Commit Graph

5090 Commits (3ec2e497c62175471f0491593dd28c303b527cb4)

Author SHA1 Message Date
Barry M 3ec2e497c6
Update kubelet-csr-approver to v1.1.0 (#11070)
Signed-off-by: bmelbourne <barry.melbourne0@gmail.com>
2024-04-10 18:57:02 -07:00
Mathieu Parent 7844b8dbac
Promote nodelocaldns daemonset to system-node-critical (#11056)
As upstream
2024-04-09 19:48:01 -07:00
kyrie e87040d5ba
change debian8 network manage service from networking to systemd-networkd (#11058)
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
2024-04-09 06:50:39 -07:00
Sergey b2cce8d6dc
force update helm repo if exists on host (#11043) 2024-04-08 19:02:48 -07:00
Robert Volkmann 3067e565c0
Fix calico host local ipam (#11022)
* Prevent upgrade-ipam for host-local IPAM

Otherwise, the init container upgrade-ipam would clear the state of the host-local plugin, potentially causing it to reassign IPs that are still in use.

* USE_POD_CIDR required for host-local

4efd1bfd91/charts/calico/templates/calico-node.yaml (L279)
4efd1bfd91/charts/calico/templates/calico-typha.yaml (L133)
2024-04-03 00:52:31 -07:00
Nicolas Goudry c6fcbf6ee0
Remove access to cluster from anonymous users (#11016)
* feat: add user facing variable with default

* feat: remove rolebinding to anonymous users after init and upgrade

* feat: use file discovery for secondary control plane nodes

* feat: use file discovery for nodes

* fix: do not fail if rolebinding does not exist

* docs: add warning about kube_api_anonymous_auth

* style: improve readability of delegate_to parameter

* refactor: rename discovery kubeconfig file

* test: enable new variable in hardening and upgrade test cases

* docs: add option to config parameters

* test: multiple instances and upgrade
2024-04-02 23:54:12 -07:00
ERIK fdf5988ea8
revert crictl version (#11042)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2024-04-01 18:43:53 -07:00
Kay Yan a7d42824be
Merge pull request #11036 from mzaian/etcd-3512
[etcd] make etcd 3.5.12 default
2024-04-01 14:57:48 +08:00
peterw 9ef6678b7e
configure crio to use kube reserved cgroups (#11028) 2024-03-31 22:21:33 -07:00
Mohamed Omar Zaian 70a54451b1 [etcd] make etcd 3.5.12 default 2024-03-30 05:01:01 +01:00
Max Gautier c6758fe544
Cleanup of kubernetes/preinstall (#11010)
* Move fedora ansible python install to bootstrap-os

* /bin/dir is set in bootstrap-os

* Removing ansible_os_family workarounds

Support for these distributions was merged in Ansible, no need to
override it ourselves now.
https://github.com/ansible/ansible/pull/69324 openEuler
https://github.com/ansible/ansible/pull/77275/ UnionTech OS Server 20
https://github.com/ansible/ansible/pull/78232/ Kylin

* Don't unconditionnaly set VARIANT_ID=coreos in os-release

WTF, this is so wrong.
Furthermore, is_fedora_coreos is already handled in boostrap-os

* Handle Clearlinux generically

Followup of 4eec302e86 (since we're using
package module anyway, let's get rid of the custom task)
2024-03-28 15:17:52 -07:00
itayporezky 10315590c7
Change hard-coded URLs to use variables (#11031) 2024-03-27 20:44:25 -07:00
Mohamed Omar Zaian 03ac02afe4
[kubernetes] Add hashes for kubernetes 1.29.3, 1.28.8, 1.27.12 (#11035) 2024-03-27 12:30:27 -07:00
Arthur Outhenin-Chalandre fd83ec9d91
kubespray-defaults: regenerate checksums and bump various versions (#10999)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2024-03-27 06:02:53 -07:00
Max Gautier c58497cde9
Refactor bootstrap-os (#10983)
* Remove leftover files for Coreos

Coreos was replaced by flatcar in 058438a25 but the file was copied
instead of moved.

* Remove workarounds for resolved ansible issues

* boostrap: Use first_found to include per distro

Using directly ID and VARIANT_ID with first_found allow for less manual
includes.
Distro "families" are simply handled by symlinks.

