Commit graph

6409 commits

Author SHA1 Message Date
emiran-orange
afbabebfd5
Enables Calico serviceAccount token monitoring and update of /etc/cni/net.d/calico-kubeconfig if need be. (#7586)
Since K8S 1.21, BoundServiceAccountTokenVolume feature gate is in beta stage, thus activated by default (anyone who follows CSI guidelines has enabled AllAlpha and faced the issue before 1.21).
With this feature, SA tokens are regenerated every hour.
As a consequence for Calico CNI, token in /etc/cni/net.d/calico-kubeconfig copied from /var/run/secrets/kubernetes.io/serviceaccount in install-cni initContainer expires after one hour and any pod creation fails due to unauthorization.
Calico pods need to be restarted so that /etc/cni/net.d/calico-kubeconfig is updated with the new SA token.
2021-05-11 08:47:36 -07:00
Cristian Calin
8c0a2741ae
allow overriding calico peers names and avoid ipv6 naming issues (#7591) 2021-05-11 07:05:36 -07:00
muzi502
1d078e1119
Add script for generate download files and images list (#7561)
Fix coredns image repo and tag typo for #7570
2021-05-11 00:39:36 -07:00
Cristian Calin
d90baa8601
add containerd support for Amazon Linux 2 (#7595) 2021-05-10 19:25:36 -07:00
muzi502
d5660cd37c
Fix reset cluster task failed (#7597) 2021-05-10 17:25:36 -07:00
Cristian Calin
63cec45597
Add Amazon to the check for supported distributions (#7589) 2021-05-10 16:17:36 -07:00
Hari Hud
f07e24db8f
Cleanup duplicate task in etcd role (#7598)
* Remove the duplicate task in etcd role

* Remove inessential delegate_to
2021-05-10 16:11:36 -07:00
Cristian Calin
5d5be3e96a
bump calico 3.18 to v3.18.3 (#7592) 2021-05-10 00:34:51 -07:00
Hari Hud
6e7649360f
Ignore error when ipvsadm utility not found on node (#7587) 2021-05-07 13:37:04 -07:00
Cedric Hnyda
1dd38721b3
Add external_openstack_enable_ingress_hostname option for openstack (#7572)
Signed-off-by: Cedric Hnyda <cedric.hnyda@itera.io>
2021-05-04 00:33:11 -07:00
Eugene Artemenko
6a001e4971
Add suport of Vsphere CSI driver 2.X versions (#7480) 2021-05-04 00:05:11 -07:00
Samuel Liu
96e6a6ac3f
Add krew support (#7464)
* Add krew support

* Add reset for krew

* Update install krew(local)

* ansible lint

* yamllint

* fix krew default vars

* fix kubectl_localhost mode

* replace include

* fix e206
2021-05-03 07:16:03 -07:00
bac-w
2556eb2733
Upgrade cilium role (#7521)
* Upgrade cilium roles

* Del old test result

* Add hubble ui examples

* Refactor hubble metrics

* Markdown fix pipeline errors

* yamllint check and fix

* refactor install from https://github.com/kubernetes-sigs/kubespray/pull/7520

* Docs syntax change (fix)

* Cilium set default 1.8.9

* Update cilium version in Readme
2021-04-30 08:09:59 -07:00
Florian Ruynat
d29ea386d6
Fix issue with api token wait check not working (#7566) 2021-04-30 07:47:59 -07:00
MRoci
a0ee569091
change coredns image name to coredns/coredns and prefix v to tag (#7570)
follow new naming conventions for gcr's coredns image.
starting from 1.21 kubeadm assumes it to be `coredns/coredns`:
this causes the kubeadm deployment being unable to pull image, beacuse `v`
was also added in image tag, until the role `kubernetes-apps` ovverides
it with the old name, which is only compatible with <=1.7.

Backward comptability with kubeadm <=1.20 is mantained checking
kubernetes version and falling back to old names (`coredns:1.xx`) when
the version is less than 1.21
2021-04-30 07:43:58 -07:00
holmesb
3f4eb9be08
Fixes issue #7573 - Made Calico permissions compatible with v3.18.x (see https://github.com/projectcalico/calico/issues/4557). Specifically, granted watch to custom resources blockaffinities, ipamblocks & ipamhandles (#7575) 2021-04-30 07:25:59 -07:00
muzi502
5ea2d1eb67
Add image_arch in flannel image tag (#7560)
* Add image_arch variable when download flannel image

* Fix flannel image tag typo with image arch
2021-04-29 17:51:57 -07:00
Florian Ruynat
ffc38a2237
Fix busybox for tests to reduce dockerhub calls (#7571) 2021-04-29 17:39:57 -07:00
Cristian Calin
360aff4a57
Rename ansible groups to use _ instead of - (#7552)
* rename ansible groups to use _ instead of -

k8s-cluster -> k8s_cluster
k8s-node -> k8s_node
calico-rr -> calico_rr
no-floating -> no_floating

Note: kube-node,k8s-cluster groups in upgrade CI
      need clean-up after v2.16 is tagged

* ensure old groups are mapped to the new ones
2021-04-29 05:20:50 -07:00
Sergey
d26191373a
add default empty value for etc_hosts_localhosts_dict_target (#7567) 2021-04-28 11:34:50 -07:00
Cristian Calin
4c06aa98b5
crio: add supported versions 1.20 and 1.21 and align default with k8s version (#7562)
* crio: add supported versions 1.20 and 1.21 and align default with k8s version

