External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-03 10:38:19 -03:30
Code Issues Packages Projects Releases Wiki Activity
8,379 Commits 45 Branches 88 Tags
f77aea13e95be13cf9f03cee64c8327330340c02
Commit Graph

5540 Commits

Author SHA1 Message Date
ChengHao Yang
f77aea13e9 Cleanup: kubeadm-config v1beta4 extra args defined conditions (#12307) 
* Cleanup: kubeadm-config v1beta4 extra args defined conditions

Some variables have already been defined, so there is no need to
useconditional statements to check whether they have been defined.

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Cleanup: cloud-provider extra args

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-06-14 13:38:56 -07:00
ChengHao Yang
f810e80b6c Bump: external snapshot CRD to v0.15.0 (#12308) 
Currently, there is no reliable way to obtain individual CRD files, so
the only solution is to update first.

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-06-14 13:34:56 -07:00
Chad Swenson
b04ceba89b Fix calico CNI timeouts in reset role (#12300) 
* Fix an issue with CNI timeouts in reset role

* Consolidate secondary service removal tasks
 2025-06-13 02:54:56 -07:00
Max Gautier
f6d29a27fc Remove stale TODOs (#12298) 
Upstream consider it working as expected, won't fix
https://github.com/ansible-collections/community.general/issues/7717#issuecomment-2061880929
 2025-06-12 20:14:57 -07:00
Kubernetes Prow Robot
28d23ffc3b Merge pull request #12236 from VannTen/cleanup/bootstap+packages 
Cleanup of bootstrap and package installation
 2025-06-12 07:24:56 -07:00
Kubernetes Prow Robot
739e5e1c6b Merge pull request #12199 from tmurakam/feature/kubernetes-1.33 
[kubernetes] Support kubernetes 1.33
 2025-06-05 20:20:38 -07:00
Slavi Pantaleev
d1bd610049 Fix indentation issue in Cilium values file and ensure booleans are lowercase (#12280) 
This patch fixes the indentation in the `encryption` section.
Previously configuration like this:

```yml
cilium_encryption_enabled: true
cilium_encryption_type: wireguard
```

Would template to a `values.yaml` file with indentation that looks like this:

```yml
encryption:
  enabled: True
    type: wireguard
    nodeEncryption: False
```

instead of this:

```yml
encryption:
  enabled: true
  type: wireguard
  nodeEncryption: false
```

This syntax issue causes an error during Cilium installation.

This patch also makes all boolean values in this template file go through the `to_json` filter.
Since values like `True` and `False` are not compliant with the YAML v1.2 spec,
avoiding them is preferable.

`to_json` may be used for all other values in this template to ensure we end up with
a valid YAML document in all cases (even when various strings include special characters),
but this was left for another (future) patch.
 2025-06-05 05:48:39 -07:00
Max Gautier
5243b33bd7 Cleanup support for removed OS in bootstrap 
- centos < 8
- debian 10
 2025-06-05 11:16:25 +02:00
Max Gautier
d5b2a9b5ba opensuse: move package installation to system_packages 
No reason to special case
 2025-06-05 11:16:24 +02:00
Max Gautier
2152022926 debian-based distro: handle apt update cache when installing packages 
The package module pass options to the underlying packages manager
module if they support it. No need to handle it in bootstrap.
 2025-06-05 11:16:24 +02:00
Max Gautier
f13b80cac0 ClearLinux: remove special casing 
- put package install in system_packages
- docker should be handled by the approriate roles if used as container
  engine
 2025-06-05 11:16:23 +02:00
Shuu
a87b86c6d3 Make main_ip cacheable in facts (#12243) 2025-06-05 01:58:38 -07:00
Peter Pan
85b0be144a Fix: check expiry before do breaking renew and container restart actions (#12194) 
* Fix: check expiraty before renew

Since certificate renewal and container restarts involve higher risks,
they should be executed with extra caution.

* squash to Fix: check expiraty before renew

* squash to Fix: address more comments from VannTen

Signed-off-by: Peter Pan <Peter.Pan@daocloud.io>

---------

Signed-off-by: Peter Pan <Peter.Pan@daocloud.io>
 2025-06-05 01:04:41 -07:00
ChengHao Yang
6f7822d25c [flannel] upgrade to 0.26.7 (#12260) 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-06-05 00:42:53 -07:00
Imran Ahmed
ce26f17e9e fix unquoted san cert causing issues with ips (#12256) 2025-06-02 22:50:38 -07:00
Christos Papageorgiou
a9f600ffa2 Import centos bootstrap os task for Alma/Rocky Linux (#12264) 2025-06-02 22:42:38 -07:00
ERIK
3454cd2c69 feat: Support certificate validity period config in kubeadm v1beta4 (#12272) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2025-06-02 20:44:37 -07:00
Kubernetes Prow Robot
c7c3d2ba95 Merge pull request #12163 from VannTen/cleanup/etcd_inv_sample 
Move etcd inventory sample doc to role defaults
 2025-05-26 03:16:16 -07:00
Ali Afsharzadeh
c89c34f4d6 Update load balancers versions to Nginx 1.28.0, Haproxy 3.1.7 (#12178) 2025-05-23 20:50:34 -07:00
Max Gautier
92e8ac9de2 Remove tag 'master' (#12228) 
* Remove tag master

Following it's deprecation in 4b324cb0f (Rename master to control plane
- non-breaking changes only (#11394), 2024-09-06)

