Commit graph

1570 commits

Author SHA1 Message Date
Kenichi Omichi
f091b1cfd7
[2.18] Run 0100-dhclient-hooks if dhcpclient is enabled () ()
* Run 0100-dhclient-hooks if dhcpclient is enabled ()

If running Kubespray on static IP environments, a task was failed like:

  TASK [kubernetes/preinstall : Configure dhclient hooks for resolv.conf (RH-only)]
  fatal: [ak8s2]: FAILED! => {
    "changed": false, "checksum": "..",
    "msg": "Destination directory /etc/dhcp/dhclient.d does not exist"}

This adds a check for dhclientconffile for running 0100-dhclient-hooks to
run the task only if dhcpclient is enabled.

* Remove centos7 molecule while opensuse mirror is flaky

Co-authored-by: Florian Ruynat <16313165+floryut@users.noreply.github.com>
2022-03-30 10:08:25 -07:00
Cristian Calin
e7508d7d21
[sysctl] set fs.may_detach_mounts=1 even when CRIs don't set it themselves () () 2022-03-22 05:31:44 -07:00
Romain ALBON
63a53c79d0
Fix - Search root filesystem device () 2022-01-04 06:48:52 -08:00
Florian Ruynat
841c61aaa1
Revert "Fix external lb error ()" ()
This reverts commit 4f2e4524b8.
2022-01-03 01:37:00 -08:00
Samuel Liu
157942a462
fix resolved config () 2022-01-03 00:06:59 -08:00
Cristian Calin
c1954ff918
Support deploying kubernetes 1.23 ()
* Ensure entries for 1.23 are added for supported_versions vars

* cri-o: add support for kubernetes 1.23 but still use cri-o 1.22

* kubescheduler-config: diferentiate config versions based on kube_version
2021-12-21 01:38:46 -08:00
Kenichi Omichi
b49ae8c21d
Delete "kubeadm alpha certs" code ()
"kubeadm alpha certs" command has been promoted to "kubeadm certs" command,
and "kubeadm alpha certs" has been deprecated since Kubernetes v1.20 as [1].
In addition, Kubespray supports Kubernetes v1.20+.
This delete the deprecated command for cleanup.

[1]: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.20.md#deprecation
2021-12-20 12:53:33 -08:00
singeleaf
4f2e4524b8
Fix external lb error () 2021-12-13 14:46:27 -08:00
Cristian Calin
682c8a59c2
containerd: change default resolvconf_mode to host_resolvconf ()
* containerd: change default resolvconf_mode to host_resolvconf

* Wait for kube-apiserver to come back after pod refresh

* Handle resolv.conf gracefully

* Retain currently configured DNS entries to ensure we don't break the resolvers

* Suse uses wickedd for network management so no dhcp hooks

* Molecule: increase ansible timeout

* CI: Increase ansible timeout to 120s for Packet jobs
2021-12-09 14:09:06 -08:00
Cristian Calin
990ca38d21
Kata-Containers: add 2.3.0 ()
* Kata-Containers: add checksums for 2.3.0

* Kata-Containers: version 2.3.0 requires kubernetes 1.22.0+
2021-12-07 08:18:08 -08:00
Samuel Liu
a98ca6fcf3
Update loadbalancers versions ()
* Update loadbalancers versions

* fix haproxy_config_dir mode
2021-12-06 09:40:32 -08:00
Alvaro Campesino
27ab364df5
Improve control plane scale flow () ()
* Improve control plane scale flow ()

* Added version 1.20.10 of K8s

* Setting first_kube_control_plane to a existing one

* Setting first_kube_control_plane to a existing one

* change first_kube_master for first_kube_control_plane

* Ansible-lint changes
2021-12-06 00:16:32 -08:00
Hanna Bledai
615216f397
Fix if bind-address is not set to 0.0.0.0 ()
* if bind-address is not set to 0.0.0.0

* Update docs and left comments

* fix yamllist check: remove space
2021-12-05 23:58:32 -08:00
Alvaro Campesino
30d9882851
Add nodelocaldns only if it is enabled () 2021-12-03 20:36:31 -08:00
Florian Ruynat
e19ce27352
Remove ovn4nfv support () 2021-12-03 11:56:35 -08:00
Samuel Liu
ee0f1e9d58
Update etcd-servers for apiserver () 2021-12-03 00:28:27 -08:00
Cristian Calin
ee882fa462
Add capability to use swap, requires Kube 1.22 ()
* Alpha-NodeSwap: allow nodes to use swap

