Calin Cristian Andrei
2ff4ae1f08
[etcd] drop hashes for 3.5.1
2022-06-29 09:44:06 -07:00
Calin Cristian Andrei
edf7f53f76
[etcd] add etcd 3.5.4 and make it the default for 1.24.x
2022-06-29 09:44:06 -07:00
Samuel Liu
f58816c33c
[krew] update krew ( #9043 )
2022-06-29 09:02:06 -07:00
忘尘
1562a9c2ec
add missing verbs ( #9032 )
2022-06-29 00:18:05 -07:00
Kay Yan
4b03f6c20f
add-managed-ntp-support ( #9027 )
2022-06-28 13:15:34 -07:00
Samuel Liu
e8ccbebd6f
add ingress nginx webhook ( #9033 )
...
* add ingress nginx webhook
* fix ingress nginx template
2022-06-28 11:55:35 -07:00
Kay Yan
d4de9d096f
fix-the-issue-of-miss-the-etcd-user ( #9016 )
2022-06-28 09:13:58 -07:00
Tom Stian Berget
e1f06dd406
Add support for the updated (startup|liveness|readiness)Probe.Port numbers in Cilium ( #9031 )
2022-06-27 11:00:59 -07:00
rptaylor
6f82cf12f5
let containerd_default_runtime be undefined by default ( #9026 )
2022-06-27 10:56:59 -07:00
Calin Cristian Andrei
ca8080a695
[crun] drop old crun versions 1.2 and 1.3
2022-06-27 10:36:59 -07:00
Calin Cristian Andrei
55d14090d0
[crun] add 1.4.5 and make it the default
2022-06-27 10:36:59 -07:00
rtsp
da8498bb6f
[cert-manager] Upgrade to v1.8.2 ( #9029 )
2022-06-24 23:50:58 -07:00
orange-llajeanne
b33896844e
apply calico bgp peer definition task to all nodes, but delegate to ( #8974 )
...
first control plane node
2022-06-24 19:42:57 -07:00
Calin Cristian Andrei
ca212c08de
[runc] drop hashes for 1.0.2 and 1.0.3
2022-06-23 09:23:43 -07:00
Calin Cristian Andrei
784439dccf
[runc] make 1.1.3 the new default
2022-06-23 09:23:43 -07:00
Calin Cristian Andrei
d818c1c6d9
[runc] add hashes for 1.1.3
2022-06-23 09:23:43 -07:00
Calin Cristian Andrei
b9384ad913
[runc] add hashes for 1.1.2
2022-06-23 09:23:43 -07:00
Cristian Calin
76b0cbcb4e
bump pause container to 3.6 ( #9024 )
...
* [pod-infra] bump pod infra container version to 3.6
* [cri-dockerd] align pod infra container image with other CRIs
2022-06-23 01:43:44 -07:00
Florian Ruynat
6bf3306401
Fixed concatenate str & int in auto_renew_certificates_systemd_calendar var ( #8979 )
2022-06-22 11:55:43 -07:00
Robin Wallace
79f6cd774a
create snapshot-controller only if needed
2022-06-22 00:37:44 -07:00
Cyclinder
c3c9a42502
support multus multi-architecture installation ( #9012 )
...
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2022-06-21 10:56:26 -07:00
Sébastien Masset
9d5d945bdb
[MASTER] Add missing configuration for extra tolerations ( #8908 )
...
* Added new configuration item for extra tolerations in policy controllers
Signed-off-by: Sébastien Masset <smt.masset@gmail.com>
* Added new configuration item for extra tolerations in DNS autoscaler
Signed-off-by: Sébastien Masset <smt.masset@gmail.com>
* Aligned existing handling of extra DNS tolerations
Signed-off-by: Sébastien Masset <smt.masset@gmail.com>
2022-06-20 01:36:06 -07:00
Christoffer Anselm
475ce05979
Fix kubectl download for v1.23.8 amd64 ( #9002 )
...
