kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,247 Commits
29 Branches
80 Tags
164 MiB
Commit Graph

4868 Commits (38ce02c6106b1fcd7a043c0bb0358881a1883c83)

Author SHA1 Message Date
蒋航 83c3ce7f8f
Add Retry for Checking calico exists (#9883) 
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
 2023-03-20 21:51:06 -07:00
Kay Yan 309aaee427
fix-cilium-error (#9902) 2023-03-20 02:41:17 -07:00
Mohamed Omar Zaian 349c8901f8
[containerd] add hashes for 1.7.0 (#9892) 2023-03-14 21:48:14 -07:00
Samuel Liu df9aba6298 fix typo word 2023-03-14 15:49:22 +01:00
biqiang Wu 2ae3ea9ee3
Modified the default value of cilium IPAM and added the support for related parameters (#9443) 
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
 2023-03-13 17:45:10 -07:00
蒋航 99115ad04b
Fix Get current calico version (#9873) 
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
 2023-03-10 05:48:40 -08:00
ERIK 7747ff2572
Fix uniontech os installation failure (#9862) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2023-03-09 22:00:39 -08:00
Marijn van der Giesen eb4bd36f73
fix(kubernetes): Also apply kubeadm patches during upgrade (#9781) 2023-03-09 13:50:30 -08:00
panguicai 2d20f0c024
fix cri-o arm64 v1.26.0 wrong archive checksum (#9872) 
Signed-off-by: panguicai008 <guicai.pan@daocloud.io>
 2023-03-09 13:32:31 -08:00
Cyclinder b0793df293
bump calico to v3.25.0 (#9860) 
Signed-off-by: cyclinder qifeng.guo@daocloud.io

Signed-off-by: cyclinder qifeng.guo@daocloud.io
 2023-03-09 00:02:02 -08:00
Jack 1ca50f3eea
Update check calico version command (#9861) 2023-03-08 00:31:12 -08:00
Arthur Outhenin-Chalandre 82f68ca395
calico: cilium: use localhost lb by default on kube-proxy replacement (#9718) 
This commit removes the variable `use_localhost_as_kubeapi_loadbalancer`
and rather detects that we are in a situation where we can use the
localhost apiserver loadbalancer (meaning that we use the localhost load
balancer and that the same ports are used for both the load balancer and
the kube-apiserver).

This also cleanups the calico code to use `kube_apiserver_global_endpoint`
rather than implementing the same logic all over again.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
 2023-03-07 04:28:36 -08:00
panguicai 3a675393dc
upgrade rancher local-path-provisioner to v0.0.23 (#9855) 
Signed-off-by: panguicai008 <1121906548@qq.com>
 2023-03-06 16:54:17 -08:00
Jack 9c41769dab
Update nodes in etc hosts after cluster scale (#9837) 2023-03-06 16:18:18 -08:00
Mohamed Zaian dba29db58d
[helm] upgrade to 3.11.1 (#9849) 2023-03-06 15:56:17 -08:00
Arthur Outhenin-Chalandre 9e2104c7d3
node: fix default kubelet/runtime cgroups when kube_reserved is false (#9834) 
* node: fix default kubelet/runtime cgroups when kube_reserved is false (default)

Commit 1c4db6132d introduced a notion of
kube_reserved. This introduced a breaking change defaulting to use
kube.slice for the container_manager and the kubelet as if kube_reserved
was always enabled whereas it is disabled by default.

This commit fixes this by bringing back system.slice whenever
kube_reserved is disabled.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* inventory/sample: change false for kube_reserved as its the default

Changing the commented value in sample inventory to the actual default
value.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
 2023-03-05 18:48:58 -08:00
DRAGON2002 1d9502e01d
update args (#9856) 
Signed-off-by: Anant Vijay <anantvijay3@gmail.com>
 2023-03-05 18:38:57 -08:00
panguicai c710c93c02
upgrade kubevip to v0.5.11 (#9852) 
Signed-off-by: panguicai008 <1121906548@qq.com>
 2023-03-05 17:54:57 -08:00
DRAGON2002 13c793fd0d
add flag (#9827) 
Signed-off-by: Anant Vijay <anantvijay3@gmail.com>
 2023-03-05 17:50:57 -08:00
panguicai 1555d78155
upgrade argocd to v2.6.3 (#9848) 
Signed-off-by: panguicai008 <1121906548@qq.com>
 2023-03-03 06:44:58 -08:00
Maxime Leroy fd8260b930
fix(upgrade-cluster): retry other masters upgrade (#9768) 
Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
 2023-03-03 05:44:58 -08:00
Arthur Outhenin-Chalandre 6769bb32b1
Network plugin custom (#9819) 
* network_plugin/custom_cni: add CNI to apply provided manifests

Add a new simple custom_cni to install provided Kubernetes manifests.
This could be useful to use manifests directly provided by a CNI when
there are not support by Kubespray (i.e.: helm chart or any other manifests
generation method).

