Maxime Leroy
9fe89a0641
fix(apps): cinder: wrong rbac for csi-snapshotter-role ( #9610 )
2022-12-27 00:45:28 -08:00
Mohamed Zaian
14699f5e98
[helm] upgrade to 3.10.3 ( #9605 )
2022-12-25 16:01:26 -08:00
Mohamed Zaian
438da0c8e6
[argocd] update argocd to v2.5.5 ( #9604 )
2022-12-22 00:53:25 -08:00
emiran-orange
25f317233c
Remove immutable flag from /var/lib/kubelet subdirs ( #9597 )
...
* Remove immutable flag from /var/lib/kubelet subdirs
* Find files before changing attributes
2022-12-21 18:55:25 -08:00
C-Romeo
5e4d68b848
fix kube token dir permissions ( #9590 )
2022-12-21 15:45:25 -08:00
yanggang
4728739597
follow containerd1.16.13 and 1.16.14 ( #9585 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2022-12-21 00:35:28 -08:00
Kay Yan
fc0d58ff48
fix-missing-control-plane-taint ( #9592 )
2022-12-19 15:57:43 -08:00
janaurka
491e260d20
Feature/add flannel wireguard encryption backend as option ( #9583 )
...
* feat(): Add wireguard backend to flannel cni
As described in the flannel docs:
https://github.com/flannel-io/flannel/blob/master/Documentation/backends.md#wireguard
This does not support optional configuration methods like:
- setting a psk (will be autogenerated by default)
- chang listening ports
- change mode (defaults to 'separate')
- change PersistentKeepaliveInterval (defaults to 0)
* Add supported backends to flannel docs
* Fix markdown in docs
2022-12-18 15:39:43 -08:00
Xieql
c4d753c931
Fix annotation typo
...
Signed-off-by: Xieql <xieqianglong@huawei.com>
2022-12-15 18:40:30 +08:00
Lukas Najman
ee3b7c5da5
Use the correct api version and resourcer type. The current values work but do not match the documentation, which can be confusing. ( #9575 )
2022-12-15 01:21:35 -08:00
Robin Wallace
ccf60fc9ca
upcloud: Delete default reclaim policy ( #9574 )
2022-12-14 16:15:34 -08:00
Kay Yan
a38a3e7ddf
upgrade-calico-v3.24.5 ( #9580 )
2022-12-14 09:21:36 -08:00
Book shu
ff331f4eba
support flannel dual stack ( #9564 )
2022-12-13 20:47:35 -08:00
JSpon
94eae6a8dc
adjust calico-kube-controller to use hostNetwork when using etcd as datastore ( #9573 )
2022-12-13 20:41:34 -08:00
yanggang
f8d6b54dbb
Add hashes for 1.25.5, 1.24.9, 1.23.15 and make v1.25.5 default ( #9557 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2022-12-11 16:45:33 -08:00
emiran-orange
67c4f2d95e
Add XDG related Helm paths to be removed ( #9561 )
2022-12-10 03:59:40 -08:00
Mohamed Zaian
03fefa8933
[feat] Upgrade metrics server to v0.6.2 ( #9554 )
2022-12-10 03:55:40 -08:00
Fredrik Liv
c8ec77a734
[containerd] Add config for unpriviledged ports and icmp ( #9517 )
...
* [containerd] Add config for unpriviledged ports and icmp
* Updated to match true false variables of other setting
2022-12-09 06:16:12 -08:00
Chad Swenson
4f32f94a51
Fix drain rescue task when `kube_override_hostname` is set ( #9556 )
...
This fixes a task failure in the rescue block that uncordons nodes after an unsuccessful drain. The issue occurs when `kube_override_hostname` is set and does not match `inventory_hostname`.
2022-12-08 16:02:11 -08:00
Chad Swenson
3dc384a17a
Allow `containerd-common` to execute multiple times per play ( #9543 )
...
The `containerd-common` role is responsible for gathering OS specific variables from the vars directory of the roles that include or import it. `containerd-common` is imported via role dependency by a total of two roles, `container-engine/docker`, and `container-engine/containerd`.
containerd-common is needed by both the docker and containerd roles as a dependency when:
- containerd is selected as the container engine
- a docker install is detected and needs to be removed
- apt is the package manager
However, by default, roles can not be invoked more than once in the same play, unless `allow_duplicates: true` is set for that role. This results in the failure of the `containerd | Remove containerd repository` task, since only the docker vars will be loaded in the play, and `containerd_repo_info.repos`, normally populated by containerd/vars, is left empty.
This change sets `allow_duplicates: true` for `containerd-common` which fixes the currently failing containerd tasks if docker was detected and removed in the same play.
2022-12-08 15:58:18 -08:00
Samuel Liu
f1d0d1a9fe
[kube-ovn]: update version v1.10.7 ( #9527 )
...
* [kube-ovn]: update version
* update readme
2022-12-08 15:58:11 -08:00
Mohamed Zaian
c036a7d871
Disable 'Check that IP range is enough for the nodes' when calico is used ( #9491 )
2022-12-08 10:44:23 -08:00
yanggang
6e63f3d2b4
follow containerd1.16.12 ( #9551 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2022-12-08 07:36:24 -08:00
yanggang
09748e80e9
support containerd 1.6.11 ( #9544 )
2022-12-06 19:08:37 -08:00
Ugur Can Ozturk
a0f41bf82a
[metrics_server]: Enabled HA mode by adding 'metrics_server_replicas'… ( #9539 )
...
* [metrics_server]: Enabled HA mode by adding 'metrics_server_replicas' variable and adding podAntiAffinity rule
Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>
* [metrics_server]: added namespaces selector
Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>
Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>
2022-12-06 18:22:38 -08:00
Douglas Landgraf
1a0b81ac64
reset: RedHat based distro with major version >=8 ( #9537 )
...
During the reset, restart network was not completing in distros
like RHEL/CentOS/AlmaLinux with major version higher than 8.
Example:
kubespray> ansible-playbook -i inventory/mydomain/hosts.yml reset.yml -b -v
fatal: [mynode]: FAILED! => {"changed": false, "msg": "Could not find the requested service network: host"}
Signed-off-by: Douglas Schilling Landgraf <dlandgra@redhat.com>
Signed-off-by: Douglas Schilling Landgraf <dlandgra@redhat.com>
2022-12-05 08:57:03 -08:00
ERIK
20d99886ca
Update etcd log-level parameter name ( #9540 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-12-05 01:05:03 -08:00
Kay Yan
b9fe301036
add-check-for-resolv-to-avoid-coredns-crash ( #9502 )
2022-12-01 22:37:54 -08:00
Kay Yan
30508502d3
update-nginx-version ( #9506 )
2022-12-01 21:51:55 -08:00
Mohamed Zaian
bca601d377
[ingress-nginx] upgrade to 1.5.1 ( #9532 )
2022-12-01 21:45:54 -08:00
Mohamed Zaian
65191375b8
[etcd] make etcd 3.5.6 default ( #9520 )
2022-12-01 14:41:53 -08:00
ERIK
a534eb45ce
Update calico image tag ( #9529 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-12-01 03:18:27 -08:00
tu1h
e796f08184
update dashboard image repo to remove arch flag ( #9530 )
...
Signed-off-by: lihai.tu <lihai.tu@daocloud.io>
Signed-off-by: lihai.tu <lihai.tu@daocloud.io>
2022-12-01 01:42:26 -08:00
Kenichi Omichi
ed38d8d3a1
Add ingress-nginx check for updating README ( #9533 )
...
To detect the version mismatch.
2022-12-01 01:16:27 -08:00
Kay Yan
4db5e663c3
fix-mistake-regex-for-resolv-conf ( #9523 )
2022-11-30 03:48:56 -08:00
rtsp
529faeea9e
[cert-manager] Upgrade to v1.10.1 ( #9512 )
2022-11-29 07:17:26 -08:00
ERIK
47510899c7
Update the number of nofile limits in containerd ( #9507 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-11-25 15:12:04 -08:00
蒋航
7c1ee142dd
update envoy image to v1.22.5 ( #9513 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2022-11-23 19:26:05 -08:00
蒋航
25e86c5ca9
Update etcd image tag ( #9516 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2022-11-23 18:22:04 -08:00
ERIK
c41dd92007
Clean up cilium-init image ( #9508 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-11-23 09:06:20 -08:00
ERIK
a564d89d46
Update the tag of cilium hubble related images ( #9509 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-11-21 20:14:14 -08:00
Kay Yan
6c6a6e85da
update-coredns-version ( #9503 )
2022-11-18 20:16:29 -08:00
Robin Wallace
ed0acd8027
[openstack cloud controller] bump to v1.25.3 ( #9500 )
2022-11-18 04:26:31 -08:00
ERIK
b9a690463d
Add docker support for openEuler linux ( #9498 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-11-17 18:18:30 -08:00
ERIK
c3986957c4
Update runsc checksum ( #9493 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-11-16 00:52:48 -08:00
ERIK
8795cf6494
Add support for the OpenEuler Linux ( #9494 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-11-16 00:48:49 -08:00
yanggang
80af8a5e79
upgrade containerd_version to 1.6.10 ( #9492 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2022-11-15 03:58:41 -08:00
Sergey Putko
943107115a
disable Centos Extras repo creation for OL9 ( #9483 )
...
Centos 9 doesn't exists, and Centos 9-stream also doesn't have extras repo.
2022-11-14 16:28:41 -08:00
Mohamed Zaian
f007c77641
[etcd] make etcd 3.5.5 default for k8s 1.23 , 1.24 ( #9482 )
2022-11-12 03:39:56 -08:00
yanggang
9439487219
Add hashes for 1.25.4, 1.24.8, 1.23.14 and make v1.25.4 default ( #9479 )
...
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2022-11-10 20:00:09 -08:00
emiran-orange
df6da52195
Enable check mode in DNS Cleanup tasks ( #9472 )
2022-11-10 19:58:09 -08:00
ERIK
8a654b6955
Add cni bin when installing calico ( #9367 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-11-08 17:46:13 -08:00
Ilya Margolin
5a8cf824f6
[containerd] Simplify limiting number of open files per container ( #9319 )
...
by setting a default runtime spec with a patch for RLIMIT_NOFILE.
- Introduces containerd_base_runtime_spec_rlimit_nofile.
- Generates base_runtime_spec on-the-fly, to use the containerd version
of the node.
2022-11-08 06:44:32 -08:00
emiran-orange
5c25b57989
Ability to define options for DNS upstream servers ( #9311 )
...
* Ability to define options for DNS upstream servers
* Doc and sample inventory vars
2022-11-08 06:44:25 -08:00
Olivier Lemasle
5d1fe64bc8
Update local-volume-provisioner ( #9463 )
...
- Update and re-work the documentation:
- Update links
- Fix formatting (especially for lists)
- Remove documentation about `useAlphaApi`,
a flag only for k8s versions < v1.10
- Attempt to clarify the doc
- Update to version 1.5.0
- Remove PodSecurityPolicy (deprecated in k8s v1.21+)
- Update ClusterRole following upstream
(cf https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner/pull/292 )
- Add nodeSelector to DaemonSet (following upstream)
2022-11-07 15:28:17 -08:00
yanggang
0d6dc08578
upgrade argocd version 2.4.16 ( #9467 )
2022-11-06 18:04:16 -08:00
ERIK
40261fdf14
Fix iputils install failure in Kylin OS ( #9453 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-11-06 17:54:16 -08:00
Cyclinder
590b4aa240
adjust calico-kube-controller to non-hostnetwork pod ( #9465 )
...
Signed-off-by: cyclinder qifeng.guo@daocloud.io
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2022-11-06 17:34:17 -08:00
ausias-armesto
2a696ddb34
Adding metrics server to use host network ( #9444 )
...
* Adding metrics server to use host network
* EXternalize value to a variable
2022-11-06 02:38:15 -08:00
lijin-union
d7f08d1b0c
remove the set_fact action which raise error in the CI ( #9462 )
2022-11-03 04:43:38 -07:00
Jiffs Maverick
4aa1ef28ea
Don't use coredns_server in dhclient.conf if nodelocaldns is enabled ( #9392 )
2022-11-03 02:45:36 -07:00
Fred Rolland
58faef6ff6
Flannel: fix init container image arch ( #9461 )
...
The install-cni-plugin image was not updated to the corresponding
arch when building the different DS.
Fixes issue #9460
Signed-off-by: Fred Rolland <frolland@nvidia.com>
Signed-off-by: Fred Rolland <frolland@nvidia.com>
2022-11-03 02:41:36 -07:00
yanggang
ce751cb89d
add variable condition snapshot in vSphere CSI ( #9429 )
2022-11-02 00:22:46 -07:00
cleverhu
5cf2883444
add retry for start calico kube controller ( #9450 )
...
Signed-off-by: cleverhu <shouping.hu@daocloud.io>
Signed-off-by: cleverhu <shouping.hu@daocloud.io>
2022-11-02 00:18:45 -07:00
charlychiu
6bff338bad
fix: hubble relay tls error ( #9457 )
2022-11-02 00:14:46 -07:00
William Turner
1f54cef71c
Add variable to set direct routing on flannel VXLAN ( #9438 )
2022-10-31 13:16:45 -07:00
yanggang
d00508105b
Removed PodSecurityPolicy from ingress-nginx ( #9448 )
2022-10-30 20:08:44 -07:00
lijin-union
c272421910
Add UOS linux support ( #9432 )
2022-10-30 17:16:43 -07:00
biqiang Wu
78624c5bcb
When using cilium CNI, install Cilium CLI ( #9436 )
...
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
2022-10-30 17:02:45 -07:00
biqiang Wu
c681435432
Add switch cilium_enable_bandwidth_manager ( #9441 )
...
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
2022-10-28 03:08:31 -07:00
杨刚
4d3f637684
Remove PodSecurityPolicies in Metallb for kubernetes 1.25 ( #9442 )
2022-10-27 21:46:30 -07:00
蒋航
990f87acc8
Update kube-vip to v0.5.5 ( #9437 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2022-10-26 19:28:32 -07:00
William Turner
eeb376460d
Fix inconsistent handling of admission plugin list ( #9407 )
...
