Kay Yan
deb532ce27
fix-kube-bench-4.1.1 ( #9934 )
2023-03-27 21:48:22 -07:00
Anton
1bb4f88af1
cilium: Additional fix the configuration of tls for hubble #9880 ( #9932 )
2023-03-27 08:48:27 -07:00
Mathias Petermann
dcc04e54f3
fix(cert manager): Fix manifest if cert_manager_trusted_internal_ca is provided ( #9922 )
2023-03-27 08:12:28 -07:00
xiuguang.huang
4020a93d7e
delete the probe option of cilium_kube_proxy_replacement ( #9929 )
2023-03-27 08:08:28 -07:00
R. P. Taylor
a676c106d3
change bash for loop for SAN check ( #9060 )
...
fix merge conflict
2023-03-27 06:36:30 -07:00
HirazawaUi
baed5f0b32
Remove deprecated udpIdleTimeout field in KubeProxyConfiguration ( #9925 )
2023-03-27 02:05:55 -07:00
Toru Komatsu
8afd74ce1f
cilium: Fix the configuration of tls for hubble ( #9880 )
...
Signed-off-by: utam0k <k0ma@utam0k.jp>
2023-03-24 01:10:31 -07:00
Maxime Picaud
f6e4a231cb
fix(download): validate mirrors on localhost ( #9669 )
2023-03-23 08:04:32 -07:00
Toru Komatsu
3a5f5692ca
Cilium v1.13.0 ( #9879 )
...
Signed-off-by: utam0k <k0ma@utam0k.jp>
2023-03-23 01:20:23 -07:00
Jiri Fiala
9b37699d0d
Cilium Operator replicas configuration ( #9894 )
...
Signed-off-by: Fiala, JiriX <jirix.fiala@intel.com>
2023-03-22 08:28:38 -07:00
Kay Yan
cc382f2412
haproxy-proxy-ipv6 ( #9674 )
2023-03-22 05:58:36 -07:00
Will Hegedus
97dfdcd8fe
feat: support cilium 1.13.1 ( #9914 )
...
Cilium 1.13.1 changed how the cilium-cni binary gets placed in /opt/cni/bin,
so that it takes place in an init container rather than in the main agent.
2023-03-21 12:56:12 -07:00
prashantchitta
a9f52060c9
Fix ciliums hubble relay configuration ( #9876 )
...
* Fix ciliums hubble relay configuration
* Fixed the tls from code review
* Updated to dna_domain instead of hardcoding
2023-03-21 12:50:12 -07:00
tu1h
8cf5fefe84
Add download retries option ( #9911 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-03-21 09:38:12 -07:00
ERIK
fb8631cdf6
fix allow unsupported distribution ( #9904 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-03-21 01:35:09 -07:00
Mohamed Omar Zaian
7859aee735
[kubernetes] Add hashes for 1.26.3, 1.25.8, 1.24.12 ( #9900 )
2023-03-21 01:31:08 -07:00
蒋航
83c3ce7f8f
Add Retry for Checking calico exists ( #9883 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2023-03-20 21:51:06 -07:00
Kay Yan
309aaee427
fix-cilium-error ( #9902 )
2023-03-20 02:41:17 -07:00
Mohamed Omar Zaian
349c8901f8
[containerd] add hashes for 1.7.0 ( #9892 )
2023-03-14 21:48:14 -07:00
Samuel Liu
df9aba6298
fix typo word
2023-03-14 15:49:22 +01:00
biqiang Wu
2ae3ea9ee3
Modified the default value of cilium IPAM and added the support for related parameters ( #9443 )
...
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
2023-03-13 17:45:10 -07:00
蒋航
99115ad04b
Fix Get current calico version ( #9873 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2023-03-10 05:48:40 -08:00
ERIK
7747ff2572
Fix uniontech os installation failure ( #9862 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-03-09 22:00:39 -08:00
Marijn van der Giesen
eb4bd36f73
fix(kubernetes): Also apply kubeadm patches during upgrade ( #9781 )
2023-03-09 13:50:30 -08:00
panguicai
2d20f0c024
fix cri-o arm64 v1.26.0 wrong archive checksum ( #9872 )
...
