C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
6299 commits 17 branches 66 tags 141 MiB
Commit graph

4173 commits

Author SHA1 Message Date
Cristian Calin
039205560a
nodelocaldns: allow a secondary pod for nodelocaldns for local-HA (#8100) 
* nodelocaldns: allow a secondary pod for nodelocaldns for local-HA

* CI: add job to test nodelocaldns secondary
 2021-11-09 09:57:47 -08:00
Cristian Calin
801268d5c1
containerd: upgrade versions 1.4.11 and 1.5.7 and make 1.4.11 the default (#8129) 2021-11-09 06:59:47 -08:00
zhengtianbao
46c536d261
Add krew auto completion (#8171) 2021-11-09 02:43:39 -08:00
Cristian Calin
4a8757161e
Docker: replace the use of containerd_version with docker_containerd_version to avoid causing conflicts when bumping containerd_version (#8130) 2021-11-08 15:56:49 -08:00
zhengtianbao
65540c5771
krew: update to v0.4.2 (#8168) 
krew release urls changed since v0.4.2, clearly OS type and arch inside the filename.

from:
  https://github.com/kubernetes-sigs/krew/releases/download/v0.4.1/krew.tar.gz
to:
  https://github.com/kubernetes-sigs/krew/releases/download/v0.4.2/krew-linux_amd64.tar.gz

define `host_os` like `host_architecture` determine which OS is krew
installed at.
 2021-11-08 02:54:59 -08:00
Max Gautier
6c1ab24981
Limit kubectl delete node to k8s nodes (#8101) 
* Limit kubectl delete node to k8s nodes

This avoids the use of `kubectl delete node` when removing etcd nodes
which are not part of the cluser (separate etcd)

* Take errors into account when deleting node

There should not be error now that we're limiting the deletion to nodes
actually in the cluster

* Retrying on error
 2021-11-08 02:22:58 -08:00
Hyojun Jeon
61c2ae5549
Add vxlanEnabled spec in FelixConfiguration (#8167) 2021-11-08 00:06:52 -08:00
zhengtianbao
04711d3b00
Replace path_join to support Ansible 2.9 (#8160) 2021-11-08 00:00:52 -08:00
Kenichi Omichi
cb7c30a4f1
Fix cloud_provider check (#8164) 
This fixes the preinstall check for cloud_provider option based on
inventory/sample/group_vars/all/all.yml
 2021-11-07 23:48:52 -08:00
Álvaro Torres Cogollo
8922c45556
Added ArgoCD kubernetes-app (#7895) 
* Added ArgoCD kubernetes-app

* Update argocd_version to latest
 2021-11-07 02:22:51 -08:00
Emin AKTAS
58390c79d0
Bump crun version 1.2 to 1.3 (#8162) 
Signed-off-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Co-authored-by: Necatican Yıldırım <necaticanyildirim@gmail.com>

Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Co-authored-by: Necatican Yıldırım <necaticanyildirim@gmail.com>
 2021-11-06 02:26:50 -07:00
Antoine Gatineau
b7eb1cf936
cert-manager: add trusted internal ca when configured (#8135) 
* cert-manager: add trusted internal ca when configured

* wrong check for inventory variable

* Update documentation
 2021-11-05 09:43:52 -07:00
Pasquale Toscano
6e5b9e0ebf
Fix Kubelet and Containerd when using cgroupfs as cgroup driver (#8123) 2021-11-05 07:59:54 -07:00
Marcus Fenner
c94291558d
Fix containerd install for fcos (#8107) 
* Fix containerd install for fcos

* rm orphaned runc and containerd binaries
 2021-11-05 07:53:53 -07:00
Florian Ruynat
1c3d082b8d
fix calico crds hashes for 3.20.2 (#8157) 2021-11-04 10:38:04 -07:00
zhengtianbao
9d4cdb7b02
Ensure addon-resizer 1.8.11 only effective at arch amd64. (#8144) 
* Ensure addon-resizer 1.8.11 only effective at arch amd64.

k8s.gcr.io/addon-resizer:1.8.11 returns the amd64 image which is not executable at arm64.

Disable addon-resizer when the platform is not amd64.

When metrics-server upgrade and use addon-resizer:2.3, then revert this
commit and `image_arch` will determine the `addon_resizer_image_tag`.

* Add metrics_server_resizer architectures check
 2021-11-01 08:21:19 -07:00
Florian Ruynat
b353e062c7 Update default k8s version to 1.22.3 2021-10-29 10:43:44 -07:00
Florian Ruynat
d8f9b9b61f Update hashes for version v1.20.12/v1.21.6/v1.22.3 2021-10-29 10:43:44 -07:00
Sergey
0b441ade2c
nginx ingress controller should watch kind:ingress without class (#8128) 2021-10-28 11:48:59 -07:00
Krystian Młynek
6f6fad5a16
Calico: add missing verbs in ClusterRole (#8136) 2021-10-28 11:11:01 -07:00
brainfair
465ffa3c9f
Weave: add extra_args for weave-npc (#8140) 
* add weave_npc_extra_args in template

* add defaults weave_npc_extra_args

* add sample for weave_npc_extra_args
 2021-10-28 08:58:27 -07:00
vatech_seungjin
539c9e0d99
added hirsute in restart network (#8134) 
restarting network in ubuntu 21.04 fails and checked the restart menu and found that hirsute was missing in the argument : )
 2021-10-27 15:19:10 -07:00
irizzant
649f962ac6
Metrics-server Deployment has incongruencies in resources requests/limits (#8088) 
* fix(metrics-server): update defaults

