cleverhu
34a52a7028
update cilium cli offline download url example ( #9458 )
Signed-off-by: cleverhu <shouping.hu@daocloud.io>
Signed-off-by: cleverhu <shouping.hu@daocloud.io>
1 year ago
yanggang
ce751cb89d
add variable condition snapshot in vSphere CSI ( #9429 )
1 year ago
cleverhu
5cf2883444
add retry for start calico kube controller ( #9450 )
Signed-off-by: cleverhu <shouping.hu@daocloud.io>
Signed-off-by: cleverhu <shouping.hu@daocloud.io>
1 year ago
charlychiu
6bff338bad
fix: hubble relay tls error ( #9457 )
1 year ago
Olivier Lemasle
c78862052c
Stop using python 'test' internal package ( #9454 )
`test` is is a internal Python package (see [doc]), and as such should not be
used here. It make tests fail in some environments.
[doc]: https://docs.python.org/3/library/test.html
1 year ago
William Turner
1f54cef71c
Add variable to set direct routing on flannel VXLAN ( #9438 )
1 year ago
yanggang
d00508105b
Removed PodSecurityPolicy from ingress-nginx ( #9448 )
1 year ago
lijin-union
c272421910
Add UOS linux support ( #9432 )
1 year ago
biqiang Wu
78624c5bcb
When using cilium CNI, install Cilium CLI ( #9436 )
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
1 year ago
biqiang Wu
c681435432
Add switch cilium_enable_bandwidth_manager ( #9441 )
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
1 year ago
杨刚
4d3f637684
Remove PodSecurityPolicies in Metallb for kubernetes 1.25 ( #9442 )
1 year ago
Olivier Lemasle
5e14398af4
Upgrade ruamel.yaml.clib to work with Python 3.11 ( #9426 )
ruamel.yaml.clib did not build with the upcoming Python 3.11.
Cf. https://sourceforge.net/p/ruamel-yaml-clib/tickets/9/
ruamel.yaml.clib==0.2.7 fixes the issue.
1 year ago
蒋航
990f87acc8
Update kube-vip to v0.5.5 ( #9437 )
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
1 year ago
William Turner
eeb376460d
Fix inconsistent handling of admission plugin list ( #9407 )
* Fix inconsistent handling of admission plugin list
* Adjust hardening doc with the normalized admission plugin list
* Add pre-check for admission plugins format change
* Ignore checking admission plugins value when variable is not defined
1 year ago
Kay Yan
ef707b3461
update-containerd-1.6.9 ( #9427 )
1 year ago
Mohamed Zaian
2af918132e
Update kubernetes dashboard to 2.7.0 (k8s 1.25 support) ( #9425 )
1 year ago
Mohamed Zaian
b9b654714e
[nerdctl] upgrade to version 1.0.0 ( #9424 )
1 year ago
Mohamed Zaian
fe399e0e0c
[etcd] add 3.5.5 hashes, make it default for k8s 1.25 ( #9419 )
1 year ago
杨刚
b192053e28
as argocd 2.4.15 is releasesd , update the version ( #9420 )
1 year ago
杨刚
a84271aa7e
etcd arch can support arm64 and amd64 ( #9421 )
1 year ago
Wouter Goedhart
1901b512d2
Make the port of kube-vip dynamic based on the kube_apiserver_port ( #9414 )
variable
Fix wrong referenced variable on bgp_peers
Fix bgp_peeras field to be a string
Set default value for bgp_peeras
1 year ago
ERIK
9fdda7eca8
Fix iputils install failure in Kylin OS ( #9416 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
1 year ago
ERIK
a68ed897f0
Update kubelet checksum ( #9413 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
1 year ago
Florian Ruynat
582ff96d19
Update docker version to 20.10.20 ( #9410 )
1 year ago
Kenichi Omichi
0374a55eb3
Specify securityContext for cert-manager ( #9404 )
On hardening environments, cert-manager pods could not be created
from the corresponding deployments. This adds the securityContext
to solve the issue.
