kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,016 Commits
29 Branches
81 Tags
158 MiB
Commit Graph

4696 Commits (677b7ecd896b5b7943e7c5cd19f59c89d4df756d)

Author SHA1 Message Date
Mohamed Zaian c036a7d871
Disable 'Check that IP range is enough for the nodes' when calico is used (#9491) 2022-12-08 10:44:23 -08:00
yanggang 6e63f3d2b4
follow containerd1.16.12 (#9551) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-12-08 07:36:24 -08:00
yanggang 09748e80e9
support containerd 1.6.11 (#9544) 2022-12-06 19:08:37 -08:00
Ugur Can Ozturk a0f41bf82a
[metrics_server]: Enabled HA mode by adding 'metrics_server_replicas'… (#9539) 
* [metrics_server]: Enabled HA mode by adding 'metrics_server_replicas' variable and adding podAntiAffinity rule

Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>

* [metrics_server]: added namespaces selector

Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>

Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>
 2022-12-06 18:22:38 -08:00
Douglas Landgraf 1a0b81ac64
reset: RedHat based distro with major version >=8 (#9537) 
During the reset, restart network was not completing in distros
like RHEL/CentOS/AlmaLinux with major version higher than 8.

Example:
kubespray> ansible-playbook -i inventory/mydomain/hosts.yml reset.yml -b -v
fatal: [mynode]: FAILED! => {"changed": false, "msg": "Could not find the requested service network: host"}

Signed-off-by: Douglas Schilling Landgraf <dlandgra@redhat.com>

Signed-off-by: Douglas Schilling Landgraf <dlandgra@redhat.com>
 2022-12-05 08:57:03 -08:00
ERIK 20d99886ca
Update etcd log-level parameter name (#9540) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-12-05 01:05:03 -08:00
Kay Yan b9fe301036
add-check-for-resolv-to-avoid-coredns-crash (#9502) 2022-12-01 22:37:54 -08:00
Kay Yan 30508502d3
update-nginx-version (#9506) 2022-12-01 21:51:55 -08:00
Mohamed Zaian bca601d377
[ingress-nginx] upgrade to 1.5.1 (#9532) 2022-12-01 21:45:54 -08:00
Mohamed Zaian 65191375b8
[etcd] make etcd 3.5.6 default (#9520) 2022-12-01 14:41:53 -08:00
ERIK a534eb45ce
Update calico image tag (#9529) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-12-01 03:18:27 -08:00
tu1h e796f08184
update dashboard image repo to remove arch flag (#9530) 
Signed-off-by: lihai.tu <lihai.tu@daocloud.io>

Signed-off-by: lihai.tu <lihai.tu@daocloud.io>
 2022-12-01 01:42:26 -08:00
Kenichi Omichi ed38d8d3a1
Add ingress-nginx check for updating README (#9533) 
To detect the version mismatch.
 2022-12-01 01:16:27 -08:00
Kay Yan 4db5e663c3
fix-mistake-regex-for-resolv-conf (#9523) 2022-11-30 03:48:56 -08:00
rtsp 529faeea9e
[cert-manager] Upgrade to v1.10.1 (#9512) 2022-11-29 07:17:26 -08:00
ERIK 47510899c7
Update the number of nofile limits in containerd (#9507) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-25 15:12:04 -08:00
蒋航 7c1ee142dd
update envoy image to v1.22.5 (#9513) 
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
 2022-11-23 19:26:05 -08:00
蒋航 25e86c5ca9
Update etcd image tag (#9516) 
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
 2022-11-23 18:22:04 -08:00
ERIK c41dd92007
Clean up cilium-init image (#9508) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-23 09:06:20 -08:00
ERIK a564d89d46
Update the tag of cilium hubble related images (#9509) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-21 20:14:14 -08:00
Kay Yan 6c6a6e85da
update-coredns-version (#9503) 2022-11-18 20:16:29 -08:00
Robin Wallace ed0acd8027
[openstack cloud controller] bump to v1.25.3 (#9500) 2022-11-18 04:26:31 -08:00
ERIK b9a690463d
Add docker support for openEuler linux (#9498) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-17 18:18:30 -08:00
ERIK c3986957c4
Update runsc checksum (#9493) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-16 00:52:48 -08:00
ERIK 8795cf6494
Add support for the OpenEuler Linux (#9494) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-16 00:48:49 -08:00
yanggang 80af8a5e79
upgrade containerd_version to 1.6.10 (#9492) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-11-15 03:58:41 -08:00
Sergey Putko 943107115a
disable Centos Extras repo creation for OL9 (#9483) 
Centos 9 doesn't exists, and Centos 9-stream also doesn't have extras repo.
 2022-11-14 16:28:41 -08:00
Mohamed Zaian f007c77641
[etcd] make etcd 3.5.5 default for k8s 1.23 , 1.24 (#9482) 2022-11-12 03:39:56 -08:00
yanggang 9439487219
Add hashes for 1.25.4, 1.24.8, 1.23.14 and make v1.25.4 default (#9479) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-11-10 20:00:09 -08:00
emiran-orange df6da52195
Enable check mode in DNS Cleanup tasks (#9472) 2022-11-10 19:58:09 -08:00
ERIK 8a654b6955
Add cni bin when installing calico (#9367) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-08 17:46:13 -08:00
Ilya Margolin 5a8cf824f6
[containerd] Simplify limiting number of open files per container (#9319) 
by setting a default runtime spec with a patch for RLIMIT_NOFILE.

