Commit graph

928 commits

Author SHA1 Message Date
Cristian Calin
29aafff2ce
etcd: add 3.5.1 for kubernetes 1.23+ () 2022-01-10 22:45:15 -08:00
Alex
06ad5525b8
replace runc 1.0.3 arm64 hash with 0 () 2022-01-10 01:31:13 -08:00
Kenichi Omichi
51bd9bee0d
Move containerd_version to defaults/main.yml ()
All container image versions were defined in download/defaults/main.yml
except containerd.
The inconsistency caused the offline script(generate_list.sh) could not
output the URL of containerd image.
This moves the definition into a valid file.
In addition, this adds host_os to generate_list.sh for downloading
krew from a valid URL.
2022-01-09 01:47:12 -08:00
Victor Morales
52266406f8
Bump cert-manager version to v1.6.1 () 2022-01-07 16:45:34 -08:00
cyril-corbon
cd601c77c7
feat: upgrade metrics server to v0.5.2 ()
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2022-01-07 08:18:33 -08:00
Florian Ruynat
6abae713f7
Update helm / kube-router and coredns ()
* Update kube-router to 1.4.0

* Update Helm to 3.7.2

* Up coredns to 1.8.6 when k8s is 1.23.x
2022-01-06 12:14:27 -08:00
Alex
1312f92a8d
adding 0 checksum for kata_containers_version on arm(64) () 2022-01-06 12:08:27 -08:00
Choi Yongbeom
24f1402a14
nerdctl insecure registry config ()
* Update prep_download.yml

nerdctl insecure registry config

* Update prep_download.yml

* Update prep_download.yml

apply conversations advice

* Update prep_download.yml

* Update prep_download.yml

* Update prep_download.yml

* Update prep_download.yml

* Update prep_download.yml

* Update prep_download.yml

* Update main.yml

* Update main.yml

* Update prep_download.yml

* Update prep_download.yml
2022-01-05 01:14:33 -08:00
Necatican Yıldırım
bf00550388
Upgrade Cilium to 1.11.0 ()
* Remove kvstore args from Cilium DaemonSet

Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Bump Cilium to 1.11.0

Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>

Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2022-01-05 00:36:32 -08:00
Florian Ruynat
8d2b4ed4a9 Move min k8s version to 1.21 2022-01-04 10:25:00 -08:00
Cristian Calin
4c4c83f0a1
crun update to 1.4 ()
* [crun] update crun to 1.4

* [crun] drop pre-1.x versions
2022-01-04 08:30:53 -08:00
Cristian Calin
ed3932b7d5
[cni-plugins] upgrade to stable 1.0.1 ()
* [cni-plugins] upgrade to stable 1.0.1

* [flannel] use binary from dedicated project
2021-12-23 23:16:15 -08:00
zhengtianbao
c3c128352f
Remove registry-proxy () 2021-12-21 23:55:35 -08:00
Cristian Calin
c1954ff918
Support deploying kubernetes 1.23 ()
* Ensure entries for 1.23 are added for supported_versions vars

* cri-o: add support for kubernetes 1.23 but still use cri-o 1.22

* kubescheduler-config: diferentiate config versions based on kube_version
2021-12-21 01:38:46 -08:00
Calin Cristian Andrei
db0e458217 Kubernetes: add hashes for v1.23.1, v1.23.0, v1.22.5, v1.21.8 and v1.20.14 2021-12-20 08:56:56 -08:00
Cristian Calin
fdc5d7458f
Upgrade to nerdctl 0.15.0 and some fixes ()
* nerdctl: move to 0.15.0

* nerdctl: reduce verbosity when pulling images

* download: use proxy environment when using nerdctl to download containers
2021-12-20 00:33:26 -08:00
Steven Reitsma
b396801e28
Update Cinder CSI to v1.22 () 2021-12-10 10:49:11 -08:00
Cristian Calin
990ca38d21
Kata-Containers: add 2.3.0 ()
* Kata-Containers: add checksums for 2.3.0

* Kata-Containers: version 2.3.0 requires kubernetes 1.22.0+
2021-12-07 08:18:08 -08:00
Cristian Calin
c7e430573f
Calico: upgrade 3.21.x to 3.21.2 () 2021-12-07 08:18:01 -08:00
Cristian Calin
a328b64464
runc: upgrade to v1.0.3 () 2021-12-07 06:10:02 -08:00
Samuel Liu
a98ca6fcf3
Update loadbalancers versions ()
* Update loadbalancers versions

* fix haproxy_config_dir mode
2021-12-06 09:40:32 -08:00
Samuel Liu
4550f8c50f
calico_flexvol () 2021-12-06 05:00:32 -08:00
Cristian Calin
9d8a83314b
containerd: add hashes for 1.5.8 and 1.4.12 and make 1.5.8 the new default ()
* containerd: add hashes for 1.5.8 and 1.4.12 and make 1.5.8 the new default

