Commit graph

4595 commits

Author SHA1 Message Date
Victor Morales
782f0511b9
Define ostree variable for runc (#9321)
The ostree variable is not defined previously raising an error when
the runtime tries to read it.
2022-09-24 13:00:11 -07:00
Florian Ruynat
4ad67acedd
Move back vsphere csi to kube-system ns (#9312) 2022-09-23 10:46:26 -07:00
Kei Kori
467dc19cbd
support removing options in resolvconf with tab separator (#9304) 2022-09-23 10:42:27 -07:00
Ilya Margolin
726711513f
[containerd] Allow configuring base_runtime_spec per containerd runtime (#9302)
and supply a default runtime spec.
2022-09-23 10:38:27 -07:00
Emin AKTAS
9468642269
feat: allows users to have more control on DNS (#9270)
Signed-off-by: eminaktas <eminaktas34@gmail.com>

Signed-off-by: eminaktas <eminaktas34@gmail.com>
2022-09-23 10:28:26 -07:00
Samuel Liu
d387d4811f
replace createhome (#9314) 2022-09-23 00:26:39 -07:00
Kay Yan
1b3c2dab2e
add_max_concurrent_in_coredns (#9307) 2022-09-22 04:27:03 -07:00
Mohamed Zaian
76573bf293
[kubernetes] Add hashes for 1.24.6, 1.22.15, 1.23.12 and make v1.24.6 default (#9308) 2022-09-22 04:13:03 -07:00
Kay Yan
5d3326b93f
add-ping-package (#9284) 2022-09-21 23:55:05 -07:00
Mohamed Zaian
68dac4e181
[flannel] update to v1.19.2 & make it default (#9296) 2022-09-21 23:51:04 -07:00
Ilya Margolin
262c96ec0b
Remove duplication in template (#9301)
by concatenating default and additional runtimes
2022-09-21 08:33:15 -07:00
Mohamed Zaian
2acdc33aa1
[helm] upgrade to 3.9.4 (#9298) 2022-09-20 04:37:20 -07:00
Krystian Młynek
8acd33d0df
Calico: add wireguard support for Rocky Linux 9 (#9287) 2022-09-20 00:29:20 -07:00
pingrulkin
a2e23c1a71
vsphere-csi: add nodeAffinity to daemonset (#9293) 2022-09-19 17:47:22 -07:00
rtsp
1b5cc175b9
[cert-manager] Upgrade to v1.9.1 (#9295) 2022-09-19 17:43:22 -07:00
Mohamed Zaian
a71da25b57
[argocd] update argocd to v2.4.12 (#9297) 2022-09-19 17:37:22 -07:00
Vadim
5ac614f97d
fix duplicate field in ingress-nginx template (#9285) 2022-09-19 03:03:22 -07:00
ErmalKristo
b8b8b82ff4
Adds support for multiple architectures to yq (#9288) 2022-09-19 02:14:38 -07:00
Necatican Yıldırım
7da3dbcb39
Cilium 1.12 Upgrade (#9225)
* Drop support for Cilium < 1.10

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Synchronize Cilium templates for 1.11.7

Signed-off-by: necatican <contact@necatican.com>

* Set Cilium v1.12.1 as the default version

Signed-off-by: necatican <contact@necatican.com>

Signed-off-by: necatican <necaticanyildirim@gmail.com>
Signed-off-by: necatican <contact@necatican.com>
2022-09-19 02:14:31 -07:00
Mohamed Zaian
680293e79c
[kubernetes] Add hashes for 1.24.5, 1.22.14, 1.23.11 and make v1.24.5 default (#9286) 2022-09-19 02:10:31 -07:00
Mahdi Abbasi
023b16349e
Add variable for the vsphere-csi namespace (#9278) 2022-09-15 02:01:23 -07:00
Kay Yan
97ca2f3c78
add-timezone-support (#9263) 2022-09-14 21:11:22 -07:00
ERIK
7c2fb227f4
Add LimitMEMLOCK parameter configuration in containerd.service (#9269)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-09-13 02:51:06 -07:00
ghostloda
08bfa0b18f
Upgrade ingress nginx webhook to 1.3.0 (#9271) 2022-09-13 01:47:05 -07:00
Ho Kim
952cad8d63
Remove mutual exclusivity in calico: NAT and router mode (#9255)
* Add optional NAT support in calico router mode

