External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-04 19:18:17 -03:30
Code Issues Packages Projects Releases Wiki Activity
8,075 Commits 46 Branches 88 Tags
16760787adf3ee612c3cb15b35b2631d33243aef
Commit Graph

5375 Commits

Author SHA1 Message Date
Ali Afsharzadeh
c59833b2e5 [release-2.27] Patch versions update (#12231) 
* [release-2.27] Patch versions update

* Add calico crds archive checksum for v3.29.3

* Update kube_version in roles/kubespray-defaults/defaults/main/main.yml

* Revert crio version upgrade

* Upgrade calico to v3.29.4
 2025-06-05 09:00:38 -07:00
Max Gautier
55194fcf6d Move 'pretend certificates' **after** cert distribution (#12221) 
The link target will only exist after we distribute the certs on each node.
 2025-05-16 07:43:14 -07:00
k8s-infra-cherrypick-robot
d10000ee90 Workaround missing etcd certds on control plane node (#12192) 
Co-authored-by: Max Gautier <mg@max.gautier.name>
 2025-05-06 09:31:16 -07:00
Ali Afsharzadeh
6a67d28fab [release-2.27] Make fallback_ip cacheable in facts (#12182) 
* Make fallback_ip cacheable in facts

* Move cacheable property after fallback_ip variable

Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-02 22:03:55 -07:00
Chad Swenson
bf68231a5a Refactor control plane upgrades with reconfiguration support (#12015) (#12103) 
* Refactor control plane upgrades with reconfiguration support

Adds revised support for:
- The previously removed `--config` argument for `kubeadm upgrade apply`
- Changes to `ClusterConfiguration` as part of the `upgrade-cluster.yml` playbook lifecycle
- kubeadm-config `v1beta4` `UpgradeConfiguration` for the `kubeadm upgrade apply` command: [UpgradeConfiguration v1beta4](https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta4/#kubeadm-k8s-io-v1beta4-UpgradeConfiguration).

* Add kubeadm upgrade node support

Per discussion:
- Use `kubeadm upgrade node` on secondary control plane upgrades
- Add support for UpgradeConfiguration.node in kubeadm-config.v1beta4
- Remove redundant `allowRCUpgrades` config
- Revert from `block` for first and secondary control plane back to unblocked tasks since they no longer share much code and it's more readable this way

* Add kubelet and kube-proxy reconfiguration to upgrades

* Fix task to use `kubeadm init phase etcd local`

* Rebase with changes from "Adapt checksums and versions to new hashes updater" PR

* Add `imagePullPolicy` and `imagePullSerial` to kubeadm-config v1beta4 `InitConfiguration.nodeRegistration`

(cherry picked from commit b551fe083d)
 2025-04-02 23:18:38 -07:00
ChengHao Yang
de25806c56 Bump ingress-nginx to 1.12.1 and certgen to 1.5.2 (#12080) 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-03-27 00:44:34 -07:00
ChengHao Yang
bbabe496c4 [calico] fix v3.29.2 crds archive checksum (#12082) 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-03-26 02:14:33 -07:00
k8s-infra-cherrypick-robot
e354295476 fix: kubecontrollersconfigurations list permission (#12039) 
[WARNING][1] kube-controllers/runconfig.go 193: unable to list KubeControllersConfiguration(default) error=connection is unauthorized: kubecontrollersconfigurations.crd.projectcalico.org "default" is forbidden: User "system:serviceaccount:kube-system:calico-kube-controllers" cannot list resource "kubecontrollersconfigurations" in API group "crd.projectcalico.org" at the cluster scope

Co-authored-by: darkobas <marko@datafund.io>
 2025-03-15 09:15:47 -07:00
Max Gautier
5e083a5370 Update defaults versions to last checksums 2025-03-13 12:09:40 +01:00
Max Gautier
1528bdda39 Checksums updates 2025-03-13 12:05:40 +01:00
k8s-infra-cherrypick-robot
3514ae8d04 [release-2.27] Fix incorrect syntax for secondary nodelocaldns manifest (#11957) 
* Fix incorrect syntax

* Fix incorrect syntax

---------

Co-authored-by: Raul Butuc <raulbutuc@gmail.com>
 2025-02-07 08:57:56 -08:00
k8s-infra-cherrypick-robot
99e2bfe2fa [release-2.27] Fix CI by exclude the .ansible in .ansible-lint & remove ctr image pull workaround (#11956) 
* exclude .ansible in ansible-lint

