Marat Talipov
4f27c763af
containerd insecure registry support ( #8298 )
2021-12-13 00:41:58 -08:00
Cristian Calin
0e969c0b72
vSphere-CSI: update to 2.4.0 ( #8295 )
2021-12-10 11:07:23 -08:00
Steven Reitsma
b396801e28
Update Cinder CSI to v1.22 ( #8296 )
2021-12-10 10:49:11 -08:00
Cristian Calin
682c8a59c2
containerd: change default resolvconf_mode to host_resolvconf ( #8247 )
...
* containerd: change default resolvconf_mode to host_resolvconf
* Wait for kube-apiserver to come back after pod refresh
* Handle resolv.conf gracefully
* Retain currently configured DNS entries to ensure we don't break the resolvers
* Suse uses wickedd for network management so no dhcp hooks
* Molecule: increase ansible timeout
* CI: Increase ansible timeout to 120s for Packet jobs
2021-12-09 14:09:06 -08:00
Florian Ruynat
5a25de37ef
Revert "remove no longer present etcd nodes from APIEndpoints list in kubeadm-config configmap ( #8244 )" ( #8287 )
...
This reverts commit dc767c14b9
.
2021-12-09 08:24:16 -08:00
zhengtianbao
4ef2cf4c28
Registry add TLS and authentication support ( #8229 )
...
* Add registry TLS support
* Add registry configmap and htpasswd auth
2021-12-07 08:32:00 -08:00
Cristian Calin
990ca38d21
Kata-Containers: add 2.3.0 ( #8276 )
...
* Kata-Containers: add checksums for 2.3.0
* Kata-Containers: version 2.3.0 requires kubernetes 1.22.0+
2021-12-07 08:18:08 -08:00
Cristian Calin
c7e430573f
Calico: upgrade 3.21.x to 3.21.2 ( #8275 )
2021-12-07 08:18:01 -08:00
Cristian Calin
a328b64464
runc: upgrade to v1.0.3 ( #8274 )
2021-12-07 06:10:02 -08:00
zhengtianbao
a16d427536
Set etcd-events listen port to 2383 ( #8232 )
2021-12-07 00:28:01 -08:00
Cristian Calin
c98a07825b
Use cgroupsv2 where available (fedora) ( #8237 )
...
* Containerd: use cgroupsv2 where available (fedora)
* Docker: use cgroupsv2 where available (fedora)
* cri-o: use cgroupsv2 where available (fedora)
2021-12-06 11:19:33 -08:00
Samuel Liu
a98ca6fcf3
Update loadbalancers versions ( #8272 )
...
* Update loadbalancers versions
* fix haproxy_config_dir mode
2021-12-06 09:40:32 -08:00
Samuel Liu
4550f8c50f
calico_flexvol ( #8273 )
2021-12-06 05:00:32 -08:00
toplordsaito
9afca43807
change dns upstream condition for coredns ( #8263 )
...
upstream_dns_servers should change corefile config even resolvconf_mode=docker_dns
2021-12-06 02:46:32 -08:00
Alvaro Campesino
27ab364df5
Improve control plane scale flow ( #13 ) ( #7989 )
...
* Improve control plane scale flow (#13 )
* Added version 1.20.10 of K8s
* Setting first_kube_control_plane to a existing one
* Setting first_kube_control_plane to a existing one
* change first_kube_master for first_kube_control_plane
* Ansible-lint changes
2021-12-06 00:16:32 -08:00
Hanna Bledai
615216f397
Fix if bind-address is not set to 0.0.0.0 ( #8262 )
...
* if bind-address is not set to 0.0.0.0
* Update docs and left comments
* fix yamllist check: remove space
2021-12-05 23:58:32 -08:00
Kenichi Omichi
46b1b7ab34
Fix k8scsi/csi-resizer repo ( #8270 )
...
If trying to pull k8scsi/csi-resizer image from gcr.io, we face the error
like:
$ docker pull gcr.io/k8scsi/csi-resizer:v1.0.0
Error response from daemon: Head https://gcr.io/v2/k8scsi/csi-resizer/
manifests/v1.0.0: unknown: Project 'project:k8scsi' not found or deleted.
