epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-13 21:34:40 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: epostnikof:a56b5af1e0784b2ef0bba3ee69b6da7c98d02bd6
Branches Tags
epostnikof:master epostnikof:component_hash_update/master epostnikof:component_hash_update/release-2.29 epostnikof:release-2.29 epostnikof:dependabot/pip/molecule-3baa0c6a05 epostnikof:release-2.27 epostnikof:release-2.28 epostnikof:component_hash_update/release-2.28 epostnikof:release-2.26 epostnikof:remove-ci-ok-to-test epostnikof:optional-coredns epostnikof:test/flatcar-4081 epostnikof:master-patch-updates epostnikof:symlinketcd epostnikof:ant31-patch-1 epostnikof:revert-11831-ipv6only epostnikof:test-ci epostnikof:release-2.25 epostnikof:release-2.24 epostnikof:reduce-vm-requests epostnikof:packet-test epostnikof:lean/pre-commit-hook-2 epostnikof:test-CI epostnikof:update-approvers-ant31 epostnikof:test-precommit epostnikof:release-2.23 epostnikof:release-2.22 epostnikof:release-2.21 epostnikof:release-2.20 epostnikof:release-2.19 epostnikof:release-2.18 epostnikof:pre-commit-hook epostnikof:floryut-patch-1 epostnikof:release-2.17 epostnikof:release-2.16 epostnikof:release-2.15 epostnikof:release-2.14 epostnikof:release-2.13 epostnikof:release-2.12 epostnikof:release-2.11 epostnikof:release-2.10 epostnikof:release-2.8 epostnikof:release-2.9 epostnikof:release-2.7
epostnikof:v2.29.1 epostnikof:v2.29.0 epostnikof:v2.28.1 epostnikof:v2.27.1 epostnikof:v2.28.0 epostnikof:v2.27.0 epostnikof:v2.25.1 epostnikof:v2.24.3 epostnikof:v2.26.0 epostnikof:v2.24.2 epostnikof:v2.25.0 epostnikof:v2.24.1 epostnikof:v2.22.2 epostnikof:v2.23.3 epostnikof:v2.24.0 epostnikof:v2.23.2 epostnikof:v2.23.1 epostnikof:v2.23.0 epostnikof:v2.22.1 epostnikof:v2.22.0 epostnikof:v2.21.0 epostnikof:v2.20.0 epostnikof:v2.19.1 epostnikof:v2.18.2 epostnikof:v2.19.0 epostnikof:v2.18.1 epostnikof:v2.18.0 epostnikof:v2.17.1 epostnikof:v2.17.0 epostnikof:v2.16.0 epostnikof:v2.15.1 epostnikof:v2.15.0 epostnikof:v2.14.2 epostnikof:v2.14.1 epostnikof:v2.12.10 epostnikof:v2.13.4 epostnikof:v2.14.0 epostnikof:v2.13.3 epostnikof:v2.12.9 epostnikof:v2.12.8 epostnikof:v2.12.7 epostnikof:v2.13.2 epostnikof:v2.13.1 epostnikof:v2.13.0 epostnikof:v2.12.6 epostnikof:v2.12.5 epostnikof:v2.12.4 epostnikof:v2.11.2 epostnikof:v2.11.1 epostnikof:v2.12.3 epostnikof:v2.12.2 epostnikof:v2.12.1 epostnikof:v2.12.0 epostnikof:v2.11.0 epostnikof:v2.10.4 epostnikof:v2.10.3 epostnikof:v2.10.0 epostnikof:v2.8.5 epostnikof:v2.9.0 epostnikof:v2.8.4 epostnikof:v2.8.3 epostnikof:v2.8.2 epostnikof:v2.8.1 epostnikof:v2.8.0 epostnikof:v2.7.0 epostnikof:v2.6.0 epostnikof:v2.5.0 epostnikof:v2.4.0 epostnikof:v2.3.0 epostnikof:v2.2.1 epostnikof:v2.2.0 epostnikof:v2.1.2 epostnikof:v2.1.1 epostnikof:test-tag-1 epostnikof:v2.1.0 epostnikof:v2.0.1 epostnikof:v2.0.0 epostnikof:v1.1.0 epostnikof:v1.0.1 epostnikof:v1.0.0 epostnikof:1.5.0 epostnikof:1.4.0 epostnikof:1.3.0_k1.1.3 epostnikof:1.3.0 epostnikof:v1.1.3 epostnikof:v1.1 epostnikof:v1.0
...
compare: epostnikof:release-2.25
Branches Tags
epostnikof:component_hash_update/master epostnikof:component_hash_update/release-2.29 epostnikof:release-2.29 epostnikof:master epostnikof:dependabot/pip/molecule-3baa0c6a05 epostnikof:release-2.27 epostnikof:release-2.28 epostnikof:component_hash_update/release-2.28 epostnikof:release-2.26 epostnikof:remove-ci-ok-to-test epostnikof:optional-coredns epostnikof:test/flatcar-4081 epostnikof:master-patch-updates epostnikof:symlinketcd epostnikof:ant31-patch-1 epostnikof:revert-11831-ipv6only epostnikof:test-ci epostnikof:release-2.25 epostnikof:release-2.24 epostnikof:reduce-vm-requests epostnikof:packet-test epostnikof:lean/pre-commit-hook-2 epostnikof:test-CI epostnikof:update-approvers-ant31 epostnikof:test-precommit epostnikof:release-2.23 epostnikof:release-2.22 epostnikof:release-2.21 epostnikof:release-2.20 epostnikof:release-2.19 epostnikof:release-2.18 epostnikof:pre-commit-hook epostnikof:floryut-patch-1 epostnikof:release-2.17 epostnikof:release-2.16 epostnikof:release-2.15 epostnikof:release-2.14 epostnikof:release-2.13 epostnikof:release-2.12 epostnikof:release-2.11 epostnikof:release-2.10 epostnikof:release-2.8 epostnikof:release-2.9 epostnikof:release-2.7
epostnikof:v2.29.1 epostnikof:v2.29.0 epostnikof:v2.28.1 epostnikof:v2.27.1 epostnikof:v2.28.0 epostnikof:v2.27.0 epostnikof:v2.25.1 epostnikof:v2.24.3 epostnikof:v2.26.0 epostnikof:v2.24.2 epostnikof:v2.25.0 epostnikof:v2.24.1 epostnikof:v2.22.2 epostnikof:v2.23.3 epostnikof:v2.24.0 epostnikof:v2.23.2 epostnikof:v2.23.1 epostnikof:v2.23.0 epostnikof:v2.22.1 epostnikof:v2.22.0 epostnikof:v2.21.0 epostnikof:v2.20.0 epostnikof:v2.19.1 epostnikof:v2.18.2 epostnikof:v2.19.0 epostnikof:v2.18.1 epostnikof:v2.18.0 epostnikof:v2.17.1 epostnikof:v2.17.0 epostnikof:v2.16.0 epostnikof:v2.15.1 epostnikof:v2.15.0 epostnikof:v2.14.2 epostnikof:v2.14.1 epostnikof:v2.12.10 epostnikof:v2.13.4 epostnikof:v2.14.0 epostnikof:v2.13.3 epostnikof:v2.12.9 epostnikof:v2.12.8 epostnikof:v2.12.7 epostnikof:v2.13.2 epostnikof:v2.13.1 epostnikof:v2.13.0 epostnikof:v2.12.6 epostnikof:v2.12.5 epostnikof:v2.12.4 epostnikof:v2.11.2 epostnikof:v2.11.1 epostnikof:v2.12.3 epostnikof:v2.12.2 epostnikof:v2.12.1 epostnikof:v2.12.0 epostnikof:v2.11.0 epostnikof:v2.10.4 epostnikof:v2.10.3 epostnikof:v2.10.0 epostnikof:v2.8.5 epostnikof:v2.9.0 epostnikof:v2.8.4 epostnikof:v2.8.3 epostnikof:v2.8.2 epostnikof:v2.8.1 epostnikof:v2.8.0 epostnikof:v2.7.0 epostnikof:v2.6.0 epostnikof:v2.5.0 epostnikof:v2.4.0 epostnikof:v2.3.0 epostnikof:v2.2.1 epostnikof:v2.2.0 epostnikof:v2.1.2 epostnikof:v2.1.1 epostnikof:test-tag-1 epostnikof:v2.1.0 epostnikof:v2.0.1 epostnikof:v2.0.0 epostnikof:v1.1.0 epostnikof:v1.0.1 epostnikof:v1.0.0 epostnikof:1.5.0 epostnikof:1.4.0 epostnikof:1.3.0_k1.1.3 epostnikof:1.3.0 epostnikof:v1.1.3 epostnikof:v1.1 epostnikof:v1.0

43 Commits
a56b5af1e0 ... release-2.

Author SHA1 Message Date
k8s-infra-cherrypick-robot
781f02fdda Revert "apiserver: fix incorrect path to admission plugins config files (#11779)" (#11812) 
This reverts commit 742409e663.

Co-authored-by: Max Gautier <mg@max.gautier.name>
 2024-12-18 17:40:11 +01:00
k8s-infra-cherrypick-robot
792407f934 apiserver: fix incorrect path to admission plugins config files (#11801) 
Co-authored-by: Max Gautier <mg@max.gautier.name>
 2024-12-16 10:16:52 +01:00
k8s-infra-cherrypick-robot
6c5bff6362 containerd: add After=dbus.service (#11783) 
This is needed for shutdown ordering: while at startup, it's not a
problem that containerd start before dbus (the dbus socket already
exists) it needs to shutdown before dbus to do its cleanup (asking
systemd via dbus to cleanup cgroups).

Co-authored-by: Max Gautier <mg@max.gautier.name>
 2024-12-11 16:32:03 +00:00
k8s-infra-cherrypick-robot
586ba66b7a Fix the pretty-printing of (core|nodelocal)dns (#11721) 
When using
dns_upstream_forward_extra_opts:
  prefer_udp: "" # the option as no value so use empty string to just
                 # put the key

This is rendered in the dns configmap as ($ for end-of-line)

...
  prefer_udp $
...

Note the trailing space.
This triggers https://github.com/kubernetes/kubernetes/issues/36222,
which makes the configmap hardly readable when editing them manually or
simply putting them in a yaml file for inspection.

Trim the concatenation of option + value to get rid of any trailing
space.

Co-authored-by: Max Gautier <mg@max.gautier.name>
 2024-11-18 09:34:53 +00:00
k8s-infra-cherrypick-robot
9fce511822 fix task naming in bootstrap-os (#11718) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Co-authored-by: bo.jiang <bo.jiang@daocloud.io>
 2024-11-17 18:04:52 +00:00
Robert Volkmann
d258df042f [2.25] Update KUBESPRAY_VERSION in galaxy.yml to v2.25.2 and Update Readme.md to v2.25.1 (#11629) 2024-11-05 06:03:30 +00:00
Etienne Divet
f4dd4056da Make kubernetes v1.29.10 default (#11666) 2024-10-25 14:12:55 +01:00
k8s-infra-cherrypick-robot
b3cc18a69f [release-2.25] Fix debian11-custom-cni failing test & upgrade debian12-custom-cni-helm chart version (#11659) 
* Test: update custom_cni values

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Test: fix cilium require kube_owner set to root

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Test: update custom_cni render manifests

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Test: fix render template pre-commit

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Test: update debian12-custom-cni-helm chart version to 1.16.3

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-10-22 17:32:52 +01:00
k8s-infra-cherrypick-robot
5988b69d66 Fix: cannot stop & remove all cri containers via remove_node.yml (#11638) 
Before adding these changes, `ansible_facts.services["containerd.service"]` will not defined and fail to check for triggering the container stop and delete behaviors.

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-10-16 02:35:03 +01:00
Robert Volkmann
9f6581ba95 [2.25] Update KUBESPRAY_VERSION in galaxy.yml to v2.25.1 (#11635) 2024-10-15 08:36:22 +01:00
Robert Volkmann
ef67a7428f [2.25] Update to last patch versions (kubernetes, helm) (#11599) 
* Add hashses for last patch versions for several components
- kubelet
- kubectl
- kubeadm
- calicoctl
- helm

* Use last patch version as default for several components
- kubelet, kubectl, kubeadm
- helm
 2024-10-10 15:20:24 +01:00
k8s-infra-cherrypick-robot
5b46cce52e Always copy cert generation scripts to first etcd (#11616) 
If we don't, existing installation would not pick up fix to that script,
such as dc33a1971d.

Co-authored-by: Max Gautier <mg@max.gautier.name>
 2024-10-10 09:26:25 +01:00
janosbabik
3780d2b528 [2.25] Update to last patch versions (containerd, runc, nerdctl, etcd) (#11576) 
* Update etcd, containerd, runc, nerdctl versions

* Update etcd and containerd versions in README
 2024-09-30 10:38:03 +01:00
k8s-infra-cherrypick-robot
1223ad25e0 fix elastx cleanup security groups (#11537) 
Co-authored-by: Kay Yan <kay.yan@daocloud.io>
 2024-09-18 08:04:45 +01:00
k8s-infra-cherrypick-robot
54a7ec56cd [release-2.25] Refactor and expand download_hash.py (#11539) 
* download_hash.py: generalized and data-driven

The script is currently limited to one hardcoded URL for kubernetes
related binaries, and a fixed set of architectures.

The solution is three-fold:
1. Use an url template dictionary for each download -> this allow to easily
   add support for new downloads.
2. Source the architectures to search from the existing data
3. Enumerate the existing versions in the data and start searching from
   the last one until no newer version is found (newer in the version
   order sense, irrespective of actual age)

* download_hash.py: support for 'multi-hash' file + runc

runc upstream does not provide one hash file per assets in their
releases, but one file with all the hashes.
To handle this (and/or any arbitrary format from upstreams), add a
dictionary mapping the name of the download to a lambda function which
transform the file provided by upstream into a dictionary of hashes,
keyed by architecture.

* download_hash: argument handling with argparse

Allow the script to be called with a list of components, to only
download new versions checksums for those.
By default, we get new versions checksums for all supported (by the
script) components.

* download_hash: propagate new patch versions to all archs

* download_hash: add support for 'simple hash' components

* download_hash: support 'multi-hash' components

* download_hash: document missing support

* download_hash: use persistent session

This allows to reuse http connection and be more efficient.
From rough measuring it saves around 25-30% of execution time.

* download_hash: cache request for 'multi-hash' files

This avoid re-downloading the same file for different arch and
re-parsing it

* download_hash: document usage

---------

Co-authored-by: Max Gautier <mg@max.gautier.name>
 2024-09-16 08:39:14 +01:00
k8s-infra-cherrypick-robot
986e99b318 Adding myself (VannTen) as approver (#11510) 
Co-authored-by: Max Gautier <mg@max.gautier.name>
 2024-09-05 09:22:56 +01:00
Mohamed Omar Zaian
0d09b19c6f [calico] Update calico to v3.27.4 to fix high cpu issues (#11476) 2024-08-29 04:26:29 +01:00
k8s-infra-cherrypick-robot
6c8d9d2a79 upgrade to 1.11.2 (#11464) 
Co-authored-by: Mohamed Zaian <mohamedzaian@gmail.com>
 2024-08-20 02:31:09 -07:00
k8s-infra-cherrypick-robot
0408fc7e98 Add tico88612 as reviewer (#11454) 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2024-08-19 00:14:48 -07:00
Mathieu Parent
9ebced2132 fix: use super-admin.conf for kube-vip on first master when it exists (#11422) (#11444) 
* fix: use super-admin.conf for kube-vip when it exists

* Mathieu Parent add as co-author

Co-authored-by: Mathieu Parent <math.parent@gmail.com>

* template change for readability

* fix lint error

---------

Co-authored-by: Mathieu Parent <math.parent@gmail.com>
(cherry picked from commit e43e08c7d1)

Co-authored-by: Selçuk Arıbalı <selcukaribali@outlook.com>
 2024-08-14 20:11:17 -07:00
k8s-infra-cherrypick-robot
5e5d23cd01 Check CentOS-Base.repo exists for CentOS 7 (#11438) 
Signed-off-by: tu1h <lihai.tu@daocloud.io>
Co-authored-by: tu1h <lihai.tu@daocloud.io>
 2024-08-12 05:15:34 -07:00
k8s-infra-cherrypick-robot
bd80766aca fix openstack cleanup (#11410) 
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
Co-authored-by: Kay Yan <kay.yan@daocloud.io>
 2024-08-09 02:21:44 -07:00
k8s-infra-cherrypick-robot
76d07e901f owners: move ant31 from emeritus to approvers (#11433) 
Co-authored-by: Antoine Legrand <2t.antoine@gmail.com>
 2024-08-08 04:55:46 -07:00
k8s-infra-cherrypick-robot
2624105e12 [release-2.25] CI: Remove Debian 10 support & macvlan test move to Debian 11 (#11429) 
* CI: macvlan test switch to debian 11 & default job

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

* CI: cilium-svc-proxy test switch to debian 12

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

* CI: remove debian 10 test

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

* Docs: remove debian 10 support

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
Co-authored-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-08-08 04:23:53 -07:00
k8s-infra-cherrypick-robot
6ee946494e CI: remove centos7 and weave jobs from test pipeline (#11428) 
Centos7 reached EOL and the jobs are failing.
Weave network is an archived project

Co-authored-by: ant31 <2t.antoine@gmail.com>
 2024-08-07 20:21:11 -07:00
k8s-infra-cherrypick-robot
09347d8b9b [release-2.25] CI: rework pipeline: short/extended based on labels (#11424) 
* CI: reduce VM resources requests to improve scheduling

* CI: Reduce default jobs; add labels(ci-full/extended) to run more test

* CI: use jobs dependencies instead of stages

* precommit one-job

* CI: Use Kubevirt VM to run Molecule and Vagrant jobs

---------

Co-authored-by: ant31 <2t.antoine@gmail.com>
 2024-08-07 18:52:01 -07:00
Mohamed Omar Zaian
98d1a453d7 [containerd] add hashes for versions '1.6.32-34', 'v1.7.17-20' and make v1.7.20 default (#11419) 2024-08-06 04:22:50 -07:00
Mohamed Omar Zaian
36a169bbc8 [kubernetes] Make kubernetes v1.29.7 default (#11408) 2024-08-05 18:58:49 -07:00
Kay Yan
0651e77492 Merge pull request #11355 from tico88612/bump/k8s-1.29.6 
[release-2.25] Bump Kubernetes to 1.29.6
 2024-07-26 18:22:20 +08:00
k8s-infra-cherrypick-robot
87a16d49b7 CI require a 'lgtm' or 'ok-to-test' labels to pass (#11390) 
- Require a 'lgtm' or 'ok-to-test' label for running CI after the
  moderator stage

Signed-off-by: ant31 <2t.antoine@gmail.com>
Co-authored-by: ant31 <2t.antoine@gmail.com>
 2024-07-25 18:33:42 -07:00
k8s-infra-cherrypick-robot
a78d5e78e2 fix-ci-packet_centos7-calico-ha-once-localhost (#11382) 
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
Co-authored-by: Kay Yan <kay.yan@daocloud.io>
 2024-07-19 06:22:04 -07:00
k8s-infra-cherrypick-robot
462e68b382 CI: switch to unprivileged Kaniko to build pipeline images (#11375) 
Co-authored-by: ant31 <2t.antoine@gmail.com>
 2024-07-14 23:11:10 -07:00
k8s-infra-cherrypick-robot
9b122fb5a8 [release-2.25] pre-commit: make hooks self contained + ci config (#11359) 
* Use alternate self-sufficient shellcheck precommit

This pre-commit does not require prerequisite on the host, making it
easier to run in CI workflows.

* Switch to upstream ansible-lint pre-commit hook

This way, the hook is self contained and does not depend on a previous
virtualenv installation.

* pre-commit: fix hooks dependencies

- ansible-syntax-check
- tox-inventory-builder
- jinja-syntax-check

* Fix ci-matrix pre-commit hook

- Remove dependency of pydblite which fails to setup on recent pythons
- Discard shell script and put everything into pre-commit

* pre-commit: apply autofixes hooks and fix the rest manually

- markdownlint (manual fix)
- end-of-file-fixer
- requirements-txt-fixer
- trailing-whitespace

* Convert check_typo to pre-commit + use maintained version

client9/misspell is unmaintained, and has been forked by the golangci
team, see https://github.com/client9/misspell/issues/197#issuecomment-1596318684.

They haven't yet added a pre-commit config, so use my fork with the
pre-commit hook config until the pull request is merged.

* collection-build-install convert to pre-commit

* Run pre-commit hooks in dynamic pipeline

Use gitlab dynamic child pipelines feature to have one source of truth
for the pre-commit jobs, the pre-commit config file.

Use one cache per pre-commit. This should reduce the "fetching cache"
time steps in gitlab-ci, since each job will have a separate cache with
only its hook installed.

