epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-14 13:54:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: epostnikof:remove-ci-ok-to-test
Branches Tags
epostnikof:master epostnikof:component_hash_update/master epostnikof:component_hash_update/release-2.29 epostnikof:release-2.29 epostnikof:dependabot/pip/molecule-3baa0c6a05 epostnikof:release-2.27 epostnikof:release-2.28 epostnikof:component_hash_update/release-2.28 epostnikof:release-2.26 epostnikof:remove-ci-ok-to-test epostnikof:optional-coredns epostnikof:test/flatcar-4081 epostnikof:master-patch-updates epostnikof:symlinketcd epostnikof:ant31-patch-1 epostnikof:revert-11831-ipv6only epostnikof:test-ci epostnikof:release-2.25 epostnikof:release-2.24 epostnikof:reduce-vm-requests epostnikof:packet-test epostnikof:lean/pre-commit-hook-2 epostnikof:test-CI epostnikof:update-approvers-ant31 epostnikof:test-precommit epostnikof:release-2.23 epostnikof:release-2.22 epostnikof:release-2.21 epostnikof:release-2.20 epostnikof:release-2.19 epostnikof:release-2.18 epostnikof:pre-commit-hook epostnikof:floryut-patch-1 epostnikof:release-2.17 epostnikof:release-2.16 epostnikof:release-2.15 epostnikof:release-2.14 epostnikof:release-2.13 epostnikof:release-2.12 epostnikof:release-2.11 epostnikof:release-2.10 epostnikof:release-2.8 epostnikof:release-2.9 epostnikof:release-2.7
epostnikof:v2.29.1 epostnikof:v2.29.0 epostnikof:v2.28.1 epostnikof:v2.27.1 epostnikof:v2.28.0 epostnikof:v2.27.0 epostnikof:v2.25.1 epostnikof:v2.24.3 epostnikof:v2.26.0 epostnikof:v2.24.2 epostnikof:v2.25.0 epostnikof:v2.24.1 epostnikof:v2.22.2 epostnikof:v2.23.3 epostnikof:v2.24.0 epostnikof:v2.23.2 epostnikof:v2.23.1 epostnikof:v2.23.0 epostnikof:v2.22.1 epostnikof:v2.22.0 epostnikof:v2.21.0 epostnikof:v2.20.0 epostnikof:v2.19.1 epostnikof:v2.18.2 epostnikof:v2.19.0 epostnikof:v2.18.1 epostnikof:v2.18.0 epostnikof:v2.17.1 epostnikof:v2.17.0 epostnikof:v2.16.0 epostnikof:v2.15.1 epostnikof:v2.15.0 epostnikof:v2.14.2 epostnikof:v2.14.1 epostnikof:v2.12.10 epostnikof:v2.13.4 epostnikof:v2.14.0 epostnikof:v2.13.3 epostnikof:v2.12.9 epostnikof:v2.12.8 epostnikof:v2.12.7 epostnikof:v2.13.2 epostnikof:v2.13.1 epostnikof:v2.13.0 epostnikof:v2.12.6 epostnikof:v2.12.5 epostnikof:v2.12.4 epostnikof:v2.11.2 epostnikof:v2.11.1 epostnikof:v2.12.3 epostnikof:v2.12.2 epostnikof:v2.12.1 epostnikof:v2.12.0 epostnikof:v2.11.0 epostnikof:v2.10.4 epostnikof:v2.10.3 epostnikof:v2.10.0 epostnikof:v2.8.5 epostnikof:v2.9.0 epostnikof:v2.8.4 epostnikof:v2.8.3 epostnikof:v2.8.2 epostnikof:v2.8.1 epostnikof:v2.8.0 epostnikof:v2.7.0 epostnikof:v2.6.0 epostnikof:v2.5.0 epostnikof:v2.4.0 epostnikof:v2.3.0 epostnikof:v2.2.1 epostnikof:v2.2.0 epostnikof:v2.1.2 epostnikof:v2.1.1 epostnikof:test-tag-1 epostnikof:v2.1.0 epostnikof:v2.0.1 epostnikof:v2.0.0 epostnikof:v1.1.0 epostnikof:v1.0.1 epostnikof:v1.0.0 epostnikof:1.5.0 epostnikof:1.4.0 epostnikof:1.3.0_k1.1.3 epostnikof:1.3.0 epostnikof:v1.1.3 epostnikof:v1.1 epostnikof:v1.0
...
compare: epostnikof:v2.28.1
Branches Tags
epostnikof:master epostnikof:component_hash_update/master epostnikof:component_hash_update/release-2.29 epostnikof:release-2.29 epostnikof:dependabot/pip/molecule-3baa0c6a05 epostnikof:release-2.27 epostnikof:release-2.28 epostnikof:component_hash_update/release-2.28 epostnikof:release-2.26 epostnikof:remove-ci-ok-to-test epostnikof:optional-coredns epostnikof:test/flatcar-4081 epostnikof:master-patch-updates epostnikof:symlinketcd epostnikof:ant31-patch-1 epostnikof:revert-11831-ipv6only epostnikof:test-ci epostnikof:release-2.25 epostnikof:release-2.24 epostnikof:reduce-vm-requests epostnikof:packet-test epostnikof:lean/pre-commit-hook-2 epostnikof:test-CI epostnikof:update-approvers-ant31 epostnikof:test-precommit epostnikof:release-2.23 epostnikof:release-2.22 epostnikof:release-2.21 epostnikof:release-2.20 epostnikof:release-2.19 epostnikof:release-2.18 epostnikof:pre-commit-hook epostnikof:floryut-patch-1 epostnikof:release-2.17 epostnikof:release-2.16 epostnikof:release-2.15 epostnikof:release-2.14 epostnikof:release-2.13 epostnikof:release-2.12 epostnikof:release-2.11 epostnikof:release-2.10 epostnikof:release-2.8 epostnikof:release-2.9 epostnikof:release-2.7
epostnikof:v2.29.1 epostnikof:v2.29.0 epostnikof:v2.28.1 epostnikof:v2.27.1 epostnikof:v2.28.0 epostnikof:v2.27.0 epostnikof:v2.25.1 epostnikof:v2.24.3 epostnikof:v2.26.0 epostnikof:v2.24.2 epostnikof:v2.25.0 epostnikof:v2.24.1 epostnikof:v2.22.2 epostnikof:v2.23.3 epostnikof:v2.24.0 epostnikof:v2.23.2 epostnikof:v2.23.1 epostnikof:v2.23.0 epostnikof:v2.22.1 epostnikof:v2.22.0 epostnikof:v2.21.0 epostnikof:v2.20.0 epostnikof:v2.19.1 epostnikof:v2.18.2 epostnikof:v2.19.0 epostnikof:v2.18.1 epostnikof:v2.18.0 epostnikof:v2.17.1 epostnikof:v2.17.0 epostnikof:v2.16.0 epostnikof:v2.15.1 epostnikof:v2.15.0 epostnikof:v2.14.2 epostnikof:v2.14.1 epostnikof:v2.12.10 epostnikof:v2.13.4 epostnikof:v2.14.0 epostnikof:v2.13.3 epostnikof:v2.12.9 epostnikof:v2.12.8 epostnikof:v2.12.7 epostnikof:v2.13.2 epostnikof:v2.13.1 epostnikof:v2.13.0 epostnikof:v2.12.6 epostnikof:v2.12.5 epostnikof:v2.12.4 epostnikof:v2.11.2 epostnikof:v2.11.1 epostnikof:v2.12.3 epostnikof:v2.12.2 epostnikof:v2.12.1 epostnikof:v2.12.0 epostnikof:v2.11.0 epostnikof:v2.10.4 epostnikof:v2.10.3 epostnikof:v2.10.0 epostnikof:v2.8.5 epostnikof:v2.9.0 epostnikof:v2.8.4 epostnikof:v2.8.3 epostnikof:v2.8.2 epostnikof:v2.8.1 epostnikof:v2.8.0 epostnikof:v2.7.0 epostnikof:v2.6.0 epostnikof:v2.5.0 epostnikof:v2.4.0 epostnikof:v2.3.0 epostnikof:v2.2.1 epostnikof:v2.2.0 epostnikof:v2.1.2 epostnikof:v2.1.1 epostnikof:test-tag-1 epostnikof:v2.1.0 epostnikof:v2.0.1 epostnikof:v2.0.0 epostnikof:v1.1.0 epostnikof:v1.0.1 epostnikof:v1.0.0 epostnikof:1.5.0 epostnikof:1.4.0 epostnikof:1.3.0_k1.1.3 epostnikof:1.3.0 epostnikof:v1.1.3 epostnikof:v1.1 epostnikof:v1.0

51 Commits
remove-ci- ... v2.28.1

Author SHA1 Message Date
k8s-infra-cherrypick-robot
a20891ab67 Fix SAN address collection from ansible_default_ipv{4,6} (#12505) 
Signed-off-by: Hyeonki Hong <hhk7734@gmail.com>
Co-authored-by: Hyeonki Hong <hhk7734@gmail.com>
 2025-08-26 03:02:11 -07:00
Max Gautier
0858e46dc6 Patch versions updates (#12504) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-08-26 02:36:11 -07:00
ChengHao Yang
d695115061 Fix: constant etcd_supported_version to dynamic (#12499) 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-08-25 07:15:10 -07:00
k8s-infra-cherrypick-robot
9a09ac5a40 Fix: Change "empty" definition for PodSecurity Admission configuration (#12478) 
Fixes a bug where `kube-apiserver` fails to start if the PodSecurity
configuration file doesn't have the `apiVersion` and `kind` keys.

Signed-off-by: Alejandro Macedo <alex.macedopereira@gmail.com>
Co-authored-by: Alejandro Macedo <alex.macedopereira@gmail.com>
 2025-08-19 04:51:36 -07:00
k8s-infra-cherrypick-robot
3a1a2bd4f4 Argo CD : checksum support for the install url (#12467) 
Fixes https://github.com/kubernetes-sigs/kubespray/issues/12223

Co-authored-by: Romain Lalaut <rlalaut@proton.me>
 2025-08-17 20:09:07 -07:00
Ali Afsharzadeh
842e352767 [release-2.28] Upgrade cilium from 1.17.3 to 1.17.7 (#12471) 
Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com>
 2025-08-17 19:11:07 -07:00
ChengHao Yang
4bb24b253c Patch versions updates (#12462) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-08-15 13:23:07 -07:00
k8s-infra-cherrypick-robot
f815c80139 bug: fix missing cilium_enable_bgp_control_plane config (#12432) 
Co-authored-by: XuhuiSun95 <ericsun1995@gmail.com>
 2025-07-26 22:10:27 -07:00
Max Gautier
86fcc2ba59 Patch versions updates (#12431) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-07-25 01:18:28 -07:00
k8s-infra-cherrypick-robot
e7cf546f37 Fix#12385 cilium typo (#12404) 
Signed-off-by: wangsifei99 <wangsifei@kylinos.cn>
Co-authored-by: wangsifei99 <wangsifei@kylinos.cn>
 2025-07-15 08:14:24 -07:00
k8s-infra-cherrypick-robot
a59585b6dc Fixed syntax error in _bgp_config dict (#12394) 
Co-authored-by: mathgaming <mathgaming@outlook.com>
 2025-07-11 00:31:28 -07:00
k8s-infra-cherrypick-robot
2d0cc2b4ea Fix kubeadm upgrade node skipPhases with multiple CP nodes (#12384) 
Add 1.32 conditional defaults

Restore support for kubeadm upgrade node --skip-phases < 1.32, apply still needs to be restricted

Co-authored-by: Chad Swenson <chadswen@gmail.com>
 2025-07-07 23:35:26 -07:00
k8s-infra-cherrypick-robot
9a08afa3f9 [release-2.28] Cilium: Pass cluster DNS to hubble.peerService in values.yaml.j2 (#12374) 
* cilium: pass cluster DNS to hubble.peerService in values.yaml.j2

* Add dedicated Hubble variable defaulting to inventory cluster domain

---------

Co-authored-by: Mustafa Mertcan CAM <mertcancam@gmail.com>
 2025-07-04 01:23:25 -07:00
k8s-infra-cherrypick-robot
22e9335484 fix(kubeadm): Conditionally add --skip-phases flag for v1.32.0+ (#12354) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Co-authored-by: bo.jiang <bo.jiang@daocloud.io>
 2025-06-28 05:44:29 -07:00
k8s-infra-cherrypick-robot
4789e9dd89 fix ETCD_INITIAL_CLUSTER config in etcd.env and etcd-events.env (#12352) 
Co-authored-by: liuxu <liuxu623@gmail.com>
 2025-06-27 23:54:29 -07:00
k8s-infra-cherrypick-robot
9a86253beb fix: add cilium extraConfig values (#12338) 
Co-authored-by: atobaum <atobaum@gmail.com>
 2025-06-24 00:00:31 -07:00
ChengHao Yang
1e76d9113b Patch versions updates (#12330) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-06-23 19:22:28 -07:00
k8s-infra-cherrypick-robot
d7c00ce698 [release-2.28] Fix: the cluster is upgraded from 2.27 to 2.28 cilium will break (#12324) 
* Fix: add cilium remove old resources option

Give users two options: besides skip Cilium, add
`cilium_remove_old_resources`, default is `false`, when set to `true`,
it will remove the content of the old version, but it will cause the
downtime, need to be careful to use.

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Fix: if cilium release exist, the action will set upgrade

`cilium install` is equivalent to `helm install`, it will failed if
cilium relase exist. `cilium version` can know the release exist without
helm binary

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-06-19 20:16:51 -07:00
k8s-infra-cherrypick-robot
cf6e96deb0 Add version pinning for AWS tf provider to fix CI (#12327) 
Co-authored-by: Chad Swenson <chadswen@gmail.com>
 2025-06-19 19:52:52 -07:00
k8s-infra-cherrypick-robot
0e5c532c9e Skip kube-proxy addon phase during kubeadm upgrade if disabled (#12320) 
Co-authored-by: Roman Davydchenko <xatteg@gmail.com>
 2025-06-18 04:42:51 -07:00
k8s-infra-cherrypick-robot
a8f5277628 fix manage-offline-container-images.sh get image_id (#12316) 
Co-authored-by: DearJay <zhongtianjieyi143@gmail.com>
 2025-06-15 07:42:58 -07:00
k8s-infra-cherrypick-robot
1290466c53 Add tico88612 as approver (#12292) 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
Co-authored-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-06-10 10:06:24 -07:00
k8s-infra-cherrypick-robot
6ec991e772 Fix indentation issue in Cilium values file and ensure booleans are lowercase (#12283) 
This patch fixes the indentation in the `encryption` section.
Previously configuration like this:

```yml
cilium_encryption_enabled: true
cilium_encryption_type: wireguard
```

Would template to a `values.yaml` file with indentation that looks like this:

```yml
encryption:
  enabled: True
    type: wireguard
    nodeEncryption: False
```

instead of this:

```yml
encryption:
  enabled: true
  type: wireguard
  nodeEncryption: false
```

This syntax issue causes an error during Cilium installation.

This patch also makes all boolean values in this template file go through the `to_json` filter.
Since values like `True` and `False` are not compliant with the YAML v1.2 spec,
avoiding them is preferable.

`to_json` may be used for all other values in this template to ensure we end up with
a valid YAML document in all cases (even when various strings include special characters),
but this was left for another (future) patch.

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
 2025-06-10 07:50:24 -07:00
ChengHao Yang
a12e53e845 Bump galaxy.yml version (#12290) 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-06-10 06:44:25 -07:00
Anshuman Agarwala
63cdf87915 Removed equinix provider (#12229) 2025-05-20 03:53:15 -07:00
Max Gautier
175babc4df Move some approvers to emeritus (#12156) 
Thanks for you work !
 2025-05-20 03:11:17 -07:00
Ekko
6c5c45b328 Allow stopping ubuntu unattended-upgrades (#12174) 
Signed-off-by: Ekko Tu <lihai.tu@daocloud.io>
 2025-05-20 01:07:16 -07:00
Kubernetes Prow Robot
019cf2ab42 Merge pull request #12101 from tico88612/refactor/cilium-install 
Refactor Cilium CNI installation
 2025-05-20 01:01:15 -07:00
dependabot[bot]
571e747689 build(deps): bump cryptography from 44.0.3 to 45.0.2 (#12235) 
Bumps [cryptography](https://github.com/pyca/cryptography) from 44.0.3 to 45.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/44.0.3...45.0.2)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 45.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-05-19 07:21:15 -07:00
ChengHao Yang
1266527014 Add cilium cli binary hash before 0.18.3 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:15 +08:00
ChengHao Yang
5e2e63ebe3 Make cilium dnsProxy transparent mode configure 
When Cilium is configured to replace kube-proxy, it automatically
enables dnsProxy, which can conflict with nodelocaldns.
 2025-05-19 08:48:15 +08:00
ChengHao Yang
db290ca686 Add cilium gateway api support 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:15 +08:00
ChengHao Yang
6619d98682 Add cilium hubble export dynamic content 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:15 +08:00
ChengHao Yang
b771d73fe0 Add cilium hubble export file max backups & size mb 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:15 +08:00
ChengHao Yang
65751e8193 Add cilium operator tolerations default values 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:15 +08:00
ChengHao Yang
4c16fc155f Cilium values k8sServiceHost and k8sServicePort use auto 
Signed-off-by: ChengHao Yang
<17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:14 +08:00
ChengHao Yang
dcd3461bce Cilium values use image variables 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:14 +08:00
ChengHao Yang
48f75c2c2b Upgrade Cilium related images 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:14 +08:00
ChengHao Yang
a4b73c09a7 Upgrade cilium version to 1.17.3 
Signed-off-by: ChengHao Yang
<17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:14 +08:00
ChengHao Yang
af62570110 Change cilium_kube_proxy_replacement to true for CI tests 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:14 +08:00
ChengHao Yang
bebba47eb4 Change kube_owner to root for cilium CI test 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:14 +08:00
ChengHao Yang
86437730de Use cilium-cli install Cilium 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:14 +08:00
ChengHao Yang
6fe64323db Remove old cilium templates install 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:13 +08:00
ChengHao Yang
1e471d5eeb Upgrade outdated cilium_min_version_required 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
 2025-05-19 08:48:11 +08:00
Max Gautier
3a2862ea19 Move checksums to kubespray_defaults/vars (#12234) 
The checksums are not a defaults and are not meant to be changed from
the inventories.

Furthermore, role defaults have a lower priority that hosts facts, which
technically means a rogue hosts could hijack the hashes for its
variables.
 2025-05-18 16:13:14 -07:00
Jay.H
8a4f4d13f7 fix manage-offline-container-images.sh create_registry (#11964) 2025-05-17 07:25:13 -07:00
ErmolenkoMaxim
46a0dc9a51 Add support for hubble-export-file-max-backups and max-size-mb variables (#12072) 
* feat(cilium): add configurable Hubble export log rotation parameters

- Adds support for `cilium_hubble_export_file_max_backups` and `cilium_hubble_export_file_max_size_mb`
- Applies values only if `cilium_hubble_export_file_path` is defined
- Default values are set in role defaults
- Cleans up template logic by removing unnecessary conditionals

* Fix indentation for hubble export settings

* Fix undefined variable issue with ipwrap in kubeconfig override that caused pre-commit errors

* Update main.yml

rollback
 2025-05-17 00:35:13 -07:00
Max Gautier
faae36086c Patch versions updates (#12226) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-05-16 14:13:14 -07:00
ERIK
e4c0c427a3 improve NTP package conflict handling (#12212) 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2025-05-16 03:55:14 -07:00
Max Gautier
bca5a4ce3b CI: remove ci-not-authorized job (#12225) 
This is now handled directly at the failfast-ci level (== integration
Github <-> Gitlab).
The whole pipeline will not be triggered unless:
- The author is a maintainer
- The PR has the /ok-to-test label
 2025-05-16 03:27:13 -07:00
Antoine Legrand
5c07c6e6d3 Add option to [not] install coredns via Kubespray (#12218) 2025-05-16 03:23:13 -07:00
80 changed files with 689 additions and 2716 deletions
Expand all files Collapse all files

28
.gitlab-ci.yml
View File

@@ -55,37 +55,9 @@ before_script:
extends: .job extends: .job
needs: needs:
- pipeline-image - pipeline-image
- ci-not-authorized
- pre-commit # lint - pre-commit # lint
- vagrant-validate # lint - vagrant-validate # lint
# For failfast, at least 1 job must be defined in .gitlab-ci.yml
# Premoderated with manual actions
ci-not-authorized:
stage: build
before_script: []
after_script: []
rules:
# LGTM or ok-to-test labels
- if: $PR_LABELS =~ /.*,(lgtm|approved|ok-to-test).*|^(lgtm|approved|ok-to-test).*/i
variables:
CI_OK_TO_TEST: '0'
when: always
- if: $CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_SOURCE == "trigger"
variables:
CI_OK_TO_TEST: '0'
- if: $CI_COMMIT_BRANCH == "master"
variables:
CI_OK_TO_TEST: '0'
- when: always
variables:
CI_OK_TO_TEST: '1'
script:
- exit $CI_OK_TO_TEST
tags:
- ffci
needs: []
include: include:
- .gitlab-ci/build.yml - .gitlab-ci/build.yml
- .gitlab-ci/lint.yml - .gitlab-ci/lint.yml

1
.gitlab-ci/kubevirt.yml
View File

@@ -12,7 +12,6 @@
- ffci - ffci
needs: needs:
- pipeline-image - pipeline-image
- ci-not-authorized
# TODO: generate testcases matrixes from the files in tests/files/ # TODO: generate testcases matrixes from the files in tests/files/
# this is needed to avoid the need for PR rebasing when a job was added or removed in the target branch # this is needed to avoid the need for PR rebasing when a job was added or removed in the target branch

1
.gitlab-ci/molecule.yml
View File

@@ -12,7 +12,6 @@
image: $PIPELINE_IMAGE image: $PIPELINE_IMAGE
needs: needs:
- pipeline-image - pipeline-image
# - ci-not-authorized
script: script:
- ./tests/scripts/molecule_run.sh - ./tests/scripts/molecule_run.sh
after_script: after_script:

2
.gitlab-ci/terraform.yml
View File

@@ -3,7 +3,6 @@
.terraform_install: .terraform_install:
extends: .job extends: .job
needs: needs:
- ci-not-authorized
- pipeline-image - pipeline-image
variables: variables:
TF_VAR_public_key_path: "${ANSIBLE_PRIVATE_KEY_FILE}.pub" TF_VAR_public_key_path: "${ANSIBLE_PRIVATE_KEY_FILE}.pub"
@@ -33,7 +32,6 @@ terraform_validate:
matrix: matrix:
- PROVIDER: - PROVIDER:
- openstack - openstack
- equinix
- aws - aws
- exoscale - exoscale
- hetzner - hetzner

2
.gitlab-ci/vagrant.yml
View File

@@ -1,8 +1,6 @@
--- ---
vagrant: vagrant:
extends: .job-moderated extends: .job-moderated
needs:
- ci-not-authorized
variables: variables:
CI_PLATFORM: "vagrant" CI_PLATFORM: "vagrant"
SSH_USER: "vagrant" SSH_USER: "vagrant"

4
Dockerfile
View File

@@ -35,8 +35,8 @@ RUN --mount=type=bind,source=requirements.txt,target=requirements.txt \
SHELL ["/bin/bash", "-o", "pipefail", "-c"] SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN OS_ARCHITECTURE=$(dpkg --print-architecture) \ RUN OS_ARCHITECTURE=$(dpkg --print-architecture) \
&& curl -L "https://dl.k8s.io/release/v1.32.4/bin/linux/${OS_ARCHITECTURE}/kubectl" -o /usr/local/bin/kubectl \ && curl -L "https://dl.k8s.io/release/v1.32.8/bin/linux/${OS_ARCHITECTURE}/kubectl" -o /usr/local/bin/kubectl \
&& echo "$(curl -L "https://dl.k8s.io/release/v1.32.4/bin/linux/${OS_ARCHITECTURE}/kubectl.sha256")" /usr/local/bin/kubectl | sha256sum --check \ && echo "$(curl -L "https://dl.k8s.io/release/v1.32.8/bin/linux/${OS_ARCHITECTURE}/kubectl.sha256")" /usr/local/bin/kubectl | sha256sum --check \
&& chmod a+x /usr/local/bin/kubectl && chmod a+x /usr/local/bin/kubectl
COPY *.yml ./ COPY *.yml ./

13
OWNERS_ALIASES
View File

@@ -1,13 +1,10 @@
aliases: aliases:
kubespray-approvers: kubespray-approvers:
- cristicalin
- floryut
- liupeng0518
- mzaian
- oomichi
- yankay
- ant31 - ant31
- mzaian
- tico88612
- vannten - vannten
- yankay
kubespray-reviewers: kubespray-reviewers:
- cyclinder - cyclinder
- erikjiang - erikjiang
@@ -19,8 +16,12 @@ aliases:
kubespray-emeritus_approvers: kubespray-emeritus_approvers:
- atoms - atoms
- chadswen - chadswen
- cristicalin
- floryut
- liupeng0518
- luckysb - luckysb
- mattymo - mattymo
- miouge1 - miouge1
- oomichi
- riverzhang - riverzhang
- woopstar - woopstar

10
README.md
View File

@@ -111,15 +111,15 @@ Note:
<!-- BEGIN ANSIBLE MANAGED BLOCK --> <!-- BEGIN ANSIBLE MANAGED BLOCK -->
- Core - Core
- [kubernetes](https://github.com/kubernetes/kubernetes) 1.32.4 - [kubernetes](https://github.com/kubernetes/kubernetes) 1.32.8
- [etcd](https://github.com/etcd-io/etcd) 3.5.16 - [etcd](https://github.com/etcd-io/etcd) 3.5.22
- [docker](https://www.docker.com/) 28.0 - [docker](https://www.docker.com/) 28.0
- [containerd](https://containerd.io/) 2.0.5 - [containerd](https://containerd.io/) 2.0.6
- [cri-o](http://cri-o.io/) 1.32.0 (experimental: see [CRI-O Note](docs/CRI/cri-o.md). Only on fedora, ubuntu and centos based OS) - [cri-o](http://cri-o.io/) 1.32.0 (experimental: see [CRI-O Note](docs/CRI/cri-o.md). Only on fedora, ubuntu and centos based OS)
- Network Plugin - Network Plugin
- [cni-plugins](https://github.com/containernetworking/plugins) 1.4.1 - [cni-plugins](https://github.com/containernetworking/plugins) 1.4.1
- [calico](https://github.com/projectcalico/calico) 3.29.3 - [calico](https://github.com/projectcalico/calico) 3.29.5
- [cilium](https://github.com/cilium/cilium) 1.15.9 - [cilium](https://github.com/cilium/cilium) 1.17.7
- [flannel](https://github.com/flannel-io/flannel) 0.22.0 - [flannel](https://github.com/flannel-io/flannel) 0.22.0
- [kube-ovn](https://github.com/alauda/kube-ovn) 1.12.21 - [kube-ovn](https://github.com/alauda/kube-ovn) 1.12.21
- [kube-router](https://github.com/cloudnativelabs/kube-router) 2.1.1 - [kube-router](https://github.com/cloudnativelabs/kube-router) 2.1.1

4
contrib/offline/manage-offline-container-images.sh
View File

@@ -127,7 +127,7 @@ function register_container_images() {
tar -zxvf ${IMAGE_TAR_FILE} tar -zxvf ${IMAGE_TAR_FILE}
if [ "${create_registry}" ]; then if ${create_registry}; then
sudo ${runtime} load -i ${IMAGE_DIR}/registry-latest.tar sudo ${runtime} load -i ${IMAGE_DIR}/registry-latest.tar
set +e set +e
@@ -148,7 +148,7 @@ function register_container_images() {
if [ "${org_image}" == "ID:" ]; then if [ "${org_image}" == "ID:" ]; then
org_image=$(echo "${load_image}" | awk '{print $4}') org_image=$(echo "${load_image}" | awk '{print $4}')
fi fi
image_id=$(sudo ${runtime} image inspect ${org_image} | grep "\"Id\":" | awk -F: '{print $3}'| sed s/'\",'//) image_id=$(sudo ${runtime} image inspect --format "{{.Id}}" "${org_image}")
if [ -z "${file_name}" ]; then if [ -z "${file_name}" ]; then
echo "Failed to get file_name for line ${line}" echo "Failed to get file_name for line ${line}"
exit 1 exit 1

6
contrib/terraform/aws/create-infrastructure.tf
View File

@@ -1,5 +1,11 @@
terraform { terraform {
required_version = ">= 0.12.0" required_version = ">= 0.12.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
} }
provider "aws" { provider "aws" {

