C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
5996 commits 17 branches 66 tags 141 MiB
Commit graph

3939 commits

Author SHA1 Message Date
Florian Ruynat 18666b3e2d Update multus to 3.7.2 (and move to ghcr.io) 2021-07-20 01:29:31 -07:00
Florian Ruynat ed87386d7b Set default k8s version to 1.21.3 2021-07-20 01:29:31 -07:00
Florian Ruynat 1ad9b33b08 Add hashes for k8s 1.20.8/.9 and 1.19.12/.13 and 1.21.3 2021-07-20 01:29:31 -07:00
Florian Ruynat 000b4565c2 Fix erroneous ansible args 2021-07-20 01:29:31 -07:00
Florian Ruynat eda75fc706 Update kube-router to 1.3.0 2021-07-20 01:29:31 -07:00
Florian Ruynat 6583add63a Update flannel to 0.14.0 (moved from coreos repo to flannel-io) 2021-07-20 01:29:31 -07:00
Florian Ruynat 441ad841cc Use dashboard 2.3.1 image 2021-07-20 01:29:31 -07:00
Florian Ruynat 6511c5dd7a Set Helm default version to 3.6.3 2021-07-20 01:29:31 -07:00
Florian Ruynat d5cbb19b39 Update kube-ovn to 1.7.1 2021-07-20 01:29:31 -07:00
Atsushi Nukariya 417180246c
Fix: typos in docs and comments (#7805) 2021-07-16 18:58:50 -07:00
Fredrik Liv 802fb8b591
Add application credentials support for cinder (#7799) 
* csi-driver: Added possibility to use application credentials for cinder

* external-cloud-controller: Added env vars for openstack application credentials
 2021-07-15 00:56:48 -07:00
spaced c2cf0d9945
add containerd on fedora CoreOS (#7794) 
* set selinux type t_etc if selinux state is enforcing

* workaround with update repo is no longer needed
remove comments about failing playbook

* grubby is not available in distros using ostree

* remove docker support because removed in fcos
update install script example with live rootfs

* do not call grubby on ostree based distro

* update docs enabling containerd on fedora coreos
 2021-07-15 00:00:48 -07:00
jayonlau e61a9077f4
Clean up extra spaces about configuration-qemu.toml.j2 (#7795) 
Clean up extra spaces, although these errors are not important, they affect the code specification.
 2021-07-13 06:38:34 -07:00
spaced bf54dc082b
set selinux type t_etc if selinux state is enforcing (#7791) 2021-07-13 06:34:29 -07:00
cleveritcz 3ff7bc1f64
Added k8s 1.21.2 (#7789) 2021-07-13 06:26:29 -07:00
Cristian Calin 7516fe142f
Move to Ansible 3.4.0 (#7672) 
* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10

* Docs: add a note about ansible upgrade post 2.9.x

* CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures

* Ansible: use newer ansible-lint

* Fix ansible-lint 5.0.11 found issues

* syntax issues
* risky-file-permissions
* var-naming
* role-name
* molecule tests

* Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+

* Pin ansible-base to 2.10.11 to get package fix on RHEL8
 2021-07-12 00:00:47 -07:00
Sébastien Huss b0e4c375a7
Allow cri-o offline install (#7777) 2021-07-09 20:52:45 -07:00
Florian Ruynat d1388d69d0
Fix tests following python change (#7775) 
* Fix ansible detection for python3 and ubuntu

* Fix oracle missing centos-extras repo for containerd/docker dependencies
 2021-07-08 18:52:53 -07:00
Shinerrs d0fb537448
Ubuntu changed package name python-apt to python3-apt (#7769) 
* replaced deprecated python package with python3 package

* removed the version due to duplication
 2021-07-02 06:56:13 -07:00
jayonlau 59cf1770bc
Clean up residual files about /usr/libexec (#7756) 
When reset, need to clean up directory /usr/libexec.
 2021-07-01 02:13:54 -07:00
Vadim 0aaba5ea30
added destination filename to cp command (#7764) 2021-06-30 08:13:03 -07:00
Cristian Calin bd6d810d0a
nodelocaldns: allow binding metrics address to host IP (#7748) 2021-06-29 05:28:41 -07:00
jayonlau e3850fbbbc
Extra spaces of macvlan (#7752) 
Although these errors are not important, they affect the code specification.
 2021-06-28 02:13:25 -07:00
Cristian Calin a3e34f589a
Enable Graceful Node Shutdown for Kubernetes >= 1.21.0 (#7746) 
* Enable Graceful Node Shutdown for Kubernetes >= 1.21.0

