Commit Graph

925 Commits (a306f15a741e69a4706db534149424053d878b6d)

Author SHA1 Message Date
Navid Nabavi 4313c13656
[feature] Add coredns_additional_configs to handle any extra configurations for coredns deployment (#10023) (#10025) 2023-05-09 06:45:58 -07:00
Eugene Marchanka c880b24a80
[MetalLB] Remove unused resources (#10004)
* Fix MetalLB deploy

This will fix MetalLB deploy

* Remove `metallb_ip_range` check

* Remove missing `metallb-config.yml`

* fix template name

* make deployment of layer3 conditional

* revert

* revert
2023-05-08 17:20:52 -07:00
Mohamed Omar Zaian a505a4c71f
[feat] Update metrics server to v0.6.3 (#10026) 2023-04-26 04:10:16 -07:00
pli 8727f88e41
metrics_server: add extras nodeselector, affinity, tolerations (#9972)
* metrics_server: add extras nodeselector, affinity, tolerations

* fix tolerations invalid YAML if undefined
2023-04-26 00:30:16 -07:00
Mohamed Omar Zaian 4deeaba335
[feature] Update dns-autoscaler (#9996) 2023-04-24 02:47:01 -07:00
Jeroen Rijken 709ae1d244
Update MetalLB and switch to CRD notation. (#9120)
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2023-04-14 01:14:41 -07:00
Mohamed Omar Zaian ed6f8df784
[feature] Update CoreDNS manifests (#9977) 2023-04-12 21:38:35 -07:00
Eugene Marchanka eecaec2919
[vSphere-csi-driver] Custom namespace fails playbook (#9946)
* Fix: vSphere Error: `Apply a CSI secret manifest`

This PR will fix an issue that you will see on 2nd deploy when deploying External vSphere
How to re-produce:
1. Set custom `vsphere_csi_namespace: "vmware-system-csi"`
2. Deploy as usual
3. Observe no errors
4. Deploy 2nd time without `reset`
5. Playbook fails with:
```
TASK [kubernetes-apps/csi_driver/vsphere : vSphere CSI Driver | Apply a CSI secret manifest]
fatal: [node-00]: FAILED! => changed=true                                                                                                                                                 
  censored: 'the output has been hidden due to the fact that ''no_log: true'' was specified for this result'
```

* create namespace if does not exist

* lint fix

* try to fix lint errors

* fix `too few spaces before comment`

* change the order of applied manifests

* typo
2023-04-09 22:13:15 -07:00
Dominykas Norkus 5e2cb4d244
Add bind address variable to OCCM (#9958) 2023-04-04 15:57:40 -07:00
Mohamed Omar Zaian dff58023d9
[argocd] update argocd to v2.6.7 (#9953) 2023-04-04 12:01:43 -07:00
Mathias Petermann dcc04e54f3
fix(cert manager): Fix manifest if cert_manager_trusted_internal_ca is provided (#9922) 2023-03-27 08:12:28 -07:00
panguicai 1555d78155
upgrade argocd to v2.6.3 (#9848)
Signed-off-by: panguicai008 <1121906548@qq.com>
2023-03-03 06:44:58 -08:00
Eugene Artemenko 5cbcec8968
Add resources section to all containers releated to Vsphere CSI driver (#9687) 2023-02-27 02:36:20 -08:00
Mohamed Zaian 260dad8f10
[ingress-nginx] upgrade to 1.6.4 (#9818) 2023-02-23 01:35:34 -08:00
pli 4ba1df5237
Fix kubernetes-app/argocd: download related things with the download role (#9786)
* Fix yq install in argocd role: use download_file instead of get_url

* Fix use download_file instead of get_url to download argocd-install manifest in argocd role