Co-authored-by: James Landrein <james.landrein@proton.ch>
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* network_plugin/custom_cni: add test with cilium

Co-authored-by: James Landrein <james.landrein@proton.ch>
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
Co-authored-by: James Landrein <james.landrein@proton.ch>
 2023-03-03 00:23:08 -08:00
Victor Morales 677b7ecd89
Drop crun_bin_dir unused var (#9845) 
crun_bin_dir was used to specify the destination of the crun binary during the
download process. This path must match with the value provided in the CRI-O
configuration file. So changing its value to bin_dir helps to mismatch errors.

Signed-off-by: Victor Morales <chipahuac@hotmail.com>
 2023-03-02 18:30:57 -08:00
Jiffs Maverick 501deecdd0
Downgrade version of coredns to 1.8.6 for compatibility with 1.23-1.24 (#9846) 2023-03-02 17:56:57 -08:00
Mohamed Zaian 8b3f3c04cc
[kubernetes] Add hashes for 1.26.2, 1.25.7, 1.24.11 (#9829) 2023-03-01 15:31:17 -08:00
Mohamed Zaian ecd649846a
[containerd] add hashes for 1.6.19 (#9838) 2023-02-28 15:35:18 -08:00
Mykola Ulianytskyi (Nikolay Ulyanitsky) 27c2d7e9e2
Replace semicolons by commas in options (#9840) 2023-02-28 07:33:16 -08:00
Eugene Artemenko 5cbcec8968
Add resources section to all containers releated to Vsphere CSI driver (#9687) 2023-02-27 02:36:20 -08:00
Jack 62f34c6085
add image garbage collection (#9832) 2023-02-27 00:26:19 -08:00
Mohamed Zaian 260dad8f10
[ingress-nginx] upgrade to 1.6.4 (#9818) 2023-02-23 01:35:34 -08:00
Mohamed Zaian c950bfface
[containerd] add hashes for 1.5.17, 1.5.18, 1.6.17, 1.6.8 (#9814) 2023-02-22 19:13:06 -08:00
JaneLiuL 4aacec4542
fix calico rbac issue (#9806) 2023-02-20 01:43:40 -08:00
Karl Fischer 6278b12af6 fixed clinet to client 2023-02-20 10:09:03 +01:00
Maxime Leroy 64e4de371e
fix(kubelet): no cloud config for external cloud provider (#9793) 2023-02-20 01:07:40 -08:00
Marijn van der Giesen ad4958249f
fix(crio): First runc then crictl (#9780) 2023-02-19 22:27:38 -08:00
Mathieu Parent 3fd7d91452
Update nodelocaldns to 1.22.18 (#9800) 
Cf. ceb37c3a5c
 2023-02-19 22:23:38 -08:00
pli 4ba1df5237
Fix kubernetes-app/argocd: download related things with the download role (#9786) 
* Fix yq install in argocd role: use download_file instead of get_url

* Fix use download_file instead of get_url to download argocd-install manifest in argocd role

* Fix order and add arm64 checksum

* Fix: Failed to template loop_control.label: 'None'
 2023-02-19 16:11:37 -08:00
rongfu.leng 145c80e9ab
Fix containerd config_path error when containerd_registries is configed (#9770) 
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
 2023-02-16 20:57:39 -08:00
王煎饼 ab0e06eae6
Fix CentOS Extras repo url for Oracle Linux 7 aarch64 (#9791) 2023-02-15 17:43:38 -08:00
ERIK 6ff845a199
Enable control plane load balancing for kube-vip (#9785) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2023-02-12 19:25:28 -08:00
Samuel BECK 2838a7c304
add proxy_env variable to apt_key cleanup task (#9766) 2023-02-09 06:38:22 -08:00
Ho Kim 2788a02096
Fix a bug in removing kubelet data dir (#9764) 2023-02-08 19:04:36 -08:00
Denis Kasanic d81978625c
Update cri-o archive checksum (#9761) 
Signed-off-by: Kasanic, Denis <denisx.kasanic@intel.com>
 2023-02-06 06:25:01 -08:00
Bas 2c93c997cf
pre-commit autocorrected files (#9750) 2023-02-06 01:35:16 -08:00
Haitian Chen 10337f2fcb
skip ensuring ntp packages in coreos (#9742) 
Check OS when ensuring NTP package and tzdata package.
 2023-02-06 01:35:04 -08:00
manzsolutions-lpr 6c41191646
Add support for PodSecurityStandards (#9713) 2023-02-06 01:27:01 -08:00
Chauncey 7730cfd619
fix: add ipamconfigs resource for calico (#9755) 
Signed-off-by: chaunceyjiang <chaunceyjiang@gmail.com>
 2023-02-05 15:50:30 -08:00
Kevin Huang 1853085ffe
feat(cinder-csi): Allow deletionPolicy to be configurable (#9736) 2023-02-02 15:46:28 -08:00
stelucz 9247137e60
Replace label `k8s-app: nodelocaldns` in DaemonSet template by `k8s-app: node-local-dns` (#9745) 2023-02-02 15:42:28 -08:00
杨刚 (成都) e8f048c71d
[argocd] update argocd to v2.5.10 (#9753) 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2023-02-02 15:38:29 -08:00
rongfu.leng 0707c8ea6f
fix: with_item to with_dict (#9729) 
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
 2023-01-31 03:18:50 -08:00
James 36c6de9abd
Fix cilium's hubble ui configuration (#9735) 
This fixes the CrashLoopBackoff error that appears because envoy
configuration has changed a lot and upstream removed the envoy proxy to
use nginx only instead. Those changes are based on upstream cilium helm.
 2023-01-31 00:28:48 -08:00
蒋航 c5debf013c
Update kubevip to v0.5.8 (#9734) 
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
 2023-01-31 00:24:55 -08:00
Kay Yan f9cc8ae10c
[kubernetes] Make kubernetes v1.26 default (#9732) 
* make-kube-1.26-default

