Mohamed Omar Zaian
658d62be16
[kubernetes] upgrade versions to address CVE-2023-2728 ( #10220 )
* [kubernetes] Add hashes for 1.27.3, 1.26.6, 1.25.11
* [kubernetes] make 1.26.6 default
1 year ago
qlijin
8c32be5feb
Add insecure_registry config to crio.conf ( #10142 )
1 year ago
Kay Yan
4013c48acb
cleanup-for-2.22.0 ( #10126 )
1 year ago
Mohamed Omar Zaian
d5cdae1f16
[kubernetes] Add hashes for 1.26.4-5, 1.25.9-10, 1.24.13-14 ( #9983 )
1 year ago
Pat Riehecky
86b81a855a
fix: typo in comment ( #10064 )
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
1 year ago
Manuelraa
2b75552d1c
Replace swap vars with single `kubelet_fail_swap_on` ( #10036 )
1 year ago
John Adams
9a72de54de
Cleanup of external openstack cloud config ( #9899 )
* redorder options and remove use-octavia
* lowercase true/false
1 year ago
Mohamed Omar Zaian
7859aee735
[kubernetes] Add hashes for 1.26.3, 1.25.8, 1.24.12 ( #9900 )
1 year ago
Arthur Outhenin-Chalandre
82f68ca395
calico: cilium: use localhost lb by default on kube-proxy replacement ( #9718 )
This commit removes the variable `use_localhost_as_kubeapi_loadbalancer`
and rather detects that we are in a situation where we can use the
localhost apiserver loadbalancer (meaning that we use the localhost load
balancer and that the same ports are used for both the load balancer and
the kube-apiserver).
This also cleanups the calico code to use `kube_apiserver_global_endpoint`
rather than implementing the same logic all over again.
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
1 year ago
Mohamed Zaian
8b3f3c04cc
[kubernetes] Add hashes for 1.26.2, 1.25.7, 1.24.11 ( #9829 )
1 year ago
rongfu.leng
0707c8ea6f
fix: with_item to with_dict ( #9729 )
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
1 year ago
Kay Yan
f9cc8ae10c
[kubernetes] Make kubernetes v1.26 default ( #9732 )
* make-kube-1.26-default
* fix-bugs
1 year ago
Florian Ruynat
34d0451585
Update KUBESPRAY_VERSION and kube_version_min_required (with hashes cleanup) ( #9691 )
1 year ago
yanggang
826282fe89
Add k8s hashes for k8s version. ( #9685 )
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
1 year ago
Arthur Outhenin-Chalandre
4a6eb7eaa2
enable back kubelet_authorization_mode_webhook by default ( #9662 )
In 6db6c8678c
, this was disabled becaue
kubesrpay gave too much permissions that were not needed. This commit
re-enable back this option by default and also removes the extra
permissions that kubespray gave that were in fact not needed.
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
1 year ago
R. P. Taylor
0ff883afeb
streamline ansible_default_ipv4 gathering loop ( #9281 )
1 year ago
tu1h
791064a3d9
Allow custom timeout for kubeadm init ( #9617 )
Signed-off-by: tu1h <lihai.tu@daocloud.io>
Signed-off-by: tu1h <lihai.tu@daocloud.io>
1 year ago
yanggang
f8d6b54dbb
Add hashes for 1.25.5, 1.24.9, 1.23.15 and make v1.25.5 default ( #9557 )
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
1 year ago
yanggang
9439487219
Add hashes for 1.25.4, 1.24.8, 1.23.14 and make v1.25.4 default ( #9479 )
Signed-off-by: yanggang <gang.yang@daocloud.io>
Signed-off-by: yanggang <gang.yang@daocloud.io>
2 years ago
Kay Yan
ccbe38f78c
make-kube-1.25-default ( #9364 )
2 years ago
Maxime Leroy
d9c39c274e
fix(defaults): wrong cri_socket path for containerd ( #9401 )
2 years ago
Mohamed Zaian
5ad1d9db5e
[kubernetes] Add hashes for 1.25.3, 1.24.7, 1.23.13 and make v1.24.7 default ( #9397 )
2 years ago
Unai Arríen
52904ee6ad
Avoid MetalLB speaker image download when MetalLB speaker is disabled ( #9248 )
* Avoid MetalLB speaker image download when metallb_speaker_enabled is set to
* Move metallb_speaker_enabled var to allow outside metalLB role references
