Commit Graph

819 Commits (01c86af77fb1461339bc860b2c3575b57681963c)

Author SHA1 Message Date
Tom M e7d29715b4
Add kubelet_cpu_manager_policy_options (#11023) 2024-03-22 12:21:39 -07:00
Max Gautier 3305383873
Fix ansible python version range (#11009) 2024-03-14 05:54:31 -07:00
Max Gautier 7f6ca804a1
Upgrade ansible-core to 2.16.4 (#10984)
* upgrade ansible version

Needed for with_first_found to work correctly:
https://github.com/ansible/ansible/issues/70772 fixed in 2.16

* Remove unused google cloud cloud_playbook

* Fix dpkg_selection on non-existing packages

Needed since ansible-core>2.16, see:
f10d11bcdc
2024-03-14 02:12:45 -07:00
Max Gautier d40b073f97
Add extra_vars support to vagrant setup (#10932) 2024-02-19 02:58:20 -08:00
Max Gautier c13b21e830
Explicit private/public nature of `*ip` vars (#10904) 2024-02-19 02:00:26 -08:00
Radek Smid 8d5091a3f7
fix: Kubelet not starting because of non-existent feature gate (#10448) 2024-02-16 01:27:46 -08:00
Kundan Kumar bfbb3f8d33
updated ingress controller version (#10868) 2024-02-12 01:11:03 -08:00
Oliver Larsson 65e22481c6
Remove documentation for removed in-tree openstack provider (#10889) 2024-02-06 01:11:00 -08:00
anders-elastisys c698790122
add nat_outgoing_ipv6 to calico defaults and docs (#10866) 2024-02-05 23:14:22 -08:00
Max Gautier 11c01ef600
docs: vagrant-libvirt is tested in CI (#10847) 2024-01-31 05:13:17 -08:00
Takuya Murakami 785366c2de
[kubernetes] Support kubernetes 1.29 (#10820)
* [kubernetes] Make kubernetes 1.29.1 default

* [cri-o]: support cri-o 1.29

Use "crio status" instead of "crio-status" for cri-o >=1.29.0

* Remove GAed feature gates SecCompDefault

The SecCompDefault feature gate was removed since k8s 1.29
https://github.com/kubernetes/kubernetes/pull/121246
2024-01-31 00:57:23 -08:00
Max Gautier e3ea19307a
Doc clarification: skipping patches releases is OK (#10850) 2024-01-29 22:31:40 -08:00
Kundan Kumar 4ea1a0132e
Updated vagrant.md (#10836) 2024-01-28 21:16:35 -08:00
jandres - moscardo 0ddf872163
Update upgrades.md with serial=1 for rolling updates (#10837)
* Update upgrades.md

 modify env serial to have real rolling upgrades

* Update upgrades.md

change section for serial

* Update docs/upgrades.md

Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com>

---------

Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com>
2024-01-28 21:07:17 -08:00
Slavi Pantaleev a487667b9d
Make large-deployments.md link to downloads.md (#10840) 2024-01-25 14:55:33 +01:00
Max Gautier c80f2cd573
Allow the DNS stack to be backward compatible with an old dns_domain (#10630)
Handle all old dns domains:
- for nodelocaldns: in the same server block as the current dns_domain
- for coredns: uffix rewrite of each of the old dns domains to the
  current one
2024-01-24 06:31:22 +01:00
Maxime Leroy ab0163a3ad
fix(kubernetes): taint nodes with kubectl (#10705)
Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
2024-01-23 15:46:13 +01:00
Louis Tu a88bad7947
Add scheduler plugins support (#10747)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-01-23 07:42:33 +01:00
Serge Hartmann a2ed5fcd3d
Doc: variable cilium_ipsec_key must be base64 encoded (#10781)
Signed-off-by: serge Hartmann <serge.hartmann@gmail.com>
2024-01-22 17:49:00 +01:00
Yuhao Zhang 0e971a37aa
Offline control plane recover (#10660)
* ignore_unreachable for etcd dir cleanup

ignore_errors ignores errors occur within "file" module. However, when
the target node is offline, the playbook will still fail at this task
with node "unreachable" state. Setting "ignore_unreachable: true" allows
the playbook to bypass offline nodes and move on to proceed recovery
tasks on remaining online nodes.

* Re-arrange control plane recovery runbook steps

* Remove suggestion to manually update IP addresses

The suggestion was added in 48a182844c 4
years ago. But a new task added 2 years ago, in
ee0f1e9d58, automatically update API
server arg with updated etcd node ip addresses. This suggestion is no
longer needed.
2024-01-22 17:22:27 +01:00
Max Gautier a9e29a9eb2
Fix etcd client generation (#10769)
* ci: redefine multinode to node-etcd-client

This should allow to catch several class of problem rather than just
one -> from network plugin such as calico or cilium talking directly to
the etcd.

* Dynamically define etcd host range

This has two benefits:
- We don't play the etcd role twice for no reason
- We have access to the whole cluster (if needed) to use things like
  group_by.
2024-01-16 15:50:41 +01:00
qlijin beb2660aa8
Update docs for crio (#10785) 2024-01-16 05:23:09 +01:00
Max Gautier e90cae9344
Refactor check_galaxy + fix version (#10729)
* Remove checks for docs using exact tags

Instead use a more generic documentation for installing kubespray as a
collection from git.

* Check that we upgraded galaxy.yml to next version

This is only intented to check for human error. The version in galaxy
should be the next (which does not mean the same if we're on master or a
release branch).

