kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,925 Commits
29 Branches
81 Tags
163 MiB
Commit Graph

5297 Commits (0a2e68c9d38eb20ed76c713b9d05f07084defd86)

Author SHA1 Message Date
Max Gautier a2a2dfa419
k8s/control-plane: cleanup excessive defaulting 2024-09-23 20:37:56 +02:00
Max Gautier baf0a331c9
Don't generate static tokens for nodes and control planes 
Nodes to api-server relies by default certificates, and bootstrap
tokens, and there should be no need to generate tokens for every nodes,
even when enabling static token auth.
 2024-09-23 16:58:42 +02:00
Baargav 1c0718bb7d
update containerd 1.7.22 (#11554) 2024-09-23 15:31:59 +01:00
Kubernetes Prow Robot 03a055c383
Merge pull request #10643 from VannTen/cleanup/k8s_node_templates 
Refactor kubernetes/node templates
 2024-09-23 14:16:00 +01:00
Max Gautier 2ec1c93897
Test group membership with group_names 
Testing for group membership with group names makes Kubespray more
tolerant towards the structure of the inventory.
Where 'inventory_hostname in groups["some_group"] would fail if
"some_group" is not defined, '"some_group" in group_names' would not.
 2024-09-21 14:09:09 +02:00
Kubernetes Prow Robot 93ee1226eb
Merge pull request #11521 from VannTen/cleanup/deduplicate_kubeadm_control_plane 
Use in inventory variables rather than patch files for kubeadm_patches
 2024-09-20 01:05:14 +01:00
Leeon Fu 4323e5d039
Reset operation, disable service enabled and clean container's logs. (#11501) 2024-09-19 19:14:37 +01:00
Kubernetes Prow Robot 893e9cb177
Merge pull request #11471 from VannTen/feat/config_plugin_list 
Update the list of admission plugins which needs config
 2024-09-18 13:18:44 +01:00
Qasim Mehmood e550118314
Allow setting annotations on ingress-nginx service (#11544) 2024-09-18 11:54:44 +01:00
Max Gautier c3de25c782
Move the CRI endpoint setting to kubelet config (#11550) 
The `--container-runtime-endpoint` kubelet argument is deprecated in
favor of the config file alternative.
 2024-09-18 01:34:45 +01:00
Kevin Huang c601c8faf2
fix: Swap kubespray-defaults & boostrap-os (#11441) 
- Execute boostrap-os before so that Python is installed for kubespray-defaults
- Remove outdated kubespray-defaults dependency on boostrap-os
 2024-09-12 22:21:12 +01:00
Max Gautier c87097fc35
Document how to use kubeadm patches 2024-09-12 10:31:09 +02:00
Max Gautier 8e254ec1e8
kubeadm: allow to provide patch inline in inventories 
Specifying one directory for kubeadm patches is not ideal:
1. It does not allow working with multiples inventories easily
2. No ansible templating of the patch
3. Ansible path searching can sometimes be confusing

Instead, provide the patch directly in a variable, and add some quality
of life to handle components targeting and patch ordering more
explicitly (`target` and `type` which are translated to the kubeadm
scheme which is based on the file name)
 2024-09-10 20:37:14 +02:00
Max Gautier a8b66fd207
Deduplicate kubeadm_patches tasks 
kubernetes/control-plane and kubernetes/kubeadm roles both push kubeadm
patches in the same way.
Extract that code and make it a dependency of both.
This is safe because it's only configuration for kubeadm, which only
takes effect when kubeadm is run.
 2024-09-10 17:39:31 +02:00
M. Hamzah Khan d54cfba6c2
Fix SAN check on newer versions versions of openssl (#11277) 2024-09-09 10:04:27 +01:00
Qasim Mehmood 538a1f2791
Update multus to v4.1.0 and clarify cilium compatibility (#11434) 
* Update multus to v4.1.0 and clarify cilium compatibility

* Fix: bug introduced by #10934 where the template would break if multus was defined

* Set priorityClassName to system-node-critical for multus pods
 2024-09-09 03:56:27 +01:00
Max Gautier fe60832a02
Remove kubelet_node_{custom_flags,config_extra_args} 
There is no need to have an extra variables for this, just use different
values per host (using Ansible group_vars, for example)
 2024-09-06 09:35:34 +02:00
Max Gautier 1bc61c9f35
Simplify kubelet-config template 
Remove system|kube_master_<resource>_reserved variables.
Those variables are unnecessary because users can simply use the
variables in group_vars if they which to differentiate control plane
nodes from other nodes.