$
We can pull the image from quay.io instead.
This fixes the issue.
2021-12-05 23:42:32 -08:00
Alvaro Campesino
30d9882851
Add nodelocaldns only if it is enabled ( #7731 )
2021-12-03 20:36:31 -08:00
Cristian Calin
dfdebda0b6
Calico: remove duplicate values for CALICO_DISABLE_FILE_LOGGING and FELIX_DEFAULTENDPOINTTOHOSTACTION ( #8269 )
2021-12-03 20:32:31 -08:00
Cristian Calin
9d8a83314b
containerd: add hashes for 1.5.8 and 1.4.12 and make 1.5.8 the new default ( #8239 )
...
* containerd: add hashes for 1.5.8 and 1.4.12 and make 1.5.8 the new default
* containerd: make nerdctl mandatory for container_manager = containerd
* nerdctl: bump to version 0.14.0
* containerd: use nerdctl for image manipulation
* OpenSuSE: install basic nerdctl dependencies
2021-12-03 12:20:35 -08:00
Florian Ruynat
e19ce27352
Remove ovn4nfv support ( #8265 )
2021-12-03 11:56:35 -08:00
Cristian Calin
4d711691d0
Fix calico crd archive checksums ( #8266 )
...
v3.20.3 and v3.21.1 were re-released with new checksums
2021-12-03 04:56:27 -08:00
Samuel Liu
ee0f1e9d58
Update etcd-servers for apiserver ( #8253 )
2021-12-03 00:28:27 -08:00
Cristian Calin
9f052702e5
containerd: add support for suse distributions ( #8261 )
2021-12-02 07:51:33 -08:00
Florian Ruynat
b38382a68f
Move cri-o default package to 1.22 ( #8258 )
2021-12-02 06:21:34 -08:00
zhengtianbao
785324827c
Set ingress-nginx default terminationGracePeriodSeconds to 5 min ( #8252 )
...
* set ingress-nginx default terminationGracePeriodSeconds to 5 min for the drain of connection
* Add ingress_nginx_termination_grace_period_seconds at sample inventory
2021-12-02 03:23:33 -08:00
Cristian Calin
31c7b6747b
Calico: add dependencies for 3.21.x ( #8250 )
2021-12-02 01:17:33 -08:00
Alvaro Campesino
dc767c14b9
remove no longer present etcd nodes from APIEndpoints list in kubeadm-config configmap ( #8244 )
2021-12-01 07:17:15 -08:00
Florian Ruynat
30ec03259d
Remove fedora33 - eol ( #8246 )
2021-11-30 15:53:17 -08:00
Florian Ruynat
0e22a90579
Update docker to 20.10.11 with containerd 1.4.12 ( #8255 )
2021-11-30 11:49:01 -08:00
Cristian Calin
ee882fa462
Add capability to use swap, requires Kube 1.22 ( #8241 )
...
* Alpha-NodeSwap: allow nodes to use swap
* CI: Add Fedora 35 with experimental swap job
2021-11-30 00:52:56 -08:00
Cristian Calin
3431ed9857
containerd: properly pull images with containerd specific tools ( #8245 )
2021-11-30 00:48:56 -08:00
Florian Ruynat
279808b44e
Update minor version for kata/cilium/kube-router/helm
2021-11-29 23:06:56 -08:00
Florian Ruynat
2fd529a993
Update Kubernetes version to v1.22.4
2021-11-29 23:06:56 -08:00
Florian Ruynat
1f6f79c91e
Update kubernetes hashes with 1.22.4/1.21.7/1.20.13
2021-11-29 23:06:56 -08:00
Cristian Calin
2f44b40d68
OEL7: Fix CentOS7 Extras for OEL7 ( #8219 )
...
* OEL7: Fix CentOS7 Extras for OEL7
* Molecule: add logs collection for jobs
2021-11-29 13:39:21 -08:00
Cristian Calin
20157254c3
Update calico versions ( #8238 )
...
