Kenichi Omichi
814760ba25
Use blocks for macvlan tasks for each distribution ( #8918 )
...
For the code readability, this adds blocks for each distribution.
2022-06-06 07:50:24 -07:00
vanyasvl
a4f752fb02
Add subjectAltName to calico-apiserver certificate ( #8907 )
...
* Add AltName to calico-apiserver certificate
* fix support for centos7 openssl
2022-06-06 07:38:23 -07:00
Daniil Muidinov
5c136ae3af
[calico] add 3.22.3 and 3.23.1 ( #8897 )
...
* [calico]
* add 3.22.3 and 3.23.1
* set 3.22.3 default
* fix download crd for calico 3.22.3 and upper
* update calico README.md
2022-05-31 13:27:23 -07:00
mahjonp
c927da00e0
Support cilium ip-masq-agent configuration ( #8893 )
...
* fix deploy Cilium with eBPF-based Masquerading failed
Signed-off-by: mahjonp <junpeng.man@gmail.com>
* forget to add the enable-ip-masq-agent flag
Signed-off-by: mahjonp <junpeng.man@gmail.com>
2022-05-31 09:26:53 -07:00
Kenichi Omichi
dc2a18e436
Merge pull request #8815 from simplekube-ro/dont_clobber_calico
...
[calico] don't clobber calico options set by the user
2022-05-24 10:25:48 -07:00
Ross Kusler
4c97ce747c
Adding support for the kube-router flag --cluster-asn flag ( #8837 )
2022-05-23 16:39:10 -07:00
Tamas Pasztor
9d3a894991
Possible remove ippools from cni config ( #8845 )
...
* Possible remove ippools from cni config
* Typo
* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
* Update cni-calico.conflist.j2
Incorrectly deleted calico forwarding content.
* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2022-05-19 23:45:13 -07:00
Samuel Liu
a28b58dbd0
[calico]use ipamconfig instead of calico ipam command ( #8839 )
...
* use ipamconfig instead of calico ipam command
* fix ansible lint
2022-05-19 11:13:20 -07:00
Samuel Liu
eea7bb7692
only need run this once ( #8833 )
...
calicoctl ipam xx
calicoctl apply xx
2022-05-17 09:52:27 -07:00
Calin Cristian Andrei
569a319ff5
[calico] don't clobber user set bgp configuration options that are not managed by kubespray
2022-05-12 15:50:38 +00:00
Calin Cristian Andrei
47812ec002
[calico] don't clobber user set ippool options that are not managed by kubespray
2022-05-12 15:50:05 +00:00
Calin Cristian Andrei
c27dee57ea
[calico] don't clobber user set felixconfig options that are not managed by kubespray
2022-05-12 15:49:24 +00:00
Cyclinder
3eb0a4071a
set default value of name to "k8s-pod-network" ( #8813 )
...
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2022-05-12 08:29:14 -07:00
Samuel Liu
f26f544ff6
[kube-ovn]: update kube-ovn version and sync some feature ( #8790 )
...
* [kube-ovn]: some feature
kube-ovn vlan mode
ipv6/ipv4 dual stack
...
* remove unused env
* fix readinessprobe
2022-05-11 21:35:15 -07:00
Necatican Yıldırım
13443b05a6
Overhaul Cilium manifests to match the newer versions ( #8717 )
...
* [cilium] Separate templates for cilium, cilium-operator, and hubble installations
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update cilium-operator templates
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update cilium-agent templates
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Bump Cilium version to 1.11.3
Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-05-11 06:23:04 -07:00
Samuel Liu
1294fd5730
check calico ipv6 ( #8738 )
...
* check calico ipv6
* just check ipip mode for ipv6
2022-04-29 00:35:13 -07:00
zhengtianbao
937e64d296
Update flannel use install-cni-plugin to fit upstream ( #8714 )
...
* Update flannel use install-cni-plugin to fit upstream
* Replace flannel cni repo
* Remove download flannel binary
2022-04-18 09:44:41 -07:00
Cristian Calin
45262da726
[calico] call calico checks early on to prevent altering the cluster with bad configuration ( #8707 )
2022-04-14 01:08:46 -07:00
Samuel Liu
424ef3b3f9
[calico] add calico apiserver ( #8690 )
...
