epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-14 05:45:06 +03:00
Code Issues Packages Projects Releases Wiki Activity
8,552 Commits 44 Branches 87 Tags
cbdd7cf3a77992cd7cb520325353564ba8c304a9
Commit Graph

8552 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Gautier
cbdd7cf3a7 update pre-commit hooks (#12706) 2025-11-14 22:41:40 -08:00
k8s-infra-cherrypick-robot
3c0cff983d fix(cilium):correct loadBalancer.mode rendering in values.yaml (#12705) 
Co-authored-by: Anurag Ojha <aojharaj2004@gmail.com>
 2025-11-14 07:01:40 -08:00
k8s-infra-cherrypick-robot
e5a1f68a2c Update Calico apiserver RBAC for Kubernetes 1.33+ (#12695) 
Add missing RBAC permissions for Calico apiserver to function correctly
with Kubernetes 1.33+

Changes:

1. Add K8s 1.33 ValidatingAdmissionPolicy resources to calico-webhook-reader
   - validatingadmissionpolicies
   - validatingadmissionpolicybindings

Kubernetes 1.33 introduced ValidatingAdmissionPolicy resources (KEP-3488)
that require explicit RBAC permissions. Without these changes, Calico
apiserver on k8s 1.33+ will not work and needless errors are logged

Co-authored-by: rickerc <chris.ricker@gmail.com>
 2025-11-14 04:49:38 -08:00
k8s-infra-cherrypick-robot
fe566df651 Fix the (upgrade/remove_node) + collection test cases (#12687) 
The 'old' playbook and the collection use '-' and '_' as separator,
which breaks the logic in scripts/testcases_run.sh.

Add aliases using the old schemes to make the test work and avoid
breaking anything.

Both '-' and '_' variants will be deleted once we switch to supporting
collection only.

Co-authored-by: Max Gautier <mg@max.gautier.name>
 2025-11-10 06:46:57 -08:00
k8s-infra-cherrypick-robot
59b3c686a8 [release-2.29] Remove etcd member by peerURLs (#12685) 
* Remove etcd member by peerURLs

The way to obtain the IP of a particular member is convoluted and depend
on multiple variables. The match is also textual and it's not clear
against what we're matching

It's also broken for etcd member which are not also Kubernetes nodes,
because the "Lookup node IP in kubernetes" task will fail and abort the
play.

Instead, match against 'peerURLs', which does not need new variable, and
use json output.

* Add testcase for etcd removal on external etcd

* do not merge

* fixup! Remove etcd member by peerURLs

* fixup! Remove etcd member by peerURLs

---------

Co-authored-by: Max Gautier <mg@max.gautier.name>
 2025-11-10 05:48:56 -08:00
Ali Afsharzadeh
4b970baa5a [release-2.29] Upgrade cilium from 1.18.2 to 1.18.3 (#12679) 2025-11-09 06:00:52 -08:00
ChengHao Yang
a15fcb729b Patch versions updates (#12646) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-11-03 02:19:36 -08:00
k8s-infra-cherrypick-robot
9a9e33dc9f fix(calico): Add missed rbac verb for hostendpoints (#12644) 
Signed-off-by: Meza <meza-xyz@proton.me>
Co-authored-by: Meza <meza-xyz@proton.me>
 2025-10-24 01:05:34 -07:00
ChengHao Yang
d9f188c39c [release-2.29] Releng: galaxy version to 2.29.1 (#12645) 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-10-24 00:41:36 -07:00
ChengHao Yang
9991412b45 Docs: bump version to 2.29.0 (#12621) 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
v2.29.0 		2025-10-14 01:29:36 -07:00
Mahendra Reddy
ee6a792ec0 feat: add support crio additional mounts (#12561) 
removed default since it's already set in variables

fix pre commit issue in the pipeline
 2025-10-13 18:15:32 -07:00
Max Gautier
fbf957ab5d Fix breakage when ignoring all kubeadm preflight errors (#12606) 
kubeadm errors out if 'all' is specified with specific checks, so check
that case when we add hardcoded checks.

