Arthur Outhenin-Chalandre
4ad89ef8f1
local_path_provisioner: fix invalid podhelper yaml ( #10237 )
...
New line was not inserted between image and imagePullPolicy for some
reasons with the jinja. Simplifying this altogether should fix this.
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-06-20 20:10:21 -07:00
Emin AKTAS
7a66be8254
bump flannel version to v0.22.0 and flannel-cni-plugin version to v1.1.2 ( #10205 )
...
This also changes flannel repository from flannelcni to flannel
Signed-off-by: Emin Aktaş <eminaktas34@gmail.com>
2023-06-19 16:52:24 -07:00
Samuel Liu
db696785d5
update local path provisioner version and remove psp ( #10054 )
...
* update local_path_provisioner_version
* remove psp and update cm
2023-06-19 11:44:21 -07:00
Mohamed Omar Zaian
dfec133273
[calico] add hashes for v3.26.1 ( #10235 )
2023-06-19 10:40:23 -07:00
Arthur Outhenin-Chalandre
475abcc3a8
project: drop Kubernetes 1.24 support ( #10234 )
...
* project: drop Kubernetes 1.24 support
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
* readme: bump crio version to 1.27 in the readme
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
---------
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-06-19 08:42:21 -07:00
Mohamed Omar Zaian
3a7d84e014
[feature] Correct CoreDNS versions for kubernetes releases ( #10233 )
2023-06-19 07:34:22 -07:00
Mohamed Omar Zaian
ad3f84df98
[argocd] update argocd to v2.7.4 ( #10226 )
2023-06-19 07:20:22 -07:00
Emin AKTAS
79e742c03b
bump coredns version to 1.10.1 ( #10199 )
...
Signed-off-by: Emin Aktaş <eminaktas34@gmail.com>
2023-06-19 04:06:21 -07:00
Takuya Murakami
b2f6abe4ab
fix parsing of RHSM proxy configuration ( #10060 ) ( #10228 )
...
Remove URL scheme part from http_proxy for server.proxy_hostname
2023-06-19 02:24:21 -07:00
Louis Tu
c5dac1cdf6
Add Debian 12(bookworm) support and CI ( #10221 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-06-19 02:20:21 -07:00
Samuel Liu
d296adcd65
allow change argocd url ( #10176 )
2023-06-18 19:18:20 -07:00
Mohamed Omar Zaian
141064c443
[helm] upgrade to 3.12.1 ( #10225 )
2023-06-18 17:04:20 -07:00
ERIK
54859cb814
Fix etcdctl copy operation ( #10230 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-06-16 04:18:19 -07:00
Mohamed Omar Zaian
0f0991b145
[ingress-nginx] upgrade to 1.8.0 ( #10223 )
2023-06-15 19:48:25 -07:00
Mohamed Omar Zaian
658d62be16
[kubernetes] upgrade versions to address CVE-2023-2728 ( #10220 )
...
* [kubernetes] Add hashes for 1.27.3, 1.26.6, 1.25.11
* [kubernetes] make 1.26.6 default
2023-06-15 19:48:18 -07:00
Mohamed Omar Zaian
0139bfdb71
[calico] add hashes for v3.26.0 ( #10224 )
2023-06-15 19:44:18 -07:00
Furkan Türkal
b4db077e6a
containerd: bump to 1.7.2 ( #10219 )
...
Signed-off-by: Furkan <furkan.turkal@trendyol.com>
2023-06-15 03:22:18 -07:00
Ugur Can Ozturk
a962fa2357
[podSecurityConfiguration]: fix apiVersion and change default policy versions ( #10210 )
...
Signed-off-by: Ugur <ugurozturk918@gmail.com>
2023-06-12 17:55:57 -07:00
palme
775851b00c
[flatcar] add python dependency check for helm-apps ( #10192 )
...
* add pyyaml install via task instead of package
* Change condition for better consistency in the codebase
2023-06-12 17:51:58 -07:00
Arthur Outhenin-Chalandre
f8fadf53cd
helm: fix pyyaml package on RH distros ( #10204 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-06-12 17:39:57 -07:00
ERIK
ce13699dfa
Use a uniform way to get the local path of the binaries ( #10211 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-06-12 00:39:48 -07:00
Ashish Singh Dev
fc5937e948
fix gce-pd-csi driver ( #10208 )
...
* fix gce-pd-csi driver
* fixed, 1. reading replicas value from defaults.yml, and 2. corrected gcp-pd-csi driver version in README.md
2023-06-11 20:45:47 -07:00
Emin AKTAS
2b80d053f3
bump nodelocaldns version to 1.22.20 ( #10200 )
...
Signed-off-by: Emin Aktaş <eminaktas34@gmail.com>
2023-06-08 03:08:14 -07:00
Pat Riehecky
f5ee8b71ff
Permit custom names for API server lb/proxy containers. ( #10166 )
...
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
2023-06-08 02:54:13 -07:00
James
4c76feb574
Kubelet csr approver fixes ( #10165 )
...
* Fix upgrade-path for kubelet-csr-approver
Fixes an error when you enable kubelet-csr-approver when upgrading.
It hangs waiting for the certificate to be approved since the
kubelet-csr-approver is not installed yet.
* Add missing package when using helm role
2023-06-06 02:27:00 -07:00
yun
5ebd305d17
remove cri-o using crio_bin_files ( #10182 )
2023-06-04 20:02:42 -07:00
Arthur Outhenin-Chalandre
edc73bc3c8
project: upgrade test dependencies and drop ansible-core 2.11 ( #10034 )
...
Molecule 5.0 require ansible-core 2.12.10.
So this commit we update ansible-core from 2.12.5 to 2.12.10.
We also drop supporting two ansible-core version. Also we now use the "oldest"
still supported ansible-core version as both 2.11 is EOL and not
supported by molecule.
tests/molecule: remove linting in molecule to support molecule 5
tests/molecule: remove role name check for molecule 5 support
Kubespray doesn't use ansible galaxy style naming so we have to disable
that check.
contrib/inventory_builder: fix tox.ini for tox4
tests/molecule: fix get_playbook in testinfra tests
tests: upgrade most tests requirements
Exclude ansible-lint for now, I will do that in a separate PR.
tests/molecule: force kvm driver option
If we don't do this it fallbacks to qemu emulated on our CI for some
reasons.
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-06-02 20:40:40 -07:00
Mohamed Omar Zaian
b7fa2d7b87
Fix metrics-server for k8s 1.26 ( #10183 )
2023-06-02 18:16:40 -07:00
Samuel Liu
7771ac6074
add krew_no_upgrade_check ( #10175 )
2023-06-02 18:12:40 -07:00
Samuel Liu
d7b79395c7
Add labels to kube-vip static pods ( #10139 )
2023-06-01 16:45:46 -07:00
Richard Fairthorne
ce18b0f22d
fix missing newline in template ( #10174 )
2023-05-31 23:27:45 -07:00
Aleksandr Karabanov
2d8f60000c
Solves #2933 : Allow http_proxy, https_proxy and no_proxy environment variables in cert-manager playbook ( #10162 )
2023-05-31 20:23:45 -07:00
yjqg6666
0b102287d1
[ #10148 ] The download.timeout can be changed by variable download.timeout ( #10149 )
...
Reference:
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/get_url_module.html#parameter-timeout
2023-05-31 18:15:45 -07:00
Pat Riehecky
d325fd6af7
Don't create calico CNI dir when not using calico ( #10156 )
...
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
2023-05-31 08:35:48 -07:00
Pat Riehecky
e949b8a1e8
Update cilium to latest (1.13.3) ( #10158 )
...
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
2023-05-31 03:23:46 -07:00
Pat Riehecky
ab6e284180
Locate mount names isn't a change to the system ( #10161 )
...
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
2023-05-31 01:33:46 -07:00
Pat Riehecky
7421b6e180
Running ping doesn't change state ( #10160 )
...
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
2023-05-31 01:29:46 -07:00
Jeroen Rijken
ea7dcd46d7
Update MetalLB deployment, wait for resource. ( #9995 )
...
* Update MetalLB deployment, wait for resource.
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
* yml to yaml, add basic test for metallb
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
---------
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2023-05-30 11:37:49 -07:00
Maxime Leroy
29f833e9a4
fix(ssl-ca): mount ssl ca directories ( #9794 )
...
Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
2023-05-28 19:43:42 -07:00
qlijin
8c32be5feb
Add insecure_registry config to crio.conf ( #10142 )
2023-05-28 19:03:41 -07:00
Victor Login
0ba2e655f4
Fix problem migration to k8s 1.27 ( #10136 )
...
* Fix `The task includes an option with an undefined variable` for 1.27
* delete old flag --container-runtime
Signed-off-by: Victor Login <batazor@evrone.com>
---------
Signed-off-by: Victor Login <batazor@evrone.com>
2023-05-28 17:09:42 -07:00
Andrei Costescu
96e875cd50
Add systemd_resolved_disable_stub_listener ( #9875 )
2023-05-25 10:04:51 -07:00
ERIK
75e00420ec
Add arch and version to the downloaded binary name ( #10122 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-05-24 22:30:50 -07:00
Mohamed Omar Zaian
8be5604da4
[kubernetes] support 1.27.2 ( #9976 )
2023-05-24 20:00:50 -07:00
Arthur Outhenin-Chalandre
02624554ae
Remove end of life ubuntu versions in CI ( #10107 )
...
* tests: replace ubuntu16 with ubuntu20
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
* tests: replace ubuntu18 with ubuntu20
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
* docs: update docs to remove support for ubuntu 16 and 18
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
* molecule: upgrade ubuntu versions
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
* vagrant: upgrade ubuntu versions
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
* tests: cleanup ubuntu{16,18}
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
* tests: increase ubuntu22 ram to allow molecule creation
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
---------
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-05-24 19:56:50 -07:00
Kay Yan
9d1e9a6a78
kube_ovn_cni_config_priority ( #10125 )
2023-05-24 18:34:51 -07:00
Kay Yan
4013c48acb
cleanup-for-2.22.0 ( #10126 )
2023-05-24 08:56:50 -07:00
Rob Tongue
f264426646
cert-manager controller args: ( #10049 )
...
