kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,328 Commits
29 Branches
81 Tags
158 MiB
Commit Graph

779 Commits (d3101d65aa5da124aafc610fbb0d42feedb33326)

Author SHA1 Message Date
Kenichi Omichi f8d5487f8e
Remove versions from setting-up-your-first-cluster (#9353) 
We are maintaining version info on the README.md, and it is not
necessary to maintain that on setting-up-your-first-cluster.md
 2022-09-30 06:02:29 -07:00
Ho Kim 18efdc2c51
Fix typos in calico (#9327) 2022-09-26 00:11:44 -07:00
Kevin Huang fa093ee609
feat(docs/openstack.md): Put Additional step needed when using calico or kube-router in own section (#9320) 2022-09-24 13:00:04 -07:00
Florian Ruynat 4ad67acedd
Move back vsphere csi to kube-system ns (#9312) 2022-09-23 10:46:26 -07:00
Ilya Margolin 726711513f
[containerd] Allow configuring base_runtime_spec per containerd runtime (#9302) 
and supply a default runtime spec.
 2022-09-23 10:38:27 -07:00
Emin AKTAS 9468642269
feat: allows users to have more control on DNS (#9270) 
Signed-off-by: eminaktas <eminaktas34@gmail.com>

Signed-off-by: eminaktas <eminaktas34@gmail.com>
 2022-09-23 10:28:26 -07:00
Necatican Yıldırım 7da3dbcb39
Cilium 1.12 Upgrade (#9225) 
* Drop support for Cilium < 1.10

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Synchronize Cilium templates for 1.11.7

Signed-off-by: necatican <contact@necatican.com>

* Set Cilium v1.12.1 as the default version

Signed-off-by: necatican <contact@necatican.com>

Signed-off-by: necatican <necaticanyildirim@gmail.com>
Signed-off-by: necatican <contact@necatican.com>
 2022-09-19 02:14:31 -07:00
Mahdi Abbasi 023b16349e
Add variable for the vsphere-csi namespace (#9278) 2022-09-15 02:01:23 -07:00
lijin-union c4976437a8
Fix typos in docs (#9276) 2022-09-15 00:09:22 -07:00
Kay Yan 97ca2f3c78
add-timezone-support (#9263) 2022-09-14 21:11:22 -07:00
Ho Kim 952cad8d63
Remove mutual exclusivity in calico: NAT and router mode (#9255) 
* Add optional NAT support in calico router mode

* Add a blank line in front of lists

* Remove mutual exclusivity: NAT and router mode

* Ignore router mode from NAT

* Update calico doc
 2022-09-13 00:19:07 -07:00
Kay Yan e2f1f8d69d
add-Rocky-9-support (#9212) 2022-09-04 16:54:36 -07:00
Michael Schmitz be2bfd867c
Add Support for Rewrite Plugin to CoreDNS/NodelocalDNS (#9245) 2022-09-03 16:16:35 -07:00
Cristian Calin 6db6c8678c
disable kubelet_authorization_mode_webhook by default (#9238) 2022-08-31 04:53:00 -07:00
Alessio Greggi acb6f243fd
feat: add kubelet systemd service hardening option (#9194) 
* feat: add kubelet systemd service hardening option

* refactor: move variable name to kubelet_secure_addresses

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* docs: add diagram about kubelet_secure_addresses variable

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
 2022-08-30 11:18:55 -07:00
lijin-union 8af86e4c1e Fix typo. 2022-08-30 11:30:57 +02:00
Kay Yan b46ddf35fc
kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod (#9223) 
* fix-kube-vip-strict-arp

* fix-kube-vip-strict-arp
 2022-08-30 00:21:02 -07:00
Cristian Calin e6976a54e1
add pre-commit hook to facilitate local testing (#9158) 
* add pre-commit hook configuration

* add tmp.md to .gitignore

* describe the use of pre-commit hook in CONTRIBUTING.md

* fix docs/integration.md errors identified by markdownlint

* fix docs/<file>.md errors identified by markdownlint

* docs/azure-csi.md
* docs/azure.md
* docs/bootstrap-os.md
* docs/calico.md
* docs/debian.md
* docs/fcos.md
* docs/vagrant.md
* docs/gcp-lb.md
* docs/kubernetes-apps/registry.md
* docs/setting-up-your-first-cluster.md
* docs/vagrant.md
* docs/vars.md