* Add sample graceful shutdown parameters
 2021-06-27 23:53:25 -07:00
Cristian Calin a2cf6816ce
Calico wireguard (#7638) 
* Calico: add Wireguard support

* CI: Add Calico Wireguard scenario
 2021-06-25 03:22:45 -07:00
jayonlau bbcafb5d7b
Clean up residual files about modules-load.d (#7737) 
When reset, need to clean up files kube_proxy-ipvs.conf and kubespray-br_netfilter.conf.
 2021-06-25 00:32:45 -07:00
Id2ndR a31baf3c16
Fix deployment without openstack cacert (#7723) 
* fix group name

* fix external-openstack-cloud-config secret

* don't add ca.cert in the secret if not defined
 2021-06-21 05:38:50 -07:00
jayonlau e83728897b
Clean up residual files (#7722) 
* Clean up residual files

When reset, you need to clean up to the kerw directory.

* Update main.yml
 2021-06-21 05:34:50 -07:00
Cristian Calin 282a27a07c
gVisor: initial support for gVisor container runtime (#7661) 
* Docker/Containerd: move downloads urls to containerd-common

* gVisor: initial support for gVisor container runtime
 2021-06-21 05:18:51 -07:00
Sergey 3fe6dbb65c
fix image pull url for coredns v1.8.0 (#7702) 2021-06-16 17:00:19 -07:00
flix444 7547e6a272
Ubuntu 21.04 changed packagename python-apt in python3-apt (#7715) 2021-06-16 13:58:00 -07:00
Cristian Calin 1928dafc7e
Revert to conmon location override for Redhat and Fedora (#7701) 2021-06-16 09:07:59 -07:00
Florian Ruynat e77b9bf3ee
Update kube-ovn to 1.7.0 (#7686) 2021-06-16 08:10:00 -07:00
Samuel Liu 7f7e83a4d9
fix local-path-provisioner helper image repo (#7703) 2021-06-16 08:06:00 -07:00
Marko Kohtala 85fe716d46
Drop "Server" from crio repo URL (#7698) (#7699) 
$releasever can be 7Server, but there is no such CentOS path on
download.opensuse.org.

Use ansible_distribution_major_version instead of $releasever.
 2021-06-11 05:10:59 -07:00
Kenichi Omichi 85ff3eb8be
Update the version of local_volume_provisioner (#7684) 
As [1], v2.4.0 has been released already for local_volume_provisioner.
This updates the version.

[1]: https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner/tags
 2021-06-11 04:36:59 -07:00
Florian Ruynat e55c359cf9
Updage docker packages to 20.10.7 (#7685) 2021-06-11 04:32:59 -07:00
Kasakaze d66da21726
make sure serviceaccounts/token is only in the metadata stage (#7679) 2021-06-07 08:38:40 -07:00
forselli-stratio 1069b05e68
Improve scale flow and documentation (#7610) 
* Improve scale flow

* Add confirmation prompt again
 2021-06-07 05:02:40 -07:00
Cristian Calin ec0c0d4a28
Calico enable support for eBPF (#7618) 
* Calico: align manifests with upstream

* allow enabling typha prometheus metrics

* Calico: enable eBPF support

* manage the kubernetes-services-endpoint configmap

* Calico: document the use of eBPF dataplane

* Calico: improve checks before deployment

* enforce disabling kube-proxy when using eBPF dataplane
* ensure calico_version is supported
 2021-06-07 04:58:39 -07:00
jiriproX 1739b27231
Replace yum module with package module (#7621) 2021-06-05 04:16:39 -07:00
Sergey d9d29af87f
update containerd to version 1.4.6 (#7674) 2021-06-03 10:55:38 -07:00
Cristian Calin 7036b704b3
Replace Kata 1.x with Kata 2.x (#7670) 
* Kata: add Kata 2.x checksums and adjust download urls for 2.x

* Kata: drop 1.x version which is no longer supported

* Kata: set default version 2.1.0
 2021-06-02 00:50:41 -07:00
Florian Ruynat 54cda80018
Fix debian docker available version (#7668) 2021-06-01 20:58:39 -07:00
Cristian Calin 6a2ea94b39
Docs improvements (#7660) 
* Docs: update sidebar

