Commit Graph

873 Commits (9d6344aac791a7e9510b55fe2352addc39b5ee41)

Author SHA1 Message Date
Barry M 1b870a1862
Update kubelet systemd service default allowed IP addresses for cluster hardening (#11061)
Signed-off-by: bmelbourne <barry.melbourne0@gmail.com>
2024-04-11 00:58:27 -07:00
Mathieu Parent d58343d201
Document "Remove access to cluster from anonymous users" (#11068)
See https://github.com/kubernetes-sigs/kubespray/pull/11016
2024-04-09 03:34:36 -07:00
Nicolas Goudry c6fcbf6ee0
Remove access to cluster from anonymous users (#11016)
* feat: add user facing variable with default

* feat: remove rolebinding to anonymous users after init and upgrade

* feat: use file discovery for secondary control plane nodes

* feat: use file discovery for nodes

* fix: do not fail if rolebinding does not exist

* docs: add warning about kube_api_anonymous_auth

* style: improve readability of delegate_to parameter

* refactor: rename discovery kubeconfig file

* test: enable new variable in hardening and upgrade test cases

* docs: add option to config parameters

* test: multiple instances and upgrade
2024-04-02 23:54:12 -07:00
kyrie baf4842774
make kube-vip LeaderElection variables configurable (#11021)
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
2024-03-25 02:24:57 -07:00
Tom M e7d29715b4
Add kubelet_cpu_manager_policy_options (#11023) 2024-03-22 12:21:39 -07:00
Max Gautier 3305383873
Fix ansible python version range (#11009) 2024-03-14 05:54:31 -07:00
Max Gautier 7f6ca804a1
Upgrade ansible-core to 2.16.4 (#10984)
* upgrade ansible version

Needed for with_first_found to work correctly:
https://github.com/ansible/ansible/issues/70772 fixed in 2.16

* Remove unused google cloud cloud_playbook

* Fix dpkg_selection on non-existing packages

Needed since ansible-core>2.16, see:
f10d11bcdc
2024-03-14 02:12:45 -07:00
Max Gautier d40b073f97
Add extra_vars support to vagrant setup (#10932) 2024-02-19 02:58:20 -08:00
Max Gautier c13b21e830
Explicit private/public nature of `*ip` vars (#10904) 2024-02-19 02:00:26 -08:00
Radek Smid 8d5091a3f7
fix: Kubelet not starting because of non-existent feature gate (#10448) 2024-02-16 01:27:46 -08:00
Kundan Kumar bfbb3f8d33
updated ingress controller version (#10868) 2024-02-12 01:11:03 -08:00
Oliver Larsson 65e22481c6
Remove documentation for removed in-tree openstack provider (#10889) 2024-02-06 01:11:00 -08:00
anders-elastisys c698790122
add nat_outgoing_ipv6 to calico defaults and docs (#10866) 2024-02-05 23:14:22 -08:00
Max Gautier 11c01ef600
docs: vagrant-libvirt is tested in CI (#10847) 2024-01-31 05:13:17 -08:00
Takuya Murakami 785366c2de
[kubernetes] Support kubernetes 1.29 (#10820)
* [kubernetes] Make kubernetes 1.29.1 default

* [cri-o]: support cri-o 1.29

Use "crio status" instead of "crio-status" for cri-o >=1.29.0

* Remove GAed feature gates SecCompDefault

The SecCompDefault feature gate was removed since k8s 1.29
https://github.com/kubernetes/kubernetes/pull/121246
2024-01-31 00:57:23 -08:00
Max Gautier e3ea19307a
Doc clarification: skipping patches releases is OK (#10850) 2024-01-29 22:31:40 -08:00
Kundan Kumar 4ea1a0132e
Updated vagrant.md (#10836) 2024-01-28 21:16:35 -08:00
jandres - moscardo 0ddf872163
Update upgrades.md with serial=1 for rolling updates (#10837)
* Update upgrades.md

