epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-13 21:34:40 +03:00
Code Issues Packages Projects Releases Wiki Activity
8,610 Commits 44 Branches 87 Tags
master
Commit Graph

5683 Commits

Author SHA1 Message Date
Max Gautier
e361def9cd Rename remove-node/pre-remove (no hypens for role in collection) 2025-05-12 22:19:50 +02:00
Max Gautier
fa6888df4c kubernetes_audit: Remove redundant defaults filter (#12208) 2025-05-12 07:23:14 -07:00
felipe88alves
9bbd597e20 create cilium_operator_tolerations variable in group_var (#12200) 
- This enables ithe override of the tolerations for the cilium-operator deployment
 - default behaviour is to leave the toleration as is unless the var is set
 2025-05-12 03:25:15 -07:00
Cheolhui Kim
fceb1516b8 Update: add Cilium LB IP Pool configuration to support ranges (#12140) 2025-05-12 01:39:18 -07:00
Kubernetes Prow Robot
43e19ab281 Merge pull request #12202 from VannTen/cleanup/rename_kubespray_defaults 
Rename kubespray-defaults to kubespray_defaults
 2025-05-12 01:21:14 -07:00
Max Gautier
4052cd5237 Add compat and deprecation warning for kubespray-defaults 2025-05-12 09:46:07 +02:00
Kim Hyunyoung, Abel
e1be469995 fix: do not mount hubble-ui tls volume when cilium_hubble_tls_generate is false (#12143) 2025-05-11 20:27:14 -07:00
Max Gautier
7db2aa1cba Rename kubespray-defaults to kubespray_defaults 
Role names in ansible collection should not contains hyphens.
 2025-05-10 10:04:37 +02:00
Kubernetes Prow Robot
0c8dfb8e43 Merge pull request #12185 from VannTen/cleanup/iproute_with_the_rest 
Move package installation to bootstrap-os
 2025-05-09 20:49:14 -07:00
Max Gautier
25e4fa17a8 Split kubespray-defaults (-> network_facts) 
kubespray-defaults currently does two things:
- records a number of default variable values (in particular values used
  in several places)
- gather and compose some complex network facts (in particular,
  `fallback_ip` and `no_proxy`

There is no actual reason to couple those two things, and it makes using
defaults more difficult (because computing the network facts is somewhat
expensive, we don't want to do it willy-nilly)

Split the two and adjust import paths as needed.
 2025-05-09 21:14:26 +02:00
Max Gautier
bb4b2af02e Drop install of python-libselinux for RHEL family below 8 
RHEL 7 and derivates support has been removed from some time, clean up
of leftovers.
 2025-05-09 21:14:25 +02:00
ChengHao Yang
27e93ee9f6 Feat: Gateway API early installation (#12189) 
The Gateway API needs to be installed first if you want to use Cilium's
Gateway API functionality. The Gateway API is just CRD without any Pod,
Deployment, etc., so I think it can be brought forward to before the CNI
installation.

Signed-off-by: ChengHao Yang
 2025-05-09 09:47:14 -07:00
Chad Swenson
76707073c4 Fix indentation on AuthorizationConfiguration task (#12197) 2025-05-09 00:05:19 -07:00
ERIK
1c4b18b089 fix: arm64 checksums for youki and kata-containers (#12173) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2025-05-08 19:05:14 -07:00
Max Gautier
d6d87e9a83 Move cilium_deploy_additionnaly to kubespray-default (#12191) 
Instead of using default(false) all over the place, use
kubespray-defaults
 2025-05-07 05:05:17 -07:00
Max Gautier
fcc294600c Workaround missing etcd certds on control plane node (#12181) 2025-05-05 01:05:57 -07:00
Max Gautier
9631b5fd44 Move etcd inventory sample doc to role defaults 2025-05-04 21:24:26 +02:00
Max Gautier
a7d681abff Install iputils with other packages 2025-05-04 21:22:49 +02:00
Max Gautier
5867fa1b9f Move back iproute install to system_packages 
Packages are now installed before network facts collection, so we can
install iproute with the rest.
 2025-05-04 21:22:49 +02:00
Max Gautier
1e79c7b3cb Move package install to bootstrap-os 2025-05-04 21:22:48 +02:00
Max Gautier
87726faab4 Move check 'sorted pkgs list to pre-commit' 
This is a lint check, which should not live in the playbook itself.
 2025-05-04 21:22:47 +02:00
Max Gautier
1b9919547a Split 'offline' assert into their own role 
The preinstall assert cover a number of things, many of which depends
only on the inventory, and can be run without any ansible_facts
collected.

