github-mirrors/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-05-26 14:40:40 +03:00
Code Issues Packages Projects Releases Wiki Activity
7,579 Commits 56 Branches 90 Tags
a7f98116ca0f7e0769a71e35828bd6357bef380b
Commit Graph

5108 Commits

Author SHA1 Message Date
RaSerge a7f98116ca fix: updating the calico-crds (#11089) 2024-04-30 00:15:09 -07:00
Mathieu Parent c6bdc38776 containerd: allow to configure fallback server (#10988) 
Also nerdctl limitation is now removed as we use /etc/containerd/certs.d/
 2024-04-29 05:41:47 -07:00
Max Gautier 08a7010e80 Revert "Only download kubeadm images where needed (#10899)" (#11105) 
This reverts commit 4b0a134bc9.

The mentionned PR break scale.yml. This goes back to the status quo
until a proper fix can be provided, at which point we'll reapply the
PR.
 2024-04-29 01:59:51 -07:00
Pavan Gunda 538deff9ea ntp: add config to filter and set ntp interfaces (#11066) 
* ntp: add config to set which interface ntp should listen

* Fixed config to only have one variable
 2024-04-25 07:51:45 -07:00
Lihai Tu 23b56e3f89 Enclose the cpu type with quotation marks in kubelet-config.v1beta1 (#11111) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-04-25 00:32:06 -07:00
Devesh Kumar eee5b5890d feat: Add support for cilium 1.15 and updated cilium to v1.15.4 (#11106) 2024-04-23 19:42:11 -07:00
Ugur Can Ozturk ab0ef182fb [containerd/tracing]: add distributed tracing config flags (#11103) 
* [containerd/tracing]: add distributed tracing config flags

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

* [containerd/tracing]: add distributed tracing config flags -fix

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

---------

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
 2024-04-23 00:24:19 -07:00
MatthieuFin 4db3e2c3cf fix: 🐛 calico-cni-plugin missing RBAC (#11077) 
To configure node asNumber for per node peering service account
calico-cni-plugin need nodes/status update rights

 Closes: 11076
 2024-04-22 10:09:37 -07:00
MatthieuFin 3d19e744f0 feat(calico): add support filters on bgppeers per node definition (#11079) 
Signed-off-by: MatthieuFin <matthieu2717@gmail.com>
 2024-04-21 19:35:34 -07:00
Lilian ARAGO 929c818b63 Fixed joined_control_planes when ansible_hostvars references a variable (#11060) 2024-04-19 03:20:58 -07:00
Alexander 4baa2c8704 set default containerd_version to v1.7.15 and add checksums (#11083) 
* set default containerd_version to v1.7.15 and add checksums for v1.7.14 and v1.7.15

* update containerd version in README.md
 2024-04-16 19:33:15 -07:00
Abhishek Jain f3065cc5c4 bump skopeo version and checksum (#11044) 
Signed-off-by: Abhishek Jain <jain.abhishek1991@gmail.com>
 2024-04-16 01:19:27 -07:00
Kay Yan ed2059395c Remove the archived debian apt repository (#11088) 
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
 2024-04-16 00:21:55 -07:00
kyrie 8919901ed5 fix python regex matching problem when finding docker packages (#11075) 2024-04-14 19:55:18 -07:00
kyrie cc0c3d73dc fix reset/main.yml lsattr command error when kubelet has symbolic link (#11074) 
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
 2024-04-14 19:55:05 -07:00
kyrie dd0f42171f fix kubespray-defaults: Check for boostrap-os FQCN (#11073) 2024-04-14 18:21:11 -07:00
Barry M 1b870a1862 Update kubelet systemd service default allowed IP addresses for cluster hardening (#11061) 
Signed-off-by: bmelbourne <barry.melbourne0@gmail.com>
 2024-04-11 00:58:27 -07:00
J 8a423abd0f Update Snapshot controller to v7.0.2 (#11041) 
Upgrade Snapshot controller installed for all supported Kubernetes
versions to v7.0.2. Also update the manifests used to deploy the
Snapshot controller.
 2024-04-10 20:38:08 -07:00
Barry M 3ec2e497c6 Update kubelet-csr-approver to v1.1.0 (#11070) 
Signed-off-by: bmelbourne <barry.melbourne0@gmail.com>
 2024-04-10 18:57:02 -07:00
Mathieu Parent 7844b8dbac Promote nodelocaldns daemonset to system-node-critical (#11056) 
As upstream
 2024-04-09 19:48:01 -07:00
kyrie e87040d5ba change debian8 network manage service from networking to systemd-networkd (#11058) 
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
 2024-04-09 06:50:39 -07:00
Sergey b2cce8d6dc force update helm repo if exists on host (#11043) 2024-04-08 19:02:48 -07:00
Robert Volkmann 3067e565c0 Fix calico host local ipam (#11022) 
* Prevent upgrade-ipam for host-local IPAM