Set conservative defaults for ephemeral-storage and pids for both kube
and system reserved resources.
 2024-09-06 09:33:07 +02:00
Max Gautier 1533d40411
Fix kube_reserved_cgroups_for_service_slice 
The default value is used across kubespray but only defined in
kubernetes/node.
Move it to kubespray-defaults
 2024-09-06 09:25:23 +02:00
Bogdan Sass 4b324cb0f0
Rename master to control plane - non-breaking changes only (#11394) 
K8s is moving away from the "master" terminology, so kubespray should follow the same naming conventions. See 65d886bb30/sig-architecture/naming/recommendations/001-master-control-plane.md
 2024-09-06 07:56:19 +01:00
Max Gautier f9ebd45c74
boostrap-os: use import_tasks instead of symlinks (#11508) 
Working symlinks are dependant on git configuration (when using the playbook as
a git repository, which is common), precisely `git config
core.symlinks`.

While this is enabled by default, some company policies will disable it.

Instead, use import_tasks which should avoid that class of bugs.
 2024-09-05 08:24:49 +01:00
Max Gautier 7f527f6195
Drop support for RHEL 7 / CentOS 7 (#11246) 
* Simplify docker systemd unit

systemd handles missing unit by ignoring the dependency so we don't need
to template them.

* Remove RHEL 7/CentOS 7 support

- remove ref in kubespray roles
- move CI from centos 7 to 8
- remove docs related to centos7

* Remove container-storage-setup

Only used for RHEL 7 and CentOS 7
 2024-09-05 07:41:01 +01:00
刘旭 3da6c4fc18
Allow for configuring etcd progress notify interval and default set to 5s (#11499) 2024-09-05 06:29:05 +01:00
Max Gautier e744a117d6
Remove systemd version + ostree check for docker TasksMax (#11493) 
systemd ignores unknown keys (with a warning) so version checking is not
necessary.
There is no rationale for excluding it from ostree systems either.
 2024-09-02 13:16:57 +01:00
Jongwoo Han 03372d883a
upgrade nerdctl to v1.7.6 (#11492) 
Signed-off-by: Jongwoo Han <jongwooo.han@gmail.com>
 2024-09-01 11:20:44 +01:00
ChengHao Yang 8a961a60c2
Feat: Gateway API CRDs install support (#11376) 
* Feat: add Gateway API CRDs installation

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Feat: add Gateway API CRDs variable in inventory

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-08-31 08:24:45 +01:00
ERIK db0138b2f9
fix: incorrect member matching when removing etcd nodes (#11488) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-08-31 08:20:44 +01:00
Kay Yan 27c7dc7008
upgrade helm to v3.15.4 (#11486) 2024-08-30 06:39:30 +01:00
Lihai Tu acc5e579f6
Add conditional checking on ubuntu kernel unattended_upgrades disabling (#11479) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-08-29 15:47:39 +01:00
Ehsan Golpayegani 924a979955
Calico v3.28.[0-1] checksums and change calico default version (#11234) 
* make calico api server manifest backward compatible with version older than 3.27.3

Add 3.28.1 checksums
Add 3.28.0 checksums
Change default version to 3.27.3

* change default calico version to 3.28.1

* Set mount type to DirectoryOrCreate for hostPath needed by Calico
 2024-08-29 12:10:28 +01:00
Kay Yan 6acb44eeaf
update containerd 1.7.21 (#11478) 2024-08-29 04:22:29 +01:00
Takuya Murakami c89ea7e4c7
Fix: remove --config option from kubeadm upgrade (#11350) (#11352) 
We can't mix some options with --config for kubeadm upgrade.
The --config on upgrade is deprecated, and should be removed.
 2024-08-29 03:08:29 +01:00
Selçuk Arıbalı 3d9e4951ce
fix static api server advertise address (#11457) 2024-08-28 15:20:56 +01:00
Max Gautier 776b40a329
Adjust task name since we allow empty kube_node (#11474) 2024-08-28 06:35:02 +01:00
Max Gautier a3d0ba230d
Remove kubeadm_version and use kube_version instead (#11473) 
We explicitly check for equality so customizing kubeadm_version does not
work at the moment.

