082507cff2
kubelet: conditionalize staticPodPath location ( #12433 )
Add variable to set kubelet staticPodPath location.
It can be set to empty so that we can choose to disable it for some nodes.
STIG recommendation is to disable it.
Signed-off-by: Shaleen Bathla <shaleenbathla@gmail.com>
Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
1 month ago
f6d29a27fc
Remove stale TODOs ( #12298 )
Upstream consider it working as expected, won't fix
https://github.com/ansible-collections/community.general/issues/7717#issuecomment-2061880929
3 months ago
c47711c2f2
fix: correct indent of cpuManagerPolicyOptions ( #12123 )
5 months ago
1da9f0dec4
Fixed kube-vip to use `kube-vip/kube-vip-iptables` image instead of `kube-vip/kube-vip` when `lb_fwdmethod` or `kube_vip_lb_fwdmethod` is set to `masquerade` ( #12145 )
5 months ago
0f9f9fb569
support kube-proxy nftables ( #12060 )
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
6 months ago
f9a263090a
Propagate v-less version everywhere
8 months ago
a51e7dd07d
refact ip stack ( #11953 )
7 months ago
4373c1be1d
Revert "Add support for ipv6 only cluster via "enable_ipv6only_stack_networks…" ( #11941 )
This reverts commit 76c0a3aa75
8 months ago
76c0a3aa75
Add support for ipv6 only cluster via "enable_ipv6only_stack_networks" ( #11831 )
8 months ago
540c6ddb96
remove legacy kubelet container pre-upgrade tasks ( #11805 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
9 months ago
38cd05c503
Refactor: simpify cloud_provider is defined condition
For this change, `cloud_provider` change the default value to empty
string.
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
11 months ago
c27cc33bd7
Refactor: var kube_override_hostname only reserve in kubespray-defaults
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
11 months ago
437026f514
Cleanup: remove all cloud_provider related tasks & files
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
11 months ago
693eb74f52
fix kube-vip container securityContext ( #11647 )
11 months ago
2826b357d4
Remove serialized collect of ansible_default_ipv4
The fallback_ips tasks are essentially serializing the gathering of one
fact on all the hosts, which can have dramatic performance implications
on large clusters (several minutes).
This is essentially a reversal of 35f248dff0
1 year ago
9f45552201
Cleanup redundancy
k8s_cluster = kube_control_plane + kube_node
1 year ago
2ec1c93897
Test group membership with group_names
Testing for group membership with group names makes Kubespray more
tolerant towards the structure of the inventory.
Where 'inventory_hostname in groups["some_group"] would fail if
"some_group" is not defined, '"some_group" in group_names' would not.
1 year ago
c3de25c782
Move the CRI endpoint setting to kubelet config ( #11550 )
The `--container-runtime-endpoint` kubelet argument is deprecated in
favor of the config file alternative.
1 year ago
fe60832a02
Remove kubelet_node_{custom_flags,config_extra_args}
There is no need to have an extra variables for this, just use different
values per host (using Ansible group_vars, for example)
1 year ago
1bc61c9f35
Simplify kubelet-config template
Remove system|kube_master_<resource>_reserved variables.
Those variables are unnecessary because users can simply use the
variables in group_vars if they which to differentiate control plane
nodes from other nodes.
Set conservative defaults for ephemeral-storage and pids for both kube
and system reserved resources.
1 year ago
1533d40411
Fix kube_reserved_cgroups_for_service_slice
The default value is used across kubespray but only defined in
kubernetes/node.