* [calico] add calico apiserver
* fix yamllint
* remove addext argument
* Configure API server with the CA bundle
* add check kdd
2022-04-08 00:02:42 -07:00
Cristian Calin
dd2d95ecdf
[calico] don't enable ipip encapsulation by default and use vxlan in CI ( #8434 )
...
* [calico] make vxlan encapsulation the default
* don't enable ipip encapsulation by default
* set calico_network_backend by default to vxlan
* update sample inventory and documentation
* [CI] pin default calico parameters for upgrade tests to ensure proper upgrade
* [CI] improve netchecker connectivity testing
* [CI] show logs for tests
* [calico] tweak task name
* [CI] Don't run the provisioner from vagrant since we run it in testcases_run.sh
* [CI] move kube-router tests to vagrant to avoid network connectivity issues during netchecker check
* service proxy mode still fails connectivity tests so keeping it manual mode
* [kube-router] account for containerd use-case
2022-03-17 18:05:39 -07:00
Qasim Mehmood
5a486a5cca
Calico: Fix Wireguard support for CentOS Stream 9/RHEL 9 Beta ( #8625 )
2022-03-17 04:11:20 -07:00
Toni Tauro
5a49ac52f9
feat(calico): add configurable ipam strictaffinity ( #8581 )
...
Signed-off-by: Toni Tauro <toni.tauro@adfinis.com>
2022-03-07 22:58:33 -08:00
Tom Janson
ddef7e1139
missing "check_mode: no"s for several read-only tasks ( #8584 )
...
this is not complete -- there are almost certainly more instances of
this issue
2022-03-02 09:29:14 -08:00
Florian Ruynat
4f1499bd23
Fixup remaining etcd_kubeadm_enabled variables ( #8576 )
2022-02-23 06:46:18 -08:00
Cristian Calin
402e85ad6e
[calico] upgrade release checksums ( #8544 )
...
* [calico] upgrade 3.19.x to 3.19.4
* [calico] upgrade 3.20.x to 3.20.4
* [calico] upgrade 3.21.x to 3.21.4 and make it the default
* [calico] add 3.22.0 checksums
* [calico] account for path changes in calico 3.21.4 crd archive and above
2022-02-15 16:35:02 -08:00
kakkotetsu
1ebe456f2d
add support for Calico IP6_AUTODETECTION_METHOD ( #8541 )
2022-02-14 17:26:14 -08:00
Tom Stian Berget
84b93090a8
Change Cilium setting identity_allocation_mode to cilium_identity_allocation_mode ( #8519 )
...
* Change Cilium identity_allocation_mode to cilium_identity_allocation_mode
* Change inventory sample
2022-02-08 14:04:35 -08:00
Cristian Calin
ef34f5fe7d
[calico] switch default iptables backend detection to Auto ( #8429 )
2022-01-23 23:47:57 -08:00
Necatican Yıldırım
caff539ccd
Add identity_allocation_mode support for Cilium ( #8430 )
...
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2022-01-16 09:29:28 -08:00
Kenichi Omichi
73c889eb10
Fix failures of ansible-lint ( #8401 )
...
This fixes the following types of failures:
- empty-string-compare
- literal-compare
- risky-file-permissions
- risky-shell-pipe
- var-spacing
In addition, this changes .gitlab-ci/lint.yml to block the same issue
by using the same method at Kubespray CI.
2022-01-11 00:45:16 -08:00
forselli-stratio
df425ac143
Fix etcd certificates reference to support etcd_kubeadm_enabled:true ( #7766 )
...
* Fix etcd certificates reference to support etcd_kubeadm_enabled:true
* Add retries to ETCD Join Member task
* Fix etcd certificates reference when etcd_kubeadm_enabled:true
* Fix conflicts
2022-01-10 15:24:25 -08:00
Unai Arríen
57a1d18db3
Improve first_kube_control_plane variable management to avoid installation failures due to variable overlapping ( #8388 )
2022-01-10 01:35:19 -08:00
Kenichi Omichi
f80fd24a55
Fix risky-file-permissions ( #8370 )
...