* containerd: make nerdctl mandatory for container_manager = containerd

* nerdctl: bump to version 0.14.0

* containerd: use nerdctl for image manipulation

* OpenSuSE: install basic nerdctl dependencies
2021-12-03 12:20:35 -08:00
Florian Ruynat
e19ce27352
Remove ovn4nfv support () 2021-12-03 11:56:35 -08:00
Cristian Calin
4d711691d0
Fix calico crd archive checksums ()
v3.20.3 and v3.21.1 were re-released with new checksums
2021-12-03 04:56:27 -08:00
Cristian Calin
3431ed9857
containerd: properly pull images with containerd specific tools () 2021-11-30 00:48:56 -08:00
Florian Ruynat
279808b44e Update minor version for kata/cilium/kube-router/helm 2021-11-29 23:06:56 -08:00
Florian Ruynat
1f6f79c91e Update kubernetes hashes with 1.22.4/1.21.7/1.20.13 2021-11-29 23:06:56 -08:00
Cristian Calin
20157254c3
Update calico versions ()
* Calico: Bump 3.20.x to 3.20.3

* Calico: Bump 3.18.x to 3.18.6

* Calico: add calico 3.21.1 hashes
2021-11-29 01:15:22 -08:00
Cristian Calin
b7ae4a2cfd
Kata-Containers: Fix kata-containers runtime ()
* Kata-containes: Fix for ubuntu and centos sometimes kata containers fail to start because of access errors to /dev/vhost-vsock and /dev/vhost-net

* Kata-containers: use similar testing strategy as gvisor

* Kata-Containers: adjust values for 2.2.0 defaults

Make CI tests actually pass

* Kata-Containers: bump to 2.2.2 to fix sandbox_cgroup_only issue
2021-11-09 10:01:48 -08:00
Cristian Calin
039205560a
nodelocaldns: allow a secondary pod for nodelocaldns for local-HA ()
* nodelocaldns: allow a secondary pod for nodelocaldns for local-HA

* CI: add job to test nodelocaldns secondary
2021-11-09 09:57:47 -08:00
Cristian Calin
801268d5c1
containerd: upgrade versions 1.4.11 and 1.5.7 and make 1.4.11 the default () 2021-11-09 06:59:47 -08:00
Cristian Calin
4a8757161e
Docker: replace the use of containerd_version with docker_containerd_version to avoid causing conflicts when bumping containerd_version () 2021-11-08 15:56:49 -08:00
zhengtianbao
65540c5771
krew: update to v0.4.2 ()
krew release urls changed since v0.4.2, clearly OS type and arch inside the filename.

from:
  https://github.com/kubernetes-sigs/krew/releases/download/v0.4.1/krew.tar.gz
to:
  https://github.com/kubernetes-sigs/krew/releases/download/v0.4.2/krew-linux_amd64.tar.gz

define `host_os` like `host_architecture` determine which OS is krew
installed at.
2021-11-08 02:54:59 -08:00
Emin AKTAS
58390c79d0
Bump crun version 1.2 to 1.3 ()
Signed-off-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Co-authored-by: Necatican Yıldırım <necaticanyildirim@gmail.com>

Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Co-authored-by: Necatican Yıldırım <necaticanyildirim@gmail.com>
2021-11-06 02:26:50 -07:00
Florian Ruynat
1c3d082b8d
fix calico crds hashes for 3.20.2 () 2021-11-04 10:38:04 -07:00
Florian Ruynat
d8f9b9b61f Update hashes for version v1.20.12/v1.21.6/v1.22.3 2021-10-29 10:43:44 -07:00
Florian Ruynat
331647f4ab
Remove deprecated Ambassador ingress code () 2021-10-26 15:19:09 -07:00
Mohamed Zaian
d8d01bf5aa
nginx-ingress: bump to 1.0.4 ()
* Disable builtin ssl_session_cache solving the problem with OpenSSL consuming memory.
* Print warning only instead of error if no IngressClass permission is available.
2021-10-24 15:34:22 -07:00
Cristian Calin
ea8e2fc651
containerd: download containerd from upstream instead of using distro specific packages ()
* Containerd: download containerd from upstream instead of using distro specific packages

split runc download to separate role
make bootstrap-os role deploy container-selinux and seccomp libraries
clean up package manager provided containerd
move variables to docker role that are no longer common with containerd

* Containerd: make molecule testing more relevant

* replace ubuntu18 with ubuntu20
* add centos8 and debian11 to molecule tests
* run kubernetes/preinstall role to ensure relevancy
  of test including dependency packages

* CI: adjust test scenarios for downloaded containerd
2021-10-20 08:47:58 -07:00
Cristian Calin
6a5b87dda4
netchecker: update images to 1.2.2 from Mirantis ()
* netchecker: update images to 1.2.2 from Mirantis which is slightly less ancinet than the l23networks images

* Netchecker: use local etcd instead of kubernetes v1beta1 crds which are no longer suported by kube 1.22+
2021-10-19 10:17:04 -07:00
Florian Ruynat
f147163b24
Up dashboard version to 2.4.0 - fix forgotten kubeovn version () 2021-10-15 05:40:54 -07:00
Florian Ruynat
16bf3549c1 Update kube-ovn to 1.8.1 2021-10-14 19:42:54 -07:00
Florian Ruynat
b912dafd7a Update multus to 3.8.0 2021-10-14 19:42:54 -07:00
Cristian Calin
cee481f63d
cert-manager: upgrade to 1.5.4 ()
* cert-manager: update to 1.5.4