* fix(metrics-server): typo error
 2021-10-27 15:15:11 -07:00
Gheorghe Isak
16bdb3fe51
set check_mode to false (#8133) 2021-10-26 19:36:37 -07:00
Sébastien Masset
7c3369e1b9
Fixed default DNS min replica for single node clusters (#8112) 2021-10-26 16:03:46 -07:00
Florian Ruynat
9eacde212f
Fix quorum check when recovering broken etcd cluster (#8126) 2021-10-26 15:23:09 -07:00
Florian Ruynat
331647f4ab
Remove deprecated Ambassador ingress code (#8086) 2021-10-26 15:19:09 -07:00
Mohamed Zaian
d8d01bf5aa
nginx-ingress: bump to 1.0.4 (#8114) 
* Disable builtin ssl_session_cache solving the problem with OpenSSL consuming memory.
* Print warning only instead of error if no IngressClass permission is available.
 2021-10-24 15:34:22 -07:00
Julio H Morimoto
d42b7228c2
Convert numbers to string for calico's inventory check. (#8120) 
Fix https://github.com/kubernetes-sigs/kubespray/issues/8119

Signed-off-by: Julio Morimoto <julio@morimoto.net.br>
 2021-10-24 11:42:21 -07:00
Damian Szeluga
4db057e9c2
Allow changing metallb default pool name (#8111) 2021-10-22 09:38:39 -07:00
Cristian Calin
ea8e2fc651
containerd: download containerd from upstream instead of using distro specific packages (#7970) 
* Containerd: download containerd from upstream instead of using distro specific packages

split runc download to separate role
make bootstrap-os role deploy container-selinux and seccomp libraries
clean up package manager provided containerd
move variables to docker role that are no longer common with containerd

* Containerd: make molecule testing more relevant

* replace ubuntu18 with ubuntu20
* add centos8 and debian11 to molecule tests
* run kubernetes/preinstall role to ensure relevancy
  of test including dependency packages

* CI: adjust test scenarios for downloaded containerd
 2021-10-20 08:47:58 -07:00
Utku Özdemir
10c30ea5b1
Add fallback to node drain using --disable-eviction flag (#8094) 
* Add fallback to node drain using --disable-eviction flag

Signed-off-by: Utku Ozdemir <uoz@protonmail.com>

* Move drain fallback tasks to separate file

Signed-off-by: Utku Ozdemir <uoz@protonmail.com>

* Add delegate_facts to fix the drain fallback

Signed-off-by: Utku Ozdemir <uoz@protonmail.com>

* Fix ansible-lint error

Signed-off-by: Utku Ozdemir <uoz@protonmail.com>

* Move drain fallback into block

Signed-off-by: Utku Ozdemir <uoz@protonmail.com>
 2021-10-20 00:51:58 -07:00
Kenichi Omichi
19d07a4f2e
Fix ownership related to Calico (#8072) 
kube-bench scan outputs warning related to Calico like:

* text: "Ensure that the Container Network Interface file
  permissions are set to 644 or more restrictive (Manual)"
* text: "Ensure that the Container Network Interface file
  ownership is set to root:root (Manual)"

This fixes these warnings.
 2021-10-19 17:35:57 -07:00
Cristian Calin
6a5b87dda4
netchecker: update images to 1.2.2 from Mirantis (#8074) 
* netchecker: update images to 1.2.2 from Mirantis which is slightly less ancinet than the l23networks images

* Netchecker: use local etcd instead of kubernetes v1beta1 crds which are no longer suported by kube 1.22+
 2021-10-19 10:17:04 -07:00
Omar Aloraini
6aac59394e
Rocky Linux support (#8095) 
* Add Rocky as a known OS

* Make sure Rocky includes bootstrap-centos.yml

* Update docs with Rocky Linux

* Rocky Linux wireguard and EPEL

* Rocky Linux in the list of supported distributions
 2021-10-19 08:29:04 -07:00
Florian Ruynat
f147163b24
Up dashboard version to 2.4.0 - fix forgotten kubeovn version (#8085) 2021-10-15 05:40:54 -07:00
Florian Ruynat
16bf3549c1 Update kube-ovn to 1.8.1 2021-10-14 19:42:54 -07:00
Florian Ruynat
b912dafd7a Update multus to 3.8.0 2021-10-14 19:42:54 -07:00
efrikin
8b3481f511
Add molecule tests for roles (#8080) 
* Add molecule tests for bastion-ssh-config

* Add molecule tests for adduser

* Update .gitignore
 2021-10-14 18:46:54 -07:00
Olivier Levitt
7019c2685d
Increase cpu limit to prevent throttling (#8076) 2021-10-14 11:03:36 -07:00
Mohamed Zaian
d18cc38586
Replcae deprecated --delete-local-data in pre-remove/pre-upgrade tasks (#8081) 2021-10-14 02:25:19 -07:00
Cristian Calin
cee481f63d
cert-manager: upgrade to 1.5.4 (#8069) 
* cert-manager: update to 1.5.4

* cert-manager: remove outdated guidelines on creating an initial ClusterIssuer
 2021-10-12 09:17:47 -07:00
Max Gautier
e4c8c7188e
etcd: deploy container engine if needed (#7532) 
If the etcd cluster is separate and the etcd_deployment_type is "host",
there is no need for a container engine on the etcd nodes

Do not rely on a 'default(true)' filter, but define a proper default in
kubespray-defaults depending on etcd deployment method and if internal
or external etcd is used
 2021-10-12 00:31:47 -07:00
rtsp
6c004efd5f
cert_manager: Remove deprecated ClusterIssuer and its Secret (#8064) 2021-10-11 09:40:40 -07:00
Necatican Yıldırım
1a57780a75
Add kubeadm_join_phases_skip variable (#8067) 
* Add kubeadm_join_phases_skip variable

* Update kubeadm_join_phases_skip comment

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* Add kubeadm_join_phases_skip_default variable to follow the same logic with kubeadm_init_phases_skip