* CI: Add Fedora 35 with experimental swap job
2021-11-30 00:52:56 -08:00
Florian Ruynat
a5f88e14d0
Cleanup tests ()
* Add Fedora 35 image, support and CI

* Cleanup tests and allow_failure for vagrant
2021-11-26 09:00:51 -08:00
Lubos Mercl
424163c7d3
add gce support ()
Author:    lmercl <lubos.mercl@gmail.com>
Date:      Wed Nov 10 15:30:04 2021 +0000

fix markdown
2021-11-16 08:58:28 -08:00
EDGsheryl
4d79a55904
Remove extra parameter kube_proxy_remove ()
Signed-off-by: EDGsheryl <edgsheryl@gmail.com>
2021-11-15 00:02:48 -08:00
Kenichi Omichi
cb7c30a4f1
Fix cloud_provider check ()
This fixes the preinstall check for cloud_provider option based on
inventory/sample/group_vars/all/all.yml
2021-11-07 23:48:52 -08:00
Pasquale Toscano
6e5b9e0ebf
Fix Kubelet and Containerd when using cgroupfs as cgroup driver () 2021-11-05 07:59:54 -07:00
Gheorghe Isak
16bdb3fe51
set check_mode to false () 2021-10-26 19:36:37 -07:00
Cristian Calin
ea8e2fc651
containerd: download containerd from upstream instead of using distro specific packages ()
* Containerd: download containerd from upstream instead of using distro specific packages

split runc download to separate role
make bootstrap-os role deploy container-selinux and seccomp libraries
clean up package manager provided containerd
move variables to docker role that are no longer common with containerd

* Containerd: make molecule testing more relevant

* replace ubuntu18 with ubuntu20
* add centos8 and debian11 to molecule tests
* run kubernetes/preinstall role to ensure relevancy
  of test including dependency packages

* CI: adjust test scenarios for downloaded containerd
2021-10-20 08:47:58 -07:00
Omar Aloraini
6aac59394e
Rocky Linux support ()
* Add Rocky as a known OS

* Make sure Rocky includes bootstrap-centos.yml

* Update docs with Rocky Linux

* Rocky Linux wireguard and EPEL

* Rocky Linux in the list of supported distributions
2021-10-19 08:29:04 -07:00
Necatican Yıldırım
1a57780a75
Add kubeadm_join_phases_skip variable ()
* Add kubeadm_join_phases_skip variable

* Update kubeadm_join_phases_skip comment

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* Add kubeadm_join_phases_skip_default variable to follow the same logic with kubeadm_init_phases_skip

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2021-10-11 09:36:41 -07:00
Ilya Margolin
41e0ca3f85
Move kube_feature_gates to kubelet config ()
to remove deprecation warning:

> Flag --feature-gates has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag.
2021-10-05 06:07:10 -07:00
Iago Santos
43958614e3
Fix kubespray flatcar ansible_os_family and ansible_distribution ()
Closes https://github.com/kubernetes-sigs/kubespray/issues/8028

Signed-off-by: Iago Santos <iago.santos.pardo@adfinis.com>
2021-10-01 09:11:23 -07:00
rtsp
af04906b51
Ensure apparmor is installed ()
Kubespray deployment failed when using containerd backend on nodes that apparmor was not installed or previously removed. This PR ensure apparmor is installed by adding it into required_pkgs var.
2021-09-29 23:52:08 -07:00
Marcos Lorenzo
4c5328fd1f
Determine root filesistem device and partition before running growpart () 2021-09-27 23:58:42 -07:00
Victor Morales
432a312a35
Enable stable and edge containerd versions () 2021-09-27 08:11:35 -07:00
rtsp
4bace2491d
Ensure apparmor is installed ()
Kubespray deployment failed when using containerd backend on nodes that apparmor was not installed or previously removed. This PR ensure apparmor is installed by adding it into required_pkgs var.
2021-09-24 07:55:23 -07:00
Kenichi Omichi
843252c968
Use kube_config_dir for kubeconfig ()
The path of kubeconfig should be configurable, and its default value
is /etc/kubernetes/admin.conf. Most paths of the file are configurable
but some were not. This make those configurable.
2021-09-23 10:19:13 -07:00
Cristian Calin
a517a8db01
Drop chech for kubelet_shutdown_grace_period ()
and kubelet_shutdown_grace_period_critical_pods as ansible cannot do
sane time interval calculations
2021-09-21 18:34:00 -07:00
Wang Zhen
2211504790
Fix k8s-certs-renew cp path ()
Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
2021-09-21 00:36:22 -07:00
Cristian Calin
6f7911264f
Calico: make calico_min_version check relevant ()
* Calico: make calico_min_version check relevant

