Commit Graph

4249 Commits (7e7218f5ce8881683548437b6b743d9a6e2f2139)

Author SHA1 Message Date
Takuya Murakami 39acb2b84d
Update ansible-lint to 5.4.0 (#8607) (#8608)
* Update ansible-lint to 5.4.0 (#8607)

It seems that the Rich version 11.0.0 has a breaking change.
So need to update ansible-lint to 5.3.2 or later.

* Fix for ansible-lint no-changed-when rule (#8607)
2022-03-07 05:35:55 -08:00
Branko Mijuskovic 3ccba08983
Fix crio_packages for Rocky8 (#8594) 2022-03-07 05:29:05 -08:00
Mohamed Zaian 632aa764e6
etcd: add etcd v3.5.1 for kubernetes 1.22+ (#8588)
* There is an issue with etcd v3.5.0 where it resurrects ancient members see: https://github.com/etcd-io/etcd/issues/13196
This issue is clearly fixed in etcd v3.5.2

* Just keep the checksums
2022-03-07 05:28:54 -08:00
Cristian Calin f6342b6cf4
[crun] upgrade to 1.4.3 (#8598) 2022-03-04 08:22:52 -08:00
Cristian Calin 471585dcd5
[containerd]: upgrade versions to fix CVE-2022-23648 (#8597)
* [containerd] add hashes for 1.6.1

* [contained] make 1.6.1 the default

* [containerd] add hashes for 1.5.10

* [containerd] add hashes for 1.4.13

* [nerdct] bump to 0.17.1
2022-03-03 14:51:16 -08:00
Maciej Wereski 51821a811f
MetalLB: update to v0.12.1 (#8593)
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
2022-03-03 08:49:48 -08:00
Cristian Calin bf7a506f79
[containerd] Upgrade containerd to 1.6.0 and re-enable arm64 architecture with default options (#8555)
* [containerd] add checksums for 1.6.0

* [containerd] promote 1.6.0 as the new default

* [runc] promote 1.1.0 as the new default to allow arm deployments out of the box

* [nerdctl] bump to 0.17.0 to align with containerd 1.6.0

* [reset] allow crictl stopp and rmp commands to fail
2022-03-02 15:27:13 -08:00
Tom Janson 2e925f82ef
Revert "Fix: typos in docs and comments (#7805)" (#8592)
This reverts commit 417180246c.
2022-03-02 11:57:13 -08:00
Tom Janson ddef7e1139
missing "check_mode: no"s for several read-only tasks (#8584)
this is not complete -- there are almost certainly more instances of
this issue
2022-03-02 09:29:14 -08:00
cyril-corbon 672e47a7eb
feat: check & uninstall container engine (#8439)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-02-28 10:59:46 -08:00
Mac Chaffee b554246502
Fix host DNS config 1) being edited too soon and 2) not working with NM (#8575)
Signed-off-by: Mac Chaffee <me@macchaffee.com>
2022-02-26 10:29:23 -08:00
Nicolas Goudry ee079f4740
fix(coredns): make sure to keep coredns repository namespace (#8572)
fix: regex

fix: wrong regex_replace usage
2022-02-24 01:01:33 -08:00
Florian Ruynat 4f1499bd23
Fixup remaining etcd_kubeadm_enabled variables (#8576) 2022-02-23 06:46:18 -08:00
Alex 36393d77d3
Encrypting Secret Data at Rest (#8574)
* change default value for Encrypting Secret Data at Rest to secretbox, remove experimental flag and add documentation

* fix MD012/no-multiple-blanks
2022-02-23 03:04:18 -08:00
Ilya Margolin e053ee4272
Check all places with `check_mode: no` for side effects (#8573)
and fix the one with side effect.

