Commit Graph

563 Commits (master)

Author SHA1 Message Date
Arthur Outhenin-Chalandre 4a6eb7eaa2
enable back kubelet_authorization_mode_webhook by default (#9662)
In 6db6c8678c, this was disabled becaue
kubesrpay gave too much permissions that were not needed. This commit
re-enable back this option by default and also removes the extra
permissions that kubespray gave that were in fact not needed.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-01-16 23:56:32 -08:00
R. P. Taylor 0ff883afeb
streamline ansible_default_ipv4 gathering loop (#9281) 2023-01-05 11:59:58 -08:00
tu1h 791064a3d9
Allow custom timeout for kubeadm init (#9617)
Signed-off-by: tu1h <lihai.tu@daocloud.io>

Signed-off-by: tu1h <lihai.tu@daocloud.io>
2022-12-27 00:53:28 -08:00
yanggang f8d6b54dbb
Add hashes for 1.25.5, 1.24.9, 1.23.15 and make v1.25.5 default (#9557)
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
2022-12-11 16:45:33 -08:00
yanggang 9439487219
Add hashes for 1.25.4, 1.24.8, 1.23.14 and make v1.25.4 default (#9479)
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
2022-11-10 20:00:09 -08:00
Kay Yan ccbe38f78c
make-kube-1.25-default (#9364) 2022-10-20 00:56:57 -07:00
Maxime Leroy d9c39c274e
fix(defaults): wrong cri_socket path for containerd (#9401) 2022-10-18 00:15:18 -07:00
Mohamed Zaian 5ad1d9db5e
[kubernetes] Add hashes for 1.25.3, 1.24.7, 1.23.13 and make v1.24.7 default (#9397) 2022-10-17 05:59:07 -07:00
Unai Arríen 52904ee6ad
Avoid MetalLB speaker image download when MetalLB speaker is disabled (#9248)
* Avoid MetalLB speaker image download when metallb_speaker_enabled is set to

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Improve metallb_speaker_enabled default values
2022-10-13 16:50:47 -07:00
Kay Yan 999586a110
sysctl_additional (#9351) 2022-10-02 23:06:14 -07:00
Florian Ruynat 841e2f44c0
Remove references to 1.22 (#9342) 2022-09-28 14:10:29 -07:00
Federico Cucinella e486151aea
cloud-provider-openstack: upgrade 1.22.0 to 1.23.4 (#9332) 2022-09-26 17:35:46 -07:00
Mohamed Zaian 76573bf293
[kubernetes] Add hashes for 1.24.6, 1.22.15, 1.23.12 and make v1.24.6 default (#9308) 2022-09-22 04:13:03 -07:00
Mohamed Zaian 680293e79c
[kubernetes] Add hashes for 1.24.5, 1.22.14, 1.23.11 and make v1.24.5 default (#9286) 2022-09-19 02:10:31 -07:00
Cristian Calin 6db6c8678c
disable kubelet_authorization_mode_webhook by default (#9238) 2022-08-31 04:53:00 -07:00
Mohamed Zaian ab938602a9
[kubernetes] Add hashes for 1.24.4, 1.22.13, 1.23.10 and make v1.24.4 default (#9191) 2022-08-21 23:11:44 -07:00
Mohamed Zaian 91073d7379
[kubernetes] make v1.24.3 default (#9101) 2022-07-19 02:58:06 -07:00
Mohamed Zaian e4fe679916 [kubernetes] make v1.24.2 default 2022-06-17 11:08:33 -07:00
Alessio Greggi 97b4d79ed5
feat: make kubernetes owner parametrized (#8952)
* feat: make kubernetes owner parametrized

* docs: update hardening guide with configuration for CIS 1.1.19

* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
2022-06-17 01:34:32 -07:00
Florian Ruynat 9e7f89d2a2 Remove forgotten 1.21 references 2022-06-16 08:55:38 +02:00
Calin Cristian Andrei 24c8ba832a [kubernetes] drop support for configuring insecure apiserver 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei 2cd8c51a07 [kubeadm] use v1beta3 configuration version
* extra admission controls now don't have a version in their file names
  eventratelimit.v1beta2.yaml.j2 -> eventratelimit.yaml.j2
* cri_socket variable includes the unix:// prefix to be conformat with
  upstream
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei fad296616c [docker] use cri-dockerd instead of dockershim for any kubernetes version deployed with docker as the container_manager 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei 2de5c4821c [calico] clean up workarounds for older versions 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei ae1dcb031f [kubernetes] drop pre 1.22.0 workarounds 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei 9535a41187 [kubernetes] make 1.22.0 the minimum version 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei d69d4a8303 [kubernetes] make 1.24.1 the new default 2022-06-15 00:57:20 -07:00
Mohamed Zaian 78aacee21b
[kubernetes] add hashes for 1.24.1 and other versions. (#8876)
* [kubernetes] add hashes for 1.24.1 and other versions.
versions: v1.21.13, v1.22.10, v1.23.7 & v1.24.1

* [kubernetes] make v1.23.7 default1
2022-05-27 12:00:42 -07:00
Samuel Liu f26f544ff6
[kube-ovn]: update kube-ovn version and sync some feature (#8790)
* [kube-ovn]: some feature

kube-ovn vlan mode
ipv6/ipv4 dual stack
...

