Commit graph

4436 commits

Author SHA1 Message Date
Calin Cristian Andrei
2ff4ae1f08 [etcd] drop hashes for 3.5.1 2022-06-29 09:44:06 -07:00
Calin Cristian Andrei
edf7f53f76 [etcd] add etcd 3.5.4 and make it the default for 1.24.x 2022-06-29 09:44:06 -07:00
Samuel Liu
f58816c33c
[krew] update krew (#9043) 2022-06-29 09:02:06 -07:00
忘尘
1562a9c2ec
add missing verbs (#9032) 2022-06-29 00:18:05 -07:00
Kay Yan
4b03f6c20f
add-managed-ntp-support (#9027) 2022-06-28 13:15:34 -07:00
Samuel Liu
e8ccbebd6f
add ingress nginx webhook (#9033)
* add ingress nginx webhook

* fix ingress nginx template
2022-06-28 11:55:35 -07:00
Kay Yan
d4de9d096f
fix-the-issue-of-miss-the-etcd-user (#9016) 2022-06-28 09:13:58 -07:00
Tom Stian Berget
e1f06dd406
Add support for the updated (startup|liveness|readiness)Probe.Port numbers in Cilium (#9031) 2022-06-27 11:00:59 -07:00
rptaylor
6f82cf12f5
let containerd_default_runtime be undefined by default (#9026) 2022-06-27 10:56:59 -07:00
Calin Cristian Andrei
ca8080a695 [crun] drop old crun versions 1.2 and 1.3 2022-06-27 10:36:59 -07:00
Calin Cristian Andrei
55d14090d0 [crun] add 1.4.5 and make it the default 2022-06-27 10:36:59 -07:00
rtsp
da8498bb6f
[cert-manager] Upgrade to v1.8.2 (#9029) 2022-06-24 23:50:58 -07:00
orange-llajeanne
b33896844e
apply calico bgp peer definition task to all nodes, but delegate to (#8974)
first control plane node
2022-06-24 19:42:57 -07:00
Calin Cristian Andrei
ca212c08de [runc] drop hashes for 1.0.2 and 1.0.3 2022-06-23 09:23:43 -07:00
Calin Cristian Andrei
784439dccf [runc] make 1.1.3 the new default 2022-06-23 09:23:43 -07:00
Calin Cristian Andrei
d818c1c6d9 [runc] add hashes for 1.1.3 2022-06-23 09:23:43 -07:00
Calin Cristian Andrei
b9384ad913 [runc] add hashes for 1.1.2 2022-06-23 09:23:43 -07:00
Cristian Calin
76b0cbcb4e
bump pause container to 3.6 (#9024)
* [pod-infra] bump pod infra container version to 3.6

* [cri-dockerd] align pod infra container image with other CRIs
2022-06-23 01:43:44 -07:00
Florian Ruynat
6bf3306401
Fixed concatenate str & int in auto_renew_certificates_systemd_calendar var (#8979) 2022-06-22 11:55:43 -07:00
Robin Wallace
79f6cd774a create snapshot-controller only if needed 2022-06-22 00:37:44 -07:00
Cyclinder
c3c9a42502
support multus multi-architecture installation (#9012)
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2022-06-21 10:56:26 -07:00
Sébastien Masset
9d5d945bdb
[MASTER] Add missing configuration for extra tolerations (#8908)
* Added new configuration item for extra tolerations in policy controllers

