epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-28 01:29:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Move checksums to kubespray_defaults/vars (#12234)

Browse Source 
The checksums are not a defaults and are not meant to be changed from
the inventories.

Furthermore, role defaults have a lower priority that hosts facts, which
technically means a rogue hosts could hijack the hashes for its
variables.
This commit is contained in:
Max Gautier
2025-05-18 23:13:14 +00:00
committed by GitHub
parent 8a4f4d13f7
commit 3a2862ea19
3 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1348
roles/kubespray_defaults/vars/main/checksums.yml Normal file
View File

File diff suppressed because it is too large Load Diff

29
roles/kubespray_defaults/vars/main/main.yml Normal file
View File

@@ -0,0 +1,29 @@
---
# Kubespray constants
kube_proxy_deployed: "{{ 'addon/kube-proxy' not in kubeadm_init_phases_skip }}"
# The lowest version allowed to upgrade from (same as calico_version in the previous branch)
calico_min_version_required: "3.27.0"
containerd_min_version_required: "1.3.7"
# mixed kube_service_addresses/kube_service_addresses_ipv6 for a variety of network stacks(dualstack, ipv6only, ipv4only)
kube_service_subnets: >-
{%- if ipv4_stack and ipv6_stack -%}
{{ kube_service_addresses }},{{ kube_service_addresses_ipv6 }}
{%- elif ipv4_stack -%}
{{ kube_service_addresses }}
{%- else -%}
{{ kube_service_addresses_ipv6 }}
{%- endif -%}
# mixed kube_pods_subnet/kube_pods_subnet_ipv6 for a variety of network stacks(dualstack, ipv6only, ipv4only)
kube_pods_subnets: >-
{%- if ipv4_stack and ipv6_stack -%}
{{ kube_pods_subnet }},{{ kube_pods_subnet_ipv6 }}
{%- elif ipv4_stack -%}
{{ kube_pods_subnet }}
{%- else -%}
{{ kube_pods_subnet_ipv6 }}
{%- endif -%}