- Adding in the ability to feed extra-args to cert-manager-controller.
2023-05-24 08:12:53 -07:00
Mathias Petermann
862fd2c5c4
feature(ingress_nginx) Add ingressclass for ingress_nginx ( #10091 )
...
Add option to configure class as the default class
Add option to disable wathcing for ingresses without class
Remove redundant if that always evaluates to true
Fix default value missing for ingress_nginx_default
2023-05-24 04:12:50 -07:00
darkobas2
4014a1cccb
fix multus include ( #10105 )
...
``
"msg": "Failed to template loop_control.label: 'ansible.utils.unsafe_proxy.AnsibleUnsafeText object' has no attribute 'item'. 'ansible.utils.unsafe_proxy.AnsibleUnsafeText object' has no attribute 'item'", "skip_reason": "Conditional result was False"}
``
fixes case when multus should NOT be included.
2023-05-23 01:12:27 -07:00
Mohamed Omar Zaian
659001c9d7
[nerdctl] upgrade to version 1.4.0 ( #10119 )
2023-05-22 17:44:20 -07:00
James
161bd55ab2
Remove deprecated crio_pids_limits ( #10056 )
...
As per https://github.com/cri-o/cri-o/pull/5831 , option is now
deprecated.
2023-05-22 08:49:03 -07:00
Mohamed Omar Zaian
4b67c7d6a6
[calico] add hashes for v3.24.6 ( #10113 )
2023-05-22 07:50:35 -07:00
Mohamed Omar Zaian
f80a5755c3
[feat] Update pause image version to v3.9 ( #10112 )
2023-05-22 03:42:31 -07:00
Mohamed Omar Zaian
b7a8d7a4d5
[helm] upgrade to 3.12.0 ( #10085 )
2023-05-19 06:16:30 -07:00
Mohamed Omar Zaian
9405eb821b
[feature] Supprt enabling cpu limit in corends deployment ( #10103 )
2023-05-19 03:38:29 -07:00
Mohamed Omar Zaian
708677caf1
[argocd] update argocd to v2.7.2 ( #10086 )
2023-05-19 02:18:29 -07:00
Mohamed Omar Zaian
d5cdae1f16
[kubernetes] Add hashes for 1.26.4-5, 1.25.9-10, 1.24.13-14 ( #9983 )
2023-05-18 20:06:28 -07:00
qlijin
b7a9217d77
Some update for the deploy on fedora coreos: ( #10030 )
...
- Test with new version: 37.20230322.3.0. Both containerd and
cri-o is tested
- bugfix: when we use crio and the var bin_dir is changed,
there will be some error about the new bin dir.
2023-05-18 15:46:33 -07:00
Kay Yan
82633c6f61
Remove the Support of Debian 9 because Debian 9 is EOF ( #10097 )
...
* remove-debian9-support
* Add six module into openstack-cleanup/requirements.txt (#10099 )
To fix tf-elastx_cleanup job which was failed with the following error:
File "/usr/local/lib/python3.11/site-packages/keystoneauth1/identity/generic/password.py", line 16, in <module>
from keystoneauth1.identity import v3
File "/usr/local/lib/python3.11/site-packages/keystoneauth1/identity/v3/__init__.py", line 27, in <module>
from keystoneauth1.identity.v3.oauth2_mtls_client_credential import * # noqa
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/keystoneauth1/identity/v3/oauth2_mtls_client_credential.py", line 17, in <module>
import six
ModuleNotFoundError: No module named 'six'
---------
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2023-05-18 15:42:33 -07:00
Kenichi Omichi
7afbdb3e1e
Drop canal network_plugin ( #10100 )
...
According to the canal github[1] the repo is not maintained over 5 years.
In addition, the README says
```
Originally, we thought we might more deeply integrate the two projects
(possibly even going as far as a rebranding!). However, over time it
became clear that that wasn't really necessary to fulfil our goal of
making them work well together. Ultimately, we decided to focus on
adding features to both projects rather than doing work just to
combine them.
```
So it is difficult to support canal by Kubespray at this situation.
[1]: https://github.com/projectcalico/canal
2023-05-18 03:40:33 -07:00
Cyclinder
a257e61f60
bump cni version to v1.3.0 ( #10058 )
...
Signed-off-by: cyclinder qifeng.guo@daocloud.io
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2023-05-17 01:42:33 -07:00
Kulwant Singh
9948863d3a
use dl.k8s.io not gs://kubernetes-release ( #10066 )
2023-05-16 21:02:33 -07:00
Mikhail Gorozhin
3a3addb91e
Ignore errors in check mode performing "Disable swapOnZram for Fedora" ( #10077 )
2023-05-16 16:38:33 -07:00
Samuel Liu
72b8830f62
fix custom cni task name ( #10087 )
2023-05-16 05:03:36 -07:00
Louis Tu
55e581be3b
Clear http scheme on containerd insecure-registry tls config ( #10084 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-05-16 00:47:36 -07:00
蒋 航
9cd7d66332
Fix Calico Installation ( #10068 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2023-05-15 21:21:36 -07:00
Mohamed Omar Zaian
6ea7abf443
[ingress-nginx] upgrade to 1.7.1 ( #10052 )
2023-05-15 14:23:35 -07:00
Arthur Outhenin-Chalandre
3254080a1c
cri-o: fix crio restart on config change ( #10057 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-05-14 19:27:28 -07:00
Maxime Leroy
4ffe138dfa
feat(coredns): coredns_rewrite_block to perform internal message rewriting ( #10045 )
...
Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
2023-05-12 14:32:46 -07:00
Pat Riehecky
86b81a855a
fix: typo in comment ( #10064 )
...
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
2023-05-12 05:59:01 -07:00
Mohamed Omar Zaian
bde261bd06
[containerd] add hashes for version 1.7.1, 1.6.21 ( #10061 )
2023-05-12 02:42:47 -07:00
Manuelraa
2b75552d1c
Replace swap vars with single `kubelet_fail_swap_on` ( #10036 )
2023-05-11 10:53:04 -07:00
James
07d45e6b62
Kubelet csr approver ( #9877 )
...
* chore(helm-apps): fix README example
README shows a non-working example according to the specs for this role.
* Add support for kubelet-csr-approver
Co-Authored-By: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
* Add tests for kubelet-csr-approver
Co-Authored-By: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
* Add Documentation for Kubelet CSR Approver
Co-Authored-By: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
---------
Co-authored-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-05-10 17:49:09 -07:00
John Adams
9a72de54de
Cleanup of external openstack cloud config ( #9899 )
...
* redorder options and remove use-octavia
* lowercase true/false
2023-05-10 03:41:02 -07:00
Navid Nabavi
4313c13656
[feature] Add coredns_additional_configs to handle any extra configurations for coredns deployment ( #10023 ) ( #10025 )
2023-05-09 06:45:58 -07:00
Eugene Marchanka
c880b24a80
[MetalLB] Remove unused resources ( #10004 )
...
* Fix MetalLB deploy
This will fix MetalLB deploy
* Remove `metallb_ip_range` check
* Remove missing `metallb-config.yml`
* fix template name
* make deployment of layer3 conditional
* revert
* revert
2023-05-08 17:20:52 -07:00
Denis
29827711f1
fix: missed double quotes in cri-o config ( #10040 )
2023-05-07 17:27:16 -07:00
ERIK
426b8913c0
Update flannel image repo ( #10041 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-05-07 16:57:17 -07:00
Patrick
970ecbb008
Add runc v1.1.7 checksums ( #10039 )
...
* Add runc v1.1.7 checksums
* Add runc v1.1.6 and v1.1.5 checksums
2023-05-05 18:55:15 -07:00
Louis Tu
eb951f1c2a
update rhsm repo trigger ( #10001 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-05-02 12:00:16 -07:00
Mohamed Omar Zaian
a505a4c71f
[feat] Update metrics server to v0.6.3 ( #10026 )
2023-04-26 04:10:16 -07:00
pli
8727f88e41
metrics_server: add extras nodeselector, affinity, tolerations ( #9972 )
...
* metrics_server: add extras nodeselector, affinity, tolerations
* fix tolerations invalid YAML if undefined
2023-04-26 00:30:16 -07:00
Mohamed Omar Zaian
c2a8d543fb
[flannel] update to v0.21.4 ( #10027 )
2023-04-25 13:08:16 -07:00
蒋航
4ddbd2bd2d
Add Retry for restart kube-controller-manager ( #10013 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2023-04-25 13:04:16 -07:00
Denis Kasanic
f9f5143c93
[cri-o] Bump versions to 1.26.3, 1.25.3, 1.24.5 ( #9999 )
...
Signed-off-by: Kasanic, Denis <denisx.kasanic@intel.com>
2023-04-24 17:13:02 -07:00
Mohamed Omar Zaian
fccd99c96c
[nerdctl] upgrade to version 1.3.1 ( #10024 )
2023-04-24 11:13:01 -07:00
Mohamed Omar Zaian
dc7cf7ecd8
[helm] upgrade to 3.11.3 ( #10022 )
2023-04-24 08:41:02 -07:00
Mohamed Omar Zaian
4deeaba335
[feature] Update dns-autoscaler ( #9996 )
2023-04-24 02:47:01 -07:00
蒋航
a59e27cb6b
Update kube-vip to v0.5.12 ( #10005 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2023-04-22 19:01:12 -07:00
Samuel Liu
b3ed25ee35
use string for ipv6 forward conf ( #9992 )
2023-04-19 03:21:12 -07:00
Louis Tu
c7072b48dc
add calico kubeconfig wait timeout ( #9994 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-04-18 06:58:58 -07:00
Kay Yan
c98e1d1b5b
add-kube-profile-to-scheduler ( #9993 )
2023-04-17 18:54:58 -07:00
pli
e907d55621
fix calico checksums mismatch ( #9990 )
2023-04-16 19:44:43 -07:00
Jeroen Rijken
709ae1d244
Update MetalLB and switch to CRD notation. ( #9120 )
...