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
 2021-10-11 09:36:41 -07:00
Maciej Wereski
ce25e4aa21
MetalLB: update to v0.10.3 (#8071) 
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
 2021-10-11 08:54:40 -07:00
Rene Luria
ef4044b62f
csi_driver / cinder: implement rescan-on-resize variable via (#8057) 
cinder_csi_rescan_on_resize
 2021-10-11 02:14:40 -07:00
Florian Ruynat
c8d9afce1a
Update a bunch of tools (#8061) 2021-10-08 09:00:59 -07:00
Florian Ruynat
285983a555
Update docker version to 20.10.9 - CVE fixes (#8060) 2021-10-08 08:56:58 -07:00
Cristian Calin
ab4356aa69
Calico: bump default version to 3.20.2 (#8058) 2021-10-07 12:59:33 -07:00
Maxim Pogozhiy
5fcf047191
local-volume-provisioner quay.io -> k8s.gcr.io (#8054) 2021-10-06 17:08:41 -07:00
Rene Luria
e707f78899
After upgrade, allow cilium to be back before uncordoning (#7978) 
* After upgrade, allow cilium to be back before uncordoning

* add eol

* use kube_config_dir variable
resolves https://github.com/kubernetes-sigs/kubespray/pull/7978#discussion_r721685549
 2021-10-05 12:56:58 -07:00
Ilya Margolin
41e0ca3f85
Move kube_feature_gates to kubelet config (#8048) 
to remove deprecation warning:

> Flag --feature-gates has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag.
 2021-10-05 06:07:10 -07:00
Iago Santos
43958614e3
Fix kubespray flatcar ansible_os_family and ansible_distribution (#8029) 
Closes https://github.com/kubernetes-sigs/kubespray/issues/8028

Signed-off-by: Iago Santos <iago.santos.pardo@adfinis.com>
 2021-10-01 09:11:23 -07:00
rtsp
af04906b51
Ensure apparmor is installed (#8036) 
Kubespray deployment failed when using containerd backend on nodes that apparmor was not installed or previously removed. This PR ensure apparmor is installed by adding it into required_pkgs var.
 2021-09-29 23:52:08 -07:00
Cristian Calin
c7e17688b9
gVisor: bump release to 20210921 version (#8015) 
* gVisor: bump release to 20210921 version

* gVisor: drop support for 20210518.0 version
 2021-09-29 11:35:20 -07:00
Peter Pan
f5885d05ea
In CentOS 8.x Docker install Step: remove podman when existing (#8016) 2021-09-29 06:32:48 -07:00
Frank Filippone
eee2eb11d8
Update weave template to match source for 2.8.1 (#8013) 2021-09-28 09:16:43 -07:00
Kenichi Omichi
8d3961edbe
Add metrics_server_resizer option (#8018) 
The addon-resizer container can reduce resource limits of cpu and
memory of metrics-server container in the pod, and that caused
OOMKilled.
In addition, the original metrics-server manifest doesn't contain
the addon-resizer container as [1].
So this adds metrics_server_resizer option to control the addon-resizer
container deployment and the default value is false to make it stable
for most environments.

[1]: 527679e5e8/manifests/base/deployment.yaml
 2021-09-28 00:02:42 -07:00
Marcos Lorenzo
4c5328fd1f
Determine root filesistem device and partition before running growpart (#8024) 2021-09-27 23:58:42 -07:00
David Louks
1472528f6d
check if 'plugins' key exists in calico_cni_config object (#7717) 
* check if 'plugins' key exists in calico_cni_config object

* fix whitespace linting error

* fixed when list indentation
 2021-09-27 11:04:20 -07:00
Victor Morales
9416c9aa86
Enable stable and edge Docker CLI versions (#8019) 2021-09-27 10:44:19 -07:00
Kenichi Omichi
da92c7e215
Add proxy for subscription-manager (#8012) 
If using proxy, it is necessary to configure it before running
"subscription-manager status" command.
This adds the step.
 2021-09-27 08:47:35 -07:00
Kenichi Omichi
d27cf375af
Remove allowPrivilegeEscalation from metrics-server (#8014) 
"allowPrivilegeEscalation: false" blocks deploying metrics-server
on CentOS7. In addition, the original metrics-server manifest doesn't
contain it as [1]. This removes it.

[1]: 527679e5e8/manifests/base/deployment.yaml
 2021-09-27 08:43:36 -07:00
Victor Morales
432a312a35
Enable stable and edge containerd versions (#8020) 2021-09-27 08:11:35 -07:00
Cristian Calin
3a6230af6b
Kata-Containers: update versions 2.2.0 (default) and 2.1.1 (#8017) 
* Kata-Containers: add 2.2.0 hashes and make default