* fix-bugs
 2023-01-31 00:24:48 -08:00
杨刚 (成都) 94dd02121b
Update containerd version : containerd1.6.16. (#9727) 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2023-01-31 00:16:48 -08:00
杨刚 (成都) b9a34b83d4
[argocd] update argocd to v2.5.9 (#9723) 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2023-01-28 19:14:33 -08:00
杨刚 8d6cfd6e53
[argocd] update argocd to v2.5.8 (#9708) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2023-01-27 00:14:25 -08:00
ERIK ee2193d4cf
Add dns configuration for cert manager (#9673) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2023-01-23 17:42:15 -08:00
Tristan 5fbbcedebc
9693: Fix comma-separated-list splitting of kubelet_enforce_node_allocatable (#9694) 
See https://github.com/kubernetes-sigs/kubespray/issues/9693
 2023-01-23 16:20:17 -08:00
Florian Ruynat 18f2abad2f
Cleanup v1.23.x missing references/conditions/hashes (#9698) 2023-01-23 16:16:16 -08:00
Mohamed Zaian 391dd97f95
[kubernetes] support 1.26.x (#9570) 2023-01-23 00:10:11 -08:00
Florian Ruynat 34d0451585
Update KUBESPRAY_VERSION and kube_version_min_required (with hashes cleanup) (#9691) 2023-01-20 14:11:54 -08:00
Arthur Outhenin-Chalandre c4346e590f
kubeadm/etcd: use config to download certificate (#9609) 
This commit uses a kubeadm join config to pull down cert for etcd in
workers nodes (which is needed in some circumstances, for instance with
calico or cilium).

The previous way didn't allow us to pass certain parameters which was
typically given in the config in other kubeadm invokations in Kubespray.
This made kubeadm produced some errors for some edge cases.

For example, in our deployment we don't have a default route and even
though it's only to download the certificates, kubeadm produce an error
`unable to select an IP from default routes` (these command are kubeadm
controlplane command, so kubeadm does some additional checks). This is
fixed by specifying `advertiseAddress` within the kubeadm config.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
 2023-01-20 00:26:16 -08:00
Florian Ruynat bd81c615c3
Add k8s 1.24.10 hashes (#9688) 2023-01-19 14:46:15 -08:00
Mohamed Zaian 3d9fd082ff
[containerd] add hashes for 1.5.x (#9678) 2023-01-19 07:36:38 -08:00
yanggang 826282fe89
Add k8s hashes for k8s version. (#9685) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2023-01-19 05:30:35 -08:00
MatthieuFin 374438a3d6
feat(calico): add possibility to enable calico floatingIPs feature (#9680) 
Add a variable `calico_felix_floatingIPs` which permit to enable calico feature `floatingIPs`
(disabled per default).

Signed-off-by: MatthieuFin <matthieu2717@gmail.com>

 #9679
 2023-01-18 15:42:34 -08:00
yanggang fd80ef1ff1
[argocd] update argocd to v2.5.7 (#9682) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2023-01-18 15:38:34 -08:00
Mohamed Zaian 235173bb5f
[flannel] update to v0.20.2 & make it default (#9675) 2023-01-18 15:26:34 -08:00
Cyclinder db94812163
bump cni-plugins to v1.2.0 (#9671) 
Signed-off-by: cyclinder qifeng.guo@daocloud.io

Signed-off-by: cyclinder qifeng.guo@daocloud.io
 2023-01-17 00:12:32 -08:00
Arthur Outhenin-Chalandre 4a6eb7eaa2
enable back kubelet_authorization_mode_webhook by default (#9662) 
In 6db6c8678c, this was disabled becaue
kubesrpay gave too much permissions that were not needed. This commit
re-enable back this option by default and also removes the extra
permissions that kubespray gave that were in fact not needed.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
 2023-01-16 23:56:32 -08:00
rongfu.leng 8a03bb1bb4
add containerd config_path (#9566) 
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>

Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
 2023-01-16 23:42:32 -08:00
Vitaly Yakovenko d919c58e21
[multus] added support for mixed type of container engine (#9224) 
* [multus] added support for mixed type of container engine