* Add a blank line in front of lists

* Remove mutual exclusivity: NAT and router mode

* Ignore router mode from NAT

* Update calico doc
2022-09-13 00:19:07 -07:00
cleverhu
fc57c0b27e
fix number node name can't be added (#9266)
Signed-off-by: cleverhu <shouping.hu@daocloud.io>

Signed-off-by: cleverhu <shouping.hu@daocloud.io>
2022-09-13 00:09:05 -07:00
Samuel Liu
dd4bc5fbfe
[etcd] Sometimes, we do not need to run etcd role on all nodes. (#9173)
* WIP: sometimes,we not run etcd

* fix ansible lint

* like calico(kdd) cni, no need run etcd
2022-09-09 01:29:22 -07:00
Mohamed Zaian
d2a7434c67
[ingress-nginx] upgrade to 1.3.1 (#9264) 2022-09-09 00:37:23 -07:00
ghostloda
f3fb758f0c
Remove useless file (#9258) 2022-09-07 17:10:49 -07:00
Krystian Młynek
6386ec029c
add retries for restart of kube-apiserver (#9256)
* add retries for restart of kube-apiserver

* change var name
2022-09-07 16:48:49 -07:00
Ho Kim
ad7cefa352
Ignore deleting nodes that are not in cluster (#9244) 2022-09-05 19:50:54 -07:00
Ho Kim
09d9bc910e
Fix typos in calico comments (#9254) 2022-09-05 18:46:54 -07:00
Michael Schmitz
be2bfd867c
Add Support for Rewrite Plugin to CoreDNS/NodelocalDNS (#9245) 2022-09-03 16:16:35 -07:00
lou-lan
133a7a0e1b
Add featureDetectOverride configration of calico (#9249) 2022-09-02 04:58:05 -07:00
Cristian Calin
6db6c8678c
disable kubelet_authorization_mode_webhook by default (#9238) 2022-08-31 04:53:00 -07:00
蒋航
7ebb8c3f2e
make calico installation more stable (#9227)
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2022-08-30 21:13:01 -07:00
Alessio Greggi
acb6f243fd
feat: add kubelet systemd service hardening option (#9194)
* feat: add kubelet systemd service hardening option

* refactor: move variable name to kubelet_secure_addresses

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* docs: add diagram about kubelet_secure_addresses variable

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2022-08-30 11:18:55 -07:00
tasekida
220f149299
Fix abort because calicoctl.sh is not a full path (#9217) 2022-08-30 08:07:02 -07:00
Florian Ruynat
617b17ad46
Fix kube_ovn_hw_offload value (#9218) 2022-08-30 03:21:01 -07:00
kakkotetsu
9dc9a670a5
add runc v1.1.4 (#9230) 2022-08-30 02:01:01 -07:00
Kay Yan
b46ddf35fc
kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod (#9223)
* fix-kube-vip-strict-arp

* fix-kube-vip-strict-arp
2022-08-30 00:21:02 -07:00
Chad Swenson
de762400ad
Fixes for calico_datastore: etcd (#9228)
It seems that PR #8839 broke `calico_datastore: etcd` when it removed ipamconfig support for etcd mode.

This PR fixes some failing tasks when `calico_datastore == etcd`, but it does not restore ipamconfig support for calico in etcd mode. If someone wants to restore ipamconfig support for `calico_datastore: etcd` please submit a follow up PR for that.
2022-08-29 22:41:00 -07:00
Cristian Calin
e60ece2b5e
[CI] remove opensuse Leap from molecule test blocking CI (#9229) 2022-08-29 11:44:49 -07:00
Krystian Młynek
64daaf1887
cri-dockerd: add restart of docker.service (#9205)
* cri-dockerd: add restart of docker.service

