David Louks
3bf40d5db9
make metallb image repos configurable ( #6671 ) ( #6672 )
...
* Make metallb image repos configurable
* Moved metallb image repo definitions to download role defaults
* Removed comment. These are set in download defaults
2020-09-17 02:45:13 -07:00
Lukas Grossar
a870dd368e
Allow configuration of nodelabels in local_volume_provisioner ( #6620 )
2020-09-17 02:44:58 -07:00
Barry Melbourne
b6b26c710f
Add support for Calico CNI host-local IPAM plugin ( #6580 )
2020-09-17 02:44:46 -07:00
Pasquale Toscano
04932f496f
Updated KataContainers version to 1.11.3 ( #6694 )
2020-09-17 02:32:45 -07:00
Florian Ruynat
dffbd58671
Move from widehat.opensuse to download.opensuse for crio centos ( #6682 )
2020-09-15 06:28:07 -07:00
Florian Ruynat
152e0162a9
Update api version, deprecated in 1.19 ( #6656 )
2020-09-11 15:12:09 -07:00
Florian Ruynat
2fa7faa75a
Update etcd to 3.4.13 ( #6658 )
2020-09-11 12:32:09 -07:00
w33dw0r7d
03dff09b8a
fix kubelet_flexvolumes_plugins_dir undefined ( #6645 )
2020-09-11 00:34:14 -07:00
Florian Ruynat
a556f8f2bf
Remove deprecated (and removed in 1.19) flag and function --basic-auth-file ( #6655 )
2020-09-11 00:30:14 -07:00
Florian Ruynat
1765c9125a
Update CoreDNS to 1.7.0 ( #6657 )
2020-09-10 15:48:14 -07:00
Florian Ruynat
ab28192d50
Update various dependencies following 1.19 release ( #6660 )
2020-09-10 11:07:45 -07:00
Florian Ruynat
ad15721677
Add Kubernetes 1.19.1 hashes and set default ( #6654 )
2020-09-10 10:43:46 -07:00
Hans Feldt
a2d4dbeee4
crio: use system default for storage driver by default ( #6637 )
...
After host reboot kubelet and crio goes into a loop and no container is started.
storage_driver in crio.conf overrides system defaults in etc/containers/storage.conf
/etc/containers/storage.conf is installed by package containers-common dependency
installed from cri-o (centos7) and contains "overlay".
Hosts already configured with overlay2 should be reconfigured and the
/var/lib/containers content removed.
2020-09-10 05:29:45 -07:00
Florian Ruynat
1712ba1198
Add iptables_backend to weave options ( #6639 )
2020-09-10 03:49:52 -07:00
Mikael Johansson
040dda37ed
Add comment clarifying network allocation and sizes ( #6607 )
...
* Add comment from roles/kubespray-defaults/defaults/main.yaml clarifying network allocation and sizes
Signed-off-by: Mikael Johansson <mik.json@gmail.com>
* Rewrite of the comment and added new examples
Signed-off-by: Mikael Johansson <mik.json@gmail.com>
2020-09-10 03:49:44 -07:00
holmesb
a99ba3bb16
Allowing resource management of metrics-server container. Will allow fine-tuning of resource allocation and solving throttling issues. Setting defaults as per the current request & limit allocation: cpu: 43m, memory 55Mi for both limits & requests. ( #6652 )
...
Signed-off-by: Brendan Holmes <holmesb@users.noreply.github.com>
Co-authored-by: Brendan Holmes <holmesb@users.noreply.github.com>
2020-09-10 03:46:02 -07:00
Florian Ruynat
ae5328c500
Update calico to 3.16.1 ( #6644 )
2020-09-10 03:45:46 -07:00
spaced
34ff39e654
NetworkManager lists must be separated by , ( #6643 )
2020-09-10 03:41:44 -07:00
Florian Ruynat
8e3915f5bf
Set ansible_python_interpreter to python3 on debian (fix error with mitogen) ( #6633 )
2020-09-08 15:37:52 -07:00
Maxime Guyot
a1f04e9869
Cleanup v1.16 hashes ( #6635 )
2020-09-08 01:51:43 -07:00
Maxime Guyot
961149b865
Update kube_version_min_required for 2.14 release ( #6634 )
2020-09-07 23:59:43 -07:00
spaced
2de6a5676d
Fedora coreos networkmanager global dns and bootstrapping fix ( #6577 )
...