 modify env serial to have real rolling upgrades

* Update upgrades.md

change section for serial

* Update docs/upgrades.md

Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com>

---------

Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com>
2024-01-28 21:07:17 -08:00
Slavi Pantaleev a487667b9d
Make large-deployments.md link to downloads.md (#10840) 2024-01-25 14:55:33 +01:00
Max Gautier c80f2cd573
Allow the DNS stack to be backward compatible with an old dns_domain (#10630)
Handle all old dns domains:
- for nodelocaldns: in the same server block as the current dns_domain
- for coredns: uffix rewrite of each of the old dns domains to the
  current one
2024-01-24 06:31:22 +01:00
Maxime Leroy ab0163a3ad
fix(kubernetes): taint nodes with kubectl (#10705)
Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
2024-01-23 15:46:13 +01:00
Louis Tu a88bad7947
Add scheduler plugins support (#10747)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-01-23 07:42:33 +01:00
Serge Hartmann a2ed5fcd3d
Doc: variable cilium_ipsec_key must be base64 encoded (#10781)
Signed-off-by: serge Hartmann <serge.hartmann@gmail.com>
2024-01-22 17:49:00 +01:00
Yuhao Zhang 0e971a37aa
Offline control plane recover (#10660)
* ignore_unreachable for etcd dir cleanup

ignore_errors ignores errors occur within "file" module. However, when
the target node is offline, the playbook will still fail at this task
with node "unreachable" state. Setting "ignore_unreachable: true" allows
the playbook to bypass offline nodes and move on to proceed recovery
tasks on remaining online nodes.

* Re-arrange control plane recovery runbook steps

* Remove suggestion to manually update IP addresses

The suggestion was added in 48a182844c 4
years ago. But a new task added 2 years ago, in
ee0f1e9d58, automatically update API
server arg with updated etcd node ip addresses. This suggestion is no
longer needed.
2024-01-22 17:22:27 +01:00
Max Gautier a9e29a9eb2
Fix etcd client generation (#10769)
* ci: redefine multinode to node-etcd-client

This should allow to catch several class of problem rather than just
one -> from network plugin such as calico or cilium talking directly to
the etcd.

* Dynamically define etcd host range

This has two benefits:
- We don't play the etcd role twice for no reason
- We have access to the whole cluster (if needed) to use things like
  group_by.
2024-01-16 15:50:41 +01:00
qlijin beb2660aa8
Update docs for crio (#10785) 2024-01-16 05:23:09 +01:00
Max Gautier e90cae9344
Refactor check_galaxy + fix version (#10729)
* Remove checks for docs using exact tags

Instead use a more generic documentation for installing kubespray as a
collection from git.

* Check that we upgraded galaxy.yml to next version

This is only intented to check for human error. The version in galaxy
should be the next (which does not mean the same if we're on master or a
release branch).

* Set collection version to KUBESPRAY_NEXT_VERSION
2024-01-11 15:49:31 +01:00
Louis Tu a656b7ed9a
Add kube_vip_lb_fwdmethod option for kube-vip (#10762)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-01-09 08:22:13 +01:00
Kay Yan 565eab901b
remove containerd registries (#10738) 2023-12-21 10:01:12 +01:00
Max Gautier 243ca5d08f
Add test case for calico using etcd datastore (#10722)
* Add multinode ci layout

* Add test case for calico using etcd datastore
2023-12-20 09:59:02 +01:00
Max Gautier 471326f458
Remove PodSecurityPolicy support and references (#10723)
This is removed from kubernetes since 1.25, time to cut some dead code.
2023-12-18 14:13:43 +01:00
Max Gautier 7395c27932
CI: Document the 'all-in-one' layout + small refactoring (#10725)
* Rename aio to all-in-one and document it

ADTM.
Acronyms don't tell much.

* Refactor vm_count in tests provisioning
2023-12-18 11:33:13 +01:00
jandres - moscardo cb848fa7cb
New PR default node selector (#10607) 2023-12-12 14:51:26 +01:00
Louis Tu 8f2390a120
Fix the path of download.yml (#10711)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-12-12 13:47:27 +01:00
Max Gautier 51069223f5
Decouple kubespray-defaults from download (#10626)
* Decouple role kubespray-defaults from download

Avoids doing re-importing the download role on every invocation of
kubespray-defaults (and skipping everything).