* Fix inconsistent handling of admission plugin list
* Adjust hardening doc with the normalized admission plugin list
* Add pre-check for admission plugins format change
* Ignore checking admission plugins value when variable is not defined
2022-10-26 00:28:37 -07:00
Kay Yan
ef707b3461
update-containerd-1.6.9 ( #9427 )
2022-10-25 16:34:37 -07:00
Mohamed Zaian
2af918132e
Update kubernetes dashboard to 2.7.0 (k8s 1.25 support) ( #9425 )
2022-10-24 18:32:36 -07:00
Mohamed Zaian
b9b654714e
[nerdctl] upgrade to version 1.0.0 ( #9424 )
2022-10-24 18:28:35 -07:00
Mohamed Zaian
fe399e0e0c
[etcd] add 3.5.5 hashes, make it default for k8s 1.25 ( #9419 )
2022-10-24 00:06:26 -07:00
杨刚
b192053e28
as argocd 2.4.15 is releasesd , update the version ( #9420 )
2022-10-23 20:34:24 -07:00
Wouter Goedhart
1901b512d2
Make the port of kube-vip dynamic based on the kube_apiserver_port ( #9414 )
...
variable
Fix wrong referenced variable on bgp_peers
Fix bgp_peeras field to be a string
Set default value for bgp_peeras
2022-10-23 18:00:24 -07:00
ERIK
9fdda7eca8
Fix iputils install failure in Kylin OS ( #9416 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-10-21 04:53:51 -07:00
ERIK
a68ed897f0
Update kubelet checksum ( #9413 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-10-21 04:21:50 -07:00
Florian Ruynat
582ff96d19
Update docker version to 20.10.20 ( #9410 )
2022-10-20 18:45:15 -07:00
Kenichi Omichi
0374a55eb3
Specify securityContext for cert-manager ( #9404 )
...
On hardening environments, cert-manager pods could not be created
from the corresponding deployments. This adds the securityContext
to solve the issue.
2022-10-20 00:57:08 -07:00
Kay Yan
ccbe38f78c
make-kube-1.25-default ( #9364 )
2022-10-20 00:56:57 -07:00
Vladimir
958840da89
Add var for control initialDelaySeconds in nginx ingress probe ( #9405 )
...
Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>
Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>
2022-10-19 21:20:56 -07:00
Cristian Calin
1530411218
use cri-o from upstream instead of kubic/OBS ( #9374 )
...
* [cri-o] use cri-o from upstream instead of kubic/OBS
* [cri-o] add proper molecule coverage
* [skopeo] download skopeo from upstream build
* [cri-o] clean up legacy deployments
* disable cri-o per-distribution variables
2022-10-19 05:47:05 -07:00
Mohamed Zaian
0f44e8c812
[ingress-nginx] upgrade to 1.4.0 ( #9403 )
2022-10-18 16:53:00 -07:00
Maxime Leroy
d9c39c274e
fix(defaults): wrong cri_socket path for containerd ( #9401 )
2022-10-18 00:15:18 -07:00
Kenichi Omichi
c38fb866b7
Update securityContext of netchecker ( #9398 )
...
To run netchecker with necessary privilege,
this updates the securityContext.
2022-10-17 19:11:18 -07:00
Mohamed Zaian
5ad1d9db5e
[kubernetes] Add hashes for 1.25.3, 1.24.7, 1.23.13 and make v1.24.7 default ( #9397 )
2022-10-17 05:59:07 -07:00
Kay Yan
32f3d92d6b
Remove PodSecurityPolicies in Calico ( #9395 )
2022-10-17 05:51:07 -07:00
Cristian Calin
23716b0eff
don't define kubeadm_patches by default ( #9372 )
2022-10-14 01:20:46 -07:00
Kay Yan
859df84b45
remove-psp-in-flannel ( #9365 )
2022-10-14 00:16:47 -07:00
Kay Yan
131bd933a6
Fix ensure ping package error in fedora CoreOS & Flatcar ( #9370 )
...
* fix-ensure-package-in-coreos
* clean blank line
2022-10-13 16:54:46 -07:00
Unai Arríen
52904ee6ad
Avoid MetalLB speaker image download when MetalLB speaker is disabled ( #9248 )
...
* Avoid MetalLB speaker image download when metallb_speaker_enabled is set to
* Move metallb_speaker_enabled var to allow outside metalLB role references
* Move metallb_speaker_enabled var to allow outside metalLB role references
* Improve metallb_speaker_enabled default values
2022-10-13 16:50:47 -07:00
ghostloda
547ef747da
fix helm install with password authentication ( #9343 )
2022-10-12 23:55:01 -07:00
ERIK
bc5881b70a
Add the cilium hubble images to download role ( #9376 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-10-12 23:45:00 -07:00
Kenichi Omichi
f4b95d42a6
Add note for containerd oom_score ( #9384 )
...
When we saw 0 as the default value of containerd_oom_score, we had
a question why the value was not -999.
This adds the note to explain it.
2022-10-11 21:49:00 -07:00
Unai Arríen
ef76a578a4
Change dns upstream condition for nodelocaldns ( #9378 )
2022-10-11 00:47:02 -07:00
Piotr Kowalczyk
3b99d24ceb
Fix: install calico-kube-controller on kdd ( #9358 )
...
* Fix: install policy controller on kdd too
* Remove the calico_policy_version condition altogether
* Install policy controller both on canal and calico under same condition
2022-10-10 19:45:01 -07:00
Kay Yan
4701abff4c
upgrade-api-version-for-PodDisruptionBudget ( #9369 )
2022-10-10 17:51:02 -07:00
Joe Siponen
717b8daafe
Download coredns image to all hosts in k8s_cluster ( #9316 )
...
Coredns image must be available everywhere as it
may be rescheduled to a non-control-plane-node.
2022-10-08 05:03:19 -07:00
Kevin Huang
c346e46022
fix(cinder-csi-nodeplugin): Remove the pods-cloud-data volume ( #9362 )
2022-10-08 01:23:19 -07:00
Kenichi Omichi
24632ae81b
Add check_typo job ( #9361 )
...
To block merging pull requests which contain typo automatically.
2022-10-07 02:21:53 -07:00
JSpon
befde271eb
Use hostname override in post-remove role, just as pre-remove role does ( #9360 )
2022-10-06 15:03:52 -07:00
Huang Chen-Yi
d689f57c94
Features/support kubeadm patches v1beta3 ( #9326 )
...
* Support kubeadm patches in v1beta3
* Update kubeadm patches sample files in inventory
* Fix pre-commit syntax
* Set kubeadm_patches enabled to false in sample inventory
2022-10-06 00:39:52 -07:00
William Turner
ad3f503c0c
Fix default value for kubelet_secure_addresses ( #9355 )
2022-10-06 00:35:51 -07:00
Eugene Artemenko
8b9cd3959a
Add possibility to skip adding load balancer name in the hosts file ( #9331 )
2022-10-04 06:26:16 -07:00
Emin AKTAS
dffeab320e
feat: add a paramater to disable host nameservers ( #9357 )
...
Signed-off-by: eminaktas <eminaktas34@gmail.com>
Signed-off-by: eminaktas <eminaktas34@gmail.com>
2022-10-04 06:22:17 -07:00
Kay Yan
999586a110
sysctl_additional ( #9351 )
2022-10-02 23:06:14 -07:00
Kay Yan
44115d7d7a
support-kube-1.25 ( #9260 )
...
Co-authored-by: Rene Luria <rene.luria@infomaniak.com>
2022-09-29 23:34:30 -07:00
Florian Ruynat
841e2f44c0
Remove references to 1.22 ( #9342 )
2022-09-28 14:10:29 -07:00
Hugo Blom
a8e4984cf7
Add missing permissions to openstack cc ( #9335 )
...
Add missing permissions to Openstack cloud controller to make sure controller runs as intended
2022-09-27 22:19:35 -07:00
Rene Luria
3646dc0bd2
fix: remove trailing backslash and yaml indent ( #9339 )
...
* fix: remove trailing backslash
* fixed indent in cilium config template
2022-09-27 19:45:35 -07:00
biqiang Wu
31caab5f92
Fix: The Hubble certificate is faulty because the cluster name is hard coded ( #9340 )
...
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
2022-09-27 05:57:52 -07:00
ERIK
472996c8b3
update pause image version ( #9337 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-09-27 00:49:52 -07:00
Shelming.Song
d62c67a5f5
allow user to set env: FELIX_MTUIFACEPATTERN in calico-node.yml ( #9330 )
2022-09-26 21:57:45 -07:00
Federico Cucinella
e486151aea
cloud-provider-openstack: upgrade 1.22.0 to 1.23.4 ( #9332 )
2022-09-26 17:35:46 -07:00
Ho Kim
18efdc2c51
Fix typos in calico ( #9327 )
2022-09-26 00:11:44 -07:00
Zhong Jianxin
6dff39344b
preinstall: Add nodelocaldns to supersede_nameserver if enabled ( #9282 )
...
When a machine that use dhclient and resolvconf reboots, this will make /etc/resolv.conf
remain close to the one before reboot
2022-09-25 20:19:44 -07:00
Robin Wallace
c4de3df492
upcloud csi driver: bump version to v0.3.3 ( #9317 )
2022-09-24 13:18:04 -07:00
Ilya Margolin
f2e11f088b
Hotfix containerd restart ( #9322 )
2022-09-24 13:14:04 -07:00
Victor Morales
782f0511b9
Define ostree variable for runc ( #9321 )
...
The ostree variable is not defined previously raising an error when
the runtime tries to read it.
2022-09-24 13:00:11 -07:00
Florian Ruynat
4ad67acedd
Move back vsphere csi to kube-system ns ( #9312 )
2022-09-23 10:46:26 -07:00
Kei Kori
467dc19cbd
support removing options in resolvconf with tab separator ( #9304 )
2022-09-23 10:42:27 -07:00
Ilya Margolin
726711513f
[containerd] Allow configuring base_runtime_spec per containerd runtime ( #9302 )
...
and supply a default runtime spec.
2022-09-23 10:38:27 -07:00
Emin AKTAS
9468642269
feat: allows users to have more control on DNS ( #9270 )
...
Signed-off-by: eminaktas <eminaktas34@gmail.com>
Signed-off-by: eminaktas <eminaktas34@gmail.com>
2022-09-23 10:28:26 -07:00
Samuel Liu
d387d4811f
replace createhome ( #9314 )
2022-09-23 00:26:39 -07:00
Kay Yan
1b3c2dab2e
add_max_concurrent_in_coredns ( #9307 )
2022-09-22 04:27:03 -07:00
Mohamed Zaian
76573bf293
[kubernetes] Add hashes for 1.24.6, 1.22.15, 1.23.12 and make v1.24.6 default ( #9308 )
2022-09-22 04:13:03 -07:00
Kay Yan
5d3326b93f
add-ping-package ( #9284 )
2022-09-21 23:55:05 -07:00
Mohamed Zaian
68dac4e181
[flannel] update to v1.19.2 & make it default ( #9296 )
2022-09-21 23:51:04 -07:00
Ilya Margolin
262c96ec0b
Remove duplication in template ( #9301 )
...
by concatenating default and additional runtimes
2022-09-21 08:33:15 -07:00
Mohamed Zaian
2acdc33aa1
[helm] upgrade to 3.9.4 ( #9298 )
2022-09-20 04:37:20 -07:00
Krystian Młynek
8acd33d0df
Calico: add wireguard support for Rocky Linux 9 ( #9287 )
2022-09-20 00:29:20 -07:00
pingrulkin
a2e23c1a71
vsphere-csi: add nodeAffinity to daemonset ( #9293 )
2022-09-19 17:47:22 -07:00
rtsp
1b5cc175b9
[cert-manager] Upgrade to v1.9.1 ( #9295 )
2022-09-19 17:43:22 -07:00
Mohamed Zaian
a71da25b57
[argocd] update argocd to v2.4.12 ( #9297 )
2022-09-19 17:37:22 -07:00
Vadim
5ac614f97d
fix duplicate field in ingress-nginx template ( #9285 )
2022-09-19 03:03:22 -07:00
ErmalKristo
b8b8b82ff4
Adds support for multiple architectures to yq ( #9288 )
2022-09-19 02:14:38 -07:00
Necatican Yıldırım
7da3dbcb39
Cilium 1.12 Upgrade ( #9225 )
...
* Drop support for Cilium < 1.10
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* Synchronize Cilium templates for 1.11.7
Signed-off-by: necatican <contact@necatican.com>
* Set Cilium v1.12.1 as the default version
Signed-off-by: necatican <contact@necatican.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>
Signed-off-by: necatican <contact@necatican.com>
2022-09-19 02:14:31 -07:00
Mohamed Zaian
680293e79c
[kubernetes] Add hashes for 1.24.5, 1.22.14, 1.23.11 and make v1.24.5 default ( #9286 )
2022-09-19 02:10:31 -07:00
Mahdi Abbasi
023b16349e
Add variable for the vsphere-csi namespace ( #9278 )
2022-09-15 02:01:23 -07:00
Kay Yan
97ca2f3c78
add-timezone-support ( #9263 )
2022-09-14 21:11:22 -07:00
ERIK
7c2fb227f4
Add LimitMEMLOCK parameter configuration in containerd.service ( #9269 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-09-13 02:51:06 -07:00
ghostloda
08bfa0b18f
Upgrade ingress nginx webhook to 1.3.0 ( #9271 )
2022-09-13 01:47:05 -07:00
Ho Kim
952cad8d63
Remove mutual exclusivity in calico: NAT and router mode ( #9255 )
...
* Add optional NAT support in calico router mode
* Add a blank line in front of lists
* Remove mutual exclusivity: NAT and router mode
* Ignore router mode from NAT
* Update calico doc
2022-09-13 00:19:07 -07:00
cleverhu
fc57c0b27e
fix number node name can't be added ( #9266 )
...
Signed-off-by: cleverhu <shouping.hu@daocloud.io>
Signed-off-by: cleverhu <shouping.hu@daocloud.io>
2022-09-13 00:09:05 -07:00
Samuel Liu
dd4bc5fbfe
[etcd] Sometimes, we do not need to run etcd role on all nodes. ( #9173 )
...
