kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,960 Commits
29 Branches
81 Tags
158 MiB
Commit Graph

4665 Commits (f9cc8ae10ce5feb118486a9bc68c8e41492727e9)

Author SHA1 Message Date
Mohamed Zaian 438da0c8e6
[argocd] update argocd to v2.5.5 (#9604) 2022-12-22 00:53:25 -08:00
emiran-orange 25f317233c
Remove immutable flag from /var/lib/kubelet subdirs (#9597) 
* Remove immutable flag from /var/lib/kubelet subdirs

* Find files before changing attributes
 2022-12-21 18:55:25 -08:00
C-Romeo 5e4d68b848
fix kube token dir permissions (#9590) 2022-12-21 15:45:25 -08:00
yanggang 4728739597
follow containerd1.16.13 and 1.16.14 (#9585) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-12-21 00:35:28 -08:00
Kay Yan fc0d58ff48
fix-missing-control-plane-taint (#9592) 2022-12-19 15:57:43 -08:00
janaurka 491e260d20
Feature/add flannel wireguard encryption backend as option (#9583) 
* feat(): Add wireguard backend to flannel cni

As described in the flannel docs:
https://github.com/flannel-io/flannel/blob/master/Documentation/backends.md#wireguard

This does not support optional configuration methods like:
- setting a psk (will be autogenerated by default)
- chang listening ports
- change mode (defaults to 'separate')
- change PersistentKeepaliveInterval (defaults to 0)

* Add supported backends to flannel docs

* Fix markdown in docs
 2022-12-18 15:39:43 -08:00
Xieql c4d753c931 Fix annotation typo 
Signed-off-by: Xieql <xieqianglong@huawei.com>
 2022-12-15 18:40:30 +08:00
Lukas Najman ee3b7c5da5
Use the correct api version and resourcer type. The current values work but do not match the documentation, which can be confusing. (#9575) 2022-12-15 01:21:35 -08:00
Robin Wallace ccf60fc9ca
upcloud: Delete default reclaim policy (#9574) 2022-12-14 16:15:34 -08:00
Kay Yan a38a3e7ddf
upgrade-calico-v3.24.5 (#9580) 2022-12-14 09:21:36 -08:00
Book shu ff331f4eba
support flannel dual stack (#9564) 2022-12-13 20:47:35 -08:00
JSpon 94eae6a8dc
adjust calico-kube-controller to use hostNetwork when using etcd as datastore (#9573) 2022-12-13 20:41:34 -08:00
yanggang f8d6b54dbb
Add hashes for 1.25.5, 1.24.9, 1.23.15 and make v1.25.5 default (#9557) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-12-11 16:45:33 -08:00
emiran-orange 67c4f2d95e
Add XDG related Helm paths to be removed (#9561) 2022-12-10 03:59:40 -08:00
Mohamed Zaian 03fefa8933
[feat] Upgrade metrics server to v0.6.2 (#9554) 2022-12-10 03:55:40 -08:00
Fredrik Liv c8ec77a734
[containerd] Add config for unpriviledged ports and icmp (#9517) 
* [containerd] Add config for unpriviledged ports and icmp

* Updated to match true false variables of other setting
 2022-12-09 06:16:12 -08:00
Chad Swenson 4f32f94a51
Fix drain rescue task when `kube_override_hostname` is set (#9556) 
This fixes a task failure in the rescue block that uncordons nodes after an unsuccessful drain. The issue occurs when `kube_override_hostname` is set and does not match `inventory_hostname`.
 2022-12-08 16:02:11 -08:00
Chad Swenson 3dc384a17a
Allow `containerd-common` to execute multiple times per play (#9543) 
The `containerd-common` role is responsible for gathering OS specific variables from the vars directory of the roles that include or import it. `containerd-common` is imported via role dependency by a total of two roles, `container-engine/docker`, and `container-engine/containerd`.

containerd-common is needed by both the docker and containerd roles as a dependency when:
- containerd is selected as the container engine
- a docker install is detected and needs to be removed
- apt is the package manager

However, by default, roles can not be invoked more than once in the same play, unless `allow_duplicates: true` is set for that role. This results in the failure of the `containerd | Remove containerd repository` task, since only the docker vars will be loaded in the play, and `containerd_repo_info.repos`, normally populated by containerd/vars, is left empty.

