a28b58dbd0
[calico]use ipamconfig instead of calico ipam command ( #8839 )
* use ipamconfig instead of calico ipam command
* fix ansible lint
2 years ago
eea7bb7692
only need run this once ( #8833 )
calicoctl ipam xx
calicoctl apply xx
2 years ago
569a319ff5
[calico] don't clobber user set bgp configuration options that are not managed by kubespray
2 years ago
47812ec002
[calico] don't clobber user set ippool options that are not managed by kubespray
2 years ago
c27dee57ea
[calico] don't clobber user set felixconfig options that are not managed by kubespray
2 years ago
3eb0a4071a
set default value of name to "k8s-pod-network" ( #8813 )
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2 years ago
f26f544ff6
[kube-ovn]: update kube-ovn version and sync some feature ( #8790 )
* [kube-ovn]: some feature
kube-ovn vlan mode
ipv6/ipv4 dual stack
...
* remove unused env
* fix readinessprobe
2 years ago
13443b05a6
Overhaul Cilium manifests to match the newer versions ( #8717 )
* [cilium] Separate templates for cilium, cilium-operator, and hubble installations
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update cilium-operator templates
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update cilium-agent templates
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Bump Cilium version to 1.11.3
Signed-off-by: necatican <necaticanyildirim@gmail.com>
2 years ago
1294fd5730
check calico ipv6 ( #8738 )
* check calico ipv6
* just check ipip mode for ipv6
2 years ago
937e64d296
Update flannel use install-cni-plugin to fit upstream ( #8714 )
* Update flannel use install-cni-plugin to fit upstream
* Replace flannel cni repo
* Remove download flannel binary
2 years ago
45262da726
[calico] call calico checks early on to prevent altering the cluster with bad configuration ( #8707 )
2 years ago
424ef3b3f9
[calico] add calico apiserver ( #8690 )
* [calico] add calico apiserver
* fix yamllint
* remove addext argument
* Configure API server with the CA bundle
* add check kdd
2 years ago
dd2d95ecdf
[calico] don't enable ipip encapsulation by default and use vxlan in CI ( #8434 )
* [calico] make vxlan encapsulation the default
* don't enable ipip encapsulation by default
* set calico_network_backend by default to vxlan
* update sample inventory and documentation
* [CI] pin default calico parameters for upgrade tests to ensure proper upgrade
* [CI] improve netchecker connectivity testing
* [CI] show logs for tests
* [calico] tweak task name
* [CI] Don't run the provisioner from vagrant since we run it in testcases_run.sh
* [CI] move kube-router tests to vagrant to avoid network connectivity issues during netchecker check
* service proxy mode still fails connectivity tests so keeping it manual mode
* [kube-router] account for containerd use-case
2 years ago
5a486a5cca
Calico: Fix Wireguard support for CentOS Stream 9/RHEL 9 Beta ( #8625 )
2 years ago
5a49ac52f9
feat(calico): add configurable ipam strictaffinity ( #8581 )
Signed-off-by: Toni Tauro <toni.tauro@adfinis.com>
2 years ago
ddef7e1139
missing "check_mode: no"s for several read-only tasks ( #8584 )
this is not complete -- there are almost certainly more instances of
this issue
2 years ago
4f1499bd23
Fixup remaining etcd_kubeadm_enabled variables ( #8576 )
2 years ago
402e85ad6e
[calico] upgrade release checksums ( #8544 )
* [calico] upgrade 3.19.x to 3.19.4
* [calico] upgrade 3.20.x to 3.20.4
* [calico] upgrade 3.21.x to 3.21.4 and make it the default
* [calico] add 3.22.0 checksums
* [calico] account for path changes in calico 3.21.4 crd archive and above
2 years ago
1ebe456f2d
add support for Calico IP6_AUTODETECTION_METHOD ( #8541 )
2 years ago
84b93090a8
Change Cilium setting identity_allocation_mode to cilium_identity_allocation_mode ( #8519 )
* Change Cilium identity_allocation_mode to cilium_identity_allocation_mode
* Change inventory sample
2 years ago
ef34f5fe7d
[calico] switch default iptables backend detection to Auto ( #8429 )
2 years ago
caff539ccd
Add identity_allocation_mode support for Cilium ( #8430 )
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2 years ago
73c889eb10
Fix failures of ansible-lint ( #8401 )
This fixes the following types of failures:
- empty-string-compare
- literal-compare
- risky-file-permissions
- risky-shell-pipe
- var-spacing
In addition, this changes .gitlab-ci/lint.yml to block the same issue
by using the same method at Kubespray CI.