Also removes `notify` from this task as the task has `changed_when: false`
and notify is not going to fire.
2022-02-23 01:20:18 -08:00
jayonlau 1d46c07307
Cleanup crictl configuration file (#8569) 2022-02-23 00:58:19 -08:00
Ilya Margolin f9b5e448c1
Prevent removing etcd member when running in check mode (#8570) 2022-02-22 23:34:18 -08:00
kakkotetsu 3effb008c9
improve validation conditions for MetalLB BGP Peers (#8568) 2022-02-22 23:12:18 -08:00
cyril-corbon a088f492f4
chore: remove addon-resizer (#8566)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-02-22 09:51:16 -08:00
Necatican Yıldırım e9c8913248
Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable (#8317)
* Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Add etcd kubeadm deployment documentation

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Refactor warning for the deprecated 'etcd_kubeadm_enabled' variable

Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-02-22 08:53:16 -08:00
Florian Ruynat b9a27c91da Update kubernetes dashboard to 2.5.0 2022-02-21 03:54:11 -08:00
Florian Ruynat d4f654275b Set default kubernetes version to 1.23.4 2022-02-21 03:54:11 -08:00
Florian Ruynat f6eb4c749d Add kubernetes hashes for 1.23.4/1.22.7/1.21.10 2022-02-21 03:54:11 -08:00
cyril-corbon 418fc00718
fix: kube-dns service deletion (#8565)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-02-21 02:48:11 -08:00
Florian Ruynat 2537177929
Fix amazon docker version (#8564) 2022-02-18 23:50:11 -08:00
Sander Klein 9af719bf99
This fixes the etcd node removal. (#8526)
Since we are already on an etcd node while executing the commands, there 
is no need to find out an etcd IP because it is on localhost.
2022-02-18 07:20:23 -08:00
Cristian Calin 063fc525b1
nerdctl: upgrade to 0.16.1 (#8539) 2022-02-16 02:04:37 -08:00
Mac Chaffee 0f73d87509
Allow pausing after upgrade but before uncordon (#8530)
* Allow pausing after upgrade but before uncordon

* Expand docs for upgrade pausing vars

Signed-off-by: Mac Chaffee <me@macchaffee.com>
2022-02-15 16:39:02 -08:00
Cristian Calin 402e85ad6e
[calico] upgrade release checksums (#8544)
* [calico] upgrade 3.19.x to 3.19.4

* [calico] upgrade 3.20.x to 3.20.4

* [calico] upgrade 3.21.x to 3.21.4 and make it the default

* [calico] add 3.22.0 checksums

* [calico] account for path changes in calico 3.21.4 crd archive and above
2022-02-15 16:35:02 -08:00
Tony Fouchard 1d635e04e4
Allow to specify a source address for metallb peerings, and target only some nodes using node selectors (#8534) 2022-02-15 13:57:19 -08:00
kakkotetsu 98d5d0cdd5
add support for Dual Stack node InternalIP (#8542) 2022-02-15 00:28:02 -08:00
kakkotetsu 1ebe456f2d
add support for Calico IP6_AUTODETECTION_METHOD (#8541) 2022-02-14 17:26:14 -08:00
Cristian Calin c6e5314fab
implement download mirrors support (#8474)
* [download] add mechanism to support mirrors

* [calico] support alternate download url
2022-02-14 13:19:32 -08:00
Tom Stian Berget 84b93090a8
Change Cilium setting identity_allocation_mode to cilium_identity_allocation_mode (#8519)
* Change Cilium identity_allocation_mode to cilium_identity_allocation_mode

* Change inventory sample
2022-02-08 14:04:35 -08:00
Byeonggon Lee 5695c892d0
Fix wrong port name in metallb.yml.j2 (#8510) 2022-02-07 09:43:45 -08:00
Krystian Młynek 87928baa31
CRI-O: fix unqualified-search registries (#8496) 2022-02-04 23:46:50 -08:00
mgiessing 6a4fd33a03
Added ppc64le support (#8505)
* Added ppc64le support

* Fixed linting errors
2022-02-04 00:14:00 -08:00
cyril-corbon 790448f48b
feat: update cert-manager to 1.7.0 (#8491)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-02-03 17:24:00 -08:00
Ilya Margolin aed187e56c
Fix kubelet_kubelet_cgroups_cgroupfs (#8500)
If kubelet is run with systemd (as it always is when using kubespray),
it starts in systemd's /system.slice/kubelet.service cgroup.

