epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-14 05:45:06 +03:00
Code Issues Packages Projects Releases Wiki Activity
8,086 Commits 44 Branches 87 Tags
b01c407387619874219eff37f4ed15add7e95e06
Commit Graph

8086 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
k8s-infra-cherrypick-robot
b01c407387 Changed to use first_kube_control_plane to parse kubeadm_certificate_key (#12758) 
Co-authored-by: Fredrik Liv <fredrik.liv@elastisys.com>
Co-authored-by: nvalembois <nvalembois@live.com>
 2025-12-02 07:28:26 -08:00
k8s-infra-cherrypick-robot
17d21676e9 Fix calico etcd mode networkpolicy RBAC (#12753) 
Co-authored-by: Chad Swenson <chadswen@gmail.com>
 2025-11-28 08:36:21 -08:00
k8s-infra-cherrypick-robot
7a27aef736 [release-2.27] CI: enable unsafe_show_logs == true by default (#12726) 
* CI: enable unsafe_show_logs == true by default

* Deduplicate defaults vars (unsafe_show_logs)

---------

Co-authored-by: Max Gautier <mg@max.gautier.name>
 2025-11-19 23:57:59 -08:00
k8s-infra-cherrypick-robot
406ea25217 Fix breakage when ignoring all kubeadm preflight errors (#12618) 
kubeadm errors out if 'all' is specified with specific checks, so check
that case when we add hardcoded checks.

Add a test to catch regression.

Co-authored-by: Max Gautier <mg@max.gautier.name>
 2025-11-17 22:27:37 -08:00
Max Gautier
87597b044d galaxy.yml: up to next patch version (#12697) 2025-11-17 21:27:38 -08:00
Max Gautier
16e3670dd4 Remove etcd member by peerURLs (#12691) 
The way to obtain the IP of a particular member is convoluted and depend
on multiple variables. The match is also textual and it's not clear
against what we're matching

It's also broken for etcd member which are not also Kubernetes nodes,
because the "Lookup node IP in kubernetes" task will fail and abort the
play.

Instead, match against 'peerURLs', which does not need new variable, and
use json output.

- Add testcase for etcd removal on external etcd
 2025-11-17 02:53:40 -08:00
Max Gautier
c06b669ae6 [release-2.27] Update pre-commit hooks (#12698) 
* Update pre-commit hooks

* CI: Put pre-commit cache under CI_PROJECT_DIR (#11929)

* CI: Put pre-commit cache under CI_PROJECT_DIR

Apparently gitlab-runner can't cache stuff outside of the project
directory.

Put the cache under CI_PROJECT_DIR to make it work (which also means we
need to ignore it from ansible-lint).

Also update the pre-commit image while we're at it.

Link: https://gitlab.com/gitlab-org/gitlab/-/issues/14151

* update ansible-lint pre-commit
 2025-11-16 01:11:36 -08:00
k8s-infra-cherrypick-robot
f3354ce2c9 calico: update calico-kube-controller manifest (#12481) 
Co-authored-by: Cyclinder Kuo <kuocyclinder@gmail.com>
 2025-08-28 00:21:10 -07:00
k8s-infra-cherrypick-robot
7cb6b07c44 Fix: Change "empty" definition for PodSecurity Admission configuration (#12476) 
Fixes a bug where `kube-apiserver` fails to start if the PodSecurity
configuration file doesn't have the `apiVersion` and `kind` keys.

