Commit Graph

857 Commits (d3113ad8693c0655b504915628789b618a928aae)

Author SHA1 Message Date
Kubernetes Prow Robot 6c112a9b41
Merge pull request #11567 from VannTen/cleanup/remove_node_static_token_generation
Remove generation of static tokens for cluster members
2024-09-26 13:58:01 +01:00
Bakke e355bef79b
fix: vsphere image repositories, tags and docs (#11564)
The old repository for these has been deleted, leaving the previous
configuration not possible to deploy, and even currently running clusters
fail after a restart as the DeameonSet has ImagePullPolicy: Always. More
details can be found here: kubernetes-sigs/vsphere-csi-driver#3053

As of writing, only CSI driver versions 3.1.2 to 3.3.1 is available in
this registry. This "officially" supports Kubernetes 1.26 to 1.30. Since
older drivers are not available, I have removed some feature-gating for
those unavailable versions while I was at it. For the cloud provider,
the `latest` image is now missing, and only 1.28.0 to 1.31.0 are
available. I've set the latest of these as the new default.

I also updated the documented default versions, as they were all out of
date and not aligned with actual code defaults.
2024-09-26 08:22:02 +01:00
Max Gautier baf0a331c9
Don't generate static tokens for nodes and control planes
Nodes to api-server relies by default certificates, and bootstrap
tokens, and there should be no need to generate tokens for every nodes,
even when enabling static token auth.
2024-09-23 16:58:42 +02:00
Kubernetes Prow Robot 03a055c383
Merge pull request #10643 from VannTen/cleanup/k8s_node_templates
Refactor kubernetes/node templates
2024-09-23 14:16:00 +01:00
Max Gautier 88b6f08e26
Documentation of k8s_cluster auto-defined
Also remove the group from the example inventory, since it should not be
needed anymore.
2024-09-21 14:35:36 +02:00
Kubernetes Prow Robot 93ee1226eb
Merge pull request #11521 from VannTen/cleanup/deduplicate_kubeadm_control_plane
Use in inventory variables rather than patch files for kubeadm_patches
2024-09-20 01:05:14 +01:00
Kubernetes Prow Robot 163697951c
Merge pull request #11527 from VannTen/feat/vagrant_multi_inv
Cleanup Vagrantfile and allow to use multiples inventories
2024-09-19 13:46:45 +01:00
Max Gautier 76c42b4d3f
CI: cleanup '-scale' tests infra (#11535)
There is actually no test using this since ad6fecefa8,
so there is no reason to keep that infra in our tests scripts.
2024-09-18 13:04:50 +01:00
Max Gautier 4bf2d7a2c2
Rework vagrant documentation
- Use proper syntax highlighting for config.rb examples
- Consistent shell style ($ as prompt)
- Use only one way to do things
- Remove OS specific details
2024-09-13 08:00:33 +02:00
Kevin Huang c601c8faf2
fix: Swap kubespray-defaults & boostrap-os (#11441)
- Execute boostrap-os before so that Python is installed for kubespray-defaults
- Remove outdated kubespray-defaults dependency on boostrap-os
2024-09-12 22:21:12 +01:00
Max Gautier c87097fc35
Document how to use kubeadm patches 2024-09-12 10:31:09 +02:00
Qasim Mehmood 538a1f2791
Update multus to v4.1.0 and clarify cilium compatibility (#11434)
* Update multus to v4.1.0 and clarify cilium compatibility

* Fix: bug introduced by #10934 where the template would break if multus was defined

* Set priorityClassName to system-node-critical for multus pods
2024-09-09 03:56:27 +01:00
Max Gautier fe60832a02
Remove kubelet_node_{custom_flags,config_extra_args}
There is no need to have an extra variables for this, just use different
values per host (using Ansible group_vars, for example)
2024-09-06 09:35:34 +02:00
Bogdan Sass 4b324cb0f0
Rename master to control plane - non-breaking changes only (#11394)
K8s is moving away from the "master" terminology, so kubespray should follow the same naming conventions. See 65d886bb30/sig-architecture/naming/recommendations/001-master-control-plane.md
2024-09-06 07:56:19 +01:00
Max Gautier 7f527f6195
Drop support for RHEL 7 / CentOS 7 (#11246)
* Simplify docker systemd unit

systemd handles missing unit by ignoring the dependency so we don't need
to template them.