Signed-off-by: Sébastien Masset <smt.masset@gmail.com>

* Added new configuration item for extra tolerations in DNS autoscaler

Signed-off-by: Sébastien Masset <smt.masset@gmail.com>

* Aligned existing handling of extra DNS tolerations

Signed-off-by: Sébastien Masset <smt.masset@gmail.com>
2022-06-20 01:36:06 -07:00
Christoffer Anselm
475ce05979
Fix kubectl download for v1.23.8 amd64 (#9002)
kubectl_checksums for amd64 v1.23.8 was missing the last digit
2022-06-20 01:28:06 -07:00
Mohamed Zaian
e4fe679916 [kubernetes] make v1.24.2 default 2022-06-17 11:08:33 -07:00
Mohamed Zaian
123632f5ed [kubernetes] add hashes for v1.22.11, v1.23.8 & v1.24.2 2022-06-17 11:08:33 -07:00
Calin Cristian Andrei
a1ec0571b2 [nerdctl] upgrade to 0.20.0 2022-06-17 08:00:32 -07:00
Calin Cristian Andrei
2db39d4856 [containerd] add hashes for 1.5.12, 1.5.13, 1.6.5 and 1.6.6 and make 1.6.6 the new default 2022-06-17 08:00:32 -07:00
Citrullin
e7729daefc Add assertion for IPv6 in verify settings
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2022-06-17 10:36:43 +02:00
Alessio Greggi
97b4d79ed5
feat: make kubernetes owner parametrized (#8952)
* feat: make kubernetes owner parametrized

* docs: update hardening guide with configuration for CIS 1.1.19

* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
2022-06-17 01:34:32 -07:00
Florian Ruynat
9e7f89d2a2 Remove forgotten 1.21 references 2022-06-16 08:55:38 +02:00
Calin Cristian Andrei
24c8ba832a [kubernetes] drop support for configuring insecure apiserver 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
c2700266b0 [download] fix dependencies for downloads 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
2cd8c51a07 [kubeadm] use v1beta3 configuration version
* extra admission controls now don't have a version in their file names
  eventratelimit.v1beta2.yaml.j2 -> eventratelimit.yaml.j2
* cri_socket variable includes the unix:// prefix to be conformat with
  upstream
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
589823bdc1 [CI] remove docker stand-alone molecule test 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
fad296616c [docker] use cri-dockerd instead of dockershim for any kubernetes version deployed with docker as the container_manager 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
ec01b40e85 [cri_dockerd] upgrade cri_dockerd to 0.2.2 for 1.24 compatibility
* use new artifact release name
* enable cri-dockerd dual setack support if enable_dual_stack_networks
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
2de5c4821c [calico] clean up workarounds for older versions 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
9efe145688 [calico] make 3.23.1 the default and drop 3.20.x and 3.19.x 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
51bc64fb35 [cri-o] support cri-o 1.24 with kube 1.24 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
6380483e8b [kubeconfig] generate admin kube config from /etc/kubernetes/admin.conf instead of the workaround of using kubeadm init phase kubeadm admin which fails with cri-dockerd 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
ae1dcb031f [kubernetes] drop pre 1.22.0 workarounds 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
9535a41187 [kubernetes] make 1.22.0 the minimum version 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
47495c336b [kubernetes] drop hashes for 1.21.x 2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
d69d4a8303 [kubernetes] make 1.24.1 the new default 2022-06-15 00:57:20 -07:00
rtsp
668b9b026c
[cert-manager] Upgrade to v1.8.1 (#8976) 2022-06-14 15:11:34 -07:00
Viktor Jacynycz
77de7cb785
Expose calico-typha metrics port (#8855) 2022-06-14 07:17:33 -07:00
Dickson Tung
e5d6c042a9
Fix regex for replacing http_proxy (#8957) 2022-06-14 07:07:34 -07:00
Ho Kim
3ae397019c
Add arm64 Flatcar OS's pypy bootstrapping (#8959)
- Upgrade pypy's python version to `3.9`
- Upgrade pypy`s version to `7.3.9`
2022-06-14 07:03:35 -07:00
Ho Kim
7d3e59cf2e
Remove unneeded socat installation for Flatcar (#8970) 2022-06-14 02:23:34 -07:00
orange-llajeanne
4eb83bb7f6
fixes for docker reset (#8966) 2022-06-14 02:15:34 -07:00
Florian Ruynat
1429ba9a07
Update docker version to 20.10.17 (#8965) 2022-06-14 02:11:33 -07:00
Ho Kim
889454f2bc
Fix typo in calico check (#8969) 2022-06-13 14:10:12 -07:00
orange-llajeanne
2fba94c5e5
fix a typo in the "matallb_auto_assign" variable name (#8949)
* fix a typo in the "matallb_auto_assign" variable name

