External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-12 23:14:47 -03:30
Code Issues Packages Projects Releases Wiki Activity
8,061 Commits 46 Branches 88 Tags
1528bdda39d756d91606315e0401febf87ac5ddb
Commit Graph

5366 Commits

Author SHA1 Message Date
Max Gautier
1528bdda39 Checksums updates 2025-03-13 12:05:40 +01:00
k8s-infra-cherrypick-robot
3514ae8d04 [release-2.27] Fix incorrect syntax for secondary nodelocaldns manifest (#11957) 
* Fix incorrect syntax

* Fix incorrect syntax

---------

Co-authored-by: Raul Butuc <raulbutuc@gmail.com>
 2025-02-07 08:57:56 -08:00
k8s-infra-cherrypick-robot
99e2bfe2fa [release-2.27] Fix CI by exclude the .ansible in .ansible-lint & remove ctr image pull workaround (#11956) 
* exclude .ansible in ansible-lint

* remote ctr i pull workdaround

Signed-off-by: Kay Yan <kay.yan@daocloud.io>

---------

Signed-off-by: Kay Yan <kay.yan@daocloud.io>
Co-authored-by: Kay Yan <kay.yan@daocloud.io>
 2025-02-07 08:05:58 -08:00
k8s-infra-cherrypick-robot
eb413e4719 [release-2.27] Add manual option to the external_cloud_provider variable (#11884) 
* Add `manual` option in the `external_cloud_provider` value

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Update external cloud provider description in roles & sample inventory

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-01-13 08:24:33 -08:00
Mohamed Omar Zaian
9ec9b3a202 [ingress-nginx] upgrade to 1.12.0 (#11846) 2025-01-02 04:58:14 +01:00
Antoine Legrand
0222a2a634 Add option to skip network plugin installation (#11844) 2024-12-31 12:52:13 +01:00
Kubernetes Prow Robot
5af3a34de8 Merge pull request #11819 from VannTen/cleanup/preinstall_fact 
Cleanups in kubernetes/preinstall (DNS stuff)
 2024-12-27 18:04:11 +01:00
ChengHao Yang
54a01f2774 Bump: Containerd upgrade to 1.7.24 & runc upgrade to v1.2.3 (#11833) 
* Bump: Containerd upgrade to 1.7.24

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: README.md update Containerd version 1.7.24

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Bump: runc upgrade to v1.2.3

Runc upgrade to v1.2.3, and add v1.1.15, v1.2.x checksum

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-12-27 13:36:11 +01:00
ChengHao Yang
a6bc327d63 Bump: Helm upgrade to v3.16.4 (#11832) 
* Bump: Helm default version v3.16.4

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: README.md update helm version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-12-26 14:24:11 +01:00
Mohamed Omar Zaian
25d0380db7 [calico] Add version 3.29.1 and make it default (#11798) 2024-12-25 23:14:11 +01:00
ChengHao Yang
3305ae9235 Bump: Kubernetes default version v1.31.4 (#11828) 
* Bump: kubernetes upgrade to 1.31.4

Add Kubernetes 1.31.4, 1.30.8 and 1.29.12 version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: Upgrade Kubernetes version to 1.31.4

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-12-25 23:10:13 +01:00
kyrie
e7a5e3ca5c Fix using the default network manager in reset.yml (#11678) 
* enhance reset network service

Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>

* reset network service: use systemd module directly

---------

Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
Co-authored-by: Max Gautier <mg@max.gautier.name>
 2024-12-24 15:50:11 +01:00
Max Gautier
d173f1d951 Only consider host in 'k8s_cluster' when checking if ip is a cached fact (#11817) 
This avoids spurious failure with 'localhost'.

It should also be more correct the inventory contains uncached hosts
which are not in `k8s_cluster` and therefore should not be Kubespray
business.

(We still use hostvars for uncached hosts, because it's easier to select
on 'ansible_default_ipv4' that way and does not change the end result)
 2024-12-23 08:48:10 +01:00
Chad Swenson
2fbf4806ed Add ResourceQuota plugin configuration (#11814) 
This enables [configuration](https://kubernetes.io/docs/concepts/policy/resource-quotas/#limit-priority-class-consumption-by-default) of the [ResourceQuota AdmissionController plugin](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#resourcequota). The configuration file will be empty by default when no limitedResources are set.
 2024-12-19 18:12:09 +01:00
Max Gautier
684f52eaf4 kubernetes/preinstall: remove unused variable 2024-12-19 16:30:48 +01:00
Max Gautier
55e095c1c7 kubernetes/preinstall: dns vars cleanup 
- Move validation from facts to verify-settings
- Move set_fact to vars/
 2024-12-19 16:30:47 +01:00
Max Gautier
1127a62176 kubernetes/preinstall: dns setting cleanup(dhclient, resolvconf) 
We use a lot of facts where variables are enough, and format too early,
which prevent reusing the variables in different contexts.

