5c07c6e6d3
Add option to [not] install coredns via Kubespray ( #12218 )
4 months ago
c6dfe22a41
Improve logging of kubeadm init failure of first control plane node ( #12216 )
Split retry task of 'kubeadm init' to show the failure log of
the first execution.
4 months ago
ec85b7e2c9
download: respect enable_dns_autoscaler when enabling dnsautoscaler ( #12217 )
dnsautoscaler should only be enabled when enable_dns_autoscaler is
set to true. without this, it could be enabled without any manifest
actually using it, which makes it a false signal.
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
4 months ago
22d3cf9c2b
Move 'pretend certificates' **after** cert distribution
The link target will only exist after we distribute the certs on each node.
4 months ago
2c3b6c9199
feat: add trigger to restart kube-apiserver when config files change ( #12172 )
* feat: add trigger to restart kube-apiserver when config files change
* fix: remove not upgrade_cluster_setup condition
* refactor: streamline kube-apiserver restart notifications
4 months ago
a55932e1de
Patch versions updates ( #12204 )
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
4 months ago
973bd2e520
Stop cleaning up containerd packages ( #12213 )
The switch to not use system packages for containerd packages happened
multiples releases ago ; there should not be any up-to-date installation
of kubespray needing that cleanup.
Remove those steps and variables only used by them.
4 months ago
8cc5694580
calico: update calico-kube-controller manifest ( #12169 )
4 months ago
1d15baf405
Add compat and deprecation warning for boostrap-os
4 months ago
47508d5c6e
Rename bootstrap-os to bootstrap_os
Role names in ansible collections should not have hyphens.
4 months ago
2a1ae14275
Compat layer remove-node/pre-remove
4 months ago
e361def9cd
Rename remove-node/pre-remove (no hypens for role in collection)
4 months ago
fa6888df4c
kubernetes_audit: Remove redundant defaults filter ( #12208 )
4 months ago
9bbd597e20
create cilium_operator_tolerations variable in group_var ( #12200 )
- This enables ithe override of the tolerations for the cilium-operator deployment
- default behaviour is to leave the toleration as is unless the var is set
4 months ago
fceb1516b8
Update: add Cilium LB IP Pool configuration to support ranges ( #12140 )
4 months ago
4052cd5237
Add compat and deprecation warning for kubespray-defaults
4 months ago
e1be469995
fix: do not mount hubble-ui tls volume when cilium_hubble_tls_generate is false ( #12143 )
4 months ago
7db2aa1cba
Rename kubespray-defaults to kubespray_defaults
Role names in ansible collection should not contains hyphens.
4 months ago
25e4fa17a8
Split kubespray-defaults (-> `network_facts`)
kubespray-defaults currently does two things:
- records a number of default variable values (in particular values used
in several places)
- gather and compose some complex network facts (in particular,
`fallback_ip` and `no_proxy`
There is no actual reason to couple those two things, and it makes using
defaults more difficult (because computing the network facts is somewhat
expensive, we don't want to do it willy-nilly)
Split the two and adjust import paths as needed.
5 months ago
bb4b2af02e
Drop install of python-libselinux for RHEL family below 8
RHEL 7 and derivates support has been removed from some time, clean up
of leftovers.
5 months ago
27e93ee9f6
Feat: Gateway API early installation ( #12189 )
The Gateway API needs to be installed first if you want to use Cilium's
Gateway API functionality. The Gateway API is just CRD without any Pod,
Deployment, etc., so I think it can be brought forward to before the CNI
installation.
Signed-off-by: ChengHao Yang
4 months ago
76707073c4
Fix indentation on AuthorizationConfiguration task ( #12197 )
4 months ago
1c4b18b089
fix: arm64 checksums for youki and kata-containers ( #12173 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
4 months ago
d6d87e9a83
Move cilium_deploy_additionnaly to kubespray-default ( #12191 )
Instead of using default(false) all over the place, use
kubespray-defaults
5 months ago
fcc294600c
Workaround missing etcd certds on control plane node ( #12181 )
5 months ago
9631b5fd44
Move etcd inventory sample doc to role defaults
5 months ago
a7d681abff
Install iputils with other packages
5 months ago
5867fa1b9f
Move back iproute install to system_packages
Packages are now installed before network facts collection, so we can
install iproute with the rest.