* Calico: Bump 3.20.x to 3.20.3
* Calico: Bump 3.18.x to 3.18.6
* Calico: add calico 3.21.1 hashes
2021-11-29 01:15:22 -08:00
Florian Ruynat
a5f88e14d0
Cleanup tests ( #8234 )
...
* Add Fedora 35 image, support and CI
* Cleanup tests and allow_failure for vagrant
2021-11-26 09:00:51 -08:00
Cristian Calin
e78bda65fe
Defaults: replace docker with containerd as our default container_manager ( #8175 )
...
* Defaults: replace docker with containerd as our default container_manager
* CI: Use docker for download_localhost test
* Defaults: with container_manager=containerd we need etcd_deployment_type=host
* CI: Run weave jobs with docker
* CI: Vagrant don't download_force_cache
* CI: Fix upgrade tests
* should run compatible with old settings, this means docker
* we need to run with a distro that has at least modern containerd,
this means move from debian9 to debian10 to allow `containerd_version`
to match between 2.17 and master
2021-11-25 06:54:33 -08:00
khatrig
3ea496013f
Create reset.yml ( #8227 )
2021-11-24 09:44:20 -08:00
ishizuka
7e1873d927
DeprecationWarning occurs when indentfirst=None is specified in coredns-config.yml.j2 ( #8224 )
2021-11-24 08:56:21 -08:00
zhengtianbao
e35a87e3eb
Update registry template ( #8198 )
...
* Add registry replica setting
* Add registry liveness and readiness probe
* Set the security context for registry
* Add registry pvc access mode option
* registry add replica requirement check
* docs: add registry replicas setting note
* Update docs/kubernetes-apps/registry.md
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2021-11-22 02:45:09 -08:00
zhengtianbao
a6fcf2e066
Enable experimental modules when rpm-ostree version >= 2021.9 ( #8202 )
...
* Enable experimental modules when rpm-ostree version >= 2021.9
* cleanup code
2021-11-22 02:29:09 -08:00
Cristian Calin
c74e1c9db3
CI: use images from quay.io to prevent being throttled by docker hub ( #8209 )
...
* CI: use netchecker images from quay to prevent throttling
* Molecule: use hello-world image from quay.io
2021-11-19 13:23:40 -08:00
Florian Ruynat
be9de6b9d9
Fix debian 9 check for apt cache update ( #8215 )
2021-11-19 09:02:51 -08:00
Pasquale Toscano
fe8c843cc8
Fix typo in Containerd configuration ( #8206 )
2021-11-19 08:40:53 -08:00
Łukasz Żułnowski
83e0b786d4
Fix wrong baseurl for centos extra repo for Oracle Linux ( #8208 )
2021-11-18 23:44:51 -08:00
Cristian Calin
acd5185ad4
Fix fedora reset ( #8205 )
...
* Reset: Fedora uses NetworkManager
* CI: test reset on fedora
2021-11-18 16:46:51 -08:00
Mathieu Parent
0263c649f4
Allow to scrape etcd metrics using a service ( #8203 )
...
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
2021-11-17 23:53:01 -08:00
Lubos Mercl
424163c7d3
add gce support ( #8179 )
...
Author: lmercl <lubos.mercl@gmail.com>
Date: Wed Nov 10 15:30:04 2021 +0000
fix markdown
2021-11-16 08:58:28 -08:00
IKRozhkov
2c87170ccf
Allow setting 'auto-assign' property to 'false' for default IP pool (Metallb addon) ( #8193 )
...
* add metallb auto-assign property for main IP range & update addons.yml for sample inventory
* add new line at the end of file roles\kubernetes-apps\metallb\defaults\main.yml
* set default value for matallb_auto_assign = true
2021-11-16 05:06:27 -08:00
zhengtianbao
02322c46de
Remove helm duplicate check ( #8196 )
2021-11-15 12:50:48 -08:00
EDGsheryl
4d79a55904
Remove extra parameter kube_proxy_remove ( #8158 )
...