* Move metallb_speaker_enabled var to allow outside metalLB role references
* Improve metallb_speaker_enabled default values
2 years ago
Kay Yan
999586a110
sysctl_additional ( #9351 )
2 years ago
Florian Ruynat
841e2f44c0
Remove references to 1.22 ( #9342 )
2 years ago
Federico Cucinella
e486151aea
cloud-provider-openstack: upgrade 1.22.0 to 1.23.4 ( #9332 )
2 years ago
Mohamed Zaian
76573bf293
[kubernetes] Add hashes for 1.24.6, 1.22.15, 1.23.12 and make v1.24.6 default ( #9308 )
2 years ago
Mohamed Zaian
680293e79c
[kubernetes] Add hashes for 1.24.5, 1.22.14, 1.23.11 and make v1.24.5 default ( #9286 )
2 years ago
Cristian Calin
6db6c8678c
disable kubelet_authorization_mode_webhook by default ( #9238 )
2 years ago
Mohamed Zaian
ab938602a9
[kubernetes] Add hashes for 1.24.4, 1.22.13, 1.23.10 and make v1.24.4 default ( #9191 )
2 years ago
Mohamed Zaian
91073d7379
[kubernetes] make v1.24.3 default ( #9101 )
2 years ago
Mohamed Zaian
e4fe679916
[kubernetes] make v1.24.2 default
2 years ago
Alessio Greggi
97b4d79ed5
feat: make kubernetes owner parametrized ( #8952 )
* feat: make kubernetes owner parametrized
* docs: update hardening guide with configuration for CIS 1.1.19
* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
2 years ago
Florian Ruynat
9e7f89d2a2
Remove forgotten 1.21 references
2 years ago
Calin Cristian Andrei
24c8ba832a
[kubernetes] drop support for configuring insecure apiserver
2 years ago
Calin Cristian Andrei
2cd8c51a07
[kubeadm] use v1beta3 configuration version
* extra admission controls now don't have a version in their file names
eventratelimit.v1beta2.yaml.j2 -> eventratelimit.yaml.j2
* cri_socket variable includes the unix:// prefix to be conformat with
upstream
2 years ago
Calin Cristian Andrei
fad296616c
[docker] use cri-dockerd instead of dockershim for any kubernetes version deployed with docker as the container_manager
2 years ago
Calin Cristian Andrei
2de5c4821c
[calico] clean up workarounds for older versions
2 years ago
Calin Cristian Andrei
ae1dcb031f
[kubernetes] drop pre 1.22.0 workarounds
2 years ago
Calin Cristian Andrei
9535a41187
[kubernetes] make 1.22.0 the minimum version
2 years ago
Calin Cristian Andrei
d69d4a8303
[kubernetes] make 1.24.1 the new default
2 years ago
Mohamed Zaian
78aacee21b
[kubernetes] add hashes for 1.24.1 and other versions. ( #8876 )
* [kubernetes] add hashes for 1.24.1 and other versions.
versions: v1.21.13, v1.22.10, v1.23.7 & v1.24.1
* [kubernetes] make v1.23.7 default1
2 years ago
Samuel Liu
f26f544ff6
[kube-ovn]: update kube-ovn version and sync some feature ( #8790 )
* [kube-ovn]: some feature
kube-ovn vlan mode
ipv6/ipv4 dual stack
...
* remove unused env
* fix readinessprobe
2 years ago
Cristian Calin
56cf163a23
[kubernetes] actually make 1.23.6 the default ( #8767 )
2 years ago
Julien Le Fur
30306d6ec7
Enable external CA mode for control-plane deployment ( #8620 )
2 years ago
Robin Wallace
d7254eead6
UpCloud integration ( #8653 )
* [upcloud] add upcloud csi-driver
* Option to use ansible_host as api ip for kubueconfig
2 years ago
Samuel Liu
424ef3b3f9
[calico] add calico apiserver ( #8690 )
* [calico] add calico apiserver
* fix yamllint
* remove addext argument
* Configure API server with the CA bundle
* add check kdd
2 years ago
Mathieu Parent
996ef98b87
Add support for kube-vip ( #8669 )
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
2 years ago
Alessio Greggi
bba91a7524
split kube_feature_gates variable for different kubernetes components ( #8677 )
* feat: split kube_feature_gates variable for different kubernetes components
* docs: add kube_feaute_gates componet variables
2 years ago
Calin Cristian Andrei
538f9df5cc
[kubernetes] make 1.23.5 the default
2 years ago