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2023-04-14 01:14:41 -07:00
ERIK
6682a843b4
Support multi-arch using the same image name ( #9978 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-04-13 00:36:36 -07:00
Kei Kori
dc33a1971d
[etcd] fix make-ssl-etcd.sh.j2; move pem files only if any new certs exist ( #9974 )
2023-04-12 21:52:35 -07:00
Mohamed Omar Zaian
ed6f8df784
[feature] Update CoreDNS manifests ( #9977 )
2023-04-12 21:38:35 -07:00
Louis Tu
43216436ab
disable rhsm repo when rhel_enable_repos is false ( #9973 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-04-12 20:04:35 -07:00
pingrulkin
cdc25523bf
Change nerdctl snapshotter to overlayfs by default ( #9979 )
2023-04-12 14:58:32 -07:00
Louis Tu
2985b129fc
remove invalid character ( #9970 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-04-11 04:27:19 -07:00
Samuel Liu
0104396c50
use var: kube_apiserver_address ( #9967 )
2023-04-10 15:01:17 -07:00
Eugene Marchanka
eecaec2919
[vSphere-csi-driver] Custom namespace fails playbook ( #9946 )
...
* Fix: vSphere Error: `Apply a CSI secret manifest`
This PR will fix an issue that you will see on 2nd deploy when deploying External vSphere
How to re-produce:
1. Set custom `vsphere_csi_namespace: "vmware-system-csi"`
2. Deploy as usual
3. Observe no errors
4. Deploy 2nd time without `reset`
5. Playbook fails with:
```
TASK [kubernetes-apps/csi_driver/vsphere : vSphere CSI Driver | Apply a CSI secret manifest]
fatal: [node-00]: FAILED! => changed=true
censored: 'the output has been hidden due to the fact that ''no_log: true'' was specified for this result'
```
* create namespace if does not exist
* lint fix
* try to fix lint errors
* fix `too few spaces before comment`
* change the order of applied manifests
* typo
2023-04-09 22:13:15 -07:00
jeremy-thuon
4a03d13d08
[cilium] fix rbac and upgrade hubble v0.11.0 ( #3 ) ( #9959 )
...
* [cilium] fix rbac and upgrade hubble v0.11.0 (#3 )
* [cilium] fix rbac for LB bgp ipam
* [cilium] Upgrade Hubble to v0.11.0 and add mTLS between Hubble UI and Hubble Relay
* fix dns domain hubble for tls
---------
Co-authored-by: Thuon Jeremy <d107869@olinfra1.infra.bdm.outscale.c1.dav.fr>
* Fix blank line
---------
Co-authored-by: Thuon Jeremy <d107869@olinfra1.infra.bdm.outscale.c1.dav.fr>
2023-04-09 22:07:15 -07:00
rtsp
fcb5e77338
[cert-manager] Upgrade to v1.11.1 ( #9964 )
2023-04-09 21:37:15 -07:00
Samuel Liu
ece174da7c
fix resatrt k8s components ( #9962 )
2023-04-09 19:51:15 -07:00
Mohamed Omar Zaian
a94b893e2c
[containerd] add hashes for 1.6.20 ( #9954 )
2023-04-04 16:01:39 -07:00
Dominykas Norkus
5e2cb4d244
Add bind address variable to OCCM ( #9958 )
2023-04-04 15:57:40 -07:00
Mohamed Omar Zaian
dff58023d9
[argocd] update argocd to v2.6.7 ( #9953 )
2023-04-04 12:01:43 -07:00
Mohamed Omar Zaian
766d3696c9
[calico] add v3.25.1 and make it default ( #9950 )
2023-04-03 18:21:51 -07:00
Mohamed Omar Zaian
b88229a662
[ingress-nginx] upgrade to 1.7.0 ( #9952 )
2023-04-03 17:51:51 -07:00
Mohamed Omar Zaian
c00cea7b17
[helm] upgrade to 3.11.2 ( #9951 )
2023-04-03 17:47:51 -07:00
ERIK
0c4f57a093
Support extended settings for the Debian os family ( #9943 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-03-30 18:53:49 -07:00
Kay Yan
e8f0fb82fe
fix-kube-bench-1.2.20 ( #9939 )
2023-03-29 09:35:49 -07:00
Kay Yan
19856cf692
fix-kube-bench-1.1.19 ( #9937 )
2023-03-28 21:01:24 -07:00
Kay Yan
deb532ce27
fix-kube-bench-4.1.1 ( #9934 )
2023-03-27 21:48:22 -07:00
Anton
1bb4f88af1
cilium: Additional fix the configuration of tls for hubble #9880 ( #9932 )
2023-03-27 08:48:27 -07:00
Mathias Petermann
dcc04e54f3
fix(cert manager): Fix manifest if cert_manager_trusted_internal_ca is provided ( #9922 )
2023-03-27 08:12:28 -07:00
xiuguang.huang
4020a93d7e
delete the probe option of cilium_kube_proxy_replacement ( #9929 )
2023-03-27 08:08:28 -07:00
R. P. Taylor
a676c106d3
change bash for loop for SAN check ( #9060 )
...
fix merge conflict
2023-03-27 06:36:30 -07:00
HirazawaUi
baed5f0b32
Remove deprecated udpIdleTimeout field in KubeProxyConfiguration ( #9925 )
2023-03-27 02:05:55 -07:00
Toru Komatsu
8afd74ce1f
cilium: Fix the configuration of tls for hubble ( #9880 )
...
Signed-off-by: utam0k <k0ma@utam0k.jp>
2023-03-24 01:10:31 -07:00
Maxime Picaud
f6e4a231cb
fix(download): validate mirrors on localhost ( #9669 )
2023-03-23 08:04:32 -07:00
Toru Komatsu
3a5f5692ca
Cilium v1.13.0 ( #9879 )
...
Signed-off-by: utam0k <k0ma@utam0k.jp>
2023-03-23 01:20:23 -07:00
Jiri Fiala
9b37699d0d
Cilium Operator replicas configuration ( #9894 )
...
Signed-off-by: Fiala, JiriX <jirix.fiala@intel.com>
2023-03-22 08:28:38 -07:00
Kay Yan
cc382f2412
haproxy-proxy-ipv6 ( #9674 )
2023-03-22 05:58:36 -07:00
Will Hegedus
97dfdcd8fe
feat: support cilium 1.13.1 ( #9914 )
...
Cilium 1.13.1 changed how the cilium-cni binary gets placed in /opt/cni/bin,
so that it takes place in an init container rather than in the main agent.
2023-03-21 12:56:12 -07:00
prashantchitta
a9f52060c9
Fix ciliums hubble relay configuration ( #9876 )
...
* Fix ciliums hubble relay configuration
* Fixed the tls from code review
* Updated to dna_domain instead of hardcoding
2023-03-21 12:50:12 -07:00
tu1h
8cf5fefe84
Add download retries option ( #9911 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-03-21 09:38:12 -07:00
ERIK
fb8631cdf6
fix allow unsupported distribution ( #9904 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-03-21 01:35:09 -07:00
Mohamed Omar Zaian
7859aee735
[kubernetes] Add hashes for 1.26.3, 1.25.8, 1.24.12 ( #9900 )
2023-03-21 01:31:08 -07:00
蒋航
83c3ce7f8f
Add Retry for Checking calico exists ( #9883 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2023-03-20 21:51:06 -07:00
Kay Yan
309aaee427
fix-cilium-error ( #9902 )
2023-03-20 02:41:17 -07:00
Mohamed Omar Zaian
349c8901f8
[containerd] add hashes for 1.7.0 ( #9892 )
2023-03-14 21:48:14 -07:00
Samuel Liu
df9aba6298
fix typo word
2023-03-14 15:49:22 +01:00
biqiang Wu
2ae3ea9ee3
Modified the default value of cilium IPAM and added the support for related parameters ( #9443 )
...
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
2023-03-13 17:45:10 -07:00
蒋航
99115ad04b
Fix Get current calico version ( #9873 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2023-03-10 05:48:40 -08:00
ERIK
7747ff2572
Fix uniontech os installation failure ( #9862 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-03-09 22:00:39 -08:00
Marijn van der Giesen
eb4bd36f73
fix(kubernetes): Also apply kubeadm patches during upgrade ( #9781 )
2023-03-09 13:50:30 -08:00
panguicai
2d20f0c024
fix cri-o arm64 v1.26.0 wrong archive checksum ( #9872 )
...
Signed-off-by: panguicai008 <guicai.pan@daocloud.io>
2023-03-09 13:32:31 -08:00
Cyclinder
b0793df293
bump calico to v3.25.0 ( #9860 )
...
Signed-off-by: cyclinder qifeng.guo@daocloud.io
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2023-03-09 00:02:02 -08:00
Jack
1ca50f3eea
Update check calico version command ( #9861 )
2023-03-08 00:31:12 -08:00
Arthur Outhenin-Chalandre
82f68ca395
calico: cilium: use localhost lb by default on kube-proxy replacement ( #9718 )
...
This commit removes the variable `use_localhost_as_kubeapi_loadbalancer`
and rather detects that we are in a situation where we can use the
localhost apiserver loadbalancer (meaning that we use the localhost load
balancer and that the same ports are used for both the load balancer and
the kube-apiserver).
This also cleanups the calico code to use `kube_apiserver_global_endpoint`
rather than implementing the same logic all over again.
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-03-07 04:28:36 -08:00
panguicai
3a675393dc
upgrade rancher local-path-provisioner to v0.0.23 ( #9855 )
...
Signed-off-by: panguicai008 <1121906548@qq.com>
2023-03-06 16:54:17 -08:00
Jack
9c41769dab
Update nodes in etc hosts after cluster scale ( #9837 )
2023-03-06 16:18:18 -08:00
Mohamed Zaian
dba29db58d
[helm] upgrade to 3.11.1 ( #9849 )
2023-03-06 15:56:17 -08:00
Arthur Outhenin-Chalandre
9e2104c7d3
node: fix default kubelet/runtime cgroups when kube_reserved is false ( #9834 )
...