- Introduces containerd_base_runtime_spec_rlimit_nofile.
- Generates base_runtime_spec on-the-fly, to use the containerd version
  of the node.
 2022-11-08 06:44:32 -08:00
emiran-orange 5c25b57989
Ability to define options for DNS upstream servers (#9311) 
* Ability to define options for DNS upstream servers

* Doc and sample inventory vars
 2022-11-08 06:44:25 -08:00
Olivier Lemasle 5d1fe64bc8
Update local-volume-provisioner (#9463) 
- Update and re-work the documentation:
  - Update links
  - Fix formatting (especially for lists)
  - Remove documentation about `useAlphaApi`,
    a flag only for k8s versions < v1.10
  - Attempt to clarify the doc
- Update to version 1.5.0
- Remove PodSecurityPolicy (deprecated in k8s v1.21+)
- Update ClusterRole following upstream
  (cf https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner/pull/292)
- Add nodeSelector to DaemonSet (following upstream)
 2022-11-07 15:28:17 -08:00
yanggang 0d6dc08578
upgrade argocd version 2.4.16 (#9467) 2022-11-06 18:04:16 -08:00
ERIK 40261fdf14
Fix iputils install failure in Kylin OS (#9453) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-06 17:54:16 -08:00
Cyclinder 590b4aa240
adjust calico-kube-controller to non-hostnetwork pod (#9465) 
Signed-off-by: cyclinder qifeng.guo@daocloud.io

Signed-off-by: cyclinder qifeng.guo@daocloud.io
 2022-11-06 17:34:17 -08:00
ausias-armesto 2a696ddb34
Adding metrics server to use host network (#9444) 
* Adding metrics server to use host network

* EXternalize value to a variable
 2022-11-06 02:38:15 -08:00
lijin-union d7f08d1b0c
remove the set_fact action which raise error in the CI (#9462) 2022-11-03 04:43:38 -07:00
Jiffs Maverick 4aa1ef28ea
Don't use coredns_server in dhclient.conf if nodelocaldns is enabled (#9392) 2022-11-03 02:45:36 -07:00
Fred Rolland 58faef6ff6
Flannel: fix init container image arch (#9461) 
The install-cni-plugin image was not updated to the corresponding
arch when building the different DS.