246
contrib/terraform/equinix/README.md
View File

@@ -1,246 +0,0 @@
# Kubernetes on Equinix Metal with Terraform
Provision a Kubernetes cluster with [Terraform](https://www.terraform.io) on
[Equinix Metal](https://metal.equinix.com) ([formerly Packet](https://blog.equinix.com/blog/2020/10/06/equinix-metal-metal-and-more/)).
## Status
This will install a Kubernetes cluster on Equinix Metal. It should work in all locations and on most server types.
## Approach
The terraform configuration inspects variables found in
[variables.tf](variables.tf) to create resources in your Equinix Metal project.
There is a [python script](../terraform.py) that reads the generated`.tfstate`
file to generate a dynamic inventory that is consumed by [cluster.yml](../../../cluster.yml)
to actually install Kubernetes with Kubespray.
### Kubernetes Nodes
You can create many different kubernetes topologies by setting the number of
different classes of hosts.
- Master nodes with etcd: `number_of_k8s_masters` variable
- Master nodes without etcd: `number_of_k8s_masters_no_etcd` variable
- Standalone etcd hosts: `number_of_etcd` variable
- Kubernetes worker nodes: `number_of_k8s_nodes` variable
Note that the Ansible script will report an invalid configuration if you wind up
with an *even number* of etcd instances since that is not a valid configuration. This
restriction includes standalone etcd nodes that are deployed in a cluster along with
master nodes with etcd replicas. As an example, if you have three master nodes with
etcd replicas and three standalone etcd nodes, the script will fail since there are
now six total etcd replicas.
## Requirements
- [Install Terraform](https://www.terraform.io/intro/getting-started/install.html)
- [Install Ansible dependencies](/docs/ansible/ansible.md#installing-ansible)
- Account with Equinix Metal
- An SSH key pair
## SSH Key Setup
An SSH keypair is required so Ansible can access the newly provisioned nodes (Equinix Metal hosts). By default, the public SSH key defined in cluster.tfvars will be installed in authorized_key on the newly provisioned nodes (~/.ssh/id_rsa.pub). Terraform will upload this public key and then it will be distributed out to all the nodes. If you have already set this public key in Equinix Metal (i.e. via the portal), then set the public keyfile name in cluster.tfvars to blank to prevent the duplicate key from being uploaded which will cause an error.
If you don't already have a keypair generated (~/.ssh/id_rsa and ~/.ssh/id_rsa.pub), then a new keypair can be generated with the command:
```ShellSession
ssh-keygen -f ~/.ssh/id_rsa
```
## Terraform
Terraform will be used to provision all of the Equinix Metal resources with base software as appropriate.
### Configuration
#### Inventory files
Create an inventory directory for your cluster by copying the existing sample and linking the `hosts` script (used to build the inventory based on Terraform state):
```ShellSession
cp -LRp contrib/terraform/equinix/sample-inventory inventory/$CLUSTER
cd inventory/$CLUSTER
ln -s ../../contrib/terraform/equinix/hosts
```
This will be the base for subsequent Terraform commands.
#### Equinix Metal API access
Your Equinix Metal API key must be available in the `METAL_AUTH_TOKEN` environment variable.
This key is typically stored outside of the code repo since it is considered secret.
If someone gets this key, they can startup/shutdown hosts in your project!
For more information on how to generate an API key or find your project ID, please see
[Accounts Index](https://metal.equinix.com/developers/docs/accounts/).
The Equinix Metal Project ID associated with the key will be set later in `cluster.tfvars`.
For more information about the API, please see [Equinix Metal API](https://metal.equinix.com/developers/api/).
For more information about terraform provider authentication, please see [the equinix provider documentation](https://registry.terraform.io/providers/equinix/equinix/latest/docs).
Example:
```ShellSession
export METAL_AUTH_TOKEN="Example-API-Token"
```
Note that to deploy several clusters within the same project you need to use [terraform workspace](https://www.terraform.io/docs/state/workspaces.html#using-workspaces).
#### Cluster variables
The construction of the cluster is driven by values found in
[variables.tf](variables.tf).
For your cluster, edit `inventory/$CLUSTER/cluster.tfvars`.
The `cluster_name` is used to set a tag on each server deployed as part of this cluster.
This helps when identifying which hosts are associated with each cluster.
While the defaults in variables.tf will successfully deploy a cluster, it is recommended to set the following values:
- cluster_name = the name of the inventory directory created above as $CLUSTER
- equinix_metal_project_id = the Equinix Metal Project ID associated with the Equinix Metal API token above
#### Enable localhost access
Kubespray will pull down a Kubernetes configuration file to access this cluster by enabling the
`kubeconfig_localhost: true` in the Kubespray configuration.
Edit `inventory/$CLUSTER/group_vars/k8s_cluster/k8s_cluster.yml` and comment back in the following line and change from `false` to `true`:
`\# kubeconfig_localhost: false`
becomes:
`kubeconfig_localhost: true`
Once the Kubespray playbooks are run, a Kubernetes configuration file will be written to the local host at `inventory/$CLUSTER/artifacts/admin.conf`
#### Terraform state files
In the cluster's inventory folder, the following files might be created (either by Terraform
or manually), to prevent you from pushing them accidentally they are in a
`.gitignore` file in the `contrib/terraform/equinix` directory :
- `.terraform`
- `.tfvars`
- `.tfstate`
- `.tfstate.backup`
- `.lock.hcl`
You can still add them manually if you want to.
### Initialization
Before Terraform can operate on your cluster you need to install the required
plugins. This is accomplished as follows:
```ShellSession
cd inventory/$CLUSTER
terraform -chdir=../../contrib/terraform/metal init -var-file=cluster.tfvars
```
This should finish fairly quickly telling you Terraform has successfully initialized and loaded necessary modules.
### Provisioning cluster
You can apply the Terraform configuration to your cluster with the following command
issued from your cluster's inventory directory (`inventory/$CLUSTER`):
```ShellSession
terraform -chdir=../../contrib/terraform/equinix apply -var-file=cluster.tfvars
export ANSIBLE_HOST_KEY_CHECKING=False
ansible-playbook -i hosts ../../cluster.yml
```
### Destroying cluster
You can destroy your new cluster with the following command issued from the cluster's inventory directory:
```ShellSession
terraform -chdir=../../contrib/terraform/equinix destroy -var-file=cluster.tfvars
```
If you've started the Ansible run, it may also be a good idea to do some manual cleanup:
- Remove SSH keys from the destroyed cluster from your `~/.ssh/known_hosts` file
- Clean up any temporary cache files: `rm /tmp/$CLUSTER-*`
### Debugging
You can enable debugging output from Terraform by setting `TF_LOG` to `DEBUG` before running the Terraform command.
## Ansible
### Node access
#### SSH
Ensure your local ssh-agent is running and your ssh key has been added. This
step is required by the terraform provisioner:
```ShellSession
eval $(ssh-agent -s)
ssh-add ~/.ssh/id_rsa
```
If you have deployed and destroyed a previous iteration of your cluster, you will need to clear out any stale keys from your SSH "known hosts" file ( `~/.ssh/known_hosts`).
#### Test access
Make sure you can connect to the hosts. Note that Flatcar Container Linux by Kinvolk will have a state `FAILED` due to Python not being present. This is okay, because Python will be installed during bootstrapping, so long as the hosts are not `UNREACHABLE`.
```ShellSession
$ ansible -i inventory/$CLUSTER/hosts -m ping all
example-k8s_node-1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
example-etcd-1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
example-k8s-master-1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
```
If it fails try to connect manually via SSH. It could be something as simple as a stale host key.
### Deploy Kubernetes
```ShellSession
ansible-playbook --become -i inventory/$CLUSTER/hosts cluster.yml
```
This will take some time as there are many tasks to run.
## Kubernetes
### Set up kubectl
- [Install kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on the localhost.
- Verify that Kubectl runs correctly
```ShellSession
kubectl version
```
- Verify that the Kubernetes configuration file has been copied over
```ShellSession
cat inventory/alpha/$CLUSTER/admin.conf
```
- Verify that all the nodes are running correctly.
```ShellSession
kubectl version
kubectl --kubeconfig=inventory/$CLUSTER/artifacts/admin.conf get nodes
```
## What's next
Try out your new Kubernetes cluster with the [Hello Kubernetes service](https://kubernetes.io/docs/tasks/access-application-cluster/service-access-application-cluster/).

1
contrib/terraform/equinix/hosts
View File

@@ -1 +0,0 @@
../terraform.py

57
contrib/terraform/equinix/kubespray.tf
View File

@@ -1,57 +0,0 @@
resource "equinix_metal_ssh_key" "k8s" {
count = var.public_key_path != "" ? 1 : 0
name = "kubernetes-${var.cluster_name}"
public_key = chomp(file(var.public_key_path))
}
resource "equinix_metal_device" "k8s_master" {
depends_on = [equinix_metal_ssh_key.k8s]
count = var.number_of_k8s_masters
hostname = "${var.cluster_name}-k8s-master-${count.index + 1}"
plan = var.plan_k8s_masters
metro = var.metro
operating_system = var.operating_system
billing_cycle = var.billing_cycle
project_id = var.equinix_metal_project_id
tags = ["cluster-${var.cluster_name}", "k8s_cluster", "kube_control_plane", "etcd", "kube_node"]
}
resource "equinix_metal_device" "k8s_master_no_etcd" {
depends_on = [equinix_metal_ssh_key.k8s]
count = var.number_of_k8s_masters_no_etcd
hostname = "${var.cluster_name}-k8s-master-${count.index + 1}"
plan = var.plan_k8s_masters_no_etcd
metro = var.metro
operating_system = var.operating_system
billing_cycle = var.billing_cycle
project_id = var.equinix_metal_project_id
tags = ["cluster-${var.cluster_name}", "k8s_cluster", "kube_control_plane"]
}
resource "equinix_metal_device" "k8s_etcd" {
depends_on = [equinix_metal_ssh_key.k8s]
count = var.number_of_etcd
hostname = "${var.cluster_name}-etcd-${count.index + 1}"
plan = var.plan_etcd
metro = var.metro
operating_system = var.operating_system
billing_cycle = var.billing_cycle
project_id = var.equinix_metal_project_id
tags = ["cluster-${var.cluster_name}", "etcd"]
}
resource "equinix_metal_device" "k8s_node" {
depends_on = [equinix_metal_ssh_key.k8s]
count = var.number_of_k8s_nodes
hostname = "${var.cluster_name}-k8s-node-${count.index + 1}"
plan = var.plan_k8s_nodes
metro = var.metro
operating_system = var.operating_system
billing_cycle = var.billing_cycle
project_id = var.equinix_metal_project_id
tags = ["cluster-${var.cluster_name}", "k8s_cluster", "kube_node"]
}

15
contrib/terraform/equinix/output.tf
View File

@@ -1,15 +0,0 @@
output "k8s_masters" {
value = equinix_metal_device.k8s_master.*.access_public_ipv4
}
output "k8s_masters_no_etc" {
value = equinix_metal_device.k8s_master_no_etcd.*.access_public_ipv4
}
output "k8s_etcds" {
value = equinix_metal_device.k8s_etcd.*.access_public_ipv4
}
output "k8s_nodes" {
value = equinix_metal_device.k8s_node.*.access_public_ipv4
}

17
contrib/terraform/equinix/provider.tf
View File

@@ -1,17 +0,0 @@
terraform {
required_version = ">= 1.0.0"
provider_meta "equinix" {
module_name = "kubespray"
}
required_providers {
equinix = {
source = "equinix/equinix"
version = "1.24.0"
}
}
}
# Configure the Equinix Metal Provider
provider "equinix" {
}

35
contrib/terraform/equinix/sample-inventory/cluster.tfvars
View File

@@ -1,35 +0,0 @@
# your Kubernetes cluster name here
cluster_name = "mycluster"
# Your Equinix Metal project ID. See https://metal.equinix.com/developers/docs/accounts/
equinix_metal_project_id = "Example-Project-Id"
# The public SSH key to be uploaded into authorized_keys in bare metal Equinix Metal nodes provisioned
# leave this value blank if the public key is already setup in the Equinix Metal project
# Terraform will complain if the public key is setup in Equinix Metal
public_key_path = "~/.ssh/id_rsa.pub"
# Equinix interconnected bare metal across our global metros.
metro = "da"
# operating_system
operating_system = "ubuntu_22_04"
# standalone etcds
number_of_etcd = 0
plan_etcd = "t1.small.x86"
# masters
number_of_k8s_masters = 1
number_of_k8s_masters_no_etcd = 0
plan_k8s_masters = "t1.small.x86"
plan_k8s_masters_no_etcd = "t1.small.x86"
# nodes
number_of_k8s_nodes = 2
plan_k8s_nodes = "t1.small.x86"

1
contrib/terraform/equinix/sample-inventory/group_vars
View File

@@ -1 +0,0 @@
../../../../inventory/sample/group_vars

56
contrib/terraform/equinix/variables.tf
View File

@@ -1,56 +0,0 @@
variable "cluster_name" {
default = "kubespray"
}
variable "equinix_metal_project_id" {
description = "Your Equinix Metal project ID. See https://metal.equinix.com/developers/docs/accounts/"
}
variable "operating_system" {
default = "ubuntu_22_04"
}
variable "public_key_path" {
description = "The path of the ssh pub key"
default = "~/.ssh/id_rsa.pub"
}
variable "billing_cycle" {
default = "hourly"
}
variable "metro" {
default = "da"
}
variable "plan_k8s_masters" {
default = "c3.small.x86"
}
variable "plan_k8s_masters_no_etcd" {
default = "c3.small.x86"
}
variable "plan_etcd" {
default = "c3.small.x86"
}
variable "plan_k8s_nodes" {
default = "c3.medium.x86"
}
variable "number_of_k8s_masters" {
default = 1
}
variable "number_of_k8s_masters_no_etcd" {
default = 0
}
variable "number_of_etcd" {
default = 0
}
variable "number_of_k8s_nodes" {
default = 1
}

2
docs/CNI/cilium.md
View File

@@ -237,7 +237,7 @@ cilium_operator_extra_volume_mounts:
## Choose Cilium version ## Choose Cilium version
```yml ```yml
cilium_version: "1.15.9" cilium_version: "1.17.7"
``` ```
## Add variable to config ## Add variable to config

1
docs/_sidebar.md generated
View File

@@ -23,7 +23,6 @@
* [Aws](/docs/cloud_providers/aws.md) * [Aws](/docs/cloud_providers/aws.md)
* [Azure](/docs/cloud_providers/azure.md) * [Azure](/docs/cloud_providers/azure.md)
* [Cloud](/docs/cloud_providers/cloud.md) * [Cloud](/docs/cloud_providers/cloud.md)
* [Equinix-metal](/docs/cloud_providers/equinix-metal.md)
* CNI * CNI
* [Calico](/docs/CNI/calico.md) * [Calico](/docs/CNI/calico.md)
* [Cilium](/docs/CNI/cilium.md) * [Cilium](/docs/CNI/cilium.md)

100
docs/cloud_providers/equinix-metal.md
View File

@@ -1,100 +0,0 @@
# Equinix Metal
Kubespray provides support for bare metal deployments using the [Equinix Metal](http://metal.equinix.com).
Deploying upon bare metal allows Kubernetes to run at locations where an existing public or private cloud might not exist such
as cell tower, edge collocated installations. The deployment mechanism used by Kubespray for Equinix Metal is similar to that used for
AWS and OpenStack clouds (notably using Terraform to deploy the infrastructure). Terraform uses the Equinix Metal provider plugin
to provision and configure hosts which are then used by the Kubespray Ansible playbooks. The Ansible inventory is generated
dynamically from the Terraform state file.
## Local Host Configuration
To perform this installation, you will need a localhost to run Terraform/Ansible (laptop, VM, etc) and an account with Equinix Metal.
In this example, we are provisioning a m1.large CentOS7 OpenStack VM as the localhost for the Kubernetes installation.
You'll need Ansible, Git, and PIP.
```bash
sudo yum install epel-release
sudo yum install ansible
sudo yum install git
sudo yum install python-pip
```
## Playbook SSH Key
An SSH key is needed by Kubespray/Ansible to run the playbooks.
This key is installed into the bare metal hosts during the Terraform deployment.
You can generate a key new key or use an existing one.
```bash
ssh-keygen -f ~/.ssh/id_rsa
```
## Install Terraform
Terraform is required to deploy the bare metal infrastructure. The steps below are for installing on CentOS 7.
[More terraform installation options are available.](https://learn.hashicorp.com/terraform/getting-started/install.html)
Grab the latest version of Terraform and install it.
```bash
echo "https://releases.hashicorp.com/terraform/$(curl -s https://checkpoint-api.hashicorp.com/v1/check/terraform | jq -r -M '.current_version')/terraform_$(curl -s https://checkpoint-api.hashicorp.com/v1/check/terraform | jq -r -M '.current_version')_linux_amd64.zip"
sudo yum install unzip
sudo unzip terraform_0.14.10_linux_amd64.zip -d /usr/local/bin/
```
## Download Kubespray
Pull over Kubespray and setup any required libraries.
```bash
git clone https://github.com/kubernetes-sigs/kubespray
cd kubespray
```
## Install Ansible
Install Ansible according to [Ansible installation guide](/docs/ansible/ansible.md#installing-ansible)
## Cluster Definition
In this example, a new cluster called "alpha" will be created.
```bash
cp -LRp contrib/terraform/packet/sample-inventory inventory/alpha
cd inventory/alpha/
ln -s ../../contrib/terraform/packet/hosts
```
Details about the cluster, such as the name, as well as the authentication tokens and project ID
for Equinix Metal need to be defined. To find these values see [Equinix Metal API Accounts](https://metal.equinix.com/developers/docs/accounts/).
```bash
vi cluster.tfvars
```
* cluster_name = alpha
* packet_project_id = ABCDEFGHIJKLMNOPQRSTUVWXYZ123456
* public_key_path = 12345678-90AB-CDEF-GHIJ-KLMNOPQRSTUV
## Deploy Bare Metal Hosts
Initializing Terraform will pull down any necessary plugins/providers.
```bash
terraform init ../../contrib/terraform/packet/
```
Run Terraform to deploy the hardware.
```bash
terraform apply -var-file=cluster.tfvars ../../contrib/terraform/packet
```
## Run Kubespray Playbooks
With the bare metal infrastructure deployed, Kubespray can now install Kubernetes and setup the cluster.
```bash
ansible-playbook --become -i inventory/alpha/hosts cluster.yml
```

2
galaxy.yml
View File

@@ -2,7 +2,7 @@
namespace: kubernetes_sigs namespace: kubernetes_sigs
description: Deploy a production ready Kubernetes cluster description: Deploy a production ready Kubernetes cluster
name: kubespray name: kubespray
version: 2.28.0 version: 2.28.1
readme: README.md readme: README.md
authors: authors:
- The Kubespray maintainers (https://kubernetes.slack.com/channels/kubespray) - The Kubespray maintainers (https://kubernetes.slack.com/channels/kubespray)

4
inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml
View File

@@ -175,6 +175,10 @@ cilium_l2announcements: false
### Buffer size of the channel to receive monitor events. ### Buffer size of the channel to receive monitor events.
# cilium_hubble_event_queue_size: 50 # cilium_hubble_event_queue_size: 50
# Override the DNS suffix that Hubble-Relay uses to resolve its peer service.
# It defaults to the inventory's `dns_domain`.
# cilium_hubble_peer_service_cluster_domain: "{{ dns_domain }}"
# IP address management mode for v1.9+. # IP address management mode for v1.9+.
# https://docs.cilium.io/en/v1.9/concepts/networking/ipam/ # https://docs.cilium.io/en/v1.9/concepts/networking/ipam/
# cilium_ipam_mode: kubernetes # cilium_ipam_mode: kubernetes

4
pipeline.Dockerfile
View File

@@ -47,8 +47,8 @@ RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \
&& pip install --no-compile --no-cache-dir pip -U \ && pip install --no-compile --no-cache-dir pip -U \
&& pip install --no-compile --no-cache-dir -r tests/requirements.txt \ && pip install --no-compile --no-cache-dir -r tests/requirements.txt \
&& pip install --no-compile --no-cache-dir -r requirements.txt \ && pip install --no-compile --no-cache-dir -r requirements.txt \
&& curl -L https://dl.k8s.io/release/v1.32.4/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \ && curl -L https://dl.k8s.io/release/v1.32.8/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \
&& echo $(curl -L https://dl.k8s.io/release/v1.32.4/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \ && echo $(curl -L https://dl.k8s.io/release/v1.32.8/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \
&& chmod a+x /usr/local/bin/kubectl \ && chmod a+x /usr/local/bin/kubectl \
# Install Vagrant # Install Vagrant
&& curl -LO https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}-1_$(dpkg --print-architecture).deb \ && curl -LO https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}-1_$(dpkg --print-architecture).deb \

2
requirements.txt
View File

@@ -1,6 +1,6 @@
ansible==9.13.0 ansible==9.13.0
# Needed for community.crypto module # Needed for community.crypto module
cryptography==44.0.3 cryptography==45.0.2
# Needed for jinja2 json_query templating # Needed for jinja2 json_query templating
jmespath==1.0.1 jmespath==1.0.1
# Needed for ansible.utils.ipaddr # Needed for ansible.utils.ipaddr

2
roles/bootstrap_os/defaults/main.yml
View File

@@ -19,6 +19,8 @@ use_oracle_public_repo: true
## Ubuntu specific variables ## Ubuntu specific variables
# Disable unattended-upgrades for Linux kernel and all packages start with linux- on Ubuntu # Disable unattended-upgrades for Linux kernel and all packages start with linux- on Ubuntu
ubuntu_kernel_unattended_upgrades_disabled: false ubuntu_kernel_unattended_upgrades_disabled: false
# Stop unattended-upgrades if it is currently running on Ubuntu
ubuntu_stop_unattended_upgrades: false
fedora_coreos_packages: fedora_coreos_packages:
- python - python

8
roles/bootstrap_os/tasks/ubuntu.yml
View File

@@ -19,3 +19,11 @@
when: when:
- ubuntu_kernel_unattended_upgrades_disabled - ubuntu_kernel_unattended_upgrades_disabled
- unattended_upgrades_file_stat.stat.exists - unattended_upgrades_file_stat.stat.exists
- name: Stop unattended-upgrades service
service:
name: unattended-upgrades
state: stopped
enabled: false
become: true
when: ubuntu_stop_unattended_upgrades

2
roles/etcd/tasks/join_etcd-events_member.yml
View File

@@ -19,7 +19,7 @@
etcd_events_peer_addresses: >- etcd_events_peer_addresses: >-
{% for host in groups['etcd'] -%} {% for host in groups['etcd'] -%}
{%- if hostvars[host]['etcd_events_member_in_cluster'].rc == 0 -%} {%- if hostvars[host]['etcd_events_member_in_cluster'].rc == 0 -%}
{{ "etcd" + loop.index | string }}="https://{{ hostvars[host].etcd_events_access_address | default(hostvars[host]['main_ip']) | ansible.utils.ipwrap }}:2382", {{ "etcd" + loop.index | string }}=https://{{ hostvars[host].etcd_events_access_address | default(hostvars[host]['main_ip']) | ansible.utils.ipwrap }}:2382,
{%- endif -%} {%- endif -%}
{%- if loop.last -%} {%- if loop.last -%}
{{ etcd_member_name }}={{ etcd_events_peer_url }} {{ etcd_member_name }}={{ etcd_events_peer_url }}

2
roles/etcd/tasks/join_etcd_member.yml
View File

@@ -20,7 +20,7 @@
etcd_peer_addresses: >- etcd_peer_addresses: >-
{% for host in groups['etcd'] -%} {% for host in groups['etcd'] -%}
{%- if hostvars[host]['etcd_member_in_cluster'].rc == 0 -%} {%- if hostvars[host]['etcd_member_in_cluster'].rc == 0 -%}
{{ "etcd" + loop.index | string }}="https://{{ hostvars[host].etcd_access_address | default(hostvars[host]['main_ip']) | ansible.utils.ipwrap }}:2380", {{ "etcd" + loop.index | string }}=https://{{ hostvars[host].etcd_access_address | default(hostvars[host]['main_ip']) | ansible.utils.ipwrap }}:2380,
{%- endif -%} {%- endif -%}
{%- if loop.last -%} {%- if loop.last -%}
{{ etcd_member_name }}={{ etcd_peer_url }} {{ etcd_member_name }}={{ etcd_peer_url }}

2
roles/kubernetes-apps/ansible/defaults/main.yml
View File

@@ -20,7 +20,7 @@ coredns_default_zone_cache_block: |
coredns_pod_disruption_budget: false coredns_pod_disruption_budget: false
# value for coredns pdb # value for coredns pdb
coredns_pod_disruption_budget_max_unavailable: "30%" coredns_pod_disruption_budget_max_unavailable: "30%"
deploy_coredns: true
# coredns_additional_configs adds any extra configuration to coredns # coredns_additional_configs adds any extra configuration to coredns
# coredns_additional_configs: | # coredns_additional_configs: |
# whoami # whoami

5
roles/kubernetes-apps/ansible/tasks/main.yml
View File

@@ -22,7 +22,9 @@
- coredns - coredns
vars: vars:
clusterIP: "{{ skydns_server }}" clusterIP: "{{ skydns_server }}"
when: dns_mode in ['coredns', 'coredns_dual'] when:
- dns_mode in ['coredns', 'coredns_dual']
- deploy_coredns
- name: Kubernetes Apps | CoreDNS Secondary - name: Kubernetes Apps | CoreDNS Secondary
command: command:
@@ -38,6 +40,7 @@
coredns_ordinal_suffix: "-secondary" coredns_ordinal_suffix: "-secondary"
when: when:
- dns_mode == 'coredns_dual' - dns_mode == 'coredns_dual'
- deploy_coredns
- name: Kubernetes Apps | nodelocalDNS - name: Kubernetes Apps | nodelocalDNS
command: command:

1
roles/kubernetes-apps/argocd/defaults/main.yml
View File

@@ -3,4 +3,3 @@ argocd_enabled: false
argocd_version: 2.14.5 argocd_version: 2.14.5
argocd_namespace: argocd argocd_namespace: argocd
# argocd_admin_password: # argocd_admin_password:
argocd_install_url: "https://raw.githubusercontent.com/argoproj/argo-cd/v{{ argocd_version }}/manifests/install.yaml"

23
roles/kubernetes-apps/argocd/tasks/main.yml
View File

@@ -20,26 +20,17 @@
- name: namespace - name: namespace
file: argocd-namespace.yml file: argocd-namespace.yml
- name: install - name: install
file: argocd-install.yml file: "{{ downloads.argocd_install.dest | basename }}"
namespace: "{{ argocd_namespace }}" namespace: "{{ argocd_namespace }}"
url: "{{ argocd_install_url }}" download: "{{ downloads.argocd_install }}"
when: when:
- "inventory_hostname == groups['kube_control_plane'][0]" - "inventory_hostname == groups['kube_control_plane'][0]"
- name: Kubernetes Apps | Download ArgoCD remote manifests - name: Kubernetes Apps | Download ArgoCD remote manifests
include_tasks: "../../../download/tasks/download_file.yml" include_tasks: "../../../download/tasks/download_file.yml"
vars: vars:
download_argocd: download: "{{ download_defaults | combine(item.download) }}"
enabled: "{{ argocd_enabled }}" with_items: "{{ argocd_templates | selectattr('download', 'defined') | list }}"
file: true
dest: "{{ local_release_dir }}/{{ item.file }}"
url: "{{ item.url }}"
unarchive: false
owner: "root"
mode: "0644"
sha256: ""
download: "{{ download_defaults | combine(download_argocd) }}"
with_items: "{{ argocd_templates | selectattr('url', 'defined') | list }}"
loop_control: loop_control:
label: "{{ item.file }}" label: "{{ item.file }}"
when: when:
@@ -54,7 +45,7 @@
owner: false owner: false
group: false group: false
delegate_to: "{{ inventory_hostname }}" delegate_to: "{{ inventory_hostname }}"
with_items: "{{ argocd_templates | selectattr('url', 'defined') | list }}" with_items: "{{ argocd_templates | selectattr('download', 'defined') | list }}"
when: when:
- "inventory_hostname == groups['kube_control_plane'][0]" - "inventory_hostname == groups['kube_control_plane'][0]"
@@ -62,7 +53,7 @@
become: true become: true
command: | command: |
{{ bin_dir }}/yq eval-all -i '.metadata.namespace="{{ argocd_namespace }}"' {{ kube_config_dir }}/{{ item.file }} {{ bin_dir }}/yq eval-all -i '.metadata.namespace="{{ argocd_namespace }}"' {{ kube_config_dir }}/{{ item.file }}
with_items: "{{ argocd_templates | selectattr('url', 'defined') | list }}" with_items: "{{ argocd_templates | selectattr('download', 'defined') | list }}"
loop_control: loop_control:
label: "{{ item.file }}" label: "{{ item.file }}"
when: when:
@@ -74,7 +65,7 @@
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}"
mode: "0644" mode: "0644"
with_items: "{{ argocd_templates | selectattr('url', 'undefined') | list }}" with_items: "{{ argocd_templates | selectattr('download', 'undefined') | list }}"
loop_control: loop_control:
label: "{{ item.file }}" label: "{{ item.file }}"
when: when:

6
roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
View File

@@ -25,7 +25,7 @@
- name: Kubeadm | aggregate all SANs - name: Kubeadm | aggregate all SANs
set_fact: set_fact:
apiserver_sans: "{{ (sans_base + groups['kube_control_plane'] + sans_lb + sans_lb_ip + sans_supp + sans_access_ip + sans_ip + sans_address + sans_override + sans_hostname + sans_fqdn + sans_kube_vip_address) | unique }}" apiserver_sans: "{{ (sans_base + groups['kube_control_plane'] + sans_lb + sans_lb_ip + sans_supp + sans_access_ip + sans_ip + sans_ipv4_address + sans_ipv6_address + sans_override + sans_hostname + sans_fqdn + sans_kube_vip_address) | unique }}"
vars: vars:
sans_base: sans_base:
- "kubernetes" - "kubernetes"
@@ -41,7 +41,8 @@
sans_supp: "{{ supplementary_addresses_in_ssl_keys if supplementary_addresses_in_ssl_keys is defined else [] }}" sans_supp: "{{ supplementary_addresses_in_ssl_keys if supplementary_addresses_in_ssl_keys is defined else [] }}"
sans_access_ip: "{{ groups['kube_control_plane'] | map('extract', hostvars, 'main_access_ip') | list | select('defined') | list }}" sans_access_ip: "{{ groups['kube_control_plane'] | map('extract', hostvars, 'main_access_ip') | list | select('defined') | list }}"
sans_ip: "{{ groups['kube_control_plane'] | map('extract', hostvars, 'main_ip') | list | select('defined') | list }}" sans_ip: "{{ groups['kube_control_plane'] | map('extract', hostvars, 'main_ip') | list | select('defined') | list }}"
sans_address: "{{ groups['kube_control_plane'] | map('extract', hostvars, ['ansible_default_ipv6', 'ansible_default_ipv4', 'address']) | list | select('defined') | list }}" sans_ipv4_address: "{{ groups['kube_control_plane'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list | select('defined') | list }}"
sans_ipv6_address: "{{ groups['kube_control_plane'] | map('extract', hostvars, ['ansible_default_ipv6', 'address']) | list | select('defined') | list }}"
sans_override: "{{ [kube_override_hostname] if kube_override_hostname else [] }}" sans_override: "{{ [kube_override_hostname] if kube_override_hostname else [] }}"
sans_hostname: "{{ groups['kube_control_plane'] | map('extract', hostvars, ['ansible_hostname']) | list | select('defined') | list }}" sans_hostname: "{{ groups['kube_control_plane'] | map('extract', hostvars, ['ansible_hostname']) | list | select('defined') | list }}"
sans_fqdn: "{{ groups['kube_control_plane'] | map('extract', hostvars, ['ansible_fqdn']) | list | select('defined') | list }}" sans_fqdn: "{{ groups['kube_control_plane'] | map('extract', hostvars, ['ansible_fqdn']) | list | select('defined') | list }}"
@@ -170,6 +171,7 @@
- apiserver_sans_ip_check.changed or apiserver_sans_host_check.changed - apiserver_sans_ip_check.changed or apiserver_sans_host_check.changed
- not kube_external_ca_mode - not kube_external_ca_mode
# TODO: Remove --skip-phases from command when v1beta4 UpgradeConfiguration supports skipPhases
- name: Kubeadm | Initialize first control plane node - name: Kubeadm | Initialize first control plane node
when: inventory_hostname == first_kube_control_plane and not kubeadm_already_run.stat.exists when: inventory_hostname == first_kube_control_plane and not kubeadm_already_run.stat.exists
vars: vars:

14
roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml
View File

@@ -3,7 +3,8 @@
import_tasks: check-api.yml import_tasks: check-api.yml
# kubeadm-config.v1beta4 with UpgradeConfiguration requires some values that were previously allowed as args to be specified in the config file # kubeadm-config.v1beta4 with UpgradeConfiguration requires some values that were previously allowed as args to be specified in the config file
- name: Kubeadm | Upgrade first control plane node # TODO: Remove --skip-phases from command when v1beta4 UpgradeConfiguration supports skipPhases
- name: Kubeadm | Upgrade first control plane node to {{ kube_version }}
command: >- command: >-
timeout -k 600s 600s timeout -k 600s 600s
{{ bin_dir }}/kubeadm upgrade apply -y v{{ kube_version }} {{ bin_dir }}/kubeadm upgrade apply -y v{{ kube_version }}
@@ -16,14 +17,18 @@
--force --force
{%- else %} {%- else %}
--config={{ kube_config_dir }}/kubeadm-config.yaml --config={{ kube_config_dir }}/kubeadm-config.yaml
{%- endif -%} {%- endif %}
{%- if kube_version is version('1.32.0', '>=') %}
--skip-phases={{ kubeadm_init_phases_skip | join(',') }}
{%- endif %}
register: kubeadm_upgrade register: kubeadm_upgrade
when: inventory_hostname == first_kube_control_plane when: inventory_hostname == first_kube_control_plane
failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr
environment: environment:
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}" PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
- name: Kubeadm | Upgrade other control plane nodes # TODO: When we retire kubeadm-config.v1beta3, remove --certificate-renewal, --ignore-preflight-errors, --etcd-upgrade, --patches, and --skip-phases from command, since v1beta4+ supports these in UpgradeConfiguration.node
- name: Kubeadm | Upgrade other control plane nodes to {{ kube_version }}
command: >- command: >-
{{ bin_dir }}/kubeadm upgrade node {{ bin_dir }}/kubeadm upgrade node
{%- if kubeadm_config_api_version == 'v1beta3' %} {%- if kubeadm_config_api_version == 'v1beta3' %}
@@ -33,7 +38,8 @@
{% if kubeadm_patches | length > 0 %}--patches={{ kubeadm_patches_dir }}{% endif %} {% if kubeadm_patches | length > 0 %}--patches={{ kubeadm_patches_dir }}{% endif %}
{%- else %} {%- else %}
--config={{ kube_config_dir }}/kubeadm-config.yaml --config={{ kube_config_dir }}/kubeadm-config.yaml
{%- endif -%} {%- endif %}
--skip-phases={{ kubeadm_upgrade_node_phases_skip | join(',') }}
register: kubeadm_upgrade register: kubeadm_upgrade
when: inventory_hostname != first_kube_control_plane when: inventory_hostname != first_kube_control_plane
failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr

12
roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2
View File

@@ -502,6 +502,12 @@ apply:
{% endif %} {% endif %}
imagePullPolicy: {{ k8s_image_pull_policy }} imagePullPolicy: {{ k8s_image_pull_policy }}
imagePullSerial: {{ kubeadm_image_pull_serial | lower }} imagePullSerial: {{ kubeadm_image_pull_serial | lower }}
{% for skip_phase in kubeadm_upgrade_node_phases_skip %}
{% if loop.first %}
skipPhases:
{% endif %}
- "{{ skip_phase }}"
{% endfor %}
node: node:
certificateRenewal: {{ kubeadm_upgrade_auto_cert_renewal | lower }} certificateRenewal: {{ kubeadm_upgrade_auto_cert_renewal | lower }}
etcdUpgrade: {{ (etcd_deployment_type == "kubeadm") | lower }} etcdUpgrade: {{ (etcd_deployment_type == "kubeadm") | lower }}
@@ -517,6 +523,12 @@ node:
{% endif %} {% endif %}
imagePullPolicy: {{ k8s_image_pull_policy }} imagePullPolicy: {{ k8s_image_pull_policy }}
imagePullSerial: {{ kubeadm_image_pull_serial | lower }} imagePullSerial: {{ kubeadm_image_pull_serial | lower }}
{% for skip_phase in kubeadm_init_phases_skip %}
{% if loop.first %}
skipPhases:
{% endif %}
- "{{ skip_phase }}"
{% endfor %}
--- ---
apiVersion: kubeproxy.config.k8s.io/v1alpha1 apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration kind: KubeProxyConfiguration

2
roles/kubernetes/control-plane/templates/podsecurity.yaml.j2
View File

@@ -1,6 +1,6 @@
{% if kube_pod_security_use_default %}
apiVersion: pod-security.admission.config.k8s.io/v1 apiVersion: pod-security.admission.config.k8s.io/v1
kind: PodSecurityConfiguration kind: PodSecurityConfiguration
{% if kube_pod_security_use_default %}
defaults: defaults:
enforce: "{{ kube_pod_security_default_enforce }}" enforce: "{{ kube_pod_security_default_enforce }}"
enforce-version: "{{ kube_pod_security_default_enforce_version }}" enforce-version: "{{ kube_pod_security_default_enforce_version }}"

11
roles/kubernetes/preinstall/defaults/main.yml
View File

@@ -55,17 +55,6 @@ minimal_node_memory_mb: 1024
minimal_master_memory_mb: 1500 minimal_master_memory_mb: 1500
## NTP Settings ## NTP Settings
# Start the ntpd or chrony service and enable it at system boot.
ntp_enabled: false
# The package to install which provides NTP functionality.
# The default is ntp for most platforms, or chrony on RHEL/CentOS 7 and later.
# The ntp_package can be one of ['ntp', 'ntpsec', 'chrony']
ntp_package: >-
{% if ansible_os_family == "RedHat" -%}
chrony
{%- else -%}
ntp
{%- endif -%}
# Manage the NTP configuration file. # Manage the NTP configuration file.
ntp_manage_config: false ntp_manage_config: false

8
roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
View File

@@ -1,12 +1,4 @@
--- ---
- name: Ensure NTP package
package:
name:
- "{{ ntp_package }}"
state: present
when:
- not is_fedora_coreos
- not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
- name: Disable systemd-timesyncd - name: Disable systemd-timesyncd
service: service:

34
roles/kubespray_defaults/defaults/main/download.yml
View File

@@ -80,6 +80,7 @@ youki_version: "{{ (youki_checksums['amd64'] | dict2items)[0].key }}"
gvisor_version: "{{ (gvisor_runsc_binary_checksums['amd64'] | dict2items)[0].key }}" gvisor_version: "{{ (gvisor_runsc_binary_checksums['amd64'] | dict2items)[0].key }}"
containerd_version: "{{ (containerd_archive_checksums['amd64'] | dict2items)[0].key }}" containerd_version: "{{ (containerd_archive_checksums['amd64'] | dict2items)[0].key }}"
cri_dockerd_version: "{{ (cri_dockerd_archive_checksums['amd64'] | dict2items)[0].key }}" cri_dockerd_version: "{{ (cri_dockerd_archive_checksums['amd64'] | dict2items)[0].key }}"
argocd_version: "{{ (argocd_install_checksums.no_arch | dict2items)[0].key }}"
# this is relevant when container_manager == 'docker' # this is relevant when container_manager == 'docker'
docker_containerd_version: 1.6.32 docker_containerd_version: 1.6.32
@@ -113,7 +114,7 @@ flannel_cni_version: 1.1.2
weave_version: 2.8.7 weave_version: 2.8.7
cni_version: "{{ (cni_binary_checksums['amd64'] | dict2items)[0].key }}" cni_version: "{{ (cni_binary_checksums['amd64'] | dict2items)[0].key }}"
cilium_version: "1.15.9" cilium_version: "1.17.7"
cilium_cli_version: "{{ (ciliumcli_binary_checksums['amd64'] | dict2items)[0].key }}" cilium_cli_version: "{{ (ciliumcli_binary_checksums['amd64'] | dict2items)[0].key }}"
cilium_enable_hubble: false cilium_enable_hubble: false
@@ -135,9 +136,9 @@ pod_infra_supported_versions:
pod_infra_version: "{{ pod_infra_supported_versions[kube_major_version] }}" pod_infra_version: "{{ pod_infra_supported_versions[kube_major_version] }}"
etcd_supported_versions: etcd_supported_versions:
'1.32': 3.5.16 '1.32': "{{ (etcd_binary_checksums['amd64'].keys() | select('version', '3.6', '<'))[0] }}"
'1.31': 3.5.16 '1.31': "{{ (etcd_binary_checksums['amd64'].keys() | select('version', '3.6', '<'))[0] }}"
'1.30': 3.5.16 '1.30': "{{ (etcd_binary_checksums['amd64'].keys() | select('version', '3.6', '<'))[0] }}"
etcd_version: "{{ etcd_supported_versions[kube_major_version] }}" etcd_version: "{{ etcd_supported_versions[kube_major_version] }}"
crictl_supported_versions: crictl_supported_versions:
@@ -193,6 +194,7 @@ containerd_download_url: "{{ github_url }}/containerd/containerd/releases/downlo
cri_dockerd_download_url: "{{ github_url }}/Mirantis/cri-dockerd/releases/download/v{{ cri_dockerd_version }}/cri-dockerd-{{ cri_dockerd_version }}.{{ image_arch }}.tgz" cri_dockerd_download_url: "{{ github_url }}/Mirantis/cri-dockerd/releases/download/v{{ cri_dockerd_version }}/cri-dockerd-{{ cri_dockerd_version }}.{{ image_arch }}.tgz"
skopeo_download_url: "{{ github_url }}/lework/skopeo-binary/releases/download/v{{ skopeo_version }}/skopeo-linux-{{ image_arch }}" skopeo_download_url: "{{ github_url }}/lework/skopeo-binary/releases/download/v{{ skopeo_version }}/skopeo-linux-{{ image_arch }}"
yq_download_url: "{{ github_url }}/mikefarah/yq/releases/download/v{{ yq_version }}/yq_linux_{{ image_arch }}" yq_download_url: "{{ github_url }}/mikefarah/yq/releases/download/v{{ yq_version }}/yq_linux_{{ image_arch }}"
argocd_install_url: "https://raw.githubusercontent.com/argoproj/argo-cd/v{{ argocd_version }}/manifests/install.yaml"
gateway_api_crds_download_url: "{{ github_url }}/kubernetes-sigs/gateway-api/releases/download/v{{ gateway_api_version }}/{{ gateway_api_channel }}-install.yaml" gateway_api_crds_download_url: "{{ github_url }}/kubernetes-sigs/gateway-api/releases/download/v{{ gateway_api_version }}/{{ gateway_api_channel }}-install.yaml"
etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch][etcd_version] }}" etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch][etcd_version] }}"
@@ -201,6 +203,7 @@ kubelet_binary_checksum: "{{ kubelet_checksums[image_arch][kube_version] }}"
kubectl_binary_checksum: "{{ kubectl_checksums[image_arch][kube_version] }}" kubectl_binary_checksum: "{{ kubectl_checksums[image_arch][kube_version] }}"
kubeadm_binary_checksum: "{{ kubeadm_checksums[image_arch][kube_version] }}" kubeadm_binary_checksum: "{{ kubeadm_checksums[image_arch][kube_version] }}"
yq_binary_checksum: "{{ yq_checksums[image_arch][yq_version] }}" yq_binary_checksum: "{{ yq_checksums[image_arch][yq_version] }}"
argocd_install_checksum: "{{ argocd_install_checksums.no_arch[argocd_version] }}"
calicoctl_binary_checksum: "{{ calicoctl_binary_checksums[image_arch][calico_ctl_version] }}" calicoctl_binary_checksum: "{{ calicoctl_binary_checksums[image_arch][calico_ctl_version] }}"
ciliumcli_binary_checksum: "{{ ciliumcli_binary_checksums[image_arch][cilium_cli_version] }}" ciliumcli_binary_checksum: "{{ ciliumcli_binary_checksums[image_arch][cilium_cli_version] }}"
crictl_binary_checksum: "{{ crictl_checksums[image_arch][crictl_version] }}" crictl_binary_checksum: "{{ crictl_checksums[image_arch][crictl_version] }}"
@@ -261,13 +264,13 @@ cilium_operator_image_tag: "v{{ cilium_version }}"
cilium_hubble_relay_image_repo: "{{ quay_image_repo }}/cilium/hubble-relay" cilium_hubble_relay_image_repo: "{{ quay_image_repo }}/cilium/hubble-relay"
cilium_hubble_relay_image_tag: "v{{ cilium_version }}" cilium_hubble_relay_image_tag: "v{{ cilium_version }}"
cilium_hubble_certgen_image_repo: "{{ quay_image_repo }}/cilium/certgen" cilium_hubble_certgen_image_repo: "{{ quay_image_repo }}/cilium/certgen"
cilium_hubble_certgen_image_tag: "v0.1.8" cilium_hubble_certgen_image_tag: "v0.2.1"
cilium_hubble_ui_image_repo: "{{ quay_image_repo }}/cilium/hubble-ui" cilium_hubble_ui_image_repo: "{{ quay_image_repo }}/cilium/hubble-ui"
cilium_hubble_ui_image_tag: "v0.11.0" cilium_hubble_ui_image_tag: "v0.13.2"
cilium_hubble_ui_backend_image_repo: "{{ quay_image_repo }}/cilium/hubble-ui-backend" cilium_hubble_ui_backend_image_repo: "{{ quay_image_repo }}/cilium/hubble-ui-backend"
cilium_hubble_ui_backend_image_tag: "v0.11.0" cilium_hubble_ui_backend_image_tag: "v0.13.2"
cilium_hubble_envoy_image_repo: "{{ docker_image_repo }}/envoyproxy/envoy" cilium_hubble_envoy_image_repo: "{{ quay_image_repo }}/cilium/cilium-envoy"
cilium_hubble_envoy_image_tag: "v1.22.5" cilium_hubble_envoy_image_tag: "v1.32.5-1744305768-f9ddca7dcd91f7ca25a505560e655c47d3dec2cf"
kube_ovn_container_image_repo: "{{ docker_image_repo }}/kubeovn/kube-ovn" kube_ovn_container_image_repo: "{{ docker_image_repo }}/kubeovn/kube-ovn"
kube_ovn_container_image_tag: "v{{ kube_ovn_version }}" kube_ovn_container_image_tag: "v{{ kube_ovn_version }}"
kube_ovn_vpc_container_image_repo: "{{ docker_image_repo }}/kubeovn/vpc-nat-gateway" kube_ovn_vpc_container_image_repo: "{{ docker_image_repo }}/kubeovn/vpc-nat-gateway"
@@ -1131,6 +1134,19 @@ downloads:
groups: groups:
- kube_control_plane - kube_control_plane
argocd_install:
enabled: "{{ argocd_enabled }}"
file: true
version: "{{ argocd_version }}"
dest: "{{ local_release_dir }}/argocd-install.yml"
checksum: "{{ argocd_install_checksum }}"
url: "{{ argocd_install_url }}"
unarchive: false
owner: "root"
mode: "0644"
groups:
- kube_control_plane
download_defaults: download_defaults:
container: false container: false
file: false file: false

26
roles/kubespray_defaults/defaults/main/main.yml
View File

@@ -66,6 +66,15 @@ kubeadm_join_phases_skip_default: []
kubeadm_join_phases_skip: >- kubeadm_join_phases_skip: >-
{{ kubeadm_join_phases_skip_default }} {{ kubeadm_join_phases_skip_default }}
# List of kubeadm upgrade node phases that should be skipped when upgrading a secondary control plane node (supports different phases than kubeadm init and kubeadm upgrade apply)
kubeadm_upgrade_node_phases_skip_default: []
kubeadm_upgrade_node_phases_skip: >-
{%- if kube_version is version('1.32.0', '>=') -%}
{{ kubeadm_upgrade_node_phases_skip_default + kubeadm_init_phases_skip }}
{%- else -%}
{{ kubeadm_upgrade_node_phases_skip_default }}
{%- endif -%}
# Set to true to remove the role binding to anonymous users created by kubeadm # Set to true to remove the role binding to anonymous users created by kubeadm
remove_anonymous_access: false remove_anonymous_access: false
@@ -770,3 +779,20 @@ system_upgrade_reboot: on-upgrade # never, always
# Enables or disables the scheduler plugins. # Enables or disables the scheduler plugins.
scheduler_plugins_enabled: false scheduler_plugins_enabled: false
## NTP Settings
# Start the ntpd or chrony service and enable it at system boot.
ntp_enabled: false
# TODO: Refactor NTP package selection to integrate with the general package installation system
# instead of using a separate variable approach
# The package to install which provides NTP functionality.
# The default is ntp for most platforms, or chrony on RHEL/CentOS 7 and later.
# The ntp_package can be one of ['ntp', 'ntpsec', 'chrony']
ntp_package: >-
{% if ansible_os_family == "RedHat" -%}
chrony
{%- else -%}
ntp
{%- endif -%}

210
roles/kubespray_defaults/defaults/main/checksums.yml → roles/kubespray_defaults/vars/main/checksums.yml
View File

@@ -20,11 +20,17 @@ crictl_checksums:
1.30.0: sha256:ada550cecb5647014f16dd3ff6c59d7ef7d942ca8cb6c51c15ed019622f39ee9 1.30.0: sha256:ada550cecb5647014f16dd3ff6c59d7ef7d942ca8cb6c51c15ed019622f39ee9
crio_archive_checksums: crio_archive_checksums:
arm64: arm64:
1.32.7: sha256:02a0f37f87eda1adf73a2f7145dbead4db9cb7470083cd474fe2970853bb32ff
1.32.6: sha256:8b9a3a0ec3a7d1476396e4893ae9358eff1448d7631c27725d651cbfc4071902
1.32.5: sha256:1725d914b2041b428e5346202a4d874796ed146bac0170084e09d8f430af3c2e
1.32.4: sha256:06ccee8b31963f80c0253bf8c6ba56afa222fc0608ca309b21ace2d8748e3023 1.32.4: sha256:06ccee8b31963f80c0253bf8c6ba56afa222fc0608ca309b21ace2d8748e3023
1.32.3: sha256:f196bdc30c8effbbc8ec54f99e2598e34a901a7996a2f8a53f1f9134b0dc1b80 1.32.3: sha256:f196bdc30c8effbbc8ec54f99e2598e34a901a7996a2f8a53f1f9134b0dc1b80
1.32.2: sha256:627df634df178baf2800c8eb68185489e82f78b0b33ea5bec2bf9ce55ad57647 1.32.2: sha256:627df634df178baf2800c8eb68185489e82f78b0b33ea5bec2bf9ce55ad57647
1.32.1: sha256:f64da0ef41604575b476ad6d7288ca14f56fc06cc0ca138a5c3dc933427f7b32 1.32.1: sha256:f64da0ef41604575b476ad6d7288ca14f56fc06cc0ca138a5c3dc933427f7b32
1.32.0: sha256:b092eddabedac98a0f8449dc535acfec0e14c21f59cabe8f9703043d995a1a41 1.32.0: sha256:b092eddabedac98a0f8449dc535acfec0e14c21f59cabe8f9703043d995a1a41
1.31.11: sha256:285f1806f30a5c859464e80cf142a1ffc42a4a9f4ceaae286e7cdd2399cb0e5c
1.31.10: sha256:3000eff5bc6a76279ed7fff5801d099bf45e6b0e1500405320de34d96bbf0547
1.31.9: sha256:c4ea5ac9ae05d2195bfe10931e4ae0d7989a04fc28e1bad7cb3520d350909a2c
1.31.8: sha256:a6fd3bf8f9d40d51ad806be7246d3d38682cb2071af428404300098ca086afcf 1.31.8: sha256:a6fd3bf8f9d40d51ad806be7246d3d38682cb2071af428404300098ca086afcf
1.31.7: sha256:66c4beb5e331881bec173baf5945b7c1da78fd56479e79b35185c63b05fcd03e 1.31.7: sha256:66c4beb5e331881bec173baf5945b7c1da78fd56479e79b35185c63b05fcd03e
1.31.6: sha256:1a7baa55c495ea2d89d5c27d9ee1b4c1f251e4dba2c0e71c75c2a194cd733081 1.31.6: sha256:1a7baa55c495ea2d89d5c27d9ee1b4c1f251e4dba2c0e71c75c2a194cd733081
@@ -34,6 +40,7 @@ crio_archive_checksums:
1.31.2: sha256:ba0e71699aa7a0e995ac2563b8aee2f2a3358ac120edb8b951e151824f16d5a4 1.31.2: sha256:ba0e71699aa7a0e995ac2563b8aee2f2a3358ac120edb8b951e151824f16d5a4
1.31.1: sha256:760d00cecaf1b6bf5a3bfae39daa5e46a74408f7a6869cbb41716a5610a7a18f 1.31.1: sha256:760d00cecaf1b6bf5a3bfae39daa5e46a74408f7a6869cbb41716a5610a7a18f
1.31.0: sha256:d54afe0140afde0bed09136bd923d8fb415c9016189e7f1b719565ec84edf737 1.31.0: sha256:d54afe0140afde0bed09136bd923d8fb415c9016189e7f1b719565ec84edf737
1.30.14: sha256:7094e6aa782111596cabde92beb78383a3b8cccfdc98ecf93d670e5ec22009a1
1.30.13: sha256:f9eda79e902660e8dd53231d533e6f4f0feaa6a3fc1b15bb30b8f17e8d9bf93c 1.30.13: sha256:f9eda79e902660e8dd53231d533e6f4f0feaa6a3fc1b15bb30b8f17e8d9bf93c
1.30.12: sha256:689084fb694b841eedf2ee0d03024d7b245d87f3119b2eab123dcd6d562ca0cd 1.30.12: sha256:689084fb694b841eedf2ee0d03024d7b245d87f3119b2eab123dcd6d562ca0cd
1.30.11: sha256:89e5ec8b441303b08dd18edabf3607564823a62451b2312049e24a38d1f7644c 1.30.11: sha256:89e5ec8b441303b08dd18edabf3607564823a62451b2312049e24a38d1f7644c
@@ -49,11 +56,17 @@ crio_archive_checksums:
1.30.1: sha256:371a6da24dfc7c9e01f29191b36a0629474a37cd8300fa8a36483647a7859b72 1.30.1: sha256:371a6da24dfc7c9e01f29191b36a0629474a37cd8300fa8a36483647a7859b72
1.30.0: sha256:7e7c934cebff6433594e4cdc440e1ceb5602741a35d74b2342dac6fb585c3549 1.30.0: sha256:7e7c934cebff6433594e4cdc440e1ceb5602741a35d74b2342dac6fb585c3549
amd64: amd64:
1.32.7: sha256:2592c2aad6eabf7109d62f49417c14a78fabedd24eab0915770d92610e032f89
1.32.6: sha256:430ffcd8a140177b453ff75f4f11c22483378f4751f2e62379526b6ef817d184
1.32.5: sha256:e31f6d9acb955bb6065ae1bbb4bb71e23ecf61417b4c03ea87e152ff7ae45b5e
1.32.4: sha256:9934370708bfc641649bef83cd8df0745e8d3a3887b67062ae970d95b58003f4 1.32.4: sha256:9934370708bfc641649bef83cd8df0745e8d3a3887b67062ae970d95b58003f4
1.32.3: sha256:860c53b91dbe547b0cf23837880506a92348783efd9a7003a7da3fff6555fa28 1.32.3: sha256:860c53b91dbe547b0cf23837880506a92348783efd9a7003a7da3fff6555fa28
1.32.2: sha256:3ab6b4cc7641c2d181c2141ca42edecaac837d1409caef9311ebc57fb922fbb6 1.32.2: sha256:3ab6b4cc7641c2d181c2141ca42edecaac837d1409caef9311ebc57fb922fbb6
1.32.1: sha256:d35de1e765481018c7ccdc92edeb59b25938f3bd9d1670440e7ccd3d599f95a7 1.32.1: sha256:d35de1e765481018c7ccdc92edeb59b25938f3bd9d1670440e7ccd3d599f95a7
1.32.0: sha256:8f483f1429d2d9cd6bfa6db2e3a4263151701dd4f05f2b1c06cf8e67c44ea67e 1.32.0: sha256:8f483f1429d2d9cd6bfa6db2e3a4263151701dd4f05f2b1c06cf8e67c44ea67e
1.31.11: sha256:4c3875fce2135c8ebac316d7954f1e281151a2e197716c2640cea7cfca3c298d
1.31.10: sha256:9e0e333019d9e6d0544a62ebe0979409c4b9c0bb9ac558414592614fceeb84b4
1.31.9: sha256:cb0712371c2bb2eafa5e10fa3d237a49985768b470c22277a0a700d2028388d0
1.31.8: sha256:1730457a0d6cbd9bafe4c4ed33dcfcc843af65b53393d04fb658d42c9ed4d4c5 1.31.8: sha256:1730457a0d6cbd9bafe4c4ed33dcfcc843af65b53393d04fb658d42c9ed4d4c5
1.31.7: sha256:d97a5e7d282e16d98740d96f72d8d5ea5f0ebd410b6db0357ad8ce0812a08951 1.31.7: sha256:d97a5e7d282e16d98740d96f72d8d5ea5f0ebd410b6db0357ad8ce0812a08951
1.31.6: sha256:0280c799006946b1073e1f66426f103d479268aeb121bff3f845f279828811b3 1.31.6: sha256:0280c799006946b1073e1f66426f103d479268aeb121bff3f845f279828811b3
@@ -63,6 +76,7 @@ crio_archive_checksums:
1.31.2: sha256:d035a728c0c3e05e734d69d4a488d7509ac281fa12ae0c228dee257e9da41237 1.31.2: sha256:d035a728c0c3e05e734d69d4a488d7509ac281fa12ae0c228dee257e9da41237
1.31.1: sha256:ea51b7db06ca97ecf7a76d0341ca168dca102a21fb14f97b1fc139c8e7fb1d47 1.31.1: sha256:ea51b7db06ca97ecf7a76d0341ca168dca102a21fb14f97b1fc139c8e7fb1d47
1.31.0: sha256:3cc88ce3c19b2f9bbdfaa1bd42eea64bd7d5ffac6e714a83abbdea40df9ef8c2 1.31.0: sha256:3cc88ce3c19b2f9bbdfaa1bd42eea64bd7d5ffac6e714a83abbdea40df9ef8c2
1.30.14: sha256:8bc31d90849ca058be4c3b9da86d8f49a5ae367294f0bce2032251680c627c61
1.30.13: sha256:8a40791ee8be099f861574bfca0908fa1c17f9513c47cb8025c833fe59c6c3c7 1.30.13: sha256:8a40791ee8be099f861574bfca0908fa1c17f9513c47cb8025c833fe59c6c3c7
1.30.12: sha256:5ea864a372c2d897909508d09a4481becaea0577be82d4e5e8983691f3321cf0 1.30.12: sha256:5ea864a372c2d897909508d09a4481becaea0577be82d4e5e8983691f3321cf0
1.30.11: sha256:5702f05e0ba49ba06e1e8d41f1113701a0a8cb76f418c924b98401b730ab9426 1.30.11: sha256:5702f05e0ba49ba06e1e8d41f1113701a0a8cb76f418c924b98401b730ab9426
@@ -78,11 +92,17 @@ crio_archive_checksums:
1.30.1: sha256:7293f51295d89106e59fe0f83af9599e71fe4f446e1b13c40687ef63ecc1b194 1.30.1: sha256:7293f51295d89106e59fe0f83af9599e71fe4f446e1b13c40687ef63ecc1b194
1.30.0: sha256:c2b189febc9f9cb51f84eecad0da955182e31b98a9f456314546bb83ee2a901a 1.30.0: sha256:c2b189febc9f9cb51f84eecad0da955182e31b98a9f456314546bb83ee2a901a
ppc64le: ppc64le:
1.32.7: sha256:cc4cb9e5337716fbd341e84dfd59e80a4cfd2c28b70a30223a29bbe2a7607203
1.32.6: sha256:f2b80598398dfbc5672696309dce2cb9c2ae80eda9d9b86141cc80995bc3bb92
1.32.5: sha256:2886b8392452ee6e91d87e7228d3720a21b89e4398291f7479ec68ddb0f4f7c0
1.32.4: sha256:533f6a6d252be8e78a9df4c911df5c3f4b361c608939427839fa4db682ade0a2 1.32.4: sha256:533f6a6d252be8e78a9df4c911df5c3f4b361c608939427839fa4db682ade0a2
1.32.3: sha256:bab472e532ed31307f92781717b32016ad02dc25b9a7facf158eab0ff49531c5 1.32.3: sha256:bab472e532ed31307f92781717b32016ad02dc25b9a7facf158eab0ff49531c5
1.32.2: sha256:680928bbeb84df7e87a17ad059679bb365a8d68781819798175e370629c293e6 1.32.2: sha256:680928bbeb84df7e87a17ad059679bb365a8d68781819798175e370629c293e6
1.32.1: sha256:e59948b183ca87bf3cf4e54ebd5d3ac9418b1e88af4dc92883323003bd16412a 1.32.1: sha256:e59948b183ca87bf3cf4e54ebd5d3ac9418b1e88af4dc92883323003bd16412a
1.32.0: sha256:e0544544c91f603afaf54ed814c8519883212bcb149f53a8be9bb0c749e9ec86 1.32.0: sha256:e0544544c91f603afaf54ed814c8519883212bcb149f53a8be9bb0c749e9ec86
1.31.11: sha256:d10a9b606f15a1a028105ee6aa5ce2cf7d199e074e3f6cebc7bd8b7783ba24c4
1.31.10: sha256:f44f56622405a8b79782af0431dee4d4ab2ee7d7e11a09f4923c4a82c451945e
1.31.9: sha256:c8c40c05d4545cb282b8b05426b6c6e6396cb00f621977dd0a3841bbfe48b319
1.31.8: sha256:1b6f60c58766e1c2bab2e60c10060494500747dd0965e70072367a86182dd8b4 1.31.8: sha256:1b6f60c58766e1c2bab2e60c10060494500747dd0965e70072367a86182dd8b4
1.31.7: sha256:1a2d82271ec5f4c7b4ee9c9eae6e83c62da57928a54de01f47b7f773a2dc20df 1.31.7: sha256:1a2d82271ec5f4c7b4ee9c9eae6e83c62da57928a54de01f47b7f773a2dc20df
1.31.6: sha256:416afcda1d8bf1e616043942c2c2fe4ccd92f10c829199527ac69c76b93ec44a 1.31.6: sha256:416afcda1d8bf1e616043942c2c2fe4ccd92f10c829199527ac69c76b93ec44a
@@ -92,6 +112,7 @@ crio_archive_checksums:
1.31.2: sha256:57596bb63aef508e86f3b41672816f02a6dee3b1a71ce472756d2c7aed836407 1.31.2: sha256:57596bb63aef508e86f3b41672816f02a6dee3b1a71ce472756d2c7aed836407
1.31.1: sha256:94b3b1b8cebd3a3b3483cbefd11826fadaa240302c4b61f98c29bd2bf3dd72ee 1.31.1: sha256:94b3b1b8cebd3a3b3483cbefd11826fadaa240302c4b61f98c29bd2bf3dd72ee
1.31.0: sha256:46d901644f86d25dd62f12c16bd88cf26a0b9c400405f571fc5b68abdfefad95 1.31.0: sha256:46d901644f86d25dd62f12c16bd88cf26a0b9c400405f571fc5b68abdfefad95
1.30.14: sha256:ec3cd6d481cab5e82e9a28c11f0a2a46c48e3d071e57b3b884370326afb7c798
1.30.13: sha256:6ec25c7429b1adb0b9803d5d454c96b2a932f4c0f505f4d7cdf6a590d0f5ab46 1.30.13: sha256:6ec25c7429b1adb0b9803d5d454c96b2a932f4c0f505f4d7cdf6a590d0f5ab46
1.30.12: sha256:f9d39a6ba3211b529d30cff409834f36a282ee30cf4a9d48456cfca4e19982dd 1.30.12: sha256:f9d39a6ba3211b529d30cff409834f36a282ee30cf4a9d48456cfca4e19982dd
1.30.11: sha256:007e8c9f9a509b028233239464de160948015922beb8063b7775fe5f47c83fe9 1.30.11: sha256:007e8c9f9a509b028233239464de160948015922beb8063b7775fe5f47c83fe9
@@ -108,11 +129,19 @@ crio_archive_checksums:
1.30.0: sha256:e6fe5c39fa7b7cf8167bb59b94dc9028f8def0c4fec4c1c9028ec4b84da6c53a 1.30.0: sha256:e6fe5c39fa7b7cf8167bb59b94dc9028f8def0c4fec4c1c9028ec4b84da6c53a
kubelet_checksums: kubelet_checksums:
arm64: arm64:
1.32.8: sha256:d5527714fac08eac4c1ddcbd8a3c6db35f3acd335d43360219d733273b672cce
1.32.7: sha256:b862a8d550875924c8abed6c15ba22564f7e232c239aa6a2e88caf069a0ab548
1.32.6: sha256:b045d4f8f96bf934c894f9704ab2931ffa3c6cf78a8d98e457482a6c455dab6d
1.32.5: sha256:034753a2e308afeb4ce3cf332d38346c6e660252eac93b268fac0e112a56ff46
1.32.4: sha256:91117b71eb2bb3dd79ec3ed444e058a347349108bf661838f53ee30d2a0ff168 1.32.4: sha256:91117b71eb2bb3dd79ec3ed444e058a347349108bf661838f53ee30d2a0ff168
1.32.3: sha256:5c3c98e6e0fa35d209595037e05022597954b8d764482417a9588e15218f0fe2 1.32.3: sha256:5c3c98e6e0fa35d209595037e05022597954b8d764482417a9588e15218f0fe2
1.32.2: sha256:d74b659bbde5adf919529d079975900e51e10bc807f0fda9dc9f6bb07c4a3a7b 1.32.2: sha256:d74b659bbde5adf919529d079975900e51e10bc807f0fda9dc9f6bb07c4a3a7b
1.32.1: sha256:8e6d0eeedd9f0b8b38d4f600ee167816f71cf4dacfa3d9a9bb6c3561cc884e95 1.32.1: sha256:8e6d0eeedd9f0b8b38d4f600ee167816f71cf4dacfa3d9a9bb6c3561cc884e95
1.32.0: sha256:bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf 1.32.0: sha256:bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf
1.31.12: sha256:3dab6925a2beb59fbfa7df2897e001af95886145f556cafdbde8c4facd7ca516
1.31.11: sha256:3a0e07fd72709736cd85ce64a2f5505b2bb085fe697417b96ff249febd5357b1
1.31.10: sha256:bdb7b70e6f17e6a6700c275c0a3e3632252cf34bf482b6a9fb8448efe8a0e287
1.31.9: sha256:2debf321e74f430c3832e2426766271f4d51e54927e6ad4be0235d31453dace6
1.31.8: sha256:c071aa506071db5f03a03ea3f406b4250359b08b7ae10eeee3cfb3da05411925 1.31.8: sha256:c071aa506071db5f03a03ea3f406b4250359b08b7ae10eeee3cfb3da05411925
1.31.7: sha256:c6624e9e0bbf31334893f991f9a85c7018d8073c32147f421f6338bc92ac6f33 1.31.7: sha256:c6624e9e0bbf31334893f991f9a85c7018d8073c32147f421f6338bc92ac6f33
1.31.6: sha256:79b2bae5f578bae643e44ae1a40c834221983ac8e695c82aad79f2dc96c50ada 1.31.6: sha256:79b2bae5f578bae643e44ae1a40c834221983ac8e695c82aad79f2dc96c50ada
@@ -122,6 +151,8 @@ kubelet_checksums:
1.31.2: sha256:118e1b0e85357a81557f9264521c083708f295d7c5f954a4113500fd1afca8f8 1.31.2: sha256:118e1b0e85357a81557f9264521c083708f295d7c5f954a4113500fd1afca8f8
1.31.1: sha256:fbd98311e96b9dcdd73d1688760d410cc70aefce26272ff2f20eef51a7c0d1da 1.31.1: sha256:fbd98311e96b9dcdd73d1688760d410cc70aefce26272ff2f20eef51a7c0d1da
1.31.0: sha256:b310da449a9d2f8b928cab5ca12a6772617ba421023894e061ca2647e6d9f1c3 1.31.0: sha256:b310da449a9d2f8b928cab5ca12a6772617ba421023894e061ca2647e6d9f1c3
1.30.14: sha256:b70b2dbd8ab4e64deb8522eaf7eb01f038abba3cfad3b7dd20a9e354bbc1b9a5
1.30.13: sha256:673ffbf0c84814a0625fef0d4e44647ec7cf3786ab839729d2d03782559b3cdf
1.30.12: sha256:0d280ebaa41b7d4c34977f131cf9cda663db94c3ae33d5613b1729a02b3bedd7 1.30.12: sha256:0d280ebaa41b7d4c34977f131cf9cda663db94c3ae33d5613b1729a02b3bedd7
1.30.11: sha256:2ead74deda3ae5ab2fac1e1476d5b4c81ad73cf6383c279b5781513b98e43f39 1.30.11: sha256:2ead74deda3ae5ab2fac1e1476d5b4c81ad73cf6383c279b5781513b98e43f39
1.30.10: sha256:497d403610fda7ff4fefa1c5c467a5fe9efbc3b3368ecd40542ef1e22eff88ca 1.30.10: sha256:497d403610fda7ff4fefa1c5c467a5fe9efbc3b3368ecd40542ef1e22eff88ca
@@ -136,11 +167,19 @@ kubelet_checksums:
1.30.1: sha256:c45049b829af876588ec1a30def3884ce77c2c175cd77485d49c78d2064a38fb 1.30.1: sha256:c45049b829af876588ec1a30def3884ce77c2c175cd77485d49c78d2064a38fb
1.30.0: sha256:fa887647422d34f3c7cc5b30fefcf97084d2c3277eff237c5808685ba8e4b15a 1.30.0: sha256:fa887647422d34f3c7cc5b30fefcf97084d2c3277eff237c5808685ba8e4b15a
amd64: amd64:
1.32.8: sha256:7dfca4da9cdf592c0f70800e09fb42553765bc0951cade3d6e0c571daf3f23ee
1.32.7: sha256:7ab96898436475640cbd416b2446f33aba1c2cb62dae876302ff7775d850041c
1.32.6: sha256:aa37219c4796a2fbf5af7f37fb7f11998947f9fd0d0f30dbeb40c47d4e9c8777
1.32.5: sha256:2b2988edd1646bf139dee6956d4283c520ff151a36febd10701ffda4852b8250
1.32.4: sha256:3e0c265fe80f3ea1b7271a00879d4dbd5e6ea1e91ecf067670c983e07c33a6f4 1.32.4: sha256:3e0c265fe80f3ea1b7271a00879d4dbd5e6ea1e91ecf067670c983e07c33a6f4
1.32.3: sha256:024bb7faffa787c7717a2b37398a8c6df35694a8585a73074b052c3f4c4906ce 1.32.3: sha256:024bb7faffa787c7717a2b37398a8c6df35694a8585a73074b052c3f4c4906ce
1.32.2: sha256:9927fee1678202719075d8d546390bcda86c9e519b811fb7f4820b6823f84cab 1.32.2: sha256:9927fee1678202719075d8d546390bcda86c9e519b811fb7f4820b6823f84cab
1.32.1: sha256:967dc8984651c48230a2ff5319e22cbf858452e974104a19bbade5d1708f72ad 1.32.1: sha256:967dc8984651c48230a2ff5319e22cbf858452e974104a19bbade5d1708f72ad
1.32.0: sha256:5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2 1.32.0: sha256:5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2
1.31.12: sha256:43f4a2ff9d5f40419f74977ed6e1939c4f8db51b0f2e63a98546e146d683c299
1.31.11: sha256:7bdace3eb4c7a6d6b9cf3f9e84e5972b2885bf5bc20a92361ca527e5c228542f
1.31.10: sha256:14cb1bf4e3357b1edde13ac9fc609a57ea010cfc8130b7ff66b68da24642d7da
1.31.9: sha256:4e5e2bce4e80575a253654877f0156393d79647a36afb784da27f3ddef446456
1.31.8: sha256:02697f8d14fc36089954380730f300df78b63dada1dc6f52d8e60bd5ce217d48 1.31.8: sha256:02697f8d14fc36089954380730f300df78b63dada1dc6f52d8e60bd5ce217d48
1.31.7: sha256:279e766a1a7c0dce2efae452c9de1e52b169df31c4b75c9d3b7d51f767ae6d42 1.31.7: sha256:279e766a1a7c0dce2efae452c9de1e52b169df31c4b75c9d3b7d51f767ae6d42
1.31.6: sha256:ea50176095dd4650f6b270c79cf6d30deaaeb96ffa7d1eaac6924428cc9d2486 1.31.6: sha256:ea50176095dd4650f6b270c79cf6d30deaaeb96ffa7d1eaac6924428cc9d2486
@@ -150,6 +189,8 @@ kubelet_checksums:
1.31.2: sha256:b0de6290267bbb4f6bcd9c4d50bb331e335f8dc47653644ae278844bb04c1fb6 1.31.2: sha256:b0de6290267bbb4f6bcd9c4d50bb331e335f8dc47653644ae278844bb04c1fb6
1.31.1: sha256:50619fff95bdd7e690c049cc083f495ae0e7c66d0cdf6a8bcad298af5fe28438 1.31.1: sha256:50619fff95bdd7e690c049cc083f495ae0e7c66d0cdf6a8bcad298af5fe28438
1.31.0: sha256:39e7f1c61c8389ea7680690f8bd5dd733672fa16875ae598df0fd8c205df57a9 1.31.0: sha256:39e7f1c61c8389ea7680690f8bd5dd733672fa16875ae598df0fd8c205df57a9
1.30.14: sha256:46baa60748b179164e80f5565d99dad642d554fb431925d211ffa921b917d5c7
1.30.13: sha256:b8d8c3cc0c13b2e42c1d83ab6c03024825bc01887c923fd6f8568ebe066ec28e
1.30.12: sha256:aab260aa88dd27f785bdb64e7e5be0173bcd1a871d0fa84d5dc7736469f7c395 1.30.12: sha256:aab260aa88dd27f785bdb64e7e5be0173bcd1a871d0fa84d5dc7736469f7c395
1.30.11: sha256:59177fc92e2b2bb988f7d8d39682ea9e3d9d883273c9c8b51b39502d9b965431 1.30.11: sha256:59177fc92e2b2bb988f7d8d39682ea9e3d9d883273c9c8b51b39502d9b965431
1.30.10: sha256:0c7aa1db3fa339aa13af0f825d25a76b3c74f785d4fcd49d6a0bc5a96f0971f0 1.30.10: sha256:0c7aa1db3fa339aa13af0f825d25a76b3c74f785d4fcd49d6a0bc5a96f0971f0
@@ -164,11 +205,19 @@ kubelet_checksums:
1.30.1: sha256:87bd6e5de9c0769c605da5fedb77a35c8b764e3bda1632447883c935dcf219d3 1.30.1: sha256:87bd6e5de9c0769c605da5fedb77a35c8b764e3bda1632447883c935dcf219d3
1.30.0: sha256:32a32ec3d7e7f8b2648c9dd503ce9ef63b4af1d1677f5b5aed7846fb02d66f18 1.30.0: sha256:32a32ec3d7e7f8b2648c9dd503ce9ef63b4af1d1677f5b5aed7846fb02d66f18
ppc64le: ppc64le:
1.32.8: sha256:ec5a2e045dc49b7e1d34a0c78fbc645ce568b2275e807b6313da46e584f56f68
1.32.7: sha256:4ddc5a0b42100295896a43a1a637180872293c9f7305a90dd3377681b1401469
1.32.6: sha256:fd0140949b02c82539ff84db15d0d406445f34221d0547e7ee31245cd982ff47
1.32.5: sha256:b9cb7bf4b5518e1b5542717c82a753663154e08c84e336feba424cf3575313a3
1.32.4: sha256:62e7854ea84bf0fd5a9c47a1ab7ade7a74b4f160efdf486320ed913b4e8e7f79 1.32.4: sha256:62e7854ea84bf0fd5a9c47a1ab7ade7a74b4f160efdf486320ed913b4e8e7f79
1.32.3: sha256:efc2b01d4ab74f283ab4ff2bad4369e2b9f66fa875673b72627aa6e7a7b507cb 1.32.3: sha256:efc2b01d4ab74f283ab4ff2bad4369e2b9f66fa875673b72627aa6e7a7b507cb
1.32.2: sha256:3602474e25b0b42a4b0f43ece2ca1e03fe5f3864f0936537256920bbb2eb9acd 1.32.2: sha256:3602474e25b0b42a4b0f43ece2ca1e03fe5f3864f0936537256920bbb2eb9acd
1.32.1: sha256:623889368808042a236d7078d85a23ce5ef0e43b6fadc09bcacfdf704ac876b4 1.32.1: sha256:623889368808042a236d7078d85a23ce5ef0e43b6fadc09bcacfdf704ac876b4
1.32.0: sha256:99d409a8023224d84c361e29cdf21ac0458a5449f03e12550288aa654539e3a1 1.32.0: sha256:99d409a8023224d84c361e29cdf21ac0458a5449f03e12550288aa654539e3a1
1.31.12: sha256:4b6cae790be436e0ee55f016aca1b531af550b2b17dea4347b919ae5528f2978
1.31.11: sha256:c57993b2f8f3f8c47776d4ba2653837823ac23b12981cef845f7f6c447f8b9b0
1.31.10: sha256:7a2d68be428b2a9c3b557176af080a80e155415e81fc2b11173d9e34f41488e8
1.31.9: sha256:53410497c9abf3355c89997654f0e1f189084888dc56a57199c6ed1c4e3cb61c
1.31.8: sha256:925bc404df4a54fed659db28e5bc55b5e4b6707f60d8aa26660b2a20f65a804c 1.31.8: sha256:925bc404df4a54fed659db28e5bc55b5e4b6707f60d8aa26660b2a20f65a804c
1.31.7: sha256:159be13904091020c2be08a22155f3d3a2e22a0d31d96ceabfa84cabe1dbb6f7 1.31.7: sha256:159be13904091020c2be08a22155f3d3a2e22a0d31d96ceabfa84cabe1dbb6f7
1.31.6: sha256:910a4cfc99e18d6065a4d8abcd678559d278797a5de2110050cc75931b000d8f 1.31.6: sha256:910a4cfc99e18d6065a4d8abcd678559d278797a5de2110050cc75931b000d8f
@@ -178,6 +227,8 @@ kubelet_checksums:
1.31.2: sha256:b7eb859eaa5494273c587b0dcbb75a5a27251df5e140087de542cb7e358d79b1 1.31.2: sha256:b7eb859eaa5494273c587b0dcbb75a5a27251df5e140087de542cb7e358d79b1
1.31.1: sha256:5b9e8de02f797991670c3f16fa7e46edc7e862644bfa376573c2fca2eaf01519 1.31.1: sha256:5b9e8de02f797991670c3f16fa7e46edc7e862644bfa376573c2fca2eaf01519
1.31.0: sha256:b347b96dd79d3ac09e490669b38c5c2a49b5d73cf82cb619a1c54c6e0a165dbb 1.31.0: sha256:b347b96dd79d3ac09e490669b38c5c2a49b5d73cf82cb619a1c54c6e0a165dbb
1.30.14: sha256:80cfddf5980fd5b6ec5b9ec97f5a82c2508f27e148faddeaebb374fe7c66b1b1
1.30.13: sha256:94ce01e6628f8339a9ff06f13e37298bbd2aedbcb3e37e7943ed8d90fd55e91d
1.30.12: sha256:b49ce79bbaedb9d40805be5f6968c6c9ee9a711dde9fc01831cd257dea7ae8a9 1.30.12: sha256:b49ce79bbaedb9d40805be5f6968c6c9ee9a711dde9fc01831cd257dea7ae8a9
1.30.11: sha256:c9f778480278a4bda2c81cdeec7b2bab9c969299054f9e27234359fd5b80d6f3 1.30.11: sha256:c9f778480278a4bda2c81cdeec7b2bab9c969299054f9e27234359fd5b80d6f3
1.30.10: sha256:e2061a23cac69937ab2454fc9f870f6e5cad4debe668e81389fd4a7fde36d3dd 1.30.10: sha256:e2061a23cac69937ab2454fc9f870f6e5cad4debe668e81389fd4a7fde36d3dd
@@ -193,11 +244,19 @@ kubelet_checksums:
1.30.0: sha256:8d4aa6b10bcddae9a7c754492743cfea88c1c6a4628cab98cdd29bb18d505d03 1.30.0: sha256:8d4aa6b10bcddae9a7c754492743cfea88c1c6a4628cab98cdd29bb18d505d03
kubectl_checksums: kubectl_checksums:
arm: arm:
1.32.8: sha256:ed54b52631fdf5ecc4ddb12c47df481f84b5890683beaeaa55dc84e43d2cd023