Signed-off-by: EDGsheryl <edgsheryl@gmail.com>
2021-11-15 00:02:48 -08:00
Samuel Liu
027cbefb87
change krew uri to krew_download_url ( #8190 )
2021-11-14 12:08:47 -08:00
zhengtianbao
a08d82d94e
calico add support for container ip forwarding setting ( #8184 )
2021-11-12 19:06:46 -08:00
zhengtianbao
5f1456337b
Fix krew auto completion command not found at lower version ( #8185 )
2021-11-12 17:04:46 -08:00
Ajarmar
b5a5478a8a
Added tolerations for cinder-csi-nodeplugin DaemonSet ( #8137 )
2021-11-11 11:48:07 -08:00
Cristian Calin
b7ae4a2cfd
Kata-Containers: Fix kata-containers runtime ( #8068 )
...
* Kata-containes: Fix for ubuntu and centos sometimes kata containers fail to start because of access errors to /dev/vhost-vsock and /dev/vhost-net
* Kata-containers: use similar testing strategy as gvisor
* Kata-Containers: adjust values for 2.2.0 defaults
Make CI tests actually pass
* Kata-Containers: bump to 2.2.2 to fix sandbox_cgroup_only issue
2021-11-09 10:01:48 -08:00
Cristian Calin
039205560a
nodelocaldns: allow a secondary pod for nodelocaldns for local-HA ( #8100 )
...
* nodelocaldns: allow a secondary pod for nodelocaldns for local-HA
* CI: add job to test nodelocaldns secondary
2021-11-09 09:57:47 -08:00
Cristian Calin
801268d5c1
containerd: upgrade versions 1.4.11 and 1.5.7 and make 1.4.11 the default ( #8129 )
2021-11-09 06:59:47 -08:00
zhengtianbao
46c536d261
Add krew auto completion ( #8171 )
2021-11-09 02:43:39 -08:00
Cristian Calin
4a8757161e
Docker: replace the use of containerd_version with docker_containerd_version to avoid causing conflicts when bumping containerd_version ( #8130 )
2021-11-08 15:56:49 -08:00
zhengtianbao
65540c5771
krew: update to v0.4.2 ( #8168 )
...
krew release urls changed since v0.4.2, clearly OS type and arch inside the filename.
from:
https://github.com/kubernetes-sigs/krew/releases/download/v0.4.1/krew.tar.gz
to:
https://github.com/kubernetes-sigs/krew/releases/download/v0.4.2/krew-linux_amd64.tar.gz
define `host_os` like `host_architecture` determine which OS is krew
installed at.
2021-11-08 02:54:59 -08:00
Max Gautier
6c1ab24981
Limit kubectl delete node to k8s nodes ( #8101 )
...
* Limit kubectl delete node to k8s nodes
This avoids the use of `kubectl delete node` when removing etcd nodes
which are not part of the cluser (separate etcd)
* Take errors into account when deleting node
There should not be error now that we're limiting the deletion to nodes
actually in the cluster
* Retrying on error
2021-11-08 02:22:58 -08:00
Hyojun Jeon
61c2ae5549
Add vxlanEnabled spec in FelixConfiguration ( #8167 )
2021-11-08 00:06:52 -08:00
zhengtianbao
04711d3b00
Replace path_join to support Ansible 2.9 ( #8160 )
2021-11-08 00:00:52 -08:00
Kenichi Omichi
cb7c30a4f1
Fix cloud_provider check ( #8164 )
...
This fixes the preinstall check for cloud_provider option based on
inventory/sample/group_vars/all/all.yml
2021-11-07 23:48:52 -08:00
Álvaro Torres Cogollo
8922c45556
Added ArgoCD kubernetes-app ( #7895 )
...
* Added ArgoCD kubernetes-app
* Update argocd_version to latest
2021-11-07 02:22:51 -08:00
Emin AKTAS
58390c79d0
Bump crun version 1.2 to 1.3 ( #8162 )
...
