Kenichi Omichi
f3ea8cf45e
Add Rocky Linux 8 support for vagrant ( #8905 )
To test Kubespray on Rocky Linux 8 with vagrant, this adds it to
the Vagrantfile.
2 years ago
Kay Yan
4b03f6c20f
add-managed-ntp-support ( #9027 )
2 years ago
boeto
d0a2ba37e8
update deprecated syntax ( #9040 )
* `ansible.builtin.include` removed in version 2.16
Read the `ansible.builtin.include DEPRECATED` doc:
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/include_module.html#deprecated
* Update integration.md
2 years ago
rptaylor
6f82cf12f5
let containerd_default_runtime be undefined by default ( #9026 )
2 years ago
Calin Cristian Andrei
a22ae6143a
[CI] ensure upgrade tests cover defaults (containerd currently)
2 years ago
Alessio Greggi
97b4d79ed5
feat: make kubernetes owner parametrized ( #8952 )
* feat: make kubernetes owner parametrized
* docs: update hardening guide with configuration for CIS 1.1.19
* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
2 years ago
Kay Yan
890fad389d
suggest-to-use-nft-in-centos8 ( #8987 )
2 years ago
Calin Cristian Andrei
24c8ba832a
[kubernetes] drop support for configuring insecure apiserver
2 years ago
Calin Cristian Andrei
fad296616c
[docker] use cri-dockerd instead of dockershim for any kubernetes version deployed with docker as the container_manager
2 years ago
Kay Yan
85271fc2e5
add-ci-for-ubuntu2204 ( #8958 )
2 years ago
Kenichi Omichi
cd7381d8de
Drop Ansible support for v2.9 and v2.10 ( #8925 )
Ansible v2.9 and v2.10 are EOL as [1].
This drops those version supports by following the upstream Ansible.
This sets use_ssh_args true always because that is required to use
ssh_args on ansible.cfg on Ansible v2.11 or later[2].
ansible_ssh_host is replaced with ansible_host because ansible_ssh_host
has been deprecated already and cenots7 jobs were failed due to the
deprecated ansible_ssh_host.
[1]: https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-changelogs
[2]: https://docs.ansible.com/ansible/latest/collections/ansible/posix/synchronize_module.html#parameter-use_ssh_args
2 years ago
Ilya Margolin
cc6cbfbe71
Allow disabling calico CNI logs with calico_cni_log_file_path ( #8921 )
* Allow disabling calico CNI logs with calico_cni_log_file_path
Calico CNI logs up to 1G if it log a lot with current default settings:
log_file_max_size 100 Max file size in MB log files can reach before they are rotated.
log_file_max_age 30 Max age in days that old log files will be kept on the host before they are removed.
log_file_max_count 10 Max number of rotated log files allowed on the host before they are cleaned up.
See https://projectcalico.docs.tigera.io/reference/cni-plugin/configuration#logging
To save disk space, make the path configurable and allow disabling this log by setting
`calico_cni_log_file_path: false`
* Fix markdown
* Update roles/network_plugin/canal/templates/cni-canal.conflist.j2
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2 years ago
zhougw
14c0f368b6
the KUESPRAYDIR defined but never used ( #8930 )
* fix dir error
* the command line should align
2 years ago
Alessio Greggi
d22204a59f
docs: add hardening guide ( #8868 )
2 years ago
Kenichi Omichi
0e6b727e53
Update docs for using venv ( #8842 )
Due many patterns of Linux distributions, it is difficult to install
ansible dependencies as system-wide stably.
Apart of Kubespray doc[1] recommends to use venv to avoid such issue,
and this applies venv usage to the other parts of the doc.
[1]: https://github.com/kubernetes-sigs/kubespray/blob/master/docs/setting-up-your-first-cluster.md#set-up-kubespray
2 years ago
Cristian Calin
0c504e4984
[docs] document support for ansible versions ( #8827 )
drop note about not supporting ansible 2.9 since we still cover it in
nightly CI
2 years ago
Kenichi Omichi
0bf070c33b
doc: write how to use kata-container for pods ( #8817 )
kata-container is not used by default even if enabling kata_containers_enabled.