* WIP: sometimes,we not run etcd
* fix ansible lint
* like calico(kdd) cni, no need run etcd
2022-09-09 01:29:22 -07:00
Mohamed Zaian
d2a7434c67
[ingress-nginx] upgrade to 1.3.1 ( #9264 )
2022-09-09 00:37:23 -07:00
ghostloda
f3fb758f0c
Remove useless file ( #9258 )
2022-09-07 17:10:49 -07:00
Krystian Młynek
6386ec029c
add retries for restart of kube-apiserver ( #9256 )
...
* add retries for restart of kube-apiserver
* change var name
2022-09-07 16:48:49 -07:00
Ho Kim
ad7cefa352
Ignore deleting nodes that are not in cluster ( #9244 )
2022-09-05 19:50:54 -07:00
Ho Kim
09d9bc910e
Fix typos in calico comments ( #9254 )
2022-09-05 18:46:54 -07:00
Michael Schmitz
be2bfd867c
Add Support for Rewrite Plugin to CoreDNS/NodelocalDNS ( #9245 )
2022-09-03 16:16:35 -07:00
lou-lan
133a7a0e1b
Add featureDetectOverride configration of calico ( #9249 )
2022-09-02 04:58:05 -07:00
Cristian Calin
6db6c8678c
disable kubelet_authorization_mode_webhook by default ( #9238 )
2022-08-31 04:53:00 -07:00
蒋航
7ebb8c3f2e
make calico installation more stable ( #9227 )
...
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2022-08-30 21:13:01 -07:00
Alessio Greggi
acb6f243fd
feat: add kubelet systemd service hardening option ( #9194 )
...
* feat: add kubelet systemd service hardening option
* refactor: move variable name to kubelet_secure_addresses
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
* docs: add diagram about kubelet_secure_addresses variable
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2022-08-30 11:18:55 -07:00
tasekida
220f149299
Fix abort because calicoctl.sh is not a full path ( #9217 )
2022-08-30 08:07:02 -07:00
Florian Ruynat
617b17ad46
Fix kube_ovn_hw_offload value ( #9218 )
2022-08-30 03:21:01 -07:00
kakkotetsu
9dc9a670a5
add runc v1.1.4 ( #9230 )
2022-08-30 02:01:01 -07:00
Kay Yan
b46ddf35fc
kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod ( #9223 )
...
* fix-kube-vip-strict-arp
* fix-kube-vip-strict-arp
2022-08-30 00:21:02 -07:00
Chad Swenson
de762400ad
Fixes for calico_datastore: etcd ( #9228 )
...
It seems that PR #8839 broke `calico_datastore: etcd` when it removed ipamconfig support for etcd mode.
This PR fixes some failing tasks when `calico_datastore == etcd`, but it does not restore ipamconfig support for calico in etcd mode. If someone wants to restore ipamconfig support for `calico_datastore: etcd` please submit a follow up PR for that.
2022-08-29 22:41:00 -07:00
Cristian Calin
e60ece2b5e
[CI] remove opensuse Leap from molecule test blocking CI ( #9229 )
2022-08-29 11:44:49 -07:00
Krystian Młynek
64daaf1887
cri-dockerd: add restart of docker.service ( #9205 )
...
* cri-dockerd: add restart of docker.service
* remove enabling of cri-dockerd.socket
2022-08-24 05:50:02 -07:00
Shelming.Song
c8a61ec98c
optimize the format of evictionHard in kubelet-config.yaml template ( #9204 )
2022-08-23 01:55:24 -07:00
Pavel Chekin
8f899a1101
Fix containerd (<1.7) configuration for insecure registries ( #9207 )
...
For the following configuration
```
containerd_insecure_registries:
docker.io:
- dockerhubcache.example.com
```
the rendered /etc/containerd/config.toml contains
```
[plugins."io.containerd.grpc.v1.cri".registry.configs."docker.io".tls]
insecure_skip_verify = true
```
but it needs to be
```
[plugins."io.containerd.grpc.v1.cri".registry.configs."dockerhubcache.example.com".tls]
insecure_skip_verify = true
```
2022-08-22 23:13:23 -07:00
Mostafa Ghadimi
386c739d5b
🌱 Enable cri-dockerd service ( #9201 )
...
* 🌱 Enable cri-dockerd service
* 🔨 Fix the task name in order to pass the CI tests
2022-08-22 07:17:43 -07:00
Tristan
bbd1161147
9035: Make Cilium rolling-restart delay/timeout configurable ( #9176 )
...
See #9035
2022-08-22 02:37:44 -07:00
Mohamed Zaian
ab938602a9
[kubernetes] Add hashes for 1.24.4, 1.22.13, 1.23.10 and make v1.24.4 default ( #9191 )
2022-08-21 23:11:44 -07:00
Ho Kim
e31890806c
Add 'avoid-buggy-ips' support of MetalLB ( #9166 )
2022-08-18 21:49:51 -07:00
Tomas Zvala
30c77ea4c1
Add the option to enable default Pod Security Configuration ( #9017 )
...
* Add the option to enable default Pod Security Configuration
Enable Pod Security in all namespaces by default with the option to
exempt some namespaces. Without the change only namespaces explicitly
configured will receive the admission plugin treatment.
* Fix the PR according to code review comments
* Revert the latest changes
- leave the empty file when kube_pod_security_use_default, but add comment explaining the empty file
- don't attempt magic at conditionally adding PodSecurity to kube_apiserver_admission_plugins_needs_configuration
2022-08-18 01:16:36 -07:00
GreatLazyMan
175cdba9b1
Add 'flush ip6tables' task in reset role ( #9168 )
...
* Add 'flush ip6tables' task in reset role
If enable_dual_stack_networks is set to true and ip6 is defined,ip6tables will be created. But when reset the kubernetes cluster, kubespray doesn't flush ip6tables.
* [CI] fix molecule tests on opensuse by upgrading to 15.4 (#9175 )
* [CI] fix molecule tests on opensuse by upgrading to 15.4
* [opensuse] use correct python crytography package name depending on distribution version
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2022-08-18 01:12:37 -07:00
Thearas
ea29cd0890
add list nodes rules to cilium-operator clusterrole ( #9178 )
2022-08-18 01:02:36 -07:00
Ho Kim
be5fdab3aa
Disable DNSStubListener for Flatcar Linux ( #9160 )
...
* Disable DNSStubListener for Flatcar Linux
* Fix missing "Flatcar" condition of os_family
2022-08-18 00:56:49 -07:00
Piotr Kowalczyk
49d869f662
Fix CSI drivers issues on Azure ( #9153 )
...
* Include missing azuredisk rbac manifest
* Remove missing azure csi manifest
* Remove invalid reference mount to waagent settings
* Use cloud-config secret instead of /etc/kubernetes/cloud_config file
2022-08-18 00:56:36 -07:00
Samuel Liu
b36bb9115a
[calico] calico rr supports multiple groups ( #9134 )
...
* update calico rr
* fix bgppeer conf
* fix yamllint
* fix ansible lint
* fix calico deploy
* fix yamllint
* fix some typo
2022-08-18 00:52:37 -07:00
ERIK
9ad2d24ad8
Add unsafe_show_logs switch ( #9164 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-08-16 18:52:48 -07:00
Kay Yan
0088fe0ab7
add-tar-in-common-package ( #9184 )
2022-08-16 05:17:18 -07:00
Mohamed Zaian
ab93b17a7e
[containerd] upgrade to 1.6.8 , add hashes, containerd now supports ppc64le from v1.6.7 ( #9181 )
2022-08-16 05:17:07 -07:00
Jin Li
9f1b980844
Update dashboard to 2.6.1 ( #9185 )
2022-08-16 04:57:08 -07:00
Alessio Greggi
86d05ac180
fix: remove condition for user creation ( #9125 )
...
This condition blocks the creation of the `etcd` user in certain conditions.
Specifically, when you have a `etcd_deployment_type: kubeadm` and `kube_owner: root`.
Being the `root` user already present on the system, this will not be a problem (due to the idempotency of ansible).
2022-08-15 23:55:07 -07:00
Peter Pan
bf6fcf6347
Upgrade nerdctl from 0.20.0 to 0.22.2 ( #9180 )
2022-08-15 22:39:07 -07:00
Cristian Calin
b9e4e27195
[CI] fix molecule tests on opensuse by upgrading to 15.4 ( #9175 )
...
* [CI] fix molecule tests on opensuse by upgrading to 15.4
* [opensuse] use correct python crytography package name depending on distribution version
2022-08-14 19:02:13 -07:00
Cristian Calin
8585134db4
when ingress-nginx is deployes without a class, we need to use 'ingress-controller-leader' resource instead of the default 'ingress-controller-leader-nginx' ( #9156 )
2022-08-09 04:52:50 -07:00
emiran-orange
2b97b661d8
Move old etcd backup removal after etcd restart ( #9147 )
2022-08-05 08:09:59 -07:00
emiran-orange
24f12b024d
Argument jsonpath must be single-quoted in "See if node is schedulable" task ( #9146 )
2022-08-05 08:09:47 -07:00
ERIK
47050003a0
Add docker support for Kylin V10 ( #9144 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-08-03 15:03:46 -07:00
Florian Ruynat
307f598bc8
Move flannel to etcd datastore
2022-08-02 16:55:52 -07:00
Florian Ruynat
eb10249a75
Align canal templates with calico official ones (k8s datastore)
2022-08-02 16:55:52 -07:00
Marco Fortina
b4318e9967
Update to latest local path provisioner version ( #9132 )
2022-08-01 14:56:28 -07:00
Marco Fortina
c53561c9a0
Update to latest registry version ( #9133 )
2022-08-01 14:52:28 -07:00
ERIK
f2f9f1d377
Add kylin OS support ( #9078 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-08-01 10:44:29 -07:00
Boris Barnier
4487a374b1
Update Kube-router version to 1.5.1 ( #9136 )
...
https://github.com/cloudnativelabs/kube-router/releases/tag/v1.5.1
2022-08-01 00:16:28 -07:00
Aveline
06f8368ce6
Fix Hetzner CCM cluster-cidr ( #9127 )
2022-07-30 20:18:27 -07:00
Mohamed Zaian
5b976a8d80
[calico] add hashes for v3.22.4 & v3.21.6 ( #9129 )
2022-07-30 20:14:38 -07:00
Samuel Liu
e73803c72c
pid reserved must be str ( #9124 )
2022-07-30 20:14:27 -07:00
rtsp
b3876142d2
[cert-manager] Upgrade to v1.9.0 ( #9117 )
2022-07-29 00:11:11 -07:00
Mohamed Zaian
9f11946f8a
[argocd] update argocd to v2.4.7 ( #9105 )
2022-07-27 09:32:29 -07:00
Ader Fu
09291bbdd2
Use a variable for roles of remove-node/post-remove ( #9096 )
...
Signed-off-by: ydFu <ader.ydfu@gmail.com>
2022-07-26 10:51:09 -07:00
Mohamed Zaian
65d95d767a
[helm] upgrade to 3.9.2 ( #9115 )
2022-07-26 10:41:09 -07:00
Denis Khachyan
8306adb102
update cilium to v1.11.7 ( #9119 )
2022-07-26 10:33:11 -07:00
ERIK
4b3db07cdb
Fix calicoctl version to v3.23.3 ( #9121 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-07-26 10:29:10 -07:00
gssjl2008
c24a3a3b15
Keep the style consistent ( #9116 )
2022-07-24 23:46:59 -07:00
Mohamed Zaian
aca6be3adf
[calico] add v3.23.3 and make it default ( #9112 )
2022-07-22 00:01:39 -07:00
Florian Ruynat
a608a048ad
Update kube-ovn to v1.9.7
2022-07-21 23:03:38 -07:00
Mohamed Zaian
0cfa03fa8a
[flannel] update to v1.18.1 & make it default ( #9104 )
2022-07-21 00:19:55 -07:00
忘尘
6525461d97
Add reset tasks specific to calico network_plugin ( #9103 )
2022-07-19 13:15:27 -07:00
Kay Yan
f592fa1235
add kube-vip sans ( #9099 )
2022-07-19 13:11:28 -07:00
Cyclinder
2e1863af78
feat: change default blockSize for calico ( #9055 )
...
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2022-07-19 13:05:27 -07:00
Kay Yan
2a282711df
update-loadbalancers-versions ( #9100 )
2022-07-19 13:01:28 -07:00
Mohamed Zaian
91073d7379
[kubernetes] make v1.24.3 default ( #9101 )
2022-07-19 02:58:06 -07:00
Alessio Greggi
3ce5458f32
hardening: Add `SeccompDefault` admission plugin for kubelet ( #9074 )
...
* docs(hardening): add SeccompDefault admission plugin to kubelet feature gates
* fix(kubelet-config): enable config through kubelet_feature_gates
* feat(kubelet): add kubelet_seccomp_default variable
2022-07-19 00:50:07 -07:00
Marco Fortina
98c194735c
[kubernetes] add hashes for v1.22.12, v1.23.9 & v1.24.3 ( #9092 )
2022-07-19 00:30:19 -07:00
pil57852
626ea64f66
9052 crio add dpkg hold ( #9075 )
...
* Update main.yaml
* remove version in dpkg_selection name
* make lint happy
* Fix typo
* add comment / remove useless contition
* remove dpkg hold in reset tasks
2022-07-19 00:30:07 -07:00
Mohamed Zaian
ce04fdde72
[ingress-nginx] upgrade to 1.3.0 ( #9088 )
...
* This release removes support for Kubernetes v1.19.0
* This release adds support for Kubernetes v1.24.0
* Starting with this release, we will need permissions on the coordination.k8s.io/leases resource for leaderelection lock
2022-07-14 18:46:25 -07:00
ERIK
4ed3c85a88
Fix calicoctl checksums for v3.23.2 ( #9087 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-07-13 14:02:57 -07:00
Peter Pan
14063b023c
Extend DNS memory limit. 170Mi tents to OOM ( #9084 )
2022-07-13 00:03:37 -07:00
Samuel Liu
d821bed2ea
Fix some typo ( #9056 )
...
