C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
6199 commits 17 branches 66 tags 141 MiB
Commit graph

6199 commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Cristian Calin cee481f63d
cert-manager: upgrade to 1.5.4 (#8069) 
* cert-manager: update to 1.5.4

* cert-manager: remove outdated guidelines on creating an initial ClusterIssuer
 2021-10-12 09:17:47 -07:00
Max Gautier e4c8c7188e
etcd: deploy container engine if needed (#7532) 
If the etcd cluster is separate and the etcd_deployment_type is "host",
there is no need for a container engine on the etcd nodes

Do not rely on a 'default(true)' filter, but define a proper default in
kubespray-defaults depending on etcd deployment method and if internal
or external etcd is used
 2021-10-12 00:31:47 -07:00
rtsp 6c004efd5f
cert_manager: Remove deprecated ClusterIssuer and its Secret (#8064) 2021-10-11 09:40:40 -07:00
Necatican Yıldırım 1a57780a75
Add kubeadm_join_phases_skip variable (#8067) 
* Add kubeadm_join_phases_skip variable

* Update kubeadm_join_phases_skip comment

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* Add kubeadm_join_phases_skip_default variable to follow the same logic with kubeadm_init_phases_skip

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
 2021-10-11 09:36:41 -07:00
Maciej Wereski ce25e4aa21
MetalLB: update to v0.10.3 (#8071) 
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
 2021-10-11 08:54:40 -07:00
Rene Luria ef4044b62f
csi_driver / cinder: implement rescan-on-resize variable via (#8057) 
cinder_csi_rescan_on_resize
 2021-10-11 02:14:40 -07:00
Florian Ruynat 9ffe5940fe
Remove TF 0.14/0.15 support - Add TF 1.x support only (#8062) 2021-10-08 09:01:06 -07:00
Florian Ruynat c8d9afce1a
Update a bunch of tools (#8061) 2021-10-08 09:00:59 -07:00
Florian Ruynat 285983a555
Update docker version to 20.10.9 - CVE fixes (#8060) 2021-10-08 08:56:58 -07:00
Cristian Calin ab4356aa69
Calico: bump default version to 3.20.2 (#8058) 2021-10-07 12:59:33 -07:00
Fredrik Liv e87d4e9ce3
Added terraform script for Hetzner cloud (#8053) 2021-10-07 10:11:46 -07:00
Maxim Pogozhiy 5fcf047191
local-volume-provisioner quay.io -> k8s.gcr.io (#8054) 2021-10-06 17:08:41 -07:00
Florian Ruynat c68fb81aa7
Clarify documentation for integration.md (#8049) 2021-10-06 16:44:41 -07:00
Rene Luria e707f78899
After upgrade, allow cilium to be back before uncordoning (#7978) 
* After upgrade, allow cilium to be back before uncordoning

* add eol

* use kube_config_dir variable
resolves https://github.com/kubernetes-sigs/kubespray/pull/7978#discussion_r721685549
 2021-10-05 12:56:58 -07:00
Ilya Margolin 41e0ca3f85
Move kube_feature_gates to kubelet config (#8048) 
to remove deprecation warning:

> Flag --feature-gates has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag.
 2021-10-05 06:07:10 -07:00
Orhun Parmaksız c5c10067ed
Update kubespray version to 2.17.x in first cluster guide (#8043) 2021-10-04 00:09:07 -07:00
Iago Santos 43958614e3
Fix kubespray flatcar ansible_os_family and ansible_distribution (#8029) 
Closes https://github.com/kubernetes-sigs/kubespray/issues/8028

Signed-off-by: Iago Santos <iago.santos.pardo@adfinis.com>
 2021-10-01 09:11:23 -07:00
rtsp af04906b51
Ensure apparmor is installed (#8036) 
Kubespray deployment failed when using containerd backend on nodes that apparmor was not installed or previously removed. This PR ensure apparmor is installed by adding it into required_pkgs var.
 2021-09-29 23:52:08 -07:00
Cristian Calin c7e17688b9
gVisor: bump release to 20210921 version (#8015) 
* gVisor: bump release to 20210921 version

* gVisor: drop support for 20210518.0 version
 2021-09-29 11:35:20 -07:00
Olivier Lemasle ac76840c5d
Upgrade ruamel.yaml.clib to work with Python 3.10 (#8034) 
ruamel.yaml.clib did not build with the upcoming Python 3.10.

