epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-15 22:34:21 +03:00
Code Issues Packages Projects Releases Wiki Activity
8,164 Commits 47 Branches 87 Tags
f9a263090a4908a4d5a6fb9c49150494dcc94687
Commit Graph

161 Commits

Author SHA1 Message Date
Max Gautier
f9a263090a Propagate v-less version everywhere 2025-03-05 16:18:39 +01:00
Boris
a51e7dd07d refact ip stack (#11953) 2025-02-11 03:37:58 -08:00
Antoine Legrand
4373c1be1d Revert "Add support for ipv6 only cluster via "enable_ipv6only_stack_networks…" (#11941) 
This reverts commit 76c0a3aa75.
 2025-02-03 07:06:58 -08:00
Boris
76c0a3aa75 Add support for ipv6 only cluster via "enable_ipv6only_stack_networks" (#11831) 2025-01-27 04:15:22 -08:00
ChengHao Yang
c27cc33bd7 Refactor: var kube_override_hostname only reserve in kubespray-defaults 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-11-05 01:00:39 +08:00
ChengHao Yang
437026f514 Cleanup: remove all cloud_provider related tasks & files 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-11-05 00:51:00 +08:00
Max Gautier
2826b357d4 Remove serialized collect of ansible_default_ipv4 
The fallback_ips tasks are essentially serializing the gathering of one
fact on all the hosts, which can have dramatic performance implications
on large clusters (several minutes).

This is essentially a reversal of 35f248dff0
Being able to run without refreshing the cache facts is not worth it.

We keep fallback_ip for now, simply changing the access to a normal
hostvars variable instead of a custom dictionnary.
 2024-10-04 14:19:20 +02:00
Max Gautier
9f45552201 Cleanup redundancy 
k8s_cluster = kube_control_plane + kube_node
 2024-09-24 11:16:30 +02:00
Max Gautier
fe60832a02 Remove kubelet_node_{custom_flags,config_extra_args} 
There is no need to have an extra variables for this, just use different
values per host (using Ansible group_vars, for example)
 2024-09-06 09:35:34 +02:00
Max Gautier
1bc61c9f35 Simplify kubelet-config template 
Remove system|kube_master_<resource>_reserved variables.
Those variables are unnecessary because users can simply use the
variables in group_vars if they which to differentiate control plane
nodes from other nodes.

Set conservative defaults for ephemeral-storage and pids for both kube
and system reserved resources.
 2024-09-06 09:33:07 +02:00
Max Gautier
1533d40411 Fix kube_reserved_cgroups_for_service_slice 
The default value is used across kubespray but only defined in
kubernetes/node.
Move it to kubespray-defaults
 2024-09-06 09:25:23 +02:00
Bogdan Sass
4b324cb0f0 Rename master to control plane - non-breaking changes only (#11394) 
K8s is moving away from the "master" terminology, so kubespray should follow the same naming conventions. See 65d886bb30/sig-architecture/naming/recommendations/001-master-control-plane.md
 2024-09-06 07:56:19 +01:00
R. P. Taylor
468c5641b2 fix kube_reserved so it only controls kubeReservedCgroup (#11367) 2024-07-26 01:39:20 -07:00
Serge Hartmann
db316a566d dependencies for kubelet.service (#11297) 
Signed-off-by: serge Hartmann <serge.hartmann@gmail.com>
 2024-06-26 02:30:34 -07:00
Lihai Tu
921b0c0bed Add options to control images pulling of kubelet (#11094) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-06-21 07:54:54 -07:00
Jorge Isnardo Altamirano
a09c73a356 Update kube-vip manifests to v0.8.0 2024-05-07 11:38:13 +02:00
Jorge Isnardo Altamirano
537891a380 Update kube-vip manifests to v0.8.0 2024-05-02 16:37:49 +02:00
Jorge Isnardo Altamirano
e57e958a39 Update kube-vip to v0.8.0 2024-05-02 09:45:30 +02:00
Barry M
1b870a1862 Update kubelet systemd service default allowed IP addresses for cluster hardening (#11061) 
Signed-off-by: bmelbourne <barry.melbourne0@gmail.com>
 2024-04-11 00:58:27 -07:00
kyrie
baf4842774 make kube-vip LeaderElection variables configurable (#11021) 
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
 2024-03-25 02:24:57 -07:00
Ugur Can Ozturk
7863fde552 [apiserver-kubelet/tracing]: add distributed tracing config variables (#10795) 
* [apiserver-kubelet/tracing]: add distributed tracing config flags

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

* [apiserver-kubelet/tracing]: add distributed tracing config flags - fix

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

* [apiserver-kubelet/tracing]: add distributed tracing config flags - fix

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

---------

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
 2024-01-25 10:24:35 +01:00
yun
13e1f33898 Correct the POLY1305 cipher suites by adding the suffix _SHA256 (#10641) 2024-01-22 18:00:52 +01:00
Louis Tu
a656b7ed9a Add kube_vip_lb_fwdmethod option for kube-vip (#10762) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
 2024-01-09 08:22:13 +01:00
Max Gautier
471326f458 Remove PodSecurityPolicy support and references (#10723) 
This is removed from kubernetes since 1.25, time to cut some dead code.
 2023-12-18 14:13:43 +01:00
Max Gautier
612cfdceb1 Check conntrack module presence instead of kernel version (#10662) 
* Try both conntrack modules instead of checking kernel version

Depending on kernel distributor, the kernel version might not be a
correct indicator of the conntrack module use.
Instead, we check both (and use the first found).