* Remove gitlab-ci job done in pre-commit

* pre-commit: adjust mardownlint default, md fixes

Use a style file as recommended by upstream. This makes for only one
source of truth.
Conserve previous upstream default for MD007 (upstream default changed
here https://github.com/markdownlint/markdownlint/pull/373)

* Update pre-commit hooks

---------

Co-authored-by: Max Gautier <mg@max.gautier.name>
 2024-07-12 00:21:42 -07:00
tico88612
64ffcbf67f Docs: change kubernetes version to 1.29.6 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-07-11 21:31:43 +08:00
tico88612
b7757ddbe8 Feat: change default version to 1.29.6 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-07-11 21:31:42 +08:00
tico88612
95e42017b9 Feat: add k8s 1.29.6 checksum 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-07-11 21:31:42 +08:00
k8s-infra-cherrypick-robot
8d80b99941 Feat: Update CentOS 7 EOL package to vault.centos.org (#11365) 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
Co-authored-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-07-11 01:41:27 -07:00
k8s-infra-cherrypick-robot
00281eae25 add ingress controller svc nodeport param (#11339) 
Co-authored-by: mochizuki875 <mzk875@gmail.com>
 2024-07-01 04:00:51 -07:00
k8s-infra-cherrypick-robot
18488a53b0 Docs: update ubuntu support version & docker version (#11333) 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
Co-authored-by: tico88612 <17496418+tico88612@users.noreply.github.com>
 2024-07-01 03:54:15 -07:00
k8s-infra-cherrypick-robot
2f5e2af414 add ingress controller admission svc (#11332) 
Co-authored-by: mochizuki875 <mzk875@gmail.com>
 2024-06-27 02:42:00 -07:00
k8s-infra-cherrypick-robot
2e0008c3fb Pipeline image: add qemu-utils (#11288) 
Co-authored-by: ant31 <2t.antoine@gmail.com>
 2024-06-10 09:28:34 -07:00
k8s-infra-cherrypick-robot
881452d0f9 fix(bootstrap-os): do not install pkgs requirements on flatcar (#11252) 
Fix regression added in 663fcd104c for
flatcar nodes.

See: 663fcd104c

Co-authored-by: Anthony Delannoy <adelannoy@wiremind.io>
 2024-05-31 02:41:33 -07:00
k8s-infra-cherrypick-robot
6443d43bd4 Allow empty kube_node group (#11249) 
While uncommon, provisioning only a control plane is a valid use case,
so don't block it.

Co-authored-by: Max Gautier <mg@max.gautier.name>
 2024-05-30 05:26:06 -07:00
120 changed files with 1902 additions and 791 deletions
Expand all files Collapse all files

55
.gitlab-ci.yml
View File

@@ -1,12 +1,9 @@
---
stages:
- build
- unit-tests
- test
- deploy-part1
- moderator
- deploy-part2
- deploy-part3
- deploy-special
- deploy-extended
variables:
KUBESPRAY_VERSION: v2.24.1
@@ -43,15 +40,26 @@ before_script:
.job: &job
tags:
- packet
- ffci
image: $PIPELINE_IMAGE
artifacts:
when: always
paths:
- cluster-dump/
needs:
- pipeline-image
.job-moderated:
extends: .job
needs:
- pipeline-image
- ci-not-authorized
- check-galaxy-version # lint
- pre-commit # lint
- vagrant-validate # lint
.testcases: &testcases
<<: *job
extends: .job-moderated
retry: 1
interruptible: true
before_script:
@@ -61,23 +69,38 @@ before_script:
script:
- ./tests/scripts/testcases_run.sh
after_script:
- chronic ./tests/scripts/testcases_cleanup.sh
- ./tests/scripts/testcases_cleanup.sh
# For failfast, at least 1 job must be defined in .gitlab-ci.yml
# Premoderated with manual actions
ci-authorized:
extends: .job
stage: moderator
ci-not-authorized:
stage: build
before_script: []
after_script: []
rules:
# LGTM or ok-to-test labels
- if: $PR_LABELS =~ /.*,(lgtm|approved|ok-to-test).*|^(lgtm|approved|ok-to-test).*/i
variables:
CI_OK_TO_TEST: '0'
when: always
- if: $CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_SOURCE == "trigger"
variables:
CI_OK_TO_TEST: '0'
- if: $CI_COMMIT_BRANCH == "master"
variables:
CI_OK_TO_TEST: '0'
- when: always
variables:
CI_OK_TO_TEST: '1'
script:
- /bin/sh scripts/premoderator.sh
except: ['triggers', 'master']
# Disable ci moderator
only: []
- exit $CI_OK_TO_TEST
tags:
- ffci
needs: []
include:
- .gitlab-ci/build.yml
- .gitlab-ci/lint.yml
- .gitlab-ci/shellcheck.yml
- .gitlab-ci/terraform.yml
- .gitlab-ci/packet.yml
- .gitlab-ci/vagrant.yml

58
.gitlab-ci/build.yml
View File

@@ -1,40 +1,32 @@
---
.build:
.build-container:
cache:
key: $CI_COMMIT_REF_SLUG
paths:
- image-cache
tags:
- ffci
stage: build
image:
name: moby/buildkit:rootless
entrypoint: [""]
name: gcr.io/kaniko-project/executor:debug
entrypoint: ['']
variables:
BUILDKITD_FLAGS: --oci-worker-no-process-sandbox
TAG: $CI_COMMIT_SHORT_SHA
PROJECT_DIR: $CI_PROJECT_DIR
DOCKERFILE: Dockerfile
GODEBUG: "http2client=0"
before_script:
- mkdir ~/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > ~/.docker/config.json
pipeline image:
extends: .build
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(echo -n ${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD} | base64)\"}}}" > /kaniko/.docker/config.json
script:
- |
buildctl-daemonless.sh build \
--frontend=dockerfile.v0 \
--local context=. \
--local dockerfile=. \
--opt filename=./pipeline.Dockerfile \
--output type=image,name=$PIPELINE_IMAGE,push=true \
--import-cache type=registry,ref=$CI_REGISTRY_IMAGE/pipeline:cache
rules:
- if: '$CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH'
- /kaniko/executor --cache=true
--cache-dir=image-cache
--context $PROJECT_DIR
--dockerfile $PROJECT_DIR/$DOCKERFILE
--label 'git-branch'=$CI_COMMIT_REF_SLUG
--label 'git-tag=$CI_COMMIT_TAG'
--destination $PIPELINE_IMAGE
pipeline image and build cache:
extends: .build
script:
- |
buildctl-daemonless.sh build \
--frontend=dockerfile.v0 \
--local context=. \
--local dockerfile=. \
--opt filename=./pipeline.Dockerfile \
--output type=image,name=$PIPELINE_IMAGE,push=true \
--import-cache type=registry,ref=$CI_REGISTRY_IMAGE/pipeline:cache \
--export-cache type=registry,ref=$CI_REGISTRY_IMAGE/pipeline:cache,mode=max
rules:
- if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'
pipeline-image:
extends: .build-container
variables:
DOCKERFILE: pipeline.Dockerfile

131
.gitlab-ci/lint.yml
View File

@@ -1,126 +1,35 @@
---
yamllint:
extends: .job
stage: unit-tests
tags: [light]
pre-commit:
stage: test
tags:
- ffci
image: 'ghcr.io/pre-commit-ci/runner-image@sha256:aaf2c7b38b22286f2d381c11673bec571c28f61dd086d11b43a1c9444a813cef'
variables:
LANG: C.UTF-8
PRE_COMMIT_HOME: /pre-commit-cache
script:
- yamllint --strict .
except: ['triggers', 'master']
- pre-commit run --all-files
cache:
key: pre-commit-all
paths:
- /pre-commit-cache
needs: []
vagrant-validate:
extends: .job
stage: unit-tests
tags: [light]
stage: test
tags: [ffci]
variables:
VAGRANT_VERSION: 2.3.7
script:
- ./tests/scripts/vagrant-validate.sh
- ./tests/scripts/vagrant-validate.sh
except: ['triggers', 'master']
ansible-lint:
extends: .job
stage: unit-tests
tags: [light]
script:
- ansible-lint -v
except: ['triggers', 'master']
jinja-syntax-check:
extends: .job
stage: unit-tests
tags: [light]
script:
- "find -name '*.j2' -exec tests/scripts/check-templates.py {} +"
except: ['triggers', 'master']
syntax-check:
extends: .job
stage: unit-tests
tags: [light]
variables:
ANSIBLE_INVENTORY: inventory/local-tests.cfg
ANSIBLE_REMOTE_USER: root
ANSIBLE_BECOME: "true"
ANSIBLE_BECOME_USER: root
ANSIBLE_VERBOSITY: "3"
script:
- ansible-playbook --syntax-check cluster.yml
- ansible-playbook --syntax-check playbooks/cluster.yml
- ansible-playbook --syntax-check upgrade-cluster.yml
- ansible-playbook --syntax-check playbooks/upgrade_cluster.yml
- ansible-playbook --syntax-check reset.yml
- ansible-playbook --syntax-check playbooks/reset.yml
- ansible-playbook --syntax-check extra_playbooks/upgrade-only-k8s.yml
except: ['triggers', 'master']
collection-build-install-sanity-check:
extends: .job
stage: unit-tests
tags: [light]
variables:
ANSIBLE_COLLECTIONS_PATH: "./ansible_collections"
script:
- ansible-galaxy collection build
- ansible-galaxy collection install kubernetes_sigs-kubespray-$(grep "^version:" galaxy.yml | awk '{print $2}').tar.gz
- ansible-galaxy collection list $(egrep -i '(name:\s+|namespace:\s+)' galaxy.yml | awk '{print $2}' | tr '\n' '.' | sed 's|\.$||g') | grep "^kubernetes_sigs.kubespray"
- test -f ansible_collections/kubernetes_sigs/kubespray/playbooks/cluster.yml
- test -f ansible_collections/kubernetes_sigs/kubespray/playbooks/reset.yml
except: ['triggers', 'master']
tox-inventory-builder:
stage: unit-tests
tags: [light]
extends: .job
before_script:
- ./tests/scripts/rebase.sh
script:
- pip3 install tox
- cd contrib/inventory_builder && tox
except: ['triggers', 'master']
markdownlint:
stage: unit-tests
tags: [light]
image: node
before_script:
- npm install -g markdownlint-cli@0.22.0
script:
- markdownlint $(find . -name '*.md' | grep -vF './.git') --ignore docs/_sidebar.md --ignore contrib/dind/README.md
generate-sidebar:
extends: .job
stage: unit-tests
tags: [light]
script:
- scripts/gen_docs_sidebar.sh
- git diff --exit-code
check-readme-versions:
stage: unit-tests
tags: [light]
image: python:3
script:
- tests/scripts/check_readme_versions.sh
# TODO: convert to pre-commit hook
check-galaxy-version:
stage: unit-tests
tags: [light]
needs: []
stage: test
tags: [ffci]
image: python:3
script:
- tests/scripts/check_galaxy_version.sh
check-typo:
stage: unit-tests
tags: [light]
image: python:3
script:
- tests/scripts/check_typo.sh
ci-matrix:
stage: unit-tests
tags: [light]
image: python:3
script:
- tests/scripts/md-table/test.sh
- tests/scripts/check_galaxy_version.sh

64
.gitlab-ci/molecule.yml
View File

@@ -1,30 +1,42 @@
---
.molecule:
tags: [c3.small.x86]
tags: [ffci-vm-med]
only: [/^pr-.*$/]
except: ['triggers']
image: $PIPELINE_IMAGE
image: quay.io/kubespray/vm-kubespray-ci:v6
services: []
stage: deploy-part1
needs: []
# - ci-not-authorized
variables:
VAGRANT_DEFAULT_PROVIDER: "libvirt"
before_script:
- tests/scripts/rebase.sh
- ./tests/scripts/vagrant_clean.sh
- groups
- python3 -m venv citest
- source citest/bin/activate
- vagrant plugin expunge --reinstall --force --no-tty
- vagrant plugin install vagrant-libvirt
- pip install --no-compile --no-cache-dir pip -U
- pip install --no-compile --no-cache-dir -r $CI_PROJECT_DIR/requirements.txt
- pip install --no-compile --no-cache-dir -r $CI_PROJECT_DIR/tests/requirements.txt
- ./tests/scripts/rebase.sh
- ./tests/scripts/vagrant_clean.sh
script:
- ./tests/scripts/molecule_run.sh
- ./tests/scripts/molecule_run.sh
after_script:
- chronic ./tests/scripts/molecule_logs.sh
- ./tests/scripts/molecule_logs.sh
artifacts:
when: always
paths:
- molecule_logs/
- molecule_logs/
# CI template for periodic CI jobs
# Enabled when PERIODIC_CI_ENABLED var is set
.molecule_periodic:
only:
variables:
- $PERIODIC_CI_ENABLED
- $PERIODIC_CI_ENABLED
allow_failure: true
extends: .molecule
@@ -34,50 +46,50 @@ molecule_full:
molecule_no_container_engines:
extends: .molecule
script:
- ./tests/scripts/molecule_run.sh -e container-engine
- ./tests/scripts/molecule_run.sh -e container-engine
when: on_success
molecule_docker:
extends: .molecule
script:
- ./tests/scripts/molecule_run.sh -i container-engine/cri-dockerd
- ./tests/scripts/molecule_run.sh -i container-engine/cri-dockerd
when: on_success
molecule_containerd:
extends: .molecule
script:
- ./tests/scripts/molecule_run.sh -i container-engine/containerd
- ./tests/scripts/molecule_run.sh -i container-engine/containerd
when: on_success
molecule_cri-o:
extends: .molecule
stage: deploy-part2
stage: deploy-part1
script:
- ./tests/scripts/molecule_run.sh -i container-engine/cri-o
- ./tests/scripts/molecule_run.sh -i container-engine/cri-o
allow_failure: true
when: on_success
# Stage 3 container engines don't get as much attention so allow them to fail
molecule_kata:
extends: .molecule
stage: deploy-part3
script:
- ./tests/scripts/molecule_run.sh -i container-engine/kata-containers
when: manual
# FIXME: this test is broken (perma-failing)
# # Stage 3 container engines don't get as much attention so allow them to fail
# molecule_kata:
# extends: .molecule
# stage: deploy-extended
# script:
# - ./tests/scripts/molecule_run.sh -i container-engine/kata-containers
# when: manual
# # FIXME: this test is broken (perma-failing)
molecule_gvisor:
extends: .molecule
stage: deploy-part3
stage: deploy-extended
script:
- ./tests/scripts/molecule_run.sh -i container-engine/gvisor
- ./tests/scripts/molecule_run.sh -i container-engine/gvisor
when: manual
# FIXME: this test is broken (perma-failing)
molecule_youki:
extends: .molecule
stage: deploy-part3
stage: deploy-extended
script:
- ./tests/scripts/molecule_run.sh -i container-engine/youki
- ./tests/scripts/molecule_run.sh -i container-engine/youki
when: manual
# FIXME: this test is broken (perma-failing)

402
.gitlab-ci/packet.yml
View File

@@ -6,14 +6,56 @@
CI_PLATFORM: packet
SSH_USER: kubespray
tags:
- packet
except: [triggers]
- ffci
needs:
- pipeline-image
- ci-not-authorized
# CI template for PRs
.packet_pr:
only: [/^pr-.*$/]
stage: deploy-part1
rules:
- if: $PR_LABELS =~ /.*ci-short.*/
when: manual
allow_failure: true
- if: $CI_COMMIT_BRANCH =~ /^pr-.*$/
when: on_success
- when: manual
allow_failure: true
extends: .packet
## Uncomment this to have multiple stages
# needs:
# - packet_ubuntu20-calico-all-in-one
.packet_pr_short:
stage: deploy-part1
extends: .packet
rules:
- if: $CI_COMMIT_BRANCH =~ /^pr-.*$/
when: on_success
- when: manual
allow_failure: true
.packet_pr_manual:
extends: .packet_pr
stage: deploy-extended
rules:
- if: $PR_LABELS =~ /.*ci-full.*/
when: on_success
# Else run as manual
- when: manual
allow_failure: true
.packet_pr_extended:
extends: .packet_pr
stage: deploy-extended
rules:
- if: $PR_LABELS =~ /.*(ci-extended|ci-full).*/
when: on_success
- when: manual
allow_failure: true
# CI template for periodic CI jobs
# Enabled when PERIODIC_CI_ENABLED var is set
.packet_periodic:
@@ -34,314 +76,172 @@ packet_cleanup_old:
# The ubuntu20-calico-all-in-one jobs are meant as early stages to prevent running the full CI if something is horribly broken
packet_ubuntu20-calico-all-in-one:
stage: deploy-part1
extends: .packet_pr
when: on_success
extends: .packet_pr_short
variables:
RESET_CHECK: "true"
# ### PR JOBS PART2
packet_ubuntu20-all-in-one-docker:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_ubuntu20-calico-all-in-one-hardening:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_ubuntu22-all-in-one-docker:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_ubuntu20-crio:
extends: .packet_pr_manual
packet_ubuntu22-calico-all-in-one:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_ubuntu24-all-in-one-docker:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_ubuntu24-calico-all-in-one:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_ubuntu24-calico-etcd-datastore:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_centos7-flannel-addons-ha:
extends: .packet_pr
stage: deploy-part2
when: on_success
packet_almalinux8-crio:
extends: .packet_pr
stage: deploy-part2
when: on_success
allow_failure: true
packet_ubuntu20-crio:
extends: .packet_pr
stage: deploy-part2
when: manual
packet_fedora37-crio:
extends: .packet_pr
stage: deploy-part2
when: manual
packet_ubuntu20-flannel-ha:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_debian10-cilium-svc-proxy:
stage: deploy-part2
extends: .packet_periodic
when: on_success
packet_debian10-calico:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_debian10-docker:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_debian11-calico:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_debian11-docker:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_debian12-calico:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_debian12-docker:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_debian12-cilium:
stage: deploy-part2
extends: .packet_periodic
when: on_success
packet_centos7-calico-ha-once-localhost:
stage: deploy-part2
extends: .packet_pr
when: on_success
variables:
# This will instruct Docker not to start over TLS.
DOCKER_TLS_CERTDIR: ""
services:
- docker:19.03.9-dind
packet_almalinux8-kube-ovn:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_almalinux8-calico:
stage: deploy-part2
packet_debian11-calico:
extends: .packet_pr
packet_debian11-macvlan:
extends: .packet_pr
packet_debian12-cilium:
extends: .packet_pr
when: on_success
packet_rockylinux8-calico:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_rockylinux9-calico:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_rockylinux9-cilium:
stage: deploy-part2
extends: .packet_pr
when: on_success
variables:
RESET_CHECK: "true"
packet_almalinux8-docker:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_amazon-linux-2-all-in-one:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_fedora38-docker-weave:
stage: deploy-part2
extends: .packet_pr
when: on_success
allow_failure: true
packet_opensuse-docker-cilium:
stage: deploy-part2
extends: .packet_pr
when: on_success
# ### MANUAL JOBS
packet_ubuntu20-docker-weave-sep:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_ubuntu20-cilium-sep:
stage: deploy-special
extends: .packet_pr
when: manual
packet_ubuntu20-flannel-ha-once:
stage: deploy-part2
extends: .packet_pr
when: manual
## Extended
packet_debian11-docker:
extends: .packet_pr_extended
# Calico HA eBPF
packet_almalinux8-calico-ha-ebpf:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_debian12-docker:
extends: .packet_pr_extended
packet_debian10-macvlan:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_centos7-calico-ha:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_centos7-multus-calico:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_fedora38-docker-calico:
stage: deploy-part2
extends: .packet_periodic
when: on_success
variables:
RESET_CHECK: "true"
packet_fedora37-calico-selinux:
stage: deploy-part2
extends: .packet_periodic
when: on_success
packet_fedora37-calico-swap-selinux:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_almalinux8-calico-nodelocaldns-secondary:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_fedora38-kube-ovn:
stage: deploy-part2
extends: .packet_periodic
when: on_success
packet_debian11-custom-cni:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_debian11-kubelet-csr-approver:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_debian12-custom-cni-helm:
stage: deploy-part2
extends: .packet_pr
when: manual
# ### PR JOBS PART3
# Long jobs (45min+)
packet_centos7-weave-upgrade-ha:
stage: deploy-part3
extends: .packet_periodic
when: on_success
variables:
UPGRADE_TEST: basic
packet_ubuntu20-calico-etcd-kubeadm-upgrade-ha:
stage: deploy-part3
extends: .packet_periodic
when: on_success
variables:
UPGRADE_TEST: basic
# Calico HA Wireguard
packet_ubuntu20-calico-ha-wireguard:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_debian11-calico-upgrade:
stage: deploy-part3
extends: .packet_pr
when: on_success
variables:
UPGRADE_TEST: graceful
packet_debian12-calico:
extends: .packet_pr_extended
packet_almalinux8-calico-remove-node:
stage: deploy-part3
extends: .packet_pr
when: on_success
extends: .packet_pr_extended
variables:
REMOVE_NODE_CHECK: "true"
REMOVE_NODE_NAME: "instance-3"
packet_rockylinux9-calico:
extends: .packet_pr_extended
packet_almalinux8-calico:
extends: .packet_pr_extended
packet_almalinux8-docker:
extends: .packet_pr_extended
packet_ubuntu20-calico-all-in-one-hardening:
extends: .packet_pr_extended
packet_ubuntu24-calico-all-in-one:
extends: .packet_pr_extended
packet_ubuntu20-calico-etcd-kubeadm:
stage: deploy-part3
extends: .packet_pr
when: on_success
extends: .packet_pr_extended
packet_ubuntu24-all-in-one-docker:
extends: .packet_pr_extended
packet_ubuntu22-all-in-one-docker:
extends: .packet_pr_extended
# ### MANUAL JOBS
packet_fedora37-crio:
extends: .packet_pr_manual
packet_ubuntu20-flannel-ha:
extends: .packet_pr_manual
packet_ubuntu20-all-in-one-docker:
extends: .packet_pr_manual
packet_ubuntu20-flannel-ha-once:
extends: .packet_pr_manual
packet_fedora37-calico-swap-selinux:
extends: .packet_pr_manual
packet_almalinux8-calico-ha-ebpf:
extends: .packet_pr_manual
packet_almalinux8-calico-nodelocaldns-secondary:
extends: .packet_pr_manual
packet_debian11-custom-cni:
extends: .packet_pr_manual
packet_debian11-kubelet-csr-approver:
extends: .packet_pr_manual
packet_debian12-custom-cni-helm:
extends: .packet_pr_manual
packet_ubuntu20-calico-ha-wireguard:
extends: .packet_pr_manual
# PERIODIC
packet_fedora38-docker-calico:
stage: deploy-extended
extends: .packet_periodic
variables:
RESET_CHECK: "true"
packet_fedora37-calico-selinux:
stage: deploy-extended
extends: .packet_periodic
packet_ubuntu20-calico-etcd-kubeadm-upgrade-ha:
stage: deploy-extended
extends: .packet_periodic
variables:
UPGRADE_TEST: basic
packet_debian11-calico-upgrade-once:
stage: deploy-part3
stage: deploy-extended
extends: .packet_periodic
when: on_success
variables:
UPGRADE_TEST: graceful
packet_ubuntu20-calico-ha-recover:
stage: deploy-part3
stage: deploy-extended
extends: .packet_periodic
when: on_success
variables:
RECOVER_CONTROL_PLANE_TEST: "true"
RECOVER_CONTROL_PLANE_TEST_GROUPS: "etcd[2:]:kube_control_plane[1:]"
packet_ubuntu20-calico-ha-recover-noquorum:
stage: deploy-part3
stage: deploy-extended
extends: .packet_periodic
when: on_success
variables:
RECOVER_CONTROL_PLANE_TEST: "true"
RECOVER_CONTROL_PLANE_TEST_GROUPS: "etcd[1:]:kube_control_plane[1:]"
packet_debian11-calico-upgrade:
stage: deploy-extended
extends: .packet_periodic
variables:
UPGRADE_TEST: graceful
packet_debian12-cilium-svc-proxy:
stage: deploy-extended
extends: .packet_periodic

