刘旭
3da6c4fc18
Allow for configuring etcd progress notify interval and default set to 5s ( #11499 )
2024-09-05 06:29:05 +01:00
Max Gautier
e744a117d6
Remove systemd version + ostree check for docker TasksMax ( #11493 )
...
systemd ignores unknown keys (with a warning) so version checking is not
necessary.
There is no rationale for excluding it from ostree systems either.
2024-09-02 13:16:57 +01:00
Jongwoo Han
03372d883a
upgrade nerdctl to v1.7.6 ( #11492 )
...
Signed-off-by: Jongwoo Han <jongwooo.han@gmail.com>
2024-09-01 11:20:44 +01:00
ChengHao Yang
8a961a60c2
Feat: Gateway API CRDs install support ( #11376 )
...
* Feat: add Gateway API CRDs installation
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
* Feat: add Gateway API CRDs variable in inventory
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
---------
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-08-31 08:24:45 +01:00
ERIK
db0138b2f9
fix: incorrect member matching when removing etcd nodes ( #11488 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2024-08-31 08:20:44 +01:00
Kay Yan
27c7dc7008
upgrade helm to v3.15.4 ( #11486 )
2024-08-30 06:39:30 +01:00
Lihai Tu
acc5e579f6
Add conditional checking on ubuntu kernel unattended_upgrades disabling ( #11479 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-08-29 15:47:39 +01:00
Ehsan Golpayegani
924a979955
Calico v3.28.[0-1] checksums and change calico default version ( #11234 )
...
* make calico api server manifest backward compatible with version older than 3.27.3
Add 3.28.1 checksums
Add 3.28.0 checksums
Change default version to 3.27.3
* change default calico version to 3.28.1
* Set mount type to DirectoryOrCreate for hostPath needed by Calico
2024-08-29 12:10:28 +01:00
Kay Yan
6acb44eeaf
update containerd 1.7.21 ( #11478 )
2024-08-29 04:22:29 +01:00
Takuya Murakami
c89ea7e4c7
Fix: remove --config option from kubeadm upgrade ( #11350 ) ( #11352 )
...
We can't mix some options with --config for kubeadm upgrade.
The --config on upgrade is deprecated, and should be removed.
2024-08-29 03:08:29 +01:00
Selçuk Arıbalı
3d9e4951ce
fix static api server advertise address ( #11457 )
2024-08-28 15:20:56 +01:00
Max Gautier
776b40a329
Adjust task name since we allow empty kube_node ( #11474 )
2024-08-28 06:35:02 +01:00
Max Gautier
a3d0ba230d
Remove kubeadm_version and use kube_version instead ( #11473 )
...
We explicitly check for equality so customizing kubeadm_version does not
work at the moment.
Use only one variable instead.
2024-08-28 06:34:56 +01:00
Vlad Korolev
9a7b021eb8
Do not use ‘yes/no’ for boolean values ( #11472 )
...
Consistent boolean values in ansible playbooks
2024-08-28 06:30:56 +01:00
kyrie
961a6a8c9e
fix reset network for tencent OS ( #11459 )
...
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
2024-08-26 15:32:08 +01:00
Max Gautier
5b057c7328
Update list of admission plugins with a config file
2024-08-26 14:53:20 +02:00
Max Gautier
d3402736d4
Remove special case for PodNodeSelector
...
This is already handled by the previous task.
2024-08-26 14:43:00 +02:00
Max Gautier
47c3949477
Change plugins_needs_config list format
...
Makes easier diff when adding or removing plugins.
2024-08-26 14:42:04 +02:00
Lola Delannoy
2f84567a69
Add containerd config options ( #11080 )
...
