Commit Graph

591 Commits (1f36df666d5c313ffd675d746a679ddb0aadfb5a)

Author SHA1 Message Date
Tristan 5fbbcedebc
9693: Fix comma-separated-list splitting of kubelet_enforce_node_allocatable (#9694)
See https://github.com/kubernetes-sigs/kubespray/issues/9693
2023-01-23 16:20:17 -08:00
Mohamed Zaian 391dd97f95
[kubernetes] support 1.26.x (#9570) 2023-01-23 00:10:11 -08:00
mKlaris 050fde6327
Add enableServicesElection env variable. (#9595) 2023-01-02 18:35:33 -08:00
Shelming.Song 1c4db6132d
optimize cgroups settings for node reserved (#9209)
* optimize cgroups settings for node reserved

* fix

* set cgroup slice for multi container engine

* set cgroup slice for crio

* add reserved cgroups variables to sample files

* Compatible with cgroup path for different container managers

* add cgroups doc

* fix markdown
2022-12-30 08:05:30 -08:00
蒋航 990f87acc8
Update kube-vip to v0.5.5 (#9437)
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2022-10-26 19:28:32 -07:00
Wouter Goedhart 1901b512d2
Make the port of kube-vip dynamic based on the kube_apiserver_port (#9414)
variable

Fix wrong referenced variable on bgp_peers

Fix bgp_peeras field to be a string

Set default value for bgp_peeras
2022-10-23 18:00:24 -07:00
Cristian Calin 1530411218
use cri-o from upstream instead of kubic/OBS (#9374)
* [cri-o] use cri-o from upstream instead of kubic/OBS

* [cri-o] add proper molecule coverage

* [skopeo] download skopeo from upstream build

* [cri-o] clean up legacy deployments

* disable cri-o per-distribution variables
2022-10-19 05:47:05 -07:00
William Turner ad3f503c0c
Fix default value for kubelet_secure_addresses (#9355) 2022-10-06 00:35:51 -07:00
Alessio Greggi acb6f243fd
feat: add kubelet systemd service hardening option (#9194)
* feat: add kubelet systemd service hardening option

* refactor: move variable name to kubelet_secure_addresses

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* docs: add diagram about kubelet_secure_addresses variable

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2022-08-30 11:18:55 -07:00
Kay Yan b46ddf35fc
kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod (#9223)
* fix-kube-vip-strict-arp

* fix-kube-vip-strict-arp
2022-08-30 00:21:02 -07:00
Shelming.Song c8a61ec98c
optimize the format of evictionHard in kubelet-config.yaml template (#9204) 2022-08-23 01:55:24 -07:00
Samuel Liu e73803c72c
pid reserved must be str (#9124) 2022-07-30 20:14:27 -07:00
Alessio Greggi 3ce5458f32
hardening: Add `SeccompDefault` admission plugin for kubelet (#9074)
* docs(hardening): add SeccompDefault admission plugin to kubelet feature gates

* fix(kubelet-config): enable config through kubelet_feature_gates

* feat(kubelet): add kubelet_seccomp_default variable
2022-07-19 00:50:07 -07:00
h9-HSFRQDH 3bb9542606
Adding support for node & pod pid limit (#9038) 2022-07-05 00:20:48 -07:00
Calin Cristian Andrei 24c8ba832a [kubernetes] drop support for configuring insecure apiserver 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei 2cd8c51a07 [kubeadm] use v1beta3 configuration version
* extra admission controls now don't have a version in their file names
  eventratelimit.v1beta2.yaml.j2 -> eventratelimit.yaml.j2
* cri_socket variable includes the unix:// prefix to be conformat with
  upstream
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei 589823bdc1 [CI] remove docker stand-alone molecule test 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei fad296616c [docker] use cri-dockerd instead of dockershim for any kubernetes version deployed with docker as the container_manager 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei ae1dcb031f [kubernetes] drop pre 1.22.0 workarounds 2022-06-15 00:57:20 -07:00
Ho Kim 7d3e59cf2e
Remove unneeded socat installation for Flatcar (#8970) 2022-06-14 02:23:34 -07:00
Ho Kim 77f436fa39
Fix: set fallback value of kubelet ip6 (#8858) (#8926)
* Fix: set fallback value of kubelet ip6 (#8858)

* Prune the spurious comma in the end of kubelet_address

- Update `roles/kubernetes/node/defaults/main.yml`

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* Fix: set fallback value of kubelet ip6 (#8858)

- Apply the lint: 132606368e

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2022-06-06 10:08:21 -07:00
Thearas 01ca7293f5
support reserve ephemeral-storage (#8895) 2022-06-06 07:34:26 -07:00
Max Gautier 5512465b34
Revert "Set exact user for Kubelet services" (#8872)
This reverts commit e375678674.