Cf. https://sourceforge.net/p/ruamel-yaml-clib/tickets/5/

ruamel.yaml.clib==0.2.4 fixes the issue. It does not work
with Python 3.7 (cf https://sourceforge.net/p/ruamel-yaml-clib/tickets/6/)
but currently Kubespray requires Python >= 3.9.
 2021-09-29 07:04:49 -07:00
Peter Pan f5885d05ea
In CentOS 8.x Docker install Step: remove podman when existing (#8016) 2021-09-29 06:32:48 -07:00
Nicolas Goudry af949cd967
Fix invalid documentation links (#7692) 
* Fix invalid link to Ansible documentation

* Fix invalid link to mitogen doc page

* Fix invalid link to calico doc page

* Fix all invalid links to doc pages
 2021-09-28 09:58:43 -07:00
Frank Filippone eee2eb11d8
Update weave template to match source for 2.8.1 (#8013) 2021-09-28 09:16:43 -07:00
Kenichi Omichi 8d3961edbe
Add metrics_server_resizer option (#8018) 
The addon-resizer container can reduce resource limits of cpu and
memory of metrics-server container in the pod, and that caused
OOMKilled.
In addition, the original metrics-server manifest doesn't contain
the addon-resizer container as [1].
So this adds metrics_server_resizer option to control the addon-resizer
container deployment and the default value is false to make it stable
for most environments.

[1]: 527679e5e8/manifests/base/deployment.yaml
 2021-09-28 00:02:42 -07:00
Marcos Lorenzo 4c5328fd1f
Determine root filesistem device and partition before running growpart (#8024) 2021-09-27 23:58:42 -07:00
David Louks 1472528f6d
check if 'plugins' key exists in calico_cni_config object (#7717) 
* check if 'plugins' key exists in calico_cni_config object

* fix whitespace linting error

* fixed when list indentation
 2021-09-27 11:04:20 -07:00
Victor Morales 9416c9aa86
Enable stable and edge Docker CLI versions (#8019) 2021-09-27 10:44:19 -07:00
Kenichi Omichi da92c7e215
Add proxy for subscription-manager (#8012) 
If using proxy, it is necessary to configure it before running
"subscription-manager status" command.
This adds the step.
 2021-09-27 08:47:35 -07:00
Kenichi Omichi d27cf375af
Remove allowPrivilegeEscalation from metrics-server (#8014) 
"allowPrivilegeEscalation: false" blocks deploying metrics-server
on CentOS7. In addition, the original metrics-server manifest doesn't
contain it as [1]. This removes it.

[1]: 527679e5e8/manifests/base/deployment.yaml
 2021-09-27 08:43:36 -07:00
Victor Morales 432a312a35
Enable stable and edge containerd versions (#8020) 2021-09-27 08:11:35 -07:00
Cristian Calin 3a6230af6b
Kata-Containers: update versions 2.2.0 (default) and 2.1.1 (#8017) 
* Kata-Containers: add 2.2.0 hashes and make default

* Kata-Containers: replace 2.1.0 with bugfix version 2.1.1

* Kata-Containers: move to q35 a more modern VM architecture as 'pc' is removed in 2.2.0
 2021-09-27 08:07:35 -07:00
Florian Ruynat ecd267854b
Move ovn4nvf crd from v1beta1 to v1 (#8006) 2021-09-27 01:18:22 -07:00
Hugo Blom ac846667b7
Check if openstack application credentials are empty since they always exists (#8021) 2021-09-27 01:14:22 -07:00
Cristian Calin 33146b9481
CI: Add Calico eBPF in HA mode test (#7710) 
* Sample-Inventory: add sample for calico_bpf_enabled