* add metallb check to fail when deprecated "matallb_auto_assign" variable is defined
2022-06-13 09:40:12 -07:00
Steffen Becker
6b43d6aff2
Proposed fix to Issue 8667 (#8944)
Proposed fix to Issue 8667

Proposed fix to Issue 8667
2022-06-09 23:37:46 -07:00
Kenichi Omichi
024a3ee551
Replace callback_whitelist with callbacks_enabled (#8759)
When running molecule jobs, we saw the folloing warning message:

 [DEPRECATION WARNING]: [defaults]callback_whitelist option, normalizing names
 to new standard, use callbacks_enabled instead. This feature will be removed
 from ansible-core in version 2.15. Deprecation warnings can be disabled by
 setting deprecation_warnings=False in ansible.cfg.

callbacks_enabled has been added since Ansible 2.11 and Kubespray is using
Ansible 2.12 at master branch. So we can use callbacks_enabled safely to
avoid the warning message.
2022-06-09 13:15:45 -07:00
Kenichi Omichi
cd7381d8de
Drop Ansible support for v2.9 and v2.10 (#8925)
Ansible v2.9 and v2.10 are EOL as [1].
This drops those version supports by following the upstream Ansible.

This sets use_ssh_args true always because that is required to use
ssh_args on ansible.cfg on Ansible v2.11 or later[2].

ansible_ssh_host is replaced with ansible_host because ansible_ssh_host
has been deprecated already and cenots7 jobs were failed due to the
deprecated ansible_ssh_host.

[1]: https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-changelogs
[2]: https://docs.ansible.com/ansible/latest/collections/ansible/posix/synchronize_module.html#parameter-use_ssh_args
2022-06-09 07:07:42 -07:00
Mathieu Parent
f53764f949
calicoctl repo has been merged in calico (#8920) 2022-06-09 07:01:42 -07:00
Mohamed Zaian
bb530da5c2 [registry] Switch registry to use registry.k8s.io
Please see the conversation here: https://groups.google.com/a/kubernetes.io/g/dev/c/DYZYNQ_A6_c
2022-06-08 14:12:22 +02:00
Ilya Margolin
cc6cbfbe71
Allow disabling calico CNI logs with calico_cni_log_file_path (#8921)
* Allow disabling calico CNI logs with calico_cni_log_file_path

Calico CNI logs up to 1G if it log a lot with current default settings:
log_file_max_size	100	Max file size in MB log files can reach before they are rotated.
log_file_max_age	30	Max age in days that old log files will be kept on the host before they are removed.
log_file_max_count	10	Max number of rotated log files allowed on the host before they are cleaned up.

See https://projectcalico.docs.tigera.io/reference/cni-plugin/configuration#logging

To save disk space, make the path configurable and allow disabling this log by setting
`calico_cni_log_file_path: false`

* Fix markdown

* Update roles/network_plugin/canal/templates/cni-canal.conflist.j2

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2022-06-07 09:22:56 -07:00
mahjonp
8030e6f76c
fix 8893#issuecomment-1147154353 (#8933)
Signed-off-by: mahjonp <junpeng.man@gmail.com>
2022-06-06 12:40:21 -07:00
Ho Kim
77f436fa39
Fix: set fallback value of kubelet ip6 (#8858) (#8926)
* Fix: set fallback value of kubelet ip6 (#8858)

* Prune the spurious comma in the end of kubelet_address

- Update `roles/kubernetes/node/defaults/main.yml`

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* Fix: set fallback value of kubelet ip6 (#8858)

- Apply the lint: 132606368e

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2022-06-06 10:08:21 -07:00
Kenichi Omichi
814760ba25
Use blocks for macvlan tasks for each distribution (#8918)
For the code readability, this adds blocks for each distribution.
2022-06-06 07:50:24 -07:00
Boris Barnier
0761659a43
Update Kube-router version to 1.5.0 (#8928)
https://github.com/cloudnativelabs/kube-router/releases/tag/v1.5.0
2022-06-06 07:38:34 -07:00
vanyasvl
a4f752fb02
Add subjectAltName to calico-apiserver certificate (#8907)
* Add AltName to calico-apiserver certificate

