Kenichi Omichi
e5ec0f18c0
Add packet_ubuntu20-calico-aio-hardening ( #9359 )
To verify the hardening method works always.
The configuration comes from docs/hardening.md
Fix yaml format of hardening.yml
Add condition to skip 040 test for hardening
2 years ago
Mohamed Zaian
0f44e8c812
[ingress-nginx] upgrade to 1.4.0 ( #9403 )
2 years ago
Kay Yan
1cc0f3c8c9
mirror-for-china
2 years ago
Maxime Leroy
d9c39c274e
fix(defaults): wrong cri_socket path for containerd ( #9401 )
2 years ago
Kenichi Omichi
c38fb866b7
Update securityContext of netchecker ( #9398 )
To run netchecker with necessary privilege,
this updates the securityContext.
2 years ago
Mohamed Zaian
5ad1d9db5e
[kubernetes] Add hashes for 1.25.3, 1.24.7, 1.23.13 and make v1.24.7 default ( #9397 )
2 years ago
Kay Yan
32f3d92d6b
Remove PodSecurityPolicies in Calico ( #9395 )
2 years ago
Kenichi Omichi
72b45eec2e
Use agnhost instead of busybox for network test ( #9390 )
busybox container requires a root permission for ping.
For testing hardening method at CI, we need to switch to another image
which doesn't require the root permission for network testing.
On kubernetes/kubernetes repo, we are using agnhost which doesn't
require it. So this makes the test use aghhost image.
In addition, this updates the test manifest to specify securityContext
without any privilege.
2 years ago
Cristian Calin
23716b0eff
don't define kubeadm_patches by default ( #9372 )
2 years ago
Kay Yan
859df84b45
remove-psp-in-flannel ( #9365 )
2 years ago
Kay Yan
131bd933a6
Fix ensure ping package error in fedora CoreOS & Flatcar ( #9370 )
* fix-ensure-package-in-coreos
* clean blank line
2 years ago
Unai Arríen
52904ee6ad
Avoid MetalLB speaker image download when MetalLB speaker is disabled ( #9248 )
* Avoid MetalLB speaker image download when metallb_speaker_enabled is set to
* Move metallb_speaker_enabled var to allow outside metalLB role references
* Move metallb_speaker_enabled var to allow outside metalLB role references
* Improve metallb_speaker_enabled default values
2 years ago
Kay Yan
e3339fe3d8
update_calico_doc_for_the_ChecksumOffloadBroken ( #9388 )
2 years ago
ghostloda
547ef747da
fix helm install with password authentication ( #9343 )
2 years ago
Kenichi Omichi
63b27ea067
Fix YAML format in hardening.md ( #9387 )
When trying to add a hardening CI job by copying configuration from
hardening.md, yamllint CI job deleted invalid format.
This fixes it for maintaining the CI job.
2 years ago
ERIK
bc5881b70a
Add the cilium hubble images to download role ( #9376 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2 years ago
Kenichi Omichi
f4b95d42a6
Add note for containerd oom_score ( #9384 )
When we saw 0 as the default value of containerd_oom_score, we had
a question why the value was not -999.
This adds the note to explain it.
2 years ago
Unai Arríen
ef76a578a4
Change dns upstream condition for nodelocaldns ( #9378 )
2 years ago
Piotr Kowalczyk
3b99d24ceb
Fix: install calico-kube-controller on kdd ( #9358 )
* Fix: install policy controller on kdd too
* Remove the calico_policy_version condition altogether
* Install policy controller both on canal and calico under same condition
2 years ago
Kay Yan
4701abff4c
upgrade-api-version-for-PodDisruptionBudget ( #9369 )
2 years ago
Joe Siponen
717b8daafe
Download coredns image to all hosts in k8s_cluster ( #9316 )
Coredns image must be available everywhere as it
may be rescheduled to a non-control-plane-node.
2 years ago
Kevin Huang
c346e46022
fix(cinder-csi-nodeplugin): Remove the pods-cloud-data volume ( #9362 )
2 years ago
Kenichi Omichi
24632ae81b
Add check_typo job ( #9361 )
To block merging pull requests which contain typo automatically.