kubectl_checksums for amd64 v1.23.8 was missing the last digit
2022-06-20 01:28:06 -07:00
Mohamed Zaian
e4fe679916
[kubernetes] make v1.24.2 default
2022-06-17 11:08:33 -07:00
Mohamed Zaian
123632f5ed
[kubernetes] add hashes for v1.22.11, v1.23.8 & v1.24.2
2022-06-17 11:08:33 -07:00
Calin Cristian Andrei
a1ec0571b2
[nerdctl] upgrade to 0.20.0
2022-06-17 08:00:32 -07:00
Calin Cristian Andrei
2db39d4856
[containerd] add hashes for 1.5.12, 1.5.13, 1.6.5 and 1.6.6 and make 1.6.6 the new default
2022-06-17 08:00:32 -07:00
Citrullin
e7729daefc
Add assertion for IPv6 in verify settings
...
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2022-06-17 10:36:43 +02:00
Alessio Greggi
97b4d79ed5
feat: make kubernetes owner parametrized ( #8952 )
...
* feat: make kubernetes owner parametrized
* docs: update hardening guide with configuration for CIS 1.1.19
* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
2022-06-17 01:34:32 -07:00
Florian Ruynat
9e7f89d2a2
Remove forgotten 1.21 references
2022-06-16 08:55:38 +02:00
Calin Cristian Andrei
24c8ba832a
[kubernetes] drop support for configuring insecure apiserver
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
c2700266b0
[download] fix dependencies for downloads
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
2cd8c51a07
[kubeadm] use v1beta3 configuration version
...
* extra admission controls now don't have a version in their file names
eventratelimit.v1beta2.yaml.j2 -> eventratelimit.yaml.j2
* cri_socket variable includes the unix:// prefix to be conformat with
upstream
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
589823bdc1
[CI] remove docker stand-alone molecule test
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
fad296616c
[docker] use cri-dockerd instead of dockershim for any kubernetes version deployed with docker as the container_manager
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
ec01b40e85
[cri_dockerd] upgrade cri_dockerd to 0.2.2 for 1.24 compatibility
...
* use new artifact release name
* enable cri-dockerd dual setack support if enable_dual_stack_networks
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
2de5c4821c
[calico] clean up workarounds for older versions
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
9efe145688
[calico] make 3.23.1 the default and drop 3.20.x and 3.19.x
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
51bc64fb35
[cri-o] support cri-o 1.24 with kube 1.24
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
6380483e8b
[kubeconfig] generate admin kube config from /etc/kubernetes/admin.conf instead of the workaround of using kubeadm init phase kubeadm admin which fails with cri-dockerd
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
ae1dcb031f
[kubernetes] drop pre 1.22.0 workarounds
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
9535a41187
[kubernetes] make 1.22.0 the minimum version
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
47495c336b
[kubernetes] drop hashes for 1.21.x
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
d69d4a8303
[kubernetes] make 1.24.1 the new default
2022-06-15 00:57:20 -07:00
rtsp
668b9b026c
[cert-manager] Upgrade to v1.8.1 ( #8976 )
2022-06-14 15:11:34 -07:00
Viktor Jacynycz
77de7cb785
Expose calico-typha metrics port ( #8855 )
2022-06-14 07:17:33 -07:00
Dickson Tung
e5d6c042a9
Fix regex for replacing http_proxy ( #8957 )
2022-06-14 07:07:34 -07:00
Ho Kim
3ae397019c
Add arm64 Flatcar OS's pypy bootstrapping ( #8959 )
...
- Upgrade pypy's python version to `3.9`
- Upgrade pypy`s version to `7.3.9`
2022-06-14 07:03:35 -07:00
Ho Kim
7d3e59cf2e
Remove unneeded socat installation for Flatcar ( #8970 )
2022-06-14 02:23:34 -07:00
orange-llajeanne
4eb83bb7f6
fixes for docker reset ( #8966 )
2022-06-14 02:15:34 -07:00
Florian Ruynat
1429ba9a07
Update docker version to 20.10.17 ( #8965 )
2022-06-14 02:11:33 -07:00
Ho Kim
889454f2bc
Fix typo in calico check ( #8969 )
2022-06-13 14:10:12 -07:00
orange-llajeanne
2fba94c5e5
fix a typo in the "matallb_auto_assign" variable name ( #8949 )
...
