epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-14 04:47:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: epostnikof:master
Branches Tags
epostnikof:master epostnikof:component_hash_update/release-2.30 epostnikof:component_hash_update/release-2.28 epostnikof:component_hash_update/release-2.29 epostnikof:release-2.28 epostnikof:release-2.30 epostnikof:release-2.29 epostnikof:component_hash_update/master epostnikof:TEST-PR-CI epostnikof:release-2.27 epostnikof:release-2.26 epostnikof:remove-ci-ok-to-test epostnikof:optional-coredns epostnikof:test/flatcar-4081 epostnikof:master-patch-updates epostnikof:symlinketcd epostnikof:ant31-patch-1 epostnikof:revert-11831-ipv6only epostnikof:test-ci epostnikof:release-2.25 epostnikof:release-2.24 epostnikof:reduce-vm-requests epostnikof:packet-test epostnikof:lean/pre-commit-hook-2 epostnikof:test-CI epostnikof:update-approvers-ant31 epostnikof:test-precommit epostnikof:release-2.23 epostnikof:release-2.22 epostnikof:release-2.21 epostnikof:release-2.20 epostnikof:release-2.19 epostnikof:release-2.18 epostnikof:pre-commit-hook epostnikof:floryut-patch-1 epostnikof:release-2.17 epostnikof:release-2.16 epostnikof:release-2.15 epostnikof:release-2.14 epostnikof:release-2.13 epostnikof:release-2.12 epostnikof:release-2.11 epostnikof:release-2.10 epostnikof:release-2.8 epostnikof:release-2.9 epostnikof:release-2.7
epostnikof:v2.30.0 epostnikof:v2.29.1 epostnikof:v2.29.0 epostnikof:v2.28.1 epostnikof:v2.27.1 epostnikof:v2.28.0 epostnikof:v2.27.0 epostnikof:v2.25.1 epostnikof:v2.24.3 epostnikof:v2.26.0 epostnikof:v2.24.2 epostnikof:v2.25.0 epostnikof:v2.24.1 epostnikof:v2.22.2 epostnikof:v2.23.3 epostnikof:v2.24.0 epostnikof:v2.23.2 epostnikof:v2.23.1 epostnikof:v2.23.0 epostnikof:v2.22.1 epostnikof:v2.22.0 epostnikof:v2.21.0 epostnikof:v2.20.0 epostnikof:v2.19.1 epostnikof:v2.18.2 epostnikof:v2.19.0 epostnikof:v2.18.1 epostnikof:v2.18.0 epostnikof:v2.17.1 epostnikof:v2.17.0 epostnikof:v2.16.0 epostnikof:v2.15.1 epostnikof:v2.15.0 epostnikof:v2.14.2 epostnikof:v2.14.1 epostnikof:v2.12.10 epostnikof:v2.13.4 epostnikof:v2.14.0 epostnikof:v2.13.3 epostnikof:v2.12.9 epostnikof:v2.12.8 epostnikof:v2.12.7 epostnikof:v2.13.2 epostnikof:v2.13.1 epostnikof:v2.13.0 epostnikof:v2.12.6 epostnikof:v2.12.5 epostnikof:v2.12.4 epostnikof:v2.11.2 epostnikof:v2.11.1 epostnikof:v2.12.3 epostnikof:v2.12.2 epostnikof:v2.12.1 epostnikof:v2.12.0 epostnikof:v2.11.0 epostnikof:v2.10.4 epostnikof:v2.10.3 epostnikof:v2.10.0 epostnikof:v2.8.5 epostnikof:v2.9.0 epostnikof:v2.8.4 epostnikof:v2.8.3 epostnikof:v2.8.2 epostnikof:v2.8.1 epostnikof:v2.8.0 epostnikof:v2.7.0 epostnikof:v2.6.0 epostnikof:v2.5.0 epostnikof:v2.4.0 epostnikof:v2.3.0 epostnikof:v2.2.1 epostnikof:v2.2.0 epostnikof:v2.1.2 epostnikof:v2.1.1 epostnikof:test-tag-1 epostnikof:v2.1.0 epostnikof:v2.0.1 epostnikof:v2.0.0 epostnikof:v1.1.0 epostnikof:v1.0.1 epostnikof:v1.0.0 epostnikof:1.5.0 epostnikof:1.4.0 epostnikof:1.3.0_k1.1.3 epostnikof:1.3.0 epostnikof:v1.1.3 epostnikof:v1.1 epostnikof:v1.0
..
compare: epostnikof:component_hash_update/master
Branches Tags
epostnikof:master epostnikof:component_hash_update/release-2.30 epostnikof:component_hash_update/release-2.28 epostnikof:component_hash_update/release-2.29 epostnikof:release-2.28 epostnikof:release-2.30 epostnikof:release-2.29 epostnikof:component_hash_update/master epostnikof:TEST-PR-CI epostnikof:release-2.27 epostnikof:release-2.26 epostnikof:remove-ci-ok-to-test epostnikof:optional-coredns epostnikof:test/flatcar-4081 epostnikof:master-patch-updates epostnikof:symlinketcd epostnikof:ant31-patch-1 epostnikof:revert-11831-ipv6only epostnikof:test-ci epostnikof:release-2.25 epostnikof:release-2.24 epostnikof:reduce-vm-requests epostnikof:packet-test epostnikof:lean/pre-commit-hook-2 epostnikof:test-CI epostnikof:update-approvers-ant31 epostnikof:test-precommit epostnikof:release-2.23 epostnikof:release-2.22 epostnikof:release-2.21 epostnikof:release-2.20 epostnikof:release-2.19 epostnikof:release-2.18 epostnikof:pre-commit-hook epostnikof:floryut-patch-1 epostnikof:release-2.17 epostnikof:release-2.16 epostnikof:release-2.15 epostnikof:release-2.14 epostnikof:release-2.13 epostnikof:release-2.12 epostnikof:release-2.11 epostnikof:release-2.10 epostnikof:release-2.8 epostnikof:release-2.9 epostnikof:release-2.7
epostnikof:v2.30.0 epostnikof:v2.29.1 epostnikof:v2.29.0 epostnikof:v2.28.1 epostnikof:v2.27.1 epostnikof:v2.28.0 epostnikof:v2.27.0 epostnikof:v2.25.1 epostnikof:v2.24.3 epostnikof:v2.26.0 epostnikof:v2.24.2 epostnikof:v2.25.0 epostnikof:v2.24.1 epostnikof:v2.22.2 epostnikof:v2.23.3 epostnikof:v2.24.0 epostnikof:v2.23.2 epostnikof:v2.23.1 epostnikof:v2.23.0 epostnikof:v2.22.1 epostnikof:v2.22.0 epostnikof:v2.21.0 epostnikof:v2.20.0 epostnikof:v2.19.1 epostnikof:v2.18.2 epostnikof:v2.19.0 epostnikof:v2.18.1 epostnikof:v2.18.0 epostnikof:v2.17.1 epostnikof:v2.17.0 epostnikof:v2.16.0 epostnikof:v2.15.1 epostnikof:v2.15.0 epostnikof:v2.14.2 epostnikof:v2.14.1 epostnikof:v2.12.10 epostnikof:v2.13.4 epostnikof:v2.14.0 epostnikof:v2.13.3 epostnikof:v2.12.9 epostnikof:v2.12.8 epostnikof:v2.12.7 epostnikof:v2.13.2 epostnikof:v2.13.1 epostnikof:v2.13.0 epostnikof:v2.12.6 epostnikof:v2.12.5 epostnikof:v2.12.4 epostnikof:v2.11.2 epostnikof:v2.11.1 epostnikof:v2.12.3 epostnikof:v2.12.2 epostnikof:v2.12.1 epostnikof:v2.12.0 epostnikof:v2.11.0 epostnikof:v2.10.4 epostnikof:v2.10.3 epostnikof:v2.10.0 epostnikof:v2.8.5 epostnikof:v2.9.0 epostnikof:v2.8.4 epostnikof:v2.8.3 epostnikof:v2.8.2 epostnikof:v2.8.1 epostnikof:v2.8.0 epostnikof:v2.7.0 epostnikof:v2.6.0 epostnikof:v2.5.0 epostnikof:v2.4.0 epostnikof:v2.3.0 epostnikof:v2.2.1 epostnikof:v2.2.0 epostnikof:v2.1.2 epostnikof:v2.1.1 epostnikof:test-tag-1 epostnikof:v2.1.0 epostnikof:v2.0.1 epostnikof:v2.0.0 epostnikof:v1.1.0 epostnikof:v1.0.1 epostnikof:v1.0.0 epostnikof:1.5.0 epostnikof:1.4.0 epostnikof:1.3.0_k1.1.3 epostnikof:1.3.0 epostnikof:v1.1.3 epostnikof:v1.1 epostnikof:v1.0

1 Commits
master ... component_

Author SHA1 Message Date
github-actions[bot]
5b29d416d2 Patch versions updates 2026-02-09 03:23:21 +00:00
75 changed files with 1639 additions and 450 deletions
Expand all files Collapse all files

20
.gitlab-ci/kubevirt.yml
View File

@@ -41,8 +41,7 @@ pr:
- debian12-cilium - debian12-cilium
- debian13-cilium - debian13-cilium
- fedora39-kube-router - fedora39-kube-router
- fedora41-kube-router - openeuler24-calico
- fedora42-calico
- rockylinux9-cilium - rockylinux9-cilium
- rockylinux10-cilium - rockylinux10-cilium
- ubuntu22-calico-all-in-one - ubuntu22-calico-all-in-one
@@ -50,25 +49,13 @@ pr:
- ubuntu24-calico-etcd-datastore - ubuntu24-calico-etcd-datastore
- ubuntu24-calico-all-in-one-hardening - ubuntu24-calico-all-in-one-hardening
- ubuntu24-cilium-sep - ubuntu24-cilium-sep
- ubuntu24-crio-scale
- ubuntu24-crio-upgrade
- ubuntu24-flannel-collection - ubuntu24-flannel-collection
- ubuntu24-kube-router-sep - ubuntu24-kube-router-sep
- ubuntu24-kube-router-svc-proxy - ubuntu24-kube-router-svc-proxy
- ubuntu24-ha-separate-etcd - ubuntu24-ha-separate-etcd
- flatcar4081-calico
- fedora40-flannel-crio-collection-scale - fedora40-flannel-crio-collection-scale
# This is for flakey test so they don't disrupt the PR worklflow too much.
# Jobs here MUST have a open issue so we don't lose sight of them
pr-flakey:
extends: pr
retry: 1
parallel:
matrix:
- TESTCASE:
- flatcar4081-calico # https://github.com/kubernetes-sigs/kubespray/issues/12309
- openeuler24-calico # https://github.com/kubernetes-sigs/kubespray/issues/12877
# The ubuntu24-calico-all-in-one jobs are meant as early stages to prevent running the full CI if something is horribly broken # The ubuntu24-calico-all-in-one jobs are meant as early stages to prevent running the full CI if something is horribly broken
ubuntu24-calico-all-in-one: ubuntu24-calico-all-in-one:
stage: deploy-part1 stage: deploy-part1
@@ -104,8 +91,6 @@ pr_full:
- debian12-custom-cni-helm - debian12-custom-cni-helm
- fedora39-calico-swap-selinux - fedora39-calico-swap-selinux
- fedora39-crio - fedora39-crio
- fedora41-calico-swap-selinux
- fedora41-crio
- ubuntu24-calico-ha-wireguard - ubuntu24-calico-ha-wireguard
- ubuntu24-flannel-ha - ubuntu24-flannel-ha
- ubuntu24-flannel-ha-once - ubuntu24-flannel-ha-once
@@ -165,7 +150,6 @@ periodic:
- debian12-cilium-svc-proxy - debian12-cilium-svc-proxy
- fedora39-calico-selinux - fedora39-calico-selinux
- fedora40-docker-calico - fedora40-docker-calico
- fedora41-calico-selinux
- ubuntu24-calico-etcd-kubeadm-upgrade-ha - ubuntu24-calico-etcd-kubeadm-upgrade-ha
- ubuntu24-calico-ha-recover - ubuntu24-calico-ha-recover
- ubuntu24-calico-ha-recover-noquorum - ubuntu24-calico-ha-recover-noquorum

4
Dockerfile
View File

@@ -35,8 +35,8 @@ RUN --mount=type=bind,source=requirements.txt,target=requirements.txt \
SHELL ["/bin/bash", "-o", "pipefail", "-c"] SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN OS_ARCHITECTURE=$(dpkg --print-architecture) \ RUN OS_ARCHITECTURE=$(dpkg --print-architecture) \
&& curl -L "https://dl.k8s.io/release/v1.35.0/bin/linux/${OS_ARCHITECTURE}/kubectl" -o /usr/local/bin/kubectl \ && curl -L "https://dl.k8s.io/release/v1.34.3/bin/linux/${OS_ARCHITECTURE}/kubectl" -o /usr/local/bin/kubectl \
&& echo "$(curl -L "https://dl.k8s.io/release/v1.35.0/bin/linux/${OS_ARCHITECTURE}/kubectl.sha256")" /usr/local/bin/kubectl | sha256sum --check \ && echo "$(curl -L "https://dl.k8s.io/release/v1.34.3/bin/linux/${OS_ARCHITECTURE}/kubectl.sha256")" /usr/local/bin/kubectl | sha256sum --check \
&& chmod a+x /usr/local/bin/kubectl && chmod a+x /usr/local/bin/kubectl
COPY *.yml ./ COPY *.yml ./

11
README.md
View File

@@ -90,7 +90,7 @@ vagrant up
- **Debian** Bookworm, Bullseye, Trixie - **Debian** Bookworm, Bullseye, Trixie
- **Ubuntu** 22.04, 24.04 - **Ubuntu** 22.04, 24.04
- **CentOS Stream / RHEL** [9, 10](docs/operating_systems/rhel.md#rhel-8) - **CentOS Stream / RHEL** [9, 10](docs/operating_systems/rhel.md#rhel-8)
- **Fedora** 39, 40, 41, 42 - **Fedora** 39, 40
- **Fedora CoreOS** (see [fcos Note](docs/operating_systems/fcos.md)) - **Fedora CoreOS** (see [fcos Note](docs/operating_systems/fcos.md))
- **openSUSE** Leap 15.x/Tumbleweed - **openSUSE** Leap 15.x/Tumbleweed
- **Oracle Linux** [9, 10](docs/operating_systems/rhel.md#rhel-8) - **Oracle Linux** [9, 10](docs/operating_systems/rhel.md#rhel-8)
@@ -111,11 +111,11 @@ Note:
<!-- BEGIN ANSIBLE MANAGED BLOCK --> <!-- BEGIN ANSIBLE MANAGED BLOCK -->
- Core - Core
- [kubernetes](https://github.com/kubernetes/kubernetes) 1.35.0 - [kubernetes](https://github.com/kubernetes/kubernetes) 1.34.3
- [etcd](https://github.com/etcd-io/etcd) 3.5.26 - [etcd](https://github.com/etcd-io/etcd) 3.5.26
- [docker](https://www.docker.com/) 28.3 - [docker](https://www.docker.com/) 28.3
- [containerd](https://containerd.io/) 2.2.1 - [containerd](https://containerd.io/) 2.2.1
- [cri-o](http://cri-o.io/) 1.35.0 (experimental: see [CRI-O Note](docs/CRI/cri-o.md). Only on fedora, ubuntu and centos based OS) - [cri-o](http://cri-o.io/) 1.34.5 (experimental: see [CRI-O Note](docs/CRI/cri-o.md). Only on fedora, ubuntu and centos based OS)
- Network Plugin - Network Plugin
- [cni-plugins](https://github.com/containernetworking/plugins) 1.8.0 - [cni-plugins](https://github.com/containernetworking/plugins) 1.8.0
- [calico](https://github.com/projectcalico/calico) 3.30.6 - [calico](https://github.com/projectcalico/calico) 3.30.6
@@ -127,7 +127,8 @@ Note:
- [kube-vip](https://github.com/kube-vip/kube-vip) 1.0.3 - [kube-vip](https://github.com/kube-vip/kube-vip) 1.0.3
- Application - Application
- [cert-manager](https://github.com/jetstack/cert-manager) 1.15.3 - [cert-manager](https://github.com/jetstack/cert-manager) 1.15.3
- [coredns](https://github.com/coredns/coredns) 1.12.4 - [coredns](https://github.com/coredns/coredns) 1.12.1
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx) 1.13.3
- [argocd](https://argoproj.github.io/) 2.14.5 - [argocd](https://argoproj.github.io/) 2.14.5
- [helm](https://helm.sh/) 3.18.4 - [helm](https://helm.sh/) 3.18.4
- [metallb](https://metallb.universe.tf/) 0.13.9 - [metallb](https://metallb.universe.tf/) 0.13.9
@@ -201,6 +202,8 @@ See also [Network checker](docs/advanced/netcheck.md).
## Ingress Plugins ## Ingress Plugins
- [nginx](https://kubernetes.github.io/ingress-nginx): the NGINX Ingress Controller.
- [metallb](docs/ingress/metallb.md): the MetalLB bare-metal service LoadBalancer provider. - [metallb](docs/ingress/metallb.md): the MetalLB bare-metal service LoadBalancer provider.
## Community docs and resources ## Community docs and resources