Use only one variable instead.
 2024-08-28 06:34:56 +01:00
Vlad Korolev 9a7b021eb8
Do not use ‘yes/no’ for boolean values (#11472) 
Consistent boolean values in ansible playbooks
 2024-08-28 06:30:56 +01:00
kyrie 961a6a8c9e
fix reset network for tencent OS (#11459) 
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
 2024-08-26 15:32:08 +01:00
Max Gautier 5b057c7328
Update list of admission plugins with a config file 2024-08-26 14:53:20 +02:00
Max Gautier d3402736d4
Remove special case for PodNodeSelector 
This is already handled by the previous task.
 2024-08-26 14:43:00 +02:00
Max Gautier 47c3949477
Change plugins_needs_config list format 
Makes easier diff when adding or removing plugins.
 2024-08-26 14:42:04 +02:00
Lola Delannoy 2f84567a69
Add containerd config options (#11080) 
* chore(containerd): add some config debug options

See: https://github.com/containerd/containerd/blob/v1.7.15/docs/man/containerd-config.toml.5.md

* chore(containerd): add CRI config options

See: https://github.com/containerd/containerd/blob/v1.7.15/docs/man/containerd-config.toml.5.md
See: https://github.com/containerd/containerd/blob/v1.7.15/docs/cri/config.md
 2024-08-21 05:13:05 +01:00
Mohamed Omar Zaian c4338687e1
[ingress-nginx] upgrade to 1.11.2 (#11463) 2024-08-19 06:10:27 -07:00
Mohamed Omar Zaian ad1ce92b41
Update node-feature-discovery to v0.16.4 (#11250) 2024-08-19 05:59:30 -07:00
kokyhm 1093c76f9b
bump k8s version (#11455) 2024-08-19 00:12:33 -07:00
Ho Kim 0306771c29
fix: cleanup networkmanager dns conf on reset (#11440) 2024-08-15 06:43:19 -07:00
Mengxin Liu 390d74706c
[kube-ovn] update version to 1.12.21 (#11445) 
Signed-off-by: Mengxin Liu <liumengxinfly@gmail.com>
 2024-08-15 06:39:18 -07:00
Ho Kim fe4cbbccd1
fix: correct resolvconf typo (#11439) 2024-08-14 02:07:55 -07:00
Selçuk Arıbalı e43e08c7d1
fix: use super-admin.conf for kube-vip on first master when it exists (#11422) 
* fix: use super-admin.conf for kube-vip when it exists

* Mathieu Parent add as co-author

Co-authored-by: Mathieu Parent <math.parent@gmail.com>

* template change for readability

* fix lint error

---------

Co-authored-by: Mathieu Parent <math.parent@gmail.com>
 2024-08-10 21:35:58 -07:00
Cyclinder 28712045a5
bump cni version to v1.4.0 (#10698) 2024-08-10 05:25:58 -07:00
Not Darko 1968db9a52
fix: skip multus when not defined (#10934) 
fix task failure:
TASK [kubernetes-apps/network_plugin/multus : Multus | Start resources] ************************************************
fatal: [hfal12k8n1 -> {{ groups['kube_control_plane'][0] }}]: FAILED! => {"msg": "Error in jmespath.search in json_query filter plugin:\n'ansible.vars.hostvars.HostVarsVars object' has no attribute 'multus_manifest_2'"}
 2024-08-06 03:42:50 -07:00
Slavi Pantaleev cc03ca62be
Avoid empty "supersede domain-name-servers" directives for dhclient.conf (#10948) 
Fixes https://github.com/kubernetes-sigs/kubespray/issues/10947

This patch aims to be minimal and intentionally:

- does not change the generation logic for `supersede_domain` and `supersede_search`
- does not change how `nameserverentries` (for NetworkManager) is built

It seems like `nameserverentries` in the "Generate nameservers for resolvconf, including cluster DNS"
task is built the same way as `dhclient_supersede_nameserver_entries_list`.
However, `nameserverentries` in the "Generate nameservers for resolvconf, not including cluster DNS"
task (below) is built differently for some reason. It includes `configured_nameservers` as well.
Due to these differences, I have refrained from reusing the same building logic
(`dhclient_supersede_nameserver_entries_list`) for both.