* node: fix default kubelet/runtime cgroups when kube_reserved is false (default)
Commit 1c4db6132d
introduced a notion of
kube_reserved. This introduced a breaking change defaulting to use
kube.slice for the container_manager and the kubelet as if kube_reserved
was always enabled whereas it is disabled by default.
This commit fixes this by bringing back system.slice whenever
kube_reserved is disabled.
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
* inventory/sample: change false for kube_reserved as its the default
Changing the commented value in sample inventory to the actual default
value.
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
---------
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-03-05 18:48:58 -08:00
DRAGON2002
1d9502e01d
update args ( #9856 )
...
Signed-off-by: Anant Vijay <anantvijay3@gmail.com>
2023-03-05 18:38:57 -08:00
panguicai
c710c93c02
upgrade kubevip to v0.5.11 ( #9852 )
...
Signed-off-by: panguicai008 <1121906548@qq.com>
2023-03-05 17:54:57 -08:00
DRAGON2002
13c793fd0d
add flag ( #9827 )
...
Signed-off-by: Anant Vijay <anantvijay3@gmail.com>
2023-03-05 17:50:57 -08:00
panguicai
1555d78155
upgrade argocd to v2.6.3 ( #9848 )
...
Signed-off-by: panguicai008 <1121906548@qq.com>
2023-03-03 06:44:58 -08:00
Maxime Leroy
fd8260b930
fix(upgrade-cluster): retry other masters upgrade ( #9768 )
...
Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
2023-03-03 05:44:58 -08:00
Arthur Outhenin-Chalandre
6769bb32b1
Network plugin custom ( #9819 )
...
* network_plugin/custom_cni: add CNI to apply provided manifests
Add a new simple custom_cni to install provided Kubernetes manifests.
This could be useful to use manifests directly provided by a CNI when
there are not support by Kubespray (i.e.: helm chart or any other manifests
generation method).
Co-authored-by: James Landrein <james.landrein@proton.ch>
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
* network_plugin/custom_cni: add test with cilium
Co-authored-by: James Landrein <james.landrein@proton.ch>
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
---------
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
Co-authored-by: James Landrein <james.landrein@proton.ch>
2023-03-03 00:23:08 -08:00
Victor Morales
677b7ecd89
Drop crun_bin_dir unused var ( #9845 )
...
crun_bin_dir was used to specify the destination of the crun binary during the
download process. This path must match with the value provided in the CRI-O
configuration file. So changing its value to bin_dir helps to mismatch errors.
Signed-off-by: Victor Morales <chipahuac@hotmail.com>
2023-03-02 18:30:57 -08:00
Jiffs Maverick
501deecdd0
Downgrade version of coredns to 1.8.6 for compatibility with 1.23-1.24 ( #9846 )
2023-03-02 17:56:57 -08:00
Mohamed Zaian
8b3f3c04cc
[kubernetes] Add hashes for 1.26.2, 1.25.7, 1.24.11 ( #9829 )
2023-03-01 15:31:17 -08:00
Mohamed Zaian
ecd649846a
[containerd] add hashes for 1.6.19 ( #9838 )
2023-02-28 15:35:18 -08:00
Mykola Ulianytskyi (Nikolay Ulyanitsky)
27c2d7e9e2
Replace semicolons by commas in options ( #9840 )
2023-02-28 07:33:16 -08:00
Eugene Artemenko
5cbcec8968
Add resources section to all containers releated to Vsphere CSI driver ( #9687 )
2023-02-27 02:36:20 -08:00
Jack
62f34c6085
add image garbage collection ( #9832 )
2023-02-27 00:26:19 -08:00
Mohamed Zaian
260dad8f10
[ingress-nginx] upgrade to 1.6.4 ( #9818 )
2023-02-23 01:35:34 -08:00
Mohamed Zaian
c950bfface
[containerd] add hashes for 1.5.17, 1.5.18, 1.6.17, 1.6.8 ( #9814 )
2023-02-22 19:13:06 -08:00
JaneLiuL
4aacec4542
fix calico rbac issue ( #9806 )
2023-02-20 01:43:40 -08:00
Karl Fischer
6278b12af6
fixed clinet to client
2023-02-20 10:09:03 +01:00
Maxime Leroy
64e4de371e
fix(kubelet): no cloud config for external cloud provider ( #9793 )
2023-02-20 01:07:40 -08:00
Marijn van der Giesen
ad4958249f
fix(crio): First runc then crictl ( #9780 )
2023-02-19 22:27:38 -08:00
Mathieu Parent
3fd7d91452
Update nodelocaldns to 1.22.18 ( #9800 )
...
Cf. ceb37c3a5c
2023-02-19 22:23:38 -08:00
pli
4ba1df5237
Fix kubernetes-app/argocd: download related things with the download role ( #9786 )
...
* Fix yq install in argocd role: use download_file instead of get_url
* Fix use download_file instead of get_url to download argocd-install manifest in argocd role
* Fix order and add arm64 checksum
* Fix: Failed to template loop_control.label: 'None'
2023-02-19 16:11:37 -08:00
rongfu.leng
145c80e9ab
Fix containerd config_path error when containerd_registries is configed ( #9770 )
...
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
2023-02-16 20:57:39 -08:00
王煎饼
ab0e06eae6
Fix CentOS Extras repo url for Oracle Linux 7 aarch64 ( #9791 )
2023-02-15 17:43:38 -08:00
ERIK
6ff845a199
Enable control plane load balancing for kube-vip ( #9785 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-02-12 19:25:28 -08:00
Samuel BECK
2838a7c304
add proxy_env variable to apt_key cleanup task ( #9766 )
2023-02-09 06:38:22 -08:00
Ho Kim
2788a02096
Fix a bug in removing kubelet data dir ( #9764 )
2023-02-08 19:04:36 -08:00
Denis Kasanic
d81978625c
Update cri-o archive checksum ( #9761 )
...
Signed-off-by: Kasanic, Denis <denisx.kasanic@intel.com>
2023-02-06 06:25:01 -08:00
Bas
2c93c997cf
pre-commit autocorrected files ( #9750 )
2023-02-06 01:35:16 -08:00
Haitian Chen
10337f2fcb
skip ensuring ntp packages in coreos ( #9742 )
...
Check OS when ensuring NTP package and tzdata package.
2023-02-06 01:35:04 -08:00
manzsolutions-lpr
6c41191646
Add support for PodSecurityStandards ( #9713 )
2023-02-06 01:27:01 -08:00
Chauncey
7730cfd619
fix: add ipamconfigs resource for calico ( #9755 )
...
Signed-off-by: chaunceyjiang <chaunceyjiang@gmail.com>
2023-02-05 15:50:30 -08:00
Kevin Huang
1853085ffe
feat(cinder-csi): Allow deletionPolicy to be configurable ( #9736 )
2023-02-02 15:46:28 -08:00
stelucz
9247137e60
Replace label `k8s-app: nodelocaldns` in DaemonSet template by `k8s-app: node-local-dns` ( #9745 )
2023-02-02 15:42:28 -08:00
杨刚 (成都)
e8f048c71d
[argocd] update argocd to v2.5.10 ( #9753 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-02-02 15:38:29 -08:00
rongfu.leng
0707c8ea6f
fix: with_item to with_dict ( #9729 )
...
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
2023-01-31 03:18:50 -08:00
James
36c6de9abd
Fix cilium's hubble ui configuration ( #9735 )
...
This fixes the CrashLoopBackoff error that appears because envoy
configuration has changed a lot and upstream removed the envoy proxy to
use nginx only instead. Those changes are based on upstream cilium helm.
2023-01-31 00:28:48 -08:00
蒋航
c5debf013c
Update kubevip to v0.5.8 ( #9734 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2023-01-31 00:24:55 -08:00
Kay Yan
f9cc8ae10c
[kubernetes] Make kubernetes v1.26 default ( #9732 )
...
* make-kube-1.26-default
* fix-bugs
2023-01-31 00:24:48 -08:00
杨刚 (成都)
94dd02121b
Update containerd version : containerd1.6.16. ( #9727 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-31 00:16:48 -08:00
杨刚 (成都)
b9a34b83d4
[argocd] update argocd to v2.5.9 ( #9723 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-28 19:14:33 -08:00
杨刚
8d6cfd6e53
[argocd] update argocd to v2.5.8 ( #9708 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-27 00:14:25 -08:00
ERIK
ee2193d4cf
Add dns configuration for cert manager ( #9673 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2023-01-23 17:42:15 -08:00
Tristan
5fbbcedebc
9693: Fix comma-separated-list splitting of kubelet_enforce_node_allocatable ( #9694 )
...
See https://github.com/kubernetes-sigs/kubespray/issues/9693
2023-01-23 16:20:17 -08:00
Florian Ruynat
18f2abad2f
Cleanup v1.23.x missing references/conditions/hashes ( #9698 )
2023-01-23 16:16:16 -08:00
Mohamed Zaian
391dd97f95
[kubernetes] support 1.26.x ( #9570 )
2023-01-23 00:10:11 -08:00
Florian Ruynat
34d0451585
Update KUBESPRAY_VERSION and kube_version_min_required (with hashes cleanup) ( #9691 )
2023-01-20 14:11:54 -08:00
Arthur Outhenin-Chalandre
c4346e590f
kubeadm/etcd: use config to download certificate ( #9609 )
...
This commit uses a kubeadm join config to pull down cert for etcd in
workers nodes (which is needed in some circumstances, for instance with
calico or cilium).
The previous way didn't allow us to pass certain parameters which was
typically given in the config in other kubeadm invokations in Kubespray.
This made kubeadm produced some errors for some edge cases.
For example, in our deployment we don't have a default route and even
though it's only to download the certificates, kubeadm produce an error
`unable to select an IP from default routes` (these command are kubeadm
controlplane command, so kubeadm does some additional checks). This is
fixed by specifying `advertiseAddress` within the kubeadm config.
