Commit graph

4252 commits

Author SHA1 Message Date
zhengtianbao
937e64d296
Update flannel use install-cni-plugin to fit upstream (#8714)
* Update flannel use install-cni-plugin to fit upstream

* Replace flannel cni repo

* Remove download flannel binary
2022-04-18 09:44:41 -07:00
Cristian Calin
3261d26181
[etcd] ensure etcd is properly upgraded when managed by kubeadm (#8722)
* [etcd] ensure etcd is properly upgraded when managed by kubeadm

* [CI] add periodic job to test upgrade of etcd managed by kubeadm
2022-04-17 10:32:41 -07:00
Mathieu Parent
c98a0a448f
metallb: Add images to downloads (#8715)
For offline mode
2022-04-14 10:06:46 -07:00
Mohamed Zaian
7e7218f5ce
etcd: add etcd v3.5.3 for kubernetes 1.21+ (#8712)
* As per this issue https://github.com/kubernetes-sigs/kubespray/pull/8664 I propose to make etcd v.3.5.3 default for any kubernetes version which uses 3.5.x since that 3.5.[0-2] not recommended for production.
2022-04-14 05:48:46 -07:00
Cristian Calin
45262da726
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707) 2022-04-14 01:08:46 -07:00
Julien Le Fur
30306d6ec7
Enable external CA mode for control-plane deployment (#8620) 2022-04-12 05:47:23 -07:00
Robin Wallace
d7254eead6
UpCloud integration (#8653)
* [upcloud] add upcloud csi-driver

* Option to use ansible_host as api ip for kubueconfig
2022-04-11 15:13:23 -07:00
Anthony Bible
9dced7133c
Fixes for Hetzner terraform and Hetzner Cloud (#8702)
* - add ability to specify the network_zone in hetzner terraform
- Export the network id from hetzner terraform the the generated inventory.ini

* - Add with_networks variable to allow different deployments of hcloud controller manager

- Add network id to hcloud controller secret (added via the inventory)

- Don't include extra_args if it's not set
2022-04-11 10:26:06 -07:00
Thomas Eberle
00a4d2d3c4
Removed quotation of nerdctl_extra_flags. (#8695)
The quotations in the variable nerdctl_extra_flags are not required for the `nerdctl_image_pull_command` and throw the following error when executing the cluster-playbook with `container_insecure_registries` set:
        unknown flag: --insecure-registry\\\"
This happens as the complete nerdctl_image_pull_command string variable gets split into an array string for the cmd task. The escaped quotation doesn't get escaped properly and is added to the cmd-string array as part of the command. This leads to a wrong written insecure-registry flag, which throws this error.
2022-04-08 08:02:43 -07:00
Samuel Liu
424ef3b3f9
[calico] add calico apiserver (#8690)
* [calico] add calico apiserver

* fix yamllint

* remove addext argument

* Configure API server with the CA bundle

* add check kdd
2022-04-08 00:02:42 -07:00
Mathieu Parent
996ef98b87
Add support for kube-vip (#8669)
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
2022-04-07 10:37:57 -07:00
Unai Arríen
19d5a1c7c3
Ensure all Kubelet required kernel values are configured when enabling protectKernelDefaults (#8692) 2022-04-07 08:33:59 -07:00
rtsp
0481dd946f
[cert-manager] Upgrade to v1.8.0 (#8688) 2022-04-06 00:52:57 -07:00
cyril-corbon
29109575f5
fix: reset docker was not removing docker properly (#8680)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-04-05 21:36:55 -07:00
emiran-orange
3782573ede
Single quotes are missing in jsonpath argument of kubectl get node (#8683) 2022-04-05 09:45:38 -07:00
Alessio Greggi
bba91a7524
split kube_feature_gates variable for different kubernetes components (#8677)
* feat: split kube_feature_gates variable for different kubernetes components

* docs: add kube_feaute_gates componet variables
2022-04-05 05:39:37 -07:00
Cristian Calin
b67cadf743
[crun] upgrade to 1.4.4 (#8675) 2022-04-04 23:57:36 -07:00
cyril-corbon
56dda4392c
[validate-container-engine] check if kubelet is present was not working (#8679)
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-04-04 09:34:12 -07:00
Cristian Calin
34fec09ff1
[containerd] upgrade versions to address CVE-2022-24769 (#8671)
* [containerd] add hashes for 1.5.11