If the `configured_nameservers` addition can be removed or made to apply
to dhclient as well, we could potentially build a single list and then
generate the `nameserverentries` and `supersede_nameserver` strings from it.
 2024-08-06 03:38:51 -07:00
Injun Baeg 5f18fe739e
Restart kube-proxy pods only on configmap changes (#11401) 2024-08-06 00:50:50 -07:00
kyrie 343d680371
fix kylin OS choose NetworkManager (#11406) 
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
 2024-08-05 03:34:59 -07:00
Mohamed Omar Zaian 3d1653f950
[containerd] add hashes for versions '1.6.32-34', 'v1.7.17-20' and make v1.7.20 default (#11413) 2024-08-05 02:48:07 -07:00
James 4e99b94dcc
Add generic post upgrade hooks for node (#11368) 2024-07-31 21:58:48 -07:00
Sanyam Shah 54ac5a6de4
Update cni-kube-ovn.yml.j2 (#11357) 
Made corrections in Indentation at L658 which causes kubespray execution failed with YAML to Json conversion. #11356
 2024-07-31 21:58:39 -07:00
Mohamed Omar Zaian 8d497b49a6
[kubernetes] Add hashes for kubernetes 1.29.7, 1.28.[11-12] (#11407) 2024-07-31 03:50:56 -07:00
Kay Yan 86f980393c
Merge pull request #11402 from tu1h/fix_centos_baserepo 
Check CentOS-Base.repo exists for CentOS 7
 2024-07-30 11:08:22 +08:00
Erwan Miran d469503e84
Make netchecker log levels configurable (#11334) 
* Make netchecker log levels configurable

* use ETCD_LOG_LEVEL
 2024-07-28 23:57:56 -07:00
tu1h 351832ba1d
Check CentOS-Base.repo exists for CentOS 7 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-07-29 13:49:14 +08:00
R. P. Taylor 468c5641b2
fix kube_reserved so it only controls kubeReservedCgroup (#11367) 2024-07-26 01:39:20 -07:00
Ugur Can Ozturk 2299e49e0e
[containerd/tracing]: fix containerd tracing templating (#11372) 
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
 2024-07-26 01:30:38 -07:00
Tom M. c0fabccaf6
Add missing advertise-address flag to Kubeadm config, so it's passed to api-server (#11387) 2024-07-26 01:22:05 -07:00
Kay Yan 2ac5b37aa9
Merge pull request #11391 from tico88612/bump/k8s-1.30.3 
Make kubernetes v1.30.3 default
 2024-07-26 16:15:01 +08:00
Lihai Tu 8208a3f04f
Rename systemd module to systemd_service (#11396) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-07-26 01:11:39 -07:00
Lihai Tu 2d194af85e
Limit nodes in gather ansible_default_ipv4 (#11370) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-07-25 19:17:48 -07:00
Tom M. 242edd14ff
Fix etcd certificate to acces address as SAN (#11388) 2024-07-25 18:49:23 -07:00
Bas 8f5f75211f
Improving yamllint configuration (#11389) 
Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>
 2024-07-25 18:42:20 -07:00
ChengHao Yang 56e26d6061
Bump: CRI-O from v1.30.2 to v1.30.3 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-07-21 21:54:41 +08:00
ChengHao Yang 513e18cb90
Bump: Kubernetes from v1.30.2 to v1.30.3 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-07-21 21:54:16 +08:00
ChengHao Yang 5f35b66256
Bump: OpenStack Cloud Controller Manager to 1.30.0 (#11358) 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-07-16 02:22:54 -07:00
ChengHao Yang bab0398c1e
Bump Cinder CSI Plugin to v1.30.0 (#11374) 
* Chore: bump cinder-csi-plugin from v1.29.0 to v1.30.0

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

* Docs: update README.md cinder-csi-plugin version

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-07-13 02:01:08 -07:00
ChengHao Yang 464cc716d7
Feat: Update CentOS 7 EOL package to vault.centos.org (#11360) 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-07-08 04:36:52 -07:00
ERIK 1ebd860c13
[kubernetes] Add hashes for kubernetes 1.29.6 (#11351) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-07-05 00:18:25 -07:00
Takuya Murakami a0d03d9fa6
[kubernetes] Support kubernetes 1.30.2 (#11343) 2024-07-03 00:06:20 -07:00
Erwan Miran 0bcedd4603
Make local_volume_provisioner log level configurable (#11336) 2024-07-02 07:14:06 -07:00
Erwan Miran 413572eced
Make calico-kube-controllers log level configurable (#11335) 2024-07-02 07:13:59 -07:00
ChengHao Yang 348335ece5
[cert-manager] upgrade to v1.14.7 (#11341) 
* Feat: upgrade cert-manager crd to 1.14.7

