Tree: d689f57c94

dependabot/pip/ansible-lint-24.10.0

floryut-patch-1

lean/pre-commit-hook-2

master

packet-test

pre-commit-hook

reduce-vm-requests

release-2.10

release-2.11

release-2.12

release-2.13

release-2.14

release-2.15

release-2.16

release-2.17

release-2.18

release-2.19

release-2.20

release-2.21

release-2.22

release-2.23

release-2.24

release-2.25

release-2.26

release-2.7

release-2.8

release-2.9

test-CI

test-precommit

update-approvers-ant31

1.3.0

1.3.0_k1.1.3

1.4.0

1.5.0

test-tag-1

v1.0

v1.0.0

v1.0.1

v1.1

v1.1.0

v1.1.3

v2.0.0

v2.0.1

v2.1.0

v2.1.1

v2.1.2

v2.10.0

v2.10.3

v2.10.4

v2.11.0

v2.11.1

v2.11.2

v2.12.0

v2.12.1

v2.12.10

v2.12.2

v2.12.3

v2.12.4

v2.12.5

v2.12.6

v2.12.7

v2.12.8

v2.12.9

v2.13.0

v2.13.1

v2.13.2

v2.13.3

v2.13.4

v2.14.0

v2.14.1

v2.14.2

v2.15.0

v2.15.1

v2.16.0

v2.17.0

v2.17.1

v2.18.0

v2.18.1

v2.18.2

v2.19.0

v2.19.1

v2.2.0

v2.2.1

v2.20.0

v2.21.0

v2.22.0

v2.22.1

v2.22.2

v2.23.0

v2.23.1

v2.23.2

v2.23.3

v2.24.0

v2.24.1

v2.24.2

v2.24.3

v2.25.0

v2.25.1

v2.26.0

v2.3.0

v2.4.0

v2.5.0

v2.6.0

v2.7.0

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.9.0

Branches Tags

${ item.name }

Create branch ${ searchTerm }

from 'd689f57c94'