* remove podman cni plugin
* configure networkamanger global dns
* allow installation of python3-libselinux by disabling update repo temporary
* remove ipv4 section because it is not a valid configuration
2020-09-07 02:27:41 -07:00
Florian Ruynat
050578da94
Update Cilium to 1.8.3 ( #6629 )
2020-09-07 02:11:49 -07:00
Florian Ruynat
6fc73e3038
Add Kubernetes 1.16.15 hashes ( #6624 )
2020-09-07 01:23:41 -07:00
Florian Ruynat
d97e9b9e50
Fix oracle linux repo ( #6627 )
2020-09-07 01:15:41 -07:00
Florian Ruynat
fa0eb11bf4
Update kubernetes dashboard ( #6623 )
2020-09-04 05:29:41 -07:00
Julien Pervillé
f660c29348
Declare port 10254 in nginx ingress pod template ( #6609 )
2020-09-04 04:54:11 -07:00
Hans Feldt
6613895de0
remove kubelet startup warnings for non docker container runtime ( #6605 )
...
Removes these startup warnings:
Warning: For remote container runtime, --pod-infra-container-image is ignored in kubelet, which should be set in that remote runtime instead
Using "/var/run/crio/crio.sock" as endpoint is deprecated, please consider using full url format "unix:///var/run/crio/crio.sock".
2020-09-04 04:54:04 -07:00
Hans Feldt
803d52ffce
kubernetes: remove unused variables ( #6601 )
2020-09-04 04:53:56 -07:00
tasekida
fc61f8d52e
Update cert manager to 0.16.1 ( #6600 )
...
* Update cert manager to 0.16.1
* Update cert manager to 0.16.1
Co-authored-by: Barry Melbourne <9964974+bmelbourne@users.noreply.github.com>
2020-09-04 04:53:48 -07:00
Maxim Pogozhiy
0553814b4f
Add selectable dns policy for kube-router ( #6586 )
2020-09-04 04:53:41 -07:00
Florian Ruynat
f1566cb8c2
Add protectKernelDefaults option (default true) to kubelet config file ( #6611 )
2020-09-03 07:41:41 -07:00
Lovro Seder
c1ba8e1b3a
Rotate kubelet server certificate. ( #6453 )
...
* Rotate kubelet server certificate.
* CI test kubelet server cert rotation
* Approve kubelet serving certificates in tests.
2020-09-03 07:25:41 -07:00
Hugo Blom
2ff7ab8d40
Add snapshot-controller for CSI drivers and snapshot CRDs, add a default volumesnapshotclass when running cinder CSI ( #6537 )
...
* add snapshot-controller and v1beta1 snapshot api
* fix typo
* udpate manifest to v1beta1
* update
* update manifests
* fix spelling
* wait until crd is applied
* fix missing info in kube module
* revert snapshotclass
* add snapshot crds before applying the csi driver
* add crds, missed them in last commit
* use pull policy from kubespray
2020-09-03 04:01:43 -07:00
Hans Feldt
93698a8f73
Calico: update crds to v1 and cr ( #6360 )
...
* Update CustomResourceDefinition for kubecontrollersconfigurations.crd.projectcalico.org to v1
* Align ClusterRole for kube-controllers with upstream (calico)
2020-09-03 00:51:40 -07:00
Maxime Guyot
6245587dc8
Fix E306 in roles/network_plugin ( #6516 )
...