* [multus] fixed for using with cluster/upgrade-cluster/scale playbooks
 2023-01-16 23:30:33 -08:00
Mohamed Zaian 19bc610f44
Update pause image version to v3.8 (#9668) 
Signed-off-by: Mohamed Zaian <mohamedzaian@gmail.com>

Signed-off-by: Mohamed Zaian <mohamedzaian@gmail.com>
 2023-01-16 15:30:10 -08:00
Mohamed Zaian c7cffb14a7
[cert-manager] update cert-manager to v1.11.0 (#9661) 2023-01-16 02:36:51 -08:00
Jochen Friedrich 6f61f3d9cb
Support OVN Interconnect (#9599) 
Mostly taken from: https://raw.githubusercontent.com/kubeovn/kube-ovn/master/yamls/ovn-ic.yaml.j2
 2023-01-16 00:08:52 -08:00
yanggang 6b4bb2a121
[argocd] update argocd to v2.5.6 (#9654) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2023-01-15 21:16:50 -08:00
ERIK e288449c5d
Update cri-dockerd version (#9659) 
* Skip retry operation with containerd when etcd installed on host VM (#9560)

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

* Update cri-dockerd version

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Co-authored-by: Eugene Artemenko <artemenko.evgeniy@gmail.com>
 2023-01-15 21:12:51 -08:00
László Rafael ea35021c96
Add defaults for external_vsphere_user and external_vsphere_password in the vsphere csi_driver (#9664) 2023-01-14 14:24:14 -08:00
Eugene Artemenko 6f1352eb53
Skip retry operation with containerd when etcd installed on host VM (#9560) 2023-01-10 15:53:20 -08:00
yanggang 6549bb12fc
follow containerd1 1.16.15 (#9644) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2023-01-08 17:59:28 -08:00
Kay Yan 843e908fa4
update-calico-VXLAN-docs (#9639) 2023-01-06 00:00:00 -08:00
R. P. Taylor 0ff883afeb
streamline ansible_default_ipv4 gathering loop (#9281) 2023-01-05 11:59:58 -08:00
Marijn van der Giesen 0d5bcd3e20
feat(coredns): Forward extra domains to coredns kubernetes plugin (#9635) 2023-01-05 06:57:58 -08:00
tu1h a8cef962e2
Add retry to avoid 'unknown' state for calicoctl (#9633) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>

Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2023-01-05 05:09:58 -08:00
Cyclinder b50890172b
calico: add vxlan-v6.calico to the list of NM unmanaged interfaces (#9631) 
Signed-off-by: cyclinder qifeng.guo@daocloud.io

Signed-off-by: cyclinder qifeng.guo@daocloud.io
 2023-01-05 04:29:58 -08:00
Kay Yan 6674438849
fix-ci-issue (#9640) 2023-01-05 00:11:58 -08:00
Ho Kim 4bc5e8d912
Skip removing nodes if cluster is not set (#9430) 2023-01-03 05:03:32 -08:00
mKlaris 050fde6327
Add enableServicesElection env variable. (#9595) 2023-01-02 18:35:33 -08:00
Jochen Friedrich 4d3104b334
Reset role: Remove kube-ovn log directories (#9625) 2023-01-02 18:29:30 -08:00
my-git9 85fa6af313
cleanup: replace node-role.kubernetes.io/master (#9627) 
Signed-off-by: xin.li <xin.li@daocloud.io>

Signed-off-by: xin.li <xin.li@daocloud.io>
 2023-01-01 13:59:32 -08:00
Shelming.Song 1c4db6132d
optimize cgroups settings for node reserved (#9209) 
* optimize cgroups settings for node reserved

* fix

* set cgroup slice for multi container engine

* set cgroup slice for crio

* add reserved cgroups variables to sample files

* Compatible with cgroup path for different container managers

* add cgroups doc

* fix markdown
 2022-12-30 08:05:30 -08:00
Jochen Friedrich 744c81d451
Remove ovn.kubernetes.io/ovs_dp_type from nodeSelector (#9594) 
Remove extra tag requirement preventing openvswitch container to start.
 2022-12-29 01:37:29 -08:00
Kenichi Omichi 61be93b173
Drop calico v3.21 support (#9515) 
At the upstream calico development, the v3.21 branch is not updated
over 2 monthes. In addition, unnecessary error message is output at
Kubespray deployment due to different URLs for calico v3.21 or v3.22+
This drops the v3.21 support to solve the issue.
 2022-12-29 01:29:31 -08:00
ERIK 406fbdb4e7
Update the tag of the flannel image (#9528) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-12-28 00:55:27 -08:00
Jochen Friedrich 136f14dec4
Cluster support for ovn-central. (#9596) 
Without minimal cluster configuration, even on a one node control plane,
the health check of the ovn-cental container always fails as it queries the
cluster/status.
 2022-12-27 20:51:27 -08:00
Marijn van der Giesen ab80342750
[feat] Add custom options to coredns kubernets plugin (#9608) 2022-12-27 18:21:27 -08:00
Kevin Huang 2c2e608eac
fix(k8s-certs-renew): Use kube_apiserver_port instead of hard-coding (#9620) 
Signed-off-by: Kevin Huang <git@kevin.huang.to>