Split them off to simplify re-ordering.
 2025-05-04 21:22:46 +02:00
Kubernetes Prow Robot
84d96d5195 Merge pull request #12165 from tico88612/fix/failing-test-coredns-autoscaler 
Feat: add `dns_autoscaler_affinity` and remove in-place values
 2025-05-03 13:17:55 -07:00
bin.pan
6f0fc020e8 update containerd.options key name (#12170) 2025-05-02 23:27:55 -07:00
Ho Kim
c47711c2f2 fix: correct indent of cpuManagerPolicyOptions (#12123) 2025-05-02 00:27:56 -07:00
ChengHao Yang
2907936c85 Feat: add dns_autoscaler_affinity remove in-place values 
Upstream has removed affinity, and fix upgrade failing test.

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-04-28 19:18:19 +08:00
ChengHao Yang
71a323039f Fix: kubelet-csr-approver moves to regular application installation (#12141) 
This commit fixed the process to ensure that CCM is installed first to
avoid the chicken-and-egg problem.

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-04-28 01:27:26 -07:00
ChengHao Yang
5e5e509698 Revert "Update cluster-proportional-autoscaler to v1.9.0 (#11982)" (#12168) 
This reverts commit 16841a1fb0.
 2025-04-28 01:23:32 -07:00
Aviral Agarwal
1da9f0dec4 Fixed kube-vip to use kube-vip/kube-vip-iptables image instead of kube-vip/kube-vip when lb_fwdmethod or kube_vip_lb_fwdmethod is set to masquerade (#12145) 2025-04-24 15:54:30 -07:00
ShinyaIshitobi
629a690886 fix: Enable NRI for containerd and disable plugin when nri_enabled is false (#12152) 
* fix(containerd): always render NRI plugin block with conditional disable flag

* feat: enable Node Resource Interface plugin when using containerd

* fix: remove the

* fix: fix for linter
 2025-04-24 01:40:33 -07:00
Mathieu Parent
16841a1fb0 Update cluster-proportional-autoscaler to v1.9.0 (#11982) 2025-04-24 01:32:37 -07:00
ERIK
8f41a2886d Update version comparison syntax and optimize whitespace (#12146) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2025-04-24 00:56:31 -07:00
Max Gautier
38cea5b866 Patch versions updates (#12119) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-23 21:48:30 -07:00
Kubernetes Prow Robot
4ad9f9b535 Merge pull request #11763 from tico88612/feat/gateway-api-v1.2.1 
Refactor Gateway API installation process and bump Gateway API v1.2.1
 2025-04-11 08:38:42 -07:00
ChengHao Yang
9456e792f1 Remove unused Gateway API template 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-04-11 22:57:00 +08:00
ChengHao Yang
7f60dda565 Refactor Gateway API manifests installation process 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-04-11 22:57:00 +08:00
ChengHao Yang
582fe2cbde Add Gateway API download information in kubespray-default 
Remove old variables in kubernetes-apps/gateway_api

