epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-14 13:54:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
8,069 Commits 44 Branches 87 Tags
b548ccbe7fab0d7fd2eee78f13264d8ab2d3a530
Commit Graph

8069 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Gautier
b548ccbe7f Adapt CI/vagrant to run without sample inventory 2025-01-17 16:22:57 +01:00
ChengHao Yang
3930919283 Cleanup OWNERS files in each folders (#11892) 
* Cleanup not in k-sigs members OWNERS

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Cleanup inactive members on Kubespray

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-01-15 12:10:34 -08:00
Kay Yan
b104bb7a57 [kubernetes] Support Kubernetes v1.32.0 with RHEL8 (#11885) 
* [kubernetes] Support Kubernetes v1.32.0

* add workaround for RHEL8

Signed-off-by: Kay Yan <kay.yan@daocloud.io>

---------

Signed-off-by: Kay Yan <kay.yan@daocloud.io>
Co-authored-by: Mohamed Zaian <mohamedzaian@gmail.com>
 2025-01-15 08:54:35 -08:00
Bas
c84336b48c Contrib: upload2artifactory.py (#11886) 
* Contrib: upload2artifactory.py

Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>

* Pythonic

Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>

* Suggested

Co-authored-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* upload2artifactory.py documentation.

---------

Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>
Co-authored-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
 2025-01-15 05:18:33 -08:00
Christian Kröger
403a73ac11 [ingress-nginx] expose custom tcp and udp ports in ingress-nginx-controller (#11850) 2025-01-15 05:14:33 -08:00
Fredrik Liv
5ca23e3bfe Changed to use first_kube_control_plane to parse kubeadm_certificate_key (#11875) 
Co-authored-by: nvalembois <nvalembois@live.com>
 2025-01-14 08:34:34 -08:00
Kay Yan
3527cb1916 Update CI test from AlmaLinux8 to AlmaLinux9 (#11889) 
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
 2025-01-14 02:50:32 -08:00
ChengHao Yang
5a353cb04f Add manual option to the external_cloud_provider variable (#11883) 
* Add `manual` option in the `external_cloud_provider` value

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Update external cloud provider description in roles & sample inventory

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-01-13 00:12:34 -08:00
kyrie
1f186ed451 add containerd registry mirror certificate configuration (#11857) 
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
 2025-01-09 01:48:31 -08:00
Chad Swenson
8443f370d4 Structured AuthorizationConfiguration (#11852) 
Adds the ability to configure the Kubernetes API server with a structured authorization configuration file.

Structured AuthorizationConfiguration is a new feature in Kubernetes v1.29+ (GA in v1.32) that configures the API server's authorization modes with a structured configuration file.
AuthorizationConfiguration files offer features not available with the `--authorization-mode` flag, although Kubespray supports both methods and authorization-mode remains the default for now.

Note: Because the `--authorization-config` and `--authorization-mode` flags are mutually exclusive, the `authorization_modes` ansible variable is ignored when `kube_apiserver_use_authorization_config_file` is set to true. The two features cannot be used at the same time.

Docs: https://kubernetes.io/docs/reference/access-authn-authz/authorization/#configuring-the-api-server-using-an-authorization-config-file
Blog + Examples: https://kubernetes.io/blog/2024/04/26/multi-webhook-and-modular-authorization-made-much-easier/
KEP: https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/3221-structured-authorization-configuration

I tested this all the way back to k8s v1.29 when AuthorizationConfiguration was first introduced as an alpha feature, although v1.29 required some additional workarounds with `kubeadm_patches`, which I included in example comments.

I also included some example comments with CEL expressions that allowed me to configure webhook authorizers without hitting kubeadm 1.29+ issues that block cluster creation and upgrades such as this one: https://github.com/kubernetes/cloud-provider-openstack/issues/2575.
My workaround configures the webhook to ignore requests from kubeadm and system components, which prevents fatal errors from webhooks that are not available yet, and should be authorized by Node or RBAC anyway.
 2025-01-07 09:14:28 +01:00
ChengHao Yang
1801debaea Add Flatcar 4081.2.1 image to test-infra (#11849) 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-01-07 08:38:28 +01:00
Kay Yan
369be00960 increase the memory requirement to 2GB (#11864) 
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
 2025-01-07 08:00:28 +01:00
Kay Yan
ae1805587b cleaup for 2.27.0 (#11854) 
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
 2025-01-07 05:06:29 +01:00
Noam
55d1e4a4b5 enable bash completion tasks for Suse OS family (#11860) 
* remove check for os family on bash completion tasks