* Kata-Containers: replace 2.1.0 with bugfix version 2.1.1

* Kata-Containers: move to q35 a more modern VM architecture as 'pc' is removed in 2.2.0
 2021-09-27 08:07:35 -07:00
Florian Ruynat
ecd267854b
Move ovn4nvf crd from v1beta1 to v1 (#8006) 2021-09-27 01:18:22 -07:00
Hugo Blom
ac846667b7
Check if openstack application credentials are empty since they always exists (#8021) 2021-09-27 01:14:22 -07:00
rtsp
4bace2491d
Ensure apparmor is installed (#8011) 
Kubespray deployment failed when using containerd backend on nodes that apparmor was not installed or previously removed. This PR ensure apparmor is installed by adding it into required_pkgs var.
 2021-09-24 07:55:23 -07:00
Maxim Pogozhiy
22017b7ff0
kube-router 1.3.0 -> 1.3.1 (#8007) 2021-09-23 13:42:55 -07:00
Florian Ruynat
88c11b5946
Revert "etcd: enable v2 api only if needed (#8001)" (#8008) 
This reverts commit c0e1211abe.
 2021-09-23 10:43:14 -07:00
Kenichi Omichi
843252c968
Use kube_config_dir for kubeconfig (#7996) 
The path of kubeconfig should be configurable, and its default value
is /etc/kubernetes/admin.conf. Most paths of the file are configurable
but some were not. This make those configurable.
 2021-09-23 10:19:13 -07:00
Eric Lake
ddea79f0f0
Issue 8004: Fix typha prometheus (#8005) 
The typha prometheus settings were in the `volumeMounts` section of the
spec and not in the `envs` section. This was cauing the deployment to
fail because it was looking for a volumeMount.

```
failed: [controller-001.a2.da.dev.logdna.net] (item=calico-typha.yml) => {"ansible_loop_var": "item", "changed": false, "item": {"ansible_loop_var": "item", "changed": true, "checksum": "598ac79530749e8e2110793b53fc49ac208e7130", "dest": "/etc/kubernetes/calico-typha.yml", "diff": [], "failed": false, "gid": 0, "group": "root", "invocation": {"module_args": {"_original_basename": "calico-typha.yml.j2", "attributes": null, "backup": false, "checksum": "598ac79530749e8e2110793b53fc49ac208e7130", "content": null, "delimiter": null, "dest": "/etc/kubernetes/calico-typha.yml", "directory_mode": null, "follow": false, "force": true, "group": null, "local_follow": null, "mode": null, "owner": null, "regexp": null, "remote_src": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": "/home/core/.ansible/tmp/ansible-tmp-1632349768.56-75434-32452975679246/source", "unsafe_writes": null, "validate": null}}, "item": {"file": "calico-typha.yml", "name": "calico", "type": "typha"}, "md5sum": "53c00ac7f562cf9ecbbfd27899ea066d", "mode": "0644", "owner": "root", "size": 5378, "src": "/home/core/.ansible/tmp/ansible-tmp-1632349768.56-75434-32452975679246/source", "state": "file", "uid": 0}, "msg": "error running kubectl (/opt/bin/kubectl --namespace=kube-system apply --force --filename=/etc/kubernetes/calico-typha.yml) command (rc=1), out='service/calico-typha unchanged\n', err='error: error validating \"/etc/kubernetes/calico-typha.yml\": error validating data: [ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[2]): unknown field \"value\" in io.k8s.api.core.v1.VolumeMount, ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[2]): missing required field \"mountPath\" in io.k8s.api.core.v1.VolumeMount, ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[3]): unknown field \"value\" in io.k8s.api.core.v1.VolumeMount, ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[3]): missing required field \"mountPath\" in io.k8s.api.core.v1.VolumeMount]; if you choose to ignore these errors, turn validation off with --validate=false\n'"}
```
 2021-09-23 08:37:22 -07:00
Max Gautier
c0e1211abe
etcd: enable v2 api only if needed (#8001) 
* etcd: enable v2 api only if needed

Only enable v2 API if we have a consumer (flannel)
This reduce the exposed surface for etcd.

* Fix bad group name
 2021-09-22 12:36:32 -07:00
Florian Ruynat
c8d7f000c9
Remove k8s hooks for versions prior to 1.20 (#7998) 2021-09-22 10:32:01 -07:00
Léopold Jacquot
598f178054
Fix cilium operator metrics activation (#8000) 2021-09-22 10:00:02 -07:00
Florian Ruynat
5d1b34bdcd Move min k8s version to 1.20 2021-09-22 09:50:01 -07:00
Florian Ruynat
8efde799e1 Update kubernetes version to 1.22.2 2021-09-22 09:50:01 -07:00
Cristian Calin
a517a8db01
Drop chech for kubelet_shutdown_grace_period (#7993) 
and kubelet_shutdown_grace_period_critical_pods as ansible cannot do
sane time interval calculations
 2021-09-21 18:34:00 -07:00
Wang Zhen
2211504790
Fix k8s-certs-renew cp path (#7992) 
Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
 2021-09-21 00:36:22 -07:00
Cristian Calin
fb8662ec19
Calico: update versions 3.20.1, 3.19.3 (#7984) 
* make Calico 3.20.1 the default version
* drop Calico 3.17.x support
 2021-09-20 17:40:23 -07:00
Cristian Calin
6f7911264f
Calico: make calico_min_version check relevant (#7939) 
* Calico: make calico_min_version check relevant

* Calico: only check currently installed version against the oldest supported version by the previous release
 2021-09-20 07:58:09 -07:00
Cristian Calin
ae44aff330
Calico: increase calico node probe timeouts and allow tunning (#7981) 2021-09-17 16:08:07 -07:00
Florian Ruynat
b83e8b020a
Fix default version (#7977) 2021-09-17 07:31:00 -07:00
Hari Hud
30cd91dc6b
Add option to kubeadm upgrade command to control certificates renewal during control plane upgrade (#7976) 
* Add option to kubeadm upgrade command to control certificates renewal during control plane upgrade

* Remove training whitespace
 2021-09-17 04:31:00 -07:00
Florian Ruynat
f2fa9c3b31 Update hashes with new versions 2021-09-17 00:39:02 -07:00
Florian Ruynat
30a7dfa4f8
Fix ubuntu16/centos8 CI jobs (#7972) 2021-09-16 23:39:01 -07:00
Samuel Liu
62ab477838
remove kube_proxy_conntrack_max var (#7971) 2021-09-15 08:22:31 -07:00
rtsp
f8a57f7598
Fix iptables missing on Debian 11 if APT::Install-Recommends=0 (#7964) 
On Debian 11, `ipset` just recommend `iptables` so on the system that apt is configured with `APT::Install-Recommends "0";` iptables will not install automatically.
 2021-09-14 08:19:09 -07:00
Bryan Hundven
35c928798d
Fix missing file mode (risky-file-permissions) (#7959) 
* Fix missing file mode (risky-file-permissions)

Found this using ansible-lint.

