External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-01-10 15:32:09 -03:30
Code Issues Packages Projects Releases Wiki Activity
5,638 Commits 43 Branches 87 Tags
Commit Graph

5638 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
bleech1
4661e7db01
remove local lb privileged (#7437) (#7454) 
Co-authored-by: Samuel Liu <liupeng0518@gmail.com>
v2.15.1 		2021-04-07 01:35:53 -07:00
Etienne Champetier
ba1d3dcddc Remove left over nodes_to_drain 
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
 2021-03-29 16:19:56 -07:00
Etienne Champetier
e7f8d5a987 Fix remove-node by removing jq usage (#7405) 
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 36a3a78952e1bbba273958b9639adb55442d42b3)
 2021-03-29 16:19:56 -07:00
David Louks
26183c2523 Remove ignore_errors from drain tasks and enable retires (#7151) 
* Remove ignore_errors from drain tasks and enable retires

* Fix lint error by checking if stdout length is not 0, ie string is not empty.

(cherry picked from commit ccd3aeebbc5c4da85155b365bab66d6441dc3e81)
 2021-03-29 16:19:56 -07:00
Etienne Champetier
0f7b9363f9 Fix k8s-certs-renew for k8s < 1.20 (#7410) 
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 2d1597bf103a1b892b237fbae9dccffdca3ad374)
 2021-03-29 16:19:56 -07:00
Anthony Rabbito
b0b569615e Correct Jinja Syntax for etcd-unsupported-arch (#6919) 
`-%` causes `etcd-unsupported-arch: arm64` to print on COL 1 instead of
COL 6.

Signed-off-by: anthr76 <hello@anthonyrabbito.com>
(cherry picked from commit edfa3e9b14167c5c6b76083360948611c120af0a)
 2021-03-29 16:19:56 -07:00
Kaleb Elwert
65aa9213d4 Allow connecting to bastion via non-standard SSH port (#7396) 
* Allow connecting to bastion via non-standard port

* Fix bastion connection when ansible_port is not provided

(cherry picked from commit 6fa3565dacb2f48d3f98b062ae631069ed18848b)
 2021-03-29 16:19:56 -07:00
Kenichi Omichi
44d1f83ee9 Add cryptography installation (#7404) 
To avoid ModuleNotFoundError due to no module named 'setuptools_rust',
this adds cryptography installation to requirements.txt.

Created by jfc-evs originally as https://github.com/kubernetes-sigs/kubespray/pull/7264

(cherry picked from commit 49abf6007a8eee36d0deda6786f483e08f5e6fe3)
 2021-03-29 16:19:56 -07:00
Etienne Champetier
b19d109a12 Auto renew control plane certificates (#7358) 
While at it remove force_certificate_regeneration
This boolean only forced the renewal of the apiserver certs
Either manually use k8s-certs-renew.sh or set auto_renew_certificates

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit efa180392b8e7cca75cac8e11534b55f99cb9ee4)

Conflicts:
	roles/kubernetes/master/templates/k8s-certs-renew.service.j2
	roles/kubernetes/master/templates/k8s-certs-renew.sh.j2
	roles/kubernetes/master/templates/k8s-certs-renew.timer.j2
 2021-03-23 07:29:36 -07:00
Etienne Champetier
4e52da6a35 Set K8S default to v1.19.9 
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
 2021-03-23 07:29:36 -07:00
Florian Ruynat
c1a686bf47 Update hashes for 1.20.5/1.19.9/1.18.17 
(cherry picked from commit 6d3dbb43a4a53e76df6d300f7b2e800e71f314db)
 2021-03-23 07:29:36 -07:00
Florian Ruynat
eb8dd77ab6 Fix calico crds missing 3.16.9 (#7386) 
(cherry picked from commit ead8a4e4de69a6a1c580767df02b1707796c1626)
 2021-03-23 07:29:36 -07:00
Florian Ruynat
cd46286523 Update CNI (calico, kubeovn, multus) and Helm 
(cherry picked from commit 05f132c136b9d43ea342ced426afc49c4e1cfeb7)
 2021-03-23 07:29:36 -07:00
Erwan Miran
e12850be55 Download Calico KDD CRDs (#7372) 
* Download Calico KDD CRDs

