Commit Graph

422 Commits (release-2.20)

Author SHA1 Message Date
rptaylor 5bce39abf8
add optional parameter extra_groups for k8s_nodes (#9211) 2022-09-13 00:13:08 -07:00
Cristian Calin e6976a54e1
add pre-commit hook to facilitate local testing (#9158)
* add pre-commit hook configuration

* add tmp.md to .gitignore

* describe the use of pre-commit hook in CONTRIBUTING.md

* fix docs/integration.md errors identified by markdownlint

* fix docs/<file>.md errors identified by markdownlint

* docs/azure-csi.md
* docs/azure.md
* docs/bootstrap-os.md
* docs/calico.md
* docs/debian.md
* docs/fcos.md
* docs/vagrant.md
* docs/gcp-lb.md
* docs/kubernetes-apps/registry.md
* docs/setting-up-your-first-cluster.md
* docs/vagrant.md
* docs/vars.md

* fix contrib/<file>.md errors identified by markdownlint
2022-08-24 06:54:03 -07:00
Robin Ramquist f4daf5856e
Subnet setup order fix & Number of master nodes syntax fix (#9159)
* Subnet setup order fix & Number of master nodes syntax fix

* Mistake fix!

* Formatting
2022-08-18 00:56:43 -07:00
Kenichi Omichi 9c28f61dbd
Enable shellcheck for contrib/ (#9122)
Today we have many contributions to contrib/offline/ and some PRs
contained invalid coding style for those scripts.
This enables shellcheck to make such invalid coding style easily.
2022-07-26 23:32:32 -07:00
Ajarmar 0d32c0d92b
[upcloud] Add firewall default deny policy and port allowlisting (#9058) 2022-07-19 00:18:06 -07:00
yjqg6666 3d32f0e953
[#9067] archive offline-files and support env-var NO_HTTP_SERVER to skip nginx-running (#9068) 2022-07-12 00:24:52 -07:00
Robin Wallace bf477c24d3 Chnage from deprecated variable 2022-06-22 00:37:44 -07:00
ERIK 4a92b7221a
add manage offline files script (#8956)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-06-21 03:49:43 -07:00
Mohamed Zaian bb530da5c2 [registry] Switch registry to use registry.k8s.io
Please see the conversation here: https://groups.google.com/a/kubernetes.io/g/dev/c/DYZYNQ_A6_c
2022-06-08 14:12:22 +02:00
Kenichi Omichi 0e6b727e53
Update docs for using venv (#8842)
Due many patterns of Linux distributions, it is difficult to install
ansible dependencies as system-wide stably.
Apart of Kubespray doc[1] recommends to use venv to avoid such issue,
and this applies venv usage to the other parts of the doc.

[1]: https://github.com/kubernetes-sigs/kubespray/blob/master/docs/setting-up-your-first-cluster.md#set-up-kubespray
2022-05-19 23:39:12 -07:00
Cyclinder dc8ad78206
fix: incorrect condition type (#8822)
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2022-05-13 14:09:56 -07:00
ERIK 48e938660d
Allow replacement of address prefixes for all images (#8764)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-05-13 09:23:14 +03:00
Ajarmar b9e5b0cb53
UpCloud server plan, firewall, load balancer integration (#8758)
* [upcloud] add option to use preconfigured cpu/mem plan

* [upcloud] add option to use firewall rules for API server/SSH access

* [upcloud] add option to use managed load balancer
2022-05-11 10:15:03 -07:00
Kenichi Omichi aef25819bc
nit: Add offline note for kube-* images (#8718) 2022-05-10 06:41:44 -07:00
Robin Wallace fe66121287
[Openstack] master foreach and fixes (#8709)
* [openstack] fix for new network modules

* [openstack] for-each master nodes
2022-05-03 08:51:56 -07:00
Cristian Calin 6cc5b38a2e
[terraform] use modern day equinix metal provider (#8748)
* [terraform] use modern day equinix metal provider

* [CI] ensure packet job tests metal
2022-04-27 10:34:13 -07:00
Olle Larsson a4f26dc8f3
[terraform/openstack] add safespring to provider list (#8735) 2022-04-25 04:43:39 -07:00
SOPHAL HONG 3d4baea01c
Add tag to AWS VPC subnets for automatic subnet discovery by load balancers or ingress controllers (#8705) 2022-04-12 10:05:23 -07:00
Robin Wallace d7254eead6
UpCloud integration (#8653)
* [upcloud] add upcloud csi-driver

