C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
6822 commits 17 branches 66 tags 141 MiB
Commit graph

4568 commits

Author SHA1 Message Date
Piotr Kowalczyk 3b99d24ceb
Fix: install calico-kube-controller on kdd (#9358) 
* Fix: install policy controller on kdd too

* Remove the calico_policy_version condition altogether

* Install policy controller both on canal and calico under same condition
 2022-10-10 19:45:01 -07:00
Kay Yan 4701abff4c
upgrade-api-version-for-PodDisruptionBudget (#9369) 2022-10-10 17:51:02 -07:00
Joe Siponen 717b8daafe
Download coredns image to all hosts in k8s_cluster (#9316) 
Coredns image must be available everywhere as it
may be rescheduled to a non-control-plane-node.
 2022-10-08 05:03:19 -07:00
Kevin Huang c346e46022
fix(cinder-csi-nodeplugin): Remove the pods-cloud-data volume (#9362) 2022-10-08 01:23:19 -07:00
Kenichi Omichi 24632ae81b
Add check_typo job (#9361) 
To block merging pull requests which contain typo automatically.
 2022-10-07 02:21:53 -07:00
JSpon befde271eb
Use hostname override in post-remove role, just as pre-remove role does (#9360) 2022-10-06 15:03:52 -07:00
Huang Chen-Yi d689f57c94
Features/support kubeadm patches v1beta3 (#9326) 
* Support kubeadm patches in v1beta3

* Update kubeadm patches sample files in inventory

* Fix pre-commit syntax

* Set kubeadm_patches  enabled to false in sample inventory
 2022-10-06 00:39:52 -07:00
William Turner ad3f503c0c
Fix default value for kubelet_secure_addresses (#9355) 2022-10-06 00:35:51 -07:00
Eugene Artemenko 8b9cd3959a
Add possibility to skip adding load balancer name in the hosts file (#9331) 2022-10-04 06:26:16 -07:00
Emin AKTAS dffeab320e
feat: add a paramater to disable host nameservers (#9357) 
Signed-off-by: eminaktas <eminaktas34@gmail.com>

Signed-off-by: eminaktas <eminaktas34@gmail.com>
 2022-10-04 06:22:17 -07:00
Kay Yan 999586a110
sysctl_additional (#9351) 2022-10-02 23:06:14 -07:00
Kay Yan 44115d7d7a
support-kube-1.25 (#9260) 
Co-authored-by: Rene Luria <rene.luria@infomaniak.com>
 2022-09-29 23:34:30 -07:00
Florian Ruynat 841e2f44c0
Remove references to 1.22 (#9342) 2022-09-28 14:10:29 -07:00
Hugo Blom a8e4984cf7
Add missing permissions to openstack cc (#9335) 
Add missing permissions to Openstack cloud controller to make sure controller runs as intended
 2022-09-27 22:19:35 -07:00
Rene Luria 3646dc0bd2
fix: remove trailing backslash and yaml indent (#9339) 
* fix: remove trailing backslash

* fixed indent in cilium config template
 2022-09-27 19:45:35 -07:00
biqiang Wu 31caab5f92
Fix: The Hubble certificate is faulty because the cluster name is hard coded (#9340) 
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>

Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
 2022-09-27 05:57:52 -07:00
ERIK 472996c8b3
update pause image version (#9337) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-09-27 00:49:52 -07:00
Shelming.Song d62c67a5f5
allow user to set env: FELIX_MTUIFACEPATTERN in calico-node.yml (#9330) 2022-09-26 21:57:45 -07:00
Federico Cucinella e486151aea
cloud-provider-openstack: upgrade 1.22.0 to 1.23.4 (#9332) 2022-09-26 17:35:46 -07:00
Ho Kim 18efdc2c51
Fix typos in calico (#9327) 2022-09-26 00:11:44 -07:00
Zhong Jianxin 6dff39344b
preinstall: Add nodelocaldns to supersede_nameserver if enabled (#9282) 
When a machine that use dhclient and resolvconf reboots, this will make /etc/resolv.conf
remain close to the one before reboot
 2022-09-25 20:19:44 -07:00
Robin Wallace c4de3df492
upcloud csi driver: bump version to v0.3.3 (#9317) 2022-09-24 13:18:04 -07:00
Ilya Margolin f2e11f088b
Hotfix containerd restart (#9322) 2022-09-24 13:14:04 -07:00
Victor Morales 782f0511b9
Define ostree variable for runc (#9321) 
The ostree variable is not defined previously raising an error when
the runtime tries to read it.
 2022-09-24 13:00:11 -07:00
Florian Ruynat 4ad67acedd
Move back vsphere csi to kube-system ns (#9312) 2022-09-23 10:46:26 -07:00
Kei Kori 467dc19cbd
support removing options in resolvconf with tab separator (#9304) 2022-09-23 10:42:27 -07:00
Ilya Margolin 726711513f
[containerd] Allow configuring base_runtime_spec per containerd runtime (#9302) 
and supply a default runtime spec.
 2022-09-23 10:38:27 -07:00
Emin AKTAS 9468642269
feat: allows users to have more control on DNS (#9270) 
Signed-off-by: eminaktas <eminaktas34@gmail.com>

Signed-off-by: eminaktas <eminaktas34@gmail.com>
 2022-09-23 10:28:26 -07:00
Samuel Liu d387d4811f
replace createhome (#9314) 2022-09-23 00:26:39 -07:00
Kay Yan 1b3c2dab2e
add_max_concurrent_in_coredns (#9307) 2022-09-22 04:27:03 -07:00
Mohamed Zaian 76573bf293
[kubernetes] Add hashes for 1.24.6, 1.22.15, 1.23.12 and make v1.24.6 default (#9308) 2022-09-22 04:13:03 -07:00
Kay Yan 5d3326b93f
add-ping-package (#9284) 2022-09-21 23:55:05 -07:00
Mohamed Zaian 68dac4e181
[flannel] update to v1.19.2 & make it default (#9296) 2022-09-21 23:51:04 -07:00
Ilya Margolin 262c96ec0b
Remove duplication in template (#9301) 
by concatenating default and additional runtimes
 2022-09-21 08:33:15 -07:00
Mohamed Zaian 2acdc33aa1
[helm] upgrade to 3.9.4 (#9298) 2022-09-20 04:37:20 -07:00
Krystian Młynek 8acd33d0df
Calico: add wireguard support for Rocky Linux 9 (#9287) 2022-09-20 00:29:20 -07:00
pingrulkin a2e23c1a71
vsphere-csi: add nodeAffinity to daemonset (#9293) 2022-09-19 17:47:22 -07:00
rtsp 1b5cc175b9
[cert-manager] Upgrade to v1.9.1 (#9295) 2022-09-19 17:43:22 -07:00
Mohamed Zaian a71da25b57
[argocd] update argocd to v2.4.12 (#9297) 2022-09-19 17:37:22 -07:00
Vadim 5ac614f97d
fix duplicate field in ingress-nginx template (#9285) 2022-09-19 03:03:22 -07:00
ErmalKristo b8b8b82ff4
Adds support for multiple architectures to yq (#9288) 2022-09-19 02:14:38 -07:00
Necatican Yıldırım 7da3dbcb39
Cilium 1.12 Upgrade (#9225) 
* Drop support for Cilium < 1.10

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Synchronize Cilium templates for 1.11.7