* Docs: move registry documentation into docs/

* Docs: move rbd_provisioner documentation into docs/

* Docs: move cephfs_provisioner into docs/

* Docs: move local_volume_provisioner documentation into docs/

* Docs: move ambassador.md to docs/ingress_controller/

* Docs: move metallb.md to docs/ingress_controller/

* Docs: move ingress_nginx documentation into docs/

* Docs: move alb_ingress_controller documentation into docs/

* Docs: merge ambassador documentation into docs/ingress_controller/

* Docs: move cert_manager documentation into docs/

* Docs: move bootstrap-os documentation into docs/

* Docs: update file locations in sidebar
 2021-06-01 07:30:27 -07:00
Cedric Hnyda 4674b03661
Add cinder_csi_ignore_volume_az (#7624) 
Signed-off-by: Cedric Hnyda <cedric.hnyda@itera.io>
 2021-06-01 07:10:27 -07:00
kongxs 922de32290
spelling mistakes (#7664) 
Signed-off-by: kjinan <2008kongxiangsheng@163.com>
 2021-05-31 05:46:26 -07:00
Florian Ruynat 7896bc7831
Add Fedora 33 image and CI, remove Fedora 31 (EOL) + update docker packages (#7657) 
* Update docker package to 20.10.6

* Add Fedora 33 image and CI, remove Fedora 31 (EOL)
 2021-05-28 08:04:25 -07:00
AnatomicJC da07459bd6
Update crun 0.19 checksum (#7655) 
Checksum of crun 0.19 is not correct, this commit fixes it
 2021-05-27 15:20:23 -07:00
Fredrik Liv 3ca205446e
Added possibility to specify vSphere credentials via env variables (#7646) 
* Added possibility to specify vSphere credentials via env variables

* Removed excessive spacing
 2021-05-27 12:02:30 -07:00
forselli-stratio eff1931283
Add retries to 'Set label for route reflector' task (#7645) 2021-05-27 12:02:23 -07:00
Florian Ruynat fd8ae54fa7 Docker default version is now 20.10 2021-05-27 11:18:24 -07:00
Florian Ruynat 79fdee3979 Bump crio to default 1.21 2021-05-27 11:18:24 -07:00
Florian Ruynat a754c0d476 Kubernetes now use CoreDNS 1.8.0 2021-05-27 11:18:24 -07:00
Florian Ruynat 7208169db3 Update kubernetes version to 1.21.1 2021-05-27 11:18:24 -07:00
Cristian Calin 7b5d43cc00
Calico: upgrade 3.18 to 3.18.4 (#7648) 2021-05-26 05:51:21 -07:00
Cristian Calin c5ccedb694
store openstack external cloud controller ca.cert in a k8s secret instead of the host filesystem (#7603) 2021-05-26 00:35:21 -07:00
Cristian Calin 858b29f425
Calico: add support for v3.19.1 (#7630) 
* Calico: add v3.19.1 hashes

* enable liveness probe for calico-kube-controllers

3.19.1

* Calico: drop support for v3.16.x

* Calico: promote v3.18.3 as default
 2021-05-25 13:40:50 -07:00
efrikin 7db76f8809
Add nodeSelctor for other services and node labels before CNI setup (#7613) 2021-05-25 13:40:43 -07:00
Florian Ruynat bcf695913f
Fix Oracle yum disabled repository file after EPEL install (#7639) 2021-05-25 08:30:23 -07:00
Fatih Sarhan 59fc17f4e3
Override the default value of containerd's root, state, and oom_score (#7622) 
* Override the default value of containerd's root, state, and oom_score configurations

* Add tests data for containerd_storage_dir, containerd_state_dir and containerd_oom_score variables
 2021-05-19 08:24:53 -07:00
Florian Ruynat c1aa755a3c
Fix missing broken_etcd filter in recover control plane task (#7619) 2021-05-18 10:29:04 -07:00
Pavel Martynov 29c2fbdbc1
Fix cloud_resolver type from str to list (issue #7605) (#7606) 2021-05-18 06:41:30 -07:00
Pavel Martynov 4b9f98f933
Fix pull_by_digest variable type to boolean instead of str (#7612) 2021-05-18 06:29:31 -07:00
Cristian Calin e9870b8d25
add support for using ansible 2.10.x for deploying kubespray (#7600) 
* add support for using ansible 2.10.x for deploying kubespray