* Set collection version to KUBESPRAY_NEXT_VERSION
2024-01-11 15:49:31 +01:00
Louis Tu a656b7ed9a
Add kube_vip_lb_fwdmethod option for kube-vip (#10762)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-01-09 08:22:13 +01:00
Kay Yan 565eab901b
remove containerd registries (#10738) 2023-12-21 10:01:12 +01:00
Max Gautier 243ca5d08f
Add test case for calico using etcd datastore (#10722)
* Add multinode ci layout

* Add test case for calico using etcd datastore
2023-12-20 09:59:02 +01:00
Max Gautier 471326f458
Remove PodSecurityPolicy support and references (#10723)
This is removed from kubernetes since 1.25, time to cut some dead code.
2023-12-18 14:13:43 +01:00
Max Gautier 7395c27932
CI: Document the 'all-in-one' layout + small refactoring (#10725)
* Rename aio to all-in-one and document it

ADTM.
Acronyms don't tell much.

* Refactor vm_count in tests provisioning
2023-12-18 11:33:13 +01:00
jandres - moscardo cb848fa7cb
New PR default node selector (#10607) 2023-12-12 14:51:26 +01:00
Louis Tu 8f2390a120
Fix the path of download.yml (#10711)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-12-12 13:47:27 +01:00
Max Gautier 51069223f5
Decouple kubespray-defaults from download (#10626)
* Decouple role kubespray-defaults from download

Avoids doing re-importing the download role on every invocation of
kubespray-defaults (and skipping everything).

This has a measurable effect on playbook performance.

* Update docs refering to moved download defaults
2023-12-11 16:56:17 +01:00
Kundan Kumar af1f318852
Updated AWS ALB ingress controller version (#10680) 2023-12-07 10:29:16 +01:00
Jelmer Vernooij fa7a504fa5
Drop installation notes for Debian Jessie (#10642)
Jessie has not received security updates for at least three years. See https://www.debian.org/releases/jessie/
2023-11-28 22:35:28 +01:00
Lukáš Kubín f46910eac3
Add helm support for custom_cni deployment (#10529)
* Add helm support for custom_cni deployment

* Linting correction

* Ansible linting correction

* Add test packet with values

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Add custom_cni configuration file with comments

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Default values cleanup

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Add details to custom_cni configuration file

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Set correct yaml type of helm values

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Set CNI filesystem ownership to root

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Update cilium example parameter name

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

---------

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>
2023-11-16 00:32:21 +01:00
Arthur Outhenin-Chalandre 7ba85710ad
Update to ansible 2.15 (#10481)
* ansible: upgrade to version >= 2.15.5

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* tests: update requirements

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* contrib/openstack: fix wrong gitignore pattern

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* tests: add missing tzdata requirement

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* tests: remove some molecules tests

Those doesn't work in Ansible 2.15. Ansible can't load builtin now
apparently and these tests are not worth it.

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2023-11-15 09:39:09 +01:00
Louis Tu 32743868c7
Add cri-o criu support (#10479)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-11-08 16:57:32 +01:00
Kay Yan c9d685833b
cleanup-for-2.23.1 (#10600) 2023-11-07 13:58:49 +01:00
Louis Tu fa9e41047e
Add kubectl alias support (#10552)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-10-30 17:23:19 +01:00
Unai Arríen 228efcba0e
Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/con… (#10464)
* Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane

* Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane

* Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane
2023-10-17 21:39:40 +02:00
emiran-orange e65050d3f4
Ability to define GPG key path for Docker APT (#10513) 2023-10-13 04:06:04 +02:00
Feruzjon Muyassarov 1fd31ccc28
Refactor NRI activation for containerd and CRI-O (#10470)
Refactor NRI (Node Resource Interface) activation in CRI-O and
containerd. Introduce a shared variable, nri_enabled, to streamline
the process. Currently, enabling NRI requires a separate update of
defaults for each container runtime independently, without any
verification of NRI support for the specific version of containerd
or CRI-O in use.

With this commit, the previous approach is replaced. Now, a single
variable, nri_enabled, handles this functionality. Also, this commit
separates the responsibility of verifying NRI supported versions of
containerd and CRI-O from cluster administrators, and leaves it to
Ansible.

Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
2023-09-26 08:05:25 -07:00
Christian 7919a47165
[metallb] add config option for IPAddressPool avoidBuggyIPs (#10458)
* Add avoid_buggy_ips as optional
* Revert avoid_buggy_ips default back to false
* Change auto_assign to optional, default true
2023-09-21 20:29:49 -07:00
Toon Albers c31bb9aca7
docs: add Cilium CNI to sidebar (#10431) 2023-09-12 08:06:12 -07:00
Kay Yan 293573c665
update-docs-for-calico-in-centos (#10417) 2023-09-08 05:18:14 -07:00
Kay Yan 5ffdb7355a
cleanup-for-2.23.0 (#10420) 2023-09-08 04:40:13 -07:00
Florian Ruynat 9696936b59
Fixup recover control plane playbook + add debian12/cilium test (#10411)
* Add debian12 cilium testing

* Fixup recover control plane playbook
2023-09-05 10:42:52 -07:00
蔣 航 ebd71f6ad7
Fix Typo kubelet_topology_manager_policy (#10384)
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2023-09-03 23:39:48 -07:00
Nicolas Goudry c677438189
docs: add command to restart nginx-proxy container when adding node (#10406) 2023-09-01 09:24:32 -07:00
Louis Tu cafe4f1352
Add kubelet topology manager policy on the node (#10370)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-08-18 01:26:28 -07:00
yun 77bda0df1c
Fix containerd config_path mirrors and remove nerdctl insecure_registry (#10196)
* Fix containerd_registries in config_path for mirrors and remove nerdctl global insecure_registry setting

* Make containerd hosts.toml mode 0640

* Add containerd_registries_mirrors and keep containerd_registries to pass packet_debian11-calico-upgrade
2023-08-16 05:18:27 -07:00