* fix contrib/<file>.md errors identified by markdownlint
 2022-08-24 06:54:03 -07:00
Bishal das aeeae76750
Update vars.md (#9172) 2022-08-22 23:31:24 -07:00
Shelming.Song 30b062fd43
fix one bug in docs/nodes (#9203) 2022-08-22 23:17:23 -07:00
Bishal das fddff783c8
Update vsphere-csi.md (#9170) 2022-08-22 07:13:43 -07:00
Tristan bbd1161147
9035: Make Cilium rolling-restart delay/timeout configurable (#9176) 
See #9035
 2022-08-22 02:37:44 -07:00
Ho Kim e31890806c
Add 'avoid-buggy-ips' support of MetalLB (#9166) 2022-08-18 21:49:51 -07:00
Tomas Zvala 30c77ea4c1
Add the option to enable default Pod Security Configuration (#9017) 
* Add the option to enable default Pod Security Configuration

Enable Pod Security in all namespaces by default with the option to
exempt some namespaces. Without the change only namespaces explicitly
configured will receive the admission plugin treatment.

* Fix the PR according to code review comments

* Revert the latest changes

- leave the empty file when kube_pod_security_use_default, but add comment explaining the empty file
- don't attempt magic at conditionally adding PodSecurity to kube_apiserver_admission_plugins_needs_configuration
 2022-08-18 01:16:36 -07:00
maxgio92 68653c31c0
docs(kube-vip): fix broken links (#9165) 
Signed-off-by: Massimiliano Giovagnoli <me@maxgio.it>

Signed-off-by: Massimiliano Giovagnoli <me@maxgio.it>
 2022-08-18 00:56:55 -07:00
Samuel Liu b36bb9115a
[calico] calico rr supports multiple groups (#9134) 
* update calico rr

* fix bgppeer conf

* fix yamllint

* fix ansible lint

* fix calico deploy

* fix yamllint

* fix some typo
 2022-08-18 00:52:37 -07:00
ERIK 47050003a0
Add docker support for Kylin V10 (#9144) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-08-03 15:03:46 -07:00
Florian Ruynat 4df6e35270 Move oracle7-canal to centos7-canal 2022-08-02 16:55:52 -07:00
ERIK f2f9f1d377
Add kylin OS support (#9078) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-08-01 10:44:29 -07:00
Florian Ruynat 9c51ac5157 Switch fedora36se to 35 and 35docker to 36 2022-07-21 23:03:38 -07:00
Florian Ruynat 07eab539a6 Add Fedora 36 support and CI, remove Fedora 34 (eol) 2022-07-21 23:03:38 -07:00
Alessio Greggi 3ce5458f32
hardening: Add `SeccompDefault` admission plugin for kubelet (#9074) 
* docs(hardening): add SeccompDefault admission plugin to kubelet feature gates

* fix(kubelet-config): enable config through kubelet_feature_gates

* feat(kubelet): add kubelet_seccomp_default variable
 2022-07-19 00:50:07 -07:00
Kenichi Omichi f3ea8cf45e
Add Rocky Linux 8 support for vagrant (#8905) 
To test Kubespray on Rocky Linux 8 with vagrant, this adds it to
the Vagrantfile.
 2022-07-05 07:50:47 -07:00
Kay Yan 4b03f6c20f
add-managed-ntp-support (#9027) 2022-06-28 13:15:34 -07:00
boeto d0a2ba37e8
update deprecated syntax (#9040) 
* `ansible.builtin.include` removed in version 2.16

Read the `ansible.builtin.include DEPRECATED` doc:

 https://docs.ansible.com/ansible/latest/collections/ansible/builtin/include_module.html#deprecated

* Update integration.md
 2022-06-28 13:11:34 -07:00
rptaylor 6f82cf12f5
let containerd_default_runtime be undefined by default (#9026) 2022-06-27 10:56:59 -07:00
Calin Cristian Andrei a22ae6143a [CI] ensure upgrade tests cover defaults (containerd currently) 2022-06-17 08:00:32 -07:00
Alessio Greggi 97b4d79ed5
feat: make kubernetes owner parametrized (#8952) 
* feat: make kubernetes owner parametrized

* docs: update hardening guide with configuration for CIS 1.1.19

* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
 2022-06-17 01:34:32 -07:00
Kay Yan 890fad389d
suggest-to-use-nft-in-centos8 (#8987) 2022-06-17 01:30:32 -07:00
Calin Cristian Andrei 24c8ba832a [kubernetes] drop support for configuring insecure apiserver 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei fad296616c [docker] use cri-dockerd instead of dockershim for any kubernetes version deployed with docker as the container_manager 2022-06-15 00:57:20 -07:00
Kay Yan 85271fc2e5
add-ci-for-ubuntu2204 (#8958) 2022-06-15 00:47:19 -07:00
Kenichi Omichi cd7381d8de
Drop Ansible support for v2.9 and v2.10 (#8925) 
Ansible v2.9 and v2.10 are EOL as [1].
This drops those version supports by following the upstream Ansible.