* move dns-autoscaler-clusterrole{binding}.yml to files/ folder

* note that ansible 2.10 is now experimentally supported

* coredns: move files to templates like before #4341
 2021-05-18 05:39:31 -07:00
Muzi Li e0c74fa082
Update nerdctl version to 0.8.1 (#7617) 2021-05-17 11:07:30 -07:00
Florian Ruynat bdf74c6749 Set default version to 1.20.7 2021-05-14 09:48:06 -07:00
Florian Ruynat d6f9a8d752 Update hashes with 1.21.1/1.20.7/1.19.11 2021-05-14 09:48:06 -07:00
Cristian Calin 14cf3e138b
Support Calico advertisement of MetalLB LoadBalancer IPs (#7593) 
* add initial MetalLB docs

* metallb allow disabling the deployment of the metallb speaker

* calico>=3.18 allow using calico to advertise service loadbalancer IPs

* Document the use of MetalLB and Calico

* clean MetalLB docs
 2021-05-12 05:22:17 -07:00
emiran-orange afbabebfd5
Enables Calico serviceAccount token monitoring and update of /etc/cni/net.d/calico-kubeconfig if need be. (#7586) 
Since K8S 1.21, BoundServiceAccountTokenVolume feature gate is in beta stage, thus activated by default (anyone who follows CSI guidelines has enabled AllAlpha and faced the issue before 1.21).
With this feature, SA tokens are regenerated every hour.
As a consequence for Calico CNI, token in /etc/cni/net.d/calico-kubeconfig copied from /var/run/secrets/kubernetes.io/serviceaccount in install-cni initContainer expires after one hour and any pod creation fails due to unauthorization.
Calico pods need to be restarted so that /etc/cni/net.d/calico-kubeconfig is updated with the new SA token.
 2021-05-11 08:47:36 -07:00
Cristian Calin 8c0a2741ae
allow overriding calico peers names and avoid ipv6 naming issues (#7591) 2021-05-11 07:05:36 -07:00
Cristian Calin d90baa8601
add containerd support for Amazon Linux 2 (#7595) 2021-05-10 19:25:36 -07:00
muzi502 d5660cd37c
Fix reset cluster task failed (#7597) 2021-05-10 17:25:36 -07:00
Cristian Calin 63cec45597
Add Amazon to the check for supported distributions (#7589) 2021-05-10 16:17:36 -07:00
Hari Hud f07e24db8f
Cleanup duplicate task in etcd role (#7598) 
* Remove the duplicate task in etcd role

* Remove inessential delegate_to
 2021-05-10 16:11:36 -07:00
Cristian Calin 5d5be3e96a
bump calico 3.18 to v3.18.3 (#7592) 2021-05-10 00:34:51 -07:00
Hari Hud 6e7649360f
Ignore error when ipvsadm utility not found on node (#7587) 2021-05-07 13:37:04 -07:00
Cedric Hnyda 1dd38721b3
Add external_openstack_enable_ingress_hostname option for openstack (#7572) 
Signed-off-by: Cedric Hnyda <cedric.hnyda@itera.io>
 2021-05-04 00:33:11 -07:00
Eugene Artemenko 6a001e4971
Add suport of Vsphere CSI driver 2.X versions (#7480) 2021-05-04 00:05:11 -07:00
Samuel Liu 96e6a6ac3f
Add krew support (#7464) 
* Add krew support

* Add reset for krew

* Update install krew(local)

* ansible lint

* yamllint

* fix krew default vars

* fix kubectl_localhost mode

* replace include

* fix e206
 2021-05-03 07:16:03 -07:00
bac-w 2556eb2733
Upgrade cilium role (#7521) 
* Upgrade cilium roles

* Del old test result

* Add hubble ui examples

* Refactor hubble metrics

* Markdown fix pipeline errors

* yamllint check and fix

* refactor install from https://github.com/kubernetes-sigs/kubespray/pull/7520

* Docs syntax change (fix)

* Cilium set default 1.8.9

* Update cilium version in Readme
 2021-04-30 08:09:59 -07:00
MRoci a0ee569091
change coredns image name to coredns/coredns and prefix v to tag (#7570) 
follow new naming conventions for gcr's coredns image.
starting from 1.21 kubeadm assumes it to be `coredns/coredns`:
this causes the kubeadm deployment being unable to pull image, beacuse `v`
was also added in image tag, until the role `kubernetes-apps` ovverides
it with the old name, which is only compatible with <=1.7.

