Commit Graph

689 Commits (5c25b579896be6d904f87c7aba8887f4f57e95fc)

Author SHA1 Message Date
emiran-orange 5c25b57989
Ability to define options for DNS upstream servers (#9311)
* Ability to define options for DNS upstream servers

* Doc and sample inventory vars
2022-11-08 06:44:25 -08:00
Olivier Lemasle 5d1fe64bc8
Update local-volume-provisioner (#9463)
- Update and re-work the documentation:
  - Update links
  - Fix formatting (especially for lists)
  - Remove documentation about `useAlphaApi`,
    a flag only for k8s versions < v1.10
  - Attempt to clarify the doc
- Update to version 1.5.0
- Remove PodSecurityPolicy (deprecated in k8s v1.21+)
- Update ClusterRole following upstream
  (cf https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner/pull/292)
- Add nodeSelector to DaemonSet (following upstream)
2022-11-07 15:28:17 -08:00
lijin-union c272421910
Add UOS linux support (#9432) 2022-10-30 17:16:43 -07:00
biqiang Wu c681435432
Add switch cilium_enable_bandwidth_manager (#9441)
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>

Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
2022-10-28 03:08:31 -07:00
William Turner eeb376460d
Fix inconsistent handling of admission plugin list (#9407)
* Fix inconsistent handling of admission plugin list

* Adjust hardening doc with the normalized admission plugin list

* Add pre-check for admission plugins format change

* Ignore checking admission plugins value when variable is not defined
2022-10-26 00:28:37 -07:00
杨刚 a84271aa7e
etcd arch can support arm64 and amd64 (#9421) 2022-10-23 20:28:24 -07:00
Kay Yan 1cc0f3c8c9 mirror-for-china 2022-10-18 09:17:42 +02:00
Kay Yan e3339fe3d8
update_calico_doc_for_the_ChecksumOffloadBroken (#9388) 2022-10-13 01:13:00 -07:00
Kenichi Omichi 63b27ea067
Fix YAML format in hardening.md (#9387)
When trying to add a hardening CI job by copying configuration from
hardening.md, yamllint CI job deleted invalid format.
This fixes it for maintaining the CI job.
2022-10-12 23:49:01 -07:00
Kenichi Omichi 24632ae81b
Add check_typo job (#9361)
To block merging pull requests which contain typo automatically.
2022-10-07 02:21:53 -07:00
Kenichi Omichi f8d5487f8e
Remove versions from setting-up-your-first-cluster (#9353)
We are maintaining version info on the README.md, and it is not
necessary to maintain that on setting-up-your-first-cluster.md
2022-09-30 06:02:29 -07:00
Ho Kim 18efdc2c51
Fix typos in calico (#9327) 2022-09-26 00:11:44 -07:00
Kevin Huang fa093ee609
feat(docs/openstack.md): Put Additional step needed when using calico or kube-router in own section (#9320) 2022-09-24 13:00:04 -07:00
Florian Ruynat 4ad67acedd
Move back vsphere csi to kube-system ns (#9312) 2022-09-23 10:46:26 -07:00
Ilya Margolin 726711513f
[containerd] Allow configuring base_runtime_spec per containerd runtime (#9302)
and supply a default runtime spec.
2022-09-23 10:38:27 -07:00
Emin AKTAS 9468642269
feat: allows users to have more control on DNS (#9270)
Signed-off-by: eminaktas <eminaktas34@gmail.com>

Signed-off-by: eminaktas <eminaktas34@gmail.com>
2022-09-23 10:28:26 -07:00
Necatican Yıldırım 7da3dbcb39
Cilium 1.12 Upgrade (#9225)
* Drop support for Cilium < 1.10

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Synchronize Cilium templates for 1.11.7

Signed-off-by: necatican <contact@necatican.com>

* Set Cilium v1.12.1 as the default version

Signed-off-by: necatican <contact@necatican.com>

Signed-off-by: necatican <necaticanyildirim@gmail.com>
Signed-off-by: necatican <contact@necatican.com>
2022-09-19 02:14:31 -07:00
Mahdi Abbasi 023b16349e
Add variable for the vsphere-csi namespace (#9278) 2022-09-15 02:01:23 -07:00
lijin-union c4976437a8
Fix typos in docs (#9276) 2022-09-15 00:09:22 -07:00
Kay Yan 97ca2f3c78
add-timezone-support (#9263) 2022-09-14 21:11:22 -07:00
Ho Kim 952cad8d63
Remove mutual exclusivity in calico: NAT and router mode (#9255)
* Add optional NAT support in calico router mode

* Add a blank line in front of lists

* Remove mutual exclusivity: NAT and router mode

* Ignore router mode from NAT

* Update calico doc
2022-09-13 00:19:07 -07:00
Kay Yan e2f1f8d69d
add-Rocky-9-support (#9212) 2022-09-04 16:54:36 -07:00
Michael Schmitz be2bfd867c
Add Support for Rewrite Plugin to CoreDNS/NodelocalDNS (#9245) 2022-09-03 16:16:35 -07:00
Cristian Calin 6db6c8678c
disable kubelet_authorization_mode_webhook by default (#9238) 2022-08-31 04:53:00 -07:00
Alessio Greggi acb6f243fd
feat: add kubelet systemd service hardening option (#9194)
* feat: add kubelet systemd service hardening option

* refactor: move variable name to kubelet_secure_addresses

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* docs: add diagram about kubelet_secure_addresses variable

