Commit Graph

7942 Commits (aa76e39f7907282b61b26c0dca0307e84a426356)
 

Author SHA1 Message Date
Lee Spottiswood aa76e39f79
adds nodelocaldns_additional_configs to facilitate additional CoreDNS config options (#11657) 2024-11-08 02:46:44 +00:00
Max Gautier bf6687b032
preinstall: fix checking that excluded host are cached (#11693)
- Lookup was not returning a list, making the difference filter spit out
  garbage -> query always return a list
- hostvars is a dictionnary, so convert to list before selectattr and
  map back to only get keys
2024-11-07 10:27:33 +00:00
anders-elastisys d23753e9f7
Add support to use exisitng fips with terraform openstack (#11558) 2024-11-07 03:13:29 +00:00
Timothée Oliger 4e58413140
Add a new crio_root variable in order to store CRI-O data on something else than /var/lib (#11692) 2024-11-07 02:01:29 +00:00
Lihai Tu b7c1d68ea3
Fix coredns version constraint (#11691) 2024-11-06 10:29:29 +00:00
Kubernetes Prow Robot a469c1c955
Merge pull request #11688 from VannTen/cleanup/preinstall_package_selection
Simplify package selection + fix openEuler package
2024-11-05 10:33:29 +00:00
Kubernetes Prow Robot 107c3cc6f4
Merge pull request #11633 from tico88612/feat/remove-in-tree-cloud-provider
Cleanup: remove in-tree cloud provider support
2024-11-05 09:13:30 +00:00
Kubernetes Prow Robot 25ca0acf73
Merge pull request #11667 from VannTen/ci-fix/kubelet_csr
Remove `shell` module usage from CI testcases
2024-11-05 08:41:29 +00:00
Max Gautier e1392c65b4
Fix openEuler packages
conntrack -> conntrack-tools
device-mapper-libs -> device-mapper
2024-11-05 09:36:40 +01:00
Max Gautier 8ff4ad2d8e
preinstall: simplify OS packages selection
Since a2019c1c2 (Add a JSON schema describing the packages install
structure, 2024-04-25), we use a custom structure to select which
packages should be installed on a particular host OS.

This has proven too rigid in practice, and the query is pretty
complicated.

Replace this by simply using an array of jinja conditions for the
packages, which should be easier to understand for everyone and more
flexible.

Also remove the associated schema and validation which are no longer
needed.
2024-11-05 09:35:50 +01:00
Max Gautier 0f0e24be0f
etcd: throttle restart for availability (#11677)
* etcd: throttle restart for availability

During upgrade, etcd member are restarted all at once.
This can impact the availability of the etcd cluster and subsequently of
the Kubernetes cluster.

Limit the concurrent restart so that the etcd cluster can keep quorum.

* Simplify etcd handlers
2024-11-05 06:11:29 +00:00
ChengHao Yang a070c72214
Refactor: simpify external_cloud_provider is defined
For this change, `external_cloud_provider` set default value to empty
string.

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-11-05 08:32:39 +08:00
ChengHao Yang 38cd05c503
Refactor: simpify cloud_provider is defined condition
For this change, `cloud_provider` change the default value to empty
string.

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-11-05 08:32:39 +08:00
ChengHao Yang c27cc33bd7
Refactor: var kube_override_hostname only reserve in kubespray-defaults
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-11-05 01:00:39 +08:00
ChengHao Yang 437026f514
Cleanup: remove all cloud_provider related tasks & files
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-11-05 00:51:00 +08:00
ChengHao Yang 0a2e68c9d3
Docs: edit cloud_provider description
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-11-05 00:51:00 +08:00
ChengHao Yang a2a11819b3
Docs: migrate to cloud_controllers
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-11-05 00:51:00 +08:00
ChengHao Yang 63ed2c70da
Docs: add removed message for cloud_provider
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-11-05 00:50:01 +08:00
Dmitry Chistyakov 31a206033f
Fix task name spelling (#11684) 2024-11-04 12:33:28 +00:00
ChengHao Yang 66d3cb7e6f
[cert-manager] upgrade to v1.15.3 (#11668)
* Feat: upgrade cert-manager version to v1.15.3

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Feat: upgrade cert-manager crd to v1.15.3

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Feat: update cert-manager v1.15.3 deployment files