* fix ingress controller task name
* fix calico word
* add check typo
2022-07-11 09:49:48 -07:00
Mohamed Zaian
a7ba7cdcd5
[calico] add v3.23.2 and make it default ( #9041 )
2022-07-08 10:41:48 -07:00
Kenichi Omichi
c01656b1e3
Allow "openSUSE Tumbleweed" to be run ( #9072 )
...
The commit 1ce2f04
tried to merge multiple SUSE OS checks including
"openSUSE Leap" and "openSUSE Tumbleweed" into a single SUSE, but
that was a perfect change.
Then the commit c16efc9
tried to fix it for "openSUSE Leap", but it
didn't take care of "openSUSE Tumbleweed".
Then this adds "openSUSE Tumbleweed" to the OS check.
2022-07-08 04:55:47 -07:00
Emin AKTAS
5071529a74
feat: upgrade cilium and add default variables ( #9065 )
...
Signed-off-by: eminaktas <eminaktas34@gmail.com>
Signed-off-by: Emin Aktas <emin.aktas@trendyol.com>
2022-07-07 10:35:34 -07:00
yasintahaerol
6d543b830a
Fix vcloud-csi bug related to #9046 ( #9066 )
...
* Fix vcloud-csi bug related to #9046
Signed-off-by: yasintahaerol <yasintahaerol@gmail.com>
* add supervisor-fss-namespace=kube-system flag to vsphere-csi-controller-deployment
Signed-off-by: yasintahaerol <yasintahaerol@gmail.com>
2022-07-07 10:31:35 -07:00
Emin AKTAS
4607ac2e93
fix(vsphere-csi): remove namespace env variable and set namespace as kube-system ( #9046 )
...
Signed-off-by: eminaktas <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2022-07-06 01:00:50 -07:00
Kay Yan
9ca5632582
fix-docker-option-in-centos-arm64 ( #9047 )
2022-07-05 08:26:47 -07:00
Mohamed Zaian
51195212b4
[argocd] update argocd to v2.4.3 ( #9050 )
2022-07-05 08:22:47 -07:00
Kenichi Omichi
7414409aa0
Add target components on check_readme_versions.sh ( #9045 )
...
This adds target components on check_readme_versions.sh after
merging https://github.com/kubernetes-sigs/kubespray/pull/9044
In addition, this fixes typo on check_readme_versions.sh
This adds `foo_version` variables for some components because
check_readme_versions.sh verifies the corresponding version for
`<component name>_version` from main.yml. This change also makes
consistency in the main.yml. In long-term, we will be able to
remove the existing `foo_image_tag` variables, but that is not now
for backwards compatibility for users.
2022-07-05 08:02:47 -07:00
h9-HSFRQDH
3bb9542606
Adding support for node & pod pid limit ( #9038 )
2022-07-05 00:20:48 -07:00
Kay Yan
1d0b3829ed
remove-etcd-unsupported-arch ( #9049 )
2022-07-04 05:39:24 -07:00
Calin Cristian Andrei
cbef8ea407
[etcd] drop hashes for 3.5.2
2022-06-29 09:44:06 -07:00
Calin Cristian Andrei
2ff4ae1f08
[etcd] drop hashes for 3.5.1
2022-06-29 09:44:06 -07:00
Calin Cristian Andrei
edf7f53f76
[etcd] add etcd 3.5.4 and make it the default for 1.24.x
2022-06-29 09:44:06 -07:00
Samuel Liu
f58816c33c
[krew] update krew ( #9043 )
2022-06-29 09:02:06 -07:00
忘尘
1562a9c2ec
add missing verbs ( #9032 )
2022-06-29 00:18:05 -07:00
Kay Yan
4b03f6c20f
add-managed-ntp-support ( #9027 )
2022-06-28 13:15:34 -07:00
Samuel Liu
e8ccbebd6f
add ingress nginx webhook ( #9033 )
...
* add ingress nginx webhook
* fix ingress nginx template
2022-06-28 11:55:35 -07:00
Kay Yan
d4de9d096f
fix-the-issue-of-miss-the-etcd-user ( #9016 )
2022-06-28 09:13:58 -07:00
Tom Stian Berget
e1f06dd406
Add support for the updated (startup|liveness|readiness)Probe.Port numbers in Cilium ( #9031 )
2022-06-27 11:00:59 -07:00
rptaylor
6f82cf12f5
let containerd_default_runtime be undefined by default ( #9026 )
2022-06-27 10:56:59 -07:00
Calin Cristian Andrei
ca8080a695
[crun] drop old crun versions 1.2 and 1.3
2022-06-27 10:36:59 -07:00
Calin Cristian Andrei
55d14090d0
[crun] add 1.4.5 and make it the default
2022-06-27 10:36:59 -07:00
rtsp
da8498bb6f
[cert-manager] Upgrade to v1.8.2 ( #9029 )
2022-06-24 23:50:58 -07:00
orange-llajeanne
b33896844e
apply calico bgp peer definition task to all nodes, but delegate to ( #8974 )
...
first control plane node
2022-06-24 19:42:57 -07:00
Calin Cristian Andrei
ca212c08de
[runc] drop hashes for 1.0.2 and 1.0.3
2022-06-23 09:23:43 -07:00
Calin Cristian Andrei
784439dccf
[runc] make 1.1.3 the new default
2022-06-23 09:23:43 -07:00
Calin Cristian Andrei
d818c1c6d9
[runc] add hashes for 1.1.3
2022-06-23 09:23:43 -07:00
Calin Cristian Andrei
b9384ad913
[runc] add hashes for 1.1.2
2022-06-23 09:23:43 -07:00
Cristian Calin
76b0cbcb4e
bump pause container to 3.6 ( #9024 )
...
* [pod-infra] bump pod infra container version to 3.6
* [cri-dockerd] align pod infra container image with other CRIs
2022-06-23 01:43:44 -07:00
Florian Ruynat
6bf3306401
Fixed concatenate str & int in auto_renew_certificates_systemd_calendar var ( #8979 )
2022-06-22 11:55:43 -07:00
Robin Wallace
79f6cd774a
create snapshot-controller only if needed
2022-06-22 00:37:44 -07:00
Cyclinder
c3c9a42502
support multus multi-architecture installation ( #9012 )
...
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2022-06-21 10:56:26 -07:00
Sébastien Masset
9d5d945bdb
[MASTER] Add missing configuration for extra tolerations ( #8908 )
...
* Added new configuration item for extra tolerations in policy controllers
Signed-off-by: Sébastien Masset <smt.masset@gmail.com>
* Added new configuration item for extra tolerations in DNS autoscaler
Signed-off-by: Sébastien Masset <smt.masset@gmail.com>
* Aligned existing handling of extra DNS tolerations
Signed-off-by: Sébastien Masset <smt.masset@gmail.com>
2022-06-20 01:36:06 -07:00
Christoffer Anselm
475ce05979
Fix kubectl download for v1.23.8 amd64 ( #9002 )
...
kubectl_checksums for amd64 v1.23.8 was missing the last digit
2022-06-20 01:28:06 -07:00
Mohamed Zaian
e4fe679916
[kubernetes] make v1.24.2 default
2022-06-17 11:08:33 -07:00
Mohamed Zaian
123632f5ed
[kubernetes] add hashes for v1.22.11, v1.23.8 & v1.24.2
2022-06-17 11:08:33 -07:00
Calin Cristian Andrei
a1ec0571b2
[nerdctl] upgrade to 0.20.0
2022-06-17 08:00:32 -07:00
Calin Cristian Andrei
2db39d4856
[containerd] add hashes for 1.5.12, 1.5.13, 1.6.5 and 1.6.6 and make 1.6.6 the new default
2022-06-17 08:00:32 -07:00
Citrullin
e7729daefc
Add assertion for IPv6 in verify settings
...
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2022-06-17 10:36:43 +02:00
Alessio Greggi
97b4d79ed5
feat: make kubernetes owner parametrized ( #8952 )
...
* feat: make kubernetes owner parametrized
* docs: update hardening guide with configuration for CIS 1.1.19
* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
2022-06-17 01:34:32 -07:00
Florian Ruynat
9e7f89d2a2
Remove forgotten 1.21 references
2022-06-16 08:55:38 +02:00
Calin Cristian Andrei
24c8ba832a
[kubernetes] drop support for configuring insecure apiserver
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
c2700266b0
[download] fix dependencies for downloads
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
2cd8c51a07
[kubeadm] use v1beta3 configuration version
...
* extra admission controls now don't have a version in their file names
eventratelimit.v1beta2.yaml.j2 -> eventratelimit.yaml.j2
* cri_socket variable includes the unix:// prefix to be conformat with
upstream
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
589823bdc1
[CI] remove docker stand-alone molecule test
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
fad296616c
[docker] use cri-dockerd instead of dockershim for any kubernetes version deployed with docker as the container_manager
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
ec01b40e85
[cri_dockerd] upgrade cri_dockerd to 0.2.2 for 1.24 compatibility
...
* use new artifact release name
* enable cri-dockerd dual setack support if enable_dual_stack_networks
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
2de5c4821c
[calico] clean up workarounds for older versions
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
9efe145688
[calico] make 3.23.1 the default and drop 3.20.x and 3.19.x
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
51bc64fb35
[cri-o] support cri-o 1.24 with kube 1.24
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
6380483e8b
[kubeconfig] generate admin kube config from /etc/kubernetes/admin.conf instead of the workaround of using kubeadm init phase kubeadm admin which fails with cri-dockerd
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
ae1dcb031f
[kubernetes] drop pre 1.22.0 workarounds
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
9535a41187
[kubernetes] make 1.22.0 the minimum version
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
47495c336b
[kubernetes] drop hashes for 1.21.x
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
d69d4a8303
[kubernetes] make 1.24.1 the new default
2022-06-15 00:57:20 -07:00
rtsp
668b9b026c
[cert-manager] Upgrade to v1.8.1 ( #8976 )
2022-06-14 15:11:34 -07:00
Viktor Jacynycz
77de7cb785
Expose calico-typha metrics port ( #8855 )
2022-06-14 07:17:33 -07:00
Dickson Tung
e5d6c042a9
Fix regex for replacing http_proxy ( #8957 )
2022-06-14 07:07:34 -07:00
Ho Kim
3ae397019c
Add arm64 Flatcar OS's pypy bootstrapping ( #8959 )
...
- Upgrade pypy's python version to `3.9`
- Upgrade pypy`s version to `7.3.9`
2022-06-14 07:03:35 -07:00
Ho Kim
7d3e59cf2e
Remove unneeded socat installation for Flatcar ( #8970 )
2022-06-14 02:23:34 -07:00
orange-llajeanne
4eb83bb7f6
fixes for docker reset ( #8966 )
2022-06-14 02:15:34 -07:00
Florian Ruynat
1429ba9a07
Update docker version to 20.10.17 ( #8965 )
2022-06-14 02:11:33 -07:00
Ho Kim
889454f2bc
Fix typo in calico check ( #8969 )
2022-06-13 14:10:12 -07:00
orange-llajeanne
2fba94c5e5
fix a typo in the "matallb_auto_assign" variable name ( #8949 )
...
* fix a typo in the "matallb_auto_assign" variable name
* add metallb check to fail when deprecated "matallb_auto_assign" variable is defined
2022-06-13 09:40:12 -07:00
Steffen Becker
6b43d6aff2
Proposed fix to Issue 8667 ( #8944 )
...
Proposed fix to Issue 8667
Proposed fix to Issue 8667
2022-06-09 23:37:46 -07:00
Kenichi Omichi
024a3ee551
Replace callback_whitelist with callbacks_enabled ( #8759 )
...
When running molecule jobs, we saw the folloing warning message:
[DEPRECATION WARNING]: [defaults]callback_whitelist option, normalizing names
to new standard, use callbacks_enabled instead. This feature will be removed
from ansible-core in version 2.15. Deprecation warnings can be disabled by
setting deprecation_warnings=False in ansible.cfg.
callbacks_enabled has been added since Ansible 2.11 and Kubespray is using
Ansible 2.12 at master branch. So we can use callbacks_enabled safely to
avoid the warning message.
2022-06-09 13:15:45 -07:00
Kenichi Omichi
cd7381d8de
Drop Ansible support for v2.9 and v2.10 ( #8925 )
...
Ansible v2.9 and v2.10 are EOL as [1].
This drops those version supports by following the upstream Ansible.
This sets use_ssh_args true always because that is required to use
ssh_args on ansible.cfg on Ansible v2.11 or later[2].
ansible_ssh_host is replaced with ansible_host because ansible_ssh_host
has been deprecated already and cenots7 jobs were failed due to the
deprecated ansible_ssh_host.
[1]: https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-changelogs
[2]: https://docs.ansible.com/ansible/latest/collections/ansible/posix/synchronize_module.html#parameter-use_ssh_args
2022-06-09 07:07:42 -07:00
Mathieu Parent
f53764f949
calicoctl repo has been merged in calico ( #8920 )
2022-06-09 07:01:42 -07:00
Mohamed Zaian
bb530da5c2
[registry] Switch registry to use registry.k8s.io
...
Please see the conversation here: https://groups.google.com/a/kubernetes.io/g/dev/c/DYZYNQ_A6_c
2022-06-08 14:12:22 +02:00
Ilya Margolin
cc6cbfbe71
Allow disabling calico CNI logs with calico_cni_log_file_path ( #8921 )
...
* Allow disabling calico CNI logs with calico_cni_log_file_path
Calico CNI logs up to 1G if it log a lot with current default settings:
log_file_max_size 100 Max file size in MB log files can reach before they are rotated.
log_file_max_age 30 Max age in days that old log files will be kept on the host before they are removed.
log_file_max_count 10 Max number of rotated log files allowed on the host before they are cleaned up.
See https://projectcalico.docs.tigera.io/reference/cni-plugin/configuration#logging
To save disk space, make the path configurable and allow disabling this log by setting
`calico_cni_log_file_path: false`
* Fix markdown
* Update roles/network_plugin/canal/templates/cni-canal.conflist.j2
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2022-06-07 09:22:56 -07:00
mahjonp
8030e6f76c
fix 8893#issuecomment-1147154353 ( #8933 )
...
Signed-off-by: mahjonp <junpeng.man@gmail.com>
2022-06-06 12:40:21 -07:00
Ho Kim
77f436fa39
Fix: set fallback value of kubelet ip6 ( #8858 ) ( #8926 )
...