Signed-off-by: Kevin Huang <git@kevin.huang.to>
 2022-12-27 18:17:35 -08:00
Kay Yan 93f71df628
Remove CNI BIN dependency for cilium (#9563) 
* remove-cni-denpendeny-for-cilium

* remove-cni-denpendeny-for-cilium
 2022-12-27 01:31:28 -08:00
tu1h 791064a3d9
Allow custom timeout for kubeadm init (#9617) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>

Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2022-12-27 00:53:28 -08:00
Kenichi Omichi e90f32bdee
Fix checksum of ciliumcli v0.12.5 (#9614) 
The checksum was different and the download was failed.
This update the checksum by getting valid checksum from [1] to
fix the issue.

[1]: https://github.com/cilium/cilium-cli/releases/download/v0.12.5/cilium-linux-arm64.tar.gz.sha256sum
 2022-12-27 00:49:28 -08:00
Maxime Leroy 9fe89a0641
fix(apps): cinder: wrong rbac for csi-snapshotter-role (#9610) 2022-12-27 00:45:28 -08:00
Mohamed Zaian 14699f5e98
[helm] upgrade to 3.10.3 (#9605) 2022-12-25 16:01:26 -08:00
Mohamed Zaian 438da0c8e6
[argocd] update argocd to v2.5.5 (#9604) 2022-12-22 00:53:25 -08:00
emiran-orange 25f317233c
Remove immutable flag from /var/lib/kubelet subdirs (#9597) 
* Remove immutable flag from /var/lib/kubelet subdirs

* Find files before changing attributes
 2022-12-21 18:55:25 -08:00
C-Romeo 5e4d68b848
fix kube token dir permissions (#9590) 2022-12-21 15:45:25 -08:00
yanggang 4728739597
follow containerd1.16.13 and 1.16.14 (#9585) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-12-21 00:35:28 -08:00
Kay Yan fc0d58ff48
fix-missing-control-plane-taint (#9592) 2022-12-19 15:57:43 -08:00
janaurka 491e260d20
Feature/add flannel wireguard encryption backend as option (#9583) 
* feat(): Add wireguard backend to flannel cni

As described in the flannel docs:
https://github.com/flannel-io/flannel/blob/master/Documentation/backends.md#wireguard

This does not support optional configuration methods like:
- setting a psk (will be autogenerated by default)
- chang listening ports
- change mode (defaults to 'separate')
- change PersistentKeepaliveInterval (defaults to 0)

* Add supported backends to flannel docs

* Fix markdown in docs
 2022-12-18 15:39:43 -08:00
Xieql c4d753c931 Fix annotation typo 
Signed-off-by: Xieql <xieqianglong@huawei.com>
 2022-12-15 18:40:30 +08:00
Lukas Najman ee3b7c5da5
Use the correct api version and resourcer type. The current values work but do not match the documentation, which can be confusing. (#9575) 2022-12-15 01:21:35 -08:00
Robin Wallace ccf60fc9ca
upcloud: Delete default reclaim policy (#9574) 2022-12-14 16:15:34 -08:00
Kay Yan a38a3e7ddf
upgrade-calico-v3.24.5 (#9580) 2022-12-14 09:21:36 -08:00
Book shu ff331f4eba
support flannel dual stack (#9564) 2022-12-13 20:47:35 -08:00
JSpon 94eae6a8dc
adjust calico-kube-controller to use hostNetwork when using etcd as datastore (#9573) 2022-12-13 20:41:34 -08:00
yanggang f8d6b54dbb
Add hashes for 1.25.5, 1.24.9, 1.23.15 and make v1.25.5 default (#9557) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-12-11 16:45:33 -08:00
emiran-orange 67c4f2d95e
Add XDG related Helm paths to be removed (#9561) 2022-12-10 03:59:40 -08:00
Mohamed Zaian 03fefa8933
[feat] Upgrade metrics server to v0.6.2 (#9554) 2022-12-10 03:55:40 -08:00
Fredrik Liv c8ec77a734
[containerd] Add config for unpriviledged ports and icmp (#9517) 
* [containerd] Add config for unpriviledged ports and icmp

* Updated to match true false variables of other setting
 2022-12-09 06:16:12 -08:00
Chad Swenson 4f32f94a51
Fix drain rescue task when `kube_override_hostname` is set (#9556) 
This fixes a task failure in the rescue block that uncordons nodes after an unsuccessful drain. The issue occurs when `kube_override_hostname` is set and does not match `inventory_hostname`.
 2022-12-08 16:02:11 -08:00
Chad Swenson 3dc384a17a
Allow `containerd-common` to execute multiple times per play (#9543) 
The `containerd-common` role is responsible for gathering OS specific variables from the vars directory of the roles that include or import it. `containerd-common` is imported via role dependency by a total of two roles, `container-engine/docker`, and `container-engine/containerd`.

containerd-common is needed by both the docker and containerd roles as a dependency when:
- containerd is selected as the container engine
- a docker install is detected and needs to be removed
- apt is the package manager

However, by default, roles can not be invoked more than once in the same play, unless `allow_duplicates: true` is set for that role. This results in the failure of the `containerd | Remove containerd repository` task, since only the docker vars will be loaded in the play, and `containerd_repo_info.repos`, normally populated by containerd/vars, is left empty.