* add Suse
 2025-01-06 15:36:16 +01:00
Max Gautier
ac9b76eb2e Ignore Mem preflight errors on ubuntu upgrade testcase (#11859) 2025-01-06 11:52:16 +01:00
Mohamed Omar Zaian
9ec9b3a202 [ingress-nginx] upgrade to 1.12.0 (#11846) v2.27.0 2025-01-02 04:58:14 +01:00
Antoine Legrand
0222a2a634 Add option to skip network plugin installation (#11844) 2024-12-31 12:52:13 +01:00
Kubernetes Prow Robot
57490d5e5e Merge pull request #11793 from VannTen/cleanup/ci_testcases_better_callback 
Use debug stdout callback in ci rather than manual debug
 2024-12-27 18:40:12 +01:00
Kubernetes Prow Robot
5af3a34de8 Merge pull request #11819 from VannTen/cleanup/preinstall_fact 
Cleanups in kubernetes/preinstall (DNS stuff)
 2024-12-27 18:04:11 +01:00
ChengHao Yang
54a01f2774 Bump: Containerd upgrade to 1.7.24 & runc upgrade to v1.2.3 (#11833) 
* Bump: Containerd upgrade to 1.7.24

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: README.md update Containerd version 1.7.24

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Bump: runc upgrade to v1.2.3

Runc upgrade to v1.2.3, and add v1.1.15, v1.2.x checksum

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-12-27 13:36:11 +01:00
Max Gautier
6f6da3d3c7 Update SECURITY_CONTACTS with active maintainers (#11827) 
* Update SECURITY_CONTACTS with active maintainers

* Add yankay to SECURITY_CONTACTS
 2024-12-27 06:26:13 +01:00
ChengHao Yang
a6bc327d63 Bump: Helm upgrade to v3.16.4 (#11832) 
* Bump: Helm default version v3.16.4

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: README.md update helm version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-12-26 14:24:11 +01:00
Mohamed Omar Zaian
25d0380db7 [calico] Add version 3.29.1 and make it default (#11798) 2024-12-25 23:14:11 +01:00
ChengHao Yang
3305ae9235 Bump: Kubernetes default version v1.31.4 (#11828) 
* Bump: kubernetes upgrade to 1.31.4

Add Kubernetes 1.31.4, 1.30.8 and 1.29.12 version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: Upgrade Kubernetes version to 1.31.4

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-12-25 23:10:13 +01:00
kyrie
e7a5e3ca5c Fix using the default network manager in reset.yml (#11678) 
* enhance reset network service

Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>

* reset network service: use systemd module directly

---------

Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
Co-authored-by: Max Gautier <mg@max.gautier.name>
 2024-12-24 15:50:11 +01:00
dependabot[bot]
6c69ffed5b build(deps): bump molecule-plugins[vagrant] from 23.5.3 to 23.6.0 (#11826) 
Bumps [molecule-plugins[vagrant]](https://github.com/ansible-community/molecule-plugins) from 23.5.3 to 23.6.0.
- [Release notes](https://github.com/ansible-community/molecule-plugins/releases)
- [Commits](https://github.com/ansible-community/molecule-plugins/compare/v23.5.3...v23.6.0)

---
updated-dependencies:
- dependency-name: molecule-plugins[vagrant]
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-24 14:46:11 +01:00
Max Gautier
d173f1d951 Only consider host in 'k8s_cluster' when checking if ip is a cached fact (#11817) 
This avoids spurious failure with 'localhost'.

It should also be more correct the inventory contains uncached hosts
which are not in `k8s_cluster` and therefore should not be Kubespray
business.

(We still use hostvars for uncached hosts, because it's easier to select
on 'ansible_default_ipv4' that way and does not change the end result)
 2024-12-23 08:48:10 +01:00
Max Gautier
91ad58a185 Update ansible-lint pre-commit + drop jsonschema dep (#11818) 2024-12-20 03:00:09 +01:00
Chad Swenson
2fbf4806ed Add ResourceQuota plugin configuration (#11814) 
This enables [configuration](https://kubernetes.io/docs/concepts/policy/resource-quotas/#limit-priority-class-consumption-by-default) of the [ResourceQuota AdmissionController plugin](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#resourcequota). The configuration file will be empty by default when no limitedResources are set.
 2024-12-19 18:12:09 +01:00
Max Gautier
684f52eaf4 kubernetes/preinstall: remove unused variable 2024-12-19 16:30:48 +01:00
Max Gautier
55e095c1c7 kubernetes/preinstall: dns vars cleanup 
- Move validation from facts to verify-settings
- Move set_fact to vars/
 2024-12-19 16:30:47 +01:00
Max Gautier
1127a62176 kubernetes/preinstall: dns setting cleanup(dhclient, resolvconf) 
We use a lot of facts where variables are enough, and format too early,
which prevent reusing the variables in different contexts.

