onock
392815d97c
[cert-manager] Fix missing RBAC rules for ClusterRole cert-manager-cainjector kubernetes-sigs#8104. ( #8444 )
2022-01-20 12:17:09 -08:00
rtsp
e791089466
cert-manager: Fix incorrect leader election namespace lead to insufficient permission ( #8433 )
2022-01-17 02:37:29 -08:00
Cristian Calin
418f12f62a
[calico] drop 3.18.x and make 3.21.x the new default ( #8426 )
2022-01-17 02:29:29 -08:00
Necatican Yıldırım
caff539ccd
Add identity_allocation_mode support for Cilium ( #8430 )
...
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2022-01-16 09:29:28 -08:00
Samuel Liu
1a69f8c3ad
parameterized snaphot controller namespaces ( #8305 )
...
* Parameterized snaphot controller namespaces
* add ns yml
* add docs
* namespace
2022-01-14 12:58:26 -08:00
rtsp
ccd3180a69
cert-manager: Allow to change leader election namespace for GKE Autopilot support ( #8424 )
...
More information:
- kubernetes-sigs/kubespray#8393
- jetstack/cert-manager#4102
- jetstack/cert-manager#3717
2022-01-14 12:54:26 -08:00
cyril-corbon
01dcbc18ac
feat: upgrade metallb to v0.11.0 ( #8420 )
...
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-14 05:22:28 -08:00
Florian Ruynat
7c67ec4976
Fix kubectl call before installing it ( #8412 )
2022-01-12 23:12:29 -08:00
Cristian Calin
1337c9c244
[csi-snapshotter] upgrade to 5.0 ( #8403 )
2022-01-11 09:14:33 -08:00
cyril-corbon
86953b2ac4
fix: add tolerations / affinity to cert-manager ( #8389 )
...
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-11 09:14:26 -08:00
Mathieu Parent
cfd9873bbc
Allow to choose container manager commands ( #8380 )
...
This allow to workaround #8375 by using image_command_tool=crictl
when containerd_registries is used for containerd.
Also changes image_info_command_on_localhost for docker to return digests.
2022-01-11 01:13:16 -08:00
Samuel Liu
b2b95cc8f9
fix 0090-etchosts ( #7634 )
2022-01-11 01:03:16 -08:00
Kenichi Omichi
73c889eb10
Fix failures of ansible-lint ( #8401 )
...
This fixes the following types of failures:
- empty-string-compare
- literal-compare
- risky-file-permissions
- risky-shell-pipe
- var-spacing
In addition, this changes .gitlab-ci/lint.yml to block the same issue
by using the same method at Kubespray CI.
2022-01-11 00:45:16 -08:00
Victor Morales
642725efe7
Bump containerd version to 1.5.9 ( #8402 )
2022-01-11 00:05:16 -08:00
Cristian Calin
29aafff2ce
etcd: add 3.5.1 for kubernetes 1.23+ ( #8320 )
2022-01-10 22:45:15 -08:00
forselli-stratio
df425ac143
Fix etcd certificates reference to support etcd_kubeadm_enabled:true ( #7766 )
...
* Fix etcd certificates reference to support etcd_kubeadm_enabled:true
* Add retries to ETCD Join Member task
* Fix etcd certificates reference when etcd_kubeadm_enabled:true
* Fix conflicts
2022-01-10 15:24:25 -08:00
Unai Arríen
57a1d18db3
Improve first_kube_control_plane variable management to avoid installation failures due to variable overlapping ( #8388 )
2022-01-10 01:35:19 -08:00
rtsp
aa4a3d7afd
Fix container engine still installed on dedicated etcd node even if `etcd_deployment_type: host` ( #8386 )
2022-01-10 01:35:12 -08:00
Alex
06ad5525b8
replace runc 1.0.3 arm64 hash with 0 ( #8391 )
2022-01-10 01:31:13 -08:00
Kenichi Omichi
f80fd24a55
Fix risky-file-permissions ( #8370 )
...
When running ansible-lint directly, we can see a lot of warning
message like
risky-file-permissions File permissions unset or incorrect
This fixes the warning messages.
2022-01-09 01:51:12 -08:00
Kenichi Omichi
51bd9bee0d
Move containerd_version to defaults/main.yml ( #8379 )
...
All container image versions were defined in download/defaults/main.yml
except containerd.
The inconsistency caused the offline script(generate_list.sh) could not
output the URL of containerd image.
This moves the definition into a valid file.
In addition, this adds host_os to generate_list.sh for downloading
krew from a valid URL.
2022-01-09 01:47:12 -08:00
Victor Morales
52266406f8
Bump cert-manager version to v1.6.1 ( #8377 )
2022-01-07 16:45:34 -08:00
cyril-corbon
cd601c77c7
feat: upgrade metrics server to v0.5.2 ( #8338 )
...
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-07 08:18:33 -08:00
Florian Ruynat
6abae713f7
Update helm / kube-router and coredns ( #8382 )
...
* Update kube-router to 1.4.0
* Update Helm to 3.7.2
* Up coredns to 1.8.6 when k8s is 1.23.x
2022-01-06 12:14:27 -08:00
Alex
1312f92a8d
adding 0 checksum for kata_containers_version on arm(64) ( #8383 )
2022-01-06 12:08:27 -08:00
Unai Arríen
92abf26d29
Ensure taint configuration for secondary control-plane nodes ( #8363 )
2022-01-05 23:56:28 -08:00
Bart Sloeserwij
59f62473c9
Update configuration of registries in cri-o ( #7852 )
...
* Update configuration of registries in cri-o
* Update docs to match new registry configuration
2022-01-05 07:36:40 -08:00
Choi Yongbeom
dda557ed23
Update config.toml.j2 ( #8340 )
...
* Update config.toml.j2
i think this commit code is not completed works
exam registry address : a.com:5000
insecure registry must be http://a.com:5000
but this code add insecure a.com:5000 (without http://)
If there is no http, containerd accesses with https even if insecure_skip_verify = true
solution is code edit
* Update config.toml.j2
* Update containerd.yml
* Update containerd.yml
* Update containerd.yml
* Update config.toml.j2
2022-01-05 02:56:33 -08:00
Max Gautier
cb54eb40ce
Use a variable for standardizing kubectl invocation ( #8329 )
...
* Add kubectl variable
* Replace kubectl usage by kubectl variable in roles
* Remove redundant --kubeconfig on kubectl usage
* Replace unecessary shell usage with command
2022-01-05 02:26:32 -08:00
Cristian Calin
3eab1129b9
CI: Replace CentOS 8 with AlmaLinux 8 before CentOS 8 EOL end of 2021 ( #8297 )
2022-01-05 02:20:33 -08:00
Choi Yongbeom
24f1402a14
nerdctl insecure registry config ( #8339 )
...
* Update prep_download.yml
nerdctl insecure registry config
* Update prep_download.yml
* Update prep_download.yml
apply conversations advice
* Update prep_download.yml
* Update prep_download.yml
* Update prep_download.yml
* Update prep_download.yml
* Update prep_download.yml
* Update prep_download.yml
* Update main.yml
* Update main.yml
* Update prep_download.yml
* Update prep_download.yml
2022-01-05 01:14:33 -08:00
Necatican Yıldırım
bf00550388
Upgrade Cilium to 1.11.0 ( #8354 )
...
* Remove kvstore args from Cilium DaemonSet
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* Bump Cilium to 1.11.0
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2022-01-05 00:36:32 -08:00
Florian Ruynat
6136fa7c49
Update Kubernetes version to 1.23.1
2022-01-04 10:25:00 -08:00
Florian Ruynat
8d2b4ed4a9
Move min k8s version to 1.21
2022-01-04 10:25:00 -08:00
Cristian Calin
4c4c83f0a1
crun update to 1.4 ( #8330 )
...
* [crun] update crun to 1.4
* [crun] drop pre-1.x versions
2022-01-04 08:30:53 -08:00
Unai Arríen
0e98814732
Configure PriorityClassName for MetalLB deployment ( #8362 )
2022-01-04 08:20:52 -08:00
Max Gautier
92f25bf267
Simplify usage of pre-remove role ( #8334 )
...
- Use builtin task scheduling of ansible (same task on each host)
instead of manual looping on master
Benefits:
- One less play in remove-node.yml playbook
- Parralel node drain
- Drain parameters (timeout, grace period, retries,
allow_ungraceful_removal) can be adjusted separately for each node
with ansible variables
2022-01-04 07:10:53 -08:00
Romain ALBON
63a53c79d0
Fix - Search root filesystem device ( #8366 )
2022-01-04 06:48:52 -08:00
Florian Ruynat
841c61aaa1
Revert "Fix external lb error ( #8299 )" ( #8360 )
...
This reverts commit 4f2e4524b8
.
2022-01-03 01:37:00 -08:00
Samuel Liu
157942a462
fix resolved config ( #8351 )
2022-01-03 00:06:59 -08:00
jbpratt
e88a27790c
fix spelling error ( #8342 )
2022-01-02 23:55:00 -08:00
Cristian Calin
ed3932b7d5
[cni-plugins] upgrade to stable 1.0.1 ( #8331 )
...
* [cni-plugins] upgrade to stable 1.0.1
* [flannel] use binary from dedicated project
2021-12-23 23:16:15 -08:00
emiran-orange
2b5c185826
calico_pool_blocksize must be cast as well in assertion when defined ( #8321 )
...
* calico_pool_blocksize must be cast as string in assertion when defined
* Cast as int rather than string
2021-12-23 00:58:37 -08:00
zhengtianbao
c3c128352f
Remove registry-proxy ( #8327 )
2021-12-21 23:55:35 -08:00
zhengtianbao
02a89543d6
registry: add ingress support ( #8311 )
2021-12-21 10:20:46 -08:00
Cristian Calin
c1954ff918
Support deploying kubernetes 1.23 ( #8323 )
...
* Ensure entries for 1.23 are added for supported_versions vars
* cri-o: add support for kubernetes 1.23 but still use cri-o 1.22
* kubescheduler-config: diferentiate config versions based on kube_version
2021-12-21 01:38:46 -08:00
Kenichi Omichi
b49ae8c21d
Delete "kubeadm alpha certs" code ( #8322 )
...
"kubeadm alpha certs" command has been promoted to "kubeadm certs" command,
and "kubeadm alpha certs" has been deprecated since Kubernetes v1.20 as [1].
In addition, Kubespray supports Kubernetes v1.20+.
This delete the deprecated command for cleanup.
[1]: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.20.md#deprecation
2021-12-20 12:53:33 -08:00
Calin Cristian Andrei
1a7b4435f3
Bump default version of kubernetes to 1.22.5
2021-12-20 08:56:56 -08:00
Calin Cristian Andrei
db0e458217
Kubernetes: add hashes for v1.23.1, v1.23.0, v1.22.5, v1.21.8 and v1.20.14
2021-12-20 08:56:56 -08:00
Nicolas MASSE
f01f7c54aa
Add support for CRI-O user namespaces ( #8268 )
...
* add support for cri-o user namespaces
* comply with yamllint rules
2021-12-20 06:37:25 -08:00
kakkotetsu
c59407f105
add support for Calico BGPPeer sourceAddress ( #8306 )
2021-12-20 01:51:25 -08:00
Cristian Calin
fdc5d7458f
Upgrade to nerdctl 0.15.0 and some fixes ( #8315 )
...
* nerdctl: move to 0.15.0
* nerdctl: reduce verbosity when pulling images
* download: use proxy environment when using nerdctl to download containers
2021-12-20 00:33:26 -08:00
Antoine Gatineau
6aafb9b2d4
fix bad indentation ( #8314 )
2021-12-17 07:36:29 -08:00
Samuel Liu
aa9ad1ed60
clean files for kube-ovn ( #8310 )
2021-12-15 23:39:19 -08:00
zhengtianbao
aa9b8453a0
registry: service add clusterIP, nodePort, loadBalancer support ( #8291 )
...
* registry: service add clusterIP, nodePort, loadBalancer support
* modify camelcase name to underscore
* Add registry service type compatibility check
2021-12-15 00:18:19 -08:00
singeleaf
4f2e4524b8
Fix external lb error ( #8299 )
2021-12-13 14:46:27 -08:00
Marat Talipov
4f27c763af
containerd insecure registry support ( #8298 )
2021-12-13 00:41:58 -08:00
Cristian Calin
0e969c0b72
vSphere-CSI: update to 2.4.0 ( #8295 )
2021-12-10 11:07:23 -08:00
Steven Reitsma
b396801e28
Update Cinder CSI to v1.22 ( #8296 )
2021-12-10 10:49:11 -08:00
Cristian Calin
682c8a59c2
containerd: change default resolvconf_mode to host_resolvconf ( #8247 )
...
* containerd: change default resolvconf_mode to host_resolvconf
* Wait for kube-apiserver to come back after pod refresh
* Handle resolv.conf gracefully
* Retain currently configured DNS entries to ensure we don't break the resolvers
* Suse uses wickedd for network management so no dhcp hooks
* Molecule: increase ansible timeout
* CI: Increase ansible timeout to 120s for Packet jobs
2021-12-09 14:09:06 -08:00
Florian Ruynat
5a25de37ef
Revert "remove no longer present etcd nodes from APIEndpoints list in kubeadm-config configmap ( #8244 )" ( #8287 )
...
This reverts commit dc767c14b9
.