This updates the doc for writing how to do that.
2 years ago
Oogy
5684610a55
Support metallb peer password ( #8792 )
* support metallb peer password
* add MetalLB BGP password example
2 years ago
Necatican Yıldırım
13443b05a6
Overhaul Cilium manifests to match the newer versions ( #8717 )
* [cilium] Separate templates for cilium, cilium-operator, and hubble installations
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update cilium-operator templates
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Update cilium-agent templates
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* [cilium] Bump Cilium version to 1.11.3
Signed-off-by: necatican <necaticanyildirim@gmail.com>
2 years ago
weizhoublue
1d96f465f4
arm64 support of cilium ( #8803 )
when cilium v1.10 , it is ok to support arm64
https://cilium.io/blog/2021/05/20/cilium-110
Signed-off-by: weizhou.lan@daocloud.io <weizhou.lan@daocloud.io>
2 years ago
Alessio Greggi
37a5271f5a
feat: add variables to manage makeIPTablesUtilChains and streamingConnectionIdleTimeout kubelet parameters ( #8796 )
2 years ago
Alessio Greggi
e7df4d3dd9
add support for `service-account-lookup` parameter ( #8781 )
* feat: add variable to manage service-account-lookup on kube-apiserver
* docs: add documentation about service-account-lookup variable
2 years ago
Alessio Greggi
fa1d222eee
add support for `EventRateLimit` plugin configuration ( #8711 )
* feat: add support for EventRateLimit admission plugin
* docs: add documentation about admission_control_config_file and EventRateLimit configuration
2 years ago
Mathieu Parent
e6c4330e4e
calico: vxlan is the default for calico_network_backend ( #8750 )
Since https://github.com/kubernetes-sigs/kubespray/pull/8434
2 years ago
Kenichi Omichi
1e827f9807
Update kata-containers.md ( #8747 )
* kata container related options exist in k8s-cluster.yml,
not k8s_cluster.yml
* https://github.com/kata-containers/runtime has been archived and
https://github.com/kata-containers/kata-containers is used today.
2 years ago
Cristian Calin
45262da726
[calico] call calico checks early on to prevent altering the cluster with bad configuration ( #8707 )
2 years ago
Mathieu Parent
996ef98b87
Add support for kube-vip ( #8669 )
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
2 years ago
Alessio Greggi
bba91a7524
split kube_feature_gates variable for different kubernetes components ( #8677 )
* feat: split kube_feature_gates variable for different kubernetes components
* docs: add kube_feaute_gates componet variables
2 years ago
Kenichi Omichi
6cc9da6b0a
Update vagrant.md ( #8663 )
To read it easily, this puts new lines.
2 years ago
Cristian Calin
ef29455652
[ansible] make ansible 5.x the new default version ( #8660 )
* [ansible] make ansible 5.x the new default version and move different versions tested to nightly jobs
* [CI] jobs were missing proper ansible cleanup
2 years ago
Cristian Calin
dd2d95ecdf
[calico] don't enable ipip encapsulation by default and use vxlan in CI ( #8434 )
* [calico] make vxlan encapsulation the default
* don't enable ipip encapsulation by default
* set calico_network_backend by default to vxlan
* update sample inventory and documentation
* [CI] pin default calico parameters for upgrade tests to ensure proper upgrade
* [CI] improve netchecker connectivity testing
* [CI] show logs for tests
* [calico] tweak task name
* [CI] Don't run the provisioner from vagrant since we run it in testcases_run.sh
* [CI] move kube-router tests to vagrant to avoid network connectivity issues during netchecker check
* service proxy mode still fails connectivity tests so keeping it manual mode
* [kube-router] account for containerd use-case
2 years ago
Cristian Calin
394857b5ce
[docker] add support for cri-dockerd as a replacement for dockershim ( #8623 )
2 years ago
Tom Janson
2e925f82ef
Revert "Fix: typos in docs and comments ( #7805 )" ( #8592 )
This reverts commit 417180246c
.
