Tristan
5fbbcedebc
9693: Fix comma-separated-list splitting of kubelet_enforce_node_allocatable ( #9694 )
...
See https://github.com/kubernetes-sigs/kubespray/issues/9693
2023-01-23 16:20:17 -08:00
Mohamed Zaian
391dd97f95
[kubernetes] support 1.26.x ( #9570 )
2023-01-23 00:10:11 -08:00
mKlaris
050fde6327
Add enableServicesElection env variable. ( #9595 )
2023-01-02 18:35:33 -08:00
Shelming.Song
1c4db6132d
optimize cgroups settings for node reserved ( #9209 )
...
* optimize cgroups settings for node reserved
* fix
* set cgroup slice for multi container engine
* set cgroup slice for crio
* add reserved cgroups variables to sample files
* Compatible with cgroup path for different container managers
* add cgroups doc
* fix markdown
2022-12-30 08:05:30 -08:00
蒋航
990f87acc8
Update kube-vip to v0.5.5 ( #9437 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2022-10-26 19:28:32 -07:00
Wouter Goedhart
1901b512d2
Make the port of kube-vip dynamic based on the kube_apiserver_port ( #9414 )
...
variable
Fix wrong referenced variable on bgp_peers
Fix bgp_peeras field to be a string
Set default value for bgp_peeras
2022-10-23 18:00:24 -07:00
Cristian Calin
1530411218
use cri-o from upstream instead of kubic/OBS ( #9374 )
...
* [cri-o] use cri-o from upstream instead of kubic/OBS
* [cri-o] add proper molecule coverage
* [skopeo] download skopeo from upstream build
* [cri-o] clean up legacy deployments
* disable cri-o per-distribution variables
2022-10-19 05:47:05 -07:00
William Turner
ad3f503c0c
Fix default value for kubelet_secure_addresses ( #9355 )
2022-10-06 00:35:51 -07:00
Alessio Greggi
acb6f243fd
feat: add kubelet systemd service hardening option ( #9194 )
...
* feat: add kubelet systemd service hardening option
* refactor: move variable name to kubelet_secure_addresses
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
* docs: add diagram about kubelet_secure_addresses variable
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2022-08-30 11:18:55 -07:00
Kay Yan
b46ddf35fc
kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod ( #9223 )
...
* fix-kube-vip-strict-arp
* fix-kube-vip-strict-arp
2022-08-30 00:21:02 -07:00
Shelming.Song
c8a61ec98c
optimize the format of evictionHard in kubelet-config.yaml template ( #9204 )
2022-08-23 01:55:24 -07:00
Samuel Liu
e73803c72c
pid reserved must be str ( #9124 )
2022-07-30 20:14:27 -07:00
Alessio Greggi
3ce5458f32
hardening: Add `SeccompDefault` admission plugin for kubelet ( #9074 )
...
* docs(hardening): add SeccompDefault admission plugin to kubelet feature gates
* fix(kubelet-config): enable config through kubelet_feature_gates
* feat(kubelet): add kubelet_seccomp_default variable
2022-07-19 00:50:07 -07:00
h9-HSFRQDH
3bb9542606
Adding support for node & pod pid limit ( #9038 )
2022-07-05 00:20:48 -07:00
Calin Cristian Andrei
24c8ba832a
[kubernetes] drop support for configuring insecure apiserver
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
2cd8c51a07
[kubeadm] use v1beta3 configuration version
...
* extra admission controls now don't have a version in their file names
eventratelimit.v1beta2.yaml.j2 -> eventratelimit.yaml.j2
* cri_socket variable includes the unix:// prefix to be conformat with
upstream
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
589823bdc1
[CI] remove docker stand-alone molecule test
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
fad296616c
[docker] use cri-dockerd instead of dockershim for any kubernetes version deployed with docker as the container_manager
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
ae1dcb031f
[kubernetes] drop pre 1.22.0 workarounds
2022-06-15 00:57:20 -07:00
Ho Kim
7d3e59cf2e
Remove unneeded socat installation for Flatcar ( #8970 )
2022-06-14 02:23:34 -07:00
Ho Kim
77f436fa39
Fix: set fallback value of kubelet ip6 ( #8858 ) ( #8926 )
...
* Fix: set fallback value of kubelet ip6 (#8858 )
* Prune the spurious comma in the end of kubelet_address
- Update `roles/kubernetes/node/defaults/main.yml`
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
* Fix: set fallback value of kubelet ip6 (#8858 )
- Apply the lint: 132606368e
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2022-06-06 10:08:21 -07:00
Thearas
01ca7293f5
support reserve ephemeral-storage ( #8895 )
2022-06-06 07:34:26 -07:00
Max Gautier
5512465b34
Revert "Set exact user for Kubelet services" ( #8872 )
...
This reverts commit e375678674
.
The workaround of explicitly specifying root for the kubelet unit was
for pulling images from private registry. Kubernetes now have a
dedicated mechanism with imagePullSecret.
2022-06-01 00:19:02 -07:00
Kenichi Omichi
73fc70dbe8
Delete kube_version v1.20- related code ( #8869 )
...
Current Kubespray supports the Kubernetes version 1.21 or upper with
`kube_version_min_required: v1.21.0`
Then kube_version v1.20- related code is not used at all.
This deletes those code for cleanup.
2022-05-25 21:31:22 -07:00
Kay Yan
3d8f3bc0b7
Fix the invalid kube vip manifest ( #8831 )
...
