mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-02-15 18:20:02 -03:30
Compare commits
1 Commits
component_
...
TEST-PR-CI
| Author | SHA1 | Date | |
|---|---|---|---|
|
aaf2f85d83 |
@@ -41,8 +41,7 @@ pr:
|
||||
- debian12-cilium
|
||||
- debian13-cilium
|
||||
- fedora39-kube-router
|
||||
- fedora41-kube-router
|
||||
- fedora42-calico
|
||||
- openeuler24-calico
|
||||
- rockylinux9-cilium
|
||||
- rockylinux10-cilium
|
||||
- ubuntu22-calico-all-in-one
|
||||
@@ -50,25 +49,13 @@ pr:
|
||||
- ubuntu24-calico-etcd-datastore
|
||||
- ubuntu24-calico-all-in-one-hardening
|
||||
- ubuntu24-cilium-sep
|
||||
- ubuntu24-crio-scale
|
||||
- ubuntu24-crio-upgrade
|
||||
- ubuntu24-flannel-collection
|
||||
- ubuntu24-kube-router-sep
|
||||
- ubuntu24-kube-router-svc-proxy
|
||||
- ubuntu24-ha-separate-etcd
|
||||
- flatcar4081-calico
|
||||
- fedora40-flannel-crio-collection-scale
|
||||
|
||||
# This is for flakey test so they don't disrupt the PR worklflow too much.
|
||||
# Jobs here MUST have a open issue so we don't lose sight of them
|
||||
pr-flakey:
|
||||
extends: pr
|
||||
retry: 1
|
||||
parallel:
|
||||
matrix:
|
||||
- TESTCASE:
|
||||
- flatcar4081-calico # https://github.com/kubernetes-sigs/kubespray/issues/12309
|
||||
- openeuler24-calico # https://github.com/kubernetes-sigs/kubespray/issues/12877
|
||||
|
||||
# The ubuntu24-calico-all-in-one jobs are meant as early stages to prevent running the full CI if something is horribly broken
|
||||
ubuntu24-calico-all-in-one:
|
||||
stage: deploy-part1
|
||||
@@ -104,8 +91,6 @@ pr_full:
|
||||
- debian12-custom-cni-helm
|
||||
- fedora39-calico-swap-selinux
|
||||
- fedora39-crio
|
||||
- fedora41-calico-swap-selinux
|
||||
- fedora41-crio
|
||||
- ubuntu24-calico-ha-wireguard
|
||||
- ubuntu24-flannel-ha
|
||||
- ubuntu24-flannel-ha-once
|
||||
@@ -165,7 +150,6 @@ periodic:
|
||||
- debian12-cilium-svc-proxy
|
||||
- fedora39-calico-selinux
|
||||
- fedora40-docker-calico
|
||||
- fedora41-calico-selinux
|
||||
- ubuntu24-calico-etcd-kubeadm-upgrade-ha
|
||||
- ubuntu24-calico-ha-recover
|
||||
- ubuntu24-calico-ha-recover-noquorum
|
||||
|
||||
@@ -35,8 +35,8 @@ RUN --mount=type=bind,source=requirements.txt,target=requirements.txt \
|
||||
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
|
||||
|
||||
RUN OS_ARCHITECTURE=$(dpkg --print-architecture) \
|
||||
&& curl -L "https://dl.k8s.io/release/v1.35.1/bin/linux/${OS_ARCHITECTURE}/kubectl" -o /usr/local/bin/kubectl \
|
||||
&& echo "$(curl -L "https://dl.k8s.io/release/v1.35.1/bin/linux/${OS_ARCHITECTURE}/kubectl.sha256")" /usr/local/bin/kubectl | sha256sum --check \
|
||||
&& curl -L "https://dl.k8s.io/release/v1.34.3/bin/linux/${OS_ARCHITECTURE}/kubectl" -o /usr/local/bin/kubectl \
|
||||
&& echo "$(curl -L "https://dl.k8s.io/release/v1.34.3/bin/linux/${OS_ARCHITECTURE}/kubectl.sha256")" /usr/local/bin/kubectl | sha256sum --check \
|
||||
&& chmod a+x /usr/local/bin/kubectl
|
||||
|
||||
COPY *.yml ./
|
||||
|
||||
16
README.md
16
README.md
@@ -1,3 +1,6 @@
|
||||
TEST PR
|
||||
|
||||
|
||||
# Deploy a Production Ready Kubernetes Cluster
|
||||
|
||||
|
||||
@@ -90,7 +93,7 @@ vagrant up
|
||||
- **Debian** Bookworm, Bullseye, Trixie
|
||||
- **Ubuntu** 22.04, 24.04
|
||||
- **CentOS Stream / RHEL** [9, 10](docs/operating_systems/rhel.md#rhel-8)
|
||||
- **Fedora** 39, 40, 41, 42
|
||||
- **Fedora** 39, 40
|
||||
- **Fedora CoreOS** (see [fcos Note](docs/operating_systems/fcos.md))
|
||||
- **openSUSE** Leap 15.x/Tumbleweed
|
||||
- **Oracle Linux** [9, 10](docs/operating_systems/rhel.md#rhel-8)
|
||||
@@ -111,11 +114,11 @@ Note:
|
||||
<!-- BEGIN ANSIBLE MANAGED BLOCK -->
|
||||
|
||||
- Core
|
||||
- [kubernetes](https://github.com/kubernetes/kubernetes) 1.35.1
|
||||
- [etcd](https://github.com/etcd-io/etcd) 3.5.27
|
||||
- [kubernetes](https://github.com/kubernetes/kubernetes) 1.34.3
|
||||
- [etcd](https://github.com/etcd-io/etcd) 3.5.26
|
||||
- [docker](https://www.docker.com/) 28.3
|
||||
- [containerd](https://containerd.io/) 2.2.1
|
||||
- [cri-o](http://cri-o.io/) 1.35.0 (experimental: see [CRI-O Note](docs/CRI/cri-o.md). Only on fedora, ubuntu and centos based OS)
|
||||
- [cri-o](http://cri-o.io/) 1.34.4 (experimental: see [CRI-O Note](docs/CRI/cri-o.md). Only on fedora, ubuntu and centos based OS)
|
||||
- Network Plugin
|
||||
- [cni-plugins](https://github.com/containernetworking/plugins) 1.8.0
|
||||
- [calico](https://github.com/projectcalico/calico) 3.30.6
|
||||
@@ -127,7 +130,8 @@ Note:
|
||||
- [kube-vip](https://github.com/kube-vip/kube-vip) 1.0.3
|
||||
- Application
|
||||
- [cert-manager](https://github.com/jetstack/cert-manager) 1.15.3
|
||||
- [coredns](https://github.com/coredns/coredns) 1.12.4
|
||||
- [coredns](https://github.com/coredns/coredns) 1.12.1
|
||||
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx) 1.13.3
|
||||
- [argocd](https://argoproj.github.io/) 2.14.5
|
||||
- [helm](https://helm.sh/) 3.18.4
|
||||
- [metallb](https://metallb.universe.tf/) 0.13.9
|
||||
@@ -201,6 +205,8 @@ See also [Network checker](docs/advanced/netcheck.md).
|
||||
|
||||
## Ingress Plugins
|
||||
|
||||
- [nginx](https://kubernetes.github.io/ingress-nginx): the NGINX Ingress Controller.
|
||||
|
||||
- [metallb](docs/ingress/metallb.md): the MetalLB bare-metal service LoadBalancer provider.
|
||||
|
||||
## Community docs and resources
|
||||
|
||||
3
Vagrantfile
vendored
3
Vagrantfile
vendored
@@ -35,9 +35,6 @@ SUPPORTED_OS = {
|
||||
"fedora40" => {box: "fedora/40-cloud-base", user: "vagrant"},
|
||||
"fedora39-arm64" => {box: "bento/fedora-39-arm64", user: "vagrant"},
|
||||
"fedora40-arm64" => {box: "bento/fedora-40", user: "vagrant"},
|
||||
"fedora41" => {box: "fedora/41-cloud-base", user: "vagrant"},
|
||||
"fedora42" => {box: "fedora/42-cloud-base", user: "vagrant"},
|
||||
"fedora41-bento" => {box: "bento/fedora-41", user: "vagrant"},
|
||||
"opensuse" => {box: "opensuse/Leap-15.6.x86_64", user: "vagrant"},
|
||||
"opensuse-tumbleweed" => {box: "opensuse/Tumbleweed.x86_64", user: "vagrant"},
|
||||
"oraclelinux" => {box: "generic/oracle7", user: "vagrant"},
|
||||
|
||||
@@ -51,7 +51,7 @@ To generate kubespray inventory based on the terraform state file you can run th
|
||||
You should now have a inventory file named `inventory.ini` that you can use with kubespray, e.g.
|
||||
|
||||
```bash
|
||||
ansible-playbook -i contrib/terraform/gcp/inventory.ini cluster.yml -b -v
|
||||
ansible-playbook -i contrib/terraform/gcs/inventory.ini cluster.yml -b -v
|
||||
```
|
||||
|
||||
## Variables
|
||||
|
||||
@@ -1006,7 +1006,7 @@ resource "openstack_compute_instance_v2" "glusterfs_node_no_floating_ip" {
|
||||
name = "${var.cluster_name}-gfs-node-nf-${count.index + 1}"
|
||||
count = var.number_of_gfs_nodes_no_floating_ip
|
||||
availability_zone = element(var.az_list, count.index)
|
||||
image_id = var.gfs_root_volume_size_in_gb == 0 ? local.image_to_use_gfs : null
|
||||
image_name = var.gfs_root_volume_size_in_gb == 0 ? local.image_to_use_gfs : null
|
||||
flavor_id = var.flavor_gfs_node
|
||||
key_pair = openstack_compute_keypair_v2.k8s.name
|
||||
|
||||
@@ -1078,7 +1078,7 @@ resource "openstack_networking_floatingip_associate_v2" "k8s_nodes" {
|
||||
port_id = openstack_networking_port_v2.k8s_nodes_port[each.key].id
|
||||
}
|
||||
|
||||
resource "openstack_blockstorage_volume_v3" "glusterfs_volume" {
|
||||
resource "openstack_blockstorage_volume_v2" "glusterfs_volume" {
|
||||
name = "${var.cluster_name}-glusterfs_volume-${count.index + 1}"
|
||||
count = var.gfs_root_volume_size_in_gb == 0 ? var.number_of_gfs_nodes_no_floating_ip : 0
|
||||
description = "Non-ephemeral volume for GlusterFS"
|
||||
@@ -1088,5 +1088,5 @@ resource "openstack_blockstorage_volume_v3" "glusterfs_volume" {
|
||||
resource "openstack_compute_volume_attach_v2" "glusterfs_volume" {
|
||||
count = var.gfs_root_volume_size_in_gb == 0 ? var.number_of_gfs_nodes_no_floating_ip : 0
|
||||
instance_id = element(openstack_compute_instance_v2.glusterfs_node_no_floating_ip.*.id, count.index)
|
||||
volume_id = element(openstack_blockstorage_volume_v3.glusterfs_volume.*.id, count.index)
|
||||
volume_id = element(openstack_blockstorage_volume_v2.glusterfs_volume.*.id, count.index)
|
||||
}
|
||||
|
||||
1
docs/_sidebar.md
generated
1
docs/_sidebar.md
generated
@@ -57,6 +57,7 @@
|
||||
* [Setting-up-your-first-cluster](/docs/getting_started/setting-up-your-first-cluster.md)
|
||||
* Ingress
|
||||
* [Alb Ingress Controller](/docs/ingress/alb_ingress_controller.md)
|
||||
* [Ingress Nginx](/docs/ingress/ingress_nginx.md)
|
||||
* [Kube-vip](/docs/ingress/kube-vip.md)
|
||||
* [Metallb](/docs/ingress/metallb.md)
|
||||
* Operating Systems
|
||||
|
||||
@@ -30,7 +30,14 @@ If you don't have a TLS Root CA certificate and key available, you can create th
|
||||
|
||||
A common use-case for cert-manager is requesting TLS signed certificates to secure your ingress resources. This can be done by simply adding annotations to your Ingress resources and cert-manager will facilitate creating the Certificate resource for you. A small sub-component of cert-manager, ingress-shim, is responsible for this.
|
||||
|
||||
For example, if you're using the Traefik ingress controller, you can secure the Prometheus ingress by adding the annotation `cert-manager.io/cluster-issuer: ca-issuer` and the `spec.tls` section to the `Ingress` resource definition.
|
||||
To enable the Nginx Ingress controller as part of your Kubespray deployment, simply edit your K8s cluster addons inventory e.g. `inventory\sample\group_vars\k8s_cluster\addons.yml` and set `ingress_nginx_enabled` to true.
|
||||
|
||||
```ini
|
||||
# Nginx ingress controller deployment
|
||||
ingress_nginx_enabled: true
|
||||
```
|
||||
|
||||
For example, if you're using the Nginx ingress controller, you can secure the Prometheus ingress by adding the annotation `cert-manager.io/cluster-issuer: ca-issuer` and the `spec.tls` section to the `Ingress` resource definition.
|
||||
|
||||
```yaml
|
||||
apiVersion: networking.k8s.io/v1
|
||||
@@ -41,9 +48,9 @@ metadata:
|
||||
labels:
|
||||
prometheus: k8s
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: "nginx"
|
||||
cert-manager.io/cluster-issuer: ca-issuer
|
||||
spec:
|
||||
ingressClassName: "traefik"
|
||||
tls:
|
||||
- hosts:
|
||||
- prometheus.example.com
|
||||
@@ -65,8 +72,8 @@ Once deployed to your K8s cluster, every 3 months cert-manager will automaticall
|
||||
|
||||
Please consult the official upstream documentation:
|
||||
|
||||
- [cert-manager Ingress Usage](https://cert-manager.io/usage/ingress/)
|
||||
- [cert-manager Ingress Tutorial](https://cert-manager.io/tutorials/acme/ingress/#step-3-assign-a-dns-name)
|
||||
- [cert-manager Ingress Usage](https://cert-manager.io/v1.5-docs/usage/ingress/)
|
||||
- [cert-manager Ingress Tutorial](https://cert-manager.io/v1.5-docs/tutorials/acme/ingress/#step-3-assign-a-dns-name)
|
||||
|
||||
### ACME
|
||||
|
||||
@@ -74,12 +81,12 @@ The ACME Issuer type represents a single account registered with the Automated C
|
||||
|
||||
Certificates issued by public ACME servers are typically trusted by client’s computers by default. This means that, for example, visiting a website that is backed by an ACME certificate issued for that URL, will be trusted by default by most client’s web browsers. ACME certificates are typically free.
|
||||
|
||||
- [ACME Configuration](https://cert-manager.io/docs/configuration/acme/)
|
||||
- [ACME HTTP Validation](https://cert-manager.io/docs/tutorials/acme/http-validation/)
|
||||
- [HTTP01 Challenges](https://cert-manager.io/docs/configuration/acme/http01/)
|
||||
- [ACME DNS Validation](https://cert-manager.io/docs/tutorials/acme/dns-validation/)
|
||||
- [DNS01 Challenges](https://cert-manager.io/docs/configuration/acme/dns01/)
|
||||
- [ACME FAQ](https://cert-manager.io/docs/troubleshooting/acme/)
|
||||
- [ACME Configuration](https://cert-manager.io/v1.5-docs/configuration/acme/)
|
||||
- [ACME HTTP Validation](https://cert-manager.io/v1.5-docs/tutorials/acme/http-validation/)
|
||||
- [HTTP01 Challenges](https://cert-manager.io/v1.5-docs/configuration/acme/http01/)
|
||||
- [ACME DNS Validation](https://cert-manager.io/v1.5-docs/tutorials/acme/dns-validation/)
|
||||
- [DNS01 Challenges](https://cert-manager.io/v1.5-docs/configuration/acme/dns01/)
|
||||
- [ACME FAQ](https://cert-manager.io/v1.5-docs/faq/acme/)
|
||||
|
||||
#### ACME With An Internal Certificate Authority
|
||||
|
||||
|
||||
@@ -31,8 +31,8 @@ If the latest version supported according to pip is 6.7.0 it means you are runni
|
||||
Based on the table below and the available python version for your ansible host you should choose the appropriate ansible version to use with kubespray.
|
||||
|
||||
| Ansible Version | Python Version |
|
||||
|-------------------|----------------|
|
||||
| >=2.18.0, <2.19.0 | 3.11-3.13 |
|
||||
|-----------------|----------------|
|
||||
| >= 2.17.3 | 3.10-3.12 |
|
||||
|
||||
## Customize Ansible vars
|
||||
|
||||
@@ -78,6 +78,7 @@ The following tags are defined in playbooks:
|
||||
| crio | Configuring crio container engine for hosts |
|
||||
| crun | Configuring crun runtime |
|
||||
| csi-driver | Configuring csi driver |
|
||||
| dashboard | Installing and configuring the Kubernetes Dashboard |
|
||||
| dns | Remove dns entries when resetting |
|
||||
| docker | Configuring docker engine runtime for hosts |
|
||||
| download | Fetching container images to a delegate host |
|
||||
|
||||
@@ -145,6 +145,7 @@ upstream_dns_servers:
|
||||
- 1.0.0.1
|
||||
|
||||
# Extensions
|
||||
ingress_nginx_enabled: True
|
||||
helm_enabled: True
|
||||
cert_manager_enabled: True
|
||||
metrics_server_enabled: True
|
||||
|
||||
@@ -13,8 +13,6 @@ debian12 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: |
|
||||
debian13 | :white_check_mark: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: |
|
||||
fedora39 | :white_check_mark: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: |
|
||||
fedora40 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
fedora41 | :white_check_mark: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: |
|
||||
fedora42 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
flatcar4081 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
openeuler24 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
rockylinux10 | :white_check_mark: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: |
|
||||
@@ -33,14 +31,12 @@ debian12 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
debian13 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
fedora39 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
fedora40 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
fedora41 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
fedora42 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
flatcar4081 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
openeuler24 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
rockylinux10 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
rockylinux9 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
ubuntu22 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
ubuntu24 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
ubuntu24 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
|
||||
## docker
|
||||
|
||||
@@ -53,8 +49,6 @@ debian12 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
debian13 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
fedora39 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
fedora40 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
fedora41 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
fedora42 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
flatcar4081 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
openeuler24 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
rockylinux10 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
|
||||
|
||||
@@ -83,6 +83,32 @@ authentication. One can get a kubeconfig from kube_control_plane hosts
|
||||
For more information on kubeconfig and accessing a Kubernetes cluster, refer to
|
||||
the Kubernetes [documentation](https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/).
|
||||
|
||||
## Accessing Kubernetes Dashboard
|
||||
|
||||
Supported version is kubernetes-dashboard v2.0.x :
|
||||
|
||||
- Login option : token/kubeconfig by default
|
||||
- Deployed by default in "kube-system" namespace, can be overridden with `dashboard_namespace: kubernetes-dashboard` in inventory,
|
||||
- Only serves over https
|
||||
|
||||
Access is described in [dashboard docs](https://github.com/kubernetes/dashboard/tree/master/docs/user/accessing-dashboard). With kubespray's default deployment in kube-system namespace, instead of kubernetes-dashboard :
|
||||
|
||||
- Proxy URL is <http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#/login>
|
||||
- kubectl commands must be run with "-n kube-system"
|
||||
|
||||
Accessing through Ingress is highly recommended. For proxy access, please note that proxy must listen to [localhost](https://github.com/kubernetes/dashboard/issues/692#issuecomment-220492484) (`proxy --address="x.x.x.x"` will not work)
|
||||
|
||||
For token authentication, guide to create Service Account is provided in [dashboard sample user](https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md) doc. Still take care of default namespace.
|
||||
|
||||
Access can also by achieved via ssh tunnel on a control plane :
|
||||
|
||||
```bash
|
||||
# localhost:8081 will be sent to control-plane-1's own localhost:8081
|
||||
ssh -L8001:localhost:8001 user@control-plane-1
|
||||
sudo -i
|
||||
kubectl proxy
|
||||
```
|
||||
|
||||
## Accessing Kubernetes API
|
||||
|
||||
The main client of Kubernetes is `kubectl`. It is installed on each kube_control_plane
|
||||
|
||||
203
docs/ingress/ingress_nginx.md
Normal file
203
docs/ingress/ingress_nginx.md
Normal file
@@ -0,0 +1,203 @@
|
||||
# Installation Guide
|
||||
|
||||
## Contents
|
||||
|
||||
- [Prerequisite Generic Deployment Command](#prerequisite-generic-deployment-command)
|
||||
- [Provider Specific Steps](#provider-specific-steps)
|
||||
- [Docker for Mac](#docker-for-mac)
|
||||
- [minikube](#minikube)
|
||||
- [AWS](#aws)
|
||||
- [GCE - GKE](#gce-gke)
|
||||
- [Azure](#azure)
|
||||
- [Bare-metal](#bare-metal)
|
||||
- [Verify installation](#verify-installation)
|
||||
- [Detect installed version](#detect-installed-version)
|
||||
- [Using Helm](#using-helm)
|
||||
|
||||
## Prerequisite Generic Deployment Command
|
||||
|
||||
!!! attention
|
||||
The default configuration watches Ingress object from *all the namespaces*.
|
||||
To change this behavior use the flag `--watch-namespace` to limit the scope to a particular namespace.
|
||||
|
||||
!!! warning
|
||||
If multiple Ingresses define different paths for the same host, the ingress controller will merge the definitions.
|
||||
|
||||
!!! attention
|
||||
If you're using GKE you need to initialize your user as a cluster-admin with the following command:
|
||||
|
||||
```console
|
||||
kubectl create clusterrolebinding cluster-admin-binding \
|
||||
--clusterrole cluster-admin \
|
||||
--user $(gcloud config get-value account)
|
||||
```
|
||||
|
||||
The following **Mandatory Command** is required for all deployments except for AWS. See below for the AWS version.
|
||||
|
||||
```console
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.13.3/deploy/static/provider/cloud/deploy.yaml
|
||||
```
|
||||
|
||||
### Provider Specific Steps
|
||||
|
||||
There are cloud provider specific yaml files.
|
||||
|
||||
#### Docker for Mac
|
||||
|
||||
Kubernetes is available in Docker for Mac (from [version 18.06.0-ce](https://docs.docker.com/docker-for-mac/release-notes/#stable-releases-of-2018))
|
||||
|
||||
First you need to [enable kubernetes](https://docs.docker.com/docker-for-mac/#kubernetes).