Signed-off-by: Bryan Hundven <bryanhundven@gmail.com>

* Fix another missing file mode (risky-file-permissions)

This one fixes `/etc/crio/config.json`

Signed-off-by: Bryan Hundven <bryanhundven@gmail.com>
 2021-09-09 23:35:59 -07:00
jhchong92
83f64a7ff9
Bugfix/cinder csi cloud config template (#7955) 
* Fix invalid condition for username and password inclusion

* Use length filter to test variable conditions
 2021-09-09 10:04:11 -07:00
Florian Ruynat
60853fa682 Update kube-ovn to 1.7.2 2021-09-09 08:14:10 -07:00
Florian Ruynat
b66356be65 Update cilium to 1.9.10 2021-09-09 08:14:10 -07:00
jhchong92
efae2dbad6
Update snapshot-controller repository and image versions (#7957) 2021-09-09 08:10:11 -07:00
jhchong92
bd8b8916a8
Remove invalid spec - deployment.spec.serviceName (#7949) 2021-09-08 13:05:56 -07:00
jhchong92
57063b6828
Replace incorrect {% end %} tags with {% endif %} in csi_crd templates (#7947) 2021-09-08 12:59:57 -07:00
Ole Mathias Aa. Heggem
69b67a293a
Calico: Add kube_service_addresses_ipv6 to serviceClusterIPs (#7889) (#7944) 
Add IPv6 Service Addresses to BGP advertisement when 
calico_advertise_cluster_ips is true.
 2021-09-08 00:37:20 -07:00
Cristian Calin
d57ddf0be8
Feature DynamicKubeletConfig is deprecated in 1.22 and will not move to GA (#7938) 
* Feature DynamicKubeletConfig is deprecated in 1.22 and will not move to GA

* Add check for dynamic_kubelet_configuration with kube >= 1.22
 2021-09-07 10:47:16 -07:00
Cristian Calin
43e7e2d663
nginx-ingress: bump to 1.0.0 to support kube 1.22 (#7942) 2021-09-06 04:50:36 -07:00
Cristian Calin
d355b43dce
ContainerD: bump containerd version to 1.4.9 (#7940) 2021-09-06 04:50:29 -07:00
Cristian Calin
5d52025266
crictl: add hashes for 1.22 (#7936) 2021-09-06 04:46:29 -07:00
Cristian Calin
db470f8529
Update CSI snaphotter and make it independent (#7943) 
* CSI: update CSI snapshot CRDs

* CSI: update snapshot controller tag version with kubernetes specific versions

* CSI: allow enabling csi_snapshot_controller independent of Cinder CSI

* CSI: Align csi-snapshot-controller with upstream and use a Deployment instead of a StatefulSet
 2021-09-06 04:24:29 -07:00
kranthi guttikonda
81bf4f9304
cri-o registry auth support (#7837) 
* cri-o registry auth support

* yaml lint for comments

* crio_registry_auth from registry_auth

* crio_registry_auth as defaults
 2021-09-01 10:20:59 -07:00
Maciej Wereski
e1967b0700
MetalLB: keep nodeSelector in one place (#7931) 
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
 2021-09-01 09:05:00 -07:00
Olivier Lemasle
507091ec8b
Replace cluster_name by dns_domain (#7923) 
`cluster_name` defaults to `dns_domain` value (see [here][1] and [here][2])
but they could have different values.

`dns_domain` should be used here instead of `cluster_name` because the DNS
resolution is configured to use `dns_domain`.

[1]: 0ef7af76bc/roles/kubespray-defaults/defaults/main.yaml (L104)
[2]: 1afdb05ea9/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml (L196)
 2021-09-01 08:18:59 -07:00
Maciej Wereski
48ceca4919
MetalLB: update to v0.10.2 (#7925) 
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
 2021-09-01 03:00:59 -07:00
Cristian Calin
426ad81db0
Calico: replace hashes for latest 3.17 and 3.18 to the .5 minor versions (#7924) 2021-08-31 13:38:21 -07:00
Olivier Lemasle
497d2ca306
Fix Calico's FelixConfiguration when "IP in IP" is disabled (#7926) 
When using Calico with:

- `calico_network_backend: vxlan`,
- `calico_ipip_mode: "Never"`,
- `calico_vxlan_mode: "Always"`,

the `FelixConfiguration` object has `ipipEnabled: true`, when it should be false:

This is caused by an error in the `| bool` conversion in the install task:
when `calico_ipip_mode` is `Never`,
`{{ calico_ipip_mode != 'Never' | bool }}` evaluates to `true`:
 2021-08-31 13:14:21 -07:00
Calvin Park
9d3888a756
During pre-upgrade add a flag to always cordon (#7892) 
* During pre-upgrade add a flag to always cordon

* empty

* empty

* empty

* Better default val
 2021-08-30 10:56:09 -07:00
rtsp
c8e090c17f
Add preliminary Debian 11 (bullseye) support (#7853) 
- Use python3-apt instead because python-apt was removed in Debian 11
- Add gnupg (fix "container-engine/containerd : ensure containerd repository public key is installed" task failed)
- Remove aufs-tools

Signed-off-by: rtsp <git@rtsp.us>
 2021-08-30 09:53:06 -07:00
Florian Ruynat
1ccf32e08f
Update docker to 20.10.8 (#7918) 2021-08-30 08:25:06 -07:00
Florian Ruynat
17af348be8 Add bunch of Kubernetes versions missing 2021-08-30 08:17:05 -07:00
Cristian Calin
1afdb05ea9
Fedora and RHEL use etc_t and the convention is <type_name>_t (#7891) 
* Fedora and RHEL use etc_t and the convention is <type_name>_t

* Docs: specify all values for preinstall_selinux_state

* CI: Add Fedora 34 with SELinux in enforcing mode
 2021-08-27 14:20:53 -07:00
Sergey
89993e4833
fix error metrics server capabilities name (#7905) 2021-08-25 12:06:15 -07:00
Cristian Calin
1c3d33e146
Calico: 3.20.0 policy update to allow access to endpointslices (#7899) 2021-08-25 12:06:01 -07:00
Cristian Calin
f66c49bf42
Calico: replace version 3.19.1 with 3.19.2 and set as default (#7867) 
Bump calico version to 3.19.2 due to adding 3.20.0 earlier
 2021-08-25 07:32:41 -07:00
rtsp
4c9d7dedb3
addons/cert_manager: retries until webhook pods has been created (#7850) 
Fix task 'Cert Manager | Wait for Webhook pods become ready' failed due to webhook pods don't exist yet by using `retries..until` trick like kubernetes-sigs/kubespray#7842

This fix should be removed in the future if the kubernetes/kubernetes#83242 is resolved.