3
Vagrantfile vendored
View File

@@ -35,9 +35,6 @@ SUPPORTED_OS = {
"fedora40" => {box: "fedora/40-cloud-base", user: "vagrant"}, "fedora40" => {box: "fedora/40-cloud-base", user: "vagrant"},
"fedora39-arm64" => {box: "bento/fedora-39-arm64", user: "vagrant"}, "fedora39-arm64" => {box: "bento/fedora-39-arm64", user: "vagrant"},
"fedora40-arm64" => {box: "bento/fedora-40", user: "vagrant"}, "fedora40-arm64" => {box: "bento/fedora-40", user: "vagrant"},
"fedora41" => {box: "fedora/41-cloud-base", user: "vagrant"},
"fedora42" => {box: "fedora/42-cloud-base", user: "vagrant"},
"fedora41-bento" => {box: "bento/fedora-41", user: "vagrant"},
"opensuse" => {box: "opensuse/Leap-15.6.x86_64", user: "vagrant"}, "opensuse" => {box: "opensuse/Leap-15.6.x86_64", user: "vagrant"},
"opensuse-tumbleweed" => {box: "opensuse/Tumbleweed.x86_64", user: "vagrant"}, "opensuse-tumbleweed" => {box: "opensuse/Tumbleweed.x86_64", user: "vagrant"},
"oraclelinux" => {box: "generic/oracle7", user: "vagrant"}, "oraclelinux" => {box: "generic/oracle7", user: "vagrant"},

2
contrib/terraform/gcp/README.md
View File

@@ -51,7 +51,7 @@ To generate kubespray inventory based on the terraform state file you can run th
You should now have a inventory file named `inventory.ini` that you can use with kubespray, e.g. You should now have a inventory file named `inventory.ini` that you can use with kubespray, e.g.
```bash ```bash
ansible-playbook -i contrib/terraform/gcp/inventory.ini cluster.yml -b -v ansible-playbook -i contrib/terraform/gcs/inventory.ini cluster.yml -b -v
``` ```
## Variables ## Variables

1
docs/_sidebar.md generated
View File

@@ -57,6 +57,7 @@
* [Setting-up-your-first-cluster](/docs/getting_started/setting-up-your-first-cluster.md) * [Setting-up-your-first-cluster](/docs/getting_started/setting-up-your-first-cluster.md)
* Ingress * Ingress
* [Alb Ingress Controller](/docs/ingress/alb_ingress_controller.md) * [Alb Ingress Controller](/docs/ingress/alb_ingress_controller.md)
* [Ingress Nginx](/docs/ingress/ingress_nginx.md)
* [Kube-vip](/docs/ingress/kube-vip.md) * [Kube-vip](/docs/ingress/kube-vip.md)
* [Metallb](/docs/ingress/metallb.md) * [Metallb](/docs/ingress/metallb.md)
* Operating Systems * Operating Systems