* Use modproble.persistent rather than manual persistence
 2023-11-28 18:31:02 +01:00
AbhishekKr
6b1188e3dc [fix] modprobe_nf_conntrack for new Linux Kernel, when using ipvs (#10625) 
Signed-off-by: AbhishekKr <abhikumar163@gmail.com>
 2023-11-20 09:48:06 +01:00
borgiacis
802da0bcb0 Create variables for ipvs kernel modules (#10580) 
* Create variables for ipvs kernel modules

* Corrected kubernetes role node task missing name

* Added changes as suggested during review by VannTen
 2023-11-08 12:44:02 +01:00
Arthur Outhenin-Chalandre
5d00b851ce project: fix var-spacing ansible rule (#10266) 
* project: fix var-spacing ansible rule

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing on the beginning/end of jinja template

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing of default filter

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing between filter arguments

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix double space at beginning/end of jinja

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix remaining jinja[spacing] ansible-lint warning

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
 2023-07-04 20:36:54 -07:00
Pat Riehecky
f5ee8b71ff Permit custom names for API server lb/proxy containers. (#10166) 
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
 2023-06-08 02:54:13 -07:00
Manuelraa
2b75552d1c Replace swap vars with single kubelet_fail_swap_on (#10036) 2023-05-11 10:53:04 -07:00
蒋航
a59e27cb6b Update kube-vip to v0.5.12 (#10005) 
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
 2023-04-22 19:01:12 -07:00
Arthur Outhenin-Chalandre
9e2104c7d3 node: fix default kubelet/runtime cgroups when kube_reserved is false (#9834) 
* node: fix default kubelet/runtime cgroups when kube_reserved is false (default)

Commit 1c4db6132d introduced a notion of
kube_reserved. This introduced a breaking change defaulting to use
kube.slice for the container_manager and the kubelet as if kube_reserved
was always enabled whereas it is disabled by default.

This commit fixes this by bringing back system.slice whenever
kube_reserved is disabled.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* inventory/sample: change false for kube_reserved as its the default

Changing the commented value in sample inventory to the actual default
value.

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
 2023-03-05 18:48:58 -08:00
panguicai
c710c93c02 upgrade kubevip to v0.5.11 (#9852) 
Signed-off-by: panguicai008 <1121906548@qq.com>
 2023-03-05 17:54:57 -08:00
ERIK
6ff845a199 Enable control plane load balancing for kube-vip (#9785) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2023-02-12 19:25:28 -08:00
蒋航
c5debf013c Update kubevip to v0.5.8 (#9734) 
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
 2023-01-31 00:24:55 -08:00
mKlaris
050fde6327 Add enableServicesElection env variable. (#9595) 2023-01-02 18:35:33 -08:00
Shelming.Song
1c4db6132d optimize cgroups settings for node reserved (#9209) 
* optimize cgroups settings for node reserved

* fix

* set cgroup slice for multi container engine

* set cgroup slice for crio

* add reserved cgroups variables to sample files

* Compatible with cgroup path for different container managers

* add cgroups doc

* fix markdown
 2022-12-30 08:05:30 -08:00
蒋航
990f87acc8 Update kube-vip to v0.5.5 (#9437) 
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
 2022-10-26 19:28:32 -07:00
Wouter Goedhart
1901b512d2 Make the port of kube-vip dynamic based on the kube_apiserver_port (#9414) 
variable

Fix wrong referenced variable on bgp_peers

Fix bgp_peeras field to be a string

Set default value for bgp_peeras
 2022-10-23 18:00:24 -07:00
William Turner
ad3f503c0c Fix default value for kubelet_secure_addresses (#9355) 2022-10-06 00:35:51 -07:00
Alessio Greggi
acb6f243fd feat: add kubelet systemd service hardening option (#9194) 
* feat: add kubelet systemd service hardening option

* refactor: move variable name to kubelet_secure_addresses

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* docs: add diagram about kubelet_secure_addresses variable

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
 2022-08-30 11:18:55 -07:00
Samuel Liu
e73803c72c pid reserved must be str (#9124) 2022-07-30 20:14:27 -07:00
h9-HSFRQDH
3bb9542606 Adding support for node & pod pid limit (#9038) 2022-07-05 00:20:48 -07:00
Calin Cristian Andrei
24c8ba832a [kubernetes] drop support for configuring insecure apiserver 2022-06-15 00:57:20 -07:00
Ho Kim
77f436fa39 Fix: set fallback value of kubelet ip6 (#8858) (#8926) 
* Fix: set fallback value of kubelet ip6 (#8858)

* Prune the spurious comma in the end of kubelet_address

- Update `roles/kubernetes/node/defaults/main.yml`

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* Fix: set fallback value of kubelet ip6 (#8858)

- Apply the lint: 132606368e

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
 2022-06-06 10:08:21 -07:00
Thearas
01ca7293f5 support reserve ephemeral-storage (#8895) 2022-06-06 07:34:26 -07:00
Mathieu Parent
996ef98b87 Add support for kube-vip (#8669) 
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
 2022-04-07 10:37:57 -07:00
kakkotetsu
98d5d0cdd5 add support for Dual Stack node InternalIP (#8542) 2022-02-15 00:28:02 -08:00
Ilya Margolin
aed187e56c Fix kubelet_kubelet_cgroups_cgroupfs (#8500) 
If kubelet is run with systemd (as it always is when using kubespray),
it starts in systemd's /system.slice/kubelet.service cgroup.

This commit prevents a creation and usage of a second unrelated cgroup.
 2022-02-02 00:50:22 -08:00
cyril-corbon
575e0ca457 feat: add eviction hard to kubelet config (#8421) 
Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
 2022-01-24 00:13:57 -08:00