Fixes issue #9460

Signed-off-by: Fred Rolland <frolland@nvidia.com>

Signed-off-by: Fred Rolland <frolland@nvidia.com>
 2022-11-03 02:41:36 -07:00
yanggang ce751cb89d
add variable condition snapshot in vSphere CSI (#9429) 2022-11-02 00:22:46 -07:00
cleverhu 5cf2883444
add retry for start calico kube controller (#9450) 
Signed-off-by: cleverhu <shouping.hu@daocloud.io>

Signed-off-by: cleverhu <shouping.hu@daocloud.io>
 2022-11-02 00:18:45 -07:00
charlychiu 6bff338bad
fix: hubble relay tls error (#9457) 2022-11-02 00:14:46 -07:00
William Turner 1f54cef71c
Add variable to set direct routing on flannel VXLAN (#9438) 2022-10-31 13:16:45 -07:00
yanggang d00508105b
Removed PodSecurityPolicy from ingress-nginx (#9448) 2022-10-30 20:08:44 -07:00
lijin-union c272421910
Add UOS linux support (#9432) 2022-10-30 17:16:43 -07:00
biqiang Wu 78624c5bcb
When using cilium CNI, install Cilium CLI (#9436) 
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>

Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
 2022-10-30 17:02:45 -07:00
biqiang Wu c681435432
Add switch cilium_enable_bandwidth_manager (#9441) 
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>

Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
 2022-10-28 03:08:31 -07:00
杨刚 4d3f637684
Remove PodSecurityPolicies in Metallb for kubernetes 1.25 (#9442) 2022-10-27 21:46:30 -07:00
蒋航 990f87acc8
Update kube-vip to v0.5.5 (#9437) 
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
 2022-10-26 19:28:32 -07:00
William Turner eeb376460d
Fix inconsistent handling of admission plugin list (#9407) 
* Fix inconsistent handling of admission plugin list

* Adjust hardening doc with the normalized admission plugin list

* Add pre-check for admission plugins format change

* Ignore checking admission plugins value when variable is not defined
 2022-10-26 00:28:37 -07:00
Kay Yan ef707b3461
update-containerd-1.6.9 (#9427) 2022-10-25 16:34:37 -07:00
Mohamed Zaian 2af918132e
Update kubernetes dashboard to 2.7.0 (k8s 1.25 support) (#9425) 2022-10-24 18:32:36 -07:00
Mohamed Zaian b9b654714e
[nerdctl] upgrade to version 1.0.0 (#9424) 2022-10-24 18:28:35 -07:00
Mohamed Zaian fe399e0e0c
[etcd] add 3.5.5 hashes, make it default for k8s 1.25 (#9419) 2022-10-24 00:06:26 -07:00
杨刚 b192053e28
as argocd 2.4.15 is releasesd , update the version (#9420) 2022-10-23 20:34:24 -07:00
Wouter Goedhart 1901b512d2
Make the port of kube-vip dynamic based on the kube_apiserver_port (#9414) 
variable

Fix wrong referenced variable on bgp_peers

Fix bgp_peeras field to be a string

Set default value for bgp_peeras
 2022-10-23 18:00:24 -07:00
ERIK 9fdda7eca8
Fix iputils install failure in Kylin OS (#9416) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-10-21 04:53:51 -07:00
ERIK a68ed897f0
Update kubelet checksum (#9413) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-10-21 04:21:50 -07:00
Florian Ruynat 582ff96d19
Update docker version to 20.10.20 (#9410) 2022-10-20 18:45:15 -07:00
Kenichi Omichi 0374a55eb3
Specify securityContext for cert-manager (#9404) 
On hardening environments, cert-manager pods could not be created
from the corresponding deployments. This adds the securityContext
to solve the issue.
 2022-10-20 00:57:08 -07:00
Kay Yan ccbe38f78c
make-kube-1.25-default (#9364) 2022-10-20 00:56:57 -07:00
Vladimir 958840da89
Add var for control initialDelaySeconds in nginx ingress probe (#9405) 
Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>

Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>
 2022-10-19 21:20:56 -07:00
Cristian Calin 1530411218
use cri-o from upstream instead of kubic/OBS (#9374) 
* [cri-o] use cri-o from upstream instead of kubic/OBS