The workaround of explicitly specifying root for the kubelet unit was
for pulling images from private registry. Kubernetes now have a
dedicated mechanism with imagePullSecret.
2022-06-01 00:19:02 -07:00
Kenichi Omichi 73fc70dbe8
Delete kube_version v1.20- related code (#8869)
Current Kubespray supports the Kubernetes version 1.21 or upper with
`kube_version_min_required: v1.21.0`

Then kube_version v1.20- related code is not used at all.
This deletes those code for cleanup.
2022-05-25 21:31:22 -07:00
Kay Yan 3d8f3bc0b7
Fix the invalid kube vip manifest (#8831)
* add Feature synchronized time checking

* fix-invalid-kube-vip-manifest
2022-05-17 23:48:55 -07:00
Alessio Greggi 37a5271f5a
feat: add variables to manage makeIPTablesUtilChains and streamingConnectionIdleTimeout kubelet parameters (#8796) 2022-05-09 09:25:19 -07:00
Andy 323a111362
[kubelet] set correct resolv.conf for Ubuntu 22.04 (#8795) 2022-05-06 16:31:04 -07:00
Mathieu Parent 996ef98b87
Add support for kube-vip (#8669)
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
2022-04-07 10:37:57 -07:00
Cristian Calin 394857b5ce
[docker] add support for cri-dockerd as a replacement for dockershim (#8623) 2022-03-16 16:28:11 -07:00
kakkotetsu 58b2f39ce5
add IPv6 listen directive to nginx if enable_dual_stack_networks (#8596) 2022-03-07 05:39:00 -08:00
Tom Janson ddef7e1139
missing "check_mode: no"s for several read-only tasks (#8584)
this is not complete -- there are almost certainly more instances of
this issue
2022-03-02 09:29:14 -08:00
kakkotetsu 98d5d0cdd5
add support for Dual Stack node InternalIP (#8542) 2022-02-15 00:28:02 -08:00
Ilya Margolin aed187e56c
Fix kubelet_kubelet_cgroups_cgroupfs (#8500)
If kubelet is run with systemd (as it always is when using kubespray),
it starts in systemd's /system.slice/kubelet.service cgroup.

This commit prevents a creation and usage of a second unrelated cgroup.
2022-02-02 00:50:22 -08:00
cyril-corbon 575e0ca457
feat: add eviction hard to kubelet config (#8421)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-24 00:13:57 -08:00
Samuel Liu a98ca6fcf3
Update loadbalancers versions (#8272)
* Update loadbalancers versions

* fix haproxy_config_dir mode
2021-12-06 09:40:32 -08:00
Hanna Bledai 615216f397
Fix if bind-address is not set to 0.0.0.0 (#8262)
* if bind-address is not set to 0.0.0.0

* Update docs and left comments

* fix yamllist check: remove space
2021-12-05 23:58:32 -08:00
Florian Ruynat e19ce27352
Remove ovn4nfv support (#8265) 2021-12-03 11:56:35 -08:00
Cristian Calin ee882fa462
Add capability to use swap, requires Kube 1.22 (#8241)
* Alpha-NodeSwap: allow nodes to use swap

* CI: Add Fedora 35 with experimental swap job
2021-11-30 00:52:56 -08:00
Florian Ruynat a5f88e14d0
Cleanup tests (#8234)
* Add Fedora 35 image, support and CI

* Cleanup tests and allow_failure for vagrant
2021-11-26 09:00:51 -08:00
Lubos Mercl 424163c7d3
add gce support (#8179)
Author:    lmercl <lubos.mercl@gmail.com>
Date:      Wed Nov 10 15:30:04 2021 +0000

fix markdown
2021-11-16 08:58:28 -08:00
Pasquale Toscano 6e5b9e0ebf
Fix Kubelet and Containerd when using cgroupfs as cgroup driver (#8123) 2021-11-05 07:59:54 -07:00
Ilya Margolin 41e0ca3f85
Move kube_feature_gates to kubelet config (#8048)
to remove deprecation warning:

> Flag --feature-gates has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag.
2021-10-05 06:07:10 -07:00
Iago Santos 43958614e3
Fix kubespray flatcar ansible_os_family and ansible_distribution (#8029)
Closes https://github.com/kubernetes-sigs/kubespray/issues/8028

Signed-off-by: Iago Santos <iago.santos.pardo@adfinis.com>
2021-10-01 09:11:23 -07:00
Cristian Calin d57ddf0be8
Feature DynamicKubeletConfig is deprecated in 1.22 and will not move to GA (#7938)
* Feature DynamicKubeletConfig is deprecated in 1.22 and will not move to GA

* Add check for dynamic_kubelet_configuration with kube >= 1.22
2021-09-07 10:47:16 -07:00
Cristian Calin 1afdb05ea9
Fedora and RHEL use etc_t and the convention is <type_name>_t (#7891)
* Fedora and RHEL use etc_t and the convention is <type_name>_t

* Docs: specify all values for preinstall_selinux_state

* CI: Add Fedora 34 with SELinux in enforcing mode
2021-08-27 14:20:53 -07:00
cola-zero f21a707e99
Add containerd on Flatcar Container Linux (#7681) 2021-07-21 06:28:07 -07:00
spaced bf54dc082b
set selinux type t_etc if selinux state is enforcing (#7791) 2021-07-13 06:34:29 -07:00
Cristian Calin 7516fe142f
Move to Ansible 3.4.0 (#7672)
* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10

* Docs: add a note about ansible upgrade post 2.9.x

* CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures

* Ansible: use newer ansible-lint

* Fix ansible-lint 5.0.11 found issues

* syntax issues
* risky-file-permissions
* var-naming
* role-name
* molecule tests

* Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+

* Pin ansible-base to 2.10.11 to get package fix on RHEL8
2021-07-12 00:00:47 -07:00
Cristian Calin a3e34f589a
Enable Graceful Node Shutdown for Kubernetes >= 1.21.0 (#7746)
* Enable Graceful Node Shutdown for Kubernetes >= 1.21.0

* Add sample graceful shutdown parameters
2021-06-27 23:53:25 -07:00
Florian Ruynat 7896bc7831
Add Fedora 33 image and CI, remove Fedora 31 (EOL) + update docker packages (#7657)
* Update docker package to 20.10.6

* Add Fedora 33 image and CI, remove Fedora 31 (EOL)
2021-05-28 08:04:25 -07:00