Signed-off-by: rtsp <git@rtsp.us>
 2021-08-25 07:16:41 -07:00
Sergey
5336943a8c
add cilium_operator_api_serve_addr to cilium operator config (#7901) 2021-08-24 03:49:13 -07:00
Samuel
a040e521b4
feat(containerd): auth support (#7868) 
* feat(containerd): auth support

* fix(registry-auth): rename variable
 2021-08-23 06:40:00 -07:00
Cristian Calin
0ac364dfae
Calico: use --allow-version-mismatch in calicoctl.sh to allow upgrades (#7873) 2021-08-20 14:30:48 -07:00
rtsp
79166496f3
debian: Fix test failed after bullseye release (#7888) 2021-08-19 15:37:24 -07:00
Frank Ritchie
1f09229740
Update cilium to 1.9.9 (#7871) 
Now that 1.10 is out this is to make 1.9.9 the default. I am running
this version successfully.
 2021-08-16 13:34:22 -07:00
Léopold Jacquot
c06896a352
Update metrics-server to 0.5.0 (#7864) 2021-08-12 08:19:48 -07:00
Cristian Calin
c119620f7c
Calico: add v3.20.0 hashes (#7855) 2021-08-11 07:50:46 -07:00
Daniil Muidinov
7f309bb092
fix parameters for module replace in 0060-resolvconf (#7858) 2021-08-10 17:13:26 -07:00
Eugene Artemenko
e2b67b5700
Add suport of Vsphere CSI driver 2.2.X versions (#7848) 2021-08-09 08:19:38 -07:00
rtsp
82a9064d8d
addons/cert_manager: fix kubernetes-sigs#7085 by adding retries..until (#7842) 
Fix task 'Cert Manager | Apply ClusterIssuer manifest' failed due to service/endpoints updating delayed even though the wekhook pod status is ready.

Signed-off-by: rtsp <git@rtsp.us>
 2021-08-09 08:19:31 -07:00
Victor Morales
a70fab2249
Bump crun to 0.21 version (#7854) 2021-08-09 08:11:31 -07:00
Smita Srivastava
31a5a4e808
retry to fetch binary if it fails first time (#7839) 2021-07-30 00:17:38 -07:00
Vitaliy D
5db86f4c2b
Update vSphere CPI (#7838) 
Changes:
  * ClusterRole updated according to the latest manifests from
    https://github.com/kubernetes/cloud-provider-vsphere
  * vSphere CPI/CSI default versions bumped and
    tested successfully on K8S 1.21.1
  * vSphere documentation updated

Signed-off-by: Vitaliy D <vi7alya@gmail.com>
 2021-07-29 18:17:37 -07:00
AnatomicJC
627a06e30d
CRI-O: Install libseccomp2 from backports on Debian 10 (#7816) 
* CRI-O: Install libseccomp2 from backports on Debian 10

libseccomp2 is a required dependency of cri-o-runc package

The one provided in Debian 10 repositories is outdated

* 7816: Remove useless when condition

As this condition is handled by block
 2021-07-23 07:07:16 -07:00
Kenichi Omichi
56e230863a
Separate gvisor_download_url for runsc and shim (#7760) 
To download necessary files in advance for offline deployment,
we can see all file URLs with contrib/offline/generate_list.sh
Most URLs are downloadable, but gvisor's one is not because the
URL is a part of full URLs for gvisor.
To download gvisor's files from the URLs directory, this separates
into two URLs for runsc and the shim.
 2021-07-22 07:51:51 -07:00
cola-zero
f21a707e99
Add containerd on Flatcar Container Linux (#7681) 2021-07-21 06:28:07 -07:00
Florian Ruynat
0ef7af76bc Fixup label for oracle linux bootstrap 2021-07-20 01:29:31 -07:00
Florian Ruynat
18666b3e2d Update multus to 3.7.2 (and move to ghcr.io) 2021-07-20 01:29:31 -07:00
Florian Ruynat
ed87386d7b Set default k8s version to 1.21.3 2021-07-20 01:29:31 -07:00
Florian Ruynat
1ad9b33b08 Add hashes for k8s 1.20.8/.9 and 1.19.12/.13 and 1.21.3 2021-07-20 01:29:31 -07:00
Florian Ruynat
000b4565c2 Fix erroneous ansible args 2021-07-20 01:29:31 -07:00
Florian Ruynat
eda75fc706 Update kube-router to 1.3.0 2021-07-20 01:29:31 -07:00
Florian Ruynat
6583add63a Update flannel to 0.14.0 (moved from coreos repo to flannel-io) 2021-07-20 01:29:31 -07:00
Florian Ruynat
441ad841cc Use dashboard 2.3.1 image 2021-07-20 01:29:31 -07:00
Florian Ruynat
6511c5dd7a Set Helm default version to 3.6.3 2021-07-20 01:29:31 -07:00
Florian Ruynat
d5cbb19b39 Update kube-ovn to 1.7.1 2021-07-20 01:29:31 -07:00
Atsushi Nukariya
417180246c
Fix: typos in docs and comments (#7805) 2021-07-16 18:58:50 -07:00
Fredrik Liv
802fb8b591
Add application credentials support for cinder (#7799) 
* csi-driver: Added possibility to use application credentials for cinder

