Commit Graph

878 Commits (3a3addb91e88d8209c36ade0931578e03990169c)

Author SHA1 Message Date
杨刚 4d3f637684
Remove PodSecurityPolicies in Metallb for kubernetes 1.25 (#9442) 2022-10-27 21:46:30 -07:00
Mohamed Zaian 2af918132e
Update kubernetes dashboard to 2.7.0 (k8s 1.25 support) (#9425) 2022-10-24 18:32:36 -07:00
杨刚 b192053e28
as argocd 2.4.15 is releasesd , update the version (#9420) 2022-10-23 20:34:24 -07:00
Kenichi Omichi 0374a55eb3
Specify securityContext for cert-manager (#9404)
On hardening environments, cert-manager pods could not be created
from the corresponding deployments. This adds the securityContext
to solve the issue.
2022-10-20 00:57:08 -07:00
Vladimir 958840da89
Add var for control initialDelaySeconds in nginx ingress probe (#9405)
Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>

Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>
2022-10-19 21:20:56 -07:00
Mohamed Zaian 0f44e8c812
[ingress-nginx] upgrade to 1.4.0 (#9403) 2022-10-18 16:53:00 -07:00
Kenichi Omichi c38fb866b7
Update securityContext of netchecker (#9398)
To run netchecker with necessary privilege,
this updates the securityContext.
2022-10-17 19:11:18 -07:00
Unai Arríen 52904ee6ad
Avoid MetalLB speaker image download when MetalLB speaker is disabled (#9248)
* Avoid MetalLB speaker image download when metallb_speaker_enabled is set to

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Improve metallb_speaker_enabled default values
2022-10-13 16:50:47 -07:00
ghostloda 547ef747da
fix helm install with password authentication (#9343) 2022-10-12 23:55:01 -07:00
Unai Arríen ef76a578a4
Change dns upstream condition for nodelocaldns (#9378) 2022-10-11 00:47:02 -07:00
Piotr Kowalczyk 3b99d24ceb
Fix: install calico-kube-controller on kdd (#9358)
* Fix: install policy controller on kdd too

* Remove the calico_policy_version condition altogether

* Install policy controller both on canal and calico under same condition
2022-10-10 19:45:01 -07:00
Kay Yan 4701abff4c
upgrade-api-version-for-PodDisruptionBudget (#9369) 2022-10-10 17:51:02 -07:00
Kevin Huang c346e46022
fix(cinder-csi-nodeplugin): Remove the pods-cloud-data volume (#9362) 2022-10-08 01:23:19 -07:00
Hugo Blom a8e4984cf7
Add missing permissions to openstack cc (#9335)
Add missing permissions to Openstack cloud controller to make sure controller runs as intended
2022-09-27 22:19:35 -07:00
Federico Cucinella e486151aea
cloud-provider-openstack: upgrade 1.22.0 to 1.23.4 (#9332) 2022-09-26 17:35:46 -07:00
Robin Wallace c4de3df492
upcloud csi driver: bump version to v0.3.3 (#9317) 2022-09-24 13:18:04 -07:00
Florian Ruynat 4ad67acedd
Move back vsphere csi to kube-system ns (#9312) 2022-09-23 10:46:26 -07:00
Kay Yan 1b3c2dab2e
add_max_concurrent_in_coredns (#9307) 2022-09-22 04:27:03 -07:00
pingrulkin a2e23c1a71
vsphere-csi: add nodeAffinity to daemonset (#9293) 2022-09-19 17:47:22 -07:00
Mohamed Zaian a71da25b57
[argocd] update argocd to v2.4.12 (#9297) 2022-09-19 17:37:22 -07:00
Vadim 5ac614f97d
fix duplicate field in ingress-nginx template (#9285) 2022-09-19 03:03:22 -07:00
ErmalKristo b8b8b82ff4
Adds support for multiple architectures to yq (#9288) 2022-09-19 02:14:38 -07:00
Mahdi Abbasi 023b16349e
Add variable for the vsphere-csi namespace (#9278) 2022-09-15 02:01:23 -07:00
ghostloda f3fb758f0c
Remove useless file (#9258) 2022-09-07 17:10:49 -07:00
Michael Schmitz be2bfd867c
Add Support for Rewrite Plugin to CoreDNS/NodelocalDNS (#9245) 2022-09-03 16:16:35 -07:00
Ho Kim e31890806c
Add 'avoid-buggy-ips' support of MetalLB (#9166) 2022-08-18 21:49:51 -07:00
Piotr Kowalczyk 49d869f662
Fix CSI drivers issues on Azure (#9153)
* Include missing azuredisk rbac manifest

