133a7a0e1b
Add featureDetectOverride configration of calico ( #9249 )
2 years ago
efb47edb9f
Update kubespray version to v2.19.1 ( #9241 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2 years ago
36bec19a84
add-yankay-to-reviewers ( #9247 )
2 years ago
6db6c8678c
disable kubelet_authorization_mode_webhook by default ( #9238 )
2 years ago
5603f9f374
Update security contacts file ( #9235 )
2 years ago
7ebb8c3f2e
make calico installation more stable ( #9227 )
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2 years ago
acb6f243fd
feat: add kubelet systemd service hardening option ( #9194 )
* feat: add kubelet systemd service hardening option
* refactor: move variable name to kubelet_secure_addresses
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
* docs: add diagram about kubelet_secure_addresses variable
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2 years ago
220f149299
Fix abort because calicoctl.sh is not a full path ( #9217 )
2 years ago
1baabb3c05
Fix cloud_init files for different distros ( #9232 )
2 years ago
617b17ad46
Fix kube_ovn_hw_offload value ( #9218 )
2 years ago
8af86e4c1e
Fix typo.
2 years ago
9dc9a670a5
add runc v1.1.4 ( #9230 )
2 years ago
b46ddf35fc
kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod ( #9223 )
* fix-kube-vip-strict-arp
* fix-kube-vip-strict-arp
2 years ago
de762400ad
Fixes for calico_datastore: etcd ( #9228 )
It seems that PR #8839 broke `calico_datastore: etcd` when it removed ipamconfig support for etcd mode.
This PR fixes some failing tasks when `calico_datastore == etcd`, but it does not restore ipamconfig support for calico in etcd mode. If someone wants to restore ipamconfig support for `calico_datastore: etcd` please submit a follow up PR for that.
2 years ago
e60ece2b5e
[CI] remove opensuse Leap from molecule test blocking CI ( #9229 )
2 years ago
e6976a54e1
add pre-commit hook to facilitate local testing ( #9158 )
* add pre-commit hook configuration
* add tmp.md to .gitignore
* describe the use of pre-commit hook in CONTRIBUTING.md
* fix docs/integration.md errors identified by markdownlint
* fix docs/<file>.md errors identified by markdownlint
* docs/azure-csi.md
* docs/azure.md
* docs/bootstrap-os.md
* docs/calico.md
* docs/debian.md
* docs/fcos.md
* docs/vagrant.md
* docs/gcp-lb.md
* docs/kubernetes-apps/registry.md
* docs/setting-up-your-first-cluster.md
* docs/vagrant.md
* docs/vars.md
* fix contrib/<file>.md errors identified by markdownlint
2 years ago
64daaf1887
cri-dockerd: add restart of docker.service ( #9205 )
* cri-dockerd: add restart of docker.service
* remove enabling of cri-dockerd.socket
2 years ago
1c75ec9ec1
do not run etcd role in scale.yml playbook when etcd installed by kubeadm ( #9210 )
2 years ago
c8a61ec98c
optimize the format of evictionHard in kubelet-config.yaml template ( #9204 )
2 years ago
aeeae76750
Update vars.md ( #9172 )
2 years ago
30b062fd43
fix one bug in docs/nodes ( #9203 )
2 years ago
8f899a1101
Fix containerd (<1.7) configuration for insecure registries ( #9207 )
For the following configuration
```
containerd_insecure_registries:
docker.io:
- dockerhubcache.example.com
```
the rendered /etc/containerd/config.toml contains
```
[plugins."io.containerd.grpc.v1.cri".registry.configs."docker.io".tls]
insecure_skip_verify = true
```
but it needs to be
```
[plugins."io.containerd.grpc.v1.cri".registry.configs."dockerhubcache.example.com".tls]
insecure_skip_verify = true
```
2 years ago
386c739d5b
🌱 Enable cri-dockerd service ( #9201 )
* 🌱 Enable cri-dockerd service
* 🔨 Fix the task name in order to pass the CI tests
2 years ago
fddff783c8
Update vsphere-csi.md ( #9170 )
2 years ago
bbd1161147
9035: Make Cilium rolling-restart delay/timeout configurable ( #9176 )
See #9035
2 years ago
ab938602a9
[kubernetes] Add hashes for 1.24.4, 1.22.13, 1.23.10 and make v1.24.4 default ( #9191 )
2 years ago
e31890806c
Add 'avoid-buggy-ips' support of MetalLB ( #9166 )
2 years ago
30c77ea4c1
Add the option to enable default Pod Security Configuration ( #9017 )
* Add the option to enable default Pod Security Configuration
Enable Pod Security in all namespaces by default with the option to
exempt some namespaces. Without the change only namespaces explicitly
configured will receive the admission plugin treatment.
* Fix the PR according to code review comments
* Revert the latest changes
- leave the empty file when kube_pod_security_use_default, but add comment explaining the empty file
- don't attempt magic at conditionally adding PodSecurity to kube_apiserver_admission_plugins_needs_configuration
2 years ago
175cdba9b1
Add 'flush ip6tables' task in reset role ( #9168 )
* Add 'flush ip6tables' task in reset role
If enable_dual_stack_networks is set to true and ip6 is defined,ip6tables will be created. But when reset the kubernetes cluster, kubespray doesn't flush ip6tables.
* [CI] fix molecule tests on opensuse by upgrading to 15.4 (#9175 )
* [CI] fix molecule tests on opensuse by upgrading to 15.4
* [opensuse] use correct python crytography package name depending on distribution version
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2 years ago
ea29cd0890
add list nodes rules to cilium-operator clusterrole ( #9178 )
2 years ago
68653c31c0
docs(kube-vip): fix broken links ( #9165 )
Signed-off-by: Massimiliano Giovagnoli <me@maxgio.it>
Signed-off-by: Massimiliano Giovagnoli <me@maxgio.it>
2 years ago
be5fdab3aa
Disable DNSStubListener for Flatcar Linux ( #9160 )
* Disable DNSStubListener for Flatcar Linux
* Fix missing "Flatcar" condition of os_family
2 years ago
f4daf5856e
Subnet setup order fix & Number of master nodes syntax fix ( #9159 )
* Subnet setup order fix & Number of master nodes syntax fix
* Mistake fix!
* Formatting
2 years ago
49d869f662
Fix CSI drivers issues on Azure ( #9153 )
* Include missing azuredisk rbac manifest
* Remove missing azure csi manifest
* Remove invalid reference mount to waagent settings
* Use cloud-config secret instead of /etc/kubernetes/cloud_config file
2 years ago
b36bb9115a
[calico] calico rr supports multiple groups ( #9134 )
* update calico rr
* fix bgppeer conf
* fix yamllint
* fix ansible lint
* fix calico deploy
* fix yamllint
* fix some typo
2 years ago
9ad2d24ad8
Add unsafe_show_logs switch ( #9164 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2 years ago
0088fe0ab7
add-tar-in-common-package ( #9184 )
2 years ago
ab93b17a7e
[containerd] upgrade to 1.6.8 , add hashes, containerd now supports ppc64le from v1.6.7 ( #9181 )
2 years ago
9f1b980844
Update dashboard to 2.6.1 ( #9185 )
2 years ago
86d05ac180
fix: remove condition for user creation ( #9125 )
This condition blocks the creation of the `etcd` user in certain conditions.
Specifically, when you have a `etcd_deployment_type: kubeadm` and `kube_owner: root`.
Being the `root` user already present on the system, this will not be a problem (due to the idempotency of ansible).
2 years ago
bf6fcf6347
Upgrade nerdctl from 0.20.0 to 0.22.2 ( #9180 )
2 years ago
b9e4e27195
[CI] fix molecule tests on opensuse by upgrading to 15.4 ( #9175 )
* [CI] fix molecule tests on opensuse by upgrading to 15.4
* [opensuse] use correct python crytography package name depending on distribution version
2 years ago
8585134db4
when ingress-nginx is deployes without a class, we need to use 'ingress-controller-leader' resource instead of the default 'ingress-controller-leader-nginx' ( #9156 )
2 years ago
7e862939db
Add kube-vip check to check_readme_versions.sh ( #9155 )
To check the kube-vip version between readme.md and the default value
on the role, this updates check_readme_versions.sh
2 years ago
0d3bd69a17
add-kube-vip-in-readme ( #9149 )
2 years ago
2b97b661d8
Move old etcd backup removal after etcd restart ( #9147 )
2 years ago
24f12b024d
Argument jsonpath must be single-quoted in "See if node is schedulable" task ( #9146 )
2 years ago
f7d363dc96
Fix crio version in README ( #9148 )
2 years ago
47050003a0
Add docker support for Kylin V10 ( #9144 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2 years ago
4df6e35270
Move oracle7-canal to centos7-canal
2 years ago
lou-lan
ERIK
Kay Yan
Cristian Calin
Florian Ruynat
蒋航
Alessio Greggi
tasekida
lijin-union
kakkotetsu
Chad Swenson
Krystian Młynek
Sergey
Shelming.Song
Bishal das
Pavel Chekin
Mostafa Ghadimi
Tristan
Mohamed Zaian
Ho Kim
Tomas Zvala
GreatLazyMan
Thearas
maxgio92
Robin Ramquist
Piotr Kowalczyk
Samuel Liu
Jin Li
Peter Pan
Kenichi Omichi
emiran-orange