* external-cloud-controller: Added env vars for openstack application credentials
 2021-07-15 00:56:48 -07:00
spaced
c2cf0d9945
add containerd on fedora CoreOS (#7794) 
* set selinux type t_etc if selinux state is enforcing

* workaround with update repo is no longer needed
remove comments about failing playbook

* grubby is not available in distros using ostree

* remove docker support because removed in fcos
update install script example with live rootfs

* do not call grubby on ostree based distro

* update docs enabling containerd on fedora coreos
 2021-07-15 00:00:48 -07:00
jayonlau
e61a9077f4
Clean up extra spaces about configuration-qemu.toml.j2 (#7795) 
Clean up extra spaces, although these errors are not important, they affect the code specification.
 2021-07-13 06:38:34 -07:00
spaced
bf54dc082b
set selinux type t_etc if selinux state is enforcing (#7791) 2021-07-13 06:34:29 -07:00
cleveritcz
3ff7bc1f64
Added k8s 1.21.2 (#7789) 2021-07-13 06:26:29 -07:00
Cristian Calin
7516fe142f
Move to Ansible 3.4.0 (#7672) 
* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10

* Docs: add a note about ansible upgrade post 2.9.x

* CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures

* Ansible: use newer ansible-lint

* Fix ansible-lint 5.0.11 found issues

* syntax issues
* risky-file-permissions
* var-naming
* role-name
* molecule tests

* Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+

* Pin ansible-base to 2.10.11 to get package fix on RHEL8
 2021-07-12 00:00:47 -07:00
Sébastien Huss
b0e4c375a7
Allow cri-o offline install (#7777) 2021-07-09 20:52:45 -07:00
Florian Ruynat
d1388d69d0
Fix tests following python change (#7775) 
* Fix ansible detection for python3 and ubuntu

* Fix oracle missing centos-extras repo for containerd/docker dependencies
 2021-07-08 18:52:53 -07:00
Shinerrs
d0fb537448
Ubuntu changed package name python-apt to python3-apt (#7769) 
* replaced deprecated python package with python3 package

* removed the version due to duplication
 2021-07-02 06:56:13 -07:00
jayonlau
59cf1770bc
Clean up residual files about /usr/libexec (#7756) 
When reset, need to clean up directory /usr/libexec.
 2021-07-01 02:13:54 -07:00
Vadim
0aaba5ea30
added destination filename to cp command (#7764) 2021-06-30 08:13:03 -07:00
Cristian Calin
bd6d810d0a
nodelocaldns: allow binding metrics address to host IP (#7748) 2021-06-29 05:28:41 -07:00
jayonlau
e3850fbbbc
Extra spaces of macvlan (#7752) 
Although these errors are not important, they affect the code specification.
 2021-06-28 02:13:25 -07:00
Cristian Calin
a3e34f589a
Enable Graceful Node Shutdown for Kubernetes >= 1.21.0 (#7746) 
* Enable Graceful Node Shutdown for Kubernetes >= 1.21.0

* Add sample graceful shutdown parameters
 2021-06-27 23:53:25 -07:00
Cristian Calin
a2cf6816ce
Calico wireguard (#7638) 
* Calico: add Wireguard support

* CI: Add Calico Wireguard scenario
 2021-06-25 03:22:45 -07:00
jayonlau
bbcafb5d7b
Clean up residual files about modules-load.d (#7737) 
When reset, need to clean up files kube_proxy-ipvs.conf and kubespray-br_netfilter.conf.
 2021-06-25 00:32:45 -07:00
Id2ndR
a31baf3c16
Fix deployment without openstack cacert (#7723) 
* fix group name

* fix external-openstack-cloud-config secret

* don't add ca.cert in the secret if not defined
 2021-06-21 05:38:50 -07:00
jayonlau
e83728897b
Clean up residual files (#7722) 
* Clean up residual files

When reset, you need to clean up to the kerw directory.

* Update main.yml
 2021-06-21 05:34:50 -07:00
Cristian Calin
282a27a07c
gVisor: initial support for gVisor container runtime (#7661) 
* Docker/Containerd: move downloads urls to containerd-common

* gVisor: initial support for gVisor container runtime
 2021-06-21 05:18:51 -07:00
Sergey
3fe6dbb65c
fix image pull url for coredns v1.8.0 (#7702) 2021-06-16 17:00:19 -07:00
flix444
7547e6a272
Ubuntu 21.04 changed packagename python-apt in python3-apt (#7715) 2021-06-16 13:58:00 -07:00
Cristian Calin
1928dafc7e
Revert to conmon location override for Redhat and Fedora (#7701) 2021-06-16 09:07:59 -07:00
Florian Ruynat
e77b9bf3ee
Update kube-ovn to 1.7.0 (#7686) 2021-06-16 08:10:00 -07:00
Samuel Liu
7f7e83a4d9
fix local-path-provisioner helper image repo (#7703) 2021-06-16 08:06:00 -07:00
Marko Kohtala
85fe716d46
Drop "Server" from crio repo URL (#7698) (#7699) 
$releasever can be 7Server, but there is no such CentOS path on
download.opensuse.org.

Use ansible_distribution_major_version instead of $releasever.
 2021-06-11 05:10:59 -07:00
Kenichi Omichi
85ff3eb8be
Update the version of local_volume_provisioner (#7684) 
As [1], v2.4.0 has been released already for local_volume_provisioner.
This updates the version.