- Moves set_fact variables to the vars directory, remove unnecessary
 intermediate variables, and render them at usage sites to only do logic
 on native Ansible/Jinja lists.
- Use defaults/ rather than default filters for several variables.
 2024-12-19 16:30:46 +01:00
Max Gautier
a3e569f5c4 kubernetes/preinstall: switch coredns_server to vars/ 2024-12-19 15:51:02 +01:00
Ekko
bf70335493 Add iproute(2) package checking (#11816) 
Signed-off-by: ekko <lihai.tu@daocloud.io>
 2024-12-19 11:32:09 +01:00
Max Gautier
180ce0b2ce CI: test hardening setup in normal CI run (#11809) 2024-12-18 15:40:09 +01:00
Max Gautier
331671ac30 Revert "apiserver: fix incorrect path to admission plugins config files (#11779)" (#11808) 
This reverts commit 742409e663.
 2024-12-18 15:02:10 +01:00
Emilien M
03de8ff566 Fix Ansible example values for OpenStack controller (#11803) 2024-12-17 16:06:52 +01:00
ERIK
540c6ddb96 remove legacy kubelet container pre-upgrade tasks (#11805) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2024-12-17 09:38:54 +01:00
Kubernetes Prow Robot
da077ab8a6 Merge pull request #11700 from VannTen/feat/kubectl_stdin 
Convert kubernetes-apps to use kubectl directly
 2024-12-17 08:06:53 +01:00
Kubernetes Prow Robot
30f0a14489 Merge pull request #11792 from VannTen/flake/race_sa_creation 
Fix flakey test + cleanup in testcases/030-checknetwork
 2024-12-17 03:26:52 +01:00
Kubernetes Prow Robot
acfaef2adf Merge pull request #11797 from VannTen/ci/fix_collection_testing 
CI: build collection before runnings tests
 2024-12-16 11:12:51 +01:00
Max Gautier
742409e663 apiserver: fix incorrect path to admission plugins config files (#11779) 2024-12-16 09:40:52 +01:00
dependabot[bot]
a2cde9e77e build(deps): bump ansible-lint from 24.10.0 to 24.12.2 (#11799) 
Bumps [ansible-lint](https://github.com/ansible/ansible-lint) from 24.10.0 to 24.12.2.
- [Release notes](https://github.com/ansible/ansible-lint/releases)
- [Commits](https://github.com/ansible/ansible-lint/compare/v24.10.0...v24.12.2)

---
updated-dependencies:
- dependency-name: ansible-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-16 07:50:51 +01:00
Max Gautier
7da317348c CI: remove IDEMPOT_CHECK (#11796) 
There is no test with IDEMPOT_CHECK=true since commit 7b78e6872 (disable
idempotency tests (#1872), 2017-10-26)

Remove the related infra from our CI scripts.
 2024-12-13 20:02:26 +01:00
Max Gautier
2dddb4fb65 CI: test collections in one packet job 2024-12-13 16:44:31 +01:00
Max Gautier
18fab585ad CI: build collection before runnings tests 
We were running the playbooks before building the collections, so this
probably wasn't testing much.
 2024-12-13 16:44:30 +01:00
Max Gautier
86a949dc81 CI: Remove Flatcar specifics 
We don't test Flatcar at all in CI, thus remove special handling for it.
 2024-12-13 11:44:51 +01:00
Max Gautier
f6d1c294d4 CI: Use the debug stdout callback instead of manual debug 
This display in a readable (by humans) way the result of most tasks, and
should be way more readable that what we have now, which is frequently a
bunch of unreadable json.

+ some small fixes (using delegated_to instead of when
  <control_plane_host>)
 2024-12-13 11:44:49 +01:00
Max Gautier
630e9de658 CI: drop special casing for Opensuse and CoreOS (#11791) 
- special casing should be in Kubespray, not in the test. It makes no
  sense to do something in tests which won't be done in actual usage.
- We don't actually test CoreOS at all in the CI.
 2024-12-13 03:52:26 +01:00
Max Gautier
12ed1fcf93 CI-tests: remove hostnets stuff from 030_check-network 
There is no pods with hostNetwork deployed in this test, and therefore
the tasks are skipped / empty output (checked in CI).
 2024-12-12 15:52:05 +01:00