f5474ec6cc
Don't try to set permissions recursively on cache+staging directory ( #10900 )
...
This should avoid permissions problems when the user creating the
directory and the user creating the content are different (when
containers images are saved by root for instances, because the user
can't use the container runtime).
2024-02-09 06:04:28 -08:00
4b0a134bc9
Only download kubeadm images where needed ( #10899 )
...
* Refactor of kubeadm images listing
Instead of setting multiples facts, we directly create the dict we need from
kubeadm output.
* Remove useless 'default' filters in roles/download
* Only download kubeadm images where needed
2024-02-08 02:14:45 -08:00
ad565ad922
Fix waiting for MetalLB controller ( #10858 )
...
The current state waiting method is bad to implement.
When changing the deployment version, which is execute with the upgrade_cluster in the previous ansible task: "Kubernetes Apps | Install and configure MetalLB", next ansible task: "Kubernetes Apps | Wait for MetalLB controller to be running" may fall with an error.
2024-02-06 02:58:59 -08:00
6f419aa18e
Revert "implement download mirrors support ( #8474 )" ( #10884 )
...
This reverts commit c6e5314fab
2024-02-06 00:48:29 -08:00
c698790122
add nat_outgoing_ipv6 to calico defaults and docs ( #10866 )
2024-02-05 23:14:22 -08:00
989ba207e9
task description modified ( #10875 )
2024-02-05 07:59:04 -08:00
f2bdd4bb2f
Fix logical error when checking for boostrap-os ( #10867 )
...
Also remove some clutter along the way.
2024-02-05 07:58:55 -08:00
c9a44e4089
make docker 24.0 default ( #10873 )
...
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
2024-02-04 21:55:19 -08:00
0dbde7536f
make containerd 1.7.12 default and upgrade runc to v1.1.11 ( #10862 )
...
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
2024-02-01 04:06:08 -08:00
8d53c1723c
bump coredns version to 1.11.1 ( #10719 )
...
* update version coredns 1.11.1
* Update roles/kubespray-defaults/defaults/main/download.yml
Co-authored-by: Mohamed Omar Zaian <mohamedzaian@gmail.com>
---------
Co-authored-by: Mohamed Omar Zaian <mohamedzaian@gmail.com>
2024-02-01 03:28:20 -08:00
dce68e6839
[feat] Update metrics server to v0.7.0 ( #10856 )
2024-01-31 05:13:26 -08:00
785366c2de
[kubernetes] Support kubernetes 1.29 ( #10820 )
...
* [kubernetes] Make kubernetes 1.29.1 default
* [cri-o]: support cri-o 1.29
Use "crio status" instead of "crio-status" for cri-o >=1.29.0
* Remove GAed feature gates SecCompDefault
The SecCompDefault feature gate was removed since k8s 1.29
https://github.com/kubernetes/kubernetes/pull/121246
2024-01-31 00:57:23 -08:00
1d119f1a3c
Fixed grammar ( #10853 )
2024-01-29 17:46:58 -08:00
7863fde552
[apiserver-kubelet/tracing]: add distributed tracing config variables ( #10795 )
...
* [apiserver-kubelet/tracing]: add distributed tracing config flags
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
* [apiserver-kubelet/tracing]: add distributed tracing config flags - fix
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
* [apiserver-kubelet/tracing]: add distributed tracing config flags - fix
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
---------
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
2024-01-25 10:24:35 +01:00
758d34a7d1
Fix typo mistake in roles/kubernetes/control-plane/tasks/define-first-kube-control.yml
...
- Fix 'Set fact joined_control_panes' into 'Set fact joined_control_planes'
2024-01-24 13:39:39 +01:00
c80f2cd573
Allow the DNS stack to be backward compatible with an old dns_domain ( #10630 )
...
Handle all old dns domains:
- for nodelocaldns: in the same server block as the current dns_domain
- for coredns: uffix rewrite of each of the old dns domains to the
current one
2024-01-24 06:31:22 +01:00
ab0163a3ad
fix(kubernetes): taint nodes with kubectl ( #10705 )
...
Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
2024-01-23 15:46:13 +01:00
2eb588bed9
Update external huawei cloud controller to 0.26.6 ( #10824 )
...
* Update huaweicloud controller to 0.26.6
See <https://github.com/kubernetes-sigs/cloud-provider-huaweicloud/compare/v0.26.3...v0.26.6 >
* Update huaweicloud sample to use 0.26.6
2024-01-23 09:28:00 +01:00
a88bad7947
Add scheduler plugins support ( #10747 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-01-23 07:42:33 +01:00
89d42a7716
Fix coredns_dual usage ( #10821 )
2024-01-22 18:36:16 +01:00
13e1f33898
Correct the POLY1305 cipher suites by adding the suffix _SHA256 ( #10641 )
2024-01-22 18:00:52 +01:00
de2c4429a4
Enable configuring mountOptions, reclaimPolicy and volumeBindingMode … ( #10450 )
...
* Enable configuring mountOptions, reclaimPolicy and volumeBindingMode for cinder-csi StorageClasses
* Check if class.mount_options is defined at all, before generating the option list
2024-01-22 18:00:34 +01:00
22bb0976d5
Adjust kubelet_event_record_qps to K8S default ( #10826 )
...
Also remove redundant check in the kubelet config template (we define a
default, so the setting will always be "true")
2024-01-22 17:49:14 +01:00
5a405336ae
Support following k8s version selection pause image ( #10756 )
...
Signed-off-by: xin.li <xin.li@daocloud.io>
2024-01-22 17:28:09 +01:00
0e971a37aa
Offline control plane recover ( #10660 )
...