* Add fail fast path when using removed tags

- Used for the master tag, but this could be used for other things in
  the future
 2025-05-22 01:20:36 -07:00
Anshuman Agarwala
73b3e9b557 Removed weave support (#12230) 2025-05-22 01:10:36 -07:00
Max Gautier
490dece3bf Cleanup assert after 2.28 (#12245) 
Users should have used 2.28 and adapted their inventories now.
 2025-05-21 20:28:35 -07:00
Takuya Murakami
16c05338d9 Update cri-o to 1.33.0 for kubernetes 1.33 
Use ubuntu 22.04 for molecule test of cri-o,
because crun included in the cri-o does not work on
ubuntu 20.04.
 2025-05-22 08:43:03 +09:00
Takuya Murakami
8ad1253b4f [kubernetes] Support kubernetes 1.33.1 
- Add checksum entries.
- Set min required version to Kubernetes 1.31.x
- Update supported versions
- Refactor coredns_version
 2025-05-21 23:56:47 +09:00
Ekko
6c5c45b328 Allow stopping ubuntu unattended-upgrades (#12174) 
Signed-off-by: Ekko Tu <lihai.tu@daocloud.io>
 2025-05-20 01:07:16 -07:00
ChengHao Yang
1266527014 Add cilium cli binary hash before 0.18.3 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:15 +08:00
ChengHao Yang
5e2e63ebe3 Make cilium dnsProxy transparent mode configure 
When Cilium is configured to replace kube-proxy, it automatically
enables dnsProxy, which can conflict with nodelocaldns.
 2025-05-19 08:48:15 +08:00
ChengHao Yang
db290ca686 Add cilium gateway api support 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:15 +08:00
ChengHao Yang
6619d98682 Add cilium hubble export dynamic content 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:15 +08:00
ChengHao Yang
b771d73fe0 Add cilium hubble export file max backups & size mb 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:15 +08:00
ChengHao Yang
65751e8193 Add cilium operator tolerations default values 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:15 +08:00
ChengHao Yang
4c16fc155f Cilium values k8sServiceHost and k8sServicePort use auto 
Signed-off-by: ChengHao Yang
<17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:14 +08:00
ChengHao Yang
dcd3461bce Cilium values use image variables 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:14 +08:00
ChengHao Yang
48f75c2c2b Upgrade Cilium related images 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:14 +08:00
ChengHao Yang
a4b73c09a7 Upgrade cilium version to 1.17.3 
Signed-off-by: ChengHao Yang
<17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:14 +08:00
ChengHao Yang
86437730de Use cilium-cli install Cilium 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:14 +08:00
ChengHao Yang
6fe64323db Remove old cilium templates install 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:13 +08:00
ChengHao Yang
1e471d5eeb Upgrade outdated cilium_min_version_required 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:11 +08:00
Max Gautier
3a2862ea19 Move checksums to kubespray_defaults/vars (#12234) 
The checksums are not a defaults and are not meant to be changed from
the inventories.

Furthermore, role defaults have a lower priority that hosts facts, which
technically means a rogue hosts could hijack the hashes for its
variables.
 2025-05-18 16:13:14 -07:00
ErmolenkoMaxim
46a0dc9a51 Add support for hubble-export-file-max-backups and max-size-mb variables (#12072) 
* feat(cilium): add configurable Hubble export log rotation parameters

- Adds support for `cilium_hubble_export_file_max_backups` and `cilium_hubble_export_file_max_size_mb`
- Applies values only if `cilium_hubble_export_file_path` is defined
- Default values are set in role defaults
- Cleans up template logic by removing unnecessary conditionals

* Fix indentation for hubble export settings

* Fix undefined variable issue with ipwrap in kubeconfig override that caused pre-commit errors

* Update main.yml

rollback
 2025-05-17 00:35:13 -07:00
Max Gautier
faae36086c Patch versions updates (#12226) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-05-16 14:13:14 -07:00
Max Gautier
9c2bdeec63 Decouple etcd defaults in a separate role 
This allows us to reuse the defaults in other places without putting
everything in kubespray-defaults.

In that, for kubernetes/control-plane.
 2025-05-16 14:51:29 +02:00
ERIK
e4c0c427a3 improve NTP package conflict handling (#12212) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2025-05-16 03:55:14 -07:00
Antoine Legrand
5c07c6e6d3 Add option to [not] install coredns via Kubespray (#12218) 2025-05-16 03:23:13 -07:00
Takuya Murakami
c6dfe22a41 Improve logging of kubeadm init failure of first control plane node (#12216) 
Split retry task of 'kubeadm init' to show the failure log of
the first execution.
 2025-05-16 03:01:13 -07:00
Seena Fallah
ec85b7e2c9 download: respect enable_dns_autoscaler when enabling dnsautoscaler (#12217) 
dnsautoscaler should only be enabled when enable_dns_autoscaler is
set to true. without this, it could be enabled without any manifest
actually using it, which makes it a false signal.

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
 2025-05-15 12:45:13 -07:00
Kubernetes Prow Robot
acd6872c80 Merge pull request #12219 from VannTen/test/ha_etcd_separate 
Fix broken workaround for separate etcd setup
 2025-05-15 12:39:14 -07:00
Max Gautier
22d3cf9c2b Move 'pretend certificates' **after** cert distribution 
The link target will only exist after we distribute the certs on each node.
 2025-05-15 18:35:34 +02:00
Hyeonki Hong
2c3b6c9199 feat: add trigger to restart kube-apiserver when config files change (#12172) 
* feat: add trigger to restart kube-apiserver when config files change

* fix: remove not upgrade_cluster_setup condition

* refactor: streamline kube-apiserver restart notifications
 2025-05-15 06:51:14 -07:00
Max Gautier
a55932e1de Patch versions updates (#12204) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-05-14 18:55:20 -07:00