${ noResults }

Commit Graph

679 Commits (d689f57c94b1e1d7e7205c0c2a20e3b3e82762e9)

Author	SHA1	Message	Date
Ho Kim	952cad8d63	Remove mutual exclusivity in calico: NAT and router mode (#9255) * Add optional NAT support in calico router mode * Add a blank line in front of lists * Remove mutual exclusivity: NAT and router mode * Ignore router mode from NAT * Update calico doc	2 years ago
Kay Yan	e2f1f8d69d	add-Rocky-9-support (#9212)	2 years ago
Michael Schmitz	be2bfd867c	Add Support for Rewrite Plugin to CoreDNS/NodelocalDNS (#9245)	2 years ago
Cristian Calin	6db6c8678c	disable kubelet_authorization_mode_webhook by default (#9238)	2 years ago
Alessio Greggi	acb6f243fd	feat: add kubelet systemd service hardening option (#9194) * feat: add kubelet systemd service hardening option * refactor: move variable name to kubelet_secure_addresses Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com> * docs: add diagram about kubelet_secure_addresses variable Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>	2 years ago
lijin-union	8af86e4c1e	Fix typo.	2 years ago
Kay Yan	b46ddf35fc	kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod (#9223) * fix-kube-vip-strict-arp * fix-kube-vip-strict-arp	2 years ago
Cristian Calin	e6976a54e1	add pre-commit hook to facilitate local testing (#9158) * add pre-commit hook configuration * add tmp.md to .gitignore * describe the use of pre-commit hook in CONTRIBUTING.md * fix docs/integration.md errors identified by markdownlint * fix docs/<file>.md errors identified by markdownlint * docs/azure-csi.md * docs/azure.md * docs/bootstrap-os.md * docs/calico.md * docs/debian.md * docs/fcos.md * docs/vagrant.md * docs/gcp-lb.md * docs/kubernetes-apps/registry.md * docs/setting-up-your-first-cluster.md * docs/vagrant.md * docs/vars.md * fix contrib/<file>.md errors identified by markdownlint	2 years ago
Bishal das	aeeae76750	Update vars.md (#9172)	2 years ago
Shelming.Song	30b062fd43	fix one bug in docs/nodes (#9203)	2 years ago
Bishal das	fddff783c8	Update vsphere-csi.md (#9170)	2 years ago
Tristan	bbd1161147	9035: Make Cilium rolling-restart delay/timeout configurable (#9176) See #9035	2 years ago
Ho Kim	e31890806c	Add 'avoid-buggy-ips' support of MetalLB (#9166)	2 years ago
Tomas Zvala	30c77ea4c1	Add the option to enable default Pod Security Configuration (#9017) * Add the option to enable default Pod Security Configuration Enable Pod Security in all namespaces by default with the option to exempt some namespaces. Without the change only namespaces explicitly configured will receive the admission plugin treatment. * Fix the PR according to code review comments * Revert the latest changes - leave the empty file when kube_pod_security_use_default, but add comment explaining the empty file - don't attempt magic at conditionally adding PodSecurity to kube_apiserver_admission_plugins_needs_configuration	2 years ago
maxgio92	68653c31c0	docs(kube-vip): fix broken links (#9165) Signed-off-by: Massimiliano Giovagnoli <me@maxgio.it> Signed-off-by: Massimiliano Giovagnoli <me@maxgio.it>	2 years ago
Samuel Liu	b36bb9115a	[calico] calico rr supports multiple groups (#9134) * update calico rr * fix bgppeer conf * fix yamllint * fix ansible lint * fix calico deploy * fix yamllint * fix some typo	2 years ago
ERIK	47050003a0	Add docker support for Kylin V10 (#9144) Signed-off-by: bo.jiang <bo.jiang@daocloud.io>	2 years ago
Florian Ruynat	4df6e35270	Move oracle7-canal to centos7-canal	2 years ago
ERIK	f2f9f1d377	Add kylin OS support (#9078) Signed-off-by: bo.jiang <bo.jiang@daocloud.io>	2 years ago
Florian Ruynat	9c51ac5157	Switch fedora36se to 35 and 35docker to 36	2 years ago
Florian Ruynat	07eab539a6	Add Fedora 36 support and CI, remove Fedora 34 (eol)	2 years ago
Alessio Greggi	3ce5458f32	hardening: Add `SeccompDefault` admission plugin for kubelet (#9074) * docs(hardening): add SeccompDefault admission plugin to kubelet feature gates * fix(kubelet-config): enable config through kubelet_feature_gates * feat(kubelet): add kubelet_seccomp_default variable	2 years ago
Kenichi Omichi	f3ea8cf45e	Add Rocky Linux 8 support for vagrant (#8905) To test Kubespray on Rocky Linux 8 with vagrant, this adds it to the Vagrantfile.	2 years ago
Kay Yan	4b03f6c20f	add-managed-ntp-support (#9027)	2 years ago
boeto	d0a2ba37e8	update deprecated syntax (#9040) * `ansible.builtin.include` removed in version 2.16 Read the `ansible.builtin.include DEPRECATED` doc: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/include_module.html#deprecated * Update integration.md	2 years ago
rptaylor	6f82cf12f5	let containerd_default_runtime be undefined by default (#9026)	2 years ago
Calin Cristian Andrei	a22ae6143a	[CI] ensure upgrade tests cover defaults (containerd currently)	2 years ago
Alessio Greggi	97b4d79ed5	feat: make kubernetes owner parametrized (#8952) * feat: make kubernetes owner parametrized * docs: update hardening guide with configuration for CIS 1.1.19 * fix: set etcd data directory permissions to be compliant to CIS 1.1.12	2 years ago
Kay Yan	890fad389d	suggest-to-use-nft-in-centos8 (#8987)	2 years ago
Calin Cristian Andrei	24c8ba832a	[kubernetes] drop support for configuring insecure apiserver	2 years ago