* remove unused env

* fix readinessprobe
2022-05-11 21:35:15 -07:00
Cristian Calin 56cf163a23
[kubernetes] actually make 1.23.6 the default (#8767) 2022-05-02 00:43:14 -07:00
Julien Le Fur 30306d6ec7
Enable external CA mode for control-plane deployment (#8620) 2022-04-12 05:47:23 -07:00
Robin Wallace d7254eead6
UpCloud integration (#8653)
* [upcloud] add upcloud csi-driver

* Option to use ansible_host as api ip for kubueconfig
2022-04-11 15:13:23 -07:00
Samuel Liu 424ef3b3f9
[calico] add calico apiserver (#8690)
* [calico] add calico apiserver

* fix yamllint

* remove addext argument

* Configure API server with the CA bundle

* add check kdd
2022-04-08 00:02:42 -07:00
Mathieu Parent 996ef98b87
Add support for kube-vip (#8669)
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
2022-04-07 10:37:57 -07:00
Alessio Greggi bba91a7524
split kube_feature_gates variable for different kubernetes components (#8677)
* feat: split kube_feature_gates variable for different kubernetes components

* docs: add kube_feaute_gates componet variables
2022-04-05 05:39:37 -07:00
Calin Cristian Andrei 538f9df5cc [kubernetes] make 1.23.5 the default 2022-03-17 05:03:20 -07:00
Cristian Calin 394857b5ce
[docker] add support for cri-dockerd as a replacement for dockershim (#8623) 2022-03-16 16:28:11 -07:00
Tom Janson 2e925f82ef
Revert "Fix: typos in docs and comments (#7805)" (#8592)
This reverts commit 417180246c.
2022-03-02 11:57:13 -08:00
Necatican Yıldırım e9c8913248
Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable (#8317)
* Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Add etcd kubeadm deployment documentation

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Refactor warning for the deprecated 'etcd_kubeadm_enabled' variable

Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-02-22 08:53:16 -08:00
Florian Ruynat d4f654275b Set default kubernetes version to 1.23.4 2022-02-21 03:54:11 -08:00
Michael Schmitz eacd55fbca
Use sysctl_file_path variable for all sysctl_file locations (#8395)
* Use sysctl_file_path variable for all sysctl_file locations

* Add sysctl_file_path variable to kubespay-defaults

* Remove previously used sysctl file locations if present

* Use explicit filename in roles/kubernetes/node/defaults/main.yml

* Defaults: use explicit value
2022-02-01 08:12:10 -08:00
Samuel Liu e6e7fbc25f
fix reset containerd_storage_dir undefined (#8478)
* fix reset containerd_storage_dir

* add env to kubespray-defaults
2022-01-31 05:46:23 -08:00
Ilya Margolin 7d4d554436
Document host_resolvconf as default value for resolvconf_mode (#8493)
refs #8247
2022-01-31 03:12:24 -08:00
Calin Cristian Andrei ababcd5481 [kube] make 1.23.3 the new default 2022-01-31 00:22:24 -08:00
Calin Cristian Andrei be9a1f80c1 [kube] make 1.23.2 the default version 2022-01-24 11:59:33 -08:00
Victor Morales e88aa7c96b
Add youki runtime support (#8411) 2022-01-21 14:01:07 -08:00
Johann Schley 38d129a0b6
add external hcloud cloud controller manager (#8440) 2022-01-20 12:31:09 -08:00
Unai Arríen 57a1d18db3
Improve first_kube_control_plane variable management to avoid installation failures due to variable overlapping (#8388) 2022-01-10 01:35:19 -08:00
rtsp aa4a3d7afd
Fix container engine still installed on dedicated etcd node even if `etcd_deployment_type: host` (#8386) 2022-01-10 01:35:12 -08:00
Kenichi Omichi 51bd9bee0d
Move containerd_version to defaults/main.yml (#8379)
All container image versions were defined in download/defaults/main.yml
except containerd.
The inconsistency caused the offline script(generate_list.sh) could not
output the URL of containerd image.
This moves the definition into a valid file.
In addition, this adds host_os to generate_list.sh for downloading
krew from a valid URL.
2022-01-09 01:47:12 -08:00
Max Gautier cb54eb40ce
Use a variable for standardizing kubectl invocation (#8329)
* Add kubectl variable

* Replace kubectl usage by kubectl variable in roles

* Remove redundant --kubeconfig on kubectl usage

* Replace unecessary shell usage with command
2022-01-05 02:26:32 -08:00
Florian Ruynat 6136fa7c49 Update Kubernetes version to 1.23.1 2022-01-04 10:25:00 -08:00
Florian Ruynat 8d2b4ed4a9 Move min k8s version to 1.21 2022-01-04 10:25:00 -08:00
Calin Cristian Andrei 1a7b4435f3 Bump default version of kubernetes to 1.22.5 2021-12-20 08:56:56 -08:00
Marat Talipov 4f27c763af
containerd insecure registry support (#8298) 2021-12-13 00:41:58 -08:00
Cristian Calin 682c8a59c2
containerd: change default resolvconf_mode to host_resolvconf (#8247)
* containerd: change default resolvconf_mode to host_resolvconf

* Wait for kube-apiserver to come back after pod refresh

* Handle resolv.conf gracefully

* Retain currently configured DNS entries to ensure we don't break the resolvers

* Suse uses wickedd for network management so no dhcp hooks

* Molecule: increase ansible timeout

* CI: Increase ansible timeout to 120s for Packet jobs
2021-12-09 14:09:06 -08:00
zhengtianbao a16d427536
Set etcd-events listen port to 2383 (#8232) 2021-12-07 00:28:01 -08:00
Alvaro Campesino 27ab364df5
Improve control plane scale flow (#13) (#7989)
* Improve control plane scale flow (#13)

* Added version 1.20.10 of K8s

* Setting first_kube_control_plane to a existing one

* Setting first_kube_control_plane to a existing one

* change first_kube_master for first_kube_control_plane

* Ansible-lint changes
2021-12-06 00:16:32 -08:00
Hanna Bledai 615216f397
Fix if bind-address is not set to 0.0.0.0 (#8262)
* if bind-address is not set to 0.0.0.0