* cert-manager: remove outdated guidelines on creating an initial ClusterIssuer
2021-10-12 09:17:47 -07:00
Florian Ruynat
c8d9afce1a
Update a bunch of tools () 2021-10-08 09:00:59 -07:00
Cristian Calin
ab4356aa69
Calico: bump default version to 3.20.2 () 2021-10-07 12:59:33 -07:00
Maxim Pogozhiy
5fcf047191
local-volume-provisioner quay.io -> k8s.gcr.io () 2021-10-06 17:08:41 -07:00
Iago Santos
43958614e3
Fix kubespray flatcar ansible_os_family and ansible_distribution ()
Closes https://github.com/kubernetes-sigs/kubespray/issues/8028

Signed-off-by: Iago Santos <iago.santos.pardo@adfinis.com>
2021-10-01 09:11:23 -07:00
Cristian Calin
c7e17688b9
gVisor: bump release to 20210921 version ()
* gVisor: bump release to 20210921 version

* gVisor: drop support for 20210518.0 version
2021-09-29 11:35:20 -07:00
Cristian Calin
3a6230af6b
Kata-Containers: update versions 2.2.0 (default) and 2.1.1 ()
* Kata-Containers: add 2.2.0 hashes and make default

* Kata-Containers: replace 2.1.0 with bugfix version 2.1.1

* Kata-Containers: move to q35 a more modern VM architecture as 'pc' is removed in 2.2.0
2021-09-27 08:07:35 -07:00
Maxim Pogozhiy
22017b7ff0
kube-router 1.3.0 -> 1.3.1 () 2021-09-23 13:42:55 -07:00
Florian Ruynat
5d1b34bdcd Move min k8s version to 1.20 2021-09-22 09:50:01 -07:00
Cristian Calin
fb8662ec19
Calico: update versions 3.20.1, 3.19.3 ()
* make Calico 3.20.1 the default version
* drop Calico 3.17.x support
2021-09-20 17:40:23 -07:00
Florian Ruynat
f2fa9c3b31 Update hashes with new versions 2021-09-17 00:39:02 -07:00
Florian Ruynat
60853fa682 Update kube-ovn to 1.7.2 2021-09-09 08:14:10 -07:00
Florian Ruynat
b66356be65 Update cilium to 1.9.10 2021-09-09 08:14:10 -07:00
jhchong92
efae2dbad6
Update snapshot-controller repository and image versions () 2021-09-09 08:10:11 -07:00
Cristian Calin
43e7e2d663
nginx-ingress: bump to 1.0.0 to support kube 1.22 () 2021-09-06 04:50:36 -07:00
Cristian Calin
5d52025266
crictl: add hashes for 1.22 () 2021-09-06 04:46:29 -07:00
Cristian Calin
db470f8529
Update CSI snaphotter and make it independent ()
* CSI: update CSI snapshot CRDs

* CSI: update snapshot controller tag version with kubernetes specific versions

* CSI: allow enabling csi_snapshot_controller independent of Cinder CSI

* CSI: Align csi-snapshot-controller with upstream and use a Deployment instead of a StatefulSet
2021-09-06 04:24:29 -07:00
Cristian Calin
426ad81db0
Calico: replace hashes for latest 3.17 and 3.18 to the .5 minor versions () 2021-08-31 13:38:21 -07:00
Florian Ruynat
17af348be8 Add bunch of Kubernetes versions missing 2021-08-30 08:17:05 -07:00
Cristian Calin
f66c49bf42
Calico: replace version 3.19.1 with 3.19.2 and set as default ()
Bump calico version to 3.19.2 due to adding 3.20.0 earlier
2021-08-25 07:32:41 -07:00
Frank Ritchie
1f09229740
Update cilium to 1.9.9 ()
Now that 1.10 is out this is to make 1.9.9 the default. I am running
this version successfully.
2021-08-16 13:34:22 -07:00
Léopold Jacquot
c06896a352
Update metrics-server to 0.5.0 () 2021-08-12 08:19:48 -07:00
Cristian Calin
c119620f7c
Calico: add v3.20.0 hashes () 2021-08-11 07:50:46 -07:00
Victor Morales
a70fab2249
Bump crun to 0.21 version () 2021-08-09 08:11:31 -07:00
Kenichi Omichi
56e230863a
Separate gvisor_download_url for runsc and shim ()
To download necessary files in advance for offline deployment,
we can see all file URLs with contrib/offline/generate_list.sh
Most URLs are downloadable, but gvisor's one is not because the
URL is a part of full URLs for gvisor.
To download gvisor's files from the URLs directory, this separates
into two URLs for runsc and the shim.
2021-07-22 07:51:51 -07:00
Florian Ruynat
18666b3e2d Update multus to 3.7.2 (and move to ghcr.io) 2021-07-20 01:29:31 -07:00
Florian Ruynat
1ad9b33b08 Add hashes for k8s 1.20.8/.9 and 1.19.12/.13 and 1.21.3 2021-07-20 01:29:31 -07:00
Florian Ruynat
eda75fc706 Update kube-router to 1.3.0 2021-07-20 01:29:31 -07:00
Florian Ruynat
6583add63a Update flannel to 0.14.0 (moved from coreos repo to flannel-io) 2021-07-20 01:29:31 -07:00
Florian Ruynat
441ad841cc Use dashboard 2.3.1 image 2021-07-20 01:29:31 -07:00
Florian Ruynat
6511c5dd7a Set Helm default version to 3.6.3 2021-07-20 01:29:31 -07:00
cleveritcz
3ff7bc1f64
Added k8s 1.21.2 () 2021-07-13 06:26:29 -07:00
Cristian Calin
7516fe142f
Move to Ansible 3.4.0 ()
* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10