* Fix: set fallback value of kubelet ip6 (#8858 )
* Prune the spurious comma in the end of kubelet_address
- Update `roles/kubernetes/node/defaults/main.yml`
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
* Fix: set fallback value of kubelet ip6 (#8858 )
- Apply the lint: 132606368e
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2022-06-06 10:08:21 -07:00
Kenichi Omichi
814760ba25
Use blocks for macvlan tasks for each distribution ( #8918 )
...
For the code readability, this adds blocks for each distribution.
2022-06-06 07:50:24 -07:00
Boris Barnier
0761659a43
Update Kube-router version to 1.5.0 ( #8928 )
...
https://github.com/cloudnativelabs/kube-router/releases/tag/v1.5.0
2022-06-06 07:38:34 -07:00
vanyasvl
a4f752fb02
Add subjectAltName to calico-apiserver certificate ( #8907 )
...
* Add AltName to calico-apiserver certificate
* fix support for centos7 openssl
2022-06-06 07:38:23 -07:00
Mohamed Zaian
b2346cdaec
[feat] Upgrade metrics server to v0.6.1 ( #8909 )
...
* Metrics Server now requires access to nodes/metrics RBAC resource instead of nodes/stats. See: https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.0
* Minimize rbac permissions.
2022-06-06 07:34:37 -07:00
Thearas
01ca7293f5
support reserve ephemeral-storage ( #8895 )
2022-06-06 07:34:26 -07:00
Florian Ruynat
4dfce51ded
Update dashboard to 2.6.0 (k8s 1.24 support) ( #8906 )
2022-06-06 16:47:33 +03:00
rtsp
1f65e6d3b5
[ingress-nginx] upgrade to 1.2.1 ( #8904 )
2022-06-01 00:23:10 -07:00
Max Gautier
5512465b34
Revert "Set exact user for Kubelet services" ( #8872 )
...
This reverts commit e375678674
.
The workaround of explicitly specifying root for the kubelet unit was
for pulling images from private registry. Kubernetes now have a
dedicated mechanism with imagePullSecret.
2022-06-01 00:19:02 -07:00
Chris Ricker
2f30ab558a
Add 1.24 mappings for etcd and snapshot_controller ( #8903 )
...
Map appropriate versions of etcd and snapshot_controller containers with
k8s 1.24
2022-06-01 00:09:02 -07:00
Daniil Muidinov
5c136ae3af
[calico] add 3.22.3 and 3.23.1 ( #8897 )
...
* [calico]
* add 3.22.3 and 3.23.1
* set 3.22.3 default
* fix download crd for calico 3.22.3 and upper
* update calico README.md
2022-05-31 13:27:23 -07:00
mahjonp
c927da00e0
Support cilium ip-masq-agent configuration ( #8893 )
...
* fix deploy Cilium with eBPF-based Masquerading failed
Signed-off-by: mahjonp <junpeng.man@gmail.com>
* forget to add the enable-ip-masq-agent flag
Signed-off-by: mahjonp <junpeng.man@gmail.com>
2022-05-31 09:26:53 -07:00
Samuel Liu
1600fd9082
clean up tags ( #8880 )
2022-05-31 07:52:53 -07:00
Samuel Liu
14acd124bc
fix containerd images downalod bugs ( #8894 )
2022-05-31 00:22:53 -07:00
Mohamed Zaian
78aacee21b
[kubernetes] add hashes for 1.24.1 and other versions. ( #8876 )
...
* [kubernetes] add hashes for 1.24.1 and other versions.
versions: v1.21.13, v1.22.10, v1.23.7 & v1.24.1
* [kubernetes] make v1.23.7 default1
2022-05-27 12:00:42 -07:00
Gleb Galkin
f47aca3558
Added |bool for rhel_enable_repos ( #8871 )
2022-05-26 18:51:55 -07:00
Kenichi Omichi
73fc70dbe8
Delete kube_version v1.20- related code ( #8869 )
...
Current Kubespray supports the Kubernetes version 1.21 or upper with
`kube_version_min_required: v1.21.0`
Then kube_version v1.20- related code is not used at all.
This deletes those code for cleanup.
2022-05-25 21:31:22 -07:00
Kenichi Omichi
dc2a18e436
Merge pull request #8815 from simplekube-ro/dont_clobber_calico
...
[calico] don't clobber calico options set by the user
2022-05-24 10:25:48 -07:00
Thearas
82590eb087
fix remove `docker-ce.repo` failed ( #8856 )
2022-05-24 05:44:06 -07:00
Ross Kusler
4c97ce747c
Adding support for the kube-router flag --cluster-asn flag ( #8837 )
2022-05-23 16:39:10 -07:00
Necatican Yıldırım
dc1af5a9c5
[etcd] Add support for setting the request size limit ( #8849 )
...
* [etcd] Add extra documentation for `etcd_memory_limit` and `etcd_quota_backend_bytes`
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [etcd] Add support for setting ETCD_MAX_REQUEST_BYTES
Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-05-23 09:36:03 -07:00
irizzant
85bd1eea27
fix(calico): add missing "get" verb ( #8847 )
...
Signed-off-by: irizzant <i.rizzante@gmail.com>
2022-05-21 01:20:00 -07:00
Necatican Yıldırım
2b151c6aa2
cni-plugins: upgrade to 1.1.1 ( #8852 )
...
Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-05-21 11:14:16 +03:00
David Louks
93fe3e06ef
Add support for including annotations on aws-ebs-csi-controller ( #8779 )
...
* Add support for including annotations on aws-ebs-csi-controller
* update comment to specify role arn
2022-05-20 15:00:00 -07:00
Tamas Pasztor
9d3a894991
Possible remove ippools from cni config ( #8845 )
...
* Possible remove ippools from cni config
* Typo
* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
* Update cni-calico.conflist.j2
Incorrectly deleted calico forwarding content.
* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2022-05-19 23:45:13 -07:00
Andrey
e42a01f203
Fixed systemd-networkd restart for ubuntu 22.04, when using reset.yml ( #8841 )
...
* Fixed systemd-networkd restart for ubuntu 22.04
* fixed systemd-networkd restart for all Ubuntu
2022-05-20 09:34:53 +03:00
Samuel Liu
a28b58dbd0
[calico]use ipamconfig instead of calico ipam command ( #8839 )
...
* use ipamconfig instead of calico ipam command
* fix ansible lint
2022-05-19 11:13:20 -07:00
orange-llajeanne
a26a9ee14f
set apparmor_enabled in netchecker task ( #8844 )
2022-05-19 10:49:21 -07:00
Samuel Liu
593359ec77
fix kube-ovn image ( #8838 )
2022-05-18 08:36:53 -07:00
Kay Yan
3d8f3bc0b7
Fix the invalid kube vip manifest ( #8831 )
...
* add Feature synchronized time checking
* fix-invalid-kube-vip-manifest
2022-05-17 23:48:55 -07:00
Samuel Liu
eea7bb7692
only need run this once ( #8833 )
...
calicoctl ipam xx
calicoctl apply xx
2022-05-17 09:52:27 -07:00
Mohamed Zaian
632d457f78
[ingress-nginx] upgrade to 1.2.0 ( #8814 )
2022-05-12 09:07:14 -07:00
Calin Cristian Andrei
569a319ff5
[calico] don't clobber user set bgp configuration options that are not managed by kubespray
2022-05-12 15:50:38 +00:00
Calin Cristian Andrei
47812ec002
[calico] don't clobber user set ippool options that are not managed by kubespray
2022-05-12 15:50:05 +00:00
Calin Cristian Andrei
c27dee57ea
[calico] don't clobber user set felixconfig options that are not managed by kubespray
2022-05-12 15:49:24 +00:00
weizhoublue
b289f533b3
get wrong server name of coredns ( #8811 )
...
Signed-off-by: weizhou.lan@daocloud.io <weizhou.lan@daocloud.io>
2022-05-12 08:33:14 -07:00
Cyclinder
3eb0a4071a
set default value of name to "k8s-pod-network" ( #8813 )
...
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2022-05-12 08:29:14 -07:00
Oogy
5684610a55
Support metallb peer password ( #8792 )
...
* support metallb peer password
* add MetalLB BGP password example
2022-05-11 21:39:15 -07:00
Samuel Liu
f26f544ff6
[kube-ovn]: update kube-ovn version and sync some feature ( #8790 )
...
* [kube-ovn]: some feature
kube-ovn vlan mode
ipv6/ipv4 dual stack
...
* remove unused env
* fix readinessprobe
2022-05-11 21:35:15 -07:00
Necatican Yıldırım
13443b05a6
Overhaul Cilium manifests to match the newer versions ( #8717 )
...
* [cilium] Separate templates for cilium, cilium-operator, and hubble installations
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update cilium-operator templates
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update cilium-agent templates
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Bump Cilium version to 1.11.3
Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-05-11 06:23:04 -07:00
Andrew Zagorodnuk
e70c00a0fe
fix: Waiting until Volumes will be detached from the node on graceful node removal ( #8739 )
2022-05-10 09:57:43 -07:00
spaced
bb67b654c5
local volume provisioner should not run on control plane nodes by default ( #8805 )
2022-05-10 19:04:24 +03:00
emiran-orange
8f618ab408
Fix condition on kata_containers_version/kube_version when kata_containers_enabled is false ( #8804 )
2022-05-09 14:56:32 -07:00
Robin Wallace
b715500b48
csi: bump upcloud csi driver ( #8784 )
2022-05-09 10:43:19 -07:00
Alessio Greggi
37a5271f5a
feat: add variables to manage makeIPTablesUtilChains and streamingConnectionIdleTimeout kubelet parameters ( #8796 )
2022-05-09 09:25:19 -07:00
Robin Wallace
42fc71fafa
[PodSecurityPolicy] Move the install of psp ( #8744 )
2022-05-09 09:21:19 -07:00
Victor Morales
02b6e4833a
Update Kata Containers runtime ( #8797 )
...
* Update Kata containers binary to 2.4.1 version
* Update overhead kata runtime values
* Fix kata-qemu default values in CRI-O
2022-05-08 17:01:18 -07:00
Andy
323a111362
[kubelet] set correct resolv.conf for Ubuntu 22.04 ( #8795 )
2022-05-06 16:31:04 -07:00
Alessio Greggi
e7df4d3dd9
add support for `service-account-lookup` parameter ( #8781 )
...
* feat: add variable to manage service-account-lookup on kube-apiserver
* docs: add documentation about service-account-lookup variable
2022-05-06 00:39:07 -07:00
David Louks
3e52a0db95
Add optional setting for ca data in auth webhook ( #8777 )
...
* Add optional setting for ca data in auth webhook
* add webhook token auth variables to sample inventory
2022-05-05 14:52:43 -07:00
Cristian Calin
94484873d1
[containerd] add 1.6.4 which is needed for kubernetes 1.24.0 and make it the default ( #8791 )
2022-05-05 14:10:43 -07:00
Elif Akyıldırım
0d6ea85167
Assert that IP range is enough for the nodes ( #8720 )
...
* Assert that IP range is enough for the nodes
Co-authored-by: Necatican Yıldırım <necaticanyildirim@gmail.com>
* Fixed whitespace
* Fixed errors
* Fixed errors
Co-authored-by: Necatican Yıldırım <necaticanyildirim@gmail.com>
2022-05-05 08:48:20 -07:00
Florian Ruynat
674ec92224
Add crictl 1.24 for new k8s version ( #8787 )
2022-05-05 08:40:22 -07:00
Victor Morales
e7e5037a86
Add a container_manager validation ( #8785 )
2022-05-04 23:58:19 -07:00
Kenichi Omichi
fbcf426240
Drop containerd 1.4 support ( #8780 )
...
The version 1.4 of containerd has been End of Life since March 3, 2022
as https://containerd.io/releases/#support-horizon
It is nice to drop the support from Kubespray also to follow containerd.
2022-05-04 23:02:20 -07:00
Mohamed Zaian
2301554e98
[kubernetes] add hashes for 1.24.0 ( #8783 )
2022-05-04 22:58:21 -07:00
Calin Cristian Andrei
5bc35002ba
[remove-etcd-node] fix json path query
2022-05-04 06:35:51 -07:00
Calin Cristian Andrei
8f118fb619
[reset] fix task inclusion logic for network plugin
2022-05-04 06:35:51 -07:00
Calin Cristian Andrei
1113460b68
[cri-o] molecule switch from ubuntu 18 to ubuntu 20
2022-05-04 14:46:17 +02:00
Lubos Mercl
c20ab7d987
add fix for GCP CSI driver ( #8616 )
...
Signed-off-by: Lubos Mercl <lubos.mercl@gmail.com>
2022-05-03 08:55:56 -07:00
Cristian Calin
9605bbaa67
[nerdctl] upgrade to 0.19.0 ( #8772 )
2022-05-03 05:39:56 -07:00
Kenichi Omichi
c04a73c11a
Update containerd version to 1.6.3 ( #8770 )
...
containerd version 1.6.3 has been released as [1]
This adds the checksums and makes Kubespray use it.
[1]: https://github.com/containerd/containerd/releases/tag/v1.6.3
2022-05-02 22:43:55 -07:00
bilalcaliskan
26a0b0f1e8
chore(flannel): change flannel repository and upgrade image version ( #8740 )
...
* chore: change flannel repository and upgrade image version
* docs: upgrade flanneld version
2022-05-02 11:29:14 -07:00
Alessio Greggi
fa1d222eee
add support for `EventRateLimit` plugin configuration ( #8711 )
...
* feat: add support for EventRateLimit admission plugin
* docs: add documentation about admission_control_config_file and EventRateLimit configuration
2022-05-02 11:03:15 -07:00
Cristian Calin
56cf163a23
[kubernetes] actually make 1.23.6 the default ( #8767 )
2022-05-02 00:43:14 -07:00
Mohamed Zaian
afcedf6d77
Pull master, Rebase, add changes again ( #8745 )
2022-05-02 00:39:14 -07:00
Chris Ricker
21fc197ee0
Ensure containerd service unmasking ( #8726 )
...
