Commit graph

587 commits

Author SHA1 Message Date
蒋航
990f87acc8
Update kube-vip to v0.5.5 ()
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2022-10-26 19:28:32 -07:00
Wouter Goedhart
1901b512d2
Make the port of kube-vip dynamic based on the kube_apiserver_port ()
variable

Fix wrong referenced variable on bgp_peers

Fix bgp_peeras field to be a string

Set default value for bgp_peeras
2022-10-23 18:00:24 -07:00
Cristian Calin
1530411218
use cri-o from upstream instead of kubic/OBS ()
* [cri-o] use cri-o from upstream instead of kubic/OBS

* [cri-o] add proper molecule coverage

* [skopeo] download skopeo from upstream build

* [cri-o] clean up legacy deployments

* disable cri-o per-distribution variables
2022-10-19 05:47:05 -07:00
William Turner
ad3f503c0c
Fix default value for kubelet_secure_addresses () 2022-10-06 00:35:51 -07:00
Alessio Greggi
acb6f243fd
feat: add kubelet systemd service hardening option ()
* feat: add kubelet systemd service hardening option

* refactor: move variable name to kubelet_secure_addresses

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* docs: add diagram about kubelet_secure_addresses variable

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2022-08-30 11:18:55 -07:00
Kay Yan
b46ddf35fc
kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod ()
* fix-kube-vip-strict-arp

* fix-kube-vip-strict-arp
2022-08-30 00:21:02 -07:00
Shelming.Song
c8a61ec98c
optimize the format of evictionHard in kubelet-config.yaml template () 2022-08-23 01:55:24 -07:00
Samuel Liu
e73803c72c
pid reserved must be str () 2022-07-30 20:14:27 -07:00
Alessio Greggi
3ce5458f32
hardening: Add SeccompDefault admission plugin for kubelet ()
* docs(hardening): add SeccompDefault admission plugin to kubelet feature gates

* fix(kubelet-config): enable config through kubelet_feature_gates

* feat(kubelet): add kubelet_seccomp_default variable
2022-07-19 00:50:07 -07:00
h9-HSFRQDH
3bb9542606
Adding support for node & pod pid limit () 2022-07-05 00:20:48 -07:00
Calin Cristian Andrei
24c8ba832a [kubernetes] drop support for configuring insecure apiserver 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
2cd8c51a07 [kubeadm] use v1beta3 configuration version
* extra admission controls now don't have a version in their file names
  eventratelimit.v1beta2.yaml.j2 -> eventratelimit.yaml.j2
* cri_socket variable includes the unix:// prefix to be conformat with
  upstream
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
589823bdc1 [CI] remove docker stand-alone molecule test 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
fad296616c [docker] use cri-dockerd instead of dockershim for any kubernetes version deployed with docker as the container_manager 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
ae1dcb031f [kubernetes] drop pre 1.22.0 workarounds 2022-06-15 00:57:20 -07:00
Ho Kim
7d3e59cf2e
Remove unneeded socat installation for Flatcar () 2022-06-14 02:23:34 -07:00
Ho Kim
77f436fa39
Fix: set fallback value of kubelet ip6 () ()
* Fix: set fallback value of kubelet ip6 ()

* Prune the spurious comma in the end of kubelet_address

- Update `roles/kubernetes/node/defaults/main.yml`

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* Fix: set fallback value of kubelet ip6 ()

- Apply the lint: 132606368e

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2022-06-06 10:08:21 -07:00
Thearas
01ca7293f5
support reserve ephemeral-storage () 2022-06-06 07:34:26 -07:00
Max Gautier
5512465b34
Revert "Set exact user for Kubelet services" ()
This reverts commit e375678674.

The workaround of explicitly specifying root for the kubelet unit was
for pulling images from private registry. Kubernetes now have a
dedicated mechanism with imagePullSecret.
2022-06-01 00:19:02 -07:00
Kenichi Omichi
73fc70dbe8
Delete kube_version v1.20- related code ()
Current Kubespray supports the Kubernetes version 1.21 or upper with
`kube_version_min_required: v1.21.0`

Then kube_version v1.20- related code is not used at all.
This deletes those code for cleanup.
2022-05-25 21:31:22 -07:00
Kay Yan
3d8f3bc0b7
Fix the invalid kube vip manifest ()
* add Feature synchronized time checking

* fix-invalid-kube-vip-manifest
2022-05-17 23:48:55 -07:00
Alessio Greggi
37a5271f5a
feat: add variables to manage makeIPTablesUtilChains and streamingConnectionIdleTimeout kubelet parameters () 2022-05-09 09:25:19 -07:00
Andy
323a111362
[kubelet] set correct resolv.conf for Ubuntu 22.04 () 2022-05-06 16:31:04 -07:00
Mathieu Parent
996ef98b87
Add support for kube-vip ()
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
2022-04-07 10:37:57 -07:00
Cristian Calin
394857b5ce
[docker] add support for cri-dockerd as a replacement for dockershim () 2022-03-16 16:28:11 -07:00
kakkotetsu
58b2f39ce5
add IPv6 listen directive to nginx if enable_dual_stack_networks () 2022-03-07 05:39:00 -08:00
Tom Janson
ddef7e1139
missing "check_mode: no"s for several read-only tasks ()
this is not complete -- there are almost certainly more instances of
this issue
2022-03-02 09:29:14 -08:00
kakkotetsu
98d5d0cdd5
add support for Dual Stack node InternalIP () 2022-02-15 00:28:02 -08:00
Ilya Margolin
aed187e56c
Fix kubelet_kubelet_cgroups_cgroupfs ()
If kubelet is run with systemd (as it always is when using kubespray),
it starts in systemd's /system.slice/kubelet.service cgroup.