Calin Cristian Andrei	fad296616c	[docker] use cri-dockerd instead of dockershim for any kubernetes version deployed with docker as the container_manager	2 years ago
Kay Yan	85271fc2e5	add-ci-for-ubuntu2204 (#8958)	2 years ago
Kenichi Omichi	cd7381d8de	Drop Ansible support for v2.9 and v2.10 (#8925) Ansible v2.9 and v2.10 are EOL as [1]. This drops those version supports by following the upstream Ansible. This sets use_ssh_args true always because that is required to use ssh_args on ansible.cfg on Ansible v2.11 or later[2]. ansible_ssh_host is replaced with ansible_host because ansible_ssh_host has been deprecated already and cenots7 jobs were failed due to the deprecated ansible_ssh_host. [1]: https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-changelogs [2]: https://docs.ansible.com/ansible/latest/collections/ansible/posix/synchronize_module.html#parameter-use_ssh_args	2 years ago
Ilya Margolin	cc6cbfbe71	Allow disabling calico CNI logs with calico_cni_log_file_path (#8921) * Allow disabling calico CNI logs with calico_cni_log_file_path Calico CNI logs up to 1G if it log a lot with current default settings: log_file_max_size 100 Max file size in MB log files can reach before they are rotated. log_file_max_age 30 Max age in days that old log files will be kept on the host before they are removed. log_file_max_count 10 Max number of rotated log files allowed on the host before they are cleaned up. See https://projectcalico.docs.tigera.io/reference/cni-plugin/configuration#logging To save disk space, make the path configurable and allow disabling this log by setting `calico_cni_log_file_path: false` * Fix markdown * Update roles/network_plugin/canal/templates/cni-canal.conflist.j2 Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com> Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>	2 years ago
zhougw	14c0f368b6	the KUESPRAYDIR defined but never used (#8930) * fix dir error * the command line should align	2 years ago
Alessio Greggi	d22204a59f	docs: add hardening guide (#8868)	2 years ago
Kenichi Omichi	0e6b727e53	Update docs for using venv (#8842) Due many patterns of Linux distributions, it is difficult to install ansible dependencies as system-wide stably. Apart of Kubespray doc[1] recommends to use venv to avoid such issue, and this applies venv usage to the other parts of the doc. [1]: https://github.com/kubernetes-sigs/kubespray/blob/master/docs/setting-up-your-first-cluster.md#set-up-kubespray	2 years ago
Cristian Calin	0c504e4984	[docs] document support for ansible versions (#8827) drop note about not supporting ansible 2.9 since we still cover it in nightly CI	2 years ago
Kenichi Omichi	0bf070c33b	doc: write how to use kata-container for pods (#8817) kata-container is not used by default even if enabling kata_containers_enabled. This updates the doc for writing how to do that.	2 years ago
Oogy	5684610a55	Support metallb peer password (#8792) * support metallb peer password * add MetalLB BGP password example	2 years ago
Necatican Yıldırım	13443b05a6	Overhaul Cilium manifests to match the newer versions (#8717) * [cilium] Separate templates for cilium, cilium-operator, and hubble installations Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-operator templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-agent templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Bump Cilium version to 1.11.3 Signed-off-by: necatican <necaticanyildirim@gmail.com>	2 years ago
weizhoublue	1d96f465f4	arm64 support of cilium (#8803) when cilium v1.10 , it is ok to support arm64 https://cilium.io/blog/2021/05/20/cilium-110 Signed-off-by: weizhou.lan@daocloud.io <weizhou.lan@daocloud.io>	2 years ago
Alessio Greggi	37a5271f5a	feat: add variables to manage makeIPTablesUtilChains and streamingConnectionIdleTimeout kubelet parameters (#8796)	2 years ago
Alessio Greggi	e7df4d3dd9	add support for `service-account-lookup` parameter (#8781) * feat: add variable to manage service-account-lookup on kube-apiserver * docs: add documentation about service-account-lookup variable	2 years ago
Alessio Greggi	fa1d222eee	add support for `EventRateLimit` plugin configuration (#8711) * feat: add support for EventRateLimit admission plugin * docs: add documentation about admission_control_config_file and EventRateLimit configuration	2 years ago
Mathieu Parent	e6c4330e4e	calico: vxlan is the default for calico_network_backend (#8750) Since https://github.com/kubernetes-sigs/kubespray/pull/8434	2 years ago
Kenichi Omichi	1e827f9807	Update kata-containers.md (#8747) * kata container related options exist in k8s-cluster.yml, not k8s_cluster.yml * https://github.com/kata-containers/runtime has been archived and https://github.com/kata-containers/kata-containers is used today.	2 years ago
Cristian Calin	45262da726	[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)	2 years ago
Mathieu Parent	996ef98b87	Add support for kube-vip (#8669) Signed-off-by: Mathieu Parent <math.parent@gmail.com>	2 years ago
Alessio Greggi	bba91a7524	split kube_feature_gates variable for different kubernetes components (#8677) * feat: split kube_feature_gates variable for different kubernetes components * docs: add kube_feaute_gates componet variables	2 years ago