Commit Graph

1740 Commits (31f6d38cd2e5a12eb4fcf833dbae33e24e275f34)

Author SHA1 Message Date
NierYYDS af8210dfea
fix: add kubelet tag in task of fetch facts to avoid kubelet config inconsistencies (#10423)
when people run playbook with option `--tags=kubelet`, the kubelet config may changed, because some variables used in task populating `kubelet-config.yml`  could be different with running task(`Fetch facts`)
2023-09-11 05:12:11 -07:00
Kay Yan c33e4d7bb7
fix-resolv.conf-nameserver-inline-comments (#10415) 2023-09-07 05:34:59 -07:00
蔣 航 ebd71f6ad7
Fix Typo kubelet_topology_manager_policy (#10384)
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2023-09-03 23:39:48 -07:00
Samuel Liu e1881fae02
Install etcdutl file by default (#10385) 2023-08-23 07:04:22 -07:00
tenni bf29ea55cf
fix: flatcar bootstrap (#10363) 2023-08-18 08:14:29 -07:00
Louis Tu cafe4f1352
Add kubelet topology manager policy on the node (#10370)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-08-18 01:26:28 -07:00
R. P. Taylor cf3b3ca6fd
clean up /etc/hosts file if populate_inventory_to_hosts_file is false (#10144)
* de-populate hosts file if populate_inventory_to_hosts_file is false

keep newline

* fix when condition
2023-08-15 20:22:28 -07:00
Arthur Outhenin-Chalandre d21bfb84ad
project: resolve ansible-lint key-order rule (#10314)
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-08-10 00:57:27 -07:00
Francisco Orselli 7295d13d60
[EOS-11830] Use ETCD port 2381 for metrics (#10332) 2023-08-08 11:06:16 -07:00
Arthur Outhenin-Chalandre 9613ed8782
Use supported version of fedora in CI (#10108)
* tests: replace fedora35 with fedora37

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* tests: replace fedora36 with fedora38

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* docs: update fedora version in docs

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* molecule: upgrade fedora version

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* tests: upgrade fedora images for vagrant and kubevirt

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* vagrant: workaround to fix private network ip address in fedora

Fedora stop supporting syconfig network script so we added a workaround
here
https://github.com/hashicorp/vagrant/issues/12762#issuecomment-1535957837
to fix it.

* netowrkmanager: do not configure dns if using systemd-resolved

We should not configure dns if we point to systemd-resolved.
Systemd-resolved is using NetworkManager to infer the upstream DNS
server so if we set NetworkManager to 127.0.0.53 it will prevent
systemd-resolved to get the correct network DNS server.

Thus if we are in this case we just don't set this setting.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* image-builder: update centos7 image

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* gitlab-ci: mark fedora packet jobs as allow failure

Fedora networking is still broken on Packet, let's mark it as allow
failure for now.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-08-08 00:50:12 -07:00
Arthur Outhenin-Chalandre 36e5d742dc
Resolve ansible-lint name errors (#10253)
* project: fix ansible-lint name

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: ignore jinja template error in names

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: capitalize ansible name

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: update notify after name capitalization

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-07-26 07:36:22 -07:00
Kay Yan b9e3861385
add-cpuManagerPolicy (#10309) 2023-07-25 13:12:20 -07:00
satandyh 050bd0527f
enchance security with CIS Kubernetes V1.23 (#10304)
Benchmark item number 4.1.9
2023-07-23 19:24:11 -07:00
Arthur Outhenin-Chalandre 5d00b851ce
project: fix var-spacing ansible rule (#10266)
* project: fix var-spacing ansible rule

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing on the beginning/end of jinja template

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing of default filter

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing between filter arguments

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix double space at beginning/end of jinja

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix remaining jinja[spacing] ansible-lint warning

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-07-04 20:36:54 -07:00
Arthur Outhenin-Chalandre f8f197e26b
Fix outdated tag and experimental ansible-lint rules (#10254)
* project: fix outdated tag and experimental

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: remove no longer useful noqa 301

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: replace unnamed-task by name[missing]

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix daemon-reload -> daemon_reload

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-06-30 02:51:57 -07:00
Arthur Outhenin-Chalandre 25cb90bc2d
Upgrade ansible (#10190)
* project: update all dependencies including ansible

Upgrade to ansible 7.x and ansible-core 2.14.x. There seems to be issue
with ansible 8/ansible-core 2.15 so we remain on those versions for now.
It's quite a big bump already anyway.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* tests: install aws galaxy collection

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* ansible-lint: disable various rules after ansible upgrade

Temporarily disable a bunch of linting action following ansible upgrade.
Those should be taken care of separately.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: resolve deprecated-module ansible-lint error

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: resolve no-free-form ansible-lint error

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: resolve schema[meta] ansible-lint error

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: resolve schema[playbook] ansible-lint error

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: resolve schema[tasks] ansible-lint error

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: resolve risky-file-permissions ansible-lint error

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: resolve risky-shell-pipe ansible-lint error

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: remove deprecated warn args

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: use fqcn for non builtin tasks

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: resolve syntax-check[missing-file] for contrib playbook

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: use arithmetic inside jinja to fix ansible 6 upgrade