Move it to kubespray-defaults
1 year ago
4b324cb0f0
Rename master to control plane - non-breaking changes only ( #11394 )
K8s is moving away from the "master" terminology, so kubespray should follow the same naming conventions. See 65d886bb30/sig-architecture/naming/recommendations/001-master-control-plane.md
1 year ago
9a7b021eb8
Do not use ‘yes/no’ for boolean values ( #11472 )
Consistent boolean values in ansible playbooks
1 year ago
e43e08c7d1
fix: use super-admin.conf for kube-vip on first master when it exists ( #11422 )
* fix: use super-admin.conf for kube-vip when it exists
* Mathieu Parent add as co-author
Co-authored-by: Mathieu Parent <math.parent@gmail.com>
* template change for readability
* fix lint error
---------
Co-authored-by: Mathieu Parent <math.parent@gmail.com>
1 year ago
468c5641b2
fix kube_reserved so it only controls kubeReservedCgroup ( #11367 )
1 year ago
8208a3f04f
Rename systemd module to systemd_service ( #11396 )
Signed-off-by: tu1h <lihai.tu@daocloud.io>
1 year ago
8f5f75211f
Improving yamllint configuration ( #11389 )
Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>
1 year ago
db316a566d
dependencies for kubelet.service ( #11297 )
Signed-off-by: serge Hartmann <serge.hartmann@gmail.com>
1 year ago
921b0c0bed
Add options to control images pulling of kubelet ( #11094 )
Signed-off-by: tu1h <lihai.tu@daocloud.io>
1 year ago
d50f61eae5
pre-commit: apply autofixes hooks and fix the rest manually
- markdownlint (manual fix)
- end-of-file-fixer
- requirements-txt-fixer
- trailing-whitespace
1 year ago
f85111f6d4
CI: add ubuntu 24.04 support ( #11132 )
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
1 year ago
a09c73a356
Update kube-vip manifests to v0.8.0
1 year ago
537891a380
Update kube-vip manifests to v0.8.0
1 year ago
e57e958a39
Update kube-vip to v0.8.0
1 year ago
23b56e3f89
Enclose the cpu type with quotation marks in kubelet-config.v1beta1 ( #11111 )
Signed-off-by: tu1h <lihai.tu@daocloud.io>
1 year ago
1b870a1862
Update kubelet systemd service default allowed IP addresses for cluster hardening ( #11061 )
Signed-off-by: bmelbourne <barry.melbourne0@gmail.com>
1 year ago
baf4842774
make kube-vip LeaderElection variables configurable ( #11021 )
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
1 year ago
e7d29715b4
Add kubelet_cpu_manager_policy_options ( #11023 )
1 year ago
785366c2de
[kubernetes] Support kubernetes 1.29 ( #10820 )
* [kubernetes] Make kubernetes 1.29.1 default
* [cri-o]: support cri-o 1.29
Use "crio status" instead of "crio-status" for cri-o >=1.29.0
* Remove GAed feature gates SecCompDefault
The SecCompDefault feature gate was removed since k8s 1.29
https://github.com/kubernetes/kubernetes/pull/121246
1 year ago
7863fde552
[apiserver-kubelet/tracing]: add distributed tracing config variables ( #10795 )
* [apiserver-kubelet/tracing]: add distributed tracing config flags
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
* [apiserver-kubelet/tracing]: add distributed tracing config flags - fix
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
* [apiserver-kubelet/tracing]: add distributed tracing config flags - fix
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
---------
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
1 year ago
ab0163a3ad
fix(kubernetes): taint nodes with kubectl ( #10705 )
Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
1 year ago
13e1f33898
Correct the POLY1305 cipher suites by adding the suffix _SHA256 ( #10641 )
1 year ago
22bb0976d5
Adjust kubelet_event_record_qps to K8S default ( #10826 )
Also remove redundant check in the kubelet config template (we define a
default, so the setting will always be "true")
1 year ago
a656b7ed9a
Add kube_vip_lb_fwdmethod option for kube-vip ( #10762 )
Signed-off-by: tu1h <lihai.tu@daocloud.io>
1 year ago
c3b674526d
Fix modprobe module on Flatcar ( #10678 )
* Fix modprobe module on Flatcar
* Add todo about upstream issue report
1 year ago
471326f458
Remove PodSecurityPolicy support and references ( #10723 )
This is removed from kubernetes since 1.25, time to cut some dead code.
1 year ago
612cfdceb1
Check conntrack module presence instead of kernel version ( #10662 )
* Try both conntrack modules instead of checking kernel version
Depending on kernel distributor, the kernel version might not be a
correct indicator of the conntrack module use.
Instead, we check both (and use the first found).
* Use modproble.persistent rather than manual persistence
1 year ago
6b1188e3dc
[fix] modprobe_nf_conntrack for new Linux Kernel, when using ipvs ( #10625 )
Signed-off-by: AbhishekKr <abhikumar163@gmail.com>
1 year ago
0d4f57aa22
Validate systemd unit files ( #10597 )
* Validate systemd unit files
This ensure that we fail early if we have a bad systemd unit file
(syntax error, using a version not available in the local version, etc)
* Hack to check systemd version for service files validation
factory-reset.target was introduced in system 250, same version as the
aliasing feature we need for verifying systemd services with ansible.
So we only actually executes the validation if that target is present.
This is an horrible hack which should be reverted as soon as we drop
support for distributions with systemd<250.
1 year ago
802da0bcb0
Create variables for ipvs kernel modules ( #10580 )
* Create variables for ipvs kernel modules
* Corrected kubernetes role node task missing name
* Added changes as suggested during review by VannTen
1 year ago
Shaleen Bathla
Max Gautier
Ho Kim
Aviral Agarwal
Kay Yan
Boris
Antoine Legrand
ERIK
ChengHao Yang
kyrie
Bogdan Sass
Vlad Korolev
Selçuk Arıbalı
R. P. Taylor
Lihai Tu
Bas
Serge Hartmann
Jorge Isnardo Altamirano
Barry M
Tom M
Takuya Murakami
Ugur Can Ozturk
Maxime Leroy
yun
Andrei Costescu
AbhishekKr
borgiacis