* Force containerd service unmasking
Force systemd to unmask and start service when adding containerd service
* Eliminate restart and move unmasking step
Switch to start instead of restart
Move unmasking to restart handler
* Add unmasking to similar container runtimes
* Add missing service names
2022-04-29 08:39:14 -07:00
Calin Cristian Andrei
b6e2c56ae6
[kubernetes] add hashes for 1.21.12
2022-04-29 07:57:13 -07:00
Calin Cristian Andrei
b005985d4e
[kubernetes] add hashes for 1.23.6
2022-04-29 07:57:13 -07:00
Samuel Liu
1294fd5730
check calico ipv6 ( #8738 )
...
* check calico ipv6
* just check ipip mode for ipv6
2022-04-29 00:35:13 -07:00
Mohamed Zaian
b7004d72c5
[kubernetes] add hashes for 1.22.9 ( #8746 )
...
* [kubernetes] add hashes for 1.22.9
2022-04-28 16:10:50 +03:00
Kenichi Omichi
eb566ca626
Remove aufs-tools from Ubuntu requirement ( #8754 )
...
aufs-tools was required for docker.io package originally,
but Kubespray installs docker-ce package instead today.
In addition, Ubuntu 20.04 doesn't provide aufs-tools as [1].
Then this removes aufs-tools from Ubuntu requirement.
[1]: https://bugs.launchpad.net/ubuntu/+source/aufs-tools/+bug/1947004
2022-04-27 23:04:55 -07:00
Mulugeta Ayalew Tamiru
3f065918d9
Update verbs for volumeattachments resource ( #8731 )
...
* Update verbs for volumeattachments resource
Update verbs for volumeattachments resource so that the kubelet can create volumeattachments and mount volumes when deploying Kubernetes on VMware vSphere.
* Update verbs for volumeattachments resource
Update verbs for volumeattachments resource to match upstream
* Update vsphere-csi-controller-rbac.yml.j2
2022-04-22 00:04:13 -07:00
Cristian Calin
2c2d4513ac
[helm] upgrade to 3.8.2 ( #8723 )
2022-04-18 12:51:50 -07:00
zhengtianbao
937e64d296
Update flannel use install-cni-plugin to fit upstream ( #8714 )
...
* Update flannel use install-cni-plugin to fit upstream
* Replace flannel cni repo
* Remove download flannel binary
2022-04-18 09:44:41 -07:00
Cristian Calin
3261d26181
[etcd] ensure etcd is properly upgraded when managed by kubeadm ( #8722 )
...
* [etcd] ensure etcd is properly upgraded when managed by kubeadm
* [CI] add periodic job to test upgrade of etcd managed by kubeadm
2022-04-17 10:32:41 -07:00
Mathieu Parent
c98a0a448f
metallb: Add images to downloads ( #8715 )
...
For offline mode
2022-04-14 10:06:46 -07:00
Mohamed Zaian
7e7218f5ce
etcd: add etcd v3.5.3 for kubernetes 1.21+ ( #8712 )
...
* As per this issue https://github.com/kubernetes-sigs/kubespray/pull/8664 I propose to make etcd v.3.5.3 default for any kubernetes version which uses 3.5.x since that 3.5.[0-2] not recommended for production.
2022-04-14 05:48:46 -07:00
Cristian Calin
45262da726
[calico] call calico checks early on to prevent altering the cluster with bad configuration ( #8707 )
2022-04-14 01:08:46 -07:00
Julien Le Fur
30306d6ec7
Enable external CA mode for control-plane deployment ( #8620 )
2022-04-12 05:47:23 -07:00
Robin Wallace
d7254eead6
UpCloud integration ( #8653 )
...
* [upcloud] add upcloud csi-driver
* Option to use ansible_host as api ip for kubueconfig
2022-04-11 15:13:23 -07:00
Anthony Bible
9dced7133c
Fixes for Hetzner terraform and Hetzner Cloud ( #8702 )
...
* - add ability to specify the network_zone in hetzner terraform
- Export the network id from hetzner terraform the the generated inventory.ini
* - Add with_networks variable to allow different deployments of hcloud controller manager
- Add network id to hcloud controller secret (added via the inventory)
- Don't include extra_args if it's not set
2022-04-11 10:26:06 -07:00
Thomas Eberle
00a4d2d3c4
Removed quotation of nerdctl_extra_flags. ( #8695 )
...
The quotations in the variable nerdctl_extra_flags are not required for the `nerdctl_image_pull_command` and throw the following error when executing the cluster-playbook with `container_insecure_registries` set:
unknown flag: --insecure-registry\\\"
This happens as the complete nerdctl_image_pull_command string variable gets split into an array string for the cmd task. The escaped quotation doesn't get escaped properly and is added to the cmd-string array as part of the command. This leads to a wrong written insecure-registry flag, which throws this error.
2022-04-08 08:02:43 -07:00
Samuel Liu
424ef3b3f9
[calico] add calico apiserver ( #8690 )
...
* [calico] add calico apiserver
* fix yamllint
* remove addext argument
* Configure API server with the CA bundle
* add check kdd
2022-04-08 00:02:42 -07:00
Mathieu Parent
996ef98b87
Add support for kube-vip ( #8669 )
...
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
2022-04-07 10:37:57 -07:00
Unai Arríen
19d5a1c7c3
Ensure all Kubelet required kernel values are configured when enabling protectKernelDefaults ( #8692 )
2022-04-07 08:33:59 -07:00
rtsp
0481dd946f
[cert-manager] Upgrade to v1.8.0 ( #8688 )
2022-04-06 00:52:57 -07:00
cyril-corbon
29109575f5
fix: reset docker was not removing docker properly ( #8680 )
...
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-04-05 21:36:55 -07:00
emiran-orange
3782573ede
Single quotes are missing in jsonpath argument of kubectl get node ( #8683 )
2022-04-05 09:45:38 -07:00
Alessio Greggi
bba91a7524
split kube_feature_gates variable for different kubernetes components ( #8677 )
...
* feat: split kube_feature_gates variable for different kubernetes components
* docs: add kube_feaute_gates componet variables
2022-04-05 05:39:37 -07:00
Cristian Calin
b67cadf743
[crun] upgrade to 1.4.4 ( #8675 )
2022-04-04 23:57:36 -07:00
cyril-corbon
56dda4392c
[validate-container-engine] check if kubelet is present was not working ( #8679 )
...
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-04-04 09:34:12 -07:00
Cristian Calin
34fec09ff1
[containerd] upgrade versions to address CVE-2022-24769 ( #8671 )
...
* [containerd] add hashes for 1.5.11
* [containerd] add hashes for 1.6.2
* [containerd] make 1.6.2 the new default
2022-04-04 05:30:11 -07:00
Cristian Calin
cefd1339fc
[vsphere_csi] update to 2.5.1 and make external_vsphere_version 7.0u1 by default ( #8676 )
2022-04-04 01:08:11 -07:00
Cristian Calin
b915376194
[runc] upgrade to 1.1.1 ( #8674 )
2022-04-04 00:42:23 -07:00
Cristian Calin
455cc6ff75
[nerdctl] upgrade to 0.18.0 ( #8672 )
2022-04-04 00:42:11 -07:00
Cristian Calin
cc9c376d0f
[validate-container-engine] add facts tag to tasks needed for vagrant jobs ( #8678 )
2022-04-04 00:32:11 -07:00
Kenichi Omichi
018611f829
Fix quotation of nerdctl_extra_flags ( #8668 )
...
Due to missing quotation of nerdctl_extra_flags, ansible-playbook was failed:
Using module file /usr/local/lib/python3.6/dist-packages/ansible/modules/command.py
Pipelining is enabled.
[..]
File "/usr/lib/python3.8/shlex.py", line 191, in read_token
raise ValueError("No closing quotation")
This fixes the issue.
T-Eberle investigated the issue and found the solution.
Thank you T-Eberle!
2022-04-02 10:56:09 -07:00
cyril-corbon
1781eab21f
fix: uninstall contailer engine if service is running ( #8662 )
2022-04-01 09:20:46 -07:00
Florian Ruynat
1c0df78278
Add ETCD_EXPERIMENTAL_INITIAL_CORRUPT_CHECK flag to etcd config ( #8664 )
2022-03-31 08:17:01 -07:00
Kenichi Omichi
503ab0f722
Run 0100-dhclient-hooks if dhcpclient is enabled ( #8658 )
...
If running Kubespray on static IP environments, a task was failed like:
TASK [kubernetes/preinstall : Configure dhclient hooks for resolv.conf (RH-only)]
fatal: [ak8s2]: FAILED! => {
"changed": false, "checksum": "..",
"msg": "Destination directory /etc/dhcp/dhclient.d does not exist"}
This adds a check for dhclientconffile for running 0100-dhclient-hooks to
run the task only if dhcpclient is enabled.
2022-03-29 00:11:11 -07:00
Calin Cristian Andrei
652f2edbe1
[etcd] add 0 hash for arm v3.5.2 to prevent deployment failures
2022-03-28 08:40:30 +02:00
rtsp
a67e36703f
Update cert-manager to v1.7.2 ( #8648 )
2022-03-26 04:53:22 -07:00
Florian Ruynat
d46817d690
Remove centos7 molecule while opensuse mirror is flaky
2022-03-25 16:57:58 -07:00
Cristian Calin
fa9f85c7e9
[sysctl] set fs.may_detach_mounts=1 even when CRIs don't set it themselves ( #8635 )
2022-03-21 17:36:13 -07:00
Fredrik Liv
ffa285c2e7
Fixed cluster roles for openstack cloud controller ( #8638 )
2022-03-21 06:19:21 -07:00
Kenichi Omichi
7b1dc600d5
Fix the condition of drain on pre-remove task ( #8634 )
...
When running cluster.yml for new machines what containerd is already
install but Kubernetes cluster were not installed before, the task
"remove-node | List nodes" is failed like
"changed": false,
"cmd": [
"/usr/local/bin/kubectl", "--kubeconfig",
"/etc/kubernetes/admin.conf", "get", "nodes", "-o",
"go-template={{ range .items }}{{ .metadata.name }}
{{ "\n" }}{{ end }}"
],
..
"stderr": "error: stat /etc/kubernetes/admin.conf: no such file or directory",
That was due to lack to check the existing Kubernetes cluster exists
or not before running "kubectl drain" command.
This adds the check to avoid the issue.
2022-03-21 01:39:10 -07:00
Fredrik Liv
af7066d33c
Updated openstack cloud controller version to v1.22.0 ( #8629 )
...
* Updated openstack cloud controller version to match kubernetes version
* Rolled back file structure change
2022-03-18 01:47:16 -07:00
Cristian Calin
dd2d95ecdf
[calico] don't enable ipip encapsulation by default and use vxlan in CI ( #8434 )
...
* [calico] make vxlan encapsulation the default
* don't enable ipip encapsulation by default
* set calico_network_backend by default to vxlan
* update sample inventory and documentation
* [CI] pin default calico parameters for upgrade tests to ensure proper upgrade
* [CI] improve netchecker connectivity testing
* [CI] show logs for tests
* [calico] tweak task name
* [CI] Don't run the provisioner from vagrant since we run it in testcases_run.sh
* [CI] move kube-router tests to vagrant to avoid network connectivity issues during netchecker check
* service proxy mode still fails connectivity tests so keeping it manual mode
* [kube-router] account for containerd use-case
2022-03-17 18:05:39 -07:00
Sergey
a86d9bd8e8
do not remove package in validate container engine role when Fedora CoreOS distr ( #8626 )
2022-03-17 06:49:20 -07:00
Calin Cristian Andrei
21b1516d80
[kubernetes] add hashes for 1.21.11
2022-03-17 05:03:20 -07:00
Calin Cristian Andrei
4c15038194
[kubernetes] add hashes for 1.22.8
2022-03-17 05:03:20 -07:00
Calin Cristian Andrei
538f9df5cc
[kubernetes] make 1.23.5 the default
2022-03-17 05:03:20 -07:00
Calin Cristian Andrei
efb0412b63
[kubernetes] add hashes for 1.23.5
2022-03-17 05:03:20 -07:00
Qasim Mehmood
5a486a5cca
Calico: Fix Wireguard support for CentOS Stream 9/RHEL 9 Beta ( #8625 )
2022-03-17 04:11:20 -07:00
Cristian Calin
394857b5ce
[docker] add support for cri-dockerd as a replacement for dockershim ( #8623 )
2022-03-16 16:28:11 -07:00
Cristian Calin
5043517cfb
[containerd] avoid cleanup of /usr/bin on ostree distributions ( #8624 )
2022-03-15 13:47:48 -07:00
Max Gautier
307d122a84
Helm-apps role for installing helm charts ( #8347 )
...
* Sketch of helm-apps role interface
* helm-apps: Early implementation and settings
* helm-apps: Fix README.md example playbook
* fixup! Sketch of helm-apps role interface
* Make the argument specs more explicit
* Remove exposed options from hardcoded default
* Simplify example playbook in README.md
- Define directly the roles parameters
- Add an example of option override for one chart only
* Use release instead of charts
Make explicit that the role is mananing releases, not charts.
Simplify parameters naming
2022-03-14 08:29:58 -07:00
onock
d444a2fb83
[systemd-resolved] Fix DNS configuration according to docs/dns-stack.md and during reset of cluster ( #8560 ) ( #8561 )
2022-03-14 02:08:22 -07:00
spaced
2b79be68e7
fix typo and duplicated declaration of ingressclasses ( #8591 )
2022-03-12 23:36:23 -08:00
Mac Chaffee
512d5e3348
Restart etcd if the etcd version changes ( #8556 )
...
Signed-off-by: Mac Chaffee <me@macchaffee.com>
2022-03-11 18:08:23 -08:00
Unai Arríen
4b6892ece9
Add epoch to docker-ce and docker-ce-cli packages to ensure docker up… ( #8618 )
...
* Add epoch to docker-ce and docker-ce-cli packages to ensure docker upgrade
* Split container-engine redhat vars to support legacy RHEL 7 version management
* Support ansible_distribution_major_version when disvering vars with ansible_os_family
2022-03-11 02:45:07 -08:00
Toni Tauro
5a49ac52f9
feat(calico): add configurable ipam strictaffinity ( #8581 )
...