* Calico: only check currently installed version against the oldest supported version by the previous release
2021-09-20 07:58:09 -07:00
Hari Hud
30cd91dc6b
Add option to kubeadm upgrade command to control certificates renewal during control plane upgrade ()
* Add option to kubeadm upgrade command to control certificates renewal during control plane upgrade

* Remove training whitespace
2021-09-17 04:31:00 -07:00
Samuel Liu
62ab477838
remove kube_proxy_conntrack_max var () 2021-09-15 08:22:31 -07:00
rtsp
f8a57f7598
Fix iptables missing on Debian 11 if APT::Install-Recommends=0 ()
On Debian 11, `ipset` just recommend `iptables` so on the system that apt is configured with `APT::Install-Recommends "0";` iptables will not install automatically.
2021-09-14 08:19:09 -07:00
Cristian Calin
d57ddf0be8
Feature DynamicKubeletConfig is deprecated in 1.22 and will not move to GA ()
* Feature DynamicKubeletConfig is deprecated in 1.22 and will not move to GA

* Add check for dynamic_kubelet_configuration with kube >= 1.22
2021-09-07 10:47:16 -07:00
rtsp
c8e090c17f
Add preliminary Debian 11 (bullseye) support ()
- Use python3-apt instead because python-apt was removed in Debian 11
- Add gnupg (fix "container-engine/containerd : ensure containerd repository public key is installed" task failed)
- Remove aufs-tools

Signed-off-by: rtsp <git@rtsp.us>
2021-08-30 09:53:06 -07:00
Cristian Calin
1afdb05ea9
Fedora and RHEL use etc_t and the convention is <type_name>_t ()
* Fedora and RHEL use etc_t and the convention is <type_name>_t

* Docs: specify all values for preinstall_selinux_state

* CI: Add Fedora 34 with SELinux in enforcing mode
2021-08-27 14:20:53 -07:00
Daniil Muidinov
7f309bb092
fix parameters for module replace in 0060-resolvconf () 2021-08-10 17:13:26 -07:00
Smita Srivastava
31a5a4e808
retry to fetch binary if it fails first time () 2021-07-30 00:17:38 -07:00
cola-zero
f21a707e99
Add containerd on Flatcar Container Linux () 2021-07-21 06:28:07 -07:00
spaced
bf54dc082b
set selinux type t_etc if selinux state is enforcing () 2021-07-13 06:34:29 -07:00
Cristian Calin
7516fe142f
Move to Ansible 3.4.0 ()
* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10

* Docs: add a note about ansible upgrade post 2.9.x

* CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures

* Ansible: use newer ansible-lint

* Fix ansible-lint 5.0.11 found issues

* syntax issues
* risky-file-permissions
* var-naming
* role-name
* molecule tests

* Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+

* Pin ansible-base to 2.10.11 to get package fix on RHEL8
2021-07-12 00:00:47 -07:00
Shinerrs
d0fb537448
Ubuntu changed package name python-apt to python3-apt ()
* replaced deprecated python package with python3 package

* removed the version due to duplication
2021-07-02 06:56:13 -07:00
Cristian Calin
a3e34f589a
Enable Graceful Node Shutdown for Kubernetes >= 1.21.0 ()
* Enable Graceful Node Shutdown for Kubernetes >= 1.21.0

* Add sample graceful shutdown parameters
2021-06-27 23:53:25 -07:00
Cristian Calin
282a27a07c
gVisor: initial support for gVisor container runtime ()
* Docker/Containerd: move downloads urls to containerd-common

* gVisor: initial support for gVisor container runtime
2021-06-21 05:18:51 -07:00