Commit graph

6857 commits

Author SHA1 Message Date
Mohamed Zaian
e4fe679916 [kubernetes] make v1.24.2 default 2022-06-17 11:08:33 -07:00
Mohamed Zaian
123632f5ed [kubernetes] add hashes for v1.22.11, v1.23.8 & v1.24.2 2022-06-17 11:08:33 -07:00
Calin Cristian Andrei
56d83c931b [CI] use debian-11 image with more disk space to ensure successful upgrade tests 2022-06-17 08:00:32 -07:00
Calin Cristian Andrei
a22ae6143a [CI] ensure upgrade tests cover defaults (containerd currently) 2022-06-17 08:00:32 -07:00
Calin Cristian Andrei
a1ec0571b2 [nerdctl] upgrade to 0.20.0 2022-06-17 08:00:32 -07:00
Calin Cristian Andrei
2db39d4856 [containerd] add hashes for 1.5.12, 1.5.13, 1.6.5 and 1.6.6 and make 1.6.6 the new default 2022-06-17 08:00:32 -07:00
Citrullin
e7729daefc Add assertion for IPv6 in verify settings
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2022-06-17 10:36:43 +02:00
Alessio Greggi
97b4d79ed5
feat: make kubernetes owner parametrized (#8952)
* feat: make kubernetes owner parametrized

* docs: update hardening guide with configuration for CIS 1.1.19

* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
2022-06-17 01:34:32 -07:00
Kay Yan
890fad389d
suggest-to-use-nft-in-centos8 (#8987) 2022-06-17 01:30:32 -07:00
Kay Yan
0c203ece2d fix-broken-link-in-readme 2022-06-17 09:29:45 +02:00
Florian Ruynat
9e7f89d2a2 Remove forgotten 1.21 references 2022-06-16 08:55:38 +02:00
Calin Cristian Andrei
24c8ba832a [kubernetes] drop support for configuring insecure apiserver 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
c2700266b0 [download] fix dependencies for downloads 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
2cd8c51a07 [kubeadm] use v1beta3 configuration version
* extra admission controls now don't have a version in their file names
  eventratelimit.v1beta2.yaml.j2 -> eventratelimit.yaml.j2
* cri_socket variable includes the unix:// prefix to be conformat with
  upstream
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
589823bdc1 [CI] remove docker stand-alone molecule test 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
5dc8be9aa2 [CI] kube 1.24 requires at least 1775Mi of memory, might as well leave the default of 2048 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
fad296616c [docker] use cri-dockerd instead of dockershim for any kubernetes version deployed with docker as the container_manager 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
ec01b40e85 [cri_dockerd] upgrade cri_dockerd to 0.2.2 for 1.24 compatibility
* use new artifact release name
* enable cri-dockerd dual setack support if enable_dual_stack_networks
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
2de5c4821c [calico] clean up workarounds for older versions 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
9efe145688 [calico] make 3.23.1 the default and drop 3.20.x and 3.19.x 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
51bc64fb35 [cri-o] support cri-o 1.24 with kube 1.24 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
6380483e8b [kubeconfig] generate admin kube config from /etc/kubernetes/admin.conf instead of the workaround of using kubeadm init phase kubeadm admin which fails with cri-dockerd 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
ae1dcb031f [kubernetes] drop pre 1.22.0 workarounds 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
9535a41187 [kubernetes] make 1.22.0 the minimum version 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
47495c336b [kubernetes] drop hashes for 1.21.x 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
d69d4a8303 [kubernetes] make 1.24.1 the new default 2022-06-15 00:57:20 -07:00
Kay Yan
ab4d590547 add-ubuntu2204-in-readme 2022-06-15 09:51:59 +02:00
Kay Yan
85271fc2e5
add-ci-for-ubuntu2204 (#8958) 2022-06-15 00:47:19 -07:00
蒋航
f6159c5677
Update Dockerfile base image (#8975)
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2022-06-14 15:15:36 -07:00
rtsp
668b9b026c
[cert-manager] Upgrade to v1.8.1 (#8976) 2022-06-14 15:11:34 -07:00
Viktor Jacynycz
77de7cb785
Expose calico-typha metrics port (#8855) 2022-06-14 07:17:33 -07:00
Dickson Tung
e5d6c042a9
Fix regex for replacing http_proxy (#8957) 2022-06-14 07:07:34 -07:00
Ho Kim
3ae397019c
Add arm64 Flatcar OS's pypy bootstrapping (#8959)
- Upgrade pypy's python version to `3.9`
- Upgrade pypy`s version to `7.3.9`
2022-06-14 07:03:35 -07:00
Ho Kim
7d3e59cf2e
Remove unneeded socat installation for Flatcar (#8970) 2022-06-14 02:23:34 -07:00
orange-llajeanne
4eb83bb7f6
fixes for docker reset (#8966) 2022-06-14 02:15:34 -07:00
Florian Ruynat
1429ba9a07
Update docker version to 20.10.17 (#8965) 2022-06-14 02:11:33 -07:00
Ho Kim
889454f2bc
Fix typo in calico check (#8969) 2022-06-13 14:10:12 -07:00
orange-llajeanne
2fba94c5e5
fix a typo in the "matallb_auto_assign" variable name (#8949)
* fix a typo in the "matallb_auto_assign" variable name

