Commit graph

6863 commits

Author SHA1 Message Date
Vadim
5ac614f97d
fix duplicate field in ingress-nginx template (#9285) 2022-09-19 03:03:22 -07:00
ErmalKristo
b8b8b82ff4
Adds support for multiple architectures to yq (#9288) 2022-09-19 02:14:38 -07:00
Necatican Yıldırım
7da3dbcb39
Cilium 1.12 Upgrade (#9225)
* Drop support for Cilium < 1.10

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Synchronize Cilium templates for 1.11.7

Signed-off-by: necatican <contact@necatican.com>

* Set Cilium v1.12.1 as the default version

Signed-off-by: necatican <contact@necatican.com>

Signed-off-by: necatican <necaticanyildirim@gmail.com>
Signed-off-by: necatican <contact@necatican.com>
2022-09-19 02:14:31 -07:00
Mohamed Zaian
680293e79c
[kubernetes] Add hashes for 1.24.5, 1.22.14, 1.23.11 and make v1.24.5 default (#9286) 2022-09-19 02:10:31 -07:00
Mahdi Abbasi
023b16349e
Add variable for the vsphere-csi namespace (#9278) 2022-09-15 02:01:23 -07:00
lijin-union
c4976437a8
Fix typos in docs (#9276) 2022-09-15 00:09:22 -07:00
Kay Yan
97ca2f3c78
add-timezone-support (#9263) 2022-09-14 21:11:22 -07:00
niesel
e76385e7cd
Update offline.yml (#9274)
Change "ubuntu_repo" to "debian_repo" for containerd_debian_repo_base_url and containerd_debian_repo_gpgkey
2022-09-13 16:55:01 -07:00
ERIK
7c2fb227f4
Add LimitMEMLOCK parameter configuration in containerd.service (#9269)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-09-13 02:51:06 -07:00
ghostloda
08bfa0b18f
Upgrade ingress nginx webhook to 1.3.0 (#9271) 2022-09-13 01:47:05 -07:00
Ho Kim
952cad8d63
Remove mutual exclusivity in calico: NAT and router mode (#9255)
* Add optional NAT support in calico router mode

* Add a blank line in front of lists

* Remove mutual exclusivity: NAT and router mode

* Ignore router mode from NAT

* Update calico doc
2022-09-13 00:19:07 -07:00
rptaylor
5bce39abf8
add optional parameter extra_groups for k8s_nodes (#9211) 2022-09-13 00:13:08 -07:00
cleverhu
fc57c0b27e
fix number node name can't be added (#9266)
Signed-off-by: cleverhu <shouping.hu@daocloud.io>

Signed-off-by: cleverhu <shouping.hu@daocloud.io>
2022-09-13 00:09:05 -07:00
Samuel Liu
dd4bc5fbfe
[etcd] Sometimes, we do not need to run etcd role on all nodes. (#9173)
* WIP: sometimes,we not run etcd

* fix ansible lint

* like calico(kdd) cni, no need run etcd
2022-09-09 01:29:22 -07:00
Mohamed Zaian
d2a7434c67
[ingress-nginx] upgrade to 1.3.1 (#9264) 2022-09-09 00:37:23 -07:00
Kenichi Omichi
5fa885b150
Remove unused cri_dockerd_enabled configuration (#9259)
Since the commit fad296616c cri_dockerd_enabled
has not been used. But the packet_ubuntu22-aio-docker.yml still contains
the configuration and causes confusions.
This removes the configuration for cleanup.
2022-09-08 00:06:05 -07:00
ghostloda
f3fb758f0c
Remove useless file (#9258) 2022-09-07 17:10:49 -07:00
Krystian Młynek
6386ec029c
add retries for restart of kube-apiserver (#9256)
* add retries for restart of kube-apiserver

* change var name
2022-09-07 16:48:49 -07:00
Ho Kim
ad7cefa352
Ignore deleting nodes that are not in cluster (#9244) 2022-09-05 19:50:54 -07:00
Ho Kim
09d9bc910e
Fix typos in calico comments (#9254) 2022-09-05 18:46:54 -07:00
Kay Yan
e2f1f8d69d
add-Rocky-9-support (#9212) 2022-09-04 16:54:36 -07:00
Michael Schmitz
be2bfd867c
Add Support for Rewrite Plugin to CoreDNS/NodelocalDNS (#9245) 2022-09-03 16:16:35 -07:00
lou-lan
133a7a0e1b
Add featureDetectOverride configration of calico (#9249) 2022-09-02 04:58:05 -07:00
ERIK
efb47edb9f
Update kubespray version to v2.19.1 (#9241)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-09-01 23:36:05 -07:00
Kay Yan
36bec19a84
add-yankay-to-reviewers (#9247) 2022-09-01 03:47:05 -07:00
Cristian Calin
6db6c8678c
disable kubelet_authorization_mode_webhook by default (#9238) 2022-08-31 04:53:00 -07:00
Florian Ruynat
5603f9f374
Update security contacts file (#9235) 2022-08-30 22:43:00 -07:00
蒋航
7ebb8c3f2e
make calico installation more stable (#9227)
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2022-08-30 21:13:01 -07:00
Alessio Greggi
acb6f243fd
feat: add kubelet systemd service hardening option (#9194)
* feat: add kubelet systemd service hardening option