* chore(containerd): add some config debug options
See: https://github.com/containerd/containerd/blob/v1.7.15/docs/man/containerd-config.toml.5.md
* chore(containerd): add CRI config options
See: https://github.com/containerd/containerd/blob/v1.7.15/docs/man/containerd-config.toml.5.md
See: https://github.com/containerd/containerd/blob/v1.7.15/docs/cri/config.md
2024-08-21 05:13:05 +01:00
Mohamed Omar Zaian
c4338687e1
[ingress-nginx] upgrade to 1.11.2 ( #11463 )
2024-08-19 06:10:27 -07:00
Mohamed Omar Zaian
ad1ce92b41
Update node-feature-discovery to v0.16.4 ( #11250 )
2024-08-19 05:59:30 -07:00
kokyhm
1093c76f9b
bump k8s version ( #11455 )
2024-08-19 00:12:33 -07:00
Ho Kim
0306771c29
fix: cleanup networkmanager dns conf on reset ( #11440 )
2024-08-15 06:43:19 -07:00
Mengxin Liu
390d74706c
[kube-ovn] update version to 1.12.21 ( #11445 )
...
Signed-off-by: Mengxin Liu <liumengxinfly@gmail.com>
2024-08-15 06:39:18 -07:00
Ho Kim
fe4cbbccd1
fix: correct resolvconf typo ( #11439 )
2024-08-14 02:07:55 -07:00
Selçuk Arıbalı
e43e08c7d1
fix: use super-admin.conf for kube-vip on first master when it exists ( #11422 )
...
* fix: use super-admin.conf for kube-vip when it exists
* Mathieu Parent add as co-author
Co-authored-by: Mathieu Parent <math.parent@gmail.com>
* template change for readability
* fix lint error
---------
Co-authored-by: Mathieu Parent <math.parent@gmail.com>
2024-08-10 21:35:58 -07:00
Cyclinder
28712045a5
bump cni version to v1.4.0 ( #10698 )
2024-08-10 05:25:58 -07:00
Not Darko
1968db9a52
fix: skip multus when not defined ( #10934 )
...
fix task failure:
TASK [kubernetes-apps/network_plugin/multus : Multus | Start resources] ************************************************
fatal: [hfal12k8n1 -> {{ groups['kube_control_plane'][0] }}]: FAILED! => {"msg": "Error in jmespath.search in json_query filter plugin:\n'ansible.vars.hostvars.HostVarsVars object' has no attribute 'multus_manifest_2'"}
2024-08-06 03:42:50 -07:00
Slavi Pantaleev
cc03ca62be
Avoid empty "supersede domain-name-servers" directives for dhclient.conf ( #10948 )
...
Fixes https://github.com/kubernetes-sigs/kubespray/issues/10947
This patch aims to be minimal and intentionally:
- does not change the generation logic for `supersede_domain` and `supersede_search`
- does not change how `nameserverentries` (for NetworkManager) is built
It seems like `nameserverentries` in the "Generate nameservers for resolvconf, including cluster DNS"
task is built the same way as `dhclient_supersede_nameserver_entries_list`.
However, `nameserverentries` in the "Generate nameservers for resolvconf, not including cluster DNS"
task (below) is built differently for some reason. It includes `configured_nameservers` as well.
Due to these differences, I have refrained from reusing the same building logic
(`dhclient_supersede_nameserver_entries_list`) for both.
If the `configured_nameservers` addition can be removed or made to apply
to dhclient as well, we could potentially build a single list and then
generate the `nameserverentries` and `supersede_nameserver` strings from it.
2024-08-06 03:38:51 -07:00
Injun Baeg
5f18fe739e
Restart kube-proxy pods only on configmap changes ( #11401 )
2024-08-06 00:50:50 -07:00
kyrie
343d680371
fix kylin OS choose NetworkManager ( #11406 )
...
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
2024-08-05 03:34:59 -07:00
Mohamed Omar Zaian
3d1653f950
[containerd] add hashes for versions '1.6.32-34', 'v1.7.17-20' and make v1.7.20 default ( #11413 )
2024-08-05 02:48:07 -07:00
James
4e99b94dcc
Add generic post upgrade hooks for node ( #11368 )
2024-07-31 21:58:48 -07:00
Sanyam Shah
54ac5a6de4
Update cni-kube-ovn.yml.j2 ( #11357 )
...
Made corrections in Indentation at L658 which causes kubespray execution failed with YAML to Json conversion. #11356
2024-07-31 21:58:39 -07:00
Mohamed Omar Zaian
8d497b49a6
[kubernetes] Add hashes for kubernetes 1.29.7, 1.28.[11-12] ( #11407 )
2024-07-31 03:50:56 -07:00
Kay Yan
86f980393c
Merge pull request #11402 from tu1h/fix_centos_baserepo
...