* Update docs and left comments

* fix yamllist check: remove space
2021-12-05 23:58:32 -08:00
Cristian Calin 9d8a83314b
containerd: add hashes for 1.5.8 and 1.4.12 and make 1.5.8 the new default (#8239)
* containerd: add hashes for 1.5.8 and 1.4.12 and make 1.5.8 the new default

* containerd: make nerdctl mandatory for container_manager = containerd

* nerdctl: bump to version 0.14.0

* containerd: use nerdctl for image manipulation

* OpenSuSE: install basic nerdctl dependencies
2021-12-03 12:20:35 -08:00
Florian Ruynat 0e22a90579
Update docker to 20.10.11 with containerd 1.4.12 (#8255) 2021-11-30 11:49:01 -08:00
Florian Ruynat 2fd529a993 Update Kubernetes version to v1.22.4 2021-11-29 23:06:56 -08:00
Cristian Calin e78bda65fe
Defaults: replace docker with containerd as our default container_manager (#8175)
* Defaults: replace docker with containerd as our default container_manager

* CI: Use docker for download_localhost test

* Defaults: with container_manager=containerd we need etcd_deployment_type=host

* CI: Run weave jobs with docker

* CI: Vagrant don't download_force_cache

* CI: Fix upgrade tests

* should run compatible with old settings, this means docker
* we need to run with a distro that has at least modern containerd,
  this means move from debian9 to debian10 to allow `containerd_version`
  to match between 2.17 and master
2021-11-25 06:54:33 -08:00
Mathieu Parent 0263c649f4
Allow to scrape etcd metrics using a service (#8203)
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
2021-11-17 23:53:01 -08:00
EDGsheryl 4d79a55904
Remove extra parameter kube_proxy_remove (#8158)
Signed-off-by: EDGsheryl <edgsheryl@gmail.com>
2021-11-15 00:02:48 -08:00
Cristian Calin 039205560a
nodelocaldns: allow a secondary pod for nodelocaldns for local-HA (#8100)
* nodelocaldns: allow a secondary pod for nodelocaldns for local-HA

* CI: add job to test nodelocaldns secondary
2021-11-09 09:57:47 -08:00
Cristian Calin 801268d5c1
containerd: upgrade versions 1.4.11 and 1.5.7 and make 1.4.11 the default (#8129) 2021-11-09 06:59:47 -08:00
Cristian Calin 4a8757161e
Docker: replace the use of containerd_version with docker_containerd_version to avoid causing conflicts when bumping containerd_version (#8130) 2021-11-08 15:56:49 -08:00
zhengtianbao 65540c5771
krew: update to v0.4.2 (#8168)
krew release urls changed since v0.4.2, clearly OS type and arch inside the filename.

from:
  https://github.com/kubernetes-sigs/krew/releases/download/v0.4.1/krew.tar.gz
to:
  https://github.com/kubernetes-sigs/krew/releases/download/v0.4.2/krew-linux_amd64.tar.gz

define `host_os` like `host_architecture` determine which OS is krew
installed at.
2021-11-08 02:54:59 -08:00
Álvaro Torres Cogollo 8922c45556
Added ArgoCD kubernetes-app (#7895)
* Added ArgoCD kubernetes-app

* Update argocd_version to latest
2021-11-07 02:22:51 -08:00
Marcus Fenner c94291558d
Fix containerd install for fcos (#8107)
* Fix containerd install for fcos

* rm orphaned runc and containerd binaries
2021-11-05 07:53:53 -07:00
Florian Ruynat b353e062c7 Update default k8s version to 1.22.3 2021-10-29 10:43:44 -07:00
Florian Ruynat 331647f4ab
Remove deprecated Ambassador ingress code (#8086) 2021-10-26 15:19:09 -07:00
Max Gautier e4c8c7188e
etcd: deploy container engine if needed (#7532)
If the etcd cluster is separate and the etcd_deployment_type is "host",
there is no need for a container engine on the etcd nodes

Do not rely on a 'default(true)' filter, but define a proper default in
kubespray-defaults depending on etcd deployment method and if internal
or external etcd is used
2021-10-12 00:31:47 -07:00
Necatican Yıldırım 1a57780a75
Add kubeadm_join_phases_skip variable (#8067)
* Add kubeadm_join_phases_skip variable

* Update kubeadm_join_phases_skip comment

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* Add kubeadm_join_phases_skip_default variable to follow the same logic with kubeadm_init_phases_skip

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2021-10-11 09:36:41 -07:00
Iago Santos 43958614e3
Fix kubespray flatcar ansible_os_family and ansible_distribution (#8029)
Closes https://github.com/kubernetes-sigs/kubespray/issues/8028

Signed-off-by: Iago Santos <iago.santos.pardo@adfinis.com>
2021-10-01 09:11:23 -07:00
Florian Ruynat 5d1b34bdcd Move min k8s version to 1.20 2021-09-22 09:50:01 -07:00
Florian Ruynat 8efde799e1 Update kubernetes version to 1.22.2 2021-09-22 09:50:01 -07:00
Cristian Calin 6f7911264f
Calico: make calico_min_version check relevant (#7939)
* Calico: make calico_min_version check relevant

* Calico: only check currently installed version against the oldest supported version by the previous release
2021-09-20 07:58:09 -07:00
Florian Ruynat b83e8b020a
Fix default version (#7977) 2021-09-17 07:31:00 -07:00
Cristian Calin d355b43dce
ContainerD: bump containerd version to 1.4.9 (#7940) 2021-09-06 04:50:29 -07:00
Cristian Calin db470f8529
Update CSI snaphotter and make it independent (#7943)
* CSI: update CSI snapshot CRDs