1 year ago
Kay Yan
ccbe38f78c
make-kube-1.25-default ( #9364 )
1 year ago
Vladimir
958840da89
Add var for control initialDelaySeconds in nginx ingress probe ( #9405 )
Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>
Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>
1 year ago
Cristian Calin
1530411218
use cri-o from upstream instead of kubic/OBS ( #9374 )
* [cri-o] use cri-o from upstream instead of kubic/OBS
* [cri-o] add proper molecule coverage
* [skopeo] download skopeo from upstream build
* [cri-o] clean up legacy deployments
* disable cri-o per-distribution variables
1 year ago
Kenichi Omichi
e5ec0f18c0
Add packet_ubuntu20-calico-aio-hardening ( #9359 )
To verify the hardening method works always.
The configuration comes from docs/hardening.md
Fix yaml format of hardening.yml
Add condition to skip 040 test for hardening
1 year ago
Mohamed Zaian
0f44e8c812
[ingress-nginx] upgrade to 1.4.0 ( #9403 )
1 year ago
Kay Yan
1cc0f3c8c9
mirror-for-china
1 year ago
Maxime Leroy
d9c39c274e
fix(defaults): wrong cri_socket path for containerd ( #9401 )
1 year ago
Kenichi Omichi
c38fb866b7
Update securityContext of netchecker ( #9398 )
To run netchecker with necessary privilege,
this updates the securityContext.
1 year ago
Mohamed Zaian
5ad1d9db5e
[kubernetes] Add hashes for 1.25.3, 1.24.7, 1.23.13 and make v1.24.7 default ( #9397 )
1 year ago
Kay Yan
32f3d92d6b
Remove PodSecurityPolicies in Calico ( #9395 )
1 year ago
Kenichi Omichi
72b45eec2e
Use agnhost instead of busybox for network test ( #9390 )
busybox container requires a root permission for ping.
For testing hardening method at CI, we need to switch to another image
which doesn't require the root permission for network testing.
On kubernetes/kubernetes repo, we are using agnhost which doesn't
require it. So this makes the test use aghhost image.
In addition, this updates the test manifest to specify securityContext
without any privilege.
1 year ago
Cristian Calin
23716b0eff
don't define kubeadm_patches by default ( #9372 )
1 year ago
Kay Yan
859df84b45
remove-psp-in-flannel ( #9365 )
1 year ago
Kay Yan
131bd933a6
Fix ensure ping package error in fedora CoreOS & Flatcar ( #9370 )
* fix-ensure-package-in-coreos
* clean blank line
1 year ago
Unai Arríen
52904ee6ad
Avoid MetalLB speaker image download when MetalLB speaker is disabled ( #9248 )
* Avoid MetalLB speaker image download when metallb_speaker_enabled is set to
* Move metallb_speaker_enabled var to allow outside metalLB role references
* Move metallb_speaker_enabled var to allow outside metalLB role references
* Improve metallb_speaker_enabled default values
1 year ago
Kay Yan
e3339fe3d8
update_calico_doc_for_the_ChecksumOffloadBroken ( #9388 )
1 year ago
ghostloda
547ef747da
fix helm install with password authentication ( #9343 )
1 year ago
Kenichi Omichi
63b27ea067
Fix YAML format in hardening.md ( #9387 )
When trying to add a hardening CI job by copying configuration from
hardening.md, yamllint CI job deleted invalid format.
This fixes it for maintaining the CI job.
1 year ago
ERIK
bc5881b70a
Add the cilium hubble images to download role ( #9376 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
1 year ago
Kenichi Omichi
f4b95d42a6
Add note for containerd oom_score ( #9384 )
When we saw 0 as the default value of containerd_oom_score, we had
a question why the value was not -999.
This adds the note to explain it.
1 year ago
Unai Arríen
ef76a578a4
Change dns upstream condition for nodelocaldns ( #9378 )
2 years ago
Piotr Kowalczyk
3b99d24ceb
Fix: install calico-kube-controller on kdd ( #9358 )
* Fix: install policy controller on kdd too
* Remove the calico_policy_version condition altogether
* Install policy controller both on canal and calico under same condition
2 years ago
Kay Yan
4701abff4c
upgrade-api-version-for-PodDisruptionBudget ( #9369 )
2 years ago
Joe Siponen
717b8daafe
Download coredns image to all hosts in k8s_cluster ( #9316 )
Coredns image must be available everywhere as it
may be rescheduled to a non-control-plane-node.
2 years ago
Kevin Huang
c346e46022
fix(cinder-csi-nodeplugin): Remove the pods-cloud-data volume ( #9362 )
2 years ago