kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,896 Commits
29 Branches
81 Tags
162 MiB
Commit Graph

5277 Commits (687fa3dbedd054639974cdad0cd98533a4e4a49f)

Author SHA1 Message Date
ChengHao Yang 5f35b66256
Bump: OpenStack Cloud Controller Manager to 1.30.0 (#11358) 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-07-16 02:22:54 -07:00
ChengHao Yang bab0398c1e
Bump Cinder CSI Plugin to v1.30.0 (#11374) 
* Chore: bump cinder-csi-plugin from v1.29.0 to v1.30.0

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

* Docs: update README.md cinder-csi-plugin version

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-07-13 02:01:08 -07:00
ChengHao Yang 464cc716d7
Feat: Update CentOS 7 EOL package to vault.centos.org (#11360) 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-07-08 04:36:52 -07:00
ERIK 1ebd860c13
[kubernetes] Add hashes for kubernetes 1.29.6 (#11351) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-07-05 00:18:25 -07:00
Takuya Murakami a0d03d9fa6
[kubernetes] Support kubernetes 1.30.2 (#11343) 2024-07-03 00:06:20 -07:00
Erwan Miran 0bcedd4603
Make local_volume_provisioner log level configurable (#11336) 2024-07-02 07:14:06 -07:00
Erwan Miran 413572eced
Make calico-kube-controllers log level configurable (#11335) 2024-07-02 07:13:59 -07:00
ChengHao Yang 348335ece5
[cert-manager] upgrade to v1.14.7 (#11341) 
* Feat: upgrade cert-manager crd to 1.14.7

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

* Feat: upgrade cert-manager download version to 1.14.7

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-07-02 00:19:58 -07:00
Takuya Murakami ee3fef1051
[kubernetes] Add hashes for kubernetes 1.30 (#11109) (#11261) 
Add hashes to crictl, crio, kubelet, kubectl and kubeadm
 2024-07-02 00:15:59 -07:00
Keita Mochizuki ff18f65a17
add ingress controller svc nodeport param (#11310) 2024-06-30 21:58:05 -07:00
ChengHao Yang cce585066e
Bump CNI weave 2.8.1 to 2.8.7 (community version) (#11228) 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-06-26 02:40:27 -07:00
Alexander 619938da95
add the ability to configure extra args to the different cinder-csi-p… (#11169) 
* add the ability to configure extra args to the different cinder-csi-plugin containers

* endfor block added to be syntactically correct jinja
 2024-06-26 02:40:20 -07:00
Keita Mochizuki 88b502f29d
add ingress controller admission svc (#11309) 2024-06-26 02:30:41 -07:00
Serge Hartmann db316a566d
dependencies for kubelet.service (#11297) 
Signed-off-by: serge Hartmann <serge.hartmann@gmail.com>
 2024-06-26 02:30:34 -07:00
Lihai Tu 817c61695d
Support disable unattended-upgrades for Linux kernel and all packages start with linux- on Ubuntu (#11296) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-06-26 02:30:27 -07:00
Lihai Tu 0c84175e3b
Bump docker_containerd to 1.6.32 (#11293) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-06-26 02:30:21 -07:00
Elias-elastisys cae266a045
Upgrade upcloud csi driver to v1.1.0 and add snapshot features (#11303) 2024-06-26 02:26:21 -07:00
Daniil Muidinov c352773737
fix task Set label to node (#11307) 2024-06-25 06:35:40 -07:00
ERIK 27cb22cee4
update docker cli version for ubuntu (#11291) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-06-24 05:20:56 -07:00
peterw edce2b528d
add cilium_hubble_event_buffer_capacity & cilium_hubble_event_queue_size vars (#10943) 2024-06-23 20:14:56 -07:00
Lihai Tu 921b0c0bed
Add options to control images pulling of kubelet (#11094) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-06-21 07:54:54 -07:00
tico88612 24dc4cef56
Feat: upgrade cert-manager from 1.13.2 to 1.13.6 (#11279) 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-06-18 00:45:31 -07:00
Ehsan Golpayegani 0c8d29462d
make sure peers is defined. (#11259) 
* make sure peers is defined.