|
||||
|
||||
Then you have to create a service:
|
||||
|
||||
```console
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
|
||||
```
|
||||
|
||||
#### minikube
|
||||
|
||||
For standard usage:
|
||||
|
||||
```console
|
||||
minikube addons enable ingress
|
||||
```
|
||||
|
||||
For development:
|
||||
|
||||
1. Disable the ingress addon:
|
||||
|
||||
```console
|
||||
minikube addons disable ingress
|
||||
```
|
||||
|
||||
1. Execute `make dev-env`
|
||||
1. Confirm the `nginx-ingress-controller` deployment exists:
|
||||
|
||||
```console
|
||||
$ kubectl get pods -n ingress-nginx
|
||||
NAME READY STATUS RESTARTS AGE
|
||||
default-http-backend-66b447d9cf-rrlf9 1/1 Running 0 12s
|
||||
nginx-ingress-controller-fdcdcd6dd-vvpgs 1/1 Running 0 11s
|
||||
```
|
||||
|
||||
#### AWS
|
||||
|
||||
In AWS we use an Elastic Load Balancer (ELB) to expose the NGINX Ingress controller behind a Service of `Type=LoadBalancer`.
|
||||
Since Kubernetes v1.9.0 it is possible to use a classic load balancer (ELB) or network load balancer (NLB)
|
||||
Please check the [elastic load balancing AWS details page](https://aws.amazon.com/elasticloadbalancing/details/)
|
||||
|
||||
##### Elastic Load Balancer - ELB
|
||||
|
||||
This setup requires to choose in which layer (L4 or L7) we want to configure the Load Balancer:
|
||||
|
||||
- [Layer 4](https://en.wikipedia.org/wiki/OSI_model#Layer_4:_Transport_Layer): Use an Network Load Balancer (NLB) with TCP as the listener protocol for ports 80 and 443.
|
||||
- [Layer 7](https://en.wikipedia.org/wiki/OSI_model#Layer_7:_Application_Layer): Use an Elastic Load Balancer (ELB) with HTTP as the listener protocol for port 80 and terminate TLS in the ELB
|
||||
|
||||
For L4:
|
||||
|
||||
```console
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/deploy.yaml
|
||||
```
|
||||
|
||||
For L7:
|
||||
|
||||
Change the value of `service.beta.kubernetes.io/aws-load-balancer-ssl-cert` in the file `provider/aws/deploy-tls-termination.yaml` replacing the dummy id with a valid one. The dummy value is `"arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"`
|
||||
|
||||
Check that no change is necessary with regards to the ELB idle timeout. In some scenarios, users may want to modify the ELB idle timeout, so please check the [ELB Idle Timeouts section](#elb-idle-timeouts) for additional information. If a change is required, users will need to update the value of `service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout` in `provider/aws/deploy-tls-termination.yaml`
|
||||
|
||||
Then execute:
|
||||
|
||||
```console
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/deploy-tls-termination.yaml
|
||||
```
|
||||
|
||||
This example creates an ELB with just two listeners, one in port 80 and another in port 443
|
||||
|
||||
|
||||
|
||||
##### ELB Idle Timeouts
|
||||
|
||||
In some scenarios users will need to modify the value of the ELB idle timeout.
|
||||
Users need to ensure the idle timeout is less than the [keepalive_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) that is configured for NGINX.
|
||||
By default NGINX `keepalive_timeout` is set to `75s`.
|
||||
|
||||
The default ELB idle timeout will work for most scenarios, unless the NGINX [keepalive_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) has been modified,
|
||||
in which case `service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout` will need to be modified to ensure it is less than the `keepalive_timeout` the user has configured.
|
||||
|
||||
*Please Note: An idle timeout of `3600s` is recommended when using WebSockets.*
|
||||
|
||||
More information with regards to idle timeouts for your Load Balancer can be found in the [official AWS documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-idle-timeout.html).
|
||||
|
||||
##### Network Load Balancer (NLB)
|
||||
|
||||
This type of load balancer is supported since v1.10.0 as an ALPHA feature.
|
||||
|
||||
```console
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/service-nlb.yaml
|
||||
```
|
||||
|
||||
#### GCE-GKE
|
||||
|
||||
```console
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
|
||||
```
|
||||
|
||||
**Important Note:** proxy protocol is not supported in GCE/GKE
|
||||
|
||||
#### Azure
|
||||
|
||||
```console
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
|
||||
```
|
||||
|
||||
#### Bare-metal
|
||||
|
||||
Using [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport):
|
||||
|
||||
```console
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/baremetal/deploy.yaml
|
||||
```
|
||||
|
||||
!!! tip
|
||||
For extended notes regarding deployments on bare-metal, see [Bare-metal considerations](https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/baremetal.md).
|
||||
|
||||
### Verify installation
|
||||
|
||||
To check if the ingress controller pods have started, run the following command:
|
||||
|
||||
```console
|
||||
kubectl get pods --all-namespaces -l app.kubernetes.io/name=ingress-nginx --watch
|
||||
```
|
||||
|
||||
Once the operator pods are running, you can cancel the above command by typing `Ctrl+C`.
|
||||
Now, you are ready to create your first ingress.
|
||||
|
||||
### Detect installed version
|
||||
|
||||
To detect which version of the ingress controller is running, exec into the pod and run `nginx-ingress-controller version` command.
|
||||
|
||||
```console
|
||||
POD_NAMESPACE=ingress-nginx
|
||||
POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/component=controller -o jsonpath='{.items[0].metadata.name}')
|
||||
|
||||
kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version
|
||||
```
|
||||
|
||||
## Using Helm
|
||||
|
||||
NGINX Ingress controller can be installed via [Helm](https://helm.sh/) using the chart [ingress-nginx/ingress-nginx](https://kubernetes.github.io/ingress-nginx).
|
||||
Official documentation is [here](https://kubernetes.github.io/ingress-nginx/deploy/#using-helm)
|
||||
|
||||
To install the chart with the release name `my-nginx`:
|
||||
|
||||
```console
|
||||
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
|
||||
helm install my-nginx ingress-nginx/ingress-nginx
|
||||
```
|
||||
|
||||
Detect installed version:
|
||||
|
||||
```console
|
||||
POD_NAME=$(kubectl get pods -l app.kubernetes.io/name=ingress-nginx -o jsonpath='{.items[0].metadata.name}')
|
||||
kubectl exec -it $POD_NAME -- /nginx-ingress-controller --version
|
||||
```
|
||||
@@ -100,6 +100,8 @@ kubelet_make_iptables_util_chains: true
|
||||
kubelet_feature_gates: ["RotateKubeletServerCertificate=true"]
|
||||
kubelet_seccomp_default: true
|
||||
kubelet_systemd_hardening: true
|
||||
# To disable kubelet's staticPodPath (for nodes that don't use static pods like worker nodes)
|
||||
kubelet_static_pod_path: ""
|
||||
# In case you have multiple interfaces in your
|
||||
# control plane nodes and you want to specify the right
|
||||
# IP addresses, kubelet_secure_addresses allows you
|
||||
|
||||
@@ -85,7 +85,7 @@ crictl_download_url: "{{ files_repo }}/kubernetes/cri-tools/crictl-v{{ crictl_ve
|
||||
# If using Calico
|
||||
calicoctl_download_url: "{{ files_repo }}/kubernetes/calico/v{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}"
|
||||
# If using Calico with kdd
|
||||
calico_crds_download_url: "{{ files_repo }}/github.com/projectcalico/calico/raw/v{{ calico_version }}/manifests/crds.yaml"
|
||||
calico_crds_download_url: "{{ files_repo }}/kubernetes/calico/v{{ calico_version }}.tar.gz"
|
||||
# Containerd
|
||||
containerd_download_url: "{{ files_repo }}/containerd-{{ containerd_version }}-linux-{{ image_arch }}.tar.gz"
|
||||
runc_download_url: "{{ files_repo }}/runc.{{ image_arch }}"
|
||||
|
||||
@@ -44,7 +44,7 @@
|
||||
# [Optional] Calico: If using Calico network plugin
|
||||
# calicoctl_download_url: "{{ files_repo }}/github.com/projectcalico/calico/releases/download/v{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}"
|
||||
# [Optional] Calico with kdd: If using Calico network plugin with kdd datastore
|
||||
# calico_crds_download_url: "{{ files_repo }}/github.com/projectcalico/calico/raw/v{{ calico_version }}/manifests/crds.yaml"
|
||||
# calico_crds_download_url: "{{ files_repo }}/github.com/projectcalico/calico/archive/v{{ calico_version }}.tar.gz"
|
||||
|
||||
# [Optional] Cilium: If using Cilium network plugin
|
||||
# ciliumcli_download_url: "{{ files_repo }}/github.com/cilium/cilium-cli/releases/download/v{{ cilium_cli_version }}/cilium-linux-{{ image_arch }}.tar.gz"
|
||||
|
||||
@@ -1,4 +1,8 @@
|
||||
---
|
||||
# Kubernetes dashboard
|
||||
# RBAC required. see docs/getting-started.md for access details.
|
||||
# dashboard_enabled: false
|
||||
|
||||
# Helm deployment
|
||||
helm_enabled: false
|
||||
|
||||
@@ -63,6 +67,39 @@ local_volume_provisioner_enabled: false
|
||||
# Gateway API CRDs
|
||||
gateway_api_enabled: false
|
||||
|
||||
# Nginx ingress controller deployment
|
||||
ingress_nginx_enabled: false
|
||||
# ingress_nginx_host_network: false
|
||||
# ingress_nginx_service_type: LoadBalancer
|
||||
# ingress_nginx_service_annotations:
|
||||
# example.io/loadbalancerIPs: 1.2.3.4
|
||||
# ingress_nginx_service_nodeport_http: 30080
|
||||
# ingress_nginx_service_nodeport_https: 30081
|
||||
ingress_publish_status_address: ""
|
||||
# ingress_nginx_nodeselector:
|
||||
# kubernetes.io/os: "linux"
|
||||
# ingress_nginx_tolerations:
|
||||
# - key: "node-role.kubernetes.io/control-plane"
|
||||
# operator: "Equal"
|
||||
# value: ""
|
||||
# effect: "NoSchedule"
|
||||
# ingress_nginx_namespace: "ingress-nginx"
|
||||
# ingress_nginx_insecure_port: 80
|
||||
# ingress_nginx_secure_port: 443
|
||||
# ingress_nginx_configmap:
|
||||
# map-hash-bucket-size: "128"
|
||||
# ssl-protocols: "TLSv1.2 TLSv1.3"
|
||||
# ingress_nginx_configmap_tcp_services:
|
||||
# 9000: "default/example-go:8080"
|
||||
# ingress_nginx_configmap_udp_services:
|
||||
# 53: "kube-system/coredns:53"
|
||||
# ingress_nginx_extra_args:
|
||||
# - --default-ssl-certificate=default/foo-tls
|
||||
# ingress_nginx_termination_grace_period_seconds: 300
|
||||
# ingress_nginx_class: nginx
|
||||
# ingress_nginx_without_class: true
|
||||
# ingress_nginx_default: false
|
||||
|
||||
# ALB ingress controller deployment
|
||||
ingress_alb_enabled: false
|
||||
# alb_ingress_aws_region: "us-east-1"
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
requires_ansible: ">=2.18.0,<2.19.0"
|
||||
requires_ansible: ">=2.17.3"
|
||||
|
||||
@@ -46,8 +46,8 @@ ADD ./tests/requirements.txt /kubespray/tests/requirements.txt
|
||||
RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \
|
||||
&& pip install --break-system-packages --ignore-installed --no-compile --no-cache-dir pip -U \
|
||||
&& pip install --break-system-packages --no-compile --no-cache-dir -r tests/requirements.txt \
|
||||
&& curl -L https://dl.k8s.io/release/v1.35.1/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \
|
||||
&& echo $(curl -L https://dl.k8s.io/release/v1.35.1/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \
|
||||
&& curl -L https://dl.k8s.io/release/v1.34.3/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \
|
||||
&& echo $(curl -L https://dl.k8s.io/release/v1.34.3/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \
|
||||
&& chmod a+x /usr/local/bin/kubectl \
|
||||
# Install Vagrant
|
||||
&& curl -LO https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}-1_$(dpkg --print-architecture).deb \
|
||||
|
||||
@@ -5,8 +5,8 @@
|
||||
become: false
|
||||
run_once: true
|
||||
vars:
|
||||
minimal_ansible_version: 2.18.0
|
||||
maximal_ansible_version: 2.19.0
|
||||
minimal_ansible_version: 2.17.3
|
||||
maximal_ansible_version: 2.18.0
|
||||
tags: always
|
||||
tasks:
|
||||
- name: "Check {{ minimal_ansible_version }} <= Ansible version < {{ maximal_ansible_version }}"
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
ansible==11.13.0
|
||||
ansible==10.7.0
|
||||
# Needed for community.crypto module
|
||||
cryptography==46.0.4
|
||||
# Needed for jinja2 json_query templating
|
||||
|
||||
@@ -6,6 +6,12 @@
|
||||
masked: false
|
||||
listen: Restart and enable cri-dockerd
|
||||
|
||||
- name: Cri-dockerd | restart docker.service
|
||||
service:
|
||||
name: docker.service
|
||||
state: restarted
|
||||
listen: Restart and enable cri-dockerd
|
||||
|
||||
- name: Cri-dockerd | reload cri-dockerd.socket
|
||||
service:
|
||||
name: cri-dockerd.socket
|
||||
|
||||
@@ -30,7 +30,7 @@ LimitCORE=infinity
|
||||
TimeoutStartSec=1min
|
||||
# restart the docker process if it exits prematurely
|
||||
Restart=on-failure
|
||||
StartLimitBurst=10
|
||||
StartLimitBurst=3
|
||||
StartLimitInterval=60s
|
||||
# Set the cgroup slice of the service so that kube reserved takes effect
|
||||
{% if kube_reserved is defined and kube_reserved|bool %}
|
||||
|
||||
58
roles/container-engine/meta/main.yml
Normal file
58
roles/container-engine/meta/main.yml
Normal file
@@ -0,0 +1,58 @@
|
||||
# noqa role-name - this is a meta role that doesn't need a name
|
||||
---
|
||||
dependencies:
|
||||
- role: container-engine/validate-container-engine
|
||||
tags:
|
||||
- container-engine
|
||||
- validate-container-engine
|
||||
|
||||
- role: container-engine/kata-containers
|
||||
when:
|
||||
- kata_containers_enabled
|
||||
tags:
|
||||
- container-engine
|
||||
- kata-containers
|
||||
|
||||
- role: container-engine/gvisor
|
||||
when:
|
||||
- gvisor_enabled
|
||||
- container_manager in ['docker', 'containerd']
|
||||
tags:
|
||||
- container-engine
|
||||
- gvisor
|
||||
|
||||
- role: container-engine/crun
|
||||
when:
|
||||
- crun_enabled
|
||||
tags:
|
||||
- container-engine
|
||||
- crun
|
||||
|
||||
- role: container-engine/youki
|
||||
when:
|
||||
- youki_enabled
|
||||
- container_manager == 'crio'
|
||||
tags:
|
||||
- container-engine
|
||||
- youki
|
||||
|
||||
- role: container-engine/cri-o
|
||||
when:
|
||||
- container_manager == 'crio'
|
||||
tags:
|
||||
- container-engine
|
||||
- crio
|
||||
|
||||
- role: container-engine/containerd
|
||||
when:
|
||||
- container_manager == 'containerd'
|
||||
tags:
|
||||
- container-engine
|
||||
- containerd
|
||||
|
||||
- role: container-engine/cri-dockerd
|
||||
when:
|
||||
- container_manager == 'docker'
|
||||
tags:
|
||||
- container-engine
|
||||
- docker
|
||||
@@ -1,48 +0,0 @@
|
||||
---
|
||||
- name: Validate container engine
|
||||
import_role:
|
||||
name: container-engine/validate-container-engine
|
||||
tags:
|
||||
- container-engine
|
||||
- validate-container-engine
|
||||
|
||||
- name: Container runtimes
|
||||
include_role:
|
||||
name: "container-engine/{{ item.role }}"
|
||||
apply:
|
||||
tags:
|
||||
- container-engine
|
||||
- "{{ item.role }}"
|
||||
loop:
|
||||
- { role: 'kata-containers', enabled: "{{ kata_containers_enabled }}" }
|
||||
- { role: 'gvisor', enabled: "{{ gvisor_enabled and container_manager in ['docker', 'containerd'] }}" }
|
||||
- { role: 'crun', enabled: "{{ crun_enabled }}" }
|
||||
- { role: 'youki', enabled: "{{ youki_enabled and container_manager == 'crio' }}" }
|
||||
# TODO: Technically, this is more container-runtime than engine
|
||||
when: item.enabled
|
||||
tags:
|
||||
- container-engine
|
||||
- kata-containers
|
||||
- gvisor
|
||||
- crun
|
||||
- youki
|
||||
|
||||
- name: Container Manager
|
||||
vars:
|
||||
container_manager_role:
|
||||
crio: cri-o
|
||||
docker: cri-dockerd
|
||||
containerd: containerd
|
||||
include_role:
|
||||
name: "container-engine/{{ container_manager_role[container_manager] }}"
|
||||
apply:
|
||||
tags:
|
||||
- container-engine
|
||||
- crio
|
||||
- docker
|
||||
- containerd
|
||||
tags:
|
||||
- container-engine
|
||||
- crio
|
||||
- docker
|
||||
- containerd
|
||||
@@ -11,7 +11,6 @@ dns_nodes_per_replica: 16
|
||||
dns_cores_per_replica: 256
|
||||
dns_prevent_single_point_failure: "{{ 'true' if dns_min_replicas | int > 1 else 'false' }}"
|
||||
enable_coredns_reverse_dns_lookups: true
|
||||
coredns_svc_name: "coredns"
|
||||
coredns_ordinal_suffix: ""
|
||||
# dns_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}]
|
||||
coredns_affinity:
|
||||
@@ -119,5 +118,29 @@ netchecker_agent_log_level: 5
|
||||
netchecker_server_log_level: 5
|
||||
netchecker_etcd_log_level: info
|
||||
|
||||
# Dashboard
|
||||
dashboard_replicas: 1
|
||||
|
||||
# Namespace for dashboard
|
||||
dashboard_namespace: kube-system
|
||||
|
||||
# Limits for dashboard
|
||||
dashboard_cpu_limit: 100m
|
||||
dashboard_memory_limit: 256M
|
||||
dashboard_cpu_requests: 50m
|
||||
dashboard_memory_requests: 64M
|
||||
|
||||
# Set dashboard_use_custom_certs to true if overriding dashboard_certs_secret_name with a secret that
|
||||
# contains dashboard_tls_key_file and dashboard_tls_cert_file instead of using the initContainer provisioned certs
|
||||
dashboard_use_custom_certs: false
|
||||
dashboard_certs_secret_name: kubernetes-dashboard-certs
|
||||
dashboard_tls_key_file: dashboard.key
|
||||
dashboard_tls_cert_file: dashboard.crt
|
||||
dashboard_master_toleration: true
|
||||
|
||||
# Override dashboard default settings
|
||||
dashboard_token_ttl: 900
|
||||
dashboard_skip_login: false
|
||||
|
||||
# Policy Controllers
|
||||
# policy_controller_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}]
|
||||
|
||||
@@ -109,3 +109,15 @@
|
||||
- netchecker-server-clusterrolebinding.yml.j2
|
||||
- netchecker-server-deployment.yml.j2
|
||||
- netchecker-server-svc.yml.j2
|
||||
|
||||
- name: Kubernetes Apps | Dashboard
|
||||
command:
|
||||
cmd: "{{ kubectl_apply_stdin }}"
|
||||
stdin: "{{ lookup('template', 'dashboard.yml.j2') }}"
|
||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||
run_once: true
|
||||
vars:
|
||||
k8s_namespace: "{{ dashboard_namespace }}"
|
||||
when: dashboard_enabled
|
||||
tags:
|
||||
- dashboard
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ coredns_svc_name }}{{ coredns_ordinal_suffix }}
|
||||
name: coredns{{ coredns_ordinal_suffix }}
|
||||
namespace: kube-system
|
||||
labels:
|
||||
k8s-app: kube-dns{{ coredns_ordinal_suffix }}
|
||||
|
||||
323
roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
Normal file
323
roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
Normal file
@@ -0,0 +1,323 @@
|
||||
# Copyright 2017 The Kubernetes Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Configuration to deploy release version of the Dashboard UI compatible with
|
||||
# Kubernetes 1.8.
|
||||
#
|
||||
# Example usage: kubectl create -f <this_file>
|
||||
|
||||
{% if k8s_namespace != 'kube-system' %}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: {{ k8s_namespace }}
|
||||
labels:
|
||||
name: {{ k8s_namespace }}
|
||||
{% endif %}
|
||||
---
|
||||
# ------------------- Dashboard Secrets ------------------- #
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: kubernetes-dashboard
|
||||
name: kubernetes-dashboard-certs
|
||||
type: Opaque
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: kubernetes-dashboard
|
||||
name: kubernetes-dashboard-csrf
|
||||
type: Opaque
|
||||
data:
|
||||
csrf: ""
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: kubernetes-dashboard
|
||||
name: kubernetes-dashboard-key-holder
|
||||
type: Opaque
|
||||
|
||||
---
|
||||
# ------------------- Dashboard ConfigMap ------------------- #
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: kubernetes-dashboard
|
||||
name: kubernetes-dashboard-settings
|
||||
|
||||
---
|
||||
# ------------------- Dashboard Service Account ------------------- #
|
||||
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: kubernetes-dashboard
|
||||
name: kubernetes-dashboard
|
||||
|
||||
---
|
||||
# ------------------- Dashboard Role & Role Binding ------------------- #
|
||||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: kubernetes-dashboard
|
||||
name: kubernetes-dashboard
|
||||
rules:
|
||||
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
|
||||
verbs: ["get", "update", "delete"]
|
||||
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
|
||||
- apiGroups: [""]
|
||||
resources: ["configmaps"]
|
||||
resourceNames: ["kubernetes-dashboard-settings"]
|
||||
verbs: ["get", "update"]
|
||||
# Allow Dashboard to get metrics.
|
||||
- apiGroups: [""]
|
||||
resources: ["services"]
|
||||
resourceNames: ["heapster", "dashboard-metrics-scraper"]
|
||||
verbs: ["proxy"]
|
||||
- apiGroups: [""]
|
||||
resources: ["services/proxy"]
|
||||
resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
|
||||
verbs: ["get"]
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: kubernetes-dashboard
|
||||
name: kubernetes-dashboard
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: kubernetes-dashboard
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: kubernetes-dashboard
|
||||
namespace: {{ k8s_namespace }}
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: kubernetes-dashboard
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: kubernetes-dashboard
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: kubernetes-dashboard
|
||||
namespace: {{ k8s_namespace }}
|
||||
|
||||
---
|
||||
# ------------------- Dashboard Deployment ------------------- #
|
||||
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: kubernetes-dashboard
|
||||
name: kubernetes-dashboard
|
||||
spec:
|
||||
replicas: {{ dashboard_replicas }}
|
||||
revisionHistoryLimit: 10
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: kubernetes-dashboard
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: kubernetes-dashboard
|
||||
spec:
|
||||
securityContext:
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
priorityClassName: system-cluster-critical
|
||||
containers:
|
||||
- name: kubernetes-dashboard
|
||||
image: {{ dashboard_image_repo }}:{{ dashboard_image_tag }}
|
||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ dashboard_cpu_limit }}
|
||||
memory: {{ dashboard_memory_limit }}
|
||||
requests:
|
||||
cpu: {{ dashboard_cpu_requests }}
|
||||
memory: {{ dashboard_memory_requests }}
|
||||
ports:
|
||||
- containerPort: 8443
|
||||
protocol: TCP
|
||||
args:
|
||||
- --namespace={{ k8s_namespace }}
|
||||
{% if dashboard_use_custom_certs %}
|
||||
- --tls-key-file={{ dashboard_tls_key_file }}
|
||||
- --tls-cert-file={{ dashboard_tls_cert_file }}
|
||||
{% else %}
|
||||
- --auto-generate-certificates
|
||||
{% endif %}
|
||||
{% if dashboard_skip_login %}
|
||||
- --enable-skip-login
|
||||
{% endif %}
|
||||
- --authentication-mode=token
|
||||
# Uncomment the following line to manually specify Kubernetes API server Host
|
||||
# If not specified, Dashboard will attempt to auto discover the API server and connect
|
||||
# to it. Uncomment only if the default does not work.
|
||||
# - --apiserver-host=http://my-address:port
|
||||
- --token-ttl={{ dashboard_token_ttl }}
|
||||
volumeMounts:
|
||||
- name: kubernetes-dashboard-certs
|
||||
mountPath: /certs
|
||||
# Create on-disk volume to store exec logs
|
||||
- mountPath: /tmp
|
||||
name: tmp-volume
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
scheme: HTTPS
|
||||
path: /
|
||||
port: 8443
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 30
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser: 1001
|
||||
runAsGroup: 2001
|
||||
volumes:
|
||||
- name: kubernetes-dashboard-certs
|
||||
secret:
|
||||
secretName: {{ dashboard_certs_secret_name }}
|
||||
- name: tmp-volume
|
||||
emptyDir: {}
|
||||
serviceAccountName: kubernetes-dashboard
|
||||
{% if dashboard_master_toleration %}
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/control-plane
|
||||
effect: NoSchedule
|
||||
{% endif %}
|
||||
|
||||
---
|
||||
# ------------------- Dashboard Service ------------------- #
|
||||
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: kubernetes-dashboard
|
||||
name: kubernetes-dashboard
|
||||
spec:
|
||||
ports:
|
||||
- port: 443
|
||||
targetPort: 8443
|
||||
selector:
|
||||
k8s-app: kubernetes-dashboard
|
||||
|
||||
---
|
||||
# ------------------- Metrics Scraper Service Account ------------------- #
|
||||
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: kubernetes-dashboard
|
||||
name: kubernetes-dashboard
|
||||
rules:
|
||||
# Allow Metrics Scraper to get metrics from the Metrics server
|
||||
- apiGroups: ["metrics.k8s.io"]
|
||||
resources: ["pods", "nodes"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
|
||||
---
|
||||
|
||||
# ------------------- Metrics Scraper Service ------------------- #
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: kubernetes-metrics-scraper
|
||||
name: dashboard-metrics-scraper
|
||||
spec:
|
||||
ports:
|
||||
- port: 8000
|
||||
targetPort: 8000
|
||||
selector:
|
||||
k8s-app: kubernetes-metrics-scraper
|
||||
|
||||
---
|
||||
|
||||
# ------------------- Metrics Scraper Deployment ------------------- #
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: kubernetes-metrics-scraper
|
||||
name: kubernetes-metrics-scraper
|
||||
spec:
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 10
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: kubernetes-metrics-scraper
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: kubernetes-metrics-scraper
|
||||
spec:
|
||||
securityContext:
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
priorityClassName: system-cluster-critical
|
||||
containers:
|
||||
- name: kubernetes-metrics-scraper
|
||||
image: {{ dashboard_metrics_scraper_repo }}:{{ dashboard_metrics_scraper_tag }}
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
scheme: HTTP
|
||||
path: /
|
||||
port: 8000
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 30
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser: 1001
|
||||
runAsGroup: 2001
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: tmp-volume
|
||||
serviceAccountName: kubernetes-dashboard
|
||||
volumes:
|
||||
- name: tmp-volume
|
||||
emptyDir: {}
|
||||
{% if dashboard_master_toleration %}
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/control-plane
|
||||
effect: NoSchedule
|
||||
{% endif %}
|
||||
@@ -21,7 +21,7 @@ external_openstack_cacert: "{{ lookup('env', 'OS_CACERT') }}"
|
||||
## arg1: "value1"
|
||||
## arg2: "value2"
|
||||
external_openstack_cloud_controller_extra_args: {}
|
||||
external_openstack_cloud_controller_image_tag: "v1.35.0"
|
||||
external_openstack_cloud_controller_image_tag: "v1.32.0"
|
||||
external_openstack_cloud_controller_bind_address: 127.0.0.1
|
||||
external_openstack_cloud_controller_dns_policy: ClusterFirst
|
||||
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
---
|
||||
ingress_nginx_namespace: "ingress-nginx"
|
||||
ingress_nginx_host_network: false
|
||||
ingress_nginx_service_type: LoadBalancer
|
||||
ingress_nginx_service_nodeport_http: ""
|
||||
ingress_nginx_service_nodeport_https: ""
|
||||
ingress_nginx_service_annotations: {}
|
||||
ingress_publish_status_address: ""
|
||||
ingress_nginx_publish_service: "{{ ingress_nginx_namespace }}/ingress-nginx"
|
||||
ingress_nginx_nodeselector:
|
||||
kubernetes.io/os: "linux"
|
||||
ingress_nginx_tolerations: []
|
||||
ingress_nginx_insecure_port: 80
|
||||
ingress_nginx_secure_port: 443
|
||||
ingress_nginx_metrics_port: 10254
|
||||
ingress_nginx_configmap: {}
|
||||
ingress_nginx_configmap_tcp_services: {}
|
||||
ingress_nginx_configmap_udp_services: {}
|
||||
ingress_nginx_extra_args: []
|
||||
ingress_nginx_termination_grace_period_seconds: 300
|
||||
ingress_nginx_class: nginx
|
||||
ingress_nginx_without_class: true
|
||||
ingress_nginx_default: false
|
||||
ingress_nginx_webhook_enabled: false
|
||||
ingress_nginx_webhook_job_ttl: 1800
|
||||
ingress_nginx_opentelemetry_enabled: false
|
||||
|
||||
ingress_nginx_probe_initial_delay_seconds: 10
|
||||
@@ -0,0 +1,69 @@
|
||||
---
|
||||
|
||||
- name: NGINX Ingress Controller | Create addon dir
|
||||
file:
|
||||
path: "{{ kube_config_dir }}/addons/ingress_nginx"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
when:
|
||||
- inventory_hostname == groups['kube_control_plane'][0]
|
||||
|
||||
- name: NGINX Ingress Controller | Templates list
|
||||
set_fact:
|
||||
ingress_nginx_templates:
|
||||
- { name: 00-namespace, file: 00-namespace.yml, type: ns }
|
||||
- { name: cm-ingress-nginx, file: cm-ingress-nginx.yml, type: cm }
|
||||
- { name: cm-tcp-services, file: cm-tcp-services.yml, type: cm }
|
||||
- { name: cm-udp-services, file: cm-udp-services.yml, type: cm }
|
||||
- { name: sa-ingress-nginx, file: sa-ingress-nginx.yml, type: sa }
|
||||
- { name: clusterrole-ingress-nginx, file: clusterrole-ingress-nginx.yml, type: clusterrole }
|
||||
- { name: clusterrolebinding-ingress-nginx, file: clusterrolebinding-ingress-nginx.yml, type: clusterrolebinding }
|
||||
- { name: role-ingress-nginx, file: role-ingress-nginx.yml, type: role }
|
||||
- { name: rolebinding-ingress-nginx, file: rolebinding-ingress-nginx.yml, type: rolebinding }
|
||||
- { name: ingressclass-nginx, file: ingressclass-nginx.yml, type: ingressclass }
|
||||
- { name: ds-ingress-nginx-controller, file: ds-ingress-nginx-controller.yml, type: ds }
|
||||
ingress_nginx_template_for_service:
|
||||
- { name: svc-ingress-nginx, file: svc-ingress-nginx.yml, type: svc }
|
||||
ingress_nginx_templates_for_webhook:
|
||||
- { name: admission-webhook-configuration, file: admission-webhook-configuration.yml, type: sa }
|
||||
- { name: sa-admission-webhook, file: sa-admission-webhook.yml, type: sa }
|
||||
- { name: clusterrole-admission-webhook, file: clusterrole-admission-webhook.yml, type: clusterrole }
|
||||
- { name: clusterrolebinding-admission-webhook, file: clusterrolebinding-admission-webhook.yml, type: clusterrolebinding }
|
||||
- { name: role-admission-webhook, file: role-admission-webhook.yml, type: role }
|
||||
- { name: rolebinding-admission-webhook, file: rolebinding-admission-webhook.yml, type: rolebinding }
|
||||
- { name: admission-webhook-job, file: admission-webhook-job.yml, type: job }
|
||||
- { name: svc-ingress-nginx-controller-admission, file: svc-ingress-nginx-controller-admission.yml, type: svc }
|
||||
|
||||
- name: NGINX Ingress Controller | Append extra templates to NGINX Ingress Template list for service
|
||||
set_fact:
|
||||
ingress_nginx_templates: "{{ ingress_nginx_templates + ingress_nginx_template_for_service }}"
|
||||
when: not ingress_nginx_host_network
|
||||
|
||||
- name: NGINX Ingress Controller | Append extra templates to NGINX Ingress Templates list for webhook
|
||||
set_fact:
|
||||
ingress_nginx_templates: "{{ ingress_nginx_templates + ingress_nginx_templates_for_webhook }}"
|
||||
when: ingress_nginx_webhook_enabled
|
||||
|
||||
- name: NGINX Ingress Controller | Create manifests
|
||||
template:
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/addons/ingress_nginx/{{ item.file }}"
|
||||
mode: "0644"
|
||||
with_items: "{{ ingress_nginx_templates }}"
|
||||
register: ingress_nginx_manifests
|
||||
when:
|
||||
- inventory_hostname == groups['kube_control_plane'][0]
|
||||
|
||||
- name: NGINX Ingress Controller | Apply manifests
|
||||
kube:
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "{{ ingress_nginx_namespace }}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/addons/ingress_nginx/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items: "{{ ingress_nginx_manifests.results }}"
|
||||
when:
|
||||
- inventory_hostname == groups['kube_control_plane'][0]
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: {{ ingress_nginx_namespace }}
|
||||
labels:
|
||||
name: {{ ingress_nginx_namespace }}
|
||||
@@ -0,0 +1,30 @@
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
name: ingress-nginx-admission
|
||||
webhooks:
|
||||
- admissionReviewVersions:
|
||||
- v1
|
||||
clientConfig:
|
||||
service:
|
||||
name: ingress-nginx-controller-admission
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
path: /networking/v1/ingresses
|
||||
port: 443
|
||||
failurePolicy: Fail
|
||||
matchPolicy: Equivalent
|
||||
name: validate.nginx.ingress.kubernetes.io
|
||||
rules:
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
apiVersions:
|
||||
- v1
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
resources:
|
||||
- ingresses
|
||||
sideEffects: None
|
||||
@@ -0,0 +1,96 @@
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
name: ingress-nginx-admission-create
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
name: ingress-nginx-admission-create
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- create
|
||||
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
|
||||
- --namespace=$(POD_NAMESPACE)
|
||||
- --secret-name=ingress-nginx-admission
|
||||
env:
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
image: "{{ ingress_nginx_kube_webhook_certgen_image_repo }}:{{ ingress_nginx_kube_webhook_certgen_image_tag }}"
|
||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||
name: create
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 65532
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: ingress-nginx-admission
|
||||
ttlSecondsAfterFinished: {{ ingress_nginx_webhook_job_ttl }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
name: ingress-nginx-admission-patch
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
name: ingress-nginx-admission-patch
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- patch
|
||||
- --webhook-name=ingress-nginx-admission
|
||||
- --namespace=$(POD_NAMESPACE)
|
||||
- --patch-mutating=false
|
||||
- --secret-name=ingress-nginx-admission
|
||||
- --patch-failure-policy=Fail
|
||||
env:
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
image: "{{ ingress_nginx_kube_webhook_certgen_image_repo }}:{{ ingress_nginx_kube_webhook_certgen_image_tag }}"
|
||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||
name: patch
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 65532
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: ingress-nginx-admission
|
||||
ttlSecondsAfterFinished: {{ ingress_nginx_webhook_job_ttl }}
|
||||
@@ -0,0 +1,15 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
name: ingress-nginx-admission
|
||||
rules:
|
||||
- apiGroups:
|
||||
- admissionregistration.k8s.io
|
||||
resources:
|
||||
- validatingwebhookconfigurations
|
||||
verbs:
|
||||
- get
|
||||
- update
|
||||
@@ -0,0 +1,36 @@
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: ingress-nginx
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["configmaps", "endpoints", "nodes", "pods", "secrets", "namespaces"]
|
||||
verbs: ["list", "watch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["get"]
|
||||
- apiGroups: [""]
|
||||
resources: ["services"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingresses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["events"]
|
||||
verbs: ["create", "patch"]
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingresses/status"]
|
||||
verbs: ["update"]
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingressclasses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources: ["leases"]
|
||||
verbs: ["list", "watch"]
|
||||
- apiGroups: ["discovery.k8s.io"]
|
||||
resources: ["endpointslices"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
@@ -0,0 +1,16 @@
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
name: ingress-nginx-admission
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: ingress-nginx-admission
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ingress-nginx-admission
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
@@ -0,0 +1,16 @@
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: ingress-nginx
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: ingress-nginx
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ingress-nginx
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
@@ -0,0 +1,13 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: ingress-nginx
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
{% if ingress_nginx_configmap %}
|
||||
data:
|
||||
{{ ingress_nginx_configmap | to_nice_yaml | indent(2) }}
|
||||
{%- endif %}
|
||||
@@ -0,0 +1,13 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: tcp-services
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
{% if ingress_nginx_configmap_tcp_services %}
|
||||
data:
|
||||
{{ ingress_nginx_configmap_tcp_services | to_nice_yaml | indent(2) }}
|
||||
{%- endif %}
|
||||
@@ -0,0 +1,13 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: udp-services
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
{% if ingress_nginx_configmap_udp_services %}
|
||||
data:
|
||||
{{ ingress_nginx_configmap_udp_services | to_nice_yaml | indent(2) }}
|
||||
{%- endif %}
|
||||
@@ -0,0 +1,201 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: ingress-nginx-controller
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
annotations:
|
||||
prometheus.io/port: "10254"
|
||||
prometheus.io/scrape: "true"
|
||||
spec:
|
||||
serviceAccountName: ingress-nginx
|
||||
terminationGracePeriodSeconds: {{ ingress_nginx_termination_grace_period_seconds }}
|
||||
{% if ingress_nginx_opentelemetry_enabled %}
|
||||
initContainers:
|
||||
- name: opentelemetry
|
||||
command:
|
||||
- /init_module
|
||||
image: {{ ingress_nginx_opentelemetry_image_repo }}:{{ ingress_nginx_opentelemetry_image_tag }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
add:
|
||||
- NET_BIND_SERVICE
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: false
|
||||
runAsGroup: 82
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
volumeMounts:
|
||||
- mountPath: /modules_mount
|
||||
name: modules
|
||||
{% endif %}
|
||||
{% if ingress_nginx_host_network %}
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
{% endif %}
|
||||
{% if ingress_nginx_nodeselector %}
|
||||
nodeSelector:
|
||||
{{ ingress_nginx_nodeselector | to_nice_yaml | indent(width=8) }}
|
||||
{%- endif %}
|
||||
{% if ingress_nginx_tolerations %}
|
||||
tolerations:
|
||||
{{ ingress_nginx_tolerations | to_nice_yaml(indent=2) | indent(width=8) }}
|
||||
{% endif %}
|
||||
priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{ '' }}
|
||||
containers:
|
||||
- name: ingress-nginx-controller
|
||||
image: {{ ingress_nginx_controller_image_repo }}:{{ ingress_nginx_controller_image_tag }}
|
||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
command:
|
||||
- /wait-shutdown
|
||||
args:
|
||||
- /nginx-ingress-controller
|
||||
- --configmap=$(POD_NAMESPACE)/ingress-nginx
|
||||
- --election-id=ingress-controller-leader-{{ ingress_nginx_class }}
|
||||
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
|
||||
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
|
||||
- --annotations-prefix=nginx.ingress.kubernetes.io
|
||||
- --ingress-class={{ ingress_nginx_class }}
|
||||
{% if ingress_nginx_without_class %}
|
||||
- --watch-ingress-without-class=true
|
||||
{% endif %}
|
||||
{% if ingress_publish_status_address != "" %}
|
||||
- --publish-status-address={{ ingress_publish_status_address }}
|
||||
{% elif ingress_nginx_host_network %}
|
||||
- --report-node-internal-ip-address
|
||||
{% elif ingress_nginx_publish_service != "" %}
|
||||
- --publish-service={{ ingress_nginx_publish_service }}
|
||||
{% endif %}
|
||||
{% for extra_arg in ingress_nginx_extra_args %}
|
||||
- {{ extra_arg }}
|
||||
{% endfor %}
|
||||
{% if ingress_nginx_webhook_enabled %}
|
||||
- --validating-webhook=:8443
|
||||
- --validating-webhook-certificate=/usr/local/certificates/cert
|
||||
- --validating-webhook-key=/usr/local/certificates/key
|
||||
{% endif %}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
add:
|
||||
- NET_BIND_SERVICE
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: false
|
||||
runAsGroup: 82
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: LD_PRELOAD
|
||||
value: /usr/local/lib/libmimalloc.so
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
hostPort: {{ ingress_nginx_insecure_port }}
|
||||
- name: https
|
||||
containerPort: 443
|
||||
hostPort: {{ ingress_nginx_secure_port }}
|
||||
- name: metrics
|
||||
containerPort: 10254
|
||||
{% if not ingress_nginx_host_network %}
|
||||
hostPort: {{ ingress_nginx_metrics_port }}
|
||||
{% endif %}
|
||||
{% if ingress_nginx_configmap_tcp_services %}
|
||||
{% for port in ingress_nginx_configmap_tcp_services.keys() %}
|
||||
- name: tcp-port-{{ port }}
|
||||
containerPort: {{ port | int }}
|
||||
protocol: TCP
|
||||
{% if not ingress_nginx_host_network %}
|
||||
hostPort: {{ port | int }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if ingress_nginx_configmap_udp_services %}
|
||||
{% for port in ingress_nginx_configmap_udp_services.keys() %}
|
||||
- name: udp-port-{{ port }}
|
||||
containerPort: {{ port | int }}
|
||||
protocol: UDP
|
||||
{% if not ingress_nginx_host_network %}
|
||||
hostPort: {{ port | int }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if ingress_nginx_webhook_enabled %}
|
||||
- name: webhook
|
||||
containerPort: 8443
|
||||
protocol: TCP
|
||||
{% endif %}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 10254
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: {{ ingress_nginx_probe_initial_delay_seconds }}
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 10254
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: {{ ingress_nginx_probe_initial_delay_seconds }}
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
{% if ingress_nginx_webhook_enabled or ingress_nginx_opentelemetry_enabled %}
|
||||
volumeMounts:
|
||||
{% if ingress_nginx_webhook_enabled %}
|
||||
- mountPath: /usr/local/certificates/
|
||||
name: webhook-cert
|
||||
readOnly: true
|
||||
{% endif %}
|
||||
{% if ingress_nginx_opentelemetry_enabled %}
|
||||
- name: modules
|
||||
mountPath: /modules_mount
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if ingress_nginx_webhook_enabled or ingress_nginx_opentelemetry_enabled %}
|
||||
volumes:
|
||||
{% if ingress_nginx_webhook_enabled %}
|
||||
- name: webhook-cert
|
||||
secret:
|
||||
secretName: ingress-nginx-admission
|
||||
{% endif %}
|
||||
{% if ingress_nginx_opentelemetry_enabled %}
|
||||
- name: modules
|
||||
emptyDir: {}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
@@ -0,0 +1,13 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: IngressClass
|
||||
metadata:
|
||||
name: {{ ingress_nginx_class }}
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
{% if ingress_nginx_default %}
|
||||
annotations:
|
||||
ingressclass.kubernetes.io/is-default-class: "true"
|
||||
{% endif %}
|
||||
spec:
|
||||
controller: k8s.io/ingress-nginx
|
||||
@@ -0,0 +1,17 @@
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
name: ingress-nginx-admission
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
@@ -0,0 +1,47 @@
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: ingress-nginx
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["namespaces"]
|
||||
verbs: ["get"]
|
||||
- apiGroups: [""]
|
||||
resources: ["configmaps", "pods", "secrets", "endpoints"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["services"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingresses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingresses/status"]
|
||||
verbs: ["update"]
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingressclasses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources: ["leases"]