* [cri-o] add proper molecule coverage

* [skopeo] download skopeo from upstream build

* [cri-o] clean up legacy deployments

* disable cri-o per-distribution variables
 2022-10-19 05:47:05 -07:00
Mohamed Zaian 0f44e8c812
[ingress-nginx] upgrade to 1.4.0 (#9403) 2022-10-18 16:53:00 -07:00
Maxime Leroy d9c39c274e
fix(defaults): wrong cri_socket path for containerd (#9401) 2022-10-18 00:15:18 -07:00
Kenichi Omichi c38fb866b7
Update securityContext of netchecker (#9398) 
To run netchecker with necessary privilege,
this updates the securityContext.
 2022-10-17 19:11:18 -07:00
Mohamed Zaian 5ad1d9db5e
[kubernetes] Add hashes for 1.25.3, 1.24.7, 1.23.13 and make v1.24.7 default (#9397) 2022-10-17 05:59:07 -07:00
Kay Yan 32f3d92d6b
Remove PodSecurityPolicies in Calico (#9395) 2022-10-17 05:51:07 -07:00
Cristian Calin 23716b0eff
don't define kubeadm_patches by default (#9372) 2022-10-14 01:20:46 -07:00
Kay Yan 859df84b45
remove-psp-in-flannel (#9365) 2022-10-14 00:16:47 -07:00
Kay Yan 131bd933a6
Fix ensure ping package error in fedora CoreOS & Flatcar (#9370) 
* fix-ensure-package-in-coreos

* clean blank line
 2022-10-13 16:54:46 -07:00
Unai Arríen 52904ee6ad
Avoid MetalLB speaker image download when MetalLB speaker is disabled (#9248) 
* Avoid MetalLB speaker image download when metallb_speaker_enabled is set to

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Improve metallb_speaker_enabled default values
 2022-10-13 16:50:47 -07:00
ghostloda 547ef747da
fix helm install with password authentication (#9343) 2022-10-12 23:55:01 -07:00
ERIK bc5881b70a
Add the cilium hubble images to download role (#9376) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-10-12 23:45:00 -07:00
Kenichi Omichi f4b95d42a6
Add note for containerd oom_score (#9384) 
When we saw 0 as the default value of containerd_oom_score, we had
a question why the value was not -999.
This adds the note to explain it.
 2022-10-11 21:49:00 -07:00
Unai Arríen ef76a578a4
Change dns upstream condition for nodelocaldns (#9378) 2022-10-11 00:47:02 -07:00
Piotr Kowalczyk 3b99d24ceb
Fix: install calico-kube-controller on kdd (#9358) 
* Fix: install policy controller on kdd too

* Remove the calico_policy_version condition altogether

* Install policy controller both on canal and calico under same condition
 2022-10-10 19:45:01 -07:00
Kay Yan 4701abff4c
upgrade-api-version-for-PodDisruptionBudget (#9369) 2022-10-10 17:51:02 -07:00
Joe Siponen 717b8daafe
Download coredns image to all hosts in k8s_cluster (#9316) 
Coredns image must be available everywhere as it
may be rescheduled to a non-control-plane-node.
 2022-10-08 05:03:19 -07:00
Kevin Huang c346e46022
fix(cinder-csi-nodeplugin): Remove the pods-cloud-data volume (#9362) 2022-10-08 01:23:19 -07:00
Kenichi Omichi 24632ae81b
Add check_typo job (#9361) 
To block merging pull requests which contain typo automatically.
 2022-10-07 02:21:53 -07:00
JSpon befde271eb
Use hostname override in post-remove role, just as pre-remove role does (#9360) 2022-10-06 15:03:52 -07:00
Huang Chen-Yi d689f57c94
Features/support kubeadm patches v1beta3 (#9326) 
* Support kubeadm patches in v1beta3

* Update kubeadm patches sample files in inventory

* Fix pre-commit syntax

* Set kubeadm_patches  enabled to false in sample inventory
 2022-10-06 00:39:52 -07:00
William Turner ad3f503c0c
Fix default value for kubelet_secure_addresses (#9355) 2022-10-06 00:35:51 -07:00
Eugene Artemenko 8b9cd3959a
Add possibility to skip adding load balancer name in the hosts file (#9331) 2022-10-04 06:26:16 -07:00
Emin AKTAS dffeab320e
feat: add a paramater to disable host nameservers (#9357) 
Signed-off-by: eminaktas <eminaktas34@gmail.com>