27
docs/advanced/cert_manager.md
View File

@@ -30,7 +30,14 @@ If you don't have a TLS Root CA certificate and key available, you can create th
A common use-case for cert-manager is requesting TLS signed certificates to secure your ingress resources. This can be done by simply adding annotations to your Ingress resources and cert-manager will facilitate creating the Certificate resource for you. A small sub-component of cert-manager, ingress-shim, is responsible for this. A common use-case for cert-manager is requesting TLS signed certificates to secure your ingress resources. This can be done by simply adding annotations to your Ingress resources and cert-manager will facilitate creating the Certificate resource for you. A small sub-component of cert-manager, ingress-shim, is responsible for this.
For example, if you're using the Traefik ingress controller, you can secure the Prometheus ingress by adding the annotation `cert-manager.io/cluster-issuer: ca-issuer` and the `spec.tls` section to the `Ingress` resource definition. To enable the Nginx Ingress controller as part of your Kubespray deployment, simply edit your K8s cluster addons inventory e.g. `inventory\sample\group_vars\k8s_cluster\addons.yml` and set `ingress_nginx_enabled` to true.
```ini
# Nginx ingress controller deployment
ingress_nginx_enabled: true
```
For example, if you're using the Nginx ingress controller, you can secure the Prometheus ingress by adding the annotation `cert-manager.io/cluster-issuer: ca-issuer` and the `spec.tls` section to the `Ingress` resource definition.
```yaml ```yaml
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
@@ -41,9 +48,9 @@ metadata:
labels: labels:
prometheus: k8s prometheus: k8s
annotations: annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: ca-issuer cert-manager.io/cluster-issuer: ca-issuer
spec: spec:
ingressClassName: "traefik"
tls: tls:
- hosts: - hosts:
- prometheus.example.com - prometheus.example.com
@@ -65,8 +72,8 @@ Once deployed to your K8s cluster, every 3 months cert-manager will automaticall
Please consult the official upstream documentation: Please consult the official upstream documentation:
- [cert-manager Ingress Usage](https://cert-manager.io/usage/ingress/) - [cert-manager Ingress Usage](https://cert-manager.io/v1.5-docs/usage/ingress/)
- [cert-manager Ingress Tutorial](https://cert-manager.io/tutorials/acme/ingress/#step-3-assign-a-dns-name) - [cert-manager Ingress Tutorial](https://cert-manager.io/v1.5-docs/tutorials/acme/ingress/#step-3-assign-a-dns-name)
### ACME ### ACME
@@ -74,12 +81,12 @@ The ACME Issuer type represents a single account registered with the Automated C
Certificates issued by public ACME servers are typically trusted by clients computers by default. This means that, for example, visiting a website that is backed by an ACME certificate issued for that URL, will be trusted by default by most clients web browsers. ACME certificates are typically free. Certificates issued by public ACME servers are typically trusted by clients computers by default. This means that, for example, visiting a website that is backed by an ACME certificate issued for that URL, will be trusted by default by most clients web browsers. ACME certificates are typically free.
- [ACME Configuration](https://cert-manager.io/docs/configuration/acme/) - [ACME Configuration](https://cert-manager.io/v1.5-docs/configuration/acme/)
- [ACME HTTP Validation](https://cert-manager.io/docs/tutorials/acme/http-validation/) - [ACME HTTP Validation](https://cert-manager.io/v1.5-docs/tutorials/acme/http-validation/)
- [HTTP01 Challenges](https://cert-manager.io/docs/configuration/acme/http01/) - [HTTP01 Challenges](https://cert-manager.io/v1.5-docs/configuration/acme/http01/)
- [ACME DNS Validation](https://cert-manager.io/docs/tutorials/acme/dns-validation/) - [ACME DNS Validation](https://cert-manager.io/v1.5-docs/tutorials/acme/dns-validation/)
- [DNS01 Challenges](https://cert-manager.io/docs/configuration/acme/dns01/) - [DNS01 Challenges](https://cert-manager.io/v1.5-docs/configuration/acme/dns01/)
- [ACME FAQ](https://cert-manager.io/docs/troubleshooting/acme/) - [ACME FAQ](https://cert-manager.io/v1.5-docs/faq/acme/)
#### ACME With An Internal Certificate Authority #### ACME With An Internal Certificate Authority

6
docs/ansible/ansible.md
View File

@@ -30,9 +30,9 @@ If the latest version supported according to pip is 6.7.0 it means you are runni
Based on the table below and the available python version for your ansible host you should choose the appropriate ansible version to use with kubespray. Based on the table below and the available python version for your ansible host you should choose the appropriate ansible version to use with kubespray.
| Ansible Version | Python Version | | Ansible Version | Python Version |
|-------------------|----------------| |-----------------|----------------|
| >=2.18.0, <2.19.0 | 3.11-3.13 | | >= 2.17.3 | 3.10-3.12 |
## Customize Ansible vars ## Customize Ansible vars

1
docs/developers/ci-setup.md
View File

@@ -145,6 +145,7 @@ upstream_dns_servers:
- 1.0.0.1 - 1.0.0.1
# Extensions # Extensions
ingress_nginx_enabled: True
helm_enabled: True helm_enabled: True
cert_manager_enabled: True cert_manager_enabled: True
metrics_server_enabled: True metrics_server_enabled: True

8
docs/developers/ci.md
View File

@@ -13,8 +13,6 @@ debian12 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: |
debian13 | :white_check_mark: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | debian13 | :white_check_mark: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: |
fedora39 | :white_check_mark: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | fedora39 | :white_check_mark: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: |
fedora40 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | fedora40 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
fedora41 | :white_check_mark: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: |
fedora42 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
flatcar4081 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | flatcar4081 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
openeuler24 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | openeuler24 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
rockylinux10 | :white_check_mark: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | rockylinux10 | :white_check_mark: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: |
@@ -33,14 +31,12 @@ debian12 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
debian13 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | debian13 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
fedora39 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | fedora39 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
fedora40 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | fedora40 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
fedora41 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
fedora42 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
flatcar4081 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | flatcar4081 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
openeuler24 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | openeuler24 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
rockylinux10 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | rockylinux10 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
rockylinux9 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | rockylinux9 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
ubuntu22 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | ubuntu22 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
ubuntu24 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | ubuntu24 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
## docker ## docker
@@ -53,8 +49,6 @@ debian12 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
debian13 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | debian13 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
fedora39 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | fedora39 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
fedora40 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | fedora40 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
fedora41 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
fedora42 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
flatcar4081 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | flatcar4081 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
openeuler24 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | openeuler24 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
rockylinux10 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | rockylinux10 | :x: | :x: | :x: | :x: | :x: | :x: | :x: |

203
docs/ingress/ingress_nginx.md Normal file
View File

@@ -0,0 +1,203 @@
# Installation Guide
## Contents
- [Prerequisite Generic Deployment Command](#prerequisite-generic-deployment-command)
- [Provider Specific Steps](#provider-specific-steps)
- [Docker for Mac](#docker-for-mac)
- [minikube](#minikube)
- [AWS](#aws)
- [GCE - GKE](#gce-gke)
- [Azure](#azure)
- [Bare-metal](#bare-metal)
- [Verify installation](#verify-installation)
- [Detect installed version](#detect-installed-version)
- [Using Helm](#using-helm)
## Prerequisite Generic Deployment Command
!!! attention
The default configuration watches Ingress object from *all the namespaces*.
To change this behavior use the flag `--watch-namespace` to limit the scope to a particular namespace.
!!! warning
If multiple Ingresses define different paths for the same host, the ingress controller will merge the definitions.
!!! attention
If you're using GKE you need to initialize your user as a cluster-admin with the following command:
```console
kubectl create clusterrolebinding cluster-admin-binding \
--clusterrole cluster-admin \
--user $(gcloud config get-value account)
```
The following **Mandatory Command** is required for all deployments except for AWS. See below for the AWS version.
```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.13.3/deploy/static/provider/cloud/deploy.yaml
```
### Provider Specific Steps
There are cloud provider specific yaml files.
#### Docker for Mac
Kubernetes is available in Docker for Mac (from [version 18.06.0-ce](https://docs.docker.com/docker-for-mac/release-notes/#stable-releases-of-2018))
First you need to [enable kubernetes](https://docs.docker.com/docker-for-mac/#kubernetes).
Then you have to create a service:
```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
```
#### minikube
For standard usage:
```console
minikube addons enable ingress
```
For development:
1. Disable the ingress addon:
```console
minikube addons disable ingress
```
1. Execute `make dev-env`
1. Confirm the `nginx-ingress-controller` deployment exists:
```console
$ kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
default-http-backend-66b447d9cf-rrlf9 1/1 Running 0 12s
nginx-ingress-controller-fdcdcd6dd-vvpgs 1/1 Running 0 11s
```
#### AWS
In AWS we use an Elastic Load Balancer (ELB) to expose the NGINX Ingress controller behind a Service of `Type=LoadBalancer`.
Since Kubernetes v1.9.0 it is possible to use a classic load balancer (ELB) or network load balancer (NLB)
Please check the [elastic load balancing AWS details page](https://aws.amazon.com/elasticloadbalancing/details/)
##### Elastic Load Balancer - ELB
This setup requires to choose in which layer (L4 or L7) we want to configure the Load Balancer:
- [Layer 4](https://en.wikipedia.org/wiki/OSI_model#Layer_4:_Transport_Layer): Use an Network Load Balancer (NLB) with TCP as the listener protocol for ports 80 and 443.
- [Layer 7](https://en.wikipedia.org/wiki/OSI_model#Layer_7:_Application_Layer): Use an Elastic Load Balancer (ELB) with HTTP as the listener protocol for port 80 and terminate TLS in the ELB
For L4:
```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/deploy.yaml
```
For L7:
Change the value of `service.beta.kubernetes.io/aws-load-balancer-ssl-cert` in the file `provider/aws/deploy-tls-termination.yaml` replacing the dummy id with a valid one. The dummy value is `"arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"`
Check that no change is necessary with regards to the ELB idle timeout. In some scenarios, users may want to modify the ELB idle timeout, so please check the [ELB Idle Timeouts section](#elb-idle-timeouts) for additional information. If a change is required, users will need to update the value of `service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout` in `provider/aws/deploy-tls-termination.yaml`
Then execute:
```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/deploy-tls-termination.yaml
```
This example creates an ELB with just two listeners, one in port 80 and another in port 443
![Listeners](https://github.com/kubernetes/ingress-nginx/blob/main/docs/images/elb-l7-listener.png)
##### ELB Idle Timeouts
In some scenarios users will need to modify the value of the ELB idle timeout.
Users need to ensure the idle timeout is less than the [keepalive_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) that is configured for NGINX.
By default NGINX `keepalive_timeout` is set to `75s`.
The default ELB idle timeout will work for most scenarios, unless the NGINX [keepalive_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) has been modified,
in which case `service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout` will need to be modified to ensure it is less than the `keepalive_timeout` the user has configured.
*Please Note: An idle timeout of `3600s` is recommended when using WebSockets.*
More information with regards to idle timeouts for your Load Balancer can be found in the [official AWS documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-idle-timeout.html).
##### Network Load Balancer (NLB)
This type of load balancer is supported since v1.10.0 as an ALPHA feature.
```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/service-nlb.yaml
```
#### GCE-GKE
```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
```
**Important Note:** proxy protocol is not supported in GCE/GKE
#### Azure
```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
```
#### Bare-metal
Using [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport):
```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/baremetal/deploy.yaml
```
!!! tip
For extended notes regarding deployments on bare-metal, see [Bare-metal considerations](https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/baremetal.md).
### Verify installation
To check if the ingress controller pods have started, run the following command:
```console
kubectl get pods --all-namespaces -l app.kubernetes.io/name=ingress-nginx --watch
```
Once the operator pods are running, you can cancel the above command by typing `Ctrl+C`.
Now, you are ready to create your first ingress.
### Detect installed version
To detect which version of the ingress controller is running, exec into the pod and run `nginx-ingress-controller version` command.
```console
POD_NAMESPACE=ingress-nginx
POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/component=controller -o jsonpath='{.items[0].metadata.name}')
kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version
```
## Using Helm
NGINX Ingress controller can be installed via [Helm](https://helm.sh/) using the chart [ingress-nginx/ingress-nginx](https://kubernetes.github.io/ingress-nginx).
Official documentation is [here](https://kubernetes.github.io/ingress-nginx/deploy/#using-helm)
To install the chart with the release name `my-nginx`:
```console
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install my-nginx ingress-nginx/ingress-nginx
```
Detect installed version:
```console
POD_NAME=$(kubectl get pods -l app.kubernetes.io/name=ingress-nginx -o jsonpath='{.items[0].metadata.name}')
kubectl exec -it $POD_NAME -- /nginx-ingress-controller --version
```

2
docs/operations/offline-environment.md
View File

@@ -85,7 +85,7 @@ crictl_download_url: "{{ files_repo }}/kubernetes/cri-tools/crictl-v{{ crictl_ve
# If using Calico # If using Calico
calicoctl_download_url: "{{ files_repo }}/kubernetes/calico/v{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}" calicoctl_download_url: "{{ files_repo }}/kubernetes/calico/v{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}"
