Commit graph

4545 commits

Author SHA1 Message Date
William Turner
eeb376460d
Fix inconsistent handling of admission plugin list (#9407)
* Fix inconsistent handling of admission plugin list

* Adjust hardening doc with the normalized admission plugin list

* Add pre-check for admission plugins format change

* Ignore checking admission plugins value when variable is not defined
2022-10-26 00:28:37 -07:00
Kay Yan
ef707b3461
update-containerd-1.6.9 (#9427) 2022-10-25 16:34:37 -07:00
Mohamed Zaian
2af918132e
Update kubernetes dashboard to 2.7.0 (k8s 1.25 support) (#9425) 2022-10-24 18:32:36 -07:00
Mohamed Zaian
b9b654714e
[nerdctl] upgrade to version 1.0.0 (#9424) 2022-10-24 18:28:35 -07:00
Mohamed Zaian
fe399e0e0c
[etcd] add 3.5.5 hashes, make it default for k8s 1.25 (#9419) 2022-10-24 00:06:26 -07:00
杨刚
b192053e28
as argocd 2.4.15 is releasesd , update the version (#9420) 2022-10-23 20:34:24 -07:00
Wouter Goedhart
1901b512d2
Make the port of kube-vip dynamic based on the kube_apiserver_port (#9414)
variable

Fix wrong referenced variable on bgp_peers

Fix bgp_peeras field to be a string

Set default value for bgp_peeras
2022-10-23 18:00:24 -07:00
ERIK
9fdda7eca8
Fix iputils install failure in Kylin OS (#9416)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-10-21 04:53:51 -07:00
ERIK
a68ed897f0
Update kubelet checksum (#9413)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-10-21 04:21:50 -07:00
Florian Ruynat
582ff96d19
Update docker version to 20.10.20 (#9410) 2022-10-20 18:45:15 -07:00
Kenichi Omichi
0374a55eb3
Specify securityContext for cert-manager (#9404)
On hardening environments, cert-manager pods could not be created
from the corresponding deployments. This adds the securityContext
to solve the issue.
2022-10-20 00:57:08 -07:00
Kay Yan
ccbe38f78c
make-kube-1.25-default (#9364) 2022-10-20 00:56:57 -07:00
Vladimir
958840da89
Add var for control initialDelaySeconds in nginx ingress probe (#9405)
Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>

Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>
2022-10-19 21:20:56 -07:00
Cristian Calin
1530411218
use cri-o from upstream instead of kubic/OBS (#9374)
* [cri-o] use cri-o from upstream instead of kubic/OBS

* [cri-o] add proper molecule coverage

* [skopeo] download skopeo from upstream build

* [cri-o] clean up legacy deployments

* disable cri-o per-distribution variables
2022-10-19 05:47:05 -07:00
Mohamed Zaian
0f44e8c812
[ingress-nginx] upgrade to 1.4.0 (#9403) 2022-10-18 16:53:00 -07:00
Maxime Leroy
d9c39c274e
fix(defaults): wrong cri_socket path for containerd (#9401) 2022-10-18 00:15:18 -07:00
Kenichi Omichi
c38fb866b7
Update securityContext of netchecker (#9398)
To run netchecker with necessary privilege,
this updates the securityContext.
2022-10-17 19:11:18 -07:00
Mohamed Zaian
5ad1d9db5e
[kubernetes] Add hashes for 1.25.3, 1.24.7, 1.23.13 and make v1.24.7 default (#9397) 2022-10-17 05:59:07 -07:00
Kay Yan
32f3d92d6b
Remove PodSecurityPolicies in Calico (#9395) 2022-10-17 05:51:07 -07:00
Cristian Calin
23716b0eff
don't define kubeadm_patches by default (#9372) 2022-10-14 01:20:46 -07:00
Kay Yan
859df84b45
remove-psp-in-flannel (#9365) 2022-10-14 00:16:47 -07:00
Kay Yan
131bd933a6
Fix ensure ping package error in fedora CoreOS & Flatcar (#9370)
* fix-ensure-package-in-coreos

* clean blank line
2022-10-13 16:54:46 -07:00
Unai Arríen
52904ee6ad
Avoid MetalLB speaker image download when MetalLB speaker is disabled (#9248)
* Avoid MetalLB speaker image download when metallb_speaker_enabled is set to