* add Feature synchronized time checking
* fix-invalid-kube-vip-manifest
2022-05-17 23:48:55 -07:00
Alessio Greggi
37a5271f5a
feat: add variables to manage makeIPTablesUtilChains and streamingConnectionIdleTimeout kubelet parameters ( #8796 )
2022-05-09 09:25:19 -07:00
Andy
323a111362
[kubelet] set correct resolv.conf for Ubuntu 22.04 ( #8795 )
2022-05-06 16:31:04 -07:00
Mathieu Parent
996ef98b87
Add support for kube-vip ( #8669 )
...
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
2022-04-07 10:37:57 -07:00
Cristian Calin
394857b5ce
[docker] add support for cri-dockerd as a replacement for dockershim ( #8623 )
2022-03-16 16:28:11 -07:00
kakkotetsu
58b2f39ce5
add IPv6 listen directive to nginx if enable_dual_stack_networks ( #8596 )
2022-03-07 05:39:00 -08:00
Tom Janson
ddef7e1139
missing "check_mode: no"s for several read-only tasks ( #8584 )
...
this is not complete -- there are almost certainly more instances of
this issue
2022-03-02 09:29:14 -08:00
kakkotetsu
98d5d0cdd5
add support for Dual Stack node InternalIP ( #8542 )
2022-02-15 00:28:02 -08:00
Ilya Margolin
aed187e56c
Fix kubelet_kubelet_cgroups_cgroupfs ( #8500 )
...
If kubelet is run with systemd (as it always is when using kubespray),
it starts in systemd's /system.slice/kubelet.service cgroup.
This commit prevents a creation and usage of a second unrelated cgroup.
2022-02-02 00:50:22 -08:00
cyril-corbon
575e0ca457
feat: add eviction hard to kubelet config ( #8421 )
...
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-24 00:13:57 -08:00
Samuel Liu
a98ca6fcf3
Update loadbalancers versions ( #8272 )
...
* Update loadbalancers versions
* fix haproxy_config_dir mode
2021-12-06 09:40:32 -08:00
Hanna Bledai
615216f397
Fix if bind-address is not set to 0.0.0.0 ( #8262 )
...
* if bind-address is not set to 0.0.0.0
* Update docs and left comments
* fix yamllist check: remove space
2021-12-05 23:58:32 -08:00
Florian Ruynat
e19ce27352
Remove ovn4nfv support ( #8265 )
2021-12-03 11:56:35 -08:00
Cristian Calin
ee882fa462
Add capability to use swap, requires Kube 1.22 ( #8241 )
...
* Alpha-NodeSwap: allow nodes to use swap
* CI: Add Fedora 35 with experimental swap job
2021-11-30 00:52:56 -08:00
Florian Ruynat
a5f88e14d0
Cleanup tests ( #8234 )
...
* Add Fedora 35 image, support and CI
* Cleanup tests and allow_failure for vagrant
2021-11-26 09:00:51 -08:00
Lubos Mercl
424163c7d3
add gce support ( #8179 )
...
Author: lmercl <lubos.mercl@gmail.com>
Date: Wed Nov 10 15:30:04 2021 +0000
fix markdown
2021-11-16 08:58:28 -08:00
Pasquale Toscano
6e5b9e0ebf
Fix Kubelet and Containerd when using cgroupfs as cgroup driver ( #8123 )
2021-11-05 07:59:54 -07:00
Ilya Margolin
41e0ca3f85
Move kube_feature_gates to kubelet config ( #8048 )
...
to remove deprecation warning:
> Flag --feature-gates has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag.
2021-10-05 06:07:10 -07:00
Iago Santos
43958614e3
Fix kubespray flatcar ansible_os_family and ansible_distribution ( #8029 )
...
Closes https://github.com/kubernetes-sigs/kubespray/issues/8028
Signed-off-by: Iago Santos <iago.santos.pardo@adfinis.com>
2021-10-01 09:11:23 -07:00
Cristian Calin
d57ddf0be8
Feature DynamicKubeletConfig is deprecated in 1.22 and will not move to GA ( #7938 )
...
* Feature DynamicKubeletConfig is deprecated in 1.22 and will not move to GA
* Add check for dynamic_kubelet_configuration with kube >= 1.22
2021-09-07 10:47:16 -07:00
Cristian Calin
1afdb05ea9
Fedora and RHEL use etc_t and the convention is <type_name>_t ( #7891 )
...
* Fedora and RHEL use etc_t and the convention is <type_name>_t
* Docs: specify all values for preinstall_selinux_state
* CI: Add Fedora 34 with SELinux in enforcing mode
2021-08-27 14:20:53 -07:00
cola-zero
f21a707e99
Add containerd on Flatcar Container Linux ( #7681 )
2021-07-21 06:28:07 -07:00
spaced
bf54dc082b
set selinux type t_etc if selinux state is enforcing ( #7791 )
2021-07-13 06:34:29 -07:00
Cristian Calin
7516fe142f
Move to Ansible 3.4.0 ( #7672 )
...
* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10
* Docs: add a note about ansible upgrade post 2.9.x
* CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures
* Ansible: use newer ansible-lint
* Fix ansible-lint 5.0.11 found issues
* syntax issues
* risky-file-permissions
* var-naming
* role-name
* molecule tests
* Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+
* Pin ansible-base to 2.10.11 to get package fix on RHEL8
2021-07-12 00:00:47 -07:00
Cristian Calin
a3e34f589a
Enable Graceful Node Shutdown for Kubernetes >= 1.21.0 ( #7746 )
...
* Enable Graceful Node Shutdown for Kubernetes >= 1.21.0
* Add sample graceful shutdown parameters
2021-06-27 23:53:25 -07:00
Florian Ruynat
7896bc7831
Add Fedora 33 image and CI, remove Fedora 31 (EOL) + update docker packages ( #7657 )
...
* Update docker package to 20.10.6
* Add Fedora 33 image and CI, remove Fedora 31 (EOL)
2021-05-28 08:04:25 -07:00