This change sets `allow_duplicates: true` for `containerd-common` which fixes the currently failing containerd tasks if docker was detected and removed in the same play.
 2022-12-08 15:58:18 -08:00
Samuel Liu f1d0d1a9fe
[kube-ovn]: update version v1.10.7 (#9527) 
* [kube-ovn]: update version

* update readme
 2022-12-08 15:58:11 -08:00
Mohamed Zaian c036a7d871
Disable 'Check that IP range is enough for the nodes' when calico is used (#9491) 2022-12-08 10:44:23 -08:00
yanggang 6e63f3d2b4
follow containerd1.16.12 (#9551) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-12-08 07:36:24 -08:00
yanggang 09748e80e9
support containerd 1.6.11 (#9544) 2022-12-06 19:08:37 -08:00
Ugur Can Ozturk a0f41bf82a
[metrics_server]: Enabled HA mode by adding 'metrics_server_replicas'… (#9539) 
* [metrics_server]: Enabled HA mode by adding 'metrics_server_replicas' variable and adding podAntiAffinity rule

Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>

* [metrics_server]: added namespaces selector

Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>

Signed-off-by: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>
 2022-12-06 18:22:38 -08:00
Douglas Landgraf 1a0b81ac64
reset: RedHat based distro with major version >=8 (#9537) 
During the reset, restart network was not completing in distros
like RHEL/CentOS/AlmaLinux with major version higher than 8.

Example:
kubespray> ansible-playbook -i inventory/mydomain/hosts.yml reset.yml -b -v
fatal: [mynode]: FAILED! => {"changed": false, "msg": "Could not find the requested service network: host"}

Signed-off-by: Douglas Schilling Landgraf <dlandgra@redhat.com>

Signed-off-by: Douglas Schilling Landgraf <dlandgra@redhat.com>
 2022-12-05 08:57:03 -08:00
ERIK 20d99886ca
Update etcd log-level parameter name (#9540) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-12-05 01:05:03 -08:00
Kay Yan b9fe301036
add-check-for-resolv-to-avoid-coredns-crash (#9502) 2022-12-01 22:37:54 -08:00
Kay Yan 30508502d3
update-nginx-version (#9506) 2022-12-01 21:51:55 -08:00
Mohamed Zaian bca601d377
[ingress-nginx] upgrade to 1.5.1 (#9532) 2022-12-01 21:45:54 -08:00
Mohamed Zaian 65191375b8
[etcd] make etcd 3.5.6 default (#9520) 2022-12-01 14:41:53 -08:00
ERIK a534eb45ce
Update calico image tag (#9529) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-12-01 03:18:27 -08:00
tu1h e796f08184
update dashboard image repo to remove arch flag (#9530) 
Signed-off-by: lihai.tu <lihai.tu@daocloud.io>