2 years ago
df425ac143
Fix etcd certificates reference to support etcd_kubeadm_enabled:true ( #7766 )
* Fix etcd certificates reference to support etcd_kubeadm_enabled:true
* Add retries to ETCD Join Member task
* Fix etcd certificates reference when etcd_kubeadm_enabled:true
* Fix conflicts
2 years ago
57a1d18db3
Improve first_kube_control_plane variable management to avoid installation failures due to variable overlapping ( #8388 )
2 years ago
f80fd24a55
Fix risky-file-permissions ( #8370 )
When running ansible-lint directly, we can see a lot of warning
message like
risky-file-permissions File permissions unset or incorrect
This fixes the warning messages.
2 years ago
cb54eb40ce
Use a variable for standardizing kubectl invocation ( #8329 )
* Add kubectl variable
* Replace kubectl usage by kubectl variable in roles
* Remove redundant --kubeconfig on kubectl usage
* Replace unecessary shell usage with command
2 years ago
bf00550388
Upgrade Cilium to 1.11.0 ( #8354 )
* Remove kvstore args from Cilium DaemonSet
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* Bump Cilium to 1.11.0
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2 years ago
ed3932b7d5
[cni-plugins] upgrade to stable 1.0.1 ( #8331 )
* [cni-plugins] upgrade to stable 1.0.1
* [flannel] use binary from dedicated project
2 years ago
2b5c185826
calico_pool_blocksize must be cast as well in assertion when defined ( #8321 )
* calico_pool_blocksize must be cast as string in assertion when defined
* Cast as int rather than string
2 years ago
c59407f105
add support for Calico BGPPeer sourceAddress ( #8306 )
2 years ago
27ab364df5
Improve control plane scale flow ( #13 ) ( #7989 )
* Improve control plane scale flow (#13 )
* Added version 1.20.10 of K8s
* Setting first_kube_control_plane to a existing one
* Setting first_kube_control_plane to a existing one
* change first_kube_master for first_kube_control_plane
* Ansible-lint changes
3 years ago
dfdebda0b6
Calico: remove duplicate values for CALICO_DISABLE_FILE_LOGGING and FELIX_DEFAULTENDPOINTTOHOSTACTION ( #8269 )
3 years ago
e19ce27352
Remove ovn4nfv support ( #8265 )
3 years ago
31c7b6747b
Calico: add dependencies for 3.21.x ( #8250 )
3 years ago
3ea496013f
Create reset.yml ( #8227 )
3 years ago
a08d82d94e
calico add support for container ip forwarding setting ( #8184 )
3 years ago
61c2ae5549
Add vxlanEnabled spec in FelixConfiguration ( #8167 )
3 years ago
465ffa3c9f
Weave: add extra_args for weave-npc ( #8140 )
* add weave_npc_extra_args in template
* add defaults weave_npc_extra_args
* add sample for weave_npc_extra_args
3 years ago
d42b7228c2
Convert numbers to string for calico's inventory check. ( #8120 )
Fix https://github.com/kubernetes-sigs/kubespray/issues/8119
Signed-off-by: Julio Morimoto <julio@morimoto.net.br>
3 years ago
19d07a4f2e
Fix ownership related to Calico ( #8072 )
kube-bench scan outputs warning related to Calico like:
* text: "Ensure that the Container Network Interface file
permissions are set to 644 or more restrictive (Manual)"
* text: "Ensure that the Container Network Interface file
ownership is set to root:root (Manual)"
This fixes these warnings.