Signed-off-by: Miouge1 <maxime@root314.com>
2020-09-02 23:55:40 -07:00
Florian Ruynat
2faf53b039
Check node_ip is defined when removing etcd node ( #6603 )
2020-09-01 01:05:58 -07:00
Florian Ruynat
e0b1787740
Use crictl 1.19.0 for k8s 1.19.x ( #6598 )
2020-09-01 01:05:50 -07:00
Florian Ruynat
9849dba5d3
Update cni plugins with minor fix ( #6592 )
2020-08-31 05:16:21 -07:00
Barry Melbourne
03c9c091f2
Docker: Set Cgroup driver by default to systemd ( #6563 )
...
* Set Docker Cgroup driver to systemd
* Add docker_cgroup_driver in Docker defaults
2020-08-31 04:56:20 -07:00
Marc-Antoine
5a8b68a429
Add support for openstack application credentials ( #6534 )
...
* Add support for openstack application credentials
* Add some lines for readability
* Update external_openstack_tenant_id check
Do not check external_openstack_tenant_id when application credentials are defined
* Add check for external_openstack_domain_id
* Fix typo
2020-08-31 03:30:28 -07:00
Maxime Guyot
34d88ea6d9
Fix Ansible-lint E303 ( #6409 )
2020-08-31 03:30:20 -07:00
Florian Ruynat
0665b45e61
Update nginx ingress to 0.35.0 ( #6599 )
2020-08-31 03:24:21 -07:00
Maxime Guyot
648fcf3a2e
Fix E306 in roles/etcd ( #6515 )
2020-08-31 03:20:20 -07:00
Barry Melbourne
058438a25d
Remove support for CoreOS Container Linux ( #6576 )
2020-08-28 02:28:53 -07:00
Maxime Guyot
6e938a3106
Fix E306 in other roles ( #6517 )
2020-08-28 01:20:53 -07:00
Florian Ruynat
2f93d62aa5
Update nginx ingress to 0.34.1 ( #6571 )
2020-08-27 10:15:53 -07:00
Florian Ruynat
8ba3d7ec75
Add Kubernetes 1.19 hashes ( #6593 )
2020-08-27 09:45:53 -07:00
Hans Feldt
9e2d282709
cri-o: add variable to configure unsecure pull ( #6568 )
...
By default do not allow "unqualified" (without a registry) images
because it is considered unsecure and subject to mitm attacks.
To enable insecure pull configure for example:
crio_registries:
- "docker.io"
- "quay.io"
2020-08-27 09:09:53 -07:00
Florian Ruynat
706c7cb4f1
etcd should not fail when adding an already existing member ( #6587 )
2020-08-27 02:33:01 -07:00
Florian Ruynat
e7ee19bd66
Update bunch of dependencies with minor fixes ( #6570 )
2020-08-27 02:25:01 -07:00
nic0las
f59d3fc4a3
Deviceroutesourceaddress ( #6508 )
...
* add FELIX_DEVICEROUTESOURCEADDRESS calico option
* add calico_use_default_route_src_ipaddr option
add calico_use_default_route_src_ipaddr option to use FELIX_DEVICEROUTESOURCEADDRESS calico option
* Update k8s-net-calico.yml
2020-08-27 02:07:01 -07:00
Barry Melbourne
8e2bae0f2a
Fix Ansible Lint warnings (No such file or directory) ( #6581 )
2020-08-26 23:19:10 -07:00
Arthur Outhenin-Chalandre
e6dae03a0d
Add cilium hubble server in config ( #6575 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-26 23:19:02 -07:00
Arthur Outhenin-Chalandre
2f2ed116f7
Improve metallb template for bgp peers ( #6574 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-26 23:15:03 -07:00
Kuralamudhan Ramakrishnan
e91c6a7bd1
update the ovn4nfv-k8s-plugin image version to v1.1.0 ( #6531 )
...
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
2020-08-26 23:11:03 -07:00
Florian Ruynat
1ff95e85f4
Rollback coredns, should not have been updated before 1.19 ( #6573 )
2020-08-26 03:30:03 -07:00
Sulochan Acharya
36924b63dc
Allow webhook authorization ( #6502 )
2020-08-24 06:29:41 -07:00
jeanfabrice
411510cbe6
Use proper openssl command to differentiate between host and ip in API certificate check ( #6392 )
...