Signed-off-by: eminaktas <eminaktas34@gmail.com>
 2022-10-04 06:22:17 -07:00
Kay Yan 999586a110
sysctl_additional (#9351) 2022-10-02 23:06:14 -07:00
Kay Yan 44115d7d7a
support-kube-1.25 (#9260) 
Co-authored-by: Rene Luria <rene.luria@infomaniak.com>
 2022-09-29 23:34:30 -07:00
Florian Ruynat 841e2f44c0
Remove references to 1.22 (#9342) 2022-09-28 14:10:29 -07:00
Hugo Blom a8e4984cf7
Add missing permissions to openstack cc (#9335) 
Add missing permissions to Openstack cloud controller to make sure controller runs as intended
 2022-09-27 22:19:35 -07:00
Rene Luria 3646dc0bd2
fix: remove trailing backslash and yaml indent (#9339) 
* fix: remove trailing backslash

* fixed indent in cilium config template
 2022-09-27 19:45:35 -07:00
biqiang Wu 31caab5f92
Fix: The Hubble certificate is faulty because the cluster name is hard coded (#9340) 
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>

Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
 2022-09-27 05:57:52 -07:00
ERIK 472996c8b3
update pause image version (#9337) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-09-27 00:49:52 -07:00
Shelming.Song d62c67a5f5
allow user to set env: FELIX_MTUIFACEPATTERN in calico-node.yml (#9330) 2022-09-26 21:57:45 -07:00
Federico Cucinella e486151aea
cloud-provider-openstack: upgrade 1.22.0 to 1.23.4 (#9332) 2022-09-26 17:35:46 -07:00
Ho Kim 18efdc2c51
Fix typos in calico (#9327) 2022-09-26 00:11:44 -07:00
Zhong Jianxin 6dff39344b
preinstall: Add nodelocaldns to supersede_nameserver if enabled (#9282) 
When a machine that use dhclient and resolvconf reboots, this will make /etc/resolv.conf
remain close to the one before reboot
 2022-09-25 20:19:44 -07:00
Robin Wallace c4de3df492
upcloud csi driver: bump version to v0.3.3 (#9317) 2022-09-24 13:18:04 -07:00
Ilya Margolin f2e11f088b
Hotfix containerd restart (#9322) 2022-09-24 13:14:04 -07:00
Victor Morales 782f0511b9
Define ostree variable for runc (#9321) 
The ostree variable is not defined previously raising an error when
the runtime tries to read it.
 2022-09-24 13:00:11 -07:00
Florian Ruynat 4ad67acedd
Move back vsphere csi to kube-system ns (#9312) 2022-09-23 10:46:26 -07:00
Kei Kori 467dc19cbd
support removing options in resolvconf with tab separator (#9304) 2022-09-23 10:42:27 -07:00
Ilya Margolin 726711513f
[containerd] Allow configuring base_runtime_spec per containerd runtime (#9302) 
and supply a default runtime spec.
 2022-09-23 10:38:27 -07:00
Emin AKTAS 9468642269
feat: allows users to have more control on DNS (#9270) 
Signed-off-by: eminaktas <eminaktas34@gmail.com>