Signed-off-by: Alejandro Macedo <alex.macedopereira@gmail.com>
Co-authored-by: Alejandro Macedo <alex.macedopereira@gmail.com>
 2025-08-26 09:22:10 -07:00
ChengHao Yang
9505e74d6e Fix: pre-commit failing test (#12484) 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-08-26 09:02:11 -07:00
ChengHao Yang
45140b5582 Fix: galaxy.yml set version to 2.27.1 (#12345) 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
v2.27.1 		2025-06-27 07:00:33 -07:00
k8s-infra-cherrypick-robot
16760787ad Add version pinning for AWS tf provider to fix CI (#12326) 
Co-authored-by: Chad Swenson <chadswen@gmail.com>
 2025-06-19 19:48:51 -07:00
k8s-infra-cherrypick-robot
266117d174 fix manage-offline-container-images.sh get image_id (#12314) 
Co-authored-by: DearJay <zhongtianjieyi143@gmail.com>
 2025-06-15 07:46:57 -07:00
Ali Afsharzadeh
c59833b2e5 [release-2.27] Patch versions update (#12231) 
* [release-2.27] Patch versions update

* Add calico crds archive checksum for v3.29.3

* Update kube_version in roles/kubespray-defaults/defaults/main/main.yml

* Revert crio version upgrade

* Upgrade calico to v3.29.4
 2025-06-05 09:00:38 -07:00
Max Gautier
55194fcf6d Move 'pretend certificates' **after** cert distribution (#12221) 
The link target will only exist after we distribute the certs on each node.
 2025-05-16 07:43:14 -07:00
k8s-infra-cherrypick-robot
d10000ee90 Workaround missing etcd certds on control plane node (#12192) 
Co-authored-by: Max Gautier <mg@max.gautier.name>
 2025-05-06 09:31:16 -07:00
Ali Afsharzadeh
6a67d28fab [release-2.27] Make fallback_ip cacheable in facts (#12182) 
* Make fallback_ip cacheable in facts

* Move cacheable property after fallback_ip variable

Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-02 22:03:55 -07:00
Chad Swenson
bf68231a5a Refactor control plane upgrades with reconfiguration support (#12015) (#12103) 
* Refactor control plane upgrades with reconfiguration support

Adds revised support for:
- The previously removed `--config` argument for `kubeadm upgrade apply`
- Changes to `ClusterConfiguration` as part of the `upgrade-cluster.yml` playbook lifecycle
- kubeadm-config `v1beta4` `UpgradeConfiguration` for the `kubeadm upgrade apply` command: [UpgradeConfiguration v1beta4](https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta4/#kubeadm-k8s-io-v1beta4-UpgradeConfiguration).

* Add kubeadm upgrade node support

Per discussion:
- Use `kubeadm upgrade node` on secondary control plane upgrades
- Add support for UpgradeConfiguration.node in kubeadm-config.v1beta4
- Remove redundant `allowRCUpgrades` config
- Revert from `block` for first and secondary control plane back to unblocked tasks since they no longer share much code and it's more readable this way

* Add kubelet and kube-proxy reconfiguration to upgrades

* Fix task to use `kubeadm init phase etcd local`

* Rebase with changes from "Adapt checksums and versions to new hashes updater" PR

* Add `imagePullPolicy` and `imagePullSerial` to kubeadm-config v1beta4 `InitConfiguration.nodeRegistration`

(cherry picked from commit b551fe083d)
 2025-04-02 23:18:38 -07:00
ChengHao Yang
de25806c56 Bump ingress-nginx to 1.12.1 and certgen to 1.5.2 (#12080) 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-03-27 00:44:34 -07:00
ChengHao Yang
bbabe496c4 [calico] fix v3.29.2 crds archive checksum (#12082) 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-03-26 02:14:33 -07:00
k8s-infra-cherrypick-robot
6073fee806 build(deps): bump cryptography from 44.0.1 to 44.0.2 (#12062) 
Bumps [cryptography](https://github.com/pyca/cryptography) from 44.0.1 to 44.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/44.0.1...44.0.2)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-21 06:32:32 -07:00
k8s-infra-cherrypick-robot
e354295476 fix: kubecontrollersconfigurations list permission (#12039) 
[WARNING][1] kube-controllers/runconfig.go 193: unable to list KubeControllersConfiguration(default) error=connection is unauthorized: kubecontrollersconfigurations.crd.projectcalico.org "default" is forbidden: User "system:serviceaccount:kube-system:calico-kube-controllers" cannot list resource "kubecontrollersconfigurations" in API group "crd.projectcalico.org" at the cluster scope