Signed-off-by: necatican <contact@necatican.com>

* Set Cilium v1.12.1 as the default version

Signed-off-by: necatican <contact@necatican.com>

Signed-off-by: necatican <necaticanyildirim@gmail.com>
Signed-off-by: necatican <contact@necatican.com>
 2022-09-19 02:14:31 -07:00
Mohamed Zaian 680293e79c
[kubernetes] Add hashes for 1.24.5, 1.22.14, 1.23.11 and make v1.24.5 default (#9286) 2022-09-19 02:10:31 -07:00
Mahdi Abbasi 023b16349e
Add variable for the vsphere-csi namespace (#9278) 2022-09-15 02:01:23 -07:00
Kay Yan 97ca2f3c78
add-timezone-support (#9263) 2022-09-14 21:11:22 -07:00
ERIK 7c2fb227f4
Add LimitMEMLOCK parameter configuration in containerd.service (#9269) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-09-13 02:51:06 -07:00
ghostloda 08bfa0b18f
Upgrade ingress nginx webhook to 1.3.0 (#9271) 2022-09-13 01:47:05 -07:00
Ho Kim 952cad8d63
Remove mutual exclusivity in calico: NAT and router mode (#9255) 
* Add optional NAT support in calico router mode

* Add a blank line in front of lists

* Remove mutual exclusivity: NAT and router mode

* Ignore router mode from NAT

* Update calico doc
 2022-09-13 00:19:07 -07:00
cleverhu fc57c0b27e
fix number node name can't be added (#9266) 
Signed-off-by: cleverhu <shouping.hu@daocloud.io>

Signed-off-by: cleverhu <shouping.hu@daocloud.io>
 2022-09-13 00:09:05 -07:00
Samuel Liu dd4bc5fbfe
[etcd] Sometimes, we do not need to run etcd role on all nodes. (#9173) 
* WIP: sometimes,we not run etcd

* fix ansible lint

* like calico(kdd) cni, no need run etcd
 2022-09-09 01:29:22 -07:00
Mohamed Zaian d2a7434c67
[ingress-nginx] upgrade to 1.3.1 (#9264) 2022-09-09 00:37:23 -07:00
ghostloda f3fb758f0c
Remove useless file (#9258) 2022-09-07 17:10:49 -07:00
Krystian Młynek 6386ec029c
add retries for restart of kube-apiserver (#9256) 
* add retries for restart of kube-apiserver

* change var name
 2022-09-07 16:48:49 -07:00
Ho Kim ad7cefa352
Ignore deleting nodes that are not in cluster (#9244) 2022-09-05 19:50:54 -07:00
Ho Kim 09d9bc910e
Fix typos in calico comments (#9254) 2022-09-05 18:46:54 -07:00
Michael Schmitz be2bfd867c
Add Support for Rewrite Plugin to CoreDNS/NodelocalDNS (#9245) 2022-09-03 16:16:35 -07:00
lou-lan 133a7a0e1b
Add featureDetectOverride configration of calico (#9249) 2022-09-02 04:58:05 -07:00
Cristian Calin 6db6c8678c
disable kubelet_authorization_mode_webhook by default (#9238) 2022-08-31 04:53:00 -07:00
蒋航 7ebb8c3f2e
make calico installation more stable (#9227) 
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
 2022-08-30 21:13:01 -07:00
Alessio Greggi acb6f243fd
feat: add kubelet systemd service hardening option (#9194) 
* feat: add kubelet systemd service hardening option

* refactor: move variable name to kubelet_secure_addresses

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* docs: add diagram about kubelet_secure_addresses variable

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
 2022-08-30 11:18:55 -07:00
tasekida 220f149299
Fix abort because calicoctl.sh is not a full path (#9217) 2022-08-30 08:07:02 -07:00
Florian Ruynat 617b17ad46
Fix kube_ovn_hw_offload value (#9218) 2022-08-30 03:21:01 -07:00
kakkotetsu 9dc9a670a5
add runc v1.1.4 (#9230) 2022-08-30 02:01:01 -07:00
Kay Yan b46ddf35fc
kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod (#9223) 
* fix-kube-vip-strict-arp

* fix-kube-vip-strict-arp
 2022-08-30 00:21:02 -07:00
Chad Swenson de762400ad
Fixes for calico_datastore: etcd (#9228) 
It seems that PR #8839 broke `calico_datastore: etcd` when it removed ipamconfig support for etcd mode.

