The quotations in the variable nerdctl_extra_flags are not required
for the `nerdctl_image_pull_command` and throw the following error
when executing the cluster-playbook with `container_insecure_registries` set:
unknown flag: --insecure-registry\\\"
This happens as the complete nerdctl_image_pull_command string
variable gets split into an array string for the cmd task.
The escaped quotation doesn't get escaped properly and is added to
the cmd-string array as part of the command. This leads to a wrong
written insecure-registry flag, which throws this error.
Due to missing quotation of nerdctl_extra_flags, ansible-playbook was failed:
Using module file /usr/local/lib/python3.6/dist-packages/ansible/modules/command.py
Pipelining is enabled.
[..]
File "/usr/lib/python3.8/shlex.py", line 191, in read_token
raise ValueError("No closing quotation")
This fixes the issue.
T-Eberle investigated the issue and found the solution.
Thank you T-Eberle!
cherry-picked from
* ccd3180 cert-manager: Fix incorrect leader election namespace lead to insufficient permission (#8433)
* e791089 cert-manager: Allow to change leader election namespace for GKE Autopilot support (#8424)
* Run 0100-dhclient-hooks if dhcpclient is enabled (#8658)
If running Kubespray on static IP environments, a task was failed like:
TASK [kubernetes/preinstall : Configure dhclient hooks for resolv.conf (RH-only)]
fatal: [ak8s2]: FAILED! => {
"changed": false, "checksum": "..",
"msg": "Destination directory /etc/dhcp/dhclient.d does not exist"}
This adds a check for dhclientconffile for running 0100-dhclient-hooks to
run the task only if dhcpclient is enabled.
* Remove centos7 molecule while opensuse mirror is flaky
Co-authored-by: Florian Ruynat <16313165+floryut@users.noreply.github.com>
* Update config.toml.j2
i think this commit code is not completed works
exam registry address : a.com:5000
insecure registry must be http://a.com:5000
but this code add insecure a.com:5000 (without http://)
If there is no http, containerd accesses with https even if insecure_skip_verify = true
solution is code edit
* Update config.toml.j2
* Update containerd.yml
* Update containerd.yml
* Update containerd.yml
* Update config.toml.j2
(cherry picked from commit dda557ed23)
Co-authored-by: Choi Yongbeom <59861163+mircyb@users.noreply.github.com>
quay.io/kubespray/vagrant image is used for molecule_tests.
The tag was v2.17.1 on release-2.18 branch but the image
contains vagrant-2.2.15 which has a bug related to a virtual machine creation.
That caused kubespray CI failures.
This updates the image to use a newer vagrant.
All container image versions were defined in download/defaults/main.yml
except containerd.
The inconsistency caused the offline script(generate_list.sh) could not
output the URL of containerd image.
This moves the definition into a valid file.
In addition, this adds host_os to generate_list.sh for downloading
krew from a valid URL.
This allow to workaround #8375 by using image_command_tool=crictl
when containerd_registries is used for containerd.
Also changes image_info_command_on_localhost for docker to return digests.
(cherry picked from commit cfd9873bbc)
The cherry-pick was adapted because nerdctl_extra_flags is not in
the release-2.18 branch (#8339).
- Use builtin task scheduling of ansible (same task on each host)
instead of manual looping on master
Benefits:
- One less play in remove-node.yml playbook
- Parralel node drain
- Drain parameters (timeout, grace period, retries,
allow_ungraceful_removal) can be adjusted separately for each node
with ansible variables
* Ensure entries for 1.23 are added for supported_versions vars
* cri-o: add support for kubernetes 1.23 but still use cri-o 1.22
* kubescheduler-config: diferentiate config versions based on kube_version
Zhong Jianxin
Cristian Calin
Sébastien Masset
Kenichi Omichi
Mathieu Parent
rtsp
Cristian Calin
Takuya Murakami
Boris Barnier
Mathieu Parent
Max Gautier
Romain ALBON
Florian Ruynat
Choi Yongbeom
Samuel Liu
jbpratt
emiran-orange
zemkogabor
zhengtianbao
Nicolas MASSE
kakkotetsu
Antoine Gatineau