This change sets `allow_duplicates: true` for `containerd-common` which fixes the currently failing containerd tasks if docker was detected and removed in the same play.
 2022-12-08 15:58:18 -08:00
Samuel Liu f1d0d1a9fe
[kube-ovn]: update version v1.10.7 (#9527) 
* [kube-ovn]: update version

* update readme
 2022-12-08 15:58:11 -08:00
Mohamed Zaian c036a7d871
Disable 'Check that IP range is enough for the nodes' when calico is used (#9491) 2022-12-08 10:44:23 -08:00
yanggang 6e63f3d2b4
follow containerd1.16.12 (#9551) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-12-08 07:36:24 -08:00
yanggang 09748e80e9
support containerd 1.6.11 (#9544) 2022-12-06 19:08:37 -08:00
Ugur Can Ozturk a0f41bf82a
[metrics_server]: Enabled HA mode by adding 'metrics_server_replicas'… (#9539) 
* [metrics_server]: Enabled HA mode by adding 'metrics_server_replicas' variable and adding podAntiAffinity rule

Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>

* [metrics_server]: added namespaces selector

Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>

Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>
 2022-12-06 18:22:38 -08:00
Douglas Landgraf 1a0b81ac64
reset: RedHat based distro with major version >=8 (#9537) 
During the reset, restart network was not completing in distros
like RHEL/CentOS/AlmaLinux with major version higher than 8.

Example:
kubespray> ansible-playbook -i inventory/mydomain/hosts.yml reset.yml -b -v
fatal: [mynode]: FAILED! => {"changed": false, "msg": "Could not find the requested service network: host"}

Signed-off-by: Douglas Schilling Landgraf <dlandgra@redhat.com>

Signed-off-by: Douglas Schilling Landgraf <dlandgra@redhat.com>
 2022-12-05 08:57:03 -08:00
ERIK 20d99886ca
Update etcd log-level parameter name (#9540) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-12-05 01:05:03 -08:00
Kay Yan b9fe301036
add-check-for-resolv-to-avoid-coredns-crash (#9502) 2022-12-01 22:37:54 -08:00
Kay Yan 30508502d3
update-nginx-version (#9506) 2022-12-01 21:51:55 -08:00
Mohamed Zaian bca601d377
[ingress-nginx] upgrade to 1.5.1 (#9532) 2022-12-01 21:45:54 -08:00
Mohamed Zaian 65191375b8
[etcd] make etcd 3.5.6 default (#9520) 2022-12-01 14:41:53 -08:00
ERIK a534eb45ce
Update calico image tag (#9529) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-12-01 03:18:27 -08:00
tu1h e796f08184
update dashboard image repo to remove arch flag (#9530) 
Signed-off-by: lihai.tu <lihai.tu@daocloud.io>

Signed-off-by: lihai.tu <lihai.tu@daocloud.io>
 2022-12-01 01:42:26 -08:00
Kenichi Omichi ed38d8d3a1
Add ingress-nginx check for updating README (#9533) 
To detect the version mismatch.
 2022-12-01 01:16:27 -08:00
Kay Yan 4db5e663c3
fix-mistake-regex-for-resolv-conf (#9523) 2022-11-30 03:48:56 -08:00
rtsp 529faeea9e
[cert-manager] Upgrade to v1.10.1 (#9512) 2022-11-29 07:17:26 -08:00
ERIK 47510899c7
Update the number of nofile limits in containerd (#9507) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-25 15:12:04 -08:00
蒋航 7c1ee142dd
update envoy image to v1.22.5 (#9513) 
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
 2022-11-23 19:26:05 -08:00
蒋航 25e86c5ca9
Update etcd image tag (#9516) 
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
 2022-11-23 18:22:04 -08:00
ERIK c41dd92007
Clean up cilium-init image (#9508) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-23 09:06:20 -08:00
ERIK a564d89d46
Update the tag of cilium hubble related images (#9509) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-21 20:14:14 -08:00
Kay Yan 6c6a6e85da
update-coredns-version (#9503) 2022-11-18 20:16:29 -08:00
Robin Wallace ed0acd8027
[openstack cloud controller] bump to v1.25.3 (#9500) 2022-11-18 04:26:31 -08:00
ERIK b9a690463d
Add docker support for openEuler linux (#9498) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-17 18:18:30 -08:00
ERIK c3986957c4
Update runsc checksum (#9493) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-16 00:52:48 -08:00
ERIK 8795cf6494
Add support for the OpenEuler Linux (#9494) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-16 00:48:49 -08:00
yanggang 80af8a5e79
upgrade containerd_version to 1.6.10 (#9492) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-11-15 03:58:41 -08:00
Sergey Putko 943107115a
disable Centos Extras repo creation for OL9 (#9483) 
Centos 9 doesn't exists, and Centos 9-stream also doesn't have extras repo.
 2022-11-14 16:28:41 -08:00
Mohamed Zaian f007c77641
[etcd] make etcd 3.5.5 default for k8s 1.23 , 1.24 (#9482) 2022-11-12 03:39:56 -08:00
yanggang 9439487219
Add hashes for 1.25.4, 1.24.8, 1.23.14 and make v1.25.4 default (#9479) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-11-10 20:00:09 -08:00
emiran-orange df6da52195
Enable check mode in DNS Cleanup tasks (#9472) 2022-11-10 19:58:09 -08:00
ERIK 8a654b6955
Add cni bin when installing calico (#9367) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-08 17:46:13 -08:00
Ilya Margolin 5a8cf824f6
[containerd] Simplify limiting number of open files per container (#9319) 
by setting a default runtime spec with a patch for RLIMIT_NOFILE.