* Update peer_with_router.yml
 2024-06-04 10:02:23 -07:00
spnngl 4b82e90dcb
fix(bootstrap-os): do not install pkgs requirements on flatcar (#11224) 
Fix regression added in 663fcd104c for
flatcar nodes.

See: 663fcd104c
 2024-05-30 06:34:25 -07:00
Hedayat Vatankhah (هدایت) dedc00661a
Add 'system-packages' tag to control installing packages from OS repositories (#10872) 2024-05-30 04:25:21 -07:00
Max Gautier 3082fa3d0f
Allow empty kube_node group (#11248) 
While uncommon, provisioning only a control plane is a valid use case,
so don't block it.
 2024-05-30 03:01:38 -07:00
Max Gautier d50f61eae5
pre-commit: apply autofixes hooks and fix the rest manually 
- markdownlint (manual fix)
- end-of-file-fixer
- requirements-txt-fixer
- trailing-whitespace
 2024-05-28 13:26:44 +02:00
Mohamed Omar Zaian 4b9349a052
Update 'KUBESPRAY_VERSION and kube_version_min_required', cleanup old hashes for v2.25.0 (#11221) 2024-05-21 06:08:44 -07:00
Jorge Isnardo Altamirano 40cbdceb3c
Merge branch 'kubernetes-sigs:master' into master 2024-05-20 08:32:00 +02:00
tico88612 f85111f6d4
CI: add ubuntu 24.04 support (#11132) 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-05-18 00:35:20 -07:00
peterw 0b464b5239
crio container runtime crio_registries path fix (#11030) 2024-05-17 04:39:24 -07:00
ERIK dac4705ebe
bump docker version for openeuler linux (#11206) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-05-17 04:24:38 -07:00
Lihai Tu d5f6838fba
Bump scheduler plugins version (#11205) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-05-17 02:05:35 -07:00
ERIK 354ffe7bd6
bump docker version of kylin and uos (#11203) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-05-17 01:58:23 -07:00
tico88612 427f868718
Bump docker version 26.1 (#11198) 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-05-16 06:05:26 -07:00
QCU d7756d85ef
fix: Change the position of the containerd_extra_args parameter to make the parameter more universal. (#11013) 
that you can only place thing in the root table in a toml document before the first table heading.
 2024-05-16 00:41:26 -07:00
Mohamed Omar Zaian 08293f2ef7 [kubernetes] Add hashes for kubernetes 1.29.5, 1.28.10, 1.27.14 2024-05-15 10:44:47 +02:00
Mohamed Omar Zaian fe1a2d5dd9
[argocd] update argocd to v2.11.0 (#11193) 2024-05-14 19:34:31 -07:00
hayden e410e30694
Change a task name in preinstall/0080-system-configurations.yml (#11171) 2024-05-14 00:39:11 -07:00
Mohamed Omar Zaian 6dbb09435c
[ingress-nginx] upgrade to 1.10.1 (#11184) 2024-05-13 18:39:10 -07:00
Max Gautier d8a4aea9bc
Revert "support CoreDNS use host network and config dns port (#10617)" (#11185) 
This reverts commit bc5b38a771.
 2024-05-13 14:51:11 -07:00
Kay Yan 7aa415e707
fix-container-selinux-amzn-linux (#11182) 2024-05-13 07:39:33 -07:00
Alexander cd459a04f3
Revert OCCM standard dnsPolicy to ClusterFirst and make dnsPolicy configurable to support 10618 (#11168) 2024-05-13 03:25:09 -07:00
Ugur Can Ozturk a512b861e0
[etcd/tracing]: fix etcd sampling rate flag (#11175) 
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
 2024-05-13 03:14:39 -07:00
Max Gautier d870a3ee4e
Avoid potential loop_var shadowing (#11162) 
With CentOS, kubespray currently produces the following warning:

[WARNING]: TASK: bootstrap-os : Enable Oracle Linux repo: The loop variable
'item' is already in use. You should set the `loop_var` value in the
`loop_control` option for the task to something else to avoid variable
collisions and unexpected behavior.