* Docs: add a note about ansible upgrade post 2.9.x

* CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures

* Ansible: use newer ansible-lint

* Fix ansible-lint 5.0.11 found issues

* syntax issues
* risky-file-permissions
* var-naming
* role-name
* molecule tests

* Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+

* Pin ansible-base to 2.10.11 to get package fix on RHEL8
2021-07-12 00:00:47 -07:00
Cristian Calin
282a27a07c
gVisor: initial support for gVisor container runtime ()
* Docker/Containerd: move downloads urls to containerd-common

* gVisor: initial support for gVisor container runtime
2021-06-21 05:18:51 -07:00
Sergey
3fe6dbb65c
fix image pull url for coredns v1.8.0 () 2021-06-16 17:00:19 -07:00
Florian Ruynat
e77b9bf3ee
Update kube-ovn to 1.7.0 () 2021-06-16 08:10:00 -07:00
Kenichi Omichi
85ff3eb8be
Update the version of local_volume_provisioner ()
As [1], v2.4.0 has been released already for local_volume_provisioner.
This updates the version.

[1]: https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner/tags
2021-06-11 04:36:59 -07:00
Cristian Calin
ec0c0d4a28
Calico enable support for eBPF ()
* Calico: align manifests with upstream

* allow enabling typha prometheus metrics

* Calico: enable eBPF support

* manage the kubernetes-services-endpoint configmap

* Calico: document the use of eBPF dataplane

* Calico: improve checks before deployment

* enforce disabling kube-proxy when using eBPF dataplane
* ensure calico_version is supported
2021-06-07 04:58:39 -07:00
Cristian Calin
7036b704b3
Replace Kata 1.x with Kata 2.x ()
* Kata: add Kata 2.x checksums and adjust download urls for 2.x

* Kata: drop 1.x version which is no longer supported

* Kata: set default version 2.1.0
2021-06-02 00:50:41 -07:00
AnatomicJC
da07459bd6
Update crun 0.19 checksum ()
Checksum of crun 0.19 is not correct, this commit fixes it
2021-05-27 15:20:23 -07:00
Florian Ruynat
a754c0d476 Kubernetes now use CoreDNS 1.8.0 2021-05-27 11:18:24 -07:00
Cristian Calin
7b5d43cc00
Calico: upgrade 3.18 to 3.18.4 () 2021-05-26 05:51:21 -07:00
Cristian Calin
858b29f425
Calico: add support for v3.19.1 ()
* Calico: add v3.19.1 hashes

* enable liveness probe for calico-kube-controllers

3.19.1

* Calico: drop support for v3.16.x

* Calico: promote v3.18.3 as default
2021-05-25 13:40:50 -07:00
Pavel Martynov
4b9f98f933
Fix pull_by_digest variable type to boolean instead of str () 2021-05-18 06:29:31 -07:00
Muzi Li
e0c74fa082
Update nerdctl version to 0.8.1 () 2021-05-17 11:07:30 -07:00
Florian Ruynat
d6f9a8d752 Update hashes with 1.21.1/1.20.7/1.19.11 2021-05-14 09:48:06 -07:00
Cristian Calin
5d5be3e96a
bump calico 3.18 to v3.18.3 () 2021-05-10 00:34:51 -07:00
Samuel Liu
96e6a6ac3f
Add krew support ()
* Add krew support

* Add reset for krew

* Update install krew(local)

* ansible lint

* yamllint

* fix krew default vars

* fix kubectl_localhost mode

* replace include

* fix e206
2021-05-03 07:16:03 -07:00
bac-w
2556eb2733
Upgrade cilium role ()
* Upgrade cilium roles

* Del old test result

* Add hubble ui examples

* Refactor hubble metrics

* Markdown fix pipeline errors

* yamllint check and fix

* refactor install from https://github.com/kubernetes-sigs/kubespray/pull/7520

* Docs syntax change (fix)

* Cilium set default 1.8.9

* Update cilium version in Readme
2021-04-30 08:09:59 -07:00
MRoci
a0ee569091
change coredns image name to coredns/coredns and prefix v to tag ()
follow new naming conventions for gcr's coredns image.
starting from 1.21 kubeadm assumes it to be `coredns/coredns`:
this causes the kubeadm deployment being unable to pull image, beacuse `v`
was also added in image tag, until the role `kubernetes-apps` ovverides
it with the old name, which is only compatible with <=1.7.