Signed-off-by: panguicai008 <guicai.pan@daocloud.io>
2023-03-09 13:32:31 -08:00
Cyclinder
b0793df293
bump calico to v3.25.0 ( #9860 )
...
Signed-off-by: cyclinder qifeng.guo@daocloud.io
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2023-03-09 00:02:02 -08:00
Jack
1ca50f3eea
Update check calico version command ( #9861 )
2023-03-08 00:31:12 -08:00
Arthur Outhenin-Chalandre
82f68ca395
calico: cilium: use localhost lb by default on kube-proxy replacement ( #9718 )
...
This commit removes the variable `use_localhost_as_kubeapi_loadbalancer`
and rather detects that we are in a situation where we can use the
localhost apiserver loadbalancer (meaning that we use the localhost load
balancer and that the same ports are used for both the load balancer and
the kube-apiserver).
This also cleanups the calico code to use `kube_apiserver_global_endpoint`
rather than implementing the same logic all over again.
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-03-07 04:28:36 -08:00
panguicai
3a675393dc
upgrade rancher local-path-provisioner to v0.0.23 ( #9855 )
...
Signed-off-by: panguicai008 <1121906548@qq.com>
2023-03-06 16:54:17 -08:00
Jack
9c41769dab
Update nodes in etc hosts after cluster scale ( #9837 )
2023-03-06 16:18:18 -08:00
Mohamed Zaian
dba29db58d
[helm] upgrade to 3.11.1 ( #9849 )
2023-03-06 15:56:17 -08:00
Arthur Outhenin-Chalandre
9e2104c7d3
node: fix default kubelet/runtime cgroups when kube_reserved is false ( #9834 )
...
* node: fix default kubelet/runtime cgroups when kube_reserved is false (default)
Commit 1c4db6132d
introduced a notion of
kube_reserved. This introduced a breaking change defaulting to use
kube.slice for the container_manager and the kubelet as if kube_reserved
was always enabled whereas it is disabled by default.
This commit fixes this by bringing back system.slice whenever
kube_reserved is disabled.
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
* inventory/sample: change false for kube_reserved as its the default
Changing the commented value in sample inventory to the actual default
value.
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
---------
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-03-05 18:48:58 -08:00
DRAGON2002
1d9502e01d
update args ( #9856 )
...
Signed-off-by: Anant Vijay <anantvijay3@gmail.com>
2023-03-05 18:38:57 -08:00
panguicai
c710c93c02
upgrade kubevip to v0.5.11 ( #9852 )
...
Signed-off-by: panguicai008 <1121906548@qq.com>
2023-03-05 17:54:57 -08:00
DRAGON2002
13c793fd0d
add flag ( #9827 )
...
Signed-off-by: Anant Vijay <anantvijay3@gmail.com>
2023-03-05 17:50:57 -08:00
panguicai
1555d78155
upgrade argocd to v2.6.3 ( #9848 )
...
Signed-off-by: panguicai008 <1121906548@qq.com>
2023-03-03 06:44:58 -08:00
Maxime Leroy
fd8260b930
fix(upgrade-cluster): retry other masters upgrade ( #9768 )
...
Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
2023-03-03 05:44:58 -08:00
Arthur Outhenin-Chalandre
6769bb32b1
Network plugin custom ( #9819 )
...
* network_plugin/custom_cni: add CNI to apply provided manifests
Add a new simple custom_cni to install provided Kubernetes manifests.
This could be useful to use manifests directly provided by a CNI when
there are not support by Kubespray (i.e.: helm chart or any other manifests
generation method).
Co-authored-by: James Landrein <james.landrein@proton.ch>
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
* network_plugin/custom_cni: add test with cilium
Co-authored-by: James Landrein <james.landrein@proton.ch>
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
---------
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
Co-authored-by: James Landrein <james.landrein@proton.ch>
2023-03-03 00:23:08 -08:00
Victor Morales
677b7ecd89
Drop crun_bin_dir unused var ( #9845 )
...
crun_bin_dir was used to specify the destination of the crun binary during the
download process. This path must match with the value provided in the CRI-O
configuration file. So changing its value to bin_dir helps to mismatch errors.