* CSI: update snapshot controller tag version with kubernetes specific versions

* CSI: allow enabling csi_snapshot_controller independent of Cinder CSI

* CSI: Align csi-snapshot-controller with upstream and use a Deployment instead of a StatefulSet
2021-09-06 04:24:29 -07:00
Florian Ruynat ed87386d7b Set default k8s version to 1.21.3 2021-07-20 01:29:31 -07:00
Atsushi Nukariya 417180246c
Fix: typos in docs and comments (#7805) 2021-07-16 18:58:50 -07:00
Cristian Calin bd6d810d0a
nodelocaldns: allow binding metrics address to host IP (#7748) 2021-06-29 05:28:41 -07:00
Cristian Calin a3e34f589a
Enable Graceful Node Shutdown for Kubernetes >= 1.21.0 (#7746)
* Enable Graceful Node Shutdown for Kubernetes >= 1.21.0

* Add sample graceful shutdown parameters
2021-06-27 23:53:25 -07:00
Cristian Calin 282a27a07c
gVisor: initial support for gVisor container runtime (#7661)
* Docker/Containerd: move downloads urls to containerd-common

* gVisor: initial support for gVisor container runtime
2021-06-21 05:18:51 -07:00
Sergey d9d29af87f
update containerd to version 1.4.6 (#7674) 2021-06-03 10:55:38 -07:00
Florian Ruynat 54cda80018
Fix debian docker available version (#7668) 2021-06-01 20:58:39 -07:00
Cedric Hnyda 4674b03661
Add cinder_csi_ignore_volume_az (#7624)
Signed-off-by: Cedric Hnyda <cedric.hnyda@itera.io>
2021-06-01 07:10:27 -07:00
Florian Ruynat 7208169db3 Update kubernetes version to 1.21.1 2021-05-27 11:18:24 -07:00
Florian Ruynat bdf74c6749 Set default version to 1.20.7 2021-05-14 09:48:06 -07:00
Cedric Hnyda 1dd38721b3
Add external_openstack_enable_ingress_hostname option for openstack (#7572)
Signed-off-by: Cedric Hnyda <cedric.hnyda@itera.io>
2021-05-04 00:33:11 -07:00
Samuel Liu 96e6a6ac3f
Add krew support (#7464)
* Add krew support

* Add reset for krew

* Update install krew(local)

* ansible lint

* yamllint

* fix krew default vars

* fix kubectl_localhost mode

* replace include

* fix e206
2021-05-03 07:16:03 -07:00
Cristian Calin 360aff4a57
Rename ansible groups to use _ instead of - (#7552)
* rename ansible groups to use _ instead of -

k8s-cluster -> k8s_cluster
k8s-node -> k8s_node
calico-rr -> calico_rr
no-floating -> no_floating

Note: kube-node,k8s-cluster groups in upgrade CI
      need clean-up after v2.16 is tagged

* ensure old groups are mapped to the new ones
2021-04-29 05:20:50 -07:00
muzi502 69806e0a46
Add nerdctl cli tool for containerd user (#7500)
* Add nerdctl cli tool for containerd user

* Add nerdctl enable option

* Add nerdctl enable option and update nerdctl version to 0.8.0
2021-04-25 23:47:01 -07:00
Florian Ruynat 6001edeecd
Cleanup hashes and 1.18 hooks (#7534) 2021-04-20 15:34:33 -07:00
Florian Ruynat 1c0836946f Update default Kubernetes version to 1.20.6 2021-04-15 22:26:22 -07:00
Florian Ruynat cd9a03f86c
Update some docker defaults (#7499) 2021-04-14 15:13:07 -07:00
emiran-orange d56ac216f4
Use kubeadm_feature_gates instead of kube_feature_gates to leverage kubeadm feature gates and not to interfere with k8s components feature gates (#7447) 2021-04-12 01:05:59 -07:00
Daniil Muidinov 2257181ca8
Set containerd version to 1.4.4 (#7398)
* Set containerd version to 1.4.3

* Set containerd version to 1.4.4

Co-authored-by: Barry Melbourne <9964974+bmelbourne@users.noreply.github.com>
2021-04-01 23:20:11 -07:00
Kaleb Elwert 6fa3565dac
Allow connecting to bastion via non-standard SSH port (#7396)
* Allow connecting to bastion via non-standard port

* Fix bastion connection when ansible_port is not provided
2021-03-26 00:48:43 -07:00
Kenichi Omichi 486b223e01
Replace kube-master with kube_control_plane (#7256)
This replaces kube-master with kube_control_plane because of [1]:

  The Kubernetes project is moving away from wording that is
  considered offensive. A new working group WG Naming was created
  to track this work, and the word "master" was declared as offensive.
  A proposal was formalized for replacing the word "master" with
  "control plane". This means it should be removed from source code,
  documentation, and user-facing configuration from Kubernetes and
  its sub-projects.

NOTE: The reason why this changes it to kube_control_plane not
      kube-control-plane is for valid group names on ansible.

[1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
2021-03-23 17:26:05 -07:00
Florian Ruynat 6d9ed398e3 Set default k8s version to 1.20.5 2021-03-19 10:04:34 -07:00
Mikael Johansson f103ac7640
Change default OCCM internal and public networks variables to empty lists (#7380)
Signed-off-by: Mikael Johansson <mik.json@gmail.com>
2021-03-18 16:52:36 -07:00
stress-t 15f1b19136
Fix: added string to bool conversion for use_localhost_as_kube api load balancer (#7324) 2021-03-01 11:53:36 -08:00
Sergey Mikhaltsov a4cc416511
use external_openstack_lbaas_use_octavia for template openstack-cloud… (#7298)
* use external_openstack_lbaas_use_octavia for template openstack-cloud-config

* Delete external_openstack_lbaas_use_octavia from default values. Added description and default values of variables to docs

* markdown fix

* make this simple

* set external_openstack_lbaas_use_octavia in default values

* duplicated variable in doc
2021-02-25 11:25:25 -08:00
Florian Ruynat 6334e4bd84 Set Kubernetes default version to 1.20.4 2021-02-22 08:45:42 -08:00
Etienne Champetier 3749729d5a
Remove calico-upgrade leftovers (#7282)
This is dead code since 28073c76ac

