蔡秀吉
c99f908f9f
Bump custom_cni test Cilium version to 1.18.6 ( #13002 )
...
Upgrade the Cilium version used in custom_cni tests from 1.16.3 to
1.18.6 to align with the current cilium_version in Kubespray.
- Update custom_cni_chart_version in debian12-custom-cni-helm.yml
- Regenerate static manifest in tests/files/custom_cni/cilium.yaml
using helm template cilium/cilium --version 1.18.6
Signed-off-by: thc1006 <84045975+thc1006@users.noreply.github.com >
2026-02-13 19:30:00 +05:30
Kubernetes Prow Robot
5070ffaea3
Merge pull request #12878 from VannTen/ci/handle_flakes
...
CI: Separate matrix job for flakey tests
2026-02-13 18:58:01 +05:30
Max Gautier
bf3fef05fd
control-plane: do not adjust apiserver endpoint ( #12870 )
...
This essentially revert the functionnality of 9b0f57a0a#5150 ),
2019-09-09).
This is no longer needed since kubeadm now default to use the local
kube-apiserver for control plane components (feature gate
"ControlPlaneKubeletLocalMode")
https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/#feature-gates
2026-02-13 15:52:01 +05:30
Max Gautier
8c128771d7
CI: create pr-flakey for jobs prone to failure
...
We have a lot of PRs where we endlessy retry the same flakey jobs, which
is useless and frustating for everyone.
Put those jobs into a separate matrix with 1 retries to migitate the
issue.
2026-02-13 10:53:15 +01:00
Max Gautier
efdff890ed
Introduce a timeout for package installation
...
Sometimes package installations can get into weird state and stuck for a
very long time.
Timeout the tasks to fail early, with a customizable timeout duration.
2026-02-13 10:52:40 +01:00
rayui
7aea6a1df2
tests(ci): add ubuntu24 CRI-O calico upgrade and scale coverage ( #12990 )
...
tests: fix yamllint empty-lines in ubuntu24-crio-scale
ci: run ubuntu24-crio-upgrade in regular PR matrix
2026-02-13 08:32:00 +05:30
labaq
259c84d85f
add fedora 42 CI support ( #12989 )
2026-02-12 23:40:01 +05:30
Srishti Jaiswal
054f7bf07b
use admin.conf for local kubeconfig ( #12997 )
2026-02-12 22:08:01 +05:30
Srishti Jaiswal
31c33015c4
Use calico crds.yaml for KDD CRDs and drop tarball artifacts ( #12985 )
2026-02-12 20:40:00 +05:30
Srishti Jaiswal
46058349ce
use kubeadm:cluster-admins for admin kubeconfig ( #12998 )
2026-02-12 19:06:01 +05:30
Srishti Jaiswal
d5b91828a3
Use kubeam kubeconfig user instead of generating a kubeconfig with Ansible ( #12958 )
2026-02-12 15:16:01 +05:30
botsz
69258075e0
docs: update ansible-playbook inventory path in README ( #12615 ) ( #12992 )
2026-02-12 13:28:00 +05:30
ChengHao Yang
6965d8ded9
Support Fedora 41 ( #12138 )
...
* Add Fedora 41 CI support
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com >
* Docs: add fedora41 support
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com >
* Add Fedora 41 local vagrant test
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com >
* Fix: Fedora 41+ need python3-libdnf5 for package management
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com >
---------
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com >
2026-02-11 08:26:01 +05:30
Meza
8bd5045ecf
cleanup: Deprecate Ingress-Nginx from kubernetes-apps ( #12767 )
...
* [docs] Remove ingress-nginx references in docs and scripts jinja
Signed-off-by: Meza <meza-xyz@proton.me >
* Remove ingress-nginx doc and remove references in readme and sidebar
Signed-off-by: Meza <meza-xyz@proton.me >
* Delete ingress-nginx dir from kubernetes-apps
Signed-off-by: Meza <meza-xyz@proton.me >
* Delete ingress-nginx from inventory addons
Signed-off-by: Meza <meza-xyz@proton.me >
* Delete ingress_nginx_enabled from default main
Signed-off-by: Meza <meza-xyz@proton.me >
* Delete ingress_nginx from download
Signed-off-by: Meza <meza-xyz@proton.me >
* Delete ingress_nginx from dependencies
Signed-off-by: Meza <meza-xyz@proton.me >
* Remove ingress_nginx from registry task
Signed-off-by: Meza <meza-xyz@proton.me >
---------
Signed-off-by: Meza <meza-xyz@proton.me >
2026-02-10 20:22:04 +05:30
Micke Nordin
8f73dc9c2f
Add services RBAC for calico-kube-controllers in KDD mode ( #12928 )
...