|
||||
# Defaults to "<election-id>", defined in
|
||||
# ds-ingress-nginx-controller.yml.js
|
||||
# by a command-line argument.
|
||||
#
|
||||
# This is the correct behaviour for ingress-controller
|
||||
# version 1.8.1
|
||||
resourceNames: ["ingress-controller-leader-{{ ingress_nginx_class }}"]
|
||||
verbs: ["get", "update"]
|
||||
- apiGroups: [""]
|
||||
resources: ["events"]
|
||||
verbs: ["create", "patch"]
|
||||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources: ["leases"]
|
||||
verbs: ["create"]
|
||||
- apiGroups: ["discovery.k8s.io"]
|
||||
resources: ["endpointslices"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
@@ -0,0 +1,17 @@
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
name: ingress-nginx-admission
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: ingress-nginx-admission
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ingress-nginx-admission
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
@@ -0,0 +1,17 @@
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: ingress-nginx
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: ingress-nginx
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ingress-nginx
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
@@ -0,0 +1,8 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: ingress-nginx-admission
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
@@ -0,0 +1,9 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: ingress-nginx
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
@@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
name: ingress-nginx-controller-admission
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- appProtocol: https
|
||||
name: https-webhook
|
||||
port: 443
|
||||
targetPort: webhook
|
||||
selector:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
@@ -0,0 +1,50 @@
|
||||
{% if not ingress_nginx_host_network %}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: ingress-nginx
|
||||
namespace: {{ ingress_nginx_namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
{% if ingress_nginx_service_annotations %}
|
||||
annotations:
|
||||
{{ ingress_nginx_service_annotations | to_nice_yaml(indent=2, width=1337) | indent(width=4) }}
|
||||
{% endif %}
|
||||
spec:
|
||||
type: {{ ingress_nginx_service_type }}
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
targetPort: 80
|
||||
protocol: TCP
|
||||
{% if (ingress_nginx_service_type == 'NodePort' or ingress_nginx_service_type == 'LoadBalancer') and ingress_nginx_service_nodeport_http %}
|
||||
nodePort: {{ingress_nginx_service_nodeport_http | int}}
|
||||
{% endif %}
|
||||
- name: https
|
||||
port: 443
|
||||
targetPort: 443
|
||||
protocol: TCP
|
||||
{% if (ingress_nginx_service_type == 'NodePort' or ingress_nginx_service_type == 'LoadBalancer') and ingress_nginx_service_nodeport_https %}
|
||||
nodePort: {{ingress_nginx_service_nodeport_https | int}}
|
||||
{% endif %}
|
||||
{% if ingress_nginx_configmap_tcp_services %}
|
||||
{% for port in ingress_nginx_configmap_tcp_services.keys() %}
|
||||
- name: tcp-port-{{ port }}
|
||||
port: {{ port | int }}
|
||||
targetPort: {{ port | int }}
|
||||
protocol: TCP
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if ingress_nginx_configmap_udp_services %}
|
||||
{% for port in ingress_nginx_configmap_udp_services.keys() %}
|
||||
- name: udp-port-{{ port }}
|
||||
port: {{ port | int }}
|
||||
targetPort: {{ port | int }}
|
||||
protocol: UDP
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
selector:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
{% endif %}
|
||||
@@ -1,5 +1,12 @@
|
||||
---
|
||||
dependencies:
|
||||
- role: kubernetes-apps/ingress_controller/ingress_nginx
|
||||
when: ingress_nginx_enabled
|
||||
tags:
|
||||
- apps
|
||||
- ingress-controller
|
||||
- ingress-nginx
|
||||
|
||||
- role: kubernetes-apps/ingress_controller/cert_manager
|
||||
when: cert_manager_enabled
|
||||
tags:
|
||||
|
||||
@@ -58,6 +58,12 @@ rules:
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes/proxy
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- topology.node.k8s.io
|
||||
resources:
|
||||
|
||||
@@ -114,14 +114,4 @@ rules:
|
||||
- update
|
||||
# watch for changes
|
||||
- watch
|
||||
# Services are monitored for service LoadBalancer IP allocation
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- services
|
||||
- services/status
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- update
|
||||
- watch
|
||||
{% endif %}
|
||||
|
||||
@@ -43,12 +43,12 @@
|
||||
- { name: registry-cm, file: registry-cm.yml, type: cm }
|
||||
- { name: registry-rs, file: registry-rs.yml, type: rs }
|
||||
|
||||
- name: Registry | Append ingress templates to Registry Templates list when ALB ingress enabled
|
||||
- name: Registry | Append nginx ingress templates to Registry Templates list when ingress enabled
|
||||
set_fact:
|
||||
registry_templates: "{{ registry_templates + [item] }}"
|
||||
with_items:
|
||||
- [{ name: registry-ing, file: registry-ing.yml, type: ing }]
|
||||
when: ingress_alb_enabled
|
||||
when: ingress_nginx_enabled or ingress_alb_enabled
|
||||
|
||||
- name: Registry | Create manifests
|
||||
template:
|
||||
|
||||
@@ -26,7 +26,7 @@
|
||||
mode: "0700"
|
||||
state: directory
|
||||
|
||||
- name: Write admin kubeconfig to current/ansible become user home
|
||||
- name: Copy admin kubeconfig to current/ansible become user home
|
||||
copy:
|
||||
src: "{{ kube_config_dir }}/admin.conf"
|
||||
dest: "{{ ansible_env.HOME | default('/root') }}/.kube/config"
|
||||
@@ -51,38 +51,41 @@
|
||||
port: "{{ kube_apiserver_port }}"
|
||||
timeout: 180
|
||||
|
||||
- name: Create kubeconfig localhost artifacts
|
||||
when: kubeconfig_localhost
|
||||
block:
|
||||
- name: Generate admin kubeconfig using kubeadm
|
||||
command: >-
|
||||
{{ bin_dir }}/kubeadm kubeconfig user
|
||||
--client-name=kubernetes-admin-{{ cluster_name }}
|
||||
--org=kubeadm:cluster-admins
|
||||
--config {{ kube_config_dir }}/kubeadm-config.yaml
|
||||
register: kubeadm_admin_kubeconfig
|
||||
changed_when: false
|
||||
- name: Get admin kubeconfig from remote host
|
||||
slurp:
|
||||
src: "{{ kube_config_dir }}/admin.conf"
|
||||
run_once: true
|
||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||
register: raw_admin_kubeconfig
|
||||
when: kubeconfig_localhost
|
||||
|
||||
- name: Convert kubeconfig to YAML
|
||||
set_fact:
|
||||
admin_kubeconfig: "{{ raw_admin_kubeconfig.content | b64decode | from_yaml }}"
|
||||
when: kubeconfig_localhost
|
||||
|
||||
- name: Override username in kubeconfig
|
||||
set_fact:
|
||||
final_admin_kubeconfig: "{{ admin_kubeconfig | combine(override_cluster_name, recursive=true) | combine(override_context, recursive=true) | combine(override_user, recursive=true) }}"
|
||||
vars:
|
||||
cluster_infos: "{{ admin_kubeconfig['clusters'][0]['cluster'] }}"
|
||||
user_certs: "{{ admin_kubeconfig['users'][0]['user'] }}"
|
||||
username: "kubernetes-admin-{{ cluster_name }}"
|
||||
context: "kubernetes-admin-{{ cluster_name }}@{{ cluster_name }}"
|
||||
override_cluster_name: "{{ {'clusters': [{'cluster': (cluster_infos | combine({'server': 'https://' + (external_apiserver_address | ansible.utils.ipwrap) + ':' + (external_apiserver_port | string)})), 'name': cluster_name}]} }}"
|
||||
override_context: "{{ {'contexts': [{'context': {'user': username, 'cluster': cluster_name}, 'name': context}], 'current-context': context} }}"
|
||||
override_user: "{{ {'users': [{'name': username, 'user': user_certs}]} }}"
|
||||
when: kubeconfig_localhost
|
||||
|
||||
- name: Write admin kubeconfig on ansible host
|
||||
copy:
|
||||
content: "{{ kubeadm_admin_kubeconfig.stdout | from_yaml | combine(override, recursive=true) | to_nice_yaml(indent=2) }}"
|
||||
content: "{{ final_admin_kubeconfig | to_nice_yaml(indent=2) }}"
|
||||
dest: "{{ artifacts_dir }}/admin.conf"
|
||||
mode: "0600"
|
||||
vars:
|
||||
admin_kubeconfig: "{{ kubeadm_admin_kubeconfig.stdout | from_yaml }}"
|
||||
context: "kubernetes-admin-{{ cluster_name }}@{{ cluster_name }}"
|
||||
override:
|
||||
clusters:
|
||||
- "{{ admin_kubeconfig['clusters'][0] | combine({'name': cluster_name, 'cluster': admin_kubeconfig['clusters'][0]['cluster'] | combine({'server': 'https://' + (external_apiserver_address | ansible.utils.ipwrap) + ':' + (external_apiserver_port | string)})}, recursive=true) }}"
|
||||
contexts:
|
||||
- "{{ admin_kubeconfig['contexts'][0] | combine({'name': context, 'context': admin_kubeconfig['contexts'][0]['context'] | combine({'cluster': cluster_name})}, recursive=true) }}"
|
||||
current-context: "{{ context }}"
|
||||
delegate_to: localhost
|
||||
connection: local
|
||||
become: false
|
||||
run_once: true
|
||||
when: kubeconfig_localhost
|
||||
|
||||
- name: Copy kubectl binary to ansible host
|
||||
fetch:
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
---
|
||||
|
||||
- name: Update server field in component kubeconfigs
|
||||
lineinfile:
|
||||
dest: "{{ kube_config_dir }}/{{ item }}"
|
||||
regexp: '^ server: https'
|
||||
line: ' server: {{ kube_apiserver_endpoint }}'
|
||||
backup: true
|
||||
with_items:
|
||||
- admin.conf
|
||||
- controller-manager.conf
|
||||
- kubelet.conf
|
||||
- scheduler.conf
|
||||
notify:
|
||||
- "Control plane | Restart kube-controller-manager"
|
||||
- "Control plane | Restart kube-scheduler"
|
||||
- "Control plane | reload kubelet"
|
||||
@@ -0,0 +1,18 @@
|
||||
---
|
||||
- name: Fixup kubelet client cert rotation 1/2
|
||||
lineinfile:
|
||||
path: "{{ kube_config_dir }}/kubelet.conf"
|
||||
regexp: '^ client-certificate-data: '
|
||||
line: ' client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem'
|
||||
backup: true
|
||||
notify:
|
||||
- "Control plane | reload kubelet"
|
||||
|
||||
- name: Fixup kubelet client cert rotation 2/2
|
||||
lineinfile:
|
||||
path: "{{ kube_config_dir }}/kubelet.conf"
|
||||
regexp: '^ client-key-data: '
|
||||
line: ' client-key: /var/lib/kubelet/pki/kubelet-client-current.pem'
|
||||
backup: true
|
||||
notify:
|
||||
- "Control plane | reload kubelet"
|
||||
@@ -99,6 +99,9 @@
|
||||
include_tasks: kubeadm-etcd.yml
|
||||
when: etcd_deployment_type == "kubeadm"
|
||||
|
||||
- name: Include kubeadm secondary server apiserver fixes
|
||||
include_tasks: kubeadm-fix-apiserver.yml
|
||||
|
||||
- name: Cleanup unused AuthorizationConfiguration file versions
|
||||
file:
|
||||
path: "{{ kube_config_dir }}/apiserver-authorization-config-{{ item }}.yaml"
|
||||
@@ -106,6 +109,10 @@
|
||||
loop: "{{ ['v1alpha1', 'v1beta1', 'v1'] | reject('equalto', kube_apiserver_authorization_config_api_version) | list }}"
|
||||
when: kube_apiserver_use_authorization_config_file
|
||||
|
||||
- name: Include kubelet client cert rotation fixes
|
||||
include_tasks: kubelet-fix-client-cert-rotation.yml
|
||||
when: kubelet_rotate_certificates
|
||||
|
||||
- name: Install script to renew K8S control plane certificates
|
||||
template:
|
||||
src: k8s-certs-renew.sh.j2
|
||||
|
||||
@@ -429,9 +429,6 @@ featureGates:
|
||||
---
|
||||
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||
kind: KubeletConfiguration
|
||||
{% if kube_version is version('1.35.0', '>=') %}
|
||||
failCgroupV1: {{ kubelet_fail_cgroup_v1 }}
|
||||
{% endif %}
|
||||
clusterDNS:
|
||||
{% for dns_address in kubelet_cluster_dns %}
|
||||
- {{ dns_address }}
|
||||
|
||||
@@ -563,9 +563,6 @@ featureGates:
|
||||
---
|
||||
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||
kind: KubeletConfiguration
|
||||
{% if kube_version is version('1.35.0', '>=') %}
|
||||
failCgroupV1: {{ kubelet_fail_cgroup_v1 }}
|
||||
{% endif %}
|
||||
clusterDNS:
|
||||
{% for dns_address in kubelet_cluster_dns %}
|
||||
- {{ dns_address }}
|
||||
|
||||
@@ -180,6 +180,9 @@ kube_proxy_ipvs_modules:
|
||||
- ip_vs_wlc
|
||||
- ip_vs_lc
|
||||
|
||||
# Set this option to "" (empty) to disable staticPodPath (See docs/operations/hardening.md)
|
||||
kubelet_static_pod_path: "{{ kube_manifest_dir }}"
|
||||
|
||||
## Enable distributed tracing for kubelet
|
||||
kubelet_tracing: false
|
||||
kubelet_tracing_endpoint: "[::]:4317"
|
||||
|
||||
@@ -15,9 +15,6 @@ authorization:
|
||||
{% else %}
|
||||
mode: AlwaysAllow
|
||||
{% endif %}
|
||||
{% if kube_version is version('1.35.0', '>=') %}
|
||||
failCgroupV1: {{ kubelet_fail_cgroup_v1 }}
|
||||
{% endif %}
|
||||
{% if kubelet_enforce_node_allocatable is defined and kubelet_enforce_node_allocatable != "\"\"" %}
|
||||
{% set kubelet_enforce_node_allocatable_list = kubelet_enforce_node_allocatable.split(",") %}
|
||||
enforceNodeAllocatable:
|
||||
@@ -25,7 +22,7 @@ enforceNodeAllocatable:
|
||||
- {{ item }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
staticPodPath: {{ kube_manifest_dir }}
|
||||
staticPodPath: "{{ kubelet_static_pod_path }}"
|
||||
cgroupDriver: {{ kubelet_cgroup_driver | default('systemd') }}
|
||||
containerLogMaxFiles: {{ kubelet_logfiles_max_nr }}
|
||||
containerLogMaxSize: {{ kubelet_logfiles_max_size }}
|
||||
|
||||
@@ -159,7 +159,7 @@ kubeadm_download_url: "{{ dl_k8s_io_url }}/release/v{{ kube_version }}/bin/linux
|
||||
etcd_download_url: "{{ github_url }}/etcd-io/etcd/releases/download/v{{ etcd_version }}/etcd-v{{ etcd_version }}-linux-{{ image_arch }}.tar.gz"
|
||||
cni_download_url: "{{ github_url }}/containernetworking/plugins/releases/download/v{{ cni_version }}/cni-plugins-linux-{{ image_arch }}-v{{ cni_version }}.tgz"
|
||||
calicoctl_download_url: "{{ github_url }}/projectcalico/calico/releases/download/v{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}"
|
||||
calico_crds_download_url: "{{ github_url }}/projectcalico/calico/raw/v{{ calico_version }}/manifests/crds.yaml"
|
||||
calico_crds_download_url: "{{ github_url }}/projectcalico/calico/archive/v{{ calico_version }}.tar.gz"
|
||||
ciliumcli_download_url: "{{ github_url }}/cilium/cilium-cli/releases/download/v{{ cilium_cli_version }}/cilium-linux-{{ image_arch }}.tar.gz"
|
||||
crictl_download_url: "{{ github_url }}/kubernetes-sigs/cri-tools/releases/download/v{{ crictl_version }}/crictl-v{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
|
||||
crio_download_url: "{{ storage_googleapis_url }}/cri-o/artifacts/cri-o.{{ image_arch }}.v{{ crio_version }}.tar.gz"
|
||||
@@ -263,7 +263,7 @@ kube_router_image_tag: "v{{ kube_router_version }}"
|
||||
multus_image_repo: "{{ github_image_repo }}/k8snetworkplumbingwg/multus-cni"
|
||||
multus_image_tag: "v{{ multus_version }}"
|
||||
external_openstack_cloud_controller_image_repo: "{{ kube_image_repo }}/provider-os/openstack-cloud-controller-manager"
|
||||
external_openstack_cloud_controller_image_tag: "v1.35.0"
|
||||
external_openstack_cloud_controller_image_tag: "v1.32.0"
|
||||
|
||||
kube_vip_version: 1.0.3
|
||||
kube_vip_image_repo: "{{ github_image_repo }}/kube-vip/kube-vip{{ '-iptables' if kube_vip_lb_fwdmethod == 'masquerade' else '' }}"
|
||||
@@ -277,9 +277,9 @@ haproxy_image_tag: 3.2.4-alpine
|
||||
# bundle with kubeadm; if not 'basic' upgrade can sometimes fail
|
||||
|
||||
coredns_supported_versions:
|
||||
'1.35': 1.12.4
|
||||
'1.34': 1.12.1
|
||||
'1.33': 1.12.0
|
||||
'1.32': 1.11.3
|
||||
coredns_version: "{{ coredns_supported_versions[kube_major_version] }}"
|
||||
coredns_image_repo: "{{ kube_image_repo }}{{ '/coredns' if coredns_version is version('1.7.1', '>=') else '' }}/coredns"
|
||||
coredns_image_tag: "{{ 'v' if coredns_version is version('1.7.1', '>=') else '' }}{{ coredns_version }}"
|
||||
@@ -309,6 +309,13 @@ local_volume_provisioner_image_tag: "v{{ local_volume_provisioner_version }}"
|
||||
local_path_provisioner_version: "0.0.32"
|
||||
local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner"
|
||||
local_path_provisioner_image_tag: "v{{ local_path_provisioner_version }}"
|
||||
ingress_nginx_version: "1.13.3"
|
||||
ingress_nginx_controller_image_repo: "{{ kube_image_repo }}/ingress-nginx/controller"
|
||||
ingress_nginx_opentelemetry_image_repo: "{{ kube_image_repo }}/ingress-nginx/opentelemetry"
|
||||
ingress_nginx_controller_image_tag: "v{{ ingress_nginx_version }}"
|
||||
ingress_nginx_opentelemetry_image_tag: "v20230721-3e2062ee5"
|
||||
ingress_nginx_kube_webhook_certgen_image_repo: "{{ kube_image_repo }}/ingress-nginx/kube-webhook-certgen"
|
||||
ingress_nginx_kube_webhook_certgen_image_tag: "v1.6.3"
|
||||
alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
|
||||
alb_ingress_image_tag: "v1.1.9"
|
||||
cert_manager_version: "1.15.3"
|
||||
@@ -333,9 +340,9 @@ csi_livenessprobe_image_repo: "{{ kube_image_repo }}/sig-storage/livenessprobe"
|
||||
csi_livenessprobe_image_tag: "v2.11.0"
|
||||
|
||||
snapshot_controller_supported_versions:
|
||||
'1.35': "v7.0.2"
|
||||
'1.34': "v7.0.2"
|
||||
'1.33': "v7.0.2"
|
||||
'1.32': "v7.0.2"
|
||||
snapshot_controller_image_repo: "{{ kube_image_repo }}/sig-storage/snapshot-controller"
|
||||
snapshot_controller_image_tag: "{{ snapshot_controller_supported_versions[kube_major_version] }}"
|
||||
|
||||
@@ -369,6 +376,11 @@ gcp_pd_csi_attacher_image_tag: "v2.1.1-gke.0"
|
||||
gcp_pd_csi_resizer_image_tag: "v0.4.0-gke.0"
|
||||
gcp_pd_csi_registrar_image_tag: "v1.2.0-gke.0"
|
||||
|
||||
dashboard_image_repo: "{{ docker_image_repo }}/kubernetesui/dashboard"
|
||||
dashboard_image_tag: "v2.7.0"
|
||||
dashboard_metrics_scraper_repo: "{{ docker_image_repo }}/kubernetesui/metrics-scraper"
|
||||
dashboard_metrics_scraper_tag: "v1.0.8"
|
||||
|
||||
metallb_speaker_image_repo: "{{ quay_image_repo }}/metallb/speaker"
|
||||
metallb_controller_image_repo: "{{ quay_image_repo }}/metallb/controller"
|
||||
metallb_version: 0.13.9
|
||||
@@ -770,9 +782,14 @@ downloads:
|
||||
calico_crds:
|
||||
file: true
|
||||
enabled: "{{ kube_network_plugin == 'calico' and calico_datastore == 'kdd' }}"
|
||||
dest: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/crds.yaml"
|
||||
checksum: "{{ calico_crds_checksums.no_arch[calico_version] }}"
|
||||
dest: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/{{ calico_version }}.tar.gz"
|
||||
checksum: "{{ calico_crds_archive_checksums.no_arch[calico_version] }}"
|
||||
url: "{{ calico_crds_download_url }}"
|
||||
unarchive: true
|
||||
unarchive_extra_opts:
|
||||
- "--strip=3"
|
||||
- "--wildcards"
|
||||
- "*/libcalico-go/config/crd/"
|
||||
owner: "root"
|
||||
mode: "0755"
|
||||
groups:
|
||||
@@ -907,6 +924,15 @@ downloads:
|
||||
groups:
|
||||
- kube_node
|
||||
|
||||
ingress_nginx_controller:
|
||||
enabled: "{{ ingress_nginx_enabled }}"
|
||||
container: true
|
||||
repo: "{{ ingress_nginx_controller_image_repo }}"
|
||||
tag: "{{ ingress_nginx_controller_image_tag }}"
|
||||
checksum: "{{ ingress_nginx_controller_digest_checksum | default(None) }}"
|
||||
groups:
|
||||
- kube_node
|
||||
|
||||
ingress_alb_controller:
|
||||
enabled: "{{ ingress_alb_enabled }}"
|
||||
container: true
|
||||
@@ -1048,6 +1074,24 @@ downloads:
|
||||
groups:
|
||||
- kube_node
|
||||
|
||||
dashboard:
|
||||
enabled: "{{ dashboard_enabled }}"
|
||||
container: true
|
||||
repo: "{{ dashboard_image_repo }}"
|
||||
tag: "{{ dashboard_image_tag }}"
|
||||
checksum: "{{ dashboard_digest_checksum | default(None) }}"
|
||||
groups:
|
||||
- kube_control_plane
|
||||
|
||||
dashboard_metrics_scrapper:
|
||||
enabled: "{{ dashboard_enabled }}"
|
||||
container: true
|
||||
repo: "{{ dashboard_metrics_scraper_repo }}"
|
||||
tag: "{{ dashboard_metrics_scraper_tag }}"
|
||||
checksum: "{{ dashboard_digest_checksum | default(None) }}"
|
||||
groups:
|
||||
- kube_control_plane
|
||||
|
||||
metallb_speaker:
|
||||
enabled: "{{ metallb_speaker_enabled }}"
|
||||
container: true
|
||||
|
||||
@@ -17,9 +17,6 @@ kube_api_anonymous_auth: true
|
||||
# Default value, but will be set to true automatically if detected
|
||||
is_fedora_coreos: false
|
||||
|
||||
# Kubernetes 1.35+: fail on cgroup v1 by default
|
||||
kubelet_fail_cgroup_v1: true
|
||||
|
||||
# Swap settings
|
||||
kubelet_fail_swap_on: true
|
||||
kubelet_swap_behavior: LimitedSwap
|
||||
@@ -439,6 +436,10 @@ credentials_dir: "{{ inventory_dir }}/credentials"