17
.gitlab-ci/pre-commit-dynamic-stub.yml Normal file
View File

@@ -0,0 +1,17 @@
---
# stub pipeline for dynamic generation
pre-commit:
tags:
- light
image: 'ghcr.io/pre-commit-ci/runner-image@sha256:aaf2c7b38b22286f2d381c11673bec571c28f61dd086d11b43a1c9444a813cef'
variables:
PRE_COMMIT_HOME: /pre-commit-cache
script:
- pre-commit run --all-files
cache:
key: pre-commit-$HOOK_ID
paths:
- /pre-commit-cache
parallel:
matrix:
- HOOK_ID:

16
.gitlab-ci/shellcheck.yml
View File

@@ -1,16 +0,0 @@
---
shellcheck:
extends: .job
stage: unit-tests
tags: [light]
variables:
SHELLCHECK_VERSION: v0.7.1
before_script:
- ./tests/scripts/rebase.sh
- curl --silent --location "https://github.com/koalaman/shellcheck/releases/download/"${SHELLCHECK_VERSION}"/shellcheck-"${SHELLCHECK_VERSION}".linux.x86_64.tar.xz" | tar -xJv
- cp shellcheck-"${SHELLCHECK_VERSION}"/shellcheck /usr/bin/
- shellcheck --version
script:
# Run shellcheck for all *.sh
- find . -name '*.sh' -not -path './.git/*' | xargs shellcheck --severity error
except: ['triggers', 'master']

22
.gitlab-ci/terraform.yml
View File

@@ -2,6 +2,10 @@
# Tests for contrib/terraform/
.terraform_install:
extends: .job
needs:
- ci-not-authorized
- pipeline-image
stage: deploy-part1
before_script:
- update-alternatives --install /usr/bin/python python /usr/bin/python3 1
- ./tests/scripts/rebase.sh
@@ -24,17 +28,19 @@
.terraform_validate:
extends: .terraform_install
stage: unit-tests
tags: [light]
tags: [ffci]
only: ['master', /^pr-.*$/]
script:
- terraform -chdir="contrib/terraform/$PROVIDER" validate
- terraform -chdir="contrib/terraform/$PROVIDER" fmt -check -diff
stage: test
needs:
- pipeline-image
.terraform_apply:
extends: .terraform_install
tags: [light]
stage: deploy-part3
tags: [ffci]
stage: deploy-extended
when: manual
only: [/^pr-.*$/]
artifacts:
@@ -51,7 +57,7 @@
- tests/scripts/testcases_run.sh
after_script:
# Cleanup regardless of exit code
- chronic ./tests/scripts/testcases_cleanup.sh
- ./tests/scripts/testcases_cleanup.sh
tf-validate-openstack:
extends: .terraform_validate
@@ -146,8 +152,7 @@ tf-validate-nifcloud:
TF_VAR_router_id: "ab95917c-41fb-4881-b507-3a6dfe9403df"
tf-elastx_cleanup:
stage: unit-tests
tags: [light]
tags: [ffci]
image: python
variables:
<<: *elastx_variables
@@ -155,10 +160,11 @@ tf-elastx_cleanup:
- pip install -r scripts/openstack-cleanup/requirements.txt
script:
- ./scripts/openstack-cleanup/main.py
allow_failure: true
tf-elastx_ubuntu20-calico:
extends: .terraform_apply
stage: deploy-part3
stage: deploy-part1
when: on_success
allow_failure: true
variables:

47
.gitlab-ci/vagrant.yml
View File

@@ -1,64 +1,63 @@
---
.vagrant:
extends: .testcases
needs:
- ci-not-authorized
variables:
CI_PLATFORM: "vagrant"
SSH_USER: "vagrant"
VAGRANT_DEFAULT_PROVIDER: "libvirt"
KUBESPRAY_VAGRANT_CONFIG: tests/files/${CI_JOB_NAME}.rb
tags: [c3.small.x86]
only: [/^pr-.*$/]
except: ['triggers']
image: $PIPELINE_IMAGE
DOCKER_NAME: vagrant
VAGRANT_ANSIBLE_TAGS: facts
tags: [ffci-vm-large]
# only: [/^pr-.*$/]
# except: ['triggers']
image: quay.io/kubespray/vm-kubespray-ci:v6
services: []
before_script:
- echo $USER
- python3 -m venv citest
- source citest/bin/activate
- vagrant plugin expunge --reinstall --force --no-tty
- vagrant plugin install vagrant-libvirt
- pip install --no-compile --no-cache-dir pip -U
- pip install --no-compile --no-cache-dir -r $CI_PROJECT_DIR/requirements.txt
- pip install --no-compile --no-cache-dir -r $CI_PROJECT_DIR/tests/requirements.txt
- ./tests/scripts/vagrant_clean.sh
script:
- ./tests/scripts/testcases_run.sh
after_script:
- chronic ./tests/scripts/testcases_cleanup.sh
vagrant_ubuntu20-calico-dual-stack:
stage: deploy-part2
stage: deploy-extended
extends: .vagrant
when: manual
# FIXME: this test if broken (perma-failing)
vagrant_ubuntu20-weave-medium:
stage: deploy-part2
extends: .vagrant
when: manual
vagrant_ubuntu20-flannel:
stage: deploy-part2
stage: deploy-part1
extends: .vagrant
when: on_success
allow_failure: false
vagrant_ubuntu20-flannel-collection:
stage: deploy-part2
stage: deploy-extended
extends: .vagrant
when: on_success
when: manual
vagrant_ubuntu20-kube-router-sep:
stage: deploy-part2
stage: deploy-extended
extends: .vagrant
when: manual
# Service proxy test fails connectivity testing
vagrant_ubuntu20-kube-router-svc-proxy:
stage: deploy-part2
stage: deploy-extended
extends: .vagrant
when: manual
vagrant_fedora37-kube-router:
stage: deploy-part2
stage: deploy-extended
extends: .vagrant
when: manual
# FIXME: this test if broken (perma-failing)
vagrant_centos7-kube-router:
stage: deploy-part2
extends: .vagrant
when: manual

3
.markdownlint.yaml
View File

@@ -1,3 +0,0 @@
---
MD013: false
MD029: false

4
.md_style.rb Normal file
View File

@@ -0,0 +1,4 @@
all
exclude_rule 'MD013'
exclude_rule 'MD029'
rule 'MD007', :indent => 2

1
.mdlrc Normal file
View File

@@ -0,0 +1 @@
style "#{File.dirname(__FILE__)}/.md_style.rb"

58
.pre-commit-config.yaml
View File

@@ -1,7 +1,7 @@
---
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v3.4.0
rev: v4.6.0
hooks:
- id: check-added-large-files
- id: check-case-conflict
@@ -15,47 +15,59 @@ repos:
- id: trailing-whitespace
- repo: https://github.com/adrienverge/yamllint.git
rev: v1.27.1
rev: v1.35.1
hooks:
- id: yamllint
args: [--strict]
- repo: https://github.com/markdownlint/markdownlint
rev: v0.11.0
rev: v0.12.0
hooks:
- id: markdownlint
args: [-r, "~MD013,~MD029"]
exclude: "^.git"
exclude: "^.github|(^docs/_sidebar\\.md$)"
- repo: https://github.com/jumanjihouse/pre-commit-hooks
rev: 3.0.0
- repo: https://github.com/shellcheck-py/shellcheck-py
rev: v0.10.0.1
hooks:
- id: shellcheck
args: [--severity, "error"]
args: ["--severity=error"]
exclude: "^.git"
files: "\\.sh$"
- repo: local
- repo: https://github.com/ansible/ansible-lint
rev: v24.5.0
hooks:
- id: ansible-lint
name: ansible-lint
entry: ansible-lint -v
language: python
pass_filenames: false
additional_dependencies:
- .[community]
- ansible==9.5.1
- jsonschema==4.22.0
- jmespath==1.0.1
- netaddr==1.2.1
- repo: https://github.com/VannTen/misspell
# Waiting on https://github.com/golangci/misspell/pull/19 to get merged
rev: 8592a4e
hooks:
- id: misspell
exclude: "OWNERS_ALIASES$"
- repo: local
hooks:
- id: ansible-syntax-check
name: ansible-syntax-check
entry: env ANSIBLE_INVENTORY=inventory/local-tests.cfg ANSIBLE_REMOTE_USER=root ANSIBLE_BECOME="true" ANSIBLE_BECOME_USER=root ANSIBLE_VERBOSITY="3" ansible-playbook --syntax-check
language: python
files: "^cluster.yml|^upgrade-cluster.yml|^reset.yml|^extra_playbooks/upgrade-only-k8s.yml"
additional_dependencies:
- ansible==9.5.1
- id: tox-inventory-builder
name: tox-inventory-builder
entry: bash -c "cd contrib/inventory_builder && tox"
language: python
pass_filenames: false
additional_dependencies:
- tox==4.15.0
- id: check-readme-versions
name: check-readme-versions
@@ -63,6 +75,14 @@ repos:
language: script
pass_filenames: false
- id: collection-build-install
name: Build and install kubernetes-sigs.kubespray Ansible collection
language: python
additional_dependencies:
- ansible-core>=2.16.4
entry: tests/scripts/collection-build-install.sh
pass_filenames: false
- id: generate-docs-sidebar
name: generate-docs-sidebar
entry: scripts/gen_docs_sidebar.sh
@@ -71,9 +91,13 @@ repos:
- id: ci-matrix
name: ci-matrix
entry: tests/scripts/md-table/test.sh
language: script
entry: tests/scripts/md-table/main.py
language: python
pass_filenames: false
additional_dependencies:
- jinja2
- pathlib
- pyaml
- id: jinja-syntax-check
name: jinja-syntax-check
@@ -82,4 +106,4 @@ repos:
types:
- jinja
additional_dependencies:
- Jinja2
- jinja2

4
OWNERS_ALIASES
View File

@@ -6,15 +6,17 @@ aliases:
- mzaian
- oomichi
- yankay
- ant31
- vannten
kubespray-reviewers:
- cyclinder
- erikjiang
- mrfreezeex
- mzaian
- tico88612
- vannten
- yankay
kubespray-emeritus_approvers:
- ant31
- atoms
- chadswen
- luckysb

25
README.md
View File

@@ -75,11 +75,11 @@ You will then need to use [bind mounts](https://docs.docker.com/storage/bind-mou
to access the inventory and SSH key in the container, like this:
```ShellSession
git checkout v2.24.1
docker pull quay.io/kubespray/kubespray:v2.24.1
git checkout v2.25.1
docker pull quay.io/kubespray/kubespray:v2.25.1
docker run --rm -it --mount type=bind,source="$(pwd)"/inventory/sample,dst=/inventory \
--mount type=bind,source="${HOME}"/.ssh/id_rsa,dst=/root/.ssh/id_rsa \
quay.io/kubespray/kubespray:v2.24.1 bash
quay.io/kubespray/kubespray:v2.25.1 bash
# Inside the container you may now run the kubespray playbooks:
ansible-playbook -i /inventory/inventory.ini --private-key /root/.ssh/id_rsa cluster.yml
```
@@ -141,8 +141,8 @@ vagrant up
## Supported Linux Distributions
- **Flatcar Container Linux by Kinvolk**
- **Debian** Bookworm, Bullseye, Buster
- **Ubuntu** 20.04, 22.04
- **Debian** Bookworm, Bullseye
- **Ubuntu** 20.04, 22.04, 24.04
- **CentOS/RHEL** 7, [8, 9](docs/operating_systems/centos.md#centos-8)
- **Fedora** 37, 38
- **Fedora CoreOS** (see [fcos Note](docs/operating_systems/fcos.md))
@@ -160,14 +160,14 @@ Note: Upstart/SysV init based OS types are not supported.
## Supported Components
- Core
- [kubernetes](https://github.com/kubernetes/kubernetes) v1.29.5
- [etcd](https://github.com/etcd-io/etcd) v3.5.12
- [docker](https://www.docker.com/) v24.0 (see [Note](#container-runtime-notes))
- [containerd](https://containerd.io/) v1.7.16
- [kubernetes](https://github.com/kubernetes/kubernetes) v1.29.10
- [etcd](https://github.com/etcd-io/etcd) v3.5.16
- [docker](https://www.docker.com/) v26.1
- [containerd](https://containerd.io/) v1.7.22
- [cri-o](http://cri-o.io/) v1.29.1 (experimental: see [CRI-O Note](docs/CRI/cri-o.md). Only on fedora, ubuntu and centos based OS)
- Network Plugin
- [cni-plugins](https://github.com/containernetworking/plugins) v1.2.0
- [calico](https://github.com/projectcalico/calico) v3.27.3
- [calico](https://github.com/projectcalico/calico) v3.27.4
- [cilium](https://github.com/cilium/cilium) v1.15.4
- [flannel](https://github.com/flannel-io/flannel) v0.22.0
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.11.5
@@ -178,10 +178,10 @@ Note: Upstart/SysV init based OS types are not supported.
- Application
- [cert-manager](https://github.com/jetstack/cert-manager) v1.13.2
- [coredns](https://github.com/coredns/coredns) v1.11.1
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.10.1
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.11.2
- [krew](https://github.com/kubernetes-sigs/krew) v0.4.4
- [argocd](https://argoproj.github.io/) v2.11.0
- [helm](https://helm.sh/) v3.14.2
- [helm](https://helm.sh/) v3.14.4
- [metallb](https://metallb.universe.tf/) v0.13.9
- [registry](https://github.com/distribution/distribution) v2.8.1
- Storage Plugin
@@ -197,7 +197,6 @@ Note: Upstart/SysV init based OS types are not supported.
## Container Runtime Notes
- Supported Docker versions are 18.09, 19.03, 20.10, 23.0 and 24.0. The *recommended* Docker version is 24.0. `Kubelet` might break on docker's non-standard version numbering (it no longer uses semantic versioning). To ensure auto-updates don't break your cluster look into e.g. the YUM ``versionlock`` plugin or ``apt pin``).
- The cri-o version should be aligned with the respective kubernetes version (i.e. kube_version=1.20.x, crio_version=1.20)
## Requirements

1
Vagrantfile vendored
View File

@@ -278,6 +278,7 @@ Vagrant.configure("2") do |config|
"local_path_provisioner_enabled": "#{$local_path_provisioner_enabled}",
"local_path_provisioner_claim_root": "#{$local_path_provisioner_claim_root}",
"ansible_ssh_user": SUPPORTED_OS[$os][:user],
"ansible_ssh_private_key_file": File.join(Dir.home, ".vagrant.d", "insecure_private_key"),
"unsafe_show_logs": "True"
}

1
contrib/terraform/nifcloud/README.md
View File

@@ -72,6 +72,7 @@ The setup looks like following
```bash
./generate-inventory.sh > sample-inventory/inventory.ini
```
* Export Variables:

2
contrib/terraform/upcloud/cluster-settings.tfvars
View File

@@ -146,4 +146,4 @@ server_groups = {
# ]
# anti_affinity_policy = "yes"
# }
}
}

2
contrib/terraform/upcloud/modules/kubernetes-cluster/main.tf
View File

@@ -558,4 +558,4 @@ resource "upcloud_server_group" "server_groups" {
anti_affinity_policy = each.value.anti_affinity_policy
labels = {}
members = [for server in each.value.servers : merge(upcloud_server.master, upcloud_server.worker)[server].id]
}
}

2
contrib/terraform/upcloud/modules/kubernetes-cluster/variables.tf
View File

@@ -106,4 +106,4 @@ variable "server_groups" {
anti_affinity_policy = string
servers = list(string)
}))
}
}

2
contrib/terraform/upcloud/sample-inventory/cluster.tfvars
View File

@@ -146,4 +146,4 @@ server_groups = {
# ]
# anti_affinity_policy = "yes"
# }
}
}

1
docs/cloud_providers/openstack.md
View File

@@ -1,4 +1,3 @@
# OpenStack
## Known compatible public clouds

4
docs/developers/ci-setup.md
View File

@@ -5,8 +5,8 @@
1. build: build a docker image to be used in the pipeline
2. unit-tests: fast jobs for fast feedback (linting, etc...)
3. deploy-part1: small number of jobs to test if the PR works with default settings
4. deploy-part2: slow jobs testing different platforms, OS, settings, CNI, etc...
5. deploy-part3: very slow jobs (upgrades, etc...)
4. deploy-extended: slow jobs testing different platforms, OS, settings, CNI, etc...
5. deploy-extended: very slow jobs (upgrades, etc...)
## Runners

5
docs/developers/ci.md
View File

@@ -9,8 +9,7 @@ To generate this Matrix run `./tests/scripts/md-table/main.py`
almalinux8 | :white_check_mark: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: |
amazon | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
centos7 | :white_check_mark: | :x: | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: |
debian10 | :white_check_mark: | :white_check_mark: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: |
debian11 | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: |
debian11 | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | :x: | :white_check_mark: | :x: |
debian12 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: |
fedora37 | :white_check_mark: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: |
fedora38 | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: |
@@ -28,7 +27,6 @@ ubuntu24 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
almalinux8 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
amazon | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
centos7 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
debian10 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
debian11 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
debian12 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
fedora37 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
@@ -47,7 +45,6 @@ ubuntu24 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
almalinux8 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
amazon | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
centos7 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
debian10 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
debian11 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
debian12 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
fedora37 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |

2
docs/ingress/ingress_nginx.md
View File

@@ -35,7 +35,7 @@ kubectl create clusterrolebinding cluster-admin-binding \
The following **Mandatory Command** is required for all deployments except for AWS. See below for the AWS version.
```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/cloud/deploy.yaml
```
### Provider Specific Steps

2
docs/operations/recover-control-plane.md
View File

@@ -1,4 +1,3 @@
# Recovering the control plane
To recover from broken nodes in the control plane use the "recover\-control\-plane.yml" playbook.
@@ -8,7 +7,6 @@ Examples of what broken means in this context:
* One or more bare metal node(s) suffer from unrecoverable hardware failure
* One or more node(s) fail during patching or upgrading
* Etcd database corruption
* Other node related failures leaving your control plane degraded or nonfunctional
__Note that you need at least one functional node to be able to recover using this method.__

2
galaxy.yml
View File

@@ -2,7 +2,7 @@
namespace: kubernetes_sigs
description: Deploy a production ready Kubernetes cluster
name: kubespray
version: 2.25.0
version: 2.25.2
readme: README.md
authors:
- The Kubespray maintainers (https://kubernetes.slack.com/channels/kubespray)

2
inventory/sample/group_vars/etcd.yml
View File

@@ -32,4 +32,4 @@
# etcd_experimental_enable_distributed_tracing: false
# etcd_experimental_distributed_tracing_sample_rate: 100
# etcd_experimental_distributed_tracing_address: "localhost:4317"
# etcd_experimental_distributed_tracing_service_name: etcd
# etcd_experimental_distributed_tracing_service_name: etcd

2
inventory/sample/group_vars/k8s_cluster/addons.yml
View File

@@ -100,6 +100,8 @@ rbd_provisioner_enabled: false
ingress_nginx_enabled: false
# ingress_nginx_host_network: false
# ingress_nginx_service_type: LoadBalancer
# ingress_nginx_service_nodeport_http: 30080
# ingress_nginx_service_nodeport_https: 30081
ingress_publish_status_address: ""
# ingress_nginx_nodeselector:
# kubernetes.io/os: "linux"

2
inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
View File

@@ -17,7 +17,7 @@ kube_token_dir: "{{ kube_config_dir }}/tokens"
kube_api_anonymous_auth: true
## Change this to use another Kubernetes version, e.g. a current beta release
kube_version: v1.29.5
kube_version: v1.29.10
# Where the binaries will be downloaded.
# Note: ensure that you've enough disk space (about 1G)