* remove enabling of cri-dockerd.socket
2022-08-24 05:50:02 -07:00
Shelming.Song
c8a61ec98c
optimize the format of evictionHard in kubelet-config.yaml template (#9204) 2022-08-23 01:55:24 -07:00
Pavel Chekin
8f899a1101
Fix containerd (<1.7) configuration for insecure registries (#9207)
For the following configuration

```
    containerd_insecure_registries:
      docker.io:
        - dockerhubcache.example.com
```

the rendered /etc/containerd/config.toml contains

```
        [plugins."io.containerd.grpc.v1.cri".registry.configs."docker.io".tls]
          insecure_skip_verify = true
```

but it needs to be

```
        [plugins."io.containerd.grpc.v1.cri".registry.configs."dockerhubcache.example.com".tls]
          insecure_skip_verify = true
```
2022-08-22 23:13:23 -07:00
Mostafa Ghadimi
386c739d5b
🌱 Enable cri-dockerd service (#9201)
* 🌱 Enable cri-dockerd service

* 🔨 Fix the task name in order to pass the CI tests
2022-08-22 07:17:43 -07:00
Tristan
bbd1161147
9035: Make Cilium rolling-restart delay/timeout configurable (#9176)
See #9035
2022-08-22 02:37:44 -07:00
Mohamed Zaian
ab938602a9
[kubernetes] Add hashes for 1.24.4, 1.22.13, 1.23.10 and make v1.24.4 default (#9191) 2022-08-21 23:11:44 -07:00
Ho Kim
e31890806c
Add 'avoid-buggy-ips' support of MetalLB (#9166) 2022-08-18 21:49:51 -07:00
Tomas Zvala
30c77ea4c1
Add the option to enable default Pod Security Configuration (#9017)
* Add the option to enable default Pod Security Configuration

Enable Pod Security in all namespaces by default with the option to
exempt some namespaces. Without the change only namespaces explicitly
configured will receive the admission plugin treatment.

* Fix the PR according to code review comments

* Revert the latest changes

- leave the empty file when kube_pod_security_use_default, but add comment explaining the empty file
- don't attempt magic at conditionally adding PodSecurity to kube_apiserver_admission_plugins_needs_configuration
2022-08-18 01:16:36 -07:00
GreatLazyMan
175cdba9b1
Add 'flush ip6tables' task in reset role (#9168)
* Add 'flush ip6tables' task in reset role 

If enable_dual_stack_networks is set to true and ip6 is defined,ip6tables will be created. But when reset the kubernetes cluster, kubespray doesn't flush ip6tables.

* [CI] fix molecule tests on opensuse by upgrading to 15.4 (#9175)

* [CI] fix molecule tests on opensuse by upgrading to 15.4

* [opensuse] use correct python crytography package name depending on distribution version

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2022-08-18 01:12:37 -07:00
Thearas
ea29cd0890
add list nodes rules to cilium-operator clusterrole (#9178) 2022-08-18 01:02:36 -07:00
Ho Kim
be5fdab3aa
Disable DNSStubListener for Flatcar Linux (#9160)
* Disable DNSStubListener for Flatcar Linux

* Fix missing "Flatcar" condition of os_family
2022-08-18 00:56:49 -07:00
Piotr Kowalczyk
49d869f662
Fix CSI drivers issues on Azure (#9153)
* Include missing azuredisk rbac manifest

* Remove missing azure csi manifest

* Remove invalid reference mount to waagent settings

* Use cloud-config secret instead of /etc/kubernetes/cloud_config file
2022-08-18 00:56:36 -07:00
Samuel Liu
b36bb9115a
[calico] calico rr supports multiple groups (#9134)
* update calico rr