Signed-off-by: Victor Morales <chipahuac@hotmail.com>
2023-03-02 18:30:57 -08:00
Jiffs Maverick
501deecdd0
Downgrade version of coredns to 1.8.6 for compatibility with 1.23-1.24 ( #9846 )
2023-03-02 17:56:57 -08:00
Mohamed Zaian
8b3f3c04cc
[kubernetes] Add hashes for 1.26.2, 1.25.7, 1.24.11 ( #9829 )
2023-03-01 15:31:17 -08:00
Mohamed Zaian
ecd649846a
[containerd] add hashes for 1.6.19 ( #9838 )
2023-02-28 15:35:18 -08:00
Mykola Ulianytskyi (Nikolay Ulyanitsky)
27c2d7e9e2
Replace semicolons by commas in options ( #9840 )
2023-02-28 07:33:16 -08:00
Eugene Artemenko
5cbcec8968
Add resources section to all containers releated to Vsphere CSI driver ( #9687 )
2023-02-27 02:36:20 -08:00
Jack
62f34c6085
add image garbage collection ( #9832 )
2023-02-27 00:26:19 -08:00
Mohamed Zaian
260dad8f10
[ingress-nginx] upgrade to 1.6.4 ( #9818 )
2023-02-23 01:35:34 -08:00
Mohamed Zaian
c950bfface
[containerd] add hashes for 1.5.17, 1.5.18, 1.6.17, 1.6.8 ( #9814 )
2023-02-22 19:13:06 -08:00
JaneLiuL
4aacec4542
fix calico rbac issue ( #9806 )
2023-02-20 01:43:40 -08:00
Karl Fischer
6278b12af6
fixed clinet to client
2023-02-20 10:09:03 +01:00
Maxime Leroy
64e4de371e
fix(kubelet): no cloud config for external cloud provider ( #9793 )
2023-02-20 01:07:40 -08:00
Marijn van der Giesen
ad4958249f
fix(crio): First runc then crictl ( #9780 )
2023-02-19 22:27:38 -08:00
Mathieu Parent
3fd7d91452
Update nodelocaldns to 1.22.18 ( #9800 )
...
Cf. ceb37c3a5c
2023-02-19 22:23:38 -08:00
pli
4ba1df5237
Fix kubernetes-app/argocd: download related things with the download role ( #9786 )
...
* Fix yq install in argocd role: use download_file instead of get_url
* Fix use download_file instead of get_url to download argocd-install manifest in argocd role
* Fix order and add arm64 checksum
* Fix: Failed to template loop_control.label: 'None'
2023-02-19 16:11:37 -08:00
rongfu.leng
145c80e9ab
Fix containerd config_path error when containerd_registries is configed ( #9770 )
...
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
2023-02-16 20:57:39 -08:00
王煎饼
ab0e06eae6
Fix CentOS Extras repo url for Oracle Linux 7 aarch64 ( #9791 )
2023-02-15 17:43:38 -08:00
ERIK
6ff845a199
Enable control plane load balancing for kube-vip ( #9785 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-02-12 19:25:28 -08:00
Samuel BECK
2838a7c304
add proxy_env variable to apt_key cleanup task ( #9766 )
2023-02-09 06:38:22 -08:00
Ho Kim
2788a02096
Fix a bug in removing kubelet data dir ( #9764 )
2023-02-08 19:04:36 -08:00
Denis Kasanic
d81978625c
Update cri-o archive checksum ( #9761 )
...
Signed-off-by: Kasanic, Denis <denisx.kasanic@intel.com>
2023-02-06 06:25:01 -08:00
Bas
2c93c997cf
pre-commit autocorrected files ( #9750 )
2023-02-06 01:35:16 -08:00
Haitian Chen
10337f2fcb
skip ensuring ntp packages in coreos ( #9742 )
...