# If using Calico with kdd # If using Calico with kdd
calico_crds_download_url: "{{ files_repo }}/github.com/projectcalico/calico/raw/v{{ calico_version }}/manifests/crds.yaml" calico_crds_download_url: "{{ files_repo }}/kubernetes/calico/v{{ calico_version }}.tar.gz"
# Containerd # Containerd
containerd_download_url: "{{ files_repo }}/containerd-{{ containerd_version }}-linux-{{ image_arch }}.tar.gz" containerd_download_url: "{{ files_repo }}/containerd-{{ containerd_version }}-linux-{{ image_arch }}.tar.gz"
runc_download_url: "{{ files_repo }}/runc.{{ image_arch }}" runc_download_url: "{{ files_repo }}/runc.{{ image_arch }}"

2
inventory/sample/group_vars/all/offline.yml
View File

@@ -44,7 +44,7 @@
# [Optional] Calico: If using Calico network plugin # [Optional] Calico: If using Calico network plugin
# calicoctl_download_url: "{{ files_repo }}/github.com/projectcalico/calico/releases/download/v{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}" # calicoctl_download_url: "{{ files_repo }}/github.com/projectcalico/calico/releases/download/v{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}"
# [Optional] Calico with kdd: If using Calico network plugin with kdd datastore # [Optional] Calico with kdd: If using Calico network plugin with kdd datastore
# calico_crds_download_url: "{{ files_repo }}/github.com/projectcalico/calico/raw/v{{ calico_version }}/manifests/crds.yaml" # calico_crds_download_url: "{{ files_repo }}/github.com/projectcalico/calico/archive/v{{ calico_version }}.tar.gz"
# [Optional] Cilium: If using Cilium network plugin # [Optional] Cilium: If using Cilium network plugin
# ciliumcli_download_url: "{{ files_repo }}/github.com/cilium/cilium-cli/releases/download/v{{ cilium_cli_version }}/cilium-linux-{{ image_arch }}.tar.gz" # ciliumcli_download_url: "{{ files_repo }}/github.com/cilium/cilium-cli/releases/download/v{{ cilium_cli_version }}/cilium-linux-{{ image_arch }}.tar.gz"

33
inventory/sample/group_vars/k8s_cluster/addons.yml
View File

@@ -63,6 +63,39 @@ local_volume_provisioner_enabled: false
# Gateway API CRDs # Gateway API CRDs
gateway_api_enabled: false gateway_api_enabled: false
# Nginx ingress controller deployment
ingress_nginx_enabled: false
# ingress_nginx_host_network: false
# ingress_nginx_service_type: LoadBalancer
# ingress_nginx_service_annotations:
# example.io/loadbalancerIPs: 1.2.3.4
# ingress_nginx_service_nodeport_http: 30080
# ingress_nginx_service_nodeport_https: 30081
ingress_publish_status_address: ""
# ingress_nginx_nodeselector:
# kubernetes.io/os: "linux"
# ingress_nginx_tolerations:
# - key: "node-role.kubernetes.io/control-plane"
# operator: "Equal"
# value: ""
# effect: "NoSchedule"
# ingress_nginx_namespace: "ingress-nginx"
# ingress_nginx_insecure_port: 80
# ingress_nginx_secure_port: 443
# ingress_nginx_configmap:
# map-hash-bucket-size: "128"
# ssl-protocols: "TLSv1.2 TLSv1.3"
# ingress_nginx_configmap_tcp_services:
# 9000: "default/example-go:8080"
# ingress_nginx_configmap_udp_services:
# 53: "kube-system/coredns:53"
# ingress_nginx_extra_args:
# - --default-ssl-certificate=default/foo-tls
# ingress_nginx_termination_grace_period_seconds: 300
# ingress_nginx_class: nginx
# ingress_nginx_without_class: true
# ingress_nginx_default: false
# ALB ingress controller deployment # ALB ingress controller deployment
ingress_alb_enabled: false ingress_alb_enabled: false
# alb_ingress_aws_region: "us-east-1" # alb_ingress_aws_region: "us-east-1"

2
meta/runtime.yml
View File

@@ -1,2 +1,2 @@
--- ---
requires_ansible: ">=2.18.0,<2.19.0" requires_ansible: ">=2.17.3"

4
pipeline.Dockerfile
View File

@@ -46,8 +46,8 @@ ADD ./tests/requirements.txt /kubespray/tests/requirements.txt
RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \ RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \
&& pip install --break-system-packages --ignore-installed --no-compile --no-cache-dir pip -U \ && pip install --break-system-packages --ignore-installed --no-compile --no-cache-dir pip -U \
&& pip install --break-system-packages --no-compile --no-cache-dir -r tests/requirements.txt \ && pip install --break-system-packages --no-compile --no-cache-dir -r tests/requirements.txt \
&& curl -L https://dl.k8s.io/release/v1.35.0/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \ && curl -L https://dl.k8s.io/release/v1.34.3/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \
&& echo $(curl -L https://dl.k8s.io/release/v1.35.0/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \ && echo $(curl -L https://dl.k8s.io/release/v1.34.3/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \
&& chmod a+x /usr/local/bin/kubectl \ && chmod a+x /usr/local/bin/kubectl \
# Install Vagrant # Install Vagrant
&& curl -LO https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}-1_$(dpkg --print-architecture).deb \ && curl -LO https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}-1_$(dpkg --print-architecture).deb \

4
playbooks/ansible_version.yml
View File

@@ -5,8 +5,8 @@
become: false become: false
run_once: true run_once: true
vars: vars:
minimal_ansible_version: 2.18.0 minimal_ansible_version: 2.17.3
maximal_ansible_version: 2.19.0 maximal_ansible_version: 2.18.0
tags: always tags: always
tasks: tasks:
- name: "Check {{ minimal_ansible_version }} <= Ansible version < {{ maximal_ansible_version }}" - name: "Check {{ minimal_ansible_version }} <= Ansible version < {{ maximal_ansible_version }}"

2
requirements.txt
View File

@@ -1,4 +1,4 @@
ansible==11.13.0 ansible==10.7.0
# Needed for community.crypto module # Needed for community.crypto module
cryptography==46.0.4 cryptography==46.0.4
# Needed for jinja2 json_query templating # Needed for jinja2 json_query templating

6
roles/container-engine/cri-dockerd/handlers/main.yml
View File

@@ -6,6 +6,12 @@
masked: false masked: false
listen: Restart and enable cri-dockerd listen: Restart and enable cri-dockerd
- name: Cri-dockerd | restart docker.service
service:
name: docker.service
state: restarted
listen: Restart and enable cri-dockerd
- name: Cri-dockerd | reload cri-dockerd.socket - name: Cri-dockerd | reload cri-dockerd.socket
service: service:
name: cri-dockerd.socket name: cri-dockerd.socket

2
roles/container-engine/docker/templates/docker.service.j2
View File

@@ -30,7 +30,7 @@ LimitCORE=infinity
TimeoutStartSec=1min TimeoutStartSec=1min
# restart the docker process if it exits prematurely # restart the docker process if it exits prematurely
Restart=on-failure Restart=on-failure
StartLimitBurst=10 StartLimitBurst=3
StartLimitInterval=60s StartLimitInterval=60s
# Set the cgroup slice of the service so that kube reserved takes effect # Set the cgroup slice of the service so that kube reserved takes effect
{% if kube_reserved is defined and kube_reserved|bool %} {% if kube_reserved is defined and kube_reserved|bool %}

2
roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml
View File

@@ -21,7 +21,7 @@ external_openstack_cacert: "{{ lookup('env', 'OS_CACERT') }}"
## arg1: "value1" ## arg1: "value1"
## arg2: "value2" ## arg2: "value2"
external_openstack_cloud_controller_extra_args: {} external_openstack_cloud_controller_extra_args: {}
external_openstack_cloud_controller_image_tag: "v1.35.0" external_openstack_cloud_controller_image_tag: "v1.32.0"
external_openstack_cloud_controller_bind_address: 127.0.0.1 external_openstack_cloud_controller_bind_address: 127.0.0.1
external_openstack_cloud_controller_dns_policy: ClusterFirst external_openstack_cloud_controller_dns_policy: ClusterFirst

28
roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml Normal file
View File

@@ -0,0 +1,28 @@
---
ingress_nginx_namespace: "ingress-nginx"
ingress_nginx_host_network: false
ingress_nginx_service_type: LoadBalancer
ingress_nginx_service_nodeport_http: ""
ingress_nginx_service_nodeport_https: ""
ingress_nginx_service_annotations: {}
ingress_publish_status_address: ""
ingress_nginx_publish_service: "{{ ingress_nginx_namespace }}/ingress-nginx"
ingress_nginx_nodeselector:
kubernetes.io/os: "linux"
ingress_nginx_tolerations: []
ingress_nginx_insecure_port: 80
ingress_nginx_secure_port: 443
ingress_nginx_metrics_port: 10254
ingress_nginx_configmap: {}
ingress_nginx_configmap_tcp_services: {}
ingress_nginx_configmap_udp_services: {}
ingress_nginx_extra_args: []
ingress_nginx_termination_grace_period_seconds: 300
ingress_nginx_class: nginx
ingress_nginx_without_class: true
ingress_nginx_default: false
ingress_nginx_webhook_enabled: false
ingress_nginx_webhook_job_ttl: 1800
ingress_nginx_opentelemetry_enabled: false
ingress_nginx_probe_initial_delay_seconds: 10

69
roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml Normal file
View File

@@ -0,0 +1,69 @@
---
- name: NGINX Ingress Controller | Create addon dir
file:
path: "{{ kube_config_dir }}/addons/ingress_nginx"
state: directory
owner: root
group: root
mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
- name: NGINX Ingress Controller | Templates list
set_fact:
ingress_nginx_templates:
- { name: 00-namespace, file: 00-namespace.yml, type: ns }
- { name: cm-ingress-nginx, file: cm-ingress-nginx.yml, type: cm }
- { name: cm-tcp-services, file: cm-tcp-services.yml, type: cm }
- { name: cm-udp-services, file: cm-udp-services.yml, type: cm }
- { name: sa-ingress-nginx, file: sa-ingress-nginx.yml, type: sa }
- { name: clusterrole-ingress-nginx, file: clusterrole-ingress-nginx.yml, type: clusterrole }
- { name: clusterrolebinding-ingress-nginx, file: clusterrolebinding-ingress-nginx.yml, type: clusterrolebinding }
- { name: role-ingress-nginx, file: role-ingress-nginx.yml, type: role }
- { name: rolebinding-ingress-nginx, file: rolebinding-ingress-nginx.yml, type: rolebinding }
- { name: ingressclass-nginx, file: ingressclass-nginx.yml, type: ingressclass }
- { name: ds-ingress-nginx-controller, file: ds-ingress-nginx-controller.yml, type: ds }
ingress_nginx_template_for_service:
- { name: svc-ingress-nginx, file: svc-ingress-nginx.yml, type: svc }
ingress_nginx_templates_for_webhook:
- { name: admission-webhook-configuration, file: admission-webhook-configuration.yml, type: sa }
- { name: sa-admission-webhook, file: sa-admission-webhook.yml, type: sa }
- { name: clusterrole-admission-webhook, file: clusterrole-admission-webhook.yml, type: clusterrole }
- { name: clusterrolebinding-admission-webhook, file: clusterrolebinding-admission-webhook.yml, type: clusterrolebinding }
- { name: role-admission-webhook, file: role-admission-webhook.yml, type: role }
- { name: rolebinding-admission-webhook, file: rolebinding-admission-webhook.yml, type: rolebinding }
- { name: admission-webhook-job, file: admission-webhook-job.yml, type: job }
- { name: svc-ingress-nginx-controller-admission, file: svc-ingress-nginx-controller-admission.yml, type: svc }
- name: NGINX Ingress Controller | Append extra templates to NGINX Ingress Template list for service
set_fact:
ingress_nginx_templates: "{{ ingress_nginx_templates + ingress_nginx_template_for_service }}"
when: not ingress_nginx_host_network
- name: NGINX Ingress Controller | Append extra templates to NGINX Ingress Templates list for webhook
set_fact:
ingress_nginx_templates: "{{ ingress_nginx_templates + ingress_nginx_templates_for_webhook }}"
when: ingress_nginx_webhook_enabled
- name: NGINX Ingress Controller | Create manifests
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/ingress_nginx/{{ item.file }}"
mode: "0644"
with_items: "{{ ingress_nginx_templates }}"
register: ingress_nginx_manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
- name: NGINX Ingress Controller | Apply manifests
kube:
name: "{{ item.item.name }}"
namespace: "{{ ingress_nginx_namespace }}"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/addons/ingress_nginx/{{ item.item.file }}"
state: "latest"
with_items: "{{ ingress_nginx_manifests.results }}"
when:
- inventory_hostname == groups['kube_control_plane'][0]

7
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/00-namespace.yml.j2 Normal file
View File

@@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: {{ ingress_nginx_namespace }}
labels:
name: {{ ingress_nginx_namespace }}

30
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/admission-webhook-configuration.yml.j2 Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: ingress-nginx-admission
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: ingress-nginx-controller-admission
namespace: {{ ingress_nginx_namespace }}
path: /networking/v1/ingresses
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: validate.nginx.ingress.kubernetes.io
rules:
- apiGroups:
- networking.k8s.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- ingresses
sideEffects: None

96
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/admission-webhook-job.yml.j2 Normal file
View File

@@ -0,0 +1,96 @@
---
apiVersion: batch/v1
kind: Job
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: ingress-nginx-admission-create
namespace: {{ ingress_nginx_namespace }}
spec:
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: ingress-nginx-admission-create
spec:
containers:
- args:
- create
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
- --namespace=$(POD_NAMESPACE)
- --secret-name=ingress-nginx-admission
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: "{{ ingress_nginx_kube_webhook_certgen_image_repo }}:{{ ingress_nginx_kube_webhook_certgen_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
name: create
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
restartPolicy: OnFailure
serviceAccountName: ingress-nginx-admission
ttlSecondsAfterFinished: {{ ingress_nginx_webhook_job_ttl }}
---
apiVersion: batch/v1
kind: Job
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: ingress-nginx-admission-patch
namespace: {{ ingress_nginx_namespace }}
spec:
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: ingress-nginx-admission-patch
spec:
containers:
- args:
- patch
- --webhook-name=ingress-nginx-admission
- --namespace=$(POD_NAMESPACE)
- --patch-mutating=false
- --secret-name=ingress-nginx-admission
- --patch-failure-policy=Fail
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: "{{ ingress_nginx_kube_webhook_certgen_image_repo }}:{{ ingress_nginx_kube_webhook_certgen_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
name: patch
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
restartPolicy: OnFailure
serviceAccountName: ingress-nginx-admission
ttlSecondsAfterFinished: {{ ingress_nginx_webhook_job_ttl }}

15
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-admission-webhook.yml.j2 Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: ingress-nginx-admission
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- update

36
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrole-ingress-nginx.yml.j2 Normal file
View File

@@ -0,0 +1,36 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups: [""]
resources: ["configmaps", "endpoints", "nodes", "pods", "secrets", "namespaces"]
verbs: ["list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses/status"]
verbs: ["update"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingressclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["list", "watch"]
- apiGroups: ["discovery.k8s.io"]
resources: ["endpointslices"]
verbs: ["get", "list", "watch"]

16
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrolebinding-admission-webhook.yml.j2 Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: ingress-nginx-admission
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: {{ ingress_nginx_namespace }}

16
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/clusterrolebinding-ingress-nginx.yml.j2 Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}

13
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-ingress-nginx.yml.j2 Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
{% if ingress_nginx_configmap %}
data:
{{ ingress_nginx_configmap | to_nice_yaml | indent(2) }}
{%- endif %}

13
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-tcp-services.yml.j2 Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: {{ ingress_nginx_namespace }}
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
{% if ingress_nginx_configmap_tcp_services %}
data:
{{ ingress_nginx_configmap_tcp_services | to_nice_yaml | indent(2) }}
{%- endif %}

13
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/cm-udp-services.yml.j2 Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: udp-services