* remote ctr i pull workdaround

Signed-off-by: Kay Yan <kay.yan@daocloud.io>

---------

Signed-off-by: Kay Yan <kay.yan@daocloud.io>
Co-authored-by: Kay Yan <kay.yan@daocloud.io>
 2025-02-07 08:05:58 -08:00
k8s-infra-cherrypick-robot
eb413e4719 [release-2.27] Add manual option to the external_cloud_provider variable (#11884) 
* Add `manual` option in the `external_cloud_provider` value

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Update external cloud provider description in roles & sample inventory

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-01-13 08:24:33 -08:00
Mohamed Omar Zaian
9ec9b3a202 [ingress-nginx] upgrade to 1.12.0 (#11846) 2025-01-02 04:58:14 +01:00
Antoine Legrand
0222a2a634 Add option to skip network plugin installation (#11844) 2024-12-31 12:52:13 +01:00
Kubernetes Prow Robot
5af3a34de8 Merge pull request #11819 from VannTen/cleanup/preinstall_fact 
Cleanups in kubernetes/preinstall (DNS stuff)
 2024-12-27 18:04:11 +01:00
ChengHao Yang
54a01f2774 Bump: Containerd upgrade to 1.7.24 & runc upgrade to v1.2.3 (#11833) 
* Bump: Containerd upgrade to 1.7.24

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: README.md update Containerd version 1.7.24

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Bump: runc upgrade to v1.2.3

Runc upgrade to v1.2.3, and add v1.1.15, v1.2.x checksum

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-12-27 13:36:11 +01:00
ChengHao Yang
a6bc327d63 Bump: Helm upgrade to v3.16.4 (#11832) 
* Bump: Helm default version v3.16.4

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: README.md update helm version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-12-26 14:24:11 +01:00
Mohamed Omar Zaian
25d0380db7 [calico] Add version 3.29.1 and make it default (#11798) 2024-12-25 23:14:11 +01:00
ChengHao Yang
3305ae9235 Bump: Kubernetes default version v1.31.4 (#11828) 
* Bump: kubernetes upgrade to 1.31.4

Add Kubernetes 1.31.4, 1.30.8 and 1.29.12 version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: Upgrade Kubernetes version to 1.31.4

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-12-25 23:10:13 +01:00
kyrie
e7a5e3ca5c Fix using the default network manager in reset.yml (#11678) 
* enhance reset network service

Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>

* reset network service: use systemd module directly

---------

Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
Co-authored-by: Max Gautier <mg@max.gautier.name>
 2024-12-24 15:50:11 +01:00
Max Gautier
d173f1d951 Only consider host in 'k8s_cluster' when checking if ip is a cached fact (#11817) 
This avoids spurious failure with 'localhost'.

It should also be more correct the inventory contains uncached hosts
which are not in `k8s_cluster` and therefore should not be Kubespray
business.

(We still use hostvars for uncached hosts, because it's easier to select
on 'ansible_default_ipv4' that way and does not change the end result)
 2024-12-23 08:48:10 +01:00
Chad Swenson
2fbf4806ed Add ResourceQuota plugin configuration (#11814) 
This enables [configuration](https://kubernetes.io/docs/concepts/policy/resource-quotas/#limit-priority-class-consumption-by-default) of the [ResourceQuota AdmissionController plugin](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#resourcequota). The configuration file will be empty by default when no limitedResources are set.
 2024-12-19 18:12:09 +01:00
Max Gautier
684f52eaf4 kubernetes/preinstall: remove unused variable 2024-12-19 16:30:48 +01:00
Max Gautier
55e095c1c7 kubernetes/preinstall: dns vars cleanup 
- Move validation from facts to verify-settings
- Move set_fact to vars/
 2024-12-19 16:30:47 +01:00
Max Gautier
1127a62176 kubernetes/preinstall: dns setting cleanup(dhclient, resolvconf) 
We use a lot of facts where variables are enough, and format too early,
which prevent reusing the variables in different contexts.