Check OS when ensuring NTP package and tzdata package.
2023-02-06 01:35:04 -08:00
manzsolutions-lpr
6c41191646
Add support for PodSecurityStandards ( #9713 )
2023-02-06 01:27:01 -08:00
Chauncey
7730cfd619
fix: add ipamconfigs resource for calico ( #9755 )
...
Signed-off-by: chaunceyjiang <chaunceyjiang@gmail.com>
2023-02-05 15:50:30 -08:00
Kevin Huang
1853085ffe
feat(cinder-csi): Allow deletionPolicy to be configurable ( #9736 )
2023-02-02 15:46:28 -08:00
stelucz
9247137e60
Replace label `k8s-app: nodelocaldns` in DaemonSet template by `k8s-app: node-local-dns` ( #9745 )
2023-02-02 15:42:28 -08:00
杨刚 (成都)
e8f048c71d
[argocd] update argocd to v2.5.10 ( #9753 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-02-02 15:38:29 -08:00
rongfu.leng
0707c8ea6f
fix: with_item to with_dict ( #9729 )
...
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
2023-01-31 03:18:50 -08:00
James
36c6de9abd
Fix cilium's hubble ui configuration ( #9735 )
...
This fixes the CrashLoopBackoff error that appears because envoy
configuration has changed a lot and upstream removed the envoy proxy to
use nginx only instead. Those changes are based on upstream cilium helm.
2023-01-31 00:28:48 -08:00
蒋航
c5debf013c
Update kubevip to v0.5.8 ( #9734 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2023-01-31 00:24:55 -08:00
Kay Yan
f9cc8ae10c
[kubernetes] Make kubernetes v1.26 default ( #9732 )
...
* make-kube-1.26-default
* fix-bugs
2023-01-31 00:24:48 -08:00
杨刚 (成都)
94dd02121b
Update containerd version : containerd1.6.16. ( #9727 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-31 00:16:48 -08:00
杨刚 (成都)
b9a34b83d4
[argocd] update argocd to v2.5.9 ( #9723 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-28 19:14:33 -08:00
杨刚
8d6cfd6e53
[argocd] update argocd to v2.5.8 ( #9708 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-27 00:14:25 -08:00
ERIK
ee2193d4cf
Add dns configuration for cert manager ( #9673 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-01-23 17:42:15 -08:00
Tristan
5fbbcedebc
9693: Fix comma-separated-list splitting of kubelet_enforce_node_allocatable ( #9694 )
...
See https://github.com/kubernetes-sigs/kubespray/issues/9693
2023-01-23 16:20:17 -08:00
Florian Ruynat
18f2abad2f
Cleanup v1.23.x missing references/conditions/hashes ( #9698 )
2023-01-23 16:16:16 -08:00
Mohamed Zaian
391dd97f95
[kubernetes] support 1.26.x ( #9570 )
2023-01-23 00:10:11 -08:00
Florian Ruynat
34d0451585
Update KUBESPRAY_VERSION and kube_version_min_required (with hashes cleanup) ( #9691 )
2023-01-20 14:11:54 -08:00
Arthur Outhenin-Chalandre
c4346e590f
kubeadm/etcd: use config to download certificate ( #9609 )
...
This commit uses a kubeadm join config to pull down cert for etcd in
workers nodes (which is needed in some circumstances, for instance with
calico or cilium).
The previous way didn't allow us to pass certain parameters which was
typically given in the config in other kubeadm invokations in Kubespray.
This made kubeadm produced some errors for some edge cases.
For example, in our deployment we don't have a default route and even
though it's only to download the certificates, kubeadm produce an error
`unable to select an IP from default routes` (these command are kubeadm
controlplane command, so kubeadm does some additional checks). This is
fixed by specifying `advertiseAddress` within the kubeadm config.