- Introduces containerd_base_runtime_spec_rlimit_nofile.
- Generates base_runtime_spec on-the-fly, to use the containerd version
  of the node.
 2022-11-08 06:44:32 -08:00
emiran-orange 5c25b57989
Ability to define options for DNS upstream servers (#9311) 
* Ability to define options for DNS upstream servers

* Doc and sample inventory vars
 2022-11-08 06:44:25 -08:00
Olivier Lemasle 5d1fe64bc8
Update local-volume-provisioner (#9463) 
- Update and re-work the documentation:
  - Update links
  - Fix formatting (especially for lists)
  - Remove documentation about `useAlphaApi`,
    a flag only for k8s versions < v1.10
  - Attempt to clarify the doc
- Update to version 1.5.0
- Remove PodSecurityPolicy (deprecated in k8s v1.21+)
- Update ClusterRole following upstream
  (cf https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner/pull/292)
- Add nodeSelector to DaemonSet (following upstream)
 2022-11-07 15:28:17 -08:00
yanggang 0d6dc08578
upgrade argocd version 2.4.16 (#9467) 2022-11-06 18:04:16 -08:00
ERIK 40261fdf14
Fix iputils install failure in Kylin OS (#9453) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-06 17:54:16 -08:00
Cyclinder 590b4aa240
adjust calico-kube-controller to non-hostnetwork pod (#9465) 
Signed-off-by: cyclinder qifeng.guo@daocloud.io

Signed-off-by: cyclinder qifeng.guo@daocloud.io
 2022-11-06 17:34:17 -08:00
ausias-armesto 2a696ddb34
Adding metrics server to use host network (#9444) 
* Adding metrics server to use host network

* EXternalize value to a variable
 2022-11-06 02:38:15 -08:00
lijin-union d7f08d1b0c
remove the set_fact action which raise error in the CI (#9462) 2022-11-03 04:43:38 -07:00
Jiffs Maverick 4aa1ef28ea
Don't use coredns_server in dhclient.conf if nodelocaldns is enabled (#9392) 2022-11-03 02:45:36 -07:00
Fred Rolland 58faef6ff6
Flannel: fix init container image arch (#9461) 
The install-cni-plugin image was not updated to the corresponding
arch when building the different DS.

Fixes issue #9460

Signed-off-by: Fred Rolland <frolland@nvidia.com>

Signed-off-by: Fred Rolland <frolland@nvidia.com>
 2022-11-03 02:41:36 -07:00
yanggang ce751cb89d
add variable condition snapshot in vSphere CSI (#9429) 2022-11-02 00:22:46 -07:00
cleverhu 5cf2883444
add retry for start calico kube controller (#9450) 
Signed-off-by: cleverhu <shouping.hu@daocloud.io>

Signed-off-by: cleverhu <shouping.hu@daocloud.io>
 2022-11-02 00:18:45 -07:00
charlychiu 6bff338bad
fix: hubble relay tls error (#9457) 2022-11-02 00:14:46 -07:00
William Turner 1f54cef71c
Add variable to set direct routing on flannel VXLAN (#9438) 2022-10-31 13:16:45 -07:00
yanggang d00508105b
Removed PodSecurityPolicy from ingress-nginx (#9448) 2022-10-30 20:08:44 -07:00
lijin-union c272421910
Add UOS linux support (#9432) 2022-10-30 17:16:43 -07:00
biqiang Wu 78624c5bcb
When using cilium CNI, install Cilium CLI (#9436) 
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>

Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
 2022-10-30 17:02:45 -07:00
biqiang Wu c681435432
Add switch cilium_enable_bandwidth_manager (#9441) 
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>

Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
 2022-10-28 03:08:31 -07:00
杨刚 4d3f637684
Remove PodSecurityPolicies in Metallb for kubernetes 1.25 (#9442) 2022-10-27 21:46:30 -07:00
蒋航 990f87acc8
Update kube-vip to v0.5.5 (#9437) 
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
 2022-10-26 19:28:32 -07:00
William Turner eeb376460d
Fix inconsistent handling of admission plugin list (#9407) 
* Fix inconsistent handling of admission plugin list