* fix bgppeer conf

* fix yamllint

* fix ansible lint

* fix calico deploy

* fix yamllint

* fix some typo
2022-08-18 00:52:37 -07:00
ERIK
9ad2d24ad8
Add unsafe_show_logs switch (#9164)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-08-16 18:52:48 -07:00
Kay Yan
0088fe0ab7
add-tar-in-common-package (#9184) 2022-08-16 05:17:18 -07:00
Mohamed Zaian
ab93b17a7e
[containerd] upgrade to 1.6.8 , add hashes, containerd now supports ppc64le from v1.6.7 (#9181) 2022-08-16 05:17:07 -07:00
Jin Li
9f1b980844
Update dashboard to 2.6.1 (#9185) 2022-08-16 04:57:08 -07:00
Alessio Greggi
86d05ac180
fix: remove condition for user creation (#9125)
This condition blocks the creation of the `etcd` user in certain conditions.
Specifically, when you have a `etcd_deployment_type: kubeadm` and `kube_owner: root`.
Being the `root` user already present on the system, this will not be a problem (due to the idempotency of ansible).
2022-08-15 23:55:07 -07:00
Peter Pan
bf6fcf6347
Upgrade nerdctl from 0.20.0 to 0.22.2 (#9180) 2022-08-15 22:39:07 -07:00
Cristian Calin
b9e4e27195
[CI] fix molecule tests on opensuse by upgrading to 15.4 (#9175)
* [CI] fix molecule tests on opensuse by upgrading to 15.4

* [opensuse] use correct python crytography package name depending on distribution version
2022-08-14 19:02:13 -07:00
Cristian Calin
8585134db4
when ingress-nginx is deployes without a class, we need to use 'ingress-controller-leader' resource instead of the default 'ingress-controller-leader-nginx' (#9156) 2022-08-09 04:52:50 -07:00
emiran-orange
2b97b661d8
Move old etcd backup removal after etcd restart (#9147) 2022-08-05 08:09:59 -07:00
emiran-orange
24f12b024d
Argument jsonpath must be single-quoted in "See if node is schedulable" task (#9146) 2022-08-05 08:09:47 -07:00
ERIK
47050003a0
Add docker support for Kylin V10 (#9144)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-08-03 15:03:46 -07:00
Florian Ruynat
307f598bc8 Move flannel to etcd datastore 2022-08-02 16:55:52 -07:00
Florian Ruynat
eb10249a75 Align canal templates with calico official ones (k8s datastore) 2022-08-02 16:55:52 -07:00
Marco Fortina
b4318e9967
Update to latest local path provisioner version (#9132) 2022-08-01 14:56:28 -07:00
Marco Fortina
c53561c9a0
Update to latest registry version (#9133) 2022-08-01 14:52:28 -07:00
ERIK
f2f9f1d377
Add kylin OS support (#9078)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-08-01 10:44:29 -07:00
Boris Barnier
4487a374b1
Update Kube-router version to 1.5.1 (#9136)
https://github.com/cloudnativelabs/kube-router/releases/tag/v1.5.1
2022-08-01 00:16:28 -07:00
Aveline
06f8368ce6
Fix Hetzner CCM cluster-cidr (#9127) 2022-07-30 20:18:27 -07:00
Mohamed Zaian
5b976a8d80
[calico] add hashes for v3.22.4 & v3.21.6 (#9129) 2022-07-30 20:14:38 -07:00
Samuel Liu
e73803c72c
pid reserved must be str (#9124) 2022-07-30 20:14:27 -07:00
rtsp
b3876142d2
[cert-manager] Upgrade to v1.9.0 (#9117) 2022-07-29 00:11:11 -07:00
Mohamed Zaian
9f11946f8a
[argocd] update argocd to v2.4.7 (#9105) 2022-07-27 09:32:29 -07:00
Ader Fu
09291bbdd2
Use a variable for roles of remove-node/post-remove (#9096)
Signed-off-by: ydFu <ader.ydfu@gmail.com>
2022-07-26 10:51:09 -07:00
Mohamed Zaian
65d95d767a
[helm] upgrade to 3.9.2 (#9115) 2022-07-26 10:41:09 -07:00
Denis Khachyan
8306adb102
update cilium to v1.11.7 (#9119) 2022-07-26 10:33:11 -07:00
ERIK
4b3db07cdb
Fix calicoctl version to v3.23.3 (#9121)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-07-26 10:29:10 -07:00
gssjl2008
c24a3a3b15
Keep the style consistent (#9116) 2022-07-24 23:46:59 -07:00
Mohamed Zaian
aca6be3adf
[calico] add v3.23.3 and make it default (#9112) 2022-07-22 00:01:39 -07:00
Florian Ruynat
a608a048ad Update kube-ovn to v1.9.7 2022-07-21 23:03:38 -07:00
Mohamed Zaian
0cfa03fa8a
[flannel] update to v1.18.1 & make it default (#9104) 2022-07-21 00:19:55 -07:00
忘尘
6525461d97
Add reset tasks specific to calico network_plugin (#9103) 2022-07-19 13:15:27 -07:00
Kay Yan
f592fa1235
add kube-vip sans (#9099) 2022-07-19 13:11:28 -07:00
Cyclinder
2e1863af78
feat: change default blockSize for calico (#9055)
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2022-07-19 13:05:27 -07:00
Kay Yan
2a282711df
update-loadbalancers-versions (#9100) 2022-07-19 13:01:28 -07:00
Mohamed Zaian
91073d7379
[kubernetes] make v1.24.3 default (#9101) 2022-07-19 02:58:06 -07:00
Alessio Greggi
3ce5458f32
hardening: Add SeccompDefault admission plugin for kubelet (#9074)
* docs(hardening): add SeccompDefault admission plugin to kubelet feature gates

