Kenichi Omichi
eeeca4a1d0
[2.17] Update kubernetes version to 1.21.6 ( #8142 )
2021-11-02 01:32:58 -07:00
Sébastien Masset
7e296b1523
Fixed default DNS min replica for single node clusters ( #8109 )
2021-10-26 23:59:25 -07:00
Utku Özdemir
488fbd8a37
Implement drain fallback with --disable-eviction to ignore PDBs ( #8102 )
...
Signed-off-by: Utku Ozdemir <uoz@protonmail.com>
2021-10-21 06:14:09 -07:00
Cristian Calin
f7242d39b9
Calico: increase calico node probe timeouts and allow tunning ( #7981 ) ( #8103 )
2021-10-21 05:06:10 -07:00
Mathieu Parent
87fee0cccf
[2.17] Fix containerd failed to start if apparmor is not installed ( #8042 )
...
* Ensure apparmor is installed (#8011 )
Kubespray deployment failed when using containerd backend on nodes that apparmor was not installed or previously removed. This PR ensure apparmor is installed by adding it into required_pkgs var.
(cherry picked from commit 4bace2491d
)
* Ensure apparmor is installed (#8036 )
Kubespray deployment failed when using containerd backend on nodes that apparmor was not installed or previously removed. This PR ensure apparmor is installed by adding it into required_pkgs var.
(cherry picked from commit af04906b51
)
Co-authored-by: rtsp <git@rtsp.us>
2021-10-01 10:00:24 -07:00
Kenichi Omichi
45018ac077
Check if openstack application credentials are empty since they always exists ( #8021 ) ( #8038 )
...
Co-authored-by: Hugo Blom <bl0m1@users.noreply.github.com>
2021-09-30 08:02:08 -07:00
Kenichi Omichi
9fafe9849b
Add proxy for subscription-manager ( #8012 ) ( #8039 )
...
If using proxy, it is necessary to configure it before running
"subscription-manager status" command.
This adds the step.
2021-09-30 02:20:08 -07:00
Kenichi Omichi
3b2b618cd2
check if 'plugins' key exists in calico_cni_config object ( #7717 ) ( #8040 )
...
* check if 'plugins' key exists in calico_cni_config object
* fix whitespace linting error
* fixed when list indentation
Co-authored-by: David Louks <2402775+dlouks@users.noreply.github.com>
2021-09-30 02:12:07 -07:00
Kenichi Omichi
bf1bb5984b
Use kube_config_dir for kubeconfig ( #7996 ) ( #8037 )
...
The path of kubeconfig should be configurable, and its default value
is /etc/kubernetes/admin.conf. Most paths of the file are configurable
but some were not. This make those configurable.
2021-09-30 02:08:08 -07:00
Kenichi Omichi
04a8a19ce6
Issue 8004: Fix typha prometheus ( #8005 ) ( #8035 )
...
The typha prometheus settings were in the `volumeMounts` section of the
spec and not in the `envs` section. This was cauing the deployment to
fail because it was looking for a volumeMount.