* Replace kustomize with lineinfile and use ansible assemble module

* Replace find+lineinfile by sed in shell module to avoid nested loop

* add condition on sed

* use block for kdd tasks + remove supernumerary kdd manifest apply in start "Start Calico resources"

(cherry picked from commit 1c62af0c95321ac09fa2289b586c82b3df24376d)

Conflicts:
        roles/network_plugin/calico/tasks/install.yml
 2021-03-23 07:29:36 -07:00
Florian Ruynat
5e4f3cabf1 Update nodelocaldns to 1.17.1 
(cherry picked from commit 5f2c8ac38faf1ba373e73868fe88033dd8a1ffe2)
 2021-03-23 07:29:36 -07:00
Florian Ruynat
df00b1d69d Minor update to cilium and calico 
(cherry picked from commit de46f86137b978248b377c15038363bb35677d90)
 2021-03-23 07:29:36 -07:00
Florian Ruynat
d74dcfd3b8 Update kube-ovn to 1.6.0 (#7240) 
(cherry picked from commit edc4bb4a4985753bac5bf527014c2925f7d843bf)
 2021-03-23 07:29:36 -07:00
Maciej Wereski
c1c720422f Upgrade openSUSE Leap to 15.2 (#7331) 
15.1 has reached EOL on 2021-02-02.

Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
(cherry picked from commit 69d11daef6f6211b9741621a76b82829963492e9)
 2021-03-23 07:29:36 -07:00
Etienne Champetier
bac71fa7cb Fixup one more missing kubespray-defaults (#7375) 
"The error was: 'proxy_disable_env' is undefined\n\nThe error appears to
be in '<censored>scale.yml': line 72, column 7"

Fixes 067db686f6e8149b7a94d43d74f89e55595a95ad

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 057e8b435877c8682c57f3bd5168728a07c7a9a9)
 2021-03-23 07:29:36 -07:00
Lennart Jern
ac1aa4d591 Check for dummy kernel module (#7348) 
The dummy module is needed for nodelocaldns.

(cherry picked from commit 5a54db2f3ced6a78bbe77119e2ce932990b4c0ff)
 2021-03-15 07:07:05 -07:00
Etienne Champetier
c22915a08c Fixup kubelet.conf to point to kubelet-client-current.pem (#7347) 
c9c0c01de019e502b2e73e6fd65e9bf52e063bb6 only fix the problem for new clusters

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 14b63ede8c311685088f38ba00a032ee4a828c09)

Conflicts:
	roles/kubernetes/master/tasks/kubelet-fix-client-cert-rotation.yml
 2021-03-15 07:07:05 -07:00
Maciej
0ea43289e2 ansible and jinja2 updates (#7357) 
* Update ansible to v2.9.18

Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>

* Update jinja2 to v2.11.3

Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
(cherry picked from commit b07c5966a616e00668786a16ab31e6de75aa3226)
 2021-03-15 07:07:05 -07:00
Victor Morales
01e527abf1 Add privileged_without_host_devices support (#7343) 
When privileged is enabled for a container, all the `/dev/*` block
devices from the host are mounted into the guest. The
`privileged_without_host_devices` flag prevents host devices from
being passed to privileged containers.

More information:
* https://github.com/containerd/cri/pull/1225
* 1d0f68156b

(cherry picked from commit dc5df57c262efd4f856295f7f67813568a527f25)
 2021-03-15 07:07:05 -07:00
Etienne Champetier
704a054064 Delete misnammed kubeadm-version.yml 
The important action in kubeadm-version.yml is the templating of the configuration,
not finding / setting the version

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit a9c97e5253c455546c2c7fdd794147eeb9b8ab7a)

Conflicts:
	roles/kubernetes/master/tasks/kubeadm-version.yml
 2021-03-15 07:07:05 -07:00
Etienne Champetier
8c693e8739 Always backup both certs and kubeconfig 
There are no reasons not to backup during upgrade

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 53e5ef6b4e2b4f9e8fd797773f4eabf7701158da)

Conflicts:
	roles/kubernetes/master/tasks/kubeadm-backup.yml
	roles/kubernetes/master/tasks/kubeadm-certificate.yml
 2021-03-15 07:07:05 -07:00
Etienne Champetier
9ecbf75cb4 Remove rotate_tokens logic 
kubeadm never rotates sa.key/sa.pub, so there is no need to delete tokens/restart pods