Check CentOS-Base.repo exists for CentOS 7
2024-07-30 11:08:22 +08:00
Erwan Miran
d469503e84
Make netchecker log levels configurable ( #11334 )
...
* Make netchecker log levels configurable
* use ETCD_LOG_LEVEL
2024-07-28 23:57:56 -07:00
tu1h
351832ba1d
Check CentOS-Base.repo exists for CentOS 7
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-07-29 13:49:14 +08:00
R. P. Taylor
468c5641b2
fix kube_reserved so it only controls kubeReservedCgroup ( #11367 )
2024-07-26 01:39:20 -07:00
Ugur Can Ozturk
2299e49e0e
[containerd/tracing]: fix containerd tracing templating ( #11372 )
...
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
2024-07-26 01:30:38 -07:00
Tom M.
c0fabccaf6
Add missing advertise-address flag to Kubeadm config, so it's passed to api-server ( #11387 )
2024-07-26 01:22:05 -07:00
Kay Yan
2ac5b37aa9
Merge pull request #11391 from tico88612/bump/k8s-1.30.3
...
Make kubernetes v1.30.3 default
2024-07-26 16:15:01 +08:00
Lihai Tu
8208a3f04f
Rename systemd module to systemd_service ( #11396 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-07-26 01:11:39 -07:00
Lihai Tu
2d194af85e
Limit nodes in gather ansible_default_ipv4 ( #11370 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-07-25 19:17:48 -07:00
Tom M.
242edd14ff
Fix etcd certificate to acces address as SAN ( #11388 )
2024-07-25 18:49:23 -07:00
Bas
8f5f75211f
Improving yamllint configuration ( #11389 )
...
Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>
2024-07-25 18:42:20 -07:00
ChengHao Yang
56e26d6061
Bump: CRI-O from v1.30.2 to v1.30.3
...
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-07-21 21:54:41 +08:00
ChengHao Yang
513e18cb90
Bump: Kubernetes from v1.30.2 to v1.30.3
...
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-07-21 21:54:16 +08:00
ChengHao Yang
5f35b66256
Bump: OpenStack Cloud Controller Manager to 1.30.0 ( #11358 )
...
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
2024-07-16 02:22:54 -07:00
ChengHao Yang
bab0398c1e
Bump Cinder CSI Plugin to v1.30.0 ( #11374 )
...
* Chore: bump cinder-csi-plugin from v1.29.0 to v1.30.0
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
* Docs: update README.md cinder-csi-plugin version
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
---------
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
2024-07-13 02:01:08 -07:00
ChengHao Yang
464cc716d7
Feat: Update CentOS 7 EOL package to vault.centos.org ( #11360 )
...
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
2024-07-08 04:36:52 -07:00
ERIK
1ebd860c13
[kubernetes] Add hashes for kubernetes 1.29.6 ( #11351 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2024-07-05 00:18:25 -07:00
Takuya Murakami
a0d03d9fa6
[kubernetes] Support kubernetes 1.30.2 ( #11343 )
2024-07-03 00:06:20 -07:00
Erwan Miran
0bcedd4603
Make local_volume_provisioner log level configurable ( #11336 )
2024-07-02 07:14:06 -07:00
Erwan Miran
413572eced
Make calico-kube-controllers log level configurable ( #11335 )
2024-07-02 07:13:59 -07:00
ChengHao Yang
348335ece5
[cert-manager] upgrade to v1.14.7 ( #11341 )
...
* Feat: upgrade cert-manager crd to 1.14.7
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
* Feat: upgrade cert-manager download version to 1.14.7
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
---------
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
2024-07-02 00:19:58 -07:00
Takuya Murakami
ee3fef1051
[kubernetes] Add hashes for kubernetes 1.30 ( #11109 ) ( #11261 )
...
Add hashes to crictl, crio, kubelet, kubectl and kubeadm
2024-07-02 00:15:59 -07:00
Keita Mochizuki
ff18f65a17
add ingress controller svc nodeport param ( #11310 )
2024-06-30 21:58:05 -07:00
ChengHao Yang
cce585066e
Bump CNI weave 2.8.1 to 2.8.7 (community version) ( #11228 )
...