15
pipeline.Dockerfile
View File

@@ -4,7 +4,7 @@ FROM ubuntu:jammy-20230308
# Pip needs this as well at the moment to install ansible
# (and potentially other packages)
# See: https://github.com/pypa/pip/issues/10219
ENV VAGRANT_VERSION=2.3.7 \
ENV VAGRANT_VERSION=2.4.1 \
VAGRANT_DEFAULT_PROVIDER=libvirt \
VAGRANT_ANSIBLE_TAGS=facts \
LANG=C.UTF-8 \
@@ -30,6 +30,9 @@ RUN apt update -q \
software-properties-common \
unzip \
libvirt-clients \
qemu-utils \
qemu-kvm \
dnsmasq \
&& curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \
&& add-apt-repository "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \
&& apt update -q \
@@ -37,13 +40,15 @@ RUN apt update -q \
&& apt autoremove -yqq --purge && apt clean && rm -rf /var/lib/apt/lists/* /var/log/*
WORKDIR /kubespray
ADD ./requirements.txt /kubespray/requirements.txt
ADD ./tests/requirements.txt /kubespray/tests/requirements.txt
ADD ./roles/kubespray-defaults/defaults/main/main.yml /kubespray/roles/kubespray-defaults/defaults/main/main.yml
RUN --mount=type=bind,target=./requirements.txt,src=./requirements.txt \
--mount=type=bind,target=./tests/requirements.txt,src=./tests/requirements.txt \
--mount=type=bind,target=./roles/kubespray-defaults/defaults/main/main.yml,src=./roles/kubespray-defaults/defaults/main/main.yml \
update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \
RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \
&& pip install --no-compile --no-cache-dir pip -U \
&& pip install --no-compile --no-cache-dir -r tests/requirements.txt \
&& pip install --no-compile --no-cache-dir -r requirements.txt \
&& KUBE_VERSION=$(sed -n 's/^kube_version: //p' roles/kubespray-defaults/defaults/main/main.yml) \
&& curl -L https://dl.k8s.io/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \
&& echo $(curl -L https://dl.k8s.io/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \

4
playbooks/remove_node.yml
View File

@@ -27,6 +27,10 @@
hosts: "{{ node | default('kube_node') }}"
gather_facts: no
environment: "{{ proxy_disable_env }}"
pre_tasks:
- name: Gather information about installed services
service_facts:
when: reset_nodes | default(True) | bool
roles:
- { role: kubespray-defaults, when: reset_nodes | default(True) | bool }
- { role: remove-node/pre-remove, tags: pre-remove }

2
requirements.txt
View File

@@ -2,9 +2,9 @@ ansible==9.5.1
cryptography==42.0.7
jinja2==3.1.4
jmespath==1.0.1
jsonschema==4.22.0
MarkupSafe==2.1.5
netaddr==1.2.1
pbr==6.0.0
ruamel.yaml==0.18.6
ruamel.yaml.clib==0.2.8
jsonschema==4.22.0

29
roles/bootstrap-os/tasks/centos.yml
View File

@@ -80,13 +80,40 @@
- { option: "name", value: "CentOS-{{ ansible_distribution_major_version }} - Extras" }
- { option: "enabled", value: "1" }
- { option: "gpgcheck", value: "0" }
- { option: "baseurl", value: "http://mirror.centos.org/{{ 'altarch' if (ansible_distribution_major_version | int) <= 7 and ansible_architecture == 'aarch64' else 'centos' }}/{{ ansible_distribution_major_version }}/extras/$basearch/{% if ansible_distribution_major_version | int > 7 %}os/{% endif %}" }
- { option: "baseurl", value: "http://vault.centos.org/{{ 'altarch' if (ansible_distribution_major_version | int) <= 7 and ansible_architecture == 'aarch64' else 'centos' }}/{{ ansible_distribution_major_version }}/extras/$basearch/{% if ansible_distribution_major_version | int > 7 %}os/{% endif %}" }
when:
- use_oracle_public_repo | default(true)
- '''ID="ol"'' in os_release.stdout_lines'
- (ansible_distribution_version | float) >= 7.6
- (ansible_distribution_version | float) < 9
# CentOS 7 EOL at July 1, 2024.
- name: Check CentOS-Base.repo exists for CentOS 7
stat:
path: /etc/yum.repos.d/CentOS-Base.repo
register: centos_base_repo_stat
when:
- ansible_distribution_major_version == "7"
# CentOS 7 EOL at July 1, 2024.
- name: Update CentOS 7 CentOS-Base.repo
when:
- ansible_distribution_major_version == "7"
- centos_base_repo_stat.stat.exists
become: true
block:
- name: Disable CentOS 7 mirrorlist in CentOS-Base.repo
replace:
path: "{{ centos_base_repo_stat.stat.path }}"
regexp: '^mirrorlist='
replace: '#mirrorlist='
- name: Update CentOS 7 baseurl in CentOS-Base.repo
replace:
path: "{{ centos_base_repo_stat.stat.path }}"
regexp: '^#baseurl=http:\/\/mirror.centos.org'
replace: 'baseurl=http:\/\/vault.centos.org'
# CentOS ships with python installed
- name: Check presence of fastestmirror.conf

0
roles/bootstrap-os/tasks/clearlinux.yml → roles/bootstrap-os/tasks/clear-linux-os.yml
View File

0
roles/bootstrap-os/tasks/redhat.yml → roles/bootstrap-os/tasks/rhel.yml
View File

2
roles/container-engine/containerd/defaults/main.yml
View File

@@ -116,4 +116,4 @@ containerd_tracing_enabled: false
containerd_tracing_endpoint: "0.0.0.0:4317"
containerd_tracing_protocol: "grpc"
containerd_tracing_sampling_ratio: 1.0
containerd_tracing_service_name: "containerd"
containerd_tracing_service_name: "containerd"

1
roles/container-engine/containerd/templates/config.toml.j2
View File

@@ -107,4 +107,3 @@ oom_score = {{ containerd_oom_score }}
sampling_ratio = {{ containerd_tracing_sampling_ratio }}
service_name = "{{ containerd_tracing_service_name }}"
{% endif %}

2
roles/container-engine/containerd/templates/containerd.service.j2
View File

@@ -15,7 +15,7 @@
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
After=network.target local-fs.target dbus.service
[Service]
ExecStartPre=-/sbin/modprobe overlay

2
roles/etcd/defaults/main.yml
View File

@@ -124,4 +124,4 @@ unsafe_show_logs: false
etcd_experimental_enable_distributed_tracing: false
etcd_experimental_distributed_tracing_sample_rate: 100
etcd_experimental_distributed_tracing_address: "localhost:4317"
etcd_experimental_distributed_tracing_service_name: etcd
etcd_experimental_distributed_tracing_service_name: etcd

1
roles/etcd/tasks/gen_certs_script.yml
View File

@@ -35,7 +35,6 @@
mode: 0700
run_once: yes
when:
- gen_certs | default(false)
- inventory_hostname == groups['etcd'][0]
- name: Gen_certs | run cert generation script for etcd and kube control plane nodes

4
roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
View File

@@ -73,7 +73,9 @@ data:
max_concurrent 1000
{% if dns_upstream_forward_extra_opts is defined %}
{% for optname, optvalue in dns_upstream_forward_extra_opts.items() %}
{{ optname }} {{ optvalue }}
{{ (optname ~ ' ' ~ optvalue) | trim }}
{# do not add a trailing space when optvalue == ''
workaround for: https://github.com/kubernetes/kubernetes/issues/36222 #}
{% endfor %}
{% endif %}
}

8
roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2
View File

@@ -82,7 +82,9 @@ data:
bind {{ nodelocaldns_ip }}
forward . {{ upstreamForwardTarget }}{% if dns_upstream_forward_extra_opts is defined %} {
{% for optname, optvalue in dns_upstream_forward_extra_opts.items() %}
{{ optname }} {{ optvalue }}
{{ (optname ~ ' ' ~ optvalue) | trim }}
{# do not add a trailing space when optvalue == ''
workaround for: https://github.com/kubernetes/kubernetes/issues/36222 #}
{% endfor %}
}{% endif %}
@@ -164,7 +166,9 @@ data:
bind {{ nodelocaldns_ip }}
forward . {{ upstreamForwardTarget }}{% if dns_upstream_forward_extra_opts is defined %} {
{% for optname, optvalue in dns_upstream_forward_extra_opts.items() %}
{{ optname }} {{ optvalue }}
{{ (optname ~ ' ' ~ optvalue) | trim }}
{# do not add a trailing space when optvalue == ''
workaround for: https://github.com/kubernetes/kubernetes/issues/36222 #}
{% endfor %}
}{% endif %}

2
roles/kubernetes-apps/csi_driver/gcp_pd/templates/gcp-pd-csi-controller.yml.j2
View File

@@ -162,4 +162,4 @@ metadata:
name: pd.csi.storage.gke.io
spec:
attachRequired: true
podInfoOnMount: false
podInfoOnMount: false

2
roles/kubernetes-apps/csi_driver/gcp_pd/templates/gcp-pd-csi-node.yml.j2
View File

@@ -109,4 +109,4 @@ spec:
# See "special case". This will tolerate everything. Node component should
# be scheduled on all nodes.
tolerations:
- operator: Exists
- operator: Exists

2
roles/kubernetes-apps/csi_driver/gcp_pd/templates/gcp-pd-csi-sc-regional.yml.j2
View File

@@ -6,4 +6,4 @@ provisioner: pd.csi.storage.gke.io
parameters:
type: pd-balanced
replication-type: regional-pd
volumeBindingMode: WaitForFirstConsumer
volumeBindingMode: WaitForFirstConsumer

2
roles/kubernetes-apps/csi_driver/gcp_pd/templates/gcp-pd-csi-sc-zonal.yml.j2
View File

@@ -5,4 +5,4 @@ metadata:
provisioner: pd.csi.storage.gke.io
parameters:
type: pd-balanced
volumeBindingMode: WaitForFirstConsumer
volumeBindingMode: WaitForFirstConsumer

2
roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2
View File

@@ -18,7 +18,7 @@ data:
"max-pvscsi-targets-per-vm": "true"
"multi-vcenter-csi-topology": "true"
"csi-internal-generated-cluster-id": "true"
"listview-tasks": "true"
"listview-tasks": "true"
{% if vsphere_csi_controller is version('v2.7.0', '>=') %}
"improved-csi-idempotency": "true"
"improved-volume-topology": "true"

2
roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2
View File

@@ -9,4 +9,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: cloud-controller-manager
namespace: kube-system
namespace: kube-system

2
roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2
View File

@@ -110,4 +110,4 @@ rules:
- list
- watch
apiGroups:
- discovery.k8s.io
- discovery.k8s.io

1
roles/kubernetes-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-cm.yml.j2
View File

@@ -32,4 +32,3 @@ data:
- name: helper-pod
image: "{{ local_path_provisioner_helper_image_repo }}:{{ local_path_provisioner_helper_image_tag }}"
imagePullPolicy: IfNotPresent

2
roles/kubernetes-apps/external_provisioner/local_path_provisioner/templates/local-path-storage-cr.yml.j2
View File

@@ -15,4 +15,4 @@ rules:
verbs: [ "create", "patch" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "storageclasses" ]
verbs: [ "get", "list", "watch" ]
verbs: [ "get", "list", "watch" ]

2
roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml
View File

@@ -2,6 +2,8 @@
ingress_nginx_namespace: "ingress-nginx"
ingress_nginx_host_network: false
ingress_nginx_service_type: LoadBalancer
ingress_nginx_service_nodeport_http: ""
ingress_nginx_service_nodeport_https: ""
ingress_publish_status_address: ""
ingress_nginx_nodeselector:
kubernetes.io/os: "linux"

1
roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml
View File

@@ -34,6 +34,7 @@
- { name: role-admission-webhook, file: role-admission-webhook.yml, type: role }
- { name: rolebinding-admission-webhook, file: rolebinding-admission-webhook.yml, type: rolebinding }
- { name: admission-webhook-job, file: admission-webhook-job.yml, type: job }
- { name: svc-ingress-nginx-controller-admission, file: svc-ingress-nginx-controller-admission.yml, type: svc }
- name: NGINX Ingress Controller | Append extra templates to NGINX Ingress Template list for service
set_fact:

18
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-ingress-nginx-controller-admission.yml.j2 Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: ingress-nginx-controller-admission
namespace: {{ ingress_nginx_namespace }}
spec:
type: ClusterIP
ports:
- appProtocol: https
name: https-webhook
port: 443
targetPort: webhook
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx

6
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-ingress-nginx.yml.j2
View File

@@ -14,10 +14,16 @@ spec:
port: 80
targetPort: 80
protocol: TCP
{% if (ingress_nginx_service_type == 'NodePort' or ingress_nginx_service_type == 'LoadBalancer') and ingress_nginx_service_nodeport_http %}
nodePort: {{ingress_nginx_service_nodeport_http | int}}
{% endif %}
- name: https
port: 443
targetPort: 443
protocol: TCP
{% if (ingress_nginx_service_type == 'NodePort' or ingress_nginx_service_type == 'LoadBalancer') and ingress_nginx_service_nodeport_https %}
nodePort: {{ingress_nginx_service_nodeport_https | int}}
{% endif %}
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx

2
roles/kubernetes-apps/metallb/defaults/main.yml
View File

@@ -13,4 +13,4 @@ metallb_speaker_tolerations:
key: node-role.kubernetes.io/control-plane
operator: Exists
metallb_controller_tolerations: []
metallb_loadbalancer_class: ""
metallb_loadbalancer_class: ""

1
roles/kubernetes-apps/node_feature_discovery/templates/nfd-rolebinding.yaml.j2
View File

@@ -11,4 +11,3 @@ subjects:
- kind: ServiceAccount
name: {{ node_feature_discovery_worker_sa_name }}
namespace: {{ node_feature_discovery_namespace }}

2
roles/kubernetes-apps/scheduler_plugins/templates/appgroup.diktyo.x-k8s.io_appgroups.yaml.j2
View File

@@ -194,4 +194,4 @@ spec:
type: object
type: object
served: true
storage: true
storage: true

2
roles/kubernetes-apps/scheduler_plugins/templates/cm-scheduler-plugins.yaml.j2
View File

@@ -25,4 +25,4 @@ data:
{% if scheduler_plugins_plugin_config is defined and scheduler_plugins_plugin_config | length != 0 %}
pluginConfig:
{{ scheduler_plugins_plugin_config | to_nice_yaml(indent=2, width=256) | indent(6, true) }}
{% endif %}
{% endif %}

2
roles/kubernetes-apps/scheduler_plugins/templates/deploy-scheduler-plugins.yaml.j2
View File

@@ -71,4 +71,4 @@ spec:
volumes:
- name: scheduler-config
configMap:
name: scheduler-config
name: scheduler-config

2
roles/kubernetes-apps/scheduler_plugins/templates/namespace.yaml.j2
View File

@@ -4,4 +4,4 @@ kind: Namespace
metadata:
name: {{ scheduler_plugins_namespace }}
labels:
name: {{ scheduler_plugins_namespace }}
name: {{ scheduler_plugins_namespace }}

2
roles/kubernetes-apps/scheduler_plugins/templates/networktopology.diktyo.x-k8s.io_networktopologies.yaml.j2
View File

@@ -145,4 +145,4 @@ spec:
type: object
type: object
served: true
storage: true
storage: true

2
roles/kubernetes-apps/scheduler_plugins/templates/rbac-scheduler-plugins.yaml.j2
View File

@@ -137,4 +137,4 @@ subjects:
namespace: {{ scheduler_plugins_namespace }}
- kind: ServiceAccount
name: scheduler-plugins-controller
namespace: {{ scheduler_plugins_namespace }}
namespace: {{ scheduler_plugins_namespace }}

2
roles/kubernetes-apps/scheduler_plugins/templates/sa-scheduler-plugins.yaml.j2
View File

@@ -8,4 +8,4 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: scheduler-plugins-controller
namespace: {{ scheduler_plugins_namespace }}
namespace: {{ scheduler_plugins_namespace }}

2
roles/kubernetes-apps/scheduler_plugins/templates/scheduling.x-k8s.io_elasticquotas.yaml.j2
View File

@@ -79,4 +79,4 @@ spec:
served: true
storage: true
subresources:
status: {}
status: {}

2
roles/kubernetes-apps/scheduler_plugins/templates/scheduling.x-k8s.io_podgroups.yaml.j2
View File

@@ -94,4 +94,4 @@ spec:
served: true
storage: true
subresources:
status: {}
status: {}

2
roles/kubernetes-apps/scheduler_plugins/templates/topology.node.k8s.io_noderesourcetopologies.yaml.j2
View File

@@ -150,4 +150,4 @@ spec:
- zones
type: object
served: true
storage: true
storage: true

2
roles/kubernetes/control-plane/templates/apiserver-tracing.yaml.j2
View File

@@ -1,4 +1,4 @@
apiVersion: apiserver.config.k8s.io/v1beta1
kind: TracingConfiguration
endpoint: {{ kube_apiserver_tracing_endpoint }}
samplingRatePerMillion: {{ kube_apiserver_tracing_sampling_rate_per_million }}
samplingRatePerMillion: {{ kube_apiserver_tracing_sampling_rate_per_million }}

26
roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml
View File

@@ -6,6 +6,32 @@
- kube_proxy_mode == 'ipvs' and not kube_proxy_strict_arp
- kube_vip_arp_enabled
- name: Kube-vip | Check if super-admin.conf exists
stat:
path: "{{ kube_config_dir }}/super-admin.conf"
failed_when: false
changed_when: false
register: stat_kube_vip_super_admin
- name: Kube-vip | Check if kubeadm has already run
stat:
path: "/var/lib/kubelet/config.yaml"
get_attributes: no
get_checksum: no
get_mime: no
register: kubeadm_already_run
- name: Kube-vip | Set admin.conf
set_fact:
kube_vip_admin_conf: admin.conf
- name: Kube-vip | Set admin.conf for first Control Plane
set_fact:
kube_vip_admin_conf: super-admin.conf
when:
- inventory_hostname == groups['kube_control_plane'] | first
- (stat_kube_vip_super_admin.stat.exists and stat_kube_vip_super_admin.stat.isreg) or (not kubeadm_already_run.stat.exists )
- name: Kube-vip | Write static pod
template:
src: manifests/kube-vip.manifest.j2

2
roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
View File

@@ -174,4 +174,4 @@ topologyManagerScope: {{ kubelet_topology_manager_scope }}
tracing:
endpoint: {{ kubelet_tracing_endpoint }}
samplingRatePerMillion: {{ kubelet_tracing_sampling_rate_per_million }}
{% endif %}
{% endif %}

2
roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2
View File

@@ -119,6 +119,6 @@ spec:
hostNetwork: true
volumes:
- hostPath:
path: /etc/kubernetes/admin.conf
path: /etc/kubernetes/{{kube_vip_admin_conf}}
name: kubeconfig
status: {}

5
roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
View File

@@ -1,10 +1,7 @@
---
- name: Stop if either kube_control_plane or kube_node group is empty
assert:
that: "groups.get( item )"
with_items:
- kube_control_plane
- kube_node
that: groups.get( 'kube_control_plane' )
run_once: true
when: not ignore_assert_errors

1
roles/kubernetes/preinstall/tasks/0070-system-packages.yml
View File

@@ -82,5 +82,6 @@
until: pkgs_task_result is succeeded
retries: "{{ pkg_install_retries }}"
delay: "{{ retry_stagger | random + 3 }}"
when: not (ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] or is_fedora_coreos)
tags:
- bootstrap-os

232
roles/kubespray-defaults/defaults/main/checksums.yml
View File

@@ -81,12 +81,22 @@ crio_archive_checksums:
# Kubernetes versions above Kubespray's current target version are untested and should be used with caution.
kubelet_checksums:
arm:
v1.29.10: 0
v1.29.9: 0
v1.29.8: 0
v1.29.7: 0
v1.29.6: 0
v1.29.5: 0
v1.29.4: 0
v1.29.3: 0
v1.29.2: 0
v1.29.1: 0
v1.29.0: 0
v1.28.15: 0
v1.28.14: 0
v1.28.13: 0
v1.28.12: 0
v1.28.11: 0
v1.28.10: 0
v1.28.9: 0
v1.28.8: 0
@@ -98,6 +108,8 @@ kubelet_checksums:
v1.28.2: 0
v1.28.1: 0
v1.28.0: 0
v1.27.16: 0
v1.27.15: 0
v1.27.14: 0
v1.27.13: 0
v1.27.12: 0
@@ -114,12 +126,22 @@ kubelet_checksums:
v1.27.1: 0
v1.27.0: 0
arm64:
v1.29.10: 1c750d983e3d2fddeb829d1b9bdcf83c7d81e6f9cf7e1b50ccd9daad47807915
v1.29.9: 2bfcfc069bc0ea86a5cecc14c8f442dcc0871a7ba5cc3161b6311592967c040f
v1.29.8: f645f4309cadf76b7567d89feeebf979cf46940ea23618c776165712798c0704
v1.29.7: f088079f26fb3bffc8a1c467e1caa5ad807023b63e70013e874163df87be6829
v1.29.6: 0f0fa9429d0bcf04f271dcf4f666582dd4a4b15d6f116a45f17b5fcda90c2d2c
v1.29.5: 0d4328a3c67e4f0dbf270fa49343f3eab9316adde1a1bd2a857fa56876a9aff1
v1.29.4: dc4bb6ea6cd35b024d63cc20d1c1800a9c695bd6f70411c57358d7c407513b00
v1.29.3: 891dce19ed0eae34050c2eca0454204892e97bfe1a926f988cd044a987a9c7c9
v1.29.2: 9b4aa572d4cd51a41b1067161d961423d0d12b120fb636ea887a12a975d4b19a
v1.29.1: e46417ab1ceae995f0e00d4177959a36ed34b807829422bc9dda70b263fe5c5d
v1.29.0: 0e0e4544c2a0a3475529154b7534d0d58683466efa04a2bb2e763b476db0bb16
v1.28.15: 7dfb8087ee0eff9a3f667e1ec749b5a57a0848e59ce9ed42ad00e7ece1c55274
v1.28.14: 3abc8a9fdc4f2fa7a45995be4be5f6b4797f99205cd605c5721a346d7ac65a7e
v1.28.13: e1c222cfe7ba457e0b3dc54bbe6149231586e2031e4e0ffddd6e34836e80acea
v1.28.12: 8e28fda6ab1bd506ca4090a0a617aa29d9988c7e23711e70819497089ba67388
v1.28.11: 0e01c1393f8746965994431b70a20c32b8547dfb1dcf2770cb692990fc65ba5f
v1.28.10: feae161e374ee0155b5263cda339f30f16b525631535a003be7aa437661e1580
v1.28.9: 312471ad255acfcdeea2c5849b171467af4518e96d69d727a3197ff334e9299d
v1.28.8: 90d61f40b7bb061b0fc6d08b8b9ddae51f90863c899b098e19eaa89dc855f2c0
@@ -131,6 +153,8 @@ kubelet_checksums:
v1.28.2: 32269e9ec38c561d028b65c3048ea6a100e1292cbe9e505565222455c8096577
v1.28.1: 9b7fa64b2785da4a38768377961e227f8da629c56a5df43ca1b665dd07b56f3c
v1.28.0: 05dd12e35783cab4960e885ec0e7d0e461989b94297e7bea9018ccbd15c4dce9
v1.27.16: 2d3cfefc64e1ff5f1e1b8bcba0589a4a9b247f7bcd43cb78645f346687cbbef3
v1.27.15: ac8abb249dd78a22d92e28306ce9823f7e3ce23cd4ba8dbb0f3bd34f48b6c12b
v1.27.14: 31c97a723021ccc90a47a15ad1de1ffdf58ba109aea922eb359ad2fcb8e8ce4b
v1.27.13: d7bfb14d0b0fc2c41074baf02617cf98589fd029fb3539ea017825e36371f19c
v1.27.12: 0d7d2d25c8b909d6cec7c1c2a5bfe51428ec33eaa5e8b209c718b77983e9dcba
@@ -147,12 +171,22 @@ kubelet_checksums:
v1.27.1: dbb09d297d924575654db38ed2fc627e35913c2d4000c34613ac6de4995457d0
v1.27.0: 37aa2edc7c0c4b3e488518c6a4b44c8aade75a55010534ee2be291220c73d157
amd64:
v1.29.10: 4cc094062cd1cff49ca551208635669ab86e3982d38e8d0a77ab833a941ff708
v1.29.9: 1bf6e9e9a5612ea4f6e1a8f541a08be93fdf144b1430147de6916dae363c34a2
v1.29.8: df6e130928403af8b4f49f1197e26f2873a147cd0e23aa6597a26c982c652ae0
v1.29.7: f16329e64f5b2204c1cb906f694abebb7f6869d56e6e8b60b54afa0057006b84
v1.29.6: a946789d4fef64e6f5905dbd7dca01d4c3abd302d0da7958fdaa924fe2729c0b
v1.29.5: 261dc3f3c384d138835fe91a02071c642af94abb0cca56ebc04719240440944c
v1.29.4: 58571f0ed62543a9bbac541e52c15d8385083113a463e23aec1341d0b5043939
v1.29.3: d8b55a2f8a87c8cd2cbf867d76d1d7f98b7198a740db19bad6ed7b8b813de771
v1.29.2: f71a85039b71fe08f1c063a93d61a1c952dc8f9a8c6be9b13fbdac8f0d9ff960
v1.29.1: 1b1975c58d38be1a99a8bcba4564ac489afd223b0abe9f2ab08bbde89d2412a3
v1.29.0: e1c38137db8d8777eed8813646b59bf4d22d19b9011ab11dc28e2e34f6b80a05
v1.28.15: b07a27fd5bd2419c9c623de15c1dd339af84eb27e9276c81070071065db00036
v1.28.14: 783b94ac980e9813626c51b0bc92b0b25bc8a61eec447b1c48aa5eaba1016b5f
v1.28.13: 9b9cc3a19551ade6f3d98ad3acf0a2b65a27ef575bd089f115f8bb80791f3900
v1.28.12: 4648ae155b1ab05ab8dbef417bde4d5acfcd5ad32e8d1e3209006b40c440a56c
v1.28.11: 230f0634ea42a54a6c96771f12eecd6cadfe0b76ab41c3bc39aa7cbbe4dfb12e
v1.28.10: a361e744aaeef4539f0636ecd1827c85207a5f2b0c2b0a98dbbce1498061f509
v1.28.9: f3af46cff11c675a80d91ebb38ebc4e85a9f813ce93e56ee131e7fea1491b786
v1.28.8: 049b412a5861255cd3922f612acb79ab51135e166c5d80acf12fba9179eebf0c
@@ -164,6 +198,8 @@ kubelet_checksums:
v1.28.2: 17edb866636f14eceaad58c56eab12af7ab3be3c78400aff9680635d927f1185
v1.28.1: 2bc22332f44f8fcd3fce57879fd873f977949ebd261571fbae31fbb2713a5dd3
v1.28.0: bfb6b977100963f2879a33e5fbaa59a5276ba829a957a6819c936e9c1465f981
v1.27.16: 1b390641b47c6f9265ed8d19b48a8aa334ac28c825ad7ee8201717a5d9e8b759
v1.27.15: c0ab414cdd116e9644c8c154ae4a6565c75c2605e2c7b6a5a04b56037ef2ba88
v1.27.14: f28defa43f80f82ce909940c1b57b71cba1fcf0de6fc4723e798ef5c72376c28
v1.27.13: ed68df2a77f3057ab47f57eacb6e9310e91731e4f43c58a3c3b5c857d78d0080
v1.27.12: aae861a21913c274228ccdad1609b370e5198c9f4b39b8924b20a7ffe7f148e0
@@ -180,12 +216,22 @@ kubelet_checksums:
v1.27.1: cb2845fff0ce41c400489393da73925d28fbee54cfeb7834cd4d11e622cbd3a7
v1.27.0: 0b4ed4fcd75d33f5dff3ba17776e6089847fc83064d3f7a3ad59a34e94e60a29
ppc64le:
v1.29.10: fbe2c747416ae82690cb255d1122266fd251d182a409e6b6c99a03836254efe1
v1.29.9: 0ad253452a40c87dec85bb6621e8ec9658c11856707868e5a65d2283b19ed2fa
v1.29.8: 916a7887ee0a9469b11f82645eecc5b97466faaa9dc4c7d13473c6ff22f2f305
v1.29.7: 52a70e6c9cab9f123cc0f2677b65ac6426cfc549d375c64008b43bcb8fae1d76
v1.29.6: 77c2256d6863ac0e33a0e8e8c4cc798618ae73aac91b4f18b9e87d8e62973c61
v1.29.5: b0caa52184a3e89a7f529c776ebabd7d34aecad560614f787fe08cff777a43cb
v1.29.4: 1ecc89b6f17df357835e3e56f553ec27f2aea69a5865dfb39cff77e6e70e6adb
v1.29.3: 811f2b17f443cd694b8650f5ec2c7e3a59394f8bf3e25d16182549aaab16a420
v1.29.2: b0eb5e0362a4e153ed1239c65b0abb02b2d9fbbca6846d0bab8b285de8c84fca
v1.29.1: 467d2b457205363f53f72081295ea390fc25215b0ccc29dc04c4f82925266067
v1.29.0: 67f09f866d3e4aee8211ce9887ec8bc427b188474a882a7af999fc0fee939028
v1.28.15: 67992afe37fcea6b36be5d6ae344622ff99b7a6fb2b8dfebbf882ad19535535b
v1.28.14: f4bd7f9bc083634ed59ea69c4d2d3702e8027bd6e8ab11a737f34efd63c158d0
v1.28.13: 4e8a3721e895ca7508da6c4769f77c23b667e34c7ec4c8a76d1148c7f71b540a
v1.28.12: d22af902a74d8d257ea508e9e6f91574e6e0e50006868a1943c47144dd3f9615
v1.28.11: 35daf1aacafd035420d85052b037bc0aa1eec9193100c40f626aa3b140d4d48d
v1.28.10: 0ba43fda35f588eaf65955481a7c6f633e4e787a45322bf55a7558ece4944e39
v1.28.9: cf33fbff3fb852ce9f8afda8818381af343fb5e7d30dde72999cc0d273631815
v1.28.8: f3e4551e5234d296344a481196e607d88581705fedd561e8c807db1de8a9cc4b
@@ -197,6 +243,8 @@ kubelet_checksums:
v1.28.2: 79f568ac700d29f88d669c6b6a09adb3b726bdd13c10aa0839cbc70b414372e5
v1.28.1: 547fc76f0c1d78352fad841ebeacd387fe48750b2648565dfd49197621622fbb
v1.28.0: 22de59965f2d220afa24bf04f4c6d6b65a4bb1cd80756c13381973b1ac3b4578
v1.27.16: 28737c112ded48640d5086316e7ce36f3cba29bf1a927b6d04aab65ada64d98e
v1.27.15: 525fa5d79c8acb38dc2f13493b792ab180c149308c17548227e5fb2d1f08d814
v1.27.14: dadfffb524b3c7e825c2742fb7723846eef4dfdf47c90e3bec90c0ca325b4b30
v1.27.13: c3e589e5ec1aabc1e9a0b2700a13ae9541dc8a678fbedad68b0fc82dee4fd866
v1.27.12: 9d6da53ca98e58b947ef0073feff96f03000c32efcee8af93716728b501d7290
@@ -214,12 +262,22 @@ kubelet_checksums:
v1.27.0: 17c061a9f7919697ac71c151c19337f65b86f59f59441687ac92e977d851c75b
kubectl_checksums:
arm:
v1.29.10: 5062cab3e174a98d5a6d44f31a0055caa4f98f48839687b5742f086315bdbb58
v1.29.9: 7e1e681c2ea5f620a444922b0883bfdb201c1f5c3a54238ff6a55206a0ce3d76
v1.29.8: f59f597d5e6174479185b54d0014e0bf84b7110c707fe07b133f94a7d7ae45be
v1.29.7: cf875cbbdca7ea0e190075c7a4b3f2fa59864079c1fe9da482f8806b1ad64364
v1.29.6: 7762244b8da5564d2ee6a65403dd3aa3f94e8e9b16887c51936a4e941de8fd95
v1.29.5: f3c83a9674098c5a4f27defed001934719f487897dd61db1992057e5ed103b3e
v1.29.4: ff4a1f437dc902b73505841a7705a6405694856a798e962ec2fdf7793f0aeadb
v1.29.3: 12f72bd88eaa04cd8f09827c64195a695fdd5fb64e11c98524c83d21bcb0e37a
v1.29.2: f1bab202f0ce0c4209af0a977fc3dd4076397b1983544e09942ca4f586dff900
v1.29.1: a4b478cc0e9adaab0c5bb3627c20c5228ea0fe2aeff9e805d611eb3edb761972
v1.29.0: a2388eb458d07ec734e4fa02fd0147456a1922a7d6b8e67a32db9d64a4d7621c
v1.28.15: d8906e79c4516f1ad2257eda589533749ad04bb85136c64d064d645816a04bcd
v1.28.14: 9fce4d1bac2355fbb3cbae4d120a7693c7157080cd1708bd9d731e1f75cfd325
v1.28.13: 05a76c89aa61946cdd5351fa43bbba237a11a4cf532357c01cda5dcb4606ce32
v1.28.12: 54d5c9c302a93daec427ff4f20f50124bb0eaa99c1c477b49e78893d7c9ff1d3
v1.28.11: 2710129489d782a35c5273202a7148aac42e316c5117aa89c64a8cc62f9ce140
v1.28.10: e7b977779169f394383696afe872f6f0a4274789adbce1b70f5b28a20ee2cbd0
v1.28.9: 2da7aead4f58aefee6892b2cc8184de26ef7808bf2d599553267d5cdbc1ce83a
v1.28.8: 98c44038dd978a58aa01849c25c2bd522fab7494a39bb3fd56c90944ba6e872f
@@ -231,6 +289,8 @@ kubectl_checksums:
v1.28.2: 6576aa70413ff00c593a07b549b8b9d9e5ef73c42bb39ab4af475e0fdb540613
v1.28.1: eaa05dab1bffb8593d8e5caa612530ee5c914ee2be73429b7ce36c3becad893f
v1.28.0: 372c4e7bbe98c7067c4b7820c4a440c931ad77f7cb83d3237b439ca3c14d3d37
v1.27.16: a0d585ae2638c896be3ff664e08fadaa4606d53538892e494b5f3ce671d32a41
v1.27.15: 533b0cd294fdc165e8a278a0c48687226025ff3894726af181e65eb479a6068c
v1.27.14: 75caa5e6845887a273a3bebc0f67994b8aaeaab65f5ecd4c2a7d1f9f5c14e3ee
v1.27.13: 8008a94f57e1aaa88097f4ac9ceae33d86e78bf0bf306a8c1942ab9adf7c5ea0
v1.27.12: eed221f15d1a00ca723afe690ca35ee5c74faa64fa7af432479686f4f26d3510
@@ -247,12 +307,22 @@ kubectl_checksums:
v1.27.1: fe704e355bf2c5f69964cd12772687535a11a5e9ec0baf4f27e0a8fb156bc615
v1.27.0: 288470e3eb89a2f55273d753ce6674dfb00e732f2971428acb964810aa726188
arm64:
v1.29.10: 4cfa950fbd354bdc655cc425494aa77fe81710bc8f7d3f95285338aac223cc82
v1.29.9: 0fc73b3e4bf5395e0182ae62df24a96d5870baa44fabcc50b5eb2d8dcf22dd78
v1.29.8: adf0007e702e05f59fb8de159463765c4440f872515bd04c24939d9c8fb5e4c7
v1.29.7: 7b6649aaa298be728c5fb7ccb65f98738a4e8bda0741afbd5a9ed9e488c0e725
v1.29.6: 21816488cf3af4cf2b956ee58f7afc5b4964c29488f63756f5ddcf09b0df5be9
v1.29.5: 9ee9168def12ac6a6c0c6430e0f73175e756ed262db6040f8aa2121ad2c1f62e
v1.29.4: 61537408eedcad064d7334384aed508a8aa1ea786311b87b505456a2e0535d36
v1.29.3: 191a96b27e3c6ae28b330da4c9bfefc9592762670727df4fcf124c9f1d5a466a
v1.29.2: 3507ecb4224cf05ae2151a98d4932253624e7762159936d5347b19fe037655ca
v1.29.1: 96d6dc7b2bdcd344ce58d17631c452225de5bbf59b83fd3c89c33c6298fb5d8b
v1.29.0: 8f7a4bd6bae900a4ddab12bd1399aa652c0d59ea508f39b910e111d248893ff7
v1.28.15: 7d45d9620e67095be41403ed80765fe47fcfbf4b4ed0bf0d1c8fe80345bda7d3
v1.28.14: 42b813cdde7d5e04593c219a11a07f0866dd2492b7447a700870af1461ce2d8d
v1.28.13: a22d234724b82101e1f17e95ab60e0e13c91a0fe17ad0890b3d92681cd551bfa
v1.28.12: f7e01dfffebb1d5811c37d558f28eefd80cbfadc0b9783b0b0ebf37c40c5c891
v1.28.11: 7984a98d52365d190b6f56caa962339a7228b6f432e58ba5f1b1e60dbedac275
v1.28.10: e659d23d442c2706debe5b96742326c0a1e1d7b5c695a9fe7dfe8ea7402caee8
v1.28.9: e0341d3973213f8099e7fcbbf6d1d506967bc2b7a4faac3fb3b4340f226e9b2f
v1.28.8: 93d60dd36093b4c719f1f1bafcf59437c17cb2209341c7c94771e7dd9acdab33
@@ -264,6 +334,8 @@ kubectl_checksums:
v1.28.2: ea6d89b677a8d9df331a82139bb90d9968131530b94eab26cee561531eff4c53
v1.28.1: 46954a604b784a8b0dc16754cfc3fa26aabca9fd4ffd109cd028bfba99d492f6
v1.28.0: f5484bd9cac66b183c653abed30226b561f537d15346c605cc81d98095f1717c
v1.27.16: 2f50cb29d73f696ffb57437d3e2c95b22c54f019de1dba19e2b834e0b4501eb9
v1.27.15: 6bd6bd3092c0a8e536e8e5a56b22aaab87ab1e54a4556ce4d1bff2493180fb8c
v1.27.14: 29f3a1f520d929df38873c68dec73519c1e5e521140e01cf9d7701f7b5ffe4f3
v1.27.13: bfc6cb71041ebc0f048402988eccc107cfff2b866c864231c9ada05ab328e5bf
v1.27.12: bfc6cb71041ebc0f048402988eccc107cfff2b866c864231c9ada05ab328e5bf
@@ -280,12 +352,22 @@ kubectl_checksums:
v1.27.1: fd3cb8f16e6ed8aee9955b76e3027ac423b6d1cc7356867310d128082e2db916
v1.27.0: f8e09630211f2b7c6a8cc38835e7dea94708d401f5c84b23a37c70c604602ddc
amd64:
v1.29.10: 24f2f09a635d36b2ce36eaebf191326e2b25097eec541a3e47fee6726ef06cef
v1.29.9: 7b0de2466458cc3c12cf8742dc800c77d4fa72e831aa522df65e510d33b329e2
v1.29.8: 038454e0d79748aab41668f44ca6e4ac8affd1895a94f592b9739a0ae2a5f06a
v1.29.7: e3df008ef60ea50286ea93c3c40a020e178a338cea64a185b4e21792d88c75d6
v1.29.6: 339553c919874ebe3b719e9e1fcd68b55bc8875f9b5a005cf4c028738d54d309
v1.29.5: 603c8681fc0d8609c851f9cc58bcf55eeb97e2934896e858d0232aa8d1138366
v1.29.4: 10e343861c3cb0010161e703307ba907add2aeeeaffc6444779ad915f9889c88
v1.29.3: 89c0435cec75278f84b62b848b8c0d3e15897d6947b6c59a49ddccd93d7312bf
v1.29.2: 7816d067740f47f949be826ac76943167b7b3a38c4f0c18b902fffa8779a5afa
v1.29.1: 69ab3a931e826bf7ac14d38ba7ca637d66a6fcb1ca0e3333a2cafdf15482af9f
v1.29.0: 0e03ab096163f61ab610b33f37f55709d3af8e16e4dcc1eb682882ef80f96fd5
v1.28.15: 1f7651ad0b50ef4561aa82e77f3ad06599b5e6b0b2a5fb6c4f474d95a77e41c5
v1.28.14: e1e8c08f7fc0b47e5d89422e573c3a2e658d95f1ee0c7ea6c8cb38f37140e607
v1.28.13: d7d363dd5a4c95444329bc5239b8718ebe84a043052958b2f15ee2feef9a28c6
v1.28.12: e8aee7c9206c00062ced394418a17994b58f279a93a1be1143b08afe1758a3a2
v1.28.11: 1dba63e1a5c9520fc516c6e817924d927b9b83b8e08254c8fe2a2edb65da7a9c
v1.28.10: 389c17a9700a4b01ebb055e39b8bc0886330497440dde004b5ed90f2a3a028db
v1.28.9: b4693d0b22f509250694b10c7727c42b427d570af04f2065fe23a55d6c0051f1
v1.28.8: e02aad5c0bac52c970700b814645b62c4f18b634144398ac344875dbaf1072f8
@@ -297,6 +379,8 @@ kubectl_checksums:
v1.28.2: c922440b043e5de1afa3c1382f8c663a25f055978cbc6e8423493ec157579ec5
v1.28.1: e7a7d6f9d06fab38b4128785aa80f65c54f6675a0d2abef655259ddd852274e1
v1.28.0: 4717660fd1466ec72d59000bb1d9f5cdc91fac31d491043ca62b34398e0799ce
v1.27.16: 97ea7cd771d0c6e3332614668a40d2c5996f0053ff11b44b198ea84dba0818cb
v1.27.15: c12cf17ec30fb162f8f5fb168e67d4e5b7d6826e08c7648a5f1c6b4e9ba23f39
v1.27.14: 1d2431c68bb6dfa9de3cd40fd66d97a9ac73593c489f9467249eea43e9c16a1e
v1.27.13: e991f163197cbd85bbff22f656a74d48b69db5addfa43cc04cca0cf5328f57f1
v1.27.12: d639eda39be2dce42fbec21e038942ab5734541715e3ea5fb29c9ad76686bd7f
@@ -313,12 +397,22 @@ kubectl_checksums:
v1.27.1: 7fe3a762d926fb068bae32c399880e946e8caf3d903078bea9b169dcd5c17f6d
v1.27.0: 71a78259d70da9c5540c4cf4cff121f443e863376f68f89a759d90cef3f51e87
ppc64le:
v1.29.10: 306973163a10c01a76ebab384b0e900b3293b4f6cc935dfd517f0bb69399be54
v1.29.9: 65bc83b5c7bda9ab04b8fe59d7f81e74bc70a4b2d1b7cb0e83fdd7b4ac284211
v1.29.8: 5a9d8631cf3200bdd714bfe7be1fd25a8e33e1dbd6a79f2df3bfe9076f525ed2
v1.29.7: fd2bb7de3d46a375c63499f8235dc22901b563a9554f315f7606e0bac78fff94
v1.29.6: cc145dc1f27f56c81aa2c96c97370e1341b41fbb4fc64cfde4ef4956230fc0e9
v1.29.5: 1d2635f6bd0218c53037c113171479e15e51b60823f7f1b93afb48ae1d9e5b09
v1.29.4: 10a1a7e4423483a386ab1ab9237cda1e9d24423c2cf23b7fa514f533aa23ce87
v1.29.3: 84292286ed2941e52a9df9ccaaf30c3bfebe02a096b67e553d8b643295f231f0
v1.29.2: 382552d15a1aa7ec5a316b2a912e7fbdaaff2f3c714cd38b2b0c6a48b670fed8
v1.29.1: b7780124ccfe9640f3a37d242d31e8dbb252bcd379bd0d7bf3776d15baf15ca3
v1.29.0: ea926d8cf25e2ce982ff5c375da32b51ccbd122b721b1bc4a32f52a9a0d073ab
v1.28.15: 8ae156fbeb6167e22c02a044361997b6725aa3cb913165ba4f9fb9f483a30f88
v1.28.14: b9fe89da881c7498bfe40b9dfe7f9f64ad0d338a2f6805395b17c4e77f8bc9fb
v1.28.13: a42fbf4c973a619ec9c52f559ab97c2a0bd4cd4e3d17478f9d4f80376b766da5
v1.28.12: ed8255ef27836a88982651bff592e98c623677c926b2a9bc08443319c6678257
v1.28.11: 63fa54ab9b4fc7b61415a8093bd48db9ce609b78f75c09b03b3b82a3a0c3105f
v1.28.10: aea8f54280e56dd58822fa4ae835ce6c6586727b32fb7bc915c2bee5038ccba9
v1.28.9: 6c5f40b6467b67fe2cc1540c7e7cb15ba6ad092361395aa7989c2c26e3de0697
v1.28.8: c9c21c1db306ec34bdc0f8179d1a1e20f8bcdd6d42fccf84267a5686e3218ad1
@@ -330,6 +424,8 @@ kubectl_checksums:
v1.28.2: 87cca30846fec99a4fbea122b21e938717b309631bd2220de52049fce30d2e81
v1.28.1: 81b45c27abbdf2be6c5203dfccfd76ded1ac273f9f7672e6dcdf3440aa191324
v1.28.0: 7a9dcb4c75b33b9dac497c1a756b1f12c7c63f86fc0f321452360fbe1a79ce0f
v1.27.16: 78f3d50e10813a5e99ad4ea42282541634bfd1db86c4054d5eb0a2a750c43936
v1.27.15: 8302d2c2b32cd7a9bd30c7932469d48f62e64c252458f345e5c99d752947b242
v1.27.14: 04e07e0f74f9890ce4e391476ca9404e30a09f541726c6ad9ab43e93fe672cf8
v1.27.13: 39341fa0aa075af4bf0dc0bc0ce4ee628b0301a8ecd18a6277abf4e4cb6c4e5d
v1.27.12: d08c112cba1a2244fa04f6ead792aad37170f828ec2301301256df25fc6ebe59
@@ -347,12 +443,22 @@ kubectl_checksums:
v1.27.0: daa9f1d4fe3f217de2546bca4ac14601f34b34a25c1f571f1e44eb313aee1385
kubeadm_checksums:
arm:
v1.29.10: 0
v1.29.9: 0
v1.29.8: 0
v1.29.7: 0
v1.29.6: 0
v1.29.5: 0
v1.29.4: 0
v1.29.3: 0
v1.29.2: 0
v1.29.1: 0
v1.29.0: 0
v1.28.15: 0
v1.28.14: 0
v1.28.13: 0
v1.28.12: 0
v1.28.11: 0
v1.28.10: 0
v1.28.9: 0
v1.28.8: 0
@@ -364,6 +470,8 @@ kubeadm_checksums:
v1.28.2: 0
v1.28.1: 0
v1.28.0: 0
v1.27.16: 0
v1.27.15: 0
v1.27.14: 0
v1.27.13: 0
v1.27.12: 0
@@ -380,12 +488,22 @@ kubeadm_checksums:
v1.27.1: 0
v1.27.0: 0
arm64:
v1.29.10: a10b015db9b5b5a29420a9f8e696c39f11d171bb9d67ad39c1a6b05f7da6d823
v1.29.9: aa3bd8120fb4c2e8d6eb1b2b9bb27dad92f08ce53275b7246f0f32eff3a025c1
v1.29.8: 37ff550d5c1af726032a38206daeedfd2e0de6124c41379b314dbbcba394d0b1
v1.29.7: d0ad904dc3823821c3920499fc151fc83fb6cb9e1c920e39173f96720ad0e053
v1.29.6: 3ba6879ef491cdd8433647020d345d86c0ea8e77f726375bc4b5495888bbf778
v1.29.5: d4db8c514f2764edc039462c218dbcd316577f76f21b209b76e9a4b1f08e3100
v1.29.4: 438287a91e08cbefecab79be8ac893a935c3dbf6e87bea895fb99f2bc38cf06e
v1.29.3: ce2e4c230f954e59ae77e34c4ff2ae08cad3970505ae1e21b6337e6d83b21682
v1.29.2: e05720feb9d2d67eff25b0156a5c22e2de37be2ffab4e1f4d31e8c526fafd0e1
v1.29.1: 3bff8c50c104c45e416cce9991706c6ac46365f0defbcd54f8cf4ace0fa68dcf
v1.29.0: bbddee2d46d2e1643ae3623698b45b13aa2e858616d61c642f2f49e5bb14c980
v1.28.15: e907b9e8e47a42ea5c1a15d0f7f493337dd35fc53540d344af6fecf191f5764e
v1.28.14: 13f89baf897e8a066bc3e840eee120bb9c36ae3b0fc38c998e3c1812d909f26d
v1.28.13: 989630fb0de6fe750c6ee25ee01b72654a3087434ff488ff8fddedd0278720cc
v1.28.12: e0d94607a036323e45a6866127bc7a374543e27f45f8fc0bf948a2452eab667f
v1.28.11: 15a021fdecf08989d6b64af873d89c61750d3a0564bee58c248eafe5cc4df433
v1.28.10: f6809d72ed1bf6fde460e48e5c714c3bc92f680e328defa9bd592a796347b644
v1.28.9: cd6aefad8144a9771fd470529ff14be2675df7b561f7c56dee3fed4f81332dc4
v1.28.8: e0f47adc69ef84e2f6c42cc341b8a790904a929ad10ed1c23c2e822ec804e247
@@ -397,6 +515,8 @@ kubeadm_checksums:
v1.28.2: 010789a94cf512d918ec4a3ef8ec734dea0061d89a8293059ef9101ca1bf6bff
v1.28.1: 7d2f68917470a5d66bd2a7d62897f59cb4afaeffb2f26c028afa119acd8c3fc8
v1.28.0: b9b473d2d9136559b19eb465006af77df45c09862cd7ce6673a33aae517ff5ab
v1.27.16: 39fb88ab0f6b943bbe61dde5d7ea58ce728045a0556f9b6f56d66fe1f20affcc
v1.27.15: 577630b65c54ba9b629c9c42e35ba0939ce03dcb8f38fb79583ec3c9db9141a7
v1.27.14: cb840eb83404047cdafec0b15054023c90a47491b56d2dceba1050040f37cc7e
v1.27.13: f334ba0612fada50e98a7ea56b686b35c22f0e3243ec2210f2a6a87e841a139f
v1.27.12: e74d47c14b5a251cff961dcce92cd632abcfd0fba4a07e78f0a5a5b2796e4b84
@@ -413,12 +533,22 @@ kubeadm_checksums:
v1.27.1: 024a59cd6fc76784b597c0c1cf300526e856e8c9fefa5fa7948158929b739551
v1.27.0: acd805c6783b678ee0068b9dd8165bbfd879c345fd9c25d6a978dbc965f48544
amd64:
v1.29.10: 9098c908e0f3a601e8bef9b2cdb4a9777e18204595a6542be58b3928c7b51440
v1.29.9: e313046d79c3f78d487804fc32248c0575af129bc8a31bca74b191efa036e0b1
v1.29.8: fe054355e0ae8dc35d868a3d3bc408ccdff0969c20bf7a231ae9b71484e41be3
v1.29.7: 7699c6f06fbc8e813766b8237de69a095ad820fe484856ffd921a7894b5af605
v1.29.6: 8f1e04079e614dd549e36be8114ee7022517d646ea715b5778e7c6ab353eb354
v1.29.5: e424dcdbe661314b6ca1fcc94726eb554bc3f4392b060b9626f9df8d7d44d42c
v1.29.4: ea20ab064f716ab7f69a36d72df340257b31c9721ea86e1cf9d70b35999ddeea
v1.29.3: 6abaa1208bf40b6d1f49e518bd68c8ae4a1be0c5b7d3e45d87979999ab070d8b
v1.29.2: 2d4e4fa8685bcbfb661cb41050cd4756f50a7aa147f68492d51a99f9cdfd69ac