* fix support for centos7 openssl
2022-06-06 07:38:23 -07:00
Mohamed Zaian
b2346cdaec
[feat] Upgrade metrics server to v0.6.1 (#8909)
* Metrics Server now requires access to nodes/metrics RBAC resource instead of nodes/stats. See: https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.0
* Minimize rbac permissions.
2022-06-06 07:34:37 -07:00
Thearas
01ca7293f5
support reserve ephemeral-storage (#8895) 2022-06-06 07:34:26 -07:00
Florian Ruynat
4dfce51ded
Update dashboard to 2.6.0 (k8s 1.24 support) (#8906) 2022-06-06 16:47:33 +03:00
rtsp
1f65e6d3b5
[ingress-nginx] upgrade to 1.2.1 (#8904) 2022-06-01 00:23:10 -07:00
Max Gautier
5512465b34
Revert "Set exact user for Kubelet services" (#8872)
This reverts commit e375678674.

The workaround of explicitly specifying root for the kubelet unit was
for pulling images from private registry. Kubernetes now have a
dedicated mechanism with imagePullSecret.
2022-06-01 00:19:02 -07:00
Chris Ricker
2f30ab558a
Add 1.24 mappings for etcd and snapshot_controller (#8903)
Map appropriate versions of etcd and snapshot_controller containers with
k8s 1.24
2022-06-01 00:09:02 -07:00
Daniil Muidinov
5c136ae3af
[calico] add 3.22.3 and 3.23.1 (#8897)
* [calico]
* add 3.22.3 and 3.23.1
* set 3.22.3 default
* fix download crd for calico 3.22.3 and upper

* update calico README.md
2022-05-31 13:27:23 -07:00
mahjonp
c927da00e0
Support cilium ip-masq-agent configuration (#8893)
* fix deploy Cilium with eBPF-based Masquerading failed

Signed-off-by: mahjonp <junpeng.man@gmail.com>

* forget to add the enable-ip-masq-agent flag

Signed-off-by: mahjonp <junpeng.man@gmail.com>
2022-05-31 09:26:53 -07:00
Samuel Liu
1600fd9082
clean up tags (#8880) 2022-05-31 07:52:53 -07:00
Samuel Liu
14acd124bc
fix containerd images downalod bugs (#8894) 2022-05-31 00:22:53 -07:00
Mohamed Zaian
78aacee21b
[kubernetes] add hashes for 1.24.1 and other versions. (#8876)
* [kubernetes] add hashes for 1.24.1 and other versions.
versions: v1.21.13, v1.22.10, v1.23.7 & v1.24.1

* [kubernetes] make v1.23.7 default1
2022-05-27 12:00:42 -07:00
Gleb Galkin
f47aca3558
Added |bool for rhel_enable_repos (#8871) 2022-05-26 18:51:55 -07:00
Kenichi Omichi
73fc70dbe8
Delete kube_version v1.20- related code (#8869)
Current Kubespray supports the Kubernetes version 1.21 or upper with
`kube_version_min_required: v1.21.0`

Then kube_version v1.20- related code is not used at all.
This deletes those code for cleanup.
2022-05-25 21:31:22 -07:00
Kenichi Omichi
dc2a18e436
Merge pull request #8815 from simplekube-ro/dont_clobber_calico
[calico] don't clobber calico options set by the user
2022-05-24 10:25:48 -07:00
Thearas
82590eb087
fix remove docker-ce.repo failed (#8856) 2022-05-24 05:44:06 -07:00
Ross Kusler
4c97ce747c
Adding support for the kube-router flag --cluster-asn flag (#8837) 2022-05-23 16:39:10 -07:00
Necatican Yıldırım
dc1af5a9c5
[etcd] Add support for setting the request size limit (#8849)
* [etcd] Add extra documentation for `etcd_memory_limit` and `etcd_quota_backend_bytes`

