kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,174 Commits
29 Branches
81 Tags
158 MiB
Commit Graph

137 Commits (7421b6e18011cf951b85e7d69aabf2c715127beb)

Author SHA1 Message Date
Michael Schmitz be2bfd867c
Add Support for Rewrite Plugin to CoreDNS/NodelocalDNS (#9245) 2022-09-03 16:16:35 -07:00
Kay Yan b46ddf35fc
kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod (#9223) 
* fix-kube-vip-strict-arp

* fix-kube-vip-strict-arp
 2022-08-30 00:21:02 -07:00
Mohamed Zaian ab938602a9
[kubernetes] Add hashes for 1.24.4, 1.22.13, 1.23.10 and make v1.24.4 default (#9191) 2022-08-21 23:11:44 -07:00
Ho Kim e31890806c
Add 'avoid-buggy-ips' support of MetalLB (#9166) 2022-08-18 21:49:51 -07:00
Marco Fortina b4318e9967
Update to latest local path provisioner version (#9132) 2022-08-01 14:56:28 -07:00
Mohamed Zaian 9f11946f8a
[argocd] update argocd to v2.4.7 (#9105) 2022-07-27 09:32:29 -07:00
Denis Khachyan 8306adb102
update cilium to v1.11.7 (#9119) 2022-07-26 10:33:11 -07:00
Cyclinder 2e1863af78
feat: change default blockSize for calico (#9055) 
Signed-off-by: cyclinder qifeng.guo@daocloud.io
 2022-07-19 13:05:27 -07:00
Mohamed Zaian 91073d7379
[kubernetes] make v1.24.3 default (#9101) 2022-07-19 02:58:06 -07:00
Emin AKTAS 5071529a74
feat: upgrade cilium and add default variables (#9065) 
Signed-off-by: eminaktas <eminaktas34@gmail.com>
Signed-off-by: Emin Aktas <emin.aktas@trendyol.com>
 2022-07-07 10:35:34 -07:00
Mohamed Zaian 51195212b4
[argocd] update argocd to v2.4.3 (#9050) 2022-07-05 08:22:47 -07:00
Samuel Liu e8ccbebd6f
add ingress nginx webhook (#9033) 
* add ingress nginx webhook

* fix ingress nginx template
 2022-06-28 11:55:35 -07:00
Mohamed Zaian e4fe679916 [kubernetes] make v1.24.2 default 2022-06-17 11:08:33 -07:00
Alessio Greggi 97b4d79ed5
feat: make kubernetes owner parametrized (#8952) 
* feat: make kubernetes owner parametrized

* docs: update hardening guide with configuration for CIS 1.1.19

* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
 2022-06-17 01:34:32 -07:00
Calin Cristian Andrei 24c8ba832a [kubernetes] drop support for configuring insecure apiserver 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei ae1dcb031f [kubernetes] drop pre 1.22.0 workarounds 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei d69d4a8303 [kubernetes] make 1.24.1 the new default 2022-06-15 00:57:20 -07:00
orange-llajeanne 2fba94c5e5
fix a typo in the "matallb_auto_assign" variable name (#8949) 
* fix a typo in the "matallb_auto_assign" variable name

* add metallb check to fail when deprecated "matallb_auto_assign" variable is defined
 2022-06-13 09:40:12 -07:00
Mohamed Zaian bb530da5c2 [registry] Switch registry to use registry.k8s.io 
Please see the conversation here: https://groups.google.com/a/kubernetes.io/g/dev/c/DYZYNQ_A6_c
 2022-06-08 14:12:22 +02:00
Thearas 01ca7293f5
support reserve ephemeral-storage (#8895) 2022-06-06 07:34:26 -07:00
rtsp e3cbbfb9ed
[kubernetes] make 1.23.7 the new default (#8888) 2022-05-29 17:08:51 -07:00
Ross Kusler 4c97ce747c
Adding support for the kube-router flag --cluster-asn flag (#8837) 2022-05-23 16:39:10 -07:00
Tamas Pasztor 9d3a894991
Possible remove ippools from cni config (#8845) 
* Possible remove ippools from cni config

* Typo

* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>

* Update cni-calico.conflist.j2

Incorrectly deleted calico forwarding content.

* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
 2022-05-19 23:45:13 -07:00
Cyclinder 3eb0a4071a
set default value of name to "k8s-pod-network" (#8813) 
Signed-off-by: cyclinder qifeng.guo@daocloud.io
 2022-05-12 08:29:14 -07:00
Samuel Liu f26f544ff6
[kube-ovn]: update kube-ovn version and sync some feature (#8790) 
* [kube-ovn]: some feature

kube-ovn vlan mode
ipv6/ipv4 dual stack
...

* remove unused env

* fix readinessprobe
 2022-05-11 21:35:15 -07:00
Necatican Yıldırım 13443b05a6
Overhaul Cilium manifests to match the newer versions (#8717) 
* [cilium] Separate templates for cilium, cilium-operator, and hubble installations

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Update cilium-operator templates

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Update cilium-agent templates

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Bump Cilium version to 1.11.3

Signed-off-by: necatican <necaticanyildirim@gmail.com>
 2022-05-11 06:23:04 -07:00
spaced bb67b654c5
local volume provisioner should not run on control plane nodes by default (#8805) 2022-05-10 19:04:24 +03:00
Calin Cristian Andrei fcb4c8fb61 [kubernetes] make 1.23.6 the new default 2022-04-29 07:57:13 -07:00
Robin Wallace d7254eead6
UpCloud integration (#8653) 
* [upcloud] add upcloud csi-driver

* Option to use ansible_host as api ip for kubueconfig
 2022-04-11 15:13:23 -07:00
Samuel Liu 424ef3b3f9
[calico] add calico apiserver (#8690) 
* [calico] add calico apiserver

* fix yamllint

* remove addext argument

* Configure API server with the CA bundle

* add check kdd
 2022-04-08 00:02:42 -07:00
Cristian Calin dd2d95ecdf
[calico] don't enable ipip encapsulation by default and use vxlan in CI (#8434) 
* [calico] make vxlan encapsulation the default

* don't enable ipip encapsulation by default
* set calico_network_backend by default to vxlan
* update sample inventory and documentation

* [CI] pin default calico parameters for upgrade tests to ensure proper upgrade

* [CI] improve netchecker connectivity testing

* [CI] show logs for tests

* [calico] tweak task name

* [CI] Don't run the provisioner from vagrant since we run it in testcases_run.sh

* [CI] move kube-router tests to vagrant to avoid network connectivity issues during netchecker check

* service proxy mode still fails connectivity tests so keeping it manual mode

* [kube-router] account for containerd use-case
 2022-03-17 18:05:39 -07:00
Calin Cristian Andrei 538f9df5cc [kubernetes] make 1.23.5 the default 2022-03-17 05:03:20 -07:00
Maciej Wereski 51821a811f
MetalLB: update to v0.12.1 (#8593) 
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
 2022-03-03 08:49:48 -08:00
Tom Janson 2e925f82ef
Revert "Fix: typos in docs and comments (#7805)" (#8592) 
This reverts commit 417180246c.
 2022-03-02 11:57:13 -08:00
Alex 36393d77d3
Encrypting Secret Data at Rest (#8574) 
* change default value for Encrypting Secret Data at Rest to secretbox, remove experimental flag and add documentation

* fix MD012/no-multiple-blanks
 2022-02-23 03:04:18 -08:00
Florian Ruynat d4f654275b Set default kubernetes version to 1.23.4 2022-02-21 03:54:11 -08:00
kakkotetsu 1ebe456f2d
add support for Calico IP6_AUTODETECTION_METHOD (#8541) 2022-02-14 17:26:14 -08:00
Tom Stian Berget 84b93090a8
Change Cilium setting identity_allocation_mode to cilium_identity_allocation_mode (#8519) 
* Change Cilium identity_allocation_mode to cilium_identity_allocation_mode