3 years ago
16bf3549c1
Update kube-ovn to 1.8.1
3 years ago
b912dafd7a
Update multus to 3.8.0
3 years ago
43958614e3
Fix kubespray flatcar ansible_os_family and ansible_distribution ( #8029 )
Closes https://github.com/kubernetes-sigs/kubespray/issues/8028
Signed-off-by: Iago Santos <iago.santos.pardo@adfinis.com>
3 years ago
eee2eb11d8
Update weave template to match source for 2.8.1 ( #8013 )
3 years ago
1472528f6d
check if 'plugins' key exists in calico_cni_config object ( #7717 )
* check if 'plugins' key exists in calico_cni_config object
* fix whitespace linting error
* fixed when list indentation
3 years ago
ecd267854b
Move ovn4nvf crd from v1beta1 to v1 ( #8006 )
3 years ago
ddea79f0f0
Issue 8004: Fix typha prometheus ( #8005 )
The typha prometheus settings were in the `volumeMounts` section of the
spec and not in the `envs` section. This was cauing the deployment to
fail because it was looking for a volumeMount.
```
failed: [controller-001.a2.da.dev.logdna.net] (item=calico-typha.yml) => {"ansible_loop_var": "item", "changed": false, "item": {"ansible_loop_var": "item", "changed": true, "checksum": "598ac79530749e8e2110793b53fc49ac208e7130", "dest": "/etc/kubernetes/calico-typha.yml", "diff": [], "failed": false, "gid": 0, "group": "root", "invocation": {"module_args": {"_original_basename": "calico-typha.yml.j2", "attributes": null, "backup": false, "checksum": "598ac79530749e8e2110793b53fc49ac208e7130", "content": null, "delimiter": null, "dest": "/etc/kubernetes/calico-typha.yml", "directory_mode": null, "follow": false, "force": true, "group": null, "local_follow": null, "mode": null, "owner": null, "regexp": null, "remote_src": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": "/home/core/.ansible/tmp/ansible-tmp-1632349768.56-75434-32452975679246/source", "unsafe_writes": null, "validate": null}}, "item": {"file": "calico-typha.yml", "name": "calico", "type": "typha"}, "md5sum": "53c00ac7f562cf9ecbbfd27899ea066d", "mode": "0644", "owner": "root", "size": 5378, "src": "/home/core/.ansible/tmp/ansible-tmp-1632349768.56-75434-32452975679246/source", "state": "file", "uid": 0}, "msg": "error running kubectl (/opt/bin/kubectl --namespace=kube-system apply --force --filename=/etc/kubernetes/calico-typha.yml) command (rc=1), out='service/calico-typha unchanged\n', err='error: error validating \"/etc/kubernetes/calico-typha.yml\": error validating data: [ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[2]): unknown field \"value\" in io.k8s.api.core.v1.VolumeMount, ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[2]): missing required field \"mountPath\" in io.k8s.api.core.v1.VolumeMount, ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[3]): unknown field \"value\" in io.k8s.api.core.v1.VolumeMount, ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[3]): missing required field \"mountPath\" in io.k8s.api.core.v1.VolumeMount]; if you choose to ignore these errors, turn validation off with --validate=false\n'"}
```
3 years ago
598f178054
Fix cilium operator metrics activation ( #8000 )
3 years ago
fb8662ec19
Calico: update versions 3.20.1, 3.19.3 ( #7984 )
* make Calico 3.20.1 the default version
* drop Calico 3.17.x support
3 years ago
Samuel Liu
Calin Cristian Andrei
Cyclinder
Necatican Yıldırım
zhengtianbao
Cristian Calin
Qasim Mehmood
Toni Tauro
Tom Janson
Florian Ruynat
kakkotetsu
Tom Stian Berget
Kenichi Omichi
forselli-stratio
Unai Arríen
Max Gautier
emiran-orange
Alvaro Campesino
khatrig
Hyojun Jeon
brainfair
Julio H Morimoto
Iago Santos
Frank Filippone
David Louks
Eric Lake
Léopold Jacquot