1.32.7: sha256:c5416b59afdf897c4fbf08867c8a32b635f83f26e40980d38233fad6b345e37c
1.32.6: sha256:77fec65c6f08c28f8695de4db877d82d74c881ed3ed110ebfd88cbd4ee3d01dc
1.32.5: sha256:7270e6ac4b82b5e4bd037dccae1631964634214baa66a9548deb5edd3f79de31
1.32.4: sha256:bf28793213039690d018bbfa9bcfcfed76a9aa8e18dc299eced8709ca542fcdd 1.32.4: sha256:bf28793213039690d018bbfa9bcfcfed76a9aa8e18dc299eced8709ca542fcdd
1.32.3: sha256:f990c878e54e5fac82eac7398ef643acca9807838b19014f1816fa9255b2d3d9 1.32.3: sha256:f990c878e54e5fac82eac7398ef643acca9807838b19014f1816fa9255b2d3d9
1.32.2: sha256:e1e6a2fd4571cd66c885aa42b290930660d34a7331ffb576fcab9fd1a0941a83 1.32.2: sha256:e1e6a2fd4571cd66c885aa42b290930660d34a7331ffb576fcab9fd1a0941a83
1.32.1: sha256:8ccf69be2578d3a324e9fc7d4f3b29bc9743cc02d72f33ba2d0fe30389014bc8 1.32.1: sha256:8ccf69be2578d3a324e9fc7d4f3b29bc9743cc02d72f33ba2d0fe30389014bc8
1.32.0: sha256:6b33ea8c80f785fb07be4d021301199ae9ee4f8d7ea037a8ae544d5a7514684e 1.32.0: sha256:6b33ea8c80f785fb07be4d021301199ae9ee4f8d7ea037a8ae544d5a7514684e
1.31.12: sha256:8e430e7a192355a60e1398580a861b4724b286ed38ff52a156500d3fae90c583
1.31.11: sha256:7768bb4e1b79ddac982968e47d9e25f357b7e9c0f08039134815a64062d5ea6f
1.31.10: sha256:1f3f644609513ed0c6045638e60fc9e9fb5de39c375719601f565e6ad82b9b85
1.31.9: sha256:54e560eb3ad4b2b0ae95d79d71b2816dfa154b33758e49f2583bec0980f19861
1.31.8: sha256:65fdd04f5171e44620cc4e0b9e0763b1b3d10b2b15c1f7f99b549d36482015d4 1.31.8: sha256:65fdd04f5171e44620cc4e0b9e0763b1b3d10b2b15c1f7f99b549d36482015d4
1.31.7: sha256:870d919f8ef5f5c608bd69c57893937910de6a8ed2c077fc4f0945375f61734d 1.31.7: sha256:870d919f8ef5f5c608bd69c57893937910de6a8ed2c077fc4f0945375f61734d
1.31.6: sha256:b370a552cd6c9bb5fc42e4e9031b74f35da332f27b585760bacb0d3189d8634d 1.31.6: sha256:b370a552cd6c9bb5fc42e4e9031b74f35da332f27b585760bacb0d3189d8634d
@@ -207,6 +266,8 @@ kubectl_checksums:
1.31.2: sha256:f2a638bdaa4764e82259ed1548ce2c86056e33a3d09147f7f0c2d4ee5b5e300c 1.31.2: sha256:f2a638bdaa4764e82259ed1548ce2c86056e33a3d09147f7f0c2d4ee5b5e300c
1.31.1: sha256:51b178c9362a4fbe35644399f113d7f904d306261953a51c5c0a57676e209fa6 1.31.1: sha256:51b178c9362a4fbe35644399f113d7f904d306261953a51c5c0a57676e209fa6
1.31.0: sha256:a4d6292c88c199688a03ea211bea08c8ae29f1794f5deeeef46862088d124baa 1.31.0: sha256:a4d6292c88c199688a03ea211bea08c8ae29f1794f5deeeef46862088d124baa
1.30.14: sha256:da223f47ae9179fffdc443a1ed6f84e60bb9210e56a701295f94cdffa7b178d7
1.30.13: sha256:da7f49225c9c10f69371e5f351ea3049e3561cf02e92c31e72ee46d8575e8c1a
1.30.12: sha256:b8a5de1e9abc5c154fb466dd19758edd149cbea05ac4dfd64ba1f82461745f6f 1.30.12: sha256:b8a5de1e9abc5c154fb466dd19758edd149cbea05ac4dfd64ba1f82461745f6f
1.30.11: sha256:ef419b7376850d2ca47413f15d6c94eeefb393ae648c9fb739e931da179adf06 1.30.11: sha256:ef419b7376850d2ca47413f15d6c94eeefb393ae648c9fb739e931da179adf06
1.30.10: sha256:71dc80f99598d9571191e7b5dc52b4c426da960426b3d62e644b173b50a4c2f2 1.30.10: sha256:71dc80f99598d9571191e7b5dc52b4c426da960426b3d62e644b173b50a4c2f2
@@ -221,11 +282,19 @@ kubectl_checksums:
1.30.1: sha256:b05c4c4b1c440e8797445b8b15e9f4a00010f1365533a2420b9e68428da19d89 1.30.1: sha256:b05c4c4b1c440e8797445b8b15e9f4a00010f1365533a2420b9e68428da19d89
1.30.0: sha256:ff54e96c73f4b87d740768f77edada7df8f2003f278d3c79bbbaa047b1fc708d 1.30.0: sha256:ff54e96c73f4b87d740768f77edada7df8f2003f278d3c79bbbaa047b1fc708d
arm64: arm64:
1.32.8: sha256:8a7371e54187249389a9aa222b150d61a4a745c121ab24dbcbb56d1ac2d0b912
1.32.7: sha256:232f6e517633fbb4696c9eb7a0431ee14b3fccbb47360b4843d451e0d8c9a3a2
1.32.6: sha256:f7bac84f8c35f55fb2c6ad167beb59eba93de5924b50bbaa482caa14ff480eec
1.32.5: sha256:9edee84103e63c40a37cd15bd11e04e7835f65cb3ff5a50972058ffc343b4d96
1.32.4: sha256:c6f96d0468d6976224f5f0d81b65e1a63b47195022646be83e49d38389d572c2 1.32.4: sha256:c6f96d0468d6976224f5f0d81b65e1a63b47195022646be83e49d38389d572c2
1.32.3: sha256:6c2c91e760efbf3fa111a5f0b99ba8975fb1c58bb3974eca88b6134bcf3717e2 1.32.3: sha256:6c2c91e760efbf3fa111a5f0b99ba8975fb1c58bb3974eca88b6134bcf3717e2
1.32.2: sha256:7381bea99c83c264100f324c2ca6e7e13738a73b8928477ac805991440a065cd 1.32.2: sha256:7381bea99c83c264100f324c2ca6e7e13738a73b8928477ac805991440a065cd
1.32.1: sha256:98206fd83a4fd17f013f8c61c33d0ae8ec3a7c53ec59ef3d6a0a9400862dc5b2 1.32.1: sha256:98206fd83a4fd17f013f8c61c33d0ae8ec3a7c53ec59ef3d6a0a9400862dc5b2
1.32.0: sha256:ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896 1.32.0: sha256:ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896
1.31.12: sha256:1c2cc071a6522682f645c5987c0601be92c14848c5123473904e5ede0721039b
1.31.11: sha256:ff740a89ad12cd12c572fd031e48ef36ff9683e9c182118197e4ce749e7b7ce6
1.31.10: sha256:73dcb8c9031d9533c0b8b1f12ffaddf0a5e8c559fbce3397693399212ec75ed9
1.31.9: sha256:1e6de599df408824f13602d73333c08c3528cfa5d6c8c98c633868a966882129
1.31.8: sha256:bd76445943b22d976bdbd1d0709e4bcb5f0081cc02c10139f4b3e5e209dc3019 1.31.8: sha256:bd76445943b22d976bdbd1d0709e4bcb5f0081cc02c10139f4b3e5e209dc3019
1.31.7: sha256:d95454093057af230f09e7b73ee9ae0714cf9e5197fbcb7b902881ca47b7e249 1.31.7: sha256:d95454093057af230f09e7b73ee9ae0714cf9e5197fbcb7b902881ca47b7e249
1.31.6: sha256:fc40a8bbdba41f022aced2dec729a1b9e937ad99872b430b6c2489f1f36a61f5 1.31.6: sha256:fc40a8bbdba41f022aced2dec729a1b9e937ad99872b430b6c2489f1f36a61f5
@@ -235,6 +304,8 @@ kubectl_checksums:
1.31.2: sha256:bb9fd6e5a92c2e2378954a2f1a8b4ccb2e8ba5a3635f870c3f306a53b359f971 1.31.2: sha256:bb9fd6e5a92c2e2378954a2f1a8b4ccb2e8ba5a3635f870c3f306a53b359f971
1.31.1: sha256:3af2451191e27ecd4ac46bb7f945f76b71e934d54604ca3ffc7fe6f5dd123edb 1.31.1: sha256:3af2451191e27ecd4ac46bb7f945f76b71e934d54604ca3ffc7fe6f5dd123edb
1.31.0: sha256:f42832db7d77897514639c6df38214a6d8ae1262ee34943364ec1ffaee6c009c 1.31.0: sha256:f42832db7d77897514639c6df38214a6d8ae1262ee34943364ec1ffaee6c009c
1.30.14: sha256:a32e46ae15fe41292dc6a7cd76beba7104282a5a3fa9e3686319000a537f4f5d
1.30.13: sha256:afed1753b98ab30812203cb469e013082b25502c864f2889e8a0474aac497064
1.30.12: sha256:1af7e16a143c283a29821a09f5a006aacf0fe8368bc18adbd40588ba395e0352 1.30.12: sha256:1af7e16a143c283a29821a09f5a006aacf0fe8368bc18adbd40588ba395e0352
1.30.11: sha256:11f86b29416f344b090c2581df4bc8a98ed7cc14a2bb28e46a6d4aa708af19f4 1.30.11: sha256:11f86b29416f344b090c2581df4bc8a98ed7cc14a2bb28e46a6d4aa708af19f4
1.30.10: sha256:9d65d54f02b0b305d9f3f89d19a60d3e130e09f5407df99f6d48f8c10f31e2ae 1.30.10: sha256:9d65d54f02b0b305d9f3f89d19a60d3e130e09f5407df99f6d48f8c10f31e2ae
@@ -249,11 +320,19 @@ kubectl_checksums:
1.30.1: sha256:d90446719b815e3abfe7b2c46ddf8b3fda17599f03ab370d6e47b1580c0e869e 1.30.1: sha256:d90446719b815e3abfe7b2c46ddf8b3fda17599f03ab370d6e47b1580c0e869e
1.30.0: sha256:669af0cf520757298ea60a8b6eb6b719ba443a9c7d35f36d3fb2fd7513e8c7d2 1.30.0: sha256:669af0cf520757298ea60a8b6eb6b719ba443a9c7d35f36d3fb2fd7513e8c7d2
amd64: amd64:
1.32.8: sha256:0fc709a8262be523293a18965771fedfba7466eda7ab4337feaa5c028aa46b1b
1.32.7: sha256:b8f24d467a8963354b028796a85904824d636132bef00988394cadacffe959c9
1.32.6: sha256:0e31ebf882578b50e50fe6c43e3a0e3db61f6a41c9cded46485bc74d03d576eb
1.32.5: sha256:aaa7e6ff3bd28c262f2d95c8c967597e097b092e9b79bcb37de699e7488e3e7b
1.32.4: sha256:10d739e9af8a59c9e7a730a2445916e04bc9cbb44bc79d22ce460cd329fa076c 1.32.4: sha256:10d739e9af8a59c9e7a730a2445916e04bc9cbb44bc79d22ce460cd329fa076c
1.32.3: sha256:ab209d0c5134b61486a0486585604a616a5bb2fc07df46d304b3c95817b2d79f 1.32.3: sha256:ab209d0c5134b61486a0486585604a616a5bb2fc07df46d304b3c95817b2d79f
1.32.2: sha256:4f6a959dcc5b702135f8354cc7109b542a2933c46b808b248a214c1f69f817ea 1.32.2: sha256:4f6a959dcc5b702135f8354cc7109b542a2933c46b808b248a214c1f69f817ea
1.32.1: sha256:e16c80f1a9f94db31063477eb9e61a2e24c1a4eee09ba776b029048f5369db0c 1.32.1: sha256:e16c80f1a9f94db31063477eb9e61a2e24c1a4eee09ba776b029048f5369db0c
1.32.0: sha256:646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70 1.32.0: sha256:646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70
1.31.12: sha256:cf609add577be9c898c52027e800a008331d6b2a202ecc61413e847f7a12ccd0
1.31.11: sha256:449674ed53789d63c94c147c689be986f4c135848ec91e1a64796ed896934b45
1.31.10: sha256:f7e806b676bea3b4995e9c236445a5f24ae61ed3d5245c39d7b816d209b06a78
1.31.9: sha256:720d31a15368ad56993c127a7d4fa2688a8520029c2e6be86b1a877ad6f92624
1.31.8: sha256:be0aa44a50a9aada4e9402e361ffb0d5bb1fd4f6950751399fcaf3b8b936a746 1.31.8: sha256:be0aa44a50a9aada4e9402e361ffb0d5bb1fd4f6950751399fcaf3b8b936a746
1.31.7: sha256:80a3c83f00241cd402bc8688464e5e3eedd52a461ee41d882f19cf04ad6d0379 1.31.7: sha256:80a3c83f00241cd402bc8688464e5e3eedd52a461ee41d882f19cf04ad6d0379
1.31.6: sha256:c46b2f5b0027e919299d1eca073ebf13a4c5c0528dd854fc71a5b93396c9fa9d 1.31.6: sha256:c46b2f5b0027e919299d1eca073ebf13a4c5c0528dd854fc71a5b93396c9fa9d
@@ -263,6 +342,8 @@ kubectl_checksums:
1.31.2: sha256:399e9d1995da80b64d2ef3606c1a239018660d8b35209fba3f7b0bc11c631c68 1.31.2: sha256:399e9d1995da80b64d2ef3606c1a239018660d8b35209fba3f7b0bc11c631c68
1.31.1: sha256:57b514a7facce4ee62c93b8dc21fda8cf62ef3fed22e44ffc9d167eab843b2ae 1.31.1: sha256:57b514a7facce4ee62c93b8dc21fda8cf62ef3fed22e44ffc9d167eab843b2ae
1.31.0: sha256:7c27adc64a84d1c0cc3dcf7bf4b6e916cc00f3f576a2dbac51b318d926032437 1.31.0: sha256:7c27adc64a84d1c0cc3dcf7bf4b6e916cc00f3f576a2dbac51b318d926032437
1.30.14: sha256:7ccac981ece0098284d8961973295f5124d78eab7b89ba5023f35591baa16271
1.30.13: sha256:b92bd89b27386b671841d5970b926b645c2ae44e5ca0663cff0f1c836a1530ee
1.30.12: sha256:261a3c4eb12e09207b9e08f0b43d547220569317ed8d7a22638572100ace5b80 1.30.12: sha256:261a3c4eb12e09207b9e08f0b43d547220569317ed8d7a22638572100ace5b80
1.30.11: sha256:228a8b2679f84de9192a1ac5ad527c9ab73b0f76c452ed74f11da812bbcfaa42 1.30.11: sha256:228a8b2679f84de9192a1ac5ad527c9ab73b0f76c452ed74f11da812bbcfaa42
1.30.10: sha256:bc74dbeefd4b9d53f03016f6778f3ffc9a72ef4ca7b7c80fd5dc1a41d52dcab7 1.30.10: sha256:bc74dbeefd4b9d53f03016f6778f3ffc9a72ef4ca7b7c80fd5dc1a41d52dcab7
@@ -277,11 +358,19 @@ kubectl_checksums:
1.30.1: sha256:5b86f0b06e1a5ba6f8f00e2b01e8ed39407729c4990aeda961f83a586f975e8a 1.30.1: sha256:5b86f0b06e1a5ba6f8f00e2b01e8ed39407729c4990aeda961f83a586f975e8a
1.30.0: sha256:7c3807c0f5c1b30110a2ff1e55da1d112a6d0096201f1beb81b269f582b5d1c5 1.30.0: sha256:7c3807c0f5c1b30110a2ff1e55da1d112a6d0096201f1beb81b269f582b5d1c5
ppc64le: ppc64le:
1.32.8: sha256:52cc07556a8f0076d4e48003aa416b486c729e9679dbe2ea92bbd88e5be5cc93
1.32.7: sha256:c0fb655243a98c4b063f39f2208c7b9d3cbe77b302a8b8b683aabe42e47fc556
1.32.6: sha256:808e2b86128a9f25922bdb099ebf276ba4220dbf53c63a033348ee119697b22a
1.32.5: sha256:1fc869a9d620982f16104f3b33c393aba54dd41136d18009bf6fc39accf6465c
1.32.4: sha256:61a8c1f441900b4e61defcb83bb54f61f883f9e75810897cfabfd6860ae7e195 1.32.4: sha256:61a8c1f441900b4e61defcb83bb54f61f883f9e75810897cfabfd6860ae7e195
1.32.3: sha256:11e1a377f404bdab6e3587375f7c2ee432df80b56d7ccf6151d4e48cd8063f55 1.32.3: sha256:11e1a377f404bdab6e3587375f7c2ee432df80b56d7ccf6151d4e48cd8063f55
1.32.2: sha256:c25500027cd331ae3e65bed2612491c5307721894e9d39e869f24ca14973677f 1.32.2: sha256:c25500027cd331ae3e65bed2612491c5307721894e9d39e869f24ca14973677f
1.32.1: sha256:46d98d3463e065dff035d76f6c2b604c990d79634cc574d43b0c21f0367bbf0c 1.32.1: sha256:46d98d3463e065dff035d76f6c2b604c990d79634cc574d43b0c21f0367bbf0c
1.32.0: sha256:9f3f239e2601ce53ec4e70b80b7684f9c89817cc9938ed0bb14f125a3c4f8c8f 1.32.0: sha256:9f3f239e2601ce53ec4e70b80b7684f9c89817cc9938ed0bb14f125a3c4f8c8f
1.31.12: sha256:134a4f4e36c8e1b03abacef983ea644c3d40b41af3dca9aa35202c9a324d9768
1.31.11: sha256:c060bf1859761758e2cc3df9d351525f12631c5b2b69b4a8b1c5ebaeca2ae38c
1.31.10: sha256:365e46e1d840de51aa8a9cfec39c048cde574474a231398610ed8dac1551d7fa
1.31.9: sha256:4a2786e8f5dcc2acc3820795811289d5a8e80ff34b5e311ac226af389236da94
1.31.8: sha256:4cc6503cecca4a385362392dc9b350837cd00a654ffc7ad424cc30ebf04c3fab 1.31.8: sha256:4cc6503cecca4a385362392dc9b350837cd00a654ffc7ad424cc30ebf04c3fab
1.31.7: sha256:c00f6aca4ef62dac55b2e7e818c7907704ea96b72ff4861303ee1b5ac4a1158f 1.31.7: sha256:c00f6aca4ef62dac55b2e7e818c7907704ea96b72ff4861303ee1b5ac4a1158f
1.31.6: sha256:678d2299674c20414d83224caad9c4b8290105c2962c911ec90a2e661777e3aa 1.31.6: sha256:678d2299674c20414d83224caad9c4b8290105c2962c911ec90a2e661777e3aa
@@ -291,6 +380,8 @@ kubectl_checksums:
1.31.2: sha256:3a9405b1f8f606f282abb03bf3f926d160be454c21b3867505f15ad2123d4139 1.31.2: sha256:3a9405b1f8f606f282abb03bf3f926d160be454c21b3867505f15ad2123d4139
1.31.1: sha256:635275e4b207902bc6dda29de898e5152229271c46cb9613340e36c3abc2cb67 1.31.1: sha256:635275e4b207902bc6dda29de898e5152229271c46cb9613340e36c3abc2cb67
1.31.0: sha256:92393bc295423429522fa8c49724f95f31fa9bf20062d2c123e928d08886c95d 1.31.0: sha256:92393bc295423429522fa8c49724f95f31fa9bf20062d2c123e928d08886c95d
1.30.14: sha256:49ae5c2259eb196e234da6cc0ca5654f97a1042600c4edb756a24bc06f35b319
1.30.13: sha256:48a0287fb9d7b35bc2b7095976fcaf57225e9d3ae3d5c9c0165219f8d0ba39e9
1.30.12: sha256:d6434d10b4347cfe1aa93092bc8dd89a9ef0dd40e85b5aba7a705facfbff103f 1.30.12: sha256:d6434d10b4347cfe1aa93092bc8dd89a9ef0dd40e85b5aba7a705facfbff103f
1.30.11: sha256:d3de093b8b4c791aa171ad895c44fd738aa5b30135e4c7ee78ee6ac59b2967f2 1.30.11: sha256:d3de093b8b4c791aa171ad895c44fd738aa5b30135e4c7ee78ee6ac59b2967f2
1.30.10: sha256:1bd3adfcb66189575817e7e0149ecb1b6fc157bf06763232ed8d360df8ff29ab 1.30.10: sha256:1bd3adfcb66189575817e7e0149ecb1b6fc157bf06763232ed8d360df8ff29ab
@@ -306,11 +397,19 @@ kubectl_checksums:
1.30.0: sha256:f8a9eac6e12bc8ab7debe6c197d6536f5b3a9f199e8837afd8e4405291351811 1.30.0: sha256:f8a9eac6e12bc8ab7debe6c197d6536f5b3a9f199e8837afd8e4405291351811
kubeadm_checksums: kubeadm_checksums:
arm64: arm64:
1.32.8: sha256:8dbd3fa2d94335d763b983caaf2798caae2d4183f6a95ebff28289f2e86edf68
1.32.7: sha256:a2aad7f7b320c3c847dea84c08e977ba8b5c84d4b7102b46ffd09d41af6c4b51
1.32.6: sha256:f786731c37ce6e89e6b71d5a7518e4d1c633337237e3803615056eb4640bfc8e
1.32.5: sha256:2956c694ff2891acdc4690b807f87ab48419b4925d3fad2ac52ace2a1160bd17
1.32.4: sha256:1b9d97b44758dc4da20d31e3b6d46f50af75ac48be887793e16797a43d9c30e7 1.32.4: sha256:1b9d97b44758dc4da20d31e3b6d46f50af75ac48be887793e16797a43d9c30e7
1.32.3: sha256:f9d007aaf1468ea862ef2a1a1a3f6f34cc57358742ceaff518e1533f5a794181 1.32.3: sha256:f9d007aaf1468ea862ef2a1a1a3f6f34cc57358742ceaff518e1533f5a794181
1.32.2: sha256:fd8a8c1c41d719de703bf49c6f56692dd6477188d8f43dcb77019fd8bc30cbd3 1.32.2: sha256:fd8a8c1c41d719de703bf49c6f56692dd6477188d8f43dcb77019fd8bc30cbd3
1.32.1: sha256:55a57145708aaa37f716f140ef774ca64b7088b6df5ee8eae182936ad6580328 1.32.1: sha256:55a57145708aaa37f716f140ef774ca64b7088b6df5ee8eae182936ad6580328
1.32.0: sha256:5da9746a449a3b8a8312b6dd8c48dcb861036cf394306cfbc66a298ba1e8fbde 1.32.0: sha256:5da9746a449a3b8a8312b6dd8c48dcb861036cf394306cfbc66a298ba1e8fbde
1.31.12: sha256:88fc31963e833d72d1e26159166591aea537d762debb5cc0f0d059fdc717b43b
1.31.11: sha256:73dff62190cd26947a088ceb79d4d039a916091e0c80734e9ddd7b2e0b8efb8b
1.31.10: sha256:01e627449b5f94bc068f7d0680a07abfd118cbf9805c7bce3aea31a46e4a16cc
1.31.9: sha256:d8f5dbb17ce2dead6aedcc700e4293a9395e246079fcdc1772ab9e5cbfeca906
1.31.8: sha256:d0d1a6634e397e4f14b1e5f9b4bd55758ea70bfc114728730d25d563952e453e 1.31.8: sha256:d0d1a6634e397e4f14b1e5f9b4bd55758ea70bfc114728730d25d563952e453e
1.31.7: sha256:3f95765db3b9ebb0cf2ff213ac3b42a831dd995a48d9a6b1d544137d3f2c3018 1.31.7: sha256:3f95765db3b9ebb0cf2ff213ac3b42a831dd995a48d9a6b1d544137d3f2c3018
1.31.6: sha256:03b6df27c630f6137be129d2cef49dc4da12077381af8d234a92e451ba2a16d2 1.31.6: sha256:03b6df27c630f6137be129d2cef49dc4da12077381af8d234a92e451ba2a16d2
@@ -320,6 +419,8 @@ kubeadm_checksums:
1.31.2: sha256:0f9d231569b3195504f8458415e9b3080e23fb6a749fe7752abfc7a2884efadf 1.31.2: sha256:0f9d231569b3195504f8458415e9b3080e23fb6a749fe7752abfc7a2884efadf
1.31.1: sha256:66195cd53cda3c73c9ae5e49a1352c710c0ea9ce244bbdeb68b917d809f0ea78 1.31.1: sha256:66195cd53cda3c73c9ae5e49a1352c710c0ea9ce244bbdeb68b917d809f0ea78
1.31.0: sha256:dbeb84862d844d58f67ad6be64021681a314cda162a04e6047f376f2a9ad0226 1.31.0: sha256:dbeb84862d844d58f67ad6be64021681a314cda162a04e6047f376f2a9ad0226
1.30.14: sha256:8020618ad265918cbf0268afda624923587ac5d7545848a3029a77f6322093e4
1.30.13: sha256:53a256e2ff51d51079e73c5856acfe4c2b1b71ea614aee3e832cf0a72b45fc71
1.30.12: sha256:7abc2db71e0ab3c7c30546851d254542f2c6778d4022437a47a1d48bd722a5d1 1.30.12: sha256:7abc2db71e0ab3c7c30546851d254542f2c6778d4022437a47a1d48bd722a5d1
1.30.11: sha256:644f70389d6f5186685a2d94c0221b55a280a9ec14bd3f3609f008d9244c70e8 1.30.11: sha256:644f70389d6f5186685a2d94c0221b55a280a9ec14bd3f3609f008d9244c70e8
1.30.10: sha256:1dfba299e19ce4b1e605d39604b898c723274eba51495bd8547732a35b90a8c1 1.30.10: sha256:1dfba299e19ce4b1e605d39604b898c723274eba51495bd8547732a35b90a8c1
@@ -334,11 +435,19 @@ kubeadm_checksums:
1.30.1: sha256:bda423cb4b9d056f99a2ef116bdf227fadbc1c3309fa3d76da571427a7f41478 1.30.1: sha256:bda423cb4b9d056f99a2ef116bdf227fadbc1c3309fa3d76da571427a7f41478
1.30.0: sha256:c36afd28921303e6db8e58274de16c60a80a1e75030fc3c4e9c4ed6249b6b696 1.30.0: sha256:c36afd28921303e6db8e58274de16c60a80a1e75030fc3c4e9c4ed6249b6b696
amd64: amd64:
1.32.8: sha256:da4cc996800db14f82fce8813caa55be318e52ef69d82e50e728ef4cfa18b69f
1.32.7: sha256:dcd40af0042c559f3218dbd23bf318b850a5213528b428e1637ccb357ac32498
1.32.6: sha256:7092527a63e5380a6be05cf6041c849ba8d13bf41a2adb2a029f44717f53439f
1.32.5: sha256:9070c3d469f5a3e777948b63a7a5e6c5bd7682c7416547770a78880fe4293ea9
1.32.4: sha256:445cdebd140dc0a9f4d18505821dcca77d7a21992133bf6731777f5724968255 1.32.4: sha256:445cdebd140dc0a9f4d18505821dcca77d7a21992133bf6731777f5724968255
1.32.3: sha256:be42caa726b85b7723605ca8fea22e4a26e0d439b789a3d9d6e636a7078b3db4 1.32.3: sha256:be42caa726b85b7723605ca8fea22e4a26e0d439b789a3d9d6e636a7078b3db4
1.32.2: sha256:fb3a90f1bfc78146a8a03b50eb59aaf957a023c1c5a2b166062ef9412550bba6 1.32.2: sha256:fb3a90f1bfc78146a8a03b50eb59aaf957a023c1c5a2b166062ef9412550bba6
1.32.1: sha256:5ed13bb4bc1d5fb4579b8cc8c7c2245356837122f9a3fd729c2f6d1338f58dcf 1.32.1: sha256:5ed13bb4bc1d5fb4579b8cc8c7c2245356837122f9a3fd729c2f6d1338f58dcf
1.32.0: sha256:8a10abe691a693d6deeeb1c992bc75da9d8c76718a22327688f7eb1d7c15f0d6 1.32.0: sha256:8a10abe691a693d6deeeb1c992bc75da9d8c76718a22327688f7eb1d7c15f0d6
1.31.12: sha256:3228da53372fb8ffab303e7d8b1b0f78c016e461216b6535609e4f2377424349
1.31.11: sha256:d6bea121c00023eed6cebed7c2722b48543bff302142ec483f53aa1bed99c522
1.31.10: sha256:253ee73b1d6d067b336f86c17c93bfa09684e65f42ea7da89f3d6e8268fa0d8e
1.31.9: sha256:9653845e48754df94842cce1ef76874e7f4c1a32d782dd0c7e6cf12e3a718dde
1.31.8: sha256:b979b58548902a152b0ab89265347c34aac9f1c7e9666953806267d033f0d63b 1.31.8: sha256:b979b58548902a152b0ab89265347c34aac9f1c7e9666953806267d033f0d63b
1.31.7: sha256:be84c87c7b40977edf67fb8ee231abb273b93bbab5bb770af0f3f37c0d7c4b81 1.31.7: sha256:be84c87c7b40977edf67fb8ee231abb273b93bbab5bb770af0f3f37c0d7c4b81
1.31.6: sha256:c9d9add6c8cdbeb29d5e1743f23060fc06219b23f561eb9f959b5502fb055611 1.31.6: sha256:c9d9add6c8cdbeb29d5e1743f23060fc06219b23f561eb9f959b5502fb055611
@@ -348,6 +457,8 @@ kubeadm_checksums:
1.31.2: sha256:e3d3f1051d9f7e431aabaf433f121c76fcf6d8401b7ea51f4c7af65af44f1e54 1.31.2: sha256:e3d3f1051d9f7e431aabaf433f121c76fcf6d8401b7ea51f4c7af65af44f1e54
1.31.1: sha256:b3f92d19d482359116dd9ee9c0a10cb86e32a2a2aef79b853d5f07d6a093b0df 1.31.1: sha256:b3f92d19d482359116dd9ee9c0a10cb86e32a2a2aef79b853d5f07d6a093b0df
1.31.0: sha256:cf3b1a44b11ab226e40610e63d99fae7588a82940bb77da471a6dec624c819c2 1.31.0: sha256:cf3b1a44b11ab226e40610e63d99fae7588a82940bb77da471a6dec624c819c2
1.30.14: sha256:bf1f8af81af8ecf003cbc03a8700c6e94a74c183ee092bbc77b92270ada2be70
1.30.13: sha256:dbea796b7b716f7b30ea99e021c3730ef3debace4c8a62c88abfc266b3ab7a96
1.30.12: sha256:88422e8b3749b5eaf50a9889a56ee5615cd8a027711f26c6687788e758b949f8 1.30.12: sha256:88422e8b3749b5eaf50a9889a56ee5615cd8a027711f26c6687788e758b949f8
1.30.11: sha256:06ff7ff15b7fa9af60189fdece5f7c56efa8b637c38b4a498715ca2f04ccfcb2 1.30.11: sha256:06ff7ff15b7fa9af60189fdece5f7c56efa8b637c38b4a498715ca2f04ccfcb2
1.30.10: sha256:177254194194975df68fd69a3647c86260a6c635bee42f516d3cecc047c4bc7c 1.30.10: sha256:177254194194975df68fd69a3647c86260a6c635bee42f516d3cecc047c4bc7c