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
2024-06-26 02:40:27 -07:00
Alexander
619938da95
add the ability to configure extra args to the different cinder-csi-p… ( #11169 )
...
* add the ability to configure extra args to the different cinder-csi-plugin containers
* endfor block added to be syntactically correct jinja
2024-06-26 02:40:20 -07:00
Keita Mochizuki
88b502f29d
add ingress controller admission svc ( #11309 )
2024-06-26 02:30:41 -07:00
Serge Hartmann
db316a566d
dependencies for kubelet.service ( #11297 )
...
Signed-off-by: serge Hartmann <serge.hartmann@gmail.com>
2024-06-26 02:30:34 -07:00
Lihai Tu
817c61695d
Support disable unattended-upgrades for Linux kernel and all packages start with linux- on Ubuntu ( #11296 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-06-26 02:30:27 -07:00
Lihai Tu
0c84175e3b
Bump docker_containerd to 1.6.32 ( #11293 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-06-26 02:30:21 -07:00
Elias-elastisys
cae266a045
Upgrade upcloud csi driver to v1.1.0 and add snapshot features ( #11303 )
2024-06-26 02:26:21 -07:00
Daniil Muidinov
c352773737
fix task Set label to node ( #11307 )
2024-06-25 06:35:40 -07:00
ERIK
27cb22cee4
update docker cli version for ubuntu ( #11291 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2024-06-24 05:20:56 -07:00
peterw
edce2b528d
add cilium_hubble_event_buffer_capacity & cilium_hubble_event_queue_size vars ( #10943 )
2024-06-23 20:14:56 -07:00
Lihai Tu
921b0c0bed
Add options to control images pulling of kubelet ( #11094 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-06-21 07:54:54 -07:00
tico88612
24dc4cef56
Feat: upgrade cert-manager from 1.13.2 to 1.13.6 ( #11279 )
...
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
2024-06-18 00:45:31 -07:00
Ehsan Golpayegani
0c8d29462d
make sure peers is defined. ( #11259 )
...
* make sure peers is defined.
* Update peer_with_router.yml
2024-06-04 10:02:23 -07:00
spnngl
4b82e90dcb
fix(bootstrap-os): do not install pkgs requirements on flatcar ( #11224 )
...
Fix regression added in 663fcd104c
for
flatcar nodes.
See: 663fcd104c
2024-05-30 06:34:25 -07:00
Hedayat Vatankhah (هدایت)
dedc00661a
Add 'system-packages' tag to control installing packages from OS repositories ( #10872 )
2024-05-30 04:25:21 -07:00
Max Gautier
3082fa3d0f
Allow empty kube_node group ( #11248 )
...
While uncommon, provisioning only a control plane is a valid use case,
so don't block it.
2024-05-30 03:01:38 -07:00
Max Gautier
d50f61eae5
pre-commit: apply autofixes hooks and fix the rest manually
...
- markdownlint (manual fix)
- end-of-file-fixer
- requirements-txt-fixer
- trailing-whitespace
2024-05-28 13:26:44 +02:00
Mohamed Omar Zaian
4b9349a052
Update 'KUBESPRAY_VERSION and kube_version_min_required', cleanup old hashes for v2.25.0 ( #11221 )
2024-05-21 06:08:44 -07:00
Jorge Isnardo Altamirano
40cbdceb3c
Merge branch 'kubernetes-sigs:master' into master
2024-05-20 08:32:00 +02:00
tico88612
f85111f6d4
CI: add ubuntu 24.04 support ( #11132 )
...
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
2024-05-18 00:35:20 -07:00
peterw
0b464b5239
crio container runtime crio_registries path fix ( #11030 )
2024-05-17 04:39:24 -07:00
ERIK
dac4705ebe
bump docker version for openeuler linux ( #11206 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2024-05-17 04:24:38 -07:00
Lihai Tu
d5f6838fba
Bump scheduler plugins version ( #11205 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-05-17 02:05:35 -07:00
ERIK
354ffe7bd6
bump docker version of kylin and uos ( #11203 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2024-05-17 01:58:23 -07:00
tico88612
427f868718
Bump docker version 26.1 ( #11198 )
...