Signed-off-by: eminaktas <eminaktas34@gmail.com>
 2022-09-23 10:28:26 -07:00
Samuel Liu d387d4811f
replace createhome (#9314) 2022-09-23 00:26:39 -07:00
Kay Yan 1b3c2dab2e
add_max_concurrent_in_coredns (#9307) 2022-09-22 04:27:03 -07:00
Mohamed Zaian 76573bf293
[kubernetes] Add hashes for 1.24.6, 1.22.15, 1.23.12 and make v1.24.6 default (#9308) 2022-09-22 04:13:03 -07:00
Kay Yan 5d3326b93f
add-ping-package (#9284) 2022-09-21 23:55:05 -07:00
Mohamed Zaian 68dac4e181
[flannel] update to v1.19.2 & make it default (#9296) 2022-09-21 23:51:04 -07:00
Ilya Margolin 262c96ec0b
Remove duplication in template (#9301) 
by concatenating default and additional runtimes
 2022-09-21 08:33:15 -07:00
Mohamed Zaian 2acdc33aa1
[helm] upgrade to 3.9.4 (#9298) 2022-09-20 04:37:20 -07:00
Krystian Młynek 8acd33d0df
Calico: add wireguard support for Rocky Linux 9 (#9287) 2022-09-20 00:29:20 -07:00
pingrulkin a2e23c1a71
vsphere-csi: add nodeAffinity to daemonset (#9293) 2022-09-19 17:47:22 -07:00
rtsp 1b5cc175b9
[cert-manager] Upgrade to v1.9.1 (#9295) 2022-09-19 17:43:22 -07:00
Mohamed Zaian a71da25b57
[argocd] update argocd to v2.4.12 (#9297) 2022-09-19 17:37:22 -07:00
Vadim 5ac614f97d
fix duplicate field in ingress-nginx template (#9285) 2022-09-19 03:03:22 -07:00
ErmalKristo b8b8b82ff4
Adds support for multiple architectures to yq (#9288) 2022-09-19 02:14:38 -07:00
Necatican Yıldırım 7da3dbcb39
Cilium 1.12 Upgrade (#9225) 
* Drop support for Cilium < 1.10

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Synchronize Cilium templates for 1.11.7

Signed-off-by: necatican <contact@necatican.com>

* Set Cilium v1.12.1 as the default version

Signed-off-by: necatican <contact@necatican.com>

Signed-off-by: necatican <necaticanyildirim@gmail.com>
Signed-off-by: necatican <contact@necatican.com>
 2022-09-19 02:14:31 -07:00
Mohamed Zaian 680293e79c
[kubernetes] Add hashes for 1.24.5, 1.22.14, 1.23.11 and make v1.24.5 default (#9286) 2022-09-19 02:10:31 -07:00
Mahdi Abbasi 023b16349e
Add variable for the vsphere-csi namespace (#9278) 2022-09-15 02:01:23 -07:00
Kay Yan 97ca2f3c78
add-timezone-support (#9263) 2022-09-14 21:11:22 -07:00
ERIK 7c2fb227f4
Add LimitMEMLOCK parameter configuration in containerd.service (#9269) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-09-13 02:51:06 -07:00
ghostloda 08bfa0b18f
Upgrade ingress nginx webhook to 1.3.0 (#9271) 2022-09-13 01:47:05 -07:00
Ho Kim 952cad8d63
Remove mutual exclusivity in calico: NAT and router mode (#9255) 
* Add optional NAT support in calico router mode

* Add a blank line in front of lists

* Remove mutual exclusivity: NAT and router mode

* Ignore router mode from NAT

* Update calico doc
 2022-09-13 00:19:07 -07:00
cleverhu fc57c0b27e
fix number node name can't be added (#9266) 
Signed-off-by: cleverhu <shouping.hu@daocloud.io>

Signed-off-by: cleverhu <shouping.hu@daocloud.io>
 2022-09-13 00:09:05 -07:00
Samuel Liu dd4bc5fbfe
[etcd] Sometimes, we do not need to run etcd role on all nodes. (#9173) 
* WIP: sometimes,we not run etcd

* fix ansible lint

* like calico(kdd) cni, no need run etcd
 2022-09-09 01:29:22 -07:00
Mohamed Zaian d2a7434c67
[ingress-nginx] upgrade to 1.3.1 (#9264) 2022-09-09 00:37:23 -07:00
ghostloda f3fb758f0c
Remove useless file (#9258) 2022-09-07 17:10:49 -07:00
Krystian Młynek 6386ec029c
add retries for restart of kube-apiserver (#9256) 
* add retries for restart of kube-apiserver