@@ -362,11 +473,19 @@ kubeadm_checksums:
1.30.1: sha256:651faa3bbbfb368ed00460e4d11732614310b690b767c51810a7b638cc0961a2 1.30.1: sha256:651faa3bbbfb368ed00460e4d11732614310b690b767c51810a7b638cc0961a2
1.30.0: sha256:29f4232c50e6524abba3443ff3b9948d386964d79eb8dfefb409e1f8a8434c14 1.30.0: sha256:29f4232c50e6524abba3443ff3b9948d386964d79eb8dfefb409e1f8a8434c14
ppc64le: ppc64le:
1.32.8: sha256:b5e4f0da030de98f1179a148f6563d69fbfb4c35c2dd1de1d30f000805d12412
1.32.7: sha256:d87ec6c40aef05df1cb23298aff4a7a6c5af64c8a7a1671d4274385a0601b6cb
1.32.6: sha256:ec3fdb5f563b000c824bc4438664ae62797bf75cdcee1448e617f296cbd3e955
1.32.5: sha256:9ace8b24eba37d960a9cafd947015722c383bd695767b7a7c8449a4f6a3f3e9e
1.32.4: sha256:fb0223765d57c59ff4202445b3768e848b6d383dfac058b5882696bca0286053 1.32.4: sha256:fb0223765d57c59ff4202445b3768e848b6d383dfac058b5882696bca0286053
1.32.3: sha256:68cc7669e47575ead58563c39abf89c7faf1c70fb6733ea9c727f303f2af1abf 1.32.3: sha256:68cc7669e47575ead58563c39abf89c7faf1c70fb6733ea9c727f303f2af1abf
1.32.2: sha256:02573483126e39c6b25c769131cf30ea7c470ad635374be343d5e76845a4ecdb 1.32.2: sha256:02573483126e39c6b25c769131cf30ea7c470ad635374be343d5e76845a4ecdb
1.32.1: sha256:ff7f1dd3f1a6a5c0cf2c9977ec7c474bd22908850e33358dd40aeba17d8375b0 1.32.1: sha256:ff7f1dd3f1a6a5c0cf2c9977ec7c474bd22908850e33358dd40aeba17d8375b0
1.32.0: sha256:d79fe8cbd1d98bcbe56b8c0c3a64716603581cecf274951af49aa07748bf175a 1.32.0: sha256:d79fe8cbd1d98bcbe56b8c0c3a64716603581cecf274951af49aa07748bf175a
1.31.12: sha256:fc01a581bf4a957e76c88f7c51843ad9a2c6ac1a680516ea3360d9a8620cf6ee
1.31.11: sha256:9aa16830554eb1bf4b3dafeb38e9547e2a7e31d2752a23aedf9e40a2ab922146
1.31.10: sha256:6057f61bb0d06dbf657efd8bfbea17bbe7a8347c61fcd6932005e7dc5140f794
1.31.9: sha256:0edee6d9df59cbde094dc7c78bc2cb326ef5ee05072a41196413d1952d078224
1.31.8: sha256:ce95a67e563099bf0020c8b577d12e1acd28fa622a317c5dbea4dcba38f1a4db 1.31.8: sha256:ce95a67e563099bf0020c8b577d12e1acd28fa622a317c5dbea4dcba38f1a4db
1.31.7: sha256:98c501edf7ceb4defd84a6925d9c69f6a8053f16342091af946ff2f2bdace10b 1.31.7: sha256:98c501edf7ceb4defd84a6925d9c69f6a8053f16342091af946ff2f2bdace10b
1.31.6: sha256:03cd9275b9437fc913cbc7b4a365671bd9cb52e67525dd1ba154c792bbfc44fa 1.31.6: sha256:03cd9275b9437fc913cbc7b4a365671bd9cb52e67525dd1ba154c792bbfc44fa
@@ -376,6 +495,8 @@ kubeadm_checksums:
1.31.2: sha256:57771542703fbb18916728b3701298fda62f28a1d9f144ae3712846d2bb50f8a 1.31.2: sha256:57771542703fbb18916728b3701298fda62f28a1d9f144ae3712846d2bb50f8a
1.31.1: sha256:76667e109e2dfcb332820c35f598b6f588b6f18c8b59acfb956fb9b4995dda4e 1.31.1: sha256:76667e109e2dfcb332820c35f598b6f588b6f18c8b59acfb956fb9b4995dda4e
1.31.0: sha256:002307ea116a5aa5f78d3d9fb00e9981593711fb79fdfc9be0a9857c370bdcf3 1.31.0: sha256:002307ea116a5aa5f78d3d9fb00e9981593711fb79fdfc9be0a9857c370bdcf3
1.30.14: sha256:3e3e17a1ce28de44ba682f5e073d9d922e88d63ee561182232a50aeecae9a779
1.30.13: sha256:6751937c03c3202afe650b015ded5ff2d2ec63db2d1a87fae50f07f3084049d8
1.30.12: sha256:dda533c81cbe3cc130f78dffa46c839015a5b75d889c95ee178f8989ff7d21f9 1.30.12: sha256:dda533c81cbe3cc130f78dffa46c839015a5b75d889c95ee178f8989ff7d21f9
1.30.11: sha256:93f26ae616ad31d59a4160d1948a7b3a621cf8e8b47efe55e7ed84f9667a94fa 1.30.11: sha256:93f26ae616ad31d59a4160d1948a7b3a621cf8e8b47efe55e7ed84f9667a94fa
1.30.10: sha256:fe825263316c29eb9cf78267ad524953865d058744135121b6b0b5aa0dcbee8c 1.30.10: sha256:fe825263316c29eb9cf78267ad524953865d058744135121b6b0b5aa0dcbee8c
@@ -391,6 +512,7 @@ kubeadm_checksums:
1.30.0: sha256:a77badcaff292862df8324e17f74ab7ce3c6ea9f390647878f1838a3a832f413 1.30.0: sha256:a77badcaff292862df8324e17f74ab7ce3c6ea9f390647878f1838a3a832f413
etcd_binary_checksums: etcd_binary_checksums:
arm64: arm64:
3.5.22: sha256:22aca5a253c4a9f2850300b0a1dd209587586ff0e985f5cb1c34e9e5edc07848
3.5.21: sha256:95bf6918623a097c0385b96f139d90248614485e781ec9bee4768dbb6c79c53f 3.5.21: sha256:95bf6918623a097c0385b96f139d90248614485e781ec9bee4768dbb6c79c53f
3.5.20: sha256:f034232e6fb64b0d89c45fd78b8b4c3e9fb8d69605dddddcdebf5d7cd96a1531 3.5.20: sha256:f034232e6fb64b0d89c45fd78b8b4c3e9fb8d69605dddddcdebf5d7cd96a1531
3.5.19: sha256:a786fd2c92c3c0404586ffedf1b318e4944a17aefed1fa6566f5712ddb8359ad 3.5.19: sha256:a786fd2c92c3c0404586ffedf1b318e4944a17aefed1fa6566f5712ddb8359ad
@@ -408,6 +530,7 @@ etcd_binary_checksums:
3.5.7: sha256:1a35314900da7db006b198dd917e923459b462128101736c63a3cda57ecdbf51 3.5.7: sha256:1a35314900da7db006b198dd917e923459b462128101736c63a3cda57ecdbf51
3.5.6: sha256:888e25c9c94702ac1254c7655709b44bb3711ebaabd3cb05439f3dd1f2b51a87 3.5.6: sha256:888e25c9c94702ac1254c7655709b44bb3711ebaabd3cb05439f3dd1f2b51a87
amd64: amd64:
3.5.22: sha256:20174ab70a6f3df94da13ecac4610f42c47d25af82426f21c112c2c841ec499a
3.5.21: sha256:adddda4b06718e68671ffabff2f8cee48488ba61ad82900e639d108f2148501c 3.5.21: sha256:adddda4b06718e68671ffabff2f8cee48488ba61ad82900e639d108f2148501c
3.5.20: sha256:9ac85616fb8c0e45f485074dde0258ca2b7b42f1dd5320821af5a8b66daf7072 3.5.20: sha256:9ac85616fb8c0e45f485074dde0258ca2b7b42f1dd5320821af5a8b66daf7072
3.5.19: sha256:16ae742def5f330800590e8d505d72830a3b0b7012e559e6bd76f0bc9864bf42 3.5.19: sha256:16ae742def5f330800590e8d505d72830a3b0b7012e559e6bd76f0bc9864bf42
@@ -425,6 +548,7 @@ etcd_binary_checksums:
3.5.7: sha256:a43119af79c592a874e8f59c4f23832297849d0c479338f9df36e196b86bc396 3.5.7: sha256:a43119af79c592a874e8f59c4f23832297849d0c479338f9df36e196b86bc396
3.5.6: sha256:4db32e3bc06dd0999e2171f76a87c1cffed8369475ec7aa7abee9023635670fb 3.5.6: sha256:4db32e3bc06dd0999e2171f76a87c1cffed8369475ec7aa7abee9023635670fb
ppc64le: ppc64le:
3.5.22: sha256:4dbe98bf5fd82a0f9295bd7ab47429381ab0a80f1e83861c50b01452fa515353
3.5.21: sha256:6fb6ecb3d1b331eb177dc610a8efad3aceb1f836d6aeb439ba0bfac5d5c2a38c 3.5.21: sha256:6fb6ecb3d1b331eb177dc610a8efad3aceb1f836d6aeb439ba0bfac5d5c2a38c
3.5.20: sha256:563bdac64fc92442cf366c02294dff1cbbd3885a86dbcf7f2e87d9388c3b3223 3.5.20: sha256:563bdac64fc92442cf366c02294dff1cbbd3885a86dbcf7f2e87d9388c3b3223
3.5.19: sha256:cc8651929f4d5794892eeeabf612a243ea6233125bc5f8b0f711118736e2710f 3.5.19: sha256:cc8651929f4d5794892eeeabf612a243ea6233125bc5f8b0f711118736e2710f
@@ -480,10 +604,13 @@ cni_binary_checksums:
1.0.0: sha256:1a055924b1b859c54a97dc14894ecaa9b81d6d949530b9544f0af4173f5a8f2a 1.0.0: sha256:1a055924b1b859c54a97dc14894ecaa9b81d6d949530b9544f0af4173f5a8f2a
calicoctl_binary_checksums: calicoctl_binary_checksums:
arm64: arm64:
3.29.5: sha256:b121a5fb297271c72ba252f6650d4752c67772f16dd57022d69439866e947957
3.29.4: sha256:3139c83cdd3e648d9605c2cebb4657871e41310aad0c7b4bf198e3a8393c5cec
3.29.3: sha256:d6cba570af9162dff56714ac5e22dfdd170742bc58a51211f587875a3de79fc4 3.29.3: sha256:d6cba570af9162dff56714ac5e22dfdd170742bc58a51211f587875a3de79fc4
3.29.2: sha256:3a9b80335338b7f4af762d4a7cf68e67b40839e50711fbe6e67f9a62b69bafdd 3.29.2: sha256:3a9b80335338b7f4af762d4a7cf68e67b40839e50711fbe6e67f9a62b69bafdd
3.29.1: sha256:6f662d316a267854dc5487242ca7ec8ca70c35b52bed258aafb76c2d113643c2 3.29.1: sha256:6f662d316a267854dc5487242ca7ec8ca70c35b52bed258aafb76c2d113643c2
3.29.0: sha256:ab23afb283fcdffcf0e1156cdced68d05b6c2b70fd4ea2cbc3189d0ecd43bdfd 3.29.0: sha256:ab23afb283fcdffcf0e1156cdced68d05b6c2b70fd4ea2cbc3189d0ecd43bdfd
3.28.5: sha256:691baba17e6a50d0ceee7f95569b864729e436f474fce1e9842041b33cc14316
3.28.4: sha256:48887a6dd715f7340511788c3f311810326e61dcce5a6c1554e365cd372ffab1 3.28.4: sha256:48887a6dd715f7340511788c3f311810326e61dcce5a6c1554e365cd372ffab1
3.28.3: sha256:b61b5206bc7795793edf792040acf5c52d48ff5de701001d0dbbd850edd0c077 3.28.3: sha256:b61b5206bc7795793edf792040acf5c52d48ff5de701001d0dbbd850edd0c077
3.28.2: sha256:8ebe965424ac94084499182b2853de62e5d18cdc346a3b8974e991d8b7a9592d 3.28.2: sha256:8ebe965424ac94084499182b2853de62e5d18cdc346a3b8974e991d8b7a9592d
@@ -495,10 +622,13 @@ calicoctl_binary_checksums:
3.27.2: sha256:0fd1f65a511338cf9940835987d420c94ab95b5386288ba9673b736a4d347463 3.27.2: sha256:0fd1f65a511338cf9940835987d420c94ab95b5386288ba9673b736a4d347463
3.27.0: sha256:b4b8c71f9658165e45336b9b5e4fad865529feeffe4294247eb5b4c4310dcaf9 3.27.0: sha256:b4b8c71f9658165e45336b9b5e4fad865529feeffe4294247eb5b4c4310dcaf9
amd64: amd64:
3.29.5: sha256:0b118c7efa08e84751a6c7f6647d61ecac58793343d949ad75b71a1d55480a9c
3.29.4: sha256:f2a6da6e97052da3b8b787aaea61fa83298586e822af8b9ec5f3858859de759c
3.29.3: sha256:8101eef6d31ca80db0c64c7ab8930f657dafc1f8696f145ef5d5f162026eedda 3.29.3: sha256:8101eef6d31ca80db0c64c7ab8930f657dafc1f8696f145ef5d5f162026eedda
3.29.2: sha256:6076d6745c4d60c0c4322961cbb256a0ffa8476cf7f8dbe5de4ae82c55bca020 3.29.2: sha256:6076d6745c4d60c0c4322961cbb256a0ffa8476cf7f8dbe5de4ae82c55bca020
3.29.1: sha256:2ac849181cb1fb40c61c06d075711025cdb909d80562d078cc548d50a0edcd3d 3.29.1: sha256:2ac849181cb1fb40c61c06d075711025cdb909d80562d078cc548d50a0edcd3d
3.29.0: sha256:df5048549d72a1f7ea4f61c655699d3b16d8a45873f28c3855c39597b73e8a3d 3.29.0: sha256:df5048549d72a1f7ea4f61c655699d3b16d8a45873f28c3855c39597b73e8a3d
3.28.5: sha256:fe4702ce171045728b6c37b2c01e6f903780997aea7e695b35735754eeeeaf64
3.28.4: sha256:ff07f5ac4dbf9a849adb12db20e7b35857869fb98b23e802404dbb4a8a98e013 3.28.4: sha256:ff07f5ac4dbf9a849adb12db20e7b35857869fb98b23e802404dbb4a8a98e013
3.28.3: sha256:b7dc6d01407ea04c110b8d50312591d7a7c3aa5239c875354ced83ac6b924137 3.28.3: sha256:b7dc6d01407ea04c110b8d50312591d7a7c3aa5239c875354ced83ac6b924137
3.28.2: sha256:d7f30447f0f59262051b95bdc656407442c4f71066dc37ddd3b676108fab569d 3.28.2: sha256:d7f30447f0f59262051b95bdc656407442c4f71066dc37ddd3b676108fab569d
@@ -510,10 +640,13 @@ calicoctl_binary_checksums:
3.27.2: sha256:692f69dc656e41cd35e23e24f56c98c4aeeb723fed129985b46f71e6eb5e1594 3.27.2: sha256:692f69dc656e41cd35e23e24f56c98c4aeeb723fed129985b46f71e6eb5e1594
3.27.0: sha256:46e79ae146b3dd90998f56511cf5d6db64deb97cb784235caf1f99e0672d66e4 3.27.0: sha256:46e79ae146b3dd90998f56511cf5d6db64deb97cb784235caf1f99e0672d66e4
ppc64le: ppc64le:
3.29.5: sha256:ec2ab56be3ffdc7ee41f14f3a5fe17564c13a8103939113437c124e2a9900a0e
3.29.4: sha256:c7798ef7817bb67f84d54aef661066e64f957977fc80f88b49be2b13a3492d06
3.29.3: sha256:edb98d2a0d3f8afbf98eb000f0d535d4678af39dd6e10a09ea5615a4824f692f 3.29.3: sha256:edb98d2a0d3f8afbf98eb000f0d535d4678af39dd6e10a09ea5615a4824f692f
3.29.2: sha256:6f3fd72be26fcf52605d9ece716363a73bb194ca59ee34a257156d30fa5c1542 3.29.2: sha256:6f3fd72be26fcf52605d9ece716363a73bb194ca59ee34a257156d30fa5c1542
3.29.1: sha256:ef6064f2ec1a09b5eb8c43ab0c64bd42785c24f5b22b950583fb5074f472c2b7 3.29.1: sha256:ef6064f2ec1a09b5eb8c43ab0c64bd42785c24f5b22b950583fb5074f472c2b7
3.29.0: sha256:c9c2a29a349c6f681aa79b5f5d6aee738305d95aa7f158b6217f487808758e53 3.29.0: sha256:c9c2a29a349c6f681aa79b5f5d6aee738305d95aa7f158b6217f487808758e53
3.28.5: sha256:1aa3b36f198aecdad312664c7b2dd2b15daced54fd4e2db56563d57431fb10d3
3.28.4: sha256:9646b8b66981ed68017d30291f44e3e4ff1f6ce318c88c1e837097c061e2bb79 3.28.4: sha256:9646b8b66981ed68017d30291f44e3e4ff1f6ce318c88c1e837097c061e2bb79
3.28.3: sha256:08bfe47df894ae22f2a1256f28b46345cc1718cd9c936ca8248ae5b761c33dab 3.28.3: sha256:08bfe47df894ae22f2a1256f28b46345cc1718cd9c936ca8248ae5b761c33dab
3.28.2: sha256:9889a2f9c26ae82a501b33440b3a0772f552a4ece128cd57a21e395452b4238f 3.28.2: sha256:9889a2f9c26ae82a501b33440b3a0772f552a4ece128cd57a21e395452b4238f
@@ -526,6 +659,14 @@ calicoctl_binary_checksums:
3.27.0: sha256:3de46d8bc30c6f9d9387d484ed62a5655c1f204b1b831b5a90f0a0d1c1ffd752 3.27.0: sha256:3de46d8bc30c6f9d9387d484ed62a5655c1f204b1b831b5a90f0a0d1c1ffd752
ciliumcli_binary_checksums: ciliumcli_binary_checksums:
arm64: arm64:
0.18.6: sha256:7639c69b410c26d0276fe1297d53e9573f094b56822bd01e85153acb3ca7dd43
0.18.5: sha256:54a517c05e1f60c4d3230191edcdc80647dc666173896a8e724817694aae4194
0.18.4: sha256:ee438745fedf3ffeb289a12e5d1a8b1a4e8f931a66835ad705bd491461051087
0.18.3: sha256:e0588268fc9ab6e0b7a363c4e15ecf69ed2a4cade956ab272745262e456f0e54
0.18.2: sha256:db3fae09ba005d6d345858655777bb5c972c9c841f98dc3fad3455d3084dba61
0.18.1: sha256:e6556fc7ccd071d7612446945d361c869dfeb423e0738147e0b46b2550bc2bf9
0.18.0: sha256:fd20a79875c8089694fb9b5dc3a0bf89d51711f9239637931ff0ace76ce78816
0.17.0: sha256:dee29ad27f3958882b450019e2021698282e8fcf8b136c27397798102cc1ad13
0.16.24: sha256:cf7f1276bbcf4aa5e6347d5619efe990cf1340d5898f8405931e277a1f76c670 0.16.24: sha256:cf7f1276bbcf4aa5e6347d5619efe990cf1340d5898f8405931e277a1f76c670
0.16.23: sha256:7973302bead01c3f2e1d0f03e2766a0d6e76d3c52c666c750b9871a28b9afb32 0.16.23: sha256:7973302bead01c3f2e1d0f03e2766a0d6e76d3c52c666c750b9871a28b9afb32
0.16.22: sha256:b70c15e40b36ac34d59597f2448c5b4e0033964c517f926dbb9654aa07fb1e5b 0.16.22: sha256:b70c15e40b36ac34d59597f2448c5b4e0033964c517f926dbb9654aa07fb1e5b
@@ -561,6 +702,14 @@ ciliumcli_binary_checksums:
0.15.16: sha256:86ed6a2e796c39dd00072e7c141fc35b68d63392d1ac5e183a7ce9d7263e23a0 0.15.16: sha256:86ed6a2e796c39dd00072e7c141fc35b68d63392d1ac5e183a7ce9d7263e23a0
0.15.15: sha256:5c1693ea163b094a92ebc6997b6e678cc8c24a52040c22433b58b419de74b28f 0.15.15: sha256:5c1693ea163b094a92ebc6997b6e678cc8c24a52040c22433b58b419de74b28f
amd64: amd64:
0.18.6: sha256:075bcc605308ff40a488d75a9a8555713dc0139d36536e032d3ebc2a1e7a9f4d
0.18.5: sha256:e63893745b67f58032d9b4f142ae7d6e97286df66af27ff24cd72dc81efc9ff9
0.18.4: sha256:6d7d2831380e8741cd46ef92e8f5132c66864311432fae5ab572608ca2d69353
0.18.3: sha256:5fe565f3b98b5846b867319aa76bc057fca37894d80db56edc20e4e809d10b25
0.18.2: sha256:1b4bd5fd5c96ab1195cd4eb56841c983a21149c62ee39922b7955f1cd0eda23a
0.18.1: sha256:c472639d460173e8d807a3f57048f9d1bcdb325e9edba320550d7ec62b72f956
0.18.0: sha256:3ac8bd270763e40a7853c73f8c7ec9e49707e1723801884a083dc25469b6b4ba
0.17.0: sha256:4ba0687ff7d47e182a7328409fb0eae123e64fa6099cd6f8b9bf240c0012ecf4
0.16.24: sha256:019c9c765222b3db5786f7b3a0bff2cd62944a8ce32681acfb47808330f405a7 0.16.24: sha256:019c9c765222b3db5786f7b3a0bff2cd62944a8ce32681acfb47808330f405a7
0.16.23: sha256:e7cd3b982eca9b6214226536a147490ebb6ea3caad40d5a724daeea0bec5e3be 0.16.23: sha256:e7cd3b982eca9b6214226536a147490ebb6ea3caad40d5a724daeea0bec5e3be
0.16.22: sha256:8bd9faae272aef2e75c686a55de782018013098b66439a1ee0c8ff1e05c5d32c 0.16.22: sha256:8bd9faae272aef2e75c686a55de782018013098b66439a1ee0c8ff1e05c5d32c
@@ -597,10 +746,13 @@ ciliumcli_binary_checksums:
0.15.15: sha256:492279c1f960c79747290a5d1e1b21084a04a93f9e13ab4ae7df4c76fe808aff 0.15.15: sha256:492279c1f960c79747290a5d1e1b21084a04a93f9e13ab4ae7df4c76fe808aff
calico_crds_archive_checksums: calico_crds_archive_checksums:
no_arch: no_arch:
3.29.5: sha256:f36d0b31aaa34f648b211d16f864f262e4700aad30ab0889b327d31c115b6a42
3.29.4: sha256:6d2396fde36ba59ad55a92b5b66643adcc9ee13bb2b3986b1014e2f8f95fa861
3.29.3: sha256:66d49b3af986944e58fede252a2c164251a63f43894181ed7401a6e11dcd8421 3.29.3: sha256:66d49b3af986944e58fede252a2c164251a63f43894181ed7401a6e11dcd8421
3.29.2: sha256:1866b407213b6191627c0ce7be5a0d7c14a016823b3bbc2a6898c57be6c59917 3.29.2: sha256:1866b407213b6191627c0ce7be5a0d7c14a016823b3bbc2a6898c57be6c59917
3.29.1: sha256:17894ed9f7487f1418e599fdeff5db9047374dee12d560114e25ff9147a455c3 3.29.1: sha256:17894ed9f7487f1418e599fdeff5db9047374dee12d560114e25ff9147a455c3
3.29.0: sha256:403a6b8616c4e97b081d7be27e9024f2f66b2d73a0ea037420a29689205b2064 3.29.0: sha256:403a6b8616c4e97b081d7be27e9024f2f66b2d73a0ea037420a29689205b2064
3.28.5: sha256:c3ca0752eac5cab50dc9ae5bc2e3c2f8eea2d9030c1f9846d2e8563c8a8aec2c
3.28.4: sha256:a296906bd6b38187ba15669139dd6bf8bd26d0b191e9773fa0e85a5cc2d0b5e9 3.28.4: sha256:a296906bd6b38187ba15669139dd6bf8bd26d0b191e9773fa0e85a5cc2d0b5e9
3.28.3: sha256:2b3348fb9e022bb6703c460789bd9327d9062c6854262e263fd409ff368034e7 3.28.3: sha256:2b3348fb9e022bb6703c460789bd9327d9062c6854262e263fd409ff368034e7
3.28.2: sha256:f02a0e99e060850bd9050d4c94d37df899911a5e357e1d26e1b5b79a923bb389 3.28.2: sha256:f02a0e99e060850bd9050d4c94d37df899911a5e357e1d26e1b5b79a923bb389
@@ -679,6 +831,7 @@ helm_archive_checksums:
3.14.0: sha256:f1f9d3561724863edd4c06d89acb2e2fd8ae0f1b72058ceb891fa1c346ce5dbc 3.14.0: sha256:f1f9d3561724863edd4c06d89acb2e2fd8ae0f1b72058ceb891fa1c346ce5dbc
cri_dockerd_archive_checksums: cri_dockerd_archive_checksums:
arm64: arm64:
0.3.18: sha256:d16204a4f01685ba67319adb3acc6a6f3e62d8bcfd87bc67f5e08f7332515a9d
0.3.17: sha256:761ee6db946ff2c8da04e57833dbbca8e5c38bc3f5b8e84bda689b1b7260c36f 0.3.17: sha256:761ee6db946ff2c8da04e57833dbbca8e5c38bc3f5b8e84bda689b1b7260c36f
0.3.16: sha256:0ab930b6f7ab87697cd94c954d01e19fdd5b5d65810662effb957c5db49a55d4 0.3.16: sha256:0ab930b6f7ab87697cd94c954d01e19fdd5b5d65810662effb957c5db49a55d4
0.3.15: sha256:39e430378c9c08a1d5056426e3c772ae50416ffeadbe720fa63a853c475fd5a4 0.3.15: sha256:39e430378c9c08a1d5056426e3c772ae50416ffeadbe720fa63a853c475fd5a4
@@ -693,6 +846,7 @@ cri_dockerd_archive_checksums:
0.3.6: sha256:793b8f57cecf734c47bface10387a8e90994c570b516cb755900f21ebd0a663b 0.3.6: sha256:793b8f57cecf734c47bface10387a8e90994c570b516cb755900f21ebd0a663b
0.3.5: sha256:c20014dc5a71e6991a3bd7e1667c744e3807b5675b1724b26bb7c70093582cfe 0.3.5: sha256:c20014dc5a71e6991a3bd7e1667c744e3807b5675b1724b26bb7c70093582cfe
amd64: amd64:
0.3.18: sha256:937578ddcdb28c71afded3fda25d555e0c9e6d396668977ff98228d55886dc79
0.3.17: sha256:5568d571c2cfee7a31ce0b35b7fcc65b96c85b573ee6645151c4d022ed92a626 0.3.17: sha256:5568d571c2cfee7a31ce0b35b7fcc65b96c85b573ee6645151c4d022ed92a626
0.3.16: sha256:cc7f181ce850130dc375515c54cd8a27e1e862252abc5b7eade7b4a03ddabd8e 0.3.16: sha256:cc7f181ce850130dc375515c54cd8a27e1e862252abc5b7eade7b4a03ddabd8e
0.3.15: sha256:4779b7c3663f002871e79ecf6aa8eb48d0bb74df035baecf56b816deb21d12c4 0.3.15: sha256:4779b7c3663f002871e79ecf6aa8eb48d0bb74df035baecf56b816deb21d12c4
@@ -794,6 +948,8 @@ crun_checksums:
1.9.2: sha256:42813b5bea2137bf9abcd1bcaa098a7d61fbbffd2a35d9c9f0f1ba79fb74eb5b 1.9.2: sha256:42813b5bea2137bf9abcd1bcaa098a7d61fbbffd2a35d9c9f0f1ba79fb74eb5b
youki_checksums: youki_checksums:
amd64: amd64:
0.5.5: sha256:7a6844c2e529daa54c6d7558572269508faa26e3b14b5440f9502c413fef558c
0.5.4: sha256:69709a8739c868071e8e7e4bdcbcab41b28524c2adb2f0af0c1a4d6ba4691ae0
0.5.3: sha256:173b8998cd0abf22e38e36611b34cc19a16431b353dd893e3d988cfc77b4e6ac 0.5.3: sha256:173b8998cd0abf22e38e36611b34cc19a16431b353dd893e3d988cfc77b4e6ac
0.5.2: sha256:361c7187939eab02039fa4289d33158fe4bf4d21ab8cc7139ace8f52081524ba 0.5.2: sha256:361c7187939eab02039fa4289d33158fe4bf4d21ab8cc7139ace8f52081524ba
0.5.1: sha256:554dea487dcb54b34fff003fc047458cecf073337d20b77e69c22918c2986aaf 0.5.1: sha256:554dea487dcb54b34fff003fc047458cecf073337d20b77e69c22918c2986aaf
@@ -801,6 +957,8 @@ youki_checksums:
0.4.1: sha256:6f7ea3651b284a808f344ad40f9f8315b3b02b76a3ee6c6af7bfff65753284c9 0.4.1: sha256:6f7ea3651b284a808f344ad40f9f8315b3b02b76a3ee6c6af7bfff65753284c9
0.4.0: sha256:7cf3ae3d1be19a731378b289000cb36ba9cedcbff8a0cabe38edb782e8c55f72 0.4.0: sha256:7cf3ae3d1be19a731378b289000cb36ba9cedcbff8a0cabe38edb782e8c55f72
arm64: arm64:
0.5.5: sha256:83069dd0ac11dca04f5a2376f27538f86ae5304db0ba148b20d342afe62d6069
0.5.4: sha256:2a8d55a7127c751d088ab9ef989496b700afde414296139d5461606527869c42
0.5.3: sha256:a15dfe9a1eec2d595b9a972a8a0fa1a919ee3d3523e77ca8c22099bfadf7e88d 0.5.3: sha256:a15dfe9a1eec2d595b9a972a8a0fa1a919ee3d3523e77ca8c22099bfadf7e88d
0.5.2: sha256:8df7e4898088e6fcf942f2e145b0a50c1ad81f5109044e48897c0af9bb3f83e6 0.5.2: sha256:8df7e4898088e6fcf942f2e145b0a50c1ad81f5109044e48897c0af9bb3f83e6
0.5.1: sha256:ed8e2f5ac03553d0a8ac641339a9f94f42baee652e2afdc1afae08529807a796 0.5.1: sha256:ed8e2f5ac03553d0a8ac641339a9f94f42baee652e2afdc1afae08529807a796
@@ -824,6 +982,16 @@ kata_containers_binary_checksums:
3.2.0: sha256:40627b7ac677ce0f5ffc73b32c1a8bc553e75b746b6cdf8f14642ac27dac3148 3.2.0: sha256:40627b7ac677ce0f5ffc73b32c1a8bc553e75b746b6cdf8f14642ac27dac3148
gvisor_runsc_binary_checksums: gvisor_runsc_binary_checksums:
arm64: arm64:
'20250820.0': sha512:02767f2682b088558d55b2874732e2668803eee06608654a27429b2f17428b469ea3d166f0d281fd0e081e2b57df86e50dea5bd9fb2286d08edc120b26516ead
'20250811.0': sha512:f37d5629be1877937ab906a1a5047430a9c16bf15688e3068b589e3659c4ad176faced985f16abdb120ecdceb1c149439f4c2ff557c40a7699502f11edeff9d0