This PR fixes some failing tasks when `calico_datastore == etcd`, but it does not restore ipamconfig support for calico in etcd mode. If someone wants to restore ipamconfig support for `calico_datastore: etcd` please submit a follow up PR for that.
 2022-08-29 22:41:00 -07:00
Cristian Calin e60ece2b5e
[CI] remove opensuse Leap from molecule test blocking CI (#9229) 2022-08-29 11:44:49 -07:00
Krystian Młynek 64daaf1887
cri-dockerd: add restart of docker.service (#9205) 
* cri-dockerd: add restart of docker.service

* remove enabling of cri-dockerd.socket
 2022-08-24 05:50:02 -07:00
Shelming.Song c8a61ec98c
optimize the format of evictionHard in kubelet-config.yaml template (#9204) 2022-08-23 01:55:24 -07:00
Pavel Chekin 8f899a1101
Fix containerd (<1.7) configuration for insecure registries (#9207) 
For the following configuration

```
    containerd_insecure_registries:
      docker.io:
        - dockerhubcache.example.com
```

the rendered /etc/containerd/config.toml contains

```
        [plugins."io.containerd.grpc.v1.cri".registry.configs."docker.io".tls]
          insecure_skip_verify = true
```

but it needs to be

```
        [plugins."io.containerd.grpc.v1.cri".registry.configs."dockerhubcache.example.com".tls]
          insecure_skip_verify = true
```
 2022-08-22 23:13:23 -07:00
Mostafa Ghadimi 386c739d5b
🌱 Enable cri-dockerd service (#9201) 
* 🌱 Enable cri-dockerd service

* 🔨 Fix the task name in order to pass the CI tests
 2022-08-22 07:17:43 -07:00
Tristan bbd1161147
9035: Make Cilium rolling-restart delay/timeout configurable (#9176) 
See #9035
 2022-08-22 02:37:44 -07:00
Mohamed Zaian ab938602a9
[kubernetes] Add hashes for 1.24.4, 1.22.13, 1.23.10 and make v1.24.4 default (#9191) 2022-08-21 23:11:44 -07:00
Ho Kim e31890806c
Add 'avoid-buggy-ips' support of MetalLB (#9166) 2022-08-18 21:49:51 -07:00
Tomas Zvala 30c77ea4c1
Add the option to enable default Pod Security Configuration (#9017) 
* Add the option to enable default Pod Security Configuration

Enable Pod Security in all namespaces by default with the option to
exempt some namespaces. Without the change only namespaces explicitly
configured will receive the admission plugin treatment.

* Fix the PR according to code review comments

* Revert the latest changes

- leave the empty file when kube_pod_security_use_default, but add comment explaining the empty file
- don't attempt magic at conditionally adding PodSecurity to kube_apiserver_admission_plugins_needs_configuration
 2022-08-18 01:16:36 -07:00
GreatLazyMan 175cdba9b1
Add 'flush ip6tables' task in reset role (#9168) 
* Add 'flush ip6tables' task in reset role 

If enable_dual_stack_networks is set to true and ip6 is defined,ip6tables will be created. But when reset the kubernetes cluster, kubespray doesn't flush ip6tables.

* [CI] fix molecule tests on opensuse by upgrading to 15.4 (#9175)

* [CI] fix molecule tests on opensuse by upgrading to 15.4

* [opensuse] use correct python crytography package name depending on distribution version

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
 2022-08-18 01:12:37 -07:00
Thearas ea29cd0890
add list nodes rules to cilium-operator clusterrole (#9178) 2022-08-18 01:02:36 -07:00
Ho Kim be5fdab3aa
Disable DNSStubListener for Flatcar Linux (#9160) 
* Disable DNSStubListener for Flatcar Linux

* Fix missing "Flatcar" condition of os_family
 2022-08-18 00:56:49 -07:00
Piotr Kowalczyk 49d869f662
Fix CSI drivers issues on Azure (#9153) 
* Include missing azuredisk rbac manifest

