C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
c12s-kubespray/roles
History
emiran-orange afbabebfd5
Enables Calico serviceAccount token monitoring and update of /etc/cni/net.d/calico-kubeconfig if need be. (#7586) 
Since K8S 1.21, BoundServiceAccountTokenVolume feature gate is in beta stage, thus activated by default (anyone who follows CSI guidelines has enabled AllAlpha and faced the issue before 1.21).
With this feature, SA tokens are regenerated every hour.
As a consequence for Calico CNI, token in /etc/cni/net.d/calico-kubeconfig copied from /var/run/secrets/kubernetes.io/serviceaccount in install-cni initContainer expires after one hour and any pod creation fails due to unauthorization.
Calico pods need to be restarted so that /etc/cni/net.d/calico-kubeconfig is updated with the new SA token.
2021-05-11 08:47:36 -07:00
..
adduser Fix nologin wrong path (#6272) 2020-06-16 02:30:04 -07:00
bastion-ssh-config Allow connecting to bastion via non-standard SSH port (#7396) 2021-03-26 00:48:43 -07:00
bootstrap-os Initial AlmaLinux support (#7538) 2021-04-22 23:50:03 -07:00
container-engine add containerd support for Amazon Linux 2 (#7595) 2021-05-10 19:25:36 -07:00
download bump calico 3.18 to v3.18.3 (#7592) 2021-05-10 00:34:51 -07:00
etcd Cleanup duplicate task in etcd role (#7598) 2021-05-10 16:11:36 -07:00
etcdctl Only use stat get_checksum: yes when needed (#7270) 2021-02-10 05:36:59 -08:00
kubernetes Add Amazon to the check for supported distributions (#7589) 2021-05-10 16:17:36 -07:00
kubernetes-apps Add external_openstack_enable_ingress_hostname option for openstack (#7572) 2021-05-04 00:33:11 -07:00
kubespray-defaults Add external_openstack_enable_ingress_hostname option for openstack (#7572) 2021-05-04 00:33:11 -07:00
network_plugin Enables Calico serviceAccount token monitoring and update of /etc/cni/net.d/calico-kubeconfig if need be. (#7586) 2021-05-11 08:47:36 -07:00
recover_control_plane Update main.yml (#7557) 2021-04-27 15:41:27 -07:00
remove-node Rename ansible groups to use _ instead of - (#7552) 2021-04-29 05:20:50 -07:00
reset Fix reset cluster task failed (#7597) 2021-05-10 17:25:36 -07:00
upgrade Replace kube-master with kube_control_plane (#7256) 2021-03-23 17:26:05 -07:00
win_nodes/kubernetes_patch Cleanup old checks for k8s 1.18 (#7192) 2021-01-19 08:43:45 -08:00