Signed-off-by: lihai.tu <lihai.tu@daocloud.io>
 2022-12-01 01:42:26 -08:00
Kenichi Omichi ed38d8d3a1
Add ingress-nginx check for updating README (#9533) 
To detect the version mismatch.
 2022-12-01 01:16:27 -08:00
Kay Yan 4db5e663c3
fix-mistake-regex-for-resolv-conf (#9523) 2022-11-30 03:48:56 -08:00
rtsp 529faeea9e
[cert-manager] Upgrade to v1.10.1 (#9512) 2022-11-29 07:17:26 -08:00
ERIK 47510899c7
Update the number of nofile limits in containerd (#9507) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-25 15:12:04 -08:00
蒋航 7c1ee142dd
update envoy image to v1.22.5 (#9513) 
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
 2022-11-23 19:26:05 -08:00
蒋航 25e86c5ca9
Update etcd image tag (#9516) 
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
 2022-11-23 18:22:04 -08:00
ERIK c41dd92007
Clean up cilium-init image (#9508) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-23 09:06:20 -08:00
ERIK a564d89d46
Update the tag of cilium hubble related images (#9509) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-21 20:14:14 -08:00
Kay Yan 6c6a6e85da
update-coredns-version (#9503) 2022-11-18 20:16:29 -08:00
Robin Wallace ed0acd8027
[openstack cloud controller] bump to v1.25.3 (#9500) 2022-11-18 04:26:31 -08:00
ERIK b9a690463d
Add docker support for openEuler linux (#9498) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-17 18:18:30 -08:00
ERIK c3986957c4
Update runsc checksum (#9493) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-16 00:52:48 -08:00
ERIK 8795cf6494
Add support for the OpenEuler Linux (#9494) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-16 00:48:49 -08:00
yanggang 80af8a5e79
upgrade containerd_version to 1.6.10 (#9492) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-11-15 03:58:41 -08:00
Sergey Putko 943107115a
disable Centos Extras repo creation for OL9 (#9483) 
Centos 9 doesn't exists, and Centos 9-stream also doesn't have extras repo.
 2022-11-14 16:28:41 -08:00
Mohamed Zaian f007c77641
[etcd] make etcd 3.5.5 default for k8s 1.23 , 1.24 (#9482) 2022-11-12 03:39:56 -08:00
yanggang 9439487219
Add hashes for 1.25.4, 1.24.8, 1.23.14 and make v1.25.4 default (#9479) 
Signed-off-by: yanggang <gang.yang@daocloud.io>

Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-11-10 20:00:09 -08:00
emiran-orange df6da52195
Enable check mode in DNS Cleanup tasks (#9472) 2022-11-10 19:58:09 -08:00
ERIK 8a654b6955
Add cni bin when installing calico (#9367) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-08 17:46:13 -08:00
Ilya Margolin 5a8cf824f6
[containerd] Simplify limiting number of open files per container (#9319) 
by setting a default runtime spec with a patch for RLIMIT_NOFILE.

- Introduces containerd_base_runtime_spec_rlimit_nofile.
- Generates base_runtime_spec on-the-fly, to use the containerd version
  of the node.
 2022-11-08 06:44:32 -08:00
emiran-orange 5c25b57989
Ability to define options for DNS upstream servers (#9311) 
* Ability to define options for DNS upstream servers

* Doc and sample inventory vars
 2022-11-08 06:44:25 -08:00
Olivier Lemasle 5d1fe64bc8
Update local-volume-provisioner (#9463) 
- Update and re-work the documentation:
  - Update links
  - Fix formatting (especially for lists)
  - Remove documentation about `useAlphaApi`,
    a flag only for k8s versions < v1.10
  - Attempt to clarify the doc
- Update to version 1.5.0
- Remove PodSecurityPolicy (deprecated in k8s v1.21+)
- Update ClusterRole following upstream
  (cf https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner/pull/292)
- Add nodeSelector to DaemonSet (following upstream)
 2022-11-07 15:28:17 -08:00
yanggang 0d6dc08578
upgrade argocd version 2.4.16 (#9467) 2022-11-06 18:04:16 -08:00
ERIK 40261fdf14
Fix iputils install failure in Kylin OS (#9453) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-11-06 17:54:16 -08:00
Cyclinder 590b4aa240
adjust calico-kube-controller to non-hostnetwork pod (#9465) 
Signed-off-by: cyclinder qifeng.guo@daocloud.io

Signed-off-by: cyclinder qifeng.guo@daocloud.io
 2022-11-06 17:34:17 -08:00
ausias-armesto 2a696ddb34
Adding metrics server to use host network (#9444) 
* Adding metrics server to use host network

* EXternalize value to a variable
 2022-11-06 02:38:15 -08:00
lijin-union d7f08d1b0c
remove the set_fact action which raise error in the CI (#9462) 2022-11-03 04:43:38 -07:00
Jiffs Maverick 4aa1ef28ea
Don't use coredns_server in dhclient.conf if nodelocaldns is enabled (#9392) 2022-11-03 02:45:36 -07:00
Fred Rolland 58faef6ff6
Flannel: fix init container image arch (#9461) 
The install-cni-plugin image was not updated to the corresponding
arch when building the different DS.

