diff --git a/.ansible-lint b/.ansible-lint index 18b85228d..75ae44c14 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -36,3 +36,4 @@ exclude_paths: # Generated files - tests/files/custom_cni/cilium.yaml - venv + - .github diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..56c03a193 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "daily" + labels: [ "dependencies" ] diff --git a/.gitlab-ci/packet.yml b/.gitlab-ci/packet.yml index de61a1f60..5b23eb9b8 100644 --- a/.gitlab-ci/packet.yml +++ b/.gitlab-ci/packet.yml @@ -174,6 +174,11 @@ packet_almalinux8-docker: extends: .packet_pr when: on_success +packet_amazon-linux-2-all-in-one: + stage: deploy-part2 + extends: .packet_pr + when: on_success + packet_fedora38-docker-weave: stage: deploy-part2 extends: .packet_pr @@ -240,11 +245,6 @@ packet_fedora37-calico-swap-selinux: extends: .packet_pr when: manual -packet_amazon-linux-2-all-in-one: - stage: deploy-part2 - extends: .packet_pr - when: manual - packet_almalinux8-calico-nodelocaldns-secondary: stage: deploy-part2 extends: .packet_pr diff --git a/.yamllint b/.yamllint index 8a6245d1b..aa14324a9 100644 --- a/.yamllint +++ b/.yamllint @@ -3,6 +3,7 @@ extends: default ignore: | .git/ + .github/ # Generated file tests/files/custom_cni/cilium.yaml diff --git a/README.md b/README.md index 0d1b454e7..5e1010fe7 100644 --- a/README.md +++ b/README.md @@ -160,15 +160,15 @@ Note: Upstart/SysV init based OS types are not supported. ## Supported Components - Core - - [kubernetes](https://github.com/kubernetes/kubernetes) v1.29.2 - - [etcd](https://github.com/etcd-io/etcd) v3.5.10 + - [kubernetes](https://github.com/kubernetes/kubernetes) v1.29.4 + - [etcd](https://github.com/etcd-io/etcd) v3.5.12 - [docker](https://www.docker.com/) v24.0 (see [Note](#container-runtime-notes)) - - [containerd](https://containerd.io/) v1.7.13 + - [containerd](https://containerd.io/) v1.7.16 - [cri-o](http://cri-o.io/) v1.29.1 (experimental: see [CRI-O Note](docs/cri-o.md). Only on fedora, ubuntu and centos based OS) - Network Plugin - [cni-plugins](https://github.com/containernetworking/plugins) v1.2.0 - - [calico](https://github.com/projectcalico/calico) v3.27.2 - - [cilium](https://github.com/cilium/cilium) v1.13.4 + - [calico](https://github.com/projectcalico/calico) v3.27.3 + - [cilium](https://github.com/cilium/cilium) v1.15.4 - [flannel](https://github.com/flannel-io/flannel) v0.22.0 - [kube-ovn](https://github.com/alauda/kube-ovn) v1.11.5 - [kube-router](https://github.com/cloudnativelabs/kube-router) v2.0.0 diff --git a/Vagrantfile b/Vagrantfile index 9ad139975..3c2926690 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -27,7 +27,8 @@ SUPPORTED_OS = { "centos8-bento" => {box: "bento/centos-8", user: "vagrant"}, "almalinux8" => {box: "almalinux/8", user: "vagrant"}, "almalinux8-bento" => {box: "bento/almalinux-8", user: "vagrant"}, - "rockylinux8" => {box: "generic/rocky8", user: "vagrant"}, + "rockylinux8" => {box: "rockylinux/8", user: "vagrant"}, + "rockylinux9" => {box: "rockylinux/9", user: "vagrant"}, "fedora37" => {box: "fedora/37-cloud-base", user: "vagrant"}, "fedora38" => {box: "fedora/38-cloud-base", user: "vagrant"}, "opensuse" => {box: "opensuse/Leap-15.4.x86_64", user: "vagrant"}, @@ -185,6 +186,14 @@ Vagrant.configure("2") do |config| lv.storage :file, :device => "hd#{driverletters[d]}", :path => "disk-#{i}-#{d}-#{DISK_UUID}.disk", :size => $kube_node_instances_with_disks_size, :bus => "scsi" end end + node.vm.provider :virtualbox do |vb| + # always make /dev/sd{a/b/c} so that CI can ensure that + # virtualbox and libvirt will have the same devices to use for OSDs + (1..$kube_node_instances_with_disks_number).each do |d| + vb.customize ['createhd', '--filename', "disk-#{i}-#{driverletters[d]}-#{DISK_UUID}.disk", '--size', $kube_node_instances_with_disks_size] # 10GB disk + vb.customize ['storageattach', :id, '--storagectl', 'SATA Controller', '--port', d, '--device', 0, '--type', 'hdd', '--medium', "disk-#{i}-#{driverletters[d]}-#{DISK_UUID}.disk", '--nonrotational', 'on', '--mtype', 'normal'] + end + end end if $expose_docker_tcp diff --git a/docs/cilium.md b/docs/cilium.md index a773dbc90..afc808c64 100644 --- a/docs/cilium.md +++ b/docs/cilium.md @@ -99,7 +99,7 @@ cilium_operator_extra_volume_mounts: ## Choose Cilium version ```yml -cilium_version: v1.12.1 +cilium_version: v1.15.4 ``` ## Add variable to config diff --git a/docs/containerd.md b/docs/containerd.md index c9d18051a..9fd03bf25 100644 --- a/docs/containerd.md +++ b/docs/containerd.md @@ -35,13 +35,20 @@ containerd_registries_mirrors: skip_verify: false ``` -`containerd_registries_mirrors` is ignored for pulling images when `image_command_tool=nerdctl` -(the default for `container_manager=containerd`). Use `crictl` instead, it supports -`containerd_registries_mirrors` but lacks proper multi-arch support (see -[#8375](https://github.com/kubernetes-sigs/kubespray/issues/8375)): +containerd falls back to `https://{{ prefix }}` when none of the mirrors have the image. +This can be changed with the [`server` field](https://github.com/containerd/containerd/blob/main/docs/hosts.md#server-field): ```yaml -image_command_tool: crictl +containerd_registries_mirrors: + - prefix: docker.io + mirrors: + - host: https://mirror.gcr.io + capabilities: ["pull", "resolve"] + skip_verify: false + - host: https://registry-1.docker.io + capabilities: ["pull", "resolve"] + skip_verify: false + server: https://mirror.example.org ``` The `containerd_registries` and `containerd_insecure_registries` configs are deprecated. diff --git a/docs/hardening.md b/docs/hardening.md index 8623bdc30..2cf54850b 100644 --- a/docs/hardening.md +++ b/docs/hardening.md @@ -71,6 +71,8 @@ kube_apiserver_admission_event_rate_limits: qps: 50 burst: 100 kube_profiling: false +# Remove anonymous access to cluster +remove_anonymous_access: true ## kube-controller-manager kube_controller_manager_bind_address: 127.0.0.1 @@ -105,7 +107,7 @@ kubelet_systemd_hardening: true # IP addresses, kubelet_secure_addresses allows you # to specify the IP from which the kubelet # will receive the packets. -kubelet_secure_addresses: "192.168.10.110 192.168.10.111 192.168.10.112" +kubelet_secure_addresses: "localhost link-local {{ kube_pods_subnet }} 192.168.10.110 192.168.10.111 192.168.10.112" # additional configurations kube_owner: root diff --git a/docs/kube-vip.md b/docs/kube-vip.md index d5878ab6a..4ac3fbcfd 100644 --- a/docs/kube-vip.md +++ b/docs/kube-vip.md @@ -76,3 +76,11 @@ In addition, [load-balancing method](https://kube-vip.io/docs/installation/flags ```yaml kube_vip_lb_fwdmethod: masquerade ``` + +If you want to adjust the parameters of [kube-vip LeaderElection](https://kube-vip.io/docs/installation/flags/#environment-variables): + +```yaml +kube_vip_leaseduration: 30 +kube_vip_renewdeadline: 20 +kube_vip_retryperiod: 4 +``` diff --git a/docs/vars.md b/docs/vars.md index 1c36e6734..0e83b1831 100644 --- a/docs/vars.md +++ b/docs/vars.md @@ -281,6 +281,11 @@ node_taints: * `audit_webhook_batch_max_wait`: 1s * *kubectl_alias* - Bash alias of kubectl to interact with Kubernetes cluster much easier. +* *remove_anonymous_access* - When set to `true`, removes the `kubeadm:bootstrap-signer-clusterinfo` rolebinding created by kubeadm. + By default, kubeadm creates a rolebinding in the `kube-public` namespace which grants permissions to anonymous users. This rolebinding allows kubeadm to discover and validate cluster information during the join phase. + In a nutshell, this option removes the rolebinding after the init phase of the first control plane node and then configures kubeadm to use file discovery for the join phase of other nodes. + This option does not remove the anonymous authentication feature of the API server. + ### Custom flags for Kube Components For all kube components, custom flags can be passed in. This allows for edge cases where users need changes to the default deployment that may not be applicable to all deployments. diff --git a/inventory/sample/group_vars/all/huaweicloud.yml b/inventory/sample/group_vars/all/huaweicloud.yml index b85e7c2ac..c5879d7f9 100644 --- a/inventory/sample/group_vars/all/huaweicloud.yml +++ b/inventory/sample/group_vars/all/huaweicloud.yml @@ -14,4 +14,4 @@ ## The repo and tag of the external Huawei Cloud Controller image # external_huawei_cloud_controller_image_repo: "swr.ap-southeast-1.myhuaweicloud.com" -# external_huawei_cloud_controller_image_tag: "v0.26.6" +# external_huawei_cloud_controller_image_tag: "v0.26.8" diff --git a/inventory/sample/group_vars/all/offline.yml b/inventory/sample/group_vars/all/offline.yml index 7fba57e0d..56d43375a 100644 --- a/inventory/sample/group_vars/all/offline.yml +++ b/inventory/sample/group_vars/all/offline.yml @@ -22,6 +22,16 @@ # kubectl_download_url: "{{ files_repo }}/dl.k8s.io/release/{{ kube_version }}/bin/linux/{{ image_arch }}/kubectl" # kubelet_download_url: "{{ files_repo }}/dl.k8s.io/release/{{ kube_version }}/bin/linux/{{ image_arch }}/kubelet" + +## Two options - Override entire repository or override only a single binary. + +## [Optional] 1 - Override entire binary repository +# github_url: "https://my_github_proxy" +# dl_k8s_io_url: "https://my_dl_k8s_io_proxy" +# storage_googleapis_url: "https://my_storage_googleapi_proxy" +# get_helm_url: "https://my_helm_sh_proxy" + +## [Optional] 2 - Override a specific binary ## CNI Plugins # cni_download_url: "{{ files_repo }}/github.com/containernetworking/plugins/releases/download/{{ cni_version }}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz" diff --git a/inventory/sample/group_vars/all/openstack.yml b/inventory/sample/group_vars/all/openstack.yml index 6cc13998c..20c8e9940 100644 --- a/inventory/sample/group_vars/all/openstack.yml +++ b/inventory/sample/group_vars/all/openstack.yml @@ -25,9 +25,9 @@ # external_openstack_lbaas_network_id: "Neutron network ID to create LBaaS VIP" # external_openstack_lbaas_manage_security_groups: false # external_openstack_lbaas_create_monitor: false -# external_openstack_lbaas_monitor_delay: 5 +# external_openstack_lbaas_monitor_delay: 5s # external_openstack_lbaas_monitor_max_retries: 1 -# external_openstack_lbaas_monitor_timeout: 3 +# external_openstack_lbaas_monitor_timeout: 3s # external_openstack_lbaas_internal_lb: false # external_openstack_network_ipv6_disabled: false # external_openstack_network_internal_networks: [] @@ -42,7 +42,7 @@ # external_openstack_application_credential_secret: ## The tag of the external OpenStack Cloud Controller image -# external_openstack_cloud_controller_image_tag: "latest" +# external_openstack_cloud_controller_image_tag: "v1.28.2" ## Tags for the Cinder CSI images ## registry.k8s.io/sig-storage/csi-attacher diff --git a/inventory/sample/group_vars/k8s_cluster/addons.yml b/inventory/sample/group_vars/k8s_cluster/addons.yml index bf0588dda..955cc69ca 100644 --- a/inventory/sample/group_vars/k8s_cluster/addons.yml +++ b/inventory/sample/group_vars/k8s_cluster/addons.yml @@ -171,6 +171,7 @@ cert_manager_enabled: false # MetalLB deployment metallb_enabled: false metallb_speaker_enabled: "{{ metallb_enabled }}" +metallb_namespace: "metallb-system" # metallb_version: v0.13.9 # metallb_protocol: "layer2" # metallb_port: "7472" diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml index 68f4d0ee6..6e67e21d2 100644 --- a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml +++ b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml @@ -17,7 +17,7 @@ kube_token_dir: "{{ kube_config_dir }}/tokens" kube_api_anonymous_auth: true ## Change this to use another Kubernetes version, e.g. a current beta release -kube_version: v1.29.2 +kube_version: v1.29.4 # Where the binaries will be downloaded. # Note: ensure that you've enough disk space (about 1G) @@ -371,3 +371,6 @@ kubeadm_patches: enabled: false source_dir: "{{ inventory_dir }}/patches" dest_dir: "{{ kube_config_dir }}/patches" + +# Set to true to remove the role binding to anonymous users created by kubeadm +remove_anonymous_access: false diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml b/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml index 3ba1acb65..e21a08a57 100644 --- a/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml +++ b/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml @@ -19,7 +19,7 @@ calico_cni_name: k8s-pod-network # add default ippool name # calico_pool_name: "default-pool" -# add default ippool blockSize (defaults kube_network_node_prefix) +# add default ippool blockSize calico_pool_blocksize: 26 # add default ippool CIDR (must be inside kube_pods_subnet, defaults to kube_pods_subnet otherwise) diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml b/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml index 453a0b1c3..f7eaeac9f 100644 --- a/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml +++ b/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml @@ -1,5 +1,5 @@ --- -# cilium_version: "v1.12.1" +# cilium_version: "v1.15.4" # Log-level # cilium_debug: false @@ -8,6 +8,9 @@ # cilium_enable_ipv4: true # cilium_enable_ipv6: false +# Enable l2 announcement from cilium to replace Metallb Ref: https://docs.cilium.io/en/v1.14/network/l2-announcements/ +cilium_l2announcements: false + # Cilium agent health port # cilium_agent_health_port: "9879" @@ -40,6 +43,10 @@ # Overlay Network Mode # cilium_tunnel_mode: vxlan + +# LoadBalancer Mode (snat/dsr/hybrid) Ref: https://docs.cilium.io/en/stable/network/kubernetes/kubeproxy-free/#dsr-mode +# cilium_loadbalancer_mode: snat + # Optional features # cilium_enable_prometheus: false # Enable if you want to make use of hostPort mappings diff --git a/requirements.txt b/requirements.txt index c9f52ae88..1608e0a6b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,9 +1,10 @@ -ansible==9.3.0 +ansible==9.5.1 cryptography==41.0.4 -jinja2==3.1.2 +jinja2==3.1.4 jmespath==1.0.1 MarkupSafe==2.1.3 -netaddr==0.9.0 +netaddr==1.2.1 pbr==5.11.1 -ruamel.yaml==0.18.5 +ruamel.yaml==0.18.6 ruamel.yaml.clib==0.2.8 +jsonschema==4.22.0 diff --git a/roles/bootstrap-os/tasks/bootstrap-amazon.yml b/roles/bootstrap-os/tasks/amzn.yml similarity index 100% rename from roles/bootstrap-os/tasks/bootstrap-amazon.yml rename to roles/bootstrap-os/tasks/amzn.yml diff --git a/roles/bootstrap-os/tasks/bootstrap-coreos.yml b/roles/bootstrap-os/tasks/bootstrap-coreos.yml deleted file mode 100644 index 737a7ec94..000000000 --- a/roles/bootstrap-os/tasks/bootstrap-coreos.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# CoreOS ships without Python installed - -- name: Check if bootstrap is needed - raw: stat /opt/bin/.bootstrapped - register: need_bootstrap - failed_when: false - changed_when: false - tags: - - facts - -- name: Force binaries directory for Container Linux by CoreOS and Flatcar - set_fact: - bin_dir: "/opt/bin" - tags: - - facts - -- name: Run bootstrap.sh - script: bootstrap.sh - become: true - environment: "{{ proxy_env }}" - when: - - need_bootstrap.rc != 0 - -- name: Set the ansible_python_interpreter fact - set_fact: - ansible_python_interpreter: "{{ bin_dir }}/python" - tags: - - facts - -- name: Disable auto-upgrade - systemd: - name: locksmithd.service - masked: true - state: stopped - when: - - coreos_locksmithd_disable diff --git a/roles/bootstrap-os/tasks/bootstrap-centos.yml b/roles/bootstrap-os/tasks/centos.yml similarity index 100% rename from roles/bootstrap-os/tasks/bootstrap-centos.yml rename to roles/bootstrap-os/tasks/centos.yml diff --git a/roles/bootstrap-os/tasks/bootstrap-clearlinux.yml b/roles/bootstrap-os/tasks/clearlinux.yml similarity index 100% rename from roles/bootstrap-os/tasks/bootstrap-clearlinux.yml rename to roles/bootstrap-os/tasks/clearlinux.yml diff --git a/roles/bootstrap-os/tasks/bootstrap-debian.yml b/roles/bootstrap-os/tasks/debian.yml similarity index 80% rename from roles/bootstrap-os/tasks/bootstrap-debian.yml rename to roles/bootstrap-os/tasks/debian.yml index 47bad2047..9b18baa06 100644 --- a/roles/bootstrap-os/tasks/bootstrap-debian.yml +++ b/roles/bootstrap-os/tasks/debian.yml @@ -55,22 +55,10 @@ raw: apt-get update --allow-releaseinfo-change become: true when: - - '''ID=debian'' in os_release.stdout_lines' - - '''VERSION_ID="10"'' in os_release.stdout_lines or ''VERSION_ID="11"'' in os_release.stdout_lines' + - os_release_dict['ID'] == 'debian' + - os_release_dict['VERSION_ID'] in ["10", "11"] register: bootstrap_update_apt_result changed_when: - '"changed its" in bootstrap_update_apt_result.stdout' - '"value from" in bootstrap_update_apt_result.stdout' ignore_errors: true - -- name: Set the ansible_python_interpreter fact - set_fact: - ansible_python_interpreter: "/usr/bin/python3" - -# Workaround for https://github.com/ansible/ansible/issues/25543 -- name: Install dbus for the hostname module - package: - name: dbus - state: present - use: apt - become: true diff --git a/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml b/roles/bootstrap-os/tasks/fedora-coreos.yml similarity index 90% rename from roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml rename to roles/bootstrap-os/tasks/fedora-coreos.yml index 91dc020c4..b8c0f3fe7 100644 --- a/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml +++ b/roles/bootstrap-os/tasks/fedora-coreos.yml @@ -38,9 +38,3 @@ delay: 5 sleep: 5 when: need_bootstrap.rc != 0 - -- name: Store the fact if this is an fedora core os host - set_fact: - is_fedora_coreos: True - tags: - - facts diff --git a/roles/bootstrap-os/tasks/bootstrap-fedora.yml b/roles/bootstrap-os/tasks/fedora.yml similarity index 80% rename from roles/bootstrap-os/tasks/bootstrap-fedora.yml rename to roles/bootstrap-os/tasks/fedora.yml index 4ce77b44a..85f8ff563 100644 --- a/roles/bootstrap-os/tasks/bootstrap-fedora.yml +++ b/roles/bootstrap-os/tasks/fedora.yml @@ -21,16 +21,10 @@ become: true when: not skip_http_proxy_on_os_packages -- name: Install python3 on fedora - raw: "dnf install --assumeyes --quiet python3" +# libselinux-python3 is required on SELinux enabled hosts +# See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements +- name: Install ansible requirements + raw: "dnf install --assumeyes python3 python3-dnf libselinux-python3" become: true when: - need_bootstrap.rc != 0 - -# libselinux-python3 is required on SELinux enabled hosts -# See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements -- name: Install libselinux-python3 - package: - name: libselinux-python3 - state: present - become: true diff --git a/roles/bootstrap-os/tasks/bootstrap-flatcar.yml b/roles/bootstrap-os/tasks/flatcar.yml similarity index 54% rename from roles/bootstrap-os/tasks/bootstrap-flatcar.yml rename to roles/bootstrap-os/tasks/flatcar.yml index b0f3a9eb8..d5ecda8fa 100644 --- a/roles/bootstrap-os/tasks/bootstrap-flatcar.yml +++ b/roles/bootstrap-os/tasks/flatcar.yml @@ -9,12 +9,6 @@ tags: - facts -- name: Force binaries directory for Flatcar Container Linux by Kinvolk - set_fact: - bin_dir: "/opt/bin" - tags: - - facts - - name: Run bootstrap.sh script: bootstrap.sh become: true @@ -22,11 +16,14 @@ when: - need_bootstrap.rc != 0 -- name: Set the ansible_python_interpreter fact +# Workaround ansible https://github.com/ansible/ansible/pull/82821 +# We set the interpreter rather than ansible_python_interpreter to allow +# - using virtual env with task level ansible_python_interpreter later +# - let users specify an ansible_python_interpreter in group_vars + +- name: Make interpreter discovery works on Flatcar set_fact: - ansible_python_interpreter: "{{ bin_dir }}/python" - tags: - - facts + ansible_interpreter_python_fallback: "{{ ansible_interpreter_python_fallback + [ '/opt/bin/python' ] }}" - name: Disable auto-upgrade systemd: diff --git a/roles/bootstrap-os/tasks/main.yml b/roles/bootstrap-os/tasks/main.yml index 73c9e060f..d1e5f7371 100644 --- a/roles/bootstrap-os/tasks/main.yml +++ b/roles/bootstrap-os/tasks/main.yml @@ -6,47 +6,29 @@ # This command should always run, even in check mode check_mode: false -- name: Bootstrap CentOS - include_tasks: bootstrap-centos.yml - when: '''ID="centos"'' in os_release.stdout_lines or ''ID="ol"'' in os_release.stdout_lines or ''ID="almalinux"'' in os_release.stdout_lines or ''ID="rocky"'' in os_release.stdout_lines or ''ID="kylin"'' in os_release.stdout_lines or ''ID="uos"'' in os_release.stdout_lines or ''ID="openEuler"'' in os_release.stdout_lines' +- name: Include distro specifics vars and tasks + vars: + os_release_dict: "{{ os_release.stdout_lines | select('regex', '^.+=.*$') | map('regex_replace', '\"', '') | + map('split', '=') | community.general.dict }}" + block: + - name: Include vars + include_vars: "{{ item }}" + tags: + - facts + with_first_found: + - &search + files: + - "{{ os_release_dict['ID'] }}-{{ os_release_dict['VARIANT_ID'] }}.yml" + - "{{ os_release_dict['ID'] }}.yml" + paths: + - vars/ + skip: True + - name: Include tasks + include_tasks: "{{ item }}" + with_first_found: + - <<: *search + paths: [] -- name: Bootstrap Amazon - include_tasks: bootstrap-amazon.yml - when: '''ID="amzn"'' in os_release.stdout_lines' - -- name: Bootstrap RedHat - include_tasks: bootstrap-redhat.yml - when: '''ID="rhel"'' in os_release.stdout_lines' - -- name: Bootstrap Clear Linux - include_tasks: bootstrap-clearlinux.yml - when: '''ID=clear-linux-os'' in os_release.stdout_lines' - -# Fedora CoreOS -- name: Bootstrap Fedora CoreOS - include_tasks: bootstrap-fedora-coreos.yml - when: - - '''ID=fedora'' in os_release.stdout_lines' - - '''VARIANT_ID=coreos'' in os_release.stdout_lines' - -- name: Bootstrap Flatcar - include_tasks: bootstrap-flatcar.yml - when: '''ID=flatcar'' in os_release.stdout_lines' - -- name: Bootstrap Debian - include_tasks: bootstrap-debian.yml - when: '''ID=debian'' in os_release.stdout_lines or ''ID=ubuntu'' in os_release.stdout_lines' - -# Fedora "classic" -- name: Boostrap Fedora - include_tasks: bootstrap-fedora.yml - when: - - '''ID=fedora'' in os_release.stdout_lines' - - '''VARIANT_ID=coreos'' not in os_release.stdout_lines' - -- name: Bootstrap OpenSUSE - include_tasks: bootstrap-opensuse.yml - when: '''ID="opensuse-leap"'' in os_release.stdout_lines or ''ID="opensuse-tumbleweed"'' in os_release.stdout_lines' - name: Create remote_tmp for it is used by another module file: @@ -54,9 +36,7 @@ state: directory mode: 0700 -# Workaround for https://github.com/ansible/ansible/issues/42726 -# (1/3) -- name: Gather host facts to get ansible_os_family +- name: Gather facts setup: gather_subset: '!all' filter: ansible_* @@ -64,39 +44,12 @@ - name: Assign inventory name to unconfigured hostnames (non-CoreOS, non-Flatcar, Suse and ClearLinux, non-Fedora) hostname: name: "{{ inventory_hostname }}" - when: - - override_system_hostname - - ansible_os_family not in ['Suse', 'Flatcar', 'Flatcar Container Linux by Kinvolk', 'ClearLinux'] - - not ansible_distribution == "Fedora" - - not is_fedora_coreos - -# (2/3) -- name: Assign inventory name to unconfigured hostnames (CoreOS, Flatcar, Suse, ClearLinux and Fedora only) - command: "hostnamectl set-hostname {{ inventory_hostname }}" - register: hostname_changed - become: true - changed_when: false - when: > - override_system_hostname - and (ansible_os_family in ['Suse', 'Flatcar', 'Flatcar Container Linux by Kinvolk', 'ClearLinux'] - or is_fedora_coreos - or ansible_distribution == "Fedora") - -# (3/3) -- name: Update hostname fact (CoreOS, Flatcar, Suse, ClearLinux and Fedora only) - setup: - gather_subset: '!all' - filter: ansible_hostname - when: > - override_system_hostname - and (ansible_os_family in ['Suse', 'Flatcar', 'Flatcar Container Linux by Kinvolk', 'ClearLinux'] - or is_fedora_coreos - or ansible_distribution == "Fedora") + when: override_system_hostname - name: Install ceph-commmon package package: name: - - ceph-common + - ceph-common state: present when: rbd_provisioner_enabled | default(false) diff --git a/roles/bootstrap-os/tasks/opensuse-leap.yml b/roles/bootstrap-os/tasks/opensuse-leap.yml new file mode 120000 index 000000000..389442aed --- /dev/null +++ b/roles/bootstrap-os/tasks/opensuse-leap.yml @@ -0,0 +1 @@ +opensuse.yml \ No newline at end of file diff --git a/roles/bootstrap-os/tasks/opensuse-tumbleweed.yml b/roles/bootstrap-os/tasks/opensuse-tumbleweed.yml new file mode 120000 index 000000000..389442aed --- /dev/null +++ b/roles/bootstrap-os/tasks/opensuse-tumbleweed.yml @@ -0,0 +1 @@ +opensuse.yml \ No newline at end of file diff --git a/roles/bootstrap-os/tasks/bootstrap-opensuse.yml b/roles/bootstrap-os/tasks/opensuse.yml similarity index 100% rename from roles/bootstrap-os/tasks/bootstrap-opensuse.yml rename to roles/bootstrap-os/tasks/opensuse.yml diff --git a/roles/bootstrap-os/tasks/bootstrap-redhat.yml b/roles/bootstrap-os/tasks/redhat.yml similarity index 100% rename from roles/bootstrap-os/tasks/bootstrap-redhat.yml rename to roles/bootstrap-os/tasks/redhat.yml diff --git a/roles/bootstrap-os/tasks/ubuntu.yml b/roles/bootstrap-os/tasks/ubuntu.yml new file mode 120000 index 000000000..f1a5a89f1 --- /dev/null +++ b/roles/bootstrap-os/tasks/ubuntu.yml @@ -0,0 +1 @@ +debian.yml \ No newline at end of file diff --git a/roles/bootstrap-os/vars/fedora-coreos.yml b/roles/bootstrap-os/vars/fedora-coreos.yml new file mode 100644 index 000000000..e0bb069f9 --- /dev/null +++ b/roles/bootstrap-os/vars/fedora-coreos.yml @@ -0,0 +1,2 @@ +--- +is_fedora_coreos: True diff --git a/roles/bootstrap-os/vars/flatcar.yml b/roles/bootstrap-os/vars/flatcar.yml new file mode 100644 index 000000000..f18bec5bb --- /dev/null +++ b/roles/bootstrap-os/vars/flatcar.yml @@ -0,0 +1,2 @@ +--- +bin_dir: "/opt/bin" diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml index 9ecace92f..a6b24843c 100644 --- a/roles/container-engine/containerd/defaults/main.yml +++ b/roles/container-engine/containerd/defaults/main.yml @@ -109,3 +109,11 @@ containerd_supported_distributions: # Enable container device interface enable_cdi: false + +# For containerd tracing configuration please check out the official documentation: +# https://github.com/containerd/containerd/blob/main/docs/tracing.md +containerd_tracing_enabled: false +containerd_tracing_endpoint: "0.0.0.0:4317" +containerd_tracing_protocol: "grpc" +containerd_tracing_sampling_ratio: 1.0 +containerd_tracing_service_name: "containerd" \ No newline at end of file diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2 index 30773aacc..088a680ab 100644 --- a/roles/container-engine/containerd/templates/config.toml.j2 +++ b/roles/container-engine/containerd/templates/config.toml.j2 @@ -92,6 +92,18 @@ oom_score = {{ containerd_oom_score }} disable = false {% endif %} +{% if containerd_tracing_enabled %} + [plugins."io.containerd.tracing.processor.v1.otlp"] + endpoint = "{{ containerd_tracing_endpoint }}" + protocol = "{{ containerd_tracing_protocol }}" + {% if containerd_tracing_protocol == "grpc" %} + insecure = false + {% endif %} + [plugins."io.containerd.internal.v1.tracing"] + sampling_ratio = {{ containerd_tracing_sampling_ratio }} + service_name = "{{ containerd_tracing_service_name }}" +{% endif %} + {% if containerd_extra_args is defined %} {{ containerd_extra_args }} {% endif %} diff --git a/roles/container-engine/containerd/templates/hosts.toml.j2 b/roles/container-engine/containerd/templates/hosts.toml.j2 index ea003ed44..ef63ff17a 100644 --- a/roles/container-engine/containerd/templates/hosts.toml.j2 +++ b/roles/container-engine/containerd/templates/hosts.toml.j2 @@ -1,4 +1,4 @@ -server = "https://{{ item.prefix }}" +server = "{{ item.server | default("https://" + item.prefix) }}" {% for mirror in item.mirrors %} [host."