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-16 11:24:58 -08:00
Etienne Champetier 1c5391dda7
Ensure kubeadm doesn't use proxy (#7275)
* Move proxy_env to kubespray-defaults/defaults

There is no reasons to use set_facts here

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>

* Ensure kubeadm doesn't use proxy

*_proxy variables might be present in the environment (/etc/environment, bash profile, ...)
When this is the case we end up with those proxy configuration in /etc/kubernetes/manifests/kube-*.yaml manifests

We cannot unset env variables, but kubeadm is nice enough to ignore empty vars
93d288e2a4/cmd/kubeadm/app/util/env.go (L27)

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-16 08:44:58 -08:00
stress-t 796d3fb975
Improving PR 6473 (#7259) 2021-02-16 05:19:05 -08:00
Matt Calvert 4cc065e66d Changes to support Dual Stack networking 2021-02-05 00:04:52 -08:00
Florian Ruynat 7a033a1d55
Add hashes and update default K8S version to 1.20.2 (#7171) 2021-01-15 12:43:09 -08:00
Florian Ruynat a923f4e7c0
Update kube_version_min_required and cleanup hashes for release (#7160) 2021-01-15 00:33:51 -08:00
Florian Ruynat 09fa99fdc6
Update hashes and set default version to 1.19.7 (#7150) 2021-01-13 14:57:02 -08:00
Etienne Champetier a790935d02
Only setup *_PROXY env variables where needed (#7095)
no_proxy is a pain to get right, and having proxy variables present causes issues
(k8s components get proxy configuration after upgrade, see #7100)

It's better to only configure what require proxy:
- the runtime (containerd/docker/crio)
- the package manager + apt_key
- the download tasks

Tested with the following clusters
- 4 CentOS 8 nodes
- 1 Ubuntu 20.04 node

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2021-01-11 07:21:08 -08:00
Etienne Champetier ab2bfd7f8c
Proxy small fixes (#7102)
* Improve how we set 'proxy=' in yum.conf or dnf.conf

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Fixup spaces in no_proxy

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Add svc,svc.{{ dns_domain }} to no_proxy

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2021-01-07 10:50:53 -08:00
Florent Monbillard 9a05037352
SHAs for 1.19.6, 1.18.14, 1.18.13, 1.17.16 and 1.17.15 (#7063)
* SHAs for 1.19.6, 1.18.14, 1.18.13, 1.17.16 and 1.17.15

* Fix etcd version in README

* Bump kube_version to 1.19.6
2020-12-18 15:42:24 -08:00
Kenichi Omichi 0aa6d3d4bc
Replace non-ascii with ascii (#7044)
When opening the main.yaml, vi cannot show the string correctly
due to non-ascii string. This replaces it.
2020-12-16 23:43:09 -08:00
Anthony Rabbito 93445b4dbc
Update hashes and set default version to 1.19.5 (#7012)
* Update hashes and set default version to 1.19.5

Signed-off-by: anthr76 <hello@anthonyrabbito.com>

* Reorder hashes

1.19.5 hashes should be near 1.19.x

* Added back blank line
2020-12-16 01:42:20 -08:00
Christoph Stäbler 1a491fc10c
Update hashes and set default to 1.19.4 (#6903) 2020-12-03 06:34:59 -08:00
Emerson Ford f377d9f057
Set etcd_.*_addresses to use etcd_[events_]access_address instead of access_ip (#6936) 2020-12-02 13:55:00 -08:00
Florian Ruynat db4e942b0d
Remove hyperkube from codebase (#6965) 2020-12-02 13:50:59 -08:00
Etienne Champetier 68b96bdf1a
Helm v3 only (#6846)
* Fix etcd download dest

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Only support Helm v3, cleanup install

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-12-02 00:20:50 -08:00
Victor Morales 4f7a760a94
Add crun support (#6864)
Signed-off-by: Victor Morales <v.morales@samsung.com>
2020-12-01 11:00:50 -08:00
Florian Ruynat f6eed8091e
Remove contiv related files (#6964) 2020-11-30 06:48:50 -08:00
Dmitry Chusovitin c09aabab0c
Remove executable bit from yaml and j2 files (#6894) 2020-11-29 20:18:48 -08:00
David Medinets fefcb8c9f8
Allow the eventRecordQPS setting to be set. (#6880)
* Allow the eventRecordQPS setting to be set.

The eventRecordQPS parameter controls rate limiting for event recording. When zero, unlimited events can cause denial-of-service situations. For my situation, I don't need more than a setting of "5". This change allows me to configure the setting before creating the cluster.

* Allow the eventRecordQPS setting to be set.

The default settings (see types.go) is five. So, this change does not affect the cluster provisioning. However, it does allow for the setting to be changed.
2020-11-03 00:42:15 -08:00
Victor Morales e03e3c4582
Add Kata Containers support to CRI-O runtime (#6830)
* Enable Kata Containers for CRI-O runtime

Kata Containers is an OCI runtime where containers are run inside
lightweight VMs. This runtime has been enabled for containerd runtime
thru the kata_containers_enabled variable. This change enables Kata
Containers to CRI-O container runtime.