This could bites us in nasty ways, so fix it.
 2024-05-13 03:14:30 -07:00
Franz Nemeth ce2642f27b
feat: Adding a check which determines if cgroups are enabled on a node (#11163) (#11165) 2024-05-09 05:40:03 -07:00
tico88612 5dc12b2a15
Bump openstack-cloud-controller-manager from 1.25.3 to 1.28.2 (#11174) 
Registry change to registry.k8s.io

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-05-08 02:45:36 -07:00
Max Gautier 8c12dedf05
Fix amazon linux bootstrap (#11139) 
c58497cde (Refactor bootstrap-os (#10983), 2024-03-27) refactored the
boostrap-os include but didn't adapt the amazon linux tasks to the
actual ID of amazon linux ('amzn')

Re-enable the CI so we can avoid that kind of breakage.
 2024-05-08 02:15:23 -07:00
Daniel Strufe 0b0faf8f72
Update external huawei cloud controller to 0.26.8 (#11172) 
* Update external huawei cloud controller to 0.26.8

* Update huawei cloud controller templates

* Add security-group-id to config

* git fail
 2024-05-08 01:36:31 -07:00
Jorge Isnardo Altamirano a09c73a356 Update kube-vip manifests to v0.8.0 2024-05-07 11:38:13 +02:00
Vladimir Shaikovskii 966a8b95de
[metallb] Add variable for the metallb namespace (#11136) 2024-05-06 02:11:02 -07:00
MatthieuFin a01d0c047a
fix: 🐛 patch calico node to avoid vxlan tunnel drop (#11097) 
if node.projectcalico.org already existe patch node to set asNumber
instead of apply resource to prevent remove of existing fields feed by
calico-node pods

 Closes: 11096
 2024-05-05 20:30:59 -07:00
Max Gautier 4cb688d5e4
Fix CentOS typo (#11161) 
The name reported in ansible_distribution is "CentOS", so this could
break some things.
 2024-05-05 19:52:18 -07:00
hayden 5ce530c909
Merge stops and removes systemd services tasks in reset playbook (#10902) 2024-05-03 02:34:06 -07:00
Mohamed Omar Zaian 9f62f60814
[kubernetes] Add hashes for kubernetes 1.29.4, 1.28.9, 1.27.13 (#11108) 2024-05-03 02:20:51 -07:00
Jorge Isnardo Altamirano 537891a380 Update kube-vip manifests to v0.8.0 2024-05-02 16:37:49 +02:00
Jorge Isnardo Altamirano e57e958a39 Update kube-vip to v0.8.0 2024-05-02 09:45:30 +02:00
Mohamed Omar Zaian 91dea023ae
[containerd] add hashes for versions '1.6.30-31', 'v1.7.16' and make v1.7.16 default (#11142) 2024-04-30 04:20:29 -07:00
Lihai Tu 245454855d
Add additional checking for calico rr cluster_id (#11112) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-04-30 03:46:30 -07:00
Denis Khachyan 3a112e834c
ingress-nginx: added ability to enable opentelemetry nginx module (#11034) 2024-04-30 03:46:17 -07:00
Patrick f0e20705aa
Add Calico v3.27.3 and make it default (#11141) 
* Add Calico v3.27.3 and make it default

* Add Calico v3.27.3 and make it default

* Update README.md
 2024-04-30 00:20:42 -07:00
Kubernetes Prow Robot 97e71da97b
Merge pull request #11131 from VannTen/design/modular_pkgs_install 
Fine grained OS packages installation
 2024-04-30 00:20:24 -07:00
RaSerge a7f98116ca
fix: updating the calico-crds (#11089) 2024-04-30 00:15:09 -07:00
Max Gautier 088b1b0cec
Add `enabled` to pkgs to handle ipvs 
Some packages requirements depends on inventory variables
(`kube_proxy_mode` in that case but it could apply to others).

As the case seems pretty rare, instead of adding complexity to pkgs, we
add an escape hatch to use jinja conditions.
That should be revisited if we find ourselves shoehorning lots of logic
in this later on.
 2024-04-29 21:22:23 +02:00
Max Gautier 11f35e462c
Convert common packages to use the new tooling 
The empty dict means that packages will always be installed on the host.
 2024-04-29 21:22:22 +02:00
Max Gautier da3ff1cc11
Convert OS specific packages to new format 
Uses the logic introduced in the previous patch to convert all
kubernetes/preinstall/vars/* os specific files to the `pkgs`
dictionary.