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Improve metallb_speaker_enabled default values
2022-10-13 16:50:47 -07:00
ghostloda
547ef747da
fix helm install with password authentication (#9343) 2022-10-12 23:55:01 -07:00
ERIK
bc5881b70a
Add the cilium hubble images to download role (#9376)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-10-12 23:45:00 -07:00
Kenichi Omichi
f4b95d42a6
Add note for containerd oom_score (#9384)
When we saw 0 as the default value of containerd_oom_score, we had
a question why the value was not -999.
This adds the note to explain it.
2022-10-11 21:49:00 -07:00
Unai Arríen
ef76a578a4
Change dns upstream condition for nodelocaldns (#9378) 2022-10-11 00:47:02 -07:00
Piotr Kowalczyk
3b99d24ceb
Fix: install calico-kube-controller on kdd (#9358)
* Fix: install policy controller on kdd too

* Remove the calico_policy_version condition altogether

* Install policy controller both on canal and calico under same condition
2022-10-10 19:45:01 -07:00
Kay Yan
4701abff4c
upgrade-api-version-for-PodDisruptionBudget (#9369) 2022-10-10 17:51:02 -07:00
Joe Siponen
717b8daafe
Download coredns image to all hosts in k8s_cluster (#9316)
Coredns image must be available everywhere as it
may be rescheduled to a non-control-plane-node.
2022-10-08 05:03:19 -07:00
Kevin Huang
c346e46022
fix(cinder-csi-nodeplugin): Remove the pods-cloud-data volume (#9362) 2022-10-08 01:23:19 -07:00
Kenichi Omichi
24632ae81b
Add check_typo job (#9361)
To block merging pull requests which contain typo automatically.
2022-10-07 02:21:53 -07:00
JSpon
befde271eb
Use hostname override in post-remove role, just as pre-remove role does (#9360) 2022-10-06 15:03:52 -07:00
Huang Chen-Yi
d689f57c94
Features/support kubeadm patches v1beta3 (#9326)
* Support kubeadm patches in v1beta3

* Update kubeadm patches sample files in inventory

* Fix pre-commit syntax

* Set kubeadm_patches  enabled to false in sample inventory
2022-10-06 00:39:52 -07:00
William Turner
ad3f503c0c
Fix default value for kubelet_secure_addresses (#9355) 2022-10-06 00:35:51 -07:00
Eugene Artemenko
8b9cd3959a
Add possibility to skip adding load balancer name in the hosts file (#9331) 2022-10-04 06:26:16 -07:00
Emin AKTAS
dffeab320e
feat: add a paramater to disable host nameservers (#9357)
Signed-off-by: eminaktas <eminaktas34@gmail.com>

Signed-off-by: eminaktas <eminaktas34@gmail.com>
2022-10-04 06:22:17 -07:00
Kay Yan
999586a110
sysctl_additional (#9351) 2022-10-02 23:06:14 -07:00
Kay Yan
44115d7d7a
support-kube-1.25 (#9260)
Co-authored-by: Rene Luria <rene.luria@infomaniak.com>
2022-09-29 23:34:30 -07:00
Florian Ruynat
841e2f44c0
Remove references to 1.22 (#9342) 2022-09-28 14:10:29 -07:00
Hugo Blom
a8e4984cf7
Add missing permissions to openstack cc (#9335)
Add missing permissions to Openstack cloud controller to make sure controller runs as intended
2022-09-27 22:19:35 -07:00
Rene Luria
3646dc0bd2
fix: remove trailing backslash and yaml indent (#9339)
* fix: remove trailing backslash

* fixed indent in cilium config template
2022-09-27 19:45:35 -07:00
biqiang Wu
31caab5f92
Fix: The Hubble certificate is faulty because the cluster name is hard coded (#9340)
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>

Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
2022-09-27 05:57:52 -07:00
ERIK
472996c8b3
update pause image version (#9337)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2022-09-27 00:49:52 -07:00
Shelming.Song
d62c67a5f5
allow user to set env: FELIX_MTUIFACEPATTERN in calico-node.yml (#9330) 2022-09-26 21:57:45 -07:00
Federico Cucinella
e486151aea
cloud-provider-openstack: upgrade 1.22.0 to 1.23.4 (#9332) 2022-09-26 17:35:46 -07:00
Ho Kim
18efdc2c51
Fix typos in calico (#9327) 2022-09-26 00:11:44 -07:00
Zhong Jianxin
6dff39344b
preinstall: Add nodelocaldns to supersede_nameserver if enabled (#9282)
When a machine that use dhclient and resolvconf reboots, this will make /etc/resolv.conf
remain close to the one before reboot
2022-09-25 20:19:44 -07:00
Robin Wallace
c4de3df492
upcloud csi driver: bump version to v0.3.3 (#9317) 2022-09-24 13:18:04 -07:00
Ilya Margolin
f2e11f088b
Hotfix containerd restart (#9322) 2022-09-24 13:14:04 -07:00