Add a test to catch regression.
 2025-10-13 05:54:58 -07:00
dependabot[bot]
202a0f3461 build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler (#12600) 
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler) from 3.2.2 to 3.2.3.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases)
- [Commits](0db433d412...e38e6809c5)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
  dependency-version: 3.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-09 11:53:00 -07:00
Arthur Outhenin-Chalandre
8c16c0f2b9 owner: remove myself from reviewers (#12594) 
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
 2025-10-09 02:47:03 -07:00
Jan Breitkopf
deaabb694d fix missing directory when run with download_run_once (#12275) 2025-10-09 02:01:02 -07:00
Mahendra Reddy
e39e005306 bugfix: skip etcd cert extraction if cilium identity uses crd (#12565) 
* bugfix: skip etcd cert extraction if cilium identity uses crd

* remove new line end of the file
 2025-10-09 00:31:00 -07:00
Matthias Lohr
6d6633a905 show node name to be more clear which node is going to be upgraded (#12399) 
* show node name to be more clear which node is going to be upgraded

* also show nodename when uncordoning
 2025-10-09 00:19:07 -07:00
Mohamed Omar Zaian
fd7f39043b [ingress-nginx] upgrade to 1.13.3 (#12604) 2025-10-08 19:04:59 -07:00
Ali Afsharzadeh
f8e74aafb9 Fix cilium_policy_audit_mode variable (#12569) 
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com>
 2025-10-07 09:15:02 -07:00
ChengHao Yang
aa255f8831 Patch versions updates (#12602) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-10-07 07:25:02 -07:00
Bas
9ded45f703 Documentation - hardening.md - etcd_deployment_type: host (#12520) 
* Fix for #12447

Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>

* Update hardening.md

Co-authored-by: spatterlight <81454789+spatterIight@users.noreply.github.com>

---------

Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>
Co-authored-by: spatterlight <81454789+spatterIight@users.noreply.github.com>
 2025-10-06 02:07:00 -07:00
Mahendra Reddy
270ff65992 fix crio restart while switching runtime (#12008) 
fixed kubelet condition

CRI-O: fix for handling of container runtime switching

refactored kubelet start condition

stop/start kubelet and crio only when default runtime is changed

fixed condition for runtime_matches fact variable

fixed set facts for existing container runtime

added crio runtime switch variable

changed condition to use runtime switch variable

added comment for not-found for readers
 2025-10-06 01:58:59 -07:00
dependabot[bot]
324e7f50c9 build(deps): bump cryptography from 46.0.1 to 46.0.2 (#12599) 
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.1 to 46.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/46.0.1...46.0.2)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-06 01:47:00 -07:00
R. P. Taylor
055274937b Fix variable typos (#12595) 2025-10-06 01:28:58 -07:00
philipp-check24
b98ed6ddf8 Remove update flag from pip install in ansible docs (#12590) 2025-10-03 06:56:58 -07:00
Meza
05c3e2c87c Fix typo in CONTRIBUTING.md (#12592) 
Signed-off-by: Meza <meza-xyz@proton.me>
 2025-10-03 04:30:57 -07:00
Alessio Greggi
b0571ccbf9 docs(hardening): fix broken link (#12577) 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2025-09-29 21:10:16 -07:00
Ali Afsharzadeh
8b62a71f31 Upgrade cilium related images (#12568) 
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com>
 2025-09-29 10:04:19 -07:00
JaeyungLee
411fdddaae fix(docs): update calico.md wrong image path (#12582) 2025-09-28 00:24:15 -07:00
Sassan torabkheslat
51a1f08624 reset: set v4/v6 default policies to ACCEPT and drop user chains (#12552) 2025-09-24 20:14:15 -07:00
dependabot[bot]
67632844cd build(deps): bump cryptography from 45.0.7 to 46.0.1 (#12567) 
Bumps [cryptography](https://github.com/pyca/cryptography) from 45.0.7 to 46.0.1.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/45.0.7...46.0.1)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-22 03:02:19 -07:00
Seena Fallah
13c70d3a58 coredns: set deploy replicas when dns autoscaler is disabled (#12387) 
Allow setting deployment replicas through `coredns_replicas` when
`enable_dns_autoscaler` is set to false.