Some niceties for devs:
- always validate the `pkgs` variable to catch mistakes in CI.
- ensure that `pkgs` is always sorted. This makes it easier to find the
  packages you're looking for.
 2024-04-29 21:22:21 +02:00
Max Gautier 663fcd104c
Filter packages installation by OS and by group 
Adds infrastructure to install OS packages depending not only on OS
(family, versions, etc) but on groups.
All the informations related to a particular package should reside in
the `pkgs` dictionnary, which takes inspiration from the `downloads`
dictionary structure.
 2024-04-29 21:22:20 +02:00
Max Gautier a2019c1c24
Add a JSON schema describing the packages install structure 
Since the structure we're setting in place for installing packages has
some complexity, add a JSON schema to avoid frustrating errors when
modifying the informations (adding/removing packages install).
 2024-04-29 21:22:19 +02:00
Max Gautier 3a43ac4506
Don't special case openssl for tumbleweed 
openssl 1.1.1 is EOL since 12 September 2023, so just use the default
version on tumbleweed like we do on other distributions.
 2024-04-29 21:22:18 +02:00
Max Gautier f91e00a61b
preinstall: Move ipvs packages into defaults 2024-04-29 21:22:15 +02:00
Mathieu Parent c6bdc38776
containerd: allow to configure fallback server (#10988) 
Also nerdctl limitation is now removed as we use /etc/containerd/certs.d/
 2024-04-29 05:41:47 -07:00
Max Gautier 08a7010e80
Revert "Only download kubeadm images where needed (#10899)" (#11105) 
This reverts commit 4b0a134bc9.

The mentionned PR break scale.yml. This goes back to the status quo
until a proper fix can be provided, at which point we'll reapply the
PR.
 2024-04-29 01:59:51 -07:00
Pavan Gunda 538deff9ea
ntp: add config to filter and set ntp interfaces (#11066) 
* ntp: add config to set which interface ntp should listen

* Fixed config to only have one variable
 2024-04-25 07:51:45 -07:00
Lihai Tu 23b56e3f89
Enclose the cpu type with quotation marks in kubelet-config.v1beta1 (#11111) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-04-25 00:32:06 -07:00
Devesh Kumar eee5b5890d
feat: Add support for cilium 1.15 and updated cilium to v1.15.4 (#11106) 2024-04-23 19:42:11 -07:00
Ugur Can Ozturk ab0ef182fb
[containerd/tracing]: add distributed tracing config flags (#11103) 
* [containerd/tracing]: add distributed tracing config flags

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

* [containerd/tracing]: add distributed tracing config flags -fix

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

---------

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
 2024-04-23 00:24:19 -07:00
MatthieuFin 4db3e2c3cf
fix: 🐛 calico-cni-plugin missing RBAC (#11077) 
To configure node asNumber for per node peering service account
calico-cni-plugin need nodes/status update rights

 Closes: 11076
 2024-04-22 10:09:37 -07:00
MatthieuFin 3d19e744f0
feat(calico): add support filters on bgppeers per node definition (#11079) 
Signed-off-by: MatthieuFin <matthieu2717@gmail.com>
 2024-04-21 19:35:34 -07:00
Lilian ARAGO 929c818b63
Fixed joined_control_planes when ansible_hostvars references a variable (#11060) 2024-04-19 03:20:58 -07:00
Alexander 4baa2c8704
set default containerd_version to v1.7.15 and add checksums (#11083) 
* set default containerd_version to v1.7.15 and add checksums for v1.7.14 and v1.7.15