* Fix order and add arm64 checksum

* Fix: Failed to template loop_control.label: 'None'
2023-02-19 16:11:37 -08:00
Bas 2c93c997cf
pre-commit autocorrected files (#9750) 2023-02-06 01:35:16 -08:00
manzsolutions-lpr 6c41191646
Add support for PodSecurityStandards (#9713) 2023-02-06 01:27:01 -08:00
Kevin Huang 1853085ffe
feat(cinder-csi): Allow deletionPolicy to be configurable (#9736) 2023-02-02 15:46:28 -08:00
stelucz 9247137e60
Replace label `k8s-app: nodelocaldns` in DaemonSet template by `k8s-app: node-local-dns` (#9745) 2023-02-02 15:42:28 -08:00
杨刚 (成都) e8f048c71d
[argocd] update argocd to v2.5.10 (#9753)
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-02-02 15:38:29 -08:00
杨刚 (成都) b9a34b83d4
[argocd] update argocd to v2.5.9 (#9723)
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-28 19:14:33 -08:00
杨刚 8d6cfd6e53
[argocd] update argocd to v2.5.8 (#9708)
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-27 00:14:25 -08:00
ERIK ee2193d4cf
Add dns configuration for cert manager (#9673)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-01-23 17:42:15 -08:00
yanggang fd80ef1ff1
[argocd] update argocd to v2.5.7 (#9682)
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-18 15:38:34 -08:00
Arthur Outhenin-Chalandre 4a6eb7eaa2
enable back kubelet_authorization_mode_webhook by default (#9662)
In 6db6c8678c, this was disabled becaue
kubesrpay gave too much permissions that were not needed. This commit
re-enable back this option by default and also removes the extra
permissions that kubespray gave that were in fact not needed.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-01-16 23:56:32 -08:00
Vitaly Yakovenko d919c58e21
[multus] added support for mixed type of container engine (#9224)
* [multus] added support for mixed type of container engine

* [multus] fixed for using with cluster/upgrade-cluster/scale playbooks
2023-01-16 23:30:33 -08:00
Mohamed Zaian c7cffb14a7
[cert-manager] update cert-manager to v1.11.0 (#9661) 2023-01-16 02:36:51 -08:00
yanggang 6b4bb2a121
[argocd] update argocd to v2.5.6 (#9654)
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-15 21:16:50 -08:00
László Rafael ea35021c96
Add defaults for external_vsphere_user and external_vsphere_password in the vsphere csi_driver (#9664) 2023-01-14 14:24:14 -08:00
Marijn van der Giesen 0d5bcd3e20
feat(coredns): Forward extra domains to coredns kubernetes plugin (#9635) 2023-01-05 06:57:58 -08:00
Marijn van der Giesen ab80342750
[feat] Add custom options to coredns kubernets plugin (#9608) 2022-12-27 18:21:27 -08:00
Maxime Leroy 9fe89a0641
fix(apps): cinder: wrong rbac for csi-snapshotter-role (#9610) 2022-12-27 00:45:28 -08:00
Mohamed Zaian 438da0c8e6
[argocd] update argocd to v2.5.5 (#9604) 2022-12-22 00:53:25 -08:00
Robin Wallace ccf60fc9ca
upcloud: Delete default reclaim policy (#9574) 2022-12-14 16:15:34 -08:00
JSpon 94eae6a8dc
adjust calico-kube-controller to use hostNetwork when using etcd as datastore (#9573) 2022-12-13 20:41:34 -08:00
Ugur Can Ozturk a0f41bf82a
[metrics_server]: Enabled HA mode by adding 'metrics_server_replicas'… (#9539)
* [metrics_server]: Enabled HA mode by adding 'metrics_server_replicas' variable and adding podAntiAffinity rule

Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>

* [metrics_server]: added namespaces selector

Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>

Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>
2022-12-06 18:22:38 -08:00
rtsp 529faeea9e
[cert-manager] Upgrade to v1.10.1 (#9512) 2022-11-29 07:17:26 -08:00
Robin Wallace ed0acd8027
[openstack cloud controller] bump to v1.25.3 (#9500) 2022-11-18 04:26:31 -08:00
emiran-orange df6da52195
Enable check mode in DNS Cleanup tasks (#9472) 2022-11-10 19:58:09 -08:00
emiran-orange 5c25b57989
Ability to define options for DNS upstream servers (#9311)
* Ability to define options for DNS upstream servers