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2022-08-30 11:18:55 -07:00
lijin-union 8af86e4c1e Fix typo. 2022-08-30 11:30:57 +02:00
Kay Yan b46ddf35fc
kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod (#9223)
* fix-kube-vip-strict-arp

* fix-kube-vip-strict-arp
2022-08-30 00:21:02 -07:00
Cristian Calin e6976a54e1
add pre-commit hook to facilitate local testing (#9158)
* add pre-commit hook configuration

* add tmp.md to .gitignore

* describe the use of pre-commit hook in CONTRIBUTING.md

* fix docs/integration.md errors identified by markdownlint

* fix docs/<file>.md errors identified by markdownlint

* docs/azure-csi.md
* docs/azure.md
* docs/bootstrap-os.md
* docs/calico.md
* docs/debian.md
* docs/fcos.md
* docs/vagrant.md
* docs/gcp-lb.md
* docs/kubernetes-apps/registry.md
* docs/setting-up-your-first-cluster.md
* docs/vagrant.md
* docs/vars.md

* fix contrib/<file>.md errors identified by markdownlint
2022-08-24 06:54:03 -07:00
Bishal das aeeae76750
Update vars.md (#9172) 2022-08-22 23:31:24 -07:00
Shelming.Song 30b062fd43
fix one bug in docs/nodes (#9203) 2022-08-22 23:17:23 -07:00
Bishal das fddff783c8
Update vsphere-csi.md (#9170) 2022-08-22 07:13:43 -07:00
Tristan bbd1161147
9035: Make Cilium rolling-restart delay/timeout configurable (#9176)
See #9035
2022-08-22 02:37:44 -07:00
Ho Kim e31890806c
Add 'avoid-buggy-ips' support of MetalLB (#9166) 2022-08-18 21:49:51 -07:00
Tomas Zvala 30c77ea4c1
Add the option to enable default Pod Security Configuration (#9017)
* Add the option to enable default Pod Security Configuration

Enable Pod Security in all namespaces by default with the option to
exempt some namespaces. Without the change only namespaces explicitly
configured will receive the admission plugin treatment.

* Fix the PR according to code review comments

* Revert the latest changes

- leave the empty file when kube_pod_security_use_default, but add comment explaining the empty file
- don't attempt magic at conditionally adding PodSecurity to kube_apiserver_admission_plugins_needs_configuration
2022-08-18 01:16:36 -07:00
maxgio92 68653c31c0
docs(kube-vip): fix broken links (#9165)
Signed-off-by: Massimiliano Giovagnoli <me@maxgio.it>

Signed-off-by: Massimiliano Giovagnoli <me@maxgio.it>
2022-08-18 00:56:55 -07:00
Samuel Liu b36bb9115a
[calico] calico rr supports multiple groups (#9134)
* update calico rr

* fix bgppeer conf

* fix yamllint

* fix ansible lint

* fix calico deploy

* fix yamllint

* fix some typo
2022-08-18 00:52:37 -07:00
ERIK 47050003a0
Add docker support for Kylin V10 (#9144)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-08-03 15:03:46 -07:00
Florian Ruynat 4df6e35270 Move oracle7-canal to centos7-canal 2022-08-02 16:55:52 -07:00
ERIK f2f9f1d377
Add kylin OS support (#9078)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-08-01 10:44:29 -07:00
Florian Ruynat 9c51ac5157 Switch fedora36se to 35 and 35docker to 36 2022-07-21 23:03:38 -07:00
Florian Ruynat 07eab539a6 Add Fedora 36 support and CI, remove Fedora 34 (eol) 2022-07-21 23:03:38 -07:00
Alessio Greggi 3ce5458f32
hardening: Add `SeccompDefault` admission plugin for kubelet (#9074)
* docs(hardening): add SeccompDefault admission plugin to kubelet feature gates

* fix(kubelet-config): enable config through kubelet_feature_gates

* feat(kubelet): add kubelet_seccomp_default variable
2022-07-19 00:50:07 -07:00
Kenichi Omichi f3ea8cf45e
Add Rocky Linux 8 support for vagrant (#8905)
To test Kubespray on Rocky Linux 8 with vagrant, this adds it to
the Vagrantfile.
2022-07-05 07:50:47 -07:00
Kay Yan 4b03f6c20f
add-managed-ntp-support (#9027) 2022-06-28 13:15:34 -07:00
boeto d0a2ba37e8
update deprecated syntax (#9040)
* `ansible.builtin.include` removed in version 2.16

Read the `ansible.builtin.include DEPRECATED` doc:

 https://docs.ansible.com/ansible/latest/collections/ansible/builtin/include_module.html#deprecated

* Update integration.md
2022-06-28 13:11:34 -07:00
rptaylor 6f82cf12f5
let containerd_default_runtime be undefined by default (#9026) 2022-06-27 10:56:59 -07:00
Calin Cristian Andrei a22ae6143a [CI] ensure upgrade tests cover defaults (containerd currently) 2022-06-17 08:00:32 -07:00
Alessio Greggi 97b4d79ed5
feat: make kubernetes owner parametrized (#8952)
* feat: make kubernetes owner parametrized

* docs: update hardening guide with configuration for CIS 1.1.19

* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
2022-06-17 01:34:32 -07:00
Kay Yan 890fad389d
suggest-to-use-nft-in-centos8 (#8987) 2022-06-17 01:30:32 -07:00
Calin Cristian Andrei 24c8ba832a [kubernetes] drop support for configuring insecure apiserver 2022-06-15 00:57:20 -07:00