* update containerd version in README.md
 2024-04-16 19:33:15 -07:00
Abhishek Jain f3065cc5c4
bump skopeo version and checksum (#11044) 
Signed-off-by: Abhishek Jain <jain.abhishek1991@gmail.com>
 2024-04-16 01:19:27 -07:00
Kay Yan ed2059395c
Remove the archived debian apt repository (#11088) 
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
 2024-04-16 00:21:55 -07:00
kyrie 8919901ed5
fix python regex matching problem when finding docker packages (#11075) 2024-04-14 19:55:18 -07:00
kyrie cc0c3d73dc
fix reset/main.yml lsattr command error when kubelet has symbolic link (#11074) 
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
 2024-04-14 19:55:05 -07:00
kyrie dd0f42171f
fix kubespray-defaults: Check for boostrap-os FQCN (#11073) 2024-04-14 18:21:11 -07:00
Barry M 1b870a1862
Update kubelet systemd service default allowed IP addresses for cluster hardening (#11061) 
Signed-off-by: bmelbourne <barry.melbourne0@gmail.com>
 2024-04-11 00:58:27 -07:00
J 8a423abd0f
Update Snapshot controller to v7.0.2 (#11041) 
Upgrade Snapshot controller installed for all supported Kubernetes
versions to v7.0.2. Also update the manifests used to deploy the
Snapshot controller.
 2024-04-10 20:38:08 -07:00
Barry M 3ec2e497c6
Update kubelet-csr-approver to v1.1.0 (#11070) 
Signed-off-by: bmelbourne <barry.melbourne0@gmail.com>
 2024-04-10 18:57:02 -07:00
Mathieu Parent 7844b8dbac
Promote nodelocaldns daemonset to system-node-critical (#11056) 
As upstream
 2024-04-09 19:48:01 -07:00
kyrie e87040d5ba
change debian8 network manage service from networking to systemd-networkd (#11058) 
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
 2024-04-09 06:50:39 -07:00
Sergey b2cce8d6dc
force update helm repo if exists on host (#11043) 2024-04-08 19:02:48 -07:00
Robert Volkmann 3067e565c0
Fix calico host local ipam (#11022) 
* Prevent upgrade-ipam for host-local IPAM

Otherwise, the init container upgrade-ipam would clear the state of the host-local plugin, potentially causing it to reassign IPs that are still in use.

* USE_POD_CIDR required for host-local

4efd1bfd91/charts/calico/templates/calico-node.yaml (L279)
4efd1bfd91/charts/calico/templates/calico-typha.yaml (L133)
 2024-04-03 00:52:31 -07:00
Nicolas Goudry c6fcbf6ee0
Remove access to cluster from anonymous users (#11016) 
* feat: add user facing variable with default

* feat: remove rolebinding to anonymous users after init and upgrade

* feat: use file discovery for secondary control plane nodes

* feat: use file discovery for nodes

* fix: do not fail if rolebinding does not exist

* docs: add warning about kube_api_anonymous_auth

* style: improve readability of delegate_to parameter

* refactor: rename discovery kubeconfig file

* test: enable new variable in hardening and upgrade test cases

* docs: add option to config parameters

* test: multiple instances and upgrade
 2024-04-02 23:54:12 -07:00
ERIK fdf5988ea8
revert crictl version (#11042) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-04-01 18:43:53 -07:00
Kay Yan a7d42824be
Merge pull request #11036 from mzaian/etcd-3512 
[etcd] make etcd 3.5.12 default
 2024-04-01 14:57:48 +08:00
peterw 9ef6678b7e
configure crio to use kube reserved cgroups (#11028) 2024-03-31 22:21:33 -07:00
Mohamed Omar Zaian 70a54451b1 [etcd] make etcd 3.5.12 default 2024-03-30 05:01:01 +01:00
Max Gautier c6758fe544
Cleanup of kubernetes/preinstall (#11010) 
* Move fedora ansible python install to bootstrap-os

* /bin/dir is set in bootstrap-os

* Removing ansible_os_family workarounds

Support for these distributions was merged in Ansible, no need to
override it ourselves now.
https://github.com/ansible/ansible/pull/69324 openEuler
https://github.com/ansible/ansible/pull/77275/ UnionTech OS Server 20
https://github.com/ansible/ansible/pull/78232/ Kylin

* Don't unconditionnaly set VARIANT_ID=coreos in os-release

WTF, this is so wrong.
Furthermore, is_fedora_coreos is already handled in boostrap-os

* Handle Clearlinux generically

Followup of 4eec302e86 (since we're using
package module anyway, let's get rid of the custom task)
 2024-03-28 15:17:52 -07:00
itayporezky 10315590c7
Change hard-coded URLs to use variables (#11031) 2024-03-27 20:44:25 -07:00
Mohamed Omar Zaian 03ac02afe4
[kubernetes] Add hashes for kubernetes 1.29.3, 1.28.8, 1.27.12 (#11035) 2024-03-27 12:30:27 -07:00
Arthur Outhenin-Chalandre fd83ec9d91
kubespray-defaults: regenerate checksums and bump various versions (#10999) 
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
 2024-03-27 06:02:53 -07:00
Max Gautier c58497cde9
Refactor bootstrap-os (#10983) 
* Remove leftover files for Coreos

Coreos was replaced by flatcar in 058438a25 but the file was copied
instead of moved.