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-01-20 00:26:16 -08:00
Florian Ruynat
bd81c615c3
Add k8s 1.24.10 hashes ( #9688 )
2023-01-19 14:46:15 -08:00
Mohamed Zaian
3d9fd082ff
[containerd] add hashes for 1.5.x ( #9678 )
2023-01-19 07:36:38 -08:00
yanggang
826282fe89
Add k8s hashes for k8s version. ( #9685 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-19 05:30:35 -08:00
MatthieuFin
374438a3d6
feat(calico): add possibility to enable calico floatingIPs feature ( #9680 )
...
Add a variable `calico_felix_floatingIPs` which permit to enable calico feature `floatingIPs`
(disabled per default).
Signed-off-by: MatthieuFin <matthieu2717@gmail.com>
#9679
2023-01-18 15:42:34 -08:00
yanggang
fd80ef1ff1
[argocd] update argocd to v2.5.7 ( #9682 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-18 15:38:34 -08:00
Mohamed Zaian
235173bb5f
[flannel] update to v0.20.2 & make it default ( #9675 )
2023-01-18 15:26:34 -08:00
Cyclinder
db94812163
bump cni-plugins to v1.2.0 ( #9671 )
...
Signed-off-by: cyclinder qifeng.guo@daocloud.io
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2023-01-17 00:12:32 -08:00
Arthur Outhenin-Chalandre
4a6eb7eaa2
enable back kubelet_authorization_mode_webhook by default ( #9662 )
...
In 6db6c8678c
, this was disabled becaue
kubesrpay gave too much permissions that were not needed. This commit
re-enable back this option by default and also removes the extra
permissions that kubespray gave that were in fact not needed.
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-01-16 23:56:32 -08:00
rongfu.leng
8a03bb1bb4
add containerd config_path ( #9566 )
...
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
2023-01-16 23:42:32 -08:00
Vitaly Yakovenko
d919c58e21
[multus] added support for mixed type of container engine ( #9224 )
...
* [multus] added support for mixed type of container engine
* [multus] fixed for using with cluster/upgrade-cluster/scale playbooks
2023-01-16 23:30:33 -08:00
Mohamed Zaian
19bc610f44
Update pause image version to v3.8 ( #9668 )
...
Signed-off-by: Mohamed Zaian <mohamedzaian@gmail.com>
Signed-off-by: Mohamed Zaian <mohamedzaian@gmail.com>
2023-01-16 15:30:10 -08:00
Mohamed Zaian
c7cffb14a7
[cert-manager] update cert-manager to v1.11.0 ( #9661 )
2023-01-16 02:36:51 -08:00
Jochen Friedrich
6f61f3d9cb
Support OVN Interconnect ( #9599 )
...
Mostly taken from: https://raw.githubusercontent.com/kubeovn/kube-ovn/master/yamls/ovn-ic.yaml.j2
2023-01-16 00:08:52 -08:00
yanggang
6b4bb2a121
[argocd] update argocd to v2.5.6 ( #9654 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-15 21:16:50 -08:00
ERIK
e288449c5d
Update cri-dockerd version ( #9659 )
...
* Skip retry operation with containerd when etcd installed on host VM (#9560 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
* Update cri-dockerd version
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Co-authored-by: Eugene Artemenko <artemenko.evgeniy@gmail.com>
2023-01-15 21:12:51 -08:00
László Rafael
ea35021c96
Add defaults for external_vsphere_user and external_vsphere_password in the vsphere csi_driver ( #9664 )
2023-01-14 14:24:14 -08:00
Eugene Artemenko
6f1352eb53
Skip retry operation with containerd when etcd installed on host VM ( #9560 )
2023-01-10 15:53:20 -08:00
yanggang
6549bb12fc
follow containerd1 1.16.15 ( #9644 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-08 17:59:28 -08:00
Kay Yan
843e908fa4
update-calico-VXLAN-docs ( #9639 )
2023-01-06 00:00:00 -08:00
R. P. Taylor
0ff883afeb
streamline ansible_default_ipv4 gathering loop ( #9281 )
2023-01-05 11:59:58 -08:00
Marijn van der Giesen
0d5bcd3e20
feat(coredns): Forward extra domains to coredns kubernetes plugin ( #9635 )
2023-01-05 06:57:58 -08:00