockSize (defaults kube_network_node_prefix)
|
# add default ippool blockSize
|
||||||
calico_pool_blocksize: 26
|
calico_pool_blocksize: 26
|
||||||
|
|
||||||
# add default ippool CIDR (must be inside kube_pods_subnet, defaults to kube_pods_subnet otherwise)
|
# add default ippool CIDR (must be inside kube_pods_subnet, defaults to kube_pods_subnet otherwise)
|
||||||
|
|
|
@ -1,9 +1,10 @@
|
||||||
ansible==9.3.0
|
ansible==9.5.1
|
||||||
cryptography==41.0.4
|
cryptography==42.0.7
|
||||||
jinja2==3.1.3
|
jinja2==3.1.4
|
||||||
jmespath==1.0.1
|
jmespath==1.0.1
|
||||||
MarkupSafe==2.1.3
|
MarkupSafe==2.1.5
|
||||||
netaddr==1.2.1
|
netaddr==1.2.1
|
||||||
pbr==5.11.1
|
pbr==6.0.0
|
||||||
ruamel.yaml==0.18.5
|
ruamel.yaml==0.18.6
|
||||||
ruamel.yaml.clib==0.2.8
|
ruamel.yaml.clib==0.2.8
|
||||||
|
jsonschema==4.22.0
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
---
|
---
|
||||||
|
- name: Enable selinux-ng repo for Amazon Linux for container-selinux
|
||||||
|
command: amazon-linux-extras enable selinux-ng
|
||||||
|
|
||||||
- name: Enable EPEL repo for Amazon Linux
|
- name: Enable EPEL repo for Amazon Linux
|
||||||
yum_repository:
|
yum_repository:
|
||||||
name: epel
|
name: epel
|
|
@ -24,10 +24,12 @@
|
||||||
- vars/
|
- vars/
|
||||||
skip: True
|
skip: True
|
||||||
- name: Include tasks
|
- name: Include tasks
|
||||||
include_tasks: "{{ item }}"
|
include_tasks: "{{ included_tasks_file }}"
|
||||||
with_first_found:
|
with_first_found:
|
||||||
- <<: *search
|
- <<: *search
|
||||||
paths: []
|
paths: []
|
||||||
|
loop_control:
|
||||||
|
loop_var: included_tasks_file
|
||||||
|
|
||||||
|
|
||||||
- name: Create remote_tmp for it is used by another module
|
- name: Create remote_tmp for it is used by another module
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
centos.yml
|
|
@ -3,6 +3,10 @@ root = "{{ containerd_storage_dir }}"
|
||||||
state = "{{ containerd_state_dir }}"
|
state = "{{ containerd_state_dir }}"
|
||||||
oom_score = {{ containerd_oom_score }}
|
oom_score = {{ containerd_oom_score }}
|
||||||
|
|
||||||
|
{% if containerd_extra_args is defined %}
|
||||||
|
{{ containerd_extra_args }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
[grpc]
|
[grpc]
|
||||||
max_recv_message_size = {{ containerd_grpc_max_recv_message_size }}
|
max_recv_message_size = {{ containerd_grpc_max_recv_message_size }}
|
||||||
max_send_message_size = {{ containerd_grpc_max_send_message_size }}
|
max_send_message_size = {{ containerd_grpc_max_send_message_size }}
|
||||||
|
@ -104,6 +108,3 @@ oom_score = {{ containerd_oom_score }}
|
||||||
service_name = "{{ containerd_tracing_service_name }}"
|
service_name = "{{ containerd_tracing_service_name }}"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if containerd_extra_args is defined %}
|
|
||||||
{{ containerd_extra_args }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
|
@ -169,7 +169,7 @@
|
||||||
- name: Cri-o | write registries configs
|
- name: Cri-o | write registries configs
|
||||||
template:
|
template:
|
||||||
src: registry.conf.j2
|
src: registry.conf.j2
|
||||||
dest: "/etc/containers/registries.conf.d/10-{{ item.prefix | default(item.location) | regex_replace(':', '_') }}.conf"
|
dest: "/etc/containers/registries.conf.d/10-{{ item.prefix | default(item.location) | regex_replace(':|/', '_') }}.conf"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
loop: "{{ crio_registries }}"
|
loop: "{{ crio_registries }}"
|
||||||
notify: Restart crio
|
notify: Restart crio
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue