External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-02 01:58:12 -03:30
Code Issues Packages Projects Releases Wiki Activity
8,064 Commits 45 Branches 88 Tags
5ca23e3bfeadff54ec4e1385b6f1c211ca006028
Commit Graph

574 Commits

Author SHA1 Message Date
ChengHao Yang
5a353cb04f Add manual option to the external_cloud_provider variable (#11883) 
* Add `manual` option in the `external_cloud_provider` value

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Update external cloud provider description in roles & sample inventory

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-01-13 00:12:34 -08:00
Chad Swenson
8443f370d4 Structured AuthorizationConfiguration (#11852) 
Adds the ability to configure the Kubernetes API server with a structured authorization configuration file.

Structured AuthorizationConfiguration is a new feature in Kubernetes v1.29+ (GA in v1.32) that configures the API server's authorization modes with a structured configuration file.
AuthorizationConfiguration files offer features not available with the `--authorization-mode` flag, although Kubespray supports both methods and authorization-mode remains the default for now.

Note: Because the `--authorization-config` and `--authorization-mode` flags are mutually exclusive, the `authorization_modes` ansible variable is ignored when `kube_apiserver_use_authorization_config_file` is set to true. The two features cannot be used at the same time.

Docs: https://kubernetes.io/docs/reference/access-authn-authz/authorization/#configuring-the-api-server-using-an-authorization-config-file
Blog + Examples: https://kubernetes.io/blog/2024/04/26/multi-webhook-and-modular-authorization-made-much-easier/
KEP: https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/3221-structured-authorization-configuration

I tested this all the way back to k8s v1.29 when AuthorizationConfiguration was first introduced as an alpha feature, although v1.29 required some additional workarounds with `kubeadm_patches`, which I included in example comments.

I also included some example comments with CEL expressions that allowed me to configure webhook authorizers without hitting kubeadm 1.29+ issues that block cluster creation and upgrades such as this one: https://github.com/kubernetes/cloud-provider-openstack/issues/2575.
My workaround configures the webhook to ignore requests from kubeadm and system components, which prevents fatal errors from webhooks that are not available yet, and should be authorized by Node or RBAC anyway.
 2025-01-07 09:14:28 +01:00
Mohamed Omar Zaian
9ec9b3a202 [ingress-nginx] upgrade to 1.12.0 (#11846) 2025-01-02 04:58:14 +01:00
Kubernetes Prow Robot
5af3a34de8 Merge pull request #11819 from VannTen/cleanup/preinstall_fact 
Cleanups in kubernetes/preinstall (DNS stuff)
 2024-12-27 18:04:11 +01:00
ChengHao Yang
54a01f2774 Bump: Containerd upgrade to 1.7.24 & runc upgrade to v1.2.3 (#11833) 
* Bump: Containerd upgrade to 1.7.24

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: README.md update Containerd version 1.7.24

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Bump: runc upgrade to v1.2.3

Runc upgrade to v1.2.3, and add v1.1.15, v1.2.x checksum

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-12-27 13:36:11 +01:00
ChengHao Yang
a6bc327d63 Bump: Helm upgrade to v3.16.4 (#11832) 
* Bump: Helm default version v3.16.4

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: README.md update helm version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-12-26 14:24:11 +01:00
Mohamed Omar Zaian
25d0380db7 [calico] Add version 3.29.1 and make it default (#11798) 2024-12-25 23:14:11 +01:00
ChengHao Yang
3305ae9235 Bump: Kubernetes default version v1.31.4 (#11828) 
* Bump: kubernetes upgrade to 1.31.4

Add Kubernetes 1.31.4, 1.30.8 and 1.29.12 version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: Upgrade Kubernetes version to 1.31.4

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-12-25 23:10:13 +01:00
Max Gautier
1127a62176 kubernetes/preinstall: dns setting cleanup(dhclient, resolvconf) 
We use a lot of facts where variables are enough, and format too early,
which prevent reusing the variables in different contexts.