'20250804.0': sha512:18c66aff5fa090f7929c57a30157b577ec5322718693caa4d9fb404e13ab531e0e77fc55ad3470217b3808ee68876670f38ec950147d9ac13857ded758f09528
'20250721.0': sha512:e419753ffe2fea7ba74a033156d445236f531a52cf4976b4b40d50a4071fc1b29ac5faac9604fd069e1a6d9553b66f75f649b3437c6cc5afe9e7d071c1415dbe
'20250715.0': sha512:e49ef9b557c9800f16156c9b79b44b2c3ab2779c0bf4ed5ed2a9a666c4e63684bd954485e4db94dde8cb69f46fb59794d9716c453921b8c69ddd40d8b01c1e40
'20250707.0': sha512:c2f7539edb022c01912eee358f57f0fdee2c7333323e46f53a3892a3d367746cbb5cb472070a3ebabbfde4491009613a663f9ab5f2bdea7059e21ea2764614a0
'20250625.0': sha512:3016f92fdcf4e0badc801ffa5502751c0746efce50dfbc2e58613ee0aaeb44e4ea2dffc01a52703d24348f815c1c16af1eb77ec463b4ad0f790ac54fffd041bf
'20250616.0': sha512:b1e9af177411faaab3349e1e04924ad4b7b19103c974962fe65235943a5856e87b8f9f9261bc6b1f014237dfe443c833c1ae12139228ddb49c4745e6c848f414
'20250611.0': sha512:6eba75bd816329bdb909c1d7f80dfd01aea88aa8f880740a1eefa348d2211b1460975da559d851609e3b68008ebf89643a23a8854413b032e5855e32fbb8246a
'20250512.0': sha512:00e9edeb4a9ae702c9617a583f2978a042f20a05807acfa992bc76de4fae2e6e1e994d34ad6f21c826d2cfdea89f6a163c69c0750cf4d90135146438587a3a8c
'20250505.0': sha512:1611599c6788d3c3f7495b5054aaf9ec81e7a714061582f913359886452fa14f8e65b2bd2d139bc24b5955749167f0db03aefaa6b3ae175296b56814f53d7898 '20250505.0': sha512:1611599c6788d3c3f7495b5054aaf9ec81e7a714061582f913359886452fa14f8e65b2bd2d139bc24b5955749167f0db03aefaa6b3ae175296b56814f53d7898
'20250429.0': sha512:bd58d212088263ad998fa62dbc7f2a8f74ea3914e8a7a319813c3e461f297dcdbc3e85069aacbcaa8c2e573b0e7b17d730d21ab96f8c3ca9516bd43acc070330 '20250429.0': sha512:bd58d212088263ad998fa62dbc7f2a8f74ea3914e8a7a319813c3e461f297dcdbc3e85069aacbcaa8c2e573b0e7b17d730d21ab96f8c3ca9516bd43acc070330
'20250421.0': sha512:647127e139c77d5d360db915d64a21f461fc11ea47d3660feb48952a70639155cd8c19e2bbe16d190a1666c6f689c45bda2aa5d3440596ef174983fe41d8539d '20250421.0': sha512:647127e139c77d5d360db915d64a21f461fc11ea47d3660feb48952a70639155cd8c19e2bbe16d190a1666c6f689c45bda2aa5d3440596ef174983fe41d8539d
@@ -866,6 +1034,16 @@ gvisor_runsc_binary_checksums:
'20240109.0': sha256:51a1b299997834b902192806def688b1e23ff6b14f28a9ed3397f3f6572a189a '20240109.0': sha256:51a1b299997834b902192806def688b1e23ff6b14f28a9ed3397f3f6572a189a
'20231218.0': sha256:86262a78946deacc309c0f08883659ee3298c288048dc30955945e71993c81a8 '20231218.0': sha256:86262a78946deacc309c0f08883659ee3298c288048dc30955945e71993c81a8
amd64: amd64:
'20250820.0': sha512:d6c12a4cb4f714bfcba6fd6611ad4ca73fd88dce790a083d2ceda807cd7e074c0131d5dd2a3490399e8be91feed9afe450793e9708dacddc4afc99ee6e5c3d2e
'20250811.0': sha512:95cc8973a8ba6fdea608c36288afe83e17a890398d387de89dfd1457e902ab1d73fd3bd52a4fc2b923accd36ad5d1e76b5ea373e9c68d9821efb1785f830892d
'20250804.0': sha512:c9572008a35e812277b158933e7f549b734ac0e52349398067f3de1bd42572dee6a0911e85d2737b33e8adbf94515b630d57936058cdbb199b02a290a906ae5b
'20250721.0': sha512:cafd0256341a5e6b32b81cdb8664943d82a80f55ce10fb4d5061e1ac0c8a767946d8665055bb1529226813b215dc545067a3a428b9673aaec85a32455a82a11a
'20250715.0': sha512:06b3c36e6230a4f106914b7a82c5218724ca574b6c4590bb9f50796e4aa257bfae8b621b346561ed9a6e31c1328d447cf7594c6d0fc26532c3ba15171f18e7f0
'20250707.0': sha512:348687c9a10c23a51da5dcffcd9e1866250b2a964aa1f599ccd706c41bf0b85823875d6edd5b4dbc1f2e9229eed6d9cb13193fc13b988d3ea614bed9b4ebe955
'20250625.0': sha512:2193da9a4a2a072bfb1fb314964528ac0da4bd56482552458da6ecb557aaa2f2e939fede3545933608ce2daf43897fff173f1c272375a331647a2bd27588f3be
'20250616.0': sha512:516e39e16ed05c69d4173a408b0a4ab9a24ac3d1129a35f01173c76e174d3aa9652371c85445e5d45aed6de1a0f37507b4f735184f35ee8e6f3d9af968a6659e
'20250611.0': sha512:669c9eac780242ef966ac09804a9448faace00f91e2b1f2f5b79d88f214333e84f8bab4304ee48db59c715dc89685787adbc5fc34f8ad3bb379852a88b1d9bdb
'20250512.0': sha512:981a554ad63f7ed082a43be646b8e910481e4bfc837c5ee5dd5a1353a47b0ae337f9b02700649a542db864ae35af6981e6bdef86c6a48a5e47dacfb97be9b7b0
'20250505.0': sha512:25705616c3cfc82bb5772e815b2b6b030664dccba7a0db9babcfad5de46d16ce8bff8cd9cc11d366da4acd0f01fb04a0d95bbae070aa923f1492d2f142f271c3 '20250505.0': sha512:25705616c3cfc82bb5772e815b2b6b030664dccba7a0db9babcfad5de46d16ce8bff8cd9cc11d366da4acd0f01fb04a0d95bbae070aa923f1492d2f142f271c3
'20250429.0': sha512:b91d0351907290fe159cf041dbd332f8d2d4151d6a7aaafe161cd842452551b98fa1122e195e2cf42801eb8ff38716270de4f33331dde784cbfc452ec1e368a0 '20250429.0': sha512:b91d0351907290fe159cf041dbd332f8d2d4151d6a7aaafe161cd842452551b98fa1122e195e2cf42801eb8ff38716270de4f33331dde784cbfc452ec1e368a0
'20250421.0': sha512:419f80c01cef46aaab0a0eaf9be4bc20fd3aba94e8d0dd8ceacd3b166139d5bc8e701964feb11bf6de7a4274924692a7d0b5bcf5de34f5dfaeec57f7f1ecd88f '20250421.0': sha512:419f80c01cef46aaab0a0eaf9be4bc20fd3aba94e8d0dd8ceacd3b166139d5bc8e701964feb11bf6de7a4274924692a7d0b5bcf5de34f5dfaeec57f7f1ecd88f
@@ -909,6 +1087,16 @@ gvisor_runsc_binary_checksums:
'20231218.0': sha256:c353d36a134dfc2fab8509f72a34abf6a761603975eb00a39e4077c41aeaf31b '20231218.0': sha256:c353d36a134dfc2fab8509f72a34abf6a761603975eb00a39e4077c41aeaf31b
gvisor_containerd_shim_binary_checksums: gvisor_containerd_shim_binary_checksums:
arm64: arm64:
'20250820.0': sha512:0015d061af2369a8e5e21dad6f69f0e3cb03c6e396090d0e127c6638d646dac8f4e8bd60ab901ea87f6ebbd093e66db86efbccb1f225dc1dfccc76b8861976a7
'20250811.0': sha512:70a3c4212bc4a5ced31313640d5696af5d3bd11fc06221af2ac5441b2527b82d0c1671ad76ba5c5b120108912744477a2a922cc8444661fc50594b72f146c2f7
'20250804.0': sha512:a6f7c8e76969588de24f75965ddfb62eec592d03f1882bfb746d7cf7a8a86949f8f441a4a063d7a5c766e6cf576c8d2b9ca7a1918de4902d1053938b6cc382c0
'20250721.0': sha512:ff38aa2218ae24f7747a85c8d5f5e8a466a68a73c2b7f8a55c1cc8cf7eb054e70924685b491f860bab613169bd67c7bc9113e45884028625d6598c9fd8dcf802
'20250715.0': sha512:8a92f6334b93fabcbe251c3d0877d7e7dfc22cd26b317a758e20f4cf884002edbfbef3137fb899bf9515f72d2d8aeb4b115902e2decff0e136979f4045d0e7e9
'20250707.0': sha512:2f891792ae6610b471111ad917ddf69b2504ba741490e8e120b268b5e1340c445af89512c52a5c3376ca31dd857722b69f5dd0e79e3cf81d9ecde021054a0f73
'20250625.0': sha512:fad846df0dcd29ff84280fb2e01e3edf51a8648cb24baf53d9aad46e35891fef215863a4a3a42c4a96bc3c359495def4d3ee25985ae4e99df2db7bdbb318498b
'20250616.0': sha512:5de1584ae09bf56d40af000f656f1cef9357d69d223ae40938a77b05fcc8326a3ef5058f7a9860471205df072923c2e1a776b85ddafdddad0d20f33810456307
'20250611.0': sha512:b84bd331fb9abb13c5f2260de04d536b134b3e71e9b6575700eed64441023c34cc1164125bc0485014782683e4d177b3c85c19e5c1ed218820a505c57e286922
'20250512.0': sha512:43daf4b8b0e094ebf2cede8bbbf89ee0695ff31924e140bdfcff529296e8f004b457485b9f991ae9ec93cf6150535e297db00a92be8a054589b3316841fbc056
'20250505.0': sha512:42cd72f9b2011a8ad166d9dc246fdb46ef602aae43127373750a7ff65be84f8b300c50e4977495ce59670af5fc5f92c3c5ba96c5d751cb4e6e2fcce373210e06 '20250505.0': sha512:42cd72f9b2011a8ad166d9dc246fdb46ef602aae43127373750a7ff65be84f8b300c50e4977495ce59670af5fc5f92c3c5ba96c5d751cb4e6e2fcce373210e06
'20250429.0': sha512:9a9a2c351789e6a14896ec5e56ebe7ca1dc7424087d13c175e38a4522a7e6f1533ac8ef5aeea0bcbd554cd5e4d6b6d7ac3df2dfebcbea3e7164bf00fa823c310 '20250429.0': sha512:9a9a2c351789e6a14896ec5e56ebe7ca1dc7424087d13c175e38a4522a7e6f1533ac8ef5aeea0bcbd554cd5e4d6b6d7ac3df2dfebcbea3e7164bf00fa823c310
'20250421.0': sha512:c86577ddb8b7b46b5b050000e242dc09bebeffa7cb9d21acb84c4ef896cfa340f024e2b9f463fd4f7945683854c524f4a45de3ff3917f4ba65552cede4229974 '20250421.0': sha512:c86577ddb8b7b46b5b050000e242dc09bebeffa7cb9d21acb84c4ef896cfa340f024e2b9f463fd4f7945683854c524f4a45de3ff3917f4ba65552cede4229974
@@ -951,6 +1139,16 @@ gvisor_containerd_shim_binary_checksums:
'20240109.0': sha256:40eb0a4f5f0013afb221e228fd6e71887127c4b09c7f2eb36705a0cd5c746d57 '20240109.0': sha256:40eb0a4f5f0013afb221e228fd6e71887127c4b09c7f2eb36705a0cd5c746d57
'20231218.0': sha256:5f66938de981221359a64f05a5c770b228090db3a2697d91ad622c18dd19f4b2 '20231218.0': sha256:5f66938de981221359a64f05a5c770b228090db3a2697d91ad622c18dd19f4b2
amd64: amd64:
'20250820.0': sha512:06ae1d7647d3ae2155fe374339ad7ec2fcc0d84b3d8d4cef72e1c788d6fe17d6aa227e6dfe1214335617d8d42a06aeb495c65fa53cfb4444e01dc7ab2f22a86b
'20250811.0': sha512:e8fbe414831e50d20c9f7e3046674a2b609b01a8a7814334ba33e1d6d4ab370525cb494069a782f180de82db5fb6a72c35d9e8cdfd9eba2b43937c474f8c59e0
'20250804.0': sha512:474113f2c6454738b276023e96548f4fa1bb84017160bf06bb0aa2c6c5b27c12fd1d5fa0d5f9c39e0e91ccbb69525b303018a13b24eec18c3139db94128c0a74
'20250721.0': sha512:c6305e9e5b0f20ef11e681f0901c6fdd245a79880fe75861f8489a816b4c26f6080d54e210cb827150a4347167c25f2a698d586bed8cc265095bbbcd678d28fe
'20250715.0': sha512:c6ffccc15f47a9ff69c6f9a5843c93025e8bd2684846a973a8b483a2e8adabd153029864124404de66606a5707706ec79eaa5d0a9ed5df77a3bf2730f488c7c2
'20250707.0': sha512:c171aeba73e56ad81e55dbd31b518401ca88ae3bcfa9d8209d3b28122b06e5c79e0fdb8bc25a748bc0426241bf5225f466f5ad138f61b488046e258bcf70a30d
'20250625.0': sha512:61f19bc35df8b15669d822df1fc2ef1e0e9fbac1451be4aa16979df42bd100889e960df689dba9d40d35c700408e1071da41c9dddb426332daef6f2939c6067f
'20250616.0': sha512:1622ac317d7dff4ca7a5e56bff396a50fbc90f061b12289944d3946acdafb9814a2ea0bd2900e90f0d924f9c6f9450a29dd9bd83a7d976b30ce3cb3a85a2c168
'20250611.0': sha512:04c9ff5f2e344fe45d743c093ec80948817e7b9af8de5899bd1d3de893cb29bfbcad42f244afea030ac64ddf86a33ee45e22c956162d9991fc6b388cc96c81af
'20250512.0': sha512:eb7acb5bbd24dd208643b0e91b2195fabd1ca3887612ad33bc34d62a86e4944f3ad80e7592ee5a49cbd6a12aeaa466127a7a220722c2ea64f37df96bebba4ac2
'20250505.0': sha512:11a1b003a73b2ae8924b03adc557966d815b79d756c9e40adc505c11ffe6f8e30153e5d133566bced39797fbd41651680fc17c0d7686d2ab3cf63b466e68dcc1 '20250505.0': sha512:11a1b003a73b2ae8924b03adc557966d815b79d756c9e40adc505c11ffe6f8e30153e5d133566bced39797fbd41651680fc17c0d7686d2ab3cf63b466e68dcc1
'20250429.0': sha512:42b16d541d589d96075c29e4bf7005bc429c28f411c928412fcd18f093b98f3a7969d799d567730e08f379ce9c2ba7c02bb1e8d10b7fa72179349ac2f40c8d7f '20250429.0': sha512:42b16d541d589d96075c29e4bf7005bc429c28f411c928412fcd18f093b98f3a7969d799d567730e08f379ce9c2ba7c02bb1e8d10b7fa72179349ac2f40c8d7f
'20250421.0': sha512:eda25a84342130d3fe7f23ec3abad56de0fb08ac36c430b423c2d51cc21a75e902a4671ffac9481bf04f8985ded12110e65aa8a2032bda2699083d1b9b07a672 '20250421.0': sha512:eda25a84342130d3fe7f23ec3abad56de0fb08ac36c430b423c2d51cc21a75e902a4671ffac9481bf04f8985ded12110e65aa8a2032bda2699083d1b9b07a672
@@ -1055,12 +1253,14 @@ nerdctl_archive_checksums:
1.7.0: sha256:e421ae655ff68461bad04b4a1a0ffe40c6f0fcfb0847d5730d66cd95a7fd10cd 1.7.0: sha256:e421ae655ff68461bad04b4a1a0ffe40c6f0fcfb0847d5730d66cd95a7fd10cd
containerd_archive_checksums: containerd_archive_checksums:
arm64: arm64:
2.0.6: sha256:0f308f386b1ee24712875f02bded92ce7099a707ed43f57b3fb9c934dcb6bed1
2.0.5: sha256:36eaf77dc65df4b60d6e06204631a4105b4e942dd2704d618758a2aa0eecc264 2.0.5: sha256:36eaf77dc65df4b60d6e06204631a4105b4e942dd2704d618758a2aa0eecc264
2.0.4: sha256:0fde98b24bb55363a54150732e0ac99a43bccf2a9711371bd5470f32790316f2 2.0.4: sha256:0fde98b24bb55363a54150732e0ac99a43bccf2a9711371bd5470f32790316f2
2.0.3: sha256:3701008e72e983259afaa594cca5d8126e78e38cf0a586a1f6971cb3f61c4b6b 2.0.3: sha256:3701008e72e983259afaa594cca5d8126e78e38cf0a586a1f6971cb3f61c4b6b
2.0.2: sha256:14a2a9f7f75f73e5bcfb8b183d0b84830c54b98ef8c5f6ed70e51f1a230c673e 2.0.2: sha256:14a2a9f7f75f73e5bcfb8b183d0b84830c54b98ef8c5f6ed70e51f1a230c673e
2.0.1: sha256:b07120ae227b52edfdb54131d44b13b987b39e8c1f740b0c969b7701e0fad4fa 2.0.1: sha256:b07120ae227b52edfdb54131d44b13b987b39e8c1f740b0c969b7701e0fad4fa
2.0.0: sha256:2a00b1553f38aa9e716d61316b661961c2fbfbb7aad7bd73b377be5725ecc0f1 2.0.0: sha256:2a00b1553f38aa9e716d61316b661961c2fbfbb7aad7bd73b377be5725ecc0f1
1.7.28: sha256:97457594ff8549cb82d664306593cafd3d2c781c706f9fffed885a46d8919bec
1.7.27: sha256:3f03ea60c7dacddf890be3ab18f7ef859d9d104b19627f52038d7984361912bc 1.7.27: sha256:3f03ea60c7dacddf890be3ab18f7ef859d9d104b19627f52038d7984361912bc
1.7.26: sha256:adea067914e678ac37d5091ead66f1e36e5cced4d395bbd2be60772495e09eff 1.7.26: sha256:adea067914e678ac37d5091ead66f1e36e5cced4d395bbd2be60772495e09eff
1.7.25: sha256:e9201d478e4c931496344b779eb6cb40ce5084ec08c8fff159a02cabb0c6b9bf 1.7.25: sha256:e9201d478e4c931496344b779eb6cb40ce5084ec08c8fff159a02cabb0c6b9bf
@@ -1089,6 +1289,7 @@ containerd_archive_checksums:
1.7.2: sha256:d75a4ca53d9addd0b2c50172d168b12957e18b2d8b802db2658f2767f15889a6 1.7.2: sha256:d75a4ca53d9addd0b2c50172d168b12957e18b2d8b802db2658f2767f15889a6
1.7.1: sha256:1f828dc063e3c24b0840b284c5635b5a11b1197d564c97f9e873b220bab2b41b 1.7.1: sha256:1f828dc063e3c24b0840b284c5635b5a11b1197d564c97f9e873b220bab2b41b
1.7.0: sha256:e7e5be2d9c92e076f1e2e15c9f0a6e0609ddb75f7616999b843cba92d01e4da2 1.7.0: sha256:e7e5be2d9c92e076f1e2e15c9f0a6e0609ddb75f7616999b843cba92d01e4da2
1.6.39: sha256:84b470e4381f3a816a5f93b75f23cc1a14ef4550a426f27ebea1e46d963c2ed1
1.6.38: sha256:8a685abe7e5352baab1511933431195964e893e19b4a229af48c7a32ee50ab58 1.6.38: sha256:8a685abe7e5352baab1511933431195964e893e19b4a229af48c7a32ee50ab58
1.6.37: sha256:c3da773c40a2e509c13a55fbd25a165c5dfaed7c9b67a71bb4033c3d8d2d0b6a 1.6.37: sha256:c3da773c40a2e509c13a55fbd25a165c5dfaed7c9b67a71bb4033c3d8d2d0b6a
1.6.36: sha256:48aaf746ad4adc6e5c3b077875ddbd15a8f5b660a5f7dcb533f0205aeeff3785 1.6.36: sha256:48aaf746ad4adc6e5c3b077875ddbd15a8f5b660a5f7dcb533f0205aeeff3785
@@ -1114,12 +1315,14 @@ containerd_archive_checksums:
1.6.15: sha256:d63e4d27c51e33cd10f8b5621c559f09ece8a65fec66d80551b36cac9e61a07d 1.6.15: sha256:d63e4d27c51e33cd10f8b5621c559f09ece8a65fec66d80551b36cac9e61a07d
1.6.14: sha256:3ccb61218e60cbba0e1bbe1e5e2bf809ac1ead8eafbbff36c3195d3edd0e4809 1.6.14: sha256:3ccb61218e60cbba0e1bbe1e5e2bf809ac1ead8eafbbff36c3195d3edd0e4809
amd64: amd64:
2.0.6: sha256:a545471a67b8508a3c58ad01a4e6bb2921ace1e59e00a0a2d2e784c1f4fa8caa
2.0.5: sha256:88ab31f3e78e4d2fa12dcb933032122d11d441c83b79a89c6c8076f871e50df8 2.0.5: sha256:88ab31f3e78e4d2fa12dcb933032122d11d441c83b79a89c6c8076f871e50df8
2.0.4: sha256:e1c64c5fd60ecd555e750744eaef150b6f78d7f750da5c08c52825aa6b791737 2.0.4: sha256:e1c64c5fd60ecd555e750744eaef150b6f78d7f750da5c08c52825aa6b791737
2.0.3: sha256:ac70856f1d8bd3aa9ca5d62db5516b86dfa0f934c1fd1d1c5fa4422dd12ba45e 2.0.3: sha256:ac70856f1d8bd3aa9ca5d62db5516b86dfa0f934c1fd1d1c5fa4422dd12ba45e
2.0.2: sha256:9bd5b6a1bdf505d520d9a329c520258ed0a17faa9fe3db12712ee858ad59aae3 2.0.2: sha256:9bd5b6a1bdf505d520d9a329c520258ed0a17faa9fe3db12712ee858ad59aae3
2.0.1: sha256:85061a5ce1b306292d5a64f85d5cd3aff93d0982737a1069d370dd6cb7bbfd09 2.0.1: sha256:85061a5ce1b306292d5a64f85d5cd3aff93d0982737a1069d370dd6cb7bbfd09
2.0.0: sha256:6f8da716941f7e89315cefaa6e5a8f1ff10b323ff46611313c455df7ab1ebee1 2.0.0: sha256:6f8da716941f7e89315cefaa6e5a8f1ff10b323ff46611313c455df7ab1ebee1
1.7.28: sha256:7a8c262deb63becc877e82d23749e4f99f4a17e8e660f9b8c257ca87a5c056b6
1.7.27: sha256:5b038fb22ab5dbb1ce57dd3d8f102460cd8619ff2afc78870837b06e8c4e840a 1.7.27: sha256:5b038fb22ab5dbb1ce57dd3d8f102460cd8619ff2afc78870837b06e8c4e840a
1.7.26: sha256:fdf1fb17086b62fc861103da4e3fda3d79bc543b42d2acef5d07e76b13d35d19 1.7.26: sha256:fdf1fb17086b62fc861103da4e3fda3d79bc543b42d2acef5d07e76b13d35d19
1.7.25: sha256:02990fa281c0a2c4b073c6d2415d264b682bd693aa7d86c5d8eb4b86d684a18c 1.7.25: sha256:02990fa281c0a2c4b073c6d2415d264b682bd693aa7d86c5d8eb4b86d684a18c
@@ -1148,6 +1351,7 @@ containerd_archive_checksums:
1.7.2: sha256:2755c70152ab40856510b4549c2dd530e15f5355eb7bf82868e813c9380e22a7 1.7.2: sha256:2755c70152ab40856510b4549c2dd530e15f5355eb7bf82868e813c9380e22a7
1.7.1: sha256:9504771bcb816d3b27fab37a6cf76928ee5e95a31eb41510a7d10ae726e01e85 1.7.1: sha256:9504771bcb816d3b27fab37a6cf76928ee5e95a31eb41510a7d10ae726e01e85
1.7.0: sha256:b068b05d58025dc9f2fc336674cac0e377a478930f29b48e068f97c783a423f0 1.7.0: sha256:b068b05d58025dc9f2fc336674cac0e377a478930f29b48e068f97c783a423f0
1.6.39: sha256:7a2d3ed18e3735b9c0ac87b6b05fcfc6001261f81361100f2b4ca6c9f407ab9a
1.6.38: sha256:84f6098c96ff4afc6add67fe4dffc2bb206c86f4b8ceea2157124e4c328697a0 1.6.38: sha256:84f6098c96ff4afc6add67fe4dffc2bb206c86f4b8ceea2157124e4c328697a0
1.6.37: sha256:fd74db561289cede7efcede1dce7da92a7da025b4ca8b2c36fc5559ab1892089 1.6.37: sha256:fd74db561289cede7efcede1dce7da92a7da025b4ca8b2c36fc5559ab1892089
1.6.36: sha256:e9a53f5f7549afbe9208578609eddecd238b7166663ab273f2954fab77602b3f 1.6.36: sha256:e9a53f5f7549afbe9208578609eddecd238b7166663ab273f2954fab77602b3f
@@ -1173,12 +1377,14 @@ containerd_archive_checksums:
1.6.15: sha256:191bb4f6e4afc237efc5c85b5866b6fdfed731bde12cceaa6017a9c7f8aeda02 1.6.15: sha256:191bb4f6e4afc237efc5c85b5866b6fdfed731bde12cceaa6017a9c7f8aeda02
1.6.14: sha256:7da626d46c4edcae1eefe6d48dc6521db3e594a402715afcddc6ac9e67e1bfcd 1.6.14: sha256:7da626d46c4edcae1eefe6d48dc6521db3e594a402715afcddc6ac9e67e1bfcd
ppc64le: ppc64le:
2.0.6: sha256:20df16cac3a912d6df34040dc81c7e5e2c95a06b2b21fc2ffb4372b6d41274e4
2.0.5: sha256:09773a42829c0ac9b8dd449753c755b3ba65cb7e8d06485950f99d32fd6c1e0d 2.0.5: sha256:09773a42829c0ac9b8dd449753c755b3ba65cb7e8d06485950f99d32fd6c1e0d
2.0.4: sha256:ca970d9a53ae504bc36197d6daa931338c387c83b6948b9f9bfdd1a75e25dcf6 2.0.4: sha256:ca970d9a53ae504bc36197d6daa931338c387c83b6948b9f9bfdd1a75e25dcf6
2.0.3: sha256:2f0faa0086ae81d00680367ee9d75aafd3c4ca4535362db83fea62dd19c47079 2.0.3: sha256:2f0faa0086ae81d00680367ee9d75aafd3c4ca4535362db83fea62dd19c47079
2.0.2: sha256:1b19d31bb8a7f9d26d9b50675e78f397d0b01fa635c33cca456f91c412fa6df1 2.0.2: sha256:1b19d31bb8a7f9d26d9b50675e78f397d0b01fa635c33cca456f91c412fa6df1
2.0.1: sha256:09a25357343c7336fe519e5fd1a9dd0f22da869e9deda50c2bc61b6e8c9384be 2.0.1: sha256:09a25357343c7336fe519e5fd1a9dd0f22da869e9deda50c2bc61b6e8c9384be
2.0.0: sha256:2e7f4b15ac85c22c1ced102bbb424124078248f0af3183425ff335a998079809 2.0.0: sha256:2e7f4b15ac85c22c1ced102bbb424124078248f0af3183425ff335a998079809
1.7.28: sha256:e8f64abf81503aeee0db0d5682197e9ce377ffeb858313c5bc9fc3d7faa4b85f
1.7.27: sha256:ccdfa16e4bba3a993d74fac794d22ddadc1013d351cd099ea933827050ef05a0 1.7.27: sha256:ccdfa16e4bba3a993d74fac794d22ddadc1013d351cd099ea933827050ef05a0
1.7.26: sha256:34a86b1bd598b34e8c05956c5976fb0c0b347937d3cd0837edbcebc7f9e7e53f 1.7.26: sha256:34a86b1bd598b34e8c05956c5976fb0c0b347937d3cd0837edbcebc7f9e7e53f
1.7.25: sha256:0934176e32eace1c23dcb9edff0e78f872bf8f7152b5e6f622e9ccf1ddce8722 1.7.25: sha256:0934176e32eace1c23dcb9edff0e78f872bf8f7152b5e6f622e9ccf1ddce8722
@@ -1207,6 +1413,7 @@ containerd_archive_checksums:
1.7.2: sha256:cbe7ec913cb603ca218bd8867efdce4bee3b0e0115e467e51c910467daf8184e 1.7.2: sha256:cbe7ec913cb603ca218bd8867efdce4bee3b0e0115e467e51c910467daf8184e
1.7.1: sha256:17d97ef55c6ce7af9778dbafb5e73f577d1b34220043a91cccde49dbcc610342 1.7.1: sha256:17d97ef55c6ce7af9778dbafb5e73f577d1b34220043a91cccde49dbcc610342
1.7.0: sha256:051e897d3ee5b8c8097f65be447fea2d29226b583ca5d9ed78e9aebcf4e69889 1.7.0: sha256:051e897d3ee5b8c8097f65be447fea2d29226b583ca5d9ed78e9aebcf4e69889
1.6.39: sha256:dbaeb636cc521410857625069b5f20d17a3b41e2338ba4ebce38ce0972c1f000
1.6.38: sha256:8971075ef3ab09a478b57342438f5864984b0d38ecd7f432e295727e2035fe4e 1.6.38: sha256:8971075ef3ab09a478b57342438f5864984b0d38ecd7f432e295727e2035fe4e
1.6.37: sha256:de4d165271e04b2fabf4c4c6ad5be81dc121c1b79818e43b37d1807e1932b981 1.6.37: sha256:de4d165271e04b2fabf4c4c6ad5be81dc121c1b79818e43b37d1807e1932b981
1.6.36: sha256:8978cd8bcd4d5a2640bad26d8ea522a46847b6e4a62da1b07bfa482c8906e5ce 1.6.36: sha256:8978cd8bcd4d5a2640bad26d8ea522a46847b6e4a62da1b07bfa482c8906e5ce
@@ -1312,3 +1519,6 @@ gateway_api_experimental_crds_checksums:
1.2.0: sha256:4369188e63b9ab5a35b5a83032c94d871159dece086b908b6ea18ea321ca06a9 1.2.0: sha256:4369188e63b9ab5a35b5a83032c94d871159dece086b908b6ea18ea321ca06a9
1.1.0: sha256:10f322744a005d4e73e2b067e95fecd4cfec619dc7564930b488c296bfa3bec1 1.1.0: sha256:10f322744a005d4e73e2b067e95fecd4cfec619dc7564930b488c296bfa3bec1
1.0.0: sha256:6c601dced7872a940d76fa667ae126ba718cb4c6db970d0bab49128ecc1192a3 1.0.0: sha256:6c601dced7872a940d76fa667ae126ba718cb4c6db970d0bab49128ecc1192a3
argocd_install_checksums:
no_arch:
2.14.5: sha256:247ccda29c9faac4e0c8598680f5ebefff9911e957e3aeaf838eb4bbf455f2f4