* Option to use ansible_host as api ip for kubueconfig
2022-04-11 15:13:23 -07:00
Anthony Bible 9dced7133c
Fixes for Hetzner terraform and Hetzner Cloud (#8702)
* - add ability to specify the network_zone in hetzner terraform
- Export the network id from hetzner terraform the the generated inventory.ini

* - Add with_networks variable to allow different deployments of hcloud controller manager

- Add network id to hcloud controller secret (added via the inventory)

- Don't include extra_args if it's not set
2022-04-11 10:26:06 -07:00
Christian Rohmann 90883e76af
terrform/openstack: Fix templating of ansible_ssh_common_args in no_floating.yml if used as TF module (#8646)
* terraform/openstack: Use path.module for ansible_bastion_template.txt

This extends on #7643 by not using path.root, but switching to path.module
to allow use of the terraform code as a module itself. This change then keeps
all calls to the template file stable even for that use-case.

* terraform/openstack: Make sed calls fail on errors

By using a single call with two replacements to use of sed will create proper exit codes
and allowing for errors to be recognized by terraform.
2022-03-29 00:07:11 -07:00
Kenichi Omichi fb7c56e3d3
Add unit test for print_hostnames of inventory.py (#8558)
This adds a unit test for the function.
2022-03-12 23:40:23 -08:00
Mathieu Parent 299a9ae7ba
terraform/gcp: Add ingress_whitelist (#8590)
Also, do not create unneeded resources (target pools are charged and should
only be created when needed).
2022-03-02 16:52:46 -08:00
SOPHAL HONG 6d683c98a3
[Terraform-AWS] Replace CLB with NLB (#8578) 2022-02-24 23:53:54 -08:00
Kenichi Omichi cc45e365ae
Fix print_hostnames of inventory.py (#8554)
When trying to run print_hostnames of inventory.py, it outputs the following
error:

 $ CONFIG_FILE=./test-hosts.yaml python3 ./inventory.py print_hostnames
 Traceback (most recent call last):
   File "./inventory.py", line 472, in <module>
     sys.exit(main())
   File "./inventory.py", line 467, in main
     KubesprayInventory(argv, CONFIG_FILE)
   File "./inventory.py", line 92, in __init__
     self.parse_command(changed_hosts[0], changed_hosts[1:])
   File "./inventory.py", line 415, in parse_command
     self.print_hostnames()
   File "./inventory.py", line 455, in print_hostnames
     print(' '.join(self.yaml_config['all']['hosts'].keys()))
 KeyError: 'all'

because it is missed to load a hosts config file before printing hostnames.
This fixes the issue.
2022-02-17 13:57:03 -08:00
Mathieu Parent 31d4a38f09
terraform/gcp: Allow to change extra disk types (#8524) 2022-02-15 00:22:02 -08:00
SOPHAL HONG a6a79883b7
Fix: Error when creating subnets more than AZ (#8516) 2022-02-14 13:12:30 -08:00
Takuya Murakami b02e68222f
feat(offline): Improve generate_list.sh to generate offline file list using ansible (#8537) (#8538)
Use jinja2 template and ansible to expand variables.
2022-02-13 23:19:28 -08:00
DenisKa 696101a910
Fixed mitogen.yml (#8508)
Fixed the problem when call ansible-playbook contrib/mitogen/mitogen.yml
"The error was: 'dict object' has no attribute 'section'"

What type of PR is this?

/kind bug

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:
2022-02-07 01:39:43 -08:00
Cristian Calin 7759494c85
[terraform][openstack] allow disabling port_security at port level (#8455)
Use openstack_networking_port_v2 and openstack_networking_floatingip_associate_v2
to attach floating ips. This gives us more flexibility on disabling port security
when binding instances directly on provider networks in private cloud scenario.
2022-02-02 08:50:22 -08:00
Mathieu Parent 958bca8800
terraform/gcp: Do not create unused subnetworks and Upgrade to latest google provider (#8497)
* terraform/gcp: Do not create unused subnetworks

By default terraform creates a subnetwork in each 39 regions

* terraform/gcp: Upgrade to latest google provider

... where "one of source_tags, source_ranges, or source_service_accounts must be defined"
2022-02-01 09:14:11 -08:00
Michael Schmitz eacd55fbca
Use sysctl_file_path variable for all sysctl_file locations (#8395)
* Use sysctl_file_path variable for all sysctl_file locations