5 months ago
1e79c7b3cb
Move package install to bootstrap-os
5 months ago
87726faab4
Move check 'sorted pkgs list to pre-commit'
This is a lint check, which should not live in the playbook itself.
5 months ago
1b9919547a
Split 'offline' assert into their own role
The preinstall assert cover a number of things, many of which depends
only on the inventory, and can be run without any ansible_facts
collected.
Split them off to simplify re-ordering.
5 months ago
6f0fc020e8
update containerd.options key name ( #12170 )
5 months ago
c47711c2f2
fix: correct indent of cpuManagerPolicyOptions ( #12123 )
5 months ago
2907936c85
Feat: add dns_autoscaler_affinity remove in-place values
Upstream has removed affinity, and fix upgrade failing test.
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
5 months ago
71a323039f
Fix: kubelet-csr-approver moves to regular application installation ( #12141 )
This commit fixed the process to ensure that CCM is installed first to
avoid the chicken-and-egg problem.
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
5 months ago
5e5e509698
Revert "Update cluster-proportional-autoscaler to v1.9.0 ( #11982 )" ( #12168 )
This reverts commit 16841a1fb0
5 months ago
1da9f0dec4
Fixed kube-vip to use `kube-vip/kube-vip-iptables` image instead of `kube-vip/kube-vip` when `lb_fwdmethod` or `kube_vip_lb_fwdmethod` is set to `masquerade` ( #12145 )
5 months ago
629a690886
fix: Enable NRI for containerd and disable plugin when nri_enabled is false ( #12152 )
* fix(containerd): always render NRI plugin block with conditional disable flag
* feat: enable Node Resource Interface plugin when using containerd
* fix: remove the
* fix: fix for linter
5 months ago
16841a1fb0
Update cluster-proportional-autoscaler to v1.9.0 ( #11982 )
5 months ago
8f41a2886d
Update version comparison syntax and optimize whitespace ( #12146 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
5 months ago
38cea5b866
Patch versions updates ( #12119 )
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
5 months ago
9456e792f1
Remove unused Gateway API template
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
10 months ago
7f60dda565
Refactor Gateway API manifests installation process
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
5 months ago
582fe2cbde
Add Gateway API download information in kubespray-default
Remove old variables in kubernetes-apps/gateway_api
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
10 months ago
79fbfdf271
component_hash_update: support calico_crds ( #12122 )
- add support for "no_arch" downloads: arch-indendendant files such as
YAML manifests, helm charts, etc.
- wire calico_crds with it.
5 months ago
cfaf397d4a
Bump: OpenStack Cloud Controller Manager upgrade to v1.32.0 ( #12121 )
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
5 months ago
4ce5510c1a
[rbd-provisioner] deprecate outdated application and documentation ( #12114 )
* Cleanup: deprecate rbd-provisioner application
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
* Docs: remove rbd-provisioner application
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
---------
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
6 months ago
8032b8281d
[cephfs-provisioner] deprecate outdated application and documentation ( #12113 )
* Cleanup: deprecated CephFS application
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
* Docs: Remove CephFS Application
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
---------
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
6 months ago
5a6ef1dafa
Timeout on RHEL subscription check ( #12115 )
subscription-manager status can in some circumstances just never
terminates, with nothing indicating the problem from the Ansible
playbook log.
This makes it difficult to find the hosts misbehaving.
Add a timeout to the subscription checks (defaulting to 3 minutes). This
should be more than enough for normal circumstances while allowing
easier troubleshooting, as the hosts will be FAILED instead of the
playbook just waiting indefinitely.
6 months ago
4a5b524b98
Ensure metrics port exists for nodelocaldns/nodelocaldns-second daemonsets ( #11998 )
- update metrics port to use port variable
- unconditionally define ports
6 months ago
Antoine Legrand
Takuya Murakami
Seena Fallah
Max Gautier
Hyeonki Hong
Cyclinder
felipe88alves
Cheolhui Kim
Kim Hyunyoung, Abel
ChengHao Yang
Chad Swenson
ERIK
bin.pan
Ho Kim
Aviral Agarwal
ShinyaIshitobi
Mathieu Parent
Ricky Kwan