2336d54088
Fix calico etcd mode networkpolicy RBAC ( #12587 )
Co-authored-by: Chad Swenson <chadswen@gmail.com>
5 days ago
e52f788942
Add proxy_env to cilium install task for proxy ( #12530 )
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
3 weeks ago
ad7ab2cd37
[release-2.28] Fix automated cherrypick failure in UpgradeConfiguration.node ( #12524 )
1 month ago
4fd9e6d7a0
Patch versions updates ( #12519 )
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
1 month ago
ba4044b90d
Bump: Galaxy version to 2.28.2 ( #12525 )
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
1 month ago
a20891ab67
Fix SAN address collection from ansible_default_ipv{4,6} ( #12505 )
Signed-off-by: Hyeonki Hong <hhk7734@gmail.com>
Co-authored-by: Hyeonki Hong <hhk7734@gmail.com>
1 month ago
0858e46dc6
Patch versions updates ( #12504 )
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
1 month ago
d695115061
Fix: constant etcd_supported_version to dynamic ( #12499 )
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
1 month ago
9a09ac5a40
Fix: Change "empty" definition for PodSecurity Admission configuration ( #12478 )
Fixes a bug where `kube-apiserver` fails to start if the PodSecurity
configuration file doesn't have the `apiVersion` and `kind` keys.
Signed-off-by: Alejandro Macedo <alex.macedopereira@gmail.com>
Co-authored-by: Alejandro Macedo <alex.macedopereira@gmail.com>
1 month ago
3a1a2bd4f4
Argo CD : checksum support for the install url ( #12467 )
Fixes https://github.com/kubernetes-sigs/kubespray/issues/12223
Co-authored-by: Romain Lalaut <rlalaut@proton.me>
1 month ago
842e352767
[release-2.28] Upgrade cilium from 1.17.3 to 1.17.7 ( #12471 )
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com>
1 month ago
4bb24b253c
Patch versions updates ( #12462 )
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
1 month ago
f815c80139
bug: fix missing cilium_enable_bgp_control_plane config ( #12432 )
Co-authored-by: XuhuiSun95 <ericsun1995@gmail.com>
2 months ago
86fcc2ba59
Patch versions updates ( #12431 )
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2 months ago
e7cf546f37
Fix#12385 cilium typo ( #12404 )
Signed-off-by: wangsifei99 <wangsifei@kylinos.cn>
Co-authored-by: wangsifei99 <wangsifei@kylinos.cn>
2 months ago
a59585b6dc
Fixed syntax error in _bgp_config dict ( #12394 )
Co-authored-by: mathgaming <mathgaming@outlook.com>
2 months ago
2d0cc2b4ea
Fix kubeadm upgrade node skipPhases with multiple CP nodes ( #12384 )
Add 1.32 conditional defaults
Restore support for kubeadm upgrade node --skip-phases < 1.32, apply still needs to be restricted
Co-authored-by: Chad Swenson <chadswen@gmail.com>
2 months ago
9a08afa3f9
[release-2.28] Cilium: Pass cluster DNS to hubble.peerService in values.yaml.j2 ( #12374 )
* cilium: pass cluster DNS to hubble.peerService in values.yaml.j2
* Add dedicated Hubble variable defaulting to inventory cluster domain
---------
Co-authored-by: Mustafa Mertcan CAM <mertcancam@gmail.com>
3 months ago
22e9335484
fix(kubeadm): Conditionally add --skip-phases flag for v1.32.0+ ( #12354 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Co-authored-by: bo.jiang <bo.jiang@daocloud.io>
3 months ago
4789e9dd89
fix ETCD_INITIAL_CLUSTER config in etcd.env and etcd-events.env ( #12352 )
Co-authored-by: liuxu <liuxu623@gmail.com>
3 months ago
9a86253beb
fix: add cilium extraConfig values ( #12338 )
Co-authored-by: atobaum <atobaum@gmail.com>
3 months ago
1e76d9113b
Patch versions updates ( #12330 )
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
3 months ago
d7c00ce698
[release-2.28] Fix: the cluster is upgraded from 2.27 to 2.28 cilium will break ( #12324 )
* Fix: add cilium remove old resources option
Give users two options: besides skip Cilium, add
`cilium_remove_old_resources`, default is `false`, when set to `true`,
it will remove the content of the old version, but it will cause the
downtime, need to be careful to use.