namespace: {{ ingress_nginx_namespace }}
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
{% if ingress_nginx_configmap_udp_services %}
data:
{{ ingress_nginx_configmap_udp_services | to_nice_yaml | indent(2) }}
{%- endif %}

201
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 Normal file
View File

@@ -0,0 +1,201 @@
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: ingress-nginx-controller
namespace: {{ ingress_nginx_namespace }}
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
spec:
serviceAccountName: ingress-nginx
terminationGracePeriodSeconds: {{ ingress_nginx_termination_grace_period_seconds }}
{% if ingress_nginx_opentelemetry_enabled %}
initContainers:
- name: opentelemetry
command:
- /init_module
image: {{ ingress_nginx_opentelemetry_image_repo }}:{{ ingress_nginx_opentelemetry_image_tag }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /modules_mount
name: modules
{% endif %}
{% if ingress_nginx_host_network %}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
{% endif %}
{% if ingress_nginx_nodeselector %}
nodeSelector:
{{ ingress_nginx_nodeselector | to_nice_yaml | indent(width=8) }}
{%- endif %}
{% if ingress_nginx_tolerations %}
tolerations:
{{ ingress_nginx_tolerations | to_nice_yaml(indent=2) | indent(width=8) }}
{% endif %}
priorityClassName: {% if ingress_nginx_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{ '' }}
containers:
- name: ingress-nginx-controller
image: {{ ingress_nginx_controller_image_repo }}:{{ ingress_nginx_controller_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }}
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/ingress-nginx
- --election-id=ingress-controller-leader-{{ ingress_nginx_class }}
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --annotations-prefix=nginx.ingress.kubernetes.io
- --ingress-class={{ ingress_nginx_class }}
{% if ingress_nginx_without_class %}
- --watch-ingress-without-class=true
{% endif %}
{% if ingress_publish_status_address != "" %}
- --publish-status-address={{ ingress_publish_status_address }}
{% elif ingress_nginx_host_network %}
- --report-node-internal-ip-address
{% elif ingress_nginx_publish_service != "" %}
- --publish-service={{ ingress_nginx_publish_service }}
{% endif %}
{% for extra_arg in ingress_nginx_extra_args %}
- {{ extra_arg }}
{% endfor %}
{% if ingress_nginx_webhook_enabled %}
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
{% endif %}
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
ports:
- name: http
containerPort: 80
hostPort: {{ ingress_nginx_insecure_port }}
- name: https
containerPort: 443
hostPort: {{ ingress_nginx_secure_port }}
- name: metrics
containerPort: 10254
{% if not ingress_nginx_host_network %}
hostPort: {{ ingress_nginx_metrics_port }}
{% endif %}
{% if ingress_nginx_configmap_tcp_services %}
{% for port in ingress_nginx_configmap_tcp_services.keys() %}
- name: tcp-port-{{ port }}
containerPort: {{ port | int }}
protocol: TCP
{% if not ingress_nginx_host_network %}
hostPort: {{ port | int }}
{% endif %}
{% endfor %}
{% endif %}
{% if ingress_nginx_configmap_udp_services %}
{% for port in ingress_nginx_configmap_udp_services.keys() %}
- name: udp-port-{{ port }}
containerPort: {{ port | int }}
protocol: UDP
{% if not ingress_nginx_host_network %}
hostPort: {{ port | int }}
{% endif %}
{% endfor %}
{% endif %}
{% if ingress_nginx_webhook_enabled %}
- name: webhook
containerPort: 8443
protocol: TCP
{% endif %}
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: {{ ingress_nginx_probe_initial_delay_seconds }}
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: {{ ingress_nginx_probe_initial_delay_seconds }}
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
{% if ingress_nginx_webhook_enabled or ingress_nginx_opentelemetry_enabled %}
volumeMounts:
{% if ingress_nginx_webhook_enabled %}
- mountPath: /usr/local/certificates/
name: webhook-cert
readOnly: true
{% endif %}
{% if ingress_nginx_opentelemetry_enabled %}
- name: modules
mountPath: /modules_mount
{% endif %}
{% endif %}
{% if ingress_nginx_webhook_enabled or ingress_nginx_opentelemetry_enabled %}
volumes:
{% if ingress_nginx_webhook_enabled %}
- name: webhook-cert
secret:
secretName: ingress-nginx-admission
{% endif %}
{% if ingress_nginx_opentelemetry_enabled %}
- name: modules
emptyDir: {}
{% endif %}
{% endif %}

13
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ingressclass-nginx.yml.j2 Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: {{ ingress_nginx_class }}
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
{% if ingress_nginx_default %}
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
{% endif %}
spec:
controller: k8s.io/ingress-nginx

17
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-admission-webhook.yml.j2 Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: ingress-nginx-admission
namespace: {{ ingress_nginx_namespace }}
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- create

47
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 Normal file
View File

@@ -0,0 +1,47 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get"]
- apiGroups: [""]
resources: ["configmaps", "pods", "secrets", "endpoints"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses/status"]
verbs: ["update"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingressclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
# Defaults to "<election-id>", defined in
# ds-ingress-nginx-controller.yml.js
# by a command-line argument.
#
# This is the correct behaviour for ingress-controller
# version 1.8.1
resourceNames: ["ingress-controller-leader-{{ ingress_nginx_class }}"]
verbs: ["get", "update"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["create"]
- apiGroups: ["discovery.k8s.io"]
resources: ["endpointslices"]
verbs: ["get", "list", "watch"]

17
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/rolebinding-admission-webhook.yml.j2 Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: ingress-nginx-admission
namespace: {{ ingress_nginx_namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: {{ ingress_nginx_namespace }}

17
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/rolebinding-ingress-nginx.yml.j2 Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}

8
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/sa-admission-webhook.yml.j2 Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: ingress-nginx-admission
namespace: {{ ingress_nginx_namespace }}
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx

9
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/sa-ingress-nginx.yml.j2 Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx

18
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-ingress-nginx-controller-admission.yml.j2 Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: ingress-nginx-controller-admission
namespace: {{ ingress_nginx_namespace }}
spec:
type: ClusterIP
ports:
- appProtocol: https
name: https-webhook
port: 443
targetPort: webhook
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx

50
roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/svc-ingress-nginx.yml.j2 Normal file
View File

@@ -0,0 +1,50 @@
{% if not ingress_nginx_host_network %}
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: {{ ingress_nginx_namespace }}
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
{% if ingress_nginx_service_annotations %}
annotations:
{{ ingress_nginx_service_annotations | to_nice_yaml(indent=2, width=1337) | indent(width=4) }}
{% endif %}
spec:
type: {{ ingress_nginx_service_type }}
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
{% if (ingress_nginx_service_type == 'NodePort' or ingress_nginx_service_type == 'LoadBalancer') and ingress_nginx_service_nodeport_http %}
nodePort: {{ingress_nginx_service_nodeport_http | int}}
{% endif %}
- name: https
port: 443
targetPort: 443
protocol: TCP
{% if (ingress_nginx_service_type == 'NodePort' or ingress_nginx_service_type == 'LoadBalancer') and ingress_nginx_service_nodeport_https %}
nodePort: {{ingress_nginx_service_nodeport_https | int}}
{% endif %}
{% if ingress_nginx_configmap_tcp_services %}
{% for port in ingress_nginx_configmap_tcp_services.keys() %}
- name: tcp-port-{{ port }}
port: {{ port | int }}
targetPort: {{ port | int }}
protocol: TCP
{% endfor %}
{% endif %}
{% if ingress_nginx_configmap_udp_services %}
{% for port in ingress_nginx_configmap_udp_services.keys() %}
- name: udp-port-{{ port }}
port: {{ port | int }}
targetPort: {{ port | int }}
protocol: UDP
{% endfor %}
{% endif %}
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
{% endif %}

7
roles/kubernetes-apps/ingress_controller/meta/main.yml
View File

@@ -1,5 +1,12 @@
--- ---
dependencies: dependencies:
- role: kubernetes-apps/ingress_controller/ingress_nginx
when: ingress_nginx_enabled
tags:
- apps
- ingress-controller
- ingress-nginx
- role: kubernetes-apps/ingress_controller/cert_manager - role: kubernetes-apps/ingress_controller/cert_manager
when: cert_manager_enabled when: cert_manager_enabled
tags: tags:

10
roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
View File

@@ -114,14 +114,4 @@ rules:
- update - update
# watch for changes # watch for changes
- watch - watch
# Services are monitored for service LoadBalancer IP allocation
- apiGroups: [""]
resources:
- services
- services/status
verbs:
- get
- list
- update
- watch
{% endif %} {% endif %}

4
roles/kubernetes-apps/registry/tasks/main.yml
View File

@@ -43,12 +43,12 @@
- { name: registry-cm, file: registry-cm.yml, type: cm } - { name: registry-cm, file: registry-cm.yml, type: cm }
- { name: registry-rs, file: registry-rs.yml, type: rs } - { name: registry-rs, file: registry-rs.yml, type: rs }
- name: Registry | Append ingress templates to Registry Templates list when ALB ingress enabled - name: Registry | Append nginx ingress templates to Registry Templates list when ingress enabled
set_fact: set_fact:
registry_templates: "{{ registry_templates + [item] }}" registry_templates: "{{ registry_templates + [item] }}"
with_items: with_items:
- [{ name: registry-ing, file: registry-ing.yml, type: ing }] - [{ name: registry-ing, file: registry-ing.yml, type: ing }]
when: ingress_alb_enabled when: ingress_nginx_enabled or ingress_alb_enabled
- name: Registry | Create manifests - name: Registry | Create manifests
template: template:

65
roles/kubernetes/client/tasks/main.yml
View File

@@ -26,7 +26,7 @@
mode: "0700" mode: "0700"
state: directory state: directory
- name: Write admin kubeconfig to current/ansible become user home - name: Copy admin kubeconfig to current/ansible become user home
copy: copy:
src: "{{ kube_config_dir }}/admin.conf" src: "{{ kube_config_dir }}/admin.conf"
dest: "{{ ansible_env.HOME | default('/root') }}/.kube/config" dest: "{{ ansible_env.HOME | default('/root') }}/.kube/config"
@@ -51,38 +51,41 @@
port: "{{ kube_apiserver_port }}" port: "{{ kube_apiserver_port }}"
timeout: 180 timeout: 180
- name: Create kubeconfig localhost artifacts - name: Get admin kubeconfig from remote host
slurp:
src: "{{ kube_config_dir }}/admin.conf"
run_once: true
register: raw_admin_kubeconfig
when: kubeconfig_localhost when: kubeconfig_localhost
block:
- name: Generate admin kubeconfig using kubeadm
command: >-
{{ bin_dir }}/kubeadm kubeconfig user
--client-name=kubernetes-admin-{{ cluster_name }}
--org=kubeadm:cluster-admins
--config {{ kube_config_dir }}/kubeadm-config.yaml
register: kubeadm_admin_kubeconfig
changed_when: false
run_once: true
delegate_to: "{{ groups['kube_control_plane'][0] }}"
- name: Write admin kubeconfig on ansible host - name: Convert kubeconfig to YAML
copy: set_fact:
content: "{{ kubeadm_admin_kubeconfig.stdout | from_yaml | combine(override, recursive=true) | to_nice_yaml(indent=2) }}" admin_kubeconfig: "{{ raw_admin_kubeconfig.content | b64decode | from_yaml }}"
dest: "{{ artifacts_dir }}/admin.conf" when: kubeconfig_localhost
mode: "0600"
vars: - name: Override username in kubeconfig
admin_kubeconfig: "{{ kubeadm_admin_kubeconfig.stdout | from_yaml }}" set_fact:
context: "kubernetes-admin-{{ cluster_name }}@{{ cluster_name }}" final_admin_kubeconfig: "{{ admin_kubeconfig | combine(override_cluster_name, recursive=true) | combine(override_context, recursive=true) | combine(override_user, recursive=true) }}"
override: vars:
clusters: cluster_infos: "{{ admin_kubeconfig['clusters'][0]['cluster'] }}"
- "{{ admin_kubeconfig['clusters'][0] | combine({'name': cluster_name, 'cluster': admin_kubeconfig['clusters'][0]['cluster'] | combine({'server': 'https://' + (external_apiserver_address | ansible.utils.ipwrap) + ':' + (external_apiserver_port | string)})}, recursive=true) }}" user_certs: "{{ admin_kubeconfig['users'][0]['user'] }}"
contexts: username: "kubernetes-admin-{{ cluster_name }}"
- "{{ admin_kubeconfig['contexts'][0] | combine({'name': context, 'context': admin_kubeconfig['contexts'][0]['context'] | combine({'cluster': cluster_name})}, recursive=true) }}" context: "kubernetes-admin-{{ cluster_name }}@{{ cluster_name }}"
current-context: "{{ context }}" override_cluster_name: "{{ {'clusters': [{'cluster': (cluster_infos | combine({'server': 'https://' + (external_apiserver_address | ansible.utils.ipwrap) + ':' + (external_apiserver_port | string)})), 'name': cluster_name}]} }}"
delegate_to: localhost override_context: "{{ {'contexts': [{'context': {'user': username, 'cluster': cluster_name}, 'name': context}], 'current-context': context} }}"
connection: local override_user: "{{ {'users': [{'name': username, 'user': user_certs}]} }}"
become: false when: kubeconfig_localhost
run_once: true
- name: Write admin kubeconfig on ansible host
copy:
content: "{{ final_admin_kubeconfig | to_nice_yaml(indent=2) }}"
dest: "{{ artifacts_dir }}/admin.conf"
mode: "0600"
delegate_to: localhost
connection: local
become: false
run_once: true
when: kubeconfig_localhost
- name: Copy kubectl binary to ansible host - name: Copy kubectl binary to ansible host
fetch: fetch:

17
roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml Normal file
View File

@@ -0,0 +1,17 @@
---
- name: Update server field in component kubeconfigs
lineinfile:
dest: "{{ kube_config_dir }}/{{ item }}"
regexp: '^ server: https'
line: ' server: {{ kube_apiserver_endpoint }}'
backup: true
with_items:
- admin.conf
- controller-manager.conf
- kubelet.conf
- scheduler.conf
notify:
- "Control plane | Restart kube-controller-manager"
- "Control plane | Restart kube-scheduler"
- "Control plane | reload kubelet"

3
roles/kubernetes/control-plane/tasks/main.yml
View File

@@ -99,6 +99,9 @@
include_tasks: kubeadm-etcd.yml include_tasks: kubeadm-etcd.yml
when: etcd_deployment_type == "kubeadm" when: etcd_deployment_type == "kubeadm"
- name: Include kubeadm secondary server apiserver fixes
include_tasks: kubeadm-fix-apiserver.yml
- name: Cleanup unused AuthorizationConfiguration file versions - name: Cleanup unused AuthorizationConfiguration file versions
file: file:
path: "{{ kube_config_dir }}/apiserver-authorization-config-{{ item }}.yaml" path: "{{ kube_config_dir }}/apiserver-authorization-config-{{ item }}.yaml"

3
roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
View File

@@ -429,9 +429,6 @@ featureGates:
--- ---
apiVersion: kubelet.config.k8s.io/v1beta1 apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration kind: KubeletConfiguration
{% if kube_version is version('1.35.0', '>=') %}
failCgroupV1: {{ kubelet_fail_cgroup_v1 }}
{% endif %}
clusterDNS: clusterDNS:
{% for dns_address in kubelet_cluster_dns %} {% for dns_address in kubelet_cluster_dns %}
- {{ dns_address }} - {{ dns_address }}

3
roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2
View File

@@ -563,9 +563,6 @@ featureGates:
--- ---
apiVersion: kubelet.config.k8s.io/v1beta1 apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration kind: KubeletConfiguration
{% if kube_version is version('1.35.0', '>=') %}
failCgroupV1: {{ kubelet_fail_cgroup_v1 }}
{% endif %}
clusterDNS: clusterDNS:
{% for dns_address in kubelet_cluster_dns %} {% for dns_address in kubelet_cluster_dns %}
- {{ dns_address }} - {{ dns_address }}

3
roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
View File

@@ -15,9 +15,6 @@ authorization:
{% else %} {% else %}
mode: AlwaysAllow mode: AlwaysAllow
{% endif %} {% endif %}
{% if kube_version is version('1.35.0', '>=') %}
failCgroupV1: {{ kubelet_fail_cgroup_v1 }}
{% endif %}