2 years ago
JSpon
befde271eb
Use hostname override in post-remove role, just as pre-remove role does ( #9360 )
2 years ago
Huang Chen-Yi
d689f57c94
Features/support kubeadm patches v1beta3 ( #9326 )
* Support kubeadm patches in v1beta3
* Update kubeadm patches sample files in inventory
* Fix pre-commit syntax
* Set kubeadm_patches enabled to false in sample inventory
2 years ago
William Turner
ad3f503c0c
Fix default value for kubelet_secure_addresses ( #9355 )
2 years ago
Kay Yan
ae6c780af6
add-Kubean ( #9352 )
2 years ago
Eugene Artemenko
8b9cd3959a
Add possibility to skip adding load balancer name in the hosts file ( #9331 )
2 years ago
Emin AKTAS
dffeab320e
feat: add a paramater to disable host nameservers ( #9357 )
Signed-off-by: eminaktas <eminaktas34@gmail.com>
Signed-off-by: eminaktas <eminaktas34@gmail.com>
2 years ago
Kay Yan
999586a110
sysctl_additional ( #9351 )
2 years ago
Kenichi Omichi
f8d5487f8e
Remove versions from setting-up-your-first-cluster ( #9353 )
We are maintaining version info on the README.md, and it is not
necessary to maintain that on setting-up-your-first-cluster.md
2 years ago
Hugo Blom
4189008245
Try fix issue where ports doesn't get an ip assigned ( #9345 )
Co-authored-by: Jonathan Süssemilch Poulain <jonathan@sofiero.net>
2 years ago
Kay Yan
44115d7d7a
support-kube-1.25 ( #9260 )
Co-authored-by: Rene Luria <rene.luria@infomaniak.com>
2 years ago
Florian Ruynat
841e2f44c0
Remove references to 1.22 ( #9342 )
2 years ago
Hugo Blom
a8e4984cf7
Add missing permissions to openstack cc ( #9335 )
Add missing permissions to Openstack cloud controller to make sure controller runs as intended
2 years ago
Hugo Blom
49196c2ec4
[Openstack] Add bastion_allowed_ports to allow custom security group rules on bastion node ( #9336 )
* make it possible to configure bastion remote ips
* Update README.md
2 years ago
Rene Luria
3646dc0bd2
fix: remove trailing backslash and yaml indent ( #9339 )
* fix: remove trailing backslash
* fixed indent in cilium config template
2 years ago
Alex
694de1d67b
update README to reference docker v2.20.0 tag ( #9334 )
2 years ago
biqiang Wu
31caab5f92
Fix: The Hubble certificate is faulty because the cluster name is hard coded ( #9340 )
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
2 years ago
ERIK
472996c8b3
update pause image version ( #9337 )
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2 years ago
Shelming.Song
d62c67a5f5
allow user to set env: FELIX_MTUIFACEPATTERN in calico-node.yml ( #9330 )
2 years ago
Federico Cucinella
e486151aea
cloud-provider-openstack: upgrade 1.22.0 to 1.23.4 ( #9332 )
2 years ago
Florian Ruynat
9c407e667d
Update kubespray version following release ( #9333 )
2 years ago
Ho Kim
18efdc2c51
Fix typos in calico ( #9327 )
2 years ago
Zhong Jianxin
6dff39344b
preinstall: Add nodelocaldns to supersede_nameserver if enabled ( #9282 )
When a machine that use dhclient and resolvconf reboots, this will make /etc/resolv.conf
remain close to the one before reboot
2 years ago
Robin Wallace
c4de3df492
upcloud csi driver: bump version to v0.3.3 ( #9317 )
2 years ago
Ilya Margolin
f2e11f088b
Hotfix containerd restart ( #9322 )
2 years ago
Victor Morales
782f0511b9
Define ostree variable for runc ( #9321 )
The ostree variable is not defined previously raising an error when
the runtime tries to read it.
2 years ago
Kevin Huang
fa093ee609
feat(docs/openstack.md): Put Additional step needed when using calico or kube-router in own section ( #9320 )
2 years ago
Samuel Liu
612bcc4bb8
add liupeng0518 to approvers list ( #9313 )
2 years ago