This has a measurable effect on playbook performance.

* Update docs refering to moved download defaults
2023-12-11 16:56:17 +01:00
Kundan Kumar af1f318852
Updated AWS ALB ingress controller version (#10680) 2023-12-07 10:29:16 +01:00
Jelmer Vernooij fa7a504fa5
Drop installation notes for Debian Jessie (#10642)
Jessie has not received security updates for at least three years. See https://www.debian.org/releases/jessie/
2023-11-28 22:35:28 +01:00
Lukáš Kubín f46910eac3
Add helm support for custom_cni deployment (#10529)
* Add helm support for custom_cni deployment

* Linting correction

* Ansible linting correction

* Add test packet with values

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Add custom_cni configuration file with comments

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Default values cleanup

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Add details to custom_cni configuration file

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Set correct yaml type of helm values

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Set CNI filesystem ownership to root

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Update cilium example parameter name

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

---------

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>
2023-11-16 00:32:21 +01:00
Arthur Outhenin-Chalandre 7ba85710ad
Update to ansible 2.15 (#10481)
* ansible: upgrade to version >= 2.15.5

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* tests: update requirements

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* contrib/openstack: fix wrong gitignore pattern

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* tests: add missing tzdata requirement

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* tests: remove some molecules tests

Those doesn't work in Ansible 2.15. Ansible can't load builtin now
apparently and these tests are not worth it.

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2023-11-15 09:39:09 +01:00
Louis Tu 32743868c7
Add cri-o criu support (#10479)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-11-08 16:57:32 +01:00
Kay Yan c9d685833b
cleanup-for-2.23.1 (#10600) 2023-11-07 13:58:49 +01:00
Louis Tu fa9e41047e
Add kubectl alias support (#10552)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-10-30 17:23:19 +01:00
Unai Arríen 228efcba0e
Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/con… (#10464)
* Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane

* Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane

* Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane
2023-10-17 21:39:40 +02:00
emiran-orange e65050d3f4
Ability to define GPG key path for Docker APT (#10513) 2023-10-13 04:06:04 +02:00
Feruzjon Muyassarov 1fd31ccc28
Refactor NRI activation for containerd and CRI-O (#10470)
Refactor NRI (Node Resource Interface) activation in CRI-O and
containerd. Introduce a shared variable, nri_enabled, to streamline
the process. Currently, enabling NRI requires a separate update of
defaults for each container runtime independently, without any
verification of NRI support for the specific version of containerd
or CRI-O in use.

With this commit, the previous approach is replaced. Now, a single
variable, nri_enabled, handles this functionality. Also, this commit
separates the responsibility of verifying NRI supported versions of
containerd and CRI-O from cluster administrators, and leaves it to
Ansible.

Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
2023-09-26 08:05:25 -07:00
Christian 7919a47165
[metallb] add config option for IPAddressPool avoidBuggyIPs (#10458)
* Add avoid_buggy_ips as optional
* Revert avoid_buggy_ips default back to false
* Change auto_assign to optional, default true
2023-09-21 20:29:49 -07:00
Toon Albers c31bb9aca7
docs: add Cilium CNI to sidebar (#10431) 2023-09-12 08:06:12 -07:00
Kay Yan 293573c665
update-docs-for-calico-in-centos (#10417) 2023-09-08 05:18:14 -07:00
Kay Yan 5ffdb7355a
cleanup-for-2.23.0 (#10420) 2023-09-08 04:40:13 -07:00
Florian Ruynat 9696936b59
Fixup recover control plane playbook + add debian12/cilium test (#10411)
* Add debian12 cilium testing

* Fixup recover control plane playbook
2023-09-05 10:42:52 -07:00
蔣 航 ebd71f6ad7
Fix Typo kubelet_topology_manager_policy (#10384)
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2023-09-03 23:39:48 -07:00
Nicolas Goudry c677438189
docs: add command to restart nginx-proxy container when adding node (#10406) 2023-09-01 09:24:32 -07:00
Louis Tu cafe4f1352
Add kubelet topology manager policy on the node (#10370)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-08-18 01:26:28 -07:00
yun 77bda0df1c
Fix containerd config_path mirrors and remove nerdctl insecure_registry (#10196)
* Fix containerd_registries in config_path for mirrors and remove nerdctl global insecure_registry setting