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-01-20 00:26:16 -08:00
Florian Ruynat
bd81c615c3
Add k8s 1.24.10 hashes ( #9688 )
2023-01-19 14:46:15 -08:00
Mohamed Zaian
3d9fd082ff
[containerd] add hashes for 1.5.x ( #9678 )
2023-01-19 07:36:38 -08:00
yanggang
826282fe89
Add k8s hashes for k8s version. ( #9685 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-19 05:30:35 -08:00
MatthieuFin
374438a3d6
feat(calico): add possibility to enable calico floatingIPs feature ( #9680 )
...
Add a variable `calico_felix_floatingIPs` which permit to enable calico feature `floatingIPs`
(disabled per default).
Signed-off-by: MatthieuFin <matthieu2717@gmail.com>
#9679
2023-01-18 15:42:34 -08:00
yanggang
fd80ef1ff1
[argocd] update argocd to v2.5.7 ( #9682 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-18 15:38:34 -08:00
Mohamed Zaian
235173bb5f
[flannel] update to v0.20.2 & make it default ( #9675 )
2023-01-18 15:26:34 -08:00
Cyclinder
db94812163
bump cni-plugins to v1.2.0 ( #9671 )
...
Signed-off-by: cyclinder qifeng.guo@daocloud.io
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2023-01-17 00:12:32 -08:00
Arthur Outhenin-Chalandre
4a6eb7eaa2
enable back kubelet_authorization_mode_webhook by default ( #9662 )
...
In 6db6c8678c
, this was disabled becaue
kubesrpay gave too much permissions that were not needed. This commit
re-enable back this option by default and also removes the extra
permissions that kubespray gave that were in fact not needed.
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-01-16 23:56:32 -08:00
rongfu.leng
8a03bb1bb4
add containerd config_path ( #9566 )
...
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
2023-01-16 23:42:32 -08:00
Vitaly Yakovenko
d919c58e21
[multus] added support for mixed type of container engine ( #9224 )
...
* [multus] added support for mixed type of container engine
* [multus] fixed for using with cluster/upgrade-cluster/scale playbooks
2023-01-16 23:30:33 -08:00
Mohamed Zaian
19bc610f44
Update pause image version to v3.8 ( #9668 )
...
Signed-off-by: Mohamed Zaian <mohamedzaian@gmail.com>
Signed-off-by: Mohamed Zaian <mohamedzaian@gmail.com>
2023-01-16 15:30:10 -08:00
Mohamed Zaian
c7cffb14a7
[cert-manager] update cert-manager to v1.11.0 ( #9661 )
2023-01-16 02:36:51 -08:00
Jochen Friedrich
6f61f3d9cb
Support OVN Interconnect ( #9599 )
...
Mostly taken from: https://raw.githubusercontent.com/kubeovn/kube-ovn/master/yamls/ovn-ic.yaml.j2
2023-01-16 00:08:52 -08:00
yanggang
6b4bb2a121
[argocd] update argocd to v2.5.6 ( #9654 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-15 21:16:50 -08:00
ERIK
e288449c5d
Update cri-dockerd version ( #9659 )
...
* Skip retry operation with containerd when etcd installed on host VM (#9560 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
* Update cri-dockerd version
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Co-authored-by: Eugene Artemenko <artemenko.evgeniy@gmail.com>
2023-01-15 21:12:51 -08:00
László Rafael
ea35021c96
Add defaults for external_vsphere_user and external_vsphere_password in the vsphere csi_driver ( #9664 )
2023-01-14 14:24:14 -08:00
Eugene Artemenko
6f1352eb53
Skip retry operation with containerd when etcd installed on host VM ( #9560 )
2023-01-10 15:53:20 -08:00
yanggang
6549bb12fc
follow containerd1 1.16.15 ( #9644 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-01-08 17:59:28 -08:00
Kay Yan
843e908fa4
update-calico-VXLAN-docs ( #9639 )
2023-01-06 00:00:00 -08:00
R. P. Taylor
0ff883afeb
streamline ansible_default_ipv4 gathering loop ( #9281 )
2023-01-05 11:59:58 -08:00
Marijn van der Giesen
0d5bcd3e20
feat(coredns): Forward extra domains to coredns kubernetes plugin ( #9635 )
2023-01-05 06:57:58 -08:00
tu1h
a8cef962e2
Add retry to avoid 'unknown' state for calicoctl ( #9633 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2023-01-05 05:09:58 -08:00
Cyclinder
b50890172b
calico: add vxlan-v6.calico to the list of NM unmanaged interfaces ( #9631 )
...
Signed-off-by: cyclinder qifeng.guo@daocloud.io
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2023-01-05 04:29:58 -08:00
Kay Yan
6674438849
fix-ci-issue ( #9640 )
2023-01-05 00:11:58 -08:00
Ho Kim
4bc5e8d912
Skip removing nodes if cluster is not set ( #9430 )
2023-01-03 05:03:32 -08:00
mKlaris
050fde6327
Add enableServicesElection env variable. ( #9595 )
2023-01-02 18:35:33 -08:00
Jochen Friedrich
4d3104b334
Reset role: Remove kube-ovn log directories ( #9625 )
2023-01-02 18:29:30 -08:00
my-git9
85fa6af313
cleanup: replace node-role.kubernetes.io/master ( #9627 )
...
Signed-off-by: xin.li <xin.li@daocloud.io>
Signed-off-by: xin.li <xin.li@daocloud.io>
2023-01-01 13:59:32 -08:00
Shelming.Song
1c4db6132d
optimize cgroups settings for node reserved ( #9209 )
...
* optimize cgroups settings for node reserved
* fix
* set cgroup slice for multi container engine
* set cgroup slice for crio
* add reserved cgroups variables to sample files
* Compatible with cgroup path for different container managers
* add cgroups doc
* fix markdown
2022-12-30 08:05:30 -08:00
Jochen Friedrich
744c81d451
Remove ovn.kubernetes.io/ovs_dp_type from nodeSelector ( #9594 )
...
Remove extra tag requirement preventing openvswitch container to start.
2022-12-29 01:37:29 -08:00
Kenichi Omichi
61be93b173
Drop calico v3.21 support ( #9515 )
...
At the upstream calico development, the v3.21 branch is not updated
over 2 monthes. In addition, unnecessary error message is output at
Kubespray deployment due to different URLs for calico v3.21 or v3.22+
This drops the v3.21 support to solve the issue.
2022-12-29 01:29:31 -08:00
ERIK
406fbdb4e7
Update the tag of the flannel image ( #9528 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-12-28 00:55:27 -08:00
Jochen Friedrich
136f14dec4
Cluster support for ovn-central. ( #9596 )
...
Without minimal cluster configuration, even on a one node control plane,
the health check of the ovn-cental container always fails as it queries the
cluster/status.
2022-12-27 20:51:27 -08:00
Marijn van der Giesen
ab80342750
[feat] Add custom options to coredns kubernets plugin ( #9608 )
2022-12-27 18:21:27 -08:00
Kevin Huang
2c2e608eac
fix(k8s-certs-renew): Use kube_apiserver_port instead of hard-coding ( #9620 )
...
Signed-off-by: Kevin Huang <git@kevin.huang.to>
Signed-off-by: Kevin Huang <git@kevin.huang.to>
2022-12-27 18:17:35 -08:00
Kay Yan
93f71df628
Remove CNI BIN dependency for cilium ( #9563 )
...
* remove-cni-denpendeny-for-cilium
* remove-cni-denpendeny-for-cilium
2022-12-27 01:31:28 -08:00
tu1h
791064a3d9
Allow custom timeout for kubeadm init ( #9617 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2022-12-27 00:53:28 -08:00
Kenichi Omichi
e90f32bdee
Fix checksum of ciliumcli v0.12.5 ( #9614 )
...
The checksum was different and the download was failed.
This update the checksum by getting valid checksum from [1] to
fix the issue.
[1]: https://github.com/cilium/cilium-cli/releases/download/v0.12.5/cilium-linux-arm64.tar.gz.sha256sum
2022-12-27 00:49:28 -08:00
Maxime Leroy
9fe89a0641
fix(apps): cinder: wrong rbac for csi-snapshotter-role ( #9610 )
2022-12-27 00:45:28 -08:00
Mohamed Zaian
14699f5e98
[helm] upgrade to 3.10.3 ( #9605 )
2022-12-25 16:01:26 -08:00
Mohamed Zaian
438da0c8e6
[argocd] update argocd to v2.5.5 ( #9604 )
2022-12-22 00:53:25 -08:00
emiran-orange
25f317233c
Remove immutable flag from /var/lib/kubelet subdirs ( #9597 )
...
* Remove immutable flag from /var/lib/kubelet subdirs
* Find files before changing attributes
2022-12-21 18:55:25 -08:00
C-Romeo
5e4d68b848
fix kube token dir permissions ( #9590 )
2022-12-21 15:45:25 -08:00
yanggang
4728739597
follow containerd1.16.13 and 1.16.14 ( #9585 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2022-12-21 00:35:28 -08:00
Kay Yan
fc0d58ff48
fix-missing-control-plane-taint ( #9592 )
2022-12-19 15:57:43 -08:00
janaurka
491e260d20
Feature/add flannel wireguard encryption backend as option ( #9583 )
...
* feat(): Add wireguard backend to flannel cni
As described in the flannel docs:
https://github.com/flannel-io/flannel/blob/master/Documentation/backends.md#wireguard
This does not support optional configuration methods like:
- setting a psk (will be autogenerated by default)
- chang listening ports
- change mode (defaults to 'separate')
- change PersistentKeepaliveInterval (defaults to 0)
* Add supported backends to flannel docs
* Fix markdown in docs
2022-12-18 15:39:43 -08:00
Xieql
c4d753c931
Fix annotation typo
...