This sets use_ssh_args true always because that is required to use
ssh_args on ansible.cfg on Ansible v2.11 or later[2].

ansible_ssh_host is replaced with ansible_host because ansible_ssh_host
has been deprecated already and cenots7 jobs were failed due to the
deprecated ansible_ssh_host.

[1]: https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-changelogs
[2]: https://docs.ansible.com/ansible/latest/collections/ansible/posix/synchronize_module.html#parameter-use_ssh_args
 2022-06-09 07:07:42 -07:00
Ilya Margolin cc6cbfbe71
Allow disabling calico CNI logs with calico_cni_log_file_path (#8921) 
* Allow disabling calico CNI logs with calico_cni_log_file_path

Calico CNI logs up to 1G if it log a lot with current default settings:
log_file_max_size	100	Max file size in MB log files can reach before they are rotated.
log_file_max_age	30	Max age in days that old log files will be kept on the host before they are removed.
log_file_max_count	10	Max number of rotated log files allowed on the host before they are cleaned up.

See https://projectcalico.docs.tigera.io/reference/cni-plugin/configuration#logging

To save disk space, make the path configurable and allow disabling this log by setting
`calico_cni_log_file_path: false`

* Fix markdown

* Update roles/network_plugin/canal/templates/cni-canal.conflist.j2

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
 2022-06-07 09:22:56 -07:00
zhougw 14c0f368b6
the KUESPRAYDIR defined but never used (#8930) 
* fix dir error

* the command line should align
 2022-06-06 07:42:23 -07:00
Alessio Greggi d22204a59f
docs: add hardening guide (#8868) 2022-05-29 12:36:50 -07:00
Kenichi Omichi 0e6b727e53
Update docs for using venv (#8842) 
Due many patterns of Linux distributions, it is difficult to install
ansible dependencies as system-wide stably.
Apart of Kubespray doc[1] recommends to use venv to avoid such issue,
and this applies venv usage to the other parts of the doc.

[1]: https://github.com/kubernetes-sigs/kubespray/blob/master/docs/setting-up-your-first-cluster.md#set-up-kubespray
 2022-05-19 23:39:12 -07:00
Cristian Calin 0c504e4984
[docs] document support for ansible versions (#8827) 
drop note about not supporting ansible 2.9 since we still cover it in
nightly CI
 2022-05-16 00:50:17 -07:00
Kenichi Omichi 0bf070c33b
doc: write how to use kata-container for pods (#8817) 
kata-container is not used by default even if enabling kata_containers_enabled.
This updates the doc for writing how to do that.
 2022-05-13 23:15:18 -07:00
Oogy 5684610a55
Support metallb peer password (#8792) 
* support metallb peer password

* add MetalLB BGP password example
 2022-05-11 21:39:15 -07:00
Necatican Yıldırım 13443b05a6
Overhaul Cilium manifests to match the newer versions (#8717) 
* [cilium] Separate templates for cilium, cilium-operator, and hubble installations

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Update cilium-operator templates

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Update cilium-agent templates

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Bump Cilium version to 1.11.3

Signed-off-by: necatican <necaticanyildirim@gmail.com>
 2022-05-11 06:23:04 -07:00
weizhoublue 1d96f465f4
arm64 support of cilium (#8803) 
when cilium v1.10 , it is ok to support arm64
https://cilium.io/blog/2021/05/20/cilium-110

Signed-off-by: weizhou.lan@daocloud.io <weizhou.lan@daocloud.io>
 2022-05-10 02:55:43 -07:00
Alessio Greggi 37a5271f5a
feat: add variables to manage makeIPTablesUtilChains and streamingConnectionIdleTimeout kubelet parameters (#8796) 2022-05-09 09:25:19 -07:00
Alessio Greggi e7df4d3dd9
add support for `service-account-lookup` parameter (#8781) 
* feat: add variable to manage service-account-lookup on kube-apiserver

* docs: add documentation about service-account-lookup variable
 2022-05-06 00:39:07 -07:00
Alessio Greggi fa1d222eee
add support for `EventRateLimit` plugin configuration (#8711) 
* feat: add support for EventRateLimit admission plugin

* docs: add documentation about admission_control_config_file and EventRateLimit configuration
 2022-05-02 11:03:15 -07:00
Mathieu Parent e6c4330e4e
calico: vxlan is the default for calico_network_backend (#8750) 
Since https://github.com/kubernetes-sigs/kubespray/pull/8434
 2022-04-27 02:24:11 -07:00
Kenichi Omichi 1e827f9807
Update kata-containers.md (#8747) 
* kata container related options exist in k8s-cluster.yml,
  not k8s_cluster.yml