Signed-off-by: Toni Tauro <toni.tauro@adfinis.com>
2022-03-07 22:58:33 -08:00
Cristian Calin
db1e30e4fc
[calico] add 3.22.1 ( #8612 )
2022-03-07 22:54:34 -08:00
Cristian Calin
b4a61370c8
[cri-o] add cri-0 1.23.x ( #8599 )
2022-03-07 05:39:07 -08:00
kakkotetsu
58b2f39ce5
add IPv6 listen directive to nginx if enable_dual_stack_networks ( #8596 )
2022-03-07 05:39:00 -08:00
Tom Janson
56d882abed
Clarify confirmation prompt ( #8589 )
...
Entering any value causes the play to proceed, e.g., entering "no<Enter>". (This is simply how Ansible's pause module behaves.)
2022-03-07 05:38:54 -08:00
Takuya Murakami
39acb2b84d
Update ansible-lint to 5.4.0 ( #8607 ) ( #8608 )
...
* Update ansible-lint to 5.4.0 (#8607 )
It seems that the Rich version 11.0.0 has a breaking change.
So need to update ansible-lint to 5.3.2 or later.
* Fix for ansible-lint no-changed-when rule (#8607 )
2022-03-07 05:35:55 -08:00
Branko Mijuskovic
3ccba08983
Fix crio_packages for Rocky8 ( #8594 )
2022-03-07 05:29:05 -08:00
Mohamed Zaian
632aa764e6
etcd: add etcd v3.5.1 for kubernetes 1.22+ ( #8588 )
...
* There is an issue with etcd v3.5.0 where it resurrects ancient members see: https://github.com/etcd-io/etcd/issues/13196
This issue is clearly fixed in etcd v3.5.2
* Just keep the checksums
2022-03-07 05:28:54 -08:00
Cristian Calin
f6342b6cf4
[crun] upgrade to 1.4.3 ( #8598 )
2022-03-04 08:22:52 -08:00
Cristian Calin
471585dcd5
[containerd]: upgrade versions to fix CVE-2022-23648 ( #8597 )
...
* [containerd] add hashes for 1.6.1
* [contained] make 1.6.1 the default
* [containerd] add hashes for 1.5.10
* [containerd] add hashes for 1.4.13
* [nerdct] bump to 0.17.1
2022-03-03 14:51:16 -08:00
Maciej Wereski
51821a811f
MetalLB: update to v0.12.1 ( #8593 )
...
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
2022-03-03 08:49:48 -08:00
Cristian Calin
bf7a506f79
[containerd] Upgrade containerd to 1.6.0 and re-enable arm64 architecture with default options ( #8555 )
...
* [containerd] add checksums for 1.6.0
* [containerd] promote 1.6.0 as the new default
* [runc] promote 1.1.0 as the new default to allow arm deployments out of the box
* [nerdctl] bump to 0.17.0 to align with containerd 1.6.0
* [reset] allow crictl stopp and rmp commands to fail
2022-03-02 15:27:13 -08:00
Tom Janson
2e925f82ef
Revert "Fix: typos in docs and comments ( #7805 )" ( #8592 )
...
This reverts commit 417180246c
.
2022-03-02 11:57:13 -08:00
Tom Janson
ddef7e1139
missing "check_mode: no"s for several read-only tasks ( #8584 )
...
this is not complete -- there are almost certainly more instances of
this issue
2022-03-02 09:29:14 -08:00
cyril-corbon
672e47a7eb
feat: check & uninstall container engine ( #8439 )
...
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-02-28 10:59:46 -08:00
Mac Chaffee
b554246502
Fix host DNS config 1) being edited too soon and 2) not working with NM ( #8575 )
...
Signed-off-by: Mac Chaffee <me@macchaffee.com>
2022-02-26 10:29:23 -08:00
Nicolas Goudry
ee079f4740
fix(coredns): make sure to keep coredns repository namespace ( #8572 )
...
fix: regex
fix: wrong regex_replace usage
2022-02-24 01:01:33 -08:00
Florian Ruynat
4f1499bd23
Fixup remaining etcd_kubeadm_enabled variables ( #8576 )
2022-02-23 06:46:18 -08:00
Alex
36393d77d3
Encrypting Secret Data at Rest ( #8574 )
...
* change default value for Encrypting Secret Data at Rest to secretbox, remove experimental flag and add documentation
* fix MD012/no-multiple-blanks
2022-02-23 03:04:18 -08:00
Ilya Margolin
e053ee4272
Check all places with `check_mode: no` for side effects ( #8573 )
...
and fix the one with side effect.
Also removes `notify` from this task as the task has `changed_when: false`
and notify is not going to fire.
2022-02-23 01:20:18 -08:00
jayonlau
1d46c07307
Cleanup crictl configuration file ( #8569 )
2022-02-23 00:58:19 -08:00
Ilya Margolin
f9b5e448c1
Prevent removing etcd member when running in check mode ( #8570 )
2022-02-22 23:34:18 -08:00
kakkotetsu
3effb008c9
improve validation conditions for MetalLB BGP Peers ( #8568 )
2022-02-22 23:12:18 -08:00
cyril-corbon
a088f492f4
chore: remove addon-resizer ( #8566 )
...
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-02-22 09:51:16 -08:00
Necatican Yıldırım
e9c8913248
Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable ( #8317 )
...
* Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* Add etcd kubeadm deployment documentation
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* Refactor warning for the deprecated 'etcd_kubeadm_enabled' variable
Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-02-22 08:53:16 -08:00
Florian Ruynat
b9a27c91da
Update kubernetes dashboard to 2.5.0
2022-02-21 03:54:11 -08:00
Florian Ruynat
d4f654275b
Set default kubernetes version to 1.23.4
2022-02-21 03:54:11 -08:00
Florian Ruynat
f6eb4c749d
Add kubernetes hashes for 1.23.4/1.22.7/1.21.10
2022-02-21 03:54:11 -08:00
cyril-corbon
418fc00718
fix: kube-dns service deletion ( #8565 )
...
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-02-21 02:48:11 -08:00
Florian Ruynat
2537177929
Fix amazon docker version ( #8564 )
2022-02-18 23:50:11 -08:00
Sander Klein
9af719bf99
This fixes the etcd node removal. ( #8526 )
...
Since we are already on an etcd node while executing the commands, there
is no need to find out an etcd IP because it is on localhost.
2022-02-18 07:20:23 -08:00
Cristian Calin
063fc525b1
nerdctl: upgrade to 0.16.1 ( #8539 )
2022-02-16 02:04:37 -08:00
Mac Chaffee
0f73d87509
Allow pausing after upgrade but before uncordon ( #8530 )
...
* Allow pausing after upgrade but before uncordon
* Expand docs for upgrade pausing vars
Signed-off-by: Mac Chaffee <me@macchaffee.com>
2022-02-15 16:39:02 -08:00
Cristian Calin
402e85ad6e
[calico] upgrade release checksums ( #8544 )
...
* [calico] upgrade 3.19.x to 3.19.4
* [calico] upgrade 3.20.x to 3.20.4
* [calico] upgrade 3.21.x to 3.21.4 and make it the default
* [calico] add 3.22.0 checksums
* [calico] account for path changes in calico 3.21.4 crd archive and above
2022-02-15 16:35:02 -08:00
Tony Fouchard
1d635e04e4
Allow to specify a source address for metallb peerings, and target only some nodes using node selectors ( #8534 )
2022-02-15 13:57:19 -08:00
kakkotetsu
98d5d0cdd5
add support for Dual Stack node InternalIP ( #8542 )
2022-02-15 00:28:02 -08:00
kakkotetsu
1ebe456f2d
add support for Calico IP6_AUTODETECTION_METHOD ( #8541 )
2022-02-14 17:26:14 -08:00
Cristian Calin
c6e5314fab
implement download mirrors support ( #8474 )
...
* [download] add mechanism to support mirrors
* [calico] support alternate download url
2022-02-14 13:19:32 -08:00
Tom Stian Berget
84b93090a8
Change Cilium setting identity_allocation_mode to cilium_identity_allocation_mode ( #8519 )
...
* Change Cilium identity_allocation_mode to cilium_identity_allocation_mode
* Change inventory sample
2022-02-08 14:04:35 -08:00
Byeonggon Lee
5695c892d0
Fix wrong port name in metallb.yml.j2 ( #8510 )
2022-02-07 09:43:45 -08:00
Krystian Młynek
87928baa31
CRI-O: fix unqualified-search registries ( #8496 )
2022-02-04 23:46:50 -08:00
mgiessing
6a4fd33a03
Added ppc64le support ( #8505 )
...
* Added ppc64le support
* Fixed linting errors
2022-02-04 00:14:00 -08:00
cyril-corbon
790448f48b
feat: update cert-manager to 1.7.0 ( #8491 )
...
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-02-03 17:24:00 -08:00
Ilya Margolin
aed187e56c
Fix kubelet_kubelet_cgroups_cgroupfs ( #8500 )
...
If kubelet is run with systemd (as it always is when using kubespray),
it starts in systemd's /system.slice/kubelet.service cgroup.
This commit prevents a creation and usage of a second unrelated cgroup.
2022-02-02 00:50:22 -08:00
Cristian Calin
5ecb07b59a
[nerdctl] upgrade to 0.16.0 ( #8484 )
...
* [nerdctl] upgrade nerdctl to 0.16.0
* [nerdctl] add configuration file
2022-02-01 15:11:48 -08:00
Cristian Calin
ff621fb7f1
[ingress-nginx] upgrade to 1.1.1 ( #8490 )
2022-02-01 09:50:11 -08:00
Michael Schmitz
eacd55fbca
Use sysctl_file_path variable for all sysctl_file locations ( #8395 )
...
* Use sysctl_file_path variable for all sysctl_file locations
* Add sysctl_file_path variable to kubespay-defaults
* Remove previously used sysctl file locations if present
* Use explicit filename in roles/kubernetes/node/defaults/main.yml
* Defaults: use explicit value
2022-02-01 08:12:10 -08:00
Cristian Calin
c47634290e
[helm] upgrade to 3.8.0 ( #8489 )
2022-02-01 06:34:12 -08:00
Tristan
92d612c3e0
8487: Allow override of default CoreDNS zone cache ( #8488 )
...
Using the coredns_cluster_zone_cache_block variable
2022-02-01 00:48:18 -08:00
Ilya Margolin
2bbe5732b7
Add node label to etcd metrics ( #8475 )
...
targetRef on endpoints surfaces as
__meta_kubernetes_endpoint_address_target_kind/__meta_kubernetes_endpoint_address_target_name
in prometheus and gets converted to the label `node` by
prometheus-operator
2022-01-31 06:08:23 -08:00
Samuel Liu
e6e7fbc25f
fix reset containerd_storage_dir undefined ( #8478 )
...
* fix reset containerd_storage_dir
* add env to kubespray-defaults
2022-01-31 05:46:23 -08:00
Ilya Margolin
7d4d554436
Document host_resolvconf as default value for resolvconf_mode ( #8493 )
...
refs #8247
2022-01-31 03:12:24 -08:00
cyril-corbon
d31db847b7
feat: update local path to v0.0.21 ( #8492 )
2022-01-31 01:08:24 -08:00
Calin Cristian Andrei
ababcd5481
[kube] make 1.23.3 the new default
2022-01-31 00:22:24 -08:00
Calin Cristian Andrei
7caffde0b6
[kube] add 1.23.3 hashes
2022-01-31 00:22:24 -08:00
华忠啊
52f221f976
Adaptive Kube-ovn ( #8454 )
2022-01-27 01:08:10 -08:00
Cristian Calin
26a5948d2a
[reset] remove containerd storage during reset ( #8469 )
2022-01-26 05:10:01 -08:00
Florian Ruynat
d580014c66
Fix CI for Fedora (followup) + OpenSUSE Leap (update to 15.3) ( #8407 )
...
* Fix fedora jobs - followup
* Update OpenSUSE Leap to 15.3
* Fix cilium version in README + update minor 1.11.1
2022-01-24 23:24:30 -08:00
Calin Cristian Andrei
be9a1f80c1
[kube] make 1.23.2 the default version
2022-01-24 11:59:33 -08:00
Calin Cristian Andrei
73ff3b0d3b
[kubernetes] add hashes for 1.23.2, 1.22.6 and 1.21.9
2022-01-24 11:59:33 -08:00
cyril-corbon
9fce9ca42a
feat: upgrade azuredisk csi to v1.10.0 ( #8432 )
...
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-24 00:41:56 -08:00
Cristian Calin
f1adb734e3
[cri-tools] add hashes for 1.23.0 ( #8442 )
2022-01-24 00:21:56 -08:00
cyril-corbon
575e0ca457
feat: add eviction hard to kubelet config ( #8421 )
...
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-24 00:13:57 -08:00
Alex
69f088bb82
add hash-values for runc v1.1.0 - first upstream runc version for multi-arch ( #8447 )
2022-01-23 23:51:57 -08:00
Cristian Calin
ef34f5fe7d
[calico] switch default iptables backend detection to Auto ( #8429 )
2022-01-23 23:47:57 -08:00
Victor Morales
e88aa7c96b
Add youki runtime support ( #8411 )
2022-01-21 14:01:07 -08:00
Johann Schley
38d129a0b6
add external hcloud cloud controller manager ( #8440 )
2022-01-20 12:31:09 -08:00
onock
392815d97c
[cert-manager] Fix missing RBAC rules for ClusterRole cert-manager-cainjector kubernetes-sigs#8104. ( #8444 )
2022-01-20 12:17:09 -08:00
rtsp
e791089466
cert-manager: Fix incorrect leader election namespace lead to insufficient permission ( #8433 )
2022-01-17 02:37:29 -08:00
Cristian Calin
418f12f62a
[calico] drop 3.18.x and make 3.21.x the new default ( #8426 )
2022-01-17 02:29:29 -08:00
Necatican Yıldırım
caff539ccd
Add identity_allocation_mode support for Cilium ( #8430 )
...
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2022-01-16 09:29:28 -08:00
Samuel Liu
1a69f8c3ad
parameterized snaphot controller namespaces ( #8305 )
...
* Parameterized snaphot controller namespaces
* add ns yml
* add docs
* namespace
2022-01-14 12:58:26 -08:00
rtsp
ccd3180a69
cert-manager: Allow to change leader election namespace for GKE Autopilot support ( #8424 )
...