```
failed: [controller-001.a2.da.dev.logdna.net] (item=calico-typha.yml) => {"ansible_loop_var": "item", "changed": false, "item": {"ansible_loop_var": "item", "changed": true, "checksum": "598ac79530749e8e2110793b53fc49ac208e7130", "dest": "/etc/kubernetes/calico-typha.yml", "diff": [], "failed": false, "gid": 0, "group": "root", "invocation": {"module_args": {"_original_basename": "calico-typha.yml.j2", "attributes": null, "backup": false, "checksum": "598ac79530749e8e2110793b53fc49ac208e7130", "content": null, "delimiter": null, "dest": "/etc/kubernetes/calico-typha.yml", "directory_mode": null, "follow": false, "force": true, "group": null, "local_follow": null, "mode": null, "owner": null, "regexp": null, "remote_src": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": "/home/core/.ansible/tmp/ansible-tmp-1632349768.56-75434-32452975679246/source", "unsafe_writes": null, "validate": null}}, "item": {"file": "calico-typha.yml", "name": "calico", "type": "typha"}, "md5sum": "53c00ac7f562cf9ecbbfd27899ea066d", "mode": "0644", "owner": "root", "size": 5378, "src": "/home/core/.ansible/tmp/ansible-tmp-1632349768.56-75434-32452975679246/source", "state": "file", "uid": 0}, "msg": "error running kubectl (/opt/bin/kubectl --namespace=kube-system apply --force --filename=/etc/kubernetes/calico-typha.yml) command (rc=1), out='service/calico-typha unchanged\n', err='error: error validating \"/etc/kubernetes/calico-typha.yml\": error validating data: [ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[2]): unknown field \"value\" in io.k8s.api.core.v1.VolumeMount, ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[2]): missing required field \"mountPath\" in io.k8s.api.core.v1.VolumeMount, ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[3]): unknown field \"value\" in io.k8s.api.core.v1.VolumeMount, ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[3]): missing required field \"mountPath\" in io.k8s.api.core.v1.VolumeMount]; if you choose to ignore these errors, turn validation off with --validate=false\n'"}
```
Co-authored-by: Eric Lake <ericlake@gmail.com>
2021-09-29 10:22:49 -07:00
Kenichi Omichi
ae1fb69382
Fix cilium operator metrics activation ( #8000 ) ( #8033 )
...
This is a cherry-pick of 598f178054
Co-authored-by: Léopold Jacquot <leopold.jacquot@infomaniak.com>
2021-09-29 01:32:49 -07:00
Kenichi Omichi
dfee7a8ec5
Fix k8s-certs-renew cp path ( #7992 ) ( #8032 )
...
This is a cherry-pick of 2211504790
Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
Co-authored-by: Wang Zhen <lazybetrayer@gmail.com>
2021-09-29 01:28:48 -07:00
Kenichi Omichi
bd4407199c
Add metrics_server_resizer option ( #8018 ) ( #8031 )
...
The addon-resizer container can reduce resource limits of cpu and
memory of metrics-server container in the pod, and that caused
OOMKilled.
In addition, the original metrics-server manifest doesn't contain
the addon-resizer container as [1].
So this adds metrics_server_resizer option to control the addon-resizer
container deployment and the default value is false to make it stable
for most environments.
This is a cherry-pick of 8d3961edbe
[1]: 527679e5e8/manifests/base/deployment.yaml
2021-09-28 11:15:16 -07:00
Kenichi Omichi
6cfa3bbb22
Remove allowPrivilegeEscalation from metrics-server ( #8014 ) ( #8025 )
...
"allowPrivilegeEscalation: false" blocks deploying metrics-server
on CentOS7. In addition, the original metrics-server manifest doesn't
contain it as [1]. This removes it.
[1]: 527679e5e8/manifests/base/deployment.yaml
2021-09-27 23:54:43 -07:00
Hari Hud
30cd91dc6b
Add option to kubeadm upgrade command to control certificates renewal during control plane upgrade ( #7976 )
...
* Add option to kubeadm upgrade command to control certificates renewal during control plane upgrade
* Remove training whitespace
2021-09-17 04:31:00 -07:00
Florian Ruynat
f2fa9c3b31
Update hashes with new versions
2021-09-17 00:39:02 -07:00
Florian Ruynat
30a7dfa4f8
Fix ubuntu16/centos8 CI jobs ( #7972 )
2021-09-16 23:39:01 -07:00
Samuel Liu
62ab477838
remove kube_proxy_conntrack_max var ( #7971 )
2021-09-15 08:22:31 -07:00
rtsp
f8a57f7598
Fix iptables missing on Debian 11 if APT::Install-Recommends=0 ( #7964 )
...
On Debian 11, `ipset` just recommend `iptables` so on the system that apt is configured with `APT::Install-Recommends "0";` iptables will not install automatically.
