c98e1d1b5b
add-kube-profile-to-scheduler ( #9993 )
2023-04-17 18:54:58 -07:00
0104396c50
use var: kube_apiserver_address ( #9967 )
2023-04-10 15:01:17 -07:00
e8f0fb82fe
fix-kube-bench-1.2.20 ( #9939 )
2023-03-29 09:35:49 -07:00
a676c106d3
change bash for loop for SAN check ( #9060 )
...
fix merge conflict
2023-03-27 06:36:30 -07:00
baed5f0b32
Remove deprecated udpIdleTimeout field in KubeProxyConfiguration ( #9925 )
2023-03-27 02:05:55 -07:00
eb4bd36f73
fix(kubernetes): Also apply kubeadm patches during upgrade ( #9781 )
2023-03-09 13:50:30 -08:00
fd8260b930
fix(upgrade-cluster): retry other masters upgrade ( #9768 )
...
Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
2023-03-03 05:44:58 -08:00
2c93c997cf
pre-commit autocorrected files ( #9750 )
2023-02-06 01:35:16 -08:00
2c2e608eac
fix(k8s-certs-renew): Use kube_apiserver_port instead of hard-coding ( #9620 )
...
Signed-off-by: Kevin Huang <git@kevin.huang.to>
Signed-off-by: Kevin Huang <git@kevin.huang.to>
2022-12-27 18:17:35 -08:00
791064a3d9
Allow custom timeout for kubeadm init ( #9617 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2022-12-27 00:53:28 -08:00
fc0d58ff48
fix-missing-control-plane-taint ( #9592 )
2022-12-19 15:57:43 -08:00
ee3b7c5da5
Use the correct api version and resourcer type. The current values work but do not match the documentation, which can be confusing. ( #9575 )
2022-12-15 01:21:35 -08:00
20d99886ca
Update etcd log-level parameter name ( #9540 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-12-05 01:05:03 -08:00
eeb376460d
Fix inconsistent handling of admission plugin list ( #9407 )
...
* Fix inconsistent handling of admission plugin list
* Adjust hardening doc with the normalized admission plugin list
* Add pre-check for admission plugins format change
* Ignore checking admission plugins value when variable is not defined
2022-10-26 00:28:37 -07:00
23716b0eff
don't define kubeadm_patches by default ( #9372 )
2022-10-14 01:20:46 -07:00
d689f57c94
Features/support kubeadm patches v1beta3 ( #9326 )
...
* Support kubeadm patches in v1beta3
* Update kubeadm patches sample files in inventory
* Fix pre-commit syntax
* Set kubeadm_patches enabled to false in sample inventory
2022-10-06 00:39:52 -07:00
841e2f44c0
Remove references to 1.22 ( #9342 )
2022-09-28 14:10:29 -07:00
b46ddf35fc
kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod ( #9223 )
...
* fix-kube-vip-strict-arp
* fix-kube-vip-strict-arp
2022-08-30 00:21:02 -07:00
30c77ea4c1
Add the option to enable default Pod Security Configuration ( #9017 )
...
* Add the option to enable default Pod Security Configuration
Enable Pod Security in all namespaces by default with the option to
exempt some namespaces. Without the change only namespaces explicitly
configured will receive the admission plugin treatment.
* Fix the PR according to code review comments
* Revert the latest changes
- leave the empty file when kube_pod_security_use_default, but add comment explaining the empty file
- don't attempt magic at conditionally adding PodSecurity to kube_apiserver_admission_plugins_needs_configuration
2022-08-18 01:16:36 -07:00
f592fa1235
add kube-vip sans ( #9099 )
2022-07-19 13:11:28 -07:00
1d0b3829ed
remove-etcd-unsupported-arch ( #9049 )
2022-07-04 05:39:24 -07:00
d4de9d096f
fix-the-issue-of-miss-the-etcd-user ( #9016 )
2022-06-28 09:13:58 -07:00
6bf3306401
Fixed concatenate str & int in auto_renew_certificates_systemd_calendar var ( #8979 )
2022-06-22 11:55:43 -07:00
97b4d79ed5
feat: make kubernetes owner parametrized ( #8952 )
...
* feat: make kubernetes owner parametrized
* docs: update hardening guide with configuration for CIS 1.1.19
* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
2022-06-17 01:34:32 -07:00
24c8ba832a
[kubernetes] drop support for configuring insecure apiserver
2022-06-15 00:57:20 -07:00
2cd8c51a07
[kubeadm] use v1beta3 configuration version
...
* extra admission controls now don't have a version in their file names
eventratelimit.v1beta2.yaml.j2 -> eventratelimit.yaml.j2
* cri_socket variable includes the unix:// prefix to be conformat with
upstream
2022-06-15 00:57:20 -07:00
ae1dcb031f
[kubernetes] drop pre 1.22.0 workarounds
2022-06-15 00:57:20 -07:00
dc1af5a9c5
[etcd] Add support for setting the request size limit ( #8849 )
...
* [etcd] Add extra documentation for `etcd_memory_limit` and `etcd_quota_backend_bytes`
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [etcd] Add support for setting ETCD_MAX_REQUEST_BYTES
Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-05-23 09:36:03 -07:00
42fc71fafa
[PodSecurityPolicy] Move the install of psp ( #8744 )
2022-05-09 09:21:19 -07:00
e7df4d3dd9
add support for `service-account-lookup` parameter ( #8781 )
...