{% if kubelet_enforce_node_allocatable is defined and kubelet_enforce_node_allocatable != "\"\"" %} {% if kubelet_enforce_node_allocatable is defined and kubelet_enforce_node_allocatable != "\"\"" %}
{% set kubelet_enforce_node_allocatable_list = kubelet_enforce_node_allocatable.split(",") %} {% set kubelet_enforce_node_allocatable_list = kubelet_enforce_node_allocatable.split(",") %}
enforceNodeAllocatable: enforceNodeAllocatable:

33
roles/kubespray_defaults/defaults/main/download.yml
View File

@@ -159,7 +159,7 @@ kubeadm_download_url: "{{ dl_k8s_io_url }}/release/v{{ kube_version }}/bin/linux
etcd_download_url: "{{ github_url }}/etcd-io/etcd/releases/download/v{{ etcd_version }}/etcd-v{{ etcd_version }}-linux-{{ image_arch }}.tar.gz" etcd_download_url: "{{ github_url }}/etcd-io/etcd/releases/download/v{{ etcd_version }}/etcd-v{{ etcd_version }}-linux-{{ image_arch }}.tar.gz"
cni_download_url: "{{ github_url }}/containernetworking/plugins/releases/download/v{{ cni_version }}/cni-plugins-linux-{{ image_arch }}-v{{ cni_version }}.tgz" cni_download_url: "{{ github_url }}/containernetworking/plugins/releases/download/v{{ cni_version }}/cni-plugins-linux-{{ image_arch }}-v{{ cni_version }}.tgz"
calicoctl_download_url: "{{ github_url }}/projectcalico/calico/releases/download/v{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}" calicoctl_download_url: "{{ github_url }}/projectcalico/calico/releases/download/v{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}"
calico_crds_download_url: "{{ github_url }}/projectcalico/calico/raw/v{{ calico_version }}/manifests/crds.yaml" calico_crds_download_url: "{{ github_url }}/projectcalico/calico/archive/v{{ calico_version }}.tar.gz"
ciliumcli_download_url: "{{ github_url }}/cilium/cilium-cli/releases/download/v{{ cilium_cli_version }}/cilium-linux-{{ image_arch }}.tar.gz" ciliumcli_download_url: "{{ github_url }}/cilium/cilium-cli/releases/download/v{{ cilium_cli_version }}/cilium-linux-{{ image_arch }}.tar.gz"
crictl_download_url: "{{ github_url }}/kubernetes-sigs/cri-tools/releases/download/v{{ crictl_version }}/crictl-v{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz" crictl_download_url: "{{ github_url }}/kubernetes-sigs/cri-tools/releases/download/v{{ crictl_version }}/crictl-v{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
crio_download_url: "{{ storage_googleapis_url }}/cri-o/artifacts/cri-o.{{ image_arch }}.v{{ crio_version }}.tar.gz" crio_download_url: "{{ storage_googleapis_url }}/cri-o/artifacts/cri-o.{{ image_arch }}.v{{ crio_version }}.tar.gz"
@@ -263,7 +263,7 @@ kube_router_image_tag: "v{{ kube_router_version }}"
multus_image_repo: "{{ github_image_repo }}/k8snetworkplumbingwg/multus-cni" multus_image_repo: "{{ github_image_repo }}/k8snetworkplumbingwg/multus-cni"
multus_image_tag: "v{{ multus_version }}" multus_image_tag: "v{{ multus_version }}"
external_openstack_cloud_controller_image_repo: "{{ kube_image_repo }}/provider-os/openstack-cloud-controller-manager" external_openstack_cloud_controller_image_repo: "{{ kube_image_repo }}/provider-os/openstack-cloud-controller-manager"
external_openstack_cloud_controller_image_tag: "v1.35.0" external_openstack_cloud_controller_image_tag: "v1.32.0"
kube_vip_version: 1.0.3 kube_vip_version: 1.0.3
kube_vip_image_repo: "{{ github_image_repo }}/kube-vip/kube-vip{{ '-iptables' if kube_vip_lb_fwdmethod == 'masquerade' else '' }}" kube_vip_image_repo: "{{ github_image_repo }}/kube-vip/kube-vip{{ '-iptables' if kube_vip_lb_fwdmethod == 'masquerade' else '' }}"
@@ -277,9 +277,9 @@ haproxy_image_tag: 3.2.4-alpine
# bundle with kubeadm; if not 'basic' upgrade can sometimes fail # bundle with kubeadm; if not 'basic' upgrade can sometimes fail
coredns_supported_versions: coredns_supported_versions:
'1.35': 1.12.4
'1.34': 1.12.1 '1.34': 1.12.1
'1.33': 1.12.0 '1.33': 1.12.0
'1.32': 1.11.3
coredns_version: "{{ coredns_supported_versions[kube_major_version] }}" coredns_version: "{{ coredns_supported_versions[kube_major_version] }}"
coredns_image_repo: "{{ kube_image_repo }}{{ '/coredns' if coredns_version is version('1.7.1', '>=') else '' }}/coredns" coredns_image_repo: "{{ kube_image_repo }}{{ '/coredns' if coredns_version is version('1.7.1', '>=') else '' }}/coredns"
coredns_image_tag: "{{ 'v' if coredns_version is version('1.7.1', '>=') else '' }}{{ coredns_version }}" coredns_image_tag: "{{ 'v' if coredns_version is version('1.7.1', '>=') else '' }}{{ coredns_version }}"
@@ -309,6 +309,13 @@ local_volume_provisioner_image_tag: "v{{ local_volume_provisioner_version }}"
local_path_provisioner_version: "0.0.32" local_path_provisioner_version: "0.0.32"
local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner" local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner"
local_path_provisioner_image_tag: "v{{ local_path_provisioner_version }}" local_path_provisioner_image_tag: "v{{ local_path_provisioner_version }}"
ingress_nginx_version: "1.13.3"
ingress_nginx_controller_image_repo: "{{ kube_image_repo }}/ingress-nginx/controller"
ingress_nginx_opentelemetry_image_repo: "{{ kube_image_repo }}/ingress-nginx/opentelemetry"
ingress_nginx_controller_image_tag: "v{{ ingress_nginx_version }}"
ingress_nginx_opentelemetry_image_tag: "v20230721-3e2062ee5"
ingress_nginx_kube_webhook_certgen_image_repo: "{{ kube_image_repo }}/ingress-nginx/kube-webhook-certgen"
ingress_nginx_kube_webhook_certgen_image_tag: "v1.6.3"
alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller" alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
alb_ingress_image_tag: "v1.1.9" alb_ingress_image_tag: "v1.1.9"
cert_manager_version: "1.15.3" cert_manager_version: "1.15.3"
@@ -333,9 +340,9 @@ csi_livenessprobe_image_repo: "{{ kube_image_repo }}/sig-storage/livenessprobe"
csi_livenessprobe_image_tag: "v2.11.0" csi_livenessprobe_image_tag: "v2.11.0"
snapshot_controller_supported_versions: snapshot_controller_supported_versions:
'1.35': "v7.0.2"
'1.34': "v7.0.2" '1.34': "v7.0.2"
'1.33': "v7.0.2" '1.33': "v7.0.2"
'1.32': "v7.0.2"
snapshot_controller_image_repo: "{{ kube_image_repo }}/sig-storage/snapshot-controller" snapshot_controller_image_repo: "{{ kube_image_repo }}/sig-storage/snapshot-controller"
snapshot_controller_image_tag: "{{ snapshot_controller_supported_versions[kube_major_version] }}" snapshot_controller_image_tag: "{{ snapshot_controller_supported_versions[kube_major_version] }}"
@@ -770,9 +777,14 @@ downloads:
calico_crds: calico_crds:
file: true file: true
enabled: "{{ kube_network_plugin == 'calico' and calico_datastore == 'kdd' }}" enabled: "{{ kube_network_plugin == 'calico' and calico_datastore == 'kdd' }}"
dest: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/crds.yaml" dest: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/{{ calico_version }}.tar.gz"
checksum: "{{ calico_crds_checksums.no_arch[calico_version] }}" checksum: "{{ calico_crds_archive_checksums.no_arch[calico_version] }}"
url: "{{ calico_crds_download_url }}" url: "{{ calico_crds_download_url }}"
unarchive: true
unarchive_extra_opts:
- "--strip=3"
- "--wildcards"
- "*/libcalico-go/config/crd/"
owner: "root" owner: "root"
mode: "0755" mode: "0755"
groups: groups:
@@ -907,6 +919,15 @@ downloads:
groups: groups:
- kube_node - kube_node
ingress_nginx_controller:
enabled: "{{ ingress_nginx_enabled }}"
container: true
repo: "{{ ingress_nginx_controller_image_repo }}"
tag: "{{ ingress_nginx_controller_image_tag }}"
checksum: "{{ ingress_nginx_controller_digest_checksum | default(None) }}"
groups:
- kube_node
ingress_alb_controller: ingress_alb_controller:
enabled: "{{ ingress_alb_enabled }}" enabled: "{{ ingress_alb_enabled }}"
container: true container: true

4
roles/kubespray_defaults/defaults/main/main.yml
View File

@@ -17,9 +17,6 @@ kube_api_anonymous_auth: true
# Default value, but will be set to true automatically if detected # Default value, but will be set to true automatically if detected
is_fedora_coreos: false is_fedora_coreos: false
# Kubernetes 1.35+: fail on cgroup v1 by default
kubelet_fail_cgroup_v1: true
# Swap settings # Swap settings
kubelet_fail_swap_on: true kubelet_fail_swap_on: true
kubelet_swap_behavior: LimitedSwap kubelet_swap_behavior: LimitedSwap
@@ -455,6 +452,7 @@ vsphere_csi_enabled: false
upcloud_csi_enabled: false upcloud_csi_enabled: false
csi_snapshot_controller_enabled: false csi_snapshot_controller_enabled: false
persistent_volumes_enabled: false persistent_volumes_enabled: false
ingress_nginx_enabled: false
ingress_alb_enabled: false ingress_alb_enabled: false
cert_manager_enabled: false cert_manager_enabled: false
expand_persistent_volumes: false expand_persistent_volumes: false

183
roles/kubespray_defaults/vars/main/checksums.yml
View File

@@ -1,20 +1,19 @@
--- ---
crictl_checksums: crictl_checksums:
arm64: arm64:
1.35.0: sha256:519071de89b64c43e2a1661bb5489c6c3fd5e9e5fcef75e50e542b0c891f1118
1.34.0: sha256:c31d252e203df5f4cf37f314bd3092eb79087e791631c1e607087c74b6d0423f 1.34.0: sha256:c31d252e203df5f4cf37f314bd3092eb79087e791631c1e607087c74b6d0423f
1.33.0: sha256:e1f34918d77d5b4be85d48f5d713ca617698a371b049ea1486000a5e86ab1ff3 1.33.0: sha256:e1f34918d77d5b4be85d48f5d713ca617698a371b049ea1486000a5e86ab1ff3
1.32.0: sha256:f2f4e20658b72d00897f41e4b57093c8080e2d800ee894a5f4351f31d1833e30
amd64: amd64:
1.35.0: sha256:2e141e5b22cb189c40365a11807d69b76b9b3caced89fac2f4ec879408ce2177
1.34.0: sha256:a8ff2a3edb37a98daf3aba7c3b284fe0aa5bff24166d896ab9ef64c8913c9f51 1.34.0: sha256:a8ff2a3edb37a98daf3aba7c3b284fe0aa5bff24166d896ab9ef64c8913c9f51
1.33.0: sha256:8307399e714626e69d1213a4cd18c8dec3d0201ecdac009b1802115df8973f0f 1.33.0: sha256:8307399e714626e69d1213a4cd18c8dec3d0201ecdac009b1802115df8973f0f
1.32.0: sha256:f050b71d3a73a91a4e0990b90143ed04dcd100cc66f953736fcb6a2730e283c4
ppc64le: ppc64le:
1.35.0: sha256:786522b14d684604c8b435312a310972bc1b460cddb1bb216a298098cd86b22e
1.34.0: sha256:1da50181f2f6f6f6332b9dbc7d7cc020457ccd542620167953c0e288535acc93 1.34.0: sha256:1da50181f2f6f6f6332b9dbc7d7cc020457ccd542620167953c0e288535acc93
1.33.0: sha256:4224acfef4d1deba2ba456b7d93fa98feb0a96063ef66024375294f1de2b064f 1.33.0: sha256:4224acfef4d1deba2ba456b7d93fa98feb0a96063ef66024375294f1de2b064f
1.32.0: sha256:4ffaf29bbda8df42ed2dda4f1ad33cc785987701dc8d1e0043c17cfea9af43e0
crio_archive_checksums: crio_archive_checksums:
arm64: arm64:
1.35.0: sha256:e57175a4d00387b78adfbe248d087d8127bed625afb529e34b2c90d08cfdaf87
1.34.5: sha256:999a5dc2dc9854222aeff8a20897e0b34f0ba02c9b260b611d66c62e00e279e0 1.34.5: sha256:999a5dc2dc9854222aeff8a20897e0b34f0ba02c9b260b611d66c62e00e279e0
1.34.4: sha256:d176f6256d606a3fc279f9f2994ef4a4c4cbaaa0601f4d1bba1a19bec5674ce9 1.34.4: sha256:d176f6256d606a3fc279f9f2994ef4a4c4cbaaa0601f4d1bba1a19bec5674ce9
1.34.3: sha256:314595247054b53767a736e24bc3030a5f7c17552944c62b2e190c9e95fe4ca6 1.34.3: sha256:314595247054b53767a736e24bc3030a5f7c17552944c62b2e190c9e95fe4ca6
@@ -46,7 +45,6 @@ crio_archive_checksums:
1.32.1: sha256:f64da0ef41604575b476ad6d7288ca14f56fc06cc0ca138a5c3dc933427f7b32 1.32.1: sha256:f64da0ef41604575b476ad6d7288ca14f56fc06cc0ca138a5c3dc933427f7b32
1.32.0: sha256:b092eddabedac98a0f8449dc535acfec0e14c21f59cabe8f9703043d995a1a41 1.32.0: sha256:b092eddabedac98a0f8449dc535acfec0e14c21f59cabe8f9703043d995a1a41
amd64: amd64:
1.35.0: sha256:55b6d3e9fc9a5864ab5cdf0b24d54b1dcbaf6d4919274b3b9eb37bfc4b0b8cb5
1.34.5: sha256:d6606fb6d686b8f814dfec801f0f3cf2ded974c194fa90facefda36075b6fab2 1.34.5: sha256:d6606fb6d686b8f814dfec801f0f3cf2ded974c194fa90facefda36075b6fab2
1.34.4: sha256:f6348a781c34b433fe1c5150da3408e51e828b610eacbe734405e9c31136d810 1.34.4: sha256:f6348a781c34b433fe1c5150da3408e51e828b610eacbe734405e9c31136d810
1.34.3: sha256:e269914f3bc4f36ac87cd593d74daaa43c390571994062180019248be32cc6f7 1.34.3: sha256:e269914f3bc4f36ac87cd593d74daaa43c390571994062180019248be32cc6f7
@@ -78,7 +76,6 @@ crio_archive_checksums:
1.32.1: sha256:d35de1e765481018c7ccdc92edeb59b25938f3bd9d1670440e7ccd3d599f95a7 1.32.1: sha256:d35de1e765481018c7ccdc92edeb59b25938f3bd9d1670440e7ccd3d599f95a7
1.32.0: sha256:8f483f1429d2d9cd6bfa6db2e3a4263151701dd4f05f2b1c06cf8e67c44ea67e 1.32.0: sha256:8f483f1429d2d9cd6bfa6db2e3a4263151701dd4f05f2b1c06cf8e67c44ea67e
ppc64le: ppc64le:
1.35.0: sha256:081ab73a6970ac3c68893dea9a03b0732ca22ab44a2aa8794fddac0bd4dfa749
1.34.5: sha256:3a10d4c1406df01bd9ab88750eabc1273964e9c5f24c7d4a0b719ae77e6cfec2 1.34.5: sha256:3a10d4c1406df01bd9ab88750eabc1273964e9c5f24c7d4a0b719ae77e6cfec2
1.34.4: sha256:dca59a28fe9b0b9163418eca1545c9ed01cf514179f108d14e462c6074fd103c 1.34.4: sha256:dca59a28fe9b0b9163418eca1545c9ed01cf514179f108d14e462c6074fd103c
1.34.3: sha256:4dd782484eeb460b9a95e6e2e07474216fc02ad45a27ba871799d18f2b6ee0ae 1.34.3: sha256:4dd782484eeb460b9a95e6e2e07474216fc02ad45a27ba871799d18f2b6ee0ae
@@ -111,7 +108,6 @@ crio_archive_checksums:
1.32.0: sha256:e0544544c91f603afaf54ed814c8519883212bcb149f53a8be9bb0c749e9ec86 1.32.0: sha256:e0544544c91f603afaf54ed814c8519883212bcb149f53a8be9bb0c749e9ec86
kubelet_checksums: kubelet_checksums:
arm64: arm64:
1.35.0: sha256:aa658d077348b43d238f50966a583f4244b2a7d45590c77b3b165b7d44983ab8
1.34.3: sha256:765b740e3ad9c590852652a2623424ec60e2dddce2c6280d7f042f56c8c98619 1.34.3: sha256:765b740e3ad9c590852652a2623424ec60e2dddce2c6280d7f042f56c8c98619
1.34.2: sha256:3e31b1bee9ab32264a67af8a19679777cd372b1c3a04b5d7621289cf137b357c 1.34.2: sha256:3e31b1bee9ab32264a67af8a19679777cd372b1c3a04b5d7621289cf137b357c
1.34.1: sha256:6a66bc08d6c637fcea50c19063cf49e708fde1630a7f1d4ceca069a45a87e6f1 1.34.1: sha256:6a66bc08d6c637fcea50c19063cf49e708fde1630a7f1d4ceca069a45a87e6f1
@@ -124,8 +120,19 @@ kubelet_checksums:
1.33.2: sha256:0fa15aca9b90fe7aef1ed3aad31edd1d9944a8c7aae34162963a6aaaf726e065 1.33.2: sha256:0fa15aca9b90fe7aef1ed3aad31edd1d9944a8c7aae34162963a6aaaf726e065
1.33.1: sha256:10540261c311ae005b9af514d83c02694e12614406a8524fd2d0bad75296f70d 1.33.1: sha256:10540261c311ae005b9af514d83c02694e12614406a8524fd2d0bad75296f70d
1.33.0: sha256:ae5a4fc6d733fc28ff198e2d80334e21fcb5c34e76b411c50fff9cb25accf05a 1.33.0: sha256:ae5a4fc6d733fc28ff198e2d80334e21fcb5c34e76b411c50fff9cb25accf05a
1.32.11: sha256:7d1c3aaae0dffa8d5c90bbaed49f25d32f98332801bde55cfea6efaead639491
1.32.10: sha256:21cc3d98550d3a23052d649e77956f2557e7f6119ff1e27dc82b852d006136cd
1.32.9: sha256:29037381c79152409adacee83448a2bdb67e113f003613663c7589286200ded8
1.32.8: sha256:d5527714fac08eac4c1ddcbd8a3c6db35f3acd335d43360219d733273b672cce
1.32.7: sha256:b862a8d550875924c8abed6c15ba22564f7e232c239aa6a2e88caf069a0ab548
1.32.6: sha256:b045d4f8f96bf934c894f9704ab2931ffa3c6cf78a8d98e457482a6c455dab6d
1.32.5: sha256:034753a2e308afeb4ce3cf332d38346c6e660252eac93b268fac0e112a56ff46
1.32.4: sha256:91117b71eb2bb3dd79ec3ed444e058a347349108bf661838f53ee30d2a0ff168
1.32.3: sha256:5c3c98e6e0fa35d209595037e05022597954b8d764482417a9588e15218f0fe2
1.32.2: sha256:d74b659bbde5adf919529d079975900e51e10bc807f0fda9dc9f6bb07c4a3a7b
1.32.1: sha256:8e6d0eeedd9f0b8b38d4f600ee167816f71cf4dacfa3d9a9bb6c3561cc884e95
1.32.0: sha256:bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf
amd64: amd64:
1.35.0: sha256:2f4ed7778681649b81244426c29c5d98df60ccabf83d561d69e61c1cbb943ddf
1.34.3: sha256:0e759f40bbc717c05227ae3994b77786f58f59ffa0137a34958c6b26fa5bcbbd 1.34.3: sha256:0e759f40bbc717c05227ae3994b77786f58f59ffa0137a34958c6b26fa5bcbbd
1.34.2: sha256:9c5e717b774ee9b9285ce47e7d2150c29e84837eb19a7eaa24b60b1543c9d58f 1.34.2: sha256:9c5e717b774ee9b9285ce47e7d2150c29e84837eb19a7eaa24b60b1543c9d58f
1.34.1: sha256:5a72c596c253ea0b0e5bcc6f29903fd41d1d542a7cadf3700c165a2a041a8d82 1.34.1: sha256:5a72c596c253ea0b0e5bcc6f29903fd41d1d542a7cadf3700c165a2a041a8d82
@@ -138,8 +145,19 @@ kubelet_checksums:
1.33.2: sha256:77fa5d29995653fe7e2855759a909caf6869c88092e2f147f0b84cbdba98c8f3 1.33.2: sha256:77fa5d29995653fe7e2855759a909caf6869c88092e2f147f0b84cbdba98c8f3
1.33.1: sha256:f7224648451dd4f9f2c4f79416f9874223c286ce41727788965fd0341ddb59c4 1.33.1: sha256:f7224648451dd4f9f2c4f79416f9874223c286ce41727788965fd0341ddb59c4
1.33.0: sha256:dd416d94850c342226d3dcdce838518b040ccea16548bfeaf2595934af88ef60 1.33.0: sha256:dd416d94850c342226d3dcdce838518b040ccea16548bfeaf2595934af88ef60
1.32.11: sha256:02b25e87a3fe14e9ea74c10d3b1e204d12af30b8ce7ed11af2a985b49ddb0b83
1.32.10: sha256:bfff8f244992162c0491f8f42d807165ed5c685aecfb3e8000412535ad18a873
1.32.9: sha256:fd7711d1f0c1e263e9332004858fc4a6c39462e3e2ee485706eea5297966ed9c
1.32.8: sha256:7dfca4da9cdf592c0f70800e09fb42553765bc0951cade3d6e0c571daf3f23ee
1.32.7: sha256:7ab96898436475640cbd416b2446f33aba1c2cb62dae876302ff7775d850041c