Signed-off-by: Victor Morales <v.morales@samsung.com>

* Set appropiate conmon_cgroup when crio_cgroup_manager is 'cgroupfs'

* Set manage_ns_lifecycle=true when KataContainers is enabed

* Add preinstall check for katacontainers

Signed-off-by: Victor Morales <v.morales@samsung.com>

Co-authored-by: Pasquale Toscano <pasqualetoscano90@gmail.com>
2020-10-23 03:07:46 -07:00
Hans Feldt 04b19359cb
allow non existing etcd group (#6797)
When using kubeadm managed etcd, configuring an etcd group can now
be skipped.
2020-10-21 07:32:20 -07:00
Florian Ruynat 60b0fb3e88
Update hashes and set default version to 1.19.3 (#6841) 2020-10-21 00:58:20 -07:00
holmesb 4cb5a4f609
Fix line-spacing in no_proxy.yml (#6810)
Signed-off-by: holmesb <5072156+holmesb@users.noreply.github.com>
2020-10-11 08:50:47 -07:00
Hans Feldt 92b1166dd0
Disable dashboard by default (#6804)
Users should opt in for features and not opt out.
2020-10-11 08:06:47 -07:00
holmesb 1301e69c7d
If no_proxy_exclude_workers is true, workers will be excluded from the no_proxy variable.  This prevents docker engine restarting when scaling workers. (#6520)
Signed-off-by: holmesb <5072156+holmesb@users.noreply.github.com>
2020-10-09 01:15:07 -07:00
Hans Feldt 28073c76ac
Calico upgrade path validation and old version cleanup (#6733)
* calico: add constant calico_min_version_required

and verify current deployed version against it.

* calico: remove upgrade support with data migration

The tool was used pre v3.0.0 and is no longer needed.

* calico: remove old version support from tasks

* calico: remove old ver support from policy ctrl

* calico: remove old ver support from node

* canal: remove old ver support

* remove unused calicoctl download checksums

calico_min_version_required is the oldest version that can be installed
Older versions can be removed.
2020-09-24 09:04:06 -07:00
Hans Feldt 6141b98bf8
calico: default to using kdd datastore (#6693)
If already deployed, get current datastore from CNI config file
2020-09-23 08:38:09 -07:00
lukasz bielinski 5f034330c5
properly generate extravolumes in kubeadmconfig for centos (#6708) 2020-09-23 01:20:09 -07:00
Florent Monbillard 5bd937ece0
Remove pypi repo and pip extra flags (#6729) 2020-09-21 13:27:51 -07:00
Florian Ruynat 79226d0870
Add Kubernetes hashes 1.19.2/1.18.9/1.17.12 and set default (#6698) 2020-09-17 11:12:45 -07:00
Hans Feldt 6da385de9d
Use "kubeadm join" to join masters to control plane (#6661)
Remove configuration variable kubeadm_control_plane
2020-09-17 04:34:45 -07:00
Hans Feldt 0cc5e3ef03
Remove workaround with kube_proxy_remove (#6512)
* kube-proxy never gets deployed so need to remove it
2020-09-17 04:30:45 -07:00
Florian Ruynat a556f8f2bf
Remove deprecated (and removed in 1.19) flag and function --basic-auth-file (#6655) 2020-09-11 00:30:14 -07:00
Florian Ruynat ad15721677
Add Kubernetes 1.19.1 hashes and set default (#6654) 2020-09-10 10:43:46 -07:00
Mikael Johansson 040dda37ed
Add comment clarifying network allocation and sizes (#6607)
* Add comment from roles/kubespray-defaults/defaults/main.yaml clarifying network allocation and sizes

Signed-off-by: Mikael Johansson <mik.json@gmail.com>

* Rewrite of the comment and added new examples

Signed-off-by: Mikael Johansson <mik.json@gmail.com>
2020-09-10 03:49:44 -07:00
Maxime Guyot 961149b865
Update kube_version_min_required for 2.14 release (#6634) 2020-09-07 23:59:43 -07:00
Florian Ruynat f1566cb8c2
Add protectKernelDefaults option (default true) to kubelet config file (#6611) 2020-09-03 07:41:41 -07:00
Lovro Seder c1ba8e1b3a
Rotate kubelet server certificate. (#6453)
* Rotate kubelet server certificate.

* CI test kubelet server cert rotation

* Approve kubelet serving certificates in tests.
2020-09-03 07:25:41 -07:00
Barry Melbourne 058438a25d
Remove support for CoreOS Container Linux (#6576) 2020-08-28 02:28:53 -07:00
Florian Ruynat 142b9e1eff
Update k8s hashes and set default version to 1.18.8 (#6532) 2020-08-21 00:09:39 -07:00
Arthur Outhenin-Chalandre 35682b5228
Fix cilium strict kube proxy replacement in HA (#6473)
* Update the cilium svc proxy test to HA mode

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Fix cilium strict kube-proxy in HA

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Add a single global endpoint variable

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Add cilium docs about kube-proxy replacement

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Fix issues in docs

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-06 00:14:55 -07:00
Cristian Chiru 94df580674
Moved docker_dns_options to defaults so it can be overridden (#6394)
* Moved docker_dns_options to defaults so it can be overridden

* Fixed yaml indentation and markdown

* Moved docker_dns_search_domains to defaults
2020-08-01 00:29:41 -07:00
Arthur Outhenin-Chalandre 3550e3c145
Adding kube-proxy-replacement support in cilium (#6334)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-07-30 02:46:31 -07:00
Florent Monbillard 924cc11af6
Upgrade to kubernetes 1.18.6 (#6405)
- Add 1.17.9 and 1.16.13 SHAs
2020-07-29 14:54:09 -07:00
chenguoquan1024 9c48f666ec
change /etc/ssl/etcd to etcd_config_dir param (#6408)
* change /etc/ssl/etcd to etcd_config_dir param