Commit 5fb85dckano@sunet.se >
2026-02-10 19:52:02 +05:30
Ali Afsharzadeh
cc05dd4d14
Upgrade ansible from 10.7.0 to 11.13.0 ( #12903 )
...
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com >
2026-02-10 19:48:07 +05:30
Mark Tsai
9582ab3dcd
image_updates: update openstack-cloud-controller to v1.35.0 ( #12972 )
2026-02-10 14:58:01 +05:30
Mohamed Omar Zaian
a77221d12b
[kubernetes] Support Kubernetes v1.35.0 ( #12812 )
2026-02-10 14:54:02 +05:30
Max Gautier
57364f4085
Patch versions updates ( #12973 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-09 21:13:25 +05:30
Max Gautier
34f43d21e3
Revert "kubelet: conditionalize staticPodPath location ( #12433 )" ( #12970 )
...
* Revert "kubelet: conditionalize staticPodPath location (#12433 )"
This reverts commit 082507cff2
2026-02-09 07:31:09 +05:30
Srishti Jaiswal
052846aa28
removed deprecated containerd_registries from test file ( #12969 )
2026-02-08 11:11:08 +05:30
neo
a563431c68
Remove Kubernetes Dashboard support ( #12858 )
2026-02-07 22:49:08 +05:30
Max Gautier
3aa0c0cc64
coredns: allow to customize service name ( #12951 )
2026-02-06 09:52:29 +05:30
chun
9bbef44e32
Bump: Prometheus Operator CRD to 0.88.1 ( #12968 )
...
Signed-off-by: hcc429 <dev.hcc29@gmail.com >
2026-02-06 08:36:30 +05:30
Srishti Jaiswal
03cfdbf2a9
add removed var validation to validate_inventory ( #12942 )
2026-02-05 15:34:31 +05:30
Jordan Liggitt
b5b599ecf8
Clean up unused nodes/proxy permission from node-feature-discovery-gc ( #12955 )
2026-02-05 15:30:34 +05:30
Max Gautier
4245ddcee8
Make etcd node removal idempotent ( #12949 )
2026-02-05 11:40:28 +05:30
Joshua N Haupt
422e7366ec
Fix Gluster image_id and update openstack_blockstorage_volume_v3 ( #12910 )
...
This fixes the Terraform Gluster Compute image_id bug and updates the openstack_blockstorage_volume_v2 to
openstack_blockstorage_volume_v3.
Resolves:
[Bug] OpenStack Compute variable handling of image_id and image_name for Gluster nodes is broken
https://github.com/kubernetes-sigs/kubespray/issues/12902
Update openstack_blockstorage_volume_v2 to openstack_blockstorage_volume_v3
https://github.com/kubernetes-sigs/kubespray/issues/12901
Signed-off-by: Joshua Nathaniel Haupt <joshua@hauptj.com >
2026-02-04 11:08:26 +05:30
Tushar240503
bf69e67240
refactor/dynamic-role-loading-network ( #12933 )
...
Signed-off-by: Tushar Sharma <tusharkumargzb6@gmail.com >
2026-02-03 21:58:29 +05:30
Tushar240503
c5c2cf16a0
Move inline defaults to defaults/main.yml ( #12926 )
2026-02-03 14:14:29 +05:30
Ali Afsharzadeh
69e042bd9e
Remove software-properties-common from pipeline.Dockerfile ( #12945 )
...
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com >
2026-02-02 20:04:32 +05:30
dependabot[bot]
20da3bb1b0
build(deps): bump cryptography from 46.0.3 to 46.0.4 ( #12944 )
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 46.0.3 to 46.0.4.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/46.0.3...46.0.4 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 46.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-02 09:26:30 +05:30
Ieere Song
4d4058ee8e
fix: typo in validate_inventory task name (missing backtick) ( #12940 )
...
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-01-31 20:02:24 +05:30
Tushar240503
f071fccc33
updated prometheus-operator crd checksum autobump ( #12939 )
...
* updated prometheus-operator crd checksum autobump
Signed-off-by: Tushar Sharma <tusharkumargzb6@gmail.com >
* updated to Next-Gen format
Signed-off-by: Tushar Sharma <tusharkumargzb6@gmail.com >
---------
Signed-off-by: Tushar Sharma <tusharkumargzb6@gmail.com >
2026-01-31 19:44:24 +05:30
Eugene Shutov
70daea701a
local_path_provisioner: add resources ( #12548 )
...
* local_path_provisioner: add resources
* Update roles/kubernetes-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-deployment.yml.j2
Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com >
---------
Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com >
2026-01-31 00:08:25 +05:30
Ali Afsharzadeh
3e42b84e94
Upgrade Dockerfile base image from Ubuntu 22.04 to 24.04 ( #12935 )
...