* [containerd] add hashes for 1.6.2

* [containerd] make 1.6.2 the new default
2022-04-04 05:30:11 -07:00
Cristian Calin
cefd1339fc
[vsphere_csi] update to 2.5.1 and make external_vsphere_version 7.0u1 by default (#8676) 2022-04-04 01:08:11 -07:00
Cristian Calin
b915376194
[runc] upgrade to 1.1.1 (#8674) 2022-04-04 00:42:23 -07:00
Cristian Calin
455cc6ff75
[nerdctl] upgrade to 0.18.0 (#8672) 2022-04-04 00:42:11 -07:00
Cristian Calin
cc9c376d0f
[validate-container-engine] add facts tag to tasks needed for vagrant jobs (#8678) 2022-04-04 00:32:11 -07:00
Kenichi Omichi
018611f829
Fix quotation of nerdctl_extra_flags (#8668)
Due to missing quotation of nerdctl_extra_flags, ansible-playbook was failed:

  Using module file /usr/local/lib/python3.6/dist-packages/ansible/modules/command.py
  Pipelining is enabled.
    [..]
    File "/usr/lib/python3.8/shlex.py", line 191, in read_token
      raise ValueError("No closing quotation")

This fixes the issue.

T-Eberle investigated the issue and found the solution.
Thank you T-Eberle!
2022-04-02 10:56:09 -07:00
cyril-corbon
1781eab21f
fix: uninstall contailer engine if service is running (#8662) 2022-04-01 09:20:46 -07:00
Florian Ruynat
1c0df78278
Add ETCD_EXPERIMENTAL_INITIAL_CORRUPT_CHECK flag to etcd config (#8664) 2022-03-31 08:17:01 -07:00
Kenichi Omichi
503ab0f722
Run 0100-dhclient-hooks if dhcpclient is enabled (#8658)
If running Kubespray on static IP environments, a task was failed like:

  TASK [kubernetes/preinstall : Configure dhclient hooks for resolv.conf (RH-only)]
  fatal: [ak8s2]: FAILED! => {
    "changed": false, "checksum": "..",
    "msg": "Destination directory /etc/dhcp/dhclient.d does not exist"}

This adds a check for dhclientconffile for running 0100-dhclient-hooks to
run the task only if dhcpclient is enabled.
2022-03-29 00:11:11 -07:00
Calin Cristian Andrei
652f2edbe1 [etcd] add 0 hash for arm v3.5.2 to prevent deployment failures 2022-03-28 08:40:30 +02:00
rtsp
a67e36703f
Update cert-manager to v1.7.2 (#8648) 2022-03-26 04:53:22 -07:00
Florian Ruynat
d46817d690 Remove centos7 molecule while opensuse mirror is flaky 2022-03-25 16:57:58 -07:00
Cristian Calin
fa9f85c7e9
[sysctl] set fs.may_detach_mounts=1 even when CRIs don't set it themselves (#8635) 2022-03-21 17:36:13 -07:00
Fredrik Liv
ffa285c2e7
Fixed cluster roles for openstack cloud controller (#8638) 2022-03-21 06:19:21 -07:00
Kenichi Omichi
7b1dc600d5
Fix the condition of drain on pre-remove task (#8634)
When running cluster.yml for new machines what containerd is already
install but Kubernetes cluster were not installed before, the task
"remove-node | List nodes" is failed like

  "changed": false,
  "cmd": [
    "/usr/local/bin/kubectl", "--kubeconfig",
    "/etc/kubernetes/admin.conf", "get", "nodes", "-o",
    "go-template={{ range .items }}{{ .metadata.name }}
    {{ "\n" }}{{ end }}"
   ],
   ..
   "stderr": "error: stat /etc/kubernetes/admin.conf: no such file or directory",