Signed-off-by: Xieql <xieqianglong@huawei.com>
2022-12-15 18:40:30 +08:00
Lukas Najman
ee3b7c5da5
Use the correct api version and resourcer type. The current values work but do not match the documentation, which can be confusing. ( #9575 )
2022-12-15 01:21:35 -08:00
Robin Wallace
ccf60fc9ca
upcloud: Delete default reclaim policy ( #9574 )
2022-12-14 16:15:34 -08:00
Kay Yan
a38a3e7ddf
upgrade-calico-v3.24.5 ( #9580 )
2022-12-14 09:21:36 -08:00
Book shu
ff331f4eba
support flannel dual stack ( #9564 )
2022-12-13 20:47:35 -08:00
JSpon
94eae6a8dc
adjust calico-kube-controller to use hostNetwork when using etcd as datastore ( #9573 )
2022-12-13 20:41:34 -08:00
yanggang
f8d6b54dbb
Add hashes for 1.25.5, 1.24.9, 1.23.15 and make v1.25.5 default ( #9557 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2022-12-11 16:45:33 -08:00
emiran-orange
67c4f2d95e
Add XDG related Helm paths to be removed ( #9561 )
2022-12-10 03:59:40 -08:00
Mohamed Zaian
03fefa8933
[feat] Upgrade metrics server to v0.6.2 ( #9554 )
2022-12-10 03:55:40 -08:00
Fredrik Liv
c8ec77a734
[containerd] Add config for unpriviledged ports and icmp ( #9517 )
...
* [containerd] Add config for unpriviledged ports and icmp
* Updated to match true false variables of other setting
2022-12-09 06:16:12 -08:00
Chad Swenson
4f32f94a51
Fix drain rescue task when `kube_override_hostname` is set ( #9556 )
...
This fixes a task failure in the rescue block that uncordons nodes after an unsuccessful drain. The issue occurs when `kube_override_hostname` is set and does not match `inventory_hostname`.
2022-12-08 16:02:11 -08:00
Chad Swenson
3dc384a17a
Allow `containerd-common` to execute multiple times per play ( #9543 )
...
The `containerd-common` role is responsible for gathering OS specific variables from the vars directory of the roles that include or import it. `containerd-common` is imported via role dependency by a total of two roles, `container-engine/docker`, and `container-engine/containerd`.
containerd-common is needed by both the docker and containerd roles as a dependency when:
- containerd is selected as the container engine
- a docker install is detected and needs to be removed
- apt is the package manager
However, by default, roles can not be invoked more than once in the same play, unless `allow_duplicates: true` is set for that role. This results in the failure of the `containerd | Remove containerd repository` task, since only the docker vars will be loaded in the play, and `containerd_repo_info.repos`, normally populated by containerd/vars, is left empty.
This change sets `allow_duplicates: true` for `containerd-common` which fixes the currently failing containerd tasks if docker was detected and removed in the same play.
2022-12-08 15:58:18 -08:00
Samuel Liu
f1d0d1a9fe
[kube-ovn]: update version v1.10.7 ( #9527 )
...
* [kube-ovn]: update version
* update readme
2022-12-08 15:58:11 -08:00
Mohamed Zaian
c036a7d871
Disable 'Check that IP range is enough for the nodes' when calico is used ( #9491 )
2022-12-08 10:44:23 -08:00
yanggang
6e63f3d2b4
follow containerd1.16.12 ( #9551 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2022-12-08 07:36:24 -08:00
yanggang
09748e80e9
support containerd 1.6.11 ( #9544 )
2022-12-06 19:08:37 -08:00
Ugur Can Ozturk
a0f41bf82a
[metrics_server]: Enabled HA mode by adding 'metrics_server_replicas'… ( #9539 )
...
* [metrics_server]: Enabled HA mode by adding 'metrics_server_replicas' variable and adding podAntiAffinity rule
Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>
* [metrics_server]: added namespaces selector
Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>
Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>
2022-12-06 18:22:38 -08:00
Douglas Landgraf
1a0b81ac64
reset: RedHat based distro with major version >=8 ( #9537 )
...
During the reset, restart network was not completing in distros
like RHEL/CentOS/AlmaLinux with major version higher than 8.
Example:
kubespray> ansible-playbook -i inventory/mydomain/hosts.yml reset.yml -b -v
fatal: [mynode]: FAILED! => {"changed": false, "msg": "Could not find the requested service network: host"}
Signed-off-by: Douglas Schilling Landgraf <dlandgra@redhat.com>
Signed-off-by: Douglas Schilling Landgraf <dlandgra@redhat.com>
2022-12-05 08:57:03 -08:00
ERIK
20d99886ca
Update etcd log-level parameter name ( #9540 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-12-05 01:05:03 -08:00
Kay Yan
b9fe301036
add-check-for-resolv-to-avoid-coredns-crash ( #9502 )
2022-12-01 22:37:54 -08:00
Kay Yan
30508502d3
update-nginx-version ( #9506 )
2022-12-01 21:51:55 -08:00
Mohamed Zaian
bca601d377
[ingress-nginx] upgrade to 1.5.1 ( #9532 )
2022-12-01 21:45:54 -08:00
Mohamed Zaian
65191375b8
[etcd] make etcd 3.5.6 default ( #9520 )
2022-12-01 14:41:53 -08:00
ERIK
a534eb45ce
Update calico image tag ( #9529 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-12-01 03:18:27 -08:00
tu1h
e796f08184
update dashboard image repo to remove arch flag ( #9530 )
...
Signed-off-by: lihai.tu <lihai.tu@daocloud.io>
Signed-off-by: lihai.tu <lihai.tu@daocloud.io>
2022-12-01 01:42:26 -08:00
Kenichi Omichi
ed38d8d3a1
Add ingress-nginx check for updating README ( #9533 )
...
To detect the version mismatch.
2022-12-01 01:16:27 -08:00
Kay Yan
4db5e663c3
fix-mistake-regex-for-resolv-conf ( #9523 )
2022-11-30 03:48:56 -08:00
rtsp
529faeea9e
[cert-manager] Upgrade to v1.10.1 ( #9512 )
2022-11-29 07:17:26 -08:00
ERIK
47510899c7
Update the number of nofile limits in containerd ( #9507 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-11-25 15:12:04 -08:00
蒋航
7c1ee142dd
update envoy image to v1.22.5 ( #9513 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2022-11-23 19:26:05 -08:00
蒋航
25e86c5ca9
Update etcd image tag ( #9516 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2022-11-23 18:22:04 -08:00
ERIK
c41dd92007
Clean up cilium-init image ( #9508 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-11-23 09:06:20 -08:00
ERIK
a564d89d46
Update the tag of cilium hubble related images ( #9509 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-11-21 20:14:14 -08:00
Kay Yan
6c6a6e85da
update-coredns-version ( #9503 )
2022-11-18 20:16:29 -08:00
Robin Wallace
ed0acd8027
[openstack cloud controller] bump to v1.25.3 ( #9500 )
2022-11-18 04:26:31 -08:00
ERIK
b9a690463d
Add docker support for openEuler linux ( #9498 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-11-17 18:18:30 -08:00
ERIK
c3986957c4
Update runsc checksum ( #9493 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-11-16 00:52:48 -08:00
ERIK
8795cf6494
Add support for the OpenEuler Linux ( #9494 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-11-16 00:48:49 -08:00
yanggang
80af8a5e79
upgrade containerd_version to 1.6.10 ( #9492 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2022-11-15 03:58:41 -08:00
Sergey Putko
943107115a
disable Centos Extras repo creation for OL9 ( #9483 )
...
Centos 9 doesn't exists, and Centos 9-stream also doesn't have extras repo.
2022-11-14 16:28:41 -08:00
Mohamed Zaian
f007c77641
[etcd] make etcd 3.5.5 default for k8s 1.23 , 1.24 ( #9482 )
2022-11-12 03:39:56 -08:00
yanggang
9439487219
Add hashes for 1.25.4, 1.24.8, 1.23.14 and make v1.25.4 default ( #9479 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2022-11-10 20:00:09 -08:00
emiran-orange
df6da52195
Enable check mode in DNS Cleanup tasks ( #9472 )
2022-11-10 19:58:09 -08:00
ERIK
8a654b6955
Add cni bin when installing calico ( #9367 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-11-08 17:46:13 -08:00
Ilya Margolin
5a8cf824f6
[containerd] Simplify limiting number of open files per container ( #9319 )
...
by setting a default runtime spec with a patch for RLIMIT_NOFILE.
- Introduces containerd_base_runtime_spec_rlimit_nofile.
- Generates base_runtime_spec on-the-fly, to use the containerd version
of the node.
2022-11-08 06:44:32 -08:00
emiran-orange
5c25b57989
Ability to define options for DNS upstream servers ( #9311 )
...
* Ability to define options for DNS upstream servers
* Doc and sample inventory vars
2022-11-08 06:44:25 -08:00
Olivier Lemasle
5d1fe64bc8
Update local-volume-provisioner ( #9463 )
...
- Update and re-work the documentation:
- Update links
- Fix formatting (especially for lists)
- Remove documentation about `useAlphaApi`,
a flag only for k8s versions < v1.10
- Attempt to clarify the doc
- Update to version 1.5.0
- Remove PodSecurityPolicy (deprecated in k8s v1.21+)
- Update ClusterRole following upstream
(cf https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner/pull/292 )
- Add nodeSelector to DaemonSet (following upstream)
2022-11-07 15:28:17 -08:00
yanggang
0d6dc08578
upgrade argocd version 2.4.16 ( #9467 )
2022-11-06 18:04:16 -08:00
ERIK
40261fdf14
Fix iputils install failure in Kylin OS ( #9453 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-11-06 17:54:16 -08:00
Cyclinder
590b4aa240
adjust calico-kube-controller to non-hostnetwork pod ( #9465 )
...
Signed-off-by: cyclinder qifeng.guo@daocloud.io
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2022-11-06 17:34:17 -08:00
ausias-armesto
2a696ddb34
Adding metrics server to use host network ( #9444 )
...
* Adding metrics server to use host network
* EXternalize value to a variable
2022-11-06 02:38:15 -08:00
lijin-union
d7f08d1b0c
remove the set_fact action which raise error in the CI ( #9462 )
2022-11-03 04:43:38 -07:00
Jiffs Maverick
4aa1ef28ea
Don't use coredns_server in dhclient.conf if nodelocaldns is enabled ( #9392 )
2022-11-03 02:45:36 -07:00
Fred Rolland
58faef6ff6
Flannel: fix init container image arch ( #9461 )
...
The install-cni-plugin image was not updated to the corresponding
arch when building the different DS.