2021-12-09 08:24:16 -08:00
zhengtianbao
4ef2cf4c28
Registry add TLS and authentication support ( #8229 )
...
* Add registry TLS support
* Add registry configmap and htpasswd auth
2021-12-07 08:32:00 -08:00
Cristian Calin
990ca38d21
Kata-Containers: add 2.3.0 ( #8276 )
...
* Kata-Containers: add checksums for 2.3.0
* Kata-Containers: version 2.3.0 requires kubernetes 1.22.0+
2021-12-07 08:18:08 -08:00
Cristian Calin
c7e430573f
Calico: upgrade 3.21.x to 3.21.2 ( #8275 )
2021-12-07 08:18:01 -08:00
Cristian Calin
a328b64464
runc: upgrade to v1.0.3 ( #8274 )
2021-12-07 06:10:02 -08:00
zhengtianbao
a16d427536
Set etcd-events listen port to 2383 ( #8232 )
2021-12-07 00:28:01 -08:00
Cristian Calin
c98a07825b
Use cgroupsv2 where available (fedora) ( #8237 )
...
* Containerd: use cgroupsv2 where available (fedora)
* Docker: use cgroupsv2 where available (fedora)
* cri-o: use cgroupsv2 where available (fedora)
2021-12-06 11:19:33 -08:00
Samuel Liu
a98ca6fcf3
Update loadbalancers versions ( #8272 )
...
* Update loadbalancers versions
* fix haproxy_config_dir mode
2021-12-06 09:40:32 -08:00
Samuel Liu
4550f8c50f
calico_flexvol ( #8273 )
2021-12-06 05:00:32 -08:00
toplordsaito
9afca43807
change dns upstream condition for coredns ( #8263 )
...
upstream_dns_servers should change corefile config even resolvconf_mode=docker_dns
2021-12-06 02:46:32 -08:00
Alvaro Campesino
27ab364df5
Improve control plane scale flow ( #13 ) ( #7989 )
...
* Improve control plane scale flow (#13 )
* Added version 1.20.10 of K8s
* Setting first_kube_control_plane to a existing one
* Setting first_kube_control_plane to a existing one
* change first_kube_master for first_kube_control_plane
* Ansible-lint changes
2021-12-06 00:16:32 -08:00
Hanna Bledai
615216f397
Fix if bind-address is not set to 0.0.0.0 ( #8262 )
...
* if bind-address is not set to 0.0.0.0
* Update docs and left comments
* fix yamllist check: remove space
2021-12-05 23:58:32 -08:00
Kenichi Omichi
46b1b7ab34
Fix k8scsi/csi-resizer repo ( #8270 )
...
If trying to pull k8scsi/csi-resizer image from gcr.io, we face the error
like:
$ docker pull gcr.io/k8scsi/csi-resizer:v1.0.0
Error response from daemon: Head https://gcr.io/v2/k8scsi/csi-resizer/
manifests/v1.0.0: unknown: Project 'project:k8scsi' not found or deleted.
$
We can pull the image from quay.io instead.
This fixes the issue.
2021-12-05 23:42:32 -08:00
Alvaro Campesino
30d9882851
Add nodelocaldns only if it is enabled ( #7731 )
2021-12-03 20:36:31 -08:00
Cristian Calin
dfdebda0b6
Calico: remove duplicate values for CALICO_DISABLE_FILE_LOGGING and FELIX_DEFAULTENDPOINTTOHOSTACTION ( #8269 )
2021-12-03 20:32:31 -08:00
Cristian Calin
9d8a83314b
containerd: add hashes for 1.5.8 and 1.4.12 and make 1.5.8 the new default ( #8239 )
...
* containerd: add hashes for 1.5.8 and 1.4.12 and make 1.5.8 the new default
* containerd: make nerdctl mandatory for container_manager = containerd
* nerdctl: bump to version 0.14.0
* containerd: use nerdctl for image manipulation
* OpenSuSE: install basic nerdctl dependencies
2021-12-03 12:20:35 -08:00
Florian Ruynat
e19ce27352
Remove ovn4nfv support ( #8265 )
2021-12-03 11:56:35 -08:00
Cristian Calin
4d711691d0
Fix calico crd archive checksums ( #8266 )
...
v3.20.3 and v3.21.1 were re-released with new checksums
2021-12-03 04:56:27 -08:00
Samuel Liu
ee0f1e9d58
Update etcd-servers for apiserver ( #8253 )
2021-12-03 00:28:27 -08:00
Cristian Calin
9f052702e5
containerd: add support for suse distributions ( #8261 )
2021-12-02 07:51:33 -08:00
Florian Ruynat
b38382a68f
Move cri-o default package to 1.22 ( #8258 )
2021-12-02 06:21:34 -08:00
zhengtianbao
785324827c
Set ingress-nginx default terminationGracePeriodSeconds to 5 min ( #8252 )
...