Fixes issue #9460

Signed-off-by: Fred Rolland <frolland@nvidia.com>

Signed-off-by: Fred Rolland <frolland@nvidia.com>
 2022-11-03 02:41:36 -07:00
yanggang ce751cb89d
add variable condition snapshot in vSphere CSI (#9429) 2022-11-02 00:22:46 -07:00
cleverhu 5cf2883444
add retry for start calico kube controller (#9450) 
Signed-off-by: cleverhu <shouping.hu@daocloud.io>

Signed-off-by: cleverhu <shouping.hu@daocloud.io>
 2022-11-02 00:18:45 -07:00
charlychiu 6bff338bad
fix: hubble relay tls error (#9457) 2022-11-02 00:14:46 -07:00
William Turner 1f54cef71c
Add variable to set direct routing on flannel VXLAN (#9438) 2022-10-31 13:16:45 -07:00
yanggang d00508105b
Removed PodSecurityPolicy from ingress-nginx (#9448) 2022-10-30 20:08:44 -07:00
lijin-union c272421910
Add UOS linux support (#9432) 2022-10-30 17:16:43 -07:00
biqiang Wu 78624c5bcb
When using cilium CNI, install Cilium CLI (#9436) 
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>

Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
 2022-10-30 17:02:45 -07:00
biqiang Wu c681435432
Add switch cilium_enable_bandwidth_manager (#9441) 
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>

Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
 2022-10-28 03:08:31 -07:00
杨刚 4d3f637684
Remove PodSecurityPolicies in Metallb for kubernetes 1.25 (#9442) 2022-10-27 21:46:30 -07:00
蒋航 990f87acc8
Update kube-vip to v0.5.5 (#9437) 
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
 2022-10-26 19:28:32 -07:00
William Turner eeb376460d
Fix inconsistent handling of admission plugin list (#9407) 
* Fix inconsistent handling of admission plugin list

* Adjust hardening doc with the normalized admission plugin list

* Add pre-check for admission plugins format change

* Ignore checking admission plugins value when variable is not defined
 2022-10-26 00:28:37 -07:00
Kay Yan ef707b3461
update-containerd-1.6.9 (#9427) 2022-10-25 16:34:37 -07:00
Mohamed Zaian 2af918132e
Update kubernetes dashboard to 2.7.0 (k8s 1.25 support) (#9425) 2022-10-24 18:32:36 -07:00
Mohamed Zaian b9b654714e
[nerdctl] upgrade to version 1.0.0 (#9424) 2022-10-24 18:28:35 -07:00
Mohamed Zaian fe399e0e0c
[etcd] add 3.5.5 hashes, make it default for k8s 1.25 (#9419) 2022-10-24 00:06:26 -07:00
杨刚 b192053e28
as argocd 2.4.15 is releasesd , update the version (#9420) 2022-10-23 20:34:24 -07:00
Wouter Goedhart 1901b512d2
Make the port of kube-vip dynamic based on the kube_apiserver_port (#9414) 
variable