* Remove missing azure csi manifest

* Remove invalid reference mount to waagent settings

* Use cloud-config secret instead of /etc/kubernetes/cloud_config file
 2022-08-18 00:56:36 -07:00
Samuel Liu b36bb9115a
[calico] calico rr supports multiple groups (#9134) 
* update calico rr

* fix bgppeer conf

* fix yamllint

* fix ansible lint

* fix calico deploy

* fix yamllint

* fix some typo
 2022-08-18 00:52:37 -07:00
ERIK 9ad2d24ad8
Add unsafe_show_logs switch (#9164) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-08-16 18:52:48 -07:00
Kay Yan 0088fe0ab7
add-tar-in-common-package (#9184) 2022-08-16 05:17:18 -07:00
Mohamed Zaian ab93b17a7e
[containerd] upgrade to 1.6.8 , add hashes, containerd now supports ppc64le from v1.6.7 (#9181) 2022-08-16 05:17:07 -07:00
Jin Li 9f1b980844
Update dashboard to 2.6.1 (#9185) 2022-08-16 04:57:08 -07:00
Alessio Greggi 86d05ac180
fix: remove condition for user creation (#9125) 
This condition blocks the creation of the `etcd` user in certain conditions.
Specifically, when you have a `etcd_deployment_type: kubeadm` and `kube_owner: root`.
Being the `root` user already present on the system, this will not be a problem (due to the idempotency of ansible).
 2022-08-15 23:55:07 -07:00
Peter Pan bf6fcf6347
Upgrade nerdctl from 0.20.0 to 0.22.2 (#9180) 2022-08-15 22:39:07 -07:00
Cristian Calin b9e4e27195
[CI] fix molecule tests on opensuse by upgrading to 15.4 (#9175) 
* [CI] fix molecule tests on opensuse by upgrading to 15.4

* [opensuse] use correct python crytography package name depending on distribution version
 2022-08-14 19:02:13 -07:00
Cristian Calin 8585134db4
when ingress-nginx is deployes without a class, we need to use 'ingress-controller-leader' resource instead of the default 'ingress-controller-leader-nginx' (#9156) 2022-08-09 04:52:50 -07:00
emiran-orange 2b97b661d8
Move old etcd backup removal after etcd restart (#9147) 2022-08-05 08:09:59 -07:00
emiran-orange 24f12b024d
Argument jsonpath must be single-quoted in "See if node is schedulable" task (#9146) 2022-08-05 08:09:47 -07:00
ERIK 47050003a0
Add docker support for Kylin V10 (#9144) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-08-03 15:03:46 -07:00
Florian Ruynat 307f598bc8 Move flannel to etcd datastore 2022-08-02 16:55:52 -07:00
Florian Ruynat eb10249a75 Align canal templates with calico official ones (k8s datastore) 2022-08-02 16:55:52 -07:00
Marco Fortina b4318e9967
Update to latest local path provisioner version (#9132) 2022-08-01 14:56:28 -07:00
Marco Fortina c53561c9a0
Update to latest registry version (#9133) 2022-08-01 14:52:28 -07:00
ERIK f2f9f1d377
Add kylin OS support (#9078) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2022-08-01 10:44:29 -07:00
Boris Barnier 4487a374b1
Update Kube-router version to 1.5.1 (#9136) 
https://github.com/cloudnativelabs/kube-router/releases/tag/v1.5.1
 2022-08-01 00:16:28 -07:00
Aveline 06f8368ce6
Fix Hetzner CCM cluster-cidr (#9127) 2022-07-30 20:18:27 -07:00
Mohamed Zaian 5b976a8d80
[calico] add hashes for v3.22.4 & v3.21.6 (#9129) 2022-07-30 20:14:38 -07:00
Samuel Liu e73803c72c
pid reserved must be str (#9124) 2022-07-30 20:14:27 -07:00
rtsp b3876142d2
[cert-manager] Upgrade to v1.9.0 (#9117) 2022-07-29 00:11:11 -07:00