* fix(kubelet-config): enable config through kubelet_feature_gates

* feat(kubelet): add kubelet_seccomp_default variable
2022-07-19 00:50:07 -07:00
Marco Fortina
98c194735c
[kubernetes] add hashes for v1.22.12, v1.23.9 & v1.24.3 (#9092) 2022-07-19 00:30:19 -07:00
pil57852
626ea64f66
9052 crio add dpkg hold (#9075)
* Update main.yaml

* remove version in dpkg_selection name

* make lint happy

* Fix typo

* add comment / remove useless contition

* remove dpkg hold in reset tasks
2022-07-19 00:30:07 -07:00
Mohamed Zaian
ce04fdde72
[ingress-nginx] upgrade to 1.3.0 (#9088)
* This release removes support for Kubernetes v1.19.0
* This release adds support for Kubernetes v1.24.0
* Starting with this release, we will need permissions on the coordination.k8s.io/leases resource for leaderelection lock
2022-07-14 18:46:25 -07:00
ERIK
4ed3c85a88
Fix calicoctl checksums for v3.23.2 (#9087)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-07-13 14:02:57 -07:00
Peter Pan
14063b023c
Extend DNS memory limit. 170Mi tents to OOM (#9084) 2022-07-13 00:03:37 -07:00
Samuel Liu
d821bed2ea
Fix some typo (#9056)
* fix ingress controller task name

* fix calico word

* add check typo
2022-07-11 09:49:48 -07:00
Mohamed Zaian
a7ba7cdcd5
[calico] add v3.23.2 and make it default (#9041) 2022-07-08 10:41:48 -07:00
Kenichi Omichi
c01656b1e3
Allow "openSUSE Tumbleweed" to be run (#9072)
The commit 1ce2f04 tried to merge multiple SUSE OS checks including
"openSUSE Leap" and "openSUSE Tumbleweed" into a single SUSE, but
that was a perfect change.
Then the commit c16efc9 tried to fix it for "openSUSE Leap", but it
didn't take care of "openSUSE Tumbleweed".
Then this adds "openSUSE Tumbleweed" to the OS check.
2022-07-08 04:55:47 -07:00
Emin AKTAS
5071529a74
feat: upgrade cilium and add default variables (#9065)
Signed-off-by: eminaktas <eminaktas34@gmail.com>
Signed-off-by: Emin Aktas <emin.aktas@trendyol.com>
2022-07-07 10:35:34 -07:00
yasintahaerol
6d543b830a
Fix vcloud-csi bug related to #9046 (#9066)
* Fix vcloud-csi bug related to #9046

Signed-off-by: yasintahaerol <yasintahaerol@gmail.com>

* add supervisor-fss-namespace=kube-system flag to vsphere-csi-controller-deployment

