Commit graph

6491 commits

Author SHA1 Message Date
Kenichi Omichi
c2fb1a0747
Add VAGRANT_ANSIBLE_TAGS for normal deployment (#8697)
Current ansible.tags 'facts' is for skipping actual Kubespray deployment
at vagrant CI because the deployment takes much time. However the static
'facts' skips the deployment for normal usage of vagrant also.
That causes confusions.

This adds VAGRANT_ANSIBLE_TAGS to skip the deployment for vagrant CI.
2022-04-08 23:58:04 -07:00
Thomas Eberle
00a4d2d3c4
Removed quotation of nerdctl_extra_flags. (#8695)
The quotations in the variable nerdctl_extra_flags are not required for the `nerdctl_image_pull_command` and throw the following error when executing the cluster-playbook with `container_insecure_registries` set:
        unknown flag: --insecure-registry\\\"
This happens as the complete nerdctl_image_pull_command string variable gets split into an array string for the cmd task. The escaped quotation doesn't get escaped properly and is added to the cmd-string array as part of the command. This leads to a wrong written insecure-registry flag, which throws this error.
2022-04-08 08:02:43 -07:00
Samuel Liu
424ef3b3f9
[calico] add calico apiserver (#8690)
* [calico] add calico apiserver

* fix yamllint

* remove addext argument

* Configure API server with the CA bundle

* add check kdd
2022-04-08 00:02:42 -07:00
Mathieu Parent
996ef98b87
Add support for kube-vip (#8669)
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
2022-04-07 10:37:57 -07:00
Unai Arríen
19d5a1c7c3
Ensure all Kubelet required kernel values are configured when enabling protectKernelDefaults (#8692) 2022-04-07 08:33:59 -07:00
rtsp
0481dd946f
[cert-manager] Upgrade to v1.8.0 (#8688) 2022-04-06 00:52:57 -07:00
cyril-corbon
29109575f5
fix: reset docker was not removing docker properly (#8680)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-04-05 21:36:55 -07:00
emiran-orange
3782573ede
Single quotes are missing in jsonpath argument of kubectl get node (#8683) 2022-04-05 09:45:38 -07:00
Alessio Greggi
bba91a7524
split kube_feature_gates variable for different kubernetes components (#8677)
* feat: split kube_feature_gates variable for different kubernetes components

* docs: add kube_feaute_gates componet variables
2022-04-05 05:39:37 -07:00
Cristian Calin
b67cadf743
[crun] upgrade to 1.4.4 (#8675) 2022-04-04 23:57:36 -07:00
cyril-corbon
56dda4392c
[validate-container-engine] check if kubelet is present was not working (#8679)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-04-04 09:34:12 -07:00
Cristian Calin
34fec09ff1
[containerd] upgrade versions to address CVE-2022-24769 (#8671)
* [containerd] add hashes for 1.5.11

* [containerd] add hashes for 1.6.2

* [containerd] make 1.6.2 the new default
2022-04-04 05:30:11 -07:00
Cristian Calin
cefd1339fc
[vsphere_csi] update to 2.5.1 and make external_vsphere_version 7.0u1 by default (#8676) 2022-04-04 01:08:11 -07:00
Cristian Calin
b915376194
[runc] upgrade to 1.1.1 (#8674) 2022-04-04 00:42:23 -07:00
Cristian Calin
455cc6ff75
[nerdctl] upgrade to 0.18.0 (#8672) 2022-04-04 00:42:11 -07:00
Cristian Calin
cc9c376d0f
[validate-container-engine] add facts tag to tasks needed for vagrant jobs (#8678) 2022-04-04 00:32:11 -07:00
Kenichi Omichi
018611f829
Fix quotation of nerdctl_extra_flags (#8668)
Due to missing quotation of nerdctl_extra_flags, ansible-playbook was failed:

  Using module file /usr/local/lib/python3.6/dist-packages/ansible/modules/command.py
  Pipelining is enabled.
    [..]
    File "/usr/lib/python3.8/shlex.py", line 191, in read_token
      raise ValueError("No closing quotation")

This fixes the issue.