2 years ago
Tom Janson
3e8e64a3e5
fix typo / error regarding etcd and k8s_cluster groups ( #8580 )
As far as I can tell this is simply a typo that has existed from the beginning. Having it this way around (`etcd` group as a child and thus subset of `k8s_cluster`) mirrors what is written in the preceeding sentence.
2 years ago
Alex
36393d77d3
Encrypting Secret Data at Rest ( #8574 )
* change default value for Encrypting Secret Data at Rest to secretbox, remove experimental flag and add documentation
* fix MD012/no-multiple-blanks
2 years ago
Necatican Yıldırım
e9c8913248
Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable ( #8317 )
* Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* Add etcd kubeadm deployment documentation
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* Refactor warning for the deprecated 'etcd_kubeadm_enabled' variable
Signed-off-by: necatican <necaticanyildirim@gmail.com>
2 years ago
Mac Chaffee
0f73d87509
Allow pausing after upgrade but before uncordon ( #8530 )
* Allow pausing after upgrade but before uncordon
* Expand docs for upgrade pausing vars
Signed-off-by: Mac Chaffee <me@macchaffee.com>
2 years ago
kakkotetsu
98d5d0cdd5
add support for Dual Stack node InternalIP ( #8542 )
2 years ago
Takuya Murakami
da8522af64
docs: Update offline-environment.md for containerd ( #8520 ) ( #8523 )
* Add containerd/runc/nerdctl download url
* Add insecure registries configuration for containerd
2 years ago
Krystian Młynek
87928baa31
CRI-O: fix unqualified-search registries ( #8496 )
2 years ago
Julio H Morimoto
eac799f589
Amend documentation for docker to containerd migration ( #8477 )
* Amend PR https://github.com/kubernetes-sigs/kubespray/pull/8471 with missing inventory configuration.
Signed-off-by: Julio Morimoto <julio@morimoto.net.br>
* Amend PR https://github.com/kubernetes-sigs/kubespray/pull/8471 with missing inventory configuration.
Signed-off-by: Julio Morimoto <julio@morimoto.net.br>
2 years ago
Tristan
92d612c3e0
8487: Allow override of default CoreDNS zone cache ( #8488 )
Using the coredns_cluster_zone_cache_block variable
2 years ago
Ilya Margolin
7d4d554436
Document host_resolvconf as default value for resolvconf_mode ( #8493 )
refs #8247
2 years ago
Cristian Calin
c40b43de01
[mitogent] update to 0.3.2 ( #8470 )
2 years ago
Julio H Morimoto
b0eb5650da
Provide initial guidelines for a container engine migration (docker-2-containerd), with special emphasis on the fact that the procedure is still not officially supported. ( #8471 )
Follow up from https://github.com/kubernetes-sigs/kubespray/issues/8431 .
Signed-off-by: Julio Morimoto <julio@morimoto.net.br>
2 years ago
Florian Ruynat
d580014c66
Fix CI for Fedora (followup) + OpenSUSE Leap (update to 15.3) ( #8407 )
* Fix fedora jobs - followup
* Update OpenSUSE Leap to 15.3
* Fix cilium version in README + update minor 1.11.1
2 years ago
Victor Morales
e88aa7c96b
Add youki runtime support ( #8411 )
2 years ago
Pav K
6e2e61012a
Docs - Removed incorrect info on calico_rr. ( #8437 )
2 years ago
Necatican Yıldırım
caff539ccd
Add identity_allocation_mode support for Cilium ( #8430 )
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>
Co-authored-by: Emin Aktaş <eminaktas34@gmail.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2 years ago
Mathieu Parent
43d128362f
Document image_command_tool and image_command_tool_on_localhost ( #8409 )
Signed-off-by: Mathieu Parent <mathieu.parent@insee.fr>
2 years ago