* Remove workarounds for resolved ansible issues

* boostrap: Use first_found to include per distro

Using directly ID and VARIANT_ID with first_found allow for less manual
includes.
Distro "families" are simply handled by symlinks.

* boostrap: don't set ansible_python_interpreter

- Allows users to override the chosen python_interpreter with group_vars
  easily (group_vars have lesser precedence than facts)
- Allows us to use vars at the task scope to use a virtual env

Ansible python discovery has improved, so those workarounds should not
be necessary anymore.
Special workaround for Flatcar, due to upstream ansible not willing to
support it.
 2024-03-27 05:58:53 -07:00
kyrie baf4842774
make kube-vip LeaderElection variables configurable (#11021) 
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
 2024-03-25 02:24:57 -07:00
Tom M e7d29715b4
Add kubelet_cpu_manager_policy_options (#11023) 2024-03-22 12:21:39 -07:00
ERIK 30da721f82
fix: config hostname as string type in kubeadmConf rendering (#10997) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-03-22 03:54:25 -07:00
Gary Miguel a1cf8291a9
spelling: scrapper -> scraper (#11015) 2024-03-15 07:34:30 -07:00
Max Gautier 7f6ca804a1
Upgrade ansible-core to 2.16.4 (#10984) 
* upgrade ansible version

Needed for with_first_found to work correctly:
https://github.com/ansible/ansible/issues/70772 fixed in 2.16

* Remove unused google cloud cloud_playbook

* Fix dpkg_selection on non-existing packages

Needed since ansible-core>2.16, see:
f10d11bcdc
 2024-03-14 02:12:45 -07:00
Clement Phu eff331ad32
Upgrade Nerdctl version to 1.7.4 (#10968) 2024-03-11 13:35:07 -07:00
Max Gautier 71fa66c08d
Delete old leftover script (#10996) 2024-03-11 13:28:00 -07:00
Ricky Kwan 69bf6639f3
Fix typo in selector (#10994) 2024-03-11 03:07:37 -07:00
Noam c275b3db37
update checksum for crio 1.29.1 (#10952) 
* update checksum for crio 1.29.1

* update crio bin's names

* crio_conmon for 1.29

* remove unrequired change
 2024-03-11 02:56:35 -07:00
Mohamed Omar Zaian 66eaba3775
[calico] Add hashes and make v3.27.2 default (#10960) 2024-03-10 00:20:17 -08:00
Kay Yan 90b0151caf
support node feature discovery (#10861) 
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
 2024-03-05 08:36:08 -08:00
Clement Phu 04e40f2e6f
Add configuration to create cilium CNI plugin file when cilium>=1.14.0 (#10966) 2024-03-02 20:56:06 -08:00
Clement Phu 7a9def547e
Upgrade Helm to v3.14.2 (#10967) 2024-02-27 18:10:19 -08:00
Ludovic Logiou 26034b296e
Bump cinder-csi version and switch container registry (#10894) 
* Bump cinder-csi version and switch container registry

Signed-off-by: Ludovic Logiou <ludovic.logiou@gmail.com>

* Update roles/kubespray-defaults/defaults/main/download.yml

Co-authored-by: Mohamed Omar Zaian <mohamedzaian@gmail.com>

---------

Signed-off-by: Ludovic Logiou <ludovic.logiou@gmail.com>
Co-authored-by: Mohamed Omar Zaian <mohamedzaian@gmail.com>
 2024-02-22 05:06:40 -08:00
Ricky Kwan 5d822ad8cb
Support overriding cni directory owner (#10929) 2024-02-19 02:58:11 -08:00
ABW a0d2bda742
feat/add default ingress-nginx service (#10925) 
feat/add default ingress-nginx service