* Make containerd hosts.toml mode 0640

* Add containerd_registries_mirrors and keep containerd_registries to pass packet_debian11-calico-upgrade
2023-08-16 05:18:27 -07:00
Francisco Orselli 7295d13d60
[EOS-11830] Use ETCD port 2381 for metrics (#10332) 2023-08-08 11:06:16 -07:00
Arthur Outhenin-Chalandre 9613ed8782
Use supported version of fedora in CI (#10108)
* tests: replace fedora35 with fedora37

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* tests: replace fedora36 with fedora38

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* docs: update fedora version in docs

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* molecule: upgrade fedora version

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* tests: upgrade fedora images for vagrant and kubevirt

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* vagrant: workaround to fix private network ip address in fedora

Fedora stop supporting syconfig network script so we added a workaround
here
https://github.com/hashicorp/vagrant/issues/12762#issuecomment-1535957837
to fix it.

* netowrkmanager: do not configure dns if using systemd-resolved

We should not configure dns if we point to systemd-resolved.
Systemd-resolved is using NetworkManager to infer the upstream DNS
server so if we set NetworkManager to 127.0.0.53 it will prevent
systemd-resolved to get the correct network DNS server.

Thus if we are in this case we just don't set this setting.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* image-builder: update centos7 image

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* gitlab-ci: mark fedora packet jobs as allow failure

Fedora networking is still broken on Packet, let's mark it as allow
failure for now.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-08-08 00:50:12 -07:00
Kay Yan b9e3861385
add-cpuManagerPolicy (#10309) 2023-07-25 13:12:20 -07:00
Kundan Kumar f8b93fa88a
link for aws_alb_ingress_controller (#10264) 2023-07-03 03:44:51 -07:00
Florian Berchtold a4d8d15a0e
Add github container registry (#10265) 2023-06-30 03:17:45 -07:00
Arthur Outhenin-Chalandre 8895e38060
Update doc after ansible-core upgrade to 2.14 (#10261)
* docs/ansible: update ansible venv install method and ansible version

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* docs/ansible: add a disclaimer about using version below python 3.9

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-06-28 06:28:32 -07:00
Mathieu Parent 77069354cf
Add system-upgrade to upgrade-cluster playbook (#10184) 2023-06-26 18:24:30 -07:00
Vyacheslav Vershinin 180df831ba
feat: add option to use custome CA for https_proxy (#10215) 2023-06-23 09:59:24 -07:00
Vaibhav Goel a1521dc16e
Updates the broken links in ingress-controller and kubernetes-apps under kubespray docs (#10239) 2023-06-22 02:29:39 -07:00
Victor Morales bf31a3a872
Split defaults main file (#10121) 2023-06-22 02:19:40 -07:00
Louis Tu c5dac1cdf6
Add Debian 12(bookworm) support and CI (#10221)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-06-19 02:20:21 -07:00
Kay Yan 729e2c565b
cleanup-for-2.22.1 (#10201) 2023-06-08 07:36:15 -07:00
Pat Riehecky f5ee8b71ff
Permit custom names for API server lb/proxy containers. (#10166)
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
2023-06-08 02:54:13 -07:00
Michael Stötzer f25b6fce1c
Add node_taints to aws_inventory script (#10168) (#10170) 2023-06-01 22:12:52 -07:00
Vaibhav Goel a2f03c559a
Fixed the incorrect links in kubespray/docs (#10159) 2023-05-30 19:35:47 -07:00
Jeroen Rijken ea7dcd46d7
Update MetalLB deployment, wait for resource. (#9995)
* Update MetalLB deployment, wait for resource.

Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>

* yml to yaml, add basic test for metallb

Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>

---------

Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2023-05-30 11:37:49 -07:00
Andrei Costescu 96e875cd50
Add systemd_resolved_disable_stub_listener (#9875) 2023-05-25 10:04:51 -07:00
Arthur Outhenin-Chalandre 02624554ae
Remove end of life ubuntu versions in CI (#10107)
* tests: replace ubuntu16 with ubuntu20

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* tests: replace ubuntu18 with ubuntu20

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* docs: update docs to remove support for ubuntu 16 and 18

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* molecule: upgrade ubuntu versions

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* vagrant: upgrade ubuntu versions

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* tests: cleanup ubuntu{16,18}

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* tests: increase ubuntu22 ram to allow molecule creation

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-05-24 19:56:50 -07:00
Kay Yan 4013c48acb
cleanup-for-2.22.0 (#10126) 2023-05-24 08:56:50 -07:00
James 161bd55ab2
Remove deprecated crio_pids_limits (#10056)
As per https://github.com/cri-o/cri-o/pull/5831, option is now
deprecated.
2023-05-22 08:49:03 -07:00
Vasubabu feeea7e512
Enabled module_name in provider meta for Equinix (#10044) 2023-05-21 17:32:19 -07:00
qlijin b7a9217d77
Some update for the deploy on fedora coreos: (#10030)
- Test with new version: 37.20230322.3.0. Both containerd and
  cri-o is tested
- bugfix: when we use crio and the var bin_dir is changed,
  there will be some error about the new bin dir.
2023-05-18 15:46:33 -07:00
Kay Yan 82633c6f61
Remove the Support of Debian 9 because Debian 9 is EOF (#10097)
* remove-debian9-support

* Add six module into openstack-cleanup/requirements.txt (#10099)

To fix tf-elastx_cleanup job which was failed with the following error:

   File "/usr/local/lib/python3.11/site-packages/keystoneauth1/identity/generic/password.py", line 16, in <module>
     from keystoneauth1.identity import v3
   File "/usr/local/lib/python3.11/site-packages/keystoneauth1/identity/v3/__init__.py", line 27, in <module>
     from keystoneauth1.identity.v3.oauth2_mtls_client_credential import *  # noqa
     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   File "/usr/local/lib/python3.11/site-packages/keystoneauth1/identity/v3/oauth2_mtls_client_credential.py", line 17, in <module>
     import six
 ModuleNotFoundError: No module named 'six'

---------

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2023-05-18 15:42:33 -07:00
Kenichi Omichi 7afbdb3e1e
Drop canal network_plugin (#10100)
According to the canal github[1] the repo is not maintained over 5 years.
In addition, the README says
```
  Originally, we thought we might more deeply integrate the two projects
  (possibly even going as far as a rebranding!). However, over time it
  became clear that that wasn't really necessary to fulfil our goal of
  making them work well together. Ultimately, we decided to focus on
  adding features to both projects rather than doing work just to
  combine them.
```
So it is difficult to support canal by Kubespray at this situation.

[1]: https://github.com/projectcalico/canal
2023-05-18 03:40:33 -07:00
Kenichi Omichi 48035e3a7e
Drop CI jobs related to canal (#10092)
* Drop CI jobs related to canal

According to the canal github[1] the repo is not maintained over 5 years.
In addition, the README says

  Originally, we thought we might more deeply integrate the two projects
  (possibly even going as far as a rebranding!). However, over time it
  became clear that that wasn't really necessary to fulfil our goal of
  making them work well together. Ultimately, we decided to focus on
  adding features to both projects rather than doing work just to
  combine them.

So we don't need to run CI jobs related to the canal at this situation.

[1]: https://github.com/projectcalico/canal

* Update ci.md
2023-05-17 04:42:33 -07:00
Maxime Leroy 4ffe138dfa
feat(coredns): coredns_rewrite_block to perform internal message rewriting (#10045)
Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
2023-05-12 14:32:46 -07:00
James 07d45e6b62
Kubelet csr approver (#9877)
* chore(helm-apps): fix README example

README shows a non-working example according to the specs for this role.