* Change inventory sample
 2022-02-08 14:04:35 -08:00
cyril-corbon d31db847b7
feat: update local path to v0.0.21 (#8492) 2022-01-31 01:08:24 -08:00
Calin Cristian Andrei ababcd5481 [kube] make 1.23.3 the new default 2022-01-31 00:22:24 -08:00
Calin Cristian Andrei be9a1f80c1 [kube] make 1.23.2 the default version 2022-01-24 11:59:33 -08:00
cyril-corbon 575e0ca457
feat: add eviction hard to kubelet config (#8421) 
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
 2022-01-24 00:13:57 -08:00
Cristian Calin ef34f5fe7d
[calico] switch default iptables backend detection to Auto (#8429) 2022-01-23 23:47:57 -08:00
Necatican Yıldırım caff539ccd
Add identity_allocation_mode support for Cilium (#8430) 
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>

Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
 2022-01-16 09:29:28 -08:00
Samuel Liu 1a69f8c3ad
parameterized snaphot controller namespaces (#8305) 
* Parameterized snaphot controller namespaces

* add ns yml

* add docs

* namespace
 2022-01-14 12:58:26 -08:00
rtsp ccd3180a69
cert-manager: Allow to change leader election namespace for GKE Autopilot support (#8424) 
More information:

- kubernetes-sigs/kubespray#8393
- jetstack/cert-manager#4102
- jetstack/cert-manager#3717
 2022-01-14 12:54:26 -08:00
cyril-corbon 01dcbc18ac
feat: upgrade metallb to v0.11.0 (#8420) 
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
 2022-01-14 05:22:28 -08:00
cyril-corbon 86953b2ac4
fix: add tolerations / affinity to cert-manager (#8389) 
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
 2022-01-11 09:14:26 -08:00
cyril-corbon cd601c77c7
feat: upgrade metrics server to v0.5.2 (#8338) 
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
 2022-01-07 08:18:33 -08:00
Necatican Yıldırım bf00550388
Upgrade Cilium to 1.11.0 (#8354) 
* Remove kvstore args from Cilium DaemonSet

Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Bump Cilium to 1.11.0

Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>

Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
 2022-01-05 00:36:32 -08:00
Florian Ruynat 6136fa7c49 Update Kubernetes version to 1.23.1 2022-01-04 10:25:00 -08:00
Calin Cristian Andrei 1a7b4435f3 Bump default version of kubernetes to 1.22.5 2021-12-20 08:56:56 -08:00
Cristian Calin 682c8a59c2
containerd: change default resolvconf_mode to host_resolvconf (#8247) 
* containerd: change default resolvconf_mode to host_resolvconf

* Wait for kube-apiserver to come back after pod refresh

* Handle resolv.conf gracefully

* Retain currently configured DNS entries to ensure we don't break the resolvers

* Suse uses wickedd for network management so no dhcp hooks

* Molecule: increase ansible timeout

* CI: Increase ansible timeout to 120s for Packet jobs
 2021-12-09 14:09:06 -08:00
zhengtianbao 785324827c
Set ingress-nginx default terminationGracePeriodSeconds to 5 min (#8252) 
* set ingress-nginx default terminationGracePeriodSeconds to 5 min for the drain of connection

* Add ingress_nginx_termination_grace_period_seconds at sample inventory
 2021-12-02 03:23:33 -08:00
Florian Ruynat 2fd529a993 Update Kubernetes version to v1.22.4 2021-11-29 23:06:56 -08:00
Cristian Calin e78bda65fe
Defaults: replace docker with containerd as our default container_manager (#8175) 
* Defaults: replace docker with containerd as our default container_manager