* Remove RHEL 7/CentOS 7 support

- remove ref in kubespray roles
- move CI from centos 7 to 8
- remove docs related to centos7

* Remove container-storage-setup

Only used for RHEL 7 and CentOS 7
2024-09-05 07:41:01 +01:00
Mohamed Omar Zaian c4338687e1
[ingress-nginx] upgrade to 1.11.2 (#11463) 2024-08-19 06:10:27 -07:00
R. P. Taylor 468c5641b2
fix kube_reserved so it only controls kubeReservedCgroup (#11367) 2024-07-26 01:39:20 -07:00
ChengHao Yang 474b259cf8
CI: Remove Debian 10 support & macvlan test move to Debian 12 (#11347)
* CI: macvlan test switch to debian 11 & default job

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

* CI: cilium-svc-proxy test switch to debian 12

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

* CI: remove debian 10 test

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

* Docs: remove debian 10 support

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
2024-07-03 09:13:59 -07:00
Antoine Legrand a0587e0b8e
CI: rework pipeline: short/extended based on labels (#11324)
* CI: reduce VM resources requests to improve scheduling

* CI: Reduce default jobs; add labels(ci-full/extended) to run more test

* CI: use jobs dependencies instead of stages

* precommit one-job

* CI: Use Kubevirt VM to run Molecule and Vagrant jobs
2024-07-01 03:25:36 -07:00
opethema 35e904d7c3
fix image and kube-vip links (#11267) 2024-06-28 18:42:06 -07:00
Serge Hartmann db316a566d
dependencies for kubelet.service (#11297)
Signed-off-by: serge Hartmann <serge.hartmann@gmail.com>
2024-06-26 02:30:34 -07:00
qlijin 2d612cde4d
Fix broken links in the cilium doc (#11318) 2024-06-24 19:45:42 -07:00
Lihai Tu 921b0c0bed
Add options to control images pulling of kubelet (#11094)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-06-21 07:54:54 -07:00
Hedayat Vatankhah (هدایت) dedc00661a
Add 'system-packages' tag to control installing packages from OS repositories (#10872) 2024-05-30 04:25:21 -07:00
Max Gautier ff48144607
pre-commit: adjust mardownlint default, md fixes
Use a style file as recommended by upstream. This makes for only one
source of truth.
Conserve previous upstream default for MD007 (upstream default changed
here https://github.com/markdownlint/markdownlint/pull/373)
2024-05-28 13:26:49 +02:00
Max Gautier d50f61eae5
pre-commit: apply autofixes hooks and fix the rest manually
- markdownlint (manual fix)
- end-of-file-fixer
- requirements-txt-fixer
- trailing-whitespace
2024-05-28 13:26:44 +02:00
tico88612 f85111f6d4
CI: add ubuntu 24.04 support (#11132)
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
2024-05-18 00:35:20 -07:00
Payback159 4123cf13ef add gen_docs_sidebar.sh result, mark docs/_sidebar.md as a generated file 2024-05-17 15:09:54 +02:00
Payback159 4dbfd42f1d modify doc structure and update existing doc-links as preparation for new doc generation script 2024-05-17 15:09:54 +02:00
Lihai Tu d5f6838fba
Bump scheduler plugins version (#11205)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-05-17 02:05:35 -07:00
Mohamed Omar Zaian 6dbb09435c
[ingress-nginx] upgrade to 1.10.1 (#11184) 2024-05-13 18:39:10 -07:00
user81230 a00b0c48fe
Update recover-control-plane.md (#11155)
#10844 Copy node instead of move
2024-05-13 03:25:00 -07:00
Mathieu Parent c6bdc38776
containerd: allow to configure fallback server (#10988)
Also nerdctl limitation is now removed as we use /etc/containerd/certs.d/
2024-04-29 05:41:47 -07:00
Devesh Kumar eee5b5890d
feat: Add support for cilium 1.15 and updated cilium to v1.15.4 (#11106) 2024-04-23 19:42:11 -07:00
Barry M 1b870a1862
Update kubelet systemd service default allowed IP addresses for cluster hardening (#11061)
Signed-off-by: bmelbourne <barry.melbourne0@gmail.com>
2024-04-11 00:58:27 -07:00
Mathieu Parent d58343d201
Document "Remove access to cluster from anonymous users" (#11068)
See https://github.com/kubernetes-sigs/kubespray/pull/11016
2024-04-09 03:34:36 -07:00
Nicolas Goudry c6fcbf6ee0
Remove access to cluster from anonymous users (#11016)
* feat: add user facing variable with default