* feat: add variable to manage service-account-lookup on kube-apiserver
* docs: add documentation about service-account-lookup variable
2022-05-06 00:39:07 -07:00
3e52a0db95
Add optional setting for ca data in auth webhook ( #8777 )
...
* Add optional setting for ca data in auth webhook
* add webhook token auth variables to sample inventory
2022-05-05 14:52:43 -07:00
fa1d222eee
add support for `EventRateLimit` plugin configuration ( #8711 )
...
* feat: add support for EventRateLimit admission plugin
* docs: add documentation about admission_control_config_file and EventRateLimit configuration
2022-05-02 11:03:15 -07:00
3261d26181
[etcd] ensure etcd is properly upgraded when managed by kubeadm ( #8722 )
...
* [etcd] ensure etcd is properly upgraded when managed by kubeadm
* [CI] add periodic job to test upgrade of etcd managed by kubeadm
2022-04-17 10:32:41 -07:00
30306d6ec7
Enable external CA mode for control-plane deployment ( #8620 )
2022-04-12 05:47:23 -07:00
bba91a7524
split kube_feature_gates variable for different kubernetes components ( #8677 )
...
* feat: split kube_feature_gates variable for different kubernetes components
* docs: add kube_feaute_gates componet variables
2022-04-05 05:39:37 -07:00
ee079f4740
fix(coredns): make sure to keep coredns repository namespace ( #8572 )
...
fix: regex
fix: wrong regex_replace usage
2022-02-24 01:01:33 -08:00
36393d77d3
Encrypting Secret Data at Rest ( #8574 )
...
* change default value for Encrypting Secret Data at Rest to secretbox, remove experimental flag and add documentation
* fix MD012/no-multiple-blanks
2022-02-23 03:04:18 -08:00
e9c8913248
Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable ( #8317 )
...
* Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* Add etcd kubeadm deployment documentation
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* Refactor warning for the deprecated 'etcd_kubeadm_enabled' variable
Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-02-22 08:53:16 -08:00
52f221f976
Adaptive Kube-ovn ( #8454 )
2022-01-27 01:08:10 -08:00
7c67ec4976
Fix kubectl call before installing it ( #8412 )
2022-01-12 23:12:29 -08:00
57a1d18db3
Improve first_kube_control_plane variable management to avoid installation failures due to variable overlapping ( #8388 )
2022-01-10 01:35:19 -08:00
92abf26d29
Ensure taint configuration for secondary control-plane nodes ( #8363 )
2022-01-05 23:56:28 -08:00
cb54eb40ce
Use a variable for standardizing kubectl invocation ( #8329 )
...
* Add kubectl variable
* Replace kubectl usage by kubectl variable in roles
* Remove redundant --kubeconfig on kubectl usage
* Replace unecessary shell usage with command
2022-01-05 02:26:32 -08:00
c1954ff918
Support deploying kubernetes 1.23 ( #8323 )
...
* Ensure entries for 1.23 are added for supported_versions vars
* cri-o: add support for kubernetes 1.23 but still use cri-o 1.22
* kubescheduler-config: diferentiate config versions based on kube_version
2021-12-21 01:38:46 -08:00
b49ae8c21d
Delete "kubeadm alpha certs" code ( #8322 )
...
"kubeadm alpha certs" command has been promoted to "kubeadm certs" command,
and "kubeadm alpha certs" has been deprecated since Kubernetes v1.20 as [1].
In addition, Kubespray supports Kubernetes v1.20+.
This delete the deprecated command for cleanup.
[1]: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.20.md#deprecation
2021-12-20 12:53:33 -08:00
27ab364df5
Improve control plane scale flow ( #13 ) ( #7989 )
...
* Improve control plane scale flow (#13 )
* Added version 1.20.10 of K8s
* Setting first_kube_control_plane to a existing one
* Setting first_kube_control_plane to a existing one
* change first_kube_master for first_kube_control_plane
* Ansible-lint changes
2021-12-06 00:16:32 -08:00
615216f397
Fix if bind-address is not set to 0.0.0.0 ( #8262 )
...
* if bind-address is not set to 0.0.0.0
* Update docs and left comments
* fix yamllist check: remove space
2021-12-05 23:58:32 -08:00
ee0f1e9d58
Update etcd-servers for apiserver ( #8253 )
2021-12-03 00:28:27 -08:00
424163c7d3
add gce support ( #8179 )
...
Author: lmercl <lubos.mercl@gmail.com>
Date: Wed Nov 10 15:30:04 2021 +0000
fix markdown
2021-11-16 08:58:28 -08:00
1a57780a75
Add kubeadm_join_phases_skip variable ( #8067 )
...
* Add kubeadm_join_phases_skip variable
* Update kubeadm_join_phases_skip comment
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
* Add kubeadm_join_phases_skip_default variable to follow the same logic with kubeadm_init_phases_skip
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2021-10-11 09:36:41 -07:00
Kay Yan
Samuel Liu
R. P. Taylor
HirazawaUi
Marijn van der Giesen
Maxime Leroy
Bas
Kevin Huang
tu1h
Lukas Najman
ERIK
William Turner
Cristian Calin
Huang Chen-Yi
Florian Ruynat
Tomas Zvala
Alessio Greggi
Calin Cristian Andrei
Necatican Yıldırım
Robin Wallace
David Louks
Julien Le Fur
Nicolas Goudry
Alex
华忠啊
Unai Arríen
Max Gautier
Kenichi Omichi
Alvaro Campesino
Hanna Bledai
Lubos Mercl