0f9f9fb569
support kube-proxy nftables ( #12060 )
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
1 month ago
a51e7dd07d
refact ip stack ( #11953 )
2 months ago
4373c1be1d
Revert "Add support for ipv6 only cluster via "enable_ipv6only_stack_networks…" ( #11941 )
This reverts commit 76c0a3aa75
2 months ago
76c0a3aa75
Add support for ipv6 only cluster via "enable_ipv6only_stack_networks" ( #11831 )
3 months ago
faeb114c31
Update `dns-stack.md` reference ( #11745 )
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
5 months ago
0a2e68c9d3
Docs: edit cloud_provider description
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
6 months ago
1d032d06d1
Docs update on access ip
7 months ago
c87097fc35
Document how to use kubeadm patches
7 months ago
fe60832a02
Remove kubelet_node_{custom_flags,config_extra_args}
There is no need to have an extra variables for this, just use different
values per host (using Ansible group_vars, for example)
1 year ago
db316a566d
dependencies for kubelet.service ( #11297 )
Signed-off-by: serge Hartmann <serge.hartmann@gmail.com>
10 months ago
921b0c0bed
Add options to control images pulling of kubelet ( #11094 )
Signed-off-by: tu1h <lihai.tu@daocloud.io>
10 months ago
4dbfd42f1d
modify doc structure and update existing doc-links as preparation for new doc generation script
11 months ago
c6fcbf6ee0
Remove access to cluster from anonymous users ( #11016 )
* feat: add user facing variable with default
* feat: remove rolebinding to anonymous users after init and upgrade
* feat: use file discovery for secondary control plane nodes
* feat: use file discovery for nodes
* fix: do not fail if rolebinding does not exist
* docs: add warning about kube_api_anonymous_auth
* style: improve readability of delegate_to parameter
* refactor: rename discovery kubeconfig file
* test: enable new variable in hardening and upgrade test cases
* docs: add option to config parameters
* test: multiple instances and upgrade
1 year ago
e7d29715b4
Add kubelet_cpu_manager_policy_options ( #11023 )
1 year ago
c13b21e830
Explicit private/public nature of `*ip` vars ( #10904 )
1 year ago
ab0163a3ad
fix(kubernetes): taint nodes with kubectl ( #10705 )
Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
1 year ago
471326f458
Remove PodSecurityPolicy support and references ( #10723 )
This is removed from kubernetes since 1.25, time to cut some dead code.
1 year ago
32743868c7
Add cri-o criu support ( #10479 )
Signed-off-by: tu1h <lihai.tu@daocloud.io>
1 year ago
fa9e41047e
Add kubectl alias support ( #10552 )
Signed-off-by: tu1h <lihai.tu@daocloud.io>
1 year ago
ebd71f6ad7
Fix Typo kubelet_topology_manager_policy ( #10384 )
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
1 year ago
cafe4f1352
Add kubelet topology manager policy on the node ( #10370 )
Signed-off-by: tu1h <lihai.tu@daocloud.io>
1 year ago
b9e3861385
add-cpuManagerPolicy ( #10309 )
1 year ago
a2f03c559a
Fixed the incorrect links in kubespray/docs ( #10159 )
1 year ago
07d45e6b62
Kubelet csr approver ( #9877 )
* chore(helm-apps): fix README example
README shows a non-working example according to the specs for this role.
* Add support for kubelet-csr-approver
Co-Authored-By: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
* Add tests for kubelet-csr-approver
Co-Authored-By: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
* Add Documentation for Kubelet CSR Approver
Co-Authored-By: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
---------
Co-authored-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2 years ago
e8f0fb82fe
fix-kube-bench-1.2.20 ( #9939 )
2 years ago
62f34c6085
add image garbage collection ( #9832 )
2 years ago
2c93c997cf
pre-commit autocorrected files ( #9750 )
2 years ago
6cb027dfab
Optimize the document for readability ( #9730 )
Signed-off-by: Fish-pro <zechun.chen@daocloud.io>
2 years ago
7fe0b87d83
Fix docs for node_labels ( #9471 )
2 years ago
5c25b57989
Ability to define options for DNS upstream servers ( #9311 )
* Ability to define options for DNS upstream servers
* Doc and sample inventory vars
2 years ago
24632ae81b
Add check_typo job ( #9361 )
To block merging pull requests which contain typo automatically.