* https://github.com/kata-containers/runtime has been archived and
  https://github.com/kata-containers/kata-containers is used today.
 2022-04-26 07:06:53 -07:00
Cristian Calin 45262da726
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707) 2022-04-14 01:08:46 -07:00
Mathieu Parent 996ef98b87
Add support for kube-vip (#8669) 
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
 2022-04-07 10:37:57 -07:00
Alessio Greggi bba91a7524
split kube_feature_gates variable for different kubernetes components (#8677) 
* feat: split kube_feature_gates variable for different kubernetes components

* docs: add kube_feaute_gates componet variables
 2022-04-05 05:39:37 -07:00
Kenichi Omichi 6cc9da6b0a
Update vagrant.md (#8663) 
To read it easily, this puts new lines.
 2022-03-31 00:07:00 -07:00
Cristian Calin ef29455652
[ansible] make ansible 5.x the new default version (#8660) 
* [ansible] make ansible 5.x the new default version and move different versions tested to nightly jobs

* [CI] jobs were missing proper ansible cleanup
 2022-03-29 15:36:11 -07:00
Cristian Calin dd2d95ecdf
[calico] don't enable ipip encapsulation by default and use vxlan in CI (#8434) 
* [calico] make vxlan encapsulation the default

* don't enable ipip encapsulation by default
* set calico_network_backend by default to vxlan
* update sample inventory and documentation

* [CI] pin default calico parameters for upgrade tests to ensure proper upgrade

* [CI] improve netchecker connectivity testing

* [CI] show logs for tests

* [calico] tweak task name

* [CI] Don't run the provisioner from vagrant since we run it in testcases_run.sh

* [CI] move kube-router tests to vagrant to avoid network connectivity issues during netchecker check

* service proxy mode still fails connectivity tests so keeping it manual mode

* [kube-router] account for containerd use-case
 2022-03-17 18:05:39 -07:00
Cristian Calin 394857b5ce
[docker] add support for cri-dockerd as a replacement for dockershim (#8623) 2022-03-16 16:28:11 -07:00
Tom Janson 2e925f82ef
Revert "Fix: typos in docs and comments (#7805)" (#8592) 
This reverts commit 417180246c.
 2022-03-02 11:57:13 -08:00
Tom Janson 3e8e64a3e5
fix typo / error regarding etcd and k8s_cluster groups (#8580) 
As far as I can tell this is simply a typo that has existed from the beginning. Having it this way around (`etcd` group as a child and thus subset of `k8s_cluster`) mirrors what is written in the preceeding sentence.
 2022-02-28 02:54:58 -08:00
Alex 36393d77d3
Encrypting Secret Data at Rest (#8574) 
* change default value for Encrypting Secret Data at Rest to secretbox, remove experimental flag and add documentation

* fix MD012/no-multiple-blanks
 2022-02-23 03:04:18 -08:00
Necatican Yıldırım e9c8913248
Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable (#8317) 
* Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Add etcd kubeadm deployment documentation

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Refactor warning for the deprecated 'etcd_kubeadm_enabled' variable

Signed-off-by: necatican <necaticanyildirim@gmail.com>
 2022-02-22 08:53:16 -08:00
Mac Chaffee 0f73d87509
Allow pausing after upgrade but before uncordon (#8530) 
* Allow pausing after upgrade but before uncordon

* Expand docs for upgrade pausing vars

Signed-off-by: Mac Chaffee <me@macchaffee.com>
 2022-02-15 16:39:02 -08:00
kakkotetsu 98d5d0cdd5
add support for Dual Stack node InternalIP (#8542) 2022-02-15 00:28:02 -08:00
Takuya Murakami da8522af64
docs: Update offline-environment.md for containerd (#8520) (#8523) 
* Add containerd/runc/nerdctl download url
* Add insecure registries configuration for containerd
 2022-02-09 08:08:18 -08:00
Krystian Młynek 87928baa31
CRI-O: fix unqualified-search registries (#8496) 2022-02-04 23:46:50 -08:00
Julio H Morimoto eac799f589
Amend documentation for docker to containerd migration (#8477) 
* Amend PR https://github.com/kubernetes-sigs/kubespray/pull/8471 with missing inventory configuration.

Signed-off-by: Julio Morimoto <julio@morimoto.net.br>

* Amend PR https://github.com/kubernetes-sigs/kubespray/pull/8471 with missing inventory configuration.

