Max Gautier
db599b3475
Patch version updates ( #12696 )
2025-11-14 04:41:45 -08:00
Chris Ricker
47140083dc
Update Calico apiserver RBAC for Kubernetes 1.33+ ( #12654 )
...
Add missing RBAC permissions for Calico apiserver to function correctly
with Kubernetes 1.33+
Changes:
1. Add K8s 1.33 ValidatingAdmissionPolicy resources to calico-webhook-reader
- validatingadmissionpolicies
- validatingadmissionpolicybindings
Kubernetes 1.33 introduced ValidatingAdmissionPolicy resources (KEP-3488)
that require explicit RBAC permissions. Without these changes, Calico
apiserver on k8s 1.33+ will not work and needless errors are logged
2025-11-14 00:23:38 -08:00
ChengHao Yang
2d179879a0
Bump Sonobuoy to 0.57.3 ( #12673 )
...
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com >
2025-11-11 19:00:56 -08:00
Max Gautier
61b8e4ce84
Test the correct version when testing collection + upgrade ( #12675 )
...
If we don't rebuild the collection and remove the previous archive we'll
test the first built.
2025-11-11 18:56:56 -08:00
Max Gautier
97a3776d8e
Remove etcd member by peerURLs ( #12682 )
...
* Remove etcd member by peerURLs
The way to obtain the IP of a particular member is convoluted and depend
on multiple variables. The match is also textual and it's not clear
against what we're matching
It's also broken for etcd member which are not also Kubernetes nodes,
because the "Lookup node IP in kubernetes" task will fail and abort the
play.
Instead, match against 'peerURLs', which does not need new variable, and
use json output.
* Add testcase for etcd removal on external etcd
* do not merge
* fixup! Remove etcd member by peerURLs
* fixup! Remove etcd member by peerURLs
2025-11-10 03:52:56 -08:00
Max Gautier
990695de7b
Let containerd create storage / state dir ( #12681 )
...
Containerd manages by itself, so there is no need to override it and
change permissions.
2025-11-10 03:42:56 -08:00
dependabot[bot]
4059c699dc
build(deps): bump octokit/graphql-action from 2.3.2 to 3.0.0 ( #12680 )
...
Bumps [octokit/graphql-action](https://github.com/octokit/graphql-action ) from 2.3.2 to 3.0.0.
- [Release notes](https://github.com/octokit/graphql-action/releases )
- [Commits](8ad880e4d4...abaeca7ba4support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-10 00:50:56 -08:00
xin053
e22ce15429
Update cinder-csi image tag for offline install ( #12627 )
2025-11-08 21:38:52 -08:00
Max Gautier
452d4e63e0
Fix the (upgrade/remove_node) + collection test cases ( #12672 )
...
The 'old' playbook and the collection use '-' and '_' as separator,
which breaks the logic in scripts/testcases_run.sh.
Add aliases using the old schemes to make the test work and avoid
breaking anything.
Both '-' and '_' variants will be deleted once we switch to supporting
collection only.
2025-11-07 07:22:55 -08:00
Kubernetes Prow Robot
d2a46b4ff8
Merge pull request #12671 from VannTen/prep/kubectl_apply_ssa
...
Make kubectl_apply_stdin available to other roles (+ SSA support)
2025-11-07 03:42:52 -08:00
Max Gautier
e090c9ee26
Factor kubectl_apply_stdin into separate "vars only" role
...
This is needed to make it available to other roles than kubernetes-apps
2025-11-07 09:34:57 +01:00
Max Gautier
0d6d3f5828
kubectl_apply_stdin SSA support
2025-11-07 09:34:29 +01:00
Max Gautier
b9662dbd86
cleanup: don't cleanup runc orphan binary on immutable distros ( #12669 )
2025-11-06 22:16:53 -08:00
Ali Afsharzadeh
f5a480fdc4
Upgrade cilium from 1.18.2 to 1.18.3 ( #12649 )
2025-11-06 21:42:52 -08:00
Albin Björk
5dce75d29b
upcloud: updated terraform provider version ( #12642 )
2025-10-24 00:53:34 -07:00
Max Gautier
5acde6cfe2
Get conf checksum directly for localhost CP loadbalancer ( #12632 )
...