2 years ago
9468642269
feat: allows users to have more control on DNS ( #9270 )
Signed-off-by: eminaktas <eminaktas34@gmail.com>
Signed-off-by: eminaktas <eminaktas34@gmail.com>
2 years ago
acb6f243fd
feat: add kubelet systemd service hardening option ( #9194 )
* feat: add kubelet systemd service hardening option
* refactor: move variable name to kubelet_secure_addresses
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
* docs: add diagram about kubelet_secure_addresses variable
Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
2 years ago
e6976a54e1
add pre-commit hook to facilitate local testing ( #9158 )
* add pre-commit hook configuration
* add tmp.md to .gitignore
* describe the use of pre-commit hook in CONTRIBUTING.md
* fix docs/integration.md errors identified by markdownlint
* fix docs/<file>.md errors identified by markdownlint
* docs/azure-csi.md
* docs/azure.md
* docs/bootstrap-os.md
* docs/calico.md
* docs/debian.md
* docs/fcos.md
* docs/vagrant.md
* docs/gcp-lb.md
* docs/kubernetes-apps/registry.md
* docs/setting-up-your-first-cluster.md
* docs/vagrant.md
* docs/vars.md
* fix contrib/<file>.md errors identified by markdownlint
2 years ago
aeeae76750
Update vars.md ( #9172 )
2 years ago
6f82cf12f5
let containerd_default_runtime be undefined by default ( #9026 )
2 years ago
37a5271f5a
feat: add variables to manage makeIPTablesUtilChains and streamingConnectionIdleTimeout kubelet parameters ( #8796 )
3 years ago
e7df4d3dd9
add support for `service-account-lookup` parameter ( #8781 )
* feat: add variable to manage service-account-lookup on kube-apiserver
* docs: add documentation about service-account-lookup variable
3 years ago
fa1d222eee
add support for `EventRateLimit` plugin configuration ( #8711 )
* feat: add support for EventRateLimit admission plugin
* docs: add documentation about admission_control_config_file and EventRateLimit configuration
3 years ago
bba91a7524
split kube_feature_gates variable for different kubernetes components ( #8677 )
* feat: split kube_feature_gates variable for different kubernetes components
* docs: add kube_feaute_gates componet variables
3 years ago
dd2d95ecdf
[calico] don't enable ipip encapsulation by default and use vxlan in CI ( #8434 )
* [calico] make vxlan encapsulation the default
* don't enable ipip encapsulation by default
* set calico_network_backend by default to vxlan
* update sample inventory and documentation
* [CI] pin default calico parameters for upgrade tests to ensure proper upgrade
* [CI] improve netchecker connectivity testing
* [CI] show logs for tests
* [calico] tweak task name
* [CI] Don't run the provisioner from vagrant since we run it in testcases_run.sh
* [CI] move kube-router tests to vagrant to avoid network connectivity issues during netchecker check
* service proxy mode still fails connectivity tests so keeping it manual mode
* [kube-router] account for containerd use-case
3 years ago
98d5d0cdd5
add support for Dual Stack node InternalIP ( #8542 )
3 years ago
43d128362f
Document image_command_tool and image_command_tool_on_localhost ( #8409 )
Signed-off-by: Mathieu Parent <mathieu.parent@insee.fr>
3 years ago
52ee5d0fff
Various documentation updates ( #8243 )
* Docs: update CONTRIBUTING.md
* Docs: clean up outdated roadmap and point to github issues instead
* Docs: update note on kubelet_cgroup_driver
* Docs: update kata containers docs with note about cgroup driver
* Docs: note about CI specific overrides
3 years ago
4a8757161e
Docker: replace the use of containerd_version with docker_containerd_version to avoid causing conflicts when bumping containerd_version ( #8130 )
3 years ago
6e5b9e0ebf
Fix Kubelet and Containerd when using cgroupfs as cgroup driver ( #8123 )
3 years ago
af949cd967
Fix invalid documentation links ( #7692 )
* Fix invalid link to Ansible documentation
* Fix invalid link to mitogen doc page
* Fix invalid link to calico doc page
* Fix all invalid links to doc pages
3 years ago
1afdb05ea9
Fedora and RHEL use etc_t and the convention is <type_name>_t ( #7891 )
* Fedora and RHEL use etc_t and the convention is <type_name>_t
* Docs: specify all values for preinstall_selinux_state
* CI: Add Fedora 34 with SELinux in enforcing mode
3 years ago
394afc957b
Update vars.md to remove mention of string syntax of node_labels ( #7776 )
* Update vars.md to remove mention of string syntax of node_labels
Fixes https://github.com/kubernetes-sigs/kubespray/issues/6215
* Try fix makrdown linting
* Update docs/vars.md
3 years ago
b77f207512
Docs: Replace master with control plane ( #7767 )
This replaces master with "control plane" in Kubespray docs
because of [1].
[1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
3 years ago
Kay Yan
Boris
Antoine Legrand
Emmanuel Ferdman
ChengHao Yang
Max Gautier
Serge Hartmann
Lihai Tu
Payback159
Nicolas Goudry
Tom M
Maxime Leroy
蔣 航
Vaibhav Goel
James
Kay Yan
Jack
Bas
Fish-pro
Ilya Margolin
emiran-orange
Kenichi Omichi
Emin AKTAS
Alessio Greggi
Cristian Calin
Bishal das
rptaylor
kakkotetsu
Mathieu Parent
Pasquale Toscano
Arian van Putten