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
2024-05-16 06:05:26 -07:00
QCU
d7756d85ef
fix: Change the position of the containerd_extra_args parameter to make the parameter more universal. ( #11013 )
...
that you can only place thing in the root table in a toml document before the first table heading.
2024-05-16 00:41:26 -07:00
Mohamed Omar Zaian
08293f2ef7
[kubernetes] Add hashes for kubernetes 1.29.5, 1.28.10, 1.27.14
2024-05-15 10:44:47 +02:00
Mohamed Omar Zaian
fe1a2d5dd9
[argocd] update argocd to v2.11.0 ( #11193 )
2024-05-14 19:34:31 -07:00
hayden
e410e30694
Change a task name in preinstall/0080-system-configurations.yml ( #11171 )
2024-05-14 00:39:11 -07:00
Mohamed Omar Zaian
6dbb09435c
[ingress-nginx] upgrade to 1.10.1 ( #11184 )
2024-05-13 18:39:10 -07:00
Max Gautier
d8a4aea9bc
Revert "support CoreDNS use host network and config dns port ( #10617 )" ( #11185 )
...
This reverts commit bc5b38a771
.
2024-05-13 14:51:11 -07:00
Kay Yan
7aa415e707
fix-container-selinux-amzn-linux ( #11182 )
2024-05-13 07:39:33 -07:00
Alexander
cd459a04f3
Revert OCCM standard dnsPolicy to ClusterFirst and make dnsPolicy configurable to support 10618 ( #11168 )
2024-05-13 03:25:09 -07:00
Ugur Can Ozturk
a512b861e0
[etcd/tracing]: fix etcd sampling rate flag ( #11175 )
...
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
2024-05-13 03:14:39 -07:00
Max Gautier
d870a3ee4e
Avoid potential loop_var shadowing ( #11162 )
...
With CentOS, kubespray currently produces the following warning:
[WARNING]: TASK: bootstrap-os : Enable Oracle Linux repo: The loop variable
'item' is already in use. You should set the `loop_var` value in the
`loop_control` option for the task to something else to avoid variable
collisions and unexpected behavior.
This could bites us in nasty ways, so fix it.
2024-05-13 03:14:30 -07:00
Franz Nemeth
ce2642f27b
feat: Adding a check which determines if cgroups are enabled on a node ( #11163 ) ( #11165 )
2024-05-09 05:40:03 -07:00
tico88612
5dc12b2a15
Bump openstack-cloud-controller-manager from 1.25.3 to 1.28.2 ( #11174 )
...
Registry change to registry.k8s.io
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
2024-05-08 02:45:36 -07:00
Max Gautier
8c12dedf05
Fix amazon linux bootstrap ( #11139 )
...
c58497cde
(Refactor bootstrap-os (#10983 ), 2024-03-27) refactored the
boostrap-os include but didn't adapt the amazon linux tasks to the
actual ID of amazon linux ('amzn')
Re-enable the CI so we can avoid that kind of breakage.
2024-05-08 02:15:23 -07:00
Daniel Strufe
0b0faf8f72
Update external huawei cloud controller to 0.26.8 ( #11172 )
...
* Update external huawei cloud controller to 0.26.8
* Update huawei cloud controller templates
* Add security-group-id to config
* git fail
2024-05-08 01:36:31 -07:00
Jorge Isnardo Altamirano
a09c73a356
Update kube-vip manifests to v0.8.0
2024-05-07 11:38:13 +02:00
Vladimir Shaikovskii
966a8b95de
[metallb] Add variable for the metallb namespace ( #11136 )
2024-05-06 02:11:02 -07:00
MatthieuFin
a01d0c047a
fix: 🐛 patch calico node to avoid vxlan tunnel drop ( #11097 )
...
if node.projectcalico.org already existe patch node to set asNumber
instead of apply resource to prevent remove of existing fields feed by
calico-node pods
✅ Closes: 11096
2024-05-05 20:30:59 -07:00
Max Gautier
4cb688d5e4
Fix CentOS typo ( #11161 )
...