{{ mirror.host }}"] capabilities = ["{{ ([ mirror.capabilities ] | flatten ) | join('","') }}"] diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml index 99a3ed278..61105f401 100644 --- a/roles/container-engine/cri-o/tasks/main.yaml +++ b/roles/container-engine/cri-o/tasks/main.yaml @@ -90,6 +90,20 @@ remote_src: true notify: Restart crio +- name: Cri-o | configure crio to use kube reserved cgroups + ansible.builtin.copy: + dest: /etc/systemd/system/crio.service.d/00-slice.conf + owner: root + group: root + mode: '0644' + content: | + [Service] + Slice={{ kube_reserved_cgroups_for_service_slice }} + notify: Restart crio + when: + - kube_reserved is defined and kube_reserved is true + - kube_reserved_cgroups_for_service_slice is defined + - name: Cri-o | update the bin dir for crio.service file replace: dest: /etc/systemd/system/crio.service diff --git a/roles/container-engine/docker/tasks/main.yml b/roles/container-engine/docker/tasks/main.yml index 2d5ba5e59..376ee0504 100644 --- a/roles/container-engine/docker/tasks/main.yml +++ b/roles/container-engine/docker/tasks/main.yml @@ -67,6 +67,17 @@ environment: "{{ proxy_env }}" when: ansible_pkg_mgr == 'apt' +# ref to https://github.com/kubernetes-sigs/kubespray/issues/11086 +- name: Remove the archived debian apt repository + lineinfile: + path: /etc/apt/sources.list + regexp: 'buster-backports' + state: absent + backup: yes + when: + - ansible_os_family == 'Debian' + - ansible_distribution_release == "buster" + - name: Ensure docker-ce repository is enabled apt_repository: repo: "{{ item }}" diff --git a/roles/container-engine/docker/tasks/reset.yml b/roles/container-engine/docker/tasks/reset.yml index 4bca908e6..40d19a4ff 100644 --- a/roles/container-engine/docker/tasks/reset.yml +++ b/roles/container-engine/docker/tasks/reset.yml @@ -6,8 +6,8 @@ - name: Docker | Find docker packages set_fact: - docker_packages_list: "{{ ansible_facts.packages.keys() | select('search', '^docker*') }}" - containerd_package: "{{ ansible_facts.packages.keys() | select('search', '^containerd*') }}" + docker_packages_list: "{{ ansible_facts.packages.keys() | select('search', '^docker+') }}" + containerd_package: "{{ ansible_facts.packages.keys() | select('search', '^containerd+') }}" - name: Docker | Stop all running container shell: "set -o pipefail && {{ docker_bin_dir }}/docker ps -q | xargs -r {{ docker_bin_dir }}/docker kill" diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml index fe83e6c8d..3309ab88e 100644 --- a/roles/download/tasks/main.yml +++ b/roles/download/tasks/main.yml @@ -2,7 +2,7 @@ - name: Download | Prepare working directories and variables import_tasks: prep_download.yml when: - - not skip_downloads + - not skip_downloads | default(false) tags: - download - upload @@ -10,7 +10,7 @@ - name: Download | Get kubeadm binary and list of required images include_tasks: prep_kubeadm_images.yml when: - - not skip_downloads + - not skip_downloads | default(false) - inventory_hostname in groups['kube_control_plane'] tags: - download @@ -22,44 +22,8 @@ vars: download: "{{ download_defaults | combine(item.value) }}" include_file: "download_{% if download.container %}container{% else %}file{% endif %}.yml" - kubeadm_images: "{{ skip_kubeadm_images | ternary({}, _kubeadm_images) }}" - # The trick (converting list of tuples to list of dicts) below come from - # https://docs.ansible.com/ansible/latest/collections/community/general/dict_filter.html#examples - _kubeadm_images: "{{ dict(names | map('regex_replace', '^(.*)', 'kubeadm_\\1') | - zip( repos | zip(_tags, _groups) | - map('zip', keys) | map('map', 'reverse') | map('community.general.dict') | - map('combine', defaults))) | - dict2items | rejectattr('key', 'in', excluded) | items2dict }}" - keys: - - repo - - tag - - groups - images: "{{ kubeadm_images_raw.stdout_lines | map('split', ':') }}" - _tags: "{{ images | map(attribute=1) }}" - repos: "{{ images | map(attribute=0) }}" - names: "{{ repos | map('split', '/') | map(attribute=-1) }}" - _groups: "{{ names | map('extract', images_groups) }}" - defaults: - enabled: true - container: true - excluded: - - kubeadm_coredns - - kubeadm_pause - images_groups: - coredns: [] - pause: [] - kube-proxy: - - k8s_cluster - etcd: - - etcd - kube-scheduler: - - kube_control_plane - kube-controller-manager: - - kube_control_plane - kube-apiserver: - - kube_control_plane when: - - not skip_downloads + - not skip_downloads | default(false) - download.enabled - item.value.enabled - (not (item.value.container | default(false))) or (item.value.container and download_container) diff --git a/roles/download/tasks/prep_kubeadm_images.yml b/roles/download/tasks/prep_kubeadm_images.yml index 67ac2f721..fdfed1d08 100644 --- a/roles/download/tasks/prep_kubeadm_images.yml +++ b/roles/download/tasks/prep_kubeadm_images.yml @@ -20,7 +20,7 @@ dest: "{{ kube_config_dir }}/kubeadm-images.yaml" mode: 0644 when: - - not skip_kubeadm_images + - not skip_kubeadm_images | default(false) - name: Prep_kubeadm_images | Copy kubeadm binary from download dir to system path copy: @@ -36,9 +36,36 @@ state: file - name: Prep_kubeadm_images | Generate list of required images - command: "{{ bin_dir }}/kubeadm config images list --config={{ kube_config_dir }}/kubeadm-images.yaml" + shell: "set -o pipefail && {{ bin_dir }}/kubeadm config images list --config={{ kube_config_dir }}/kubeadm-images.yaml | grep -Ev 'coredns|pause'" + args: + executable: /bin/bash register: kubeadm_images_raw run_once: true changed_when: false when: - - not skip_kubeadm_images + - not skip_kubeadm_images | default(false) + +- name: Prep_kubeadm_images | Parse list of images + vars: + kubeadm_images_list: "{{ kubeadm_images_raw.stdout_lines }}" + set_fact: + kubeadm_image: + key: "kubeadm_{{ (item | regex_replace('^(?:.*\\/)*', '')).split(':')[0] }}" + value: + enabled: true + container: true + repo: "{{ item | regex_replace('^(.*):.*$', '\\1') }}" + tag: "{{ item | regex_replace('^.*:(.*)$', '\\1') }}" + groups: k8s_cluster + loop: "{{ kubeadm_images_list | flatten(levels=1) }}" + register: kubeadm_images_cooked + run_once: true + when: + - not skip_kubeadm_images | default(false) + +- name: Prep_kubeadm_images | Convert list of images to dict for later use + set_fact: + kubeadm_images: "{{ kubeadm_images_cooked.results | map(attribute='ansible_facts.kubeadm_image') | list | items2dict }}" + run_once: true + when: + - not skip_kubeadm_images | default(false) diff --git a/roles/helm-apps/vars/main.yml b/roles/helm-apps/vars/main.yml index bcce54a8f..bb559e551 100644 --- a/roles/helm-apps/vars/main.yml +++ b/roles/helm-apps/vars/main.yml @@ -7,3 +7,4 @@ helm_defaults: helm_repository_defaults: binary_path: "{{ bin_dir }}/helm" + force_update: true diff --git a/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2 b/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2 index 9ca15d700..6e1dda36a 100644 --- a/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2 @@ -20,7 +20,7 @@ spec: spec: nodeSelector: {{ nodelocaldns_ds_nodeselector }} - priorityClassName: system-cluster-critical + priorityClassName: system-node-critical serviceAccountName: nodelocaldns hostNetwork: true dnsPolicy: Default # Don't use cluster DNS. diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml index f81bf1e2e..9cd42ed68 100644 --- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml +++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml @@ -16,4 +16,4 @@ external_huaweicloud_cloud: "{{ lookup('env','OS_CLOUD') }}" ## arg2: "value2" external_huawei_cloud_controller_extra_args: {} external_huawei_cloud_controller_image_repo: "swr.ap-southeast-1.myhuaweicloud.com" -external_huawei_cloud_controller_image_tag: "v0.26.6" +external_huawei_cloud_controller_image_tag: "v0.26.8" diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2 b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2 index 07f1771d6..875ea9b89 100644 --- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2 +++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2 @@ -21,3 +21,6 @@ subnet-id={{ external_huaweicloud_lbaas_subnet_id }} {% if external_huaweicloud_lbaas_network_id is defined %} id={{ external_huaweicloud_lbaas_network_id }} {% endif %} +{% if external_huaweicloud_security_group_id is defined %} +security-group-id={{ external_huaweicloud_security_group_id }} +{% endif %} diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2 index b9b2ec354..29f99b205 100644 --- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2 +++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2 @@ -47,6 +47,11 @@ spec: - --cloud-config=$(CLOUD_CONFIG) - --cloud-provider=huaweicloud - --use-service-account-credentials=true + - --node-status-update-frequency=5s + - --node-monitor-period=5s + - --leader-elect-lease-duration=30s + - --leader-elect-renew-deadline=20s + - --leader-elect-retry-period=2s {% for key, value in external_huawei_cloud_controller_extra_args.items() %} - "{{ '--' + key + '=' + value }}" {% endfor %} diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2 index bbdf3364a..3c893f3fa 100644 --- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2 +++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2 @@ -1,16 +1,12 @@ -apiVersion: v1 -items: -- apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: system:cloud-controller-manager - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:cloud-controller-manager - subjects: +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:cloud-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager +subjects: - kind: ServiceAccount name: cloud-controller-manager - namespace: kube-system -kind: List -metadata: {} + namespace: kube-system \ No newline at end of file diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2 index 2e2d8b64e..d2710e960 100644 --- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2 +++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2 @@ -1,117 +1,113 @@ -apiVersion: v1 -items: -- apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: system:cloud-controller-manager - rules: +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:cloud-controller-manager +rules: - resources: - - tokenreviews + - tokenreviews verbs: - - get - - list - - watch - - create - - update - - patch + - get + - list + - watch + - create + - update + - patch apiGroups: - - authentication.k8s.io + - authentication.k8s.io - resources: - - configmaps - - endpoints - - pods - - services - - secrets - - serviceaccounts - - serviceaccounts/token + - configmaps + - endpoints + - pods + - services + - secrets + - serviceaccounts + - serviceaccounts/token verbs: - - get - - list - - watch - - create - - update - - patch + - get + - list + - watch + - create + - update + - patch apiGroups: - - '' + - '' - resources: - - nodes + - nodes verbs: - - get - - list - - watch - - delete - - patch - - update + - get + - list + - watch + - delete + - patch + - update apiGroups: - - '' + - '' - resources: - - services/status - - pods/status + - services/status + - pods/status verbs: - - update - - patch + - update + - patch apiGroups: - - '' + - '' - resources: - - nodes/status + - nodes/status verbs: - - patch - - update + - patch + - update apiGroups: - - '' + - '' - resources: - - events - - endpoints + - events + - endpoints verbs: - - create - - patch - - update + - create + - patch + - update apiGroups: - - '' + - '' - resources: - - leases + - leases verbs: - - get - - update - - create - - delete + - get + - update + - create + - delete apiGroups: - - coordination.k8s.io + - coordination.k8s.io - resources: - - customresourcedefinitions + - customresourcedefinitions verbs: - - get - - update - - create - - delete + - get + - update + - create + - delete apiGroups: - apiextensions.k8s.io - resources: - - ingresses + - ingresses verbs: - - get - - list - - watch - - update - - create - - patch - - delete + - get + - list + - watch + - update + - create + - patch + - delete apiGroups: - - networking.k8s.io + - networking.k8s.io - resources: - - ingresses/status + - ingresses/status verbs: - - update - - patch + - update + - patch apiGroups: - - networking.k8s.io + - networking.k8s.io - resources: - - endpointslices + - endpointslices verbs: - - get - - list - - watch + - get + - list + - watch apiGroups: - - discovery.k8s.io -kind: List -metadata: {} + - discovery.k8s.io \ No newline at end of file diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml b/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml index 4bcf135a3..3affb19fc 100644 --- a/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml +++ b/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml @@ -21,5 +21,5 @@ external_openstack_cacert: "{{ lookup('env', 'OS_CACERT') }}" ## arg1: "value1" ## arg2: "value2" external_openstack_cloud_controller_extra_args: {} -external_openstack_cloud_controller_image_tag: "v1.25.3" +external_openstack_cloud_controller_image_tag: "v1.28.2" external_openstack_cloud_controller_bind_address: 127.0.0.1 diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2 index 8bae2aa11..d03be0bac 100644 --- a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2 +++ b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2 @@ -36,7 +36,7 @@ spec: serviceAccountName: cloud-controller-manager containers: - name: openstack-cloud-controller-manager - image: {{ docker_image_repo }}/k8scloudprovider/openstack-cloud-controller-manager:{{ external_openstack_cloud_controller_image_tag }} + image: {{ external_openstack_cloud_controller_image_repo }}:{{ external_openstack_cloud_controller_image_tag }} args: - /bin/openstack-cloud-controller-manager - --v=1 diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml b/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml index c83c8c3ed..2650136d8 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml @@ -19,5 +19,6 @@ ingress_nginx_without_class: true ingress_nginx_default: false ingress_nginx_webhook_enabled: false ingress_nginx_webhook_job_ttl: 1800 +ingress_nginx_opentelemetry_enabled: false ingress_nginx_probe_initial_delay_seconds: 10 diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 index 7f419350b..c7657b621 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 @@ -23,6 +23,26 @@ spec: spec: serviceAccountName: ingress-nginx terminationGracePeriodSeconds: {{ ingress_nginx_termination_grace_period_seconds }} +{% if ingress_nginx_opentelemetry_enabled %} + initContainers: + - name: opentelemetry + command: + - /init_module + image: {{ ingress_nginx_opentelemetry_image_repo }}:{{ ingress_nginx_opentelemetry_image_tag }} + securityContext: + runAsNonRoot: true + runAsUser: 65532 + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /modules_mount + name: modules +{% endif %} {% if ingress_nginx_host_network %} hostNetwork: true dnsPolicy: ClusterFirstWithHostNet @@ -127,15 +147,27 @@ spec: timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 -{% if ingress_nginx_webhook_enabled %} +{% if ingress_nginx_webhook_enabled or ingress_nginx_opentelemetry_enabled %} volumeMounts: +{% if ingress_nginx_webhook_enabled %} - mountPath: /usr/local/certificates/ name: webhook-cert readOnly: true {% endif %} -{% if ingress_nginx_webhook_enabled %} +{% if ingress_nginx_opentelemetry_enabled %} + - name: modules + mountPath: /modules_mount +{% endif %} +{% endif %} +{% if ingress_nginx_webhook_enabled or ingress_nginx_opentelemetry_enabled %} volumes: +{% if ingress_nginx_webhook_enabled %} - name: webhook-cert secret: secretName: ingress-nginx-admission {% endif %} +{% if ingress_nginx_opentelemetry_enabled %} + - name: modules + emptyDir: {} +{% endif %} +{% endif %} diff --git a/roles/kubernetes-apps/kubelet-csr-approver/defaults/main.yml b/roles/kubernetes-apps/kubelet-csr-approver/defaults/main.yml index 2edce709b..26347cfc7 100644 --- a/roles/kubernetes-apps/kubelet-csr-approver/defaults/main.yml +++ b/roles/kubernetes-apps/kubelet-csr-approver/defaults/main.yml @@ -5,7 +5,7 @@ kubelet_csr_approver_namespace: kube-system kubelet_csr_approver_repository_name: kubelet-csr-approver kubelet_csr_approver_repository_url: https://postfinance.github.io/kubelet-csr-approver kubelet_csr_approver_chart_ref: "{{ kubelet_csr_approver_repository_name }}/kubelet-csr-approver" -kubelet_csr_approver_chart_version: 0.2.8 +kubelet_csr_approver_chart_version: 1.1.0 # Fill values override here # See upstream https://github.com/postfinance/kubelet-csr-approver diff --git a/roles/kubernetes-apps/metallb/tasks/main.yml b/roles/kubernetes-apps/metallb/tasks/main.yml index 221fe3c79..6a804cbef 100644 --- a/roles/kubernetes-apps/metallb/tasks/main.yml +++ b/roles/kubernetes-apps/metallb/tasks/main.yml @@ -33,7 +33,7 @@ - inventory_hostname == groups['kube_control_plane'][0] - name: Kubernetes Apps | Wait for MetalLB controller to be running - command: "{{ bin_dir }}/kubectl rollout status -n metallb-system deployment -l app=metallb,component=controller --timeout=2m" + command: "{{ bin_dir }}/kubectl rollout status -n {{ metallb_namespace }} deployment -l app=metallb,component=controller --timeout=2m" become: true when: - inventory_hostname == groups['kube_control_plane'][0] @@ -104,5 +104,5 @@ name: config kubectl: "{{ bin_dir }}/kubectl" resource: ConfigMap - namespace: metallb-system + namespace: "{{ metallb_namespace }}" state: absent diff --git a/roles/kubernetes-apps/metallb/templates/layer2.yaml.j2 b/roles/kubernetes-apps/metallb/templates/layer2.yaml.j2 index d24973288..e3fdb191a 100644 --- a/roles/kubernetes-apps/metallb/templates/layer2.yaml.j2 +++ b/roles/kubernetes-apps/metallb/templates/layer2.yaml.j2 @@ -11,7 +11,7 @@ apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: "{{ entry }}" - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: ipAddressPools: - "{{ entry }}" diff --git a/roles/kubernetes-apps/metallb/templates/layer3.yaml.j2 b/roles/kubernetes-apps/metallb/templates/layer3.yaml.j2 index 490bae24f..b32c19403 100644 --- a/roles/kubernetes-apps/metallb/templates/layer3.yaml.j2 +++ b/roles/kubernetes-apps/metallb/templates/layer3.yaml.j2 @@ -9,7 +9,7 @@ apiVersion: metallb.io/v1beta1 kind: Community metadata: name: "{{ community_name }}" - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: communities: - name: "{{ community_name }}" @@ -21,7 +21,7 @@ apiVersion: metallb.io/v1beta1 kind: Community metadata: name: well-known - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: communities: - name: no-export @@ -51,7 +51,7 @@ apiVersion: metallb.io/v1beta1 kind: BGPAdvertisement metadata: name: "{{ peer_name }}-local" - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: aggregationLength: 32 aggregationLengthV6: 128 @@ -70,7 +70,7 @@ apiVersion: metallb.io/v1beta1 kind: BGPAdvertisement metadata: name: "{{ peer_name }}-external" - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: {% if peer.aggregation_length is defined and peer.aggregation_length <= 30 %} aggregationLength: {{ peer.aggregation_length }} @@ -93,7 +93,7 @@ apiVersion: metallb.io/v1beta2 kind: BGPPeer metadata: name: "{{ peer_name }}" - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: myASN: {{ peer.my_asn }} peerASN: {{ peer.peer_asn }} diff --git a/roles/kubernetes-apps/metallb/templates/metallb.yaml.j2 b/roles/kubernetes-apps/metallb/templates/metallb.yaml.j2 index af18a100b..ebdea51e3 100644 --- a/roles/kubernetes-apps/metallb/templates/metallb.yaml.j2 +++ b/roles/kubernetes-apps/metallb/templates/metallb.yaml.j2 @@ -6,7 +6,7 @@ metadata: pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged - name: metallb-system + name: {{ metallb_namespace }} --- apiVersion: apiextensions.k8s.io/v1 @@ -23,7 +23,7 @@ spec: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /convert conversionReviewVersions: - v1alpha1 @@ -544,7 +544,7 @@ spec: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /convert conversionReviewVersions: - v1beta1 @@ -1291,7 +1291,7 @@ metadata: pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged name: controller - namespace: metallb-system + namespace: "{{ metallb_namespace }}" {% if metallb_speaker_enabled %} --- @@ -1301,7 +1301,7 @@ metadata: labels: app: metallb name: speaker - namespace: metallb-system + namespace: "{{ metallb_namespace }}" {% endif %} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -1310,7 +1310,7 @@ metadata: labels: app: metallb name: controller - namespace: metallb-system + namespace: "{{ metallb_namespace }}" rules: - apiGroups: - "" @@ -1402,7 +1402,7 @@ metadata: labels: app: metallb name: pod-lister - namespace: metallb-system + namespace: "{{ metallb_namespace }}" rules: - apiGroups: - "" @@ -1480,7 +1480,7 @@ kind: ClusterRole metadata: labels: app: metallb - name: metallb-system:controller + name: {{ metallb_namespace }}:controller rules: - apiGroups: - "" @@ -1561,7 +1561,7 @@ kind: ClusterRole metadata: labels: app: metallb - name: metallb-system:speaker + name: {{ metallb_namespace }}:speaker rules: - apiGroups: - "" @@ -1598,7 +1598,7 @@ metadata: labels: app: metallb name: controller - namespace: metallb-system + namespace: "{{ metallb_namespace }}" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -1606,7 +1606,7 @@ roleRef: subjects: - kind: ServiceAccount name: controller - namespace: metallb-system + namespace: "{{ metallb_namespace }}" --- apiVersion: rbac.authorization.k8s.io/v1 @@ -1615,7 +1615,7 @@ metadata: labels: app: metallb name: pod-lister - namespace: metallb-system + namespace: "{{ metallb_namespace }}" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -1623,7 +1623,7 @@ roleRef: subjects: - kind: ServiceAccount name: speaker - namespace: metallb-system + namespace: "{{ metallb_namespace }}" --- apiVersion: rbac.authorization.k8s.io/v1 @@ -1631,15 +1631,15 @@ kind: ClusterRoleBinding metadata: labels: app: metallb - name: metallb-system:controller + name: {{ metallb_namespace }}:controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: metallb-system:controller + name: {{ metallb_namespace }}:controller subjects: - kind: ServiceAccount name: controller - namespace: metallb-system + namespace: "{{ metallb_namespace }}" {% if metallb_speaker_enabled %} --- @@ -1648,15 +1648,15 @@ kind: ClusterRoleBinding metadata: labels: app: metallb - name: metallb-system:speaker + name: {{ metallb_namespace }}:speaker roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: metallb-system:speaker + name: {{ metallb_namespace }}:speaker subjects: - kind: ServiceAccount name: speaker - namespace: metallb-system + namespace: "{{ metallb_namespace }}" {% endif %} --- @@ -1664,14 +1664,14 @@ apiVersion: v1 kind: Secret metadata: name: webhook-server-cert - namespace: metallb-system + namespace: "{{ metallb_namespace }}" --- apiVersion: v1 kind: Service metadata: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: ports: - port: 443 @@ -1687,7 +1687,7 @@ metadata: app: metallb component: controller name: controller - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: revisionHistoryLimit: 3 selector: @@ -1782,7 +1782,7 @@ metadata: app: metallb component: speaker name: speaker - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: selector: matchLabels: @@ -1888,7 +1888,7 @@ webhooks: clientConfig: service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /validate-metallb-io-v1beta2-bgppeer failurePolicy: Fail name: bgppeersvalidationwebhook.metallb.io @@ -1908,7 +1908,7 @@ webhooks: clientConfig: service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /validate-metallb-io-v1beta1-addresspool failurePolicy: Fail name: addresspoolvalidationwebhook.metallb.io @@ -1928,7 +1928,7 @@ webhooks: clientConfig: service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /validate-metallb-io-v1beta1-bfdprofile failurePolicy: Fail name: bfdprofilevalidationwebhook.metallb.io @@ -1948,7 +1948,7 @@ webhooks: clientConfig: service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /validate-metallb-io-v1beta1-bgpadvertisement failurePolicy: Fail name: bgpadvertisementvalidationwebhook.metallb.io @@ -1968,7 +1968,7 @@ webhooks: clientConfig: service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /validate-metallb-io-v1beta1-community failurePolicy: Fail name: communityvalidationwebhook.metallb.io @@ -1988,7 +1988,7 @@ webhooks: clientConfig: service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /validate-metallb-io-v1beta1-ipaddresspool failurePolicy: Fail name: ipaddresspoolvalidationwebhook.metallb.io @@ -2008,7 +2008,7 @@ webhooks: clientConfig: service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /validate-metallb-io-v1beta1-l2advertisement failurePolicy: Fail name: l2advertisementvalidationwebhook.metallb.io diff --git a/roles/kubernetes-apps/metallb/templates/pools.yaml.j2 b/roles/kubernetes-apps/metallb/templates/pools.yaml.j2 index f22a4e3d1..42cc6ec1a 100644 --- a/roles/kubernetes-apps/metallb/templates/pools.yaml.j2 +++ b/roles/kubernetes-apps/metallb/templates/pools.yaml.j2 @@ -9,7 +9,7 @@ apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: - namespace: metallb-system + namespace: "{{ metallb_namespace }}" name: "{{ pool_name }}" spec: addresses: diff --git a/roles/kubernetes-apps/snapshots/snapshot-controller/templates/rbac-snapshot-controller.yml.j2 b/roles/kubernetes-apps/snapshots/snapshot-controller/templates/rbac-snapshot-controller.yml.j2 index 941337686..2fa18f461 100644 --- a/roles/kubernetes-apps/snapshots/snapshot-controller/templates/rbac-snapshot-controller.yml.j2 +++ b/roles/kubernetes-apps/snapshots/snapshot-controller/templates/rbac-snapshot-controller.yml.j2 @@ -15,7 +15,6 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - # rename if there are conflicts name: snapshot-controller-runner rules: - apiGroups: [""] @@ -24,9 +23,6 @@ rules: - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] @@ -35,13 +31,37 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["patch"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] + verbs: ["get", "list", "watch", "update", "patch", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots/status"] - verbs: ["update"] + verbs: ["update", "patch"] + + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotcontents/status"] + verbs: ["patch"] + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshots"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshots/status"] + verbs: ["update", "patch"] + + # Enable this RBAC rule only when using distributed snapshotting, i.e. when the enable-distributed-snapshotting flag is set to true + # - apiGroups: [""] + # resources: ["nodes"] + # verbs: ["get", "list", "watch"] --- kind: ClusterRoleBinding @@ -54,7 +74,6 @@ subjects: namespace: {{ snapshot_controller_namespace }} roleRef: kind: ClusterRole - # change the name also here if the ClusterRole gets renamed name: snapshot-controller-runner apiGroup: rbac.authorization.k8s.io @@ -62,12 +81,12 @@ roleRef: kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - namespace: {{ snapshot_controller_namespace }} name: snapshot-controller-leaderelection + namespace: {{ snapshot_controller_namespace }} rules: -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] --- kind: RoleBinding diff --git a/roles/kubernetes-apps/snapshots/snapshot-controller/templates/snapshot-controller.yml.j2 b/roles/kubernetes-apps/snapshots/snapshot-controller/templates/snapshot-controller.yml.j2 index d17ffb368..a27e56fa9 100644 --- a/roles/kubernetes-apps/snapshots/snapshot-controller/templates/snapshot-controller.yml.j2 +++ b/roles/kubernetes-apps/snapshots/snapshot-controller/templates/snapshot-controller.yml.j2 @@ -15,11 +15,12 @@ spec: replicas: {{ snapshot_controller_replicas }} selector: matchLabels: - app: snapshot-controller - # the snapshot controller won't be marked as ready if the v1 CRDs are unavailable - # in #504 the snapshot-controller will exit after around 7.5 seconds if it - # can't find the v1 CRDs so this value should be greater than that - minReadySeconds: 15 + app.kubernetes.io/name: snapshot-controller + # The snapshot controller won't be marked as ready if the v1 CRDs are unavailable. + # The flag --retry-crd-interval-max is used to determine how long the controller + # will wait for the CRDs to become available before exiting. The default is 30 seconds + # so minReadySeconds should be set slightly higher than the flag value. + minReadySeconds: 35 strategy: rollingUpdate: maxSurge: 0 @@ -28,13 +29,13 @@ spec: template: metadata: labels: - app: snapshot-controller + app.kubernetes.io/name: snapshot-controller spec: - serviceAccount: snapshot-controller + serviceAccountName: snapshot-controller containers: - name: snapshot-controller image: {{ snapshot_controller_image_repo }}:{{ snapshot_controller_image_tag }} + imagePullPolicy: {{ k8s_image_pull_policy }} args: - "--v=5" - - "--leader-election=false" - imagePullPolicy: {{ k8s_image_pull_policy }} + - "--leader-election={{ 'true' if snapshot_controller_replicas > 1 else 'false' }}" diff --git a/roles/kubernetes/control-plane/defaults/main/main.yml b/roles/kubernetes/control-plane/defaults/main/main.yml index fd7047767..df92c419b 100644 --- a/roles/kubernetes/control-plane/defaults/main/main.yml +++ b/roles/kubernetes/control-plane/defaults/main/main.yml @@ -240,3 +240,6 @@ kubeadm_upgrade_auto_cert_renewal: true kube_apiserver_tracing: false kube_apiserver_tracing_endpoint: 0.0.0.0:4317 kube_apiserver_tracing_sampling_rate_per_million: 100 + +# Enable kubeadm file discovery if anonymous access has been removed +kubeadm_use_file_discovery: "{{ remove_anonymous_access }}" diff --git a/roles/kubernetes/control-plane/tasks/define-first-kube-control.yml b/roles/kubernetes/control-plane/tasks/define-first-kube-control.yml index 36996da2e..ce5894d11 100644 --- a/roles/kubernetes/control-plane/tasks/define-first-kube-control.yml +++ b/roles/kubernetes/control-plane/tasks/define-first-kube-control.yml @@ -9,7 +9,7 @@ - name: Set fact joined_control_planes set_fact: joined_control_planes: "{{ ((kube_control_planes_raw.stdout | from_json)['items']) | default([]) | map(attribute='metadata') | map(attribute='name') | list }}" - delegate_to: item + delegate_to: "{{ item }}" loop: "{{ groups['kube_control_plane'] }}" when: kube_control_planes_raw is succeeded run_once: yes diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml index f3fd207c4..e10ef7fab 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml @@ -63,6 +63,26 @@ - kubeadm_already_run is not defined or not kubeadm_already_run.stat.exists - not kube_external_ca_mode +- name: Get kubeconfig for join discovery process + command: "{{ kubectl }} -n kube-public get cm cluster-info -o jsonpath='{.data.kubeconfig}'" + register: kubeconfig_file_discovery + run_once: true + delegate_to: "{{ groups['kube_control_plane'] | first }}" + when: + - kubeadm_use_file_discovery + - kubeadm_already_run is not defined or not kubeadm_already_run.stat.exists + +- name: Copy discovery kubeconfig + copy: + dest: "{{ kube_config_dir }}/cluster-info-discovery-kubeconfig.yaml" + content: "{{ kubeconfig_file_discovery.stdout }}" + owner: "root" + mode: 0644 + when: + - inventory_hostname != first_kube_control_plane + - kubeadm_use_file_discovery + - kubeadm_already_run is not defined or not kubeadm_already_run.stat.exists + - name: Joining control plane node to the cluster. command: >- {{ bin_dir }}/kubeadm join diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml index 1f4ff20a3..ceaafa06c 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml @@ -221,12 +221,16 @@ {{ bin_dir }}/kubeadm --kubeconfig {{ kube_config_dir }}/admin.conf token create {{ kubeadm_token }} changed_when: false when: - - inventory_hostname == first_kube_control_plane + - inventory_hostname == first_kube_control_plane - kubeadm_token is defined - kubeadm_refresh_token tags: - kubeadm_token +- name: Remove binding to anonymous user + command: "{{ kubectl }} -n kube-public delete rolebinding kubeadm:bootstrap-signer-clusterinfo --ignore-not-found" + when: inventory_hostname == first_kube_control_plane and remove_anonymous_access + - name: Create kubeadm token for joining nodes with 24h expiration (default) command: "{{ bin_dir }}/kubeadm --kubeconfig {{ kube_config_dir }}/admin.conf token create" changed_when: false diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml index 12ab0b934..7638a8968 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml @@ -53,6 +53,10 @@ PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}" notify: Master | restart kubelet +- name: Kubeadm | Remove binding to anonymous user + command: "{{ kubectl }} -n kube-public delete rolebinding kubeadm:bootstrap-signer-clusterinfo --ignore-not-found" + when: remove_anonymous_access + - name: Kubeadm | clean kubectl cache to refresh api types file: path: "{{ item }}" diff --git a/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2 index c950d00b3..cd19b5c2e 100644 --- a/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2 @@ -1,6 +1,10 @@ apiVersion: kubeadm.k8s.io/v1beta3 kind: JoinConfiguration discovery: +{% if kubeadm_use_file_discovery %} + file: + kubeConfigPath: {{ kube_config_dir }}/cluster-info-discovery-kubeconfig.yaml +{% else %} bootstrapToken: {% if kubeadm_config_api_fqdn is defined %} apiServerEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }} @@ -9,6 +13,7 @@ discovery: {% endif %} token: {{ kubeadm_token }} unsafeSkipCAVerification: true +{% endif %} timeout: {{ discovery_timeout }} tlsBootstrapToken: {{ kubeadm_token }} controlPlane: diff --git a/roles/kubernetes/kubeadm/defaults/main.yml b/roles/kubernetes/kubeadm/defaults/main.yml index 61b132e61..5047de509 100644 --- a/roles/kubernetes/kubeadm/defaults/main.yml +++ b/roles/kubernetes/kubeadm/defaults/main.yml @@ -4,6 +4,9 @@ discovery_timeout: 60s kubeadm_join_timeout: 120s +# Enable kubeadm file discovery if anonymous access has been removed +kubeadm_use_file_discovery: "{{ remove_anonymous_access }}" + # If non-empty, will use this string as identification instead of the actual hostname kube_override_hostname: >- {%- if cloud_provider is defined and cloud_provider in ['aws'] -%} diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml index 4a65dbbc9..e8b5dceb6 100644 --- a/roles/kubernetes/kubeadm/tasks/main.yml +++ b/roles/kubernetes/kubeadm/tasks/main.yml @@ -57,6 +57,24 @@ set_fact: kubeadmConfig_api_version: v1beta3 +- name: Get kubeconfig for join discovery process + command: "{{ kubectl }} -n kube-public get cm cluster-info -o jsonpath='{.data.kubeconfig}'" + register: kubeconfig_file_discovery + run_once: true + delegate_to: "{{ groups['kube_control_plane'] | first }}" + when: kubeadm_use_file_discovery + +- name: Copy discovery kubeconfig + copy: + dest: "{{ kube_config_dir }}/cluster-info-discovery-kubeconfig.yaml" + content: "{{ kubeconfig_file_discovery.stdout }}" + owner: "root" + mode: 0644 + when: + - not is_kube_master + - not kubelet_conf.stat.exists + - kubeadm_use_file_discovery + - name: Create kubeadm client config template: src: "kubeadm-client.conf.{{ kubeadmConfig_api_version }}.j2" diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2 index 5104ecfb9..3b3bc57de 100644 --- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2 +++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2 @@ -2,6 +2,10 @@ apiVersion: kubeadm.k8s.io/v1beta3 kind: JoinConfiguration discovery: +{% if kubeadm_use_file_discovery %} + file: + kubeConfigPath: {{ kube_config_dir }}/cluster-info-discovery-kubeconfig.yaml +{% else %} bootstrapToken: {% if kubeadm_config_api_fqdn is defined %} apiServerEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }} @@ -14,6 +18,7 @@ discovery: - sha256:{{ kubeadm_ca_hash.stdout }} {% else %} unsafeSkipCAVerification: true +{% endif %} {% endif %} timeout: {{ discovery_timeout }} tlsBootstrapToken: {{ kubeadm_token }} diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml index b3f8fbf10..69cfa4540 100644 --- a/roles/kubernetes/node/defaults/main.yml +++ b/roles/kubernetes/node/defaults/main.yml @@ -24,10 +24,11 @@ kubelet_kubelet_cgroups_cgroupfs: "/system.slice/kubelet.service" kubelet_systemd_hardening: false # List of secure IPs for kubelet -kubelet_secure_addresses: >- - {%- for host in groups['kube_control_plane'] -%} +kube_node_addresses: >- + {%- for host in (groups['kube_control_plane'] + groups['kube_node'] + groups['etcd']) | unique -%} {{ hostvars[host]['ip'] | default(fallback_ips[host]) }}{{ ' ' if not loop.last else '' }} {%- endfor -%} +kubelet_secure_addresses: "localhost link-local {{ kube_pods_subnet }} {{ kube_node_addresses }}" # Reserve this space for kube resources # Set to true to reserve resources for kube daemons @@ -87,6 +88,9 @@ kube_vip_address: kube_vip_enableServicesElection: false kube_vip_lb_enable: false kube_vip_lb_fwdmethod: local +kube_vip_leaseduration: 5 +kube_vip_renewdeadline: 3 +kube_vip_retryperiod: 1 # Requests for load balancer app loadbalancer_apiserver_memory_requests: 32M @@ -258,4 +262,4 @@ conntrack_modules: ## Enable distributed tracing for kubelet kubelet_tracing: false kubelet_tracing_endpoint: 0.0.0.0:4317 -kubelet_tracing_sampling_rate_per_million: 100 \ No newline at end of file +kubelet_tracing_sampling_rate_per_million: 100 diff --git a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 index 3d76ba485..1a664a0ed 100644 --- a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 +++ b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 @@ -64,7 +64,7 @@ clusterDNS: kubeReservedCgroup: {{ kube_reserved_cgroups }} kubeReserved: {% if is_kube_master | bool %} - cpu: {{ kube_master_cpu_reserved }} + cpu: "{{ kube_master_cpu_reserved }}" memory: {{ kube_master_memory_reserved }} {% if kube_master_ephemeral_storage_reserved is defined %} ephemeral-storage: {{ kube_master_ephemeral_storage_reserved }} @@ -73,7 +73,7 @@ kubeReserved: pid: "{{ kube_master_pid_reserved }}" {% endif %} {% else %} - cpu: {{ kube_cpu_reserved }} + cpu: "{{ kube_cpu_reserved }}" memory: {{ kube_memory_reserved }} {% if kube_ephemeral_storage_reserved is defined %} ephemeral-storage: {{ kube_ephemeral_storage_reserved }} @@ -87,7 +87,7 @@ kubeReserved: systemReservedCgroup: {{ system_reserved_cgroups }} systemReserved: {% if is_kube_master | bool %} - cpu: {{ system_master_cpu_reserved }} + cpu: "{{ system_master_cpu_reserved }}" memory: {{ system_master_memory_reserved }} {% if system_master_ephemeral_storage_reserved is defined %} ephemeral-storage: {{ system_master_ephemeral_storage_reserved }} @@ -96,7 +96,7 @@ systemReserved: pid: "{{ system_master_pid_reserved }}" {% endif %} {% else %} - cpu: {{ system_cpu_reserved }} + cpu: "{{ system_cpu_reserved }}" memory: {{ system_memory_reserved }} {% if system_ephemeral_storage_reserved is defined %} ephemeral-storage: {{ system_ephemeral_storage_reserved }} diff --git a/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2 b/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2 index 936ad44d2..ead73495d 100644 --- a/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2 +++ b/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2 @@ -48,11 +48,11 @@ spec: - name: vip_leaderelection value: "true" - name: vip_leaseduration - value: "5" + value: {{ kube_vip_leaseduration | string | to_json }} - name: vip_renewdeadline - value: "3" + value: {{ kube_vip_renewdeadline | string | to_json }} - name: vip_retryperiod - value: "1" + value: {{ kube_vip_retryperiod | string | to_json }} {% endif %} {% if kube_vip_bgp_enabled %} - name: bgp_enable diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml index eb33ed3db..3c4d8a40d 100644 --- a/roles/kubernetes/preinstall/defaults/main.yml +++ b/roles/kubernetes/preinstall/defaults/main.yml @@ -6,18 +6,6 @@ epel_enabled: false # Kubespray sets this to true after clusterDNS is running to apply changes to the host resolv.conf dns_late: false -common_required_pkgs: - - "{{ (ansible_distribution == 'openSUSE Tumbleweed') | ternary('openssl-1_1', 'openssl') }}" - - curl - - rsync - - socat - - unzip - - e2fsprogs - - xfsprogs - - ebtables - - bash-completion - - tar - # Set to true if your network does not support IPv6 # This may be necessary for pulling Docker images from # GCE docker repository @@ -98,6 +86,13 @@ ntp_servers: ntp_restrict: - "127.0.0.1" - "::1" +# Specify whether to filter interfaces +ntp_filter_interface: false +# Specify the interfaces +# Only takes effect when ntp_filter_interface is true +# ntp_interfaces: +# - ignore wildcard +# - listen xxx # The NTP driftfile path # Only takes effect when ntp_manage_config is true. ntp_driftfile: /var/lib/ntp/ntp.drift @@ -135,15 +130,9 @@ supported_os_distributions: # Extending some distributions into the redhat os family redhat_os_family_extensions: - - "Kylin Linux Advanced Server" - - "openEuler" - "UnionTech" - "UniontechOS" -# Extending some distributions into the debian os family -debian_os_family_extensions: - - "UnionTech OS Server 20" - # Sets DNSStubListener=no, useful if you get "0.0.0.0:53: bind: address already in use" systemd_resolved_disable_stub_listener: "{{ ansible_os_family in ['Flatcar', 'Flatcar Container Linux by Kinvolk'] }}" diff --git a/roles/kubernetes/preinstall/files/pkgs-schema.json b/roles/kubernetes/preinstall/files/pkgs-schema.json new file mode 100644 index 000000000..1fb9e28de --- /dev/null +++ b/roles/kubernetes/preinstall/files/pkgs-schema.json @@ -0,0 +1,80 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://kubespray.io/internal/os_packages.schema.json", + "title": "Os packages", + "description": "Criteria for selecting packages to install on Kubernetes nodes during installation by Kubespray", + "type": "object", + "patternProperties": { + ".*": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "description": "Escape hatch to filter packages. The value is expected to be pre-resolved to a boolean by Jinja", + "type": "boolean", + "default": true + }, + "groups": { + "description": "Match if the host is in one of these groups. If not specified match any host.", + "type": "array", + "minItems": 1, + "items":{ + "type": "string", + "pattern": "^[0-9A-Za-z_]*$" + } + }, + "os": { + "type": "object", + "description": "If not specified match any OS. Otherwise, must match by 'families' or 'distributions' to be included.", + "additionalProperties": false, + "minProperties": 1, + "properties": { + "families": { + "description": "Match if ansible_os_family is part of the list.", + "type": "array", + "minItems": 1, + "items": { + "type": "string" + } + }, + "distributions": { + "type": "object", + "description": "Match if ansible_distribution match one of defined keys.", + "minProperties": 1, + "patternProperties": { + ".*": { + "description": "Match if either the value is the empty hash, or one major_versions/versions/releases contains the corresponding variable ('ansible_distrbution_*')", + "type": "object", + "additionalProperties": false, + "properties": { + "major_versions": { + "type": "array", + "minItems": 1, + "items": { + "type": "string" + } + }, + "versions": { + "type": "array", + "minItems": 1, + "items": { + "type": "string" + } + }, + "releases": { + "type": "array", + "minItems": 1, + "items": { + "type": "string" + } + } + } + } + } + } + } + } + } + } + } +} diff --git a/roles/kubernetes/preinstall/tasks/0020-set_facts.yml b/roles/kubernetes/preinstall/tasks/0020-set_facts.yml index e68f56837..4541c14c5 100644 --- a/roles/kubernetes/preinstall/tasks/0020-set_facts.yml +++ b/roles/kubernetes/preinstall/tasks/0020-set_facts.yml @@ -1,11 +1,4 @@ --- -- name: Force binaries directory for Flatcar Container Linux by Kinvolk - set_fact: - bin_dir: "/opt/bin" - when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] - tags: - - facts - - name: Set os_family fact for other redhat-based operating systems set_fact: ansible_os_family: "RedHat" @@ -14,34 +7,6 @@ tags: - facts -- name: Set os_family fact for other debian-based operating systems - set_fact: - ansible_os_family: "Debian" - when: ansible_distribution in debian_os_family_extensions - tags: - - facts - -- name: Check if booted with ostree - stat: - path: /run/ostree-booted - get_attributes: no - get_checksum: no - get_mime: no - register: ostree - -- name: Set is_fedora_coreos - lineinfile: - path: /etc/os-release - line: "VARIANT_ID=coreos" - state: present - check_mode: yes - register: os_variant_coreos - changed_when: false - -- name: Set is_fedora_coreos - set_fact: - is_fedora_coreos: "{{ ostree.stat.exists and os_variant_coreos is not changed }}" - - name: Check resolvconf command: which resolvconf register: resolvconf @@ -234,20 +199,6 @@ supersede domain-name-servers {{ (nameservers | d([]) + cloud_resolver | d([])) | unique | join(', ') }}; when: dns_early and not dns_late -- name: Gather os specific variables - include_vars: "{{ item }}" - with_first_found: - - files: - - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower | replace('/', '_') }}.yml" - - "{{ ansible_distribution | lower }}-{{ ansible_distribution_release }}.yml" - - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower | replace('/', '_') }}.yml" - - "{{ ansible_distribution | lower }}.yml" - - "{{ ansible_os_family | lower }}.yml" - - defaults.yml - paths: - - ../vars - skip: true - - name: Set etcd vars if using kubeadm mode set_fact: etcd_cert_dir: "{{ kube_cert_dir }}" diff --git a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml index f2d40e995..91b78b75f 100644 --- a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml @@ -316,3 +316,15 @@ when: - kube_apiserver_enable_admission_plugins is defined - kube_apiserver_enable_admission_plugins | length > 0 + +- name: Verify that the packages list structure is valid + ansible.utils.validate: + criteria: "{{ lookup('file', 'pkgs-schema.json') }}" + data: "{{ pkgs }}" + +- name: Verify that the packages list is sorted + vars: + pkgs_lists: "{{ pkgs.keys() | list }}" + assert: + that: "pkgs_lists | sort == pkgs_lists" + fail_msg: "pkgs is not sorted: {{ pkgs_lists | ansible.utils.fact_diff(pkgs_lists | sort) }}" diff --git a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml index ccfb4900e..7085ffb0c 100644 --- a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml +++ b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml @@ -48,20 +48,6 @@ - ansible_os_family == "RedHat" - not is_fedora_coreos -- name: Install python3-dnf for latest RedHat versions - command: dnf install -y python3-dnf - register: dnf_task_result - until: dnf_task_result is succeeded - retries: 4 - delay: "{{ retry_stagger | random + 3 }}" - when: - - ansible_distribution == "Fedora" - - ansible_distribution_major_version | int >= 30 - - not is_fedora_coreos - changed_when: False - tags: - - bootstrap-os - - name: Install epel-release on RHEL derivatives package: name: epel-release @@ -73,27 +59,28 @@ tags: - bootstrap-os -- name: Update common_required_pkgs with ipvsadm when kube_proxy_mode is ipvs - set_fact: - common_required_pkgs: "{{ common_required_pkgs | default([]) + ['ipvsadm', 'ipset'] }}" - when: kube_proxy_mode == 'ipvs' - - name: Install packages requirements + vars: + # The json_query for selecting packages name is split for readability + # see files/pkgs-schema.json for the structure of `pkgs` + # and the matching semantics + full_query: "[? value | (enabled == null || enabled) && ( {{ filters_os }} ) && ( {{ filters_groups }} ) ].key" + filters_groups: "groups | @ == null || [? contains(`{{ group_names }}`, @)]" + filters_os: "os == null || (os | ( {{ filters_family }} ) || ( {{ filters_distro }} ))" + dquote: !unsafe '"' + # necessary to workaround Ansible escaping + filters_distro: "distributions.{{ dquote }}{{ ansible_distribution }}{{ dquote }} | + @ == `{}` || + contains(not_null(major_versions, `[]`), '{{ ansible_distribution_major_version }}') || + contains(not_null(versions, `[]`), '{{ ansible_distribution_version }}') || + contains(not_null(releases, `[]`), '{{ ansible_distribution_release }}')" + filters_family: "families && contains(families, '{{ ansible_os_family }}')" package: - name: "{{ required_pkgs | default([]) | union(common_required_pkgs | default([])) }}" + name: "{{ pkgs | dict2items | to_json|from_json | community.general.json_query(full_query) }}" state: present register: pkgs_task_result until: pkgs_task_result is succeeded retries: "{{ pkg_install_retries }}" delay: "{{ retry_stagger | random + 3 }}" - when: not (ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk", "ClearLinux"] or is_fedora_coreos) tags: - bootstrap-os - -- name: Install ipvsadm for ClearLinux - package: - name: ipvsadm - state: present - when: - - ansible_os_family in ["ClearLinux"] - - kube_proxy_mode == 'ipvs' diff --git a/roles/kubernetes/preinstall/templates/ntp.conf.j2 b/roles/kubernetes/preinstall/templates/ntp.conf.j2 index abeb8996a..1a5c69c1b 100644 --- a/roles/kubernetes/preinstall/templates/ntp.conf.j2 +++ b/roles/kubernetes/preinstall/templates/ntp.conf.j2 @@ -35,6 +35,13 @@ restrict -6 default kod notrap nomodify nopeer noquery limited restrict {{ item }} {% endfor %} +# Needed for filtering interfaces +{% if ntp_filter_interface %} +{% for item in ntp_interfaces %} +interface {{ item }} +{% endfor %} +{% endif %} + # Needed for adding pool entries restrict source notrap nomodify noquery diff --git a/roles/kubernetes/preinstall/vars/amazon.yml b/roles/kubernetes/preinstall/vars/amazon.yml deleted file mode 100644 index 09c645f51..000000000 --- a/roles/kubernetes/preinstall/vars/amazon.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -required_pkgs: - - libselinux-python - - device-mapper-libs - - nss - - conntrack-tools - - libseccomp diff --git a/roles/kubernetes/preinstall/vars/centos.yml b/roles/kubernetes/preinstall/vars/centos.yml deleted file mode 100644 index 9b1a8749e..000000000 --- a/roles/kubernetes/preinstall/vars/centos.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -required_pkgs: - - "{{ ((ansible_distribution_major_version | int) < 8) | ternary('libselinux-python', 'python3-libselinux') }}" - - device-mapper-libs - - nss - - conntrack - - container-selinux - - libseccomp diff --git a/roles/kubernetes/preinstall/vars/debian-11.yml b/roles/kubernetes/preinstall/vars/debian-11.yml deleted file mode 100644 index 59cbc5a37..000000000 --- a/roles/kubernetes/preinstall/vars/debian-11.