That was due to lack to check the existing Kubernetes cluster exists
or not before running "kubectl drain" command.
This adds the check to avoid the issue.
2022-03-21 01:39:10 -07:00
Fredrik Liv
af7066d33c
Updated openstack cloud controller version to v1.22.0 (#8629)
* Updated openstack cloud controller version to match kubernetes version

* Rolled back file structure change
2022-03-18 01:47:16 -07:00
Cristian Calin
dd2d95ecdf
[calico] don't enable ipip encapsulation by default and use vxlan in CI (#8434)
* [calico] make vxlan encapsulation the default

* don't enable ipip encapsulation by default
* set calico_network_backend by default to vxlan
* update sample inventory and documentation

* [CI] pin default calico parameters for upgrade tests to ensure proper upgrade

* [CI] improve netchecker connectivity testing

* [CI] show logs for tests

* [calico] tweak task name

* [CI] Don't run the provisioner from vagrant since we run it in testcases_run.sh

* [CI] move kube-router tests to vagrant to avoid network connectivity issues during netchecker check

* service proxy mode still fails connectivity tests so keeping it manual mode

* [kube-router] account for containerd use-case
2022-03-17 18:05:39 -07:00
Sergey
a86d9bd8e8
do not remove package in validate container engine role when Fedora CoreOS distr (#8626) 2022-03-17 06:49:20 -07:00
Calin Cristian Andrei
21b1516d80 [kubernetes] add hashes for 1.21.11 2022-03-17 05:03:20 -07:00
Calin Cristian Andrei
4c15038194 [kubernetes] add hashes for 1.22.8 2022-03-17 05:03:20 -07:00
Calin Cristian Andrei
538f9df5cc [kubernetes] make 1.23.5 the default 2022-03-17 05:03:20 -07:00
Calin Cristian Andrei
efb0412b63 [kubernetes] add hashes for 1.23.5 2022-03-17 05:03:20 -07:00
Qasim Mehmood
5a486a5cca
Calico: Fix Wireguard support for CentOS Stream 9/RHEL 9 Beta (#8625) 2022-03-17 04:11:20 -07:00
Cristian Calin
394857b5ce
[docker] add support for cri-dockerd as a replacement for dockershim (#8623) 2022-03-16 16:28:11 -07:00
Cristian Calin
5043517cfb
[containerd] avoid cleanup of /usr/bin on ostree distributions (#8624) 2022-03-15 13:47:48 -07:00
Max Gautier
307d122a84
Helm-apps role for installing helm charts (#8347)
* Sketch of helm-apps role interface

* helm-apps: Early implementation and settings

* helm-apps: Fix README.md example playbook

* fixup! Sketch of helm-apps role interface

* Make the argument specs more explicit

* Remove exposed options from hardcoded default

* Simplify example playbook in README.md

- Define directly the roles parameters
- Add an example of option override for one chart only

* Use release instead of charts

Make explicit that the role is mananing releases, not charts.
Simplify parameters naming
2022-03-14 08:29:58 -07:00
onock
d444a2fb83
[systemd-resolved] Fix DNS configuration according to docs/dns-stack.md and during reset of cluster (#8560) (#8561) 2022-03-14 02:08:22 -07:00
spaced
2b79be68e7
fix typo and duplicated declaration of ingressclasses (#8591) 2022-03-12 23:36:23 -08:00
Mac Chaffee
512d5e3348
Restart etcd if the etcd version changes (#8556)
Signed-off-by: Mac Chaffee <me@macchaffee.com>
2022-03-11 18:08:23 -08:00
Unai Arríen
4b6892ece9
Add epoch to docker-ce and docker-ce-cli packages to ensure docker up… (#8618)
* Add epoch to docker-ce and docker-ce-cli packages to ensure docker upgrade

* Split container-engine redhat vars to support legacy RHEL 7 version management

* Support ansible_distribution_major_version when disvering vars with ansible_os_family
2022-03-11 02:45:07 -08:00
Toni Tauro
5a49ac52f9
feat(calico): add configurable ipam strictaffinity (#8581)
Signed-off-by: Toni Tauro <toni.tauro@adfinis.com>
2022-03-07 22:58:33 -08:00
Cristian Calin
db1e30e4fc
[calico] add 3.22.1 (#8612) 2022-03-07 22:54:34 -08:00