The name reported in ansible_distribution is "CentOS", so this could
break some things.
2024-05-05 19:52:18 -07:00
hayden
5ce530c909
Merge stops and removes systemd services tasks in reset playbook ( #10902 )
2024-05-03 02:34:06 -07:00
Mohamed Omar Zaian
9f62f60814
[kubernetes] Add hashes for kubernetes 1.29.4, 1.28.9, 1.27.13 ( #11108 )
2024-05-03 02:20:51 -07:00
Jorge Isnardo Altamirano
537891a380
Update kube-vip manifests to v0.8.0
2024-05-02 16:37:49 +02:00
Jorge Isnardo Altamirano
e57e958a39
Update kube-vip to v0.8.0
2024-05-02 09:45:30 +02:00
Mohamed Omar Zaian
91dea023ae
[containerd] add hashes for versions '1.6.30-31', 'v1.7.16' and make v1.7.16 default ( #11142 )
2024-04-30 04:20:29 -07:00
Lihai Tu
245454855d
Add additional checking for calico rr cluster_id ( #11112 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-04-30 03:46:30 -07:00
Denis Khachyan
3a112e834c
ingress-nginx: added ability to enable opentelemetry nginx module ( #11034 )
2024-04-30 03:46:17 -07:00
Patrick
f0e20705aa
Add Calico v3.27.3 and make it default ( #11141 )
...
* Add Calico v3.27.3 and make it default
* Add Calico v3.27.3 and make it default
* Update README.md
2024-04-30 00:20:42 -07:00
Kubernetes Prow Robot
97e71da97b
Merge pull request #11131 from VannTen/design/modular_pkgs_install
...
Fine grained OS packages installation
2024-04-30 00:20:24 -07:00
RaSerge
a7f98116ca
fix: updating the calico-crds ( #11089 )
2024-04-30 00:15:09 -07:00
Max Gautier
088b1b0cec
Add `enabled` to pkgs to handle ipvs
...
Some packages requirements depends on inventory variables
(`kube_proxy_mode` in that case but it could apply to others).
As the case seems pretty rare, instead of adding complexity to pkgs, we
add an escape hatch to use jinja conditions.
That should be revisited if we find ourselves shoehorning lots of logic
in this later on.
2024-04-29 21:22:23 +02:00
Max Gautier
11f35e462c
Convert common packages to use the new tooling
...
The empty dict means that packages will always be installed on the host.
2024-04-29 21:22:22 +02:00
Max Gautier
da3ff1cc11
Convert OS specific packages to new format
...
Uses the logic introduced in the previous patch to convert all
kubernetes/preinstall/vars/* os specific files to the `pkgs`
dictionary.
Some niceties for devs:
- always validate the `pkgs` variable to catch mistakes in CI.
- ensure that `pkgs` is always sorted. This makes it easier to find the
packages you're looking for.
2024-04-29 21:22:21 +02:00
Max Gautier
663fcd104c
Filter packages installation by OS and by group
...
Adds infrastructure to install OS packages depending not only on OS
(family, versions, etc) but on groups.
All the informations related to a particular package should reside in
the `pkgs` dictionnary, which takes inspiration from the `downloads`
dictionary structure.
2024-04-29 21:22:20 +02:00
Max Gautier
a2019c1c24
Add a JSON schema describing the packages install structure
...
Since the structure we're setting in place for installing packages has
some complexity, add a JSON schema to avoid frustrating errors when
modifying the informations (adding/removing packages install).
2024-04-29 21:22:19 +02:00
Max Gautier
3a43ac4506
Don't special case openssl for tumbleweed
...
openssl 1.1.1 is EOL since 12 September 2023, so just use the default
version on tumbleweed like we do on other distributions.
2024-04-29 21:22:18 +02:00
Max Gautier
f91e00a61b
preinstall: Move ipvs packages into defaults
2024-04-29 21:22:15 +02:00
Mathieu Parent
c6bdc38776
containerd: allow to configure fallback server ( #10988 )
...