- Moves set_fact variables to the vars directory, remove unnecessary
 intermediate variables, and render them at usage sites to only do logic
 on native Ansible/Jinja lists.
- Use defaults/ rather than default filters for several variables.
 2024-12-19 16:30:46 +01:00
Max Gautier
a3e569f5c4 kubernetes/preinstall: switch coredns_server to vars/ 2024-12-19 15:51:02 +01:00
Ekko
bf70335493 Add iproute(2) package checking (#11816) 
Signed-off-by: ekko <lihai.tu@daocloud.io>
 2024-12-19 11:32:09 +01:00
Max Gautier
331671ac30 Revert "apiserver: fix incorrect path to admission plugins config files (#11779)" (#11808) 
This reverts commit 742409e663.
 2024-12-18 15:02:10 +01:00
ERIK
540c6ddb96 remove legacy kubelet container pre-upgrade tasks (#11805) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-12-17 09:38:54 +01:00
Kubernetes Prow Robot
da077ab8a6 Merge pull request #11700 from VannTen/feat/kubectl_stdin 
Convert kubernetes-apps to use kubectl directly
 2024-12-17 08:06:53 +01:00
Max Gautier
742409e663 apiserver: fix incorrect path to admission plugins config files (#11779) 2024-12-16 09:40:52 +01:00
Max Gautier
1307b2fe07 containerd: add After=dbus.service (#11781) 
This is needed for shutdown ordering: while at startup, it's not a
problem that containerd start before dbus (the dbus socket already
exists) it needs to shutdown before dbus to do its cleanup (asking
systemd via dbus to cleanup cgroups).
 2024-12-11 08:58:03 +00:00
Max Gautier
7c71f257b4 Convert netchecker to kubectl_apply_stdin 
Not that the Apparmor check result is no longer used since the PSP removal.
 2024-12-09 15:37:09 +01:00
Max Gautier
31e56ab76d Convert nodelocaldns to kubectl_apply_stdin 2024-12-09 10:10:52 +01:00
Max Gautier
4b7125f5be Convert CoreDNS Secondary to kubectl_apply_stdin 
Note that we're reapplying the RBAC/Sa/Config from coredns which is not
strictly necessary, but harmless, when the secondary is enabled.
 2024-12-09 10:10:51 +01:00
Max Gautier
e0c9152bd4 Convert CoreDNS primary to kubectl_apply_stdin 2024-12-09 10:10:51 +01:00
Max Gautier
63adac8314 Convert etcd_metrics to kubectl_apply_stdin 2024-12-09 10:10:50 +01:00
Max Gautier
27ccfc7c66 Convert dashboard to kubectl_apply_stdin 2024-12-09 10:10:50 +01:00
Max Gautier
990d2a1358 Define a standard commandline for applying manifests 
This is expected to be used in the command module this way:
command:
  cmd: "{{ kubectl_apply_stdin }}"
  stdin: <... rendered manifests > -> using the 'template' lookup plugin
  in most cases.

The advantages over the kube plugin module integrated in kubespray
(which this should replace eventually):
- way easier to modify to take advantage of new features (server-side
  apply for instance)
- no need for a separate template tasks + checking the result (which can
  introduce problem if the first playbook runs encounters an error).
 2024-12-09 10:10:48 +01:00
Max Gautier
70c73f153b calico: stop recording calico_kubelet_name (#11770) 
The variable is not used anymore since 29ea790c30.
Besides, this tasks fails on dual stack installation.
 2024-12-06 02:09:59 +00:00
ERIK
98807ffb6b Optimize CA cert hash calculation with community.crypto (#11758) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-12-02 10:27:00 +00:00
ERIK
70b75d35b6 support asymmetric encryption algorithms in ClusterConfigration (#11757) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-11-29 08:06:58 +00:00
Max Gautier
a074596c2c containerd: always use config_path (#11755) 
config_path was introduced in containerd 1.5.0, and registry.mirrors is
deprecated.