1.32.6: sha256:aa37219c4796a2fbf5af7f37fb7f11998947f9fd0d0f30dbeb40c47d4e9c8777
1.32.5: sha256:2b2988edd1646bf139dee6956d4283c520ff151a36febd10701ffda4852b8250
1.32.4: sha256:3e0c265fe80f3ea1b7271a00879d4dbd5e6ea1e91ecf067670c983e07c33a6f4
1.32.3: sha256:024bb7faffa787c7717a2b37398a8c6df35694a8585a73074b052c3f4c4906ce
1.32.2: sha256:9927fee1678202719075d8d546390bcda86c9e519b811fb7f4820b6823f84cab
1.32.1: sha256:967dc8984651c48230a2ff5319e22cbf858452e974104a19bbade5d1708f72ad
1.32.0: sha256:5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2
ppc64le: ppc64le:
1.35.0: sha256:f24eb1244878a3876fe180e6052822cc9998033850478b2f4776e5c3b09baecd
1.34.3: sha256:67dcceb6d91710e4da7af720eda7b20fd4e8c24237fc345602bb54439ad8ccca 1.34.3: sha256:67dcceb6d91710e4da7af720eda7b20fd4e8c24237fc345602bb54439ad8ccca
1.34.2: sha256:a195f278b9bac26803f1e26b0f608e0dce66aad033e8c043e8555775612530c9 1.34.2: sha256:a195f278b9bac26803f1e26b0f608e0dce66aad033e8c043e8555775612530c9
1.34.1: sha256:c4782dbf1987680e9b2baa3ecf5db9e66395772e82b251eb73a150fbfbe0b906 1.34.1: sha256:c4782dbf1987680e9b2baa3ecf5db9e66395772e82b251eb73a150fbfbe0b906
@@ -152,9 +170,20 @@ kubelet_checksums:
1.33.2: sha256:be8412cb9bf30125e3a88ecb9bfca4df1ff5d4e650947c46222683071f1a17d7 1.33.2: sha256:be8412cb9bf30125e3a88ecb9bfca4df1ff5d4e650947c46222683071f1a17d7
1.33.1: sha256:c1bc01115a513eaec76d56dc52a52aeb05f866a6d07c55335c1fff56c868543d 1.33.1: sha256:c1bc01115a513eaec76d56dc52a52aeb05f866a6d07c55335c1fff56c868543d
1.33.0: sha256:6fa5abbc14d65b943b00fcfc8a6ac7eb39fd7e924271738c6f17e0b7e74c665b 1.33.0: sha256:6fa5abbc14d65b943b00fcfc8a6ac7eb39fd7e924271738c6f17e0b7e74c665b
1.32.11: sha256:17baef329a468f958658f3e4c3f04689dd2506077214e36d4495b8d0c6776da9
1.32.10: sha256:277e68bcf192ea91f3426b8fb540c4951e2e3bffc659a7b39b98c749e828acc7
1.32.9: sha256:81ba713e8b51644336d428dfa5654cc4e2e4a4ea742976b56ddf965a347330e5
1.32.8: sha256:ec5a2e045dc49b7e1d34a0c78fbc645ce568b2275e807b6313da46e584f56f68
1.32.7: sha256:4ddc5a0b42100295896a43a1a637180872293c9f7305a90dd3377681b1401469
1.32.6: sha256:fd0140949b02c82539ff84db15d0d406445f34221d0547e7ee31245cd982ff47
1.32.5: sha256:b9cb7bf4b5518e1b5542717c82a753663154e08c84e336feba424cf3575313a3
1.32.4: sha256:62e7854ea84bf0fd5a9c47a1ab7ade7a74b4f160efdf486320ed913b4e8e7f79
1.32.3: sha256:efc2b01d4ab74f283ab4ff2bad4369e2b9f66fa875673b72627aa6e7a7b507cb
1.32.2: sha256:3602474e25b0b42a4b0f43ece2ca1e03fe5f3864f0936537256920bbb2eb9acd
1.32.1: sha256:623889368808042a236d7078d85a23ce5ef0e43b6fadc09bcacfdf704ac876b4
1.32.0: sha256:99d409a8023224d84c361e29cdf21ac0458a5449f03e12550288aa654539e3a1
kubectl_checksums: kubectl_checksums:
arm: arm:
1.35.0: sha256:dca28f6af03b31ca6043baa1da7332472c7a3df743606a758534b9ac3ed7ecce
1.34.3: sha256:e0cf1eddede6abfd539e30ccbb4e50f65b2d6ff44b3bb9d9107ea8775a90a7e4 1.34.3: sha256:e0cf1eddede6abfd539e30ccbb4e50f65b2d6ff44b3bb9d9107ea8775a90a7e4
1.34.2: sha256:18e03c1c6ab1dbff6d2a648bf944213f627369d1daeea5b43a7890181ab33abf 1.34.2: sha256:18e03c1c6ab1dbff6d2a648bf944213f627369d1daeea5b43a7890181ab33abf
1.34.1: sha256:ca6218ae8bf366bd8ccdcb440b756c67422a4e04936163845f74d8c056e786ee 1.34.1: sha256:ca6218ae8bf366bd8ccdcb440b756c67422a4e04936163845f74d8c056e786ee
@@ -167,8 +196,19 @@ kubectl_checksums:
1.33.2: sha256:f3992382aa0ea21f71a976b6fd6a213781c9b58be60c42013950110cf2184f2a 1.33.2: sha256:f3992382aa0ea21f71a976b6fd6a213781c9b58be60c42013950110cf2184f2a
1.33.1: sha256:6b1cd6e2bf05c6adaa76b952f9c4ea775f5255913974ccdb12145175d4809e93 1.33.1: sha256:6b1cd6e2bf05c6adaa76b952f9c4ea775f5255913974ccdb12145175d4809e93
1.33.0: sha256:bbb4b4906d483f62b0fc3a0aea3ddac942820984679ad11635b81ee881d69ab3 1.33.0: sha256:bbb4b4906d483f62b0fc3a0aea3ddac942820984679ad11635b81ee881d69ab3
1.32.11: sha256:358dafd910cec676f05e04fbed44ea26ec393cd60b5b885bc60c27e1aaf383c9
1.32.10: sha256:b42bc77586238b43b8c5cdd06086f1ab00190245dd8b66b28822785b177fbde4
1.32.9: sha256:84629d460b60693ca954e148ce522defd34d18bc5c934836cfaf0268930713dd
1.32.8: sha256:ed54b52631fdf5ecc4ddb12c47df481f84b5890683beaeaa55dc84e43d2cd023
1.32.7: sha256:c5416b59afdf897c4fbf08867c8a32b635f83f26e40980d38233fad6b345e37c
1.32.6: sha256:77fec65c6f08c28f8695de4db877d82d74c881ed3ed110ebfd88cbd4ee3d01dc
1.32.5: sha256:7270e6ac4b82b5e4bd037dccae1631964634214baa66a9548deb5edd3f79de31
1.32.4: sha256:bf28793213039690d018bbfa9bcfcfed76a9aa8e18dc299eced8709ca542fcdd
1.32.3: sha256:f990c878e54e5fac82eac7398ef643acca9807838b19014f1816fa9255b2d3d9
1.32.2: sha256:e1e6a2fd4571cd66c885aa42b290930660d34a7331ffb576fcab9fd1a0941a83
1.32.1: sha256:8ccf69be2578d3a324e9fc7d4f3b29bc9743cc02d72f33ba2d0fe30389014bc8
1.32.0: sha256:6b33ea8c80f785fb07be4d021301199ae9ee4f8d7ea037a8ae544d5a7514684e
arm64: arm64:
1.35.0: sha256:58f82f9fe796c375c5c4b8439850b0f3f4d401a52434052f2df46035a8789e25
1.34.3: sha256:46913a7aa0327f6cc2e1cc2775d53c4a2af5e52f7fd8dacbfbfd098e757f19e9 1.34.3: sha256:46913a7aa0327f6cc2e1cc2775d53c4a2af5e52f7fd8dacbfbfd098e757f19e9
1.34.2: sha256:95df604e914941f3172a93fa8feeb1a1a50f4011dfbe0c01e01b660afc8f9b85 1.34.2: sha256:95df604e914941f3172a93fa8feeb1a1a50f4011dfbe0c01e01b660afc8f9b85
1.34.1: sha256:420e6110e3ba7ee5a3927b5af868d18df17aae36b720529ffa4e9e945aa95450 1.34.1: sha256:420e6110e3ba7ee5a3927b5af868d18df17aae36b720529ffa4e9e945aa95450
@@ -181,8 +221,19 @@ kubectl_checksums:
1.33.2: sha256:54dc02c8365596eaa2b576fae4e3ac521db9130e26912385e1e431d156f8344d 1.33.2: sha256:54dc02c8365596eaa2b576fae4e3ac521db9130e26912385e1e431d156f8344d
1.33.1: sha256:d595d1a26b7444e0beb122e25750ee4524e74414bbde070b672b423139295ce6 1.33.1: sha256:d595d1a26b7444e0beb122e25750ee4524e74414bbde070b672b423139295ce6
1.33.0: sha256:48541d119455ac5bcc5043275ccda792371e0b112483aa0b29378439cf6322b9 1.33.0: sha256:48541d119455ac5bcc5043275ccda792371e0b112483aa0b29378439cf6322b9
1.32.11: sha256:b1c91c106ec20e61c5dff869e9a39e6af4fb96572bddaac9cce307dfa3ed2348
1.32.10: sha256:1f4229526e16bf9f5b854fbf3bdb9c7040404a29c1d1e4193258b8a73de06e92
1.32.9: sha256:d5f6b45ad81b7d199187a28589e65f83406e0610b036491a9abaa49bfd04a708
1.32.8: sha256:8a7371e54187249389a9aa222b150d61a4a745c121ab24dbcbb56d1ac2d0b912
1.32.7: sha256:232f6e517633fbb4696c9eb7a0431ee14b3fccbb47360b4843d451e0d8c9a3a2
1.32.6: sha256:f7bac84f8c35f55fb2c6ad167beb59eba93de5924b50bbaa482caa14ff480eec
1.32.5: sha256:9edee84103e63c40a37cd15bd11e04e7835f65cb3ff5a50972058ffc343b4d96
1.32.4: sha256:c6f96d0468d6976224f5f0d81b65e1a63b47195022646be83e49d38389d572c2
1.32.3: sha256:6c2c91e760efbf3fa111a5f0b99ba8975fb1c58bb3974eca88b6134bcf3717e2
1.32.2: sha256:7381bea99c83c264100f324c2ca6e7e13738a73b8928477ac805991440a065cd
1.32.1: sha256:98206fd83a4fd17f013f8c61c33d0ae8ec3a7c53ec59ef3d6a0a9400862dc5b2
1.32.0: sha256:ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896
amd64: amd64:
1.35.0: sha256:a2e984a18a0c063279d692533031c1eff93a262afcc0afdc517375432d060989
1.34.3: sha256:ab60ca5f0fd60c1eb81b52909e67060e3ba0bd27e55a8ac147cbc2172ff14212 1.34.3: sha256:ab60ca5f0fd60c1eb81b52909e67060e3ba0bd27e55a8ac147cbc2172ff14212
1.34.2: sha256:9591f3d75e1581f3f7392e6ad119aab2f28ae7d6c6e083dc5d22469667f27253 1.34.2: sha256:9591f3d75e1581f3f7392e6ad119aab2f28ae7d6c6e083dc5d22469667f27253
1.34.1: sha256:7721f265e18709862655affba5343e85e1980639395d5754473dafaadcaa69e3 1.34.1: sha256:7721f265e18709862655affba5343e85e1980639395d5754473dafaadcaa69e3
@@ -195,8 +246,19 @@ kubectl_checksums:
1.33.2: sha256:33d0cdec6967817468f0a4a90f537dfef394dcf815d91966ca651cc118393eea 1.33.2: sha256:33d0cdec6967817468f0a4a90f537dfef394dcf815d91966ca651cc118393eea
1.33.1: sha256:5de4e9f2266738fd112b721265a0c1cd7f4e5208b670f811861f699474a100a3 1.33.1: sha256:5de4e9f2266738fd112b721265a0c1cd7f4e5208b670f811861f699474a100a3
1.33.0: sha256:9efe8d3facb23e1618cba36fb1c4e15ac9dc3ed5a2c2e18109e4a66b2bac12dc 1.33.0: sha256:9efe8d3facb23e1618cba36fb1c4e15ac9dc3ed5a2c2e18109e4a66b2bac12dc
1.32.11: sha256:48581d0e808bd8b7d3c3fc014e86b170e25a987df04c8a879b982b28a5180815
1.32.10: sha256:6e14ef4e509e9f3d1dfc2815643f832f853d2d9f6622d4a0f83f77c7e4014b57
1.32.9: sha256:509ae171bac7ad3b98cc49f5594d6bc84900cf6860f155968d1059fde3be5286
1.32.8: sha256:0fc709a8262be523293a18965771fedfba7466eda7ab4337feaa5c028aa46b1b
1.32.7: sha256:b8f24d467a8963354b028796a85904824d636132bef00988394cadacffe959c9
1.32.6: sha256:0e31ebf882578b50e50fe6c43e3a0e3db61f6a41c9cded46485bc74d03d576eb
1.32.5: sha256:aaa7e6ff3bd28c262f2d95c8c967597e097b092e9b79bcb37de699e7488e3e7b
1.32.4: sha256:10d739e9af8a59c9e7a730a2445916e04bc9cbb44bc79d22ce460cd329fa076c
1.32.3: sha256:ab209d0c5134b61486a0486585604a616a5bb2fc07df46d304b3c95817b2d79f
1.32.2: sha256:4f6a959dcc5b702135f8354cc7109b542a2933c46b808b248a214c1f69f817ea
1.32.1: sha256:e16c80f1a9f94db31063477eb9e61a2e24c1a4eee09ba776b029048f5369db0c
1.32.0: sha256:646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70
ppc64le: ppc64le:
1.35.0: sha256:8989809d0ac771244dabe50ed742249ac60eeb6d385cd234ee151eb40b7c32c4
1.34.3: sha256:ae239b7f6f071e47014e1b5b20aa60626e06b32922a6b5054562ae2c5fa82c18 1.34.3: sha256:ae239b7f6f071e47014e1b5b20aa60626e06b32922a6b5054562ae2c5fa82c18
1.34.2: sha256:49a985986a9add6c229c628bf2a83addebbdeeef40469fce2a54e51b6f1bb05b 1.34.2: sha256:49a985986a9add6c229c628bf2a83addebbdeeef40469fce2a54e51b6f1bb05b
1.34.1: sha256:45499f0728b4a3428400db289edb444609d41787061f09b66f18028c0a73652f 1.34.1: sha256:45499f0728b4a3428400db289edb444609d41787061f09b66f18028c0a73652f
@@ -209,9 +271,20 @@ kubectl_checksums:
1.33.2: sha256:d1cdf13cb786c1ee6d5bf6d85034f496aa2fee97b287028043eb14c5dc74993f 1.33.2: sha256:d1cdf13cb786c1ee6d5bf6d85034f496aa2fee97b287028043eb14c5dc74993f
1.33.1: sha256:f922dd8f558dc616ebaa34908ceb7964ebb8caadd7c48699d0b791ffff2be1aa 1.33.1: sha256:f922dd8f558dc616ebaa34908ceb7964ebb8caadd7c48699d0b791ffff2be1aa
1.33.0: sha256:580d076c891711ec37afaf5994f72a8aad9d45c25413e6e94648e988a5a9933a 1.33.0: sha256:580d076c891711ec37afaf5994f72a8aad9d45c25413e6e94648e988a5a9933a
1.32.11: sha256:4310edfc10fbc64cc69a25d27a1a8c4e134ad6642f8c83a8b0b612768ac63e84
1.32.10: sha256:544722455bc0a3f57b68e9aafe8bffa0af25d4f0f383848f03ba7aff2cab7e10
1.32.9: sha256:bdc8af9c1aed9737d58442f59034ad0125efe3a2dfad9f6ec14f1264e7020cc3
1.32.8: sha256:52cc07556a8f0076d4e48003aa416b486c729e9679dbe2ea92bbd88e5be5cc93
1.32.7: sha256:c0fb655243a98c4b063f39f2208c7b9d3cbe77b302a8b8b683aabe42e47fc556
1.32.6: sha256:808e2b86128a9f25922bdb099ebf276ba4220dbf53c63a033348ee119697b22a
1.32.5: sha256:1fc869a9d620982f16104f3b33c393aba54dd41136d18009bf6fc39accf6465c
1.32.4: sha256:61a8c1f441900b4e61defcb83bb54f61f883f9e75810897cfabfd6860ae7e195
1.32.3: sha256:11e1a377f404bdab6e3587375f7c2ee432df80b56d7ccf6151d4e48cd8063f55
1.32.2: sha256:c25500027cd331ae3e65bed2612491c5307721894e9d39e869f24ca14973677f
1.32.1: sha256:46d98d3463e065dff035d76f6c2b604c990d79634cc574d43b0c21f0367bbf0c
1.32.0: sha256:9f3f239e2601ce53ec4e70b80b7684f9c89817cc9938ed0bb14f125a3c4f8c8f
kubeadm_checksums: kubeadm_checksums:
arm64: arm64:
1.35.0: sha256:1dac7dc2c6a56548bbc6bf8a7ecf4734f2e733fb336d7293d84541ebe52d0e50
1.34.3: sha256:697cf3aa54f1a5740b883a3b18a5d051b4032fd68ba89af626781a43ec9bccc3 1.34.3: sha256:697cf3aa54f1a5740b883a3b18a5d051b4032fd68ba89af626781a43ec9bccc3
1.34.2: sha256:065f7de266c59831676cc48b50f404fd18d1f6464502d53980957158e4cab3a7 1.34.2: sha256:065f7de266c59831676cc48b50f404fd18d1f6464502d53980957158e4cab3a7
1.34.1: sha256:b0dc5cf091373caf87d069dc3678e661464837e4f10156f1436bd35a9a7db06b 1.34.1: sha256:b0dc5cf091373caf87d069dc3678e661464837e4f10156f1436bd35a9a7db06b
@@ -224,8 +297,19 @@ kubeadm_checksums:
1.33.2: sha256:21efc1ba54a1cf25ac68208b7dde2e67f6d0331259f432947d83e70b975ad4cc 1.33.2: sha256:21efc1ba54a1cf25ac68208b7dde2e67f6d0331259f432947d83e70b975ad4cc
1.33.1: sha256:5b3e3a1e18d43522fdee0e15be13a42cee316e07ddcf47ef718104836edebb3e 1.33.1: sha256:5b3e3a1e18d43522fdee0e15be13a42cee316e07ddcf47ef718104836edebb3e
1.33.0: sha256:746c0ee45f4d32ec5046fb10d4354f145ba1ff0c997f9712d46036650ad26340 1.33.0: sha256:746c0ee45f4d32ec5046fb10d4354f145ba1ff0c997f9712d46036650ad26340
1.32.11: sha256:0190c49b61b065409b1e99c70e5ec3c52576bf8902432fb2c97bf1d0d2777b69
1.32.10: sha256:a201f246be3d2c35ffa7fc51a1d2596797628f9b1455da52a246b42ce8e1f779
1.32.9: sha256:377349141e865849355140c78063fa2b87443bf1aecb06319be4de4df8dbd918
1.32.8: sha256:8dbd3fa2d94335d763b983caaf2798caae2d4183f6a95ebff28289f2e86edf68
1.32.7: sha256:a2aad7f7b320c3c847dea84c08e977ba8b5c84d4b7102b46ffd09d41af6c4b51
1.32.6: sha256:f786731c37ce6e89e6b71d5a7518e4d1c633337237e3803615056eb4640bfc8e
1.32.5: sha256:2956c694ff2891acdc4690b807f87ab48419b4925d3fad2ac52ace2a1160bd17
1.32.4: sha256:1b9d97b44758dc4da20d31e3b6d46f50af75ac48be887793e16797a43d9c30e7
1.32.3: sha256:f9d007aaf1468ea862ef2a1a1a3f6f34cc57358742ceaff518e1533f5a794181
1.32.2: sha256:fd8a8c1c41d719de703bf49c6f56692dd6477188d8f43dcb77019fd8bc30cbd3
1.32.1: sha256:55a57145708aaa37f716f140ef774ca64b7088b6df5ee8eae182936ad6580328
1.32.0: sha256:5da9746a449a3b8a8312b6dd8c48dcb861036cf394306cfbc66a298ba1e8fbde
amd64: amd64:
1.35.0: sha256:729e7fb34e4f1bfcf2bdaf2a14891ed64bd18c47aaab42f8cc5030875276cfed
1.34.3: sha256:f9ce265434d306e59d800b26f3049b8430ba71f815947f4bacdcdc33359417fb 1.34.3: sha256:f9ce265434d306e59d800b26f3049b8430ba71f815947f4bacdcdc33359417fb
1.34.2: sha256:6a2346006132f6e1ed0b5248e518098cf5abbce25bf11b8926fb1073091b83f4 1.34.2: sha256:6a2346006132f6e1ed0b5248e518098cf5abbce25bf11b8926fb1073091b83f4
1.34.1: sha256:20654fd7c5155057af5c30b86c52c9ba169db6229eee6ac7abab4309df4172e7 1.34.1: sha256:20654fd7c5155057af5c30b86c52c9ba169db6229eee6ac7abab4309df4172e7
@@ -238,8 +322,19 @@ kubeadm_checksums:
1.33.2: sha256:5c623ec9a9b8584beba510da5c2b775c41cf51c0accdfb43af093bc084563845 1.33.2: sha256:5c623ec9a9b8584beba510da5c2b775c41cf51c0accdfb43af093bc084563845
1.33.1: sha256:9a481b0a5f1cee1e071bc9a0867ca0aad5524408c2580596c00767ba1a7df0bd 1.33.1: sha256:9a481b0a5f1cee1e071bc9a0867ca0aad5524408c2580596c00767ba1a7df0bd
1.33.0: sha256:5a65cfec0648cabec124c41be8c61040baf2ba27a99f047db9ca08cac9344987 1.33.0: sha256:5a65cfec0648cabec124c41be8c61040baf2ba27a99f047db9ca08cac9344987
1.32.11: sha256:5e191b7329897a16ea87aed75b66f561e7243691620d6b792f34d488285484ce
1.32.10: sha256:1c5033ee113d9072a53ee1ef3a3b18e566721bb3879b49c6813c67066687afbc
1.32.9: sha256:183b3b12e39b3ed2dc2db25cbc17769610cdd5f02e9d1325ba747d54978d8f5f
1.32.8: sha256:da4cc996800db14f82fce8813caa55be318e52ef69d82e50e728ef4cfa18b69f
1.32.7: sha256:dcd40af0042c559f3218dbd23bf318b850a5213528b428e1637ccb357ac32498
1.32.6: sha256:7092527a63e5380a6be05cf6041c849ba8d13bf41a2adb2a029f44717f53439f
1.32.5: sha256:9070c3d469f5a3e777948b63a7a5e6c5bd7682c7416547770a78880fe4293ea9
1.32.4: sha256:445cdebd140dc0a9f4d18505821dcca77d7a21992133bf6731777f5724968255
1.32.3: sha256:be42caa726b85b7723605ca8fea22e4a26e0d439b789a3d9d6e636a7078b3db4
1.32.2: sha256:fb3a90f1bfc78146a8a03b50eb59aaf957a023c1c5a2b166062ef9412550bba6
1.32.1: sha256:5ed13bb4bc1d5fb4579b8cc8c7c2245356837122f9a3fd729c2f6d1338f58dcf
1.32.0: sha256:8a10abe691a693d6deeeb1c992bc75da9d8c76718a22327688f7eb1d7c15f0d6
ppc64le: ppc64le:
1.35.0: sha256:77a466e1b6a8e28362a729541269de0a7c4a6b9e7770cccefcd745502e656b90
1.34.3: sha256:2b8b48b3b0eb657e04122a158cb7fcad964fba5bd2d8e07f8eeec6f856a63ecf 1.34.3: sha256:2b8b48b3b0eb657e04122a158cb7fcad964fba5bd2d8e07f8eeec6f856a63ecf
1.34.2: sha256:bea4ed6d971523da794a802de15910b08c09e23bc4c850ee3b953c4bdb0b7976 1.34.2: sha256:bea4ed6d971523da794a802de15910b08c09e23bc4c850ee3b953c4bdb0b7976
1.34.1: sha256:ddb6bd80bee0719924ae901672b99205226badab74fb13a9e1bb6d3de49fbb21 1.34.1: sha256:ddb6bd80bee0719924ae901672b99205226badab74fb13a9e1bb6d3de49fbb21
@@ -252,6 +347,18 @@ kubeadm_checksums:
1.33.2: sha256:1b818900ac7af72a14f50300d6c6ad600eecdc578c37b75fa488cc654ca08c25 1.33.2: sha256:1b818900ac7af72a14f50300d6c6ad600eecdc578c37b75fa488cc654ca08c25
1.33.1: sha256:a772834ba22478c9119f03ecca2a27a70234623d74ff1d7671ee85675a4e830b 1.33.1: sha256:a772834ba22478c9119f03ecca2a27a70234623d74ff1d7671ee85675a4e830b
1.33.0: sha256:26cb7ac57d522a59c84c4784b176097d23c7b4e61874fab84ae719d0e43ac0bc 1.33.0: sha256:26cb7ac57d522a59c84c4784b176097d23c7b4e61874fab84ae719d0e43ac0bc
1.32.11: sha256:c7bb0bbac734290666f6deaba731f4eae46045c94ae53501153e4167dad51d34
1.32.10: sha256:5cfda89b98b6308f4d28e77eabc0111c3eb3c7b64baccf644ecdbcac90b258d0
1.32.9: sha256:fcc5aa3401d130156e0b73dab192631108b77e778f3d87838419993aea1ef8d5
1.32.8: sha256:b5e4f0da030de98f1179a148f6563d69fbfb4c35c2dd1de1d30f000805d12412