feat/add default ingress-nginx service

feat/add default ingress-nginx service
 2024-02-19 02:47:36 -08:00
R. P. Taylor 9442f28c60
do not disable SELinux surreptitiously (#10920) 2024-02-17 20:17:40 -08:00
Max Gautier 65b0604db7
download: Remove deleted kubeadm config field (#10931) 2024-02-16 05:08:43 -08:00
Mohamed Omar Zaian 082ac10fbb
[kubernetes] Add hashes for kubernetes 1.29.2, 1.28.7, 1.27.11 (#10919) 2024-02-16 01:40:58 -08:00
Max Gautier bf42ccee4e
Fix ingress-nginx controller election (#10913) 
Under the original code, leader election failed for ingress controllers
as a result of mismatch between election-id in the controller config,
and the resourceName in the relevant rule of role 'ingress-nginx'.
This appeared in the controller logs.

To fix the issue, a command-line option was added to container
execution (--election-id=...).

Now, the election-id agrees with the resourceName provided in
the role-ingress-nginx.yml file. A comment in that file was
changed to reflect the new logic.

Co-authored-by: Vasilis Samoladas <vsam@softnet.tuc.gr>
Co-authored-by: Mohamed Omar Zaian <mohamedzaian@gmail.com>
 2024-02-12 02:58:45 -08:00
Kundan Kumar bfbb3f8d33
updated ingress controller version (#10868) 2024-02-12 01:11:03 -08:00
Max Gautier ffda3656d1
Enable containerd 'discard_unpacked_layers' by default (#10905) 
* containerd: Remove redundant 'default' filters

* containerd: enable 'discard_unpacked_layers' by default

This should help with containerd disk usage
 2024-02-09 06:33:16 -08:00
Max Gautier f5474ec6cc
Don't try to set permissions recursively on cache+staging directory (#10900) 
This should avoid permissions problems when the user creating the
directory and the user creating the content are different (when
containers images are saved by root for instances, because the user
can't use the container runtime).
 2024-02-09 06:04:28 -08:00
Max Gautier 4b0a134bc9
Only download kubeadm images where needed (#10899) 
* Refactor of kubeadm images listing

Instead of setting multiples facts, we directly create the dict we need from
kubeadm output.

* Remove useless 'default' filters in roles/download

* Only download kubeadm images where needed
 2024-02-08 02:14:45 -08:00
flxbwr ad565ad922
Fix waiting for MetalLB controller (#10858) 
The current state waiting method is bad to implement.
When changing the deployment version, which is execute with the upgrade_cluster in the previous ansible task: "Kubernetes Apps | Install and configure MetalLB", next ansible task: "Kubernetes Apps | Wait for MetalLB controller to be running" may fall with an error.
 2024-02-06 02:58:59 -08:00
Max Gautier 6f419aa18e
Revert "implement download mirrors support (#8474)" (#10884) 
This reverts commit c6e5314fab.

There is no user of the download mirrors support in kubespray, for a
long time.
 2024-02-06 00:48:29 -08:00
anders-elastisys c698790122
add nat_outgoing_ipv6 to calico defaults and docs (#10866) 2024-02-05 23:14:22 -08:00
Gianmarco Mameli 989ba207e9
task description modified (#10875) 2024-02-05 07:59:04 -08:00
Max Gautier f2bdd4bb2f
Fix logical error when checking for boostrap-os (#10867) 
Also remove some clutter along the way.
 2024-02-05 07:58:55 -08:00
Kay Yan c9a44e4089
make docker 24.0 default (#10873) 
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
 2024-02-04 21:55:19 -08:00
kyrie 0dbde7536f
make containerd 1.7.12 default and upgrade runc to v1.1.11 (#10862) 
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
 2024-02-01 04:06:08 -08:00
Victor Login 8d53c1723c
bump coredns version to 1.11.1 (#10719) 
* update version coredns 1.11.1

* Update roles/kubespray-defaults/defaults/main/download.yml

Co-authored-by: Mohamed Omar Zaian <mohamedzaian@gmail.com>

---------

Co-authored-by: Mohamed Omar Zaian <mohamedzaian@gmail.com>
 2024-02-01 03:28:20 -08:00
Mohamed Omar Zaian dce68e6839
[feat] Update metrics server to v0.7.0 (#10856) 2024-01-31 05:13:26 -08:00
Takuya Murakami 785366c2de
[kubernetes] Support kubernetes 1.29 (#10820) 
* [kubernetes] Make kubernetes 1.29.1 default