There is no reason to keep the old alternative, so just always use
config_path, and consequently remove the option.
 2024-11-28 12:38:59 +00:00
ERIK
f83471484d Revert "add encryptionAlgorithm for ClusterConfigration (#11751)" (#11756) 
This reverts commit 9f01effadc.
 2024-11-28 12:00:58 +00:00
ERIK
9f01effadc add encryptionAlgorithm for ClusterConfigration (#11751) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-11-28 08:28:59 +00:00
David
9d6344aac7 Add support for ntpsec (#11665) 
* Add support for ntpsec

* fixup: set default ntp_driftfile based on ntp_package

* fixup: docs
 2024-11-25 16:42:56 +00:00
ChengHao Yang
795a2dc309 Bump: OpenStack Cloud Controller Manager to v1.31.1 (#11738) 
* Refactor: replace registry.k8s.io with kube_image_repo variable

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Bump: OpenStack Cloud Controller Manager upgrade to v1.31.1

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Refactor: remove occm image tag from sample inventory

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-11-25 13:38:56 +00:00
ChengHao Yang
3f45301919 Bump: Kubernetes default version v1.31.3 (#11737) 
* Bump: Kubernetes default version set to v1.31.3

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: README.md update kubernetes version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-11-25 09:14:57 +00:00
Max Gautier
2e145ffc12 Fix the format of the list of images extracted from kubeadm (#11741) 
The download role expect 'groups' be a list, in order to properly filter
images.
 2024-11-25 09:06:56 +00:00
logicsys
b8541962f3 Partial Cilium 1.16+ Support & Add vars for configuring cilium IP load balancer pools and bgp v1 & v2 apis (#11620) 
* Add vars for configuring cilium IP load balancer pools and bgp peer policies

* Cilium 1.16+ Support - Add vars for configuring cilium bgpv2 api & handle cilium_kube_proxy_replacement unsupported values
 2024-11-19 02:48:53 +00:00
Max Gautier
badfb6ca34 Fix the pretty-printing of (core|nodelocal)dns (#11694) 
When using
dns_upstream_forward_extra_opts:
  prefer_udp: "" # the option as no value so use empty string to just
                 # put the key

This is rendered in the dns configmap as ($ for end-of-line)

...
  prefer_udp $
...

Note the trailing space.
This triggers https://github.com/kubernetes/kubernetes/issues/36222,
which makes the configmap hardly readable when editing them manually or
simply putting them in a yaml file for inspection.

Trim the concatenation of option + value to get rid of any trailing
space.
 2024-11-18 07:06:53 +00:00
ERIK
316e579543 fix task naming in bootstrap-os (#11714) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-11-17 17:22:53 +00:00
Javad
e8bdd47ecc Fix kubelet-csr-approver deployment failes if kube_network_plugin=cni(generic) (#11704) 
* Make Helm's 'atomic' parameter configurable from role variables

* Configure Helm with 'atomic' and 'wait' set to false for generic CNI to prevent kubelet-csr-approver installation failures
 2024-11-16 14:54:54 +00:00
Max Gautier
68718dcb6f Stricter kubeadm validation (config and runtime checks) (#11710) 
* kubeadm: do not ignore preflight errors blindly

The "ignoring all errors" seems to date back to the inception of the
kubeadm support (it was --skip-preflight-check before).

This can mask real errors and prevent users from seeing them.

Do not ignore any errors by default and make the set of ignored errors
configurable.

* download/kubeadm: remove redundant task

The mode is already set by the previous `copy` task.

* Validate kubeadm configs

This should help to fail early when we have invalid kubeadm configs (from
a kubespray bug or a misconfiguration).

* kubeadm-upgrade: remove unnecessary bool cast

* Convert kubeadm join discovery timeout to v1beta4 config

* CI: Ignore kubeadm:Mem errors on some setup.
 2024-11-15 06:34:52 +00:00
Max Gautier
1a4567ac29 Remove deprecated key from kubeadmconfig/v1beta4 (#11709) 
timeoutForControlPlane has been removed from v1beta4, instead remplaced
by https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta4/#kubeadm-k8s-io-v1beta4-Timeouts

The default for the new value are close enough that there is no need to
override them.
 2024-11-14 08:29:13 +00:00
Andreas Gravgaard Andersen
9f88f19e31 remove nameless extraArgs entry (#11703) 
* remove nameless extraArgs entry

Signed-off-by: Andreas Gravgaard Andersen <andreasga22@gmail.com>

* fix template name

Signed-off-by: Andreas Gravgaard Andersen <andreasga22@gmail.com>

---------

Signed-off-by: Andreas Gravgaard Andersen <andreasga22@gmail.com>
 2024-11-13 17:52:48 +00:00
ChengHao Yang
76a5263ff3 Bump: pause container upgrade to 3.10 (#11695) 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-11-08 16:46:45 +00:00
Kubernetes Prow Robot
91a77e417c Merge pull request #11674 from tico88612/feat/kubeadm-v1beta4 
Feat: kubeadm v1beta4 support
 2024-11-08 13:34:44 +00:00