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-06-26 03:15:45 -07:00
Tiago Epifânio eb31653d66
Disable fapolicyd service (#10081) 2023-06-23 20:49:06 -07:00
peterw 4a8fd94a5f
add growpart azure enabled (#10241) 2023-06-21 06:23:40 -07:00
Louis Tu c5dac1cdf6
Add Debian 12(bookworm) support and CI (#10221)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-06-19 02:20:21 -07:00
Ugur Can Ozturk a962fa2357
[podSecurityConfiguration]: fix apiVersion and change default policy versions (#10210)
Signed-off-by: Ugur <ugurozturk918@gmail.com>
2023-06-12 17:55:57 -07:00
ERIK ce13699dfa
Use a uniform way to get the local path of the binaries (#10211)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-06-12 00:39:48 -07:00
Pat Riehecky f5ee8b71ff
Permit custom names for API server lb/proxy containers. (#10166)
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
2023-06-08 02:54:13 -07:00
Samuel Liu d7b79395c7
Add labels to kube-vip static pods (#10139) 2023-06-01 16:45:46 -07:00
Pat Riehecky d325fd6af7
Don't create calico CNI dir when not using calico (#10156)
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
2023-05-31 08:35:48 -07:00
Pat Riehecky 7421b6e180
Running ping doesn't change state (#10160)
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
2023-05-31 01:29:46 -07:00
Victor Login 0ba2e655f4
Fix problem migration to k8s 1.27 (#10136)
* Fix `The task includes an option with an undefined variable` for 1.27

* delete old flag --container-runtime

Signed-off-by: Victor Login <batazor@evrone.com>

---------

Signed-off-by: Victor Login <batazor@evrone.com>
2023-05-28 17:09:42 -07:00
Andrei Costescu 96e875cd50
Add systemd_resolved_disable_stub_listener (#9875) 2023-05-25 10:04:51 -07:00
Kenichi Omichi 7afbdb3e1e
Drop canal network_plugin (#10100)
According to the canal github[1] the repo is not maintained over 5 years.
In addition, the README says
```
  Originally, we thought we might more deeply integrate the two projects
  (possibly even going as far as a rebranding!). However, over time it
  became clear that that wasn't really necessary to fulfil our goal of
  making them work well together. Ultimately, we decided to focus on
  adding features to both projects rather than doing work just to
  combine them.
```
So it is difficult to support canal by Kubespray at this situation.

[1]: https://github.com/projectcalico/canal
2023-05-18 03:40:33 -07:00
Mikhail Gorozhin 3a3addb91e
Ignore errors in check mode performing "Disable swapOnZram for Fedora" (#10077) 2023-05-16 16:38:33 -07:00
Manuelraa 2b75552d1c
Replace swap vars with single `kubelet_fail_swap_on` (#10036) 2023-05-11 10:53:04 -07:00
蒋航 4ddbd2bd2d
Add Retry for restart kube-controller-manager (#10013)
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2023-04-25 13:04:16 -07:00
蒋航 a59e27cb6b
Update kube-vip to v0.5.12 (#10005)
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2023-04-22 19:01:12 -07:00
Samuel Liu b3ed25ee35
use string for ipv6 forward conf (#9992) 2023-04-19 03:21:12 -07:00
Kay Yan c98e1d1b5b
add-kube-profile-to-scheduler (#9993) 2023-04-17 18:54:58 -07:00
Samuel Liu 0104396c50
use var: kube_apiserver_address (#9967) 2023-04-10 15:01:17 -07:00
Samuel Liu ece174da7c
fix resatrt k8s components (#9962) 2023-04-09 19:51:15 -07:00
ERIK 0c4f57a093
Support extended settings for the Debian os family (#9943)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-03-30 18:53:49 -07:00
Kay Yan e8f0fb82fe
fix-kube-bench-1.2.20 (#9939) 2023-03-29 09:35:49 -07:00
Kay Yan 19856cf692
fix-kube-bench-1.1.19 (#9937) 2023-03-28 21:01:24 -07:00
Kay Yan deb532ce27
fix-kube-bench-4.1.1 (#9934) 2023-03-27 21:48:22 -07:00
R. P. Taylor a676c106d3
change bash for loop for SAN check (#9060)
fix merge conflict
2023-03-27 06:36:30 -07:00
HirazawaUi baed5f0b32
Remove deprecated udpIdleTimeout field in KubeProxyConfiguration (#9925) 2023-03-27 02:05:55 -07:00
Kay Yan cc382f2412
haproxy-proxy-ipv6 (#9674) 2023-03-22 05:58:36 -07:00
ERIK fb8631cdf6
fix allow unsupported distribution (#9904)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-03-21 01:35:09 -07:00
ERIK 7747ff2572
Fix uniontech os installation failure (#9862)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-03-09 22:00:39 -08:00
Marijn van der Giesen eb4bd36f73
fix(kubernetes): Also apply kubeadm patches during upgrade (#9781) 2023-03-09 13:50:30 -08:00
Jack 9c41769dab
Update nodes in etc hosts after cluster scale (#9837) 2023-03-06 16:18:18 -08:00
Arthur Outhenin-Chalandre 9e2104c7d3
node: fix default kubelet/runtime cgroups when kube_reserved is false (#9834)
* node: fix default kubelet/runtime cgroups when kube_reserved is false (default)

Commit 1c4db6132d introduced a notion of
kube_reserved. This introduced a breaking change defaulting to use
kube.slice for the container_manager and the kubelet as if kube_reserved
was always enabled whereas it is disabled by default.

This commit fixes this by bringing back system.slice whenever
kube_reserved is disabled.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* inventory/sample: change false for kube_reserved as its the default

Changing the commented value in sample inventory to the actual default
value.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-03-05 18:48:58 -08:00
panguicai c710c93c02
upgrade kubevip to v0.5.11 (#9852)
Signed-off-by: panguicai008 <1121906548@qq.com>
2023-03-05 17:54:57 -08:00
Maxime Leroy fd8260b930
fix(upgrade-cluster): retry other masters upgrade (#9768)
Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
2023-03-03 05:44:58 -08:00