Samuel Liu
e8ccbebd6f
add ingress nginx webhook ( #9033 )
...
* add ingress nginx webhook
* fix ingress nginx template
2022-06-28 11:55:35 -07:00
ERIK
4a92b7221a
add manage offline files script ( #8956 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-06-21 03:49:43 -07:00
Mohamed Zaian
e4fe679916
[kubernetes] make v1.24.2 default
2022-06-17 11:08:33 -07:00
Alessio Greggi
97b4d79ed5
feat: make kubernetes owner parametrized ( #8952 )
...
* feat: make kubernetes owner parametrized
* docs: update hardening guide with configuration for CIS 1.1.19
* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
2022-06-17 01:34:32 -07:00
Calin Cristian Andrei
24c8ba832a
[kubernetes] drop support for configuring insecure apiserver
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
fad296616c
[docker] use cri-dockerd instead of dockershim for any kubernetes version deployed with docker as the container_manager
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
ae1dcb031f
[kubernetes] drop pre 1.22.0 workarounds
2022-06-15 00:57:20 -07:00
Calin Cristian Andrei
d69d4a8303
[kubernetes] make 1.24.1 the new default
2022-06-15 00:57:20 -07:00
orange-llajeanne
2fba94c5e5
fix a typo in the "matallb_auto_assign" variable name ( #8949 )
...
* fix a typo in the "matallb_auto_assign" variable name
* add metallb check to fail when deprecated "matallb_auto_assign" variable is defined
2022-06-13 09:40:12 -07:00
Steffen Becker
6b43d6aff2
Proposed fix to Issue 8667 ( #8944 )
...
Proposed fix to Issue 8667
Proposed fix to Issue 8667
2022-06-09 23:37:46 -07:00
Kenichi Omichi
57c3aa4560
Merge pull request #8943 from ErikJiang/update-etcd-download-url
...
update etcd download url in offline.yml
2022-06-08 08:09:48 -07:00
Mohamed Zaian
bb530da5c2
[registry] Switch registry to use registry.k8s.io
...
Please see the conversation here: https://groups.google.com/a/kubernetes.io/g/dev/c/DYZYNQ_A6_c
2022-06-08 14:12:22 +02:00
bo.jiang
6f556f5451
update etcd download url in offline.yml
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-06-07 22:45:28 +08:00
Thearas
01ca7293f5
support reserve ephemeral-storage ( #8895 )
2022-06-06 07:34:26 -07:00
rtsp
e3cbbfb9ed
[kubernetes] make 1.23.7 the new default ( #8888 )
2022-05-29 17:08:51 -07:00
Ross Kusler
4c97ce747c
Adding support for the kube-router flag --cluster-asn flag ( #8837 )
2022-05-23 16:39:10 -07:00
Necatican Yıldırım
dc1af5a9c5
[etcd] Add support for setting the request size limit ( #8849 )
...
* [etcd] Add extra documentation for `etcd_memory_limit` and `etcd_quota_backend_bytes`
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [etcd] Add support for setting ETCD_MAX_REQUEST_BYTES
Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-05-23 09:36:03 -07:00
Tamas Pasztor
9d3a894991
Possible remove ippools from cni config ( #8845 )
...
* Possible remove ippools from cni config
* Typo
* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
* Update cni-calico.conflist.j2
Incorrectly deleted calico forwarding content.
* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2022-05-19 23:45:13 -07:00
Cyclinder
3eb0a4071a
set default value of name to "k8s-pod-network" ( #8813 )
...
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2022-05-12 08:29:14 -07:00
Samuel Liu
f26f544ff6
[kube-ovn]: update kube-ovn version and sync some feature ( #8790 )
...
* [kube-ovn]: some feature
kube-ovn vlan mode
ipv6/ipv4 dual stack
...
* remove unused env
* fix readinessprobe
2022-05-11 21:35:15 -07:00
Necatican Yıldırım
13443b05a6
Overhaul Cilium manifests to match the newer versions ( #8717 )
...
* [cilium] Separate templates for cilium, cilium-operator, and hubble installations
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update cilium-operator templates
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update cilium-agent templates
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Bump Cilium version to 1.11.3
Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-05-11 06:23:04 -07:00
spaced
bb67b654c5
local volume provisioner should not run on control plane nodes by default ( #8805 )
2022-05-10 19:04:24 +03:00
Robin Wallace
b715500b48
csi: bump upcloud csi driver ( #8784 )
2022-05-09 10:43:19 -07:00
David Louks
3e52a0db95
Add optional setting for ca data in auth webhook ( #8777 )
...
* Add optional setting for ca data in auth webhook
* add webhook token auth variables to sample inventory
2022-05-05 14:52:43 -07:00
Calin Cristian Andrei
fcb4c8fb61
[kubernetes] make 1.23.6 the new default
2022-04-29 07:57:13 -07:00
Robin Wallace
d7254eead6
UpCloud integration ( #8653 )
...
* [upcloud] add upcloud csi-driver
* Option to use ansible_host as api ip for kubueconfig
2022-04-11 15:13:23 -07:00
Anthony Bible
9dced7133c
Fixes for Hetzner terraform and Hetzner Cloud ( #8702 )
...
* - add ability to specify the network_zone in hetzner terraform
- Export the network id from hetzner terraform the the generated inventory.ini
* - Add with_networks variable to allow different deployments of hcloud controller manager
- Add network id to hcloud controller secret (added via the inventory)
- Don't include extra_args if it's not set
2022-04-11 10:26:06 -07:00
Samuel Liu
424ef3b3f9
[calico] add calico apiserver ( #8690 )
...