Signed-off-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Co-authored-by: Necatican Yıldırım <necaticanyildirim@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Co-authored-by: Necatican Yıldırım <necaticanyildirim@gmail.com>
2021-11-06 02:26:50 -07:00
Antoine Gatineau
b7eb1cf936
cert-manager: add trusted internal ca when configured ( #8135 )
...
* cert-manager: add trusted internal ca when configured
* wrong check for inventory variable
* Update documentation
2021-11-05 09:43:52 -07:00
Pasquale Toscano
6e5b9e0ebf
Fix Kubelet and Containerd when using cgroupfs as cgroup driver ( #8123 )
2021-11-05 07:59:54 -07:00
Marcus Fenner
c94291558d
Fix containerd install for fcos ( #8107 )
...
* Fix containerd install for fcos
* rm orphaned runc and containerd binaries
2021-11-05 07:53:53 -07:00
Florian Ruynat
1c3d082b8d
fix calico crds hashes for 3.20.2 ( #8157 )
2021-11-04 10:38:04 -07:00
zhengtianbao
9d4cdb7b02
Ensure addon-resizer 1.8.11 only effective at arch amd64. ( #8144 )
...
* Ensure addon-resizer 1.8.11 only effective at arch amd64.
k8s.gcr.io/addon-resizer:1.8.11 returns the amd64 image which is not executable at arm64.
Disable addon-resizer when the platform is not amd64.
When metrics-server upgrade and use addon-resizer:2.3, then revert this
commit and `image_arch` will determine the `addon_resizer_image_tag`.
* Add metrics_server_resizer architectures check
2021-11-01 08:21:19 -07:00
Florian Ruynat
b353e062c7
Update default k8s version to 1.22.3
2021-10-29 10:43:44 -07:00
Florian Ruynat
d8f9b9b61f
Update hashes for version v1.20.12/v1.21.6/v1.22.3
2021-10-29 10:43:44 -07:00
Sergey
0b441ade2c
nginx ingress controller should watch kind:ingress without class ( #8128 )
2021-10-28 11:48:59 -07:00
Krystian Młynek
6f6fad5a16
Calico: add missing verbs in ClusterRole ( #8136 )
2021-10-28 11:11:01 -07:00
brainfair
465ffa3c9f
Weave: add extra_args for weave-npc ( #8140 )
...
* add weave_npc_extra_args in template
* add defaults weave_npc_extra_args
* add sample for weave_npc_extra_args
2021-10-28 08:58:27 -07:00
vatech_seungjin
539c9e0d99
added hirsute in restart network ( #8134 )
...
restarting network in ubuntu 21.04 fails and checked the restart menu and found that hirsute was missing in the argument : )
2021-10-27 15:19:10 -07:00
irizzant
649f962ac6
Metrics-server Deployment has incongruencies in resources requests/limits ( #8088 )
...
* fix(metrics-server): update defaults
* fix(metrics-server): typo error
2021-10-27 15:15:11 -07:00
Gheorghe Isak
16bdb3fe51
set check_mode to false ( #8133 )
2021-10-26 19:36:37 -07:00
Sébastien Masset
7c3369e1b9
Fixed default DNS min replica for single node clusters ( #8112 )
2021-10-26 16:03:46 -07:00
Florian Ruynat
9eacde212f
Fix quorum check when recovering broken etcd cluster ( #8126 )
2021-10-26 15:23:09 -07:00
Florian Ruynat
331647f4ab
Remove deprecated Ambassador ingress code ( #8086 )
2021-10-26 15:19:09 -07:00
Mohamed Zaian
d8d01bf5aa
nginx-ingress: bump to 1.0.4 ( #8114 )
...
* Disable builtin ssl_session_cache solving the problem with OpenSSL consuming memory.
* Print warning only instead of error if no IngressClass permission is available.
2021-10-24 15:34:22 -07:00
Julio H Morimoto
d42b7228c2
Convert numbers to string for calico's inventory check. ( #8120 )
...
