e332b4ffbc
build(deps): bump ansible from 11.13.0 to 14.0.0
...
Bumps [ansible](https://github.com/ansible-community/ansible-build-data ) from 11.13.0 to 14.0.0.
- [Changelog](https://github.com/ansible-community/ansible-build-data/blob/main/docs/release-process.md )
- [Commits](https://github.com/ansible-community/ansible-build-data/compare/11.13.0...14.0.0 )
---
updated-dependencies:
- dependency-name: ansible
dependency-version: 14.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-16 08:27:51 +00:00
a553d48c73
Fix missing dependency for ArgoCD master password hashing ( #12920 )
...
* add passlib dependency
* add constrained bcrypt version
2026-06-16 13:55:30 +05:30
e0add9ee0d
Replace injected Ansible fact variables in container-engine role ( #13296 )
2026-06-16 08:51:24 +05:30
a76a475a5b
build(deps): bump distlib from 0.4.1 to 0.4.3 ( #13307 )
...
Bumps [distlib](https://github.com/pypa/distlib ) from 0.4.1 to 0.4.3.
- [Release notes](https://github.com/pypa/distlib/releases )
- [Changelog](https://github.com/pypa/distlib/blob/master/CHANGES.rst )
- [Commits](https://github.com/pypa/distlib/compare/0.4.1...0.4.3 )
---
updated-dependencies:
- dependency-name: distlib
dependency-version: 0.4.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-15 09:34:32 +05:30
701f4be3c1
build(deps): bump cryptography from 48.0.0 to 49.0.0 ( #13306 )
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 48.0.0 to 49.0.0.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/48.0.0...49.0.0 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 49.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-15 09:30:35 +05:30
f2a7181f99
fix: make assert test for netaddr actually return a boolean ( #13304 )
...
* fix: make assert test for netaddr actually return a boolean
The netaddr test returns a string when the netaddr is installed. This makes
Ansible 2.20 angry. Here's a fix to make sure the true case also returns a
boolean instead of a string.
* fix: more fixes for non-boolean conditions
The `cloud_provider` assertion change is a little more involved. The only two
allowed values are "" and "external". Let's just always check the assertion
instead of skipping it when it's the default value, which is "".
All the other changes should be fairly obvious.
2026-06-14 13:56:32 +05:30
3011e19ccd
Patch versions updates ( #13305 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-13 10:28:46 +05:30
9f39517507
fix: make offline containerd URL generation respect containerd_static_binary in sample inventory ( #13293 )
2026-06-09 09:41:45 +05:30
36eba216f6
build(deps): bump actions/checkout from 6.0.2 to 6.0.3 ( #13300 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-08 21:39:52 +05:30
03378afd18
build(deps): bump distlib from 0.4.0 to 0.4.1 ( #13298 )
...
Bumps [distlib](https://github.com/pypa/distlib ) from 0.4.0 to 0.4.1.
- [Release notes](https://github.com/pypa/distlib/releases )
- [Changelog](https://github.com/pypa/distlib/blob/master/CHANGES.rst )
- [Commits](https://github.com/pypa/distlib/compare/0.4.0...0.4.1 )
---
updated-dependencies:
- dependency-name: distlib
dependency-version: 0.4.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-08 21:14:03 +05:30
84eede8630
image-builder: add staging OCI publish path ( #13273 )
2026-06-05 12:05:59 +05:30
a72ea49b2e
Fix: use config version 4 for containerd 2.3+ ( #13285 ) ( #13286 )
...
Signed-off-by: longyuxiang <longyuxiang@kylinos.cn >
2026-06-05 08:19:58 +05:30
bd21d04c4f
Update dns-autoscaler.yml.j2 fix duplicate nodeSelector ( #13290 )
2026-06-04 12:17:48 +05:30
7c8f928405
fix-absent-cni-kubeadm-join-control-planes ( #13280 )
2026-06-02 07:34:59 +05:30
2ffff07887
Replace injected Ansible fact variables in node and control-plane roles ( #13240 )
2026-06-02 07:34:51 +05:30
8b234bf138
Patch versions updates ( #13283 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-01 20:52:54 +05:30
e914bd78c2
Bump containerd from 2.2.3 to 2.3.0 ( #13265 )
2026-05-28 14:56:55 +05:30
9049703ce0
roles: rely on configured defaults ( #13249 )
...
Signed-off-by: Zakhar Dvurechensky <72825626+Zakharden@users.noreply.github.com >
2026-05-27 15:09:50 +05:30
03ae25e410
Merge pull request #13269 from tico88612/fix/pre-commit
...
Fixed pre-commit and pin Python Client version in pipeline
2026-05-26 13:41:26 +05:30
d2ca095505
Chore: Pipeline kubernetes-python client version pin 35.0.0
...