Signed-off-by: yasintahaerol <yasintahaerol@gmail.com>
2022-07-07 10:31:35 -07:00
Emin AKTAS
4607ac2e93
fix(vsphere-csi): remove namespace env variable and set namespace as kube-system (#9046)
Signed-off-by: eminaktas <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>

Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2022-07-06 01:00:50 -07:00
Kay Yan
9ca5632582
fix-docker-option-in-centos-arm64 (#9047) 2022-07-05 08:26:47 -07:00
Mohamed Zaian
51195212b4
[argocd] update argocd to v2.4.3 (#9050) 2022-07-05 08:22:47 -07:00
Kenichi Omichi
7414409aa0
Add target components on check_readme_versions.sh (#9045)
This adds target components on check_readme_versions.sh after
merging https://github.com/kubernetes-sigs/kubespray/pull/9044
In addition, this fixes typo on check_readme_versions.sh

This adds `foo_version` variables for some components because
check_readme_versions.sh verifies the corresponding version for
`<component name>_version` from main.yml. This change also makes
consistency in the main.yml. In long-term, we will be able to
remove the existing `foo_image_tag` variables, but that is not now
for backwards compatibility for users.
2022-07-05 08:02:47 -07:00
h9-HSFRQDH
3bb9542606
Adding support for node & pod pid limit (#9038) 2022-07-05 00:20:48 -07:00
Kay Yan
1d0b3829ed
remove-etcd-unsupported-arch (#9049) 2022-07-04 05:39:24 -07:00
Calin Cristian Andrei
cbef8ea407 [etcd] drop hashes for 3.5.2 2022-06-29 09:44:06 -07:00
Calin Cristian Andrei
2ff4ae1f08 [etcd] drop hashes for 3.5.1 2022-06-29 09:44:06 -07:00
Calin Cristian Andrei
edf7f53f76 [etcd] add etcd 3.5.4 and make it the default for 1.24.x 2022-06-29 09:44:06 -07:00
Samuel Liu
f58816c33c
[krew] update krew (#9043) 2022-06-29 09:02:06 -07:00
忘尘
1562a9c2ec
add missing verbs (#9032) 2022-06-29 00:18:05 -07:00
Kay Yan
4b03f6c20f
add-managed-ntp-support (#9027) 2022-06-28 13:15:34 -07:00
Samuel Liu
e8ccbebd6f
add ingress nginx webhook (#9033)
* add ingress nginx webhook

* fix ingress nginx template
2022-06-28 11:55:35 -07:00
Kay Yan
d4de9d096f
fix-the-issue-of-miss-the-etcd-user (#9016) 2022-06-28 09:13:58 -07:00
Tom Stian Berget
e1f06dd406
Add support for the updated (startup|liveness|readiness)Probe.Port numbers in Cilium (#9031) 2022-06-27 11:00:59 -07:00
rptaylor
6f82cf12f5
let containerd_default_runtime be undefined by default (#9026) 2022-06-27 10:56:59 -07:00
Calin Cristian Andrei
ca8080a695 [crun] drop old crun versions 1.2 and 1.3 2022-06-27 10:36:59 -07:00
Calin Cristian Andrei
55d14090d0 [crun] add 1.4.5 and make it the default 2022-06-27 10:36:59 -07:00
rtsp
da8498bb6f
[cert-manager] Upgrade to v1.8.2 (#9029) 2022-06-24 23:50:58 -07:00
orange-llajeanne
b33896844e
apply calico bgp peer definition task to all nodes, but delegate to (#8974)
first control plane node
2022-06-24 19:42:57 -07:00
Calin Cristian Andrei
ca212c08de [runc] drop hashes for 1.0.2 and 1.0.3 2022-06-23 09:23:43 -07:00
Calin Cristian Andrei
784439dccf [runc] make 1.1.3 the new default 2022-06-23 09:23:43 -07:00
Calin Cristian Andrei
d818c1c6d9 [runc] add hashes for 1.1.3 2022-06-23 09:23:43 -07:00
Calin Cristian Andrei
b9384ad913 [runc] add hashes for 1.1.2 2022-06-23 09:23:43 -07:00
Cristian Calin
76b0cbcb4e
bump pause container to 3.6 (#9024)
* [pod-infra] bump pod infra container version to 3.6