* Remove missing azure csi manifest

* Remove invalid reference mount to waagent settings

* Use cloud-config secret instead of /etc/kubernetes/cloud_config file
2022-08-18 00:56:36 -07:00
ERIK 9ad2d24ad8
Add unsafe_show_logs switch (#9164)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-08-16 18:52:48 -07:00
Cristian Calin 8585134db4
when ingress-nginx is deployes without a class, we need to use 'ingress-controller-leader' resource instead of the default 'ingress-controller-leader-nginx' (#9156) 2022-08-09 04:52:50 -07:00
Aveline 06f8368ce6
Fix Hetzner CCM cluster-cidr (#9127) 2022-07-30 20:18:27 -07:00
rtsp b3876142d2
[cert-manager] Upgrade to v1.9.0 (#9117) 2022-07-29 00:11:11 -07:00
Mohamed Zaian 9f11946f8a
[argocd] update argocd to v2.4.7 (#9105) 2022-07-27 09:32:29 -07:00
Mohamed Zaian ce04fdde72
[ingress-nginx] upgrade to 1.3.0 (#9088)
* This release removes support for Kubernetes v1.19.0
* This release adds support for Kubernetes v1.24.0
* Starting with this release, we will need permissions on the coordination.k8s.io/leases resource for leaderelection lock
2022-07-14 18:46:25 -07:00
Peter Pan 14063b023c
Extend DNS memory limit. 170Mi tents to OOM (#9084) 2022-07-13 00:03:37 -07:00
Samuel Liu d821bed2ea
Fix some typo (#9056)
* fix ingress controller task name

* fix calico word

* add check typo
2022-07-11 09:49:48 -07:00
yasintahaerol 6d543b830a
Fix vcloud-csi bug related to #9046 (#9066)
* Fix vcloud-csi bug related to #9046

Signed-off-by: yasintahaerol <yasintahaerol@gmail.com>

* add supervisor-fss-namespace=kube-system flag to vsphere-csi-controller-deployment

Signed-off-by: yasintahaerol <yasintahaerol@gmail.com>
2022-07-07 10:31:35 -07:00
Emin AKTAS 4607ac2e93
fix(vsphere-csi): remove namespace env variable and set namespace as kube-system (#9046)
Signed-off-by: eminaktas <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>

Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2022-07-06 01:00:50 -07:00
Mohamed Zaian 51195212b4
[argocd] update argocd to v2.4.3 (#9050) 2022-07-05 08:22:47 -07:00
忘尘 1562a9c2ec
add missing verbs (#9032) 2022-06-29 00:18:05 -07:00
Samuel Liu e8ccbebd6f
add ingress nginx webhook (#9033)
* add ingress nginx webhook

* fix ingress nginx template
2022-06-28 11:55:35 -07:00
Robin Wallace 79f6cd774a create snapshot-controller only if needed 2022-06-22 00:37:44 -07:00
Sébastien Masset 9d5d945bdb
[MASTER] Add missing configuration for extra tolerations (#8908)
* Added new configuration item for extra tolerations in policy controllers

