External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-23 05:56:02 -03:30
Code Issues Packages Projects Releases Wiki Activity
7,802 Commits 46 Branches 88 Tags
d54cfba6c2eda8e10085ff0125745b09bb309350
Commit Graph

71 Commits

Author SHA1 Message Date
M. Hamzah Khan
d54cfba6c2 Fix SAN check on newer versions versions of openssl (#11277) 2024-09-09 10:04:27 +01:00
Bogdan Sass
4b324cb0f0 Rename master to control plane - non-breaking changes only (#11394) 
K8s is moving away from the "master" terminology, so kubespray should follow the same naming conventions. See 65d886bb30/sig-architecture/naming/recommendations/001-master-control-plane.md
 2024-09-06 07:56:19 +01:00
Takuya Murakami
c89ea7e4c7 Fix: remove --config option from kubeadm upgrade (#11350) (#11352) 
We can't mix some options with --config for kubeadm upgrade.
The --config on upgrade is deprecated, and should be removed.
 2024-08-29 03:08:29 +01:00
Vlad Korolev
9a7b021eb8 Do not use ‘yes/no’ for boolean values (#11472) 
Consistent boolean values in ansible playbooks
 2024-08-28 06:30:56 +01:00
Lihai Tu
8208a3f04f Rename systemd module to systemd_service (#11396) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-07-26 01:11:39 -07:00
Bas
8f5f75211f Improving yamllint configuration (#11389) 
Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>
 2024-07-25 18:42:20 -07:00
Lilian ARAGO
929c818b63 Fixed joined_control_planes when ansible_hostvars references a variable (#11060) 2024-04-19 03:20:58 -07:00
Nicolas Goudry
c6fcbf6ee0 Remove access to cluster from anonymous users (#11016) 
* feat: add user facing variable with default

* feat: remove rolebinding to anonymous users after init and upgrade

* feat: use file discovery for secondary control plane nodes

* feat: use file discovery for nodes

* fix: do not fail if rolebinding does not exist

* docs: add warning about kube_api_anonymous_auth

* style: improve readability of delegate_to parameter

* refactor: rename discovery kubeconfig file

* test: enable new variable in hardening and upgrade test cases

* docs: add option to config parameters

* test: multiple instances and upgrade
 2024-04-02 23:54:12 -07:00
Ugur Can Ozturk
7863fde552 [apiserver-kubelet/tracing]: add distributed tracing config variables (#10795) 
* [apiserver-kubelet/tracing]: add distributed tracing config flags

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

* [apiserver-kubelet/tracing]: add distributed tracing config flags - fix

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

* [apiserver-kubelet/tracing]: add distributed tracing config flags - fix

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

---------

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
 2024-01-25 10:24:35 +01:00
kimsehwan96
758d34a7d1 Fix typo mistake in roles/kubernetes/control-plane/tasks/define-first-kube-control.yml 
- Fix 'Set fact joined_control_panes' into 'Set fact joined_control_planes'
 2024-01-24 13:39:39 +01:00
Max Gautier
471326f458 Remove PodSecurityPolicy support and references (#10723) 
This is removed from kubernetes since 1.25, time to cut some dead code.
 2023-12-18 14:13:43 +01:00
jandres - moscardo
cb848fa7cb New PR default node selector (#10607) 2023-12-12 14:51:26 +01:00
Max Gautier
81a3f81aa1 Revert "Update etcd-servers for apiserver (#8253)" (#10652) 
This reverts commit ee0f1e9d58.

Avoid restarting all api servers at once by changing their config.
 2023-12-12 11:22:38 +01:00
Max Gautier
0d4f57aa22 Validate systemd unit files (#10597) 
* Validate systemd unit files

This ensure that we fail early if we have a bad systemd unit file
(syntax error, using a version not available in the local version, etc)

* Hack to check systemd version for service files validation

factory-reset.target was introduced in system 250, same version as the
aliasing feature we need for verifying systemd services with ansible.
So we only actually executes the validation if that target is present.

This is an horrible hack which should be reverted as soon as we drop
support for distributions with systemd<250.
 2023-11-17 20:01:23 +01:00
Louis Tu
fa9e41047e Add kubectl alias support (#10552) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2023-10-30 17:23:19 +01:00
Unai Arríen
228efcba0e Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/con… (#10464) 
* Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane

* Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane

* Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane
 2023-10-17 21:39:40 +02:00
Max Gautier
401ea552c2 Cleanup a deprecation warning (ipaddr filter) (#10518) 2023-10-17 09:45:11 +02:00
Jason Witkowski
7b2586943b Fix: kube-apiserver tag will overwrite secrets-at-rest token if used independently (#10460) 
Signed-off-by: Jason Witkowski <jwitko1@gmail.com>
 2023-09-21 06:55:29 -07:00
Samuel Liu
e1881fae02 Install etcdutl file by default (#10385) 2023-08-23 07:04:22 -07:00
Arthur Outhenin-Chalandre
d21bfb84ad project: resolve ansible-lint key-order rule (#10314) 
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
 2023-08-10 00:57:27 -07:00
Arthur Outhenin-Chalandre
36e5d742dc Resolve ansible-lint name errors (#10253) 
* project: fix ansible-lint name

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: ignore jinja template error in names

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: capitalize ansible name

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: update notify after name capitalization

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
 2023-07-26 07:36:22 -07:00
Arthur Outhenin-Chalandre
5d00b851ce project: fix var-spacing ansible rule (#10266) 
* project: fix var-spacing ansible rule

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing on the beginning/end of jinja template

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing of default filter

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing between filter arguments

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix double space at beginning/end of jinja

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix remaining jinja[spacing] ansible-lint warning

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
 2023-07-04 20:36:54 -07:00
Arthur Outhenin-Chalandre
f8f197e26b Fix outdated tag and experimental ansible-lint rules (#10254) 
* project: fix outdated tag and experimental

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: remove no longer useful noqa 301

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: replace unnamed-task by name[missing]

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix daemon-reload -> daemon_reload

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
 2023-06-30 02:51:57 -07:00
ERIK
ce13699dfa Use a uniform way to get the local path of the binaries (#10211) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2023-06-12 00:39:48 -07:00
R. P. Taylor
a676c106d3 change bash for loop for SAN check (#9060) 
fix merge conflict
 2023-03-27 06:36:30 -07:00
Marijn van der Giesen
eb4bd36f73 fix(kubernetes): Also apply kubeadm patches during upgrade (#9781) 2023-03-09 13:50:30 -08:00
Maxime Leroy
fd8260b930 fix(upgrade-cluster): retry other masters upgrade (#9768) 
Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
 2023-03-03 05:44:58 -08:00
Bas
2c93c997cf pre-commit autocorrected files (#9750) 2023-02-06 01:35:16 -08:00
tu1h
791064a3d9 Allow custom timeout for kubeadm init (#9617) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>

Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2022-12-27 00:53:28 -08:00
William Turner
eeb376460d Fix inconsistent handling of admission plugin list (#9407) 
* Fix inconsistent handling of admission plugin list

* Adjust hardening doc with the normalized admission plugin list

* Add pre-check for admission plugins format change

* Ignore checking admission plugins value when variable is not defined
 2022-10-26 00:28:37 -07:00
Huang Chen-Yi
d689f57c94 Features/support kubeadm patches v1beta3 (#9326) 
* Support kubeadm patches in v1beta3

* Update kubeadm patches sample files in inventory

* Fix pre-commit syntax

* Set kubeadm_patches  enabled to false in sample inventory
 2022-10-06 00:39:52 -07:00
Kay Yan
f592fa1235 add kube-vip sans (#9099) 2022-07-19 13:11:28 -07:00
Kay Yan
d4de9d096f fix-the-issue-of-miss-the-etcd-user (#9016) 2022-06-28 09:13:58 -07:00
Alessio Greggi
97b4d79ed5 feat: make kubernetes owner parametrized (#8952) 
* feat: make kubernetes owner parametrized

* docs: update hardening guide with configuration for CIS 1.1.19

* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
 2022-06-17 01:34:32 -07:00
Calin Cristian Andrei
2cd8c51a07 [kubeadm] use v1beta3 configuration version 
* extra admission controls now don't have a version in their file names
  eventratelimit.v1beta2.yaml.j2 -> eventratelimit.yaml.j2
* cri_socket variable includes the unix:// prefix to be conformat with
  upstream
 2022-06-15 00:57:20 -07:00
Robin Wallace
42fc71fafa [PodSecurityPolicy] Move the install of psp (#8744) 2022-05-09 09:21:19 -07:00
Alessio Greggi
fa1d222eee add support for EventRateLimit plugin configuration (#8711) 
* feat: add support for EventRateLimit admission plugin

* docs: add documentation about admission_control_config_file and EventRateLimit configuration
 2022-05-02 11:03:15 -07:00
Cristian Calin
3261d26181 [etcd] ensure etcd is properly upgraded when managed by kubeadm (#8722) 
* [etcd] ensure etcd is properly upgraded when managed by kubeadm

* [CI] add periodic job to test upgrade of etcd managed by kubeadm
 2022-04-17 10:32:41 -07:00
Julien Le Fur
30306d6ec7 Enable external CA mode for control-plane deployment (#8620) 2022-04-12 05:47:23 -07:00
Necatican Yıldırım
e9c8913248 Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable (#8317) 
* Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Add etcd kubeadm deployment documentation

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Refactor warning for the deprecated 'etcd_kubeadm_enabled' variable

Signed-off-by: necatican <necaticanyildirim@gmail.com>
 2022-02-22 08:53:16 -08:00
Florian Ruynat
7c67ec4976 Fix kubectl call before installing it (#8412) 2022-01-12 23:12:29 -08:00
Unai Arríen
57a1d18db3 Improve first_kube_control_plane variable management to avoid installation failures due to variable overlapping (#8388) 2022-01-10 01:35:19 -08:00
Max Gautier
cb54eb40ce Use a variable for standardizing kubectl invocation (#8329) 
* Add kubectl variable

* Replace kubectl usage by kubectl variable in roles

* Remove redundant --kubeconfig on kubectl usage

* Replace unecessary shell usage with command
 2022-01-05 02:26:32 -08:00
Cristian Calin
c1954ff918 Support deploying kubernetes 1.23 (#8323) 
* Ensure entries for 1.23 are added for supported_versions vars

* cri-o: add support for kubernetes 1.23 but still use cri-o 1.22

* kubescheduler-config: diferentiate config versions based on kube_version
 2021-12-21 01:38:46 -08:00
Alvaro Campesino
27ab364df5 Improve control plane scale flow (#13) (#7989) 
* Improve control plane scale flow (#13)

* Added version 1.20.10 of K8s

* Setting first_kube_control_plane to a existing one

* Setting first_kube_control_plane to a existing one

* change first_kube_master for first_kube_control_plane

* Ansible-lint changes
 2021-12-06 00:16:32 -08:00
Samuel Liu
ee0f1e9d58 Update etcd-servers for apiserver (#8253) 2021-12-03 00:28:27 -08:00
Necatican Yıldırım
1a57780a75 Add kubeadm_join_phases_skip variable (#8067) 
* Add kubeadm_join_phases_skip variable

* Update kubeadm_join_phases_skip comment

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* Add kubeadm_join_phases_skip_default variable to follow the same logic with kubeadm_init_phases_skip

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
 2021-10-11 09:36:41 -07:00
Kenichi Omichi
843252c968 Use kube_config_dir for kubeconfig (#7996) 
The path of kubeconfig should be configurable, and its default value
is /etc/kubernetes/admin.conf. Most paths of the file are configurable
but some were not. This make those configurable.
 2021-09-23 10:19:13 -07:00
Hari Hud
30cd91dc6b Add option to kubeadm upgrade command to control certificates renewal during control plane upgrade (#7976) 
* Add option to kubeadm upgrade command to control certificates renewal during control plane upgrade

* Remove training whitespace
 2021-09-17 04:31:00 -07:00
Cristian Calin
7516fe142f Move to Ansible 3.4.0 (#7672) 
* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10

* Docs: add a note about ansible upgrade post 2.9.x

* CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures

* Ansible: use newer ansible-lint

* Fix ansible-lint 5.0.11 found issues

* syntax issues
* risky-file-permissions
* var-naming
* role-name
* molecule tests

* Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+

* Pin ansible-base to 2.10.11 to get package fix on RHEL8
 2021-07-12 00:00:47 -07:00