* Use proper openssl command to differentiate between host and ip in current certificate check
* fixup! Use proper openssl command to differentiate between host and ip in current certificate check
2020-08-21 02:03:39 -07:00
Florian Ruynat
6e2b8a5750
Add timeout to Get current version of calico cluster version, again ( #6493 )
2020-08-21 00:13:51 -07:00
Lars
ca66a96d0a
make pre-remove node draining a failable task ( #6442 )
...
and add configuration to allow ungraceful removal
2020-08-21 00:13:39 -07:00
Marc-Antoine
0c09ec5d13
Bump Openstack cloud controller image verison to 1.18.2 ( #6562 )
2020-08-21 00:10:03 -07:00
*=0=1=4=*
a8e2110b2d
#6552 Update extras_rh_repo_base_url ( #6556 )
2020-08-21 00:09:55 -07:00
Christian Strack
250541d29d
Use proper pypy download url in bootstrap script ( #6555 )
...
The bootstrap-os role uses a bootstrap script to provision a
python interpreter on flatcar and container os hosts. As the
pypy project switched to another hoster, the download url changed.
If applied this will use the new proper pypy download url in bootstrap script
2020-08-21 00:09:47 -07:00
Florian Ruynat
142b9e1eff
Update k8s hashes and set default version to 1.18.8 ( #6532 )
2020-08-21 00:09:39 -07:00
Michal Petko
91ae87fa60
Fix setting node label if kube_override_hostname is defined ( #6557 )
2020-08-20 06:23:30 -07:00
tasekida
d6456d13c2
Update coredns to 1.7.0 ( #6538 )
2020-08-20 04:33:44 -07:00
Florian Ruynat
98f7485303
Update weave to 2.7.0 + minor update to Cilium ( #6501 )
2020-08-20 04:33:36 -07:00
Samuel Liu
a42d811420
fix scale playbook ( #6482 )
2020-08-20 04:33:23 -07:00
Barry Melbourne
bf6fdce339
Fix cert-manager E305 ansible-lint error ( #6549 )
2020-08-20 04:25:45 -07:00
Bernard Landon
fa378f09c3
Edited pre-upgrade task to uncordon a node failing to drain ( #6546 )
2020-08-20 04:25:36 -07:00
holmesb
d8a749fd27
Update apiserver-audit-policy.yaml.j2 ( #6526 )
2020-08-18 00:49:37 -07:00
Florian Ruynat
78ceef6b15
Remove unused variable ( #6522 )
2020-08-18 00:45:29 -07:00
Arthur Outhenin-Chalandre
ca8e59fa85
Add new cilium options for native routing ( #6519 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-18 00:39:42 -07:00
Bernard Landon
b0210567aa
Fixed Kubespray container-engine/docker role to populate docker.service ( #6518 )
2020-08-18 00:39:30 -07:00
Arthur Outhenin-Chalandre
33ec13293b
Fix cilium_deploy_additionally with kubeadm etcd ( #6514 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-18 00:35:36 -07:00
Arthur Outhenin-Chalandre
bedb411d06
improve Cilium metrics support ( #6513 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-18 00:35:29 -07:00
Erwan Miran
ef3e98807e
tlsminversion and tlsciphersuites kubelet ( #6490 )
2020-08-13 02:48:13 -07:00
Arthur Outhenin-Chalandre
35682b5228
Fix cilium strict kube proxy replacement in HA ( #6473 )
...
* Update the cilium svc proxy test to HA mode
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
* Fix cilium strict kube-proxy in HA
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
* Add a single global endpoint variable
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
* Add cilium docs about kube-proxy replacement
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
* Fix issues in docs
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-06 00:14:55 -07:00
Barry Melbourne
9cc70e9e70
Upgrade JetStack Cert-Manager to v0.15.2 ( #6414 )
...