2021-09-14 08:19:09 -07:00
Bryan Hundven
35c928798d
Fix missing file mode (risky-file-permissions) ( #7959 )
...
* Fix missing file mode (risky-file-permissions)
Found this using ansible-lint.
Signed-off-by: Bryan Hundven <bryanhundven@gmail.com>
* Fix another missing file mode (risky-file-permissions)
This one fixes `/etc/crio/config.json`
Signed-off-by: Bryan Hundven <bryanhundven@gmail.com>
2021-09-09 23:35:59 -07:00
jhchong92
83f64a7ff9
Bugfix/cinder csi cloud config template ( #7955 )
...
* Fix invalid condition for username and password inclusion
* Use length filter to test variable conditions
2021-09-09 10:04:11 -07:00
Florian Ruynat
60853fa682
Update kube-ovn to 1.7.2
2021-09-09 08:14:10 -07:00
Florian Ruynat
b66356be65
Update cilium to 1.9.10
2021-09-09 08:14:10 -07:00
jhchong92
efae2dbad6
Update snapshot-controller repository and image versions ( #7957 )
2021-09-09 08:10:11 -07:00
jhchong92
bd8b8916a8
Remove invalid spec - deployment.spec.serviceName ( #7949 )
2021-09-08 13:05:56 -07:00
jhchong92
57063b6828
Replace incorrect {% end %} tags with {% endif %} in csi_crd templates ( #7947 )
2021-09-08 12:59:57 -07:00
Ole Mathias Aa. Heggem
69b67a293a
Calico: Add kube_service_addresses_ipv6 to serviceClusterIPs ( #7889 ) ( #7944 )
...
Add IPv6 Service Addresses to BGP advertisement when
calico_advertise_cluster_ips is true.
2021-09-08 00:37:20 -07:00
Cristian Calin
d57ddf0be8
Feature DynamicKubeletConfig is deprecated in 1.22 and will not move to GA ( #7938 )
...
* Feature DynamicKubeletConfig is deprecated in 1.22 and will not move to GA
* Add check for dynamic_kubelet_configuration with kube >= 1.22
2021-09-07 10:47:16 -07:00
Cristian Calin
43e7e2d663
nginx-ingress: bump to 1.0.0 to support kube 1.22 ( #7942 )
2021-09-06 04:50:36 -07:00
Cristian Calin
d355b43dce
ContainerD: bump containerd version to 1.4.9 ( #7940 )
2021-09-06 04:50:29 -07:00
Cristian Calin
5d52025266
crictl: add hashes for 1.22 ( #7936 )
2021-09-06 04:46:29 -07:00
Cristian Calin
db470f8529
Update CSI snaphotter and make it independent ( #7943 )
...
* CSI: update CSI snapshot CRDs
* CSI: update snapshot controller tag version with kubernetes specific versions
* CSI: allow enabling csi_snapshot_controller independent of Cinder CSI
* CSI: Align csi-snapshot-controller with upstream and use a Deployment instead of a StatefulSet
2021-09-06 04:24:29 -07:00
kranthi guttikonda
81bf4f9304
cri-o registry auth support ( #7837 )
...
* cri-o registry auth support
* yaml lint for comments
* crio_registry_auth from registry_auth
* crio_registry_auth as defaults
2021-09-01 10:20:59 -07:00
Maciej Wereski
e1967b0700
MetalLB: keep nodeSelector in one place ( #7931 )
...
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
2021-09-01 09:05:00 -07:00
Olivier Lemasle
507091ec8b
Replace cluster_name by dns_domain ( #7923 )
...
`cluster_name` defaults to `dns_domain` value (see [here][1] and [here][2])
but they could have different values.
`dns_domain` should be used here instead of `cluster_name` because the DNS
resolution is configured to use `dns_domain`.