This commit prevents a creation and usage of a second unrelated cgroup.
2022-02-02 00:50:22 -08:00
cyril-corbon
575e0ca457
feat: add eviction hard to kubelet config ()
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-24 00:13:57 -08:00
Samuel Liu
a98ca6fcf3
Update loadbalancers versions ()
* Update loadbalancers versions

* fix haproxy_config_dir mode
2021-12-06 09:40:32 -08:00
Hanna Bledai
615216f397
Fix if bind-address is not set to 0.0.0.0 ()
* if bind-address is not set to 0.0.0.0

* Update docs and left comments

* fix yamllist check: remove space
2021-12-05 23:58:32 -08:00
Florian Ruynat
e19ce27352
Remove ovn4nfv support () 2021-12-03 11:56:35 -08:00
Cristian Calin
ee882fa462
Add capability to use swap, requires Kube 1.22 ()
* Alpha-NodeSwap: allow nodes to use swap

* CI: Add Fedora 35 with experimental swap job
2021-11-30 00:52:56 -08:00
Florian Ruynat
a5f88e14d0
Cleanup tests ()
* Add Fedora 35 image, support and CI

* Cleanup tests and allow_failure for vagrant
2021-11-26 09:00:51 -08:00
Lubos Mercl
424163c7d3
add gce support ()
Author:    lmercl <lubos.mercl@gmail.com>
Date:      Wed Nov 10 15:30:04 2021 +0000

fix markdown
2021-11-16 08:58:28 -08:00
Pasquale Toscano
6e5b9e0ebf
Fix Kubelet and Containerd when using cgroupfs as cgroup driver () 2021-11-05 07:59:54 -07:00
Ilya Margolin
41e0ca3f85
Move kube_feature_gates to kubelet config ()
to remove deprecation warning:

> Flag --feature-gates has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag.
2021-10-05 06:07:10 -07:00
Iago Santos
43958614e3
Fix kubespray flatcar ansible_os_family and ansible_distribution ()
Closes https://github.com/kubernetes-sigs/kubespray/issues/8028

Signed-off-by: Iago Santos <iago.santos.pardo@adfinis.com>
2021-10-01 09:11:23 -07:00
Cristian Calin
d57ddf0be8
Feature DynamicKubeletConfig is deprecated in 1.22 and will not move to GA ()
* Feature DynamicKubeletConfig is deprecated in 1.22 and will not move to GA

* Add check for dynamic_kubelet_configuration with kube >= 1.22
2021-09-07 10:47:16 -07:00
Cristian Calin
1afdb05ea9
Fedora and RHEL use etc_t and the convention is <type_name>_t ()
* Fedora and RHEL use etc_t and the convention is <type_name>_t

* Docs: specify all values for preinstall_selinux_state

* CI: Add Fedora 34 with SELinux in enforcing mode
2021-08-27 14:20:53 -07:00
cola-zero
f21a707e99
Add containerd on Flatcar Container Linux () 2021-07-21 06:28:07 -07:00
spaced
bf54dc082b
set selinux type t_etc if selinux state is enforcing () 2021-07-13 06:34:29 -07:00
Cristian Calin
7516fe142f
Move to Ansible 3.4.0 ()
* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10

* Docs: add a note about ansible upgrade post 2.9.x

* CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures

* Ansible: use newer ansible-lint

* Fix ansible-lint 5.0.11 found issues

* syntax issues
* risky-file-permissions
* var-naming
* role-name
* molecule tests

* Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+

* Pin ansible-base to 2.10.11 to get package fix on RHEL8
2021-07-12 00:00:47 -07:00
Cristian Calin
a3e34f589a
Enable Graceful Node Shutdown for Kubernetes >= 1.21.0 ()
* Enable Graceful Node Shutdown for Kubernetes >= 1.21.0

* Add sample graceful shutdown parameters
2021-06-27 23:53:25 -07:00
Florian Ruynat
7896bc7831
Add Fedora 33 image and CI, remove Fedora 31 (EOL) + update docker packages ()
* Update docker package to 20.10.6

* Add Fedora 33 image and CI, remove Fedora 31 (EOL)
2021-05-28 08:04:25 -07:00
Cristian Calin
360aff4a57
Rename ansible groups to use _ instead of - ()
* rename ansible groups to use _ instead of -

k8s-cluster -> k8s_cluster
k8s-node -> k8s_node
calico-rr -> calico_rr
no-floating -> no_floating

Note: kube-node,k8s-cluster groups in upgrade CI
      need clean-up after v2.16 is tagged

* ensure old groups are mapped to the new ones
2021-04-29 05:20:50 -07:00
Samuel Liu
7df7054bdc
remove local lb privileged () 2021-04-05 05:22:14 -07:00
Kenichi Omichi
486b223e01
Replace kube-master with kube_control_plane ()
This replaces kube-master with kube_control_plane because of [1]:

  The Kubernetes project is moving away from wording that is
  considered offensive. A new working group WG Naming was created
  to track this work, and the word "master" was declared as offensive.
  A proposal was formalized for replacing the word "master" with
  "control plane". This means it should be removed from source code,
  documentation, and user-facing configuration from Kubernetes and
  its sub-projects.

NOTE: The reason why this changes it to kube_control_plane not
      kube-control-plane is for valid group names on ansible.

[1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
2021-03-23 17:26:05 -07:00
Etienne Champetier
a6e1f5ece9 Remove useless call to 'kubeadm version'
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-03-04 23:42:22 -08:00