* cri-o: drop versions 1.17 and 1.18 from version matrix

* update note on cri-o version alignment
2021-04-28 11:30:51 -07:00
muzi502
1b267b6599
Fix calico-kube-controller becomes Error for canal (#7564) 2021-04-28 11:26:52 -07:00
Cristian Calin
dd6efb73f7
Calico new versions v3.17.4 and v3.18.2 (#7563)
* calico: upgrade from v3.17.3 to v3.17.4

* calico: upgrade from v3.18.1 to v3.18.2
2021-04-28 08:22:50 -07:00
Samuel Liu
dfeed1c1a4
Modify the commented config info (#7558) 2021-04-27 15:45:28 -07:00
harihud
0071e3c99c
Update main.yml (#7557) 2021-04-27 15:41:27 -07:00
muzi502
0feec14b15
Update Dockerfile for reduce image size (#7556)
* Update Dockerfile for reduce image size

* Remove KUBE_VERSION form Dockerfile
2021-04-26 23:33:37 -07:00
faruryo
975f84494c
Fix calico-kube-controller becomes Error (#7548)
Change mode so that calico-kube-controllers can be read because it was changed to run as non-root
https://github.com/projectcalico/kube-controllers/pull/566
2021-04-26 15:37:03 -07:00
Florian Ruynat
7c86734d2e
Add cri-o 1.20/1.21 (#7544) 2021-04-26 09:21:16 -07:00
Cristian Calin
8665e1de87
Fix cri-o support for Oracle and AlmaLinux (#7541) 2021-04-26 09:11:02 -07:00
Florian Ruynat
c16efc9ab8
Fix Opensuse not working with ansible_distribution (#7551) 2021-04-26 08:37:02 -07:00
muzi502
324c95d37f
Fix some docs.ansible.com url typo (#7550) 2021-04-26 08:33:02 -07:00
muzi502
69806e0a46
Add nerdctl cli tool for containerd user (#7500)
* Add nerdctl cli tool for containerd user

* Add nerdctl enable option

* Add nerdctl enable option and update nerdctl version to 0.8.0
2021-04-25 23:47:01 -07:00
Cristian Calin
ad15a4b755
Bump calico versions (#7543)
* add calico 3.16.10 hashes

* drop old calico version 3.16.9
2021-04-24 12:37:01 -07:00
Cristian Calin
002a4b03a4
Drop calico 3.15 (#7545)
* calico: drop support for version 3.15

* drop check for calico version >= 3.3, we are at 3.16 minimum now

* we moved to calico 3.16+ so we can default to /opt/cni/bin/install
2021-04-23 23:43:14 -07:00
muzi502
96476430a3
Update cni-plugins and kubernetes version in README.md (#7540) 2021-04-22 23:54:02 -07:00
Cristian Calin
73db44b00c
Initial AlmaLinux support (#7538)
* AlmaLinux: ansible>2.9.19 is needed to know about AlmaLinux

* AlmaLinux: identify as a centos derrivative

* AlmaLinux: add AlmaLinux to checks for CentOS

* Use ansible_os_family to compare family and not distribution
2021-04-22 23:50:03 -07:00
Florian Ruynat
b32d25942d Minor update to cni-plugins and kube-router 2021-04-22 06:47:42 -07:00
Florian Ruynat
fce705a92b Helm minor update to 3.5.4 2021-04-22 06:47:42 -07:00
Florian Ruynat
6164c90f70 Update kube-ovn to 1.6.2 2021-04-22 06:47:42 -07:00
Cristian Calin
e036b899a3
update calico default version in README.md (#7537) 2021-04-22 06:41:41 -07:00
Samuel Liu
8c7b90ebbf
add ingress controller class (#7522) 2021-04-22 00:22:38 -07:00
Ian Martin
38d9d2ea0e
Ambassador can watch multiple namespaces (#7516)
* Ambassador can watch multiple namespaces

* update variable name per PR review
2021-04-22 00:22:31 -07:00
Cristian Calin
384d30b675
add support for configuring cri-o pids_limit (#7525) 2021-04-21 10:55:51 -07:00
Cristian Calin
add61868c6
Add Calico v3.17.3 and v3.18.1 (#7524)
* add hashes for calico v3.17.3

* add hashes for claico v3.18.1

* bump default calico version to v3.17.3

* calico crds are missing yaml separator breaking kdd
2021-04-21 10:45:51 -07:00
Florian Ruynat
b599f3084f
Fix OpenStack StyleGuide rule H216 (On by default in latest version) (#7535)
ref: b921c4de51
2021-04-21 09:04:11 -07:00
Xachman
a7493e26e1
add enablerepo: amzn2extra-docker for docker install on aws 2 (#7507) 2021-04-21 07:24:10 -07:00
Kenichi Omichi
ae3a1d7c01
Fix keepcache values of yum_repository (#7506)
As the official document[1], the parameter keepcache should be
'0' or '1' as string. To avoid the following warning message,
this fixes the parameter value:

  [WARNING]: The value False (type bool) in a string field was
  converted to u'False' (type string). If this does not look
  like what you expect, quote the entire value to ensure it
  does not change.

https://docs.ansible.com/ansible/latest/collections/ansible/builtin/yum_repository_module.html
2021-04-21 07:20:11 -07:00
Mathieu Parent
e39e3d5c26
Fix OpenId Connect example prefixes (#7527)
Fixes "mapping values are not allowed in this context
2021-04-20 17:32:10 -07:00
holmesb
1e7d48846a
Fixes issue #7528 - allow configuring CALICO_STARTUP_LOGLEVEL via a new variable: calico_node_startup_loglevel (#7530)
Signed-off-by: Brendan Holmes <5072156+holmesb@users.noreply.github.com>
2021-04-20 15:37:42 -07:00
Florian Ruynat
6001edeecd
Cleanup hashes and 1.18 hooks (#7534) 2021-04-20 15:34:33 -07:00