T-Eberle investigated the issue and found the solution.
Thank you T-Eberle!
2022-04-02 10:56:09 -07:00
cyril-corbon
1781eab21f
fix: uninstall contailer engine if service is running (#8662) 2022-04-01 09:20:46 -07:00
190ikp
78b05d0ffc
fix disk controller type in Vagrantfile (#8656) 2022-03-31 10:51:01 -07:00
Florian Ruynat
1c0df78278
Add ETCD_EXPERIMENTAL_INITIAL_CORRUPT_CHECK flag to etcd config (#8664) 2022-03-31 08:17:01 -07:00
Kenichi Omichi
6cc9da6b0a
Update vagrant.md (#8663)
To read it easily, this puts new lines.
2022-03-31 00:07:00 -07:00
Florian Ruynat
6af9cae0a5
Add missing 2.10 ansible test (#8665) 2022-03-30 08:12:27 -07:00
Cristian Calin
ef29455652
[ansible] make ansible 5.x the new default version (#8660)
* [ansible] make ansible 5.x the new default version and move different versions tested to nightly jobs

* [CI] jobs were missing proper ansible cleanup
2022-03-29 15:36:11 -07:00
Kenichi Omichi
503ab0f722
Run 0100-dhclient-hooks if dhcpclient is enabled (#8658)
If running Kubespray on static IP environments, a task was failed like:

  TASK [kubernetes/preinstall : Configure dhclient hooks for resolv.conf (RH-only)]
  fatal: [ak8s2]: FAILED! => {
    "changed": false, "checksum": "..",
    "msg": "Destination directory /etc/dhcp/dhclient.d does not exist"}

This adds a check for dhclientconffile for running 0100-dhclient-hooks to
run the task only if dhcpclient is enabled.
2022-03-29 00:11:11 -07:00
Christian Rohmann
90883e76af
terrform/openstack: Fix templating of ansible_ssh_common_args in no_floating.yml if used as TF module (#8646)
* terraform/openstack: Use path.module for ansible_bastion_template.txt

This extends on #7643 by not using path.root, but switching to path.module
to allow use of the terraform code as a module itself. This change then keeps
all calls to the template file stable even for that use-case.

* terraform/openstack: Make sed calls fail on errors

By using a single call with two replacements to use of sed will create proper exit codes
and allowing for errors to be recognized by terraform.
2022-03-29 00:07:11 -07:00
Cristian Calin
113de8381c
[ansible] add support for ansible 5 (ansible-core 2.12) (#8512) 2022-03-28 08:49:22 -07:00
Calin Cristian Andrei
652f2edbe1 [etcd] add 0 hash for arm v3.5.2 to prevent deployment failures 2022-03-28 08:40:30 +02:00
rtsp
a67e36703f
Update cert-manager to v1.7.2 (#8648) 2022-03-26 04:53:22 -07:00
Samuel Liu
73c6943402
fix vagrant parameter (#8650) 2022-03-25 18:57:58 -07:00
Florian Ruynat
d46817d690 Remove centos7 molecule while opensuse mirror is flaky 2022-03-25 16:57:58 -07:00
Florian Ruynat
97cb64c62d Remove k8s module for ns creation 2022-03-25 16:57:58 -07:00
Florian Ruynat
3f70241fb7 Update kubernetes image to 2.18.1 2022-03-25 16:57:58 -07:00
Maciej Wereski
21b71b38a3
Vagrantfile: add var to set ansible verbosity level (#8639)
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
2022-03-22 06:11:44 -07:00
Erwan Miran
b2f9442aba
Have ingress_controller and external_provisioner in upgrade-cluster.yml (#8640) 2022-03-22 05:43:43 -07:00
Cristian Calin
fa9f85c7e9
[sysctl] set fs.may_detach_mounts=1 even when CRIs don't set it themselves (#8635) 2022-03-21 17:36:13 -07:00
Fredrik Liv
ffa285c2e7
Fixed cluster roles for openstack cloud controller (#8638) 2022-03-21 06:19:21 -07:00
Kenichi Omichi
7b1dc600d5
Fix the condition of drain on pre-remove task (#8634)
When running cluster.yml for new machines what containerd is already
install but Kubernetes cluster were not installed before, the task
"remove-node | List nodes" is failed like