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

* Feat: upgrade cert-manager download version to 1.14.7

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-07-02 00:19:58 -07:00
Takuya Murakami ee3fef1051
[kubernetes] Add hashes for kubernetes 1.30 (#11109) (#11261) 
Add hashes to crictl, crio, kubelet, kubectl and kubeadm
 2024-07-02 00:15:59 -07:00
Keita Mochizuki ff18f65a17
add ingress controller svc nodeport param (#11310) 2024-06-30 21:58:05 -07:00
ChengHao Yang cce585066e
Bump CNI weave 2.8.1 to 2.8.7 (community version) (#11228) 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-06-26 02:40:27 -07:00
Alexander 619938da95
add the ability to configure extra args to the different cinder-csi-p… (#11169) 
* add the ability to configure extra args to the different cinder-csi-plugin containers

* endfor block added to be syntactically correct jinja
 2024-06-26 02:40:20 -07:00
Keita Mochizuki 88b502f29d
add ingress controller admission svc (#11309) 2024-06-26 02:30:41 -07:00
Serge Hartmann db316a566d
dependencies for kubelet.service (#11297) 
Signed-off-by: serge Hartmann <serge.hartmann@gmail.com>
 2024-06-26 02:30:34 -07:00
Lihai Tu 817c61695d
Support disable unattended-upgrades for Linux kernel and all packages start with linux- on Ubuntu (#11296) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-06-26 02:30:27 -07:00
Lihai Tu 0c84175e3b
Bump docker_containerd to 1.6.32 (#11293) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-06-26 02:30:21 -07:00
Elias-elastisys cae266a045
Upgrade upcloud csi driver to v1.1.0 and add snapshot features (#11303) 2024-06-26 02:26:21 -07:00
Daniil Muidinov c352773737
fix task Set label to node (#11307) 2024-06-25 06:35:40 -07:00
ERIK 27cb22cee4
update docker cli version for ubuntu (#11291) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-06-24 05:20:56 -07:00
peterw edce2b528d
add cilium_hubble_event_buffer_capacity & cilium_hubble_event_queue_size vars (#10943) 2024-06-23 20:14:56 -07:00
Lihai Tu 921b0c0bed
Add options to control images pulling of kubelet (#11094) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-06-21 07:54:54 -07:00
tico88612 24dc4cef56
Feat: upgrade cert-manager from 1.13.2 to 1.13.6 (#11279) 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-06-18 00:45:31 -07:00
Ehsan Golpayegani 0c8d29462d
make sure peers is defined. (#11259) 
* make sure peers is defined.

* Update peer_with_router.yml
 2024-06-04 10:02:23 -07:00
spnngl 4b82e90dcb
fix(bootstrap-os): do not install pkgs requirements on flatcar (#11224) 
Fix regression added in 663fcd104c for
flatcar nodes.

See: 663fcd104c
 2024-05-30 06:34:25 -07:00
Hedayat Vatankhah (هدایت) dedc00661a
Add 'system-packages' tag to control installing packages from OS repositories (#10872) 2024-05-30 04:25:21 -07:00
Max Gautier 3082fa3d0f
Allow empty kube_node group (#11248) 
While uncommon, provisioning only a control plane is a valid use case,
so don't block it.
 2024-05-30 03:01:38 -07:00
Max Gautier d50f61eae5
pre-commit: apply autofixes hooks and fix the rest manually 
- markdownlint (manual fix)
- end-of-file-fixer
- requirements-txt-fixer
- trailing-whitespace
 2024-05-28 13:26:44 +02:00
Mohamed Omar Zaian 4b9349a052
Update 'KUBESPRAY_VERSION and kube_version_min_required', cleanup old hashes for v2.25.0 (#11221) 2024-05-21 06:08:44 -07:00
Jorge Isnardo Altamirano 40cbdceb3c
Merge branch 'kubernetes-sigs:master' into master 2024-05-20 08:32:00 +02:00
tico88612 f85111f6d4
CI: add ubuntu 24.04 support (#11132) 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-05-18 00:35:20 -07:00