Also nerdctl limitation is now removed as we use /etc/containerd/certs.d/
2024-04-29 05:41:47 -07:00
Max Gautier
08a7010e80
Revert "Only download kubeadm images where needed ( #10899 )" ( #11105 )
...
This reverts commit 4b0a134bc9
.
The mentionned PR break scale.yml. This goes back to the status quo
until a proper fix can be provided, at which point we'll reapply the
PR.
2024-04-29 01:59:51 -07:00
Pavan Gunda
538deff9ea
ntp: add config to filter and set ntp interfaces ( #11066 )
...
* ntp: add config to set which interface ntp should listen
* Fixed config to only have one variable
2024-04-25 07:51:45 -07:00
Lihai Tu
23b56e3f89
Enclose the cpu type with quotation marks in kubelet-config.v1beta1 ( #11111 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-04-25 00:32:06 -07:00
Devesh Kumar
eee5b5890d
feat: Add support for cilium 1.15 and updated cilium to v1.15.4 ( #11106 )
2024-04-23 19:42:11 -07:00
Ugur Can Ozturk
ab0ef182fb
[containerd/tracing]: add distributed tracing config flags ( #11103 )
...
* [containerd/tracing]: add distributed tracing config flags
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
* [containerd/tracing]: add distributed tracing config flags -fix
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
---------
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
2024-04-23 00:24:19 -07:00
MatthieuFin
4db3e2c3cf
fix: 🐛 calico-cni-plugin missing RBAC ( #11077 )
...
To configure node asNumber for per node peering service account
calico-cni-plugin need nodes/status update rights
✅ Closes: 11076
2024-04-22 10:09:37 -07:00
MatthieuFin
3d19e744f0
feat(calico): add support filters on bgppeers per node definition ( #11079 )
...
Signed-off-by: MatthieuFin <matthieu2717@gmail.com>
2024-04-21 19:35:34 -07:00
Lilian ARAGO
929c818b63
Fixed joined_control_planes when ansible_hostvars references a variable ( #11060 )
2024-04-19 03:20:58 -07:00
Alexander
4baa2c8704
set default containerd_version to v1.7.15 and add checksums ( #11083 )
...
* set default containerd_version to v1.7.15 and add checksums for v1.7.14 and v1.7.15
* update containerd version in README.md
2024-04-16 19:33:15 -07:00
Abhishek Jain
f3065cc5c4
bump skopeo version and checksum ( #11044 )
...
Signed-off-by: Abhishek Jain <jain.abhishek1991@gmail.com>
2024-04-16 01:19:27 -07:00
Kay Yan
ed2059395c
Remove the archived debian apt repository ( #11088 )
...
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
2024-04-16 00:21:55 -07:00
kyrie
8919901ed5
fix python regex matching problem when finding docker packages ( #11075 )
2024-04-14 19:55:18 -07:00
kyrie
cc0c3d73dc
fix reset/main.yml lsattr command error when kubelet has symbolic link ( #11074 )
...
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
2024-04-14 19:55:05 -07:00
kyrie
dd0f42171f
fix kubespray-defaults: Check for boostrap-os FQCN ( #11073 )
2024-04-14 18:21:11 -07:00
Barry M
1b870a1862
Update kubelet systemd service default allowed IP addresses for cluster hardening ( #11061 )
...
Signed-off-by: bmelbourne <barry.melbourne0@gmail.com>
2024-04-11 00:58:27 -07:00
J
8a423abd0f
Update Snapshot controller to v7.0.2 ( #11041 )
...
Upgrade Snapshot controller installed for all supported Kubernetes
versions to v7.0.2. Also update the manifests used to deploy the
Snapshot controller.
2024-04-10 20:38:08 -07:00
Barry M
3ec2e497c6
Update kubelet-csr-approver to v1.1.0 ( #11070 )
...
Signed-off-by: bmelbourne <barry.melbourne0@gmail.com>
2024-04-10 18:57:02 -07:00
Mathieu Parent
7844b8dbac
Promote nodelocaldns daemonset to system-node-critical ( #11056 )
...
As upstream
2024-04-09 19:48:01 -07:00
kyrie
e87040d5ba
change debian8 network manage service from networking to systemd-networkd ( #11058 )
...