  "changed": false,
  "cmd": [
    "/usr/local/bin/kubectl", "--kubeconfig",
    "/etc/kubernetes/admin.conf", "get", "nodes", "-o",
    "go-template={{ range .items }}{{ .metadata.name }}
    {{ "\n" }}{{ end }}"
   ],
   ..
   "stderr": "error: stat /etc/kubernetes/admin.conf: no such file or directory",

That was due to lack to check the existing Kubernetes cluster exists
or not before running "kubectl drain" command.
This adds the check to avoid the issue.
2022-03-21 01:39:10 -07:00
Cristian Calin
5e67ebeb9e
[container image] use focal (ubuntu 20.04) base image for our docker builds (#8631) 2022-03-18 09:58:41 -07:00
Fredrik Liv
af7066d33c
Updated openstack cloud controller version to v1.22.0 (#8629)
* Updated openstack cloud controller version to match kubernetes version

* Rolled back file structure change
2022-03-18 01:47:16 -07:00
Cristian Calin
dd2d95ecdf
[calico] don't enable ipip encapsulation by default and use vxlan in CI (#8434)
* [calico] make vxlan encapsulation the default

* don't enable ipip encapsulation by default
* set calico_network_backend by default to vxlan
* update sample inventory and documentation

* [CI] pin default calico parameters for upgrade tests to ensure proper upgrade

* [CI] improve netchecker connectivity testing

* [CI] show logs for tests

* [calico] tweak task name

* [CI] Don't run the provisioner from vagrant since we run it in testcases_run.sh

* [CI] move kube-router tests to vagrant to avoid network connectivity issues during netchecker check

* service proxy mode still fails connectivity tests so keeping it manual mode

* [kube-router] account for containerd use-case
2022-03-17 18:05:39 -07:00
Sergey
a86d9bd8e8
do not remove package in validate container engine role when Fedora CoreOS distr (#8626) 2022-03-17 06:49:20 -07:00
Calin Cristian Andrei
21b1516d80 [kubernetes] add hashes for 1.21.11 2022-03-17 05:03:20 -07:00
Calin Cristian Andrei
4c15038194 [kubernetes] add hashes for 1.22.8 2022-03-17 05:03:20 -07:00
Calin Cristian Andrei
538f9df5cc [kubernetes] make 1.23.5 the default 2022-03-17 05:03:20 -07:00
Calin Cristian Andrei
efb0412b63 [kubernetes] add hashes for 1.23.5 2022-03-17 05:03:20 -07:00
Qasim Mehmood
5a486a5cca
Calico: Fix Wireguard support for CentOS Stream 9/RHEL 9 Beta (#8625) 2022-03-17 04:11:20 -07:00
Cristian Calin
394857b5ce
[docker] add support for cri-dockerd as a replacement for dockershim (#8623) 2022-03-16 16:28:11 -07:00
Cristian Calin
5043517cfb
[containerd] avoid cleanup of /usr/bin on ostree distributions (#8624) 2022-03-15 13:47:48 -07:00
Max Gautier
307d122a84
Helm-apps role for installing helm charts (#8347)
* Sketch of helm-apps role interface

* helm-apps: Early implementation and settings

* helm-apps: Fix README.md example playbook

* fixup! Sketch of helm-apps role interface

* Make the argument specs more explicit

* Remove exposed options from hardcoded default

* Simplify example playbook in README.md

- Define directly the roles parameters
- Add an example of option override for one chart only

* Use release instead of charts

Make explicit that the role is mananing releases, not charts.
Simplify parameters naming
2022-03-14 08:29:58 -07:00
onock
d444a2fb83
[systemd-resolved] Fix DNS configuration according to docs/dns-stack.md and during reset of cluster (#8560) (#8561) 2022-03-14 02:08:22 -07:00