* Calico-Doc: note about CONFIG_NET_SCHED for eBPF support

* CI: Add Calico eBPF in HA mode test
 2021-09-24 09:57:23 -07:00
rtsp 4bace2491d
Ensure apparmor is installed (#8011) 
Kubespray deployment failed when using containerd backend on nodes that apparmor was not installed or previously removed. This PR ensure apparmor is installed by adding it into required_pkgs var.
 2021-09-24 07:55:23 -07:00
Kenichi Omichi 469b3ec525
Add definition check of disable_service_firewall (#7995) 
When not specifying disable_service_firewall, the task is failed.
This adds the definition check.
 2021-09-24 02:31:23 -07:00
Maxim Pogozhiy 22017b7ff0
kube-router 1.3.0 -> 1.3.1 (#8007) 2021-09-23 13:42:55 -07:00
Florian Ruynat 88c11b5946
Revert "etcd: enable v2 api only if needed (#8001)" (#8008) 
This reverts commit c0e1211abe.
 2021-09-23 10:43:14 -07:00
Kenichi Omichi 843252c968
Use kube_config_dir for kubeconfig (#7996) 
The path of kubeconfig should be configurable, and its default value
is /etc/kubernetes/admin.conf. Most paths of the file are configurable
but some were not. This make those configurable.
 2021-09-23 10:19:13 -07:00
Eric Lake ddea79f0f0
Issue 8004: Fix typha prometheus (#8005) 
The typha prometheus settings were in the `volumeMounts` section of the
spec and not in the `envs` section. This was cauing the deployment to
fail because it was looking for a volumeMount.

```
failed: [controller-001.a2.da.dev.logdna.net] (item=calico-typha.yml) => {"ansible_loop_var": "item", "changed": false, "item": {"ansible_loop_var": "item", "changed": true, "checksum": "598ac79530749e8e2110793b53fc49ac208e7130", "dest": "/etc/kubernetes/calico-typha.yml", "diff": [], "failed": false, "gid": 0, "group": "root", "invocation": {"module_args": {"_original_basename": "calico-typha.yml.j2", "attributes": null, "backup": false, "checksum": "598ac79530749e8e2110793b53fc49ac208e7130", "content": null, "delimiter": null, "dest": "/etc/kubernetes/calico-typha.yml", "directory_mode": null, "follow": false, "force": true, "group": null, "local_follow": null, "mode": null, "owner": null, "regexp": null, "remote_src": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": "/home/core/.ansible/tmp/ansible-tmp-1632349768.56-75434-32452975679246/source", "unsafe_writes": null, "validate": null}}, "item": {"file": "calico-typha.yml", "name": "calico", "type": "typha"}, "md5sum": "53c00ac7f562cf9ecbbfd27899ea066d", "mode": "0644", "owner": "root", "size": 5378, "src": "/home/core/.ansible/tmp/ansible-tmp-1632349768.56-75434-32452975679246/source", "state": "file", "uid": 0}, "msg": "error running kubectl (/opt/bin/kubectl --namespace=kube-system apply --force --filename=/etc/kubernetes/calico-typha.yml) command (rc=1), out='service/calico-typha unchanged\n', err='error: error validating \"/etc/kubernetes/calico-typha.yml\": error validating data: [ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[2]): unknown field \"value\" in io.k8s.api.core.v1.VolumeMount, ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[2]): missing required field \"mountPath\" in io.k8s.api.core.v1.VolumeMount, ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[3]): unknown field \"value\" in io.k8s.api.core.v1.VolumeMount, ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[3]): missing required field \"mountPath\" in io.k8s.api.core.v1.VolumeMount]; if you choose to ignore these errors, turn validation off with --validate=false\n'"}
```
 2021-09-23 08:37:22 -07:00
Max Gautier c0e1211abe
etcd: enable v2 api only if needed (#8001) 
* etcd: enable v2 api only if needed

Only enable v2 API if we have a consumer (flannel)
This reduce the exposed surface for etcd.

* Fix bad group name
 2021-09-22 12:36:32 -07:00
Florian Ruynat c8d7f000c9
Remove k8s hooks for versions prior to 1.20 (#7998) 2021-09-22 10:32:01 -07:00
Léopold Jacquot 598f178054
Fix cilium operator metrics activation (#8000) 2021-09-22 10:00:02 -07:00
Florian Ruynat 6f8b24f367 Allow failure in cert manager job 2021-09-22 09:50:01 -07:00
Florian Ruynat 5d1b34bdcd Move min k8s version to 1.20 2021-09-22 09:50:01 -07:00
Florian Ruynat 8efde799e1 Update kubernetes version to 1.22.2 2021-09-22 09:50:01 -07:00
Florian Ruynat 96b61a5f53 Update KUBE_VERSION in gitlab-ci following release 2021-09-22 09:50:01 -07:00
Cristian Calin a517a8db01
Drop chech for kubelet_shutdown_grace_period (#7993) 
and kubelet_shutdown_grace_period_critical_pods as ansible cannot do
sane time interval calculations
 2021-09-21 18:34:00 -07:00
Wang Zhen 2211504790
Fix k8s-certs-renew cp path (#7992) 
Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
 2021-09-21 00:36:22 -07:00
Cristian Calin fb8662ec19
Calico: update versions 3.20.1, 3.19.3 (#7984) 
* make Calico 3.20.1 the default version
* drop Calico 3.17.x support
 2021-09-20 17:40:23 -07:00