- Moves set_fact variables to the vars directory, remove unnecessary
 intermediate variables, and render them at usage sites to only do logic
 on native Ansible/Jinja lists.
- Use defaults/ rather than default filters for several variables.
 2024-12-19 16:30:46 +01:00
ERIK
98807ffb6b Optimize CA cert hash calculation with community.crypto (#11758) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-12-02 10:27:00 +00:00
ERIK
70b75d35b6 support asymmetric encryption algorithms in ClusterConfigration (#11757) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-11-29 08:06:58 +00:00
ChengHao Yang
795a2dc309 Bump: OpenStack Cloud Controller Manager to v1.31.1 (#11738) 
* Refactor: replace registry.k8s.io with kube_image_repo variable

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Bump: OpenStack Cloud Controller Manager upgrade to v1.31.1

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Refactor: remove occm image tag from sample inventory

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-11-25 13:38:56 +00:00
ChengHao Yang
3f45301919 Bump: Kubernetes default version v1.31.3 (#11737) 
* Bump: Kubernetes default version set to v1.31.3

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: README.md update kubernetes version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-11-25 09:14:57 +00:00
logicsys
b8541962f3 Partial Cilium 1.16+ Support & Add vars for configuring cilium IP load balancer pools and bgp v1 & v2 apis (#11620) 
* Add vars for configuring cilium IP load balancer pools and bgp peer policies

* Cilium 1.16+ Support - Add vars for configuring cilium bgpv2 api & handle cilium_kube_proxy_replacement unsupported values
 2024-11-19 02:48:53 +00:00
ChengHao Yang
76a5263ff3 Bump: pause container upgrade to 3.10 (#11695) 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-11-08 16:46:45 +00:00
Kubernetes Prow Robot
91a77e417c Merge pull request #11674 from tico88612/feat/kubeadm-v1beta4 
Feat: kubeadm v1beta4 support
 2024-11-08 13:34:44 +00:00
Lihai Tu
b7c1d68ea3 Fix coredns version constraint (#11691) 2024-11-06 10:29:29 +00:00
ChengHao Yang
9b7d2857d1 Feat: add kubeadm_config_api_version default variable 
If kube_version is v1.31 or higher, it will be v1beta4, otherwise it
will be v1beta3.

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-11-05 18:53:02 +08:00
ChengHao Yang
a070c72214 Refactor: simpify external_cloud_provider is defined 
For this change, `external_cloud_provider` set default value to empty
string.

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-11-05 08:32:39 +08:00
ChengHao Yang
38cd05c503 Refactor: simpify cloud_provider is defined condition 
For this change, `cloud_provider` change the default value to empty
string.

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-11-05 08:32:39 +08:00
ChengHao Yang
c27cc33bd7 Refactor: var kube_override_hostname only reserve in kubespray-defaults 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-11-05 01:00:39 +08:00
ChengHao Yang
437026f514 Cleanup: remove all cloud_provider related tasks & files 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-11-05 00:51:00 +08:00
ChengHao Yang
66d3cb7e6f [cert-manager] upgrade to v1.15.3 (#11668) 
* Feat: upgrade cert-manager version to v1.15.3

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Feat: upgrade cert-manager crd to v1.15.3

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Feat: update cert-manager v1.15.3 deployment files

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: upgrade cert-manager to v1.15.3

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-11-04 10:39:29 +00:00
Kubernetes Prow Robot
3f027abae6 Merge pull request #11598 from VannTen/cleanup/fact_gathering 
Do not serialize fact gathering for no_proxy
 2024-10-31 10:59:26 +00:00
kyrie
d0f1d520ec update calico template (#11634) 
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
 2024-10-31 02:21:26 +00:00
Robert Volkmann
5988ba0890 Add hashes for crictl 1.30.1 and 1.31.1 (#11661) 2024-10-24 15:50:53 +01:00
Robert Volkmann
87270ebf26 Add hashes for Kubernetes 1.31.2 (new default), 1.30.6 and 1.29.10 (#11662) 2024-10-24 15:46:53 +01:00
ChengHao Yang
d1417d54ce Feat: CoreDNS upgrade to v1.11.3 (#11653) 
* Feat: bump CoreDNS version to v1.11.3

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: update README.md CoreDNS version to v1.11.3