When running ansible-lint directly, we can see a lot of warning
message like
risky-file-permissions File permissions unset or incorrect
This fixes the warning messages.
2022-01-09 01:51:12 -08:00
Max Gautier
cb54eb40ce
Use a variable for standardizing kubectl invocation ( #8329 )
...
* Add kubectl variable
* Replace kubectl usage by kubectl variable in roles
* Remove redundant --kubeconfig on kubectl usage
* Replace unecessary shell usage with command
2022-01-05 02:26:32 -08:00
Necatican Yıldırım
bf00550388
Upgrade Cilium to 1.11.0 ( #8354 )
...
* Remove kvstore args from Cilium DaemonSet
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* Bump Cilium to 1.11.0
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2022-01-05 00:36:32 -08:00
Cristian Calin
ed3932b7d5
[cni-plugins] upgrade to stable 1.0.1 ( #8331 )
...
* [cni-plugins] upgrade to stable 1.0.1
* [flannel] use binary from dedicated project
2021-12-23 23:16:15 -08:00
emiran-orange
2b5c185826
calico_pool_blocksize must be cast as well in assertion when defined ( #8321 )
...
* calico_pool_blocksize must be cast as string in assertion when defined
* Cast as int rather than string
2021-12-23 00:58:37 -08:00
kakkotetsu
c59407f105
add support for Calico BGPPeer sourceAddress ( #8306 )
2021-12-20 01:51:25 -08:00
Alvaro Campesino
27ab364df5
Improve control plane scale flow ( #13 ) ( #7989 )
...
* Improve control plane scale flow (#13 )
* Added version 1.20.10 of K8s
* Setting first_kube_control_plane to a existing one
* Setting first_kube_control_plane to a existing one
* change first_kube_master for first_kube_control_plane
* Ansible-lint changes
2021-12-06 00:16:32 -08:00
Cristian Calin
dfdebda0b6
Calico: remove duplicate values for CALICO_DISABLE_FILE_LOGGING and FELIX_DEFAULTENDPOINTTOHOSTACTION ( #8269 )
2021-12-03 20:32:31 -08:00
Florian Ruynat
e19ce27352
Remove ovn4nfv support ( #8265 )
2021-12-03 11:56:35 -08:00
Cristian Calin
31c7b6747b
Calico: add dependencies for 3.21.x ( #8250 )
2021-12-02 01:17:33 -08:00
khatrig
3ea496013f
Create reset.yml ( #8227 )
2021-11-24 09:44:20 -08:00
zhengtianbao
a08d82d94e
calico add support for container ip forwarding setting ( #8184 )
2021-11-12 19:06:46 -08:00
Hyojun Jeon
61c2ae5549
Add vxlanEnabled spec in FelixConfiguration ( #8167 )
2021-11-08 00:06:52 -08:00
brainfair
465ffa3c9f
Weave: add extra_args for weave-npc ( #8140 )
...
* add weave_npc_extra_args in template
* add defaults weave_npc_extra_args
* add sample for weave_npc_extra_args
2021-10-28 08:58:27 -07:00
Julio H Morimoto
d42b7228c2
Convert numbers to string for calico's inventory check. ( #8120 )
...
Fix https://github.com/kubernetes-sigs/kubespray/issues/8119
Signed-off-by: Julio Morimoto <julio@morimoto.net.br>
2021-10-24 11:42:21 -07:00
Kenichi Omichi
19d07a4f2e
Fix ownership related to Calico ( #8072 )
...
kube-bench scan outputs warning related to Calico like:
* text: "Ensure that the Container Network Interface file
permissions are set to 644 or more restrictive (Manual)"
* text: "Ensure that the Container Network Interface file
ownership is set to root:root (Manual)"
This fixes these warnings.
2021-10-19 17:35:57 -07:00
Florian Ruynat
16bf3549c1
Update kube-ovn to 1.8.1
2021-10-14 19:42:54 -07:00
Florian Ruynat
b912dafd7a
Update multus to 3.8.0
2021-10-14 19:42:54 -07:00