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: upgrade cert-manager to v1.15.3

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-11-04 10:39:29 +00:00
Max Gautier 5cb07e0aac
CI: remove shell usage for test playbooks
General cleanup + has the advantages of not requiring bash on the hosts.
2024-11-04 10:44:39 +01:00
Antoine Legrand e293a887da
Cache vagrant boxes (#11671) 2024-10-31 13:47:26 +00:00
ChengHao Yang 20df44521d
Feat: Add external OCI cloud controller manager (#11378)
* Feat: add external OCI cloud controller manager template & variable

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

* Feat: add external OCI cloud controller manager workflow

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

* Feat: migrate external OCI CCM config check from OCI cloud provider

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

* cloud_controller: oracle: simpler asserts

Make the asserts check for Oracle Cloud Infrastructure external cloud
controller more compact, and hence readable.
Allows to put them back in the main tasks for less back and forth when
reading the code.

---------

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
Co-authored-by: Max Gautier <mg@max.gautier.name>
2024-10-31 12:53:26 +00:00
Kubernetes Prow Robot 3f027abae6
Merge pull request #11598 from VannTen/cleanup/fact_gathering
Do not serialize fact gathering for no_proxy
2024-10-31 10:59:26 +00:00
kyrie d0f1d520ec
update calico template (#11634)
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
2024-10-31 02:21:26 +00:00
dependabot[bot] bb7b4e0c7c
build(deps): bump tox from 4.23.0 to 4.23.2 (#11670)
Bumps [tox](https://github.com/tox-dev/tox) from 4.23.0 to 4.23.2.
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](https://github.com/tox-dev/tox/compare/4.23.0...4.23.2)

---
updated-dependencies:
- dependency-name: tox
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-30 09:07:25 +00:00
Max Gautier 2ba28a3389
Revert "Wait for available API token in a new namespace (#7045)"
This reverts commit 275c54e810.

Static tokens are no longer created automatically for service account in
Kubernetes. Instead, they are dynamically injected into pods using a
projected volume.

Thus there is no longer a need to check for this (it didn't work anyway,
since the describe output actually contains <none> when there is no
tokens:
{
  "attempts": 1,
  "changed": false,
  "cmd": "set -o pipefail && /usr/local/bin/kubectl describe serviceaccounts default --namespace test | grep Tokens | awk '{print $2}'",
  "delta": "0:00:00.075633",
  "end": "2024-10-19 14:25:04.858871",
  "msg": "",
  "rc": 0,
  "start": "2024-10-19 14:25:04.783238",
  "stderr": "",
  "stderr_lines": [],
  "stdout": "<none>",
  "stdout_lines": [
    "<none>"
  ]
}
)
2024-10-25 15:02:29 +02:00
Robert Volkmann 5988ba0890
Add hashes for crictl 1.30.1 and 1.31.1 (#11661) 2024-10-24 15:50:53 +01:00
Robert Volkmann 87270ebf26
Add hashes for Kubernetes 1.31.2 (new default), 1.30.6 and 1.29.10 (#11662) 2024-10-24 15:46:53 +01:00
ChengHao Yang e119863e04
Fix `debian11-custom-cni` failing test & upgrade `debian12-custom-cni-helm` chart version (#11654)
* Test: update custom_cni values

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Test: fix cilium require kube_owner set to root

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Test: update custom_cni render manifests

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Test: fix render template pre-commit

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Test: update debian12-custom-cni-helm chart version to 1.16.3

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-10-22 16:42:51 +01:00
dependabot[bot] 99c620d510
build(deps): bump tox from 4.21.2 to 4.23.0 (#11652)
Bumps [tox](https://github.com/tox-dev/tox) from 4.21.2 to 4.23.0.
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](https://github.com/tox-dev/tox/compare/4.21.2...4.23.0)

---
updated-dependencies:
- dependency-name: tox
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-21 22:54:58 +01:00
Erwan Miran daa9411b91
Make cri-dockerd log level configurable (#11646) 2024-10-21 22:54:52 +01:00
ChengHao Yang d1417d54ce
Feat: CoreDNS upgrade to v1.11.3 (#11653)
* Feat: bump CoreDNS version to v1.11.3

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: update README.md CoreDNS version to v1.11.3

