990f87acc8
Update kube-vip to v0.5.5 ( #9437 )
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2 years ago
eeb376460d
Fix inconsistent handling of admission plugin list ( #9407 )
* Fix inconsistent handling of admission plugin list
* Adjust hardening doc with the normalized admission plugin list
* Add pre-check for admission plugins format change
* Ignore checking admission plugins value when variable is not defined
2 years ago
ef707b3461
update-containerd-1.6.9 ( #9427 )
2 years ago
2af918132e
Update kubernetes dashboard to 2.7.0 (k8s 1.25 support) ( #9425 )
2 years ago
b9b654714e
[nerdctl] upgrade to version 1.0.0 ( #9424 )
2 years ago
fe399e0e0c
[etcd] add 3.5.5 hashes, make it default for k8s 1.25 ( #9419 )
2 years ago
b192053e28
as argocd 2.4.15 is releasesd , update the version ( #9420 )
2 years ago
1901b512d2
Make the port of kube-vip dynamic based on the kube_apiserver_port ( #9414 )
variable
Fix wrong referenced variable on bgp_peers
Fix bgp_peeras field to be a string
Set default value for bgp_peeras
2 years ago
9fdda7eca8
Fix iputils install failure in Kylin OS ( #9416 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2 years ago
a68ed897f0
Update kubelet checksum ( #9413 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2 years ago
582ff96d19
Update docker version to 20.10.20 ( #9410 )
2 years ago
0374a55eb3
Specify securityContext for cert-manager ( #9404 )
On hardening environments, cert-manager pods could not be created
from the corresponding deployments. This adds the securityContext
to solve the issue.
2 years ago
ccbe38f78c
make-kube-1.25-default ( #9364 )
2 years ago
958840da89
Add var for control initialDelaySeconds in nginx ingress probe ( #9405 )
Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>
Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>
2 years ago
1530411218
use cri-o from upstream instead of kubic/OBS ( #9374 )
* [cri-o] use cri-o from upstream instead of kubic/OBS
* [cri-o] add proper molecule coverage
* [skopeo] download skopeo from upstream build
* [cri-o] clean up legacy deployments
* disable cri-o per-distribution variables
2 years ago
0f44e8c812
[ingress-nginx] upgrade to 1.4.0 ( #9403 )
2 years ago
d9c39c274e
fix(defaults): wrong cri_socket path for containerd ( #9401 )
2 years ago
c38fb866b7
Update securityContext of netchecker ( #9398 )
To run netchecker with necessary privilege,
this updates the securityContext.
2 years ago
5ad1d9db5e
[kubernetes] Add hashes for 1.25.3, 1.24.7, 1.23.13 and make v1.24.7 default ( #9397 )
2 years ago
32f3d92d6b
Remove PodSecurityPolicies in Calico ( #9395 )
2 years ago
23716b0eff
don't define kubeadm_patches by default ( #9372 )
2 years ago
859df84b45
remove-psp-in-flannel ( #9365 )
2 years ago
131bd933a6
Fix ensure ping package error in fedora CoreOS & Flatcar ( #9370 )
* fix-ensure-package-in-coreos
* clean blank line
2 years ago
52904ee6ad
Avoid MetalLB speaker image download when MetalLB speaker is disabled ( #9248 )
* Avoid MetalLB speaker image download when metallb_speaker_enabled is set to
* Move metallb_speaker_enabled var to allow outside metalLB role references
* Move metallb_speaker_enabled var to allow outside metalLB role references
* Improve metallb_speaker_enabled default values
2 years ago
547ef747da
fix helm install with password authentication ( #9343 )
2 years ago
bc5881b70a
Add the cilium hubble images to download role ( #9376 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2 years ago
f4b95d42a6
Add note for containerd oom_score ( #9384 )
When we saw 0 as the default value of containerd_oom_score, we had
a question why the value was not -999.
This adds the note to explain it.
2 years ago
ef76a578a4
Change dns upstream condition for nodelocaldns ( #9378 )
2 years ago
3b99d24ceb
Fix: install calico-kube-controller on kdd ( #9358 )
* Fix: install policy controller on kdd too
* Remove the calico_policy_version condition altogether
* Install policy controller both on canal and calico under same condition
2 years ago
4701abff4c
upgrade-api-version-for-PodDisruptionBudget ( #9369 )
2 years ago
717b8daafe
Download coredns image to all hosts in k8s_cluster ( #9316 )
Coredns image must be available everywhere as it
may be rescheduled to a non-control-plane-node.
2 years ago
c346e46022
fix(cinder-csi-nodeplugin): Remove the pods-cloud-data volume ( #9362 )
2 years ago
24632ae81b
Add check_typo job ( #9361 )
To block merging pull requests which contain typo automatically.
2 years ago
befde271eb
Use hostname override in post-remove role, just as pre-remove role does ( #9360 )
2 years ago
d689f57c94
Features/support kubeadm patches v1beta3 ( #9326 )
* Support kubeadm patches in v1beta3
* Update kubeadm patches sample files in inventory
* Fix pre-commit syntax
* Set kubeadm_patches enabled to false in sample inventory
2 years ago
ad3f503c0c
Fix default value for kubelet_secure_addresses ( #9355 )
2 years ago
8b9cd3959a
Add possibility to skip adding load balancer name in the hosts file ( #9331 )
2 years ago
dffeab320e
feat: add a paramater to disable host nameservers ( #9357 )
Signed-off-by: eminaktas <eminaktas34@gmail.com>
Signed-off-by: eminaktas <eminaktas34@gmail.com>
2 years ago
999586a110
sysctl_additional ( #9351 )
2 years ago
44115d7d7a
support-kube-1.25 ( #9260 )
Co-authored-by: Rene Luria <rene.luria@infomaniak.com>
2 years ago
841e2f44c0
Remove references to 1.22 ( #9342 )
2 years ago
a8e4984cf7
Add missing permissions to openstack cc ( #9335 )
Add missing permissions to Openstack cloud controller to make sure controller runs as intended
2 years ago
3646dc0bd2
fix: remove trailing backslash and yaml indent ( #9339 )
* fix: remove trailing backslash
* fixed indent in cilium config template
2 years ago
31caab5f92
Fix: The Hubble certificate is faulty because the cluster name is hard coded ( #9340 )
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
2 years ago
472996c8b3
update pause image version ( #9337 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2 years ago
d62c67a5f5
allow user to set env: FELIX_MTUIFACEPATTERN in calico-node.yml ( #9330 )
2 years ago
e486151aea
cloud-provider-openstack: upgrade 1.22.0 to 1.23.4 ( #9332 )
2 years ago
18efdc2c51
Fix typos in calico ( #9327 )
2 years ago
6dff39344b
preinstall: Add nodelocaldns to supersede_nameserver if enabled ( #9282 )
When a machine that use dhclient and resolvconf reboots, this will make /etc/resolv.conf
remain close to the one before reboot
2 years ago
c4de3df492
upcloud csi driver: bump version to v0.3.3 ( #9317 )
2 years ago
蒋航
William Turner
Kay Yan
Mohamed Zaian
杨刚
Wouter Goedhart
ERIK
Florian Ruynat
Kenichi Omichi
Vladimir
Cristian Calin
Maxime Leroy
Unai Arríen
ghostloda
Piotr Kowalczyk
Joe Siponen
Kevin Huang
JSpon
Huang Chen-Yi
William Turner
Eugene Artemenko
Emin AKTAS
Hugo Blom
Rene Luria
biqiang Wu
Shelming.Song
Federico Cucinella
Ho Kim
Zhong Jianxin
Robin Wallace