* Doc and sample inventory vars
2022-11-08 06:44:25 -08:00
Olivier Lemasle 5d1fe64bc8
Update local-volume-provisioner (#9463)
- Update and re-work the documentation:
  - Update links
  - Fix formatting (especially for lists)
  - Remove documentation about `useAlphaApi`,
    a flag only for k8s versions < v1.10
  - Attempt to clarify the doc
- Update to version 1.5.0
- Remove PodSecurityPolicy (deprecated in k8s v1.21+)
- Update ClusterRole following upstream
  (cf https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner/pull/292)
- Add nodeSelector to DaemonSet (following upstream)
2022-11-07 15:28:17 -08:00
yanggang 0d6dc08578
upgrade argocd version 2.4.16 (#9467) 2022-11-06 18:04:16 -08:00
Cyclinder 590b4aa240
adjust calico-kube-controller to non-hostnetwork pod (#9465)
Signed-off-by: cyclinder qifeng.guo@daocloud.io

Signed-off-by: cyclinder qifeng.guo@daocloud.io
2022-11-06 17:34:17 -08:00
ausias-armesto 2a696ddb34
Adding metrics server to use host network (#9444)
* Adding metrics server to use host network

* EXternalize value to a variable
2022-11-06 02:38:15 -08:00
yanggang ce751cb89d
add variable condition snapshot in vSphere CSI (#9429) 2022-11-02 00:22:46 -07:00
cleverhu 5cf2883444
add retry for start calico kube controller (#9450)
Signed-off-by: cleverhu <shouping.hu@daocloud.io>

Signed-off-by: cleverhu <shouping.hu@daocloud.io>
2022-11-02 00:18:45 -07:00
yanggang d00508105b
Removed PodSecurityPolicy from ingress-nginx (#9448) 2022-10-30 20:08:44 -07:00
杨刚 4d3f637684
Remove PodSecurityPolicies in Metallb for kubernetes 1.25 (#9442) 2022-10-27 21:46:30 -07:00
Mohamed Zaian 2af918132e
Update kubernetes dashboard to 2.7.0 (k8s 1.25 support) (#9425) 2022-10-24 18:32:36 -07:00
杨刚 b192053e28
as argocd 2.4.15 is releasesd , update the version (#9420) 2022-10-23 20:34:24 -07:00
Kenichi Omichi 0374a55eb3
Specify securityContext for cert-manager (#9404)
On hardening environments, cert-manager pods could not be created
from the corresponding deployments. This adds the securityContext
to solve the issue.
2022-10-20 00:57:08 -07:00
Vladimir 958840da89
Add var for control initialDelaySeconds in nginx ingress probe (#9405)
Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>

Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>
2022-10-19 21:20:56 -07:00
Mohamed Zaian 0f44e8c812
[ingress-nginx] upgrade to 1.4.0 (#9403) 2022-10-18 16:53:00 -07:00
Kenichi Omichi c38fb866b7
Update securityContext of netchecker (#9398)
To run netchecker with necessary privilege,
this updates the securityContext.
2022-10-17 19:11:18 -07:00
Unai Arríen 52904ee6ad
Avoid MetalLB speaker image download when MetalLB speaker is disabled (#9248)
* Avoid MetalLB speaker image download when metallb_speaker_enabled is set to

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Improve metallb_speaker_enabled default values
2022-10-13 16:50:47 -07:00
ghostloda 547ef747da
fix helm install with password authentication (#9343) 2022-10-12 23:55:01 -07:00
Unai Arríen ef76a578a4
Change dns upstream condition for nodelocaldns (#9378) 2022-10-11 00:47:02 -07:00
Piotr Kowalczyk 3b99d24ceb
Fix: install calico-kube-controller on kdd (#9358)
* Fix: install policy controller on kdd too