Signed-off-by: Sébastien Masset <smt.masset@gmail.com>

* Added new configuration item for extra tolerations in DNS autoscaler

Signed-off-by: Sébastien Masset <smt.masset@gmail.com>

* Aligned existing handling of extra DNS tolerations

Signed-off-by: Sébastien Masset <smt.masset@gmail.com>
2022-06-20 01:36:06 -07:00
Calin Cristian Andrei 2de5c4821c [calico] clean up workarounds for older versions 2022-06-15 00:57:20 -07:00
orange-llajeanne 2fba94c5e5
fix a typo in the "matallb_auto_assign" variable name (#8949)
* fix a typo in the "matallb_auto_assign" variable name

* add metallb check to fail when deprecated "matallb_auto_assign" variable is defined
2022-06-13 09:40:12 -07:00
Steffen Becker 6b43d6aff2
Proposed fix to Issue 8667 (#8944)
Proposed fix to Issue 8667

Proposed fix to Issue 8667
2022-06-09 23:37:46 -07:00
Mohamed Zaian bb530da5c2 [registry] Switch registry to use registry.k8s.io
Please see the conversation here: https://groups.google.com/a/kubernetes.io/g/dev/c/DYZYNQ_A6_c
2022-06-08 14:12:22 +02:00
Mohamed Zaian b2346cdaec
[feat] Upgrade metrics server to v0.6.1 (#8909)
* Metrics Server now requires access to nodes/metrics RBAC resource instead of nodes/stats. See: https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.0
* Minimize rbac permissions.
2022-06-06 07:34:37 -07:00
Samuel Liu 1600fd9082
clean up tags (#8880) 2022-05-31 07:52:53 -07:00
irizzant 85bd1eea27
fix(calico): add missing "get" verb (#8847)
Signed-off-by: irizzant <i.rizzante@gmail.com>
2022-05-21 01:20:00 -07:00
David Louks 93fe3e06ef
Add support for including annotations on aws-ebs-csi-controller (#8779)
* Add support for including annotations on aws-ebs-csi-controller

* update comment to specify role arn
2022-05-20 15:00:00 -07:00
Samuel Liu a28b58dbd0
[calico]use ipamconfig instead of calico ipam command (#8839)
* use ipamconfig instead of calico ipam command

* fix ansible lint
2022-05-19 11:13:20 -07:00
orange-llajeanne a26a9ee14f
set apparmor_enabled in netchecker task (#8844) 2022-05-19 10:49:21 -07:00
weizhoublue b289f533b3
get wrong server name of coredns (#8811)
Signed-off-by: weizhou.lan@daocloud.io <weizhou.lan@daocloud.io>
2022-05-12 08:33:14 -07:00
Oogy 5684610a55
Support metallb peer password (#8792)
* support metallb peer password

* add MetalLB BGP password example
2022-05-11 21:39:15 -07:00
spaced bb67b654c5
local volume provisioner should not run on control plane nodes by default (#8805) 2022-05-10 19:04:24 +03:00
Robin Wallace b715500b48
csi: bump upcloud csi driver (#8784) 2022-05-09 10:43:19 -07:00
Robin Wallace 42fc71fafa
[PodSecurityPolicy] Move the install of psp (#8744) 2022-05-09 09:21:19 -07:00
Victor Morales 02b6e4833a
Update Kata Containers runtime (#8797)
* Update Kata containers binary to 2.4.1 version

* Update overhead kata runtime values

* Fix kata-qemu default values in CRI-O
2022-05-08 17:01:18 -07:00
Lubos Mercl c20ab7d987
add fix for GCP CSI driver (#8616)
Signed-off-by: Lubos Mercl <lubos.mercl@gmail.com>
2022-05-03 08:55:56 -07:00
Mulugeta Ayalew Tamiru 3f065918d9
Update verbs for volumeattachments resource (#8731)
* Update verbs for volumeattachments resource

Update verbs for volumeattachments resource so that the kubelet can create volumeattachments and mount volumes when deploying Kubernetes on VMware vSphere.