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
 2025-09-20 03:50:14 -07:00
Ali Afsharzadeh
fae4e08f35 Upgrade cilium from 1.18.1 to 1.18.2 (#12559) 2025-09-18 23:56:12 -07:00
Takuya Murakami
1d91e47878 Fix: Fix calico_crds_archive checksum (#12564) 
It looks like the checksum was changed due to Github's compress algorithm change.
See #12523 for details.
 2025-09-18 23:14:11 -07:00
Ali Afsharzadeh
6b973d072c Upgrade haproxy load balancer from 3.1.7 to 3.2.4 (#12557) 
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com>
 2025-09-17 01:18:12 -07:00
ChengHao Yang
a36912e2c4 Patch versions updates (#12553) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-09-15 12:58:09 -07:00
Max Gautier
8d7d9907a1 Rough rework of the CI setup documentation (#12094) 2025-09-15 03:24:11 -07:00
Takuya Murakami
643087fea5 Bump cni-plugin 1.4.1 -> 1.8.0 (#12551) 
- Add 1.5, 1.6, 1.7 and 1.8 hashes
- Drop <1.3.0

Signed-off-by: Takuya Murakami <murakami_da@nec.com>
 2025-09-14 05:32:08 -07:00
Ali Afsharzadeh
2955dfe69f Upgrade flannel from 0.26.7 to 0.27.3 (#12543) 2025-09-11 00:22:07 -07:00
Ali Afsharzadeh
0a35c624ad Upgrade local-path-provisioner from 0.0.24 to 0.0.32 (#12545) 
* Upgrade local-path-provisioner from 0.0.24 to 0.0.32

Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com>

* Remove local_path_provisioner_image_tag variable

Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com>
Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-09-10 04:25:57 -07:00
Ali Afsharzadeh
456a3dda09 Upgrade cilium from 1.17.7 to 1.18.1 (#12542) 
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com>
 2025-09-09 19:47:59 -07:00
dependabot[bot]
efd30981f8 build(deps): bump actions/setup-python from 5 to 6 (#12539) 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-07 22:13:26 -07:00
dependabot[bot]
aabe063490 build(deps): bump cryptography from 45.0.6 to 45.0.7 (#12538) 
Bumps [cryptography](https://github.com/pyca/cryptography) from 45.0.6 to 45.0.7.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/45.0.6...45.0.7)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 45.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-07 21:21:27 -07:00
jaehanbyun
50c5f39a9d chore: add 'nftables' to kube_proxy_mode comment (#12522) 
Signed-off-by: jaehanbyun <awbrg789@naver.com>
 2025-09-02 00:57:15 -07:00
Takuya Murakami
8e401f94ea [calico] Add version 3.30.3 and make it default (#12523) 
Signed-off-by: Takuya Murakami <murakami_da@nec.com>
 2025-09-02 00:41:16 -07:00
Max Gautier
0b082ac2f4 Patch versions updates (#12518) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-09-01 20:05:12 -07:00
David Bidorff
fe7592dd0c fix: provide an option to ignore sysctl errors about unknown keys (#12514) 
* fix: provide an option to ignore sysctl errors about unknown keys

* fix: rename sysctl_ignoreerrors and remove useless var definitions
 2025-09-01 07:07:14 -07:00
Kim Hyunyoung, Abel
eb26449e80 fix: typo (#12517) 2025-09-01 03:07:12 -07:00
ujstor
4ab213bc44 feat: add containerd_extra_runtime_args for CRI runtime configuration (#12247) 
Add support for injecting additional configuration options into the
  containerd CRI runtime plugin section via containerd_extra_runtime_args.
 2025-09-01 02:57:12 -07:00
Kim Hyunyoung, Abel
66cab15498 fix: redeploy coredns and nodelocaldns when its config changed (#12401) 2025-09-01 00:23:11 -07:00