|
||||
# K8s image pull policy (imagePullPolicy)
|
||||
k8s_image_pull_policy: IfNotPresent
|
||||
|
||||
# Kubernetes dashboard
|
||||
# RBAC required. see docs/getting-started.md for access details.
|
||||
dashboard_enabled: false
|
||||
|
||||
# Addons which can be enabled
|
||||
helm_enabled: false
|
||||
registry_enabled: false
|
||||
@@ -455,6 +456,7 @@ vsphere_csi_enabled: false
|
||||
upcloud_csi_enabled: false
|
||||
csi_snapshot_controller_enabled: false
|
||||
persistent_volumes_enabled: false
|
||||
ingress_nginx_enabled: false
|
||||
ingress_alb_enabled: false
|
||||
cert_manager_enabled: false
|
||||
expand_persistent_volumes: false
|
||||
|
||||
@@ -1,27 +1,24 @@
|
||||
---
|
||||
crictl_checksums:
|
||||
arm64:
|
||||
1.35.0: sha256:519071de89b64c43e2a1661bb5489c6c3fd5e9e5fcef75e50e542b0c891f1118
|
||||
1.34.0: sha256:c31d252e203df5f4cf37f314bd3092eb79087e791631c1e607087c74b6d0423f
|
||||
1.33.0: sha256:e1f34918d77d5b4be85d48f5d713ca617698a371b049ea1486000a5e86ab1ff3
|
||||
1.32.0: sha256:f2f4e20658b72d00897f41e4b57093c8080e2d800ee894a5f4351f31d1833e30
|
||||
amd64:
|
||||
1.35.0: sha256:2e141e5b22cb189c40365a11807d69b76b9b3caced89fac2f4ec879408ce2177
|
||||
1.34.0: sha256:a8ff2a3edb37a98daf3aba7c3b284fe0aa5bff24166d896ab9ef64c8913c9f51
|
||||
1.33.0: sha256:8307399e714626e69d1213a4cd18c8dec3d0201ecdac009b1802115df8973f0f
|
||||
1.32.0: sha256:f050b71d3a73a91a4e0990b90143ed04dcd100cc66f953736fcb6a2730e283c4
|
||||
ppc64le:
|
||||
1.35.0: sha256:786522b14d684604c8b435312a310972bc1b460cddb1bb216a298098cd86b22e
|
||||
1.34.0: sha256:1da50181f2f6f6f6332b9dbc7d7cc020457ccd542620167953c0e288535acc93
|
||||
1.33.0: sha256:4224acfef4d1deba2ba456b7d93fa98feb0a96063ef66024375294f1de2b064f
|
||||
1.32.0: sha256:4ffaf29bbda8df42ed2dda4f1ad33cc785987701dc8d1e0043c17cfea9af43e0
|
||||
crio_archive_checksums:
|
||||
arm64:
|
||||
1.35.0: sha256:e57175a4d00387b78adfbe248d087d8127bed625afb529e34b2c90d08cfdaf87
|
||||
1.34.5: sha256:999a5dc2dc9854222aeff8a20897e0b34f0ba02c9b260b611d66c62e00e279e0
|
||||
1.34.4: sha256:d176f6256d606a3fc279f9f2994ef4a4c4cbaaa0601f4d1bba1a19bec5674ce9
|
||||
1.34.3: sha256:314595247054b53767a736e24bc3030a5f7c17552944c62b2e190c9e95fe4ca6
|
||||
1.34.2: sha256:ac7530f7fc9d531a87bfdfcae9cf8bf81a8bbdb75e63a046ed96911aa7b68ebd
|
||||
1.34.1: sha256:41a71cab6a61ae429ec447d572fd1cdea0a7e33d62aaa58c3b07467665b50b9f
|
||||
1.34.0: sha256:3006658270477c5fb1e88e9124e40982d2ba7b34495fcc12f0fecd33bbab9a5a
|
||||
1.33.9: sha256:bfcd534db3d1a9380dd7007d623e1eb3250ba64f7c4657e79e9e99b1d874f8f1
|
||||
1.33.8: sha256:59c91726535dcadd0372df0c6aa8595e4d59590994b598b2d97ea2510b216359
|
||||
1.33.7: sha256:af3ea22d3d6944c9a907c6c13d77e9fc4dbcf3972ffbde18dd6f37f1c2ffbd0d
|
||||
1.33.6: sha256:6ee49e746d1a5be1a664a6f801c68b169cb181a9aaf12218eed121e2b151bfdb
|
||||
@@ -31,7 +28,6 @@ crio_archive_checksums:
|
||||
1.33.2: sha256:0a161cb1437a50fbdb04bf5ca11dbec8bfc567871d0597a5676737278a945a36
|
||||
1.33.1: sha256:6bf135db438937f0ab7a533af64564a0fb1d2079a43723ce9255ecbf9556ae05
|
||||
1.33.0: sha256:8a0dbee2879495d5b33e6fdeac32e5d86c356897bdcf3a94cd602851620ce8b5
|
||||
1.32.13: sha256:f40004183d93bb203231385b5dd07a32e17eced47213817c1958ccc9eea73f70
|
||||
1.32.12: sha256:26a5138f4e4f15d370630c3bb8bf04fe28b24c57ce2bb11717a2c9a2e1c54404
|
||||
1.32.11: sha256:25c6ccfe9b70bf12222577b4cbf286ade9e2d112ab10c7d4507ba12cbcfad5ba
|
||||
1.32.10: sha256:4e8ceb6f2c936e31a9b892a076deecc52be9feac4acf8af242fb6db817fda9b1
|
||||
@@ -46,14 +42,11 @@ crio_archive_checksums:
|
||||
1.32.1: sha256:f64da0ef41604575b476ad6d7288ca14f56fc06cc0ca138a5c3dc933427f7b32
|
||||
1.32.0: sha256:b092eddabedac98a0f8449dc535acfec0e14c21f59cabe8f9703043d995a1a41
|
||||
amd64:
|
||||
1.35.0: sha256:55b6d3e9fc9a5864ab5cdf0b24d54b1dcbaf6d4919274b3b9eb37bfc4b0b8cb5
|
||||
1.34.5: sha256:d6606fb6d686b8f814dfec801f0f3cf2ded974c194fa90facefda36075b6fab2
|
||||
1.34.4: sha256:f6348a781c34b433fe1c5150da3408e51e828b610eacbe734405e9c31136d810
|
||||
1.34.3: sha256:e269914f3bc4f36ac87cd593d74daaa43c390571994062180019248be32cc6f7
|
||||
1.34.2: sha256:3a0012938ed389e9270a208bb73b250062d5f1be5798472b1728403d55ddc1da
|
||||
1.34.1: sha256:22c1e4d68d9339aa58a1b0f1b40a8944102934a7505105abe461dc8a7e3de540
|
||||
1.34.0: sha256:5a8bc5c3b8072cb9bde1cf025d5597f75bf21018712c5b72d5cb0657948595c8
|
||||
1.33.9: sha256:81c20a12866d9a7c08c6e381ed326141c917454b696a05b46ae27665fe3c5cfa
|
||||
1.33.8: sha256:537adda39074377893f1f650a71b576ba487b3c4d2ee55e9b22f4e95fc188594
|
||||
1.33.7: sha256:e2999436a272c77370241a4f962c80737698dd8c2400fe75e5c7cf2142c96001
|
||||
1.33.6: sha256:4d0d446f73d9db6d5bf2c03ecdc39d9d702836886f4715886c15dc2f461cc810
|
||||
@@ -63,7 +56,6 @@ crio_archive_checksums:
|
||||
1.33.2: sha256:6e82739bbbeae12d571a277a88d85e8a0e23dbc87529414a91ee5f2e23792dcf
|
||||
1.33.1: sha256:036063194028d24c75b9ce080e475ad97bacc955de796b7c895845294db8edbf
|
||||
1.33.0: sha256:dad0cec9e09368b37b35ce824b0ef517a1b33365c4bb164fe82310c73c886f7e
|
||||
1.32.13: sha256:27e2bf049f589a568d45c4fdd0eaf119680176c202bd09219f8726ba37f9c21e
|
||||
1.32.12: sha256:13cb9676686c0ccd6bd7ffef9125f6370f803f08a559cf31f017193619891960
|
||||
1.32.11: sha256:98424dbe3eb1377b314bb35b30842987ccc800faa2f8145d52eb2a9c1efa17be
|
||||
1.32.10: sha256:b8e66bd33c885baf65535e671a120de4d7675833a75489403a9406e5fd2faa5e
|
||||
@@ -78,14 +70,11 @@ crio_archive_checksums:
|
||||
1.32.1: sha256:d35de1e765481018c7ccdc92edeb59b25938f3bd9d1670440e7ccd3d599f95a7
|
||||
1.32.0: sha256:8f483f1429d2d9cd6bfa6db2e3a4263151701dd4f05f2b1c06cf8e67c44ea67e
|
||||
ppc64le:
|
||||
1.35.0: sha256:081ab73a6970ac3c68893dea9a03b0732ca22ab44a2aa8794fddac0bd4dfa749
|
||||
1.34.5: sha256:3a10d4c1406df01bd9ab88750eabc1273964e9c5f24c7d4a0b719ae77e6cfec2
|
||||
1.34.4: sha256:dca59a28fe9b0b9163418eca1545c9ed01cf514179f108d14e462c6074fd103c
|
||||
1.34.3: sha256:4dd782484eeb460b9a95e6e2e07474216fc02ad45a27ba871799d18f2b6ee0ae
|
||||
1.34.2: sha256:d4c3c9ba24b1b0eabf3c11ddec98801dda7a87b0529706e9ede18b8cc9e4182a
|
||||
1.34.1: sha256:cba0ac74e7202fe28cf8aa895b83f7a30d78b148666add78e19215259f629bb0
|
||||
1.34.0: sha256:e9e41d14439db0ca88cf2cd8533038203f379c25cd612f37635c17908e050ebf
|
||||
1.33.9: sha256:c0a9e60800f66f85c70615128fec5a8358ffde0f715a4058163707dbcca8eb94
|
||||
1.33.8: sha256:1d69c01512e8ebdd51fc70fc64473a31d492e8db095c0ee5d3ee58722048150c
|
||||
1.33.7: sha256:076e7519bfff72a43fb1121ce836eee3cc1fec5bb5a59a11747c514e9d162d26
|
||||
1.33.6: sha256:3643eefe295604288f5b652fb9c672a60f96dc803e63edaf9ee64ed4047a50dd
|
||||
@@ -95,7 +84,6 @@ crio_archive_checksums:
|
||||
1.33.2: sha256:8ed65404a57262a9f8eb75b61afa37fcec134472eb1a6d81f1889a74ff32c651
|
||||
1.33.1: sha256:12646aca33f65fe335c27d3af582c599584d3f51185f01044e7ddd0668bb2b4c
|
||||
1.33.0: sha256:b4fa46b25538d8145197f8bf2e935486392c0ca2a9fa609aedd02b9f106d37a6
|
||||
1.32.13: sha256:52e9c38bb1a11abfe4f271eb4d4675cc99cfbaef3d35fd5572be8e63659b08ab
|
||||
1.32.12: sha256:9ba4f2c3be48c0f1f3228ef6322aeb3738f3ef461fd483a0cb4c2e5b067f080c
|
||||
1.32.11: sha256:6c2036f2ed7134c596b5a453a06fbb7e646db9586bff0d993f5223dccf167420
|
||||
1.32.10: sha256:ae4740c6bb6f346338f94508c74d5b1ec94f2691cb12f9a9add437fee5391f8d
|
||||
@@ -111,14 +99,10 @@ crio_archive_checksums:
|
||||
1.32.0: sha256:e0544544c91f603afaf54ed814c8519883212bcb149f53a8be9bb0c749e9ec86
|
||||
kubelet_checksums:
|
||||
arm64:
|
||||
1.35.1: sha256:73475c6db8fd8a9780b1b378fa2f917875e6146166c24603c1abc6eafd4493a8
|
||||
1.35.0: sha256:aa658d077348b43d238f50966a583f4244b2a7d45590c77b3b165b7d44983ab8
|
||||
1.34.4: sha256:c78845473c434ee85a2444eeab87f8b20f524e3ab6854a078f79468f44aad8f5
|
||||
1.34.3: sha256:765b740e3ad9c590852652a2623424ec60e2dddce2c6280d7f042f56c8c98619
|
||||
1.34.2: sha256:3e31b1bee9ab32264a67af8a19679777cd372b1c3a04b5d7621289cf137b357c
|
||||
1.34.1: sha256:6a66bc08d6c637fcea50c19063cf49e708fde1630a7f1d4ceca069a45a87e6f1
|
||||
1.34.0: sha256:e45a7795391cd62ee226666039153832d3096c0f892266cd968936e18b2b40b0
|
||||
1.33.8: sha256:e835f15be6d8b7b27b963a46c4a054f7663c26741f17e003bfcb8271350cf882
|
||||
1.33.7: sha256:3035c44e0d429946d6b4b66c593d371cf5bbbfc85df39d7e2a03c422e4fe404a
|
||||
1.33.6: sha256:7d8b7c63309cfe2da2331a1ae13cce070b9ba01e487099e7881a4281667c131d
|
||||
1.33.5: sha256:c6ad0510c089d49244eede2638b4a4ff125258fd29a0649e7eef05c7f79c737f
|
||||
@@ -127,15 +111,23 @@ kubelet_checksums:
|
||||
1.33.2: sha256:0fa15aca9b90fe7aef1ed3aad31edd1d9944a8c7aae34162963a6aaaf726e065
|
||||
1.33.1: sha256:10540261c311ae005b9af514d83c02694e12614406a8524fd2d0bad75296f70d
|
||||
1.33.0: sha256:ae5a4fc6d733fc28ff198e2d80334e21fcb5c34e76b411c50fff9cb25accf05a
|
||||
1.32.11: sha256:7d1c3aaae0dffa8d5c90bbaed49f25d32f98332801bde55cfea6efaead639491
|
||||
1.32.10: sha256:21cc3d98550d3a23052d649e77956f2557e7f6119ff1e27dc82b852d006136cd
|
||||
1.32.9: sha256:29037381c79152409adacee83448a2bdb67e113f003613663c7589286200ded8
|
||||
1.32.8: sha256:d5527714fac08eac4c1ddcbd8a3c6db35f3acd335d43360219d733273b672cce
|
||||
1.32.7: sha256:b862a8d550875924c8abed6c15ba22564f7e232c239aa6a2e88caf069a0ab548
|
||||
1.32.6: sha256:b045d4f8f96bf934c894f9704ab2931ffa3c6cf78a8d98e457482a6c455dab6d
|
||||
1.32.5: sha256:034753a2e308afeb4ce3cf332d38346c6e660252eac93b268fac0e112a56ff46
|
||||
1.32.4: sha256:91117b71eb2bb3dd79ec3ed444e058a347349108bf661838f53ee30d2a0ff168
|
||||
1.32.3: sha256:5c3c98e6e0fa35d209595037e05022597954b8d764482417a9588e15218f0fe2
|
||||
1.32.2: sha256:d74b659bbde5adf919529d079975900e51e10bc807f0fda9dc9f6bb07c4a3a7b
|
||||
1.32.1: sha256:8e6d0eeedd9f0b8b38d4f600ee167816f71cf4dacfa3d9a9bb6c3561cc884e95
|
||||
1.32.0: sha256:bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf
|
||||
amd64:
|
||||
1.35.1: sha256:e7343310e03ff0d424df4397bdfa4468947d6d1f0f93dac586c1e8d6e4086d5d
|
||||
1.35.0: sha256:2f4ed7778681649b81244426c29c5d98df60ccabf83d561d69e61c1cbb943ddf
|
||||
1.34.4: sha256:03b8fea715a7ef82eeaf518dee34c72670c57cc7bc40dc1320c04fbf4f15172f
|
||||
1.34.3: sha256:0e759f40bbc717c05227ae3994b77786f58f59ffa0137a34958c6b26fa5bcbbd
|
||||
1.34.2: sha256:9c5e717b774ee9b9285ce47e7d2150c29e84837eb19a7eaa24b60b1543c9d58f
|
||||
1.34.1: sha256:5a72c596c253ea0b0e5bcc6f29903fd41d1d542a7cadf3700c165a2a041a8d82
|
||||
1.34.0: sha256:5c0d28cea2a3a5c91861dda088a29d56c1b027e184dae1d792686f0710750076
|
||||
1.33.8: sha256:1caa69c5328cfa774218f75f0621a6f10a1b97e095af85015f468aeb8fdf956a
|
||||
1.33.7: sha256:2cea40c8c6929330e799f8fc73233a4b61e63f208739669865e2a23a39c3a007
|
||||
1.33.6: sha256:10cd08fe1f9169fd7520123bcdfff87e37b8a4e21c39481faa382f00355b6973
|
||||
1.33.5: sha256:8f6106b970259486c5af5cbee404d4f23406d96d99dfb92a6965b299c2a4db0e
|
||||
@@ -144,15 +136,23 @@ kubelet_checksums:
|
||||
1.33.2: sha256:77fa5d29995653fe7e2855759a909caf6869c88092e2f147f0b84cbdba98c8f3
|
||||
1.33.1: sha256:f7224648451dd4f9f2c4f79416f9874223c286ce41727788965fd0341ddb59c4
|
||||
1.33.0: sha256:dd416d94850c342226d3dcdce838518b040ccea16548bfeaf2595934af88ef60
|
||||
1.32.11: sha256:02b25e87a3fe14e9ea74c10d3b1e204d12af30b8ce7ed11af2a985b49ddb0b83
|
||||
1.32.10: sha256:bfff8f244992162c0491f8f42d807165ed5c685aecfb3e8000412535ad18a873
|
||||
1.32.9: sha256:fd7711d1f0c1e263e9332004858fc4a6c39462e3e2ee485706eea5297966ed9c
|
||||
1.32.8: sha256:7dfca4da9cdf592c0f70800e09fb42553765bc0951cade3d6e0c571daf3f23ee
|
||||
1.32.7: sha256:7ab96898436475640cbd416b2446f33aba1c2cb62dae876302ff7775d850041c
|
||||
1.32.6: sha256:aa37219c4796a2fbf5af7f37fb7f11998947f9fd0d0f30dbeb40c47d4e9c8777
|
||||
1.32.5: sha256:2b2988edd1646bf139dee6956d4283c520ff151a36febd10701ffda4852b8250
|
||||
1.32.4: sha256:3e0c265fe80f3ea1b7271a00879d4dbd5e6ea1e91ecf067670c983e07c33a6f4
|
||||
1.32.3: sha256:024bb7faffa787c7717a2b37398a8c6df35694a8585a73074b052c3f4c4906ce
|
||||
1.32.2: sha256:9927fee1678202719075d8d546390bcda86c9e519b811fb7f4820b6823f84cab
|
||||
1.32.1: sha256:967dc8984651c48230a2ff5319e22cbf858452e974104a19bbade5d1708f72ad
|
||||
1.32.0: sha256:5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2
|
||||
ppc64le:
|
||||
1.35.1: sha256:ec8b7f870043f711b5d73e528342af1705d6ad7f8308d7f31d74d967986b54f6
|
||||
1.35.0: sha256:f24eb1244878a3876fe180e6052822cc9998033850478b2f4776e5c3b09baecd
|
||||
1.34.4: sha256:fab75e3eb1e0edf15aef7e8ba219256b44f047544ac421737d1778784fa46676
|
||||
1.34.3: sha256:67dcceb6d91710e4da7af720eda7b20fd4e8c24237fc345602bb54439ad8ccca
|
||||
1.34.2: sha256:a195f278b9bac26803f1e26b0f608e0dce66aad033e8c043e8555775612530c9
|
||||
1.34.1: sha256:c4782dbf1987680e9b2baa3ecf5db9e66395772e82b251eb73a150fbfbe0b906
|
||||
1.34.0: sha256:ed663fa4ff3e305276dd889885303e07989dfab073e95ef2da931b975f6686e8
|
||||
1.33.8: sha256:392ed39b6c037bc5c510412c9b5cfd29238d31dd67d1a3cbae7ef4a274304c63
|
||||
1.33.7: sha256:f96dd4272ca8eccf1f93fb5162323840b9286c5a42a5305fcc1b4d47889534d3
|
||||
1.33.6: sha256:00ae91297503518efd237d40900af4de0067597ae4f2ab8250ddb629ffb6df05
|
||||
1.33.5: sha256:1d785ead3f6709f66a105c629a020b9dfe6dff775fae42f7d147edec2d178351
|
||||
@@ -161,16 +161,24 @@ kubelet_checksums:
|
||||
1.33.2: sha256:be8412cb9bf30125e3a88ecb9bfca4df1ff5d4e650947c46222683071f1a17d7
|
||||
1.33.1: sha256:c1bc01115a513eaec76d56dc52a52aeb05f866a6d07c55335c1fff56c868543d
|
||||
1.33.0: sha256:6fa5abbc14d65b943b00fcfc8a6ac7eb39fd7e924271738c6f17e0b7e74c665b
|
||||
1.32.11: sha256:17baef329a468f958658f3e4c3f04689dd2506077214e36d4495b8d0c6776da9
|
||||
1.32.10: sha256:277e68bcf192ea91f3426b8fb540c4951e2e3bffc659a7b39b98c749e828acc7
|
||||
1.32.9: sha256:81ba713e8b51644336d428dfa5654cc4e2e4a4ea742976b56ddf965a347330e5
|
||||
1.32.8: sha256:ec5a2e045dc49b7e1d34a0c78fbc645ce568b2275e807b6313da46e584f56f68
|
||||
1.32.7: sha256:4ddc5a0b42100295896a43a1a637180872293c9f7305a90dd3377681b1401469
|
||||
1.32.6: sha256:fd0140949b02c82539ff84db15d0d406445f34221d0547e7ee31245cd982ff47
|
||||
1.32.5: sha256:b9cb7bf4b5518e1b5542717c82a753663154e08c84e336feba424cf3575313a3
|
||||
1.32.4: sha256:62e7854ea84bf0fd5a9c47a1ab7ade7a74b4f160efdf486320ed913b4e8e7f79
|
||||
1.32.3: sha256:efc2b01d4ab74f283ab4ff2bad4369e2b9f66fa875673b72627aa6e7a7b507cb
|
||||
1.32.2: sha256:3602474e25b0b42a4b0f43ece2ca1e03fe5f3864f0936537256920bbb2eb9acd
|
||||
1.32.1: sha256:623889368808042a236d7078d85a23ce5ef0e43b6fadc09bcacfdf704ac876b4
|
||||
1.32.0: sha256:99d409a8023224d84c361e29cdf21ac0458a5449f03e12550288aa654539e3a1
|
||||
kubectl_checksums:
|
||||
arm:
|
||||
1.35.1: sha256:dbe14e5b12184d72978b17b167aedc3f42f4a1faf249180025d6359eebcd983e
|
||||
1.35.0: sha256:dca28f6af03b31ca6043baa1da7332472c7a3df743606a758534b9ac3ed7ecce
|
||||
1.34.4: sha256:3a6e631bdbb79e633d23055dadc97b45f45d325105ddf40e696de2a324a254c0
|
||||
1.34.3: sha256:e0cf1eddede6abfd539e30ccbb4e50f65b2d6ff44b3bb9d9107ea8775a90a7e4
|
||||
1.34.2: sha256:18e03c1c6ab1dbff6d2a648bf944213f627369d1daeea5b43a7890181ab33abf
|
||||
1.34.1: sha256:ca6218ae8bf366bd8ccdcb440b756c67422a4e04936163845f74d8c056e786ee
|
||||
1.34.0: sha256:69d2ce88274caf9d9117b359cc27656fb6f9dd6517c266cfd93c6513043968b8
|
||||