Backward comptability with kubeadm <=1.20 is mantained checking
kubernetes version and falling back to old names (`coredns:1.xx`) when
the version is less than 1.21
2021-04-30 07:43:58 -07:00
muzi502
5ea2d1eb67
Add image_arch in flannel image tag ()
* Add image_arch variable when download flannel image

* Fix flannel image tag typo with image arch
2021-04-29 17:51:57 -07:00
Florian Ruynat
ffc38a2237
Fix busybox for tests to reduce dockerhub calls () 2021-04-29 17:39:57 -07:00
Cristian Calin
360aff4a57
Rename ansible groups to use _ instead of - ()
* rename ansible groups to use _ instead of -

k8s-cluster -> k8s_cluster
k8s-node -> k8s_node
calico-rr -> calico_rr
no-floating -> no_floating

Note: kube-node,k8s-cluster groups in upgrade CI
      need clean-up after v2.16 is tagged

* ensure old groups are mapped to the new ones
2021-04-29 05:20:50 -07:00
Cristian Calin
dd6efb73f7
Calico new versions v3.17.4 and v3.18.2 ()
* calico: upgrade from v3.17.3 to v3.17.4

* calico: upgrade from v3.18.1 to v3.18.2
2021-04-28 08:22:50 -07:00
Florian Ruynat
7c86734d2e
Add cri-o 1.20/1.21 () 2021-04-26 09:21:16 -07:00
muzi502
69806e0a46
Add nerdctl cli tool for containerd user ()
* Add nerdctl cli tool for containerd user

* Add nerdctl enable option

* Add nerdctl enable option and update nerdctl version to 0.8.0
2021-04-25 23:47:01 -07:00
Cristian Calin
ad15a4b755
Bump calico versions ()
* add calico 3.16.10 hashes

* drop old calico version 3.16.9
2021-04-24 12:37:01 -07:00
Cristian Calin
002a4b03a4
Drop calico 3.15 ()
* calico: drop support for version 3.15

* drop check for calico version >= 3.3, we are at 3.16 minimum now

* we moved to calico 3.16+ so we can default to /opt/cni/bin/install
2021-04-23 23:43:14 -07:00
Florian Ruynat
b32d25942d Minor update to cni-plugins and kube-router 2021-04-22 06:47:42 -07:00
Florian Ruynat
fce705a92b Helm minor update to 3.5.4 2021-04-22 06:47:42 -07:00
Florian Ruynat
6164c90f70 Update kube-ovn to 1.6.2 2021-04-22 06:47:42 -07:00
Cristian Calin
add61868c6
Add Calico v3.17.3 and v3.18.1 ()
* add hashes for calico v3.17.3

* add hashes for claico v3.18.1

* bump default calico version to v3.17.3

* calico crds are missing yaml separator breaking kdd
2021-04-21 10:45:51 -07:00
Florian Ruynat
6001edeecd
Cleanup hashes and 1.18 hooks () 2021-04-20 15:34:33 -07:00
Florian Ruynat
bccbe323b7 Add new kubernetes hashes (1.19.10, 1.20.6) 2021-04-15 22:26:22 -07:00
Florian Ruynat
6d293ba899
Update hashes with 1.21.0 () 2021-04-09 08:05:05 -07:00
Florian Ruynat
6479e26904
Replace deprecated 'with_dict' with 'loop' () 2021-04-05 13:45:19 -07:00
Necatican Yıldırım
ceb6c172ad
Crun v0.19 support ()
* Add support for crun v0.19

* Change default crun version to v0.19
2021-04-05 01:20:13 -07:00
Pasquale Toscano
6330db89a7
Update KataContainers to 1.12.1 () 2021-04-01 08:55:21 -07:00
Boris Barnier
8655b92e93
Set Kube-router version to 1.2.0 ()
See: `https://github.com/cloudnativelabs/kube-router/releases/tag/v1.2.0`
2021-03-24 09:22:07 -07:00
Kenichi Omichi
486b223e01
Replace kube-master with kube_control_plane ()
This replaces kube-master with kube_control_plane because of [1]:

  The Kubernetes project is moving away from wording that is
  considered offensive. A new working group WG Naming was created
  to track this work, and the word "master" was declared as offensive.
  A proposal was formalized for replacing the word "master" with
  "control plane". This means it should be removed from source code,
  documentation, and user-facing configuration from Kubernetes and
  its sub-projects.

NOTE: The reason why this changes it to kube_control_plane not
      kube-control-plane is for valid group names on ansible.

[1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
2021-03-23 17:26:05 -07:00
Samuel Liu
12873f916b
download_file for kata () 2021-03-23 01:39:36 -07:00
Florian Ruynat
6d3dbb43a4 Update hashes for 1.20.5/1.19.9/1.18.17 2021-03-19 10:04:34 -07:00
Necatican Yıldırım
811f546ea6
Download crun using download_file.yml ()
* Add crun download_url and checksum

* Change versioning format to crun native versioning

* Download crun using download_file.yml

* Get crun version from download defaults

* Delegate crun binary copy task to crun role
2021-03-19 08:40:33 -07:00
Florian Ruynat
ead8a4e4de
Fix calico crds missing 3.16.9 () 2021-03-19 06:58:34 -07:00
Florian Ruynat
05f132c136 Update CNI (calico, kubeovn, multus) and Helm 2021-03-18 17:20:36 -07:00
Florian Ruynat
5f2c8ac38f Update nodelocaldns to 1.17.1 2021-03-18 17:20:36 -07:00
Erwan Miran
1c62af0c95
Download Calico KDD CRDs ()
* Download Calico KDD CRDs