More information:
- kubernetes-sigs/kubespray#8393
- jetstack/cert-manager#4102
- jetstack/cert-manager#3717
2022-01-14 12:54:26 -08:00
cyril-corbon
01dcbc18ac
feat: upgrade metallb to v0.11.0 ( #8420 )
...
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-14 05:22:28 -08:00
Florian Ruynat
7c67ec4976
Fix kubectl call before installing it ( #8412 )
2022-01-12 23:12:29 -08:00
Cristian Calin
1337c9c244
[csi-snapshotter] upgrade to 5.0 ( #8403 )
2022-01-11 09:14:33 -08:00
cyril-corbon
86953b2ac4
fix: add tolerations / affinity to cert-manager ( #8389 )
...
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-11 09:14:26 -08:00
Mathieu Parent
cfd9873bbc
Allow to choose container manager commands ( #8380 )
...
This allow to workaround #8375 by using image_command_tool=crictl
when containerd_registries is used for containerd.
Also changes image_info_command_on_localhost for docker to return digests.
2022-01-11 01:13:16 -08:00
Samuel Liu
b2b95cc8f9
fix 0090-etchosts ( #7634 )
2022-01-11 01:03:16 -08:00
Kenichi Omichi
73c889eb10
Fix failures of ansible-lint ( #8401 )
...
This fixes the following types of failures:
- empty-string-compare
- literal-compare
- risky-file-permissions
- risky-shell-pipe
- var-spacing
In addition, this changes .gitlab-ci/lint.yml to block the same issue
by using the same method at Kubespray CI.
2022-01-11 00:45:16 -08:00
Victor Morales
642725efe7
Bump containerd version to 1.5.9 ( #8402 )
2022-01-11 00:05:16 -08:00
Cristian Calin
29aafff2ce
etcd: add 3.5.1 for kubernetes 1.23+ ( #8320 )
2022-01-10 22:45:15 -08:00
forselli-stratio
df425ac143
Fix etcd certificates reference to support etcd_kubeadm_enabled:true ( #7766 )
...
* Fix etcd certificates reference to support etcd_kubeadm_enabled:true
* Add retries to ETCD Join Member task
* Fix etcd certificates reference when etcd_kubeadm_enabled:true
* Fix conflicts
2022-01-10 15:24:25 -08:00
Unai Arríen
57a1d18db3
Improve first_kube_control_plane variable management to avoid installation failures due to variable overlapping ( #8388 )
2022-01-10 01:35:19 -08:00
rtsp
aa4a3d7afd
Fix container engine still installed on dedicated etcd node even if `etcd_deployment_type: host` ( #8386 )
2022-01-10 01:35:12 -08:00
Alex
06ad5525b8
replace runc 1.0.3 arm64 hash with 0 ( #8391 )
2022-01-10 01:31:13 -08:00
Kenichi Omichi
f80fd24a55
Fix risky-file-permissions ( #8370 )
...
When running ansible-lint directly, we can see a lot of warning
message like
risky-file-permissions File permissions unset or incorrect
This fixes the warning messages.
2022-01-09 01:51:12 -08:00
Kenichi Omichi
51bd9bee0d
Move containerd_version to defaults/main.yml ( #8379 )
...
All container image versions were defined in download/defaults/main.yml
except containerd.
The inconsistency caused the offline script(generate_list.sh) could not
output the URL of containerd image.
This moves the definition into a valid file.
In addition, this adds host_os to generate_list.sh for downloading
krew from a valid URL.
2022-01-09 01:47:12 -08:00
Victor Morales
52266406f8
Bump cert-manager version to v1.6.1 ( #8377 )
2022-01-07 16:45:34 -08:00
cyril-corbon
cd601c77c7
feat: upgrade metrics server to v0.5.2 ( #8338 )
...
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-07 08:18:33 -08:00
Florian Ruynat
6abae713f7
Update helm / kube-router and coredns ( #8382 )
...
* Update kube-router to 1.4.0
* Update Helm to 3.7.2
* Up coredns to 1.8.6 when k8s is 1.23.x
2022-01-06 12:14:27 -08:00
Alex
1312f92a8d
adding 0 checksum for kata_containers_version on arm(64) ( #8383 )
2022-01-06 12:08:27 -08:00
Unai Arríen
92abf26d29
Ensure taint configuration for secondary control-plane nodes ( #8363 )
2022-01-05 23:56:28 -08:00
Bart Sloeserwij
59f62473c9
Update configuration of registries in cri-o ( #7852 )
...
* Update configuration of registries in cri-o
* Update docs to match new registry configuration
2022-01-05 07:36:40 -08:00
Choi Yongbeom
dda557ed23
Update config.toml.j2 ( #8340 )
...
* Update config.toml.j2
i think this commit code is not completed works
exam registry address : a.com:5000
insecure registry must be http://a.com:5000
but this code add insecure a.com:5000 (without http://)
If there is no http, containerd accesses with https even if insecure_skip_verify = true
solution is code edit
* Update config.toml.j2
* Update containerd.yml
* Update containerd.yml
* Update containerd.yml
* Update config.toml.j2
2022-01-05 02:56:33 -08:00
Max Gautier
cb54eb40ce
Use a variable for standardizing kubectl invocation ( #8329 )
...
* Add kubectl variable
* Replace kubectl usage by kubectl variable in roles
* Remove redundant --kubeconfig on kubectl usage
* Replace unecessary shell usage with command
2022-01-05 02:26:32 -08:00
Cristian Calin
3eab1129b9
CI: Replace CentOS 8 with AlmaLinux 8 before CentOS 8 EOL end of 2021 ( #8297 )
2022-01-05 02:20:33 -08:00
Choi Yongbeom
24f1402a14
nerdctl insecure registry config ( #8339 )
...
* Update prep_download.yml
nerdctl insecure registry config
* Update prep_download.yml
* Update prep_download.yml
apply conversations advice
* Update prep_download.yml
* Update prep_download.yml
* Update prep_download.yml
* Update prep_download.yml
* Update prep_download.yml
* Update prep_download.yml
* Update main.yml
* Update main.yml
* Update prep_download.yml
* Update prep_download.yml
2022-01-05 01:14:33 -08:00
Necatican Yıldırım
bf00550388
Upgrade Cilium to 1.11.0 ( #8354 )
...
* Remove kvstore args from Cilium DaemonSet
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* Bump Cilium to 1.11.0
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2022-01-05 00:36:32 -08:00
Florian Ruynat
6136fa7c49
Update Kubernetes version to 1.23.1
2022-01-04 10:25:00 -08:00
Florian Ruynat
8d2b4ed4a9
Move min k8s version to 1.21
2022-01-04 10:25:00 -08:00
Cristian Calin
4c4c83f0a1
crun update to 1.4 ( #8330 )
...
* [crun] update crun to 1.4
* [crun] drop pre-1.x versions
2022-01-04 08:30:53 -08:00
Unai Arríen
0e98814732
Configure PriorityClassName for MetalLB deployment ( #8362 )
2022-01-04 08:20:52 -08:00
Max Gautier
92f25bf267
Simplify usage of pre-remove role ( #8334 )
...
- Use builtin task scheduling of ansible (same task on each host)
instead of manual looping on master
Benefits:
- One less play in remove-node.yml playbook
- Parralel node drain
- Drain parameters (timeout, grace period, retries,
allow_ungraceful_removal) can be adjusted separately for each node
with ansible variables
2022-01-04 07:10:53 -08:00
Romain ALBON
63a53c79d0
Fix - Search root filesystem device ( #8366 )
2022-01-04 06:48:52 -08:00
Florian Ruynat
841c61aaa1
Revert "Fix external lb error ( #8299 )" ( #8360 )
...
This reverts commit 4f2e4524b8
.
2022-01-03 01:37:00 -08:00
Samuel Liu
157942a462
fix resolved config ( #8351 )
2022-01-03 00:06:59 -08:00
jbpratt
e88a27790c
fix spelling error ( #8342 )
2022-01-02 23:55:00 -08:00
Cristian Calin
ed3932b7d5
[cni-plugins] upgrade to stable 1.0.1 ( #8331 )
...
* [cni-plugins] upgrade to stable 1.0.1
* [flannel] use binary from dedicated project
2021-12-23 23:16:15 -08:00
emiran-orange
2b5c185826
calico_pool_blocksize must be cast as well in assertion when defined ( #8321 )
...
* calico_pool_blocksize must be cast as string in assertion when defined
* Cast as int rather than string
2021-12-23 00:58:37 -08:00
zhengtianbao
c3c128352f
Remove registry-proxy ( #8327 )
2021-12-21 23:55:35 -08:00
zhengtianbao
02a89543d6
registry: add ingress support ( #8311 )
2021-12-21 10:20:46 -08:00
Cristian Calin
c1954ff918
Support deploying kubernetes 1.23 ( #8323 )
...
* Ensure entries for 1.23 are added for supported_versions vars
* cri-o: add support for kubernetes 1.23 but still use cri-o 1.22
* kubescheduler-config: diferentiate config versions based on kube_version
2021-12-21 01:38:46 -08:00
Kenichi Omichi
b49ae8c21d
Delete "kubeadm alpha certs" code ( #8322 )
...
"kubeadm alpha certs" command has been promoted to "kubeadm certs" command,
and "kubeadm alpha certs" has been deprecated since Kubernetes v1.20 as [1].
In addition, Kubespray supports Kubernetes v1.20+.
This delete the deprecated command for cleanup.
[1]: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.20.md#deprecation
2021-12-20 12:53:33 -08:00
Calin Cristian Andrei
1a7b4435f3
Bump default version of kubernetes to 1.22.5
2021-12-20 08:56:56 -08:00
Calin Cristian Andrei
db0e458217
Kubernetes: add hashes for v1.23.1, v1.23.0, v1.22.5, v1.21.8 and v1.20.14
2021-12-20 08:56:56 -08:00
Nicolas MASSE
f01f7c54aa
Add support for CRI-O user namespaces ( #8268 )
...
* add support for cri-o user namespaces
* comply with yamllint rules
2021-12-20 06:37:25 -08:00
kakkotetsu
c59407f105
add support for Calico BGPPeer sourceAddress ( #8306 )
2021-12-20 01:51:25 -08:00
Cristian Calin
fdc5d7458f
Upgrade to nerdctl 0.15.0 and some fixes ( #8315 )
...
* nerdctl: move to 0.15.0
* nerdctl: reduce verbosity when pulling images
* download: use proxy environment when using nerdctl to download containers
2021-12-20 00:33:26 -08:00
Antoine Gatineau
6aafb9b2d4
fix bad indentation ( #8314 )
2021-12-17 07:36:29 -08:00
Samuel Liu
aa9ad1ed60
clean files for kube-ovn ( #8310 )
2021-12-15 23:39:19 -08:00
zhengtianbao
aa9b8453a0
registry: service add clusterIP, nodePort, loadBalancer support ( #8291 )
...
* registry: service add clusterIP, nodePort, loadBalancer support
* modify camelcase name to underscore
* Add registry service type compatibility check
2021-12-15 00:18:19 -08:00
singeleaf
4f2e4524b8
Fix external lb error ( #8299 )
2021-12-13 14:46:27 -08:00
Marat Talipov
4f27c763af
containerd insecure registry support ( #8298 )
2021-12-13 00:41:58 -08:00
Cristian Calin
0e969c0b72
vSphere-CSI: update to 2.4.0 ( #8295 )
2021-12-10 11:07:23 -08:00
Steven Reitsma
b396801e28
Update Cinder CSI to v1.22 ( #8296 )
2021-12-10 10:49:11 -08:00
Cristian Calin
682c8a59c2
containerd: change default resolvconf_mode to host_resolvconf ( #8247 )
...
* containerd: change default resolvconf_mode to host_resolvconf
* Wait for kube-apiserver to come back after pod refresh
* Handle resolv.conf gracefully
* Retain currently configured DNS entries to ensure we don't break the resolvers
* Suse uses wickedd for network management so no dhcp hooks
* Molecule: increase ansible timeout
* CI: Increase ansible timeout to 120s for Packet jobs
2021-12-09 14:09:06 -08:00
Florian Ruynat
5a25de37ef
Revert "remove no longer present etcd nodes from APIEndpoints list in kubeadm-config configmap ( #8244 )" ( #8287 )
...
This reverts commit dc767c14b9
.
2021-12-09 08:24:16 -08:00
zhengtianbao
4ef2cf4c28
Registry add TLS and authentication support ( #8229 )
...
* Add registry TLS support
* Add registry configmap and htpasswd auth
2021-12-07 08:32:00 -08:00
Cristian Calin
990ca38d21
Kata-Containers: add 2.3.0 ( #8276 )
...
* Kata-Containers: add checksums for 2.3.0
* Kata-Containers: version 2.3.0 requires kubernetes 1.22.0+
2021-12-07 08:18:08 -08:00
Cristian Calin
c7e430573f
Calico: upgrade 3.21.x to 3.21.2 ( #8275 )
2021-12-07 08:18:01 -08:00
Cristian Calin
a328b64464
runc: upgrade to v1.0.3 ( #8274 )
2021-12-07 06:10:02 -08:00
zhengtianbao
a16d427536
Set etcd-events listen port to 2383 ( #8232 )
2021-12-07 00:28:01 -08:00
Cristian Calin
c98a07825b
Use cgroupsv2 where available (fedora) ( #8237 )
...
* Containerd: use cgroupsv2 where available (fedora)
* Docker: use cgroupsv2 where available (fedora)
* cri-o: use cgroupsv2 where available (fedora)
2021-12-06 11:19:33 -08:00
Samuel Liu
a98ca6fcf3
Update loadbalancers versions ( #8272 )
...
* Update loadbalancers versions
* fix haproxy_config_dir mode
2021-12-06 09:40:32 -08:00
Samuel Liu
4550f8c50f
calico_flexvol ( #8273 )
2021-12-06 05:00:32 -08:00
toplordsaito
9afca43807
change dns upstream condition for coredns ( #8263 )
...
upstream_dns_servers should change corefile config even resolvconf_mode=docker_dns
2021-12-06 02:46:32 -08:00