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-04-11 22:57:00 +08:00
Max Gautier
79fbfdf271 component_hash_update: support calico_crds (#12122) 
- add support for "no_arch" downloads: arch-indendendant files such as
  YAML manifests, helm charts, etc.
- wire calico_crds with it.
 2025-04-10 02:18:47 -07:00
ChengHao Yang
cfaf397d4a Bump: OpenStack Cloud Controller Manager upgrade to v1.32.0 (#12121) 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-04-10 01:44:41 -07:00
Kubernetes Prow Robot
2f404de77c Merge pull request #12037 from VannTen/ci/convert_vagrant_to_kubevirt_2 
CI: convert remaining vagrant jobs (except IPv6) to kubevirt + cleanups
 2025-04-09 01:16:42 -07:00
ChengHao Yang
4ce5510c1a [rbd-provisioner] deprecate outdated application and documentation (#12114) 
* Cleanup: deprecate rbd-provisioner application

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: remove rbd-provisioner application

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-04-08 06:22:44 -07:00
ChengHao Yang
8032b8281d [cephfs-provisioner] deprecate outdated application and documentation (#12113) 
* Cleanup: deprecated CephFS application

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: Remove CephFS Application

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-04-08 03:08:39 -07:00
Max Gautier
5a6ef1dafa Timeout on RHEL subscription check (#12115) 
subscription-manager status can in some circumstances just never
terminates, with nothing indicating the problem from the Ansible
playbook log.
This makes it difficult to find the hosts misbehaving.

Add a timeout to the subscription checks (defaulting to 3 minutes). This
should be more than enough for normal circumstances while allowing
easier troubleshooting, as the hosts will be FAILED instead of the
playbook just waiting indefinitely.
 2025-04-08 01:24:44 -07:00
Ricky Kwan
4a5b524b98 Ensure metrics port exists for nodelocaldns/nodelocaldns-second daemonsets (#11998) 
- update metrics port to use port variable
- unconditionally define ports
 2025-03-27 04:14:34 -07:00
Max Gautier
aa0c0851f8 Upgrade kube-router (#12066) 
- This happens to fix the fact that kube-router is broken when using the
  service proxy: https://github.com/cloudnativelabs/kube-router/issues/1558
 2025-03-26 17:04:38 -07:00
Max Gautier
862aec4dc6 CI: remove 'packet' from jobs name + rename to kubevirt 
This is more accurate, the name 'packet' being an aterfact of history
(the Kubevirt jobs used to run on Packet, the previous name of Equinix)
 2025-03-26 14:32:26 +01:00
ERIK
a4843eaf5e fix: missing 'v' prefix in offline image tags (#12086) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2025-03-26 06:26:34 -07:00
Kay Yan
0f9f9fb569 support kube-proxy nftables (#12060) 
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
 2025-03-26 01:32:33 -07:00
Farshad Asadpour
e7c70d6169 fix(ingress-nginx): Upgrade ingress-nginx to v1.12.1 and webhook certgen image to v1.5.2 (#12075) 
This commit upgrades ingress-nginx to version v1.12.1, addressing multiple critical vulnerabilities including CVE-2025-1974, CVE-2025-1097, CVE-2025-1098, CVE-2025-24513, and CVE-2025-24514 as detailed in the ingress-nginx release notes: https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1

Important Notes:
- Fixing CVE-2025-1974 required disabling validation of the generated NGINX configuration during validation of Ingress resources. Invalid Ingress resources may stop the NGINX configuration from being updated.
- Recommended mitigations include enabling annotation validation and disabling snippet annotations.

Alongside this upgrade, the `ingress_nginx_kube_webhook_certgen_image_tag` has been updated to v1.5.2 for compatibility, based on: https://github.com/kubernetes/ingress-nginx/pull/13066

Changelog:
- Updated ingress-nginx version to v1.12.1 in Kubespray.
- Updated `ingress_nginx_kube_webhook_certgen_image_tag` in `roles/kubespray-defaults/defaults/main/download.yml` to v1.5.2.

Fixes: https://github.com/kubernetes-sigs/kubespray/issues/12073
 2025-03-25 09:10:38 -07:00
ChengHao Yang
36cd894d58 Bump Docker default version to 28.0 (#12070) 
* Cleanup: unsupport docker version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Cleanup: unsupport OS rhel7

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Feat: upgrade docker package

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: update rhel docker link

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Feat: upgrade docker version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: update docker version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-03-25 04:38:32 -07:00