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-10-21 22:50:52 +01:00
kyrie 693eb74f52
fix kube-vip container securityContext (#11647) 2024-10-21 17:42:52 +01:00
Robert Volkmann 5aea2abc40
Bump containerd to 1.7.23 (#11642) 2024-10-17 14:55:03 +01:00
dependabot[bot] 87fc2b88d8
build(deps): bump ansible from 9.10.0 to 9.11.0 (#11632)
Bumps [ansible](https://github.com/ansible-community/ansible-build-data) from 9.10.0 to 9.11.0.
- [Changelog](https://github.com/ansible-community/ansible-build-data/blob/main/docs/release-process.md)
- [Commits](https://github.com/ansible-community/ansible-build-data/compare/9.10.0...9.11.0)

---
updated-dependencies:
- dependency-name: ansible
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-16 02:53:03 +01:00
Kubernetes Prow Robot daa2144de3
Merge pull request #11601 from tico88612/feat/crio-default-crun
Feat: CRI-O v1.31 change default runtime to crun
2024-10-16 02:49:03 +01:00
ChengHao Yang 687fa3dbed
Fix: cannot stop & remove all cri containers via remove_node.yml (#11631)
Before adding these changes, `ansible_facts.services["containerd.service"]` will not defined and fail to check for triggering the container stop and delete behaviors.

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-10-15 08:50:22 +01:00
Alexander 616e4b40db
replace deprecated unarchive.copy with unarchive.remote_src (#11207) 2024-10-14 08:20:21 +01:00
Nicolas Marcq 4e62e36f3a
Multus configuration add namespace isolation (#11605)
#11594
2024-10-12 03:40:20 +01:00
ChengHao Yang faa0816b95
Feat: make CRI-O's default runtime configurable
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-10-11 01:49:16 +08:00
Max Gautier b4768cfa91
Always copy cert generation scripts to first etcd (#11612)
If we don't, existing installation would not pick up fix to that script,
such as dc33a1971d.
2024-10-09 02:44:22 +01:00
ChengHao Yang a16d7b4365
Test: revert accidental deletion Fedora 39 CRI-O CI (#11611)
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-10-08 14:32:23 +01:00
Seena Fallah 7f90fc7b12
containerd: simplify registry mirror template (#11326)
Simplify registry mirror rendering in config.toml.
The map filter can extract the host list from mirrors so we can
just unique them and render them without needing to construct vars
for it.
For the registry mirror tls section, we can first extract mirrors
from the dict then filter on only the ones having skip_veridy defined
first and then filter on the ones having true (as the dict might not
have skip_verify defined and that would cause errors of undefined var).

This will speed up and simply the templating.

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
2024-10-08 08:46:22 +01:00
Kay Yan fb312e5179
cleanup kube 1.28 and cri-o 1.28 (#11609) 2024-10-08 08:28:22 +01:00
Kubernetes Prow Robot 9204f60b19
Merge pull request #11606 from VannTen/cleanup/pre_commit_ansible_lint
Reduce pre-commit hooks dependencies
2024-10-08 06:56:22 +01:00
Max Gautier 4f27bc2bf9
pre-commit: drop redundant ansible-syntax-check
ansible-lint hook already check syntax on the playbooks.
2024-10-07 14:18:36 +02:00
Max Gautier 07e551ab77
pre-commit: auto-update all hooks 2024-10-07 14:15:34 +02:00
Max Gautier a7ace2e55b
ansible-lint: Adjust pre-commit hooks dependencies
Dropping the ansible dependencies for ansible-lint will allow us to
catch missing dependencies collections in galaxy.yml. For collections
needed for contrib/ or tests/ (i.e: not part of core kubespray
dependencies), we can just configure ansible-lint to mock them.

This mean it won't check the mocked module parameters, but for those
area of the code base it's an acceptable trade-off.
2024-10-07 14:11:24 +02:00
ChengHao Yang 8aa4c9ac0c
Cleanup: Fedora 37/38 CI tests & docs (#11600)
* Feat: update the remaining Fedora 37 vagrant CI

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Cleanup: remove EOL Fedora 37/38 CI tests

Signed-off-by: ChengHao Yang
<17496418+tico88612@users.noreply.github.com>

* Docs: remove EOL Fedora 37/38

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-10-07 09:16:06 +01:00