* Remove the calico_policy_version condition altogether

* Install policy controller both on canal and calico under same condition
2022-10-10 19:45:01 -07:00
Kay Yan 4701abff4c
upgrade-api-version-for-PodDisruptionBudget (#9369) 2022-10-10 17:51:02 -07:00
Kevin Huang c346e46022
fix(cinder-csi-nodeplugin): Remove the pods-cloud-data volume (#9362) 2022-10-08 01:23:19 -07:00
Hugo Blom a8e4984cf7
Add missing permissions to openstack cc (#9335)
Add missing permissions to Openstack cloud controller to make sure controller runs as intended
2022-09-27 22:19:35 -07:00
Federico Cucinella e486151aea
cloud-provider-openstack: upgrade 1.22.0 to 1.23.4 (#9332) 2022-09-26 17:35:46 -07:00
Robin Wallace c4de3df492
upcloud csi driver: bump version to v0.3.3 (#9317) 2022-09-24 13:18:04 -07:00
Florian Ruynat 4ad67acedd
Move back vsphere csi to kube-system ns (#9312) 2022-09-23 10:46:26 -07:00
Kay Yan 1b3c2dab2e
add_max_concurrent_in_coredns (#9307) 2022-09-22 04:27:03 -07:00
pingrulkin a2e23c1a71
vsphere-csi: add nodeAffinity to daemonset (#9293) 2022-09-19 17:47:22 -07:00
Mohamed Zaian a71da25b57
[argocd] update argocd to v2.4.12 (#9297) 2022-09-19 17:37:22 -07:00
Vadim 5ac614f97d
fix duplicate field in ingress-nginx template (#9285) 2022-09-19 03:03:22 -07:00
ErmalKristo b8b8b82ff4
Adds support for multiple architectures to yq (#9288) 2022-09-19 02:14:38 -07:00
Mahdi Abbasi 023b16349e
Add variable for the vsphere-csi namespace (#9278) 2022-09-15 02:01:23 -07:00
ghostloda f3fb758f0c
Remove useless file (#9258) 2022-09-07 17:10:49 -07:00
Michael Schmitz be2bfd867c
Add Support for Rewrite Plugin to CoreDNS/NodelocalDNS (#9245) 2022-09-03 16:16:35 -07:00
Ho Kim e31890806c
Add 'avoid-buggy-ips' support of MetalLB (#9166) 2022-08-18 21:49:51 -07:00
Piotr Kowalczyk 49d869f662
Fix CSI drivers issues on Azure (#9153)
* Include missing azuredisk rbac manifest

* Remove missing azure csi manifest

* Remove invalid reference mount to waagent settings

* Use cloud-config secret instead of /etc/kubernetes/cloud_config file
2022-08-18 00:56:36 -07:00
ERIK 9ad2d24ad8
Add unsafe_show_logs switch (#9164)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-08-16 18:52:48 -07:00
Cristian Calin 8585134db4
when ingress-nginx is deployes without a class, we need to use 'ingress-controller-leader' resource instead of the default 'ingress-controller-leader-nginx' (#9156) 2022-08-09 04:52:50 -07:00
Aveline 06f8368ce6
Fix Hetzner CCM cluster-cidr (#9127) 2022-07-30 20:18:27 -07:00
rtsp b3876142d2
[cert-manager] Upgrade to v1.9.0 (#9117) 2022-07-29 00:11:11 -07:00
Mohamed Zaian 9f11946f8a
[argocd] update argocd to v2.4.7 (#9105) 2022-07-27 09:32:29 -07:00
Mohamed Zaian ce04fdde72
[ingress-nginx] upgrade to 1.3.0 (#9088)
* This release removes support for Kubernetes v1.19.0
* This release adds support for Kubernetes v1.24.0
* Starting with this release, we will need permissions on the coordination.k8s.io/leases resource for leaderelection lock
2022-07-14 18:46:25 -07:00
Peter Pan 14063b023c
Extend DNS memory limit. 170Mi tents to OOM (#9084) 2022-07-13 00:03:37 -07:00
Samuel Liu d821bed2ea
Fix some typo (#9056)
* fix ingress controller task name

* fix calico word

* add check typo
2022-07-11 09:49:48 -07:00
yasintahaerol 6d543b830a
Fix vcloud-csi bug related to #9046 (#9066)
* Fix vcloud-csi bug related to #9046