* fix a typo in the "matallb_auto_assign" variable name
* add metallb check to fail when deprecated "matallb_auto_assign" variable is defined
2022-06-13 09:40:12 -07:00
Steffen Becker
6b43d6aff2
Proposed fix to Issue 8667 ( #8944 )
...
Proposed fix to Issue 8667
Proposed fix to Issue 8667
2022-06-09 23:37:46 -07:00
Kenichi Omichi
024a3ee551
Replace callback_whitelist with callbacks_enabled ( #8759 )
...
When running molecule jobs, we saw the folloing warning message:
[DEPRECATION WARNING]: [defaults]callback_whitelist option, normalizing names
to new standard, use callbacks_enabled instead. This feature will be removed
from ansible-core in version 2.15. Deprecation warnings can be disabled by
setting deprecation_warnings=False in ansible.cfg.
callbacks_enabled has been added since Ansible 2.11 and Kubespray is using
Ansible 2.12 at master branch. So we can use callbacks_enabled safely to
avoid the warning message.
2022-06-09 13:15:45 -07:00
Kenichi Omichi
cd7381d8de
Drop Ansible support for v2.9 and v2.10 ( #8925 )
...
Ansible v2.9 and v2.10 are EOL as [1].
This drops those version supports by following the upstream Ansible.
This sets use_ssh_args true always because that is required to use
ssh_args on ansible.cfg on Ansible v2.11 or later[2].
ansible_ssh_host is replaced with ansible_host because ansible_ssh_host
has been deprecated already and cenots7 jobs were failed due to the
deprecated ansible_ssh_host.
[1]: https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-changelogs
[2]: https://docs.ansible.com/ansible/latest/collections/ansible/posix/synchronize_module.html#parameter-use_ssh_args
2022-06-09 07:07:42 -07:00
Mathieu Parent
f53764f949
calicoctl repo has been merged in calico ( #8920 )
2022-06-09 07:01:42 -07:00
Mohamed Zaian
bb530da5c2
[registry] Switch registry to use registry.k8s.io
...
Please see the conversation here: https://groups.google.com/a/kubernetes.io/g/dev/c/DYZYNQ_A6_c
2022-06-08 14:12:22 +02:00
Ilya Margolin
cc6cbfbe71
Allow disabling calico CNI logs with calico_cni_log_file_path ( #8921 )
...
* Allow disabling calico CNI logs with calico_cni_log_file_path
Calico CNI logs up to 1G if it log a lot with current default settings:
log_file_max_size 100 Max file size in MB log files can reach before they are rotated.
log_file_max_age 30 Max age in days that old log files will be kept on the host before they are removed.
log_file_max_count 10 Max number of rotated log files allowed on the host before they are cleaned up.
See https://projectcalico.docs.tigera.io/reference/cni-plugin/configuration#logging
To save disk space, make the path configurable and allow disabling this log by setting
`calico_cni_log_file_path: false`
* Fix markdown
* Update roles/network_plugin/canal/templates/cni-canal.conflist.j2
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2022-06-07 09:22:56 -07:00
mahjonp
8030e6f76c
fix 8893#issuecomment-1147154353 ( #8933 )
...
Signed-off-by: mahjonp <junpeng.man@gmail.com>
2022-06-06 12:40:21 -07:00
Ho Kim
77f436fa39
Fix: set fallback value of kubelet ip6 ( #8858 ) ( #8926 )
...
* Fix: set fallback value of kubelet ip6 (#8858 )
* Prune the spurious comma in the end of kubelet_address
- Update `roles/kubernetes/node/defaults/main.yml`
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
* Fix: set fallback value of kubelet ip6 (#8858 )
- Apply the lint: 132606368e
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2022-06-06 10:08:21 -07:00
Kenichi Omichi
814760ba25
Use blocks for macvlan tasks for each distribution ( #8918 )
...
For the code readability, this adds blocks for each distribution.
2022-06-06 07:50:24 -07:00
Boris Barnier
0761659a43
Update Kube-router version to 1.5.0 ( #8928 )
...
https://github.com/cloudnativelabs/kube-router/releases/tag/v1.5.0
2022-06-06 07:38:34 -07:00
vanyasvl
a4f752fb02
Add subjectAltName to calico-apiserver certificate ( #8907 )
...