* Replace kustomize with lineinfile and use ansible assemble module

* Replace find+lineinfile by sed in shell module to avoid nested loop

* add condition on sed

* use block for kdd tasks + remove supernumerary kdd manifest apply in start "Start Calico resources"
2021-03-18 17:06:36 -07:00
Florian Ruynat
668bbe0528 Update Kubernetes dashboard and metrics-server 2021-03-02 08:33:19 -08:00
Etienne Champetier
067db686f6
Fix proxy usage when *_PROXY are present in environment ()
Since a790935d02 all proxy users
should be properly configured

Now when you have *_PROXY vars in your environment it can leads to failure
if NO_PROXY is not correct, or to persistent configuration changes
as seen with kubeadm in 1c5391dda7

Instead of playing constant whack-a-bug, inject empty *_PROXY vars everywhere
at the play level, and override at the task level when needed

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-23 09:44:02 -08:00
Hugo Blom
8375aa72e2
[Openstack] Update Cinder CSI driver to v1.20.0 ()
* update Cinder CSI to v1.19.0

* Update Cinder CSI to v1.20
2021-02-22 10:09:42 -08:00
Florian Ruynat
86ce8aac85 Add hashes for Kubernetes 1.18.16/1.19.8/1.20.4 2021-02-22 08:45:42 -08:00
Florian Ruynat
de46f86137 Minor update to cilium and calico 2021-02-22 08:45:42 -08:00
Etienne Champetier
1c5391dda7
Ensure kubeadm doesn't use proxy ()
* Move proxy_env to kubespray-defaults/defaults

There is no reasons to use set_facts here

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>

* Ensure kubeadm doesn't use proxy

*_proxy variables might be present in the environment (/etc/environment, bash profile, ...)
When this is the case we end up with those proxy configuration in /etc/kubernetes/manifests/kube-*.yaml manifests

We cannot unset env variables, but kubeadm is nice enough to ignore empty vars
93d288e2a4/cmd/kubeadm/app/util/env.go (L27)

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-16 08:44:58 -08:00
Etienne Champetier
de1d9df787
Only use stat get_checksum: yes when needed ()
By default Ansible stat module compute checksum, list extended attributes and find mime type
To find all stat invocations that really use one of those:
git grep -F stat. | grep -vE 'stat.(islnk|exists|lnk_source|writeable)'

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-10 05:36:59 -08:00
Florian Ruynat
edc4bb4a49
Update kube-ovn to 1.6.0 () 2021-02-10 02:25:01 -08:00
Mathieu Parent
670c37b428
Update Helm version to 3.5.2 ()
Helm v3.5.2 is a security (patch) release. Users are strongly
recommended to update to this release. It fixes two security issues in
upstream dependencies and one security issue in the Helm codebase.

See https://github.com/helm/helm/releases/tag/v3.5.2
2021-02-05 08:16:52 -08:00
Florian Ruynat
9007d6621a
Update nginx, minor weave and misc CI tools (vagrant/terraform) () 2021-01-26 08:22:34 -08:00
Florian Ruynat
15dc3868c3
Update Weave to 2.8.0 () 2021-01-19 08:35:48 -08:00
takmori_tech
2525d7aff8
Update main.yml ()
Fix issue . Calico image tags support multiarch on quay.io.
2021-01-19 05:59:46 -08:00
Florian Ruynat
b493c81ce8
Update metrics-server to 0.4.1 () 2021-01-19 05:45:44 -08:00
Florian Ruynat
9ef62194c3
Update bunch of dependencies () 2021-01-19 05:41:45 -08:00
Florian Ruynat
91ee4aa542
Decrease docker dependency () 2021-01-18 01:41:44 -08:00
Florian Ruynat
7a033a1d55
Add hashes and update default K8S version to 1.20.2 () 2021-01-15 12:43:09 -08:00
Florian Ruynat
a923f4e7c0
Update kube_version_min_required and cleanup hashes for release () 2021-01-15 00:33:51 -08:00
Florian Ruynat
09fa99fdc6
Update hashes and set default version to 1.19.7 () 2021-01-13 14:57:02 -08:00
Kenichi Omichi
c005c90746
Remove unnecessary failed_when ()
TASK [Generate a list of information about the images on a node]
registers list of container images to docker_images.
Then the next TASK [Set pull_required if the desired image is not
yet loaded] does based on expecting images are registered.
However sometimes the first TASK was failed as [1] but the failure
is ignored due to failed_when:false and it makes another issue.
This removes this unnecessary failed_when to detect the failure
at the point.
In addition, this removes no_log:true also because the output doesn't
contain any sensitive data and now it just makes debugging difficult.