Signed-off-by: Julio Morimoto <julio@morimoto.net.br>
 2022-02-02 00:46:22 -08:00
Tristan 92d612c3e0
8487: Allow override of default CoreDNS zone cache (#8488) 
Using the coredns_cluster_zone_cache_block variable
 2022-02-01 00:48:18 -08:00
Ilya Margolin 7d4d554436
Document host_resolvconf as default value for resolvconf_mode (#8493) 
refs #8247
 2022-01-31 03:12:24 -08:00
Cristian Calin c40b43de01
[mitogent] update to 0.3.2 (#8470) 2022-01-27 08:36:59 -08:00
Julio H Morimoto b0eb5650da
Provide initial guidelines for a container engine migration (docker-2-containerd), with special emphasis on the fact that the procedure is still not officially supported. (#8471) 
Follow up from https://github.com/kubernetes-sigs/kubespray/issues/8431.

Signed-off-by: Julio Morimoto <julio@morimoto.net.br>
 2022-01-27 01:40:10 -08:00
Florian Ruynat d580014c66
Fix CI for Fedora (followup) + OpenSUSE Leap (update to 15.3) (#8407) 
* Fix fedora jobs - followup

* Update OpenSUSE Leap to 15.3

* Fix cilium version in README + update minor 1.11.1
 2022-01-24 23:24:30 -08:00
Victor Morales e88aa7c96b
Add youki runtime support (#8411) 2022-01-21 14:01:07 -08:00
Pav K 6e2e61012a
Docs - Removed incorrect info on calico_rr. (#8437) 2022-01-17 02:55:30 -08:00
Necatican Yıldırım caff539ccd
Add identity_allocation_mode support for Cilium (#8430) 
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>

Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
 2022-01-16 09:29:28 -08:00
Mathieu Parent 43d128362f
Document image_command_tool and image_command_tool_on_localhost (#8409) 
Signed-off-by: Mathieu Parent <mathieu.parent@insee.fr>
 2022-01-11 15:35:24 -08:00
Tovin Seven e0d67367ed
Update installation doc with vagrant (#8406) 2022-01-11 05:19:17 -08:00
Bart Sloeserwij 59f62473c9
Update configuration of registries in cri-o (#7852) 
* Update configuration of registries in cri-o

* Update docs to match new registry configuration
 2022-01-05 07:36:40 -08:00
Cristian Calin 3eab1129b9
CI: Replace CentOS 8 with AlmaLinux 8 before CentOS 8 EOL end of 2021 (#8297) 2022-01-05 02:20:33 -08:00
Kenichi Omichi 78c83a8f26
Update containerd doc (#8369) 
This is a follow-up change for https://github.com/kubernetes-sigs/kubespray/pull/7911
 2022-01-05 00:32:33 -08:00
Nguyễn Trung e72f8e0412
Update node about container_manager variable (#7911) 
I was deploy my cluster with separate etcd cluster and not intersect with kube_control_plane or kube_node. And I want to run etcd cluster in docker but still used containerd to make container runtime for all other nodes. Therefore, I was added note to this doc for everyone 

Thank !
 2022-01-04 14:29:20 -08:00
Nicolas MASSE f01f7c54aa
Add support for CRI-O user namespaces (#8268) 
* add support for cri-o user namespaces

* comply with yamllint rules
 2021-12-20 06:37:25 -08:00
kakkotetsu c59407f105
add support for Calico BGPPeer sourceAddress (#8306) 2021-12-20 01:51:25 -08:00
Hanna Bledai 615216f397
Fix if bind-address is not set to 0.0.0.0 (#8262) 
* if bind-address is not set to 0.0.0.0

* Update docs and left comments

* fix yamllist check: remove space
 2021-12-05 23:58:32 -08:00
Florian Ruynat e19ce27352
Remove ovn4nfv support (#8265) 2021-12-03 11:56:35 -08:00
Florian Ruynat e82443241b
Move opensuse CI to docker and fix ubuntu16 containerd version for docker (#8257) 2021-12-02 08:01:34 -08:00
Florian Ruynat b38382a68f
Move cri-o default package to 1.22 (#8258) 2021-12-02 06:21:34 -08:00
Florian Ruynat 30ec03259d
Remove fedora33 - eol (#8246) 2021-11-30 15:53:17 -08:00
Cristian Calin ee882fa462
Add capability to use swap, requires Kube 1.22 (#8241) 
* Alpha-NodeSwap: allow nodes to use swap

* CI: Add Fedora 35 with experimental swap job
 2021-11-30 00:52:56 -08:00
Cristian Calin 52ee5d0fff
Various documentation updates (#8243) 
* Docs: update CONTRIBUTING.md