[1]: 0ef7af76bc/roles/kubespray-defaults/defaults/main.yaml (L104)
[2]: 1afdb05ea9/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml (L196)
2021-09-01 08:18:59 -07:00
Maciej Wereski
48ceca4919
MetalLB: update to v0.10.2 ( #7925 )
...
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
2021-09-01 03:00:59 -07:00
Cristian Calin
426ad81db0
Calico: replace hashes for latest 3.17 and 3.18 to the .5 minor versions ( #7924 )
2021-08-31 13:38:21 -07:00
Olivier Lemasle
497d2ca306
Fix Calico's FelixConfiguration when "IP in IP" is disabled ( #7926 )
...
When using Calico with:
- `calico_network_backend: vxlan`,
- `calico_ipip_mode: "Never"`,
- `calico_vxlan_mode: "Always"`,
the `FelixConfiguration` object has `ipipEnabled: true`, when it should be false:
This is caused by an error in the `| bool` conversion in the install task:
when `calico_ipip_mode` is `Never`,
`{{ calico_ipip_mode != 'Never' | bool }}` evaluates to `true`:
2021-08-31 13:14:21 -07:00
Calvin Park
9d3888a756
During pre-upgrade add a flag to always cordon ( #7892 )
...
* During pre-upgrade add a flag to always cordon
* empty
* empty
* empty
* Better default val
2021-08-30 10:56:09 -07:00
rtsp
c8e090c17f
Add preliminary Debian 11 (bullseye) support ( #7853 )
...
- Use python3-apt instead because python-apt was removed in Debian 11
- Add gnupg (fix "container-engine/containerd : ensure containerd repository public key is installed" task failed)
- Remove aufs-tools
Signed-off-by: rtsp <git@rtsp.us>
2021-08-30 09:53:06 -07:00
Florian Ruynat
1ccf32e08f
Update docker to 20.10.8 ( #7918 )
2021-08-30 08:25:06 -07:00
Florian Ruynat
17af348be8
Add bunch of Kubernetes versions missing
2021-08-30 08:17:05 -07:00
Cristian Calin
1afdb05ea9
Fedora and RHEL use etc_t and the convention is <type_name>_t ( #7891 )
...
* Fedora and RHEL use etc_t and the convention is <type_name>_t
* Docs: specify all values for preinstall_selinux_state
* CI: Add Fedora 34 with SELinux in enforcing mode
2021-08-27 14:20:53 -07:00
Sergey
89993e4833
fix error metrics server capabilities name ( #7905 )
2021-08-25 12:06:15 -07:00
Cristian Calin
1c3d33e146
Calico: 3.20.0 policy update to allow access to endpointslices ( #7899 )
2021-08-25 12:06:01 -07:00
Cristian Calin
f66c49bf42
Calico: replace version 3.19.1 with 3.19.2 and set as default ( #7867 )
...
Bump calico version to 3.19.2 due to adding 3.20.0 earlier
2021-08-25 07:32:41 -07:00
rtsp
4c9d7dedb3
addons/cert_manager: retries until webhook pods has been created ( #7850 )
...
Fix task 'Cert Manager | Wait for Webhook pods become ready' failed due to webhook pods don't exist yet by using `retries..until` trick like kubernetes-sigs/kubespray#7842
This fix should be removed in the future if the kubernetes/kubernetes#83242 is resolved.
Signed-off-by: rtsp <git@rtsp.us>
2021-08-25 07:16:41 -07:00
Sergey
5336943a8c
add cilium_operator_api_serve_addr to cilium operator config ( #7901 )
2021-08-24 03:49:13 -07:00
Samuel
a040e521b4
feat(containerd): auth support ( #7868 )
...
* feat(containerd): auth support
* fix(registry-auth): rename variable
2021-08-23 06:40:00 -07:00
Cristian Calin
0ac364dfae
Calico: use --allow-version-mismatch in calicoctl.sh to allow upgrades ( #7873 )
2021-08-20 14:30:48 -07:00