Commit graph

4116 commits

Author SHA1 Message Date
Mathieu Parent
d4d03a01f2
Fix image_command_tool ignored since PR ()
Signed-off-by: Mathieu Parent <mathieu.parent@insee.fr>
2022-04-06 02:00:58 -07:00
Kenichi Omichi
bdaa33c3bc
Fix quotation of nerdctl_extra_flags () ()
Due to missing quotation of nerdctl_extra_flags, ansible-playbook was failed:

  Using module file /usr/local/lib/python3.6/dist-packages/ansible/modules/command.py
  Pipelining is enabled.
    [..]
    File "/usr/lib/python3.8/shlex.py", line 191, in read_token
      raise ValueError("No closing quotation")

This fixes the issue.

T-Eberle investigated the issue and found the solution.
Thank you T-Eberle!
2022-04-05 15:25:25 -07:00
rtsp
58bea67b68
[2.18] cert-manager: Backport cert-manager leader election namespace fixes from master ()
cherry-picked from
* ccd3180 cert-manager: Fix incorrect leader election namespace lead to insufficient permission ()
* e791089 cert-manager: Allow to change leader election namespace for GKE Autopilot support ()
2022-04-04 11:10:11 -07:00
Kenichi Omichi
f091b1cfd7
[2.18] Run 0100-dhclient-hooks if dhcpclient is enabled () ()
* Run 0100-dhclient-hooks if dhcpclient is enabled ()

If running Kubespray on static IP environments, a task was failed like:

  TASK [kubernetes/preinstall : Configure dhclient hooks for resolv.conf (RH-only)]
  fatal: [ak8s2]: FAILED! => {
    "changed": false, "checksum": "..",
    "msg": "Destination directory /etc/dhcp/dhclient.d does not exist"}

This adds a check for dhclientconffile for running 0100-dhclient-hooks to
run the task only if dhcpclient is enabled.

* Remove centos7 molecule while opensuse mirror is flaky

Co-authored-by: Florian Ruynat <16313165+floryut@users.noreply.github.com>
2022-03-30 10:08:25 -07:00
Cristian Calin
e7508d7d21
[sysctl] set fs.may_detach_mounts=1 even when CRIs don't set it themselves () () 2022-03-22 05:31:44 -07:00
Calin Cristian Andrei
ae1f8d8578 [kubernetes] make 1.22.8 the new default 2022-03-18 11:26:41 -07:00
Calin Cristian Andrei
aafdcc1b68 [backport-2.18] update kubernetes hashes for 1.23, 1.22 and 1.21 2022-03-18 11:26:41 -07:00
Takuya Murakami
019bcbc893
Update config.toml.j2 () ()
* Update config.toml.j2

i think this commit code is not completed works

exam registry address : a.com:5000

insecure registry must be http://a.com:5000

but this code add insecure a.com:5000 (without http://)

If there is no http, containerd accesses with https even if insecure_skip_verify = true

solution is code edit

* Update config.toml.j2

* Update containerd.yml

* Update containerd.yml

* Update containerd.yml

* Update config.toml.j2

(cherry picked from commit dda557ed23)

Co-authored-by: Choi Yongbeom <59861163+mircyb@users.noreply.github.com>
2022-03-09 06:22:13 -08:00
Takuya Murakami
0c43883e5c
[PATCH] nerdctl insecure registry config () ()
Backport  to 2.18-release
Cherry-pick 24f1402a14

Co-authored-by: Choi Yongbeom <59861163+mircyb@users.noreply.github.com>
2022-03-08 14:32:22 -08:00
Kenichi Omichi
c4a2745523
Move containerd_version to defaults/main.yml () ()
All container image versions were defined in download/defaults/main.yml
except containerd.
The inconsistency caused the offline script(generate_list.sh) could not
output the URL of containerd image.
This moves the definition into a valid file.
In addition, this adds host_os to generate_list.sh for downloading
krew from a valid URL.
2022-02-13 09:55:50 -08:00
Kenichi Omichi
d1609e3111
CI: Replace CentOS 8 with AlmaLinux 8 before CentOS 8 EOL end of 2021 () ()
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2022-02-07 23:42:53 -08:00
Cristian Calin
6abffe9c37
[2.18] update kubernetes hashes and make 1.22.6 the default ()
* [kubernetes] add hashes for 1.23.2, 1.22.6, 1.21.9 and 1.20.15