* [calico] add calico apiserver
* fix yamllint
* remove addext argument
* Configure API server with the CA bundle
* add check kdd
2022-04-08 00:02:42 -07:00
Cristian Calin
dd2d95ecdf
[calico] don't enable ipip encapsulation by default and use vxlan in CI ( #8434 )
...
* [calico] make vxlan encapsulation the default
* don't enable ipip encapsulation by default
* set calico_network_backend by default to vxlan
* update sample inventory and documentation
* [CI] pin default calico parameters for upgrade tests to ensure proper upgrade
* [CI] improve netchecker connectivity testing
* [CI] show logs for tests
* [calico] tweak task name
* [CI] Don't run the provisioner from vagrant since we run it in testcases_run.sh
* [CI] move kube-router tests to vagrant to avoid network connectivity issues during netchecker check
* service proxy mode still fails connectivity tests so keeping it manual mode
* [kube-router] account for containerd use-case
2022-03-17 18:05:39 -07:00
Calin Cristian Andrei
538f9df5cc
[kubernetes] make 1.23.5 the default
2022-03-17 05:03:20 -07:00
Cristian Calin
394857b5ce
[docker] add support for cri-dockerd as a replacement for dockershim ( #8623 )
2022-03-16 16:28:11 -07:00
Maciej Wereski
51821a811f
MetalLB: update to v0.12.1 ( #8593 )
...
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
2022-03-03 08:49:48 -08:00
Tom Janson
2e925f82ef
Revert "Fix: typos in docs and comments ( #7805 )" ( #8592 )
...
This reverts commit 417180246c
.
2022-03-02 11:57:13 -08:00
Alex
36393d77d3
Encrypting Secret Data at Rest ( #8574 )
...
* change default value for Encrypting Secret Data at Rest to secretbox, remove experimental flag and add documentation
* fix MD012/no-multiple-blanks
2022-02-23 03:04:18 -08:00
Necatican Yıldırım
e9c8913248
Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable ( #8317 )
...
* Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* Add etcd kubeadm deployment documentation
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* Refactor warning for the deprecated 'etcd_kubeadm_enabled' variable
Signed-off-by: necatican <necaticanyildirim@gmail.com>
2022-02-22 08:53:16 -08:00
Florian Ruynat
d4f654275b
Set default kubernetes version to 1.23.4
2022-02-21 03:54:11 -08:00
Vitaliy D
9e020b252e
Configure Etcd container_manager explicitly ( #8521 )
...
* Configure Etcd container_manager explicitly
* Add explanation for the Etcd container_manager variable
* Remove redundant space in etcd vars
2022-02-18 00:50:23 -08:00
kakkotetsu
1ebe456f2d
add support for Calico IP6_AUTODETECTION_METHOD ( #8541 )
2022-02-14 17:26:14 -08:00
Tom Stian Berget
84b93090a8
Change Cilium setting identity_allocation_mode to cilium_identity_allocation_mode ( #8519 )
...
* Change Cilium identity_allocation_mode to cilium_identity_allocation_mode
* Change inventory sample
2022-02-08 14:04:35 -08:00
Michael Schmitz
eacd55fbca
Use sysctl_file_path variable for all sysctl_file locations ( #8395 )
...
* Use sysctl_file_path variable for all sysctl_file locations
* Add sysctl_file_path variable to kubespay-defaults
* Remove previously used sysctl file locations if present
* Use explicit filename in roles/kubernetes/node/defaults/main.yml
* Defaults: use explicit value
2022-02-01 08:12:10 -08:00
cyril-corbon
d31db847b7
feat: update local path to v0.0.21 ( #8492 )
2022-01-31 01:08:24 -08:00
Calin Cristian Andrei
ababcd5481
[kube] make 1.23.3 the new default
2022-01-31 00:22:24 -08:00
Calin Cristian Andrei
be9a1f80c1
[kube] make 1.23.2 the default version
2022-01-24 11:59:33 -08:00
cyril-corbon
575e0ca457
feat: add eviction hard to kubelet config ( #8421 )
...
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-24 00:13:57 -08:00
Cristian Calin
ef34f5fe7d
[calico] switch default iptables backend detection to Auto ( #8429 )
2022-01-23 23:47:57 -08:00
Johann Schley
38d129a0b6
add external hcloud cloud controller manager ( #8440 )
2022-01-20 12:31:09 -08:00
Necatican Yıldırım
caff539ccd
Add identity_allocation_mode support for Cilium ( #8430 )
...
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2022-01-16 09:29:28 -08:00
Samuel Liu
1a69f8c3ad
parameterized snaphot controller namespaces ( #8305 )
...
* Parameterized snaphot controller namespaces
* add ns yml
* add docs
* namespace
2022-01-14 12:58:26 -08:00
rtsp
ccd3180a69
cert-manager: Allow to change leader election namespace for GKE Autopilot support ( #8424 )
...
More information:
- kubernetes-sigs/kubespray#8393
- jetstack/cert-manager#4102
- jetstack/cert-manager#3717
2022-01-14 12:54:26 -08:00
cyril-corbon
01dcbc18ac
feat: upgrade metallb to v0.11.0 ( #8420 )
...
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-14 05:22:28 -08:00