* Add sysctl_file_path variable to kubespay-defaults

* Remove previously used sysctl file locations if present

* Use explicit filename in roles/kubernetes/node/defaults/main.yml

* Defaults: use explicit value
2022-02-01 08:12:10 -08:00
Mathieu Parent 3562d3378b
terraform/gcp: Allow to use preemptible VM instances (#8480) 2022-01-31 00:30:24 -08:00
Cristian Calin c40b43de01
[mitogent] update to 0.3.2 (#8470) 2022-01-27 08:36:59 -08:00
ceesios d86a3b962c
Proposing fixes for contrib/terraform/vsphere/ #8436 (#8441)
* fixes issues in vSphere Terraform contrib. #8436

* fix formatting

* add variables to the main module and document changes

* add missing newline
2022-01-25 05:24:30 -08:00
Mathieu Parent d64b341b38
Update terraform GCP to Ubuntu 20.04 (latest LTS) (#8463)
* Fix terraform Warning

Version constraints inside provider configuration blocks are deprecated

Terraform 0.13 and earlier allowed provider version constraints inside the
provider configuration block, but that is now deprecated and will be removed
in a future version of Terraform. To silence this warning, move the provider
version constraint into the required_providers block.

* Fix terraform Warning: Quoted references are deprecated

* terraform: Update GCP Ubuntu to latest LTS
2022-01-25 01:22:30 -08:00
Cristian Calin ea44d64511
[contrib] terraform openstack: allow disabling port security (#8410) 2022-01-14 12:58:32 -08:00
moss2k13 135c9b29a7
contrib: add cloud-init support for terraform vms (#8394)
* contrib: add cloud-init support for terraform vms

This change enables instance customization via cloud-init,
for example: additional CA certs, custom SSH access etc.

* contrib: update docs for terraform cloud-init

* contrib: disable yamllint in cloud-init

require-starting-space rule breaks cloud-init header

* contrib: documenation formatting

* yamllint: disable comments related checks

* docs: markdown formatting
2022-01-11 05:23:16 -08:00
Kenichi Omichi f80fd24a55
Fix risky-file-permissions (#8370)
When running ansible-lint directly, we can see a lot of warning
message like

  risky-file-permissions File permissions unset or incorrect

This fixes the warning messages.
2022-01-09 01:51:12 -08:00
Kenichi Omichi 51bd9bee0d
Move containerd_version to defaults/main.yml (#8379)
All container image versions were defined in download/defaults/main.yml
except containerd.
The inconsistency caused the offline script(generate_list.sh) could not
output the URL of containerd image.
This moves the definition into a valid file.
In addition, this adds host_os to generate_list.sh for downloading
krew from a valid URL.
2022-01-09 01:47:12 -08:00
zemkogabor 996ecca78b
Glusterfs daemonset readiness and liveness params. #8307 (#8309) 2021-12-23 00:32:37 -08:00
Robin Wallace 38c12288f1
Add option for boot volume type for k8s node (#8256) 2021-11-30 12:59:01 -08:00
Olle Larsson fe0810aff9
Add option to set different server group policy for etcd, node, and master server (#8046) 2021-11-22 02:53:09 -08:00
Febrian Setianto f48ae18630
Use Pre-existing Floating IP for Bastion (#8214)
* use pre-existing floating IP for bastion

* document bastion_fips in readme
2021-11-19 07:58:52 -08:00
Lars Larsson 6eeb4883af
Fixes various issues in vSphere Terraform code (#8178)
* Fixes various issues in vSphere Terraform code

Provided to address various shortcomings and to fix the following
issue in upstream Kubespray:

https://github.com/kubernetes-sigs/kubespray/issues/8176

* Resolves Terraform formatting issues

* Sets default prefix to human-readable name

* Documents new default prefix in README
2021-11-12 11:40:29 -08:00
Cristian Calin a0be7f0e26
heketi: fix deployment logic that was broken by the ansible 3.4 upgrade (#8118) 2021-11-04 13:10:23 -07:00
Fredrik Liv e87d4e9ce3
Added terraform script for Hetzner cloud (#8053) 2021-10-07 10:11:46 -07:00
Kenichi Omichi 469b3ec525
Add definition check of disable_service_firewall (#7995)
When not specifying disable_service_firewall, the task is failed.
This adds the definition check.
2021-09-24 02:31:23 -07:00
Ray Terrill 1edb7d771f
Modify connection_strings_etcd to only return etcd nodes (#7966)
Modify connection_strings_etcd to only return etcd nodes - not master nodes - since this results in duplicate hosts in the generated Ansible inventory and is unnecessary.
2021-09-15 00:58:40 -07:00
Fredrik Liv aa00c1d91a
Updated UpCloud terraform script to use private network and dynamic (#7779)
additional disks
2021-09-10 13:55:21 -07:00