* change var name
 2022-09-07 16:48:49 -07:00
Ho Kim ad7cefa352
Ignore deleting nodes that are not in cluster (#9244) 2022-09-05 19:50:54 -07:00
Ho Kim 09d9bc910e
Fix typos in calico comments (#9254) 2022-09-05 18:46:54 -07:00
Michael Schmitz be2bfd867c
Add Support for Rewrite Plugin to CoreDNS/NodelocalDNS (#9245) 2022-09-03 16:16:35 -07:00
lou-lan 133a7a0e1b
Add featureDetectOverride configration of calico (#9249) 2022-09-02 04:58:05 -07:00
Cristian Calin 6db6c8678c
disable kubelet_authorization_mode_webhook by default (#9238) 2022-08-31 04:53:00 -07:00
蒋航 7ebb8c3f2e
make calico installation more stable (#9227) 
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
 2022-08-30 21:13:01 -07:00
Alessio Greggi acb6f243fd
feat: add kubelet systemd service hardening option (#9194) 
* feat: add kubelet systemd service hardening option

* refactor: move variable name to kubelet_secure_addresses

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* docs: add diagram about kubelet_secure_addresses variable

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
 2022-08-30 11:18:55 -07:00
tasekida 220f149299
Fix abort because calicoctl.sh is not a full path (#9217) 2022-08-30 08:07:02 -07:00
Florian Ruynat 617b17ad46
Fix kube_ovn_hw_offload value (#9218) 2022-08-30 03:21:01 -07:00
kakkotetsu 9dc9a670a5
add runc v1.1.4 (#9230) 2022-08-30 02:01:01 -07:00
Kay Yan b46ddf35fc
kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod (#9223) 
* fix-kube-vip-strict-arp

* fix-kube-vip-strict-arp
 2022-08-30 00:21:02 -07:00
Chad Swenson de762400ad
Fixes for calico_datastore: etcd (#9228) 
It seems that PR #8839 broke `calico_datastore: etcd` when it removed ipamconfig support for etcd mode.

This PR fixes some failing tasks when `calico_datastore == etcd`, but it does not restore ipamconfig support for calico in etcd mode. If someone wants to restore ipamconfig support for `calico_datastore: etcd` please submit a follow up PR for that.
 2022-08-29 22:41:00 -07:00
Cristian Calin e60ece2b5e
[CI] remove opensuse Leap from molecule test blocking CI (#9229) 2022-08-29 11:44:49 -07:00
Krystian Młynek 64daaf1887
cri-dockerd: add restart of docker.service (#9205) 
* cri-dockerd: add restart of docker.service

* remove enabling of cri-dockerd.socket
 2022-08-24 05:50:02 -07:00
Shelming.Song c8a61ec98c
optimize the format of evictionHard in kubelet-config.yaml template (#9204) 2022-08-23 01:55:24 -07:00
Pavel Chekin 8f899a1101
Fix containerd (<1.7) configuration for insecure registries (#9207) 
For the following configuration

```
    containerd_insecure_registries:
      docker.io:
        - dockerhubcache.example.com
```

the rendered /etc/containerd/config.toml contains

```
        [plugins."io.containerd.grpc.v1.cri".registry.configs."docker.io".tls]
          insecure_skip_verify = true
```

but it needs to be

```
        [plugins."io.containerd.grpc.v1.cri".registry.configs."dockerhubcache.example.com".tls]
          insecure_skip_verify = true
```
 2022-08-22 23:13:23 -07:00
Mostafa Ghadimi 386c739d5b
🌱 Enable cri-dockerd service (#9201) 
* 🌱 Enable cri-dockerd service

* 🔨 Fix the task name in order to pass the CI tests
 2022-08-22 07:17:43 -07:00
Tristan bbd1161147
9035: Make Cilium rolling-restart delay/timeout configurable (#9176) 
See #9035
 2022-08-22 02:37:44 -07:00
Mohamed Zaian ab938602a9
[kubernetes] Add hashes for 1.24.4, 1.22.13, 1.23.10 and make v1.24.4 default (#9191) 2022-08-21 23:11:44 -07:00