* Docs: clean up outdated roadmap and point to github issues instead

* Docs: update note on kubelet_cgroup_driver

* Docs: update kata containers docs with note about cgroup driver

* Docs: note about CI specific overrides
 2021-11-29 15:05:21 -08:00
Florian Ruynat a5f88e14d0
Cleanup tests (#8234) 
* Add Fedora 35 image, support and CI

* Cleanup tests and allow_failure for vagrant
 2021-11-26 09:00:51 -08:00
Cristian Calin e78bda65fe
Defaults: replace docker with containerd as our default container_manager (#8175) 
* Defaults: replace docker with containerd as our default container_manager

* CI: Use docker for download_localhost test

* Defaults: with container_manager=containerd we need etcd_deployment_type=host

* CI: Run weave jobs with docker

* CI: Vagrant don't download_force_cache

* CI: Fix upgrade tests

* should run compatible with old settings, this means docker
* we need to run with a distro that has at least modern containerd,
  this means move from debian9 to debian10 to allow `containerd_version`
  to match between 2.17 and master
 2021-11-25 06:54:33 -08:00
zhengtianbao e35a87e3eb
Update registry template (#8198) 
* Add registry replica setting

* Add registry liveness and readiness probe

* Set the security context for registry

* Add registry pvc access mode option

* registry add replica requirement check

* docs: add registry replicas setting note

* Update docs/kubernetes-apps/registry.md

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
 2021-11-22 02:45:09 -08:00
Karthikeya Viswanath 25316825b1
docs: remove basic auth reference in getting-started (#7823) 2021-11-19 14:49:23 -08:00
Mathieu Parent 0263c649f4
Allow to scrape etcd metrics using a service (#8203) 
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
 2021-11-17 23:53:01 -08:00
Lubos Mercl 424163c7d3
add gce support (#8179) 
Author:    lmercl <lubos.mercl@gmail.com>
Date:      Wed Nov 10 15:30:04 2021 +0000

fix markdown
 2021-11-16 08:58:28 -08:00
EDGsheryl 4d79a55904
Remove extra parameter kube_proxy_remove (#8158) 
Signed-off-by: EDGsheryl <edgsheryl@gmail.com>
 2021-11-15 00:02:48 -08:00
Cristian Calin 039205560a
nodelocaldns: allow a secondary pod for nodelocaldns for local-HA (#8100) 
* nodelocaldns: allow a secondary pod for nodelocaldns for local-HA

* CI: add job to test nodelocaldns secondary
 2021-11-09 09:57:47 -08:00
Cristian Calin 4a8757161e
Docker: replace the use of containerd_version with docker_containerd_version to avoid causing conflicts when bumping containerd_version (#8130) 2021-11-08 15:56:49 -08:00
Antoine Gatineau b7eb1cf936
cert-manager: add trusted internal ca when configured (#8135) 
* cert-manager: add trusted internal ca when configured

* wrong check for inventory variable

* Update documentation
 2021-11-05 09:43:52 -07:00
Pasquale Toscano 6e5b9e0ebf
Fix Kubelet and Containerd when using cgroupfs as cgroup driver (#8123) 2021-11-05 07:59:54 -07:00
Cristian Calin 8d553f7e91
Mitogen: deprecate the use of mitogen and remove coverage from CI (#8147) 2021-11-05 00:57:52 -07:00
Erkan Zileli 8d82033bff
fix(doc): update typo (#8148) 
I guess `kubernetes-the-hard-way` should be `kubernetes-the-kubespray-way` because of recently created network name is `kubernetes-the-kubespray-way`.
 2021-11-02 01:16:58 -07:00
Florian Ruynat 331647f4ab
Remove deprecated Ambassador ingress code (#8086) 2021-10-26 15:19:09 -07:00
Cristian Calin 3c30be1320
cert-manager: update docs to reflect 1.5.x links (#8117) 2021-10-25 03:14:23 -07:00
Cristian Calin 6a5b87dda4
netchecker: update images to 1.2.2 from Mirantis (#8074) 
* netchecker: update images to 1.2.2 from Mirantis which is slightly less ancinet than the l23networks images

* Netchecker: use local etcd instead of kubernetes v1beta1 crds which are no longer suported by kube 1.22+
 2021-10-19 10:17:04 -07:00
Omar Aloraini 6aac59394e
Rocky Linux support (#8095) 
* Add Rocky as a known OS

* Make sure Rocky includes bootstrap-centos.yml

* Update docs with Rocky Linux

* Rocky Linux wireguard and EPEL

* Rocky Linux in the list of supported distributions
 2021-10-19 08:29:04 -07:00
Cristian Calin cee481f63d
cert-manager: upgrade to 1.5.4 (#8069) 
* cert-manager: update to 1.5.4