* CI: Use docker for download_localhost test

* Defaults: with container_manager=containerd we need etcd_deployment_type=host

* CI: Run weave jobs with docker

* CI: Vagrant don't download_force_cache

* CI: Fix upgrade tests

* should run compatible with old settings, this means docker
* we need to run with a distro that has at least modern containerd,
  this means move from debian9 to debian10 to allow `containerd_version`
  to match between 2.17 and master
 2021-11-25 06:54:33 -08:00
IKRozhkov 2c87170ccf
Allow setting 'auto-assign' property to 'false' for default IP pool (Metallb addon) (#8193) 
* add metallb auto-assign property for main IP range & update addons.yml for sample inventory

* add new line at the end of file roles\kubernetes-apps\metallb\defaults\main.yml

* set default value for matallb_auto_assign = true
 2021-11-16 05:06:27 -08:00
Cristian Calin 039205560a
nodelocaldns: allow a secondary pod for nodelocaldns for local-HA (#8100) 
* nodelocaldns: allow a secondary pod for nodelocaldns for local-HA

* CI: add job to test nodelocaldns secondary
 2021-11-09 09:57:47 -08:00
Álvaro Torres Cogollo 8922c45556
Added ArgoCD kubernetes-app (#7895) 
* Added ArgoCD kubernetes-app

* Update argocd_version to latest
 2021-11-07 02:22:51 -08:00
Antoine Gatineau b7eb1cf936
cert-manager: add trusted internal ca when configured (#8135) 
* cert-manager: add trusted internal ca when configured

* wrong check for inventory variable

* Update documentation
 2021-11-05 09:43:52 -07:00
Florian Ruynat b353e062c7 Update default k8s version to 1.22.3 2021-10-29 10:43:44 -07:00
brainfair 465ffa3c9f
Weave: add extra_args for weave-npc (#8140) 
* add weave_npc_extra_args in template

* add defaults weave_npc_extra_args

* add sample for weave_npc_extra_args
 2021-10-28 08:58:27 -07:00
Florian Ruynat 331647f4ab
Remove deprecated Ambassador ingress code (#8086) 2021-10-26 15:19:09 -07:00
Maciej Wereski ce25e4aa21
MetalLB: update to v0.10.3 (#8071) 
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
 2021-10-11 08:54:40 -07:00
Kenichi Omichi 8d3961edbe
Add metrics_server_resizer option (#8018) 
The addon-resizer container can reduce resource limits of cpu and
memory of metrics-server container in the pod, and that caused
OOMKilled.
In addition, the original metrics-server manifest doesn't contain
the addon-resizer container as [1].
So this adds metrics_server_resizer option to control the addon-resizer
container deployment and the default value is false to make it stable
for most environments.

[1]: 527679e5e8/manifests/base/deployment.yaml
 2021-09-28 00:02:42 -07:00
Cristian Calin 33146b9481
CI: Add Calico eBPF in HA mode test (#7710) 
* Sample-Inventory: add sample for calico_bpf_enabled

* Calico-Doc: note about CONFIG_NET_SCHED for eBPF support

* CI: Add Calico eBPF in HA mode test
 2021-09-24 09:57:23 -07:00
Florian Ruynat 8efde799e1 Update kubernetes version to 1.22.2 2021-09-22 09:50:01 -07:00
Cristian Calin a517a8db01
Drop chech for kubelet_shutdown_grace_period (#7993) 
and kubelet_shutdown_grace_period_critical_pods as ansible cannot do
sane time interval calculations
 2021-09-21 18:34:00 -07:00
Cristian Calin ae44aff330
Calico: increase calico node probe timeouts and allow tunning (#7981) 2021-09-17 16:08:07 -07:00
Florian Ruynat 09af3ab074 Set Kubernetes default version to 1.21.5 2021-09-17 00:39:02 -07:00
Cristian Calin d57ddf0be8
Feature DynamicKubeletConfig is deprecated in 1.22 and will not move to GA (#7938) 
* Feature DynamicKubeletConfig is deprecated in 1.22 and will not move to GA

