* fix: make assert test for netaddr actually return a boolean
The netaddr test returns a string when the netaddr is installed. This makes
Ansible 2.20 angry. Here's a fix to make sure the true case also returns a
boolean instead of a string.
* fix: more fixes for non-boolean conditions
The `cloud_provider` assertion change is a little more involved. The only two
allowed values are "" and "external". Let's just always check the assertion
instead of skipping it when it's the default value, which is "".
All the other changes should be fairly obvious.
Add kube_vip_metrics_enabled and kube_vip_metrics_port; wire
prometheus_server and container port in the static pod manifest.
Default metrics port to 2112 to match kube-vip upstream. Document
and sample inventory updated.
Cilium < 1.20 unconditionally registers a field indexer for TLSRoute
v1alpha2 when the Gateway API controller is enabled, but Gateway API
>= 1.5.0 ships TLSRoute v1alpha2 with served=false in the standard
channel. The result is cilium-operator CrashLoopBackOff with:
no matches for kind "TLSRoute" in version "gateway.networking.k8s.io/v1alpha2"
The fix landed in Cilium 1.20 only and will not be backported.
Add a preflight assert that triggers only when all of the following
hold: cilium_gateway_api_enabled, gateway_api_enabled, cilium_version
< 1.20.0, gateway_api_version >= 1.5.0, and gateway_api_channel ==
"standard". Users hit by this combo get a clear error and two
workarounds (pin gateway_api_version to 1.4.1, or switch
gateway_api_channel to "experimental") instead of debugging a crash
loop after the fact.
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
kata containers added create_container_timeout parameter.
If this parameter is missing, the new version of Kata cannot create containers properly and will encounter an error: failed to create shim task: context deadline exceeded
Also add checksums for newly released patch versions:
- containerd 2.2.2, 2.2.3
- containerd 2.1.7
- containerd 2.0.8
- containerd 1.7.31
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
The cilium_enable_prometheus variable was defined in defaults and
documented in sample inventory but never mapped to the Helm values
template, making it a no-op. Add the prometheus.enabled field to
values.yaml.j2 so that setting cilium_enable_prometheus: true
correctly enables Prometheus metrics on the Cilium agent.
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
Remove the Flatcar/Fedora CoreOS exclusion from the wait handler
and unify the Flatcar-specific notify channel into the shared
"propagate resolvconf to k8s components" channel.