v1.29.1: d4d81d9020b550c896376fb9e0586a9f15a332175890d061619b52b3e9bc6cbd
v1.29.0: 629d4630657caace9c819fd3797f4a70c397fbd41a2a7e464a0507dad675d52c
v1.28.15: 0555b2c2fd30efcdb44b7fba5460c3dc3d3e39f2301e1eef7894a9f8976e1b4c
v1.28.14: 2fd2f8269a3baa8248f598cfbea8d2234291726fd534d17211b55a1ffb6b8c9b
v1.28.13: f23e9586811312998bc5e8847f6df52fc04809aed8c2c2fd750f2c42b3f87192
v1.28.12: 3ffcf5100c6bca3dd0a6c317c744dd97fe497c7c4aefe468321171f940d34971
v1.28.11: 1f2c7c69736698aa13a59c6705ac26b7b6752d9651330605369357c1ac99c7c6
v1.28.10: 1a344d34755c5f005120308f09a730e7564c8f857de6606b6bc5f18a69606e5a
v1.28.9: a4d8acf0a74cb1d07d96a1a34148f54c6420874221af16d8ec902d9bffc7ef89
v1.28.8: c11946cbfd962e1197062534514226cfd70230349e6343ff3ecebfca5476ee64
@@ -430,6 +560,8 @@ kubeadm_checksums:
v1.28.2: 6a4808230661c69431143db2e200ea2d021c7f1b1085e6353583075471310d00
v1.28.1: 6134dbc92dcb83c3bae1a8030f7bb391419b5d13ea94badd3a79b7ece75b2736
v1.28.0: 12ea68bfef0377ccedc1a7c98a05ea76907decbcf1e1ec858a60a7b9b73211bb
v1.27.16: 33622018f83515331ac70c2041eba5d814a6d78a40b8869f089ea502f63a1421
v1.27.15: e6f8313e213a8a75deda81edf445d0d785493f6a0a0caadf31e88d173b607943
v1.27.14: 1ce264643e521494e111b1c9ee59694a54d1f2464bbac3a7a531324ffeae0182
v1.27.13: b88c30b7067f095b7fa02c5560cc50d6e69a5a9fecc606ef477dc7efc86453b9
v1.27.12: 06ee36cc80cfdfc01c937d750783d3ca6169a3da76382c7af3dd172d9f6bfa4e
@@ -446,12 +578,22 @@ kubeadm_checksums:
v1.27.1: c7d32d698e99b90f877025104cb4a9f3f8c707e99e6817940f260135b6d1ad0a
v1.27.0: 78d0e04705a7bdb76a514d60f60c073b16334b15f57ee87f064354ca8a233e80
ppc64le:
v1.29.10: 5f90095f3bd107fef219984e0aade9a7ab12c960392596e9ec08f31dca73acc1
v1.29.9: c3d815d39d53c8baa61ee6cd1185c59fb29ecf49775585b689a2ae7dde62ca7a
v1.29.8: 8a43d185d3eea5abcf98abe8d4b8ca9fe8d7afef65073e026a3bb16cf5c9df99
v1.29.7: 8570e534f3712511284b2e0122d8fe46e36050a0c009df852b69b2de931c53b7
v1.29.6: 577cdd37fc929be0ffcdc2aa5337bba36a409e00f538da0dcca611a4161be461
v1.29.5: 05c92f52d75268f0aaff5056e0d6b3e03002b2d17432360750100ada9b2c381b
v1.29.4: ec47a2dbe1969b9513b0313b5b07b72a870e5da54864d9c8391ec5e857404659
v1.29.3: c0e1f6e9451f28c7b8abf7d3a081fe97578ada69908135e3390f5783511ff7f8
v1.29.2: a0f8ffa8cbfa4bb061ff028df2f6dbb31a9527c561d8c0186d679559f9f347b4
v1.29.1: 3ec6d90c05dd8e4c6bb1f42fd2fe0f091d85317efaf47d9baebd9af506b3878b
v1.29.0: 4c414a463ed4277e9062c797d1c0435aa7aec2fd1688c5d34e3161c898113cb5
v1.28.15: cdb1491e3b275a26d3450feb0cb3d02fbf301681d91c1e0b056e82629417efa2
v1.28.14: cdd9d968ef1d78a45b993417dcb5866aabdf69807362369d2e8f5e18689829eb
v1.28.13: 5bb59bbb9b6d813d30eb0af905d66e6f1e24f9b8576a272bdb5cf7ab75044e76
v1.28.12: 36f6419cacb46b44d762c12a9580f1e16c6af266e4269e8cedb4d8e5fe355da1
v1.28.11: 23d8f0c63acea7c9ae4082930f4fa82fc9659ea112f408a439a09a40c5d59223
v1.28.10: 39a5a27b70ea9eb7e86a37c8862691d875f462a6d52a02355873ffca4595e045
v1.28.9: 616d06ae90a8e3eb79d99a06b1a7dd304da02e7a2d8c58c1c0e501bdd3982a00
v1.28.8: 5a42d2c06f553c4284ce6f3f48432389cd63f768f2a032b78ca6ee4c925e9b11
@@ -463,6 +605,8 @@ kubeadm_checksums:
v1.28.2: fdc28482a4316c84d61b0997c29c4d4c7b11459af9c654fdee3b4a3031f0fcb7
v1.28.1: 73e06f2b614ed5665951f7c059e225a7b0b31319c64a3f57e146fbe7a77fe54e
v1.28.0: 146fe9194486e46accd5054fa93939f9608fdbeefefc4bc68e4c40fb4a84ccc9
v1.27.16: 2b44d776fc36798ef8a96be53d582533afd95533c53610597e01aa663fb83be5
v1.27.15: 35f3d3c2a1986ce5487a338fbe257e0be02036a46c0af3fe3a80af9ed1f24905
v1.27.14: 9eb15d0db3ade2b1fa3035ed1cb2cfb6f00cc090451d4457bcf08edbcca3616e
v1.27.13: 2b5812317f2afaabb14c84a32b8b0dc43c447afa994d0a4c02a8ea4e6bea05db
v1.27.12: 6be7ae703299b3c2788ca5e689973d659038a6edc8dde68d7fc966fa539cba0f
@@ -480,6 +624,10 @@ kubeadm_checksums:
v1.27.0: cf2860aef800496fee0d9fd8722bd7d17c6609e32d87ca380127151f2ce02bb0
etcd_binary_checksums:
arm:
v3.5.16: 0
v3.5.15: 0
v3.5.14: 0
v3.5.13: 0
v3.5.12: 0
v3.5.11: 0
v3.5.10: 0
@@ -488,6 +636,10 @@ etcd_binary_checksums:
v3.5.7: 0
v3.5.6: 0
arm64:
v3.5.16: 8e68c55e6d72b791a9e98591c755af36f6f55aa9eca63767822cd8a3817fdb23
v3.5.15: 5aa28b435edb1f22bf6455f754e16a13e3e4eb1ad8fc7c22ad47aa8e722febf2
v3.5.14: 90510c79c4aae3c3313691f5770fc53b3ac883338fc0254bf8d22460acd3c19d
v3.5.13: 2854993bf622764ccdeb7a146fae2965cb0fcba93c5c8f391e0d5f153c8a7a02
v3.5.12: 31f30c01918771ece28d6e553e0f33be9483ced989896ecf6bbe1edb07786141
v3.5.11: 6edf0cddc8fa2d7674129abe2e44d5a37cc3a6e3b500c13c6cbc2ed2ecf08bf4
v3.5.10: ff74a6018d9b2a1320bff30e5a11b4f2f5c2a3d147df8a8bad53c01b9f800ee1
@@ -496,6 +648,10 @@ etcd_binary_checksums:
v3.5.7: 1a35314900da7db006b198dd917e923459b462128101736c63a3cda57ecdbf51
v3.5.6: 888e25c9c94702ac1254c7655709b44bb3711ebaabd3cb05439f3dd1f2b51a87
amd64:
v3.5.16: b414b27a5ad05f7cb01395c447c85d3227e3fb1c176e51757a283b817f645ccc
v3.5.15: 3f6b48d8c2844699f2b19c1880508ecf63e1489769ed37ebb97495d5cd848a89
v3.5.14: b0b34298f53f6830f08e7ddc57fc74dc45563216a66e94d9e6b0b9e0b0281b34
v3.5.13: 31e6fcbee0e8c3df27cf1ba69b522e338377f5ed6447f5d05700aee367f3b7e7
v3.5.12: f2ff0cb43ce119f55a85012255609b61c64263baea83aa7c8e6846c0938adca5
v3.5.11: e256885e753dc99001335e099d3c2eb8cf21a865a087ee4d7e3665752ae5929a
v3.5.10: 26e90d024fa2310bc52bb40e7f2132e81640b55f8fc446c00ae07e30af2a44fd
@@ -504,6 +660,10 @@ etcd_binary_checksums:
v3.5.7: a43119af79c592a874e8f59c4f23832297849d0c479338f9df36e196b86bc396
v3.5.6: 4db32e3bc06dd0999e2171f76a87c1cffed8369475ec7aa7abee9023635670fb
ppc64le:
v3.5.16: 33322806f4a2aa3d4947a4d42ec6a120296535e7f00e2f9d74e515e9386333e0
v3.5.15: 6512f7308a0d0af7c9bb46bca1c4f4e816304304d838d1045ae21d9772c5490e
v3.5.14: 01681d4d33bba5130c9cffca42c35b0f68e0d991b0b4ee65dab6fd36568d4fee
v3.5.13: f372b524e2c118dbb0dbe1097474a072fc93bc30da65efa92999137303bcd9a7
v3.5.12: ebd8060508d572678d8d1e4f90f87863e3a6cfcba856ceca32379b03251c0597
v3.5.11: a2e70b291811fa8ccc34cc7d297bf7d31e3af790bc31e54cad034a49e9db2eb7
v3.5.10: 10cd8e4ecf6718b9712bf2edfac2e4924d7f21dbe58d368e6e10578c85bd8c01
@@ -546,6 +706,7 @@ cni_binary_checksums:
v1.0.0: 1a055924b1b859c54a97dc14894ecaa9b81d6d949530b9544f0af4173f5a8f2a
calicoctl_binary_checksums:
arm:
v3.27.4: 0
v3.27.3: 0
v3.27.2: 0
v3.27.1: 0
@@ -568,10 +729,12 @@ calicoctl_binary_checksums:
v3.23.5: 0
v3.23.4: 0
arm64:
v3.27.4: 8544b601a67e0594009dafef6d3237fcf6f32fb64726c09abc1f2ce9d6819496
v3.27.3: 1fc5f58a18d8b1c487b4663fc5cbe23b45bd9d31617debd309f6dfac7c11a8ef
v3.27.2: 0fd1f65a511338cf9940835987d420c94ab95b5386288ba9673b736a4d347463
v3.27.1: 0
v3.27.0: b4b8c71f9658165e45336b9b5e4fad865529feeffe4294247eb5b4c4310dcaf9
v3.26.5: 424f2e41ac859a5e270959f8703cb44171bd7199f0a4c3df12e8a4f180e9d969
v3.26.4: d647d9443ce89df62da6619643375a4f577f5a7fa4e1162416403df521826c2d
v3.26.3: c50272a39658a3b358b33c03fe10d1dde894764413279fecc72d40b95535b398
v3.26.2: 44de9118f481a1125e2d50cdfbb55073e744dd8e71d2be45eeb2757302910c67
@@ -590,10 +753,12 @@ calicoctl_binary_checksums:
v3.23.5: 0941ad0deeb03d8fda96340948cdbc15d14062086438150cf3ec5ee2767b22c3
v3.23.4: c54b7d122d9315bbab1a88707b7168a0934a80c4f2a94c9e871bcc8a8cf11c11
amd64:
v3.27.4: 84f2bd29ef7b06e85a2caf0b6c6e0d3da5ab5264d46b360e6baaf49bbc3b957d
v3.27.3: e22b8bb41684f8ffb5143b50bf3b2ab76985604d774d397cfb6fb11d8a19f326
v3.27.2: 692f69dc656e41cd35e23e24f56c98c4aeeb723fed129985b46f71e6eb5e1594
v3.27.1: 0
v3.27.0: 46e79ae146b3dd90998f56511cf5d6db64deb97cb784235caf1f99e0672d66e4
v3.26.5: 3c5b3bf8d6cd4f9e14f585ca9ea5b8614209daa6019e25036b15062110022afc
v3.26.4: 9960357ef6d61eda7abf80bd397544c1952f89d61e5eaf9f6540dae379a3ef61
v3.26.3: 82bd7d12b0f6973f9593fb62f5410ad6a81ff6b79e92f1afd3e664202e8387cf
v3.26.2: eba9bc34f44801a513c48f730a409dc1ece0ebfd9c1acc21fd3adf0eff93ecdc
@@ -612,10 +777,12 @@ calicoctl_binary_checksums:
v3.23.5: 4c777881709ddaabcf4b56dcbe683125d7ed5743c036fee9273c5295e522082f
v3.23.4: 1ea0d3b6543645612e8239978878b6adefdb7619a16ecbdb8e6dc2687538f689
ppc64le:
v3.27.4: 1d44e119d9836eb4715f42a915a849377f7d6a6881b73ce66d0c95092e29d4f2
v3.27.3: 5f2ac510c0ec31ec4c02ff2660f2502b68b655616d5b766a51bd99d2e3604fbc
v3.27.2: f918bb88de1d01de3d143e1e75d0ee1256f247c5cbabec7d665aaf8d1fd3cc6c
v3.27.1: 0
v3.27.0: 3de46d8bc30c6f9d9387d484ed62a5655c1f204b1b831b5a90f0a0d1c1ffd752
v3.26.5: 115427fa9d135a17b92efd5fdb9d68588dd5186c06772bc9f56be27dbec89e3b
v3.26.4: 41cfa77cc27cfe89a046ddb033cf71a46512f4b81251e28c69fca2cee13617ff
v3.26.3: 30a32acbe71894a9783e350ed44294e739b3322f157b2c224ad3c058473e5701
v3.26.2: c4d42a85afb67020e9cf9dcafe184af6ad60c5609d60001b9505b1a83959b246
@@ -679,6 +846,7 @@ ciliumcli_binary_checksums:
v0.15.16: 0
v0.15.15: 0
calico_crds_archive_checksums:
v3.27.4: 5f6ac510bd6bd8c14542afe91f7dbcf2a846dba02ae3152a3b07a1bfdea96078
v3.27.3: d11a32919bff389f642af5df8180ad3cec586030decd35adb2a7d4a8aa3b298e
v3.27.2: 8154bb4aad887f2a5500b505fe203a918f72c4e602b04c688c4b94f76a26e925
v3.27.1: 76abb0db222af279e3514cfae02be9259097b565bbb2ffcb776ca00566480edb
@@ -742,6 +910,8 @@ krew_archive_checksums:
v0.4.3: 0
helm_archive_checksums:
arm:
v3.14.4: 962297c944c06e1f275111a6e3d80e37c9e9e8fed967d4abec8efcf7fc9fb260
v3.14.3: d4ff88f02d6731ec5dbde86a67bf391e673d0d9e87901727fbf62372aff106ec
v3.14.2: b70fb6fa2cdf0a5c782320c9d7e7b155fcaec260169218c98316bb3cf0d431d9
v3.14.1: f50c00c262b74435530e677bcec07637aaeda1ed92ef809b49581a4e6182cbbe
v3.14.0: cf38dfdead7266ae56662743bda0c78655814f0adeca382d1b07a812bb1a599a
@@ -750,6 +920,8 @@ helm_archive_checksums:
v3.13.1: a9c188c1a79d2eb1721aece7c4e7cfcd56fa76d1e37bd7c9c05d3969bb0499b4
v3.13.0: bb2cdde0d12c55f65e88e7c398e67463e74bc236f68b7f307a73174b35628c2e
arm64:
v3.14.4: 113ccc53b7c57c2aba0cd0aa560b5500841b18b5210d78641acfddc53dac8ab2
v3.14.3: 85e1573e76fa60af14ba7e9ec75db2129b6884203be866893fa0b3f7e41ccd5e
v3.14.2: c65d6a9557bb359abc2c0d26670de850b52327dc3976ad6f9e14c298ea3e1b61
v3.14.1: f865b8ad4228fd0990bbc5b50615eb6cb9eb31c9a9ca7238401ed897bbbe9033
v3.14.0: b29e61674731b15f6ad3d1a3118a99d3cc2ab25a911aad1b8ac8c72d5a9d2952
@@ -758,6 +930,8 @@ helm_archive_checksums:
v3.13.1: 8c4a0777218b266a7b977394aaf0e9cef30ed2df6e742d683e523d75508d6efe
v3.13.0: d12a0e73a7dbff7d89d13e0c6eb73f5095f72d70faea30531941d320678904d2
amd64:
v3.14.4: a5844ef2c38ef6ddf3b5a8f7d91e7e0e8ebc39a38bb3fc8013d629c1ef29c259
v3.14.3: 3c90f24e180f8c207b8a18e5ec82cb0fa49858a7a0a86e4ed52a98398681e00b
v3.14.2: 0885a501d586c1e949e9b113bf3fb3290b0bbf74db9444a1d8c2723a143006a5
v3.14.1: 75496ea824f92305ff7d28af37f4af57536bf5138399c824dff997b9d239dd42
v3.14.0: f43e1c3387de24547506ab05d24e5309c0ce0b228c23bd8aa64e9ec4b8206651
@@ -766,6 +940,8 @@ helm_archive_checksums:
v3.13.1: 98c363564d00afd0cc3088e8f830f2a0eeb5f28755b3d8c48df89866374a1ed0
v3.13.0: 138676351483e61d12dfade70da6c03d471bbdcac84eaadeb5e1d06fa114a24f
ppc64le:
v3.14.4: d0d625b43f6650ad376428520b2238baa2400bfedb43b2e0f24ad7247f0f59b5
v3.14.3: aab121ca470e2a502cda849a9b3e92eeb9a32e213b0f0a79a95a04e375d26ce7
v3.14.2: f3bc8582ff151e619cd285d9cdf9fef1c5733ee5522d8bed2ef680ef07f87223
v3.14.1: 4d853ab8fe3462287c7272fbadd5f73531ecdd6fa0db37d31630e41ae1ae21de
v3.14.0: f1f9d3561724863edd4c06d89acb2e2fd8ae0f1b72058ceb891fa1c346ce5dbc
@@ -808,24 +984,32 @@ cri_dockerd_archive_checksums:
0.3.5: 0
runc_checksums:
arm:
v1.1.14: 0
v1.1.13: 0
v1.1.12: 0
v1.1.11: 0
v1.1.10: 0
v1.1.9: 0
v1.1.8: 0
arm64:
v1.1.14: 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126
v1.1.13: 4b93701752f5338ed51592b38e039aef8c1a59856d1225df21eba84c2830743c
v1.1.12: 879f910a05c95c10c64ad8eb7d5e3aa8e4b30e65587b3d68e009a3565aed5bb8
v1.1.11: 9f1ee53f06b78cc4a115ca6ae4eec10567999539ce828a22c5351edba043ed12
v1.1.10: 4830afd426bdeacbdf9cb8729524aa2ed51790b8c4b28786995925593708f1c8
v1.1.9: b43e9f561e85906f469eef5a7b7992fc586f750f44a0e011da4467e7008c33a0
v1.1.8: 7c22cb618116d1d5216d79e076349f93a672253d564b19928a099c20e4acd658
amd64:
v1.1.14: a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8
v1.1.13: bcfc299c1ab255e9d045ffaf2e324c0abaf58f599831a7c2c4a80b33f795de94
v1.1.12: aadeef400b8f05645768c1476d1023f7875b78f52c7ff1967a6dbce236b8cbd8
v1.1.11: 77ae134de014613c44d25e6310a57a219a7a91155cd47d069a0f22a2cad5caea
v1.1.10: 81f73a59be3d122ab484d7dfe9ddc81030f595cc59968f61c113a9a38a2c113a
v1.1.9: b9bfdd4cb27cddbb6172a442df165a80bfc0538a676fbca1a6a6c8f4c6933b43
v1.1.8: 1d05ed79854efc707841dfc7afbf3b86546fc1d0b3a204435ca921c14af8385b
ppc64le:
v1.1.14: 31630474455c4208594623f1337a06556c7fe42d3983000ca800ad3bef6d8164
v1.1.13: 4675d51dc0b08ad8e17d3065f2e4ce47760728945f33d3092385e792357e6519
v1.1.12: 4069d1d57724126e116ad6dbd84409082d1b0afee1ee960b17558f146a742bb6
v1.1.11: e3d1da41f97db1bb7e9a8d96c9092747c14ee53bc9f160048828e63f3a2d0896
v1.1.10: 94a091c06c363e4af7be398dc31fa6e02576d5ecda6de1cbf3a08fe8662bf678
@@ -1006,6 +1190,9 @@ gvisor_containerd_shim_binary_checksums:
20231218: 0
nerdctl_archive_checksums:
arm:
1.7.7: 26582565426152dc426fd47d8090547128e415314f36710bc58ab475160ab0a4
1.7.6: 4c48463659b09636aa23b50825f85cdc38901b6c42e321f69a589d89f6e1d0d5
1.7.5: 2d258a7d67e9fa808424ad42f9299a0feb318cafd2758f0287748acedeee4c0d
1.7.4: 91d3a8bcc2247dd80f8f5769419e6f344dea412937de4c318f65d8e9bf01355b
1.7.3: 44369f34a98e5955eb02e41779b1a470332194e4c2bef136fe471943eaf8057a
1.7.2: d952c1cbe3d25478bbed5f4ee7af4bb52fa4ed47e43802dc5eb2888a4c8da704
@@ -1014,6 +1201,9 @@ nerdctl_archive_checksums:
1.6.2: 69363f4dbf2616d5238647bfbff60525b7b59417a26de8eb255b6d6a09171175
1.6.1: 89187ff46c5a515a5635a4017a476d82cdc1fc3de906135273c64329189b906e
arm64:
1.7.7: 230ad8f4f88100774d123213a427d3d43071e0dcf9f70efbea50ab9efff1cd4c
1.7.6: 4fa0a6e936c7a9cb9bb81e784fddaa593cb00afb48b08842e3f0503748c21348
1.7.5: a53d87fc7d1f4ffeec55e5e08d2397b02ada0d334874c3cece306ad36f828a6c
1.7.4: d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d
1.7.3: e4f16b78d884768f6997558130146ba9bd7846828b19fa2ca8e8eda988953fd7
1.7.2: de68d5380d65604cd26c164988547cf46b698f7819a5d51d98e3a0f031f5594d
@@ -1022,6 +1212,9 @@ nerdctl_archive_checksums:
1.6.2: ece848045290dd61f542942248587e91125563af46c0ea972a7c908d0d39c96c
1.6.1: b91ec17a6f7bcb148ed7ad086da6c470ee33f7218c769d5d490e0a1d6a45fdb4
amd64:
1.7.7: 298bb95aee485b24d566115ef7e4e90951dd232447b05de5646a652a23db70a9
1.7.6: 0326d6a42dbec5c104ed9d7aa8cbc62727433dbe000cf21cc29d06b22507e0f0
1.7.5: 775f8bddd5e93acc4162c568dd6b84d5925549180991b83cfd4b7e33d4844921
1.7.4: 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7
1.7.3: ee93ffe6f90e50bde153a9a0dd779594e0bc13a26949053965958b91b6dffdd0
1.7.2: aed7d33d645bfb97c8df978d952a1e1f7e02b0b3ed2c0089ee4285af7f8f971b
@@ -1030,6 +1223,9 @@ nerdctl_archive_checksums:
1.6.2: 67991fc144b03596f15be6c20ca112d10bd92ad467414e95b0f1d60d332ae34e
1.6.1: 992e4ffd3d88cf197f78b78333ac345faf5f184a119d43ad8a106f560781fd89
ppc64le:
1.7.7: 8236524c4cc6c91007c794160065716516a4f7b63270dc00b796df11776b4f19
1.7.6: 89906f9bcdf8d5bd866646c43e14c0ae15a83ba3ebed44b06c3629a11517e242
1.7.5: 8e0891f608144d8d751070edea5cd98d2a76a053ad7fa6b9d4aae94a700aaea2
1.7.4: 97c99ab6030ffac1fb780fe012de06a36512b17b13de5c99445468b5a5fe5a62
1.7.3: e63ae0a8f5ccd12877ff944b609d0a4c55c97ba79808ab16c7dc7e99fd8f3dd6
1.7.2: e5c01702d3cec0763d28bd3cf6ea9c3efc58662a93cb4e15669a839782af10d7
@@ -1039,6 +1235,12 @@ nerdctl_archive_checksums:
1.6.1: 3924467d9430df991ebdf4e78211bac2b29e9a066d5000d98f8d4ebde2bb7b4c
containerd_archive_checksums:
arm:
1.7.22: 0
1.7.21: 0
1.7.20: 0
1.7.19: 0
1.7.18: 0
1.7.17: 0
1.7.16: 0
1.7.15: 0
1.7.14: 0
@@ -1056,6 +1258,9 @@ containerd_archive_checksums:
1.7.2: 0
1.7.1: 0
1.7.0: 0
1.6.34: 0
1.6.33: 0
1.6.32: 0
1.6.31: 0
1.6.30: 0
1.6.29: 0
@@ -1075,6 +1280,12 @@ containerd_archive_checksums:
1.6.15: 0
1.6.14: 0
arm64:
1.7.22: 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce
1.7.21: 7b6b67d998eb86856d23df5d57269c054539072bbb27677975cf78269b2c5c10
1.7.20: cf80cd305f7d1c23aaf0c57bc1c1e37089cad9130d533db6fe968cdebd16c759
1.7.19: 1839e6f7cd7c62d9df3ef3deac3f404cdd5cd47bbdf8acfeb0b0f3776eb20002
1.7.18: e80ce87b469af03b3bdcf68b95f0f4a303787ae247581bcd42f04acf1ad4c24d
1.7.17: 8d9749985796a208e860afe331ec77cb485566104e5cc7c0b5e9e82ec7681969
1.7.16: 2d4373de40a6f58cd0f29377c0257b35697a987248e6268520586996771d7a75
1.7.15: 5cc8bd8f3d9803ef0ef701596e89d62ad6850a2544e722842f4533642df36d87
1.7.14: 44df66d0a0332465e7d15e90b974cd4f08d059dfa26652218ed9485390f47f9e
@@ -1092,6 +1303,9 @@ containerd_archive_checksums:
1.7.2: d75a4ca53d9addd0b2c50172d168b12957e18b2d8b802db2658f2767f15889a6
1.7.1: 1f828dc063e3c24b0840b284c5635b5a11b1197d564c97f9e873b220bab2b41b
1.7.0: e7e5be2d9c92e076f1e2e15c9f0a6e0609ddb75f7616999b843cba92d01e4da2
1.6.34: 9e898686ff003cec2d80c30cf5ad342c1ac88373568dae792f93cd088e66d038
1.6.33: 432cf17fbc01ba4fc59b949210baa96865185b8eb3b3292eb7a00e2f6bde9fe9
1.6.32: a9cb16bafbf1eb8cea11b4803d76f78cf7bef311b951dd1ae49c238bb41ec649
1.6.31: 91a74cc602c7724668537f754006692114af70cfb6ef840b288f922fa68f7ed7
1.6.30: 0bbf1eed508d6ebc240b900648c76f12a07c0c6125aa8c22d46c9ce24252f9e3
1.6.29: 0
@@ -1111,6 +1325,12 @@ containerd_archive_checksums:
1.6.15: d63e4d27c51e33cd10f8b5621c559f09ece8a65fec66d80551b36cac9e61a07d
1.6.14: 3ccb61218e60cbba0e1bbe1e5e2bf809ac1ead8eafbbff36c3195d3edd0e4809
amd64:
1.7.22: f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468
1.7.21: 3d1fcdfd0b141f4dc4916b7aee7f9a7773dc344baffc8954e1ca66b1adc5c120
1.7.20: e09410787b6f392748959177a84e024424f75d7aff33ea1c5b783f2260edce67
1.7.19: 97f75e60f0ad19d335b1d23385835df721cad4492740d50576997f2717dc3f94
1.7.18: a24b05b341c155a0ec367d3d0fd1d437c09a0261dffdecc0e44e9abbf2d02aca
1.7.17: 04cf937349f82d29fe98553ff45a7e9ea2ed6b81fe6514e3679cf263b50409ff
1.7.16: 4f4f2c3c7d14fd59a404961a3a3341303c2fdeeba0e78808c209f606e828f99c
1.7.15: ea27e6454954bd9cb62a70b0a40eb085ae9c96cb8c075a74910102b33586e07d
1.7.14: 48e0d9747cd51cb90e0b278d100397653d9f2e765effca194427e4796395b240
@@ -1128,6 +1348,9 @@ containerd_archive_checksums:
1.7.2: 2755c70152ab40856510b4549c2dd530e15f5355eb7bf82868e813c9380e22a7
1.7.1: 9504771bcb816d3b27fab37a6cf76928ee5e95a31eb41510a7d10ae726e01e85
1.7.0: b068b05d58025dc9f2fc336674cac0e377a478930f29b48e068f97c783a423f0
1.6.34: 18969d667cd6b9993d168f6d30f9ad978f0aca72cf984c1f522fc5277780885b
1.6.33: a0c7daa50386dc3ca19cbeb83d6987d43bdd92c0bb0429d08be7f9be4f9c307a
1.6.32: 7acab4dda6edb7e8e0a6cfc3abd9f323db05a3d92a8a1842de8f6c9e28af501d
1.6.31: 52080601f414b7e63a5b8e0cb8c1d641c9e070447ac96da9b1aeb00480744ba5
1.6.30: 1f1b65190b626883394e6f2ecbe5141afc6c45fc1ca035ef052e66bb2c479a5f
1.6.29: 0
@@ -1147,6 +1370,12 @@ containerd_archive_checksums:
1.6.15: 191bb4f6e4afc237efc5c85b5866b6fdfed731bde12cceaa6017a9c7f8aeda02
1.6.14: 7da626d46c4edcae1eefe6d48dc6521db3e594a402715afcddc6ac9e67e1bfcd
ppc64le:
1.7.22: 6747b7291ffbfde2c0bf0031978985df92ac74414f09bf190afda0fc9e797146
1.7.21: 5ce0c1125e8d9ca04e2b524a2bac8b1eb97876c073023d5e083f7da64fcd8207
1.7.20: dc611df0baa90509dda35e0be993da52f42b067514329fcf538d000b110364e8
1.7.19: f41c2f28ee933a9ca24ff02cca159099fbcf798850e56cf0b7a6047ebe21fa86
1.7.18: d6cfb3bc8fbdead7d435d5f3f6b1913b5896f7f97102c1bbad206f9123c2a5d3
1.7.17: 873b76a507d362eec73887f61fa1400f3a892c7dbed1759f5dad2b654095b534
1.7.16: d0add7a55a5d4411cafb276469d2b78bc3ada11cb4b444b9e35f9ef60c00960d
1.7.15: b38641d9bd18139495cf9839999039b19941f53d36a6d72efe4577c489dfda0c
1.7.14: b84b523909b9dd0c0b2bc40bd2b9af543ec9f1186df69c220ae3749e34623dbb
@@ -1164,6 +1393,9 @@ containerd_archive_checksums:
1.7.2: cbe7ec913cb603ca218bd8867efdce4bee3b0e0115e467e51c910467daf8184e
1.7.1: 17d97ef55c6ce7af9778dbafb5e73f577d1b34220043a91cccde49dbcc610342
1.7.0: 051e897d3ee5b8c8097f65be447fea2d29226b583ca5d9ed78e9aebcf4e69889
1.6.34: 14a4392ba4e533e313fe6d3ed1a68cfdce038b87ad4693be6e71ff31568e2173
1.6.33: 0a77fba37290a40a7853dbd7e5a297288d3657f7e92cd7864bc7187189a0a370
1.6.32: d733e4b66ca2bc8191ae5e8770e4806ebd4094fdc657258045b925930ad9bfc5
1.6.31: 4458a2398f27241b6e674ea9ba1f56dc4d9ab9dacc5a07469602776c3e428110
1.6.30: ba3d790f504a845b060e2faae3cc0603afd125ebdddb3bdb513b8d70a4337d87
1.6.29: 0