* Update verbs for volumeattachments resource

Update verbs for volumeattachments resource to match upstream

* Update vsphere-csi-controller-rbac.yml.j2
2022-04-22 00:04:13 -07:00
Mathieu Parent c98a0a448f
metallb: Add images to downloads (#8715)
For offline mode
2022-04-14 10:06:46 -07:00
Robin Wallace d7254eead6
UpCloud integration (#8653)
* [upcloud] add upcloud csi-driver

* Option to use ansible_host as api ip for kubueconfig
2022-04-11 15:13:23 -07:00
Anthony Bible 9dced7133c
Fixes for Hetzner terraform and Hetzner Cloud (#8702)
* - add ability to specify the network_zone in hetzner terraform
- Export the network id from hetzner terraform the the generated inventory.ini

* - Add with_networks variable to allow different deployments of hcloud controller manager

- Add network id to hcloud controller secret (added via the inventory)

- Don't include extra_args if it's not set
2022-04-11 10:26:06 -07:00
rtsp 0481dd946f
[cert-manager] Upgrade to v1.8.0 (#8688) 2022-04-06 00:52:57 -07:00
Cristian Calin cefd1339fc
[vsphere_csi] update to 2.5.1 and make external_vsphere_version 7.0u1 by default (#8676) 2022-04-04 01:08:11 -07:00
rtsp a67e36703f
Update cert-manager to v1.7.2 (#8648) 2022-03-26 04:53:22 -07:00
Fredrik Liv ffa285c2e7
Fixed cluster roles for openstack cloud controller (#8638) 2022-03-21 06:19:21 -07:00
Fredrik Liv af7066d33c
Updated openstack cloud controller version to v1.22.0 (#8629)
* Updated openstack cloud controller version to match kubernetes version

* Rolled back file structure change
2022-03-18 01:47:16 -07:00
spaced 2b79be68e7
fix typo and duplicated declaration of ingressclasses (#8591) 2022-03-12 23:36:23 -08:00
Maciej Wereski 51821a811f
MetalLB: update to v0.12.1 (#8593)
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
2022-03-03 08:49:48 -08:00
kakkotetsu 3effb008c9
improve validation conditions for MetalLB BGP Peers (#8568) 2022-02-22 23:12:18 -08:00
cyril-corbon 418fc00718
fix: kube-dns service deletion (#8565)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-02-21 02:48:11 -08:00
Tony Fouchard 1d635e04e4
Allow to specify a source address for metallb peerings, and target only some nodes using node selectors (#8534) 2022-02-15 13:57:19 -08:00
Byeonggon Lee 5695c892d0
Fix wrong port name in metallb.yml.j2 (#8510) 2022-02-07 09:43:45 -08:00
cyril-corbon 790448f48b
feat: update cert-manager to 1.7.0 (#8491)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-02-03 17:24:00 -08:00
Tristan 92d612c3e0
8487: Allow override of default CoreDNS zone cache (#8488)
Using the coredns_cluster_zone_cache_block variable
2022-02-01 00:48:18 -08:00
Ilya Margolin 2bbe5732b7
Add node label to etcd metrics (#8475)
targetRef on endpoints surfaces as
__meta_kubernetes_endpoint_address_target_kind/__meta_kubernetes_endpoint_address_target_name
in prometheus and gets converted to the label `node` by
prometheus-operator
2022-01-31 06:08:23 -08:00
cyril-corbon d31db847b7
feat: update local path to v0.0.21 (#8492) 2022-01-31 01:08:24 -08:00
cyril-corbon 9fce9ca42a
feat: upgrade azuredisk csi to v1.10.0 (#8432)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-24 00:41:56 -08:00
Victor Morales e88aa7c96b
Add youki runtime support (#8411) 2022-01-21 14:01:07 -08:00
Johann Schley 38d129a0b6
add external hcloud cloud controller manager (#8440) 2022-01-20 12:31:09 -08:00
onock 392815d97c
[cert-manager] Fix missing RBAC rules for ClusterRole cert-manager-cainjector kubernetes-sigs#8104. (#8444) 2022-01-20 12:17:09 -08:00
rtsp e791089466
cert-manager: Fix incorrect leader election namespace lead to insufficient permission (#8433) 2022-01-17 02:37:29 -08:00
Samuel Liu 1a69f8c3ad
parameterized snaphot controller namespaces (#8305)
* Parameterized snaphot controller namespaces