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 8800b5c01d7dbdc99f81464ba5f2f96799e7eed1)
 2021-03-15 07:07:05 -07:00
Etienne Champetier
591a51aa75 Remove admin.conf removal 
kubeadm is the default for a long time now,
and admin.conf is created by it, so let kubeadm handle it

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 280036fad65736a7f0944190a0f8803fb79b786e)
 2021-03-15 07:07:05 -07:00
Etienne Champetier
76a1697cf1 Remove useless call to 'kubeadm version' 
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit a6e1f5ece9f50dd717556af0f31557b621063702)
 2021-03-15 07:07:05 -07:00
Etienne Champetier
1216a0d52d Remove pre kubeadm cert migration tasks 
apiserver.pem is not used since ddffdb63bfcc65a1731a16d316ce10d4903e3261

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit fedd671d68bfadc3446ae5a5c9961ae769773c4a)

Conflicts:
	roles/kubernetes/master/tasks/kubeadm-cleanup-old-certs.yml
	roles/kubernetes/master/tasks/kubeadm-migrate-certs.yml
 2021-03-15 07:07:05 -07:00
Du9L.com
f4d3a4a5ad kubeadm-config.v1beta2.yaml.j2: etcd log level arg (#7339) 
According to [etcd's docs](https://etcd.io/docs/v3.4.0/op-guide/configuration/#--log-package-levels), argument 'log-package-levels' should not contain underscores.

(cherry picked from commit b7c22659e308af6ab20484a5032a62d57f945d7b)
 2021-03-15 07:07:05 -07:00
Etienne Champetier
3c8ad073cd Stop using kubeadm to update server in kubeconfigs (#7338) 
Using `kubeadm init phase kubeconfig all` breaks kubelet client certificate rotation
as we are missing `kubeadm init phase kubelet-finalize all` to point to `kubelet-client-current.pem`

kubeconfig format is stable so let's just use lineinfile,
this will avoid other future breakage

This revert to the logic before 6fe2248314fb319563a60ae023b552371e34e148

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit c9c0c01de019e502b2e73e6fd65e9bf52e063bb6)
 2021-03-15 07:07:05 -07:00
Etienne Champetier
53b9388b82 Add kube-ipvs0/nodelocaldns to NetworkManager unmanaged-devices (#7315) 
On CentOS 8 they seem to be ignored by default, but better be extra safe
This also make it easy to exclude other network plugin interfaces

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit e442b1d2b9ce7734093a724c3d35462f1b3cbcb8)
 2021-03-15 07:07:05 -07:00
Etienne Champetier
f26cc9f75b Only use stat get_checksum: yes when needed (#7270) 
By default Ansible stat module compute checksum, list extended attributes and find mime type
To find all stat invocations that really use one of those:
git grep -F stat. | grep -vE 'stat.(islnk|exists|lnk_source|writeable)'

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit de1d9df7875d1f451fb7974840ddc0a645551b6e)

Conflicts:
	roles/etcd/tasks/check_certs.yml
 2021-03-15 07:07:05 -07:00
stress-t
5563ed8084 Fix: added string to bool conversion for use_localhost_as_kube api load balancer (#7324) 
(cherry picked from commit 15f1b191368bfe920c250d32960e18854ad42ed6)
 2021-03-02 08:33:19 -08:00
stress-t
a02e9206fe Improving PR 6473 (#7259) 
(cherry picked from commit 796d3fb975cd880c42f6dcf67001588fa20510e6)
 2021-03-02 08:33:19 -08:00
Florian Ruynat
e7cc686beb Fix recover-control-plane undefined 'proxy_disable_env' variable (#7326) 
(cherry picked from commit 05adeed1fac3b593f52149574b330d480672e02a)

Conflicts:
	recover-control-plane.yml
 2021-03-02 08:33:19 -08:00
wangxf
5d4fcbc5a1 fix: the filename </etc/vault> is Duplicate in the reset role. (#7313) 
(cherry picked from commit 154fa45422949193d390242c4994e4d11895f4b8)
 2021-03-02 08:33:19 -08:00
Florian Ruynat
ba348c9a00 Move centos7-crio CI job to centos8 (#7327) 
(cherry picked from commit e35becebf8f55ce3dc32be26ed64495916291889)
 2021-03-02 08:33:19 -08:00
Kenichi Omichi
b0f2471f0e Update Ansible to v2.9.17 (#7291) 
This updates Ansible version to the latest stable version 2.9.17.