* boostrap: don't set ansible_python_interpreter

- Allows users to override the chosen python_interpreter with group_vars
  easily (group_vars have lesser precedence than facts)
- Allows us to use vars at the task scope to use a virtual env

Ansible python discovery has improved, so those workarounds should not
be necessary anymore.
Special workaround for Flatcar, due to upstream ansible not willing to
support it.
2024-03-27 05:58:53 -07:00
kyrie baf4842774
make kube-vip LeaderElection variables configurable (#11021)
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
2024-03-25 02:24:57 -07:00
Tom M e7d29715b4
Add kubelet_cpu_manager_policy_options (#11023) 2024-03-22 12:21:39 -07:00
ERIK 30da721f82
fix: config hostname as string type in kubeadmConf rendering (#10997)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2024-03-22 03:54:25 -07:00
Gary Miguel a1cf8291a9
spelling: scrapper -> scraper (#11015) 2024-03-15 07:34:30 -07:00
Max Gautier 7f6ca804a1
Upgrade ansible-core to 2.16.4 (#10984)
* upgrade ansible version

Needed for with_first_found to work correctly:
https://github.com/ansible/ansible/issues/70772 fixed in 2.16

* Remove unused google cloud cloud_playbook

* Fix dpkg_selection on non-existing packages

Needed since ansible-core>2.16, see:
f10d11bcdc
2024-03-14 02:12:45 -07:00
Clement Phu eff331ad32
Upgrade Nerdctl version to 1.7.4 (#10968) 2024-03-11 13:35:07 -07:00
Max Gautier 71fa66c08d
Delete old leftover script (#10996) 2024-03-11 13:28:00 -07:00
Ricky Kwan 69bf6639f3
Fix typo in selector (#10994) 2024-03-11 03:07:37 -07:00
Noam c275b3db37
update checksum for crio 1.29.1 (#10952)
* update checksum for crio 1.29.1

* update crio bin's names

* crio_conmon for 1.29

* remove unrequired change
2024-03-11 02:56:35 -07:00
Mohamed Omar Zaian 66eaba3775
[calico] Add hashes and make v3.27.2 default (#10960) 2024-03-10 00:20:17 -08:00
Kay Yan 90b0151caf
support node feature discovery (#10861)
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
2024-03-05 08:36:08 -08:00
Clement Phu 04e40f2e6f
Add configuration to create cilium CNI plugin file when cilium>=1.14.0 (#10966) 2024-03-02 20:56:06 -08:00
Clement Phu 7a9def547e
Upgrade Helm to v3.14.2 (#10967) 2024-02-27 18:10:19 -08:00
Ludovic Logiou 26034b296e
Bump cinder-csi version and switch container registry (#10894)
* Bump cinder-csi version and switch container registry

Signed-off-by: Ludovic Logiou <ludovic.logiou@gmail.com>

* Update roles/kubespray-defaults/defaults/main/download.yml

Co-authored-by: Mohamed Omar Zaian <mohamedzaian@gmail.com>

---------

Signed-off-by: Ludovic Logiou <ludovic.logiou@gmail.com>
Co-authored-by: Mohamed Omar Zaian <mohamedzaian@gmail.com>
2024-02-22 05:06:40 -08:00
Ricky Kwan 5d822ad8cb
Support overriding cni directory owner (#10929) 2024-02-19 02:58:11 -08:00
ABW a0d2bda742
feat/add default ingress-nginx service (#10925)
feat/add default ingress-nginx service

feat/add default ingress-nginx service

feat/add default ingress-nginx service
2024-02-19 02:47:36 -08:00
R. P. Taylor 9442f28c60
do not disable SELinux surreptitiously (#10920) 2024-02-17 20:17:40 -08:00
Max Gautier 65b0604db7
download: Remove deleted kubeadm config field (#10931) 2024-02-16 05:08:43 -08:00
Mohamed Omar Zaian 082ac10fbb
[kubernetes] Add hashes for kubernetes 1.29.2, 1.28.7, 1.27.11 (#10919) 2024-02-16 01:40:58 -08:00
Max Gautier bf42ccee4e
Fix ingress-nginx controller election (#10913)
Under the original code, leader election failed for ingress controllers
as a result of mismatch between election-id in the controller config,
and the resourceName in the relevant rule of role 'ingress-nginx'.
This appeared in the controller logs.