1.33.8: sha256:734dea07663751c8b45926c843e2c250f13473d65f396555a1ecfe0c9c502fa8
|
||||
1.33.7: sha256:f6b9ac99f4efb406c5184d0a51d9ed896690c80155387007291309cbb8cdd847
|
||||
1.33.6: sha256:89bcef827ac8662781740d092cff410744c0653d828b68cc14051294fcd717e6
|
||||
1.33.5: sha256:5a3a416a85cfc9f7a348c0c0e6334b7449e00a57288ab5a57286ccf68a4d06af
|
||||
@@ -179,15 +187,23 @@ kubectl_checksums:
|
||||
1.33.2: sha256:f3992382aa0ea21f71a976b6fd6a213781c9b58be60c42013950110cf2184f2a
|
||||
1.33.1: sha256:6b1cd6e2bf05c6adaa76b952f9c4ea775f5255913974ccdb12145175d4809e93
|
||||
1.33.0: sha256:bbb4b4906d483f62b0fc3a0aea3ddac942820984679ad11635b81ee881d69ab3
|
||||
1.32.11: sha256:358dafd910cec676f05e04fbed44ea26ec393cd60b5b885bc60c27e1aaf383c9
|
||||
1.32.10: sha256:b42bc77586238b43b8c5cdd06086f1ab00190245dd8b66b28822785b177fbde4
|
||||
1.32.9: sha256:84629d460b60693ca954e148ce522defd34d18bc5c934836cfaf0268930713dd
|
||||
1.32.8: sha256:ed54b52631fdf5ecc4ddb12c47df481f84b5890683beaeaa55dc84e43d2cd023
|
||||
1.32.7: sha256:c5416b59afdf897c4fbf08867c8a32b635f83f26e40980d38233fad6b345e37c
|
||||
1.32.6: sha256:77fec65c6f08c28f8695de4db877d82d74c881ed3ed110ebfd88cbd4ee3d01dc
|
||||
1.32.5: sha256:7270e6ac4b82b5e4bd037dccae1631964634214baa66a9548deb5edd3f79de31
|
||||
1.32.4: sha256:bf28793213039690d018bbfa9bcfcfed76a9aa8e18dc299eced8709ca542fcdd
|
||||
1.32.3: sha256:f990c878e54e5fac82eac7398ef643acca9807838b19014f1816fa9255b2d3d9
|
||||
1.32.2: sha256:e1e6a2fd4571cd66c885aa42b290930660d34a7331ffb576fcab9fd1a0941a83
|
||||
1.32.1: sha256:8ccf69be2578d3a324e9fc7d4f3b29bc9743cc02d72f33ba2d0fe30389014bc8
|
||||
1.32.0: sha256:6b33ea8c80f785fb07be4d021301199ae9ee4f8d7ea037a8ae544d5a7514684e
|
||||
arm64:
|
||||
1.35.1: sha256:706256e21a4e9192ee62d1a007ac0bfcff2b0b26e92cc7baad487a6a5d08ff82
|
||||
1.35.0: sha256:58f82f9fe796c375c5c4b8439850b0f3f4d401a52434052f2df46035a8789e25
|
||||
1.34.4: sha256:5b982c0644ab1e27780246b9085a5886651b4a7ed86243acbb2bacc1bea01dda
|
||||
1.34.3: sha256:46913a7aa0327f6cc2e1cc2775d53c4a2af5e52f7fd8dacbfbfd098e757f19e9
|
||||
1.34.2: sha256:95df604e914941f3172a93fa8feeb1a1a50f4011dfbe0c01e01b660afc8f9b85
|
||||
1.34.1: sha256:420e6110e3ba7ee5a3927b5af868d18df17aae36b720529ffa4e9e945aa95450
|
||||
1.34.0: sha256:00b182d103a8a73da7a4d11e7526d0543dcf352f06cc63a1fde25ce9243f49a0
|
||||
1.33.8: sha256:76e284669f1f6343bd9fe2a011757809c8c01cf51da9f85ee6ef4eb93c8393a8
|
||||
1.33.7: sha256:fa7ee98fdb6fba92ae05b5e0cde0abd5972b2d9a4a084f7052a1fd0dce6bc1de
|
||||
1.33.6: sha256:3ab32d945a67a6000ba332bf16382fc3646271da6b7d751608b320819e5b8f38
|
||||
1.33.5: sha256:6db7c5d846c3b3ddfd39f3137a93fe96af3938860eefdbf2429805ee1656e381
|
||||
@@ -196,15 +212,23 @@ kubectl_checksums:
|
||||
1.33.2: sha256:54dc02c8365596eaa2b576fae4e3ac521db9130e26912385e1e431d156f8344d
|
||||
1.33.1: sha256:d595d1a26b7444e0beb122e25750ee4524e74414bbde070b672b423139295ce6
|
||||
1.33.0: sha256:48541d119455ac5bcc5043275ccda792371e0b112483aa0b29378439cf6322b9
|
||||
1.32.11: sha256:b1c91c106ec20e61c5dff869e9a39e6af4fb96572bddaac9cce307dfa3ed2348
|
||||
1.32.10: sha256:1f4229526e16bf9f5b854fbf3bdb9c7040404a29c1d1e4193258b8a73de06e92
|
||||
1.32.9: sha256:d5f6b45ad81b7d199187a28589e65f83406e0610b036491a9abaa49bfd04a708
|
||||
1.32.8: sha256:8a7371e54187249389a9aa222b150d61a4a745c121ab24dbcbb56d1ac2d0b912
|
||||
1.32.7: sha256:232f6e517633fbb4696c9eb7a0431ee14b3fccbb47360b4843d451e0d8c9a3a2
|
||||
1.32.6: sha256:f7bac84f8c35f55fb2c6ad167beb59eba93de5924b50bbaa482caa14ff480eec
|
||||
1.32.5: sha256:9edee84103e63c40a37cd15bd11e04e7835f65cb3ff5a50972058ffc343b4d96
|
||||
1.32.4: sha256:c6f96d0468d6976224f5f0d81b65e1a63b47195022646be83e49d38389d572c2
|
||||
1.32.3: sha256:6c2c91e760efbf3fa111a5f0b99ba8975fb1c58bb3974eca88b6134bcf3717e2
|
||||
1.32.2: sha256:7381bea99c83c264100f324c2ca6e7e13738a73b8928477ac805991440a065cd
|
||||
1.32.1: sha256:98206fd83a4fd17f013f8c61c33d0ae8ec3a7c53ec59ef3d6a0a9400862dc5b2
|
||||
1.32.0: sha256:ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896
|
||||
amd64:
|
||||
1.35.1: sha256:36e2f4ac66259232341dd7866952d64a958846470f6a9a6a813b9117bd965207
|
||||
1.35.0: sha256:a2e984a18a0c063279d692533031c1eff93a262afcc0afdc517375432d060989
|
||||
1.34.4: sha256:d50c359d95e0841eaad08ddc27c7be37cba8fdccfba5c8e2ded65e121ff112db
|
||||
1.34.3: sha256:ab60ca5f0fd60c1eb81b52909e67060e3ba0bd27e55a8ac147cbc2172ff14212
|
||||
1.34.2: sha256:9591f3d75e1581f3f7392e6ad119aab2f28ae7d6c6e083dc5d22469667f27253
|
||||
1.34.1: sha256:7721f265e18709862655affba5343e85e1980639395d5754473dafaadcaa69e3
|
||||
1.34.0: sha256:cfda68cba5848bc3b6c6135ae2f20ba2c78de20059f68789c090166d6abc3e2c
|
||||
1.33.8: sha256:7f9c3faab7c9f9cc3f318d49eb88efc60eb3b3a7ce9eee5feb39b1280e108a29
|
||||
1.33.7: sha256:471d94e208a89be62eb776700fc8206cbef11116a8de2dc06fc0086b0015375b
|
||||
1.33.6: sha256:d25d9b63335c038333bed785e9c6c4b0e41d791a09cac5f3e8df9862c684afbe
|
||||
1.33.5: sha256:6a12d6c39e4a611a3687ee24d8c733961bb4bae1ae975f5204400c0a6930c6fc
|
||||
@@ -213,15 +237,23 @@ kubectl_checksums:
|
||||
1.33.2: sha256:33d0cdec6967817468f0a4a90f537dfef394dcf815d91966ca651cc118393eea
|
||||
1.33.1: sha256:5de4e9f2266738fd112b721265a0c1cd7f4e5208b670f811861f699474a100a3
|
||||
1.33.0: sha256:9efe8d3facb23e1618cba36fb1c4e15ac9dc3ed5a2c2e18109e4a66b2bac12dc
|
||||
1.32.11: sha256:48581d0e808bd8b7d3c3fc014e86b170e25a987df04c8a879b982b28a5180815
|
||||
1.32.10: sha256:6e14ef4e509e9f3d1dfc2815643f832f853d2d9f6622d4a0f83f77c7e4014b57
|
||||
1.32.9: sha256:509ae171bac7ad3b98cc49f5594d6bc84900cf6860f155968d1059fde3be5286
|
||||
1.32.8: sha256:0fc709a8262be523293a18965771fedfba7466eda7ab4337feaa5c028aa46b1b
|
||||
1.32.7: sha256:b8f24d467a8963354b028796a85904824d636132bef00988394cadacffe959c9
|
||||
1.32.6: sha256:0e31ebf882578b50e50fe6c43e3a0e3db61f6a41c9cded46485bc74d03d576eb
|
||||
1.32.5: sha256:aaa7e6ff3bd28c262f2d95c8c967597e097b092e9b79bcb37de699e7488e3e7b
|
||||
1.32.4: sha256:10d739e9af8a59c9e7a730a2445916e04bc9cbb44bc79d22ce460cd329fa076c
|
||||
1.32.3: sha256:ab209d0c5134b61486a0486585604a616a5bb2fc07df46d304b3c95817b2d79f
|
||||
1.32.2: sha256:4f6a959dcc5b702135f8354cc7109b542a2933c46b808b248a214c1f69f817ea
|
||||
1.32.1: sha256:e16c80f1a9f94db31063477eb9e61a2e24c1a4eee09ba776b029048f5369db0c
|
||||
1.32.0: sha256:646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70
|
||||
ppc64le:
|
||||
1.35.1: sha256:bced44e491ce52cce11e2b4bd4bd9181f4f963ffe868438778d028d56485c5d9
|
||||
1.35.0: sha256:8989809d0ac771244dabe50ed742249ac60eeb6d385cd234ee151eb40b7c32c4
|
||||
1.34.4: sha256:b083c39879483816f34d1f7e2e31e70ec48984fcc1753c79f4b846cfedbf41ac
|
||||
1.34.3: sha256:ae239b7f6f071e47014e1b5b20aa60626e06b32922a6b5054562ae2c5fa82c18
|
||||
1.34.2: sha256:49a985986a9add6c229c628bf2a83addebbdeeef40469fce2a54e51b6f1bb05b
|
||||
1.34.1: sha256:45499f0728b4a3428400db289edb444609d41787061f09b66f18028c0a73652f
|
||||
1.34.0: sha256:1773805a0c128f4d267b2e11f4c74cac287e9a07fffaecc3f7af6df9c8aaf82c
|
||||
1.33.8: sha256:aa079f403c80ba6017449c230733fed4e5d7b0a8700bd6590ee202161b8b12af
|
||||
1.33.7: sha256:0807c38a1342ab8dea6435f33d5897a01527d348a968a5c4ca2929769f3d54f2
|
||||
1.33.6: sha256:4b056b1749c619fab6a855247c3bd04123f2b61cf136ca6bddf69ff97a727e32
|
||||
1.33.5: sha256:37e2204d371bbbb90fd693049a7a45b81991ca8bcc9b8baf041a7c9f23e9035c
|
||||
@@ -230,16 +262,24 @@ kubectl_checksums:
|
||||
1.33.2: sha256:d1cdf13cb786c1ee6d5bf6d85034f496aa2fee97b287028043eb14c5dc74993f
|
||||
1.33.1: sha256:f922dd8f558dc616ebaa34908ceb7964ebb8caadd7c48699d0b791ffff2be1aa
|
||||
1.33.0: sha256:580d076c891711ec37afaf5994f72a8aad9d45c25413e6e94648e988a5a9933a
|
||||
1.32.11: sha256:4310edfc10fbc64cc69a25d27a1a8c4e134ad6642f8c83a8b0b612768ac63e84
|
||||
1.32.10: sha256:544722455bc0a3f57b68e9aafe8bffa0af25d4f0f383848f03ba7aff2cab7e10
|
||||
1.32.9: sha256:bdc8af9c1aed9737d58442f59034ad0125efe3a2dfad9f6ec14f1264e7020cc3
|
||||
1.32.8: sha256:52cc07556a8f0076d4e48003aa416b486c729e9679dbe2ea92bbd88e5be5cc93
|
||||
1.32.7: sha256:c0fb655243a98c4b063f39f2208c7b9d3cbe77b302a8b8b683aabe42e47fc556
|
||||
1.32.6: sha256:808e2b86128a9f25922bdb099ebf276ba4220dbf53c63a033348ee119697b22a
|
||||
1.32.5: sha256:1fc869a9d620982f16104f3b33c393aba54dd41136d18009bf6fc39accf6465c
|
||||
1.32.4: sha256:61a8c1f441900b4e61defcb83bb54f61f883f9e75810897cfabfd6860ae7e195
|
||||
1.32.3: sha256:11e1a377f404bdab6e3587375f7c2ee432df80b56d7ccf6151d4e48cd8063f55
|
||||
1.32.2: sha256:c25500027cd331ae3e65bed2612491c5307721894e9d39e869f24ca14973677f
|
||||
1.32.1: sha256:46d98d3463e065dff035d76f6c2b604c990d79634cc574d43b0c21f0367bbf0c
|
||||
1.32.0: sha256:9f3f239e2601ce53ec4e70b80b7684f9c89817cc9938ed0bb14f125a3c4f8c8f
|
||||
kubeadm_checksums:
|
||||
arm64:
|
||||
1.35.1: sha256:80097a3c4ef824f4edfe131d2bd429772c4be3a460c42a44f2320164a917de32
|
||||
1.35.0: sha256:1dac7dc2c6a56548bbc6bf8a7ecf4734f2e733fb336d7293d84541ebe52d0e50
|
||||
1.34.4: sha256:d8028b7e8c8d6c9b3fc3da6bc88d4d0cfb33df1b4b026a7d6e8c35d1471c9f6e
|
||||
1.34.3: sha256:697cf3aa54f1a5740b883a3b18a5d051b4032fd68ba89af626781a43ec9bccc3
|
||||
1.34.2: sha256:065f7de266c59831676cc48b50f404fd18d1f6464502d53980957158e4cab3a7
|
||||
1.34.1: sha256:b0dc5cf091373caf87d069dc3678e661464837e4f10156f1436bd35a9a7db06b
|
||||
1.34.0: sha256:6b7108016bb2b74132f7494e200501d6522682c01759db91892051a052079c77
|
||||
1.33.8: sha256:b5248b51e66e4716261f2c926fe2f08a293795e6863099e7792b4d57dbb9109e
|
||||
1.33.7: sha256:b24eeeff288f9565e11a2527e5aed42c21386596110537adb805a5a2a7b3e9ce
|
||||
1.33.6: sha256:ef80c198ca15a0850660323655ebf5c32cc4ab00da7a5a59efe95e4bcf8503ab
|
||||
1.33.5: sha256:b1c00657649e35771569d095e531d826bd19baf57bcb53cccf3f91d7d60b7808
|
||||
@@ -248,15 +288,23 @@ kubeadm_checksums:
|
||||
1.33.2: sha256:21efc1ba54a1cf25ac68208b7dde2e67f6d0331259f432947d83e70b975ad4cc
|
||||
1.33.1: sha256:5b3e3a1e18d43522fdee0e15be13a42cee316e07ddcf47ef718104836edebb3e
|
||||
1.33.0: sha256:746c0ee45f4d32ec5046fb10d4354f145ba1ff0c997f9712d46036650ad26340
|
||||
1.32.11: sha256:0190c49b61b065409b1e99c70e5ec3c52576bf8902432fb2c97bf1d0d2777b69
|
||||
1.32.10: sha256:a201f246be3d2c35ffa7fc51a1d2596797628f9b1455da52a246b42ce8e1f779
|
||||
1.32.9: sha256:377349141e865849355140c78063fa2b87443bf1aecb06319be4de4df8dbd918
|
||||
1.32.8: sha256:8dbd3fa2d94335d763b983caaf2798caae2d4183f6a95ebff28289f2e86edf68
|
||||
1.32.7: sha256:a2aad7f7b320c3c847dea84c08e977ba8b5c84d4b7102b46ffd09d41af6c4b51
|
||||
1.32.6: sha256:f786731c37ce6e89e6b71d5a7518e4d1c633337237e3803615056eb4640bfc8e
|
||||
1.32.5: sha256:2956c694ff2891acdc4690b807f87ab48419b4925d3fad2ac52ace2a1160bd17
|
||||
1.32.4: sha256:1b9d97b44758dc4da20d31e3b6d46f50af75ac48be887793e16797a43d9c30e7
|
||||
1.32.3: sha256:f9d007aaf1468ea862ef2a1a1a3f6f34cc57358742ceaff518e1533f5a794181
|
||||
1.32.2: sha256:fd8a8c1c41d719de703bf49c6f56692dd6477188d8f43dcb77019fd8bc30cbd3
|
||||
1.32.1: sha256:55a57145708aaa37f716f140ef774ca64b7088b6df5ee8eae182936ad6580328
|
||||
1.32.0: sha256:5da9746a449a3b8a8312b6dd8c48dcb861036cf394306cfbc66a298ba1e8fbde
|
||||
amd64:
|
||||
1.35.1: sha256:8a7ff344eef1bfba88f9a74b3fdc9ea4448c94f1b3cefb8c0aeeaf1f96e05053
|
||||
1.35.0: sha256:729e7fb34e4f1bfcf2bdaf2a14891ed64bd18c47aaab42f8cc5030875276cfed
|
||||
1.34.4: sha256:b967f1fa0e36621c402d38bb560eb4a943954d5cf5a00e5150842f6f5da73455
|
||||
1.34.3: sha256:f9ce265434d306e59d800b26f3049b8430ba71f815947f4bacdcdc33359417fb
|
||||
1.34.2: sha256:6a2346006132f6e1ed0b5248e518098cf5abbce25bf11b8926fb1073091b83f4
|
||||
1.34.1: sha256:20654fd7c5155057af5c30b86c52c9ba169db6229eee6ac7abab4309df4172e7
|
||||
1.34.0: sha256:aecc23726768d1753fd417f6e7395cb1a350373295e8e9d9f80e95ed3618e38e
|
||||
1.33.8: sha256:8259af514dc3655e8abec1a69b637f31cce2ecb940a80ae4a268e5287890f009
|
||||
1.33.7: sha256:c10813d54f58ef33bbe6675f3d39c8bd401867743ebc729afdd043265040c31d
|
||||
1.33.6: sha256:c1b84cb3482dd79e26629012f432541ccb505c17f5073aa1fdbca26b1e4909fd
|
||||
1.33.5: sha256:6761219749c6c67a56a5668dfe65d669e0c1f34d4b280b72de6d74d47c601f1e
|
||||
@@ -265,15 +313,23 @@ kubeadm_checksums:
|
||||
1.33.2: sha256:5c623ec9a9b8584beba510da5c2b775c41cf51c0accdfb43af093bc084563845
|
||||
1.33.1: sha256:9a481b0a5f1cee1e071bc9a0867ca0aad5524408c2580596c00767ba1a7df0bd
|
||||
1.33.0: sha256:5a65cfec0648cabec124c41be8c61040baf2ba27a99f047db9ca08cac9344987
|
||||
1.32.11: sha256:5e191b7329897a16ea87aed75b66f561e7243691620d6b792f34d488285484ce
|
||||
1.32.10: sha256:1c5033ee113d9072a53ee1ef3a3b18e566721bb3879b49c6813c67066687afbc
|
||||
1.32.9: sha256:183b3b12e39b3ed2dc2db25cbc17769610cdd5f02e9d1325ba747d54978d8f5f
|
||||
1.32.8: sha256:da4cc996800db14f82fce8813caa55be318e52ef69d82e50e728ef4cfa18b69f
|
||||
1.32.7: sha256:dcd40af0042c559f3218dbd23bf318b850a5213528b428e1637ccb357ac32498
|
||||
1.32.6: sha256:7092527a63e5380a6be05cf6041c849ba8d13bf41a2adb2a029f44717f53439f
|
||||
1.32.5: sha256:9070c3d469f5a3e777948b63a7a5e6c5bd7682c7416547770a78880fe4293ea9
|
||||
1.32.4: sha256:445cdebd140dc0a9f4d18505821dcca77d7a21992133bf6731777f5724968255
|
||||
1.32.3: sha256:be42caa726b85b7723605ca8fea22e4a26e0d439b789a3d9d6e636a7078b3db4
|
||||
1.32.2: sha256:fb3a90f1bfc78146a8a03b50eb59aaf957a023c1c5a2b166062ef9412550bba6
|
||||
1.32.1: sha256:5ed13bb4bc1d5fb4579b8cc8c7c2245356837122f9a3fd729c2f6d1338f58dcf
|
||||
1.32.0: sha256:8a10abe691a693d6deeeb1c992bc75da9d8c76718a22327688f7eb1d7c15f0d6
|
||||
ppc64le:
|
||||
1.35.1: sha256:eec12948cfabc18115636c44aca894bf9abef3b2ea73cba180314ee3c218dcca
|
||||
1.35.0: sha256:77a466e1b6a8e28362a729541269de0a7c4a6b9e7770cccefcd745502e656b90
|
||||
1.34.4: sha256:69f1065e718ef2aa5f0287444ef97bd4a5fb8841fc0662f54ca8992a39865391
|
||||
1.34.3: sha256:2b8b48b3b0eb657e04122a158cb7fcad964fba5bd2d8e07f8eeec6f856a63ecf
|
||||
1.34.2: sha256:bea4ed6d971523da794a802de15910b08c09e23bc4c850ee3b953c4bdb0b7976
|
||||
1.34.1: sha256:ddb6bd80bee0719924ae901672b99205226badab74fb13a9e1bb6d3de49fbb21
|
||||
1.34.0: sha256:7201ba36f44187f408a036c4a545e2a3cd12943b1297092687bb66c9a1a9fed6
|
||||
1.33.8: sha256:d618fa97b5782b57512e0a8ab9ed17af190236907af7bd3c9c0776d81c78273f
|
||||
1.33.7: sha256:db2e20d0c20928ae7d68d7603020f8ffd89dcdac4fdc160ef83f1da663868bed
|
||||
1.33.6: sha256:58aaec7b5066b6e3705e0493a2f51c7f101b17165ce714c4d52a2b53861c078b
|
||||
1.33.5: sha256:b1e261109a4e22e0a417d10724bed7f71ba12c2acc167a55d89211e49c2e5eee
|
||||
@@ -282,9 +338,20 @@ kubeadm_checksums:
|
||||
1.33.2: sha256:1b818900ac7af72a14f50300d6c6ad600eecdc578c37b75fa488cc654ca08c25
|
||||
1.33.1: sha256:a772834ba22478c9119f03ecca2a27a70234623d74ff1d7671ee85675a4e830b
|
||||
1.33.0: sha256:26cb7ac57d522a59c84c4784b176097d23c7b4e61874fab84ae719d0e43ac0bc
|
||||
1.32.11: sha256:c7bb0bbac734290666f6deaba731f4eae46045c94ae53501153e4167dad51d34
|
||||
1.32.10: sha256:5cfda89b98b6308f4d28e77eabc0111c3eb3c7b64baccf644ecdbcac90b258d0
|
||||
1.32.9: sha256:fcc5aa3401d130156e0b73dab192631108b77e778f3d87838419993aea1ef8d5
|
||||
1.32.8: sha256:b5e4f0da030de98f1179a148f6563d69fbfb4c35c2dd1de1d30f000805d12412
|
||||
1.32.7: sha256:d87ec6c40aef05df1cb23298aff4a7a6c5af64c8a7a1671d4274385a0601b6cb