(cherry picked from commit 0ddf915027f6e75474ab0027a540fc349722eadc)
 2021-03-02 08:33:19 -08:00
Etienne Champetier
fbdc2b3e20 Fix proxy usage when *_PROXY are present in environment (#7309) 
Since a790935d02dc2787f6de41695ec955dc49fc93b1 all proxy users
should be properly configured

Now when you have *_PROXY vars in your environment it can leads to failure
if NO_PROXY is not correct, or to persistent configuration changes
as seen with kubeadm in 1c5391dda78b43fc629320dd59f1234e81afb2ad

Instead of playing constant whack-a-bug, inject empty *_PROXY vars everywhere
at the play level, and override at the task level when needed

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 067db686f6e8149b7a94d43d74f89e55595a95ad)
 2021-03-02 08:33:19 -08:00
Etienne Champetier
557139a8cf Fix reset when using containerd (#7308) 
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit ed2b4b805e937aab8118600d3f83b48fe980d3ff)
 2021-03-02 08:33:19 -08:00
Etienne Champetier
daea9f3d21 Set Kubernetes default version to 1.19.8 
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
 2021-03-02 08:33:19 -08:00
Florian Ruynat
ac23d89a1a Add hashes for Kubernetes 1.18.16/1.19.8/1.20.4 
(cherry picked from commit 86ce8aac8518a58542ba649fd1ff8574f0eeb561)
 2021-03-02 08:33:19 -08:00
Etienne Champetier
3292887cae Fix "api is up" check (#7295) 
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 662a37ab4f623668ac002a86bb8d2fe7fe23ea10)
 2021-03-02 08:33:19 -08:00
Etienne Champetier
c7658c0256 Remove calico-upgrade leftovers (#7282) 
This is dead code since 28073c76ac26455a720aa1b13287155726e956fb

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 3749729d5a2fb71bad6ca3fdddaedaf328e03579)
 2021-02-22 06:01:43 -08:00
Etienne Champetier
716a66e5d3 facts.yaml: reduce the number of setup calls by ~7x (#7286) 
Before this commit, we were gathering:
1 !all
7 network
7 hardware

After we are gathering:
1 !all
1 network
1 hardware

ansible_distribution_major_version is gathered by '!all'

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit fb8b0751103790daea52d1c1813e087b25126235)
 2021-02-22 06:01:43 -08:00
Matt Calvert
efd138e752 Ensure we gather IPv6 facts 
(cherry picked from commit 366cbb3e6f3d4df2618e4ed4bc4191dcbed5b169)
 2021-02-22 06:01:43 -08:00
Etienne Champetier
40857b9859 Ensure kubeadm doesn't use proxy (#7275) 
* Move proxy_env to kubespray-defaults/defaults

There is no reasons to use set_facts here

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>

* Ensure kubeadm doesn't use proxy

*_proxy variables might be present in the environment (/etc/environment, bash profile, ...)
When this is the case we end up with those proxy configuration in /etc/kubernetes/manifests/kube-*.yaml manifests

We cannot unset env variables, but kubeadm is nice enough to ignore empty vars
93d288e2a4/cmd/kubeadm/app/util/env.go (L27)

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 1c5391dda78b43fc629320dd59f1234e81afb2ad)
 2021-02-22 06:01:43 -08:00
Etienne Champetier
176df83e02 Fixup cri-o metacopy mount options (#7287) 
Ubuntu 18.04 crio package ships with 'mountopt = "nodev,metacopy=on"'
even if GA kernel is 4.15 (HWE Kernel can be more recent)

Fedora package ships without metacopy=on

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 5c04bdd52bdb6115fb06bdd31b9862427dcef2e2)
 2021-02-22 06:01:43 -08:00
Etienne Champetier
60b405a7b7 bootstrap-os: match on os-release ID / VARIANT_ID (#7269) 
This fixes deployment with CentOS 8 Streams and make detection more reliable

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 95b329b64d571dc7e4aba9696db998ee95cbd1cb)

Conflicts:
  roles/bootstrap-os/tasks/main.yml
 2021-02-22 06:01:43 -08:00