* [cri-dockerd] align pod infra container image with other CRIs
2022-06-23 01:43:44 -07:00
Florian Ruynat
6bf3306401
Fixed concatenate str & int in auto_renew_certificates_systemd_calendar var (#8979) 2022-06-22 11:55:43 -07:00
Robin Wallace
79f6cd774a create snapshot-controller only if needed 2022-06-22 00:37:44 -07:00
Cyclinder
c3c9a42502
support multus multi-architecture installation (#9012)
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2022-06-21 10:56:26 -07:00
Sébastien Masset
9d5d945bdb
[MASTER] Add missing configuration for extra tolerations (#8908)
* Added new configuration item for extra tolerations in policy controllers

Signed-off-by: Sébastien Masset <smt.masset@gmail.com>

* Added new configuration item for extra tolerations in DNS autoscaler

Signed-off-by: Sébastien Masset <smt.masset@gmail.com>

* Aligned existing handling of extra DNS tolerations

Signed-off-by: Sébastien Masset <smt.masset@gmail.com>
2022-06-20 01:36:06 -07:00
Christoffer Anselm
475ce05979
Fix kubectl download for v1.23.8 amd64 (#9002)
kubectl_checksums for amd64 v1.23.8 was missing the last digit
2022-06-20 01:28:06 -07:00
Mohamed Zaian
e4fe679916 [kubernetes] make v1.24.2 default 2022-06-17 11:08:33 -07:00
Mohamed Zaian
123632f5ed [kubernetes] add hashes for v1.22.11, v1.23.8 & v1.24.2 2022-06-17 11:08:33 -07:00
Calin Cristian Andrei
a1ec0571b2 [nerdctl] upgrade to 0.20.0 2022-06-17 08:00:32 -07:00
Calin Cristian Andrei
2db39d4856 [containerd] add hashes for 1.5.12, 1.5.13, 1.6.5 and 1.6.6 and make 1.6.6 the new default 2022-06-17 08:00:32 -07:00
Citrullin
e7729daefc Add assertion for IPv6 in verify settings
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2022-06-17 10:36:43 +02:00
Alessio Greggi
97b4d79ed5
feat: make kubernetes owner parametrized (#8952)
* feat: make kubernetes owner parametrized

* docs: update hardening guide with configuration for CIS 1.1.19

* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
2022-06-17 01:34:32 -07:00
Florian Ruynat
9e7f89d2a2 Remove forgotten 1.21 references 2022-06-16 08:55:38 +02:00
Calin Cristian Andrei
24c8ba832a [kubernetes] drop support for configuring insecure apiserver 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
c2700266b0 [download] fix dependencies for downloads 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
2cd8c51a07 [kubeadm] use v1beta3 configuration version
* extra admission controls now don't have a version in their file names
  eventratelimit.v1beta2.yaml.j2 -> eventratelimit.yaml.j2
* cri_socket variable includes the unix:// prefix to be conformat with
  upstream
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
589823bdc1 [CI] remove docker stand-alone molecule test 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
fad296616c [docker] use cri-dockerd instead of dockershim for any kubernetes version deployed with docker as the container_manager 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
ec01b40e85 [cri_dockerd] upgrade cri_dockerd to 0.2.2 for 1.24 compatibility
* use new artifact release name
* enable cri-dockerd dual setack support if enable_dual_stack_networks
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
2de5c4821c [calico] clean up workarounds for older versions 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
9efe145688 [calico] make 3.23.1 the default and drop 3.20.x and 3.19.x 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
51bc64fb35 [cri-o] support cri-o 1.24 with kube 1.24 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
6380483e8b [kubeconfig] generate admin kube config from /etc/kubernetes/admin.conf instead of the workaround of using kubeadm init phase kubeadm admin which fails with cri-dockerd 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
ae1dcb031f [kubernetes] drop pre 1.22.0 workarounds 2022-06-15 00:57:20 -07:00