* feat: remove rolebinding to anonymous users after init and upgrade

* feat: use file discovery for secondary control plane nodes

* feat: use file discovery for nodes

* fix: do not fail if rolebinding does not exist

* docs: add warning about kube_api_anonymous_auth

* style: improve readability of delegate_to parameter

* refactor: rename discovery kubeconfig file

* test: enable new variable in hardening and upgrade test cases

* docs: add option to config parameters

* test: multiple instances and upgrade
2024-04-02 23:54:12 -07:00
kyrie baf4842774
make kube-vip LeaderElection variables configurable (#11021)
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
2024-03-25 02:24:57 -07:00
Tom M e7d29715b4
Add kubelet_cpu_manager_policy_options (#11023) 2024-03-22 12:21:39 -07:00
Max Gautier 3305383873
Fix ansible python version range (#11009) 2024-03-14 05:54:31 -07:00
Max Gautier 7f6ca804a1
Upgrade ansible-core to 2.16.4 (#10984)
* upgrade ansible version

Needed for with_first_found to work correctly:
https://github.com/ansible/ansible/issues/70772 fixed in 2.16

* Remove unused google cloud cloud_playbook

* Fix dpkg_selection on non-existing packages

Needed since ansible-core>2.16, see:
f10d11bcdc
2024-03-14 02:12:45 -07:00
Max Gautier d40b073f97
Add extra_vars support to vagrant setup (#10932) 2024-02-19 02:58:20 -08:00
Max Gautier c13b21e830
Explicit private/public nature of `*ip` vars (#10904) 2024-02-19 02:00:26 -08:00
Radek Smid 8d5091a3f7
fix: Kubelet not starting because of non-existent feature gate (#10448) 2024-02-16 01:27:46 -08:00
Kundan Kumar bfbb3f8d33
updated ingress controller version (#10868) 2024-02-12 01:11:03 -08:00
Oliver Larsson 65e22481c6
Remove documentation for removed in-tree openstack provider (#10889) 2024-02-06 01:11:00 -08:00
anders-elastisys c698790122
add nat_outgoing_ipv6 to calico defaults and docs (#10866) 2024-02-05 23:14:22 -08:00
Max Gautier 11c01ef600
docs: vagrant-libvirt is tested in CI (#10847) 2024-01-31 05:13:17 -08:00
Takuya Murakami 785366c2de
[kubernetes] Support kubernetes 1.29 (#10820)
* [kubernetes] Make kubernetes 1.29.1 default

* [cri-o]: support cri-o 1.29

Use "crio status" instead of "crio-status" for cri-o >=1.29.0

* Remove GAed feature gates SecCompDefault

The SecCompDefault feature gate was removed since k8s 1.29
https://github.com/kubernetes/kubernetes/pull/121246
2024-01-31 00:57:23 -08:00
Max Gautier e3ea19307a
Doc clarification: skipping patches releases is OK (#10850) 2024-01-29 22:31:40 -08:00