There is no need to stat the templated file, because the template module
already returns a checksum.
2025-10-23 22:57:36 -07:00
Meza
c6926eb2f9
fix(calico): Add missed rbac verb for hostendpoints ( #12641 )
...
Signed-off-by: Meza <meza-xyz@proton.me >
2025-10-23 09:29:34 -07:00
Meza
1930ab7ed6
[docs] Fix typos found in the docs ( #12638 )
...
Signed-off-by: Meza <meza-xyz@proton.me >
2025-10-22 20:22:38 -07:00
dependabot[bot]
3edc979384
build(deps): bump cryptography from 46.0.2 to 46.0.3 ( #12635 )
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 46.0.2 to 46.0.3.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/46.0.2...46.0.3 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 46.0.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-19 23:52:12 -07:00
Max Gautier
cde7b2b022
Remove leftover docs fragment about mitogen ( #12630 )
...
This was left behind from 1fb14b746#12619 ), 2025-10-14)
2025-10-17 08:44:43 -07:00
i-yasuda
0d88532f3d
[kubernetes] Support kubernetes 1.34 ( #12549 )
...
* [kubernetes] Support kubernetes 1.34.0
Update hashes for kubernetes 1.34.0 except for cri-o
* [kubernetes] Support kubernetes 1.34.1
Update hashes for kubernetes 1.34.1
* [cri-o] Update cri-o to 1.34.1
---------
Co-authored-by: Takuya Murakami <tmurakam@tmurakam.org >
2025-10-17 01:56:42 -07:00
Goutham K
1fb14b7463
docs: remove outdated mitogen documentation. ( #12619 )
2025-10-14 05:39:38 -07:00
ChengHao Yang
a66d00a535
Releng: bump galaxy version 2.30.0 ( #12622 )
...
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com >
2025-10-14 02:09:35 -07:00
ChengHao Yang
9991412b45
Docs: bump version to 2.29.0 ( #12621 )
...
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com >
2025-10-14 01:29:36 -07:00
Mahendra Reddy
ee6a792ec0
feat: add support crio additional mounts ( #12561 )
...
removed default since it's already set in variables
fix pre commit issue in the pipeline
2025-10-13 18:15:32 -07:00
Max Gautier
fbf957ab5d
Fix breakage when ignoring all kubeadm preflight errors ( #12606 )
...
kubeadm errors out if 'all' is specified with specific checks, so check
that case when we add hardcoded checks.
Add a test to catch regression.
2025-10-13 05:54:58 -07:00
dependabot[bot]
202a0f3461
build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler ( #12600 )
...
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler ) from 3.2.2 to 3.2.3.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases )
- [Commits](0db433d412...e38e6809c5support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-09 11:53:00 -07:00
Arthur Outhenin-Chalandre
8c16c0f2b9
owner: remove myself from reviewers ( #12594 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr >
2025-10-09 02:47:03 -07:00
Jan Breitkopf
deaabb694d
fix missing directory when run with download_run_once ( #12275 )
2025-10-09 02:01:02 -07:00
Mahendra Reddy
e39e005306
bugfix: skip etcd cert extraction if cilium identity uses crd ( #12565 )
...
* bugfix: skip etcd cert extraction if cilium identity uses crd
* remove new line end of the file
2025-10-09 00:31:00 -07:00
Matthias Lohr
6d6633a905
show node name to be more clear which node is going to be upgraded ( #12399 )
...
* show node name to be more clear which node is going to be upgraded
* also show nodename when uncordoning
2025-10-09 00:19:07 -07:00
Mohamed Omar Zaian
fd7f39043b
[ingress-nginx] upgrade to 1.13.3 ( #12604 )
2025-10-08 19:04:59 -07:00
Ali Afsharzadeh
f8e74aafb9
Fix cilium_policy_audit_mode variable ( #12569 )
...