* [cri-o]: support cri-o 1.29

Use "crio status" instead of "crio-status" for cri-o >=1.29.0

* Remove GAed feature gates SecCompDefault

The SecCompDefault feature gate was removed since k8s 1.29
https://github.com/kubernetes/kubernetes/pull/121246
 2024-01-31 00:57:23 -08:00
Saber 1d119f1a3c
Fixed grammar (#10853) 2024-01-29 17:46:58 -08:00
Ugur Can Ozturk 7863fde552
[apiserver-kubelet/tracing]: add distributed tracing config variables (#10795) 
* [apiserver-kubelet/tracing]: add distributed tracing config flags

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

* [apiserver-kubelet/tracing]: add distributed tracing config flags - fix

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

* [apiserver-kubelet/tracing]: add distributed tracing config flags - fix

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

---------

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
 2024-01-25 10:24:35 +01:00
kimsehwan96 758d34a7d1 Fix typo mistake in roles/kubernetes/control-plane/tasks/define-first-kube-control.yml 
- Fix 'Set fact joined_control_panes' into 'Set fact joined_control_planes'
 2024-01-24 13:39:39 +01:00
Max Gautier c80f2cd573
Allow the DNS stack to be backward compatible with an old dns_domain (#10630) 
Handle all old dns domains:
- for nodelocaldns: in the same server block as the current dns_domain
- for coredns: uffix rewrite of each of the old dns domains to the
  current one
 2024-01-24 06:31:22 +01:00
Maxime Leroy ab0163a3ad
fix(kubernetes): taint nodes with kubectl (#10705) 
Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
 2024-01-23 15:46:13 +01:00
Daniel Strufe 2eb588bed9
Update external huawei cloud controller to 0.26.6 (#10824) 
* Update huaweicloud controller to 0.26.6

See <https://github.com/kubernetes-sigs/cloud-provider-huaweicloud/compare/v0.26.3...v0.26.6>

* Update huaweicloud sample to use 0.26.6
 2024-01-23 09:28:00 +01:00
Louis Tu a88bad7947
Add scheduler plugins support (#10747) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-01-23 07:42:33 +01:00
Max Gautier 89d42a7716
Fix coredns_dual usage (#10821) 2024-01-22 18:36:16 +01:00
yun 13e1f33898
Correct the POLY1305 cipher suites by adding the suffix _SHA256 (#10641) 2024-01-22 18:00:52 +01:00
Alexander de2c4429a4
Enable configuring mountOptions, reclaimPolicy and volumeBindingMode … (#10450) 
* Enable configuring mountOptions, reclaimPolicy and volumeBindingMode for cinder-csi StorageClasses

* Check if class.mount_options is defined at all, before generating the option list
 2024-01-22 18:00:34 +01:00
Max Gautier 22bb0976d5
Adjust kubelet_event_record_qps to K8S default (#10826) 
Also remove redundant check in the kubelet config template (we define a
default, so the setting will always be "true")
 2024-01-22 17:49:14 +01:00
my-git9 5a405336ae
Support following k8s version selection pause image (#10756) 
Signed-off-by: xin.li <xin.li@daocloud.io>
 2024-01-22 17:28:09 +01:00
Yuhao Zhang 0e971a37aa
Offline control plane recover (#10660) 
* ignore_unreachable for etcd dir cleanup

ignore_errors ignores errors occur within "file" module. However, when
the target node is offline, the playbook will still fail at this task
with node "unreachable" state. Setting "ignore_unreachable: true" allows
the playbook to bypass offline nodes and move on to proceed recovery
tasks on remaining online nodes.

* Re-arrange control plane recovery runbook steps

* Remove suggestion to manually update IP addresses

The suggestion was added in 48a182844c 4
years ago. But a new task added 2 years ago, in
ee0f1e9d58, automatically update API
server arg with updated etcd node ip addresses. This suggestion is no
longer needed.
 2024-01-22 17:22:27 +01:00
Noam 3e7b568d3e
crictl allow setting grace period for stop containers upon reset (#10651) 
* crictl allow setting different grace period for stop containers and pods

* correct grace period location
 2024-01-22 17:11:08 +01:00