* add metallb check to fail when deprecated "matallb_auto_assign" variable is defined
2022-06-13 09:40:12 -07:00
Kay Yan
4726a110fc
remove-support-for-ansible-2.9-2.10 (#8951) 2022-06-10 03:35:47 -07:00
Steffen Becker
6b43d6aff2
Proposed fix to Issue 8667 (#8944)
Proposed fix to Issue 8667

Proposed fix to Issue 8667
2022-06-09 23:37:46 -07:00
Kenichi Omichi
024a3ee551
Replace callback_whitelist with callbacks_enabled (#8759)
When running molecule jobs, we saw the folloing warning message:

 [DEPRECATION WARNING]: [defaults]callback_whitelist option, normalizing names
 to new standard, use callbacks_enabled instead. This feature will be removed
 from ansible-core in version 2.15. Deprecation warnings can be disabled by
 setting deprecation_warnings=False in ansible.cfg.

callbacks_enabled has been added since Ansible 2.11 and Kubespray is using
Ansible 2.12 at master branch. So we can use callbacks_enabled safely to
avoid the warning message.
2022-06-09 13:15:45 -07:00
Kenichi Omichi
cd7381d8de
Drop Ansible support for v2.9 and v2.10 (#8925)
Ansible v2.9 and v2.10 are EOL as [1].
This drops those version supports by following the upstream Ansible.

This sets use_ssh_args true always because that is required to use
ssh_args on ansible.cfg on Ansible v2.11 or later[2].

ansible_ssh_host is replaced with ansible_host because ansible_ssh_host
has been deprecated already and cenots7 jobs were failed due to the
deprecated ansible_ssh_host.

[1]: https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-changelogs
[2]: https://docs.ansible.com/ansible/latest/collections/ansible/posix/synchronize_module.html#parameter-use_ssh_args
2022-06-09 07:07:42 -07:00
Mathieu Parent
f53764f949
calicoctl repo has been merged in calico (#8920) 2022-06-09 07:01:42 -07:00
Kenichi Omichi
57c3aa4560
Merge pull request #8943 from ErikJiang/update-etcd-download-url
update etcd download url in offline.yml
2022-06-08 08:09:48 -07:00
Mohamed Zaian
bb530da5c2 [registry] Switch registry to use registry.k8s.io
Please see the conversation here: https://groups.google.com/a/kubernetes.io/g/dev/c/DYZYNQ_A6_c
2022-06-08 14:12:22 +02:00
Ilya Margolin
cc6cbfbe71
Allow disabling calico CNI logs with calico_cni_log_file_path (#8921)
* Allow disabling calico CNI logs with calico_cni_log_file_path

Calico CNI logs up to 1G if it log a lot with current default settings:
log_file_max_size	100	Max file size in MB log files can reach before they are rotated.
log_file_max_age	30	Max age in days that old log files will be kept on the host before they are removed.
log_file_max_count	10	Max number of rotated log files allowed on the host before they are cleaned up.

See https://projectcalico.docs.tigera.io/reference/cni-plugin/configuration#logging

To save disk space, make the path configurable and allow disabling this log by setting
`calico_cni_log_file_path: false`

* Fix markdown

* Update roles/network_plugin/canal/templates/cni-canal.conflist.j2

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2022-06-07 09:22:56 -07:00
bo.jiang
6f556f5451 update etcd download url in offline.yml
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-06-07 22:45:28 +08:00
Kenichi Omichi
9074bd297b
Update RELEASE.md (#8937)
If opening https://groups.google.com/g/kubernetes-dev we can see the
following message:

  As of January 2, 2022, this group will be sunset in favor of dev@kubernetes.io.

So this replaces kubernetes-dev@googlegroups.com with the new one.

In addition, this adds actual steps to know how to create container images easily.
2022-06-06 23:55:49 -07:00
mahjonp
8030e6f76c
fix 8893#issuecomment-1147154353 (#8933)
Signed-off-by: mahjonp <junpeng.man@gmail.com>
2022-06-06 12:40:21 -07:00
ERIK
27bd7fd737
update kubespray image tag in readme to v2.19.0 (#8934)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-06-06 10:24:21 -07:00