* add use etcd_events_data_dir param
2020-07-21 23:58:05 -07:00
Florian Ruynat f515898cb5
Update hashes and set default version to 1.18.5 (#6335) 2020-06-30 02:00:05 -07:00
Kenichi Omichi 25bab0e976
Change MetalLB to one of addons (#6238)
This changes MetalLB contrib to one of addons for deploying MetalLB with
Kubernetes cluster deployment. By the default, Kubespray doesn't deploy
MetalLB addon.
2020-06-29 15:11:59 -07:00
Joel Seguillon 4c1e0b188d
Add .editorconfig file (#6307) 2020-06-29 12:39:59 -07:00
Qasim Sarfraz 16ad344c41
Gather ansible_default_ipv4 for specific groups (#6318) 2020-06-25 23:55:31 -07:00
bozzo 276c450759
Use `connection: local` when `delegate_to: localhost` (#6322)
This will avoid SSH connection on the local host
2020-06-25 08:14:38 -07:00
Hans Feldt 93951f2ed5
fix use of ansible tags (#6316)
tags are not inherited for include_role therefore the change
from include to import

Co-authored-by: Hans Feldt <hafe@users.noreply.github.com>
2020-06-25 03:00:37 -07:00
Alvaro 80d16e6c91
Support for Ambassador OSS as an Ingress (#6135)
Support for Ambassador OSS as an Ingress Controller when
settings `ingress_ambassador_enabled: true`.

Signed-off-by: Alvaro Saurin <alvaro.saurin@gmail.com>
2020-06-24 07:39:17 -07:00
Pasquale Toscano 8f5c4dcd2e
Add support for Kata Containers (#6256)
* Install Kata Containers as additional container runtime

* Create RuntimeClasses for Kata Containers

* Updated Vagrant to optionally run without Docker as container manager

* Updated Vagrant to optionally use Libvirt nested virtualization

* Add Kata Containers documentation

* Fix lint errors

* Add kata_containers_enabled to kubespray-defaults

* Fixed typo error

* Fixed typo error
2020-06-22 00:28:39 -07:00
Florian Ruynat eeb77369cb
Update hashes and set default to 1.18.4 (#6285) 2020-06-18 06:30:19 -07:00
Florian Ruynat 45d8797dce
Fix download boolean for local_path_provisioner (#6177) 2020-05-28 06:56:02 -07:00
Cody Seavey b6e21a18cc
Modify the populate no_proxy task to use a combine rather than relying on the hash_behaviour setting to be set to merge rather than replace (#6112) 2020-05-28 06:42:03 -07:00
Florian Ruynat b2a0b649fd
Add new Kubernetes version hashes and set default to 1.18.3 (#6173) 2020-05-28 01:02:03 -07:00
Paul Rey b5aaaf864d
Add additional network configuration options to external Openstack CCM (#6083) (#6085)
* Add additional network configuration options to external Openstack CCM (#6083)

* Change the default version of external openstack cloud controller image to v1.18.1 since there was an issue in v1.18.0 where some IPs of the private network were ignored

* Change Network section in external-openstack-cloud-config.j2 to Networking

* Add networking customization information in the openstack documentation
2020-05-18 02:31:36 -07:00
Florian Ruynat c06f482901
Update default kubernetes version to 1.18.2 (#6064) 2020-05-06 11:17:09 -07:00
Maxime Guyot 353d44a4a6
Add CI var for http_proxy (#6039) 2020-04-30 05:44:17 -07:00
Florian Ruynat 299e35ebe4
Cleanup unused/erroneous variables (#6003) 2020-04-24 01:54:07 -07:00
Pierre Lebrun 03c8d0113c
Add vSphere external cloud provider (#5959) 2020-04-20 08:47:39 -07:00
Sergey 6318bb9f96
Return the ability to start control plain from the hyperkube image (#5422) 2020-04-18 05:59:36 -07:00
Florian Ruynat 49bd208026
Update hashes (1.18.2/1.17.5/1.16.9) and set default to 1.17.5 (#5967) 2020-04-17 06:55:07 -07:00
Sergey 35f248dff0
assembly fallback_ips and no_proxy var only one time on localhost and… (#5957)
* assembly fallback_ips and no_proxy var only one time on localhost and populate result on all hosts

* add tag always, fix ansible lint errors

* workaround to mitogen issue dw/mitogen#663

* do not gather fact before install python on coreos like distros

* try to pass docker molecule test
2020-04-16 07:22:47 -07:00
Alexander Kross 910a821d0b
Fix chicken and egg problem with proxy_env not defined on the first … (#5896)
* Fix chicken and egg problem with proxy_env not defined on the first envinronment usage.

* Disable fact gathering for the first proxy_env evaluation.

* Move proxy_env var set up from the role defaults to the root playbooks as fact.
2020-04-08 00:53:43 -07:00
Ali Sanhaji 937adec515
Azure Disk CSI deployment (#5833)
* Azure Disk CSI deployment

* Mention Azure CSI support

* Fix: remove unnecessary file

* Typo in documentation

* Add newline to end of file
2020-04-01 00:53:27 -07:00
Ali Sanhaji 484df62c5a
GCP Persistent Disk CSI Driver deployment (#5857)
* GCP Persistent Disk CSI Driver deployment

* Fix MD lint

* Fix Yaml lint
2020-03-31 00:06:40 -07:00
Florian Ruynat 09308d6125
Upgrade to Kubernetes 1.174 (#5628)
* Upgrade to Kubernetes 1.17.4 - change defaults

* Update ci jobs to previous k8s release (will fix them afterward)
2020-03-27 07:40:23 -07:00
Ali Sanhaji a8a05a21a4
AWS EBS CSI implementation (#5549)
* AWS EBS CSI implementation