Fixes issue #9460
Signed-off-by: Fred Rolland <frolland@nvidia.com>
Signed-off-by: Fred Rolland <frolland@nvidia.com>
2022-11-03 02:41:36 -07:00
yanggang
ce751cb89d
add variable condition snapshot in vSphere CSI ( #9429 )
2022-11-02 00:22:46 -07:00
cleverhu
5cf2883444
add retry for start calico kube controller ( #9450 )
...
Signed-off-by: cleverhu <shouping.hu@daocloud.io>
Signed-off-by: cleverhu <shouping.hu@daocloud.io>
2022-11-02 00:18:45 -07:00
charlychiu
6bff338bad
fix: hubble relay tls error ( #9457 )
2022-11-02 00:14:46 -07:00
William Turner
1f54cef71c
Add variable to set direct routing on flannel VXLAN ( #9438 )
2022-10-31 13:16:45 -07:00
yanggang
d00508105b
Removed PodSecurityPolicy from ingress-nginx ( #9448 )
2022-10-30 20:08:44 -07:00
lijin-union
c272421910
Add UOS linux support ( #9432 )
2022-10-30 17:16:43 -07:00
biqiang Wu
78624c5bcb
When using cilium CNI, install Cilium CLI ( #9436 )
...
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
2022-10-30 17:02:45 -07:00
biqiang Wu
c681435432
Add switch cilium_enable_bandwidth_manager ( #9441 )
...
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
2022-10-28 03:08:31 -07:00
杨刚
4d3f637684
Remove PodSecurityPolicies in Metallb for kubernetes 1.25 ( #9442 )
2022-10-27 21:46:30 -07:00
蒋航
990f87acc8
Update kube-vip to v0.5.5 ( #9437 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2022-10-26 19:28:32 -07:00
William Turner
eeb376460d
Fix inconsistent handling of admission plugin list ( #9407 )
...
* Fix inconsistent handling of admission plugin list
* Adjust hardening doc with the normalized admission plugin list
* Add pre-check for admission plugins format change
* Ignore checking admission plugins value when variable is not defined
2022-10-26 00:28:37 -07:00
Kay Yan
ef707b3461
update-containerd-1.6.9 ( #9427 )
2022-10-25 16:34:37 -07:00
Mohamed Zaian
2af918132e
Update kubernetes dashboard to 2.7.0 (k8s 1.25 support) ( #9425 )
2022-10-24 18:32:36 -07:00
Mohamed Zaian
b9b654714e
[nerdctl] upgrade to version 1.0.0 ( #9424 )
2022-10-24 18:28:35 -07:00
Mohamed Zaian
fe399e0e0c
[etcd] add 3.5.5 hashes, make it default for k8s 1.25 ( #9419 )
2022-10-24 00:06:26 -07:00
杨刚
b192053e28
as argocd 2.4.15 is releasesd , update the version ( #9420 )
2022-10-23 20:34:24 -07:00
Wouter Goedhart
1901b512d2
Make the port of kube-vip dynamic based on the kube_apiserver_port ( #9414 )
...
variable
Fix wrong referenced variable on bgp_peers
Fix bgp_peeras field to be a string
Set default value for bgp_peeras
2022-10-23 18:00:24 -07:00
ERIK
9fdda7eca8
Fix iputils install failure in Kylin OS ( #9416 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-10-21 04:53:51 -07:00
ERIK
a68ed897f0
Update kubelet checksum ( #9413 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-10-21 04:21:50 -07:00
Florian Ruynat
582ff96d19
Update docker version to 20.10.20 ( #9410 )
2022-10-20 18:45:15 -07:00
Kenichi Omichi
0374a55eb3
Specify securityContext for cert-manager ( #9404 )
...
On hardening environments, cert-manager pods could not be created
from the corresponding deployments. This adds the securityContext
to solve the issue.
2022-10-20 00:57:08 -07:00
Kay Yan
ccbe38f78c
make-kube-1.25-default ( #9364 )
2022-10-20 00:56:57 -07:00
Vladimir
958840da89
Add var for control initialDelaySeconds in nginx ingress probe ( #9405 )
...
Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>
Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>
2022-10-19 21:20:56 -07:00
Cristian Calin
1530411218
use cri-o from upstream instead of kubic/OBS ( #9374 )
...
* [cri-o] use cri-o from upstream instead of kubic/OBS
* [cri-o] add proper molecule coverage
* [skopeo] download skopeo from upstream build
* [cri-o] clean up legacy deployments
* disable cri-o per-distribution variables
2022-10-19 05:47:05 -07:00
Mohamed Zaian
0f44e8c812
[ingress-nginx] upgrade to 1.4.0 ( #9403 )
2022-10-18 16:53:00 -07:00
Maxime Leroy
d9c39c274e
fix(defaults): wrong cri_socket path for containerd ( #9401 )
2022-10-18 00:15:18 -07:00
Kenichi Omichi
c38fb866b7
Update securityContext of netchecker ( #9398 )
...
To run netchecker with necessary privilege,
this updates the securityContext.
2022-10-17 19:11:18 -07:00
Mohamed Zaian
5ad1d9db5e
[kubernetes] Add hashes for 1.25.3, 1.24.7, 1.23.13 and make v1.24.7 default ( #9397 )
2022-10-17 05:59:07 -07:00
Kay Yan
32f3d92d6b
Remove PodSecurityPolicies in Calico ( #9395 )
2022-10-17 05:51:07 -07:00
Cristian Calin
23716b0eff
don't define kubeadm_patches by default ( #9372 )
2022-10-14 01:20:46 -07:00
Kay Yan
859df84b45
remove-psp-in-flannel ( #9365 )
2022-10-14 00:16:47 -07:00
Kay Yan
131bd933a6
Fix ensure ping package error in fedora CoreOS & Flatcar ( #9370 )
...
* fix-ensure-package-in-coreos
* clean blank line
2022-10-13 16:54:46 -07:00
Unai Arríen
52904ee6ad
Avoid MetalLB speaker image download when MetalLB speaker is disabled ( #9248 )
...
* Avoid MetalLB speaker image download when metallb_speaker_enabled is set to
* Move metallb_speaker_enabled var to allow outside metalLB role references
* Move metallb_speaker_enabled var to allow outside metalLB role references
* Improve metallb_speaker_enabled default values
2022-10-13 16:50:47 -07:00
ghostloda
547ef747da
fix helm install with password authentication ( #9343 )
2022-10-12 23:55:01 -07:00
ERIK
bc5881b70a
Add the cilium hubble images to download role ( #9376 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-10-12 23:45:00 -07:00
Kenichi Omichi
f4b95d42a6
Add note for containerd oom_score ( #9384 )
...
When we saw 0 as the default value of containerd_oom_score, we had
a question why the value was not -999.
This adds the note to explain it.
2022-10-11 21:49:00 -07:00
Unai Arríen
ef76a578a4
Change dns upstream condition for nodelocaldns ( #9378 )
2022-10-11 00:47:02 -07:00
Piotr Kowalczyk
3b99d24ceb
Fix: install calico-kube-controller on kdd ( #9358 )
...
* Fix: install policy controller on kdd too
* Remove the calico_policy_version condition altogether
* Install policy controller both on canal and calico under same condition
2022-10-10 19:45:01 -07:00
Kay Yan
4701abff4c
upgrade-api-version-for-PodDisruptionBudget ( #9369 )
2022-10-10 17:51:02 -07:00
Joe Siponen
717b8daafe
Download coredns image to all hosts in k8s_cluster ( #9316 )
...
Coredns image must be available everywhere as it
may be rescheduled to a non-control-plane-node.
2022-10-08 05:03:19 -07:00
Kevin Huang
c346e46022
fix(cinder-csi-nodeplugin): Remove the pods-cloud-data volume ( #9362 )
2022-10-08 01:23:19 -07:00
Kenichi Omichi
24632ae81b
Add check_typo job ( #9361 )
...
To block merging pull requests which contain typo automatically.
2022-10-07 02:21:53 -07:00
JSpon
befde271eb
Use hostname override in post-remove role, just as pre-remove role does ( #9360 )
2022-10-06 15:03:52 -07:00
Huang Chen-Yi
d689f57c94
Features/support kubeadm patches v1beta3 ( #9326 )
...
* Support kubeadm patches in v1beta3
* Update kubeadm patches sample files in inventory
* Fix pre-commit syntax
* Set kubeadm_patches enabled to false in sample inventory
2022-10-06 00:39:52 -07:00
William Turner
ad3f503c0c
Fix default value for kubelet_secure_addresses ( #9355 )
2022-10-06 00:35:51 -07:00
Eugene Artemenko
8b9cd3959a
Add possibility to skip adding load balancer name in the hosts file ( #9331 )
2022-10-04 06:26:16 -07:00
Emin AKTAS
dffeab320e
feat: add a paramater to disable host nameservers ( #9357 )
...
Signed-off-by: eminaktas <eminaktas34@gmail.com>
Signed-off-by: eminaktas <eminaktas34@gmail.com>
2022-10-04 06:22:17 -07:00
Kay Yan
999586a110
sysctl_additional ( #9351 )
2022-10-02 23:06:14 -07:00
Kay Yan
44115d7d7a
support-kube-1.25 ( #9260 )
...
Co-authored-by: Rene Luria <rene.luria@infomaniak.com>
2022-09-29 23:34:30 -07:00
Florian Ruynat
841e2f44c0
Remove references to 1.22 ( #9342 )
2022-09-28 14:10:29 -07:00
Hugo Blom
a8e4984cf7
Add missing permissions to openstack cc ( #9335 )
...
Add missing permissions to Openstack cloud controller to make sure controller runs as intended
2022-09-27 22:19:35 -07:00
Rene Luria
3646dc0bd2
fix: remove trailing backslash and yaml indent ( #9339 )
...
* fix: remove trailing backslash
* fixed indent in cilium config template
2022-09-27 19:45:35 -07:00
biqiang Wu
31caab5f92
Fix: The Hubble certificate is faulty because the cluster name is hard coded ( #9340 )
...