This commit prevents a creation and usage of a second unrelated cgroup.
2022-02-02 00:50:22 -08:00
Cristian Calin 5ecb07b59a
[nerdctl] upgrade to 0.16.0 (#8484)
* [nerdctl] upgrade nerdctl to 0.16.0

* [nerdctl] add configuration file
2022-02-01 15:11:48 -08:00
Cristian Calin ff621fb7f1
[ingress-nginx] upgrade to 1.1.1 (#8490) 2022-02-01 09:50:11 -08:00
Michael Schmitz eacd55fbca
Use sysctl_file_path variable for all sysctl_file locations (#8395)
* Use sysctl_file_path variable for all sysctl_file locations

* Add sysctl_file_path variable to kubespay-defaults

* Remove previously used sysctl file locations if present

* Use explicit filename in roles/kubernetes/node/defaults/main.yml

* Defaults: use explicit value
2022-02-01 08:12:10 -08:00
Cristian Calin c47634290e
[helm] upgrade to 3.8.0 (#8489) 2022-02-01 06:34:12 -08:00
Tristan 92d612c3e0
8487: Allow override of default CoreDNS zone cache (#8488)
Using the coredns_cluster_zone_cache_block variable
2022-02-01 00:48:18 -08:00
Ilya Margolin 2bbe5732b7
Add node label to etcd metrics (#8475)
targetRef on endpoints surfaces as
__meta_kubernetes_endpoint_address_target_kind/__meta_kubernetes_endpoint_address_target_name
in prometheus and gets converted to the label `node` by
prometheus-operator
2022-01-31 06:08:23 -08:00
Samuel Liu e6e7fbc25f
fix reset containerd_storage_dir undefined (#8478)
* fix reset containerd_storage_dir

* add env to kubespray-defaults
2022-01-31 05:46:23 -08:00
Ilya Margolin 7d4d554436
Document host_resolvconf as default value for resolvconf_mode (#8493)
refs #8247
2022-01-31 03:12:24 -08:00
cyril-corbon d31db847b7
feat: update local path to v0.0.21 (#8492) 2022-01-31 01:08:24 -08:00
Calin Cristian Andrei ababcd5481 [kube] make 1.23.3 the new default 2022-01-31 00:22:24 -08:00
Calin Cristian Andrei 7caffde0b6 [kube] add 1.23.3 hashes 2022-01-31 00:22:24 -08:00
华忠啊 52f221f976
Adaptive Kube-ovn (#8454) 2022-01-27 01:08:10 -08:00
Cristian Calin 26a5948d2a
[reset] remove containerd storage during reset (#8469) 2022-01-26 05:10:01 -08:00
Florian Ruynat d580014c66
Fix CI for Fedora (followup) + OpenSUSE Leap (update to 15.3) (#8407)
* Fix fedora jobs - followup

* Update OpenSUSE Leap to 15.3

* Fix cilium version in README + update minor 1.11.1
2022-01-24 23:24:30 -08:00
Calin Cristian Andrei be9a1f80c1 [kube] make 1.23.2 the default version 2022-01-24 11:59:33 -08:00
Calin Cristian Andrei 73ff3b0d3b [kubernetes] add hashes for 1.23.2, 1.22.6 and 1.21.9 2022-01-24 11:59:33 -08:00
cyril-corbon 9fce9ca42a
feat: upgrade azuredisk csi to v1.10.0 (#8432)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-24 00:41:56 -08:00
Cristian Calin f1adb734e3
[cri-tools] add hashes for 1.23.0 (#8442) 2022-01-24 00:21:56 -08:00
cyril-corbon 575e0ca457
feat: add eviction hard to kubelet config (#8421)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-24 00:13:57 -08:00
Alex 69f088bb82
add hash-values for runc v1.1.0 - first upstream runc version for multi-arch (#8447) 2022-01-23 23:51:57 -08:00
Cristian Calin ef34f5fe7d
[calico] switch default iptables backend detection to Auto (#8429) 2022-01-23 23:47:57 -08:00
Victor Morales e88aa7c96b
Add youki runtime support (#8411) 2022-01-21 14:01:07 -08:00
Johann Schley 38d129a0b6
add external hcloud cloud controller manager (#8440) 2022-01-20 12:31:09 -08:00
onock 392815d97c
[cert-manager] Fix missing RBAC rules for ClusterRole cert-manager-cainjector kubernetes-sigs#8104. (#8444) 2022-01-20 12:17:09 -08:00
rtsp e791089466
cert-manager: Fix incorrect leader election namespace lead to insufficient permission (#8433) 2022-01-17 02:37:29 -08:00
Cristian Calin 418f12f62a
[calico] drop 3.18.x and make 3.21.x the new default (#8426) 2022-01-17 02:29:29 -08:00
Necatican Yıldırım caff539ccd
Add identity_allocation_mode support for Cilium (#8430)
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>

Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2022-01-16 09:29:28 -08:00
Samuel Liu 1a69f8c3ad
parameterized snaphot controller namespaces (#8305)
* Parameterized snaphot controller namespaces

* add ns yml

* add docs

* namespace
2022-01-14 12:58:26 -08:00
rtsp ccd3180a69
cert-manager: Allow to change leader election namespace for GKE Autopilot support (#8424)
More information:

- kubernetes-sigs/kubespray#8393
- jetstack/cert-manager#4102
- jetstack/cert-manager#3717
2022-01-14 12:54:26 -08:00
cyril-corbon 01dcbc18ac
feat: upgrade metallb to v0.11.0 (#8420)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-14 05:22:28 -08:00
Florian Ruynat 7c67ec4976
Fix kubectl call before installing it (#8412) 2022-01-12 23:12:29 -08:00
Cristian Calin 1337c9c244
[csi-snapshotter] upgrade to 5.0 (#8403) 2022-01-11 09:14:33 -08:00
cyril-corbon 86953b2ac4
fix: add tolerations / affinity to cert-manager (#8389)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-11 09:14:26 -08:00
Mathieu Parent cfd9873bbc
Allow to choose container manager commands (#8380)
This allow to workaround #8375 by using image_command_tool=crictl
when containerd_registries is used for containerd.

Also changes image_info_command_on_localhost for docker to return digests.
2022-01-11 01:13:16 -08:00
Samuel Liu b2b95cc8f9
fix 0090-etchosts (#7634) 2022-01-11 01:03:16 -08:00
Kenichi Omichi 73c889eb10
Fix failures of ansible-lint (#8401)
This fixes the following types of failures:
- empty-string-compare
- literal-compare
- risky-file-permissions
- risky-shell-pipe
- var-spacing

In addition, this changes .gitlab-ci/lint.yml to block the same issue
by using the same method at Kubespray CI.
2022-01-11 00:45:16 -08:00
Victor Morales 642725efe7
Bump containerd version to 1.5.9 (#8402) 2022-01-11 00:05:16 -08:00
Cristian Calin 29aafff2ce
etcd: add 3.5.1 for kubernetes 1.23+ (#8320) 2022-01-10 22:45:15 -08:00
forselli-stratio df425ac143
Fix etcd certificates reference to support etcd_kubeadm_enabled:true (#7766)
* Fix etcd certificates reference to support etcd_kubeadm_enabled:true

* Add retries to ETCD Join Member task

* Fix etcd certificates reference when etcd_kubeadm_enabled:true

* Fix conflicts
2022-01-10 15:24:25 -08:00
Unai Arríen 57a1d18db3
Improve first_kube_control_plane variable management to avoid installation failures due to variable overlapping (#8388) 2022-01-10 01:35:19 -08:00
rtsp aa4a3d7afd
Fix container engine still installed on dedicated etcd node even if `etcd_deployment_type: host` (#8386) 2022-01-10 01:35:12 -08:00
Alex 06ad5525b8
replace runc 1.0.3 arm64 hash with 0 (#8391) 2022-01-10 01:31:13 -08:00
Kenichi Omichi f80fd24a55
Fix risky-file-permissions (#8370)
When running ansible-lint directly, we can see a lot of warning
message like

  risky-file-permissions File permissions unset or incorrect

This fixes the warning messages.
2022-01-09 01:51:12 -08:00
Kenichi Omichi 51bd9bee0d
Move containerd_version to defaults/main.yml (#8379)
All container image versions were defined in download/defaults/main.yml
except containerd.
The inconsistency caused the offline script(generate_list.sh) could not
output the URL of containerd image.
This moves the definition into a valid file.
In addition, this adds host_os to generate_list.sh for downloading
krew from a valid URL.
2022-01-09 01:47:12 -08:00
Victor Morales 52266406f8
Bump cert-manager version to v1.6.1 (#8377) 2022-01-07 16:45:34 -08:00
cyril-corbon cd601c77c7
feat: upgrade metrics server to v0.5.2 (#8338)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-07 08:18:33 -08:00
Florian Ruynat 6abae713f7
Update helm / kube-router and coredns (#8382)
* Update kube-router to 1.4.0