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com >
2025-10-07 09:15:02 -07:00
ChengHao Yang
aa255f8831
Patch versions updates ( #12602 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-10-07 07:25:02 -07:00
Bas
9ded45f703
Documentation - hardening.md - etcd_deployment_type: host ( #12520 )
...
* Fix for #12447
Signed-off-by: Bas Meijer <bas.meijer@enexis.nl >
* Update hardening.md
Co-authored-by: spatterlight <81454789+spatterIight@users.noreply.github.com >
---------
Signed-off-by: Bas Meijer <bas.meijer@enexis.nl >
Co-authored-by: spatterlight <81454789+spatterIight@users.noreply.github.com >
2025-10-06 02:07:00 -07:00
Mahendra Reddy
270ff65992
fix crio restart while switching runtime ( #12008 )
...
fixed kubelet condition
CRI-O: fix for handling of container runtime switching
refactored kubelet start condition
stop/start kubelet and crio only when default runtime is changed
fixed condition for runtime_matches fact variable
fixed set facts for existing container runtime
added crio runtime switch variable
changed condition to use runtime switch variable
added comment for not-found for readers
2025-10-06 01:58:59 -07:00
dependabot[bot]
324e7f50c9
build(deps): bump cryptography from 46.0.1 to 46.0.2 ( #12599 )
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 46.0.1 to 46.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/46.0.1...46.0.2 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 46.0.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-06 01:47:00 -07:00
R. P. Taylor
055274937b
Fix variable typos ( #12595 )
2025-10-06 01:28:58 -07:00
philipp-check24
b98ed6ddf8
Remove update flag from pip install in ansible docs ( #12590 )
2025-10-03 06:56:58 -07:00
Meza
05c3e2c87c
Fix typo in CONTRIBUTING.md ( #12592 )
...
Signed-off-by: Meza <meza-xyz@proton.me >
2025-10-03 04:30:57 -07:00
Alessio Greggi
b0571ccbf9
docs(hardening): fix broken link ( #12577 )
...
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it >
2025-09-29 21:10:16 -07:00
Ali Afsharzadeh
8b62a71f31
Upgrade cilium related images ( #12568 )
...
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com >
2025-09-29 10:04:19 -07:00
JaeyungLee
411fdddaae
fix(docs): update calico.md wrong image path ( #12582 )
2025-09-28 00:24:15 -07:00
Sassan torabkheslat
51a1f08624
reset: set v4/v6 default policies to ACCEPT and drop user chains ( #12552 )
2025-09-24 20:14:15 -07:00
dependabot[bot]
67632844cd
build(deps): bump cryptography from 45.0.7 to 46.0.1 ( #12567 )
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 45.0.7 to 46.0.1.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/45.0.7...46.0.1 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 46.0.1
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-22 03:02:19 -07:00
Seena Fallah
13c70d3a58
coredns: set deploy replicas when dns autoscaler is disabled ( #12387 )
...
Allow setting deployment replicas through `coredns_replicas` when
`enable_dns_autoscaler` is set to false.
Signed-off-by: Seena Fallah <seenafallah@gmail.com >
2025-09-20 03:50:14 -07:00
Ali Afsharzadeh
fae4e08f35
Upgrade cilium from 1.18.1 to 1.18.2 ( #12559 )
2025-09-18 23:56:12 -07:00
Takuya Murakami
1d91e47878
Fix: Fix calico_crds_archive checksum ( #12564 )
...
It looks like the checksum was changed due to Github's compress algorithm change.
See #12523 for details.
2025-09-18 23:14:11 -07:00
Ali Afsharzadeh
6b973d072c
Upgrade haproxy load balancer from 3.1.7 to 3.2.4 ( #12557 )
...
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com >
2025-09-17 01:18:12 -07:00
ChengHao Yang
a36912e2c4
Patch versions updates ( #12553 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-09-15 12:58:09 -07:00