[1]: https://gitlab.com/kargo-ci/kubernetes-sigs-kubespray/-/jobs/934714534#L2953
2021-01-11 08:49:10 -08:00
Etienne Champetier
a790935d02
Only setup *_PROXY env variables where needed ()
no_proxy is a pain to get right, and having proxy variables present causes issues
(k8s components get proxy configuration after upgrade, see )

It's better to only configure what require proxy:
- the runtime (containerd/docker/crio)
- the package manager + apt_key
- the download tasks

Tested with the following clusters
- 4 CentOS 8 nodes
- 1 Ubuntu 20.04 node

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2021-01-11 07:21:08 -08:00
Florian Ruynat
c971debd15
Fix crictl with Docker () 2020-12-23 08:28:26 -08:00
Florian Ruynat
286191ecb7
Update nginx & cilium version () 2020-12-21 07:22:25 -08:00
Sergey
096bcdd078
Download once for crio ()
* download run once feature for CRI-O

* fix typo

* fix test
2020-12-21 01:54:25 -08:00
Florent Monbillard
3470810709
Remove kube_version in downloads role () 2020-12-19 14:38:26 -08:00
Florent Monbillard
9a05037352
SHAs for 1.19.6, 1.18.14, 1.18.13, 1.17.16 and 1.17.15 ()
* SHAs for 1.19.6, 1.18.14, 1.18.13, 1.17.16 and 1.17.15

* Fix etcd version in README

* Bump kube_version to 1.19.6
2020-12-18 15:42:24 -08:00
Florian Ruynat
c2f64a52da
Update dashboard to 2.1.0 and metrics-scraper to 1.0.6 () 2020-12-17 07:29:09 -08:00
Florian Ruynat
36bd4cdc43
Update cni plugin to 0.9.0 () 2020-12-17 07:17:09 -08:00
bozzo
54aebb92fd
Set Kube-Router version to v1.1.1 () 2020-12-16 13:58:31 -08:00
Anthony Rabbito
93445b4dbc
Update hashes and set default version to 1.19.5 ()
* Update hashes and set default version to 1.19.5

Signed-off-by: anthr76 <hello@anthonyrabbito.com>

* Reorder hashes

1.19.5 hashes should be near 1.19.x

* Added back blank line
2020-12-16 01:42:20 -08:00
Sergey
a69f2b09da
download run once feature for containerd () 2020-12-07 01:09:25 -08:00
Hans Feldt
878fe80ca3
add and use common crictl role () 2020-12-05 09:43:25 -08:00
Christoph Stäbler
1a491fc10c
Update hashes and set default to 1.19.4 () 2020-12-03 06:34:59 -08:00
Florian Ruynat
db4e942b0d
Remove hyperkube from codebase () 2020-12-02 13:50:59 -08:00
Etienne Champetier
68b96bdf1a
Helm v3 only ()
* Fix etcd download dest

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Only support Helm v3, cleanup install

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-12-02 00:20:50 -08:00
Hans Feldt
80eb1ad936
fix ansible password authentication ()
* copying ssh key no longer required, works with password auth
* use copy module instead of synchronize (which requires sshpass)
* less tasks and always changed tasks
2020-11-30 15:12:50 -08:00
Barry Melbourne
f6a5948f58
Upgrade Jetstack Cert-Manager v1.0.4 () 2020-11-30 06:52:50 -08:00
Florian Ruynat
f6eed8091e
Remove contiv related files () 2020-11-30 06:48:50 -08:00
Florian Ruynat
d40701463f
Update kube-ovn to 1.5.2 () 2020-11-26 09:34:19 -08:00
Florian Ruynat
405692d793
Switch some image from dockerhub to k8s.gcr (also increase pkg retries) () 2020-11-26 08:46:19 -08:00
Etienne Champetier
e909f84966
Bump nodelocaldns to 1.16.0 ()
This new version uses the same base image as kube-proxy
(k8s.gcr.io/build-image/debian-iptables)
This allow to automatically pick iptables-legacy or iptables-nft,
and be compatible with RHEL/CentOS 8
https://github.com/kubernetes/dns/pull/367

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-11-25 17:10:19 -08:00
Lee Spottiswood
bd801de236
bump calico version to 3.16.5 () 2020-11-24 02:49:01 -08:00
Hans Feldt
ee23b947aa
fix flake8 errors in Kubespray CI - tox-inventory-builder ()
* fix flake8 errors in Kubespray CI - tox-inventory-builder

* Invalidate CRI-O kubic repo's cache

Signed-off-by: Victor Morales <v.morales@samsung.com>

* add support to configure pkg install retries

and use in CI job tf-ovh_ubuntu18-calico (due to it failing often)

* Switch Calico, Cilium and MetalLB image repos to Quay.io

Co-authored-by: Victor Morales <v.morales@samsung.com>
Co-authored-by: Barry Melbourne <9964974+bmelbourne@users.noreply.github.com>
2020-11-22 23:47:35 -08:00
Florian Ruynat
227e96469c
Minor update Calico and Cilium () 2020-10-29 07:14:59 -07:00
Florian Ruynat
91f1edbdd4
Update k8s-dns-node-cache to 1.15.16 () 2020-10-22 10:29:36 -07:00
Florian Ruynat
60b0fb3e88
Update hashes and set default version to 1.19.3 () 2020-10-21 00:58:20 -07:00
Florent Monbillard
d25aebdaf5
Upgrade Flannel to 0.13.0 () 2020-10-15 10:50:22 -07:00
Florian Ruynat
64f69718fb
Update bunch of dependencies () 2020-10-09 01:35:06 -07:00
5-sigma
f8ae086334
Added Comment line above checksum section to add clarification about Kubespray's version support and testing () 2020-10-06 05:30:21 -07:00
Florian Ruynat
c49bda7319
Update nginx ingress controller to 0.40.1 () 2020-10-06 05:10:21 -07:00
Florian Ruynat
a687013fbe
Update kube-router to 1.1.0 () 2020-10-05 13:46:20 -07:00
Florian Ruynat
58959ae82f
Update cilium with minor fix for CVE () 2020-10-02 10:02:48 -07:00
Victor Morales
a374301570
Remove arch from flannel image tag ()
The 0d0cc8cf9c change creates several
DaemonSets to cover the Flannel CNI installation for different CPU
architectures. This change removes the unnecessary architecture value
from the docker tag value.