To fix the issue, a command-line option was added to container
execution (--election-id=...).

Now, the election-id agrees with the resourceName provided in
the role-ingress-nginx.yml file. A comment in that file was
changed to reflect the new logic.

Co-authored-by: Vasilis Samoladas <vsam@softnet.tuc.gr>
Co-authored-by: Mohamed Omar Zaian <mohamedzaian@gmail.com>
2024-02-12 02:58:45 -08:00
Kundan Kumar bfbb3f8d33
updated ingress controller version (#10868) 2024-02-12 01:11:03 -08:00
Max Gautier ffda3656d1
Enable containerd 'discard_unpacked_layers' by default (#10905)
* containerd: Remove redundant 'default' filters

* containerd: enable 'discard_unpacked_layers' by default

This should help with containerd disk usage
2024-02-09 06:33:16 -08:00
Max Gautier f5474ec6cc
Don't try to set permissions recursively on cache+staging directory (#10900)
This should avoid permissions problems when the user creating the
directory and the user creating the content are different (when
containers images are saved by root for instances, because the user
can't use the container runtime).
2024-02-09 06:04:28 -08:00
Max Gautier 4b0a134bc9
Only download kubeadm images where needed (#10899)
* Refactor of kubeadm images listing

Instead of setting multiples facts, we directly create the dict we need from
kubeadm output.

* Remove useless 'default' filters in roles/download

* Only download kubeadm images where needed
2024-02-08 02:14:45 -08:00
flxbwr ad565ad922
Fix waiting for MetalLB controller (#10858)
The current state waiting method is bad to implement.
When changing the deployment version, which is execute with the upgrade_cluster in the previous ansible task: "Kubernetes Apps | Install and configure MetalLB", next ansible task: "Kubernetes Apps | Wait for MetalLB controller to be running" may fall with an error.
2024-02-06 02:58:59 -08:00
Max Gautier 6f419aa18e
Revert "implement download mirrors support (#8474)" (#10884)
This reverts commit c6e5314fab.

There is no user of the download mirrors support in kubespray, for a
long time.
2024-02-06 00:48:29 -08:00
anders-elastisys c698790122
add nat_outgoing_ipv6 to calico defaults and docs (#10866) 2024-02-05 23:14:22 -08:00
Gianmarco Mameli 989ba207e9
task description modified (#10875) 2024-02-05 07:59:04 -08:00
Max Gautier f2bdd4bb2f
Fix logical error when checking for boostrap-os (#10867)
Also remove some clutter along the way.
2024-02-05 07:58:55 -08:00
Kay Yan c9a44e4089
make docker 24.0 default (#10873)
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
2024-02-04 21:55:19 -08:00
kyrie 0dbde7536f
make containerd 1.7.12 default and upgrade runc to v1.1.11 (#10862)
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
2024-02-01 04:06:08 -08:00
Victor Login 8d53c1723c
bump coredns version to 1.11.1 (#10719)
* update version coredns 1.11.1

* Update roles/kubespray-defaults/defaults/main/download.yml

Co-authored-by: Mohamed Omar Zaian <mohamedzaian@gmail.com>

---------

Co-authored-by: Mohamed Omar Zaian <mohamedzaian@gmail.com>
2024-02-01 03:28:20 -08:00
Mohamed Omar Zaian dce68e6839
[feat] Update metrics server to v0.7.0 (#10856) 2024-01-31 05:13:26 -08:00
Takuya Murakami 785366c2de
[kubernetes] Support kubernetes 1.29 (#10820)
* [kubernetes] Make kubernetes 1.29.1 default

* [cri-o]: support cri-o 1.29

Use "crio status" instead of "crio-status" for cri-o >=1.29.0

* Remove GAed feature gates SecCompDefault

The SecCompDefault feature gate was removed since k8s 1.29
https://github.com/kubernetes/kubernetes/pull/121246
2024-01-31 00:57:23 -08:00
Saber 1d119f1a3c
Fixed grammar (#10853) 2024-01-29 17:46:58 -08:00