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
2022-09-27 05:57:52 -07:00
ERIK
472996c8b3
update pause image version ( #9337 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-09-27 00:49:52 -07:00
Shelming.Song
d62c67a5f5
allow user to set env: FELIX_MTUIFACEPATTERN in calico-node.yml ( #9330 )
2022-09-26 21:57:45 -07:00
Federico Cucinella
e486151aea
cloud-provider-openstack: upgrade 1.22.0 to 1.23.4 ( #9332 )
2022-09-26 17:35:46 -07:00
Ho Kim
18efdc2c51
Fix typos in calico ( #9327 )
2022-09-26 00:11:44 -07:00
Zhong Jianxin
6dff39344b
preinstall: Add nodelocaldns to supersede_nameserver if enabled ( #9282 )
...
When a machine that use dhclient and resolvconf reboots, this will make /etc/resolv.conf
remain close to the one before reboot
2022-09-25 20:19:44 -07:00
Robin Wallace
c4de3df492
upcloud csi driver: bump version to v0.3.3 ( #9317 )
2022-09-24 13:18:04 -07:00
Ilya Margolin
f2e11f088b
Hotfix containerd restart ( #9322 )
2022-09-24 13:14:04 -07:00
Victor Morales
782f0511b9
Define ostree variable for runc ( #9321 )
...
The ostree variable is not defined previously raising an error when
the runtime tries to read it.
2022-09-24 13:00:11 -07:00
Florian Ruynat
4ad67acedd
Move back vsphere csi to kube-system ns ( #9312 )
2022-09-23 10:46:26 -07:00
Kei Kori
467dc19cbd
support removing options in resolvconf with tab separator ( #9304 )
2022-09-23 10:42:27 -07:00
Ilya Margolin
726711513f
[containerd] Allow configuring base_runtime_spec per containerd runtime ( #9302 )
...
and supply a default runtime spec.
2022-09-23 10:38:27 -07:00
Emin AKTAS
9468642269
feat: allows users to have more control on DNS ( #9270 )
...
Signed-off-by: eminaktas <eminaktas34@gmail.com>
Signed-off-by: eminaktas <eminaktas34@gmail.com>
2022-09-23 10:28:26 -07:00
Samuel Liu
d387d4811f
replace createhome ( #9314 )
2022-09-23 00:26:39 -07:00
Kay Yan
1b3c2dab2e
add_max_concurrent_in_coredns ( #9307 )
2022-09-22 04:27:03 -07:00
Mohamed Zaian
76573bf293
[kubernetes] Add hashes for 1.24.6, 1.22.15, 1.23.12 and make v1.24.6 default ( #9308 )
2022-09-22 04:13:03 -07:00
Kay Yan
5d3326b93f
add-ping-package ( #9284 )
2022-09-21 23:55:05 -07:00
Mohamed Zaian
68dac4e181
[flannel] update to v1.19.2 & make it default ( #9296 )
2022-09-21 23:51:04 -07:00
Ilya Margolin
262c96ec0b
Remove duplication in template ( #9301 )
...
by concatenating default and additional runtimes
2022-09-21 08:33:15 -07:00
Mohamed Zaian
2acdc33aa1
[helm] upgrade to 3.9.4 ( #9298 )
2022-09-20 04:37:20 -07:00
Krystian Młynek
8acd33d0df
Calico: add wireguard support for Rocky Linux 9 ( #9287 )
2022-09-20 00:29:20 -07:00
pingrulkin
a2e23c1a71
vsphere-csi: add nodeAffinity to daemonset ( #9293 )
2022-09-19 17:47:22 -07:00
rtsp
1b5cc175b9
[cert-manager] Upgrade to v1.9.1 ( #9295 )
2022-09-19 17:43:22 -07:00
Mohamed Zaian
a71da25b57
[argocd] update argocd to v2.4.12 ( #9297 )
2022-09-19 17:37:22 -07:00
Vadim
5ac614f97d
fix duplicate field in ingress-nginx template ( #9285 )
2022-09-19 03:03:22 -07:00
ErmalKristo
b8b8b82ff4
Adds support for multiple architectures to yq ( #9288 )
2022-09-19 02:14:38 -07:00
Necatican Yıldırım
7da3dbcb39
Cilium 1.12 Upgrade ( #9225 )
...
* Drop support for Cilium < 1.10
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* Synchronize Cilium templates for 1.11.7
Signed-off-by: necatican <contact@necatican.com>
* Set Cilium v1.12.1 as the default version
Signed-off-by: necatican <contact@necatican.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>
Signed-off-by: necatican <contact@necatican.com>
2022-09-19 02:14:31 -07:00
Mohamed Zaian
680293e79c
[kubernetes] Add hashes for 1.24.5, 1.22.14, 1.23.11 and make v1.24.5 default ( #9286 )
2022-09-19 02:10:31 -07:00
Mahdi Abbasi
023b16349e
Add variable for the vsphere-csi namespace ( #9278 )
2022-09-15 02:01:23 -07:00
Kay Yan
97ca2f3c78
add-timezone-support ( #9263 )
2022-09-14 21:11:22 -07:00
ERIK
7c2fb227f4
Add LimitMEMLOCK parameter configuration in containerd.service ( #9269 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-09-13 02:51:06 -07:00
ghostloda
08bfa0b18f
Upgrade ingress nginx webhook to 1.3.0 ( #9271 )
2022-09-13 01:47:05 -07:00
Ho Kim
952cad8d63
Remove mutual exclusivity in calico: NAT and router mode ( #9255 )
...
* Add optional NAT support in calico router mode
* Add a blank line in front of lists
* Remove mutual exclusivity: NAT and router mode
* Ignore router mode from NAT
* Update calico doc
2022-09-13 00:19:07 -07:00
cleverhu
fc57c0b27e
fix number node name can't be added ( #9266 )
...
Signed-off-by: cleverhu <shouping.hu@daocloud.io>
Signed-off-by: cleverhu <shouping.hu@daocloud.io>
2022-09-13 00:09:05 -07:00
Samuel Liu
dd4bc5fbfe
[etcd] Sometimes, we do not need to run etcd role on all nodes. ( #9173 )
...
* WIP: sometimes,we not run etcd
* fix ansible lint
* like calico(kdd) cni, no need run etcd
2022-09-09 01:29:22 -07:00
Mohamed Zaian
d2a7434c67
[ingress-nginx] upgrade to 1.3.1 ( #9264 )
2022-09-09 00:37:23 -07:00
ghostloda
f3fb758f0c
Remove useless file ( #9258 )
2022-09-07 17:10:49 -07:00
Krystian Młynek
6386ec029c
add retries for restart of kube-apiserver ( #9256 )
...
* add retries for restart of kube-apiserver
* change var name
2022-09-07 16:48:49 -07:00
Ho Kim
ad7cefa352
Ignore deleting nodes that are not in cluster ( #9244 )
2022-09-05 19:50:54 -07:00
Ho Kim
09d9bc910e
Fix typos in calico comments ( #9254 )
2022-09-05 18:46:54 -07:00
Michael Schmitz
be2bfd867c
Add Support for Rewrite Plugin to CoreDNS/NodelocalDNS ( #9245 )
2022-09-03 16:16:35 -07:00
lou-lan
133a7a0e1b
Add featureDetectOverride configration of calico ( #9249 )
2022-09-02 04:58:05 -07:00
Cristian Calin
6db6c8678c
disable kubelet_authorization_mode_webhook by default ( #9238 )
2022-08-31 04:53:00 -07:00
蒋航
7ebb8c3f2e
make calico installation more stable ( #9227 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2022-08-30 21:13:01 -07:00
Alessio Greggi
acb6f243fd
feat: add kubelet systemd service hardening option ( #9194 )
...
* feat: add kubelet systemd service hardening option
* refactor: move variable name to kubelet_secure_addresses
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
* docs: add diagram about kubelet_secure_addresses variable
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2022-08-30 11:18:55 -07:00
tasekida
220f149299
Fix abort because calicoctl.sh is not a full path ( #9217 )
2022-08-30 08:07:02 -07:00
Florian Ruynat
617b17ad46
Fix kube_ovn_hw_offload value ( #9218 )
2022-08-30 03:21:01 -07:00
kakkotetsu
9dc9a670a5
add runc v1.1.4 ( #9230 )
2022-08-30 02:01:01 -07:00
Kay Yan
b46ddf35fc
kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod ( #9223 )
...
* fix-kube-vip-strict-arp
* fix-kube-vip-strict-arp
2022-08-30 00:21:02 -07:00
Chad Swenson
de762400ad
Fixes for calico_datastore: etcd ( #9228 )
...
It seems that PR #8839 broke `calico_datastore: etcd` when it removed ipamconfig support for etcd mode.
This PR fixes some failing tasks when `calico_datastore == etcd`, but it does not restore ipamconfig support for calico in etcd mode. If someone wants to restore ipamconfig support for `calico_datastore: etcd` please submit a follow up PR for that.
2022-08-29 22:41:00 -07:00
Cristian Calin
e60ece2b5e
[CI] remove opensuse Leap from molecule test blocking CI ( #9229 )
2022-08-29 11:44:49 -07:00
Krystian Młynek
64daaf1887
cri-dockerd: add restart of docker.service ( #9205 )
...
* cri-dockerd: add restart of docker.service
* remove enabling of cri-dockerd.socket
2022-08-24 05:50:02 -07:00
Shelming.Song
c8a61ec98c
optimize the format of evictionHard in kubelet-config.yaml template ( #9204 )
2022-08-23 01:55:24 -07:00
Pavel Chekin
8f899a1101
Fix containerd (<1.7) configuration for insecure registries ( #9207 )
...
For the following configuration
```
containerd_insecure_registries:
docker.io:
- dockerhubcache.example.com
```
the rendered /etc/containerd/config.toml contains
```
[plugins."io.containerd.grpc.v1.cri".registry.configs."docker.io".tls]
insecure_skip_verify = true
```
but it needs to be
```
[plugins."io.containerd.grpc.v1.cri".registry.configs."dockerhubcache.example.com".tls]
insecure_skip_verify = true
```
2022-08-22 23:13:23 -07:00