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
* Fix: if cilium release exist, the action will set upgrade
`cilium install` is equivalent to `helm install`, it will failed if
cilium relase exist. `cilium version` can know the release exist without
helm binary
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
---------
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
3 months ago
cf6e96deb0
Add version pinning for AWS tf provider to fix CI ( #12327 )
Co-authored-by: Chad Swenson <chadswen@gmail.com>
3 months ago
0e5c532c9e
Skip kube-proxy addon phase during kubeadm upgrade if disabled ( #12320 )
Co-authored-by: Roman Davydchenko <xatteg@gmail.com>
3 months ago
a8f5277628
fix manage-offline-container-images.sh get image_id ( #12316 )
Co-authored-by: DearJay <zhongtianjieyi143@gmail.com>
3 months ago
1290466c53
Add tico88612 as approver ( #12292 )
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
3 months ago
6ec991e772
Fix indentation issue in Cilium values file and ensure booleans are lowercase ( #12283 )
This patch fixes the indentation in the `encryption` section.
Previously configuration like this:
```yml
cilium_encryption_enabled: true
cilium_encryption_type: wireguard
```
Would template to a `values.yaml` file with indentation that looks like this:
```yml
encryption:
enabled: True
type: wireguard
nodeEncryption: False
```
instead of this:
```yml
encryption:
enabled: true
type: wireguard
nodeEncryption: false
```
This syntax issue causes an error during Cilium installation.
This patch also makes all boolean values in this template file go through the `to_json` filter.
Since values like `True` and `False` are not compliant with the YAML v1.2 spec,
avoiding them is preferable.
`to_json` may be used for all other values in this template to ensure we end up with
a valid YAML document in all cases (even when various strings include special characters),
but this was left for another (future) patch.
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
3 months ago
a12e53e845
Bump galaxy.yml version ( #12290 )
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
3 months ago
63cdf87915
Removed equinix provider ( #12229 )
4 months ago
175babc4df
Move some approvers to emeritus ( #12156 )
Thanks for you work !
4 months ago
6c5c45b328
Allow stopping ubuntu unattended-upgrades ( #12174 )
Signed-off-by: Ekko Tu <lihai.tu@daocloud.io>
4 months ago
019cf2ab42
Merge pull request #12101 from tico88612/refactor/cilium-install
Refactor Cilium CNI installation
4 months ago
571e747689
build(deps): bump cryptography from 44.0.3 to 45.0.2 ( #12235 )
Bumps [cryptography](https://github.com/pyca/cryptography ) from 44.0.3 to 45.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/44.0.3...45.0.2 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 45.0.2
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4 months ago
1266527014
Add cilium cli binary hash before 0.18.3
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
4 months ago
5e2e63ebe3
Make cilium dnsProxy transparent mode configure
When Cilium is configured to replace kube-proxy, it automatically
enables dnsProxy, which can conflict with nodelocaldns.
4 months ago
db290ca686
Add cilium gateway api support
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
4 months ago
6619d98682
Add cilium hubble export dynamic content
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
4 months ago
b771d73fe0
Add cilium hubble export file max backups & size mb
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
4 months ago
65751e8193
Add cilium operator tolerations default values
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
4 months ago
4c16fc155f
Cilium values k8sServiceHost and k8sServicePort use auto
Signed-off-by: ChengHao Yang
<17496418+tico88612@users.noreply.github.com>
5 months ago
dcd3461bce
Cilium values use image variables
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
5 months ago
48f75c2c2b
Upgrade Cilium related images
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
5 months ago
a4b73c09a7
Upgrade cilium version to 1.17.3
Signed-off-by: ChengHao Yang
<17496418+tico88612@users.noreply.github.com>
6 months ago
af62570110
Change cilium_kube_proxy_replacement to true for CI tests
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
6 months ago
bebba47eb4
Change kube_owner to root for cilium CI test
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
6 months ago
86437730de
Use cilium-cli install Cilium
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
6 months ago
6fe64323db
Remove old cilium templates install
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
6 months ago
1e471d5eeb
Upgrade outdated cilium_min_version_required
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
6 months ago
3a2862ea19
Move checksums to kubespray_defaults/vars ( #12234 )
The checksums are not a defaults and are not meant to be changed from
the inventories.
Furthermore, role defaults have a lower priority that hosts facts, which
technically means a rogue hosts could hijack the hashes for its
variables.
4 months ago
k8s-infra-cherrypick-robot
ChengHao Yang
Chad Swenson
Max Gautier
Ali Afsharzadeh
Anshuman Agarwala
Ekko
Kubernetes Prow Robot
dependabot[bot]