* ignore_unreachable for etcd dir cleanup
ignore_errors ignores errors occur within "file" module. However, when
the target node is offline, the playbook will still fail at this task
with node "unreachable" state. Setting "ignore_unreachable: true" allows
the playbook to bypass offline nodes and move on to proceed recovery
tasks on remaining online nodes.
* Re-arrange control plane recovery runbook steps
* Remove suggestion to manually update IP addresses
The suggestion was added in 48a182844cee0f1e9d58
2024-01-22 17:22:27 +01:00
3e7b568d3e
crictl allow setting grace period for stop containers upon reset ( #10651 )
...
* crictl allow setting different grace period for stop containers and pods
* correct grace period location
2024-01-22 17:11:08 +01:00
a45a40a398
update kube-version-min-required to v1.27 ( #10817 )
2024-01-22 14:26:12 +01:00
4cb1f529d1
[kubernetes] Add hashes for kubernetes 1.29.0 and 1.29.1 ( #10778 )
...
* Add hashes of crictl and crio
* Add versions of etcd, crictl, crio and csi-snapshotter
2024-01-22 09:39:15 +01:00
64447e745e
[kubernetes] Make kubernetes v1.28.6 default ( #10810 )
2024-01-19 09:07:27 +01:00
b7a83531e7
etcd: update to v3.5.10 ( #10798 )
2024-01-17 09:50:48 +01:00
a0a2f40295
add containerd config override_path ( #10776 )
2024-01-16 14:15:53 +01:00
7b7c9f509e
Add PodDisruptionBudget for CoreDNS deployment. Allows users to control disruption behavior and set maximum unavailable pods ( #10557 )
2024-01-16 10:04:47 +01:00
3f78bf9298
Fix incorrect ciliumcli binary ( #10575 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-01-16 05:23:00 +01:00
50fbfa2a9a
Fix PyYAML package name on SLES and openSUSE ( #10794 )
2024-01-15 04:21:08 +01:00
747d8bb4c2
Fix ntp installation on SLES and openSUSE ( #10786 )
2024-01-12 04:03:35 +01:00
bb67d9524d
Fix crio_version version comparison ( #10780 )
...
Signed-off-by: serge Hartmann <serge.hartmann@gmail.com>
2024-01-11 11:49:35 +01:00
8c09c3fda2
fix image pull in insecure-registry ( #10775 )
2024-01-09 10:20:16 +01:00
a656b7ed9a
Add kube_vip_lb_fwdmethod option for kube-vip ( #10762 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-01-09 08:22:13 +01:00
2e8b72e278
fix disable swap in centos ( #10751 )
2024-01-08 17:38:14 +01:00
ddf5c6ee12
Update coredns rolling update strategy ( #10748 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-01-08 17:38:05 +01:00
eda7ea5695
feat: add support for Cilium 1.14 ( #10684 )
...
* update cilium configmap template for new routing mode and tunnel-protocol options
Ryan Lonergan ryan.tlonergan@gmail.com
* add rbac for new cilium crd in 1.14
Ryan Lonergan ryan.tlonergan@gmail.com
* add conditional for cni-install.sh that's no longer included in cilium 1.14
Ryan Lonergan ryan.tlonergan@gmail.com
* Update roles/network_plugin/cilium/templates/cilium/ds.yml.j2
Co-authored-by: Cyclinder <qifeng.guo@daocloud.io>
---------
Co-authored-by: Cyclinder <qifeng.guo@daocloud.io>
2024-01-08 02:43:02 +01:00
08c0b34270
[cert-manager] upgrade to v1.13.2 ( #10616 )
2024-01-05 04:45:10 +01:00
1a86b4cb6d
Fix download retry when get_url has no status_code. ( #10613 )
...
* Fix download retry when get_url has no status_code.
* Fix until clause in download role.
2024-01-04 04:00:47 +01:00
aea150e5dc
[kubernetes] Make kubernetes v1.28.5 default ( #10739 )
...
* Add hashes for kubernetes 1.29.0, 1.28.5, 1.27.9, 1.26.12
2023-12-21 17:30:45 +01:00
c3b674526d
Fix modprobe module on Flatcar ( #10678 )
...
* Fix modprobe module on Flatcar
* Add todo about upstream issue report
2023-12-21 16:16:34 +01:00
565eab901b
remove containerd registries ( #10738 )
2023-12-21 10:01:12 +01:00
c3315ac742
systemd-resolved: use a drop-in for kubespray dns ( #10732 )
...
This avoid needlessly overriding things and make cleanup easier.
Also simplifies the template a bit.
2023-12-21 09:52:14 +01:00
29ea790c30
Fix calico-node in etcd mode ( #10438 )
...
* Calico : add ETCD endpoints to install-cni container
* Calico : remove nodename from configmap in etcd mode
2023-12-19 04:09:06 +01:00
ae780e6a9b
[etcd]: add etcd distributed tracing flags ( #10666 )
...
* [etcd]: add etcd distributed tracing flags
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
* [etcd]: add etcd distributed tracing flags - fix
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
* [etcd]: add etcd distributed tracing flags - fix
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
---------
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
2023-12-19 04:00:10 +01:00
471326f458
Remove PodSecurityPolicy support and references ( #10723 )
...
This is removed from kubernetes since 1.25, time to cut some dead code.
2023-12-18 14:13:43 +01:00
Max Gautier
flxbwr
anders-elastisys
Gianmarco Mameli
Kay Yan
kyrie
Victor Login
Mohamed Omar Zaian
Takuya Murakami
Saber
Ugur Can Ozturk
kimsehwan96
Maxime Leroy
Daniel Strufe
Louis Tu
yun
Alexander
my-git9
Yuhao Zhang
Noam
Takuya Murakami
lobiyed.karim
Gaëtan Trellu
Serge Hartmann
Ryan Lonergan
刘旭
Romain
Andrei Costescu
Olivier Levitt