* Upgrade JetStack Cert-Manager to v0.15.2
* Add README.md table of contents
2020-08-05 23:26:55 -07:00
Maxime Guyot
fc23f37af7
Fix E306 in roles/kubernetes ( #6500 )
2020-08-05 07:56:28 -07:00
Sulochan Acharya
bfe143808f
Allows tls verify skip on webhook auth url ( #6472 )
2020-08-05 05:02:29 -07:00
Mike Williams
e72dbf3dfc
Option for MetalLB to talk BGP ( #6383 )
...
* Option for MetalLB to talk BGP
* Check for BGP peers when metallb_protocol is bgp
* README clarification
* Commented values as documentation only in the sample inventory
* layer 2 or BGP, not both
2020-08-05 01:52:40 -07:00
bozzo
cc70200a07
Fix Flexvolume mount in Openstack Controller ( #6480 )
2020-08-04 05:28:35 -07:00
Steven Reitsma
f3c17361da
Create a PodDisruptionBudget for the Cinder CSI controllerplugin ( #6385 )
2020-08-04 05:28:19 -07:00
Victor Morales
bdf0238328
Upgrade molecule to v3 ( #6468 )
...
Signed-off-by: Victor Morales <v.morales@samsung.com>
2020-08-04 05:24:19 -07:00
Florent Monbillard
39b907cdfb
Remove workaround for kubeadm upgrade ( #6478 )
...
https://github.com/kubernetes/kubeadm/issues/1498 was closed
2020-08-03 01:17:40 -07:00
Florian Ruynat
24a7878e7c
Update kube-router to 1.0.1 and kube-ovn to 1.3.0 ( #6479 )
2020-08-01 00:34:04 -07:00
Konstantin Lebedev
2364a84579
fix src for audit webhook config yaml ( #6470 )
2020-08-01 00:33:56 -07:00
Hans Feldt
c6e5be91e9
crio: align template crio.conf with upstream ( #6432 )
...
* log level by default increased to 'info'
* cgroup manager by default set to 'systemd'
* stream port (used by kubelet) bound to 127.0.0.1 for security reasons
* metrics can be enabled and port specified
2020-08-01 00:33:48 -07:00
fulii
ce22c0e6a4
Add option to configure IPVS timeouts in kube-proxy configration manifest. ( #6396 )
2020-08-01 00:33:40 -07:00
Maxime Lavandier
bd60df97aa
Fix download calico policy condition ( #6474 )
2020-08-01 00:29:48 -07:00
Cristian Chiru
94df580674
Moved docker_dns_options to defaults so it can be overridden ( #6394 )
...
* Moved docker_dns_options to defaults so it can be overridden
* Fixed yaml indentation and markdown
* Moved docker_dns_search_domains to defaults
2020-08-01 00:29:41 -07:00
Kuralamudhan Ramakrishnan
90e5f8ffe1
adding ovn4nfv in kubespray ( #6381 )
...
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
2020-07-31 07:33:08 -07:00
Florian Ruynat
bf6168fca8
Move fedora30 jobs to fedora32 ( #6426 )
2020-07-30 23:31:07 -07:00
Florian Ruynat
a78e861a89
Fix test if openstack_cacert is a base64 string ( #6421 )
2020-07-30 13:15:17 -07:00
Arthur Outhenin-Chalandre
3550e3c145
Adding kube-proxy-replacement support in cilium ( #6334 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-07-30 02:46:31 -07:00
Vladimir Masarik
8425c2363b
Replaced a broken link ( #6467 )
2020-07-30 00:58:31 -07:00
Samuel Liu
15ec44901d
azure csi typo ( #6469 )
2020-07-30 00:52:31 -07:00
Florent Monbillard
924cc11af6
Upgrade to kubernetes 1.18.6 ( #6405 )
...
- Add 1.17.9 and 1.16.13 SHAs
2020-07-29 14:54:09 -07:00