Co-authored-by: darkobas <marko@datafund.io>
 2025-03-15 09:15:47 -07:00
Kubernetes Prow Robot
1af53ce9a6 Merge pull request #12031 from VannTen/2.27-update-versions 
[release-2.27] Patch versions update
 2025-03-14 01:27:48 -07:00
Max Gautier
26779c01a9 CI: switch crio testing to ubuntu20 
The switch to crun as a default runtime does not work with RHEL-8 like
OS, because of the default to cgroups v2

https://github.com/cri-o/cri-o/issues/8743
 2025-03-13 15:43:14 +01:00
Max Gautier
5e083a5370 Update defaults versions to last checksums 2025-03-13 12:09:40 +01:00
Max Gautier
1528bdda39 Checksums updates 2025-03-13 12:05:40 +01:00
k8s-infra-cherrypick-robot
ccf2abb5b1 Remove amazon-linux2 from CI: issue with vm creation (#12017) 
Co-authored-by: ant31 <2t.antoine@gmail.com>
 2025-03-04 04:35:43 -08:00
k8s-infra-cherrypick-robot
ecd5b73c5e build(deps): bump cryptography from 44.0.0 to 44.0.1 (#11973) 
Bumps [cryptography](https://github.com/pyca/cryptography) from 44.0.0 to 44.0.1.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/44.0.0...44.0.1)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-19 01:08:27 -08:00
k8s-infra-cherrypick-robot
3514ae8d04 [release-2.27] Fix incorrect syntax for secondary nodelocaldns manifest (#11957) 
* Fix incorrect syntax

* Fix incorrect syntax

---------

Co-authored-by: Raul Butuc <raulbutuc@gmail.com>
 2025-02-07 08:57:56 -08:00
k8s-infra-cherrypick-robot
99e2bfe2fa [release-2.27] Fix CI by exclude the .ansible in .ansible-lint & remove ctr image pull workaround (#11956) 
* exclude .ansible in ansible-lint

* remote ctr i pull workdaround

Signed-off-by: Kay Yan <kay.yan@daocloud.io>

---------

Signed-off-by: Kay Yan <kay.yan@daocloud.io>
Co-authored-by: Kay Yan <kay.yan@daocloud.io>
 2025-02-07 08:05:58 -08:00
k8s-infra-cherrypick-robot
7d14c4283a [release-2.27] Updated sample in inventory (#11922) 
* Updated sample in inventory

* Review changes

---------

Co-authored-by: Anshuman <anshuman@ibm.com>
 2025-01-24 00:39:21 -08:00
k8s-infra-cherrypick-robot
eb413e4719 [release-2.27] Add manual option to the external_cloud_provider variable (#11884) 
* Add `manual` option in the `external_cloud_provider` value

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Update external cloud provider description in roles & sample inventory

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-01-13 08:24:33 -08:00
Mohamed Omar Zaian
9ec9b3a202 [ingress-nginx] upgrade to 1.12.0 (#11846) v2.27.0 2025-01-02 04:58:14 +01:00
Antoine Legrand
0222a2a634 Add option to skip network plugin installation (#11844) 2024-12-31 12:52:13 +01:00
Kubernetes Prow Robot
57490d5e5e Merge pull request #11793 from VannTen/cleanup/ci_testcases_better_callback 
Use debug stdout callback in ci rather than manual debug
 2024-12-27 18:40:12 +01:00
Kubernetes Prow Robot
5af3a34de8 Merge pull request #11819 from VannTen/cleanup/preinstall_fact 
Cleanups in kubernetes/preinstall (DNS stuff)
 2024-12-27 18:04:11 +01:00
ChengHao Yang
54a01f2774 Bump: Containerd upgrade to 1.7.24 & runc upgrade to v1.2.3 (#11833) 
* Bump: Containerd upgrade to 1.7.24

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: README.md update Containerd version 1.7.24

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Bump: runc upgrade to v1.2.3