* Adjust hardening doc with the normalized admission plugin list

* Add pre-check for admission plugins format change

* Ignore checking admission plugins value when variable is not defined
 2022-10-26 00:28:37 -07:00
Kay Yan ef707b3461
update-containerd-1.6.9 (#9427) 2022-10-25 16:34:37 -07:00
Mohamed Zaian 2af918132e
Update kubernetes dashboard to 2.7.0 (k8s 1.25 support) (#9425) 2022-10-24 18:32:36 -07:00
Mohamed Zaian b9b654714e
[nerdctl] upgrade to version 1.0.0 (#9424) 2022-10-24 18:28:35 -07:00
Mohamed Zaian fe399e0e0c
[etcd] add 3.5.5 hashes, make it default for k8s 1.25 (#9419) 2022-10-24 00:06:26 -07:00
杨刚 b192053e28
as argocd 2.4.15 is releasesd , update the version (#9420) 2022-10-23 20:34:24 -07:00
Wouter Goedhart 1901b512d2
Make the port of kube-vip dynamic based on the kube_apiserver_port (#9414) 
variable

Fix wrong referenced variable on bgp_peers

Fix bgp_peeras field to be a string

Set default value for bgp_peeras
 2022-10-23 18:00:24 -07:00
ERIK 9fdda7eca8
Fix iputils install failure in Kylin OS (#9416) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-10-21 04:53:51 -07:00
ERIK a68ed897f0
Update kubelet checksum (#9413) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-10-21 04:21:50 -07:00
Florian Ruynat 582ff96d19
Update docker version to 20.10.20 (#9410) 2022-10-20 18:45:15 -07:00
Kenichi Omichi 0374a55eb3
Specify securityContext for cert-manager (#9404) 
On hardening environments, cert-manager pods could not be created
from the corresponding deployments. This adds the securityContext
to solve the issue.
 2022-10-20 00:57:08 -07:00
Kay Yan ccbe38f78c
make-kube-1.25-default (#9364) 2022-10-20 00:56:57 -07:00
Vladimir 958840da89
Add var for control initialDelaySeconds in nginx ingress probe (#9405) 
Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>

Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>
 2022-10-19 21:20:56 -07:00
Cristian Calin 1530411218
use cri-o from upstream instead of kubic/OBS (#9374) 
* [cri-o] use cri-o from upstream instead of kubic/OBS

* [cri-o] add proper molecule coverage

* [skopeo] download skopeo from upstream build

* [cri-o] clean up legacy deployments

* disable cri-o per-distribution variables
 2022-10-19 05:47:05 -07:00
Mohamed Zaian 0f44e8c812
[ingress-nginx] upgrade to 1.4.0 (#9403) 2022-10-18 16:53:00 -07:00
Maxime Leroy d9c39c274e
fix(defaults): wrong cri_socket path for containerd (#9401) 2022-10-18 00:15:18 -07:00
Kenichi Omichi c38fb866b7
Update securityContext of netchecker (#9398) 
To run netchecker with necessary privilege,
this updates the securityContext.
 2022-10-17 19:11:18 -07:00
Mohamed Zaian 5ad1d9db5e
[kubernetes] Add hashes for 1.25.3, 1.24.7, 1.23.13 and make v1.24.7 default (#9397) 2022-10-17 05:59:07 -07:00
Kay Yan 32f3d92d6b
Remove PodSecurityPolicies in Calico (#9395) 2022-10-17 05:51:07 -07:00
Cristian Calin 23716b0eff
don't define kubeadm_patches by default (#9372) 2022-10-14 01:20:46 -07:00
Kay Yan 859df84b45
remove-psp-in-flannel (#9365) 2022-10-14 00:16:47 -07:00
Kay Yan 131bd933a6
Fix ensure ping package error in fedora CoreOS & Flatcar (#9370) 
* fix-ensure-package-in-coreos

* clean blank line
 2022-10-13 16:54:46 -07:00
Unai Arríen 52904ee6ad
Avoid MetalLB speaker image download when MetalLB speaker is disabled (#9248) 
* Avoid MetalLB speaker image download when metallb_speaker_enabled is set to

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Improve metallb_speaker_enabled default values
 2022-10-13 16:50:47 -07:00
ghostloda 547ef747da
fix helm install with password authentication (#9343) 2022-10-12 23:55:01 -07:00
ERIK bc5881b70a
Add the cilium hubble images to download role (#9376) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-10-12 23:45:00 -07:00
Kenichi Omichi f4b95d42a6
Add note for containerd oom_score (#9384) 
When we saw 0 as the default value of containerd_oom_score, we had
a question why the value was not -999.
This adds the note to explain it.
 2022-10-11 21:49:00 -07:00
Unai Arríen ef76a578a4
Change dns upstream condition for nodelocaldns (#9378) 2022-10-11 00:47:02 -07:00