|
||||
1.32.6: sha256:ec3fdb5f563b000c824bc4438664ae62797bf75cdcee1448e617f296cbd3e955
|
||||
1.32.5: sha256:9ace8b24eba37d960a9cafd947015722c383bd695767b7a7c8449a4f6a3f3e9e
|
||||
1.32.4: sha256:fb0223765d57c59ff4202445b3768e848b6d383dfac058b5882696bca0286053
|
||||
1.32.3: sha256:68cc7669e47575ead58563c39abf89c7faf1c70fb6733ea9c727f303f2af1abf
|
||||
1.32.2: sha256:02573483126e39c6b25c769131cf30ea7c470ad635374be343d5e76845a4ecdb
|
||||
1.32.1: sha256:ff7f1dd3f1a6a5c0cf2c9977ec7c474bd22908850e33358dd40aeba17d8375b0
|
||||
1.32.0: sha256:d79fe8cbd1d98bcbe56b8c0c3a64716603581cecf274951af49aa07748bf175a
|
||||
etcd_binary_checksums:
|
||||
arm64:
|
||||
3.5.27: sha256:1277309f540c5a0329c428f95455c9f76d24f768c8d28fd2753e891c379053fa
|
||||
3.5.26: sha256:93ac1667df0e178ea6d152476ce4088df4075604fe4bc7f85f4719e863cd030b
|
||||
3.5.25: sha256:419dce0b679df31cc45201ef2449b7a6a48e9d241af01741957c9ac86a35badc
|
||||
3.5.24: sha256:efc01f6b3fbef0f000cb53bcad4845c116d7fdd8769ca39d9c40d2fe4d2e509f
|
||||
@@ -307,7 +374,6 @@ etcd_binary_checksums:
|
||||
3.5.7: sha256:1a35314900da7db006b198dd917e923459b462128101736c63a3cda57ecdbf51
|
||||
3.5.6: sha256:888e25c9c94702ac1254c7655709b44bb3711ebaabd3cb05439f3dd1f2b51a87
|
||||
amd64:
|
||||
3.5.27: sha256:0aad9a9e4e0817a021e933f9806a2b2960a62f949ad5a3d6436d8886945cb1bc
|
||||
3.5.26: sha256:0a682a91201dc8351d507210bc30b021a11e254eab806f03224b51e8fad29abb
|
||||
3.5.25: sha256:168af82b59772e1811a9af7b358d42f5c6df44e0d9767afb006ecf12c4bbd607
|
||||
3.5.24: sha256:042497e2ddcee06f22e5d486d81f58affa26b53ee423e2a6aaca3d3ea98c8191
|
||||
@@ -330,7 +396,6 @@ etcd_binary_checksums:
|
||||
3.5.7: sha256:a43119af79c592a874e8f59c4f23832297849d0c479338f9df36e196b86bc396
|
||||
3.5.6: sha256:4db32e3bc06dd0999e2171f76a87c1cffed8369475ec7aa7abee9023635670fb
|
||||
ppc64le:
|
||||
3.5.27: sha256:b41d488dcd579e780f49f5bd747e9386e17e1376ffb77bfff061f7944818a678
|
||||
3.5.26: sha256:9678ddaced9fcd4878b76b0b76c9c2a3638a70bdc362c9f4cb25ecc48de2c6d3
|
||||
3.5.25: sha256:0dee64e99a43a06dd9541a40a18b52c7309eb1682a2a32740d4bdf358296c007
|
||||
3.5.24: sha256:4b252266a59a00c0f608f481c836fb469d2cd0f60ecbc119c4f1fe0611910ab1
|
||||
@@ -515,29 +580,29 @@ ciliumcli_binary_checksums:
|
||||
0.16.2: sha256:9cfb7ee5b1d6bd125174675e8aab6f9a09283cde699b5ac201475784ecb864f8
|
||||
0.16.1: sha256:9c3bb746e554efc788631629932ab00d13979c75799d957f6d3c17219deb6d45
|
||||
0.16.0: sha256:da98675f961833d4ffd68b1046d907b228a7d394ded2abd70a50b20eaca171c4
|
||||
calico_crds_checksums:
|
||||
calico_crds_archive_checksums:
|
||||
no_arch:
|
||||
3.30.6: sha256:b0eb83f6d70afac27e8830f22642cd12b0692e4d1a1b5060caa9231a951e736a
|
||||
3.30.5: sha256:68bbe7f44693374f1379aa3fa55f254e9a689d070c26d0de26b2c9fb8d1166ab
|
||||
3.30.4: sha256:be1d346a966a0be79cad7c9856ee5fc0eef8d88b70eba8d4d0bc4be057138bd3
|
||||
3.30.3: sha256:f813232c182229da17658f59db511acb3997e51973eeb293b57ac0dbb5ccf791
|
||||
3.30.2: sha256:57ccedd965f3dcbfd2a38a53b6b9e84e07232205fb83d23ed2afcee94590eed2
|
||||
3.30.1: sha256:af066bd48e68c391dec3645b94d11a1ca513398ee6c56b5a67f0eb13f13fe21e
|
||||
3.30.0: sha256:ee795478b6ab659ee172de74e1cf974871b37f10290dfc75f4d5eae887ba4ce0
|
||||
3.29.7: sha256:1620ee6f539de44bbb3ec4aa3c2687b5023d4ee30795b30663ab3423b0c5f5d5
|
||||
3.29.6: sha256:1620ee6f539de44bbb3ec4aa3c2687b5023d4ee30795b30663ab3423b0c5f5d5
|
||||
3.29.5: sha256:1620ee6f539de44bbb3ec4aa3c2687b5023d4ee30795b30663ab3423b0c5f5d5
|
||||
3.29.4: sha256:1620ee6f539de44bbb3ec4aa3c2687b5023d4ee30795b30663ab3423b0c5f5d5
|
||||
3.29.3: sha256:1620ee6f539de44bbb3ec4aa3c2687b5023d4ee30795b30663ab3423b0c5f5d5
|
||||
3.29.2: sha256:1620ee6f539de44bbb3ec4aa3c2687b5023d4ee30795b30663ab3423b0c5f5d5
|
||||
3.29.1: sha256:aaa336bf0ef87495eccecae7eb65acaf59508a7f0a44dbeec933e05d73bbe0a0
|
||||
3.29.0: sha256:ed35a2bd383674f4d61b013f2588be1ee08b5e7a26eb3208ba6a5565ebf0175c
|
||||
3.28.5: sha256:541635bf3e0cd409ff2f5b9b78363ac8901da4565fffaeb4c1507e19461bf4c7
|
||||
3.28.4: sha256:541635bf3e0cd409ff2f5b9b78363ac8901da4565fffaeb4c1507e19461bf4c7
|
||||
3.28.3: sha256:541635bf3e0cd409ff2f5b9b78363ac8901da4565fffaeb4c1507e19461bf4c7
|
||||
3.28.2: sha256:f09dbaf5b25419659af654f3b50edb3a2b1ebcfeab80b0e56f7fbc79721e8ec3
|
||||
3.28.1: sha256:f09dbaf5b25419659af654f3b50edb3a2b1ebcfeab80b0e56f7fbc79721e8ec3
|
||||
3.28.0: sha256:f09dbaf5b25419659af654f3b50edb3a2b1ebcfeab80b0e56f7fbc79721e8ec3
|
||||
3.30.6: sha256:d61aa5bcddfc78b0094acd54e0358009fa79e1cbe6d8c23bdacb34ff7a2c6c82
|
||||
3.30.5: sha256:3a38f91596c204b43c70f642a3e686d8c3fbfdfa5caa7824b716aa2f4a4e568b
|
||||
3.30.4: sha256:a9398f6de6cce8f683e0ad649a21f3d3b8bb5fe4cd26e7b26b33b9a8c740274f
|
||||
3.30.3: sha256:36c50905b9b62a78638bcfb9d1c4faf1efa08e2013265dcd694ec4e370b78dd7
|
||||
3.30.2: sha256:40885e201efb3458bb2e145928aadbe63d6a54c00dd505323776cc9cddc02825
|
||||
3.30.1: sha256:3040a1d313bafd30e4e2dea24c2155c8d1afbe3c6e961e0a4a52482d12b32490
|
||||
3.30.0: sha256:7373910b311213d00cb6f079690c90071b68724cd01b1b4eba04831c26454e1a
|
||||
3.29.7: sha256:d60fd083ad0279a4bd20109d01689e4eecb7a5e8c6d5e8be2b1718e6057f85e9
|
||||
3.29.6: sha256:927e35d130d0413399735dc401e8448c783794cb8bb9e169ccdc7b00f516a698
|
||||
3.29.5: sha256:f36d0b31aaa34f648b211d16f864f262e4700aad30ab0889b327d31c115b6a42
|
||||
3.29.4: sha256:6d2396fde36ba59ad55a92b5b66643adcc9ee13bb2b3986b1014e2f8f95fa861
|
||||
3.29.3: sha256:66d49b3af986944e58fede252a2c164251a63f43894181ed7401a6e11dcd8421
|
||||
3.29.2: sha256:1866b407213b6191627c0ce7be5a0d7c14a016823b3bbc2a6898c57be6c59917
|
||||
3.29.1: sha256:17894ed9f7487f1418e599fdeff5db9047374dee12d560114e25ff9147a455c3
|
||||
3.29.0: sha256:403a6b8616c4e97b081d7be27e9024f2f66b2d73a0ea037420a29689205b2064
|
||||
3.28.5: sha256:c3ca0752eac5cab50dc9ae5bc2e3c2f8eea2d9030c1f9846d2e8563c8a8aec2c
|
||||
3.28.4: sha256:a296906bd6b38187ba15669139dd6bf8bd26d0b191e9773fa0e85a5cc2d0b5e9
|
||||
3.28.3: sha256:b31d3aa35119359d619004fe0a8e3332529e396e8c57207ad56d58a2ed4cf3fb
|
||||
3.28.2: sha256:f02a0e99e060850bd9050d4c94d37df899911a5e357e1d26e1b5b79a923bb389
|
||||
3.28.1: sha256:c56f1530e7ded9d5b4afb9d83a7a24da6d2959ef7ad38521813f1c2bf138182d
|
||||
3.28.0: sha256:ee721337db0cd847e91aae1cdfd420596896ebcb865575fd913c2f12ac2cdb76
|
||||
helm_archive_checksums:
|
||||
arm:
|
||||
3.18.4: sha256:34ea88aef15fd822e839da262176a36e865bb9cfdb89b1f723811c0cc527f981
|
||||
@@ -597,7 +662,6 @@ helm_archive_checksums:
|
||||
3.16.0: sha256:d13a4b87b31a5b50c8d93dd9988dfb312a61e56504102f466a4004e5a3ab8e9e
|
||||
cri_dockerd_archive_checksums:
|
||||
arm64:
|
||||
0.3.24: sha256:c783a03735887c4a8fc894bd4cf7a1c0defef3ecf50a4d79ff31eed45c26b17e
|
||||
0.3.23: sha256:a78037d2d2e9c52c48372a5cbba7b94b1c57be5759449beef29cfe03cbe6f14b
|
||||
0.3.22: sha256:3260b214c9b12dbf0cbf4d60410c45aacfc31ba52aa7b74164135968e8950cb6
|
||||
0.3.21: sha256:35de6b1e8eba11d8ba6d71fa7499cb3d610a1e7b866c9d43b7f87029e3a769cd
|
||||
@@ -617,7 +681,6 @@ cri_dockerd_archive_checksums:
|
||||
0.3.6: sha256:793b8f57cecf734c47bface10387a8e90994c570b516cb755900f21ebd0a663b
|
||||
0.3.5: sha256:c20014dc5a71e6991a3bd7e1667c744e3807b5675b1724b26bb7c70093582cfe
|
||||
amd64:
|
||||
0.3.24: sha256:dd4b7f514c248a3aaca398f467430a4c58aae9a77ea8b96a2f5b5d6fba0948d1
|
||||
0.3.23: sha256:c7fe5db7f9396186193b58ded0e62a31eca7b3c58ad8691d57017986f96482ee
|
||||
0.3.22: sha256:6621a96a885c82844d12318de00f510eae3459871cf1ad47317f38dd242f9a03
|
||||
0.3.21: sha256:6c35838bc4b1aef74f9113670e114ca729a5f295f9457b226791e18e86e91698
|
||||
@@ -756,9 +819,6 @@ kata_containers_binary_checksums:
|
||||
3.5.0: sha256:fa4cf67d010244c4f8d0e6d450d04e28d1bbce5ad1a3cbc0154adff628d56c0c
|
||||
gvisor_runsc_binary_checksums:
|
||||
arm64:
|
||||
'20260209.1': sha512:e95170b4f70688d014c795ffa9b3d583753f865edfd8afb4e2969490869bdb46b60672f641741f788e2ffee8f29751a017e9a68b98c1e44f5194da9a64b0ff28
|
||||
'20260202.0': sha512:5fbb9c68efdf3a404217fb57be55051b4b5f8b83ca631101204615b87ff5b6ea8680cd6599e434f1d87fecb9071367b65e90cd8ad5df3f0b9f0101796ecc8c43
|
||||
'20260126.0': sha512:c1b42f5789c09a68eb006964048448c058776440477fac83c7fd9cef879cec40878fb2f5f2450315ca0e7f568889f0b52c842b84929784a57023961f6eb77d04
|
||||
'20260112.0': sha512:3b7925d26d71fdcb8cb552950c88bcfed658c06ad6b1211906bfe86d13bc56d8005ac90a4d9ab4c8b6a48eb62ec51ebcdfd45a64067ac5190274e710961e51ea
|
||||
'20260105.0': sha512:cc98ad73e8d181f4738c97883180bc76cf8b2eb773c11f3a44f1636d0b0e00f2ee9228e4eecd414f94d6410f4877e6c93260b8070130fba767583026115d1038
|
||||
'20251215.0': sha512:5e7d6206bce4164c9109d37dfb0b169d1c59cc256910de42799a868c3f9ba5560ef5c05c0de3fad4f0856f906463588ff25c9bce3b25e0d3f20874521dffe767
|
||||
@@ -788,9 +848,6 @@ gvisor_runsc_binary_checksums:
|
||||
'20250414.0': sha512:d1ba68b20057622e58e886f472e021a473222590c936a86951005d7b97366b446ef0342b91457ffc0d7e543d54c9c06a363f2883bdd6c594799c4ca1091dabd5
|
||||
'20250407.0': sha512:cb590f72b0fbda45e89a2300e9247f12ff295a8c52653c8cf815c662d3fbbc774f9b915cdd4fad59e30694d8cc8737fe2a1a8186ab5136f7701bd6e6877a1662
|
||||
amd64:
|
||||
'20260209.1': sha512:1e0e42f7d3f4b3eded4e96be5af4dcdbecc9bca7ce40f5b9fa191210690397d71771c7c0e0835c32221261b004250fe513a9265447e62d9bf92fb6a5f7276a68
|
||||
'20260202.0': sha512:f7bb9cc5e3f5e36a6788f959361415f6d7f7cd0225b8b4d99728da4b1ac7e5c7ce9c72b4c61e424ba93db77c983109d56b54907a3b2e2b982b34058410611023
|
||||
'20260126.0': sha512:cce974fa832c50d26c6ccc08ce50b4972921cd0818ebe8007587211d360cbc828ceea4ec8296703200afa208b679437d24f27a6dca31887b3c0fc6ee8be5eb05
|
||||
'20260112.0': sha512:b36de90cdad4cfe0b9b66318407da79c035dd6dcf4c1374250011f34e511c0a29e335fe04eabb0d3fe7140131925f619f724a4702b37c49557bdeb25924b4dc8
|
||||
'20260105.0': sha512:15c8adabc9f1006d469177b0ec3962d4993e01c85be17d381a4979029eacc7db37ef354e3eafd279573135a1adf81baffc5c19f2bbfac932c79386f6ac74e52f
|
||||
'20251215.0': sha512:ea82bb66ce61a80adb6edaa61e2f2b1cd6339c504a55dd6663555010ed7f96c6234ac787bd9ecdb29ed4058e806e829fa45f14093466913dafc44d56055a5acb
|
||||
@@ -821,9 +878,6 @@ gvisor_runsc_binary_checksums:
|
||||
'20250407.0': sha512:097259d6d93548bf669e21cfec5ba6a47081e43f61d22c5d8a8a4c0c209c81ac9c4454162b826f98cec49e047bbdc29c270113ab6db5519ef3e6a90f302fa47b
|
||||
gvisor_containerd_shim_binary_checksums:
|
||||
arm64:
|
||||
'20260209.1': sha512:714ad3a53a28aa4acd891553d848278f5a873d0a1733836382eaf2bf701d62ece9cef324390602d2676af5e2e3a3d329486d2b18803c9cef5685220764757eb4
|
||||
'20260202.0': sha512:714ad3a53a28aa4acd891553d848278f5a873d0a1733836382eaf2bf701d62ece9cef324390602d2676af5e2e3a3d329486d2b18803c9cef5685220764757eb4
|
||||
'20260126.0': sha512:84abf41b68ba450ed2cbbdf544e7d347d30f6fd577572e2e58f2fa8e038689f557953148287e26c8f4ee5040c1e928670f113bebca6d81ed7ce014ec4e0ad256
|
||||
'20260112.0': sha512:3215952718bd1636173649c4742e3d8e1978c410abd71bb8252c8ad6d28130cb6d66684aa089f61a0eda0b8786553620a08a9f1b5ab824bb27b1b0cf47bfb25b
|
||||
'20260105.0': sha512:cfe8a07c304dca21171e5a76614ac3605f5b1ec8f9ed2eeac014a44bc00821864f219db0e25fcc1c56cedbe335bbf34a7fa6bc57335888dcd04278bc0263f5cc
|
||||
'20251215.0': sha512:2b3a00ec2d646a1c26c1944781b5caf039ce7035dd72281ccff8e244af55606e01667de311febee1a0a03ebd2633af6ebb0ad72d27b8a966743ffe31563b3a5a
|
||||
@@ -853,9 +907,6 @@ gvisor_containerd_shim_binary_checksums:
|
||||
'20250414.0': sha512:33b9c67bc7b73ca49154aff48da52029414a707b6a3a25eb4f71e861a94dec8fce220e63a162841670ddd4876f45b0e39abdf9f8c3235019c89f209684d3007d
|
||||
'20250407.0': sha512:1c3838e10c905af0cb52697712bf6bd76b94c9e9d3d07a7643cd43dc2f8dab03b4ed4693c117e555e07a158e04ee583b6b1f1cf2fb9705244ffa5fdc4af67248
|
||||
amd64:
|
||||
'20260209.1': sha512:bd21b80502be25484d8b43168c88d66b6f3e853c78c0ae5b5206c5625e2a365e98c8b3ba259453d18c01d1aa08fb7c8c1e7f122fdcd7ef806bfc2f44f5837b5e
|
||||
'20260202.0': sha512:bd21b80502be25484d8b43168c88d66b6f3e853c78c0ae5b5206c5625e2a365e98c8b3ba259453d18c01d1aa08fb7c8c1e7f122fdcd7ef806bfc2f44f5837b5e
|
||||
'20260126.0': sha512:51c3b4bc21cb5c3d4e3baf9f43e5fecd86c327abf0c84d492510f480cdfb38c90d43f3b0dbf1887ada8846d3806da79a73729acaedc570894ba6ed7cf9e083ed
|
||||
'20260112.0': sha512:89f55750488559796fe51d2c10c289a8b0617fb9f6498714c026825268eeed449941d23e8cd5b285b69c1b032005ddeec278345198301c50d89ff6d3f66871a5
|
||||
'20260105.0': sha512:7f3f5a864fda5f4e2de9db20dd5edad60b6aa467cc7c22d13f40cdce811783d66018f2c28fb74b907c6d6ac0e39f6d0e1047f1f33447b8a8682f1fbaa25edeb4
|
||||
'20251215.0': sha512:538a04d88a39de1679afd9868806bd5fdc63737a4871955fc8a8c8e183942c6cc3dbd6b34b2f5589f5f474b4826427f149d5c6abec4ca8d09db363ff5f149b4f
|
||||
@@ -1336,7 +1387,7 @@ yq_checksums:
|
||||
4.40.3: sha256:2fe818a0b141913a41548e0e727267479d0f755221c73f9e304788c8e9139a45
|
||||
gateway_api_standard_crds_checksums:
|
||||
no_arch:
|
||||
1.4.1: sha256:73b91b77f6be023a8c92c969fc664e5bd3b1a28aea59eac9ebc904607354dad2
|
||||
1.4.1: sha256:daa2999f0978ba3e43b65fec179f82a1a690649da10aa5c7c5871165477368f8
|
||||
1.4.0: sha256:6a4029e661446d64add866a00ecdc40c14219b68777ab614c5cdaac0adb481f1
|
||||
1.3.0: sha256:78796d5c51450fc55d8dc8092ba8137f8c807982d7508d7875d5c537a24082b9
|
||||
1.2.1: sha256:97598bf6ab3b33b9b5c5432bdd24de091e4e9c3aa0575ebb0710a2a19cd64d64
|
||||
@@ -1346,7 +1397,7 @@ gateway_api_standard_crds_checksums:
|
||||
1.0.0: sha256:23e4e1095c72a0587474f7fb3f85c319cdec77a083ab91237ffbdec1f1834d2a
|
||||
gateway_api_experimental_crds_checksums:
|
||||
no_arch:
|
||||
1.4.1: sha256:553327e0ff32a1a2be446bf93823c8413cf9253ac6a6d5407eebd1e8d269f69e
|
||||
1.4.1: sha256:d3c20dd4c0431936567a6917ca931f6dced1310242be62b9eca07bd9892e2025
|
||||
1.4.0: sha256:0414b160767377e85fd362855501200c6b83b84758bcd532652e3fe1cc677e49
|
||||
1.3.0: sha256:3e7a27e4456ff3d68606a6a8516306aaff354d6f0950b32bb31930669b7bf8b8
|
||||
1.2.1: sha256:d3aa6723a3306770cffb601ee22af3d35da43acfa1ca547fc0d3bce08dad66e7
|
||||
@@ -1356,15 +1407,6 @@ gateway_api_experimental_crds_checksums:
|
||||
1.0.0: sha256:6c601dced7872a940d76fa667ae126ba718cb4c6db970d0bab49128ecc1192a3
|
||||
prometheus_operator_crds_checksums:
|
||||
no_arch:
|
||||
0.88.1: sha256:b827b8ec478e6b31cc1b85c1736570a3575953fe9f470fc29d0ffdb2803d94c4
|
||||
0.88.0: sha256:11ee66653657f3abc1bc8c41e17aa950eadb66035edb7f84cd3a1cbe4c67b2a4
|
||||
0.87.1: sha256:62490f7c1863539d61295f53784e27d70deec96a3b465832ba3cf96120e298b5
|
||||
0.87.0: sha256:a5282133ffa634405b0414d2fdc07e6fe393124d1d5072073af363689dac6a62
|
||||
0.86.2: sha256:7c9d455333ac5ea7837d5f0e4edd966698e44edd79108bafdd8508f2da503b5b
|
||||
0.86.1: sha256:9a30912ba9970a2968d7a8bf030a9f6579a5e8b312961018b5fe4c1153fc5fce
|
||||
0.86.0: sha256:0d2a590b288c79a98515e9fc4315451cfbde964c7977eb527696f7c2ebf47f58
|
||||
0.85.0: sha256:30e1b1b034ebc750d50a77dc19841176d698d524edf677276a760f9e228e1208
|
||||
0.84.1: sha256:f4a186ac58f354793e27a0b4b6f8baf5a31a9d10045e5085c23b0570dbfd30dd
|
||||
0.84.0: sha256:8990f6837ccff4461df9abe19d31d532fef11386d85d861b392249fff2502255
|
||||
argocd_install_checksums:
|
||||
no_arch:
|
||||
|
||||
@@ -7,14 +7,14 @@ kube_next: "{{ ((kube_version | split('.'))[1] | int) + 1 }}"