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com >
2026-05-25 20:51:18 +08:00
1b111e06b1
Fix kata-containers job name duplicated
...
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com >
2026-05-25 20:50:38 +08:00
4e6e63d49d
Chore: pin the pre-commit ansible-core version
...
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com >
2026-05-25 20:49:52 +08:00
6107c6ab7c
Align nginx worker_rlimit_nofile with containerd defaults ( #13255 )
...
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com >
2026-05-21 17:10:48 +05:30
7a62933b17
Update load balancer versions to Nginx 1.30.1 and Haproxy 3.2.19 ( #13258 )
...
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com >
2026-05-21 14:16:46 +05:30
7214e9899b
docs: fix incorrect Ansible paths and standardize inventory references ( #13246 )
...
This commit updates documentation across several files to correct broken
file paths and ensure consistency in Ansible command examples
- Standardized inventory naming to `inventory.ini` for sample inventories.
- Fixed `group_vars` paths to reflect the actual directory structure
(e.g., `group_vars/all/all.yml` instead of `group_vars/all.yml`).
- Corrected the `k8s-cluster.yml` filename in guides.
- Clarified the location for `kubectl_localhost` and `kubeconfig_localhost` settings.
- Replaced non-existent placeholders (like `inventory/single.cfg`) with
valid repository paths.
- Fixed typos in directory names (e.g., `myclsuter` -> `mycluster`).
2026-05-21 13:30:47 +05:30
7fd29b5529
kube-vip: optional Prometheus metrics (default port 2112) ( #13229 )
...
Add kube_vip_metrics_enabled and kube_vip_metrics_port; wire
prometheus_server and container port in the static pod manifest.
Default metrics port to 2112 to match kube-vip upstream. Document
and sample inventory updated.
2026-05-19 11:15:02 +05:30
17f270325d
Remove deprecated apiserver-count kubeadm config option ( #13262 )
...
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com >
2026-05-18 16:17:51 +05:30
8c3f6270f8
Add toggle to disable node subnet allocation ( #13239 )
...
Signed-off-by: Justin Lamp <justin.lamp@netways.de >
2026-05-16 11:34:34 +05:30
2ac815147b
Upgrade cilium from 1.19.3 to 1.19.4 ( #13256 )
...
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com >
2026-05-14 18:04:28 +05:30
2ed677ce86
Replace injected Ansible fact variables with ansible_facts in preinstall role ( #13232 )
2026-05-14 16:08:30 +05:30
22ce2f799f
Patch versions updates ( #13254 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-05-14 13:26:27 +05:30
469a8296a1
build(deps): bump cryptography from 47.0.0 to 48.0.0 ( #13248 )
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 47.0.0 to 48.0.0.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/47.0.0...48.0.0 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 48.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-11 19:16:00 +05:30
c1768dd21b
cri-o: Bump cri-o to 1.36.0 for kubernetes 1.36 ( #13244 )
2026-05-11 19:15:51 +05:30
a93615ebde
ci: bump EOL Fedora versions to 42/43 ( #13206 )
...
Fedora 39 (EOL 2024-11-26), Fedora 40 (EOL 2025-05-13), and Fedora 41
(EOL 2025-12-15) are all out of support and no longer receive security
updates. This bumps the kubevirt CI test matrix to currently supported
releases, distributing tests across Fedora 42 (supported until
2026-05-13) and Fedora 43 (supported until 2026-12-09) to keep
multi-version coverage.
- Add fedora-43 image entry to the kubevirt image-builder
- Rename fedora39-* tests to fedora43-* (4 tests)
- Rename fedora40-* tests to fedora43-* (2 tests)
- Rename fedora41-* tests to fedora42-* (4 tests)
- Update .gitlab-ci/kubevirt.yml testcase names
- Regenerate docs/developers/ci.md
All 10 existing Fedora test configurations (kube-router, calico-selinux,
calico-swap-selinux, crio with/without SELinux enforcing, docker-calico,
flannel-crio-collection-scale) are preserved.
Signed-off-by: Kay Yan <kay.yan@daocloud.io >
2026-05-11 13:59:56 +05:30
da6b8e8b81
image-builder: run validation with Dind ( #13212 )
...
* image-builder: run validation locally with BuildKit
* upadte checksum
* set BuildKit no-process-sandbox flag for CI
* run BuildKit with rootless-safe daemon flags in CI
* update
* updating root logic
* fix ci failure for can't enable NoProcessSandbox
* switch to stable url
* add --oci-worker-no-process-sandbox ci flag in root path
* add more support
* add validate-docker and validate-single docker
2026-05-11 13:27:50 +05:30
6bb1e2f290
Set http proxy environments for helm app installations ( #13234 )
...