[1]: https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner/tags
 2021-06-11 04:36:59 -07:00
Florian Ruynat
e55c359cf9
Updage docker packages to 20.10.7 (#7685) 2021-06-11 04:32:59 -07:00
Kasakaze
d66da21726
make sure serviceaccounts/token is only in the metadata stage (#7679) 2021-06-07 08:38:40 -07:00
forselli-stratio
1069b05e68
Improve scale flow and documentation (#7610) 
* Improve scale flow

* Add confirmation prompt again
 2021-06-07 05:02:40 -07:00
Cristian Calin
ec0c0d4a28
Calico enable support for eBPF (#7618) 
* Calico: align manifests with upstream

* allow enabling typha prometheus metrics

* Calico: enable eBPF support

* manage the kubernetes-services-endpoint configmap

* Calico: document the use of eBPF dataplane

* Calico: improve checks before deployment

* enforce disabling kube-proxy when using eBPF dataplane
* ensure calico_version is supported
 2021-06-07 04:58:39 -07:00
jiriproX
1739b27231
Replace yum module with package module (#7621) 2021-06-05 04:16:39 -07:00
Sergey
d9d29af87f
update containerd to version 1.4.6 (#7674) 2021-06-03 10:55:38 -07:00
Cristian Calin
7036b704b3
Replace Kata 1.x with Kata 2.x (#7670) 
* Kata: add Kata 2.x checksums and adjust download urls for 2.x

* Kata: drop 1.x version which is no longer supported

* Kata: set default version 2.1.0
 2021-06-02 00:50:41 -07:00
Florian Ruynat
54cda80018
Fix debian docker available version (#7668) 2021-06-01 20:58:39 -07:00
Cristian Calin
6a2ea94b39
Docs improvements (#7660) 
* Docs: update sidebar

* Docs: move registry documentation into docs/

* Docs: move rbd_provisioner documentation into docs/

* Docs: move cephfs_provisioner into docs/

* Docs: move local_volume_provisioner documentation into docs/

* Docs: move ambassador.md to docs/ingress_controller/

* Docs: move metallb.md to docs/ingress_controller/

* Docs: move ingress_nginx documentation into docs/

* Docs: move alb_ingress_controller documentation into docs/

* Docs: merge ambassador documentation into docs/ingress_controller/

* Docs: move cert_manager documentation into docs/

* Docs: move bootstrap-os documentation into docs/

* Docs: update file locations in sidebar
 2021-06-01 07:30:27 -07:00
Cedric Hnyda
4674b03661
Add cinder_csi_ignore_volume_az (#7624) 
Signed-off-by: Cedric Hnyda <cedric.hnyda@itera.io>
 2021-06-01 07:10:27 -07:00
kongxs
922de32290
spelling mistakes (#7664) 
Signed-off-by: kjinan <2008kongxiangsheng@163.com>
 2021-05-31 05:46:26 -07:00
Florian Ruynat
7896bc7831
Add Fedora 33 image and CI, remove Fedora 31 (EOL) + update docker packages (#7657) 
* Update docker package to 20.10.6

* Add Fedora 33 image and CI, remove Fedora 31 (EOL)
 2021-05-28 08:04:25 -07:00
AnatomicJC
da07459bd6
Update crun 0.19 checksum (#7655) 
Checksum of crun 0.19 is not correct, this commit fixes it
 2021-05-27 15:20:23 -07:00
Fredrik Liv
3ca205446e
Added possibility to specify vSphere credentials via env variables (#7646) 
* Added possibility to specify vSphere credentials via env variables

* Removed excessive spacing
 2021-05-27 12:02:30 -07:00
forselli-stratio
eff1931283
Add retries to 'Set label for route reflector' task (#7645) 2021-05-27 12:02:23 -07:00
Florian Ruynat
fd8ae54fa7 Docker default version is now 20.10 2021-05-27 11:18:24 -07:00
Florian Ruynat
79fdee3979 Bump crio to default 1.21 2021-05-27 11:18:24 -07:00
Florian Ruynat
a754c0d476 Kubernetes now use CoreDNS 1.8.0 2021-05-27 11:18:24 -07:00
Florian Ruynat
7208169db3 Update kubernetes version to 1.21.1 2021-05-27 11:18:24 -07:00
Cristian Calin
7b5d43cc00
Calico: upgrade 3.18 to 3.18.4 (#7648) 2021-05-26 05:51:21 -07:00
Cristian Calin
c5ccedb694
store openstack external cloud controller ca.cert in a k8s secret instead of the host filesystem (#7603) 2021-05-26 00:35:21 -07:00
Cristian Calin
858b29f425
Calico: add support for v3.19.1 (#7630) 
* Calico: add v3.19.1 hashes

* enable liveness probe for calico-kube-controllers

3.19.1

* Calico: drop support for v3.16.x

* Calico: promote v3.18.3 as default
 2021-05-25 13:40:50 -07:00
efrikin
7db76f8809
Add nodeSelctor for other services and node labels before CNI setup (#7613) 2021-05-25 13:40:43 -07:00
Florian Ruynat
bcf695913f
Fix Oracle yum disabled repository file after EPEL install (#7639) 2021-05-25 08:30:23 -07:00
Fatih Sarhan
59fc17f4e3
Override the default value of containerd's root, state, and oom_score (#7622) 
* Override the default value of containerd's root, state, and oom_score configurations

* Add tests data for containerd_storage_dir, containerd_state_dir and containerd_oom_score variables
 2021-05-19 08:24:53 -07:00
Florian Ruynat
c1aa755a3c
Fix missing broken_etcd filter in recover control plane task (#7619) 2021-05-18 10:29:04 -07:00
Pavel Martynov
29c2fbdbc1
Fix cloud_resolver type from str to list (issue #7605) (#7606) 2021-05-18 06:41:30 -07:00
Pavel Martynov
4b9f98f933
Fix pull_by_digest variable type to boolean instead of str (#7612) 2021-05-18 06:29:31 -07:00
Cristian Calin
e9870b8d25
add support for using ansible 2.10.x for deploying kubespray (#7600) 
* add support for using ansible 2.10.x for deploying kubespray

* move dns-autoscaler-clusterrole{binding}.yml to files/ folder

* note that ansible 2.10 is now experimentally supported

* coredns: move files to templates like before #4341
 2021-05-18 05:39:31 -07:00
Muzi Li
e0c74fa082
Update nerdctl version to 0.8.1 (#7617) 2021-05-17 11:07:30 -07:00