Fix wrong referenced variable on bgp_peers

Fix bgp_peeras field to be a string

Set default value for bgp_peeras
 2022-10-23 18:00:24 -07:00
ERIK 9fdda7eca8
Fix iputils install failure in Kylin OS (#9416) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-10-21 04:53:51 -07:00
ERIK a68ed897f0
Update kubelet checksum (#9413) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-10-21 04:21:50 -07:00
Florian Ruynat 582ff96d19
Update docker version to 20.10.20 (#9410) 2022-10-20 18:45:15 -07:00
Kenichi Omichi 0374a55eb3
Specify securityContext for cert-manager (#9404) 
On hardening environments, cert-manager pods could not be created
from the corresponding deployments. This adds the securityContext
to solve the issue.
 2022-10-20 00:57:08 -07:00
Kay Yan ccbe38f78c
make-kube-1.25-default (#9364) 2022-10-20 00:56:57 -07:00
Vladimir 958840da89
Add var for control initialDelaySeconds in nginx ingress probe (#9405) 
Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>

Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>
 2022-10-19 21:20:56 -07:00
Cristian Calin 1530411218
use cri-o from upstream instead of kubic/OBS (#9374) 
* [cri-o] use cri-o from upstream instead of kubic/OBS

* [cri-o] add proper molecule coverage

* [skopeo] download skopeo from upstream build

* [cri-o] clean up legacy deployments

* disable cri-o per-distribution variables
 2022-10-19 05:47:05 -07:00
Mohamed Zaian 0f44e8c812
[ingress-nginx] upgrade to 1.4.0 (#9403) 2022-10-18 16:53:00 -07:00
Maxime Leroy d9c39c274e
fix(defaults): wrong cri_socket path for containerd (#9401) 2022-10-18 00:15:18 -07:00
Kenichi Omichi c38fb866b7
Update securityContext of netchecker (#9398) 
To run netchecker with necessary privilege,
this updates the securityContext.
 2022-10-17 19:11:18 -07:00
Mohamed Zaian 5ad1d9db5e
[kubernetes] Add hashes for 1.25.3, 1.24.7, 1.23.13 and make v1.24.7 default (#9397) 2022-10-17 05:59:07 -07:00
Kay Yan 32f3d92d6b
Remove PodSecurityPolicies in Calico (#9395) 2022-10-17 05:51:07 -07:00
Cristian Calin 23716b0eff
don't define kubeadm_patches by default (#9372) 2022-10-14 01:20:46 -07:00
Kay Yan 859df84b45
remove-psp-in-flannel (#9365) 2022-10-14 00:16:47 -07:00
Kay Yan 131bd933a6
Fix ensure ping package error in fedora CoreOS & Flatcar (#9370) 
* fix-ensure-package-in-coreos

* clean blank line
 2022-10-13 16:54:46 -07:00
Unai Arríen 52904ee6ad
Avoid MetalLB speaker image download when MetalLB speaker is disabled (#9248) 
* Avoid MetalLB speaker image download when metallb_speaker_enabled is set to

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Improve metallb_speaker_enabled default values
 2022-10-13 16:50:47 -07:00
ghostloda 547ef747da
fix helm install with password authentication (#9343) 2022-10-12 23:55:01 -07:00
ERIK bc5881b70a
Add the cilium hubble images to download role (#9376) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-10-12 23:45:00 -07:00
Kenichi Omichi f4b95d42a6
Add note for containerd oom_score (#9384) 
When we saw 0 as the default value of containerd_oom_score, we had
a question why the value was not -999.
This adds the note to explain it.
 2022-10-11 21:49:00 -07:00
Unai Arríen ef76a578a4
Change dns upstream condition for nodelocaldns (#9378) 2022-10-11 00:47:02 -07:00
Piotr Kowalczyk 3b99d24ceb
Fix: install calico-kube-controller on kdd (#9358) 
* Fix: install policy controller on kdd too

* Remove the calico_policy_version condition altogether

* Install policy controller both on canal and calico under same condition
 2022-10-10 19:45:01 -07:00
Kay Yan 4701abff4c
upgrade-api-version-for-PodDisruptionBudget (#9369) 2022-10-10 17:51:02 -07:00
Joe Siponen 717b8daafe
Download coredns image to all hosts in k8s_cluster (#9316) 
Coredns image must be available everywhere as it
may be rescheduled to a non-control-plane-node.
 2022-10-08 05:03:19 -07:00