kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,170 Commits
29 Branches
81 Tags
158 MiB
Commit Graph

348 Commits (94e33bdbbf54f1aefb18738a63769969be8ff169)

Author SHA1 Message Date
qlijin 8c32be5feb
Add insecure_registry config to crio.conf (#10142) 2023-05-28 19:03:41 -07:00
ERIK 75e00420ec
Add arch and version to the downloaded binary name (#10122) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2023-05-24 22:30:50 -07:00
Arthur Outhenin-Chalandre 02624554ae
Remove end of life ubuntu versions in CI (#10107) 
* tests: replace ubuntu16 with ubuntu20

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* tests: replace ubuntu18 with ubuntu20

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* docs: update docs to remove support for ubuntu 16 and 18

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* molecule: upgrade ubuntu versions

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* vagrant: upgrade ubuntu versions

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* tests: cleanup ubuntu{16,18}

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* tests: increase ubuntu22 ram to allow molecule creation

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
 2023-05-24 19:56:50 -07:00
James 161bd55ab2
Remove deprecated crio_pids_limits (#10056) 
As per https://github.com/cri-o/cri-o/pull/5831, option is now
deprecated.
 2023-05-22 08:49:03 -07:00
qlijin b7a9217d77
Some update for the deploy on fedora coreos: (#10030) 
- Test with new version: 37.20230322.3.0. Both containerd and
  cri-o is tested
- bugfix: when we use crio and the var bin_dir is changed,
  there will be some error about the new bin dir.
 2023-05-18 15:46:33 -07:00
Louis Tu 55e581be3b
Clear http scheme on containerd insecure-registry tls config (#10084) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2023-05-16 00:47:36 -07:00
Arthur Outhenin-Chalandre 3254080a1c
cri-o: fix crio restart on config change (#10057) 
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
 2023-05-14 19:27:28 -07:00
Denis 29827711f1
fix: missed double quotes in cri-o config (#10040) 2023-05-07 17:27:16 -07:00
pingrulkin cdc25523bf
Change nerdctl snapshotter to overlayfs by default (#9979) 2023-04-12 14:58:32 -07:00
Louis Tu 2985b129fc
remove invalid character (#9970) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2023-04-11 04:27:19 -07:00
ERIK fb8631cdf6
fix allow unsupported distribution (#9904) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2023-03-21 01:35:09 -07:00
ERIK 7747ff2572
Fix uniontech os installation failure (#9862) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2023-03-09 22:00:39 -08:00
DRAGON2002 13c793fd0d
add flag (#9827) 
Signed-off-by: Anant Vijay <anantvijay3@gmail.com>
 2023-03-05 17:50:57 -08:00
Victor Morales 677b7ecd89
Drop crun_bin_dir unused var (#9845) 
crun_bin_dir was used to specify the destination of the crun binary during the
download process. This path must match with the value provided in the CRI-O
configuration file. So changing its value to bin_dir helps to mismatch errors.

Signed-off-by: Victor Morales <chipahuac@hotmail.com>
 2023-03-02 18:30:57 -08:00
Marijn van der Giesen ad4958249f
fix(crio): First runc then crictl (#9780) 2023-02-19 22:27:38 -08:00
rongfu.leng 145c80e9ab
Fix containerd config_path error when containerd_registries is configed (#9770) 
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
 2023-02-16 20:57:39 -08:00
Samuel BECK 2838a7c304
add proxy_env variable to apt_key cleanup task (#9766) 2023-02-09 06:38:22 -08:00
Bas 2c93c997cf
pre-commit autocorrected files (#9750) 2023-02-06 01:35:16 -08:00
rongfu.leng 0707c8ea6f
fix: with_item to with_dict (#9729) 
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
 2023-01-31 03:18:50 -08:00
rongfu.leng 8a03bb1bb4
add containerd config_path (#9566) 
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>

Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
 2023-01-16 23:42:32 -08:00
Kay Yan 6674438849
fix-ci-issue (#9640) 2023-01-05 00:11:58 -08:00
Shelming.Song 1c4db6132d
optimize cgroups settings for node reserved (#9209) 
* optimize cgroups settings for node reserved

* fix

* set cgroup slice for multi container engine

* set cgroup slice for crio

* add reserved cgroups variables to sample files

* Compatible with cgroup path for different container managers

* add cgroups doc

* fix markdown
 2022-12-30 08:05:30 -08:00
Fredrik Liv c8ec77a734
[containerd] Add config for unpriviledged ports and icmp (#9517) 
* [containerd] Add config for unpriviledged ports and icmp

* Updated to match true false variables of other setting
 2022-12-09 06:16:12 -08:00
Chad Swenson 3dc384a17a
Allow `containerd-common` to execute multiple times per play (#9543) 
The `containerd-common` role is responsible for gathering OS specific variables from the vars directory of the roles that include or import it. `containerd-common` is imported via role dependency by a total of two roles, `container-engine/docker`, and `container-engine/containerd`.

containerd-common is needed by both the docker and containerd roles as a dependency when:
- containerd is selected as the container engine
- a docker install is detected and needs to be removed
- apt is the package manager

However, by default, roles can not be invoked more than once in the same play, unless `allow_duplicates: true` is set for that role. This results in the failure of the `containerd | Remove containerd repository` task, since only the docker vars will be loaded in the play, and `containerd_repo_info.repos`, normally populated by containerd/vars, is left empty.