* refactor: move variable name to kubelet_secure_addresses

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* docs: add diagram about kubelet_secure_addresses variable

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2022-08-30 11:18:55 -07:00
tasekida
220f149299
Fix abort because calicoctl.sh is not a full path (#9217) 2022-08-30 08:07:02 -07:00
Florian Ruynat
1baabb3c05
Fix cloud_init files for different distros (#9232) 2022-08-30 08:03:02 -07:00
Florian Ruynat
617b17ad46
Fix kube_ovn_hw_offload value (#9218) 2022-08-30 03:21:01 -07:00
lijin-union
8af86e4c1e Fix typo. 2022-08-30 11:30:57 +02:00
kakkotetsu
9dc9a670a5
add runc v1.1.4 (#9230) 2022-08-30 02:01:01 -07:00
Kay Yan
b46ddf35fc
kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod (#9223)
* fix-kube-vip-strict-arp

* fix-kube-vip-strict-arp
2022-08-30 00:21:02 -07:00
Chad Swenson
de762400ad
Fixes for calico_datastore: etcd (#9228)
It seems that PR #8839 broke `calico_datastore: etcd` when it removed ipamconfig support for etcd mode.

This PR fixes some failing tasks when `calico_datastore == etcd`, but it does not restore ipamconfig support for calico in etcd mode. If someone wants to restore ipamconfig support for `calico_datastore: etcd` please submit a follow up PR for that.
2022-08-29 22:41:00 -07:00
Cristian Calin
e60ece2b5e
[CI] remove opensuse Leap from molecule test blocking CI (#9229) 2022-08-29 11:44:49 -07:00
Cristian Calin
e6976a54e1
add pre-commit hook to facilitate local testing (#9158)
* add pre-commit hook configuration

* add tmp.md to .gitignore

* describe the use of pre-commit hook in CONTRIBUTING.md

* fix docs/integration.md errors identified by markdownlint

* fix docs/<file>.md errors identified by markdownlint

* docs/azure-csi.md
* docs/azure.md
* docs/bootstrap-os.md
* docs/calico.md
* docs/debian.md
* docs/fcos.md
* docs/vagrant.md
* docs/gcp-lb.md
* docs/kubernetes-apps/registry.md
* docs/setting-up-your-first-cluster.md
* docs/vagrant.md
* docs/vars.md

* fix contrib/<file>.md errors identified by markdownlint
2022-08-24 06:54:03 -07:00
Krystian Młynek
64daaf1887
cri-dockerd: add restart of docker.service (#9205)
* cri-dockerd: add restart of docker.service

* remove enabling of cri-dockerd.socket
2022-08-24 05:50:02 -07:00
Sergey
1c75ec9ec1
do not run etcd role in scale.yml playbook when etcd installed by kubeadm (#9210) 2022-08-24 00:16:24 -07:00
Shelming.Song
c8a61ec98c
optimize the format of evictionHard in kubelet-config.yaml template (#9204) 2022-08-23 01:55:24 -07:00
Bishal das
aeeae76750
Update vars.md (#9172) 2022-08-22 23:31:24 -07:00
Shelming.Song
30b062fd43
fix one bug in docs/nodes (#9203) 2022-08-22 23:17:23 -07:00
Pavel Chekin
8f899a1101
Fix containerd (<1.7) configuration for insecure registries (#9207)
For the following configuration

```
    containerd_insecure_registries:
      docker.io:
        - dockerhubcache.example.com
```

the rendered /etc/containerd/config.toml contains

```
        [plugins."io.containerd.grpc.v1.cri".registry.configs."docker.io".tls]
          insecure_skip_verify = true
```

but it needs to be

```
        [plugins."io.containerd.grpc.v1.cri".registry.configs."dockerhubcache.example.com".tls]
          insecure_skip_verify = true
```
2022-08-22 23:13:23 -07:00
Mostafa Ghadimi
386c739d5b
🌱 Enable cri-dockerd service (#9201)
* 🌱 Enable cri-dockerd service

* 🔨 Fix the task name in order to pass the CI tests
2022-08-22 07:17:43 -07:00
Bishal das
fddff783c8
Update vsphere-csi.md (#9170) 2022-08-22 07:13:43 -07:00
Tristan
bbd1161147
9035: Make Cilium rolling-restart delay/timeout configurable (#9176)
See #9035
2022-08-22 02:37:44 -07:00
Mohamed Zaian
ab938602a9
[kubernetes] Add hashes for 1.24.4, 1.22.13, 1.23.10 and make v1.24.4 default (#9191) 2022-08-21 23:11:44 -07:00
Ho Kim
e31890806c
Add 'avoid-buggy-ips' support of MetalLB (#9166) 2022-08-18 21:49:51 -07:00
Tomas Zvala
30c77ea4c1
Add the option to enable default Pod Security Configuration (#9017)
* Add the option to enable default Pod Security Configuration

Enable Pod Security in all namespaces by default with the option to
exempt some namespaces. Without the change only namespaces explicitly
configured will receive the admission plugin treatment.

* Fix the PR according to code review comments

* Revert the latest changes

- leave the empty file when kube_pod_security_use_default, but add comment explaining the empty file
- don't attempt magic at conditionally adding PodSecurity to kube_apiserver_admission_plugins_needs_configuration
2022-08-18 01:16:36 -07:00