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [etcd] Add support for setting ETCD_MAX_REQUEST_BYTES

Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-05-23 09:36:03 -07:00
irizzant
85bd1eea27
fix(calico): add missing "get" verb (#8847)
Signed-off-by: irizzant <i.rizzante@gmail.com>
2022-05-21 01:20:00 -07:00
Necatican Yıldırım
2b151c6aa2
cni-plugins: upgrade to 1.1.1 (#8852)
Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-05-21 11:14:16 +03:00
David Louks
93fe3e06ef
Add support for including annotations on aws-ebs-csi-controller (#8779)
* Add support for including annotations on aws-ebs-csi-controller

* update comment to specify role arn
2022-05-20 15:00:00 -07:00
Tamas Pasztor
9d3a894991
Possible remove ippools from cni config (#8845)
* Possible remove ippools from cni config

* Typo

* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>

* Update cni-calico.conflist.j2

Incorrectly deleted calico forwarding content.

* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2022-05-19 23:45:13 -07:00
Andrey
e42a01f203
Fixed systemd-networkd restart for ubuntu 22.04, when using reset.yml (#8841)
* Fixed systemd-networkd restart  for ubuntu 22.04

* fixed systemd-networkd restart for all Ubuntu
2022-05-20 09:34:53 +03:00
Samuel Liu
a28b58dbd0
[calico]use ipamconfig instead of calico ipam command (#8839)
* use ipamconfig instead of calico ipam command

* fix ansible lint
2022-05-19 11:13:20 -07:00
orange-llajeanne
a26a9ee14f
set apparmor_enabled in netchecker task (#8844) 2022-05-19 10:49:21 -07:00
Samuel Liu
593359ec77
fix kube-ovn image (#8838) 2022-05-18 08:36:53 -07:00
Kay Yan
3d8f3bc0b7
Fix the invalid kube vip manifest (#8831)
* add Feature synchronized time checking

* fix-invalid-kube-vip-manifest
2022-05-17 23:48:55 -07:00
Samuel Liu
eea7bb7692
only need run this once (#8833)
calicoctl ipam xx
calicoctl apply xx
2022-05-17 09:52:27 -07:00
Mohamed Zaian
632d457f78
[ingress-nginx] upgrade to 1.2.0 (#8814) 2022-05-12 09:07:14 -07:00
Calin Cristian Andrei
569a319ff5 [calico] don't clobber user set bgp configuration options that are not managed by kubespray 2022-05-12 15:50:38 +00:00
Calin Cristian Andrei
47812ec002 [calico] don't clobber user set ippool options that are not managed by kubespray 2022-05-12 15:50:05 +00:00
Calin Cristian Andrei
c27dee57ea [calico] don't clobber user set felixconfig options that are not managed by kubespray 2022-05-12 15:49:24 +00:00
weizhoublue
b289f533b3
get wrong server name of coredns (#8811)
Signed-off-by: weizhou.lan@daocloud.io <weizhou.lan@daocloud.io>
2022-05-12 08:33:14 -07:00
Cyclinder
3eb0a4071a
set default value of name to "k8s-pod-network" (#8813)
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2022-05-12 08:29:14 -07:00
Oogy
5684610a55
Support metallb peer password (#8792)
* support metallb peer password

* add MetalLB BGP password example
2022-05-11 21:39:15 -07:00
Samuel Liu
f26f544ff6
[kube-ovn]: update kube-ovn version and sync some feature (#8790)
* [kube-ovn]: some feature

kube-ovn vlan mode
ipv6/ipv4 dual stack
...

* remove unused env

* fix readinessprobe
2022-05-11 21:35:15 -07:00
Necatican Yıldırım
13443b05a6
Overhaul Cilium manifests to match the newer versions (#8717)
* [cilium] Separate templates for cilium, cilium-operator, and hubble installations

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Update cilium-operator templates

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Update cilium-agent templates

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [cilium] Bump Cilium version to 1.11.3

Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-05-11 06:23:04 -07:00