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
2024-04-09 06:50:39 -07:00
Sergey
b2cce8d6dc
force update helm repo if exists on host ( #11043 )
2024-04-08 19:02:48 -07:00
Robert Volkmann
3067e565c0
Fix calico host local ipam ( #11022 )
...
* Prevent upgrade-ipam for host-local IPAM
Otherwise, the init container upgrade-ipam would clear the state of the host-local plugin, potentially causing it to reassign IPs that are still in use.
* USE_POD_CIDR required for host-local
4efd1bfd91/charts/calico/templates/calico-node.yaml (L279)
4efd1bfd91/charts/calico/templates/calico-typha.yaml (L133)
2024-04-03 00:52:31 -07:00
Nicolas Goudry
c6fcbf6ee0
Remove access to cluster from anonymous users ( #11016 )
...
* feat: add user facing variable with default
* feat: remove rolebinding to anonymous users after init and upgrade
* feat: use file discovery for secondary control plane nodes
* feat: use file discovery for nodes
* fix: do not fail if rolebinding does not exist
* docs: add warning about kube_api_anonymous_auth
* style: improve readability of delegate_to parameter
* refactor: rename discovery kubeconfig file
* test: enable new variable in hardening and upgrade test cases
* docs: add option to config parameters
* test: multiple instances and upgrade
2024-04-02 23:54:12 -07:00
ERIK
fdf5988ea8
revert crictl version ( #11042 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2024-04-01 18:43:53 -07:00
Kay Yan
a7d42824be
Merge pull request #11036 from mzaian/etcd-3512
...
[etcd] make etcd 3.5.12 default
2024-04-01 14:57:48 +08:00
peterw
9ef6678b7e
configure crio to use kube reserved cgroups ( #11028 )
2024-03-31 22:21:33 -07:00
Mohamed Omar Zaian
70a54451b1
[etcd] make etcd 3.5.12 default
2024-03-30 05:01:01 +01:00
Max Gautier
c6758fe544
Cleanup of kubernetes/preinstall ( #11010 )
...
* Move fedora ansible python install to bootstrap-os
* /bin/dir is set in bootstrap-os
* Removing ansible_os_family workarounds
Support for these distributions was merged in Ansible, no need to
override it ourselves now.
https://github.com/ansible/ansible/pull/69324 openEuler
https://github.com/ansible/ansible/pull/77275/ UnionTech OS Server 20
https://github.com/ansible/ansible/pull/78232/ Kylin
* Don't unconditionnaly set VARIANT_ID=coreos in os-release
WTF, this is so wrong.
Furthermore, is_fedora_coreos is already handled in boostrap-os
* Handle Clearlinux generically
Followup of 4eec302e86
(since we're using
package module anyway, let's get rid of the custom task)
2024-03-28 15:17:52 -07:00
itayporezky
10315590c7
Change hard-coded URLs to use variables ( #11031 )
2024-03-27 20:44:25 -07:00
Mohamed Omar Zaian
03ac02afe4
[kubernetes] Add hashes for kubernetes 1.29.3, 1.28.8, 1.27.12 ( #11035 )
2024-03-27 12:30:27 -07:00
Arthur Outhenin-Chalandre
fd83ec9d91
kubespray-defaults: regenerate checksums and bump various versions ( #10999 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2024-03-27 06:02:53 -07:00
Max Gautier
c58497cde9
Refactor bootstrap-os ( #10983 )
...
* Remove leftover files for Coreos
Coreos was replaced by flatcar in 058438a25
but the file was copied
instead of moved.
* Remove workarounds for resolved ansible issues
* boostrap: Use first_found to include per distro
Using directly ID and VARIANT_ID with first_found allow for less manual
includes.
Distro "families" are simply handled by symlinks.
* boostrap: don't set ansible_python_interpreter
- Allows users to override the chosen python_interpreter with group_vars
easily (group_vars have lesser precedence than facts)
- Allows us to use vars at the task scope to use a virtual env
Ansible python discovery has improved, so those workarounds should not
be necessary anymore.
Special workaround for Flatcar, due to upstream ansible not willing to
support it.
2024-03-27 05:58:53 -07:00