* [kubernetes] make 1.22.6 the default version
2022-01-25 05:20:30 -08:00
Boris Barnier
a5cd98f6cf
Fix kata_containers_binary_checksums for arm64 () 2022-01-24 00:19:57 -08:00
Mathieu Parent
7fffe6730c Allow to choose container manager commands ()
This allow to workaround  by using image_command_tool=crictl
when containerd_registries is used for containerd.

Also changes image_info_command_on_localhost for docker to return digests.

(cherry picked from commit cfd9873bbc)

The cherry-pick was adapted because nerdctl_extra_flags is not in
the release-2.18 branch ().
2022-01-17 02:25:30 -08:00
rtsp
8a3c78e8b4
[2.18] Fix container engine still installed on dedicated etcd ()
* Fix container engine still installed on dedicated etcd node even if `etcd_deployment_type: host` ()

(cherry picked from commit aa4a3d7)
2022-01-11 00:31:16 -08:00
Max Gautier
92f25bf267
Simplify usage of pre-remove role ()
- Use builtin task scheduling of ansible (same task on each host)
  instead of manual looping on master

Benefits:
- One less play in remove-node.yml playbook
- Parralel node drain
- Drain parameters (timeout, grace period, retries,
  allow_ungraceful_removal) can be adjusted separately for each node
  with ansible variables
2022-01-04 07:10:53 -08:00
Romain ALBON
63a53c79d0
Fix - Search root filesystem device () 2022-01-04 06:48:52 -08:00
Florian Ruynat
841c61aaa1
Revert "Fix external lb error ()" ()
This reverts commit 4f2e4524b8.
2022-01-03 01:37:00 -08:00
Samuel Liu
157942a462
fix resolved config () 2022-01-03 00:06:59 -08:00
jbpratt
e88a27790c
fix spelling error () 2022-01-02 23:55:00 -08:00
Cristian Calin
ed3932b7d5
[cni-plugins] upgrade to stable 1.0.1 ()
* [cni-plugins] upgrade to stable 1.0.1

* [flannel] use binary from dedicated project
2021-12-23 23:16:15 -08:00
emiran-orange
2b5c185826
calico_pool_blocksize must be cast as well in assertion when defined ()
* calico_pool_blocksize must be cast as string in assertion when defined

* Cast as int rather than string
2021-12-23 00:58:37 -08:00
zhengtianbao
c3c128352f
Remove registry-proxy () 2021-12-21 23:55:35 -08:00
zhengtianbao
02a89543d6
registry: add ingress support () 2021-12-21 10:20:46 -08:00
Cristian Calin
c1954ff918
Support deploying kubernetes 1.23 ()
* Ensure entries for 1.23 are added for supported_versions vars

* cri-o: add support for kubernetes 1.23 but still use cri-o 1.22

* kubescheduler-config: diferentiate config versions based on kube_version
2021-12-21 01:38:46 -08:00
Kenichi Omichi
b49ae8c21d
Delete "kubeadm alpha certs" code ()
"kubeadm alpha certs" command has been promoted to "kubeadm certs" command,
and "kubeadm alpha certs" has been deprecated since Kubernetes v1.20 as [1].
In addition, Kubespray supports Kubernetes v1.20+.
This delete the deprecated command for cleanup.

[1]: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.20.md#deprecation
2021-12-20 12:53:33 -08:00
Calin Cristian Andrei
1a7b4435f3 Bump default version of kubernetes to 1.22.5 2021-12-20 08:56:56 -08:00
Calin Cristian Andrei
db0e458217 Kubernetes: add hashes for v1.23.1, v1.23.0, v1.22.5, v1.21.8 and v1.20.14 2021-12-20 08:56:56 -08:00
Nicolas MASSE
f01f7c54aa
Add support for CRI-O user namespaces ()
* add support for cri-o user namespaces