* cert-manager: remove outdated guidelines on creating an initial ClusterIssuer
 2021-10-12 09:17:47 -07:00
Florian Ruynat c68fb81aa7
Clarify documentation for integration.md (#8049) 2021-10-06 16:44:41 -07:00
Orhun Parmaksız c5c10067ed
Update kubespray version to 2.17.x in first cluster guide (#8043) 2021-10-04 00:09:07 -07:00
Nicolas Goudry af949cd967
Fix invalid documentation links (#7692) 
* Fix invalid link to Ansible documentation

* Fix invalid link to mitogen doc page

* Fix invalid link to calico doc page

* Fix all invalid links to doc pages
 2021-09-28 09:58:43 -07:00
Cristian Calin 33146b9481
CI: Add Calico eBPF in HA mode test (#7710) 
* Sample-Inventory: add sample for calico_bpf_enabled

* Calico-Doc: note about CONFIG_NET_SCHED for eBPF support

* CI: Add Calico eBPF in HA mode test
 2021-09-24 09:57:23 -07:00
Cristian Calin ae44aff330
Calico: increase calico node probe timeouts and allow tunning (#7981) 2021-09-17 16:08:07 -07:00
andrew.k 85d18fc107
add node-based upgrade (#7785) 2021-09-13 23:59:07 -07:00
Florian Ruynat 7e4b176323
Update Ansible tags in documentation (#7933) 2021-09-02 10:08:58 -07:00
Florian Ruynat 207d3e7b4e
Add Debian-11 image and CI (#7919) 2021-08-31 14:02:22 -07:00
Cristian Calin 1afdb05ea9
Fedora and RHEL use etc_t and the convention is <type_name>_t (#7891) 
* Fedora and RHEL use etc_t and the convention is <type_name>_t

* Docs: specify all values for preinstall_selinux_state

* CI: Add Fedora 34 with SELinux in enforcing mode
 2021-08-27 14:20:53 -07:00
Léopold Jacquot d635961120
Add Infomaniak to compatible public clouds list (#7910) 2021-08-26 06:47:24 -07:00
Hari Hud d5b865da4d
Update etcd without rotating etcd certs (#7907) 2021-08-26 00:21:23 -07:00
Baargav 9dfade5641
Update nodes.md (#7902) 2021-08-24 02:43:14 -07:00
Hrittik Roy dad4b26c6f
Update Azure.md (#7880) 2021-08-20 20:23:58 -07:00
rtsp dfd35892f2
docs/cert_manager.md: Update docs for K8s v1.22 (#7877) 2021-08-19 18:31:24 -07:00
Frank Ritchie 1f09229740
Update cilium to 1.9.9 (#7871) 
Now that 1.10 is out this is to make 1.9.9 the default. I am running
this version successfully.
 2021-08-16 13:34:22 -07:00
Eugene Artemenko e2b67b5700
Add suport of Vsphere CSI driver 2.2.X versions (#7848) 2021-08-09 08:19:38 -07:00
Vitaliy D 5db86f4c2b
Update vSphere CPI (#7838) 
Changes:
  * ClusterRole updated according to the latest manifests from
    https://github.com/kubernetes/cloud-provider-vsphere
  * vSphere CPI/CSI default versions bumped and
    tested successfully on K8S 1.21.1
  * vSphere documentation updated

Signed-off-by: Vitaliy D <vi7alya@gmail.com>
 2021-07-29 18:17:37 -07:00
Kenichi Omichi 20c284c276
doc: Update 'Kubespray vs Kubeadm' (#7834) 
non-kubeadm mode has been removed since ddffdb63bf
2.5 years ago. The non-kubeadm makes unnecessary confusion today, then
this updates the documentation.
 2021-07-28 03:15:34 -07:00
Markus Opolka befc6cd650
Update MetalLB documentation (#7833) 
- Added a hint about the kube_proxy_strict_arp configuration, which is required for MetalLB to work
 - See also https://github.com/kubernetes-sigs/kubespray/pull/5180/files
 2021-07-27 08:46:45 -07:00
Atsushi Nukariya 417180246c
Fix: typos in docs and comments (#7805) 2021-07-16 18:58:50 -07:00
Karthikeya Viswanath 22b128dfd2
fix: update metallb docs url (#7802) 2021-07-16 03:38:08 -07:00
spaced c2cf0d9945
add containerd on fedora CoreOS (#7794) 
* set selinux type t_etc if selinux state is enforcing