Signed-off-by: yasintahaerol <yasintahaerol@gmail.com>

* add supervisor-fss-namespace=kube-system flag to vsphere-csi-controller-deployment

Signed-off-by: yasintahaerol <yasintahaerol@gmail.com>
2022-07-07 10:31:35 -07:00
Emin AKTAS 4607ac2e93
fix(vsphere-csi): remove namespace env variable and set namespace as kube-system (#9046)
Signed-off-by: eminaktas <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>

Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2022-07-06 01:00:50 -07:00
Mohamed Zaian 51195212b4
[argocd] update argocd to v2.4.3 (#9050) 2022-07-05 08:22:47 -07:00
忘尘 1562a9c2ec
add missing verbs (#9032) 2022-06-29 00:18:05 -07:00
Samuel Liu e8ccbebd6f
add ingress nginx webhook (#9033)
* add ingress nginx webhook

* fix ingress nginx template
2022-06-28 11:55:35 -07:00
Robin Wallace 79f6cd774a create snapshot-controller only if needed 2022-06-22 00:37:44 -07:00
Sébastien Masset 9d5d945bdb
[MASTER] Add missing configuration for extra tolerations (#8908)
* Added new configuration item for extra tolerations in policy controllers

Signed-off-by: Sébastien Masset <smt.masset@gmail.com>

* Added new configuration item for extra tolerations in DNS autoscaler

Signed-off-by: Sébastien Masset <smt.masset@gmail.com>

* Aligned existing handling of extra DNS tolerations

Signed-off-by: Sébastien Masset <smt.masset@gmail.com>
2022-06-20 01:36:06 -07:00
Calin Cristian Andrei 2de5c4821c [calico] clean up workarounds for older versions 2022-06-15 00:57:20 -07:00
orange-llajeanne 2fba94c5e5
fix a typo in the "matallb_auto_assign" variable name (#8949)
* fix a typo in the "matallb_auto_assign" variable name

* add metallb check to fail when deprecated "matallb_auto_assign" variable is defined
2022-06-13 09:40:12 -07:00
Steffen Becker 6b43d6aff2
Proposed fix to Issue 8667 (#8944)
Proposed fix to Issue 8667

Proposed fix to Issue 8667
2022-06-09 23:37:46 -07:00
Mohamed Zaian bb530da5c2 [registry] Switch registry to use registry.k8s.io
Please see the conversation here: https://groups.google.com/a/kubernetes.io/g/dev/c/DYZYNQ_A6_c
2022-06-08 14:12:22 +02:00
Mohamed Zaian b2346cdaec
[feat] Upgrade metrics server to v0.6.1 (#8909)
* Metrics Server now requires access to nodes/metrics RBAC resource instead of nodes/stats. See: https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.0
* Minimize rbac permissions.
2022-06-06 07:34:37 -07:00
Samuel Liu 1600fd9082
clean up tags (#8880) 2022-05-31 07:52:53 -07:00
irizzant 85bd1eea27
fix(calico): add missing "get" verb (#8847)
Signed-off-by: irizzant <i.rizzante@gmail.com>
2022-05-21 01:20:00 -07:00
David Louks 93fe3e06ef
Add support for including annotations on aws-ebs-csi-controller (#8779)
* Add support for including annotations on aws-ebs-csi-controller

* update comment to specify role arn
2022-05-20 15:00:00 -07:00
Samuel Liu a28b58dbd0
[calico]use ipamconfig instead of calico ipam command (#8839)
* use ipamconfig instead of calico ipam command

* fix ansible lint
2022-05-19 11:13:20 -07:00
orange-llajeanne a26a9ee14f
set apparmor_enabled in netchecker task (#8844) 2022-05-19 10:49:21 -07:00
weizhoublue b289f533b3
get wrong server name of coredns (#8811)
Signed-off-by: weizhou.lan@daocloud.io <weizhou.lan@daocloud.io>
2022-05-12 08:33:14 -07:00