Runc upgrade to v1.2.3, and add v1.1.15, v1.2.x checksum

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-12-27 13:36:11 +01:00
Max Gautier
6f6da3d3c7 Update SECURITY_CONTACTS with active maintainers (#11827) 
* Update SECURITY_CONTACTS with active maintainers

* Add yankay to SECURITY_CONTACTS
 2024-12-27 06:26:13 +01:00
ChengHao Yang
a6bc327d63 Bump: Helm upgrade to v3.16.4 (#11832) 
* Bump: Helm default version v3.16.4

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: README.md update helm version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-12-26 14:24:11 +01:00
Mohamed Omar Zaian
25d0380db7 [calico] Add version 3.29.1 and make it default (#11798) 2024-12-25 23:14:11 +01:00
ChengHao Yang
3305ae9235 Bump: Kubernetes default version v1.31.4 (#11828) 
* Bump: kubernetes upgrade to 1.31.4

Add Kubernetes 1.31.4, 1.30.8 and 1.29.12 version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: Upgrade Kubernetes version to 1.31.4

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-12-25 23:10:13 +01:00
kyrie
e7a5e3ca5c Fix using the default network manager in reset.yml (#11678) 
* enhance reset network service

Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>

* reset network service: use systemd module directly

---------

Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
Co-authored-by: Max Gautier <mg@max.gautier.name>
 2024-12-24 15:50:11 +01:00
dependabot[bot]
6c69ffed5b build(deps): bump molecule-plugins[vagrant] from 23.5.3 to 23.6.0 (#11826) 
Bumps [molecule-plugins[vagrant]](https://github.com/ansible-community/molecule-plugins) from 23.5.3 to 23.6.0.
- [Release notes](https://github.com/ansible-community/molecule-plugins/releases)
- [Commits](https://github.com/ansible-community/molecule-plugins/compare/v23.5.3...v23.6.0)

---
updated-dependencies:
- dependency-name: molecule-plugins[vagrant]
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-24 14:46:11 +01:00
Max Gautier
d173f1d951 Only consider host in 'k8s_cluster' when checking if ip is a cached fact (#11817) 
This avoids spurious failure with 'localhost'.

It should also be more correct the inventory contains uncached hosts
which are not in `k8s_cluster` and therefore should not be Kubespray
business.

(We still use hostvars for uncached hosts, because it's easier to select
on 'ansible_default_ipv4' that way and does not change the end result)
 2024-12-23 08:48:10 +01:00
Max Gautier
91ad58a185 Update ansible-lint pre-commit + drop jsonschema dep (#11818) 2024-12-20 03:00:09 +01:00
Chad Swenson
2fbf4806ed Add ResourceQuota plugin configuration (#11814) 
This enables [configuration](https://kubernetes.io/docs/concepts/policy/resource-quotas/#limit-priority-class-consumption-by-default) of the [ResourceQuota AdmissionController plugin](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#resourcequota). The configuration file will be empty by default when no limitedResources are set.
 2024-12-19 18:12:09 +01:00
Max Gautier
684f52eaf4 kubernetes/preinstall: remove unused variable 2024-12-19 16:30:48 +01:00
Max Gautier
55e095c1c7 kubernetes/preinstall: dns vars cleanup 
- Move validation from facts to verify-settings
- Move set_fact to vars/
 2024-12-19 16:30:47 +01:00
Max Gautier
1127a62176 kubernetes/preinstall: dns setting cleanup(dhclient, resolvconf) 
We use a lot of facts where variables are enough, and format too early,
which prevent reusing the variables in different contexts.

- Moves set_fact variables to the vars directory, remove unnecessary
 intermediate variables, and render them at usage sites to only do logic
 on native Ansible/Jinja lists.
- Use defaults/ rather than default filters for several variables.
 2024-12-19 16:30:46 +01:00
Max Gautier
a3e569f5c4 kubernetes/preinstall: switch coredns_server to vars/ 2024-12-19 15:51:02 +01:00