* add ns yml

* add docs

* namespace
2022-01-14 12:58:26 -08:00
rtsp ccd3180a69
cert-manager: Allow to change leader election namespace for GKE Autopilot support (#8424)
More information:

- kubernetes-sigs/kubespray#8393
- jetstack/cert-manager#4102
- jetstack/cert-manager#3717
2022-01-14 12:54:26 -08:00
cyril-corbon 01dcbc18ac
feat: upgrade metallb to v0.11.0 (#8420)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-14 05:22:28 -08:00
cyril-corbon 86953b2ac4
fix: add tolerations / affinity to cert-manager (#8389)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-11 09:14:26 -08:00
Kenichi Omichi 73c889eb10
Fix failures of ansible-lint (#8401)
This fixes the following types of failures:
- empty-string-compare
- literal-compare
- risky-file-permissions
- risky-shell-pipe
- var-spacing

In addition, this changes .gitlab-ci/lint.yml to block the same issue
by using the same method at Kubespray CI.
2022-01-11 00:45:16 -08:00
Kenichi Omichi f80fd24a55
Fix risky-file-permissions (#8370)
When running ansible-lint directly, we can see a lot of warning
message like

  risky-file-permissions File permissions unset or incorrect

This fixes the warning messages.
2022-01-09 01:51:12 -08:00
Victor Morales 52266406f8
Bump cert-manager version to v1.6.1 (#8377) 2022-01-07 16:45:34 -08:00
cyril-corbon cd601c77c7
feat: upgrade metrics server to v0.5.2 (#8338)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-07 08:18:33 -08:00
Florian Ruynat 6abae713f7
Update helm / kube-router and coredns (#8382)
* Update kube-router to 1.4.0

* Update Helm to 3.7.2

* Up coredns to 1.8.6 when k8s is 1.23.x
2022-01-06 12:14:27 -08:00
Max Gautier cb54eb40ce
Use a variable for standardizing kubectl invocation (#8329)
* Add kubectl variable

* Replace kubectl usage by kubectl variable in roles

* Remove redundant --kubeconfig on kubectl usage

* Replace unecessary shell usage with command
2022-01-05 02:26:32 -08:00
Unai Arríen 0e98814732
Configure PriorityClassName for MetalLB deployment (#8362) 2022-01-04 08:20:52 -08:00
zhengtianbao c3c128352f
Remove registry-proxy (#8327) 2021-12-21 23:55:35 -08:00
zhengtianbao 02a89543d6
registry: add ingress support (#8311) 2021-12-21 10:20:46 -08:00
Antoine Gatineau 6aafb9b2d4
fix bad indentation (#8314) 2021-12-17 07:36:29 -08:00
zhengtianbao aa9b8453a0
registry: service add clusterIP, nodePort, loadBalancer support (#8291)
* registry: service add clusterIP, nodePort, loadBalancer support

* modify camelcase name to underscore

* Add registry service type compatibility check
2021-12-15 00:18:19 -08:00
Cristian Calin 0e969c0b72
vSphere-CSI: update to 2.4.0 (#8295) 2021-12-10 11:07:23 -08:00
Steven Reitsma b396801e28
Update Cinder CSI to v1.22 (#8296) 2021-12-10 10:49:11 -08:00