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -required_pkgs: - - python3-apt - - gnupg - - apt-transport-https - - software-properties-common - - conntrack - - iptables - - apparmor - - libseccomp2 diff --git a/roles/kubernetes/preinstall/vars/debian-12.yml b/roles/kubernetes/preinstall/vars/debian-12.yml deleted file mode 100644 index e0dca4dcd..000000000 --- a/roles/kubernetes/preinstall/vars/debian-12.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -required_pkgs: - - python3-apt - - gnupg - - apt-transport-https - - software-properties-common - - conntrack - - iptables - - apparmor - - libseccomp2 - - mergerfs diff --git a/roles/kubernetes/preinstall/vars/debian.yml b/roles/kubernetes/preinstall/vars/debian.yml deleted file mode 100644 index 51a280237..000000000 --- a/roles/kubernetes/preinstall/vars/debian.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -required_pkgs: - - python-apt - - aufs-tools - - apt-transport-https - - software-properties-common - - conntrack - - apparmor - - libseccomp2 diff --git a/roles/kubernetes/preinstall/vars/fedora.yml b/roles/kubernetes/preinstall/vars/fedora.yml deleted file mode 100644 index d69b111b6..000000000 --- a/roles/kubernetes/preinstall/vars/fedora.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -required_pkgs: - - iptables - - libselinux-python3 - - device-mapper-libs - - conntrack - - container-selinux - - libseccomp diff --git a/roles/kubernetes/preinstall/vars/main.yml b/roles/kubernetes/preinstall/vars/main.yml new file mode 100644 index 000000000..4b3524a54 --- /dev/null +++ b/roles/kubernetes/preinstall/vars/main.yml @@ -0,0 +1,106 @@ +--- +pkgs: + apparmor: &debian_family_base + os: + families: + - Debian + apt-transport-https: *debian_family_base + aufs-tools: &deb_10 + groups: + - k8s_cluster + os: + distributions: + Debian: + major_versions: + - "10" + bash-completion: {} + conntrack: &deb_redhat + groups: + - k8s_cluster + os: + families: + - Debian + - RedHat + conntrack-tools: + groups: + - k8s_cluster + os: + families: + - Suse + distributions: + Amazon: {} + container-selinux: &redhat_family + groups: + - k8s_cluster + os: + families: + - RedHat + curl: {} + device-mapper: + groups: + - k8s_cluster + os: + families: + - Suse + device-mapper-libs: *redhat_family + e2fsprogs: {} + ebtables: {} + gnupg: &debian + groups: + - k8s_cluster + os: + distributions: + Debian: + major_versions: + - "11" + - "12" + ipset: + enabled: "{{ kube_proxy_mode != 'ipvs' }}" + groups: + - k8s_cluster + iptables: *deb_redhat + ipvsadm: + enabled: "{{ kube_proxy_mode == 'ipvs' }}" + groups: + - k8s_cluster + libseccomp: *redhat_family + libseccomp2: + groups: + - k8s_cluster + os: + families: + - Suse + - Debian + libselinux-python: # TODO: Handle rehat_family + major < 8 + os: + distributions: + Amazon: {} + libselinux-python3: + os: + distributions: + Fedora: {} + mergerfs: + os: + distributions: + Debian: + major_versions: + - "12" + nss: *redhat_family + openssl: {} + python-apt: *deb_10 + # TODO: not for debian 10 + python3-apt: *debian_family_base + python3-libselinux: + os: + distributions: + RedHat: &major_redhat_like + major_versions: + - "8" + - "9" + CentOS: *major_redhat_like + rsync: {} + socat: {} + software-properties-common: *debian_family_base + tar: {} + unzip: {} + xfsprogs: {} diff --git a/roles/kubernetes/preinstall/vars/redhat.yml b/roles/kubernetes/preinstall/vars/redhat.yml deleted file mode 100644 index 9b1a8749e..000000000 --- a/roles/kubernetes/preinstall/vars/redhat.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -required_pkgs: - - "{{ ((ansible_distribution_major_version | int) < 8) | ternary('libselinux-python', 'python3-libselinux') }}" - - device-mapper-libs - - nss - - conntrack - - container-selinux - - libseccomp diff --git a/roles/kubernetes/preinstall/vars/suse.yml b/roles/kubernetes/preinstall/vars/suse.yml deleted file mode 100644 index d089ac150..000000000 --- a/roles/kubernetes/preinstall/vars/suse.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -required_pkgs: - - device-mapper - - conntrack-tools - - libseccomp2 diff --git a/roles/kubernetes/preinstall/vars/ubuntu.yml b/roles/kubernetes/preinstall/vars/ubuntu.yml deleted file mode 100644 index 85b3f255a..000000000 --- a/roles/kubernetes/preinstall/vars/ubuntu.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -required_pkgs: - - python3-apt - - apt-transport-https - - software-properties-common - - conntrack - - apparmor - - libseccomp2 diff --git a/roles/kubespray-defaults/defaults/main/checksums.yml b/roles/kubespray-defaults/defaults/main/checksums.yml index 7951af0e0..b46804605 100644 --- a/roles/kubespray-defaults/defaults/main/checksums.yml +++ b/roles/kubespray-defaults/defaults/main/checksums.yml @@ -1,7 +1,7 @@ --- crictl_checksums: arm: - v1.29.0: 0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5 + v1.29.0: 0 v1.28.0: 1ea267f3872f4b7f311963ab43ce6653ceeaf8727206c889b56587c95497e9dd v1.27.1: ec24fb7e4d45b7f3f3df254b22333839f9bdbde585187a51c93d695abefbf147 v1.27.0: 0b6983195cc62bfc98de1f3fc2ee297a7274fb79ccabf413b8a20765f12d522a @@ -25,43 +25,69 @@ crio_archive_checksums: v1.29.2: 0 v1.29.1: 0 v1.29.0: 0 + v1.28.4: 0 + v1.28.3: 0 v1.28.2: 0 v1.28.1: 0 v1.28.0: 0 + v1.27.4: 0 + v1.27.3: 0 + v1.27.2: 0 v1.27.1: 0 v1.27.0: 0 arm64: - v1.29.2: 9b4aa572d4cd51a41b1067161d961423d0d12b120fb636ea887a12a975d4b19a - v1.29.1: b6d3b502ba1474da370519bcdb9eefa07bb04a5a8e7073fbb7071d6e96f49411 + v1.29.2: e2ddaeb9d46b6a39057e67f77f5840e79d2226839014d77eb6ef243b88761f7a + v1.29.1: f7d7ca187b44ec490f4511e32f5a6bdf2d5ff14fb3dd1b452e330d7369e69c29 v1.29.0: 2bf11aeb85362ce4b25a7d9fc17bbe80659013425430e5efb922b4388031a027 - v1.28.2: 739923cb744a862039557f23823f4cc12feba121bd26ca3cc01d80cc8aaa1efb + v1.28.4: de110f71160202a1183bd3282a0a480363e6851ee101bbcaa34ba2e38c3b924d + v1.28.3: 05c98df0a3cc1fe9eec37b4fbf7c74c63f72fdbb4e9df56cf86db42a7b9fd879 + v1.28.2: 178bd67abae247d077168d9ff29c7abeae9b8427a6f9c33793b0ddb98ced2859 v1.28.1: 98a96c6b6bdf20c60e1a7948847c28b57d9e6e47e396b2e405811ea2c24ab9dc v1.28.0: c8ea800244d9e4ce74af85126afadea2939cd6f7ddd152d0f09fafbf294ef1cc + v1.27.4: 70ad1b52880c9eb026937f24aba278c89e044a3c9dbc78bcafb06b932bb2a7d7 + v1.27.3: 08b76309227a230a1ca06fd4f404ad8de18e6d8144b7c2c938879aadf22d3af4 + v1.27.2: d436b6621ac9b1b228c9c99a012f43090eac427a50298704e8b3923d72105eb7 v1.27.1: ddf601e28dc22d878cdd34549402a236afaa47e0a08f39b09e65bab7034b1b97 v1.27.0: c6615360311bff7fdfe1933e8d5030a2e9926b7196c4e7a07fcb10e51a676272 amd64: - v1.29.2: f71a85039b71fe08f1c063a93d61a1c952dc8f9a8c6be9b13fbdac8f0d9ff960 + v1.29.2: 55e71ef1bceb1cd9490ec85fdbfc889d3f3a9dd2ef3b8954dcbcf33cb6609167 v1.29.1: 127ca9f57c2a3ad44dde2e64e0ec94169886245dffb74c12e68eedc80756c260 v1.29.0: 79c161d8db8ee7f0f4807d6232283d481ef0c20c514b61289238258f66734ac6 - v1.28.2: c8002a622e268b73f8d45b0adbdff9422b832106a23be137fabdc8a233b3f787 + v1.28.4: 4bf81791f6d5f65df797f4e25dee0c8fcc157c2800c0159c68c943fd78d63e30 + v1.28.3: 76c25d00f14f2297b68f5b71be6b80766b5235c4ba8972aff8d841a355e4d10c + v1.28.2: f3b82e7330bca2a8b833502c59f21ad26b9bdef7a5d98358293cea1ae62a796b v1.28.1: 63cee2e67e283e29d790caa52531bcca7bc59473fb73bde75f4fd8daa169d4bf v1.28.0: fa87497c12815766d18f332b38a4d823fa6ad6bb3d159e383a5557e6c912eb3b + v1.27.4: d09a4a2187f63abec13220459e08922e98b7d8740fbcd81cd20bf17a1dd44016 + v1.27.3: ed4c125c2cb852afbce913b6dfe50755dc4d8cca92f9cea4f057260f19197e3b + v1.27.2: e3afc3382ea9f41f3e1a9f45ae735c1b6e7b79f48d5853c12d070354088e1244 v1.27.1: 23c0b26f9df65671f20c042466c0e6c543e16ba769bbf63aa26abef170f393ba v1.27.0: 8f99db9aeea00299cb3f28ee61646472014cac91930e4c7551c9153f8f720093 ppc64le: - v1.29.1: c79cc835b66fbf2d2dc8e43908475f0603714f688a1450d4736d1f9f86579b52 + v1.29.2: 6577d1476124bcd6bcfd25419bb0d1dc01585dc6e8246a986a7769ad2af407fa + v1.29.1: e26613e038d48271ad83877e5db5ad6f2116181d202495de849d378ab4a76062 v1.29.0: 8adddaf6cf0ed2905820dc162ca5ef541baa7b251368ee00c75435a872a886fb - v1.28.2: 0 - v1.28.1: 0 - v1.28.0: 0 + v1.28.4: 98ddbe8469ebaccab91f286c06b97024c31277e4b6664d162fa6c62f6d7f6366 + v1.28.3: c952aafe98dd55038525e3abc461152c0fcd758a50b0cbd8a0adc0eba2632dea + v1.28.2: 319e413d513bcb649244333881830d2eaccfb2bb77553baf9be3fa6118a70209 + v1.28.1: 7d22ba73a04e6b64088f82b37c03f1c5891e7c0847eeabeaeb83597a87b85292 + v1.28.0: ffcb7cb90c0a616bf642ea02361d18007a227393f7348c4dfdcbc370d6fff98e + v1.27.4: 0 + v1.27.3: 0 + v1.27.2: 0 v1.27.1: 0 v1.27.0: 0 # Checksum # Kubernetes versions above Kubespray's current target version are untested and should be used with caution. kubelet_checksums: arm: + v1.29.4: 0 + v1.29.3: 0 + v1.29.2: 0 v1.29.1: 0 v1.29.0: 0 + v1.28.9: 0 + v1.28.8: 0 v1.28.7: 0 v1.28.6: 0 v1.28.5: 0 @@ -70,6 +96,8 @@ kubelet_checksums: v1.28.2: 0 v1.28.1: 0 v1.28.0: 0 + v1.27.13: 0 + v1.27.12: 0 v1.27.11: 0 v1.27.10: 0 v1.27.9: 0 @@ -83,9 +111,13 @@ kubelet_checksums: v1.27.1: 0 v1.27.0: 0 arm64: + v1.29.4: dc4bb6ea6cd35b024d63cc20d1c1800a9c695bd6f70411c57358d7c407513b00 + v1.29.3: 891dce19ed0eae34050c2eca0454204892e97bfe1a926f988cd044a987a9c7c9 v1.29.2: 9b4aa572d4cd51a41b1067161d961423d0d12b120fb636ea887a12a975d4b19a v1.29.1: e46417ab1ceae995f0e00d4177959a36ed34b807829422bc9dda70b263fe5c5d v1.29.0: 0e0e4544c2a0a3475529154b7534d0d58683466efa04a2bb2e763b476db0bb16 + v1.28.9: 312471ad255acfcdeea2c5849b171467af4518e96d69d727a3197ff334e9299d + v1.28.8: 90d61f40b7bb061b0fc6d08b8b9ddae51f90863c899b098e19eaa89dc855f2c0 v1.28.7: e2c98b39b0b0745ef3e30febaeb8eaaf31ec721012405bd0dcf25e84026c221e v1.28.6: ee2c060deff330d3338e24aec9734c9e5d5aea4fea1905c0795bccff6997a65e v1.28.5: 28ddb696eb6e076f2a2f59ccaa2e409785a63346e5bda819717c6e0f58297702 @@ -94,6 +126,8 @@ kubelet_checksums: v1.28.2: 32269e9ec38c561d028b65c3048ea6a100e1292cbe9e505565222455c8096577 v1.28.1: 9b7fa64b2785da4a38768377961e227f8da629c56a5df43ca1b665dd07b56f3c v1.28.0: 05dd12e35783cab4960e885ec0e7d0e461989b94297e7bea9018ccbd15c4dce9 + v1.27.13: d7bfb14d0b0fc2c41074baf02617cf98589fd029fb3539ea017825e36371f19c + v1.27.12: 0d7d2d25c8b909d6cec7c1c2a5bfe51428ec33eaa5e8b209c718b77983e9dcba v1.27.11: e81987a864fb47afe14f65fa4e93760bc19c424335e0f0540c6c725b727ce22a v1.27.10: 0edadc44ef36be8d8106cad9972360c0477540e2d8c0bbeb38fd97fd1d7801d5 v1.27.9: 8a14bc3739f5ca3b23d08301c2e769ee58c8d1cecb7243b46b1c098ae77effd7 @@ -107,9 +141,13 @@ kubelet_checksums: v1.27.1: dbb09d297d924575654db38ed2fc627e35913c2d4000c34613ac6de4995457d0 v1.27.0: 37aa2edc7c0c4b3e488518c6a4b44c8aade75a55010534ee2be291220c73d157 amd64: + v1.29.4: 58571f0ed62543a9bbac541e52c15d8385083113a463e23aec1341d0b5043939 + v1.29.3: d8b55a2f8a87c8cd2cbf867d76d1d7f98b7198a740db19bad6ed7b8b813de771 v1.29.2: f71a85039b71fe08f1c063a93d61a1c952dc8f9a8c6be9b13fbdac8f0d9ff960 v1.29.1: 1b1975c58d38be1a99a8bcba4564ac489afd223b0abe9f2ab08bbde89d2412a3 v1.29.0: e1c38137db8d8777eed8813646b59bf4d22d19b9011ab11dc28e2e34f6b80a05 + v1.28.9: f3af46cff11c675a80d91ebb38ebc4e85a9f813ce93e56ee131e7fea1491b786 + v1.28.8: 049b412a5861255cd3922f612acb79ab51135e166c5d80acf12fba9179eebf0c v1.28.7: 120b1495babc4364f7e16a9d0f8b8e6b6f78316d047e4f6de77b5569b05813c7 v1.28.6: 8506df1f20a5f8bba0592f5a4cf5d0cc541047708e664cb88580735400d0b26f v1.28.5: bf37335da58182783a8c63866ec1f895b4c436e3ed96bdd87fe3f8ae8004ba1d @@ -118,6 +156,8 @@ kubelet_checksums: v1.28.2: 17edb866636f14eceaad58c56eab12af7ab3be3c78400aff9680635d927f1185 v1.28.1: 2bc22332f44f8fcd3fce57879fd873f977949ebd261571fbae31fbb2713a5dd3 v1.28.0: bfb6b977100963f2879a33e5fbaa59a5276ba829a957a6819c936e9c1465f981 + v1.27.13: ed68df2a77f3057ab47f57eacb6e9310e91731e4f43c58a3c3b5c857d78d0080 + v1.27.12: aae861a21913c274228ccdad1609b370e5198c9f4b39b8924b20a7ffe7f148e0 v1.27.11: 2ce92a5d8985b93bd8ffc4f5519cd79bf2f844590aa38228a3d809c5bf5986e0 v1.27.10: 25a34bf98bb8a296ea07f1ebbcb496b1e6b6c6da3247695288a7c99fc8c1be2c v1.27.9: ede60eea3acbac3f35dbb23d7b148f45cf169ebbb20af102d3ce141fc0bac60c @@ -131,9 +171,13 @@ kubelet_checksums: v1.27.1: cb2845fff0ce41c400489393da73925d28fbee54cfeb7834cd4d11e622cbd3a7 v1.27.0: 0b4ed4fcd75d33f5dff3ba17776e6089847fc83064d3f7a3ad59a34e94e60a29 ppc64le: + v1.29.4: 1ecc89b6f17df357835e3e56f553ec27f2aea69a5865dfb39cff77e6e70e6adb + v1.29.3: 811f2b17f443cd694b8650f5ec2c7e3a59394f8bf3e25d16182549aaab16a420 v1.29.2: b0eb5e0362a4e153ed1239c65b0abb02b2d9fbbca6846d0bab8b285de8c84fca v1.29.1: 467d2b457205363f53f72081295ea390fc25215b0ccc29dc04c4f82925266067 v1.29.0: 67f09f866d3e4aee8211ce9887ec8bc427b188474a882a7af999fc0fee939028 + v1.28.9: cf33fbff3fb852ce9f8afda8818381af343fb5e7d30dde72999cc0d273631815 + v1.28.8: f3e4551e5234d296344a481196e607d88581705fedd561e8c807db1de8a9cc4b v1.28.7: c67277445af9a97a375da3caa6a7dae7bb52fa454deb811c5bc89c2838b3322f v1.28.6: 8f79f40bef88aaedfdf7256de48a972295b0069ae0ddefa90dff3f8690c825ce v1.28.5: ae9fe81804ba67ee81e8a5fe1dc18fe285267764c61f831886a25245a11d8528 @@ -142,6 +186,8 @@ kubelet_checksums: v1.28.2: 79f568ac700d29f88d669c6b6a09adb3b726bdd13c10aa0839cbc70b414372e5 v1.28.1: 547fc76f0c1d78352fad841ebeacd387fe48750b2648565dfd49197621622fbb v1.28.0: 22de59965f2d220afa24bf04f4c6d6b65a4bb1cd80756c13381973b1ac3b4578 + v1.27.13: c3e589e5ec1aabc1e9a0b2700a13ae9541dc8a678fbedad68b0fc82dee4fd866 + v1.27.12: 9d6da53ca98e58b947ef0073feff96f03000c32efcee8af93716728b501d7290 v1.27.11: ce4dc48a61399038eff680b952386ed9be471c5af1e43dc461e0fb5339de9356 v1.27.10: c5014bed224347245fadec3d763846ec33ccd7a580d0c4ee19a45a948392f20c v1.27.9: f270051c9b0f36da10a5d27011783be042edd396e8c729709c2396f29b72b6d2 @@ -156,9 +202,13 @@ kubelet_checksums: v1.27.0: 17c061a9f7919697ac71c151c19337f65b86f59f59441687ac92e977d851c75b kubectl_checksums: arm: + v1.29.4: ff4a1f437dc902b73505841a7705a6405694856a798e962ec2fdf7793f0aeadb + v1.29.3: 12f72bd88eaa04cd8f09827c64195a695fdd5fb64e11c98524c83d21bcb0e37a v1.29.2: f1bab202f0ce0c4209af0a977fc3dd4076397b1983544e09942ca4f586dff900 v1.29.1: a4b478cc0e9adaab0c5bb3627c20c5228ea0fe2aeff9e805d611eb3edb761972 v1.29.0: a2388eb458d07ec734e4fa02fd0147456a1922a7d6b8e67a32db9d64a4d7621c + v1.28.9: 2da7aead4f58aefee6892b2cc8184de26ef7808bf2d599553267d5cdbc1ce83a + v1.28.8: 98c44038dd978a58aa01849c25c2bd522fab7494a39bb3fd56c90944ba6e872f v1.28.7: d0c2e9228aff23bdcc62072ef9cebf5ebb0b14fb8638b6df8f7f6d5220c36bd9 v1.28.6: 2358d98d4970c177a3af0ae1c2398f69922074a961a61cdff6ae4a7f13106dc1 v1.28.5: 0819c9d0ea66a1e20d74d9a455090e1f67fe07d671866be342ab55532203f4bc @@ -167,6 +217,8 @@ kubectl_checksums: v1.28.2: 6576aa70413ff00c593a07b549b8b9d9e5ef73c42bb39ab4af475e0fdb540613 v1.28.1: eaa05dab1bffb8593d8e5caa612530ee5c914ee2be73429b7ce36c3becad893f v1.28.0: 372c4e7bbe98c7067c4b7820c4a440c931ad77f7cb83d3237b439ca3c14d3d37 + v1.27.13: 8008a94f57e1aaa88097f4ac9ceae33d86e78bf0bf306a8c1942ab9adf7c5ea0 + v1.27.12: eed221f15d1a00ca723afe690ca35ee5c74faa64fa7af432479686f4f26d3510 v1.27.11: 11586f333abaf2776e0d2f9e02c71ae5eeff3ad8e629815aa8bb7d7e9a406301 v1.27.10: 4d81649935ec127f9aa21954697f82e0796f61e8e6406fd058b3a8b80e858c8e v1.27.9: 89b76aa415018377f2c5fc33fc4d45f4997cc63677336f1768ee8a11593515ce @@ -180,9 +232,13 @@ kubectl_checksums: v1.27.1: fe704e355bf2c5f69964cd12772687535a11a5e9ec0baf4f27e0a8fb156bc615 v1.27.0: 288470e3eb89a2f55273d753ce6674dfb00e732f2971428acb964810aa726188 arm64: + v1.29.4: 61537408eedcad064d7334384aed508a8aa1ea786311b87b505456a2e0535d36 + v1.29.3: 191a96b27e3c6ae28b330da4c9bfefc9592762670727df4fcf124c9f1d5a466a v1.29.2: 3507ecb4224cf05ae2151a98d4932253624e7762159936d5347b19fe037655ca v1.29.1: 96d6dc7b2bdcd344ce58d17631c452225de5bbf59b83fd3c89c33c6298fb5d8b v1.29.0: 8f7a4bd6bae900a4ddab12bd1399aa652c0d59ea508f39b910e111d248893ff7 + v1.28.9: e0341d3973213f8099e7fcbbf6d1d506967bc2b7a4faac3fb3b4340f226e9b2f + v1.28.8: 93d60dd36093b4c719f1f1bafcf59437c17cb2209341c7c94771e7dd9acdab33 v1.28.7: 13d547495bdea49b223fe06bffb6d2bef96436634847f759107655aa80fc990e v1.28.6: 0de705659a80c3fef01df43cc0926610fe31482f728b0f992818abd9bdcd2cb9 v1.28.5: f87fe017ae3ccfd93df03bf17edd4089672528107f230563b8c9966909661ef2 @@ -191,6 +247,8 @@ kubectl_checksums: v1.28.2: ea6d89b677a8d9df331a82139bb90d9968131530b94eab26cee561531eff4c53 v1.28.1: 46954a604b784a8b0dc16754cfc3fa26aabca9fd4ffd109cd028bfba99d492f6 v1.28.0: f5484bd9cac66b183c653abed30226b561f537d15346c605cc81d98095f1717c + v1.27.13: bfc6cb71041ebc0f048402988eccc107cfff2b866c864231c9ada05ab328e5bf + v1.27.12: bfc6cb71041ebc0f048402988eccc107cfff2b866c864231c9ada05ab328e5bf v1.27.11: d30e1aa873e78eb376ddee3c785aa78c44eddc56ce2ef901dac1ce0c2c4f50b0 v1.27.10: 2e1996379d5a8b132e0606fcd3df3c8689e11882630b75cca3b7135126847871 v1.27.9: bda475539fdeda9d8a85a84b967af361af264d0826c121b23b0b62ee9b00cd2d @@ -204,9 +262,13 @@ kubectl_checksums: v1.27.1: fd3cb8f16e6ed8aee9955b76e3027ac423b6d1cc7356867310d128082e2db916 v1.27.0: f8e09630211f2b7c6a8cc38835e7dea94708d401f5c84b23a37c70c604602ddc amd64: + v1.29.4: 10e343861c3cb0010161e703307ba907add2aeeeaffc6444779ad915f9889c88 + v1.29.3: 89c0435cec75278f84b62b848b8c0d3e15897d6947b6c59a49ddccd93d7312bf v1.29.2: 7816d067740f47f949be826ac76943167b7b3a38c4f0c18b902fffa8779a5afa v1.29.1: 69ab3a931e826bf7ac14d38ba7ca637d66a6fcb1ca0e3333a2cafdf15482af9f v1.29.0: 0e03ab096163f61ab610b33f37f55709d3af8e16e4dcc1eb682882ef80f96fd5 + v1.28.9: b4693d0b22f509250694b10c7727c42b427d570af04f2065fe23a55d6c0051f1 + v1.28.8: e02aad5c0bac52c970700b814645b62c4f18b634144398ac344875dbaf1072f8 v1.28.7: aff42d3167685e4d8e86fda0ad9c6ce6ec6c047bc24d608041d54717a18192ba v1.28.6: c8351fe0611119fd36634dd3f53eb94ec1a2d43ef9e78b92b4846df5cc7aa7e3 v1.28.5: 2a44c0841b794d85b7819b505da2ff3acd5950bd1bcd956863714acc80653574 @@ -215,6 +277,8 @@ kubectl_checksums: v1.28.2: c922440b043e5de1afa3c1382f8c663a25f055978cbc6e8423493ec157579ec5 v1.28.1: e7a7d6f9d06fab38b4128785aa80f65c54f6675a0d2abef655259ddd852274e1 v1.28.0: 4717660fd1466ec72d59000bb1d9f5cdc91fac31d491043ca62b34398e0799ce + v1.27.13: e991f163197cbd85bbff22f656a74d48b69db5addfa43cc04cca0cf5328f57f1 + v1.27.12: d639eda39be2dce42fbec21e038942ab5734541715e3ea5fb29c9ad76686bd7f v1.27.11: 7ae327978a1edb43700070c86f5fd77215792c6b58a7ea70192647e0da848e29 v1.27.10: bfb219643c28d9842fceae51590776f06987835d93fc3cb9b0149c9111c741ac v1.27.9: d0caae91072297b2915dd65f6ef3055d27646dce821ec67d18da35ba9a8dc85b @@ -228,9 +292,13 @@ kubectl_checksums: v1.27.1: 7fe3a762d926fb068bae32c399880e946e8caf3d903078bea9b169dcd5c17f6d v1.27.0: 71a78259d70da9c5540c4cf4cff121f443e863376f68f89a759d90cef3f51e87 ppc64le: + v1.29.4: 10a1a7e4423483a386ab1ab9237cda1e9d24423c2cf23b7fa514f533aa23ce87 + v1.29.3: 84292286ed2941e52a9df9ccaaf30c3bfebe02a096b67e553d8b643295f231f0 v1.29.2: 382552d15a1aa7ec5a316b2a912e7fbdaaff2f3c714cd38b2b0c6a48b670fed8 v1.29.1: b7780124ccfe9640f3a37d242d31e8dbb252bcd379bd0d7bf3776d15baf15ca3 v1.29.0: ea926d8cf25e2ce982ff5c375da32b51ccbd122b721b1bc4a32f52a9a0d073ab + v1.28.9: 6c5f40b6467b67fe2cc1540c7e7cb15ba6ad092361395aa7989c2c26e3de0697 + v1.28.8: c9c21c1db306ec34bdc0f8179d1a1e20f8bcdd6d42fccf84267a5686e3218ad1 v1.28.7: 1394cc047551bbecffee7f1c28cccd0f3c9839a72344854362a08e98d6513c18 v1.28.6: 60fdb4386b5499dd6a6e3a369f35eef63c99647f7a0436fdbeb4db8c052d14f6 v1.28.5: 4448a9f95421cbe69726aa4d2967d706bc43466b9c656c7425b55431b1c20dd4 @@ -239,6 +307,8 @@ kubectl_checksums: v1.28.2: 87cca30846fec99a4fbea122b21e938717b309631bd2220de52049fce30d2e81 v1.28.1: 81b45c27abbdf2be6c5203dfccfd76ded1ac273f9f7672e6dcdf3440aa191324 v1.28.0: 7a9dcb4c75b33b9dac497c1a756b1f12c7c63f86fc0f321452360fbe1a79ce0f + v1.27.13: 39341fa0aa075af4bf0dc0bc0ce4ee628b0301a8ecd18a6277abf4e4cb6c4e5d + v1.27.12: d08c112cba1a2244fa04f6ead792aad37170f828ec2301301256df25fc6ebe59 v1.27.11: af736cbdb7ae42e696fa3543e483726c1728c95039b9520797511965caca56b6 v1.27.10: 445928336932248cb104d99919e659696afa60f8dd8513821f92775e893d0dcb v1.27.9: 2464d947370b8902e1245b0a75a4ecf55fe2aeee5bc87f2add7da00b73535a59 @@ -253,9 +323,13 @@ kubectl_checksums: v1.27.0: daa9f1d4fe3f217de2546bca4ac14601f34b34a25c1f571f1e44eb313aee1385 kubeadm_checksums: arm: + v1.29.4: 0 + v1.29.3: 0 v1.29.2: 0 v1.29.1: 0 v1.29.0: 0 + v1.28.9: 0 + v1.28.8: 0 v1.28.7: 0 v1.28.6: 0 v1.28.5: 0 @@ -264,6 +338,8 @@ kubeadm_checksums: v1.28.2: 0 v1.28.1: 0 v1.28.0: 0 + v1.27.13: 0 + v1.27.12: 0 v1.27.11: 0 v1.27.10: 0 v1.27.9: 0 @@ -277,9 +353,13 @@ kubeadm_checksums: v1.27.1: 0 v1.27.0: 0 arm64: + v1.29.4: 438287a91e08cbefecab79be8ac893a935c3dbf6e87bea895fb99f2bc38cf06e + v1.29.3: ce2e4c230f954e59ae77e34c4ff2ae08cad3970505ae1e21b6337e6d83b21682 v1.29.2: e05720feb9d2d67eff25b0156a5c22e2de37be2ffab4e1f4d31e8c526fafd0e1 v1.29.1: 3bff8c50c104c45e416cce9991706c6ac46365f0defbcd54f8cf4ace0fa68dcf v1.29.0: bbddee2d46d2e1643ae3623698b45b13aa2e858616d61c642f2f49e5bb14c980 + v1.28.9: cd6aefad8144a9771fd470529ff14be2675df7b561f7c56dee3fed4f81332dc4 + v1.28.8: e0f47adc69ef84e2f6c42cc341b8a790904a929ad10ed1c23c2e822ec804e247 v1.28.7: f556e49494737f97a15bf15bb4b27d45f8747b477302cdfd22dd61816bc02203 v1.28.6: 4298cad464e92eec19cdf3e6a607a82a1d626ae70fedba7956175152ab983457 v1.28.5: 22bb6b3377204e93d008f33ac4924d77adca1478f1ae3b515c03476ba54f1adc @@ -288,6 +368,8 @@ kubeadm_checksums: v1.28.2: 010789a94cf512d918ec4a3ef8ec734dea0061d89a8293059ef9101ca1bf6bff v1.28.1: 7d2f68917470a5d66bd2a7d62897f59cb4afaeffb2f26c028afa119acd8c3fc8 v1.28.0: b9b473d2d9136559b19eb465006af77df45c09862cd7ce6673a33aae517ff5ab + v1.27.13: f334ba0612fada50e98a7ea56b686b35c22f0e3243ec2210f2a6a87e841a139f + v1.27.12: e74d47c14b5a251cff961dcce92cd632abcfd0fba4a07e78f0a5a5b2796e4b84 v1.27.11: b8452d6c3f1331beb3d5fa42466a9bc96638a76c40980dba9822300f230c0858 v1.27.10: ed0447155a7e967ae23480b06b31b2c0aaa871e7c59dfd82ae25b03a1eccf6e6 v1.27.9: d3d022842b0b8e4661222e8873249f5acafdbef52fd1bfb98152a582352b3c40 @@ -301,9 +383,13 @@ kubeadm_checksums: v1.27.1: 024a59cd6fc76784b597c0c1cf300526e856e8c9fefa5fa7948158929b739551 v1.27.0: acd805c6783b678ee0068b9dd8165bbfd879c345fd9c25d6a978dbc965f48544 amd64: + v1.29.4: ea20ab064f716ab7f69a36d72df340257b31c9721ea86e1cf9d70b35999ddeea + v1.29.3: 6abaa1208bf40b6d1f49e518bd68c8ae4a1be0c5b7d3e45d87979999ab070d8b v1.29.2: 2d4e4fa8685bcbfb661cb41050cd4756f50a7aa147f68492d51a99f9cdfd69ac v1.29.1: d4d81d9020b550c896376fb9e0586a9f15a332175890d061619b52b3e9bc6cbd v1.29.0: 629d4630657caace9c819fd3797f4a70c397fbd41a2a7e464a0507dad675d52c + v1.28.9: a4d8acf0a74cb1d07d96a1a34148f54c6420874221af16d8ec902d9bffc7ef89 + v1.28.8: c11946cbfd962e1197062534514226cfd70230349e6343ff3ecebfca5476ee64 v1.28.7: 8aa005bdf6af43e47fc818b26f4cb9f361aae8ec4390519e8d4033be65fbef2b v1.28.6: bda3eda8d51e8746a42b535b7eab7df52b091a796227c3212dc30909a8f1b431 v1.28.5: 2b54078c5ea9e85b27f162f508e0bf834a2753e52a57e896812ec3dca92fe9cd @@ -312,6 +398,8 @@ kubeadm_checksums: v1.28.2: 6a4808230661c69431143db2e200ea2d021c7f1b1085e6353583075471310d00 v1.28.1: 6134dbc92dcb83c3bae1a8030f7bb391419b5d13ea94badd3a79b7ece75b2736 v1.28.0: 12ea68bfef0377ccedc1a7c98a05ea76907decbcf1e1ec858a60a7b9b73211bb + v1.27.13: b88c30b7067f095b7fa02c5560cc50d6e69a5a9fecc606ef477dc7efc86453b9 + v1.27.12: 06ee36cc80cfdfc01c937d750783d3ca6169a3da76382c7af3dd172d9f6bfa4e v1.27.11: 31bf446a712fb08190838c35d1f4c93b0f975708c59634a5dc3d8915a241c83e v1.27.10: 23985e958443ac1aabdbeeedc675358abc0638eb580707829fd42b0996a0aae5 v1.27.9: 78dddac376fa2f04116022cb44ed39ccb9cb0104e05c5b21b220d5151e5c0f86 @@ -325,9 +413,13 @@ kubeadm_checksums: v1.27.1: c7d32d698e99b90f877025104cb4a9f3f8c707e99e6817940f260135b6d1ad0a v1.27.0: 78d0e04705a7bdb76a514d60f60c073b16334b15f57ee87f064354ca8a233e80 ppc64le: + v1.29.4: ec47a2dbe1969b9513b0313b5b07b72a870e5da54864d9c8391ec5e857404659 + v1.29.3: c0e1f6e9451f28c7b8abf7d3a081fe97578ada69908135e3390f5783511ff7f8 v1.29.2: a0f8ffa8cbfa4bb061ff028df2f6dbb31a9527c561d8c0186d679559f9f347b4 v1.29.1: 3ec6d90c05dd8e4c6bb1f42fd2fe0f091d85317efaf47d9baebd9af506b3878b v1.29.0: 4c414a463ed4277e9062c797d1c0435aa7aec2fd1688c5d34e3161c898113cb5 + v1.28.9: 616d06ae90a8e3eb79d99a06b1a7dd304da02e7a2d8c58c1c0e501bdd3982a00 + v1.28.8: 5a42d2c06f553c4284ce6f3f48432389cd63f768f2a032b78ca6ee4c925e9b11 v1.28.7: 60aec330562326fe1ac4a26fe16053c976467fdbc5811c37a5b4a5c13379cac8 v1.28.6: 71fc8af0f80599a991ece0c31b21ca85f3ce49322941a305048d9287c249446c v1.28.5: a9bf8b18711639d9d002f63cebc22c8df1627737891c640f2229461d19b8c321 @@ -336,6 +428,8 @@ kubeadm_checksums: v1.28.2: fdc28482a4316c84d61b0997c29c4d4c7b11459af9c654fdee3b4a3031f0fcb7 v1.28.1: 73e06f2b614ed5665951f7c059e225a7b0b31319c64a3f57e146fbe7a77fe54e v1.28.0: 146fe9194486e46accd5054fa93939f9608fdbeefefc4bc68e4c40fb4a84ccc9 + v1.27.13: 2b5812317f2afaabb14c84a32b8b0dc43c447afa994d0a4c02a8ea4e6bea05db + v1.27.12: 6be7ae703299b3c2788ca5e689973d659038a6edc8dde68d7fc966fa539cba0f v1.27.11: b7da90f29cae799d96e47aadb1f20b567fbded09d3d5ddcb88d3378098c6a1f3 v1.27.10: c928ad330bae724b1ef9775e07285408727513a024e3d86e3d72e05768859db8 v1.27.9: 92da9084fa9f8b8b55436b61ec3c697ef951b0b0416a3b3a7f0dd0e5e4d8cd88 @@ -350,76 +444,73 @@ kubeadm_checksums: v1.27.0: cf2860aef800496fee0d9fd8722bd7d17c6609e32d87ca380127151f2ce02bb0 etcd_binary_checksums: arm: + v3.5.12: 0 + v3.5.11: 0 v3.5.10: 0 v3.5.9: 0 v3.5.8: 0 v3.5.7: 0 v3.5.6: 0 - v3.5.5: 0 - v3.5.4: 0 - v3.5.3: 0 arm64: + v3.5.12: 31f30c01918771ece28d6e553e0f33be9483ced989896ecf6bbe1edb07786141 + v3.5.11: 6edf0cddc8fa2d7674129abe2e44d5a37cc3a6e3b500c13c6cbc2ed2ecf08bf4 v3.5.10: ff74a6018d9b2a1320bff30e5a11b4f2f5c2a3d147df8a8bad53c01b9f800ee1 v3.5.9: bb201c106a61bbab59e2d9f37f4bdff99d50201f513c66b4578741eab581fb28 v3.5.8: 3f4441b293a2d0d4d2f8b2cd9504376e15818f7b865ef4b436e8e6f865f895ff v3.5.7: 1a35314900da7db006b198dd917e923459b462128101736c63a3cda57ecdbf51 v3.5.6: 888e25c9c94702ac1254c7655709b44bb3711ebaabd3cb05439f3dd1f2b51a87 - v3.5.5: a8d177ae8ecfd1ef025c35ac8c444041d14e67028c1a7b4eda3a69a8dee5f9c3 - v3.5.4: 8e9c2c28ed6b35f36fd94300541da10e1385f335d677afd8efccdcba026f1fa7 - v3.5.3: 8b00f2f51568303799368ee4a3c9b9ff8a3dd9f8b7772c4f6589e46bc62f7115 amd64: + v3.5.12: f2ff0cb43ce119f55a85012255609b61c64263baea83aa7c8e6846c0938adca5 + v3.5.11: e256885e753dc99001335e099d3c2eb8cf21a865a087ee4d7e3665752ae5929a v3.5.10: 26e90d024fa2310bc52bb40e7f2132e81640b55f8fc446c00ae07e30af2a44fd v3.5.9: d59017044eb776597eca480432081c5bb26f318ad292967029af1f62b588b042 v3.5.8: d4c1b8d90ad53658f12ffc293afc5694b7bc6cb093af609188649a799e1cc8dc v3.5.7: a43119af79c592a874e8f59c4f23832297849d0c479338f9df36e196b86bc396 v3.5.6: 4db32e3bc06dd0999e2171f76a87c1cffed8369475ec7aa7abee9023635670fb - v3.5.5: 7910a2fdb1863c80b885d06f6729043bff0540f2006bf6af34674df2636cb906 - v3.5.4: b1091166153df1ee0bb29b47fb1943ef0ddf0cd5d07a8fe69827580a08134def - v3.5.3: e13e119ff9b28234561738cd261c2a031eb1c8688079dcf96d8035b3ad19ca58 ppc64le: + v3.5.12: ebd8060508d572678d8d1e4f90f87863e3a6cfcba856ceca32379b03251c0597 + v3.5.11: a2e70b291811fa8ccc34cc7d297bf7d31e3af790bc31e54cad034a49e9db2eb7 v3.5.10: 10cd8e4ecf6718b9712bf2edfac2e4924d7f21dbe58d368e6e10578c85bd8c01 v3.5.9: 551539ebb344ebdc77f170ea51512a6cda35877ffdcbd8b3316b2495a8b2bd87 v3.5.8: 20e28302c1424b1a3daf7d817f2662e4c64e395a82765d1696cb53cb6bc37a4e v3.5.7: e861aa6acd4d326ec01bfa06fffb80d33f3f8c26e0eb8b73e4424578d149bd04 v3.5.6: e235cb885996b8aac133975e0077eaf0a2f8dc7062ad052fa7395668a365906b - v3.5.5: 08422dffd5749f0a5f18bd820241d751e539a666af94251c3715cba8f4702c42 - v3.5.4: 2f0389caed87c2504ffc5a07592ca2a688dee45d599073e5f977d9ce75b5f941 - v3.5.3: f14154897ca5ad4698383b4c197001340fbe467525f6fab3b89ee8116246480f cni_binary_checksums: arm: + v1.4.0: 6cddc5804fff93b914f3314d62fa03f24d69f59c03940e0bbe85a370371b5bb8 v1.3.0: 86c4c866a01a8073ad14f6feec74de1fd63669786850c7be47521433f9570902 v1.2.0: fde5bf2da73995196d248177ee8deeafa8005f33cbe1ab33bd2d75c17ca5a99a v1.1.1: 84f97baf80f9670a8cd0308dedcc8405d2bbc65166d670b48795e0d1262b4248 v1.1.0: 91e03a9287dcf8d0249159c90357b0f871ecf7ef0ca5014b2e143f2b30ae9c6d v1.0.1: d35e3e9fd71687fc7e165f7dc7b1e35654b8012995bbfd937946b0681926d62d v1.0.0: 910c2ba8b6f50b1081b219d6db04459b555940973249fcf39a792932a91f6d39 - v0.9.1: 909e800d01cc61ffa26f2629e4a202a58d727e6ccaabd0310ef18d2b1e00943c arm64: + v1.4.0: 304d4389d5b732b7a73513d002c4895f731d030682d40653f411e10e39114194 v1.3.0: de7a666fd6ad83a228086bd55756db62ef335a193d1b143d910b69f079e30598 v1.2.0: 525e2b62ba92a1b6f3dc9612449a84aa61652e680f7ebf4eff579795fe464b57 v1.1.1: 16484966a46b4692028ba32d16afd994e079dc2cc63fbc2191d7bfaf5e11f3dd v1.1.0: 33fc7b8d9d5be2d7f95e69e6a9e2af206879942f1e6b7615c04017dce5067f1a v1.0.1: 2d4528c45bdd0a8875f849a75082bc4eafe95cb61f9bcc10a6db38a031f67226 v1.0.0: 736335bc5923a37cfb6cc2305489ce6206bcc565004f525b5f7c3604f092aa3a - v0.9.1: ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0 amd64: + v1.4.0: c2485ddb3ffc176578ae30ae58137f0b88e50f7c7f2af7d53a569276b2949a33 v1.3.0: 754a71ed60a4bd08726c3af705a7d55ee3df03122b12e389fdba4bea35d7dd7e v1.2.0: f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37 v1.1.1: b275772da4026d2161bf8a8b41ed4786754c8a93ebfb6564006d5da7f23831e5 v1.1.0: 05d46ac19d01669d424ee57401c0deba101763ac494858064b4ea4ffdcc37c5d v1.0.1: 5238fbb2767cbf6aae736ad97a7aa29167525dcd405196dfbc064672a730d3cf v1.0.0: 5894883eebe3e38f4474810d334b00dc5ec59bd01332d1f92ca4eb142a67d2e8 - v0.9.1: 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7 ppc64le: + v1.4.0: c87a36a75ad1692933e3218cae734ba809ae2190c725a050ac9033fc96d2ed26 v1.3.0: 8ceff026f4eccf33c261b4153af6911e10784ac169d08c1d86cf6887b9f4e99b v1.2.0: 4960283b88d53b8c45ff7a938a6b398724005313e0388e0a36bd6d0b2bb5acdc v1.1.1: 1551259fbfe861d942846bee028d5a85f492393e04bcd6609ac8aaa7a3d71431 v1.1.0: 98239a57452e93c0a27ba9f87bcbb80c7f982f225246f3fe4f3f5ac9b6b1becb v1.0.1: f078e33067e6daaef3a3a5010d6440f2464b7973dec3ca0b5d5be22fdcb1fd96 v1.0.0: 1a055924b1b859c54a97dc14894ecaa9b81d6d949530b9544f0af4173f5a8f2a - v0.9.1: 5bd3c82ef248e5c6cc388f25545aa5a7d318778e5f9bc0a31475361bb27acefe calicoctl_binary_checksums: arm: + v3.27.3: 0 v3.27.2: 0 v3.27.1: 0 v3.27.0: 0 @@ -440,16 +531,10 @@ calicoctl_binary_checksums: v3.24.0: 0 v3.23.5: 0 v3.23.4: 0 - v3.23.3: 0 - v3.23.2: 0 - v3.23.1: 0 - v3.23.0: 0 - v3.22.5: 0 - v3.22.4: 0 - v3.22.3: 0 arm64: + v3.27.3: 1fc5f58a18d8b1c487b4663fc5cbe23b45bd9d31617debd309f6dfac7c11a8ef v3.27.2: 0fd1f65a511338cf9940835987d420c94ab95b5386288ba9673b736a4d347463 - v3.27.1: 0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5 + v3.27.1: 0 v3.27.0: b4b8c71f9658165e45336b9b5e4fad865529feeffe4294247eb5b4c4310dcaf9 v3.26.4: d647d9443ce89df62da6619643375a4f577f5a7fa4e1162416403df521826c2d v3.26.3: c50272a39658a3b358b33c03fe10d1dde894764413279fecc72d40b95535b398 @@ -468,16 +553,10 @@ calicoctl_binary_checksums: v3.24.0: db306755fc9c6a746516eec33337bc102b0d546f6b9fc671795b47d1a878f05d v3.23.5: 0941ad0deeb03d8fda96340948cdbc15d14062086438150cf3ec5ee2767b22c3 v3.23.4: c54b7d122d9315bbab1a88707b7168a0934a80c4f2a94c9e871bcc8a8cf11c11 - v3.23.3: 741b222f9bb10b7b5e268e5362796061c8862d4f785bb6b9c4f623ea143f4682 - v3.23.2: 232b992e6767c68c8c832cc7027a0d9aacb29901a9b5e8871e25baedbbb9c64c - v3.23.1: 30f7e118c21ecba445b4fbb27f7ac8bc0d1525ab3c776641433e3b1a3388c65b - v3.23.0: 2afa5795c426faae1fdfd966249f8191929e43d2b94bea268fa9c7ab5a36f6b6 - v3.22.5: f0f6ba82d55c7faa5afb361eb76a78c8e2cf38cd06e0287e03821f77af0c7837 - v3.22.4: e84ba529091818282012fd460e7509995156e50854781c031c81e4f6c715a39a - v3.22.3: 3a3e70828c020efd911181102d21cb4390b7b68669898bd40c0c69b64d11bb63 amd64: + v3.27.3: e22b8bb41684f8ffb5143b50bf3b2ab76985604d774d397cfb6fb11d8a19f326 v3.27.2: 692f69dc656e41cd35e23e24f56c98c4aeeb723fed129985b46f71e6eb5e1594 - v3.27.1: 0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5 + v3.27.1: 0 v3.27.0: 46e79ae146b3dd90998f56511cf5d6db64deb97cb784235caf1f99e0672d66e4 v3.26.4: 9960357ef6d61eda7abf80bd397544c1952f89d61e5eaf9f6540dae379a3ef61 v3.26.3: 82bd7d12b0f6973f9593fb62f5410ad6a81ff6b79e92f1afd3e664202e8387cf @@ -496,16 +575,10 @@ calicoctl_binary_checksums: v3.24.0: 0da282a6a7870fe25742799a921730343c57a1609c5e255e1bb06b5e85011ee2 v3.23.5: 4c777881709ddaabcf4b56dcbe683125d7ed5743c036fee9273c5295e522082f v3.23.4: 1ea0d3b6543645612e8239978878b6adefdb7619a16ecbdb8e6dc2687538f689 - v3.23.3: d9c04ab15bad9d8037192abd2aa4733a01b0b64a461c7b788118a0d6747c1737 - v3.23.2: 3784200cdfc0106c9987df2048d219bb91147f0cc3fa365b36279ac82ea37c7a - v3.23.1: e8fd04d776df5571917512560800bf77f3cdf36ca864c9cae966cb74d62ba4fe - v3.23.0: 38106fdd581ab30dc835efeaf83a88b49b21484f8ad33afbefdaf3c49e007550 - v3.22.5: ba75fa65be0e97555b37282e1ab469ad933866eed164b40513e835279bea7348 - v3.22.4: cc412783992abeba6dc01d7bc67bdb2e3a0cf2f27fc3334bdfc02d326c3c9e15 - v3.22.3: a9e5f6bad4ad8c543f6bdcd21d3665cdd23edc780860d8e52a87881a7b3e203c ppc64le: + v3.27.3: 5f2ac510c0ec31ec4c02ff2660f2502b68b655616d5b766a51bd99d2e3604fbc v3.27.2: f918bb88de1d01de3d143e1e75d0ee1256f247c5cbabec7d665aaf8d1fd3cc6c - v3.27.1: 0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5 + v3.27.1: 0 v3.27.0: 3de46d8bc30c6f9d9387d484ed62a5655c1f204b1b831b5a90f0a0d1c1ffd752 v3.26.4: 41cfa77cc27cfe89a046ddb033cf71a46512f4b81251e28c69fca2cee13617ff v3.26.3: 30a32acbe71894a9783e350ed44294e739b3322f157b2c224ad3c058473e5701 @@ -524,59 +597,53 @@ calicoctl_binary_checksums: v3.24.0: cf63f4820e792c101940af3ed6422e1b8769ffcbafd0c3672f2e86675733b053 v3.23.5: 1b352e73515cbe5746f9b9d7633d8317bd48f713b9b731837f7d79089463321c v3.23.4: cdd6eace3dc2676b7eed79c665cb0b3dbdd9dcb3bf5b09d7ae20f4f015f75f9b - v3.23.3: f83efcd8d3d7c96dfe8e596dc9739eb5d9616626a6afba29b0af97e5c222575a - v3.23.2: d9ded02381a0fc1311561d0cc9eed9ea827462f3b823593d6ac8bd0591d2020f - v3.23.1: ef5e9b413fbe32da09023cdafc2c3977627dd64a0abcfc68398d3b3923cdd8a6 - v3.23.0: 8b4d40a4613cbc94540b1c7f3252b5924cb549085e73f49e4f84e7814bac7c06 - v3.22.5: 1b3ea734a474d4504c019a8b2213385c8c18cd334edcaefb877e59f8381d2b45 - v3.22.4: f8672ac27ab72c1b05b0f9ae5694881ef8e061bfbcf551f964e7f0a37090a243 - v3.22.3: 7c2fe391f2a18eccff65c64bf93133dc5c58c7322cbd31ea207bbfef5b563947 ciliumcli_binary_checksums: arm: - v0.15.0: c8c2d7e2564b1cb6bc82266132f584cb42a430930967ef1fced0b01c8384fedc - v0.14.8: d93dc926c795696f43e7f979ca3a1ed3e912d2c8fd5af305f78c8b08521ef939 - v0.14.7: f9ecd2c029f69d89cb418f461a6098039824ae841aaf9d213df698ccb6a1bfc6 - v0.14.6: 2481dd4edeb01de08c193a421e1b12068b215ee03ff77c3c8ed4514fb810a9d7 - v0.14.5: 08ba6fed412d8e0d1d8f2d9c402aea6c69ac69630f6bf0fd985ad1909b298aae - v0.14.4: 08decd0cca8e1dfcda4322e76c1dbb7eb2c32a2ee6fb8b78d4d6d5bf9cf06373 - v0.14.3: 172e8320ac42750b3a2f41cc6407e4a63c59b30c32ab6e0ff8d5c0695026a5f3 - v0.14.2: 294f27672ad32d065f8899899c68f2561293b68714a65229394769a209254bbd - v0.14.1: 78eae78564624b1346998da9b7da200e5f8489575da09af042bcde0532674264 - v0.14.0: f1873e41a14c380971ee418d60cf37bd8dd2ceefd7eeff6befbbe0768283a65b + v0.16.0: 0 + v0.15.23: 0 + v0.15.22: 0 + v0.15.21: 0 + v0.15.20: 0 + v0.15.19: 0 + v0.15.18: 0 + v0.15.17: 0 + v0.15.16: 0 + v0.15.15: 0 arm64: - v0.15.0: 57daf587073147402421f5d8bf069018f73cb66a2da5b4393b742ef59ee15139 - v0.14.8: 25e568d7f26c2a0e83e125a98255ae2faa8ea9e0b0e6d34cd8c690238911e97b - v0.14.7: ad12a491a71185e9cf37665734bf529c5b992025f00c5f3cebfca9524af36472 - v0.14.6: c8218c246fe4c2c2fabfdaaa6f779ab3d8a20bdad9d7113289e9cf9aa0fe75ff - v0.14.5: 7cf13e10162f4ff6114e17c85377b96ed91f187e3131e0c6c35d8f6a181de07d - v0.14.4: 6b6326c178df30085da0f584ac380b1c81bdfbbb7c2a8df0862184444b8bd9eb - v0.14.3: 36df943449dde3eecf1e45cc42a244ef5163ac89f614791a0657cf03ff92273f - v0.14.2: bf94d6aaaf02a6bf728e4ea022e7e37b2dfdc49d5931245be298b2ff4d6af008 - v0.14.1: a73afb03a9815297e6f891aa8420ea04434b479e2777b04b49084d7a8d9cf062 - v0.14.0: e59bd6a38a9bc42f61e34907698ae5cb53a43d93bdec6e7327613f911cb8f205 + v0.16.0: fe16bcd447fc6fe764ca75712f5832d7504845e9f782684ff09c9f52548237fe + v0.15.23: 9aa37d99a15e72bbcb555d7ed5b88c2ae3a7e6fbc478f9ee402a835ba6b41175 + v0.15.22: 23caf44dade82b5a986e9799db333724845750bebe32e571a356ab9116406f6d + v0.15.21: 346bf2d0d60e11e02c676bcd7cb379cbedd88830188dbf811ad7099f5907da9d + v0.15.20: 4b05fb1661b699edd89f37124d5cd0aa4f5dcfc197cef6a0bc7a6faa3dc119d4 + v0.15.19: a32521b2add0203c1945f71c6d8a50739946b4f7e35c2636529a5063959072d4 + v0.15.18: fa1aecaf1c69663bdece17608c6e85f0a5a2c8ee8fe2cbbadf25cbe887b7ae15 + v0.15.17: 4df6f634512a0e426258fbb83d43c0defabe9d91c81480c040af08fa05b4a989 + v0.15.16: 86ed6a2e796c39dd00072e7c141fc35b68d63392d1ac5e183a7ce9d7263e23a0 + v0.15.15: 5c1693ea163b094a92ebc6997b6e678cc8c24a52040c22433b58b419de74b28f amd64: - v0.15.0: 504bbb94b55d4605157b78bf7747cca778888910f8c65729fe69cb94c3d37f5b - v0.14.8: b36014107cea29bdd1df34aa1f292eca9f966d0cc9255232891c0ac6956d421c - v0.14.7: 687b913840f6d54c80e540fac31dd22edbce8962fe8875810e7ed4abc874a45a - v0.14.6: 83fa27d0318f85df78ae6ca06f33c71b900e309cf7488c0db9b9ad5753f6560f - v0.14.5: e6d3b2d297129b10f5690558a85e97d2af407ac30d85758ff77dea686b9c1303 - v0.14.4: 6b3950f8c3b1e8cf7e2123bb4cb1fae4217d720b3353bf924c78d87824c9f1b0 - v0.14.3: 613ffc1cc62ce35b519feb6fc39d1cb2b46635511d365db0da5df498fc6bc001 - v0.14.2: 7ff65f0e85af5daa755c63851f85dea656a59ae4a306e1e9ae02abdf0014f564 - v0.14.1: 86c27fff43f99719271f54a330374ee23f4308aeb6decf7747b354e885a0fcfd - v0.14.0: 73bcbce6fac15c3a62d2a68629f292fa2787440a15998d8c868dae20a6e0e6ed + v0.16.0: da98675f961833d4ffd68b1046d907b228a7d394ded2abd70a50b20eaca171c4 + v0.15.23: cda3f1c40ae2191a250a7cea9e2c3987eaa81cb657dda54cd8ce25f856c384da + v0.15.22: c9bdf99362c16bb63ea44a214e39319d8ac1d196345792caae9665f36fe274a3 + v0.15.21: 89190bb3fdcde892d7a8d3a9718e5ffacd312d2535eee54d93ccc81c2d430cb7 + v0.15.20: a1a09f3f0176e118b1b00be4fcd7f9f32f27c9587c64b5579d2747d751e72e23 + v0.15.19: 9632fa506d7d0e0298dc5b80b9e05239ceb01d60b124dde2132417a96ba4d07b + v0.15.18: b10359784d4c194d43bbd1de5d7000f9697e451049008ade5a0754e3c4f7958e + v0.15.17: ed8edbce96ac7921ee75b2fbe42409fbe381e2f8f896c10d13f864cc52e07a43 + v0.15.16: f30095e1a0b926d2114b7a419141bea76e950b643182e97e666950ca05a205d9 + v0.15.15: 492279c1f960c79747290a5d1e1b21084a04a93f9e13ab4ae7df4c76fe808aff ppc64le: - v0.15.0: 0 - v0.14.8: 0 - v0.14.7: 0 - v0.14.6: 0 - v0.14.5: 0 - v0.14.4: 0 - v0.14.3: 0 - v0.14.2: 0 - v0.14.1: 0 - v0.14.0: 0 + v0.16.0: 0 + v0.15.23: 0 + v0.15.22: 0 + v0.15.21: 0 + v0.15.20: 0 + v0.15.19: 0 + v0.15.18: 0 + v0.15.17: 0 + v0.15.16: 0 + v0.15.15: 0 calico_crds_archive_checksums: + v3.27.3: d11a32919bff389f642af5df8180ad3cec586030decd35adb2a7d4a8aa3b298e v3.27.2: 8154bb4aad887f2a5500b505fe203a918f72c4e602b04c688c4b94f76a26e925 v3.27.1: 76abb0db222af279e3514cfae02be9259097b565bbb2ffcb776ca00566480edb v3.27.0: 2a4b5132035dfd6ac4abc8d545f33de139350eca523e0c5cfe4ac32e43fcb2f1 @@ -597,65 +664,46 @@ calico_crds_archive_checksums: v3.24.0: 3c6694779b916fa364592a8e19d45f509c67e7dec64fb4cf09c379e170de7720 v3.23.5: aca591282d9e10a180a2afb05da6ca8db4dd02b886b4788f4962cf5b37ba1bda v3.23.4: c8b6b033755416756b2b5ef248332b7c5b660618327cb7f83a80fb949fdc601a - v3.23.3: d25f5c9a3adeba63219f3c8425a8475ebfbca485376a78193ec1e4c74e7a6115 - v3.23.2: 37c429650723c5f12ffc20dd390ead1e10d2b8a955a199666d155115a49b4dcc - v3.23.1: a1754ae4bb158e3b46ba3fb326d8038d54cd0dc2c5c8527eadf2b0a6cf8ef2e3 - v3.23.0: 27dd12ff792eb8f680506566e8d99467673f859298fe93d4f23c2139cc3f0c96 - v3.22.5: f3b6a6861b7beae549b4cf0be5c4b954c0cc19e95adb89dd9d78e983f9f2a5d7 - v3.22.4: e72e7b8b26256950c1ce0042ac85fa83700154dae9723c8d007de88343f6a7e5 - v3.22.3: 55ece01da00f82c62619b82b6bfd6442a021acc6fd915a753735e6ebceabaa21 krew_archive_checksums: darwin: arm: v0.4.4: 0 v0.4.3: 0 - v0.4.2: 0 arm64: v0.4.4: e6ac776140b228d6bdfda11247baf4e9b11068f42005d0975fc260c629954464 v0.4.3: 22f29ce3c3c9c030e2eaf3939d2b00f0187dfdbbfaee37fba8ffaadc46e51372 - v0.4.2: a69d48f8cad7d87b379071129cde3ee4abcaaa1c3f3692bc80887178b2cc7d33 amd64: v0.4.4: 5f4d2f34868a87cf1188212cf7cb598e76a32f389054089aad1fa46e6daf1e1b v0.4.3: 6f6a774f03ad4190a709d7d4dcbb4af956ca0eb308cb0d0a44abc90777b0b21a - v0.4.2: 47c6b5b647c5de679a2302444f75a36a70530fa4751cb655e0edd5da56a5f110 ppc64le: v0.4.4: 0 v0.4.3: 0 - v0.4.2: 0 linux: arm: v0.4.4: 4f3d550227e014f3ba7c72031108ffda0654cb755f70eb96be413a5102d23333 v0.4.3: 68eb9e9f5bba29c7c19fb52bfc43a31300f92282a4e81f0c51ad26ed2c73eb03 - v0.4.2: 115f503e35ef7f63f00a9b01236d80a9f94862ec684010a81c3a3b51bdca1351 arm64: v0.4.4: f8f0cdbf698ed3e8cb46e7bd213754701341a10e11ccb69c90d4863e0cf5a16a v0.4.3: 0994923848882ad0d4825d5af1dc227687a10a02688f785709b03549dd34d71d - v0.4.2: 7581be80d803536acc63cceb20065023b96f07fd7eb9f4ee495dce0294a866eb amd64: v0.4.4: e471396b0ed4f2be092b4854cc030dfcbb12b86197972e7bef0cb89ad9c72477 v0.4.3: 5df32eaa0e888a2566439c4ccb2ef3a3e6e89522f2f2126030171e2585585e4f - v0.4.2: 203bfd8006b304c1e58d9e96f9afdc5f4a055e0fbd7ee397fac9f36bf202e721 ppc64le: v0.4.4: 0 v0.4.3: 0 - v0.4.2: 0 windows: arm: v0.4.4: 0 v0.4.3: 0 - v0.4.2: 0 arm64: v0.4.4: 0 v0.4.3: 0 - v0.4.2: 0 amd64: v0.4.4: da0dfeb2a598f11fb9ce871ee7f3b1a69beb371a45f531ee65a71b2201511d28 v0.4.3: d1343a366a867e9de60b23cc3d8ee935ee185af25ff8f717a5e696ba3cae7c85 - v0.4.2: 3150ff0291ac876ebe4fe0e813ee90a18aa2bc0510c3adcfae6117dec44ef269 ppc64le: v0.4.4: 0 v0.4.3: 0 - v0.4.2: 0 helm_archive_checksums: arm: v3.14.2: b70fb6fa2cdf0a5c782320c9d7e7b155fcaec260169218c98316bb3cf0d431d9 @@ -665,15 +713,6 @@ helm_archive_checksums: v3.13.2: 06e8436bde78d53ddb5095ba146fe6c7001297c7dceb9ef6b68992c3ecfde770 v3.13.1: a9c188c1a79d2eb1721aece7c4e7cfcd56fa76d1e37bd7c9c05d3969bb0499b4 v3.13.0: bb2cdde0d12c55f65e88e7c398e67463e74bc236f68b7f307a73174b35628c2e - v3.12.3: 6b67cf5fc441c1fcb4a860629b2ec613d0e6c8ac536600445f52a033671e985e - v3.12.2: 39cc63757901eaea5f0c30b464d3253a5d034ffefcb9b9d3c9e284887b9bb381 - v3.12.1: 6ae6d1cb3b9f7faf68d5cd327eaa53c432f01e8fd67edba4e4c744dcbd8a0883 - v3.12.0: 1d1d3b0b6397825c3f91ec5f5e66eb415a4199ccfaf063ca399d64854897f3f0 - v3.11.3: 0816db0efd033c78c3cc1c37506967947b01965b9c0739fe13ec2b1eea08f601 - v3.11.2: 444b65100e224beee0a3a3a54cb19dad37388fa9217ab2782ba63551c4a2e128 - v3.11.1: 77b797134ea9a121f2ede9d159a43a8b3895a9ff92cc24b71b77fb726d9eba6d - v3.11.0: cddbef72886c82a123038883f32b04e739cc4bd7b9e5f869740d51e50a38be01 - v3.10.3: dca718eb68c72c51fc7157c4c2ebc8ce7ac79b95fc9355c5427ded99e913ec4c arm64: v3.14.2: c65d6a9557bb359abc2c0d26670de850b52327dc3976ad6f9e14c298ea3e1b61 v3.14.1: f865b8ad4228fd0990bbc5b50615eb6cb9eb31c9a9ca7238401ed897bbbe9033 @@ -682,15 +721,6 @@ helm_archive_checksums: v3.13.2: f5654aaed63a0da72852776e1d3f851b2ea9529cb5696337202703c2e1ed2321 v3.13.1: 8c4a0777218b266a7b977394aaf0e9cef30ed2df6e742d683e523d75508d6efe v3.13.0: d12a0e73a7dbff7d89d13e0c6eb73f5095f72d70faea30531941d320678904d2 - v3.12.3: 79ef06935fb47e432c0c91bdefd140e5b543ec46376007ca14a52e5ed3023088 - v3.12.2: cfafbae85c31afde88c69f0e5053610c8c455826081c1b2d665d9b44c31b3759 - v3.12.1: 50548d4fedef9d8d01d1ed5a2dd5c849271d1017127417dc4c7ef6777ae68f7e - v3.12.0: 658839fed8f9be2169f5df68e55cb2f0aa731a50df454caf183186766800bbd0 - v3.11.3: 9f58e707dcbe9a3b7885c4e24ef57edfb9794490d72705b33a93fa1f3572cce4 - v3.11.2: 0a60baac83c3106017666864e664f52a4e16fbd578ac009f9a85456a9241c5db - v3.11.1: 919173e8fb7a3b54d76af9feb92e49e86d5a80c5185020bae8c393fa0f0de1e8 - v3.11.0: 57d36ff801ce8c0201ce9917c5a2d3b4da33e5d4ea154320962c7d6fb13e1f2c - v3.10.3: 260cda5ff2ed5d01dd0fd6e7e09bc80126e00d8bdc55f3269d05129e32f6f99d amd64: v3.14.2: 0885a501d586c1e949e9b113bf3fb3290b0bbf74db9444a1d8c2723a143006a5 v3.14.1: 75496ea824f92305ff7d28af37f4af57536bf5138399c824dff997b9d239dd42 @@ -699,15 +729,6 @@ helm_archive_checksums: v3.13.2: 55a8e6dce87a1e52c61e0ce7a89bf85b38725ba3e8deb51d4a08ade8a2c70b2d v3.13.1: 98c363564d00afd0cc3088e8f830f2a0eeb5f28755b3d8c48df89866374a1ed0 v3.13.0: 138676351483e61d12dfade70da6c03d471bbdcac84eaadeb5e1d06fa114a24f - v3.12.3: 1b2313cd198d45eab00cc37c38f6b1ca0a948ba279c29e322bdf426d406129b5 - v3.12.2: 2b6efaa009891d3703869f4be80ab86faa33fa83d9d5ff2f6492a8aebe97b219 - v3.12.1: 1a7074f58ef7190f74ce6db5db0b70e355a655e2013c4d5db2317e63fa9e3dea - v3.12.0: da36e117d6dbc57c8ec5bab2283222fbd108db86c83389eebe045ad1ef3e2c3b - v3.11.3: ca2d5d40d4cdfb9a3a6205dd803b5bc8def00bd2f13e5526c127e9b667974a89 - v3.11.2: 781d826daec584f9d50a01f0f7dadfd25a3312217a14aa2fbb85107b014ac8ca - v3.11.1: 0b1be96b66fab4770526f136f5f1a385a47c41923d33aab0dcb500e0f6c1bf7c - v3.11.0: 6c3440d829a56071a4386dd3ce6254eab113bc9b1fe924a6ee99f7ff869b9e0b - v3.10.3: 950439759ece902157cf915b209b8d694e6f675eaab5099fb7894f30eeaee9a2 ppc64le: v3.14.2: f3bc8582ff151e619cd285d9cdf9fef1c5733ee5522d8bed2ef680ef07f87223 v3.14.1: 4d853ab8fe3462287c7272fbadd5f73531ecdd6fa0db37d31630e41ae1ae21de @@ -716,68 +737,39 @@ helm_archive_checksums: v3.13.2: 11d96134cc4ec106c23cd8c163072e9aed6cd73e36a3da120e5876d426203f37 v3.13.1: f0d4ae95b4db25d03ced987e30d424564bd4727af6a4a0b7fca41f14203306fb v3.13.0: d9be0057c21ce5994885630340b4f2725a68510deca6e3c455030d83336e4797 - v3.12.3: 8f2182ae53dd129a176ee15a09754fa942e9e7e9adab41fd60a39833686fe5e6 - v3.12.2: fb0313bfd6ec5a08d8755efb7e603f76633726160040434fd885e74b6c10e387 - v3.12.1: 32b25dba14549a4097bf3dd62221cf6df06279ded391f7479144e3a215982aaf - v3.12.0: 252d952b0e1b4ed2013710ddedf687ed5545d9f95a4fd72de0ff9617ff69155c - v3.11.3: 9f0a8299152ec714cee7bdf61066ba83d34d614c63e97843d30815b55c942612 - v3.11.2: 04cbb8d053f2d8023e5cc6b771e9fa384fdd341eb7193a0fb592b7e2a036bf3d - v3.11.1: 6ab8f2e253c115b17eda1e10e96d1637047efd315e9807bcb1d0d0bcad278ab7 - v3.11.0: 6481a51095f408773212ab53edc2ead8a70e39eba67c2491e11c4229a251f9b5 - v3.10.3: 93cdf398abc68e388d1b46d49d8e1197544930ecd3e81cc58d0a87a4579d60ed cri_dockerd_archive_checksums: arm: + 0.3.11: 0 + 0.3.10: 0 0.3.9: 0 0.3.8: 0 0.3.7: 0 0.3.6: 0 0.3.5: 0 - 0.3.4: 0 - 0.3.3: 0 - 0.3.2: 0 - 0.3.1: 0 - 0.3.0: 0 - 0.2.6: 0 - 0.2.5: 0 arm64: + 0.3.11: 877f635a7005b393f7aab24ca4b1cd7bdfb3b967d055e858408240c86e3cab9a + 0.3.10: 24d2d9cdbb4ed4bda4b0838edb52104ac7a4e2212a0ee05b177de0ae5b6a4a9a 0.3.9: f5051002b4f95b0e8fe7fbd5f8de4493350e010834d2a8b647f2b26c45c6c203 0.3.8: 64286af171785f0facb72cf364867600b4db19f43a01db49b8b364f5d04aadae 0.3.7: 8da54563ee7ddee36b1adf1f96b3b7b97ec2bc0ec23559b89d9af8eae5e62d9e 0.3.6: 793b8f57cecf734c47bface10387a8e90994c570b516cb755900f21ebd0a663b 0.3.5: c20014dc5a71e6991a3bd7e1667c744e3807b5675b1724b26bb7c70093582cfe - 0.3.4: 598709c96585936729140d31a76be778e86f9e31180ff3622a44b63806f37779 - 0.3.3: fa0aa587fc7615248f814930c2e0c9a252afb18dc37c8f4d6d0263faed45d5a7 - 0.3.2: b24ae82808bb5ee531348c952152746241ab9b1b7477466ba6c47a7698ef16ae - 0.3.1: dcaa2794ac23348c6d370717a68e70d1da1723a11a892d63459cd88fb5d82226 - 0.3.0: 2a7e5bb156b80f737ef07ae2e8050394ea3e47fb0b7055afac47a365eaa321fb - 0.2.6: 90122641e45e8ff81dbdd4d84c06fd9744b807b87bff5d0db7f826ded326a9fd - 0.2.5: 067242bf5e4b39fece10500a239612c7b0723ce9766ba309dbd22acaf1a2def2 amd64: + 0.3.11: b2475988f3b86d85c7835269121171e35c92454ad5f4cd6252183b0fccd74d63 + 0.3.10: 3e19ef525e02d2d1dfd42e8d661ee45b4bc8a49a6dcafd8baa578bdb3a23aeb6 0.3.9: a6d9b4b796e9eff830311a2349d259507302cb3955dd07b78296b91e40e8b433 0.3.8: e12ea6df8228b7d0794c930d32117c4e5a3dcf25a56c3facdf7006289ec6383c 0.3.7: 518c5d5345085f36d311f274208705d7fdb79337a80c256871ce941d5a7d47a1 0.3.6: cf271d65abee88c0c0a6d9dacb151913bf37d25d45913a7e04b09efe408eae18 0.3.5: 30d47bd89998526d51a8518f9e8ef10baed408ab273879ee0e30350702092938 - 0.3.4: b77a1fbd70d12e5b1dacfa24e5824619ec54184dbc655e721b8523572651adeb - 0.3.3: 169dce95e7252165c719e066a90b4a64af64119f9ee74fdca73bf9386bcf96c8 - 0.3.2: 93acc0b8c73c68720c9e40b89c2a220a2df315eb2cd3d162b294337c4dcb2193 - 0.3.1: 126431e7b207e013004311f5a21803cad44511616e7440157381476bdc6c5219 - 0.3.0: 8e6a445591e77b9570299d0afadeee26cb7aa23e4bfd7518baa6a3260b9ee889 - 0.2.6: 5d57b160d5a1f75333149823bec3e291a1a0960383ddc9ddd6e4ff177382c755 - 0.2.5: 1660052586390fd2668421d16265dfcc2bbdba79d923c7ede268cf91935657c1 ppc64le: + 0.3.11: 0 + 0.3.10: 0 0.3.9: 0 0.3.8: 0 0.3.7: 0 0.3.6: 0 0.3.5: 0 - 0.3.4: 0 - 0.3.3: 0 - 0.3.2: 0 - 0.3.1: 0 - 0.3.0: 0 - 0.2.6: 0 - 0.2.5: 0 runc_checksums: arm: v1.1.12: 0 @@ -785,138 +777,90 @@ runc_checksums: v1.1.10: 0 v1.1.9: 0 v1.1.8: 0 - v1.1.7: 0 - v1.1.6: 0 - v1.1.5: 0 - v1.1.4: 0 - v1.1.3: 0 arm64: v1.1.12: 879f910a05c95c10c64ad8eb7d5e3aa8e4b30e65587b3d68e009a3565aed5bb8 v1.1.11: 9f1ee53f06b78cc4a115ca6ae4eec10567999539ce828a22c5351edba043ed12 v1.1.10: 4830afd426bdeacbdf9cb8729524aa2ed51790b8c4b28786995925593708f1c8 v1.1.9: b43e9f561e85906f469eef5a7b7992fc586f750f44a0e011da4467e7008c33a0 v1.1.8: 7c22cb618116d1d5216d79e076349f93a672253d564b19928a099c20e4acd658 - v1.1.7: 1b309c4d5aa4cc7b888b2f79c385ecee26ca3d55dae0852e7c4a692196d5faab - v1.1.6: da5b2ed26a173a69ea66eae7c369feebf59c1031e14985f512a0a293bb5f76fb - v1.1.5: 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f - v1.1.4: dbb71e737eaef454a406ce21fd021bd8f1b35afb7635016745992bbd7c17a223 - v1.1.3: 00c9ad161a77a01d9dcbd25b1d76fa9822e57d8e4abf26ba8907c98f6bcfcd0f amd64: v1.1.12: aadeef400b8f05645768c1476d1023f7875b78f52c7ff1967a6dbce236b8cbd8 v1.1.11: 77ae134de014613c44d25e6310a57a219a7a91155cd47d069a0f22a2cad5caea v1.1.10: 81f73a59be3d122ab484d7dfe9ddc81030f595cc59968f61c113a9a38a2c113a v1.1.9: b9bfdd4cb27cddbb6172a442df165a80bfc0538a676fbca1a6a6c8f4c6933b43 v1.1.8: 1d05ed79854efc707841dfc7afbf3b86546fc1d0b3a204435ca921c14af8385b - v1.1.7: c3aadb419e5872af49504b6de894055251d2e685fddddb981a79703e7f895cbd - v1.1.6: 868bee5b8dc2a01df0ca41d0accfad6a3372dc1165ebfb76143d2c6672e86115 - v1.1.5: f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb - v1.1.4: db772be63147a4e747b4fe286c7c16a2edc4a8458bd3092ea46aaee77750e8ce - v1.1.3: 6e8b24be90fffce6b025d254846da9d2ca6d65125f9139b6354bab0272253d01 ppc64le: v1.1.12: 4069d1d57724126e116ad6dbd84409082d1b0afee1ee960b17558f146a742bb6 v1.1.11: e3d1da41f97db1bb7e9a8d96c9092747c14ee53bc9f160048828e63f3a2d0896 v1.1.10: 94a091c06c363e4af7be398dc31fa6e02576d5ecda6de1cbf3a08fe8662bf678 v1.1.9: 065cf4f84b5acc0acdb017af2955743dfb5f5e1f49a493eea3e8206f33bf6fe6 v1.1.8: a816cd654e804249c4f757cc6bf2aa2c128e4b8e6a993067d44c63c891c081ab - v1.1.7: eb0e76876d09fa8119dc6e6b037107e5d265d1cfa51f1fbed5418e5745ecf153 - v1.1.6: f98d585dd88d45a296a3f3adde39eaec84e0cfc75f75c50e5470d871e3538460 - v1.1.5: 4f06d25b46e11e6670bf38e638c9183bb6676787801f1226f0aa8e74e40169ea - v1.1.4: 0f7fb3d2426b6012d9b33c354c778c0ffbce02c329c4c16c1189433a958fd60d - v1.1.3: 3b1b7f953fc8402dec53dcf2de05b6b72d86850737efa9766f8ffefc7cae3c0a crun_checksums: arm: + 1.14.4: 0 + 1.14.3: 0 + 1.14.2: 0 + 1.14.1: 0 1.11.2: 0 1.11.1: 0 1.9.2: 0 - 1.9.1: 0 - 1.8.7: 0 - 1.8.6: 0 - 1.8.5: 0 - 1.8.4: 0 - 1.8.3: 0 - 1.8.2: 0 - 1.8.1: 0 - 1.7.2: 0 - 1.7.1: 0 arm64: + 1.14.4: 308f8719055de178897f66cbb72d6a02567050ac645dd5eca52f48de347dda6c + 1.14.3: 0486629e1599c3bccded279f6555ff22691958cde56203ceca099af6f2407263 + 1.14.2: 409ebdcb4935b004ce0efa8ada4aaf8d4dd63b77cde1d0acdf55664c168acbd9 + 1.14.1: 25f85c85b9ae15de589ac02d2b766178967d29122325f9479ab068534b7a9658 1.11.2: 9e1aeb86bce609eccff46a8b976ed06994bca27d639e564fd45756786c4d0123 1.11.1: c8b0d243f6ac4fb02665c157b5404e5184bdc9240dbdcdde0ccef2db352ce97a 1.9.2: 1ad8bd3c1aa693f59133c480aa13bbdf6d81e4528e72ce955612c6bae8cb1720 - 1.9.1: fab460328d425a72cfd1a70f8fc25c888b6f17cfd95abdace61035a80c3dfe4a - 1.8.7: 004f40b48ec28e963eee79929002b9dfb88496be5699e6052358c67e47fdc88a - 1.8.6: 1f86d20292284f29593594df8d8556d5363a9e087e169626604cc212c77d1727 - 1.8.5: 77032341af7c201db03a53e46707ba8b1af11cdd788530426f2da6ccb9535202 - 1.8.4: 29bbb848881868c58908933bab252e73ee055672d00b7f40cea751441ca74fa4 - 1.8.3: 5394336630618c724274bf3e5e0c8a64c2e67e4723f671029c4f57f459359f73 - 1.8.2: d17970486fab69058e182c3322b7f9fe51561cc3ce28339a0d65b0c81acda933 - 1.8.1: c8382b91a52ac09797ff44990daf014803dde9487d1a41243bc9d8eaf07484e4 - 1.7.2: 576a39ca227a911e0e758db8381d2786f782bfbd40b54684be4af5e1fe67b018 - 1.7.1: 8d458c975f6bf754e86ebedda9927abc3942cbebe4c4cb34a2f1df5acd399690 amd64: + 1.14.4: 4f170aaa10d2ef02560cfb60b67ddfa1a83b1b4f7018227e9cb23a6af3955ec1 + 1.14.3: 80c5ab9422d4672f650f2bad3da933568349b64117d055486abc3534517be2af + 1.14.2: 4d3a64961ea9e6a1313ab807f86a17bc6ebcecad2df84a120322fddebff00bcf + 1.14.1: a30afd16bbf7eed9d9ce662062f64ef9fbb5d7c76963668c33e90a5693941fbd 1.11.2: acb62839ab8615f0e2485e8d71272b5659cbe35182eb24c5e96bd213240567fe 1.11.1: ca8c9cef23f4a3f7a635ee58a3d9fa35e768581fda89dc3b6baed219cc407a02 1.9.2: 2bb60bcd5652cb17e44f66f0b8ae48195434bd1d66593db97fba85c7778eac53 - 1.9.1: a2bc565c8bbcb1074b70cdec0c39ca93e4aa84f1188641d160531f4a8aae80f0 - 1.8.7: f26e90ab197df8b1cb81d70bcb2cd36a80299d6445470b3c1a84ceda59a34199 - 1.8.6: 23cd9901106ad7a8ebf33725a16b99a14b95368a085d6ffc2ede0b0c9b002bde - 1.8.5: 75062fa96a7cabd70e6f6baf1e11da00131584cc74a2ef682a172769178d8731 - 1.8.4: 99be7d3c9ba3196c35d64b63fa14e9f5c37d1e91b194cfdbfa92dbcbebd651bc - 1.8.3: f82ccdc575a72fe2d91ea8d68161746a0e28898bc86a2a6f55eed00aa1d79afa - 1.8.2: 9febf1dd7600d15db2ee9a6b8836a76db563bf715e009d0c5f662353e7fa6c29 - 1.8.1: b7f2150da473ed2d052df371244176aa96c9ad908fed06b81ebcb51a8a0f6b06 - 1.7.2: 2bd2640d43bc78be598e0e09dd5bb11631973fc79829c1b738b9a1d73fdc7997 - 1.7.1: 8e095f258eee554bb94b42af07aa5c54e0672a403d56b2cfecd49153a11d6760 ppc64le: + 1.14.4: 0 + 1.14.3: 0 + 1.14.2: 0 + 1.14.1: 0 1.11.2: 0 1.11.1: 0 1.9.2: 0 - 1.9.1: 0 - 1.8.7: 0 - 1.8.6: 0 - 1.8.5: 0 - 1.8.4: 0 - 1.8.3: 0 - 1.8.2: 0 - 1.8.1: 0 - 1.7.2: 0 - 1.7.1: 0 youki_checksums: arm: + 0.3.2: 0 + 0.3.1: 0 0.3.0: 0 0.2.0: 0 0.1.0: 0 0.0.5: 0 0.0.4: 0 - 0.0.3: 0 - 0.0.2: 0 - 0.0.1: 0 arm64: + 0.3.2: 0 + 0.3.1: 0 0.3.0: 0 0.2.0: 0 0.1.0: 0 0.0.5: 0 0.0.4: 0 - 0.0.3: 0 - 0.0.2: 0 - 0.0.1: 0 amd64: + 0.3.2: 0 + 0.3.1: 0 0.3.0: 741ba3cd85d768bebba02598cedcf3b15a2160e4d6ce33a3d5c4e1b3080f9c1c 0.2.0: b268689a91db07feebfd41d5806b10c7d051fbcbf7efb15076e2228763ac0762 0.1.0: f00677e9674215b44f140f0c0f4b79b0001c72c073d2c5bb514b7a9dcb13bdbc 0.0.5: 8504f4c35a24b96782b9e0feb7813aba4e7262c55a39b8368e94c80c9a4ec564 0.0.4: c213376393cb16462ef56586e68fef9ec5b5dd80787e7152f911d7cfd72d952e - 0.0.3: 15df10c78f6a35e45a1dce92c827d91b9aef22dc926c619ff5befafc8543f1bb - 0.0.2: dd61f1c3af204ec8a29a52792897ca0d0f21dca0b0ec44a16d84511a19e4a569 - 0.0.1: 8bd712fe95c8a81194bfbc54c70516350f95153d67044579af95788fbafd943b ppc64le: + 0.3.2: 0 + 0.3.1: 0 0.3.0: 0 0.2.0: 0 0.1.0: 0 0.0.5: 0 0.0.4: 0 - 0.0.3: 0 - 0.0.2: 0 - 0.0.1: 0 kata_containers_binary_checksums: arm: 3.2.0: 0 @@ -926,10 +870,6 @@ kata_containers_binary_checksums: 3.1.0: 0 3.0.2: 0 3.0.1: 0 - 3.0.0: 0 - 2.5.2: 0 - 2.5.1: 0 - 2.5.0: 0 arm64: 3.2.0: 0 3.1.3: 0 @@ -938,10 +878,6 @@ kata_containers_binary_checksums: 3.1.0: 0 3.0.2: 0 3.0.1: 0 - 3.0.0: 0 - 2.5.2: 0 - 2.5.1: 0 - 2.5.0: 0 amd64: 3.2.0: 21bb8484a060450d6522f29bed7d88d773c28520774eaa2c522b6f47fd12c4a1 3.1.3: 266c906222c85b67867dea3c9bdb58c6da0b656be3a29f9e0bed227c939f3f26 @@ -950,10 +886,6 @@ kata_containers_binary_checksums: 3.1.0: 452cc850e021539c14359d016aba18ddba128f59aa9ab637738296d9b5cd78a0 3.0.2: a32dc555ffae23f3caab3bc57b03d5ed7792f651221f6cb95cdfe906e18c4bd1 3.0.1: e2505482f68cc1b1417b8011f2755bf87171a8dd6daaace28531746118fbddaa - 3.0.0: ff475932f65936504f63ff087c81f89103df2a99e0ceb6571246f63f7a4f948e - 2.5.2: 2c7ce463b32d52b613c1b1ea3d89e83a59ca0fd0ee7fdd24eb854ab2de05ec10 - 2.5.1: 4e4fe5204ae9aea43aa9d9bee467a780d4ae9d52cd716edd7e28393a881377ad - 2.5.0: 044e257c16b8dfa1df92663bd8e4b7f62dbef3e431bc427cdd498ff1b2163515 ppc64le: 3.2.0: 0 3.1.3: 0 @@ -962,212 +894,80 @@ kata_containers_binary_checksums: 3.1.0: 0 3.0.2: 0 3.0.1: 0 - 3.0.0: 0 - 2.5.2: 0 - 2.5.1: 0 - 2.5.0: 0 gvisor_runsc_binary_checksums: arm: - 20230807: 0 - 20230801: 0 - 20230731: 0 - 20230724: 0 - 20230717: 0 - 20230710: 0 - 20230627: 0 - 20230621: 0 - 20230605: 0 - 20230529: 0 - 20230522: 0 - 20230517: 0 - 20230508: 0 - 20230501: 0 - 20230417: 0 - 20231030: 0 - 20231023: 0 - 20231016: 0 - 20231009: 0 - 20231003: 0 - 20230925: 0 - 20230920: 0 - 20230911: 0 - 20230904: 0 + 20240305: 0 + 20240212: 0 + 20240206: 0 + 20240129: 0 + 20240122: 0 + 20240115: 0 + 20240109: 0 + 20231218: 0 arm64: - 20230807: 562c629abb6576d02a4b5a5c32cb4706e29122f72737c55a2bf87d012682117f - 20230801: 69f4b7fd068fcc9a30181657ae5dcdd259e5fe71111d86e7cb0065e190b82fc3 - 20230731: 228ad19507ed23f97d99a2ea19be355f57fa4fddc70d0c425879952bd2d2cd7d - 20230724: bbc929ade0211f1d4759db4d3b1e12942dbd198ec91e3e40a272a787856be6e9 - 20230717: 94e36ee1581b951ab328b097d8aff994e96c035462bd2ea5d67f0bc225996c7a - 20230710: 1af3f8640f517339e2b1d522c6ec7066bc32329d0d96d265af6fe7e6d966d4b3 - 20230627: b791646f8129542f110f5ed9d88c3c1fbe6a242207202a8fba2873fad4c6eca6 - 20230621: 7e57e36c146e4aeae736b777c13bcd077a60110e5f1db9e60b87199aed1b533f - 20230605: ef3a965ff6e585c5604f72172a03e6bf3c7511a04f86925eaad6b78b7b9cb4f1 - 20230529: d31e781026a0afa4e2864839993ab17cf4f581ec92419e7c263f4ed34958a2cd - 20230522: 873163cb0e850685efa2f8c98a3b57502e4af72e5a14edf15c81d8830afa3dc3 - 20230517: 9a107bed8a1184a6f1040e6893c0975e572966a3ecd7009e8b2be70482e4ab1d - 20230508: b1cffc3c3071fe92f2d6c14aa946d50f01b0650ce8a8ed51b240cebc2ae2d1f0 - 20230501: b0e0e74ca92efbb65cfa2de1fbb00f767056c2797ca1b1b091ecee9ae0be8122 - 20230417: 21d01bb86f31812d5bca09fa89129ceee6561e5dd2722afcc52e28649383f311 - 20231030: c4a11ed7066bff777db048167b01a8662d0e1a48672a8c78ab7c3d5e5a5297c7 - 20231023: 90572e057cc05360c052aa2a161038e65328b9860d85d1f5db6c24c4c6a2433e - 20231016: 2bd8aee1ca3563e08afdd7019783d02c8c701c63e67fac3be6ee1243c5b0ee21 - 20231009: c6730e8ba356dd763b451b00e0206d0c69ff9857fd0a7ad456546db192b3ca4b - 20231003: 5b18676dab77d2725da02489de61445336e590018678898b7d8ff0afcda4d9f8 - 20230925: 64b6f59a7ec247fa01db5b9ee0a66c5a2e4c5ddf891dda8c8db65cbf8a4f0ae2 - 20230920: 8db0d62d750c510e7c0458e7644926be5d8d11d099dde3ed97591f6ecc10e278 - 20230911: 34aa27e693666335c69d233747be2fccfa8665ef88381d451c0b1a33a2050ae1 - 20230904: 990734ea106aaac65bd97ed496f7f87115fc743896ee4ef897e12c10204aea9d + 20240305: b8b54b45fed2dd1fa14decefecc68c8da605b8abaaee97a0550deeee4afc427f + 20240212: a03fb515df9cabf1c618193e9ed7400543c0410ab7107d1ce291ebc9212521cf + 20240206: 50b637dcb7c1b2fb1c1ce189a48ca6732d4b5a5c17ac08d5dd22d33b06fd31c8 + 20240129: d2ecc989f27d40a0e7cd53f0712fa91405b1eef2cb466deccffa41a7f607bacd + 20240122: ae9507f4ff950dc315e7dea2c4b0086dce66b88b8c8bac2008d8e754bac7af7a + 20240115: 7b2ce18408212542477c31cc1bd0ddddf6fbf7439d57e56f6884091f62c81cd8 + 20240109: 51a1b299997834b902192806def688b1e23ff6b14f28a9ed3397f3f6572a189a + 20231218: 86262a78946deacc309c0f08883659ee3298c288048dc30955945e71993c81a8 amd64: - 20230807: bb5055d820a3698181b593e3f6d2b44e8e957a6df91bea7776fee030c007814f - 20230801: 9df74be6ed44f4b35d5aa5ba1956bb3959680c6909748009a2f9476e04b0921e - 20230731: 50e586ce482bce290d893277644ca950a3ab09b53719170578b324666c6e0eec - 20230724: 859476ba858012724d845b3d417070dfb577b68640f0c0840712485710c975fd - 20230717: 4ab67b11728ab1f8d5a897c3346bfb2d725c73c358a588eab0ad3b3ddaa094c8 - 20230710: cd5648f0e32862a4a733840c565c112fe7b505970a10d3b2e882805158bd82b2 - 20230627: d2db10692a56c73cf2fb78776cb41a911db26f65d122922455786db63e25e22c - 20230621: d4e03fee422c87c8f533493de04286277def528e768b3fc90d22c15d8cc1ff7e - 20230605: 85c8feb5d71f45abe29f97548c5432966cd1e57feab560a923f2ea64395b63c1 - 20230529: 41eb6a5fc545e27c253a21b2d6881c7bfed25932cc34e042023600d17a5b3cd9 - 20230522: 5587bcd68e32432d596492c78e935463a530980c35c34abd215d84e93efd1e8f - 20230517: 20ec2fc2e5bc90840ae6540fcd83879e84c7495b0400bc377f9d502b9fdff591 - 20230508: 2a1385d3ef6e31058671e2d2a1ce83130e934081fa2c5c93589eebf7856f5681 - 20230501: b60dccad63a07553809065d1c4d094dfc5e862353cc61a933b05100ffd1f831c - 20230417: 7c0ccb6144861e45bd14e2ccd02f3fdb935219447256d16c71f6c8e42f90a73d - 20231030: 61467bc39f58109dd7a2115e7bcecff460565fc681b0e89436a88d5c316300c8 - 20231023: 99363d5d432bf466f2de2f9de6be140fa1eee0ffc3fceceec87ef0fad907015e - 20231016: dc06735fd3bb333a08294931c55c6867e679dc484713e9262ec5dc258e8a08d6 - 20231009: 9532413b235dace99911192ae82414fd20be4af7f1d3479624412e49be707500 - 20231003: e925c65f51c879ee29ceb9d346a400b2efd8e36deb68028845f3fea1ccb57710 - 20230925: 72a0ef23ae6d487e164aa9749c2e1f81fb0512a18a1f776d9adc7b0c156ed194 - 20230920: 1fe85e4a6963fea744cb70044d38063e4b884dccf7ed7308c1e75cb802fbc276 - 20230911: 2048af00625f45d7134a651cd836f0be29c2edfc8f061162ea3fde2b212c443b - 20230904: 5c107f15c5be5cfacd1be0e3745fb680bee516ee613a0c6d1e9314795c911458 + 20240305: 3b949f7fab2c7d3d75df09fe5f170b46951e62b8833dcc4abad0a4d6c12f41f3 + 20240212: da5390680d18c3f98f1e88cd7363f97de42ed63a767e61d476b1740b0918b93c + 20240206: 996a8e855c1d54a7dcf688d52ee698fd714f0fd143c42ee793707e7f4f18124d + 20240129: b7765ea92c0100fcd1d03c7b23073c9be9486350cf38ffcbb72eb7915fe26605 + 20240122: d184712583d543b8f56a28e8583a1fa55c7256e77934123fe21c621e0d9b975c + 20240115: 9ae176da972b288880e69b1a438052eea2c502b6292aea8a1a33fbcf65e135dd + 20240109: f32810820c81a4dfe570080c06c5dabfc1be74ec0d5da659f93ae5cc1fc5c098 + 20231218: c353d36a134dfc2fab8509f72a34abf6a761603975eb00a39e4077c41aeaf31b ppc64le: - 20230807: 0 - 20230801: 0 - 20230731: 0 - 20230724: 0 - 20230717: 0 - 20230710: 0 - 20230627: 0 - 20230621: 0 - 20230605: 0 - 20230529: 0 - 20230522: 0 - 20230517: 0 - 20230508: 0 - 20230501: 0 - 20230417: 0 - 20231030: 0 - 20231023: 0 - 20231016: 0 - 20231009: 0 - 20231003: 0 - 20230925: 0 - 20230920: 0 - 20230911: 0 - 20230904: 0 + 20240305: 0 + 20240212: 0 + 20240206: 0 + 20240129: 0 + 20240122: 0 + 20240115: 0 + 20240109: 0 + 20231218: 0 gvisor_containerd_shim_binary_checksums: arm: - 20230807: 0 - 20230801: 0 - 20230731: 0 - 20230724: 0 - 20230717: 0 - 20230710: 0 - 20230627: 0 - 20230621: 0 - 20230605: 0 - 20230529: 0 - 20230522: 0 - 20230517: 0 - 20230508: 0 - 20230501: 0 - 20230417: 0 - 20231030: 0 - 20231023: 0 - 20231016: 0 - 20231009: 0 - 20231003: 0 - 20230925: 0 - 20230920: 0 - 20230911: 0 - 20230904: 0 + 20240305: 0 + 20240212: 0 + 20240206: 0 + 20240129: 0 + 20240122: 0 + 20240115: 0 + 20240109: 0 + 20231218: 0 arm64: - 20230807: 0b80fba82a7c492dc8c7d8585d172d399116970155c2d35f3a29d37aa5eeb80d - 20230801: 08323b1db170fe611f39306922bf56c8c4ee354d6881385fae0a27d84d6f5a62 - 20230731: 74e72b4c7f0f818f8f1a983072beca3c27f72536be808597fb1f9878f736c6ef - 20230724: 78d106ae19da764065e3e16573f347609206ebc72b48a678e14c2cf5ad04c901 - 20230717: 6425bc2285d8a6322bd9e18864da601b9ba56d7d1759a9a93805e270621036da - 20230710: 3ea3487f5d9ba87fc557c43d8f3b830780696048805883255757c940b669664c - 20230627: 5b0db73bcd6b051e7398fd7bb894bb9969ba7a1291d036aac3d47448e59c5aca - 20230621: bf5fb12a0aba6f3c1520f1b7b18d5bbdc05a5ceeb7143feb46063434c70253de - 20230605: 5ccd58ba24c1b44e6d0add79fd728d124e40b0ccfa40e9731f357719cc020bfc - 20230529: 3b1dd2904e31ab8da3aa518cdee2540caed67eecbe4fc87e143dbe90f294e31d - 20230522: 850bab454c134adefc20bc0f24015beb562ec289537b67c42e6ea3781e1fb763 - 20230517: e3ccb7aea2708d664e2b278b7c40dbf0156e2d2f773e2b13ba5766beb67b7ad2 - 20230508: d16d59d076b0856242d67eda95ee1b2301b04f14abd95ef4fe6c08509f304617 - 20230501: a5f4361897a634ac5832b269e1cc5bc1993825c06e4b0080770a948b36584754 - 20230417: 575163e65e1fda019cb34ee56120d5ecf63b0a3a00dda28c0fc138ce58a5bbff - 20231030: 6b2a6ff15d37e3cffe09cacf8dc22255759dc87f6c2290253c9bc82b4ba15909 - 20231023: ac80cb6a9be9697eefdbe0b1f60e00657f8b97552b9f7d3105b03fa30fb9e99b - 20231016: 3f513a2c042096f7636e6c2e1313ed43d2fae43b2428dcc3135f6f844e559f8d - 20231009: 638167817a34b73b3c737f4755a7564abc51ab42327334e652d7a70116e8fada - 20231003: ed8a6df203dcb80f44d239452c88ef4b86123e85443c3d7f019512d37611bab5 - 20230925: ed8a6df203dcb80f44d239452c88ef4b86123e85443c3d7f019512d37611bab5 - 20230920: a397cdf0f3a08d5f9b54ce40e01cc07373b270649caf065e2a21400f98c99687 - 20230911: f62538996f4680ace4c38dccb7fe433ad7c95622a65b1afad0f9cb35d249e1ab - 20230904: 24480f319a51d8d66a4617d80b113069ca56e1157c731fb39a0f412a1d3e4176 + 20240305: 466c51e4f4bf592da0edf8c70c70ba74f026bb48f980bb28ffb582a93c88c049 + 20240212: 4b122fd5684c068d5d73189a30a8130cc5280aefadda0b8532321446c9c79c90 + 20240206: 34ded13729aeea0bee6c6d4cbc57ac19a9f4a532631b307ae975cbeb2a09a4ff + 20240129: 41c033549c24c13c776db42d212a416a2df20a6cff57cc26f70df8cdff738441 + 20240122: e5f3dbcd7f1b1fb9f46e1432656a8b07dda63a5c65fdbe639062761439df23c0 + 20240115: eae0a657656c4153db44dd51ca285b423b44c4eaad872ea56c18b6a430cdfda5 + 20240109: 40eb0a4f5f0013afb221e228fd6e71887127c4b09c7f2eb36705a0cd5c746d57 + 20231218: 5f66938de981221359a64f05a5c770b228090db3a2697d91ad622c18dd19f4b2 amd64: - 20230807: fa16b92b3a36665783951fa6abb541bca52983322d135eb1d91ae03b93f4b477 - 20230801: 372a7c60054ab3351f5d32c925fb19bb0467b7eb9cd6032f846ba3f5b23451f8 - 20230731: 8d3f2a3c5634d56a2c2cf6017ccb2ef2764c1bceb3814a1276efe043b440d0b6 - 20230724: ff9c5e51f210c06a3e07a71f6214a0420651cd4c30fddd04d01b6d09ce24eb61 - 20230717: cf342881148b80ed95a8946f9f44781bb9323211e3c7cdc0254d27af5c5b215f - 20230710: db008c53e5a2a868d8b44df0faa051eae7fc5241f1488b53c6040a3665ac04b8 - 20230627: e55b22970b81ccee9b9d0837b11d2a20ad670fc4c028c7e87d03721257e928a9 - 20230621: 180a7320466b997114a903b034fe71aa3a65b9374b3565f7461df587b167e5de - 20230605: 4be04c512c72415b3456b0e94ca9d0c850ffd2c5fd06211f2515da70ac7f74b7 - 20230529: a8fcba918f06d984f4626acef700ab359350d631431564ca37a9ce8b4869eab1 - 20230522: 72587a1f458f20eb029f01a578fe018219688b2c4461453fdb15e97efc987e55 - 20230517: 8de99272600cfdc8b3319dc77f63c57ae592f1319b3c1b50245bc67a0740f2ae - 20230508: 7e4c74b8fc05738a7cdf7c8d99d8030007894cbc7dda774533482c5c459a8ba9 - 20230501: f951c2b8d017005787437d9f849c3edfff54c79d39eb172f92abe745652ef94d - 20230417: 61c3d75a46c8d2652306b5b3ab33e4fb519b03a3852bea738c2700ec650afe4e - 20231030: ea485191cd95d57d7e7fd1a59f7e42a624432a5634bd9b6e4f3d37e86ab0e935 - 20231023: 5045ac4983701aea469ec9934b9fd37c292259682c35e2e25f664633d183db93 - 20231016: a9f85a10b914526f78465142958c82c058484cbab1f6af5bf4cf1d95a0322ea3 - 20231009: 274eeb298a538d899ca19a659120b8249dd3169f3128a1e5794308a241ce3fcc - 20231003: c96d0f062d979249e03355421659363a353310169df86511861505f329ab1614 - 20230925: c96d0f062d979249e03355421659363a353310169df86511861505f329ab1614 - 20230920: 09eafdf9d37e51fa9719a3752c11564124a5ba509fa50c651f81967a0051781d - 20230911: 6f1f1fc33f0dc1255642ece98b909ebccf3a54a1a2c950d1d84928b78a7c3e22 - 20230904: 73b2e9c4761622ef82eefe74a3346196834728ad8b980101e2d87c6e3c48015c + 20240305: 11a1b482e0ed6c72ea6ca72692e1cb2d0794214d142be5389e30517a96b157dc + 20240212: 48333e9b6158f8d4192a35e1d1f74319b6a083d6cbc3779c847548de6a5faf5f + 20240206: 9c88e82b71dc07f689c74f61143ea00fa8621a6d5c31c5fadb9714ad3be8465a + 20240129: 840b4b9d47bd04f3dfed6cf8fbee7c2c4a697e17461c22afb873d67499d4d9b9 + 20240122: cd7d9e4bb4cb0ac8242d15fc03580880f53eb36ebd9fb8d686e2811e86ad698e + 20240115: b95d05f667f1040cb07f262f27396d1deb23573ce4c4a31ea3568e6ca3b70c24 + 20240109: d677683326cfd42c7913636651f74ffd1a6866066877903d8a58c644422c2e18 + 20231218: a0578a357feb9320298730bf5ba683880ba35c476dc74dc82c79f0b5acc42656 ppc64le: - 20230807: 0 - 20230801: 0 - 20230731: 0 - 20230724: 0 - 20230717: 0 - 20230710: 0 - 20230627: 0 - 20230621: 0 - 20230605: 0 - 20230529: 0 - 20230522: 0 - 20230517: 0 - 20230508: 0 - 20230501: 0 - 20230417: 0 - 20231030: 0 - 20231023: 0 - 20231016: 0 - 20231009: 0 - 20231003: 0 - 20230925: 0 - 20230920: 0 - 20230911: 0 - 20230904: 0 + 20240305: 0 + 20240212: 0 + 20240206: 0 + 20240129: 0 + 20240122: 0 + 20240115: 0 + 20240109: 0 + 20231218: 0 nerdctl_archive_checksums: arm: 1.7.4: 91d3a8bcc2247dd80f8f5769419e6f344dea412937de4c318f65d8e9bf01355b @@ -1177,15 +977,6 @@ nerdctl_archive_checksums: 1.7.0: 8b9e7cccbcc0a472685d1bc285f591f41005f8699e7265ea5438a3e06aefdcfd 1.6.2: 69363f4dbf2616d5238647bfbff60525b7b59417a26de8eb255b6d6a09171175 1.6.1: 89187ff46c5a515a5635a4017a476d82cdc1fc3de906135273c64329189b906e - 1.6.0: 20dc5f6912de321d4b6aa8647ce77c261cd6d5726d0b5dfae56bd9cdbd7c28fb - 1.5.0: 36c44498b08a08b652d01812e5f857009373fba64ce9c8ff22e101b205bbc5fb - 1.4.0: b81bece6e8a10762a132f04f54df60d043df4856b5c5ce35d8e6c6936db0b6a0 - 1.3.1: ed24086dbea22612dbcc3d14ee6f1d152b0eb6905bd8c84d3413c1f4c8d45d10 - 1.3.0: 2fa1b0cdb95cafb9ea6293c86a164b2a00b342e02d7a9444794f48f002e187c3 - 1.2.1: 750e4788515779cb8e3ea18678c3125b5724e521214bb18a799903821c17d32c - 1.2.0: d42b3329c3c99d6243a4efa0f33e9324a26597e175dd7fdae574270bf3e26f28 - 1.1.0: cc3bc31b4df015806717149f13b3b329f8fb62e3631aa2abdbae71664ce5c40d - 1.0.0: 8fd283a2f2272b15f3df43cd79642c25f19f62c3c56ad58bb68afb7ed92904c2 arm64: 1.7.4: d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d 1.7.3: e4f16b78d884768f6997558130146ba9bd7846828b19fa2ca8e8eda988953fd7 @@ -1194,15 +985,6 @@ nerdctl_archive_checksums: 1.7.0: 1255eea5bc2dbac9339d0a9acfb0651dda117504d52cd52b38cf3c2251db4f39 1.6.2: ece848045290dd61f542942248587e91125563af46c0ea972a7c908d0d39c96c 1.6.1: b91ec17a6f7bcb148ed7ad086da6c470ee33f7218c769d5d490e0a1d6a45fdb4 - 1.6.0: d5f1ed3cda151385d313f9007afc708cae0018c9da581088b092328db154d0c6 - 1.5.0: 1bb613049a91871614d407273e883057040e8393ef7be9508598a92b2efda4b7 - 1.4.0: 0edb064a7d68d0425152ed59472ce7566700b4e547afb300481498d4c7fc6cf1 - 1.3.1: 9e82a6a34c89d3e6a65dc8d77a3723d796d71e0784f54a0c762a2a1940294e3b - 1.3.0: e3405bbaadbee716e50ce4535d03f854129773152aab4876b14f117e1ed3b5ee - 1.2.1: 8dc3d918b44b3ea863a4bc8f121277389d3bdb952d549e44916502a0774ab1bb - 1.2.0: 79d71bbdd0b433838d64ef96d26eb9648911f8d5e5ab494359d32d0ff09abb34 - 1.1.0: a0b57b39341b9d67a3f0ae74e19985c72e930bad14291cbbd8479ed6a6a64e83 - 1.0.0: 27622c9d95efe6d807d5f3770d24ddd71719c6ae18f76b5fc89663a51bcd6208 amd64: 1.7.4: 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7 1.7.3: ee93ffe6f90e50bde153a9a0dd779594e0bc13a26949053965958b91b6dffdd0 @@ -1211,15 +993,6 @@ nerdctl_archive_checksums: 1.7.0: 844c47b175a3d6bc8eaad0c51f23624a5ef10c09e55607803ec2bc846fb04df9 1.6.2: 67991fc144b03596f15be6c20ca112d10bd92ad467414e95b0f1d60d332ae34e 1.6.1: 992e4ffd3d88cf197f78b78333ac345faf5f184a119d43ad8a106f560781fd89 - 1.6.0: fc3e7eef775eff85eb6c16b2761a574e83de444831312bc92e755a1f5577872d - 1.5.0: 6dc945e3dfdc38e77ceafd2ec491af753366a3cf83fefccb1debaed3459829f1 - 1.4.0: d8dcd4e270ae76ab294be3a451a2d8299010e69dce6ae559bc3193535610e4cc - 1.3.1: 3ab552877100b336ebe3167aa57f66f99db763742f2bce9e6233644ef77fb7c9 - 1.3.0: 28299050ed28ed78db4fed95daef1ce326ce0101569dc73cc49f8f7e0c17de25 - 1.2.1: 67aa5cf2a32a3dc0c335b96133daee4d2764d9c1a4d86a38398c4995d2df2176 - 1.2.0: 9d6f3427a1c0af0c38a0a707751b424d04cca13b82c62ad03ec3f4799c2de48c - 1.1.0: fcfd36b0b9441541aab0793c0f586599e6d774781c74f16468a3300026120c0e - 1.0.0: 3e993d714e6b88d1803a58d9ff5a00d121f0544c35efed3a3789e19d6ab36964 ppc64le: 1.7.4: 97c99ab6030ffac1fb780fe012de06a36512b17b13de5c99445468b5a5fe5a62 1.7.3: e63ae0a8f5ccd12877ff944b609d0a4c55c97ba79808ab16c7dc7e99fd8f3dd6 @@ -1228,17 +1001,11 @@ nerdctl_archive_checksums: 1.7.0: e421ae655ff68461bad04b4a1a0ffe40c6f0fcfb0847d5730d66cd95a7fd10cd 1.6.2: 3b0d6e4c42b99e2dd8059ded81cde69f42b065d9f486142f3c9b0861ba7effef 1.6.1: 3924467d9430df991ebdf4e78211bac2b29e9a066d5000d98f8d4ebde2bb7b4c - 1.6.0: c47717ed176f55b291d2068ed6e2445481c391936bd322614e0ff9effe06eb4d - 1.5.0: 169d546d35ba3e6ef088cc81e101f58d5ecb08e71c5ed776c99482854ea3ef8a - 1.4.0: 306d5915b387637407db67ceb96cd89ff7069f0024fb1bbc948a6602638eceaa - 1.3.1: 21700f5fe8786ed7749b61b3dbd49e3f2345461e88fe2014b418a1bdeffbfb99 - 1.3.0: 8eda05b803da56772e38dd0970279e081ba797f6d36ad28a535ba8a98993074c - 1.2.1: d5c60700709e8c3908e9863df57303e43d343e38aadf96f2d06eaaac3bc2b06b - 1.2.0: 64fb56543ee69dafa57691a9dc3b756f9cd6fec021ba1c591680d16ebb8d109d - 1.1.0: 7e97d0a856439d07e82cc26a16dfe243c21da14b7099e330e4da11e825004478 - 1.0.0: 2fb02e629a4be16b194bbfc64819132a72ede1f52596bd8e1ec2beaf7c28c117 containerd_archive_checksums: arm: + 1.7.16: 0 + 1.7.15: 0 + 1.7.14: 0 1.7.13: 0 1.7.12: 0 1.7.11: 0 @@ -1253,7 +1020,12 @@ containerd_archive_checksums: 1.7.2: 0 1.7.1: 0 1.7.0: 0 + 1.6.31: 0 + 1.6.30: 0 + 1.6.29: 0 1.6.28: 0 + 1.6.27: 0 + 1.6.26: 0 1.6.25: 0 1.6.24: 0 1.6.23: 0 @@ -1266,26 +1038,10 @@ containerd_archive_checksums: 1.6.16: 0 1.6.15: 0 1.6.14: 0 - 1.6.13: 0 - 1.6.12: 0 - 1.6.11: 0 - 1.6.10: 0 - 1.6.9: 0 - 1.6.8: 0 - 1.6.7: 0 - 1.6.6: 0 - 1.6.5: 0 - 1.6.4: 0 - 1.6.3: 0 - 1.6.2: 0 - 1.6.1: 0 - 1.6.0: 0 - 1.5.18: 0 - 1.5.17: 0 - 1.5.16: 0 - 1.5.15: 0 - 1.5.14: 0 arm64: + 1.7.16: 2d4373de40a6f58cd0f29377c0257b35697a987248e6268520586996771d7a75 + 1.7.15: 5cc8bd8f3d9803ef0ef701596e89d62ad6850a2544e722842f4533642df36d87 + 1.7.14: 44df66d0a0332465e7d15e90b974cd4f08d059dfa26652218ed9485390f47f9e 1.7.13: 118759e398f35337109592b4d237538872dc12a207d38832b9d04515d0acbc4d 1.7.12: 8a1b35a521d071a8828f63fe007a51e5b7ac863a1195f5dee32543b1a9d5f2b6 1.7.11: 5eae27cce38a14be5390d4035127aa11416bc5ae592a9ff25b11870872ce1159 @@ -1300,7 +1056,11 @@ containerd_archive_checksums: 1.7.2: d75a4ca53d9addd0b2c50172d168b12957e18b2d8b802db2658f2767f15889a6 1.7.1: 1f828dc063e3c24b0840b284c5635b5a11b1197d564c97f9e873b220bab2b41b 1.7.0: e7e5be2d9c92e076f1e2e15c9f0a6e0609ddb75f7616999b843cba92d01e4da2 + 1.6.31: 91a74cc602c7724668537f754006692114af70cfb6ef840b288f922fa68f7ed7 + 1.6.30: 0bbf1eed508d6ebc240b900648c76f12a07c0c6125aa8c22d46c9ce24252f9e3 + 1.6.29: 0 1.6.28: 96a231f875ddf9cc7682b881d408ae993f2bd5d0a40402a74ec4fda672047427 + 1.6.27: 433b0e8113adfd726374e04fc2f61dafad65c53db5665569f2715a7a916a1813 1.6.26: 177bed65b6425255bacbe48d99ea7aa5209d381576962c0962dc8615ef16c5c5 1.6.25: 4948677cfc5f98a1d5d46cec90d6d6f84f6b27cd6d28fd87f7f5936d61580ceb 1.6.24: 1d741e9e2d907f02a8b2a46034a28ff9aacdba88c485cef2f4bad18be9ea23ba @@ -1314,26 +1074,10 @@ containerd_archive_checksums: 1.6.16: c2bf51fde02ec9cf8b9c18721bc4f53bd1f19fb2bb3251f41ece61af7347e082 1.6.15: d63e4d27c51e33cd10f8b5621c559f09ece8a65fec66d80551b36cac9e61a07d 1.6.14: 3ccb61218e60cbba0e1bbe1e5e2bf809ac1ead8eafbbff36c3195d3edd0e4809 - 1.6.13: 8c7892ae7c2e96a4a9358b1064fb5519a5c0528b715beee67b72e74d7a644064 - 1.6.12: 0a0133336596b2d1dcafe3587eb91ab302afc28f273614e0e02300694b5457a0 - 1.6.11: 1b34d8ff067da482af021dac325dc4e993d7356c0bd9dc8e5a3bb8271c1532de - 1.6.10: 6d655e80a843f480e1c1cead18479185251581ff2d4a2e2e5eb88ad5b5e3d937 - 1.6.9: 140197aee930a8bd8a69ff8e0161e56305751be66e899dccd833c27d139f4f47 - 1.6.8: b114e36ecce78cef9d611416c01b784a420928c82766d6df7dc02b10d9da94cd - 1.6.7: 4167bf688a0ed08b76b3ac264b90aad7d9dd1424ad9c3911e9416b45e37b0be5 - 1.6.6: 807bf333df331d713708ead66919189d7b142a0cc21ec32debbc988f9069d5eb - 1.6.5: 2833e2f0e8f3cb5044566d64121fdd92bbdfe523e9fe912259e936af280da62a - 1.6.4: 0205bd1907154388dc85b1afeeb550cbb44c470ef4a290cb1daf91501c85cae6 - 1.6.3: 354e30d52ff94bd6cd7ceb8259bdf28419296b46cf5585e9492a87fdefcfe8b2 - 1.6.2: a4b24b3c38a67852daa80f03ec2bc94e31a0f4393477cd7dc1c1a7c2d3eb2a95 - 1.6.1: fbeec71f2d37e0e4ceaaac2bdf081295add940a7a5c7a6bcc125e5bbae067791 - 1.6.0: 6eff3e16d44c89e1e8480a9ca078f79bab82af602818455cc162be344f64686a - 1.5.18: 0 - 1.5.17: 0 - 1.5.16: 0 - 1.5.15: 0 - 1.5.14: 0 amd64: + 1.7.16: 4f4f2c3c7d14fd59a404961a3a3341303c2fdeeba0e78808c209f606e828f99c + 1.7.15: ea27e6454954bd9cb62a70b0a40eb085ae9c96cb8c075a74910102b33586e07d + 1.7.14: 48e0d9747cd51cb90e0b278d100397653d9f2e765effca194427e4796395b240 1.7.13: c2371c009dd8b7738663333d91e5ab50d204f8bcae24201f45d59060d12c3a23 1.7.12: 6a24d8b996533fa1b0d7348fe9813a78cd01fa16cff865a961ad0d556f5cd665 1.7.11: d66161d54546fad502fd50a13fcb79efff033fcd895adc9c44762680dcde4e69 @@ -1348,7 +1092,11 @@ containerd_archive_checksums: 1.7.2: 2755c70152ab40856510b4549c2dd530e15f5355eb7bf82868e813c9380e22a7 1.7.1: 9504771bcb816d3b27fab37a6cf76928ee5e95a31eb41510a7d10ae726e01e85 1.7.0: b068b05d58025dc9f2fc336674cac0e377a478930f29b48e068f97c783a423f0 + 1.6.31: 52080601f414b7e63a5b8e0cb8c1d641c9e070447ac96da9b1aeb00480744ba5 + 1.6.30: 1f1b65190b626883394e6f2ecbe5141afc6c45fc1ca035ef052e66bb2c479a5f + 1.6.29: 0 1.6.28: b2f15c722d1cc8b74ed643068e043b92bd031fc23d53488d1e837cf4b2777391 + 1.6.27: 8c0b04a8b39127c084d490cca905d565c94929dd15e168b0f8663076fdcf5539 1.6.26: fa806d3e945a8ad25aa1f8123a98524768ead83af2ed1ab3d922d2dd5fe6b14c 1.6.25: 878b331b5fa65df3d33c68ee355724de0044c25071486086409b374a9c62d145 1.6.24: a56fac5ba03c3d6f74ceae14abdc9fafabcba900105e9890c0ac895cc00164ad @@ -1362,26 +1110,10 @@ containerd_archive_checksums: 1.6.16: 2415b431a900275c14942f87f751e1e13d513c1c2f062322b5ca5a9a2190f22a 1.6.15: 191bb4f6e4afc237efc5c85b5866b6fdfed731bde12cceaa6017a9c7f8aeda02 1.6.14: 7da626d46c4edcae1eefe6d48dc6521db3e594a402715afcddc6ac9e67e1bfcd - 1.6.13: 97f00411587512e62ec762828e581047b23199f8744754706d09976ec24a2736 - 1.6.12: a56c39795fd0d0ee356b4099a4dfa34689779f61afc858ef84c765c63e983a7d - 1.6.11: 21870d7022c52f5f74336d440deffb208ba747b332a88e6369e2aecb69382e48 - 1.6.10: dd1f4730daf728822aea3ba35a440e14b1dfa8f1db97288a59a8666676a13637 - 1.6.9: 9ee2644bfb95b23123f96b564df2035ec94a46f64060ae12322e09a8ec3c2b53 - 1.6.8: 3a1322c18ee5ff4b9bd5af6b7b30c923a3eab8af1df05554f530ef8e2b24ac5e - 1.6.7: 52e817b712d521b193773529ff33626f47507973040c02474a2db95a37da1c37 - 1.6.6: 0212869675742081d70600a1afc6cea4388435cc52bf5dc21f4efdcb9a92d2ef - 1.6.5: cf02a2da998bfcf61727c65ede6f53e89052a68190563a1799a7298b0cea86b4 - 1.6.4: f23c8ac914d748f85df94d3e82d11ca89ca9fe19a220ce61b99a05b070044de0 - 1.6.3: 306b3c77f0b5e28ed10d527edf3d73f56bf0a1fb296075af4483d8516b6975ed - 1.6.2: 3d94f887de5f284b0d6ee61fa17ba413a7d60b4bb27d756a402b713a53685c6a - 1.6.1: c1df0a12af2be019ca2d6c157f94e8ce7430484ab29948c9805882df40ec458b - 1.6.0: f77725e4f757523bf1472ec3b9e02b09303a5d99529173be0f11a6d39f5676e9 - 1.5.18: d132525d375bbafd3aee8e9aa5517203cef2bbf77197db7522c8730cc526b3db - 1.5.17: b676f56f43bf02782179320b5070fb210cbc1784a9b0875086bc15c3bcc546f3 - 1.5.16: f5326865c2b86aba794f590fd2ca479f817fa1f88c084d97a45816aec9d0ce32 - 1.5.15: 0d09043be08dcf6bf136aa78bfd719e836cf9f9679afa4db0b6e4d478e396528 - 1.5.14: 8513ead11aca164b7e70bcea0429b4e51dad836b6383b806322e128821aaebbd ppc64le: + 1.7.16: d0add7a55a5d4411cafb276469d2b78bc3ada11cb4b444b9e35f9ef60c00960d + 1.7.15: b38641d9bd18139495cf9839999039b19941f53d36a6d72efe4577c489dfda0c + 1.7.14: b84b523909b9dd0c0b2bc40bd2b9af543ec9f1186df69c220ae3749e34623dbb 1.7.13: 89605ed2365d5eb779477d11947101236eb44e5244f1e58bb162a9e68d242798 1.7.12: 80f16891b387d86712026234de7d4d0365a38106dbe5e51b65b1200b24822721 1.7.11: 6f91c5dabdccd1fc75aae8687381bb185b9eb4200beb29d0993dea8175f5fa61 @@ -1396,7 +1128,11 @@ containerd_archive_checksums: 1.7.2: cbe7ec913cb603ca218bd8867efdce4bee3b0e0115e467e51c910467daf8184e 1.7.1: 17d97ef55c6ce7af9778dbafb5e73f577d1b34220043a91cccde49dbcc610342 1.7.0: 051e897d3ee5b8c8097f65be447fea2d29226b583ca5d9ed78e9aebcf4e69889 + 1.6.31: 4458a2398f27241b6e674ea9ba1f56dc4d9ab9dacc5a07469602776c3e428110 + 1.6.30: ba3d790f504a845b060e2faae3cc0603afd125ebdddb3bdb513b8d70a4337d87 + 1.6.29: 0 1.6.28: 35411f9d1bafc9cae91c2e30d46a59d01bffc7e18ac7f0942dca9d1d5907ab38 + 1.6.27: 8106915bc62c51383baa77925748505e79229fded7efcd7e74cb352ad10d0ce9 1.6.26: 75fb01a4bd3bcd16263c2f833b8e7081356e2e390dd7eb0710232cb04dac5a01 1.6.25: 3ddcc1739ffeb3e1df786d45518a01d93a5cef243eb6dee61cbdd4cd110bc723 1.6.24: abff9e7ec4cc21d19150d2bc55fc89cf53dc03c002cdaf5016ee82aedead9b03 @@ -1410,120 +1146,69 @@ containerd_archive_checksums: 1.6.16: 9cfd5dade6a1c2671f5c76496395afe0aa0ce902c13672b306d8d09fdbb99492 1.6.15: 502f3e4c8ea2018aaa285fe4f704bfd560fdf93193bb829dd9302d013bc38370 1.6.14: 73025da0666079fc3bbd48cf185da320955d323c7dc42d8a4ade0e7926d62bb0 - 1.6.13: f2508ada0c8bd7d3cb09b0e7f10416aba3d643c0da7adc27efe4e76d444322ae - 1.6.12: 088e4d1fe1787fc4a173de24a58da01880d1ead5a13f1ab55e1ade972d3907d4 - 1.6.11: e600a5714ffb29937b3710f9ae81bb7aa15b7b6661192f5e8d0b9b58ac6d5e66 - 1.6.10: 704b1affd306b807fe6b4701d778129283635c576ecedc6d0a9da5370a07d56a - 1.6.9: fe0046437cfe971ef0b3101ee69fcef5cf52e8868de708d35f8b82f998044f6e - 1.6.8: f18769721f614828f6b778030c72dc6969ce2108f2363ddc85f6c7a147df0fb8 - 1.6.7: 0db5cb6d5dd4f3b7369c6945d2ec29a9c10b106643948e3224e53885f56863a9 - 1.6.6: 0 - 1.6.5: 0 - 1.6.4: 0 - 1.6.3: 0 - 1.6.2: 0 - 1.6.1: 0 - 1.6.0: 0 - 1.5.18: 0 - 1.5.17: 0 - 1.5.16: 0 - 1.5.15: 0 - 1.5.14: 0 skopeo_binary_checksums: arm: + v1.15.0: 0 + v1.14.2: 0 + v1.14.1: 0 v1.13.3: 0 v1.13.2: 0 v1.13.1: 0 v1.13.0: 0 - v1.12.0: 0 - v1.11.2: 0 - v1.11.1: 0 - v1.11.0: 0 - v1.10.0: 0 - v1.9.3: 0 - v1.9.2: 0 arm64: + v1.15.0: bde8cc7e764d246281430d5da07ca906ee0838803199e3a6136a58802b2e0207 + v1.14.2: 364c46085de31edf4b312f13587442f4eade1f181bc5a9ea2ab2ffab5b575916 + v1.14.1: fd4fc0adae14f27788fd52cf0d23be2cfd1963e184c4af689de30185455e29a6 v1.13.3: 1f7726b020ff9bc931ce16caa13c29999738a231f1414028282cd8f8661eb747 v1.13.2: 520cc31c15796405b82d01c78629d5b581eced3512ca0b6b184ed82f5e18dc86 v1.13.1: 3b7db2b827fea432aa8a861b5caa250271c05da70bd240aa4045f692eba52e24 v1.13.0: d23e43323c0a441d1825f9da483b07c7f265f2bd0a4728f7daac4239460600a3 - v1.12.0: f34476bd33d2ab3784675611b405cc0855ce5decedfa22287e261d23d17e7688 - v1.11.2: cd90552f7d4eb78ba032c885b47cd97ef015a958279d2a2b828b109d75d6c7e0 - v1.11.1: 693f7d2791e0549b173b2c16f1c3326328aa5e95bc2b4d71f5ecd35b6524b09d - v1.11.0: 3e510999ffb6544b11d339812df75d14a46261518b5c73f530242ebed679fb1b - v1.10.0: 3bfc344d4940df29358f8056de7b8dd488b88a5d777b3106748ba66851fa2c58 - v1.9.3: 27c88183de036ebd4ffa5bc5211329666e3c40ac69c5d938bcdab9b9ec248fd4 - v1.9.2: 1b7b4411c9723dbbdda4ae9dde23a33d8ab093b54c97d3323784b117d3e9413f amd64: + v1.15.0: 3cdbcde0163abb4c942f62d0302479d5aa4d31c5970d712841cf5d5f76edc594 + v1.14.2: 51218f93a2b079e36a36f7fbe2d2d86778be0a6947653031b4f9e254e2469224 + v1.14.1: 6b7776bcdf0c92af5d3f3c91a959d091011b42d839025b90f12b7201a083f308 v1.13.3: 65707992885b1a4a446af6342874749478a1af7e17ab3f4df8fb89509e8b1966 v1.13.2: 2f00be6ee1c4cbfa7f2452be90a1a2ce88fd92a6d0f6a2e9d901bd2087bd9092 v1.13.1: 8c15c56a6caffeb863c17d73a6361218c04c7763e020fffc8d5d6745cacfa901 v1.13.0: 8cb477ee25010497fc9df53a6205dbd9fe264dd8a5ea4e934b9ec24d5bdc126c - v1.12.0: 38143238e945959e6b24dba1447ba49e0b79f10a3aef2634391d0205ab950003 - v1.11.2: c8641decb185f43bb49f3f2a68abbc22e051a497440beba28b10d25d0a856574 - v1.11.1: 9aad99e41533800ce08526a602de2f87b8ce123ea9547358e2cccfa2f9c3a9e0 - v1.11.0: 0a6c0a1b349d2efd2895d2ec9a1d9c5c4bbd59f10c3993acb0c92d31914fbd62 - v1.10.0: 20fbd1bac1d33768c3671e4fe9d90c5233d7e13a40e4935b4b24ebc083390604 - v1.9.3: 6e00cf4661c081fb1d010ce60904dccb880788a52bf10de16a40f32082415a87 - v1.9.2: 5c82f8fc2bcb2502cf7cdf9239f54468d52f5a2a8072893c75408b78173c4ba6 ppc64le: + v1.15.0: fb7f390f52f4b81f85d9bdce8715af5e27ee3969eff236b5f3c0f3a0b5a182e1 + v1.14.2: 0 + v1.14.1: 0 v1.13.3: 0 v1.13.2: 0 v1.13.1: 0 v1.13.0: 0 - v1.12.0: 0 - v1.11.2: 0 - v1.11.1: 0 - v1.11.0: 0 - v1.10.0: 0 - v1.9.3: 0 - v1.9.2: 0 yq_checksums: arm: - v4.40.1: 5a005b89cb63994f999785716ab196160042516cad53a0535244f76aad468966 - v4.35.2: 000e1a8e82be5e99341c507a2abe93e104f0d4619dc7df742e88043206544c7e - v4.35.1: b2349bc220394329bc95865375feb5d777f5a5177bcdede272788b218f057a05 - v4.34.2: 161f2b64e7bf277614983014b2b842e9ae9c1f234a9ea12593b0e5ebe5a89681 - v4.34.1: dfda7fc51bdf44d3551c4bca78ecd52c13d7137d99ec3f7b466c50333e0a0b7c - v4.33.3: 77c239e17cb50a330da3c48af7dbd3b667af02c950a9ecae49b171cc0bf66c48 - v4.33.2: ee8d61975ebdfabf9b79ed2947ebfe39d62f290ab71d6eb53af183f06cfa1af2 - v4.33.1: 80ec1487b9497e0c5f182c8e44d73b5e9c437719230e114b9fce2fa25c23f95a - v4.32.2: 776b8dcfaf796255e60c0e9893d24ce9eb61cc7e787a1cc8b4a5dc37a84f02d5 - v4.32.1: 0fc6c3e41af7613dcd0e2af5c3c448e7d0a46eab8b38a22f682d71e35720daed - v4.31.2: 4873c86de5571487cb2dcfd68138fc9e0aa9a1382db958527fa8bc02349b5b26 + v4.42.1: 4e3fe0c37793d28e96d465d9958fbf679d8c616e1857d0faf7980ad087f32aee + v4.41.1: ccd50344652c02574ca7dd123c7d66a06b391838e8ca6088b688e6edf2e25d0c + v4.40.7: fb922bb1e3974fbd15957feafb5e9bbabe43f4192999cf9b3e0e470815f2e0da + v4.40.6: 0 + v4.40.5: c587b2411e43d3fbcdd24c233fb558a362b5111a8446b23f9ce9a4a5665a7041 + v4.40.4: 2ff3f17483f2172a20130b16328114bfe6abd7d3068d66d8194a5093079e8529 + v4.40.3: 6a97856e8b4ef992ce08dcfdf97fec517cf612b1a89078406f401673f126c21c arm64: - v4.40.1: 11491c62fa0af9995f26a64e9cce97c8404018bb6b0acd7d7ac1be0f437ecf28 - v4.35.2: 6ea822bc966e7dc23bb7d675a1ff36bc2e7a9a9f88c402129eafbd6b19d8ff8a - v4.35.1: 1d830254fe5cc2fb046479e6c781032976f5cf88f9d01a6385898c29182f9bed - v4.34.2: 6ea70418755aa805b6d03e78a1c8a1bf236220f187ba3fb4f30663a35c43b4c1 - v4.34.1: c1410df7b1266d34a89a91dcfeaf8eb27cb1c3f69822d72040d167ec61917ba0 - v4.33.3: 15925a972d268bcb0a7aa2236c7e5925b7a3ba4b5569bb57e943db7e8c6f834f - v4.33.2: aa86e5f36850f9350a7393c7cf654ee726df99ae985b663eb3605ca2bdd24692 - v4.33.1: e3a47e60765322995f11422108829881d2166dcf9b13a3ae8ad2c002ee61f8a1 - v4.32.2: 2f855a9e616eb9c635269630666e7594931ab7524326ff02a8351d5762a28940 - v4.32.1: db4eba6ced2656e1c40e4d0f406ee189773bdda1054cbd097c1dba471e04dd4d - v4.31.2: 590f19f0a696103376e383c719fe0df28c62515627bf44e5e69403073ba83cbf + v4.42.1: 16a57531a594b66c3e0981cd93f9e9cd4b684a347b86eaf5e3f409074ad67eb8 + v4.41.1: 066aa930d74e39a25447b1900d8cbb3e1c7df72cd75bc203bc6ae5ee577a5b4a + v4.40.7: a84f2c8f105b70cd348c3bf14048aeb1665c2e7314cbe9aaff15479f268b8412 + v4.40.6: 0 + v4.40.5: 9431f0fa39a0af03a152d7fe19a86e42e9ff28d503ed4a70598f9261ec944a97 + v4.40.4: 79c61a1ebfedb165ec8c4678777775b52e2c581801f5d4cd80f97300852fe0f0 + v4.40.3: 44a5cca10d33019b8a46212882197be4f961dfe7deddde0af497065aa980a6a4 amd64: - v4.40.1: 97e931eb40791b7f0cf02363065684d807bdbc0c5973b97a37d60a7a71e8cf73 - v4.35.2: 8afd786b3b8ba8053409c5e7d154403e2d4ed4cf3e93c237462dc9ef75f38c8d - v4.35.1: bd695a6513f1196aeda17b174a15e9c351843fb1cef5f9be0af170f2dd744f08 - v4.34.2: 1952f93323e871700325a70610d2b33bafae5fe68e6eb4aec0621214f39a4c1e - v4.34.1: c5a92a572b3bd0024c7b1fe8072be3251156874c05f017c23f9db7b3254ae71a - v4.33.3: 4ee662847c588c3ef2fec8bfb304e8739e3dbaba87ccb9a608d691c88f5b64dc - v4.33.2: fbcc9551afd66622ffd68ad417837139741b2ad0eef9af1bb4b64e3596679ffa - v4.33.1: 5b9d60aa55e53fc06c9114aa5b9d5f1de9bdb231c91aed62b35d10d991831cda - v4.32.2: 0e5c6b5a74d4ccd6eed43180f60dd48a6e1d0e778f834dca33a312301674b628 - v4.32.1: e53b82caa86477bd96cf447138c72c9a0a857142a5bcdd34440b2644693ed18f - v4.31.2: 71ef4141dbd9aec3f7fb45963b92460568d044245c945a7390831a5a470623f7 + v4.42.1: 1a95960dddd426321354d58d2beac457717f7c49a9ec0806749a5a9e400eb45e + v4.41.1: ce0d5a61c256a463fd32f67f133e0c2948bc2cf77d44c42ff335a40e6bef34bf + v4.40.7: 4f13ee9303a49f7e8f61e7d9c87402e07cc920ae8dfaaa8c10d7ea1b8f9f48ed + v4.40.6: 0 + v4.40.5: 0d6aaf1cf44a8d18fbc7ed0ef14f735a8df8d2e314c4cc0f0242d35c0a440c95 + v4.40.4: f9163412d9aa2aa55e888fdcaf2b4053ada20074be35f701424caa7163100704 + v4.40.3: 6e9a5ed9591dbf1d13aaec4efaaf0ecdaf4945ea393b9ce01f4c3dea22311470 ppc64le: - v4.40.1: 7434cac727b3bc544e2e91abffb52bafa7180cc344cd84b5019ccbd2eebf9f0c - v4.35.2: 33242c57d1cab1b880b37ea7235c09966a8525319edc41ced2c70290c6a7c924 - v4.35.1: 713e2c40c5d659cbed7bf093f4c718674a75f9fe5b10ac96fd422372af198684 - v4.34.2: e149b36f93a1318414c0af971755a1488df4844356b6e9e052adf099a72e3a3a - v4.34.1: 3e629c51a07302920110893796f54f056a6ef232f791b9c67fdbe95362921a03 - v4.33.3: b5b7a59e72a5f603b819f50f2dc3e42e53127398c6f0d77da7a06d2f4d0952ea - v4.33.2: 682db3754da9f91ea447e9811e582c3f395e8d566b5afc43d1a67f6be56fa1e2 - v4.33.1: 22311b8726022963e50494d5510ffe5bb63bd0aa3f47feff445e35c4483ac68a - v4.32.2: a3650f6838a8a7a9b8914a8c27c16fb3a172ac3430836565c3927bf1a641d714 - v4.32.1: 43f1f5078a2fa7748cb5dab693538a9e634557ef2c8aad390f147beb727278cf - v4.31.2: 14e79e8eb6d36858adb3355d77ccd1d128ce74257d1358f53e1a46b2f252e28c + v4.42.1: d0d1cdbd2c4a7e6995433baf879cadaa47f6f12290e1661ea11933ed90baccb6 + v4.41.1: eed2af79d0ad787878b2d5c7c592e43ac152208d9ed432b42a43663167e276e8 + v4.40.7: ac0e8d06a7ed9afc108b4e2e9d6900312b01757f61b75fcecb809f15c39b10e7 + v4.40.6: 0 + v4.40.5: a1df9d2b872fbb30583526bf4f37f737dc1913b28606dfc1dafeaf56a8862b3d + v4.40.4: c67379085a44558825a60a8af3b59b400852b168356070829bc0f45c70553f45 + v4.40.3: 2fe818a0b141913a41548e0e727267479d0f755221c73f9e304788c8e9139a45 diff --git a/roles/kubespray-defaults/defaults/main/download.yml b/roles/kubespray-defaults/defaults/main/download.yml index dcc36179c..97b1e8a27 100644 --- a/roles/kubespray-defaults/defaults/main/download.yml +++ b/roles/kubespray-defaults/defaults/main/download.yml @@ -75,13 +75,13 @@ image_arch: "{{ host_architecture | default('amd64') }}" # Versions kubeadm_version: "{{ kube_version }}" -crun_version: 1.8.5 +crun_version: 1.14.4 runc_version: v1.1.12 kata_containers_version: 3.1.3 youki_version: 0.1.0 -gvisor_version: 20230807 -containerd_version: 1.7.13 -cri_dockerd_version: 0.3.9 +gvisor_version: 20240305 +containerd_version: 1.7.16 +cri_dockerd_version: 0.3.11 # this is relevant when container_manager == 'docker' docker_containerd_version: 1.6.28 @@ -101,7 +101,7 @@ github_image_repo: "ghcr.io" # TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults # after migration to container download -calico_version: "v3.27.2" +calico_version: "v3.27.3" calico_ctl_version: "{{ calico_version }}" calico_cni_version: "{{ calico_version }}" calico_flexvol_version: "{{ calico_version }}" @@ -116,8 +116,8 @@ flannel_cni_version: "v1.1.2" cni_version: "v1.3.0" weave_version: 2.8.1 -cilium_version: "v1.13.4" -cilium_cli_version: "v0.15.0" +cilium_version: "v1.15.4" +cilium_cli_version: "v0.16.0" cilium_enable_hubble: false kube_ovn_version: "v1.11.5" @@ -127,7 +127,7 @@ multus_version: "v3.8" helm_version: "v3.14.2" nerdctl_version: "1.7.4" krew_version: "v0.4.4" -skopeo_version: "v1.13.2" +skopeo_version: "v1.15.0" # Get kubernetes major version (i.e. 1.17.4 => 1.17) kube_major_version: "{{ kube_version | regex_replace('^v([0-9])+\\.([0-9]+)\\.[0-9]+', 'v\\1.\\2') }}" @@ -139,9 +139,9 @@ pod_infra_supported_versions: pod_infra_version: "{{ pod_infra_supported_versions[kube_major_version] }}" etcd_supported_versions: - v1.29: "v3.5.10" - v1.28: "v3.5.10" - v1.27: "v3.5.10" + v1.29: "v3.5.12" + v1.28: "v3.5.12" + v1.27: "v3.5.12" etcd_version: "{{ etcd_supported_versions[kube_major_version] }}" crictl_supported_versions: @@ -152,8 +152,8 @@ crictl_version: "{{ crictl_supported_versions[kube_major_version] }}" crio_supported_versions: v1.29: v1.29.1 - v1.28: v1.28.1 - v1.27: v1.27.1 + v1.28: v1.28.4 + v1.27: v1.27.4 crio_version: "{{ crio_supported_versions[kube_major_version] }}" # Scheduler plugins doesn't build for K8s 1.28 yet @@ -163,33 +163,38 @@ scheduler_plugins_supported_versions: v1.27: v0.27.8 scheduler_plugins_version: "{{ scheduler_plugins_supported_versions[kube_major_version] }}" -yq_version: "v4.35.2" +yq_version: "v4.42.1" + +github_url: https://github.com +dl_k8s_io_url: https://dl.k8s.io +storage_googleapis_url: https://storage.googleapis.com +get_helm_url: https://get.helm.sh # Download URLs -kubelet_download_url: "https://dl.k8s.io/release/{{ kube_version }}/bin/linux/{{ image_arch }}/kubelet" -kubectl_download_url: "https://dl.k8s.io/release/{{ kube_version }}/bin/linux/{{ image_arch }}/kubectl" -kubeadm_download_url: "https://dl.k8s.io/release/{{ kubeadm_version }}/bin/linux/{{ image_arch }}/kubeadm" -etcd_download_url: "https://github.com/etcd-io/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-{{ image_arch }}.tar.gz" -cni_download_url: "https://github.com/containernetworking/plugins/releases/download/{{ cni_version }}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz" -calicoctl_download_url: "https://github.com/projectcalico/calico/releases/download/{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}" -calico_crds_download_url: "https://github.com/projectcalico/calico/archive/{{ calico_version }}.tar.gz" -ciliumcli_download_url: "https://github.com/cilium/cilium-cli/releases/download/{{ cilium_cli_version }}/cilium-linux-{{ image_arch }}.tar.gz" -crictl_download_url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ crictl_version }}/crictl-{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz" -crio_download_url: "https://storage.googleapis.com/cri-o/artifacts/cri-o.{{ image_arch }}.{{ crio_version }}.tar.gz" -helm_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-{{ image_arch }}.tar.gz" -runc_download_url: "https://github.com/opencontainers/runc/releases/download/{{ runc_version }}/runc.{{ image_arch }}" -crun_download_url: "https://github.com/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ image_arch }}" -youki_download_url: "https://github.com/containers/youki/releases/download/v{{ youki_version }}/youki_{{ youki_version | regex_replace('\\.', '_') }}_linux.tar.gz" -kata_containers_download_url: "https://github.com/kata-containers/kata-containers/releases/download/{{ kata_containers_version }}/kata-static-{{ kata_containers_version }}-{{ ansible_architecture }}.tar.xz" +kubelet_download_url: "{{ dl_k8s_io_url }}/release/{{ kube_version }}/bin/linux/{{ image_arch }}/kubelet" +kubectl_download_url: "{{ dl_k8s_io_url }}/release/{{ kube_version }}/bin/linux/{{ image_arch }}/kubectl" +kubeadm_download_url: "{{ dl_k8s_io_url }}/release/{{ kubeadm_version }}/bin/linux/{{ image_arch }}/kubeadm" +etcd_download_url: "{{ github_url }}/etcd-io/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-{{ image_arch }}.tar.gz" +cni_download_url: "{{ github_url }}/containernetworking/plugins/releases/download/{{ cni_version }}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz" +calicoctl_download_url: "{{ github_url }}/projectcalico/calico/releases/download/{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}" +calico_crds_download_url: "{{ github_url }}/projectcalico/calico/archive/{{ calico_version }}.tar.gz" +ciliumcli_download_url: "{{ github_url }}/cilium/cilium-cli/releases/download/{{ cilium_cli_version }}/cilium-linux-{{ image_arch }}.tar.gz" +crictl_download_url: "{{ github_url }}/kubernetes-sigs/cri-tools/releases/download/{{ crictl_version }}/crictl-{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz" +crio_download_url: "{{ storage_googleapis_url }}/cri-o/artifacts/cri-o.{{ image_arch }}.{{ crio_version }}.tar.gz" +helm_download_url: "{{ get_helm_url }}/helm-{{ helm_version }}-linux-{{ image_arch }}.tar.gz" +runc_download_url: "{{ github_url }}/opencontainers/runc/releases/download/{{ runc_version }}/runc.{{ image_arch }}" +crun_download_url: "{{ github_url }}/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ image_arch }}" +youki_download_url: "{{ github_url }}/containers/youki/releases/download/v{{ youki_version }}/youki_{{ youki_version | regex_replace('\\.', '_') }}_linux.tar.gz" +kata_containers_download_url: "{{ github_url }}/kata-containers/kata-containers/releases/download/{{ kata_containers_version }}/kata-static-{{ kata_containers_version }}-{{ ansible_architecture }}.tar.xz" # gVisor only supports amd64 and uses x86_64 to in the download link -gvisor_runsc_download_url: "https://storage.googleapis.com/gvisor/releases/release/{{ gvisor_version }}/{{ ansible_architecture }}/runsc" -gvisor_containerd_shim_runsc_download_url: "https://storage.googleapis.com/gvisor/releases/release/{{ gvisor_version }}/{{ ansible_architecture }}/containerd-shim-runsc-v1" -nerdctl_download_url: "https://github.com/containerd/nerdctl/releases/download/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz" -krew_download_url: "https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew-{{ host_os }}_{{ image_arch }}.tar.gz" -containerd_download_url: "https://github.com/containerd/containerd/releases/download/v{{ containerd_version }}/containerd-{{ containerd_version }}-linux-{{ image_arch }}.tar.gz" -cri_dockerd_download_url: "https://github.com/Mirantis/cri-dockerd/releases/download/v{{ cri_dockerd_version }}/cri-dockerd-{{ cri_dockerd_version }}.{{ image_arch }}.tgz" -skopeo_download_url: "https://github.com/lework/skopeo-binary/releases/download/{{ skopeo_version }}/skopeo-linux-{{ image_arch }}" -yq_download_url: "https://github.com/mikefarah/yq/releases/download/{{ yq_version }}/yq_linux_{{ image_arch }}" +gvisor_runsc_download_url: "{{ storage_googleapis_url }}/gvisor/releases/release/{{ gvisor_version }}/{{ ansible_architecture }}/runsc" +gvisor_containerd_shim_runsc_download_url: "{{ storage_googleapis_url }}/gvisor/releases/release/{{ gvisor_version }}/{{ ansible_architecture }}/containerd-shim-runsc-v1" +nerdctl_download_url: "{{ github_url }}/containerd/nerdctl/releases/download/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz" +krew_download_url: "{{ github_url }}/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew-{{ host_os }}_{{ image_arch }}.tar.gz" +containerd_download_url: "{{ github_url }}/containerd/containerd/releases/download/v{{ containerd_version }}/containerd-{{ containerd_version }}-linux-{{ image_arch }}.tar.gz" +cri_dockerd_download_url: "{{ github_url }}/Mirantis/cri-dockerd/releases/download/v{{ cri_dockerd_version }}/cri-dockerd-{{ cri_dockerd_version }}.{{ image_arch }}.tgz" +skopeo_download_url: "{{ github_url }}/lework/skopeo-binary/releases/download/{{ skopeo_version }}/skopeo-linux-{{ image_arch }}" +yq_download_url: "{{ github_url }}/mikefarah/yq/releases/download/{{ yq_version }}/yq_linux_{{ image_arch }}" etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch][etcd_version] }}" cni_binary_checksum: "{{ cni_binary_checksums[image_arch][cni_version] }}" @@ -276,6 +281,8 @@ kube_router_image_repo: "{{ docker_image_repo }}/cloudnativelabs/kube-router" kube_router_image_tag: "{{ kube_router_version }}" multus_image_repo: "{{ github_image_repo }}/k8snetworkplumbingwg/multus-cni" multus_image_tag: "{{ multus_version }}" +external_openstack_cloud_controller_image_repo: "registry.k8s.io/provider-os/openstack-cloud-controller-manager" +external_openstack_cloud_controller_image_tag: "v1.28.2" kube_vip_image_repo: "{{ github_image_repo }}/kube-vip/kube-vip" kube_vip_image_tag: v0.5.12 @@ -326,7 +333,9 @@ local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-p local_path_provisioner_image_tag: "{{ local_path_provisioner_version }}" ingress_nginx_version: "v1.9.6" ingress_nginx_controller_image_repo: "{{ kube_image_repo }}/ingress-nginx/controller" +ingress_nginx_opentelemetry_image_repo: "{{ kube_image_repo }}/ingress-nginx/opentelemetry" ingress_nginx_controller_image_tag: "{{ ingress_nginx_version }}" +ingress_nginx_opentelemetry_image_tag: "v20230721-3e2062ee5" ingress_nginx_kube_webhook_certgen_image_repo: "{{ kube_image_repo }}/ingress-nginx/kube-webhook-certgen" ingress_nginx_kube_webhook_certgen_image_tag: "v20231011-8b53cabe0" alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller" @@ -353,9 +362,9 @@ csi_livenessprobe_image_repo: "{{ kube_image_repo }}/sig-storage/livenessprobe" csi_livenessprobe_image_tag: "v2.5.0" snapshot_controller_supported_versions: - v1.29: "v6.3.3" - v1.28: "v4.2.1" - v1.27: "v4.2.1" + v1.29: "v7.0.2" + v1.28: "v7.0.2" + v1.27: "v7.0.2" snapshot_controller_image_repo: "{{ kube_image_repo }}/sig-storage/snapshot-controller" snapshot_controller_image_tag: "{{ snapshot_controller_supported_versions[kube_major_version] }}" @@ -410,7 +419,7 @@ downloads: tag: "{{ netcheck_server_image_tag }}" sha256: "{{ netcheck_server_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster netcheck_agent: enabled: "{{ deploy_netchecker }}" @@ -419,7 +428,7 @@ downloads: tag: "{{ netcheck_agent_image_tag }}" sha256: "{{ netcheck_agent_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster etcd: container: "{{ etcd_deployment_type != 'host' }}" @@ -437,7 +446,7 @@ downloads: owner: "root" mode: "0755" groups: - - etcd + - etcd cni: enabled: true @@ -450,7 +459,7 @@ downloads: owner: "root" mode: "0755" groups: - - k8s_cluster + - k8s_cluster kubeadm: enabled: true @@ -463,7 +472,7 @@ downloads: owner: "root" mode: "0755" groups: - - k8s_cluster + - k8s_cluster kubelet: enabled: true @@ -476,7 +485,7 @@ downloads: owner: "root" mode: "0755" groups: - - k8s_cluster + - k8s_cluster kubectl: enabled: true @@ -489,7 +498,7 @@ downloads: owner: "root" mode: "0755" groups: - - kube_control_plane + - kube_control_plane crictl: file: true @@ -502,7 +511,7 @@ downloads: owner: "root" mode: "0755" groups: - - k8s_cluster + - k8s_cluster crio: file: true @@ -515,7 +524,7 @@ downloads: owner: "root" mode: "0755" groups: - - k8s_cluster + - k8s_cluster cri_dockerd: file: true @@ -526,11 +535,11 @@ downloads: url: "{{ cri_dockerd_download_url }}" unarchive: true unarchive_extra_opts: - - --strip=1 + - --strip=1 owner: "root" mode: "0755" groups: - - k8s_cluster + - k8s_cluster crun: file: true @@ -543,7 +552,7 @@ downloads: owner: "root" mode: "0755" groups: - - k8s_cluster + - k8s_cluster youki: file: true @@ -556,7 +565,7 @@ downloads: owner: "root" mode: "0755" groups: - - k8s_cluster + - k8s_cluster runc: file: true @@ -569,7 +578,7 @@ downloads: owner: "root" mode: "0755" groups: - - k8s_cluster + - k8s_cluster kata_containers: enabled: "{{ kata_containers_enabled }}" @@ -582,7 +591,7 @@ downloads: owner: "root" mode: "0755" groups: - - k8s_cluster + - k8s_cluster containerd: enabled: "{{ container_manager == 'containerd' }}" @@ -595,7 +604,7 @@ downloads: owner: "root" mode: "0755" groups: - - k8s_cluster + - k8s_cluster gvisor_runsc: enabled: "{{ gvisor_enabled }}" @@ -608,7 +617,7 @@ downloads: owner: "root" mode: 755 groups: - - k8s_cluster + - k8s_cluster gvisor_containerd_shim: enabled: "{{ gvisor_enabled }}" @@ -621,7 +630,7 @@ downloads: owner: "root" mode: 755 groups: - - k8s_cluster + - k8s_cluster nerdctl: file: true @@ -634,7 +643,7 @@ downloads: owner: "root" mode: "0755" groups: - - k8s_cluster + - k8s_cluster skopeo: file: true @@ -647,7 +656,7 @@ downloads: owner: "root" mode: "0755" groups: - - kube_control_plane + - kube_control_plane cilium: enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}" @@ -656,7 +665,7 @@ downloads: tag: "{{ cilium_image_tag }}" sha256: "{{ cilium_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster cilium_operator: enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}" @@ -665,7 +674,7 @@ downloads: tag: "{{ cilium_operator_image_tag }}" sha256: "{{ cilium_operator_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster cilium_hubble_relay: enabled: "{{ cilium_enable_hubble }}" @@ -674,7 +683,7 @@ downloads: tag: "{{ cilium_hubble_relay_image_tag }}" sha256: "{{ cilium_hubble_relay_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster cilium_hubble_certgen: enabled: "{{ cilium_enable_hubble }}" @@ -683,7 +692,7 @@ downloads: tag: "{{ cilium_hubble_certgen_image_tag }}" sha256: "{{ cilium_hubble_certgen_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster cilium_hubble_ui: enabled: "{{ cilium_enable_hubble }}" @@ -692,7 +701,7 @@ downloads: tag: "{{ cilium_hubble_ui_image_tag }}" sha256: "{{ cilium_hubble_ui_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster cilium_hubble_ui_backend: enabled: "{{ cilium_enable_hubble }}" @@ -701,7 +710,7 @@ downloads: tag: "{{ cilium_hubble_ui_backend_image_tag }}" sha256: "{{ cilium_hubble_ui_backend_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster cilium_hubble_envoy: enabled: "{{ cilium_enable_hubble }}" @@ -710,7 +719,7 @@ downloads: tag: "{{ cilium_hubble_envoy_image_tag }}" sha256: "{{ cilium_hubble_envoy_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster ciliumcli: enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}" @@ -723,7 +732,7 @@ downloads: owner: "root" mode: "0755" groups: - - k8s_cluster + - k8s_cluster multus: enabled: "{{ kube_network_plugin_multus }}" @@ -732,7 +741,7 @@ downloads: tag: "{{ multus_image_tag }}" sha256: "{{ multus_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster flannel: enabled: "{{ kube_network_plugin == 'flannel' }}" @@ -741,7 +750,7 @@ downloads: tag: "{{ flannel_image_tag }}" sha256: "{{ flannel_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster flannel_init: enabled: "{{ kube_network_plugin == 'flannel' }}" @@ -750,7 +759,7 @@ downloads: tag: "{{ flannel_init_image_tag }}" sha256: "{{ flannel_init_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster calicoctl: enabled: "{{ kube_network_plugin == 'calico' }}" @@ -763,7 +772,7 @@ downloads: owner: "root" mode: "0755" groups: - - k8s_cluster + - k8s_cluster calico_node: enabled: "{{ kube_network_plugin == 'calico' }}" @@ -772,7 +781,7 @@ downloads: tag: "{{ calico_node_image_tag }}" sha256: "{{ calico_node_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster calico_cni: enabled: "{{ kube_network_plugin == 'calico' }}" @@ -781,7 +790,7 @@ downloads: tag: "{{ calico_cni_image_tag }}" sha256: "{{ calico_cni_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster calico_flexvol: enabled: "{{ kube_network_plugin == 'calico' }}" @@ -790,7 +799,7 @@ downloads: tag: "{{ calico_flexvol_image_tag }}" sha256: "{{ calico_flexvol_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster calico_policy: enabled: "{{ enable_network_policy and kube_network_plugin in ['calico'] }}" @@ -799,7 +808,7 @@ downloads: tag: "{{ calico_policy_image_tag }}" sha256: "{{ calico_policy_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster calico_typha: enabled: "{{ typha_enabled }}" @@ -808,7 +817,7 @@ downloads: tag: "{{ calico_typha_image_tag }}" sha256: "{{ calico_typha_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster calico_apiserver: enabled: "{{ calico_apiserver_enabled }}" @@ -817,7 +826,7 @@ downloads: tag: "{{ calico_apiserver_image_tag }}" sha256: "{{ calico_apiserver_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster calico_crds: file: true @@ -828,13 +837,13 @@ downloads: url: "{{ calico_crds_download_url }}" unarchive: true unarchive_extra_opts: - - "{{ '--strip=6' if (calico_version is version('v3.22.3', '<')) else '--strip=3' }}" - - "--wildcards" - - "{{ '*/_includes/charts/calico/crds/kdd/' if (calico_version is version('v3.22.3', '<')) else '*/libcalico-go/config/crd/' }}" + - "{{ '--strip=6' if (calico_version is version('v3.22.3', '<')) else '--strip=3' }}" + - "--wildcards" + - "{{ '*/_includes/charts/calico/crds/kdd/' if (calico_version is version('v3.22.3', '<')) else '*/libcalico-go/config/crd/' }}" owner: "root" mode: "0755" groups: - - kube_control_plane + - kube_control_plane weave_kube: enabled: "{{ kube_network_plugin == 'weave' }}" @@ -843,7 +852,7 @@ downloads: tag: "{{ weave_kube_image_tag }}" sha256: "{{ weave_kube_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster weave_npc: enabled: "{{ kube_network_plugin == 'weave' }}" @@ -852,7 +861,7 @@ downloads: tag: "{{ weave_npc_image_tag }}" sha256: "{{ weave_npc_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster kube_ovn: enabled: "{{ kube_network_plugin == 'kube-ovn' }}" @@ -861,7 +870,7 @@ downloads: tag: "{{ kube_ovn_container_image_tag }}" sha256: "{{ kube_ovn_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster kube_router: enabled: "{{ kube_network_plugin == 'kube-router' }}" @@ -870,7 +879,7 @@ downloads: tag: "{{ kube_router_image_tag }}" sha256: "{{ kube_router_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster pod_infra: enabled: true @@ -879,7 +888,7 @@ downloads: tag: "{{ pod_infra_image_tag }}" sha256: "{{ pod_infra_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster kube-vip: enabled: "{{ kube_vip_enabled }}" @@ -888,7 +897,7 @@ downloads: tag: "{{ kube_vip_image_tag }}" sha256: "{{ kube_vip_digest_checksum | default(None) }}" groups: - - kube_control_plane + - kube_control_plane nginx: enabled: "{{ loadbalancer_apiserver_localhost and loadbalancer_apiserver_type == 'nginx' }}" @@ -897,7 +906,7 @@ downloads: tag: "{{ nginx_image_tag }}" sha256: "{{ nginx_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node haproxy: enabled: "{{ loadbalancer_apiserver_localhost and loadbalancer_apiserver_type == 'haproxy' }}" @@ -906,7 +915,7 @@ downloads: tag: "{{ haproxy_image_tag }}" sha256: "{{ haproxy_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node coredns: enabled: "{{ dns_mode in ['coredns', 'coredns_dual'] }}" @@ -915,7 +924,7 @@ downloads: tag: "{{ coredns_image_tag }}" sha256: "{{ coredns_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster nodelocaldns: enabled: "{{ enable_nodelocaldns }}" @@ -924,7 +933,7 @@ downloads: tag: "{{ nodelocaldns_image_tag }}" sha256: "{{ nodelocaldns_digest_checksum | default(None) }}" groups: - - k8s_cluster + - k8s_cluster dnsautoscaler: enabled: "{{ dns_mode in ['coredns', 'coredns_dual'] }}" @@ -933,7 +942,7 @@ downloads: tag: "{{ dnsautoscaler_image_tag }}" sha256: "{{ dnsautoscaler_digest_checksum | default(None) }}" groups: - - kube_control_plane + - kube_control_plane helm: enabled: "{{ helm_enabled }}" @@ -946,7 +955,7 @@ downloads: owner: "root" mode: "0755" groups: - - kube_control_plane + - kube_control_plane krew: enabled: "{{ krew_enabled }}" @@ -959,7 +968,7 @@ downloads: owner: "root" mode: "0755" groups: - - kube_control_plane + - kube_control_plane registry: enabled: "{{ registry_enabled }}" @@ -968,7 +977,7 @@ downloads: tag: "{{ registry_image_tag }}" sha256: "{{ registry_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node metrics_server: enabled: "{{ metrics_server_enabled }}" @@ -977,7 +986,7 @@ downloads: tag: "{{ metrics_server_image_tag }}" sha256: "{{ metrics_server_digest_checksum | default(None) }}" groups: - - kube_control_plane + - kube_control_plane local_volume_provisioner: enabled: "{{ local_volume_provisioner_enabled }}" @@ -986,7 +995,7 @@ downloads: tag: "{{ local_volume_provisioner_image_tag }}" sha256: "{{ local_volume_provisioner_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node cephfs_provisioner: enabled: "{{ cephfs_provisioner_enabled }}" @@ -995,7 +1004,7 @@ downloads: tag: "{{ cephfs_provisioner_image_tag }}" sha256: "{{ cephfs_provisioner_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node rbd_provisioner: enabled: "{{ rbd_provisioner_enabled }}" @@ -1004,7 +1013,7 @@ downloads: tag: "{{ rbd_provisioner_image_tag }}" sha256: "{{ rbd_provisioner_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node local_path_provisioner: enabled: "{{ local_path_provisioner_enabled }}" @@ -1013,7 +1022,7 @@ downloads: tag: "{{ local_path_provisioner_image_tag }}" sha256: "{{ local_path_provisioner_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node ingress_nginx_controller: enabled: "{{ ingress_nginx_enabled }}" @@ -1022,7 +1031,7 @@ downloads: tag: "{{ ingress_nginx_controller_image_tag }}" sha256: "{{ ingress_nginx_controller_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node ingress_alb_controller: enabled: "{{ ingress_alb_enabled }}" @@ -1031,7 +1040,7 @@ downloads: tag: "{{ alb_ingress_image_tag }}" sha256: "{{ ingress_alb_controller_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node cert_manager_controller: enabled: "{{ cert_manager_enabled }}" @@ -1040,7 +1049,7 @@ downloads: tag: "{{ cert_manager_controller_image_tag }}" sha256: "{{ cert_manager_controller_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node cert_manager_cainjector: enabled: "{{ cert_manager_enabled }}" @@ -1049,7 +1058,7 @@ downloads: tag: "{{ cert_manager_cainjector_image_tag }}" sha256: "{{ cert_manager_cainjector_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node cert_manager_webhook: enabled: "{{ cert_manager_enabled }}" @@ -1058,7 +1067,7 @@ downloads: tag: "{{ cert_manager_webhook_image_tag }}" sha256: "{{ cert_manager_webhook_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node csi_attacher: enabled: "{{ cinder_csi_enabled or aws_ebs_csi_enabled }}" @@ -1067,7 +1076,7 @@ downloads: tag: "{{ csi_attacher_image_tag }}" sha256: "{{ csi_attacher_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node csi_provisioner: enabled: "{{ cinder_csi_enabled or aws_ebs_csi_enabled }}" @@ -1076,7 +1085,7 @@ downloads: tag: "{{ csi_provisioner_image_tag }}" sha256: "{{ csi_provisioner_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node csi_snapshotter: enabled: "{{ cinder_csi_enabled or aws_ebs_csi_enabled }}" @@ -1085,7 +1094,7 @@ downloads: tag: "{{ csi_snapshotter_image_tag }}" sha256: "{{ csi_snapshotter_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node snapshot_controller: enabled: "{{ csi_snapshot_controller_enabled }}" @@ -1094,7 +1103,7 @@ downloads: tag: "{{ snapshot_controller_image_tag }}" sha256: "{{ snapshot_controller_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node csi_resizer: enabled: "{{ cinder_csi_enabled or aws_ebs_csi_enabled }}" @@ -1103,7 +1112,7 @@ downloads: tag: "{{ csi_resizer_image_tag }}" sha256: "{{ csi_resizer_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node csi_node_driver_registrar: enabled: "{{ cinder_csi_enabled or aws_ebs_csi_enabled }}" @@ -1112,7 +1121,7 @@ downloads: tag: "{{ csi_node_driver_registrar_image_tag }}" sha256: "{{ csi_node_driver_registrar_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node cinder_csi_plugin: enabled: "{{ cinder_csi_enabled }}" @@ -1121,7 +1130,7 @@ downloads: tag: "{{ cinder_csi_plugin_image_tag }}" sha256: "{{ cinder_csi_plugin_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node aws_ebs_csi_plugin: enabled: "{{ aws_ebs_csi_enabled }}" @@ -1130,7 +1139,7 @@ downloads: tag: "{{ aws_ebs_csi_plugin_image_tag }}" sha256: "{{ aws_ebs_csi_plugin_digest_checksum | default(None) }}" groups: - - kube_node + - kube_node dashboard: enabled: "{{ dashboard_enabled }}" @@ -1139,7 +1148,7 @@ downloads: tag: "{{ dashboard_image_tag }}" sha256: "{{ dashboard_digest_checksum | default(None) }}" groups: - - kube_control_plane + - kube_control_plane dashboard_metrics_scrapper: enabled: "{{ dashboard_enabled }}" @@ -1148,7 +1157,7 @@ downloads: tag: "{{ dashboard_metrics_scraper_tag }}" sha256: "{{ dashboard_digest_checksum | default(None) }}" groups: - - kube_control_plane + - kube_control_plane metallb_speaker: enabled: "{{ metallb_speaker_enabled }}" @@ -1157,7 +1166,7 @@ downloads: tag: "{{ metallb_version }}" sha256: "{{ metallb_speaker_digest_checksum | default(None) }}" groups: - - kube_control_plane + - kube_control_plane metallb_controller: enabled: "{{ metallb_enabled }}" @@ -1166,7 +1175,7 @@ downloads: tag: "{{ metallb_version }}" sha256: "{{ metallb_controller_digest_checksum | default(None) }}" groups: - - kube_control_plane + - kube_control_plane yq: enabled: "{{ argocd_enabled }}" @@ -1179,7 +1188,7 @@ downloads: owner: "root" mode: "0755" groups: - - kube_control_plane + - kube_control_plane download_defaults: container: false diff --git a/roles/kubespray-defaults/defaults/main/main.yml b/roles/kubespray-defaults/defaults/main/main.yml index 896643115..69dd01ea2 100644 --- a/roles/kubespray-defaults/defaults/main/main.yml +++ b/roles/kubespray-defaults/defaults/main/main.yml @@ -6,6 +6,8 @@ ansible_ssh_common_args: "{% if 'bastion' in groups['all'] %} -o ProxyCommand='s # selinux state preinstall_selinux_state: permissive +# Setting this value to false will fail +# For details, read this comment https://github.com/kubernetes-sigs/kubespray/pull/11016#issuecomment-2004985001 kube_api_anonymous_auth: true # Default value, but will be set to true automatically if detected @@ -16,7 +18,7 @@ kubelet_fail_swap_on: true kubelet_swap_behavior: LimitedSwap ## Change this to use another Kubernetes version, e.g. a current beta release -kube_version: v1.29.2 +kube_version: v1.29.4 ## The minimum version working kube_version_min_required: v1.27.0 @@ -50,6 +52,9 @@ kubeadm_join_phases_skip_default: [] kubeadm_join_phases_skip: >- {{ kubeadm_join_phases_skip_default }} +# Set to true to remove the role binding to anonymous users created by kubeadm +remove_anonymous_access: false + # A string slice of values which specify the addresses to use for NodePorts. # Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32). # The default empty string slice ([]) means to use all local addresses. diff --git a/roles/kubespray-defaults/tasks/main.yaml b/roles/kubespray-defaults/tasks/main.yaml index 0de87f150..0a9d987a7 100644 --- a/roles/kubespray-defaults/tasks/main.yaml +++ b/roles/kubespray-defaults/tasks/main.yaml @@ -3,7 +3,7 @@ # do not run gather facts when bootstrap-os in roles when: > ansible_play_role_names | - intersect(['bootstrap-os', 'kubernetes-sigs.kubespray.bootstrap-os']) | + intersect(['bootstrap-os', 'kubernetes_sigs.kubespray.bootstrap-os']) | length == 0 tags: - always diff --git a/roles/network_plugin/calico/tasks/check.yml b/roles/network_plugin/calico/tasks/check.yml index de67b154e..95dcfa673 100644 --- a/roles/network_plugin/calico/tasks/check.yml +++ b/roles/network_plugin/calico/tasks/check.yml @@ -82,11 +82,12 @@ Minimum version is {{ calico_min_version_required }} supported by the previous kubespray release. But current version is {{ calico_version_on_server.stdout }}. -- name: "Check that cluster_id is set if calico_rr enabled" +- name: "Check that cluster_id is set and a valid IPv4 address if calico_rr enabled" assert: that: - cluster_id is defined - msg: "A unique cluster_id is required if using calico_rr" + - cluster_id is ansible.utils.ipv4 + msg: "A unique cluster_id is required if using calico_rr, and it must be a valid IPv4 address" when: - peer_with_calico_rr - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/network_plugin/calico/tasks/peer_with_router.yml b/roles/network_plugin/calico/tasks/peer_with_router.yml index a29ca36dd..0a00059bd 100644 --- a/roles/network_plugin/calico/tasks/peer_with_router.yml +++ b/roles/network_plugin/calico/tasks/peer_with_router.yml @@ -23,6 +23,38 @@ when: - inventory_hostname == groups['kube_control_plane'][0] +- name: Calico | Get node for per node peering + command: + cmd: "{{ bin_dir }}/calicoctl.sh get node {{ inventory_hostname }}" + register: output_get_node + when: + - inventory_hostname in groups['k8s_cluster'] + - local_as is defined + - groups['calico_rr'] | default([]) | length == 0 + delegate_to: "{{ groups['kube_control_plane'][0] }}" + +- name: Calico | Patch node asNumber for per node peering + command: + cmd: |- + {{ bin_dir }}/calicoctl.sh patch node "{{ inventory_hostname }}" --patch '{{ patch is string | ternary(patch, patch | to_json) }}' + vars: + patch: > + {"spec": { + "bgp": { + "asNumber": "{{ local_as }}" + }, + "orchRefs": [{"nodeName": "{{ inventory_hostname }}", "orchestrator": "k8s"}] + }} + register: output + retries: 0 + until: output.rc == 0 + delay: "{{ retry_stagger | random + 3 }}" + when: + - inventory_hostname in groups['k8s_cluster'] + - local_as is defined + - groups['calico_rr'] | default([]) | length == 0 + - output_get_node.rc == 0 + - name: Calico | Configure node asNumber for per node peering command: cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" @@ -48,6 +80,7 @@ - inventory_hostname in groups['k8s_cluster'] - local_as is defined - groups['calico_rr'] | default([]) | length == 0 + - output_get_node.rc != 0 - name: Calico | Configure peering with router(s) at node scope command: @@ -64,6 +97,9 @@ "asNumber": "{{ item.as }}", "node": "{{ inventory_hostname }}", "peerIP": "{{ item.router_id }}", + {% if calico_version is version('v3.26.0', '>=') and (item.filters | default([]) | length > 0) %} + "filters": {{ item.filters }}, + {% endif %} "sourceAddress": "{{ item.sourceaddress | default('UseNodeIP') }}" }} register: output diff --git a/roles/network_plugin/calico/templates/calico-apiserver.yml.j2 b/roles/network_plugin/calico/templates/calico-apiserver.yml.j2 index 49f5918b4..ca25eeb21 100644 --- a/roles/network_plugin/calico/templates/calico-apiserver.yml.j2 +++ b/roles/network_plugin/calico/templates/calico-apiserver.yml.j2 @@ -157,6 +157,7 @@ rules: - networksets - bgpconfigurations - bgppeers + - bgpfilters - felixconfigurations - kubecontrollersconfigurations - ippools diff --git a/roles/network_plugin/calico/templates/calico-cr.yml.j2 b/roles/network_plugin/calico/templates/calico-cr.yml.j2 index ac0331f22..7ddec1698 100644 --- a/roles/network_plugin/calico/templates/calico-cr.yml.j2 +++ b/roles/network_plugin/calico/templates/calico-cr.yml.j2 @@ -16,6 +16,11 @@ rules: - pods/status verbs: - patch + - apiGroups: [""] + resources: + - nodes/status + verbs: + - update - apiGroups: ["crd.projectcalico.org"] resources: - blockaffinities diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2 index 509201152..6642ef2f6 100644 --- a/roles/network_plugin/calico/templates/calico-node.yml.j2 +++ b/roles/network_plugin/calico/templates/calico-node.yml.j2 @@ -38,7 +38,7 @@ spec: # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. terminationGracePeriodSeconds: 0 initContainers: -{% if calico_datastore == "kdd" %} +{% if calico_datastore == "kdd" and not calico_ipam_host_local %} # This container performs upgrade from host-local IPAM to calico-ipam. # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. @@ -310,6 +310,10 @@ spec: value: "{{ calico_node_ignorelooserpf }}" - name: CALICO_MANAGE_CNI value: "true" +{% if calico_ipam_host_local %} + - name: USE_POD_CIDR + value: "true" +{% endif %} {% if calico_node_extra_envs is defined %} {% for key in calico_node_extra_envs %} - name: {{ key }} @@ -428,7 +432,7 @@ spec: hostPath: path: /run/xtables.lock type: FileOrCreate -{% if calico_datastore == "kdd" %} +{% if calico_datastore == "kdd" and not calico_ipam_host_local %} # Mount in the directory for host-local IPAM allocations. This is # used when upgrading from host-local to calico-ipam, and can be removed # if not using the upgrade-ipam init container. diff --git a/roles/network_plugin/calico/templates/calico-typha.yml.j2 b/roles/network_plugin/calico/templates/calico-typha.yml.j2 index 2c6d5108b..d1f37aa5d 100644 --- a/roles/network_plugin/calico/templates/calico-typha.yml.j2 +++ b/roles/network_plugin/calico/templates/calico-typha.yml.j2 @@ -136,11 +136,10 @@ spec: name: cacert readOnly: true {% endif %} - # Needed for version >=3.7 when the 'host-local' ipam is used - # Should never happen given templates/cni-calico.conflist.j2 - # Configure route aggregation based on pod CIDR. - # - name: USE_POD_CIDR - # value: "true" +{% if calico_ipam_host_local %} + - name: USE_POD_CIDR + value: "true" +{% endif %} livenessProbe: httpGet: path: /liveness diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml index 84700df4a..d9f78b1ef 100644 --- a/roles/network_plugin/cilium/defaults/main.yml +++ b/roles/network_plugin/cilium/defaults/main.yml @@ -7,6 +7,9 @@ cilium_mtu: "" cilium_enable_ipv4: true cilium_enable_ipv6: false +# Enable l2 announcement from cilium to replace Metallb Ref: https://docs.cilium.io/en/v1.14/network/l2-announcements/ +cilium_l2announcements: false + # Cilium agent health port cilium_agent_health_port: "{%- if cilium_version | regex_replace('v') is version('1.11.6', '>=') -%}9879{%- else -%}9876{%- endif -%}" @@ -39,6 +42,10 @@ cilium_cpu_requests: 100m # Overlay Network Mode cilium_tunnel_mode: vxlan + +# LoadBalancer Mode (snat/dsr/hybrid) Ref: https://docs.cilium.io/en/stable/network/kubernetes/kubeproxy-free/#dsr-mode +cilium_loadbalancer_mode: snat + # Optional features cilium_enable_prometheus: false # Enable if you want to make use of hostPort mappings diff --git a/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2 b/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2 index 642a66702..5bcc44dec 100644 --- a/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2 +++ b/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2 @@ -97,6 +97,11 @@ rules: - ciliumloadbalancerippools/status - ciliumbgppeeringpolicies - ciliumenvoyconfigs +{% endif %} +{% if cilium_version | regex_replace('v') is version('1.15', '>=') %} + - ciliumbgppeerconfigs + - ciliumbgpadvertisements + - ciliumbgpnodeconfigs {% endif %} verbs: - '*' @@ -146,6 +151,20 @@ rules: - ciliumlocalredirectpolicies.cilium.io - ciliumnetworkpolicies.cilium.io - ciliumnodes.cilium.io +{% if cilium_version | regex_replace('v') is version('1.14', '>=') %} + - ciliumnodeconfigs.cilium.io + - ciliumcidrgroups.cilium.io + - ciliuml2announcementpolicies.cilium.io + - ciliumpodippools.cilium.io + - ciliumloadbalancerippools.cilium.io +{% endif %} +{% if cilium_version | regex_replace('v') is version('1.15', '>=') %} + - ciliumbgpclusterconfigs.cilium.io + - ciliumbgppeerconfigs.cilium.io + - ciliumbgpadvertisements.cilium.io + - ciliumbgpnodeconfigs.cilium.io + - ciliumbgpnodeconfigoverrides.cilium.io +{% endif %} {% endif %} {% for rules in cilium_clusterrole_rules_operator_extra_vars %} - apiGroups: diff --git a/roles/network_plugin/cilium/templates/cilium/config.yml.j2 b/roles/network_plugin/cilium/templates/cilium/config.yml.j2 index 32144de28..d294c6e29 100644 --- a/roles/network_plugin/cilium/templates/cilium/config.yml.j2 +++ b/roles/network_plugin/cilium/templates/cilium/config.yml.j2 @@ -131,6 +131,12 @@ data: tunnel-protocol: "{{ cilium_tunnel_mode }}" {% endif %} + ## DSR setting + bpf-lb-mode: "{{ cilium_loadbalancer_mode }}" + + # l2 + enable-l2-announcements: "{{ cilium_l2announcements }}" + # Enable Bandwidth Manager # Cilium’s bandwidth manager supports the kubernetes.io/egress-bandwidth Pod annotation. # Bandwidth enforcement currently does not work in combination with L7 Cilium Network Policies. diff --git a/roles/network_plugin/cilium/templates/cilium/cr.yml.j2 b/roles/network_plugin/cilium/templates/cilium/cr.yml.j2 index 4ce747f0f..a4395b242 100644 --- a/roles/network_plugin/cilium/templates/cilium/cr.yml.j2 +++ b/roles/network_plugin/cilium/templates/cilium/cr.yml.j2 @@ -106,6 +106,15 @@ rules: - ciliumnodes/finalizers - ciliumidentities/finalizers - ciliumlocalredirectpolicies/finalizers +{% endif %} +{% if cilium_version | regex_replace('v') is version('1.14', '>=') %} + - ciliuml2announcementpolicies/status +{% endif %} +{% if cilium_version | regex_replace('v') is version('1.15', '>=') %} + - ciliumbgpnodeconfigs + - ciliumbgpnodeconfigs/status + - ciliumbgpadvertisements + - ciliumbgppeerconfigs {% endif %} verbs: - '*' @@ -125,7 +134,22 @@ rules: - cilium.io resources: - ciliumcidrgroups + - ciliuml2announcementpolicies + - ciliumpodippools + - ciliuml2announcementpolicies/status verbs: - list - watch +{% if cilium_version %} +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update + - list + - delete +{% endif %} {% endif %} diff --git a/roles/reset/defaults/main.yml b/roles/reset/defaults/main.yml index b63f2e2a8..3b312009d 100644 --- a/roles/reset/defaults/main.yml +++ b/roles/reset/defaults/main.yml @@ -11,7 +11,8 @@ reset_restart_network_service_name: >- {%- else -%} network {%- endif -%} - {%- elif ansible_distribution == "Ubuntu" -%} + {%- elif ansible_distribution == "Ubuntu" + or (ansible_distribution == "Debian" and ansible_distribution_major_version | int == 12 ) -%} systemd-networkd {%- elif ansible_os_family == "Debian" -%} networking diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index a0fa4093c..0f13f686b 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -7,6 +7,8 @@ - kubelet.service - cri-dockerd.service - cri-dockerd.socket + - etcd.service + - etcd-events.service failed_when: false tags: - services @@ -24,6 +26,8 @@ - crio.service.d/http-proxy.conf - k8s-certs-renew.service - k8s-certs-renew.timer + - etcd.service + - etcd-events.service register: services_removed tags: - services @@ -134,28 +138,6 @@ ignore_errors: true # noqa ignore-errors changed_when: true -- name: Reset | stop etcd services - service: - name: "{{ item }}" - state: stopped - with_items: - - etcd - - etcd-events - failed_when: false - tags: - - services - -- name: Reset | remove etcd services - file: - path: "/etc/systemd/system/{{ item }}.service" - state: absent - with_items: - - etcd - - etcd-events - register: services_removed - tags: - - services - - name: Reset | remove containerd when: container_manager == 'containerd' block: @@ -267,7 +249,7 @@ register: var_lib_kubelet_directory - name: Reset | Find files/dirs with immutable flag in /var/lib/kubelet - command: lsattr -laR /var/lib/kubelet + command: lsattr -laR /var/lib/kubelet/ become: true register: var_lib_kubelet_files_dirs_w_attrs changed_when: false diff --git a/scripts/download_hash.sh b/scripts/download_hash.sh index 6bd47cb02..99e126e11 100755 --- a/scripts/download_hash.sh +++ b/scripts/download_hash.sh @@ -139,7 +139,7 @@ function get_checksums() { ["gvisor_runsc_binary"]="arm ppc64le" ["gvisor_containerd_shim_binary"]="arm ppc64le" ["containerd_archive"]="arm" -["skopeo_binary"]="arm ppc64le" +["skopeo_binary"]="arm" ) echo "${binary}_checksums:" | tee --append "$checksums_file" for arch in arm arm64 amd64 ppc64le; do diff --git a/tests/files/packet_debian11-calico-upgrade.yml b/tests/files/packet_debian11-calico-upgrade.yml index 1b05714e4..94aba7b92 100644 --- a/tests/files/packet_debian11-calico-upgrade.yml +++ b/tests/files/packet_debian11-calico-upgrade.yml @@ -11,3 +11,6 @@ calico_network_backend: bird # Needed to bypass deprecation check ignore_assert_errors: true + +# Remove anonymous access to cluster +remove_anonymous_access: true diff --git a/tests/files/packet_ubuntu20-calico-all-in-one-hardening.yml b/tests/files/packet_ubuntu20-calico-all-in-one-hardening.yml index 55cbd5063..c494810cf 100644 --- a/tests/files/packet_ubuntu20-calico-all-in-one-hardening.yml +++ b/tests/files/packet_ubuntu20-calico-all-in-one-hardening.yml @@ -104,3 +104,6 @@ kube_cert_group: root # kube-system namespace is exempted by default kube_pod_security_use_default: true kube_pod_security_default_enforce: restricted + +# Remove anonymous access to cluster +remove_anonymous_access: true diff --git a/tests/files/packet_ubuntu20-calico-etcd-kubeadm.yml b/tests/files/packet_ubuntu20-calico-etcd-kubeadm.yml index 99f736544..ba9d7b34b 100644 --- a/tests/files/packet_ubuntu20-calico-etcd-kubeadm.yml +++ b/tests/files/packet_ubuntu20-calico-etcd-kubeadm.yml @@ -9,3 +9,6 @@ etcd_deployment_type: kubeadm # Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko kube_proxy_mode: iptables enable_nodelocaldns: False + +# Remove anonymous access to cluster +remove_anonymous_access: true diff --git a/tests/requirements.txt b/tests/requirements.txt index 320a7414a..90395e6ab 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -1,12 +1,12 @@ -r ../requirements.txt -ansible-lint==6.22.2 +ansible-lint==24.2.3 apache-libcloud==3.8.0 ara[server]==1.7.0 dopy==0.3.7 molecule==6.0.2 -molecule-plugins[vagrant]==23.5.0 +molecule-plugins[vagrant]==23.5.3 python-vagrant==1.0.0 pytest-testinfra==9.0.0 -tox==4.11.3 +tox==4.15.0 yamllint==1.32.0 -tzdata==2023.3 +tzdata==2024.1