* Fixing image repos

* Add OWNERS file

* Fix expressions

* Add csi-driver tag

* Add AWS EBS prefix to variables

* Add AWS EBS CSI Driver documentation
2020-03-25 13:10:25 -07:00
Xiaodu 63fa406c3c
Move host_architecture to kubespray-defaults (#5811)
The variable is defined in `kubernetes/preinstall` role and used in several roles. Since `kubernetes/preinstall` is not always included when `ansible-playbook` is run with tag selectors (see #5734 for reason), they will fail, or individual roles must copy the same fact definitions (as in #3846). Moving the definition to the always-included `kubespray-defaults` role will resolve the dependency problem.
2020-03-25 12:58:25 -07:00
eddebc db693d46df
Fixed an issue where without a default GW, ansible_default_ipv4 would return an empty dict which passed as a valid fallback_ip dict item (#5394) 2020-03-20 14:06:09 -07:00
spaced 8ce5a9dd19
remove atomic support because reached end of live (#5783) 2020-03-17 14:31:27 -07:00
spaced 876d4de6be
Fedora CoreOS support (#5657)
* fedora coreos support
- bootstrap and new fact for

* fedora coreos support
- fix bootstrap condition

* fedora coreos support
- allow customize packages for fedora coreos bootstrap

* fedora coreos support
- prevent install ptyhon3 and epel via dnf for fedora coreos

* fedora coreos support
- handle all ostree like os in same way

* fedora coreos support
- handle all ostree like os in same way for crio

* fedora coreos support
- add fcos documentations
2020-03-17 03:12:21 -07:00
Michael Shnit 29128eb316
Add AWS ALB Ingress Controller (#5489)
* Add AWS ALB Ingress Controller Ansible role

* remove trailing spaces

* update owners

* ALB ingress: update rbac clusterrole and remove role

* Move alb-ingress role to roles/kubernetes-apps/ingress_controller folder
2020-03-16 02:58:35 -07:00
Florent Monbillard 0330442c63
Kubernetes 1.16.8 (#5770)
* Kubernetes 1.16.8

* Use 1.16.8 in sample inventory and kubespray-defaults
2020-03-13 13:41:47 -07:00
Sergey 221b429c24
move var preinstall_selinux_state: to roles/kubespray-defaults/defaults/main.yaml (#5715) 2020-03-10 07:45:35 -07:00
Kubernetes Prow Robot 66408a87ee
Refactor download role (#5697)
* download file

* download containers

* fix push image to nodes

* pull if none image on host

* fix

* improve docker image tag checks.
do not pull already cached images

* rebase fix merge conflict

* add support download_run_once when upgrade and scale cluster
add some test with download_run_once

* set default values to temp flag for every download cycle

* add save,load abilty for containerd and crio when download_run_once=true

* return redefine image save/load command to  set_docker_image_facts.yml

* move set command to set_container_facts

* ctr in containerd_bin_dir

* fix order of ctr image export arguments

* temporary disable download_run_once for containerd and crio
due https://github.com/containerd/containerd/issues/4075

* remove unused files

* fix strict yaml linter warning and errors

* refactor logical conditions to pull and cache container images

* remove comment due lint check

* document role

* remove image_load_on_localhost, because cached images are always loaded to docker on remote sites

* remove XXX from debug output
2020-03-05 07:31:39 -08:00
Hugo Blom 0c1a0ab966
implement max-volumes for cinder csi (#5666) 2020-03-02 03:30:43 -08:00
Hugo Blom 171d2ce59c
Implement topology support for Cinder CSI (#5667)
* make cinder csi topology aware

* change feature description do better reflect whats being done

* remove sameas true since it isn't required
2020-02-26 05:12:25 -08:00
Ali Sanhaji 646fd5f47b
External OpenStack Cloud Controller Manager implementation (#5491)
* External OpenStack Cloud Controller Manager implementation

* Adding controller image tag

* Minor fixes

* Restructuring the external cloud controller to work with KubeADM
2020-02-18 04:47:28 -08:00
Sylvain Chateau 0ca7aa126b
added "Flatcar", "Flatcar Container Linux by Kinvolk" for all coreOS role (#5607) 2020-02-18 00:15:29 -08:00
Florian Ruynat f56171b513
Remove old features gates (#5608) 2020-02-14 02:24:17 -08:00
Arthur Outhenin-Chalandre 5e648b96e8
Fix default value of kube_api_server_endpoint (#5529)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-02-11 01:40:01 -08:00
Etienne Champetier 9f2dd09628
Add proxy support to containerd, improves no_proxy (#5583)
* containerd: add proxy support

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* kubespray-defaults: add kube_service_addresses / kube_pods_subnet to no_proxy

CIDR notation in no_proxy is supported by a lot of programs/languages,
including go: https://github.com/golang/go/issues/16704
Without that containerd cannot talk the the API server (kube_apiserver_ip),
but it should not go through an external proxy for the nodes/pods/services

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-01-29 01:24:14 -08:00
Florian Ruynat f1025dce4e Update to hashes and default version (1.15.8 / 1.16.5 / 1.17.1) (#5564) 2020-01-23 03:54:49 -08:00
Matthew Mosesohn 18cee65c4b Add support for k8s v1.17.0-rc.1, remove hyperkube (#5378)
Change-Id: I3fff04f0211cd9c2e8235acaf51c3aa98abc8bb7
2019-11-28 05:41:03 -08:00
Florian Ruynat 257c20f39e add 1.16.3 checksums and set new version as default (#5384) 2019-11-27 01:29:20 -08:00
Ali Sanhaji b0ee1f6cc6 Deploy Cinder CSI driver to provision volumes over OpenStack (#5184)
* Deploy Cinder CSI driver to provision volumes over OpenStack

* Deploy Cinder CSI StorageClass

* Cinder CSI doc
2019-11-01 00:59:24 -07:00
Sergey 81d57fe658 set calico_datastore default value in role kubespray-default (#5259) 2019-10-17 05:58:38 -07:00
Hugo Blom db33dc6938 Add support for Kubernetes 1.16.2 (#5272)
* Add support for Kubernetes 1.16.1

* Defaults to 1.16.1

* add 1.16.2 checksums and set new version as default

* correct 1.16.2 checksums and add 1.15.5 checksums
2019-10-16 18:34:38 -07:00