* Add AltName to calico-apiserver certificate
* fix support for centos7 openssl
2022-06-06 07:38:23 -07:00
Mohamed Zaian
b2346cdaec
[feat] Upgrade metrics server to v0.6.1 ( #8909 )
...
* Metrics Server now requires access to nodes/metrics RBAC resource instead of nodes/stats. See: https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.0
* Minimize rbac permissions.
2022-06-06 07:34:37 -07:00
Thearas
01ca7293f5
support reserve ephemeral-storage ( #8895 )
2022-06-06 07:34:26 -07:00
Florian Ruynat
4dfce51ded
Update dashboard to 2.6.0 (k8s 1.24 support) ( #8906 )
2022-06-06 16:47:33 +03:00
rtsp
1f65e6d3b5
[ingress-nginx] upgrade to 1.2.1 ( #8904 )
2022-06-01 00:23:10 -07:00
Max Gautier
5512465b34
Revert "Set exact user for Kubelet services" ( #8872 )
...
This reverts commit e375678674
.
The workaround of explicitly specifying root for the kubelet unit was
for pulling images from private registry. Kubernetes now have a
dedicated mechanism with imagePullSecret.
2022-06-01 00:19:02 -07:00
Chris Ricker
2f30ab558a
Add 1.24 mappings for etcd and snapshot_controller ( #8903 )
...
Map appropriate versions of etcd and snapshot_controller containers with
k8s 1.24
2022-06-01 00:09:02 -07:00
Daniil Muidinov
5c136ae3af
[calico] add 3.22.3 and 3.23.1 ( #8897 )
...
* [calico]
* add 3.22.3 and 3.23.1
* set 3.22.3 default
* fix download crd for calico 3.22.3 and upper
* update calico README.md
2022-05-31 13:27:23 -07:00
mahjonp
c927da00e0
Support cilium ip-masq-agent configuration ( #8893 )
...
* fix deploy Cilium with eBPF-based Masquerading failed
Signed-off-by: mahjonp <junpeng.man@gmail.com>
* forget to add the enable-ip-masq-agent flag
Signed-off-by: mahjonp <junpeng.man@gmail.com>
2022-05-31 09:26:53 -07:00
Samuel Liu
1600fd9082
clean up tags ( #8880 )
2022-05-31 07:52:53 -07:00
Samuel Liu
14acd124bc
fix containerd images downalod bugs ( #8894 )
2022-05-31 00:22:53 -07:00
Mohamed Zaian
78aacee21b
[kubernetes] add hashes for 1.24.1 and other versions. ( #8876 )
...
* [kubernetes] add hashes for 1.24.1 and other versions.
versions: v1.21.13, v1.22.10, v1.23.7 & v1.24.1
* [kubernetes] make v1.23.7 default1
2022-05-27 12:00:42 -07:00
Gleb Galkin
f47aca3558
Added |bool for rhel_enable_repos ( #8871 )
2022-05-26 18:51:55 -07:00
Kenichi Omichi
73fc70dbe8
Delete kube_version v1.20- related code ( #8869 )
...
Current Kubespray supports the Kubernetes version 1.21 or upper with
`kube_version_min_required: v1.21.0`
Then kube_version v1.20- related code is not used at all.
This deletes those code for cleanup.
2022-05-25 21:31:22 -07:00
Kenichi Omichi
dc2a18e436
Merge pull request #8815 from simplekube-ro/dont_clobber_calico
...
[calico] don't clobber calico options set by the user
2022-05-24 10:25:48 -07:00
Thearas
82590eb087
fix remove docker-ce.repo
failed ( #8856 )
2022-05-24 05:44:06 -07:00
Ross Kusler
4c97ce747c
Adding support for the kube-router flag --cluster-asn flag ( #8837 )
2022-05-23 16:39:10 -07:00
Necatican Yıldırım
dc1af5a9c5
[etcd] Add support for setting the request size limit ( #8849 )
...