* Add support for kubelet-csr-approver

Co-Authored-By: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* Add tests for kubelet-csr-approver

Co-Authored-By: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* Add Documentation for Kubelet CSR Approver

Co-Authored-By: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Co-authored-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-05-10 17:49:09 -07:00
John Adams 9a72de54de
Cleanup of external openstack cloud config (#9899)
* redorder options and remove use-octavia

* lowercase true/false
2023-05-10 03:41:02 -07:00
Eugene Marchanka c880b24a80
[MetalLB] Remove unused resources (#10004)
* Fix MetalLB deploy

This will fix MetalLB deploy

* Remove `metallb_ip_range` check

* Remove missing `metallb-config.yml`

* fix template name

* make deployment of layer3 conditional

* revert

* revert
2023-05-08 17:20:52 -07:00
Kay Yan c98e1d1b5b
add-kube-profile-to-scheduler (#9993) 2023-04-17 18:54:58 -07:00
lijin-union cb318931aa
* corrected a link (#9988)
* remove a useless parenthesis in the _sidebar file
2023-04-16 18:28:43 -07:00
Jeroen Rijken 709ae1d244
Update MetalLB and switch to CRD notation. (#9120)
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2023-04-14 01:14:41 -07:00
Kay Yan f27bea574e
wqAdd-Port-Requirements (#9969) 2023-04-12 00:04:36 -07:00
Processus42 9a8f95e73d
Documentation: Fix collection URL (#9949) 2023-04-03 18:29:51 -07:00
Kundan Kumar 3a6069916d
updated link for baremetel consideration (#9944) 2023-03-30 08:23:48 -07:00
Kundan Kumar e6eda9d811
corrected reference link to valid one (#9940)
* corrected reference link to valid one

* Update calico.md

incorporated review comments
2023-03-29 16:57:48 -07:00
Kay Yan e8f0fb82fe
fix-kube-bench-1.2.20 (#9939) 2023-03-29 09:35:49 -07:00
Luke Simmons acbf44a1b4
Adds support for Ansible collections (#9582) 2023-03-27 02:25:55 -07:00
Kay Yan 309aaee427
fix-cilium-error (#9902) 2023-03-20 02:41:17 -07:00
biqiang Wu 2ae3ea9ee3
Modified the default value of cilium IPAM and added the support for related parameters (#9443)
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
2023-03-13 17:45:10 -07:00
Brendan McShane ab213a7db0 spelling 2023-03-09 08:58:08 +01:00
Brendan McShane 9fb1814784 Fix warning/info markdown 2023-03-09 08:58:08 +01:00
Arthur Outhenin-Chalandre 82f68ca395
calico: cilium: use localhost lb by default on kube-proxy replacement (#9718)
This commit removes the variable `use_localhost_as_kubeapi_loadbalancer`
and rather detects that we are in a situation where we can use the
localhost apiserver loadbalancer (meaning that we use the localhost load
balancer and that the same ports are used for both the load balancer and
the kube-apiserver).

This also cleanups the calico code to use `kube_apiserver_global_endpoint`
rather than implementing the same logic all over again.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-03-07 04:28:36 -08:00
Arthur Outhenin-Chalandre 6769bb32b1
Network plugin custom (#9819)
* network_plugin/custom_cni: add CNI to apply provided manifests

Add a new simple custom_cni to install provided Kubernetes manifests.
This could be useful to use manifests directly provided by a CNI when
there are not support by Kubespray (i.e.: helm chart or any other manifests
generation method).

Co-authored-by: James Landrein <james.landrein@proton.ch>
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* network_plugin/custom_cni: add test with cilium

Co-authored-by: James Landrein <james.landrein@proton.ch>
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
Co-authored-by: James Landrein <james.landrein@proton.ch>
2023-03-03 00:23:08 -08:00
Kenichi Omichi 7fec254f62
Drop part for supporting ansible 2.9 and 2.10 (#9842)
requirements-$ANSIBLE_VERSION.yml doesn't exist in Kubespray repo.
That was for supporting ansible 2.10-, and now Kubespray supports
2.11+. So this drops the part to avoid confusion.
2023-03-02 01:54:58 -08:00
Jack 62f34c6085
add image garbage collection (#9832) 2023-02-27 00:26:19 -08:00