* Update Helm to 3.7.2

* Up coredns to 1.8.6 when k8s is 1.23.x
2022-01-06 12:14:27 -08:00
Alex 1312f92a8d
adding 0 checksum for kata_containers_version on arm(64) (#8383) 2022-01-06 12:08:27 -08:00
Unai Arríen 92abf26d29
Ensure taint configuration for secondary control-plane nodes (#8363) 2022-01-05 23:56:28 -08:00
Bart Sloeserwij 59f62473c9
Update configuration of registries in cri-o (#7852)
* Update configuration of registries in cri-o

* Update docs to match new registry configuration
2022-01-05 07:36:40 -08:00
Choi Yongbeom dda557ed23
Update config.toml.j2 (#8340)
* Update config.toml.j2

i think this commit code is not completed works

exam registry address : a.com:5000

insecure registry must be http://a.com:5000

but this code add insecure a.com:5000 (without http://)

If there is no http, containerd accesses with https even if insecure_skip_verify = true

solution is code edit

* Update config.toml.j2

* Update containerd.yml

* Update containerd.yml

* Update containerd.yml

* Update config.toml.j2
2022-01-05 02:56:33 -08:00
Max Gautier cb54eb40ce
Use a variable for standardizing kubectl invocation (#8329)
* Add kubectl variable

* Replace kubectl usage by kubectl variable in roles

* Remove redundant --kubeconfig on kubectl usage

* Replace unecessary shell usage with command
2022-01-05 02:26:32 -08:00
Cristian Calin 3eab1129b9
CI: Replace CentOS 8 with AlmaLinux 8 before CentOS 8 EOL end of 2021 (#8297) 2022-01-05 02:20:33 -08:00
Choi Yongbeom 24f1402a14
nerdctl insecure registry config (#8339)
* Update prep_download.yml

nerdctl insecure registry config

* Update prep_download.yml

* Update prep_download.yml

apply conversations advice

* Update prep_download.yml

* Update prep_download.yml

* Update prep_download.yml

* Update prep_download.yml

* Update prep_download.yml

* Update prep_download.yml

* Update main.yml

* Update main.yml

* Update prep_download.yml

* Update prep_download.yml
2022-01-05 01:14:33 -08:00
Necatican Yıldırım bf00550388
Upgrade Cilium to 1.11.0 (#8354)
* Remove kvstore args from Cilium DaemonSet

Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Bump Cilium to 1.11.0

Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>

Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2022-01-05 00:36:32 -08:00
Florian Ruynat 6136fa7c49 Update Kubernetes version to 1.23.1 2022-01-04 10:25:00 -08:00
Florian Ruynat 8d2b4ed4a9 Move min k8s version to 1.21 2022-01-04 10:25:00 -08:00
Cristian Calin 4c4c83f0a1
crun update to 1.4 (#8330)
* [crun] update crun to 1.4

* [crun] drop pre-1.x versions
2022-01-04 08:30:53 -08:00
Unai Arríen 0e98814732
Configure PriorityClassName for MetalLB deployment (#8362) 2022-01-04 08:20:52 -08:00
Max Gautier 92f25bf267
Simplify usage of pre-remove role (#8334)
- Use builtin task scheduling of ansible (same task on each host)
  instead of manual looping on master

Benefits:
- One less play in remove-node.yml playbook
- Parralel node drain
- Drain parameters (timeout, grace period, retries,
  allow_ungraceful_removal) can be adjusted separately for each node
  with ansible variables
2022-01-04 07:10:53 -08:00
Romain ALBON 63a53c79d0
Fix - Search root filesystem device (#8366) 2022-01-04 06:48:52 -08:00