* [etcd] Add extra documentation for `etcd_memory_limit` and `etcd_quota_backend_bytes`
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [etcd] Add support for setting ETCD_MAX_REQUEST_BYTES
Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-05-23 09:36:03 -07:00
irizzant
85bd1eea27
fix(calico): add missing "get" verb ( #8847 )
...
Signed-off-by: irizzant <i.rizzante@gmail.com>
2022-05-21 01:20:00 -07:00
Necatican Yıldırım
2b151c6aa2
cni-plugins: upgrade to 1.1.1 ( #8852 )
...
Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-05-21 11:14:16 +03:00
David Louks
93fe3e06ef
Add support for including annotations on aws-ebs-csi-controller ( #8779 )
...
* Add support for including annotations on aws-ebs-csi-controller
* update comment to specify role arn
2022-05-20 15:00:00 -07:00
Tamas Pasztor
9d3a894991
Possible remove ippools from cni config ( #8845 )
...
* Possible remove ippools from cni config
* Typo
* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
* Update cni-calico.conflist.j2
Incorrectly deleted calico forwarding content.
* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2022-05-19 23:45:13 -07:00
Andrey
e42a01f203
Fixed systemd-networkd restart for ubuntu 22.04, when using reset.yml ( #8841 )
...
* Fixed systemd-networkd restart for ubuntu 22.04
* fixed systemd-networkd restart for all Ubuntu
2022-05-20 09:34:53 +03:00
Samuel Liu
a28b58dbd0
[calico]use ipamconfig instead of calico ipam command ( #8839 )
...
* use ipamconfig instead of calico ipam command
* fix ansible lint
2022-05-19 11:13:20 -07:00
orange-llajeanne
a26a9ee14f
set apparmor_enabled in netchecker task ( #8844 )
2022-05-19 10:49:21 -07:00
Samuel Liu
593359ec77
fix kube-ovn image ( #8838 )
2022-05-18 08:36:53 -07:00
Kay Yan
3d8f3bc0b7
Fix the invalid kube vip manifest ( #8831 )
...
* add Feature synchronized time checking
* fix-invalid-kube-vip-manifest
2022-05-17 23:48:55 -07:00
Samuel Liu
eea7bb7692
only need run this once ( #8833 )
...
calicoctl ipam xx
calicoctl apply xx
2022-05-17 09:52:27 -07:00
Mohamed Zaian
632d457f78
[ingress-nginx] upgrade to 1.2.0 ( #8814 )
2022-05-12 09:07:14 -07:00
Calin Cristian Andrei
569a319ff5
[calico] don't clobber user set bgp configuration options that are not managed by kubespray
2022-05-12 15:50:38 +00:00
Calin Cristian Andrei
47812ec002
[calico] don't clobber user set ippool options that are not managed by kubespray
2022-05-12 15:50:05 +00:00
Calin Cristian Andrei
c27dee57ea
[calico] don't clobber user set felixconfig options that are not managed by kubespray
2022-05-12 15:49:24 +00:00
weizhoublue
b289f533b3
get wrong server name of coredns ( #8811 )
...
Signed-off-by: weizhou.lan@daocloud.io <weizhou.lan@daocloud.io>
2022-05-12 08:33:14 -07:00
Cyclinder
3eb0a4071a
set default value of name to "k8s-pod-network" ( #8813 )
...
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2022-05-12 08:29:14 -07:00
Oogy
5684610a55
Support metallb peer password ( #8792 )
...
* support metallb peer password
* add MetalLB BGP password example
2022-05-11 21:39:15 -07:00
Samuel Liu
f26f544ff6
[kube-ovn]: update kube-ovn version and sync some feature ( #8790 )
...
* [kube-ovn]: some feature
kube-ovn vlan mode
ipv6/ipv4 dual stack
...
* remove unused env
* fix readinessprobe
2022-05-11 21:35:15 -07:00
Necatican Yıldırım
13443b05a6
Overhaul Cilium manifests to match the newer versions ( #8717 )
...
* [cilium] Separate templates for cilium, cilium-operator, and hubble installations
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update cilium-operator templates
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update cilium-agent templates
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Bump Cilium version to 1.11.3
Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-05-11 06:23:04 -07:00