20
roles/kubespray-defaults/defaults/main/download.yml
View File

@@ -76,11 +76,11 @@ image_arch: "{{ host_architecture | default('amd64') }}"
# Versions
kubeadm_version: "{{ kube_version }}"
crun_version: 1.14.4
runc_version: v1.1.12
runc_version: v1.1.14
kata_containers_version: 3.1.3
youki_version: 0.1.0
gvisor_version: 20240305
containerd_version: 1.7.16
containerd_version: 1.7.22
cri_dockerd_version: 0.3.11
# this is relevant when container_manager == 'docker'
@@ -101,7 +101,7 @@ github_image_repo: "ghcr.io"
# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
# after migration to container download
calico_version: "v3.27.3"
calico_version: "v3.27.4"
calico_ctl_version: "{{ calico_version }}"
calico_cni_version: "{{ calico_version }}"
calico_flexvol_version: "{{ calico_version }}"
@@ -124,8 +124,8 @@ kube_ovn_version: "v1.11.5"
kube_ovn_dpdk_version: "19.11-{{ kube_ovn_version }}"
kube_router_version: "v2.0.0"
multus_version: "v3.8"
helm_version: "v3.14.2"
nerdctl_version: "1.7.4"
helm_version: "v3.14.4"
nerdctl_version: "1.7.7"
krew_version: "v0.4.4"
skopeo_version: "v1.15.0"
@@ -139,9 +139,9 @@ pod_infra_supported_versions:
pod_infra_version: "{{ pod_infra_supported_versions[kube_major_version] }}"
etcd_supported_versions:
v1.29: "v3.5.12"
v1.28: "v3.5.12"
v1.27: "v3.5.12"
v1.29: "v3.5.16"
v1.28: "v3.5.16"
v1.27: "v3.5.16"
etcd_version: "{{ etcd_supported_versions[kube_major_version] }}"
crictl_supported_versions:
@@ -331,13 +331,13 @@ rbd_provisioner_image_tag: "{{ rbd_provisioner_version }}"
local_path_provisioner_version: "v0.0.24"
local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner"
local_path_provisioner_image_tag: "{{ local_path_provisioner_version }}"
ingress_nginx_version: "v1.10.1"
ingress_nginx_version: "v1.11.2"
ingress_nginx_controller_image_repo: "{{ kube_image_repo }}/ingress-nginx/controller"
ingress_nginx_opentelemetry_image_repo: "{{ kube_image_repo }}/ingress-nginx/opentelemetry"
ingress_nginx_controller_image_tag: "{{ ingress_nginx_version }}"
ingress_nginx_opentelemetry_image_tag: "v20230721-3e2062ee5"
ingress_nginx_kube_webhook_certgen_image_repo: "{{ kube_image_repo }}/ingress-nginx/kube-webhook-certgen"
ingress_nginx_kube_webhook_certgen_image_tag: "v1.4.1"
ingress_nginx_kube_webhook_certgen_image_tag: "v1.4.3"
alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
alb_ingress_image_tag: "v1.1.9"
cert_manager_version: "v1.13.2"