* Upgrade Dockerfile base image from Ubuntu 22.04 to 24.04
* Add --break-system-packages flag to testcases_run.sh file
2026-01-30 19:57:44 +05:30
Max Gautier
868ff3cea9
Auto-bump checksums on last 3 branches ( #12934 )
...
We now have all supported release branches (last 3) using the new
checksums format, which means they all work with the auto-bump tooling.
2026-01-30 15:39:44 +05:30
Max Gautier
0b69a18e35
Remove nifcloud terraform provider support (it is no longer available) ( #12936 )
...
The nifcloud terraform provider has been deleted, so remove support and
CI.
2026-01-30 15:05:44 +05:30
ChengHao Yang
e30076016c
Releng: Galaxy version upgrade to 2.31.0 ( #12909 )
...
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com >
2026-01-30 13:35:43 +05:30
ChengHao Yang
f4ccdb5e72
Docs: update 2.29.0 to 2.30.0 ( #12899 )
...
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com >
2026-01-29 23:45:50 +05:30
Max Gautier
fcecaf6943
wait for control plane node to become ready after joining ( #12794 )
...
When joining a control plane node and "upgrading" the cluster setup (for
example, to update etcd addresses after adding a new etcd) in the same
playbook run, the node can take a bit of time to become ready after
joining.
This triggers a kubeadm preflight check (ControlPlaneNodesReady) in
kubeadm upgrade, which is run directly after the join tasks.
Add a configurable wait for the control plane node to become Ready to
fix this race condition.
2026-01-28 22:15:51 +05:30
Max Gautier
37f7a86014
etcd-certs: only change necessary permissions ( #12908 )
...
We currently **recursively** set the permissions of /etc/ssl/etcd/ssl
(default path) to 700. But this removes group permission from the files
under it, and certain composents (like calio with etcd datastore) rely
on it ; thus, the upgrade of a cluster can fail because the
calico-kube-controller can't access the certs, and thus the etcd.
This works in other case because as far as I can tell, the apiserver
which do access the etcd run as root (the owner of the files, not just
the "group owner")
We also for some reasons do this twice.
Only create the etcd cert directory with the correct permissions once,
not recursively.
2026-01-27 20:25:52 +05:30
Max Gautier
fff7f10a85
Patch versions updates ( #12912 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-01-27 20:21:53 +05:30
ChengHao Yang
dc09298f7e
Docs: cilium_kube_proxy_replacement change boolean ( #12898 )
...
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com >
2026-01-27 16:43:48 +05:30
dependabot[bot]
680db0c921
build(deps): bump jmespath from 1.0.1 to 1.1.0 ( #12905 )
...
Bumps [jmespath](https://github.com/jmespath/jmespath.py ) from 1.0.1 to 1.1.0.
- [Changelog](https://github.com/jmespath/jmespath.py/blob/develop/CHANGELOG.rst )
- [Commits](https://github.com/jmespath/jmespath.py/compare/1.0.1...1.1.0 )
---
updated-dependencies:
- dependency-name: jmespath
dependency-version: 1.1.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-27 16:39:49 +05:30
dependabot[bot]
9977d4dc10
build(deps): bump actions/checkout from 6.0.1 to 6.0.2 ( #12906 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e8c483db8...de0fac2e45support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-26 20:41:53 +05:30
dependabot[bot]
1b6129566b
build(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 ( #12907 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 8.0.0 to 8.1.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](98357b18bf...c0f553fe54support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-26 20:37:51 +05:30
Ali Afsharzadeh
c3404c3685
Upgrade cilium from 1.18.5 to 1.18.6 ( #12900 )
...
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com >
2026-01-26 20:21:50 +05:30
Max Gautier
fba8708486
RELEASE.md: fix minor typo ( #12891 )
2026-01-22 16:43:29 +05:30
accuROAMC
8dacb9cd16
cri-o: fix duplicate top-level "auths" keys in registry config template ( #12845 )
...
The config.json.j2 template was generating invalid JSON when multiple
crio_registry_auth entries were defined, resulting in multiple top-level
"auths" objects being rendered, e.g.:
{
"auths": { "registry1": { "auth": "xxxx" } },
"auths": { "registry2": { "auth": "yyyy" } }
}
This change moves the loop inside the "auths" object so that all registries
are rendered as siblings under a single "auths" key, producing valid JSON:
{
"auths": {
"registry1": { "auth": "xxxx" },
"registry2": { "auth": "yyyy" }
}
}
2026-01-20 19:20:50 +05:30