Fix https://github.com/kubernetes-sigs/kubespray/issues/8119
Signed-off-by: Julio Morimoto <julio@morimoto.net.br>
2021-10-24 11:42:21 -07:00
Damian Szeluga
4db057e9c2
Allow changing metallb default pool name ( #8111 )
2021-10-22 09:38:39 -07:00
Cristian Calin
ea8e2fc651
containerd: download containerd from upstream instead of using distro specific packages ( #7970 )
...
* Containerd: download containerd from upstream instead of using distro specific packages
split runc download to separate role
make bootstrap-os role deploy container-selinux and seccomp libraries
clean up package manager provided containerd
move variables to docker role that are no longer common with containerd
* Containerd: make molecule testing more relevant
* replace ubuntu18 with ubuntu20
* add centos8 and debian11 to molecule tests
* run kubernetes/preinstall role to ensure relevancy
of test including dependency packages
* CI: adjust test scenarios for downloaded containerd
2021-10-20 08:47:58 -07:00
Utku Özdemir
10c30ea5b1
Add fallback to node drain using --disable-eviction flag ( #8094 )
...
* Add fallback to node drain using --disable-eviction flag
Signed-off-by: Utku Ozdemir <uoz@protonmail.com>
* Move drain fallback tasks to separate file
Signed-off-by: Utku Ozdemir <uoz@protonmail.com>
* Add delegate_facts to fix the drain fallback
Signed-off-by: Utku Ozdemir <uoz@protonmail.com>
* Fix ansible-lint error
Signed-off-by: Utku Ozdemir <uoz@protonmail.com>
* Move drain fallback into block
Signed-off-by: Utku Ozdemir <uoz@protonmail.com>
2021-10-20 00:51:58 -07:00
Kenichi Omichi
19d07a4f2e
Fix ownership related to Calico ( #8072 )
...
kube-bench scan outputs warning related to Calico like:
* text: "Ensure that the Container Network Interface file
permissions are set to 644 or more restrictive (Manual)"
* text: "Ensure that the Container Network Interface file
ownership is set to root:root (Manual)"
This fixes these warnings.
2021-10-19 17:35:57 -07:00
Cristian Calin
6a5b87dda4
netchecker: update images to 1.2.2 from Mirantis ( #8074 )
...
* netchecker: update images to 1.2.2 from Mirantis which is slightly less ancinet than the l23networks images
* Netchecker: use local etcd instead of kubernetes v1beta1 crds which are no longer suported by kube 1.22+
2021-10-19 10:17:04 -07:00
Omar Aloraini
6aac59394e
Rocky Linux support ( #8095 )
...
* Add Rocky as a known OS
* Make sure Rocky includes bootstrap-centos.yml
* Update docs with Rocky Linux
* Rocky Linux wireguard and EPEL
* Rocky Linux in the list of supported distributions
2021-10-19 08:29:04 -07:00
Florian Ruynat
f147163b24
Up dashboard version to 2.4.0 - fix forgotten kubeovn version ( #8085 )
2021-10-15 05:40:54 -07:00
Florian Ruynat
16bf3549c1
Update kube-ovn to 1.8.1
2021-10-14 19:42:54 -07:00
Florian Ruynat
b912dafd7a
Update multus to 3.8.0
2021-10-14 19:42:54 -07:00
efrikin
8b3481f511
Add molecule tests for roles ( #8080 )
...
* Add molecule tests for bastion-ssh-config
* Add molecule tests for adduser
* Update .gitignore
2021-10-14 18:46:54 -07:00
Olivier Levitt
7019c2685d
Increase cpu limit to prevent throttling ( #8076 )
2021-10-14 11:03:36 -07:00
Mohamed Zaian
d18cc38586
Replcae deprecated --delete-local-data in pre-remove/pre-upgrade tasks ( #8081 )
2021-10-14 02:25:19 -07:00
Cristian Calin
cee481f63d
cert-manager: upgrade to 1.5.4 ( #8069 )
...
* cert-manager: update to 1.5.4
* cert-manager: remove outdated guidelines on creating an initial ClusterIssuer
2021-10-12 09:17:47 -07:00