2
roles/kubespray-defaults/defaults/main/main.yml
View File

@@ -18,7 +18,7 @@ kubelet_fail_swap_on: true
kubelet_swap_behavior: LimitedSwap
## Change this to use another Kubernetes version, e.g. a current beta release
kube_version: v1.29.5
kube_version: v1.29.10
## The minimum version working
kube_version_min_required: v1.27.0

1
roles/network_plugin/calico/templates/calico-config.yml.j2
View File

@@ -102,4 +102,3 @@ data:
}
]
}

2
roles/network_plugin/cilium/templates/cilium/config.yml.j2
View File

@@ -134,7 +134,7 @@ data:
## DSR setting
bpf-lb-mode: "{{ cilium_loadbalancer_mode }}"
# l2
# l2
enable-l2-announcements: "{{ cilium_l2announcements }}"
# Enable Bandwidth Manager

2
roles/network_plugin/cilium/templates/cilium/cr.yml.j2
View File

@@ -140,7 +140,7 @@ rules:
verbs:
- list
- watch
{% if cilium_version %}
{% if cilium_version %}
- apiGroups:
- coordination.k8s.io
resources:

8
roles/network_plugin/cilium/templates/hubble/config.yml.j2
View File

@@ -12,10 +12,10 @@ data:
peer-service: "hubble-peer.kube-system.svc.{{ dns_domain }}:443"
listen-address: :4245
metrics-listen-address: ":9966"
dial-timeout:
retry-timeout:
sort-buffer-len-max:
sort-buffer-drain-timeout:
dial-timeout:
retry-timeout:
sort-buffer-len-max:
sort-buffer-drain-timeout:
tls-client-cert-file: /var/lib/hubble-relay/tls/client.crt
tls-client-key-file: /var/lib/hubble-relay/tls/client.key
tls-server-cert-file: /var/lib/hubble-relay/tls/server.crt

1
roles/network_plugin/cilium/templates/hubble/service.yml.j2
View File

@@ -102,4 +102,3 @@ spec:
protocol: TCP
targetPort: 4244
internalTrafficPolicy: Local

2
roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2
View File

@@ -1530,4 +1530,4 @@ spec:
subresources:
status: {}
conversion:
strategy: None
strategy: None

2
scale.yml
View File

@@ -1,3 +1,3 @@
---
- name: Scale the cluster
ansible.builtin.import_playbook: playbooks/scale.yml
ansible.builtin.import_playbook: playbooks/scale.yml

189
scripts/download_hash.py
View File

@@ -6,8 +6,10 @@
import sys
from itertools import count
from itertools import count, groupby
from collections import defaultdict
from functools import cache
import argparse
import requests
from ruamel.yaml import YAML
from packaging.version import Version
@@ -25,36 +27,144 @@ def open_checksums_yaml():
return data, yaml
def version_compare(version):
return Version(version.removeprefix("v"))
def download_hash(minors):
architectures = ["arm", "arm64", "amd64", "ppc64le"]
downloads = ["kubelet", "kubectl", "kubeadm"]
downloads = {
"calicoctl_binary": "https://github.com/projectcalico/calico/releases/download/{version}/SHA256SUMS",
"ciliumcli_binary": "https://github.com/cilium/cilium-cli/releases/download/{version}/cilium-{os}-{arch}.tar.gz.sha256sum",
"cni_binary": "https://github.com/containernetworking/plugins/releases/download/{version}/cni-plugins-{os}-{arch}-{version}.tgz.sha256",
"containerd_archive": "https://github.com/containerd/containerd/releases/download/v{version}/containerd-{version}-{os}-{arch}.tar.gz.sha256sum",
"crictl": "https://github.com/kubernetes-sigs/cri-tools/releases/download/{version}/critest-{version}-{os}-{arch}.tar.gz.sha256",
"crio_archive": "https://storage.googleapis.com/cri-o/artifacts/cri-o.{arch}.{version}.tar.gz.sha256sum",
"etcd_binary": "https://github.com/etcd-io/etcd/releases/download/{version}/SHA256SUMS",
"kubeadm": "https://dl.k8s.io/release/{version}/bin/linux/{arch}/kubeadm.sha256",
"kubectl": "https://dl.k8s.io/release/{version}/bin/linux/{arch}/kubectl.sha256",
"kubelet": "https://dl.k8s.io/release/{version}/bin/linux/{arch}/kubelet.sha256",
"nerdctl_archive": "https://github.com/containerd/nerdctl/releases/download/v{version}/SHA256SUMS",
"runc": "https://github.com/opencontainers/runc/releases/download/{version}/runc.sha256sum",
"skopeo_binary": "https://github.com/lework/skopeo-binary/releases/download/{version}/skopeo-{os}-{arch}.sha256",
"yq": "https://github.com/mikefarah/yq/releases/download/{version}/checksums-bsd", # see https://github.com/mikefarah/yq/pull/1691 for why we use this url
}
# TODO: downloads not supported
# youki: no checkusms in releases
# kata: no checksums in releases
# gvisor: sha512 checksums
# crun : PGP signatures
# cri_dockerd: no checksums or signatures
# helm_archive: PGP signatures
# krew_archive: different yaml structure
# calico_crds_archive: different yaml structure
# TODO:
# noarch support -> k8s manifests, helm charts
# different checksum format (needs download role changes)
# different verification methods (gpg, cosign) ( needs download role changes) (or verify the sig in this script and only use the checksum in the playbook)
# perf improvements (async)
def download_hash(only_downloads: [str]) -> None:
# Handle file with multiples hashes, with various formats.
# the lambda is expected to produce a dictionary of hashes indexed by arch name
download_hash_extract = {
"calicoctl_binary": lambda hashes : {
line.split('-')[-1] : line.split()[0]
for line in hashes.strip().split('\n')
if line.count('-') == 2 and line.split('-')[-2] == "linux"
},
"etcd_binary": lambda hashes : {
line.split('-')[-1].removesuffix('.tar.gz') : line.split()[0]
for line in hashes.strip().split('\n')
if line.split('-')[-2] == "linux"
},
"nerdctl_archive": lambda hashes : {
line.split()[1].removesuffix('.tar.gz').split('-')[3] : line.split()[0]
for line in hashes.strip().split('\n')
if [x for x in line.split(' ') if x][1].split('-')[2] == "linux"
},
"runc": lambda hashes : {
parts[1].split('.')[1] : parts[0]
for parts in (line.split()
for line in hashes.split('\n')[3:9])
},
"yq": lambda rhashes_bsd : {
pair[0].split('_')[-1] : pair[1]
# pair = (yq_<os>_<arch>, <hash>)
for pair in ((line.split()[1][1:-1], line.split()[3])
for line in rhashes_bsd.splitlines()
if line.startswith("SHA256"))
if pair[0].startswith("yq")
and pair[0].split('_')[1] == "linux"
and not pair[0].endswith(".tar.gz")
},
}
data, yaml = open_checksums_yaml()
if not minors:
minors = {'.'.join(minor.split('.')[:-1]) for minor in data["kubelet_checksums"]["amd64"].keys()}
s = requests.Session()
for download in downloads:
@cache
def _get_hash_by_arch(download: str, version: str) -> {str: str}:
hash_file = s.get(downloads[download].format(
version = version,
os = "linux",
),
allow_redirects=True)
if hash_file.status_code == 404:
print(f"Unable to find {download} hash file for version {version} at {hash_file.url}")
return None
hash_file.raise_for_status()
return download_hash_extract[download](hash_file.content.decode())
for download, url in (downloads if only_downloads == []
else {k:downloads[k] for k in downloads.keys() & only_downloads}).items():
checksum_name = f"{download}_checksums"
data[checksum_name] = defaultdict(dict, data[checksum_name])
for arch in architectures:
for minor in minors:
if not minor.startswith("v"):
minor = f"v{minor}"
for release in (f"{minor}.{patch}" for patch in count(start=0, step=1)):
if release in data[checksum_name][arch]:
# Propagate new patch versions to all architectures
for arch in data[checksum_name].values():
for arch2 in data[checksum_name].values():
arch.update({
v:("NONE" if arch2[v] == "NONE" else 0)
for v in (set(arch2.keys()) - set(arch.keys()))
if v.split('.')[2] == '0'})
# this is necessary to make the script indempotent,
# by only adding a vX.X.0 version (=minor release) in each arch
# and letting the rest of the script populate the potential
# patch versions
for arch, versions in data[checksum_name].items():
for minor, patches in groupby(versions.copy().keys(), lambda v : '.'.join(v.split('.')[:-1])):
for version in (f"{minor}.{patch}" for patch in
count(start=int(max(patches, key=version_compare).split('.')[-1]),
step=1)):
# Those barbaric generators do the following:
# Group all patches versions by minor number, take the newest and start from that
# to find new versions
if version in versions and versions[version] != 0:
continue
hash_file = requests.get(f"https://dl.k8s.io/release/{release}/bin/linux/{arch}/{download}.sha256", allow_redirects=True)
if hash_file.status_code == 404:
print(f"Unable to find {download} hash file for release {release} (arch: {arch})")
break
hash_file.raise_for_status()
sha256sum = hash_file.content.decode().strip()
if download in download_hash_extract:
hashes = _get_hash_by_arch(download, version)
if hashes == None:
break
sha256sum = hashes.get(arch)
if sha256sum == None:
break
else:
hash_file = s.get(downloads[download].format(
version = version,
os = "linux",
arch = arch
),
allow_redirects=True)
if hash_file.status_code == 404:
print(f"Unable to find {download} hash file for version {version} (arch: {arch}) at {hash_file.url}")
break
hash_file.raise_for_status()
sha256sum = hash_file.content.decode().split()[0]
if len(sha256sum) != 64:
raise Exception(f"Checksum has an unexpected length: {len(sha256sum)} (binary: {download}, arch: {arch}, release: 1.{minor}.{patch})")
data[checksum_name][arch][release] = sha256sum
raise Exception(f"Checksum has an unexpected length: {len(sha256sum)} (binary: {download}, arch: {arch}, release: {version}, checksum: '{sha256sum}')")
data[checksum_name][arch][version] = sha256sum
data[checksum_name] = {arch : {r : releases[r] for r in sorted(releases.keys(),
key=lambda v : Version(v[1:]),
key=version_compare,
reverse=True)}
for arch, releases in data[checksum_name].items()}
@@ -62,15 +172,34 @@ def download_hash(minors):
yaml.dump(data, checksums_yml)
print(f"\n\nUpdated {CHECKSUMS_YML}\n")
parser = argparse.ArgumentParser(description=f"Add new patch versions hashes in {CHECKSUMS_YML}",
formatter_class=argparse.RawTextHelpFormatter,
epilog=f"""
This script only lookup new patch versions relative to those already existing
in the data in {CHECKSUMS_YML},
which means it won't add new major or minor versions.
In order to add one of these, edit {CHECKSUMS_YML}
by hand, adding the new versions with a patch number of 0 (or the lowest relevant patch versions)
; then run this script.
def usage():
print(f"USAGE:\n {sys.argv[0]} [k8s_version1] [[k8s_version2]....[k8s_versionN]]")
Note that the script will try to add the versions on all
architecture keys already present for a given download target.
The '0' value for a version hash is treated as a missing hash, so the script will try to download it again.
To notify a non-existing version (yanked, or upstream does not have monotonically increasing versions numbers),
use the special value 'NONE'.
def main(argv=None):
download_hash(sys.argv[1:])
return 0
EXAMPLES:
crictl_checksums:
...
amd64:
+ v1.30.0: 0
v1.29.0: d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb
v1.28.0: 8dc78774f7cbeaf787994d386eec663f0a3cf24de1ea4893598096cb39ef2508"""
if __name__ == "__main__":
sys.exit(main())
)
parser.add_argument('binaries', nargs='*', choices=downloads.keys())
args = parser.parse_args()
download_hash(args.binaries)

17
scripts/openstack-cleanup/main.py
View File

@@ -37,10 +37,6 @@ def main():
map_if_old(conn.compute.delete_server,
conn.compute.servers())
print('Security groups...')
map_if_old(conn.network.delete_security_group,
conn.network.security_groups())
print('Ports...')
try:
map_if_old(conn.network.delete_port,
@@ -61,11 +57,22 @@ def main():
for ip in conn.network.ips():
fn_if_old(conn.network.delete_ip, ip)
# After removing unnecessary subnet from router, retry to delete ports
map_if_old(conn.network.delete_port,
conn.network.ports())
print('Security groups...')
try:
map_if_old(conn.network.delete_security_group,
conn.network.security_groups())
except openstack.exceptions.ConflictException as ex:
# Need to delete port when security groups is in used
map_if_old(conn.network.delete_port,
conn.network.ports())
map_if_old(conn.network.delete_security_group,
conn.network.security_groups())
print('Subnets...')
map_if_old(conn.network.delete_subnet,
conn.network.subnets())

3
tests/Makefile
View File

@@ -35,8 +35,7 @@ cleanup-packet:
create-vagrant:
vagrant up
find / -name vagrant_ansible_inventory
cp /builds/kargo-ci/kubernetes-sigs-kubespray/inventory/sample/vagrant_ansible_inventory $(INVENTORY)
cp $(CI_PROJECT_DIR)/inventory/sample/vagrant_ansible_inventory $(INVENTORY)
delete-vagrant:
vagrant destroy -f

6
tests/cloud_playbooks/roles/packet-ci/defaults/main.yml
View File

@@ -4,14 +4,13 @@
vm_cpu_cores: 2
vm_cpu_sockets: 1
vm_cpu_threads: 2
vm_memory: 2048Mi
vm_memory: 2048
# Replace invalid characters so that we can use the branch name in kubernetes labels
branch_name_sane: "{{ branch | regex_replace('/', '-') }}"
# Request/Limit allocation settings
cpu_allocation_ratio: 0.5
cpu_allocation_ratio: 0.25
memory_allocation_ratio: 1
# Default path for inventory
@@ -31,7 +30,6 @@ cloud_init:
almalinux-8: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo="
rockylinux-8: "I2Nsb3VkLWNvbmZpZwpwYWNrYWdlczoKIC0gc3VkbwogLSBob3N0bmFtZQpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo="
rockylinux-9: "I2Nsb3VkLWNvbmZpZwpwYWNrYWdlczoKIC0gc3VkbwogLSBob3N0bmFtZQpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo="
debian-10: "I2Nsb3VkLWNvbmZpZwogdXNlcnM6CiAgLSBuYW1lOiBrdWJlc3ByYXkKICAgIHN1ZG86IEFMTD0oQUxMKSBOT1BBU1NXRDpBTEwKICAgIHNoZWxsOiAvYmluL2Jhc2gKICAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICAgaG9tZTogL2hvbWUva3ViZXNwcmF5CiAgICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1"
debian-11: "I2Nsb3VkLWNvbmZpZwogdXNlcnM6CiAgLSBuYW1lOiBrdWJlc3ByYXkKICAgIHN1ZG86IEFMTD0oQUxMKSBOT1BBU1NXRDpBTEwKICAgIHNoZWxsOiAvYmluL2Jhc2gKICAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICAgaG9tZTogL2hvbWUva3ViZXNwcmF5CiAgICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1"
debian-12: "I2Nsb3VkLWNvbmZpZwogdXNlcnM6CiAgLSBuYW1lOiBrdWJlc3ByYXkKICAgIHN1ZG86IEFMTD0oQUxMKSBOT1BBU1NXRDpBTEwKICAgIHNoZWxsOiAvYmluL2Jhc2gKICAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICAgaG9tZTogL2hvbWUva3ViZXNwcmF5CiAgICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1"
fedora-37: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IGZlZG9yYQp1c2VyczoKIC0gbmFtZToga3ViZXNwcmF5CiAgIGdyb3Vwczogd2hlZWwKICAgc3VkbzogJ0FMTD0oQUxMKSBOT1BBU1NXRDpBTEwnCiAgIHNoZWxsOiAvYmluL2Jhc2gKICAgbG9ja19wYXNzd2Q6IEZhbHNlCiAgIGhvbWU6IC9ob21lL2t1YmVzcHJheQogICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgIC0gc3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDYW5UaS9lS3gwK3RIWUpBZURocStzRlMyT2JVUDEvSTY5ZjdpVjNVdGtLbFQyMEpmVzFmNkZlWHQvMDRWZjI3V1FxK05xczZ2R0JxRDlRWFNZdWYrdDAvczdFUExqVGVpOW1lMW1wcXIrdVRlK0tEdFRQMzlwZkQzL2VWQ2FlQjcyNkdQMkZrYUQwRnpwbUViNjZPM05xaHhPUTk2R3gvOVhUdXcvSzNsbGo0T1ZENkdyalIzQjdjNFh0RUJzWmNacHBNSi9vSDFtR3lHWGRoMzFtV1FTcUFSTy9QOFU4R3d0MCtIR3BVd2gvaGR5M3QrU1lvVEIyR3dWYjB6b3lWd3RWdmZEUXpzbThmcTNhdjRLdmV6OGtZdU5ESnYwNXg0bHZVWmdSMTVaRFJYc0FuZGhReXFvWGRDTEFlMCtlYUtYcTlCa1d4S0ZiOWhQZTBBVWpqYTU="

6
tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2
View File

@@ -4,6 +4,8 @@ kind: VirtualMachine
metadata:
name: "instance-{{ vm_id }}"
namespace: "{{ test_name }}"
annotations:
kubespray.com/ci.template-path: "tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2"
labels:
kubevirt.io/os: {{ cloud_image }}
spec:
@@ -34,10 +36,10 @@ spec:
threads: {{ vm_cpu_threads }}
resources:
requests:
memory: {{ vm_memory * memory_allocation_ratio }}
memory: "{{ vm_memory * memory_allocation_ratio }}Mi"
cpu: {{ vm_cpu_cores * cpu_allocation_ratio }}
limits:
memory: {{ vm_memory }}
memory: "{{ vm_memory }}Mi"
cpu: {{ vm_cpu_cores }}
networks:
- name: default

831
tests/files/custom_cni/cilium.yaml
View File

File diff suppressed because it is too large Load Diff

2
tests/files/custom_cni/values.yaml
View File

@@ -8,4 +8,4 @@ hubble:
ipam:
operator:
# Set the appropriate pods subnet
clusterPoolIPv4PodCIDR: "{{ kube_pods_subnet }}"
clusterPoolIPv4PodCIDRList: ["{{ kube_pods_subnet }}"]

2
tests/files/packet_almalinux8-calico-ha-ebpf.yml
View File

@@ -2,7 +2,7 @@
# Instance settings
cloud_image: almalinux-8
mode: ha
vm_memory: 3072Mi
vm_memory: 3072
# Kubespray settings
calico_bpf_enabled: true

2
tests/files/packet_almalinux8-calico-nodelocaldns-secondary.yml
View File

@@ -2,7 +2,7 @@
# Instance settings
cloud_image: almalinux-8
mode: default
vm_memory: 3072Mi
vm_memory: 3072
# Kubespray settings
enable_nodelocaldns_secondary: true

2
tests/files/packet_almalinux8-calico.yml
View File

@@ -2,7 +2,7 @@
# Instance settings
cloud_image: almalinux-8
mode: default
vm_memory: 3072Mi
vm_memory: 3072
# Kubespray settings
metrics_server_enabled: true

2
tests/files/packet_almalinux8-docker.yml
View File

@@ -2,7 +2,7 @@
# Instance settings
cloud_image: almalinux-8
mode: default
vm_memory: 3072Mi
vm_memory: 3072
# Use docker
container_manager: docker

2
tests/files/packet_almalinux8-kube-ovn.yml
View File

@@ -2,7 +2,7 @@
# Instance settings
cloud_image: almalinux-8
mode: default
vm_memory: 3072Mi
vm_memory: 3072
# Kubespray settings
kube_network_plugin: kube-ovn

11
tests/files/packet_debian10-calico.yml
View File

@@ -1,11 +0,0 @@
---
# Instance settings
cloud_image: debian-10
mode: default
# Kubespray settings
auto_renew_certificates: true
# plugins
helm_enabled: true
krew_enabled: true

9
tests/files/packet_debian10-docker.yml
View File

@@ -1,9 +0,0 @@
---
# Instance settings
cloud_image: debian-10
mode: default
# Use docker
container_manager: docker
etcd_deployment_type: docker
resolvconf_mode: docker_dns

1
tests/files/packet_debian11-custom-cni.yml
View File

@@ -4,6 +4,7 @@ cloud_image: debian-11
mode: default
# Kubespray settings
kube_owner: root
kube_network_plugin: custom_cni
custom_cni_manifests:
- "{{ playbook_dir }}/../tests/files/custom_cni/cilium.yaml"

2
tests/files/packet_debian10-macvlan.yml → tests/files/packet_debian11-macvlan.yml
View File

@@ -1,6 +1,6 @@
---
# Instance settings
cloud_image: debian-10
cloud_image: debian-11
mode: default
# Kubespray settings

Some files were not shown because too many files have changed in this diff Show More