* Add check for dynamic_kubelet_configuration with kube >= 1.22
 2021-09-07 10:47:16 -07:00
Cristian Calin db470f8529
Update CSI snaphotter and make it independent (#7943) 
* CSI: update CSI snapshot CRDs

* CSI: update snapshot controller tag version with kubernetes specific versions

* CSI: allow enabling csi_snapshot_controller independent of Cinder CSI

* CSI: Align csi-snapshot-controller with upstream and use a Deployment instead of a StatefulSet
 2021-09-06 04:24:29 -07:00
Maciej Wereski 48ceca4919
MetalLB: update to v0.10.2 (#7925) 
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
 2021-09-01 03:00:59 -07:00
Florian Ruynat b5aced20e1 Update Kubernetes version to 1.21.4 2021-08-30 08:17:05 -07:00
Léopold Jacquot c06896a352
Update metrics-server to 0.5.0 (#7864) 2021-08-12 08:19:48 -07:00
Florian Ruynat ed87386d7b Set default k8s version to 1.21.3 2021-07-20 01:29:31 -07:00
Atsushi Nukariya 417180246c
Fix: typos in docs and comments (#7805) 2021-07-16 18:58:50 -07:00
cleveritcz 3ff7bc1f64
Added k8s 1.21.2 (#7789) 2021-07-13 06:26:29 -07:00
Cristian Calin bd6d810d0a
nodelocaldns: allow binding metrics address to host IP (#7748) 2021-06-29 05:28:41 -07:00
Cristian Calin 05d864c913
Calico Docs: clarify the algorithm to calculate calico_veth_mtu (#7749) 
* Claico Docs: clarify the algorithm to calculate calico_veth_mtu

* Update sample calico_veth_mtu
 2021-06-27 23:59:25 -07:00
Cristian Calin a3e34f589a
Enable Graceful Node Shutdown for Kubernetes >= 1.21.0 (#7746) 
* Enable Graceful Node Shutdown for Kubernetes >= 1.21.0

* Add sample graceful shutdown parameters
 2021-06-27 23:53:25 -07:00
Cristian Calin a2cf6816ce
Calico wireguard (#7638) 
* Calico: add Wireguard support

* CI: Add Calico Wireguard scenario
 2021-06-25 03:22:45 -07:00
Florian Ruynat 7208169db3 Update kubernetes version to 1.21.1 2021-05-27 11:18:24 -07:00
Florian Ruynat bdf74c6749 Set default version to 1.20.7 2021-05-14 09:48:06 -07:00
Cristian Calin 14cf3e138b
Support Calico advertisement of MetalLB LoadBalancer IPs (#7593) 
* add initial MetalLB docs

* metallb allow disabling the deployment of the metallb speaker

* calico>=3.18 allow using calico to advertise service loadbalancer IPs

* Document the use of MetalLB and Calico

* clean MetalLB docs
 2021-05-12 05:22:17 -07:00
Samuel Liu 96e6a6ac3f
Add krew support (#7464) 
* Add krew support

* Add reset for krew

* Update install krew(local)

* ansible lint

* yamllint

* fix krew default vars

* fix kubectl_localhost mode

* replace include

* fix e206
 2021-05-03 07:16:03 -07:00
Cristian Calin 360aff4a57
Rename ansible groups to use _ instead of - (#7552) 
* rename ansible groups to use _ instead of -

k8s-cluster -> k8s_cluster
k8s-node -> k8s_node
calico-rr -> calico_rr
no-floating -> no_floating

Note: kube-node,k8s-cluster groups in upgrade CI
      need clean-up after v2.16 is tagged

* ensure old groups are mapped to the new ones
 2021-04-29 05:20:50 -07:00