Signed-off-by: Victor Morales <v.morales@samsung.com>
2020-09-30 14:16:54 -07:00
Hans Feldt
28073c76ac
Calico upgrade path validation and old version cleanup ()
* calico: add constant calico_min_version_required

and verify current deployed version against it.

* calico: remove upgrade support with data migration

The tool was used pre v3.0.0 and is no longer needed.

* calico: remove old version support from tasks

* calico: remove old ver support from policy ctrl

* calico: remove old ver support from node

* canal: remove old ver support

* remove unused calicoctl download checksums

calico_min_version_required is the oldest version that can be installed
Older versions can be removed.
2020-09-24 09:04:06 -07:00
Mateus Caruccio
8908a70c19
Fails if kubeadm_version do not matches kubernetes version () 2020-09-21 07:20:32 -07:00
Florian Ruynat
151b142d30
Ignore pause from kubeadm config images list () 2020-09-18 07:32:46 -07:00
David Wattier
e666fe5a8d
flannel image arch specific tag () 2020-09-18 02:12:54 -07:00
Florian Ruynat
79226d0870
Add Kubernetes hashes 1.19.2/1.18.9/1.17.12 and set default () 2020-09-17 11:12:45 -07:00
David Louks
3bf40d5db9
make metallb image repos configurable () ()
* Make metallb image repos configurable

* Moved metallb image repo definitions to download role defaults

* Removed comment. These are set in download defaults
2020-09-17 02:45:13 -07:00
Florian Ruynat
2fa7faa75a
Update etcd to 3.4.13 () 2020-09-11 12:32:09 -07:00
Florian Ruynat
1765c9125a
Update CoreDNS to 1.7.0 () 2020-09-10 15:48:14 -07:00
Florian Ruynat
ab28192d50
Update various dependencies following 1.19 release () 2020-09-10 11:07:45 -07:00
Florian Ruynat
ad15721677
Add Kubernetes 1.19.1 hashes and set default () 2020-09-10 10:43:46 -07:00
Florian Ruynat
ae5328c500
Update calico to 3.16.1 () 2020-09-10 03:45:46 -07:00
Maxime Guyot
a1f04e9869
Cleanup v1.16 hashes () 2020-09-08 01:51:43 -07:00
Florian Ruynat
050578da94
Update Cilium to 1.8.3 () 2020-09-07 02:11:49 -07:00
Florian Ruynat
6fc73e3038
Add Kubernetes 1.16.15 hashes () 2020-09-07 01:23:41 -07:00
Florian Ruynat
fa0eb11bf4
Update kubernetes dashboard () 2020-09-04 05:29:41 -07:00
tasekida
fc61f8d52e
Update cert manager to 0.16.1 ()
* Update cert manager to 0.16.1

* Update cert manager to 0.16.1

Co-authored-by: Barry Melbourne <9964974+bmelbourne@users.noreply.github.com>
2020-09-04 04:53:48 -07:00
Hugo Blom
2ff7ab8d40
Add snapshot-controller for CSI drivers and snapshot CRDs, add a default volumesnapshotclass when running cinder CSI ()
* add snapshot-controller and v1beta1 snapshot api

* fix typo

* udpate manifest to v1beta1

* update

* update manifests

* fix spelling

* wait until crd is applied

* fix missing info in kube module

* revert snapshotclass

* add snapshot crds before applying the csi driver

* add crds, missed them in last commit

* use pull policy from kubespray
2020-09-03 04:01:43 -07:00
Florian Ruynat
e0b1787740
Use crictl 1.19.0 for k8s 1.19.x () 2020-09-01 01:05:50 -07:00
Florian Ruynat
9849dba5d3
Update cni plugins with minor fix () 2020-08-31 05:16:21 -07:00
Florian Ruynat
0665b45e61
Update nginx ingress to 0.35.0 () 2020-08-31 03:24:21 -07:00
Barry Melbourne
058438a25d
Remove support for CoreOS Container Linux () 2020-08-28 02:28:53 -07:00
Maxime Guyot
6e938a3106
Fix E306 in other roles () 2020-08-28 01:20:53 -07:00
Florian Ruynat
2f93d62aa5
Update nginx ingress to 0.34.1 () 2020-08-27 10:15:53 -07:00
Florian Ruynat
8ba3d7ec75
Add Kubernetes 1.19 hashes () 2020-08-27 09:45:53 -07:00
Florian Ruynat
e7ee19bd66
Update bunch of dependencies with minor fixes () 2020-08-27 02:25:01 -07:00
Kuralamudhan Ramakrishnan
e91c6a7bd1
update the ovn4nfv-k8s-plugin image version to v1.1.0 ()
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
2020-08-26 23:11:03 -07:00
Florian Ruynat
1ff95e85f4
Rollback coredns, should not have been updated before 1.19 () 2020-08-26 03:30:03 -07:00