* comply with yamllint rules
2021-12-20 06:37:25 -08:00
kakkotetsu
c59407f105
add support for Calico BGPPeer sourceAddress () 2021-12-20 01:51:25 -08:00
Cristian Calin
fdc5d7458f
Upgrade to nerdctl 0.15.0 and some fixes ()
* nerdctl: move to 0.15.0

* nerdctl: reduce verbosity when pulling images

* download: use proxy environment when using nerdctl to download containers
2021-12-20 00:33:26 -08:00
Antoine Gatineau
6aafb9b2d4
fix bad indentation () 2021-12-17 07:36:29 -08:00
Samuel Liu
aa9ad1ed60
clean files for kube-ovn () 2021-12-15 23:39:19 -08:00
zhengtianbao
aa9b8453a0
registry: service add clusterIP, nodePort, loadBalancer support ()
* registry: service add clusterIP, nodePort, loadBalancer support

* modify camelcase name to underscore

* Add registry service type compatibility check
2021-12-15 00:18:19 -08:00
singeleaf
4f2e4524b8
Fix external lb error () 2021-12-13 14:46:27 -08:00
Marat Talipov
4f27c763af
containerd insecure registry support () 2021-12-13 00:41:58 -08:00
Cristian Calin
0e969c0b72
vSphere-CSI: update to 2.4.0 () 2021-12-10 11:07:23 -08:00
Steven Reitsma
b396801e28
Update Cinder CSI to v1.22 () 2021-12-10 10:49:11 -08:00
Cristian Calin
682c8a59c2
containerd: change default resolvconf_mode to host_resolvconf ()
* containerd: change default resolvconf_mode to host_resolvconf

* Wait for kube-apiserver to come back after pod refresh

* Handle resolv.conf gracefully

* Retain currently configured DNS entries to ensure we don't break the resolvers

* Suse uses wickedd for network management so no dhcp hooks

* Molecule: increase ansible timeout

* CI: Increase ansible timeout to 120s for Packet jobs
2021-12-09 14:09:06 -08:00
Florian Ruynat
5a25de37ef
Revert "remove no longer present etcd nodes from APIEndpoints list in kubeadm-config configmap ()" ()
This reverts commit dc767c14b9.
2021-12-09 08:24:16 -08:00
zhengtianbao
4ef2cf4c28
Registry add TLS and authentication support ()
* Add registry TLS support

* Add registry configmap and htpasswd auth
2021-12-07 08:32:00 -08:00
Cristian Calin
990ca38d21
Kata-Containers: add 2.3.0 ()
* Kata-Containers: add checksums for 2.3.0

* Kata-Containers: version 2.3.0 requires kubernetes 1.22.0+
2021-12-07 08:18:08 -08:00
Cristian Calin
c7e430573f
Calico: upgrade 3.21.x to 3.21.2 () 2021-12-07 08:18:01 -08:00
Cristian Calin
a328b64464
runc: upgrade to v1.0.3 () 2021-12-07 06:10:02 -08:00
zhengtianbao
a16d427536
Set etcd-events listen port to 2383 () 2021-12-07 00:28:01 -08:00
Cristian Calin
c98a07825b
Use cgroupsv2 where available (fedora) ()
* Containerd: use cgroupsv2 where available (fedora)

* Docker: use cgroupsv2 where available (fedora)

* cri-o: use cgroupsv2 where available (fedora)
2021-12-06 11:19:33 -08:00
Samuel Liu
a98ca6fcf3
Update loadbalancers versions ()
* Update loadbalancers versions

* fix haproxy_config_dir mode
2021-12-06 09:40:32 -08:00
Samuel Liu
4550f8c50f
calico_flexvol () 2021-12-06 05:00:32 -08:00
toplordsaito
9afca43807
change dns upstream condition for coredns ()
upstream_dns_servers should change corefile config even resolvconf_mode=docker_dns
2021-12-06 02:46:32 -08:00
Alvaro Campesino
27ab364df5
Improve control plane scale flow () ()
* Improve control plane scale flow ()

* Added version 1.20.10 of K8s

* Setting first_kube_control_plane to a existing one

* Setting first_kube_control_plane to a existing one

* change first_kube_master for first_kube_control_plane

* Ansible-lint changes
2021-12-06 00:16:32 -08:00