* Set http proxy environments for helm app installations
Signed-off-by: Justin Lamp <justin.lamp@netways.de >
* Change http_proxy env variables from legacy static entries to new proxy_env variable
Signed-off-by: Justin Lamp <justin.lamp@netways.de >
---------
Signed-off-by: Justin Lamp <justin.lamp@netways.de >
2026-05-10 08:49:45 +05:30
4cefd77639
Move failing youki to allow_failed and patch update ( #13241 )
...
* Patch versions updates
* fix: failing blocker youki
https://github.com/youki-dev/youki/issues/3479
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-05-08 18:43:20 +05:30
e97333dbf8
fix: skip kube-proxy-only tasks when kube_proxy_remove is true ( #13228 )
...
* fix: skip kube-proxy-only tasks when kube_proxy_remove is true
Signed-off-by: Sumit Solanki <sumit.solanki@ibm.com >
* refactor: use where defaults already define the var
Signed-off-by: Sumit Solanki <sumit.solanki@ibm.com >
---------
Signed-off-by: Sumit Solanki <sumit.solanki@ibm.com >
2026-05-07 18:31:20 +05:30
09e9c43570
Disable controller-manager allocate-node-cidrs for cilium cluster-pool ipam ( #13148 )
...
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com >
2026-05-06 15:26:22 +05:30
17f92d2cce
Update Docker image version in README ( #13226 )
2026-05-05 08:18:22 +05:30
e6bd0cb37d
Chore: change the GitHub Actions uses commit hash ( #13227 )
...
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com >
2026-05-04 10:53:38 +05:30
28bdeb8583
[Kubernetes] Support Kubernetes v1.36.0 ( #13219 )
...
- Support Kubernetes 1.36.0
- Bump coredns to 1.14.2
2026-05-01 07:49:25 +05:30
a254f5ea68
network_plugin/cilium: fail fast when Gateway API CRDs are incompatible ( #13223 )
...
Cilium < 1.20 unconditionally registers a field indexer for TLSRoute
v1alpha2 when the Gateway API controller is enabled, but Gateway API
>= 1.5.0 ships TLSRoute v1alpha2 with served=false in the standard
channel. The result is cilium-operator CrashLoopBackOff with:
no matches for kind "TLSRoute" in version "gateway.networking.k8s.io/v1alpha2"
The fix landed in Cilium 1.20 only and will not be backported.
Add a preflight assert that triggers only when all of the following
hold: cilium_gateway_api_enabled, gateway_api_enabled, cilium_version
< 1.20.0, gateway_api_version >= 1.5.0, and gateway_api_channel ==
"standard". Users hit by this combo get a clear error and two
workarounds (pin gateway_api_version to 1.4.1, or switch
gateway_api_channel to "experimental") instead of debugging a crash
loop after the fact.
Signed-off-by: Kay Yan <kay.yan@daocloud.io >
2026-04-30 11:43:26 +05:30
c3d4864e63
Refactor(defaults): centralize etcd defaults ( #13161 )
2026-04-28 07:54:48 +05:30
655c516129
build(deps): bump stefanbuck/github-issue-parser from 3.2.3 to 3.2.5 ( #13218 )
...
Bumps [stefanbuck/github-issue-parser](https://github.com/stefanbuck/github-issue-parser ) from 3.2.3 to 3.2.5.
- [Release notes](https://github.com/stefanbuck/github-issue-parser/releases )
- [Commits](https://github.com/stefanbuck/github-issue-parser/compare/10dcc54158ba4c137713d9d69d70a2da63b6bda3...cb6e97157cbf851e3a393ff8d57c93a484cc323f )
---
updated-dependencies:
- dependency-name: stefanbuck/github-issue-parser
dependency-version: 3.2.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-28 07:26:49 +05:30
846bcb2ccc
build(deps): bump cryptography from 46.0.7 to 47.0.0 ( #13217 )
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 46.0.7 to 47.0.0.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/46.0.7...47.0.0 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 47.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-28 07:22:47 +05:30
76a9d3db08
Releng: bump galaxy version 2.32.0 ( #13214 )
...
Signed-off-by: Kay Yan <kay.yan@daocloud.io >
2026-04-25 15:20:46 +05:30
1c9add4897
docs: fix release-notes command in release guide ( #13211 )
...
The documented example still uses the removed --required-author flag and
misses --repo-path, which breaks with current release-notes binaries.
Update it to use the generate subcommand and point at the local checkout.
Signed-off-by: Kay Yan <kay.yan@daocloud.io >
2026-04-24 09:46:46 +05:30
00a29dffc8
Add myself (guoard) as reviewer ( #13197 )
...
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com >
2026-04-23 17:48:47 +05:30
91eb34b767
Updated offline documentation ( #12684 )
...
Signed-off-by: Bas Meijer <bas.meijer@enexis.nl >
2026-04-22 16:55:53 +05:30
dependabot[bot]