Backward comptability with kubeadm <=1.20 is mantained checking
kubernetes version and falling back to old names (`coredns:1.xx`) when
the version is less than 1.21
 2021-04-30 07:43:58 -07:00
holmesb 3f4eb9be08
Fixes issue #7573 - Made Calico permissions compatible with v3.18.x (see https://github.com/projectcalico/calico/issues/4557). Specifically, granted watch to custom resources blockaffinities, ipamblocks & ipamhandles (#7575) 2021-04-30 07:25:59 -07:00
muzi502 5ea2d1eb67
Add image_arch in flannel image tag (#7560) 
* Add image_arch variable when download flannel image

* Fix flannel image tag typo with image arch
 2021-04-29 17:51:57 -07:00
Florian Ruynat ffc38a2237
Fix busybox for tests to reduce dockerhub calls (#7571) 2021-04-29 17:39:57 -07:00
Cristian Calin 360aff4a57
Rename ansible groups to use _ instead of - (#7552) 
* rename ansible groups to use _ instead of -

k8s-cluster -> k8s_cluster
k8s-node -> k8s_node
calico-rr -> calico_rr
no-floating -> no_floating

Note: kube-node,k8s-cluster groups in upgrade CI
      need clean-up after v2.16 is tagged

* ensure old groups are mapped to the new ones
 2021-04-29 05:20:50 -07:00
Sergey d26191373a
add default empty value for etc_hosts_localhosts_dict_target (#7567) 2021-04-28 11:34:50 -07:00
Cristian Calin 4c06aa98b5
crio: add supported versions 1.20 and 1.21 and align default with k8s version (#7562) 
* crio: add supported versions 1.20 and 1.21 and align default with k8s version

* cri-o: drop versions 1.17 and 1.18 from version matrix

* update note on cri-o version alignment
 2021-04-28 11:30:51 -07:00
muzi502 1b267b6599
Fix calico-kube-controller becomes Error for canal (#7564) 2021-04-28 11:26:52 -07:00
Cristian Calin dd6efb73f7
Calico new versions v3.17.4 and v3.18.2 (#7563) 
* calico: upgrade from v3.17.3 to v3.17.4

* calico: upgrade from v3.18.1 to v3.18.2
 2021-04-28 08:22:50 -07:00
harihud 0071e3c99c
Update main.yml (#7557) 2021-04-27 15:41:27 -07:00
faruryo 975f84494c
Fix calico-kube-controller becomes Error (#7548) 
Change mode so that calico-kube-controllers can be read because it was changed to run as non-root
https://github.com/projectcalico/kube-controllers/pull/566
 2021-04-26 15:37:03 -07:00
Florian Ruynat 7c86734d2e
Add cri-o 1.20/1.21 (#7544) 2021-04-26 09:21:16 -07:00
Cristian Calin 8665e1de87
Fix cri-o support for Oracle and AlmaLinux (#7541) 2021-04-26 09:11:02 -07:00
Florian Ruynat c16efc9ab8
Fix Opensuse not working with ansible_distribution (#7551) 2021-04-26 08:37:02 -07:00
muzi502 69806e0a46
Add nerdctl cli tool for containerd user (#7500) 
* Add nerdctl cli tool for containerd user

* Add nerdctl enable option

* Add nerdctl enable option and update nerdctl version to 0.8.0
 2021-04-25 23:47:01 -07:00
Cristian Calin ad15a4b755
Bump calico versions (#7543) 
* add calico 3.16.10 hashes

* drop old calico version 3.16.9
 2021-04-24 12:37:01 -07:00
Cristian Calin 002a4b03a4
Drop calico 3.15 (#7545) 
* calico: drop support for version 3.15

* drop check for calico version >= 3.3, we are at 3.16 minimum now

* we moved to calico 3.16+ so we can default to /opt/cni/bin/install
 2021-04-23 23:43:14 -07:00
Cristian Calin 73db44b00c
Initial AlmaLinux support (#7538) 
* AlmaLinux: ansible>2.9.19 is needed to know about AlmaLinux

* AlmaLinux: identify as a centos derrivative

* AlmaLinux: add AlmaLinux to checks for CentOS

* Use ansible_os_family to compare family and not distribution
 2021-04-22 23:50:03 -07:00
Florian Ruynat b32d25942d Minor update to cni-plugins and kube-router 2021-04-22 06:47:42 -07:00