Otherwise, the init container upgrade-ipam would clear the state of the host-local plugin, potentially causing it to reassign IPs that are still in use.

* USE_POD_CIDR required for host-local

https://github.com/projectcalico/calico/blob/4efd1bfd914b0c59086531c8c5a5ac5b593c18b1/charts/calico/templates/calico-node.yaml#L279
https://github.com/projectcalico/calico/blob/4efd1bfd914b0c59086531c8c5a5ac5b593c18b1/charts/calico/templates/calico-typha.yaml#L133
 2024-04-03 00:52:31 -07:00
Nicolas Goudry c6fcbf6ee0 Remove access to cluster from anonymous users (#11016) 
* feat: add user facing variable with default

* feat: remove rolebinding to anonymous users after init and upgrade

* feat: use file discovery for secondary control plane nodes

* feat: use file discovery for nodes

* fix: do not fail if rolebinding does not exist

* docs: add warning about kube_api_anonymous_auth

* style: improve readability of delegate_to parameter

* refactor: rename discovery kubeconfig file

* test: enable new variable in hardening and upgrade test cases

* docs: add option to config parameters

* test: multiple instances and upgrade
 2024-04-02 23:54:12 -07:00
ERIK fdf5988ea8 revert crictl version (#11042) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-04-01 18:43:53 -07:00
Kay Yan a7d42824be Merge pull request #11036 from mzaian/etcd-3512 
[etcd] make etcd 3.5.12 default
 2024-04-01 14:57:48 +08:00
peterw 9ef6678b7e configure crio to use kube reserved cgroups (#11028) 2024-03-31 22:21:33 -07:00
Mohamed Omar Zaian 70a54451b1 [etcd] make etcd 3.5.12 default 2024-03-30 05:01:01 +01:00
Max Gautier c6758fe544 Cleanup of kubernetes/preinstall (#11010) 
* Move fedora ansible python install to bootstrap-os

* /bin/dir is set in bootstrap-os

* Removing ansible_os_family workarounds

Support for these distributions was merged in Ansible, no need to
override it ourselves now.
https://github.com/ansible/ansible/pull/69324 openEuler
https://github.com/ansible/ansible/pull/77275/ UnionTech OS Server 20
https://github.com/ansible/ansible/pull/78232/ Kylin

* Don't unconditionnaly set VARIANT_ID=coreos in os-release

WTF, this is so wrong.
Furthermore, is_fedora_coreos is already handled in boostrap-os

* Handle Clearlinux generically

Followup of 4eec302e86 (since we're using
package module anyway, let's get rid of the custom task)
 2024-03-28 15:17:52 -07:00
itayporezky 10315590c7 Change hard-coded URLs to use variables (#11031) 2024-03-27 20:44:25 -07:00
Mohamed Omar Zaian 03ac02afe4 [kubernetes] Add hashes for kubernetes 1.29.3, 1.28.8, 1.27.12 (#11035) 2024-03-27 12:30:27 -07:00
Arthur Outhenin-Chalandre fd83ec9d91 kubespray-defaults: regenerate checksums and bump various versions (#10999) 
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
 2024-03-27 06:02:53 -07:00
Max Gautier c58497cde9 Refactor bootstrap-os (#10983) 
* Remove leftover files for Coreos

Coreos was replaced by flatcar in 058438a25 but the file was copied
instead of moved.