* workaround with update repo is no longer needed
remove comments about failing playbook

* grubby is not available in distros using ostree

* remove docker support because removed in fcos
update install script example with live rootfs

* do not call grubby on ostree based distro

* update docs enabling containerd on fedora coreos
 2021-07-15 00:00:48 -07:00
Cristian Calin 7516fe142f
Move to Ansible 3.4.0 (#7672) 
* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10

* Docs: add a note about ansible upgrade post 2.9.x

* CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures

* Ansible: use newer ansible-lint

* Fix ansible-lint 5.0.11 found issues

* syntax issues
* risky-file-permissions
* var-naming
* role-name
* molecule tests

* Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+

* Pin ansible-base to 2.10.11 to get package fix on RHEL8
 2021-07-12 00:00:47 -07:00
Arian van Putten 394afc957b
Update vars.md to remove mention of string syntax of node_labels (#7776) 
* Update vars.md to remove mention of string syntax of node_labels

Fixes https://github.com/kubernetes-sigs/kubespray/issues/6215

* Try fix makrdown linting

* Update docs/vars.md
 2021-07-07 14:20:22 -07:00
andrew.k 63e92d719a
Clarify first master replace (#7761) 
* Update nodes.md

* fix syntax

* fix syntax - part 2

* replace master with kube_control_plane

* return etcd-master
 2021-07-07 13:42:23 -07:00
Julien Carpentier 9b87131b19
Fix Operating Systems menu for Amazon Linux 2 (#7772) 2021-07-05 01:30:55 -07:00
Kenichi Omichi b77f207512
Docs: Replace master with control plane (#7767) 
This replaces master with "control plane" in Kubespray docs
because of [1].

[1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
 2021-07-01 00:55:55 -07:00
Cristian Calin 05d864c913
Calico Docs: clarify the algorithm to calculate calico_veth_mtu (#7749) 
* Claico Docs: clarify the algorithm to calculate calico_veth_mtu

* Update sample calico_veth_mtu
 2021-06-27 23:59:25 -07:00
Cristian Calin a2cf6816ce
Calico wireguard (#7638) 
* Calico: add Wireguard support

* CI: Add Calico Wireguard scenario
 2021-06-25 03:22:45 -07:00
rptaylor 70f1abbc18
fix broken link in doc (#7736) 
* fix broken link in doc

* Revert "fix broken link in doc"

This reverts commit b427d1f57f.

* move metallb doc to right place, fixing broken link
 2021-06-25 01:34:45 -07:00
Hamed Bahadorzadeh 271be92b02
Update kubernetes-reliability.md (#7724) 
It's a minor change, I just corrected `–` char to `-`.
 2021-06-21 10:36:51 -07:00
Cristian Calin 282a27a07c
gVisor: initial support for gVisor container runtime (#7661) 
* Docker/Containerd: move downloads urls to containerd-common

* gVisor: initial support for gVisor container runtime
 2021-06-21 05:18:51 -07:00
forselli-stratio 1069b05e68
Improve scale flow and documentation (#7610) 
* Improve scale flow

* Add confirmation prompt again
 2021-06-07 05:02:40 -07:00
Cristian Calin ec0c0d4a28
Calico enable support for eBPF (#7618) 
* Calico: align manifests with upstream

* allow enabling typha prometheus metrics

* Calico: enable eBPF support

* manage the kubernetes-services-endpoint configmap

* Calico: document the use of eBPF dataplane

* Calico: improve checks before deployment

* enforce disabling kube-proxy when using eBPF dataplane
* ensure calico_version is supported
 2021-06-07 04:58:39 -07:00
Cristian Calin 6a2ea94b39
Docs improvements (#7660) 
* Docs: update sidebar

* Docs: move registry documentation into docs/

* Docs: move rbd_provisioner documentation into docs/

* Docs: move cephfs_provisioner into docs/

* Docs: move local_volume_provisioner documentation into docs/

* Docs: move ambassador.md to docs/ingress_controller/

* Docs: move metallb.md to docs/ingress_controller/

* Docs: move ingress_nginx documentation into docs/

* Docs: move alb_ingress_controller documentation into docs/

* Docs: merge ambassador documentation into docs/ingress_controller/

* Docs: move cert_manager documentation into docs/

* Docs: move bootstrap-os documentation into docs/

* Docs: update file locations in sidebar
 2021-06-01 07:30:27 -07:00
Cedric Hnyda 4674b03661
Add cinder_csi_ignore_volume_az (#7624) 
Signed-off-by: Cedric Hnyda <cedric.hnyda@itera.io>
 2021-06-01 07:10:27 -07:00