* set ingress-nginx default terminationGracePeriodSeconds to 5 min for the drain of connection
* Add ingress_nginx_termination_grace_period_seconds at sample inventory
2021-12-02 03:23:33 -08:00
Cristian Calin
31c7b6747b
Calico: add dependencies for 3.21.x ( #8250 )
2021-12-02 01:17:33 -08:00
Alvaro Campesino
dc767c14b9
remove no longer present etcd nodes from APIEndpoints list in kubeadm-config configmap ( #8244 )
2021-12-01 07:17:15 -08:00
Florian Ruynat
30ec03259d
Remove fedora33 - eol ( #8246 )
2021-11-30 15:53:17 -08:00
Florian Ruynat
0e22a90579
Update docker to 20.10.11 with containerd 1.4.12 ( #8255 )
2021-11-30 11:49:01 -08:00
Cristian Calin
ee882fa462
Add capability to use swap, requires Kube 1.22 ( #8241 )
...
* Alpha-NodeSwap: allow nodes to use swap
* CI: Add Fedora 35 with experimental swap job
2021-11-30 00:52:56 -08:00
Cristian Calin
3431ed9857
containerd: properly pull images with containerd specific tools ( #8245 )
2021-11-30 00:48:56 -08:00
Florian Ruynat
279808b44e
Update minor version for kata/cilium/kube-router/helm
2021-11-29 23:06:56 -08:00
Florian Ruynat
2fd529a993
Update Kubernetes version to v1.22.4
2021-11-29 23:06:56 -08:00
Florian Ruynat
1f6f79c91e
Update kubernetes hashes with 1.22.4/1.21.7/1.20.13
2021-11-29 23:06:56 -08:00
Cristian Calin
2f44b40d68
OEL7: Fix CentOS7 Extras for OEL7 ( #8219 )
...
* OEL7: Fix CentOS7 Extras for OEL7
* Molecule: add logs collection for jobs
2021-11-29 13:39:21 -08:00
Cristian Calin
20157254c3
Update calico versions ( #8238 )
...
* Calico: Bump 3.20.x to 3.20.3
* Calico: Bump 3.18.x to 3.18.6
* Calico: add calico 3.21.1 hashes
2021-11-29 01:15:22 -08:00
Florian Ruynat
a5f88e14d0
Cleanup tests ( #8234 )
...
* Add Fedora 35 image, support and CI
* Cleanup tests and allow_failure for vagrant
2021-11-26 09:00:51 -08:00
Cristian Calin
e78bda65fe
Defaults: replace docker with containerd as our default container_manager ( #8175 )
...
* Defaults: replace docker with containerd as our default container_manager
* CI: Use docker for download_localhost test
* Defaults: with container_manager=containerd we need etcd_deployment_type=host
* CI: Run weave jobs with docker
* CI: Vagrant don't download_force_cache
* CI: Fix upgrade tests
* should run compatible with old settings, this means docker
* we need to run with a distro that has at least modern containerd,
this means move from debian9 to debian10 to allow `containerd_version`
to match between 2.17 and master
2021-11-25 06:54:33 -08:00
khatrig
3ea496013f
Create reset.yml ( #8227 )
2021-11-24 09:44:20 -08:00
ishizuka
7e1873d927
DeprecationWarning occurs when indentfirst=None is specified in coredns-config.yml.j2 ( #8224 )
2021-11-24 08:56:21 -08:00
zhengtianbao
e35a87e3eb
Update registry template ( #8198 )
...
* Add registry replica setting
* Add registry liveness and readiness probe
* Set the security context for registry
* Add registry pvc access mode option
* registry add replica requirement check
* docs: add registry replicas setting note
* Update docs/kubernetes-apps/registry.md
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2021-11-22 02:45:09 -08:00
zhengtianbao
a6fcf2e066
Enable experimental modules when rpm-ostree version >= 2021.9 ( #8202 )
...
* Enable experimental modules when rpm-ostree version >= 2021.9
* cleanup code
2021-11-22 02:29:09 -08:00
Cristian Calin
c74e1c9db3
CI: use images from quay.io to prevent being throttled by docker hub ( #8209 )
...
* CI: use netchecker images from quay to prevent throttling
* Molecule: use hello-world image from quay.io
2021-11-19 13:23:40 -08:00