* Remove workarounds for resolved ansible issues

* boostrap: Use first_found to include per distro

Using directly ID and VARIANT_ID with first_found allow for less manual
includes.
Distro "families" are simply handled by symlinks.

* boostrap: don't set ansible_python_interpreter

- Allows users to override the chosen python_interpreter with group_vars
  easily (group_vars have lesser precedence than facts)
- Allows us to use vars at the task scope to use a virtual env

Ansible python discovery has improved, so those workarounds should not
be necessary anymore.
Special workaround for Flatcar, due to upstream ansible not willing to
support it.
 2024-03-27 05:58:53 -07:00
kyrie baf4842774 make kube-vip LeaderElection variables configurable (#11021) 
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
 2024-03-25 02:24:57 -07:00
Tom M e7d29715b4 Add kubelet_cpu_manager_policy_options (#11023) 2024-03-22 12:21:39 -07:00
ERIK 30da721f82 fix: config hostname as string type in kubeadmConf rendering (#10997) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-03-22 03:54:25 -07:00
Gary Miguel a1cf8291a9 spelling: scrapper -> scraper (#11015) 2024-03-15 07:34:30 -07:00
Max Gautier 7f6ca804a1 Upgrade ansible-core to 2.16.4 (#10984) 
* upgrade ansible version

Needed for with_first_found to work correctly:
https://github.com/ansible/ansible/issues/70772 fixed in 2.16

* Remove unused google cloud cloud_playbook

* Fix dpkg_selection on non-existing packages

Needed since ansible-core>2.16, see:
https://github.com/ansible/ansible/commit/f10d11bcdc54c9b7edc0111eb38c59a88e396d0a
 2024-03-14 02:12:45 -07:00
Clement Phu eff331ad32 Upgrade Nerdctl version to 1.7.4 (#10968) 2024-03-11 13:35:07 -07:00
Max Gautier 71fa66c08d Delete old leftover script (#10996) 2024-03-11 13:28:00 -07:00
Ricky Kwan 69bf6639f3 Fix typo in selector (#10994) 2024-03-11 03:07:37 -07:00
Noam c275b3db37 update checksum for crio 1.29.1 (#10952) 
* update checksum for crio 1.29.1

* update crio bin's names

* crio_conmon for 1.29

* remove unrequired change
 2024-03-11 02:56:35 -07:00
Mohamed Omar Zaian 66eaba3775 [calico] Add hashes and make v3.27.2 default (#10960) 2024-03-10 00:20:17 -08:00
Kay Yan 90b0151caf support node feature discovery (#10861) 
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
 2024-03-05 08:36:08 -08:00
Clement Phu 04e40f2e6f Add configuration to create cilium CNI plugin file when cilium>=1.14.0 (#10966) 2024-03-02 20:56:06 -08:00
Clement Phu 7a9def547e Upgrade Helm to v3.14.2 (#10967) 2024-02-27 18:10:19 -08:00
Ludovic Logiou 26034b296e Bump cinder-csi version and switch container registry (#10894) 
* Bump cinder-csi version and switch container registry

Signed-off-by: Ludovic Logiou <ludovic.logiou@gmail.com>

* Update roles/kubespray-defaults/defaults/main/download.yml

Co-authored-by: Mohamed Omar Zaian <mohamedzaian@gmail.com>

---------

Signed-off-by: Ludovic Logiou <ludovic.logiou@gmail.com>
Co-authored-by: Mohamed Omar Zaian <mohamedzaian@gmail.com>
 2024-02-22 05:06:40 -08:00
Ricky Kwan 5d822ad8cb Support overriding cni directory owner (#10929) 2024-02-19 02:58:11 -08:00
ABW a0d2bda742 feat/add default ingress-nginx service (#10925) 
feat/add default ingress-nginx service

feat/add default ingress-nginx service

feat/add default ingress-nginx service
 2024-02-19 02:47:36 -08:00
R. P. Taylor 9442f28c60 do not disable SELinux surreptitiously (#10920) 2024-02-17 20:17:40 -08:00