This change sets `allow_duplicates: true` for `containerd-common` which fixes the currently failing containerd tasks if docker was detected and removed in the same play.
 2022-12-08 15:58:18 -08:00
ERIK 47510899c7
Update the number of nofile limits in containerd (#9507) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-25 15:12:04 -08:00
ERIK b9a690463d
Add docker support for openEuler linux (#9498) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-17 18:18:30 -08:00
ERIK 8795cf6494
Add support for the OpenEuler Linux (#9494) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-16 00:48:49 -08:00
Ilya Margolin 5a8cf824f6
[containerd] Simplify limiting number of open files per container (#9319) 
by setting a default runtime spec with a patch for RLIMIT_NOFILE.

- Introduces containerd_base_runtime_spec_rlimit_nofile.
- Generates base_runtime_spec on-the-fly, to use the containerd version
  of the node.
 2022-11-08 06:44:32 -08:00
lijin-union c272421910
Add UOS linux support (#9432) 2022-10-30 17:16:43 -07:00
Florian Ruynat 582ff96d19
Update docker version to 20.10.20 (#9410) 2022-10-20 18:45:15 -07:00
Cristian Calin 1530411218
use cri-o from upstream instead of kubic/OBS (#9374) 
* [cri-o] use cri-o from upstream instead of kubic/OBS

* [cri-o] add proper molecule coverage

* [skopeo] download skopeo from upstream build

* [cri-o] clean up legacy deployments

* disable cri-o per-distribution variables
 2022-10-19 05:47:05 -07:00
Kenichi Omichi f4b95d42a6
Add note for containerd oom_score (#9384) 
When we saw 0 as the default value of containerd_oom_score, we had
a question why the value was not -999.
This adds the note to explain it.
 2022-10-11 21:49:00 -07:00
Kenichi Omichi 24632ae81b
Add check_typo job (#9361) 
To block merging pull requests which contain typo automatically.
 2022-10-07 02:21:53 -07:00
Ilya Margolin f2e11f088b
Hotfix containerd restart (#9322) 2022-09-24 13:14:04 -07:00
Victor Morales 782f0511b9
Define ostree variable for runc (#9321) 
The ostree variable is not defined previously raising an error when
the runtime tries to read it.
 2022-09-24 13:00:11 -07:00
Ilya Margolin 726711513f
[containerd] Allow configuring base_runtime_spec per containerd runtime (#9302) 
and supply a default runtime spec.
 2022-09-23 10:38:27 -07:00
Ilya Margolin 262c96ec0b
Remove duplication in template (#9301) 
by concatenating default and additional runtimes
 2022-09-21 08:33:15 -07:00
ERIK 7c2fb227f4
Add LimitMEMLOCK parameter configuration in containerd.service (#9269) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-09-13 02:51:06 -07:00
Cristian Calin e60ece2b5e
[CI] remove opensuse Leap from molecule test blocking CI (#9229) 2022-08-29 11:44:49 -07:00
Krystian Młynek 64daaf1887
cri-dockerd: add restart of docker.service (#9205) 
* cri-dockerd: add restart of docker.service

* remove enabling of cri-dockerd.socket
 2022-08-24 05:50:02 -07:00
Pavel Chekin 8f899a1101
Fix containerd (<1.7) configuration for insecure registries (#9207) 
For the following configuration

```
    containerd_insecure_registries:
      docker.io:
        - dockerhubcache.example.com
```

the rendered /etc/containerd/config.toml contains

```
        [plugins."io.containerd.grpc.v1.cri".registry.configs."docker.io".tls]
          insecure_skip_verify = true
```

but it needs to be

```
        [plugins."io.containerd.grpc.v1.cri".registry.configs."dockerhubcache.example.com".tls]
          insecure_skip_verify = true
```
 2022-08-22 23:13:23 -07:00
Mostafa Ghadimi 386c739d5b
🌱 Enable cri-dockerd service (#9201) 
* 🌱 Enable cri-dockerd service

* 🔨 Fix the task name in order to pass the CI tests
 2022-08-22 07:17:43 -07:00
Cristian Calin b9e4e27195
[CI] fix molecule tests on opensuse by upgrading to 15.4 (#9175) 
* [CI] fix molecule tests on opensuse by upgrading to 15.4

* [opensuse] use correct python crytography package name depending on distribution version
 2022-08-14 19:02:13 -07:00
ERIK 47050003a0
Add docker support for Kylin V10 (#9144) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-08-03 15:03:46 -07:00
ERIK f2f9f1d377
Add kylin OS support (#9078) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-08-01 10:44:29 -07:00
pil57852 626ea64f66
9052 crio add dpkg hold (#9075) 
* Update main.yaml

* remove version in dpkg_selection name

* make lint happy

* Fix typo

* add comment / remove useless contition

* remove dpkg hold in reset tasks
 2022-07-19 00:30:07 -07:00
Kay Yan 9ca5632582
fix-docker-option-in-centos-arm64 (#9047) 2022-07-05 08:26:47 -07:00
rptaylor 6f82cf12f5
let containerd_default_runtime be undefined by default (#9026) 2022-06-27 10:56:59 -07:00
Cristian Calin 76b0cbcb4e
bump pause container to 3.6 (#9024) 
* [pod-infra] bump pod infra container version to 3.6

* [cri-dockerd] align pod infra container image with other CRIs
 2022-06-23 01:43:44 -07:00
Alessio Greggi 97b4d79ed5
feat: make kubernetes owner parametrized (#8952) 
* feat: make kubernetes owner parametrized

* docs: update hardening guide with configuration for CIS 1.1.19

* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
 2022-06-17 01:34:32 -07:00