|
||||
kube_major_next_version: "1.{{ kube_next }}"
|
||||
|
||||
pod_infra_supported_versions:
|
||||
'1.35': '3.10.1'
|
||||
'1.34': '3.10.1'
|
||||
'1.33': '3.10'
|
||||
'1.32': '3.10'
|
||||
|
||||
etcd_supported_versions:
|
||||
'1.35': "{{ (etcd_binary_checksums['amd64'].keys() | select('version', '3.6', '<'))[0] }}"
|
||||
'1.34': "{{ (etcd_binary_checksums['amd64'].keys() | select('version', '3.6', '<'))[0] }}"
|
||||
'1.33': "{{ (etcd_binary_checksums['amd64'].keys() | select('version', '3.6', '<'))[0] }}"
|
||||
'1.32': "{{ (etcd_binary_checksums['amd64'].keys() | select('version', '3.6', '<'))[0] }}"
|
||||
# Kubespray constants
|
||||
|
||||
kube_proxy_deployed: "{{ 'addon/kube-proxy' not in kubeadm_init_phases_skip }}"
|
||||
|
||||
@@ -27,8 +27,8 @@
|
||||
- name: Stop if supported Calico versions
|
||||
assert:
|
||||
that:
|
||||
- "calico_version in calico_crds_checksums.no_arch.keys()"
|
||||
msg: "Calico version not supported {{ calico_version }} not in {{ calico_crds_checksums.no_arch.keys() }}"
|
||||
- "calico_version in calico_crds_archive_checksums.no_arch.keys()"
|
||||
msg: "Calico version not supported {{ calico_version }} not in {{ calico_crds_archive_checksums.no_arch.keys() }}"
|
||||
run_once: true
|
||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||
|
||||
|
||||
@@ -127,10 +127,12 @@
|
||||
- calico_datastore == "kdd"
|
||||
block:
|
||||
- name: Calico | Create calico manifests for kdd
|
||||
copy:
|
||||
src: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/crds.yaml"
|
||||
assemble:
|
||||
src: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/crd/"
|
||||
dest: "{{ kube_config_dir }}/kdd-crds.yml"
|
||||
mode: "0644"
|
||||
delimiter: "---\n"
|
||||
regexp: ".*\\.yaml"
|
||||
remote_src: true
|
||||
|
||||
- name: Calico | Create Calico Kubernetes datastore resources
|
||||
|
||||
44
roles/network_plugin/meta/main.yml
Normal file
44
roles/network_plugin/meta/main.yml
Normal file
@@ -0,0 +1,44 @@
|
||||
---
|
||||
dependencies:
|
||||
- role: network_plugin/cni
|
||||
when: kube_network_plugin != 'none'
|
||||
|
||||
- role: network_plugin/cilium
|
||||
when: kube_network_plugin == 'cilium' or cilium_deploy_additionally
|
||||
tags:
|
||||
- cilium
|
||||
|
||||
- role: network_plugin/calico
|
||||
when: kube_network_plugin == 'calico'
|
||||
tags:
|
||||
- calico
|
||||
|
||||
- role: network_plugin/flannel
|
||||
when: kube_network_plugin == 'flannel'
|
||||
tags:
|
||||
- flannel
|
||||
|
||||
- role: network_plugin/macvlan
|
||||
when: kube_network_plugin == 'macvlan'
|
||||
tags:
|
||||
- macvlan
|
||||
|
||||
- role: network_plugin/kube-ovn
|
||||
when: kube_network_plugin == 'kube-ovn'
|
||||
tags:
|
||||
- kube-ovn
|
||||
|
||||
- role: network_plugin/kube-router
|
||||
when: kube_network_plugin == 'kube-router'
|
||||
tags:
|
||||
- kube-router
|
||||
|
||||
- role: network_plugin/custom_cni
|
||||
when: kube_network_plugin == 'custom_cni'
|
||||
tags:
|
||||
- custom_cni
|
||||
|
||||
- role: network_plugin/multus
|
||||
when: kube_network_plugin_multus
|
||||
tags:
|
||||
- multus
|
||||
@@ -1,47 +0,0 @@
|
||||
---
|
||||
- name: Container Network Interface plugin
|
||||
include_role:
|
||||
name: network_plugin/cni
|
||||
when: kube_network_plugin != 'none'
|
||||
|
||||
- name: Network plugin
|
||||
include_role:
|
||||
name: "network_plugin/{{ kube_network_plugin }}"
|
||||
apply:
|
||||
tags:
|
||||
- "{{ kube_network_plugin }}"
|
||||
- network
|
||||
when:
|
||||
- kube_network_plugin != 'none'
|
||||
tags:
|
||||
- cilium
|
||||
- calico
|
||||
- flannel
|
||||
- macvlan
|
||||
- kube-ovn
|
||||
- kube-router
|
||||
- custom_cni
|
||||
|
||||
- name: Cilium additional
|
||||
include_role:
|
||||
name: network_plugin/cilium
|
||||
apply:
|
||||
tags:
|
||||
- cilium
|
||||
- network
|
||||
when:
|
||||
- kube_network_plugin != 'cilium'
|
||||
- cilium_deploy_additionally
|
||||
tags:
|
||||
- cilium
|
||||
|
||||
- name: Multus
|
||||
include_role:
|
||||
name: network_plugin/multus
|
||||
apply:
|
||||
tags:
|
||||
- multus
|
||||
- network
|
||||
when: kube_network_plugin_multus
|
||||
tags:
|
||||
- multus
|
||||
@@ -1,11 +1,11 @@
|
||||
---
|
||||
- name: Remove-node | Delete node
|
||||
command: "{{ kubectl }} delete node {{ kube_override_hostname }}"
|
||||
command: "{{ kubectl }} delete node {{ kube_override_hostname | default(inventory_hostname) }}"
|
||||
delegate_to: "{{ groups['kube_control_plane'] | first }}"
|
||||
when:
|
||||
- groups['kube_control_plane'] | length > 0
|
||||
# ignore servers that are not nodes
|
||||
- ('k8s_cluster' in group_names) and kube_override_hostname in nodes.stdout_lines
|
||||
- ('k8s_cluster' in group_names) and kube_override_hostname | default(inventory_hostname) in nodes.stdout_lines
|
||||
retries: "{{ delete_node_retries }}"
|
||||
# Sometimes the api-server can have a short window of indisponibility when we delete a control plane node
|
||||
delay: "{{ delete_node_delay_seconds }}"
|
||||
|
||||
@@ -21,10 +21,6 @@
|
||||
- "{{ bin_dir }}/etcdctl"
|
||||
- member
|
||||
- remove
|
||||
- "{{ '%x' | format(etcd_removed_nodes[0].ID) }}"
|
||||
vars:
|
||||
etcd_removed_nodes: "{{ (etcd_members.stdout | from_json).members | selectattr('peerURLs.0', '==', etcd_peer_url) }}"
|
||||
# This should always have at most one member, since the etcd_peer_url should be unique in the etcd cluster
|
||||
when: etcd_removed_nodes != []
|
||||
- "{{ '%x' | format(((etcd_members.stdout | from_json).members | selectattr('peerURLs.0', '==', etcd_peer_url))[0].ID) }}"
|
||||
register: etcd_removal_output
|
||||
changed_when: "'Removed member' in etcd_removal_output.stdout"
|
||||
|
||||
@@ -16,11 +16,11 @@
|
||||
--ignore-daemonsets
|
||||
--grace-period {{ drain_grace_period }}
|
||||
--timeout {{ drain_timeout }}
|
||||
--delete-emptydir-data {{ kube_override_hostname }}
|
||||
--delete-emptydir-data {{ kube_override_hostname | default(inventory_hostname) }}
|
||||
when:
|
||||
- groups['kube_control_plane'] | length > 0
|
||||
# ignore servers that are not nodes
|
||||
- kube_override_hostname in nodes.stdout_lines
|
||||
- kube_override_hostname | default(inventory_hostname) in nodes.stdout_lines
|
||||
register: result
|
||||
failed_when: result.rc != 0 and not allow_ungraceful_removal
|
||||
delegate_to: "{{ groups['kube_control_plane'] | first }}"
|
||||
@@ -34,10 +34,10 @@
|
||||
register: nodes_with_volumes
|
||||
delegate_to: "{{ groups['kube_control_plane'] | first }}"
|
||||
changed_when: false
|
||||
until: not (kube_override_hostname in nodes_with_volumes.stdout_lines)
|
||||
until: not (kube_override_hostname | default(inventory_hostname) in nodes_with_volumes.stdout_lines)
|
||||
retries: 3
|
||||
delay: "{{ drain_grace_period }}"
|
||||
when:
|
||||
- groups['kube_control_plane'] | length > 0
|
||||
- not allow_ungraceful_removal
|
||||
- kube_override_hostname in nodes.stdout_lines
|
||||
- kube_override_hostname | default(inventory_hostname) in nodes.stdout_lines
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
---
|
||||
# number of times package install task should be retried
|
||||
pkg_install_retries: 4
|
||||
pkg_install_timeout: "{{ 5 * 60 }}"
|
||||
yum_repo_dir: /etc/yum.repos.d
|
||||
|
||||
@@ -34,17 +34,6 @@
|
||||
tags:
|
||||
- bootstrap_os
|
||||
|
||||
# Remove this after ansible-core >= 2.19.0
|
||||
# See https://github.com/kubernetes-sigs/kubespray/pull/12138#issuecomment-3019304574
|
||||
- name: Install python3-libdnf5 on Fedora >= 41
|
||||
raw: >
|
||||
dnf install --assumeyes python3-libdnf5
|
||||
become: true
|
||||
retries: "{{ pkg_install_retries }}"
|
||||
when:
|
||||
- ansible_distribution == "Fedora"
|
||||
- ansible_distribution_major_version | int >= 41
|
||||
|
||||
- name: Manage packages
|
||||
package:
|
||||
name: "{{ item.packages | dict2items | selectattr('value', 'ansible.builtin.all') | map(attribute='key') }}"
|
||||
@@ -63,4 +52,3 @@
|
||||
label: "{{ item.action_label }}"
|
||||
tags:
|
||||
- bootstrap_os
|
||||
timeout: "{{ pkg_install_timeout }}"
|
||||
|
||||
@@ -6,17 +6,6 @@
|
||||
# -> nothing depending on facts or similar cluster state
|
||||
# Checks depending on current state (of the nodes or the cluster)
|
||||
# should be in roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
|
||||
- name: Fail if removed variables are used
|
||||
vars:
|
||||
# Always remove items from this list after the release in comments
|
||||
removed_vars:
|
||||
- kubelet_static_pod_path # 2.31.0
|
||||
removed_vars_found: "{{ query('varnames', '^' + (removed_vars | join('|')) + '$') }}"
|
||||
assert:
|
||||
that: removed_vars_found | length == 0
|
||||
fail_msg: "Removed variables present: {{ removed_vars_found | join(', ') }}"
|
||||
run_once: true
|
||||
|
||||
- name: Stop if kube_control_plane group is empty
|
||||
assert:
|
||||
that: groups.get( 'kube_control_plane' )
|
||||
@@ -78,6 +67,13 @@
|
||||
- kube_network_plugin not in ['calico', 'none']
|
||||
- ipv4_stack | bool
|
||||
|
||||
- name: Stop if RBAC is not enabled when dashboard is enabled
|
||||
assert:
|
||||
that: rbac_enabled
|
||||
when:
|
||||
- dashboard_enabled
|
||||
- not ignore_assert_errors
|
||||
|
||||
- name: Check cloud_provider value
|
||||
assert:
|
||||
that: cloud_provider == 'external'
|
||||
|
||||
@@ -7,8 +7,8 @@ infos = {
|
||||
"url": "https://github.com/projectcalico/calico/releases/download/v{version}/SHA256SUMS",
|
||||
"graphql_id": "R_kgDOA87D0g",
|
||||
},
|
||||
"calico_crds": {
|
||||
"url": "https://github.com/projectcalico/calico/raw/v{version}/manifests/crds.yaml",
|
||||
"calico_crds_archive": {
|
||||
"url": "https://github.com/projectcalico/calico/archive/v{version}.tar.gz",
|
||||
"graphql_id": "R_kgDOA87D0g",
|
||||
"binary": True,
|
||||
},
|
||||
|
||||
@@ -16,6 +16,7 @@
|
||||
- Application
|
||||
- [cert-manager](https://github.com/jetstack/cert-manager) {{ cert_manager_version }}
|
||||
- [coredns](https://github.com/coredns/coredns) {{ coredns_version }}
|
||||
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx) {{ ingress_nginx_version }}
|
||||
- [argocd](https://argoproj.github.io/) {{ argocd_version }}
|
||||
- [helm](https://helm.sh/) {{ helm_version }}
|
||||
- [metallb](https://metallb.universe.tf/) {{ metallb_version }}
|
||||
|
||||
@@ -5,6 +5,8 @@ vm_memory: 3072
|
||||
|
||||
# Kubespray settings
|
||||
metrics_server_enabled: true
|
||||
dashboard_namespace: "kube-dashboard"
|
||||
dashboard_enabled: true
|
||||
loadbalancer_apiserver_type: haproxy
|
||||
local_path_provisioner_enabled: true
|
||||
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -10,7 +10,7 @@ custom_cni_chart_release_name: cilium
|
||||
custom_cni_chart_repository_name: cilium
|
||||
custom_cni_chart_repository_url: https://helm.cilium.io
|
||||
custom_cni_chart_ref: cilium/cilium
|
||||
custom_cni_chart_version: 1.18.6
|
||||
custom_cni_chart_version: 1.16.3
|
||||
custom_cni_chart_values:
|
||||
cluster:
|
||||
name: kubespray
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
cloud_image: debian-13
|
||||
|
||||
# Kubespray settings
|
||||
gateway_api_enabled: true
|
||||
|
||||
dns_mode: coredns_dual
|
||||
kube_asymmetric_encryption_algorithm: "RSA-3072"
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
---
|
||||
# Instance settings
|
||||
cloud_image: fedora-41
|
||||
|
||||
# Kubespray settings
|
||||
auto_renew_certificates: true
|
||||
|
||||
# Test with SELinux in enforcing mode
|
||||
preinstall_selinux_state: enforcing
|
||||
@@ -1,14 +0,0 @@
|
||||
---
|
||||
# Instance settings
|
||||
cloud_image: fedora-41
|
||||
|
||||
# Kubespray settings
|
||||
auto_renew_certificates: true
|
||||
|
||||
# Test with SELinux in enforcing mode
|
||||
preinstall_selinux_state: enforcing
|
||||
|
||||
# Test Alpha swap feature by leveraging zswap default config in Fedora 35
|
||||
kubelet_fail_swap_on: false
|
||||
kube_feature_gates:
|
||||
- "NodeSwap=True"
|
||||
@@ -1,7 +0,0 @@
|
||||
---
|
||||
# Instance settings
|
||||
cloud_image: fedora-41
|
||||
|
||||
# Kubespray settings
|
||||
container_manager: crio
|
||||
auto_renew_certificates: true
|
||||
@@ -1,7 +0,0 @@
|
||||
---
|
||||
cloud_image: fedora-41
|
||||
cluster_layout:
|
||||
- node_groups: ['kube_control_plane', 'etcd', 'kube_node']
|
||||
- node_groups: ['kube_node']
|
||||
|
||||
kube_network_plugin: "kube-router"
|
||||
@@ -1,9 +0,0 @@
|
||||
---
|
||||
# Instance settings
|
||||
cloud_image: fedora-42
|
||||
|
||||
# Kubespray settings
|
||||
auto_renew_certificates: true
|
||||
|
||||
# Test with SELinux in enforcing mode
|
||||
preinstall_selinux_state: enforcing
|
||||
@@ -6,4 +6,6 @@ vm_memory: 3072
|
||||
|
||||
# Kubespray settings
|
||||
metrics_server_enabled: true
|
||||
dashboard_namespace: "kube-dashboard"
|
||||
dashboard_enabled: true
|
||||
loadbalancer_apiserver_type: haproxy
|
||||
|
||||
@@ -2,12 +2,3 @@
|
||||
# Instance settings
|
||||
cloud_image: openeuler-2403
|
||||
vm_memory: 3072
|
||||
|
||||
# Openeuler package mgmt is slow for some reason
|
||||
pkg_install_timeout: "{{ 10 * 60 }}"
|
||||
|
||||
# Work around so the Kubernetes 1.35 tests can pass. We will discuss the openeuler support later.
|
||||
kubeadm_ignore_preflight_errors:
|
||||
- SystemVerification
|
||||
|
||||
kubelet_fail_cgroup_v1: false
|
||||
|
||||
@@ -5,4 +5,6 @@ vm_memory: 3072
|
||||
|
||||
# Kubespray settings
|
||||
metrics_server_enabled: true
|
||||
dashboard_namespace: "kube-dashboard"
|
||||
dashboard_enabled: true
|
||||
loadbalancer_apiserver_type: haproxy
|
||||
|
||||
@@ -5,4 +5,6 @@ vm_memory: 3072
|
||||
|
||||
# Kubespray settings
|
||||
metrics_server_enabled: true
|
||||
dashboard_namespace: "kube-dashboard"
|
||||
dashboard_enabled: true
|
||||
loadbalancer_apiserver_type: haproxy
|
||||
|
||||
@@ -11,6 +11,9 @@ auto_renew_certificates: true
|
||||
kube_proxy_mode: nftables
|
||||
enable_nodelocaldns: false
|
||||
|
||||
containerd_registries:
|
||||
"docker.io": "https://mirror.gcr.io"
|
||||
|
||||
containerd_registries_mirrors:
|
||||
- prefix: docker.io
|
||||
mirrors:
|
||||
|
||||
@@ -1,8 +0,0 @@
|
||||
---
|
||||
cloud_image: ubuntu-2404
|
||||
container_manager: crio
|
||||
|
||||
cluster_layout:
|
||||
- node_groups: ["kube_control_plane", "etcd"]
|
||||
- node_groups: ["kube_node"]
|
||||
- node_groups: ["kube_node", "for_scale"]
|
||||
@@ -1 +0,0 @@
|
||||
UPGRADE_TEST=graceful
|
||||
@@ -1,16 +0,0 @@
|
||||
---
|
||||
# Instance settings
|
||||
cloud_image: ubuntu-2404
|
||||
mode: all-in-one
|
||||
vm_memory: 1800
|
||||
|
||||
# Kubespray settings
|
||||
container_manager: crio
|
||||
auto_renew_certificates: true
|
||||
|
||||
# Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=noble&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko
|
||||
kube_proxy_mode: iptables
|
||||
enable_nodelocaldns: false
|
||||
|
||||
# Single node don't need the DNS autoscaler
|
||||
enable_dns_autoscaler: false
|
||||
Reference in New Issue
Block a user