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-10-21 22:50:52 +01:00
Robert Volkmann
5aea2abc40 Bump containerd to 1.7.23 (#11642) 2024-10-17 14:55:03 +01:00
Kubernetes Prow Robot
daa2144de3 Merge pull request #11601 from tico88612/feat/crio-default-crun 
Feat: CRI-O v1.31 change default runtime to crun
 2024-10-16 02:49:03 +01:00
Kay Yan
fb312e5179 cleanup kube 1.28 and cri-o 1.28 (#11609) 2024-10-08 08:28:22 +01:00
ChengHao Yang
f3d4377a16 Feat: add skopeo new version hash & upgrade skopeo version to v1.16.1 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-10-07 00:47:23 +08:00
ChengHao Yang
2717a2e585 Feat: add crun new version hash & upgrade crun version to 1.17 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-10-07 00:46:46 +08:00
ChengHao Yang
461a480887 Feat: complete the missing hash crun ppc64le 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-10-07 00:45:08 +08:00
ChengHao Yang
24e115c8b9 Feat: change cri-o default runtime to crun 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-10-07 00:43:30 +08:00
Max Gautier
2826b357d4 Remove serialized collect of ansible_default_ipv4 
The fallback_ips tasks are essentially serializing the gathering of one
fact on all the hosts, which can have dramatic performance implications
on large clusters (several minutes).

This is essentially a reversal of 35f248dff0
Being able to run without refreshing the cache facts is not worth it.

We keep fallback_ip for now, simply changing the access to a normal
hostvars variable instead of a custom dictionnary.
 2024-10-04 14:19:20 +02:00
Baargav
bb4f1b1168 update cilium to 1.15.9 (#11593) 2024-10-03 10:10:27 +01:00
Kay Yan
fcbcf3c03b cri-o Switch to libexecdir (#11584) 
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
 2024-09-30 08:34:03 +01:00
DirkTheDaring
3281c47f98 [kubernetes] Add hashes for kubernetes 1.29.8, 1.29.9, 1.30.5 (#11581) 
* [kubernetes] Add hashes for kubernetes 1.29.8, 1.29.9, 1.30.5

* Update checksums.yml

reintroduce --- for yaml
 2024-09-27 08:28:02 +01:00
janosbabik
6352fee0fd Update nerdctl version to 1.7.7 (#11575) 2024-09-27 05:04:01 +01:00
janosbabik
9f6db4012c Update runc version to v1.1.14 and add checksums (#11574) 2024-09-27 03:58:01 +01:00
janosbabik
656ed796b9 [etcd] make etcd 3.5.16 default (#11572) 
* [etcd] make etcd 3.5.16 default

* Update etcd binary checksums for version 3.5.16 and lower
 2024-09-26 09:12:01 +01:00
Philip Sabri
15bb5b0789 [kubernetes] Support kubernetes 1.31.1 (#11533) 2024-09-25 05:10:01 +01:00
Baargav
1c0718bb7d update containerd 1.7.22 (#11554) 2024-09-23 15:31:59 +01:00
Kubernetes Prow Robot
03a055c383 Merge pull request #10643 from VannTen/cleanup/k8s_node_templates 
Refactor kubernetes/node templates
 2024-09-23 14:16:00 +01:00
Max Gautier
2ec1c93897 Test group membership with group_names 
Testing for group membership with group names makes Kubespray more
tolerant towards the structure of the inventory.
Where 'inventory_hostname in groups["some_group"] would fail if
"some_group" is not defined, '"some_group" in group_names' would not.
 2024-09-21 14:09:09 +02:00
Kevin Huang
c601c8faf2 fix: Swap kubespray-defaults & boostrap-os (#11441) 
- Execute boostrap-os before so that Python is installed for kubespray-defaults
- Remove outdated kubespray-defaults dependency on boostrap-os
 2024-09-12 22:21:12 +01:00
Qasim Mehmood
538a1f2791 Update multus to v4.1.0 and clarify cilium compatibility (#11434) 
* Update multus to v4.1.0 and clarify cilium compatibility

* Fix: bug introduced by #10934 where the template would break if multus was defined

* Set priorityClassName to system-node-critical for multus pods
 2024-09-09 03:56:27 +01:00
Max Gautier
1533d40411 Fix kube_reserved_cgroups_for_service_slice 
The default value is used across kubespray but only defined in
kubernetes/node.
Move it to kubespray-defaults
 2024-09-06 09:25:23 +02:00
Bogdan Sass
4b324cb0f0 Rename master to control plane - non-breaking changes only (#11394) 
K8s is moving away from the "master" terminology, so kubespray should follow the same naming conventions. See 65d886bb30/sig-architecture/naming/recommendations/001-master-control-plane.md
 2024-09-06 07:56:19 +01:00