- Moves set_fact variables to the vars directory, remove unnecessary
 intermediate variables, and render them at usage sites to only do logic
 on native Ansible/Jinja lists.
- Use defaults/ rather than default filters for several variables.
 2024-12-19 16:30:46 +01:00
Max Gautier
a3e569f5c4 kubernetes/preinstall: switch coredns_server to vars/ 2024-12-19 15:51:02 +01:00
Ekko
bf70335493 Add iproute(2) package checking (#11816) 
Signed-off-by: ekko <lihai.tu@daocloud.io>
 2024-12-19 11:32:09 +01:00
Max Gautier
331671ac30 Revert "apiserver: fix incorrect path to admission plugins config files (#11779)" (#11808) 
This reverts commit 742409e663.
 2024-12-18 15:02:10 +01:00
ERIK
540c6ddb96 remove legacy kubelet container pre-upgrade tasks (#11805) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-12-17 09:38:54 +01:00
Kubernetes Prow Robot
da077ab8a6 Merge pull request #11700 from VannTen/feat/kubectl_stdin 
Convert kubernetes-apps to use kubectl directly
 2024-12-17 08:06:53 +01:00
Max Gautier
742409e663 apiserver: fix incorrect path to admission plugins config files (#11779) 2024-12-16 09:40:52 +01:00
Max Gautier
1307b2fe07 containerd: add After=dbus.service (#11781) 
This is needed for shutdown ordering: while at startup, it's not a
problem that containerd start before dbus (the dbus socket already
exists) it needs to shutdown before dbus to do its cleanup (asking
systemd via dbus to cleanup cgroups).
 2024-12-11 08:58:03 +00:00
Max Gautier
7c71f257b4 Convert netchecker to kubectl_apply_stdin 
Not that the Apparmor check result is no longer used since the PSP removal.
 2024-12-09 15:37:09 +01:00
Max Gautier
31e56ab76d Convert nodelocaldns to kubectl_apply_stdin 2024-12-09 10:10:52 +01:00
Max Gautier
4b7125f5be Convert CoreDNS Secondary to kubectl_apply_stdin 
Note that we're reapplying the RBAC/Sa/Config from coredns which is not
strictly necessary, but harmless, when the secondary is enabled.
 2024-12-09 10:10:51 +01:00
Max Gautier
e0c9152bd4 Convert CoreDNS primary to kubectl_apply_stdin 2024-12-09 10:10:51 +01:00
Max Gautier
63adac8314 Convert etcd_metrics to kubectl_apply_stdin 2024-12-09 10:10:50 +01:00
Max Gautier
27ccfc7c66 Convert dashboard to kubectl_apply_stdin 2024-12-09 10:10:50 +01:00
Max Gautier
990d2a1358 Define a standard commandline for applying manifests 
This is expected to be used in the command module this way:
command:
  cmd: "{{ kubectl_apply_stdin }}"
  stdin: <... rendered manifests > -> using the 'template' lookup plugin
  in most cases.

The advantages over the kube plugin module integrated in kubespray
(which this should replace eventually):
- way easier to modify to take advantage of new features (server-side
  apply for instance)
- no need for a separate template tasks + checking the result (which can
  introduce problem if the first playbook runs encounters an error).
 2024-12-09 10:10:48 +01:00
Max Gautier
70c73f153b calico: stop recording calico_kubelet_name (#11770) 
The variable is not used anymore since 29ea790c30.
Besides, this tasks fails on dual stack installation.
 2024-12-06 02:09:59 +00:00
ERIK
98807ffb6b Optimize CA cert hash calculation with community.crypto (#11758) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-12-02 10:27:00 +00:00
ERIK
70b75d35b6 support asymmetric encryption algorithms in ClusterConfigration (#11757) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-11-29 08:06:58 +00:00
Max Gautier
a074596c2c containerd: always use config_path (#11755) 
config_path was introduced in containerd 1.5.0, and registry.mirrors is
deprecated.

There is no reason to keep the old alternative, so just always use
config_path, and consequently remove the option.
 2024-11-28 12:38:59 +00:00
ERIK
f83471484d Revert "add encryptionAlgorithm for ClusterConfigration (#11751)" (#11756) 
This reverts commit 9f01effadc.
 2024-11-28 12:00:58 +00:00
ERIK
9f01effadc add encryptionAlgorithm for ClusterConfigration (#11751) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-11-28 08:28:59 +00:00
David
9d6344aac7 Add support for ntpsec (#11665) 
* Add support for ntpsec

* fixup: set default ntp_driftfile based on ntp_package

* fixup: docs
 2024-11-25 16:42:56 +00:00
ChengHao Yang
795a2dc309 Bump: OpenStack Cloud Controller Manager to v1.31.1 (#11738) 
* Refactor: replace registry.k8s.io with kube_image_repo variable

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Bump: OpenStack Cloud Controller Manager upgrade to v1.31.1

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Refactor: remove occm image tag from sample inventory

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-11-25 13:38:56 +00:00
ChengHao Yang
3f45301919 Bump: Kubernetes default version v1.31.3 (#11737) 
* Bump: Kubernetes default version set to v1.31.3

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: README.md update kubernetes version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-11-25 09:14:57 +00:00
Max Gautier
2e145ffc12 Fix the format of the list of images extracted from kubeadm (#11741) 
The download role expect 'groups' be a list, in order to properly filter
images.
 2024-11-25 09:06:56 +00:00