1.32.7: sha256:d87ec6c40aef05df1cb23298aff4a7a6c5af64c8a7a1671d4274385a0601b6cb
1.32.6: sha256:ec3fdb5f563b000c824bc4438664ae62797bf75cdcee1448e617f296cbd3e955
1.32.5: sha256:9ace8b24eba37d960a9cafd947015722c383bd695767b7a7c8449a4f6a3f3e9e
1.32.4: sha256:fb0223765d57c59ff4202445b3768e848b6d383dfac058b5882696bca0286053
1.32.3: sha256:68cc7669e47575ead58563c39abf89c7faf1c70fb6733ea9c727f303f2af1abf
1.32.2: sha256:02573483126e39c6b25c769131cf30ea7c470ad635374be343d5e76845a4ecdb
1.32.1: sha256:ff7f1dd3f1a6a5c0cf2c9977ec7c474bd22908850e33358dd40aeba17d8375b0
1.32.0: sha256:d79fe8cbd1d98bcbe56b8c0c3a64716603581cecf274951af49aa07748bf175a
etcd_binary_checksums: etcd_binary_checksums:
arm64: arm64:
3.5.26: sha256:93ac1667df0e178ea6d152476ce4088df4075604fe4bc7f85f4719e863cd030b 3.5.26: sha256:93ac1667df0e178ea6d152476ce4088df4075604fe4bc7f85f4719e863cd030b
@@ -482,29 +589,29 @@ ciliumcli_binary_checksums:
0.16.2: sha256:9cfb7ee5b1d6bd125174675e8aab6f9a09283cde699b5ac201475784ecb864f8 0.16.2: sha256:9cfb7ee5b1d6bd125174675e8aab6f9a09283cde699b5ac201475784ecb864f8
0.16.1: sha256:9c3bb746e554efc788631629932ab00d13979c75799d957f6d3c17219deb6d45 0.16.1: sha256:9c3bb746e554efc788631629932ab00d13979c75799d957f6d3c17219deb6d45
0.16.0: sha256:da98675f961833d4ffd68b1046d907b228a7d394ded2abd70a50b20eaca171c4 0.16.0: sha256:da98675f961833d4ffd68b1046d907b228a7d394ded2abd70a50b20eaca171c4
calico_crds_checksums: calico_crds_archive_checksums:
no_arch: no_arch:
3.30.6: sha256:b0eb83f6d70afac27e8830f22642cd12b0692e4d1a1b5060caa9231a951e736a 3.30.6: sha256:d61aa5bcddfc78b0094acd54e0358009fa79e1cbe6d8c23bdacb34ff7a2c6c82
3.30.5: sha256:68bbe7f44693374f1379aa3fa55f254e9a689d070c26d0de26b2c9fb8d1166ab 3.30.5: sha256:3a38f91596c204b43c70f642a3e686d8c3fbfdfa5caa7824b716aa2f4a4e568b
3.30.4: sha256:be1d346a966a0be79cad7c9856ee5fc0eef8d88b70eba8d4d0bc4be057138bd3 3.30.4: sha256:a9398f6de6cce8f683e0ad649a21f3d3b8bb5fe4cd26e7b26b33b9a8c740274f
3.30.3: sha256:f813232c182229da17658f59db511acb3997e51973eeb293b57ac0dbb5ccf791 3.30.3: sha256:36c50905b9b62a78638bcfb9d1c4faf1efa08e2013265dcd694ec4e370b78dd7
3.30.2: sha256:57ccedd965f3dcbfd2a38a53b6b9e84e07232205fb83d23ed2afcee94590eed2 3.30.2: sha256:40885e201efb3458bb2e145928aadbe63d6a54c00dd505323776cc9cddc02825
3.30.1: sha256:af066bd48e68c391dec3645b94d11a1ca513398ee6c56b5a67f0eb13f13fe21e 3.30.1: sha256:3040a1d313bafd30e4e2dea24c2155c8d1afbe3c6e961e0a4a52482d12b32490
3.30.0: sha256:ee795478b6ab659ee172de74e1cf974871b37f10290dfc75f4d5eae887ba4ce0 3.30.0: sha256:7373910b311213d00cb6f079690c90071b68724cd01b1b4eba04831c26454e1a
3.29.7: sha256:1620ee6f539de44bbb3ec4aa3c2687b5023d4ee30795b30663ab3423b0c5f5d5 3.29.7: sha256:d60fd083ad0279a4bd20109d01689e4eecb7a5e8c6d5e8be2b1718e6057f85e9
3.29.6: sha256:1620ee6f539de44bbb3ec4aa3c2687b5023d4ee30795b30663ab3423b0c5f5d5 3.29.6: sha256:927e35d130d0413399735dc401e8448c783794cb8bb9e169ccdc7b00f516a698
3.29.5: sha256:1620ee6f539de44bbb3ec4aa3c2687b5023d4ee30795b30663ab3423b0c5f5d5 3.29.5: sha256:f36d0b31aaa34f648b211d16f864f262e4700aad30ab0889b327d31c115b6a42
3.29.4: sha256:1620ee6f539de44bbb3ec4aa3c2687b5023d4ee30795b30663ab3423b0c5f5d5 3.29.4: sha256:6d2396fde36ba59ad55a92b5b66643adcc9ee13bb2b3986b1014e2f8f95fa861
3.29.3: sha256:1620ee6f539de44bbb3ec4aa3c2687b5023d4ee30795b30663ab3423b0c5f5d5 3.29.3: sha256:66d49b3af986944e58fede252a2c164251a63f43894181ed7401a6e11dcd8421
3.29.2: sha256:1620ee6f539de44bbb3ec4aa3c2687b5023d4ee30795b30663ab3423b0c5f5d5 3.29.2: sha256:1866b407213b6191627c0ce7be5a0d7c14a016823b3bbc2a6898c57be6c59917
3.29.1: sha256:aaa336bf0ef87495eccecae7eb65acaf59508a7f0a44dbeec933e05d73bbe0a0 3.29.1: sha256:17894ed9f7487f1418e599fdeff5db9047374dee12d560114e25ff9147a455c3
3.29.0: sha256:ed35a2bd383674f4d61b013f2588be1ee08b5e7a26eb3208ba6a5565ebf0175c 3.29.0: sha256:403a6b8616c4e97b081d7be27e9024f2f66b2d73a0ea037420a29689205b2064
3.28.5: sha256:541635bf3e0cd409ff2f5b9b78363ac8901da4565fffaeb4c1507e19461bf4c7 3.28.5: sha256:c3ca0752eac5cab50dc9ae5bc2e3c2f8eea2d9030c1f9846d2e8563c8a8aec2c
3.28.4: sha256:541635bf3e0cd409ff2f5b9b78363ac8901da4565fffaeb4c1507e19461bf4c7 3.28.4: sha256:a296906bd6b38187ba15669139dd6bf8bd26d0b191e9773fa0e85a5cc2d0b5e9
3.28.3: sha256:541635bf3e0cd409ff2f5b9b78363ac8901da4565fffaeb4c1507e19461bf4c7 3.28.3: sha256:b31d3aa35119359d619004fe0a8e3332529e396e8c57207ad56d58a2ed4cf3fb
3.28.2: sha256:f09dbaf5b25419659af654f3b50edb3a2b1ebcfeab80b0e56f7fbc79721e8ec3 3.28.2: sha256:f02a0e99e060850bd9050d4c94d37df899911a5e357e1d26e1b5b79a923bb389
3.28.1: sha256:f09dbaf5b25419659af654f3b50edb3a2b1ebcfeab80b0e56f7fbc79721e8ec3 3.28.1: sha256:c56f1530e7ded9d5b4afb9d83a7a24da6d2959ef7ad38521813f1c2bf138182d
3.28.0: sha256:f09dbaf5b25419659af654f3b50edb3a2b1ebcfeab80b0e56f7fbc79721e8ec3 3.28.0: sha256:ee721337db0cd847e91aae1cdfd420596896ebcb865575fd913c2f12ac2cdb76
helm_archive_checksums: helm_archive_checksums:
arm: arm:
3.18.4: sha256:34ea88aef15fd822e839da262176a36e865bb9cfdb89b1f723811c0cc527f981 3.18.4: sha256:34ea88aef15fd822e839da262176a36e865bb9cfdb89b1f723811c0cc527f981

4
roles/kubespray_defaults/vars/main/main.yml
View File

@@ -7,14 +7,14 @@ kube_next: "{{ ((kube_version | split('.'))[1] | int) + 1 }}"
kube_major_next_version: "1.{{ kube_next }}" kube_major_next_version: "1.{{ kube_next }}"
pod_infra_supported_versions: pod_infra_supported_versions:
'1.35': '3.10.1'
'1.34': '3.10.1' '1.34': '3.10.1'
'1.33': '3.10' '1.33': '3.10'
'1.32': '3.10'
etcd_supported_versions: etcd_supported_versions:
'1.35': "{{ (etcd_binary_checksums['amd64'].keys() | select('version', '3.6', '<'))[0] }}"
'1.34': "{{ (etcd_binary_checksums['amd64'].keys() | select('version', '3.6', '<'))[0] }}" '1.34': "{{ (etcd_binary_checksums['amd64'].keys() | select('version', '3.6', '<'))[0] }}"
'1.33': "{{ (etcd_binary_checksums['amd64'].keys() | select('version', '3.6', '<'))[0] }}" '1.33': "{{ (etcd_binary_checksums['amd64'].keys() | select('version', '3.6', '<'))[0] }}"
'1.32': "{{ (etcd_binary_checksums['amd64'].keys() | select('version', '3.6', '<'))[0] }}"
# Kubespray constants # Kubespray constants
kube_proxy_deployed: "{{ 'addon/kube-proxy' not in kubeadm_init_phases_skip }}" kube_proxy_deployed: "{{ 'addon/kube-proxy' not in kubeadm_init_phases_skip }}"

4
roles/network_plugin/calico/tasks/check.yml
View File

@@ -27,8 +27,8 @@
- name: Stop if supported Calico versions - name: Stop if supported Calico versions
assert: assert:
that: that:
- "calico_version in calico_crds_checksums.no_arch.keys()" - "calico_version in calico_crds_archive_checksums.no_arch.keys()"
msg: "Calico version not supported {{ calico_version }} not in {{ calico_crds_checksums.no_arch.keys() }}" msg: "Calico version not supported {{ calico_version }} not in {{ calico_crds_archive_checksums.no_arch.keys() }}"
run_once: true run_once: true
delegate_to: "{{ groups['kube_control_plane'][0] }}" delegate_to: "{{ groups['kube_control_plane'][0] }}"

6
roles/network_plugin/calico/tasks/install.yml
View File

@@ -127,10 +127,12 @@
- calico_datastore == "kdd" - calico_datastore == "kdd"
block: block:
- name: Calico | Create calico manifests for kdd - name: Calico | Create calico manifests for kdd
copy: assemble:
src: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/crds.yaml" src: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/crd/"
dest: "{{ kube_config_dir }}/kdd-crds.yml" dest: "{{ kube_config_dir }}/kdd-crds.yml"
mode: "0644" mode: "0644"
delimiter: "---\n"
regexp: ".*\\.yaml"
remote_src: true remote_src: true
- name: Calico | Create Calico Kubernetes datastore resources - name: Calico | Create Calico Kubernetes datastore resources

4
roles/remove-node/post-remove/tasks/main.yml
View File

@@ -1,11 +1,11 @@
--- ---
- name: Remove-node | Delete node - name: Remove-node | Delete node
command: "{{ kubectl }} delete node {{ kube_override_hostname }}" command: "{{ kubectl }} delete node {{ kube_override_hostname | default(inventory_hostname) }}"
delegate_to: "{{ groups['kube_control_plane'] | first }}" delegate_to: "{{ groups['kube_control_plane'] | first }}"
when: when:
- groups['kube_control_plane'] | length > 0 - groups['kube_control_plane'] | length > 0
# ignore servers that are not nodes # ignore servers that are not nodes
- ('k8s_cluster' in group_names) and kube_override_hostname in nodes.stdout_lines - ('k8s_cluster' in group_names) and kube_override_hostname | default(inventory_hostname) in nodes.stdout_lines
retries: "{{ delete_node_retries }}" retries: "{{ delete_node_retries }}"
# Sometimes the api-server can have a short window of indisponibility when we delete a control plane node # Sometimes the api-server can have a short window of indisponibility when we delete a control plane node
delay: "{{ delete_node_delay_seconds }}" delay: "{{ delete_node_delay_seconds }}"

8
roles/remove_node/pre_remove/tasks/main.yml
View File

@@ -16,11 +16,11 @@
--ignore-daemonsets --ignore-daemonsets
--grace-period {{ drain_grace_period }} --grace-period {{ drain_grace_period }}
--timeout {{ drain_timeout }} --timeout {{ drain_timeout }}
--delete-emptydir-data {{ kube_override_hostname }} --delete-emptydir-data {{ kube_override_hostname | default(inventory_hostname) }}
when: when:
- groups['kube_control_plane'] | length > 0 - groups['kube_control_plane'] | length > 0
# ignore servers that are not nodes # ignore servers that are not nodes
- kube_override_hostname in nodes.stdout_lines - kube_override_hostname | default(inventory_hostname) in nodes.stdout_lines
register: result register: result
failed_when: result.rc != 0 and not allow_ungraceful_removal failed_when: result.rc != 0 and not allow_ungraceful_removal
delegate_to: "{{ groups['kube_control_plane'] | first }}" delegate_to: "{{ groups['kube_control_plane'] | first }}"
@@ -34,10 +34,10 @@
register: nodes_with_volumes register: nodes_with_volumes
delegate_to: "{{ groups['kube_control_plane'] | first }}" delegate_to: "{{ groups['kube_control_plane'] | first }}"
changed_when: false changed_when: false
until: not (kube_override_hostname in nodes_with_volumes.stdout_lines) until: not (kube_override_hostname | default(inventory_hostname) in nodes_with_volumes.stdout_lines)
retries: 3 retries: 3
delay: "{{ drain_grace_period }}" delay: "{{ drain_grace_period }}"
when: when:
- groups['kube_control_plane'] | length > 0 - groups['kube_control_plane'] | length > 0
- not allow_ungraceful_removal - not allow_ungraceful_removal
- kube_override_hostname in nodes.stdout_lines - kube_override_hostname | default(inventory_hostname) in nodes.stdout_lines

1
roles/system_packages/defaults/main.yml
View File

@@ -1,5 +1,4 @@
--- ---
# number of times package install task should be retried # number of times package install task should be retried
pkg_install_retries: 4 pkg_install_retries: 4
pkg_install_timeout: "{{ 5 * 60 }}"
yum_repo_dir: /etc/yum.repos.d yum_repo_dir: /etc/yum.repos.d

12
roles/system_packages/tasks/main.yml
View File

@@ -34,17 +34,6 @@
tags: tags:
- bootstrap_os - bootstrap_os
# Remove this after ansible-core >= 2.19.0
# See https://github.com/kubernetes-sigs/kubespray/pull/12138#issuecomment-3019304574
- name: Install python3-libdnf5 on Fedora >= 41
raw: >
dnf install --assumeyes python3-libdnf5
become: true
retries: "{{ pkg_install_retries }}"
when:
- ansible_distribution == "Fedora"
- ansible_distribution_major_version | int >= 41
- name: Manage packages - name: Manage packages
package: package:
name: "{{ item.packages | dict2items | selectattr('value', 'ansible.builtin.all') | map(attribute='key') }}" name: "{{ item.packages | dict2items | selectattr('value', 'ansible.builtin.all') | map(attribute='key') }}"
@@ -63,4 +52,3 @@
label: "{{ item.action_label }}" label: "{{ item.action_label }}"
tags: tags:
- bootstrap_os - bootstrap_os
timeout: "{{ pkg_install_timeout }}"

4
scripts/component_hash_update/src/component_hash_update/components.py
View File

@@ -7,8 +7,8 @@ infos = {
"url": "https://github.com/projectcalico/calico/releases/download/v{version}/SHA256SUMS", "url": "https://github.com/projectcalico/calico/releases/download/v{version}/SHA256SUMS",
"graphql_id": "R_kgDOA87D0g", "graphql_id": "R_kgDOA87D0g",
}, },
"calico_crds": { "calico_crds_archive": {
"url": "https://github.com/projectcalico/calico/raw/v{version}/manifests/crds.yaml", "url": "https://github.com/projectcalico/calico/archive/v{version}.tar.gz",
"graphql_id": "R_kgDOA87D0g", "graphql_id": "R_kgDOA87D0g",
"binary": True, "binary": True,
}, },

1
scripts/readme_versions.md.j2
View File

@@ -16,6 +16,7 @@
- Application - Application
- [cert-manager](https://github.com/jetstack/cert-manager) {{ cert_manager_version }} - [cert-manager](https://github.com/jetstack/cert-manager) {{ cert_manager_version }}
- [coredns](https://github.com/coredns/coredns) {{ coredns_version }} - [coredns](https://github.com/coredns/coredns) {{ coredns_version }}
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx) {{ ingress_nginx_version }}
- [argocd](https://argoproj.github.io/) {{ argocd_version }} - [argocd](https://argoproj.github.io/) {{ argocd_version }}
- [helm](https://helm.sh/) {{ helm_version }} - [helm](https://helm.sh/) {{ helm_version }}
- [metallb](https://metallb.universe.tf/) {{ metallb_version }} - [metallb](https://metallb.universe.tf/) {{ metallb_version }}

534
tests/files/custom_cni/cilium.yaml
View File

File diff suppressed because one or more lines are too long

2
tests/files/debian12-custom-cni-helm.yml
View File

@@ -10,7 +10,7 @@ custom_cni_chart_release_name: cilium
custom_cni_chart_repository_name: cilium custom_cni_chart_repository_name: cilium
custom_cni_chart_repository_url: https://helm.cilium.io custom_cni_chart_repository_url: https://helm.cilium.io
custom_cni_chart_ref: cilium/cilium custom_cni_chart_ref: cilium/cilium
custom_cni_chart_version: 1.18.6 custom_cni_chart_version: 1.16.3
custom_cni_chart_values: custom_cni_chart_values:
cluster: cluster:
name: kubespray name: kubespray

9
tests/files/fedora41-calico-selinux.yml
View File

@@ -1,9 +0,0 @@
---
# Instance settings
cloud_image: fedora-41
# Kubespray settings
auto_renew_certificates: true
# Test with SELinux in enforcing mode
preinstall_selinux_state: enforcing

14
tests/files/fedora41-calico-swap-selinux.yml
View File

@@ -1,14 +0,0 @@
---
# Instance settings
cloud_image: fedora-41
# Kubespray settings
auto_renew_certificates: true
# Test with SELinux in enforcing mode
preinstall_selinux_state: enforcing
# Test Alpha swap feature by leveraging zswap default config in Fedora 35
kubelet_fail_swap_on: false
kube_feature_gates:
- "NodeSwap=True"

7
tests/files/fedora41-crio.yml
View File

@@ -1,7 +0,0 @@
---
# Instance settings
cloud_image: fedora-41
# Kubespray settings
container_manager: crio
auto_renew_certificates: true

7
tests/files/fedora41-kube-router.yml
View File

@@ -1,7 +0,0 @@
---
cloud_image: fedora-41
cluster_layout:
- node_groups: ['kube_control_plane', 'etcd', 'kube_node']
- node_groups: ['kube_node']
kube_network_plugin: "kube-router"

9
tests/files/fedora42-calico.yml
View File

@@ -1,9 +0,0 @@
---
# Instance settings
cloud_image: fedora-42
# Kubespray settings
auto_renew_certificates: true
# Test with SELinux in enforcing mode
preinstall_selinux_state: enforcing

9
tests/files/openeuler24-calico.yml
View File

@@ -2,12 +2,3 @@
# Instance settings # Instance settings
cloud_image: openeuler-2403 cloud_image: openeuler-2403
vm_memory: 3072 vm_memory: 3072
# Openeuler package mgmt is slow for some reason
pkg_install_timeout: "{{ 10 * 60 }}"
# Work around so the Kubernetes 1.35 tests can pass. We will discuss the openeuler support later.
kubeadm_ignore_preflight_errors:
- SystemVerification
kubelet_fail_cgroup_v1: false

8
tests/files/ubuntu24-crio-scale.yml
View File

@@ -1,8 +0,0 @@
---
cloud_image: ubuntu-2404
container_manager: crio
cluster_layout:
- node_groups: ["kube_control_plane", "etcd"]
- node_groups: ["kube_node"]
- node_groups: ["kube_node", "for_scale"]

1
tests/files/ubuntu24-crio-upgrade
View File

@@ -1 +0,0 @@
UPGRADE_TEST=graceful

16
tests/files/ubuntu24-crio-upgrade.yml
View File

@@ -1,16 +0,0 @@
---
# Instance settings
cloud_image: ubuntu-2404
mode: all-in-one
vm_memory: 1800
# Kubespray settings
container_manager: crio
auto_renew_certificates: true
# Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=noble&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko
kube_proxy_mode: iptables
enable_nodelocaldns: false
# Single node don't need the DNS autoscaler
enable_dns_autoscaler: false