0
roles/kubespray_defaults/vars/main.yml → roles/kubespray_defaults/vars/main/main.yml
View File

2
roles/network_plugin/calico/tasks/install.yml
View File

@@ -353,7 +353,7 @@
{% if not calico_no_global_as_num | default(false) %}"asNumber": {{ global_as_num }},{% endif %} {% if not calico_no_global_as_num | default(false) %}"asNumber": {{ global_as_num }},{% endif %}
"nodeToNodeMeshEnabled": {{ nodeToNodeMeshEnabled | default('true') }} , "nodeToNodeMeshEnabled": {{ nodeToNodeMeshEnabled | default('true') }} ,
{% if calico_advertise_cluster_ips | default(false) %} {% if calico_advertise_cluster_ips | default(false) %}
"serviceClusterIPs": >- "serviceClusterIPs":
{%- if ipv4_stack and ipv6_stack-%} {%- if ipv4_stack and ipv6_stack-%}
[{"cidr": "{{ kube_service_addresses }}", "cidr": "{{ kube_service_addresses_ipv6 }}"}], [{"cidr": "{{ kube_service_addresses }}", "cidr": "{{ kube_service_addresses_ipv6 }}"}],
{%- elif ipv6_stack-%} {%- elif ipv6_stack-%}

91
roles/network_plugin/cilium/defaults/main.yml
View File

@@ -1,9 +1,12 @@
--- ---
cilium_min_version_required: "1.10" cilium_min_version_required: "1.15"
# remove migrate after 2.29 released
cilium_remove_old_resources: false
# Log-level # Log-level
cilium_debug: false cilium_debug: false
cilium_mtu: "" cilium_mtu: "0"
cilium_enable_ipv4: "{{ ipv4_stack }}" cilium_enable_ipv4: "{{ ipv4_stack }}"
cilium_enable_ipv6: "{{ ipv6_stack }}" cilium_enable_ipv6: "{{ ipv6_stack }}"
@@ -11,7 +14,7 @@ cilium_enable_ipv6: "{{ ipv6_stack }}"
cilium_l2announcements: false cilium_l2announcements: false
# Cilium agent health port # Cilium agent health port
cilium_agent_health_port: "{%- if cilium_version is version('1.11.6', '>=') -%}9879{%- else -%}9876{%- endif -%}" cilium_agent_health_port: "9879"
# Identity allocation mode selects how identities are shared between cilium # Identity allocation mode selects how identities are shared between cilium
# nodes by setting how they are stored. The options are "crd" or "kvstore". # nodes by setting how they are stored. The options are "crd" or "kvstore".
@@ -26,7 +29,7 @@ cilium_agent_health_port: "{%- if cilium_version is version('1.11.6', '>=') -%}9
# - --synchronize-k8s-nodes # - --synchronize-k8s-nodes
# - --identity-allocation-mode=kvstore # - --identity-allocation-mode=kvstore
# - Ref: https://docs.cilium.io/en/stable/internals/cilium_operator/#kvstore-operations # - Ref: https://docs.cilium.io/en/stable/internals/cilium_operator/#kvstore-operations
cilium_identity_allocation_mode: kvstore cilium_identity_allocation_mode: crd
# Etcd SSL dirs # Etcd SSL dirs
cilium_cert_dir: /etc/cilium/certs cilium_cert_dir: /etc/cilium/certs
@@ -55,20 +58,20 @@ cilium_enable_prometheus: false
cilium_enable_portmap: false cilium_enable_portmap: false
# Monitor aggregation level (none/low/medium/maximum) # Monitor aggregation level (none/low/medium/maximum)
cilium_monitor_aggregation: medium cilium_monitor_aggregation: medium
# Kube Proxy Replacement mode (strict/partial) # Kube Proxy Replacement mode (true/false)
cilium_kube_proxy_replacement: partial cilium_kube_proxy_replacement: false
# If not defined `cilium_dns_proxy_enable_transparent_mode`, it will following the Cilium behavior.
# When Cilium is configured to replace kube-proxy, it automatically enables dnsProxy, which will conflict with nodelocaldns.
# You can set `false` avoid conflict with nodelocaldns.
# https://github.com/cilium/cilium/issues/33144
# cilium_dns_proxy_enable_transparent_mode:
# If upgrading from Cilium < 1.5, you may want to override some of these options # If upgrading from Cilium < 1.5, you may want to override some of these options
# to prevent service disruptions. See also: # to prevent service disruptions. See also:
# http://docs.cilium.io/en/stable/install/upgrade/#changes-that-may-require-action # http://docs.cilium.io/en/stable/install/upgrade/#changes-that-may-require-action
cilium_preallocate_bpf_maps: false cilium_preallocate_bpf_maps: false
# `cilium_tofqdns_enable_poller` is deprecated in 1.8, removed in 1.9
cilium_tofqdns_enable_poller: false
# `cilium_enable_legacy_services` is deprecated in 1.6, removed in 1.9
cilium_enable_legacy_services: false
# Auto direct nodes routes can be used to advertise pods routes in your cluster # Auto direct nodes routes can be used to advertise pods routes in your cluster
# without any tunelling (with `cilium_tunnel_mode` sets to `disabled`). # without any tunelling (with `cilium_tunnel_mode` sets to `disabled`).
# This works only if you have a L2 connectivity between all your nodes. # This works only if you have a L2 connectivity between all your nodes.
@@ -100,8 +103,8 @@ cilium_encryption_enabled: false
cilium_encryption_type: "ipsec" cilium_encryption_type: "ipsec"
# Enable encryption for pure node to node traffic. # Enable encryption for pure node to node traffic.
# This option is only effective when `cilium_encryption_type` is set to `ipsec`. # This option is only effective when `cilium_encryption_type` is set to `wireguard`.
cilium_ipsec_node_encryption: false cilium_encryption_node_encryption: false
# If your kernel or distribution does not support WireGuard, Cilium agent can be configured to fall back on the user-space implementation. # If your kernel or distribution does not support WireGuard, Cilium agent can be configured to fall back on the user-space implementation.
# When this flag is enabled and Cilium detects that the kernel has no native support for WireGuard, # When this flag is enabled and Cilium detects that the kernel has no native support for WireGuard,
@@ -115,6 +118,7 @@ cilium_wireguard_userspace_fallback: false
# In case they select the Pod at egress, then the bandwidth enforcement will be disabled for those Pods. # In case they select the Pod at egress, then the bandwidth enforcement will be disabled for those Pods.
# Bandwidth Manager requires a v5.1.x or more recent Linux kernel. # Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
cilium_enable_bandwidth_manager: false cilium_enable_bandwidth_manager: false
cilium_enable_bandwidth_manager_bbr: false
# IP Masquerade Agent # IP Masquerade Agent
# https://docs.cilium.io/en/stable/concepts/networking/masquerading/ # https://docs.cilium.io/en/stable/concepts/networking/masquerading/
@@ -137,6 +141,7 @@ cilium_non_masquerade_cidrs:
### Indicates whether to masquerade traffic to the link local prefix. ### Indicates whether to masquerade traffic to the link local prefix.
### If the masqLinkLocal is not set or set to false, then 169.254.0.0/16 is appended to the non-masquerade CIDRs list. ### If the masqLinkLocal is not set or set to false, then 169.254.0.0/16 is appended to the non-masquerade CIDRs list.
cilium_masq_link_local: false cilium_masq_link_local: false
cilium_masq_link_local_ipv6: false
### A time interval at which the agent attempts to reload config from disk ### A time interval at which the agent attempts to reload config from disk
cilium_ip_masq_resync_interval: 60s cilium_ip_masq_resync_interval: 60s
@@ -145,10 +150,10 @@ cilium_ip_masq_resync_interval: 60s
cilium_enable_hubble: false cilium_enable_hubble: false
### Enable Hubble-ui ### Enable Hubble-ui
cilium_enable_hubble_ui: "{{ cilium_enable_hubble }}" cilium_enable_hubble_ui: "{{ cilium_enable_hubble }}"
### Enable Hubble Metrics ### Enable Hubble Metrics (deprecated)
cilium_enable_hubble_metrics: false cilium_enable_hubble_metrics: false
### if cilium_enable_hubble_metrics: true ### if cilium_enable_hubble_metrics: true
cilium_hubble_metrics: {} cilium_hubble_metrics: []
# - dns # - dns
# - drop # - drop
# - tcp # - tcp
@@ -160,12 +165,29 @@ cilium_hubble_install: false
### Enable auto generate certs if cilium_hubble_install: true ### Enable auto generate certs if cilium_hubble_install: true
cilium_hubble_tls_generate: false cilium_hubble_tls_generate: false
cilium_hubble_export_file_max_backups: "5"
cilium_hubble_export_file_max_size_mb: "10"
cilium_hubble_export_dynamic_enabled: false
cilium_hubble_export_dynamic_config_content:
- name: all
fieldMask: []
includeFilters: []
excludeFilters: []
filePath: "/var/run/cilium/hubble/events.log"
# Override the DNS suffix that Hubble-Relay uses to resolve its peer service.
# It defaults to the inventory's `dns_domain`.
cilium_hubble_peer_service_cluster_domain: "{{ dns_domain }}"
### Capacity of Hubble events buffer. The provided value must be one less than an integer power of two and no larger than 65535 ### Capacity of Hubble events buffer. The provided value must be one less than an integer power of two and no larger than 65535
### (ie: 1, 3, ..., 2047, 4095, ..., 65535) (default 4095) ### (ie: 1, 3, ..., 2047, 4095, ..., 65535) (default 4095)
# cilium_hubble_event_buffer_capacity: 4095 # cilium_hubble_event_buffer_capacity: 4095
### Buffer size of the channel to receive monitor events. ### Buffer size of the channel to receive monitor events.
# cilium_hubble_event_queue_size: 50 # cilium_hubble_event_queue_size: 50
cilium_gateway_api_enabled: false
# The default IP address management mode is "Cluster Scope". # The default IP address management mode is "Cluster Scope".
# https://docs.cilium.io/en/stable/concepts/networking/ipam/ # https://docs.cilium.io/en/stable/concepts/networking/ipam/
cilium_ipam_mode: cluster-pool cilium_ipam_mode: cluster-pool
@@ -190,7 +212,8 @@ cilium_ipam_mode: cluster-pool
# Extra arguments for the Cilium agent # Extra arguments for the Cilium agent
cilium_agent_custom_args: [] cilium_agent_custom_args: [] # deprecated
cilium_agent_extra_args: []
# For adding and mounting extra volumes to the cilium agent # For adding and mounting extra volumes to the cilium agent
cilium_agent_extra_volumes: [] cilium_agent_extra_volumes: []
@@ -214,13 +237,19 @@ cilium_operator_extra_volumes: []
cilium_operator_extra_volume_mounts: [] cilium_operator_extra_volume_mounts: []
# Extra arguments for the Cilium Operator # Extra arguments for the Cilium Operator
cilium_operator_custom_args: [] cilium_operator_custom_args: [] # deprecated
cilium_operator_extra_args: []
# Tolerations of the cilium operator # Tolerations of the cilium operator
cilium_operator_tolerations: cilium_operator_tolerations:
- operator: "Exists" - operator: "Exists"
# Unique ID of the cluster. Must be unique across all connected
# clusters and in the range of 1 to 255. Only required for Cluster Mesh,
# may be 0 if Cluster Mesh is not used.
cilium_cluster_id: 0
# Name of the cluster. Only relevant when building a mesh of clusters. # Name of the cluster. Only relevant when building a mesh of clusters.
# The "default" name cannot be used if the Cluster ID is different from 0.
cilium_cluster_name: default cilium_cluster_name: default
# Make Cilium take ownership over the `/etc/cni/net.d` directory on the node, renaming all non-Cilium CNI configurations to `*.cilium_bak`. # Make Cilium take ownership over the `/etc/cni/net.d` directory on the node, renaming all non-Cilium CNI configurations to `*.cilium_bak`.
@@ -263,7 +292,7 @@ cilium_enable_bpf_masquerade: false
# host stack (true) or directly and more efficiently out of BPF (false) if # host stack (true) or directly and more efficiently out of BPF (false) if
# the kernel supports it. The latter has the implication that it will also # the kernel supports it. The latter has the implication that it will also
# bypass netfilter in the host namespace. # bypass netfilter in the host namespace.
cilium_enable_host_legacy_routing: true cilium_enable_host_legacy_routing: false
# -- Enable use of the remote node identity. # -- Enable use of the remote node identity.
# ref: https://docs.cilium.io/en/v1.7/install/upgrade/#configmap-remote-node-identity # ref: https://docs.cilium.io/en/v1.7/install/upgrade/#configmap-remote-node-identity
@@ -307,9 +336,9 @@ cilium_rolling_restart_wait_retries_count: 30
cilium_rolling_restart_wait_retries_delay_seconds: 10 cilium_rolling_restart_wait_retries_delay_seconds: 10
# Cilium changed the default metrics exporter ports in 1.12 # Cilium changed the default metrics exporter ports in 1.12
cilium_agent_scrape_port: "{{ cilium_version is version('1.12', '>=') | ternary('9962', '9090') }}" cilium_agent_scrape_port: "9962"
cilium_operator_scrape_port: "{{ cilium_version is version('1.12', '>=') | ternary('9963', '6942') }}" cilium_operator_scrape_port: "9963"
cilium_hubble_scrape_port: "{{ cilium_version is version('1.12', '>=') | ternary('9965', '9091') }}" cilium_hubble_scrape_port: "9965"
# Cilium certgen args for generate certificate for hubble mTLS # Cilium certgen args for generate certificate for hubble mTLS
cilium_certgen_args: cilium_certgen_args:
@@ -328,23 +357,5 @@ cilium_certgen_args:
hubble-relay-client-cert-secret-name: hubble-relay-client-certs hubble-relay-client-cert-secret-name: hubble-relay-client-certs
hubble-relay-server-cert-generate: false hubble-relay-server-cert-generate: false
# A list of extra rules variables to add to clusterrole for cilium operator, formatted like:
# cilium_clusterrole_rules_operator_extra_vars:
# - apiGroups:
# - '""'
# resources:
# - pods
# verbs:
# - delete
# - apiGroups:
# - '""'
# resources:
# - nodes
# verbs:
# - list
# - watch
# resourceNames:
# - toto
cilium_clusterrole_rules_operator_extra_vars: []
cilium_enable_host_firewall: false cilium_enable_host_firewall: false
cilium_policy_audit_mode: false cilium_policy_audit_mode: false

37
roles/network_plugin/cilium/tasks/apply.yml
View File

@@ -1,14 +1,18 @@
--- ---
- name: Cilium | Start Resources - name: Check if Cilium Helm release exists (via cilium version)
kube: command: "{{ bin_dir }}/cilium version"
name: "{{ item.item.name }}" register: cilium_release_info
namespace: "kube-system" when: inventory_hostname == groups['kube_control_plane'][0]
kubectl: "{{ bin_dir }}/kubectl" failed_when: false
resource: "{{ item.item.type }}" changed_when: false
filename: "{{ kube_config_dir }}/{{ item.item.name }}-{{ item.item.file }}"
state: "latest" - name: Set action to install or upgrade
loop: "{{ cilium_node_manifests.results }}" set_fact:
when: inventory_hostname == groups['kube_control_plane'][0] and not item is skipped cilium_action: "{{ 'install' if ('release: not found' in cilium_release_info.stderr | default('') or 'release: not found' in cilium_release_info.stdout | default('')) else 'upgrade' }}"
- name: Cilium | Install
command: "{{ bin_dir }}/cilium {{ cilium_action }} --version {{ cilium_version }} -f {{ kube_config_dir }}/cilium-values.yaml"
when: inventory_hostname == groups['kube_control_plane'][0]
- name: Cilium | Wait for pods to run - name: Cilium | Wait for pods to run
command: "{{ kubectl }} -n kube-system get pods -l k8s-app=cilium -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa literal-compare command: "{{ kubectl }} -n kube-system get pods -l k8s-app=cilium -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa literal-compare
@@ -19,19 +23,6 @@
failed_when: false failed_when: false
when: inventory_hostname == groups['kube_control_plane'][0] when: inventory_hostname == groups['kube_control_plane'][0]
- name: Cilium | Hubble install
kube:
name: "{{ item.item.name }}"
namespace: "kube-system"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/addons/hubble/{{ item.item.name }}-{{ item.item.file }}"
state: "latest"
loop: "{{ cilium_hubble_manifests.results }}"
when:
- inventory_hostname == groups['kube_control_plane'][0] and not item is skipped
- cilium_enable_hubble and cilium_hubble_install
- name: Cilium | Wait for CiliumLoadBalancerIPPool CRD to be present - name: Cilium | Wait for CiliumLoadBalancerIPPool CRD to be present
command: "{{ kubectl }} wait --for condition=established --timeout=60s crd/ciliumloadbalancerippools.cilium.io" command: "{{ kubectl }} wait --for condition=established --timeout=60s crd/ciliumloadbalancerippools.cilium.io"
register: cillium_lbippool_crd_ready register: cillium_lbippool_crd_ready

2
roles/network_plugin/cilium/tasks/check.yml
View File

@@ -48,7 +48,7 @@
msg: "cilium_encryption_type must be either 'ipsec' or 'wireguard'" msg: "cilium_encryption_type must be either 'ipsec' or 'wireguard'"
when: cilium_encryption_enabled when: cilium_encryption_enabled
- name: Stop if cilium_version is < 1.10.0 - name: Stop if cilium_version is < {{ cilium_min_version_required }}
assert: assert:
that: cilium_version is version(cilium_min_version_required, '>=') that: cilium_version is version(cilium_min_version_required, '>=')
msg: "cilium_version is too low. Minimum version {{ cilium_min_version_required }}" msg: "cilium_version is too low. Minimum version {{ cilium_min_version_required }}"

60
roles/network_plugin/cilium/tasks/install.yml
View File

@@ -30,58 +30,6 @@
when: when:
- cilium_identity_allocation_mode == "kvstore" - cilium_identity_allocation_mode == "kvstore"
- name: Cilium | Create hubble dir
file:
path: "{{ kube_config_dir }}/addons/hubble"
state: directory
owner: root
group: root
mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
- cilium_hubble_install
- name: Cilium | Create Cilium node manifests
template:
src: "{{ item.name }}/{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.name }}-{{ item.file }}"
mode: "0644"
loop:
- {name: cilium, file: config.yml, type: cm}
- {name: cilium-operator, file: crb.yml, type: clusterrolebinding}
- {name: cilium-operator, file: cr.yml, type: clusterrole}
- {name: cilium, file: crb.yml, type: clusterrolebinding}
- {name: cilium, file: cr.yml, type: clusterrole}
- {name: cilium, file: secret.yml, type: secret, when: "{{ cilium_encryption_enabled and cilium_encryption_type == 'ipsec' }}"}
- {name: cilium, file: ds.yml, type: ds}
- {name: cilium-operator, file: deploy.yml, type: deploy}
- {name: cilium-operator, file: sa.yml, type: sa}
- {name: cilium, file: sa.yml, type: sa}
register: cilium_node_manifests
when:
- ('kube_control_plane' in group_names)
- item.when | default(True) | bool
- name: Cilium | Create Cilium Hubble manifests
template:
src: "{{ item.name }}/{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/hubble/{{ item.name }}-{{ item.file }}"
mode: "0644"
loop:
- {name: hubble, file: config.yml, type: cm}
- {name: hubble, file: crb.yml, type: clusterrolebinding}
- {name: hubble, file: cr.yml, type: clusterrole}
- {name: hubble, file: cronjob.yml, type: cronjob, when: "{{ cilium_hubble_tls_generate }}"}
- {name: hubble, file: deploy.yml, type: deploy}
- {name: hubble, file: job.yml, type: job, when: "{{ cilium_hubble_tls_generate }}"}
- {name: hubble, file: sa.yml, type: sa}
- {name: hubble, file: service.yml, type: service}
register: cilium_hubble_manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
- cilium_enable_hubble and cilium_hubble_install
- item.when | default(True) | bool
- name: Cilium | Enable portmap addon - name: Cilium | Enable portmap addon
template: template:
src: 000-cilium-portmap.conflist.j2 src: 000-cilium-portmap.conflist.j2
@@ -89,6 +37,14 @@
mode: "0644" mode: "0644"
when: cilium_enable_portmap when: cilium_enable_portmap
- name: Cilium | Render values
template:
src: values.yaml.j2
dest: "{{ kube_config_dir }}/cilium-values.yaml"
mode: "0644"
when:
- inventory_hostname == groups['kube_control_plane'][0]
- name: Cilium | Copy Ciliumcli binary from download dir - name: Cilium | Copy Ciliumcli binary from download dir
copy: copy:
src: "{{ local_release_dir }}/cilium" src: "{{ local_release_dir }}/cilium"

5
roles/network_plugin/cilium/tasks/main.yml
View File

@@ -5,5 +5,10 @@
- name: Cilium install - name: Cilium install
include_tasks: install.yml include_tasks: install.yml
# Remove after 2.29 released
- name: Cilium remove old resources
when: cilium_remove_old_resources
include_tasks: remove_old_resources.yml
- name: Cilium apply - name: Cilium apply
include_tasks: apply.yml include_tasks: apply.yml

45
roles/network_plugin/cilium/tasks/remove_old_resources.yml Normal file
View File

@@ -0,0 +1,45 @@
---
# Remove after 2.29 released
- name: Cilium | Delete Old Resource
command: |
{{ kubectl }} delete {{ item.kind | lower }} {{ item.name }} \
{{ '-n kube-system' if item.kind not in ['ClusterRole', 'ClusterRoleBinding'] else '' }} \
loop:
- { kind: ServiceAccount, name: cilium }
- { kind: ServiceAccount, name: cilium-operator }
- { kind: ServiceAccount, name: hubble-generate-certs }
- { kind: ServiceAccount, name: hubble-relay }
- { kind: ServiceAccount, name: hubble-ui }
- { kind: Service, name: hubble-metrics }
- { kind: Service, name: hubble-relay-metrics }
- { kind: Service, name: hubble-relay }
- { kind: Service, name: hubble-ui }
- { kind: Service, name: hubble-peer }
- { kind: Deployment, name: cilium-operator }
- { kind: Deployment, name: hubble-relay }
- { kind: Deployment, name: hubble-ui }
- { kind: DaemonSet, name: cilium }
- { kind: CronJob, name: hubble-generate-certs }
- { kind: Job, name: hubble-generate-certs }
- { kind: ConfigMap, name: cilium-config }
- { kind: ConfigMap, name: ip-masq-agent }
- { kind: ConfigMap, name: hubble-relay-config }
- { kind: ConfigMap, name: hubble-ui-nginx }
- { kind: ClusterRole, name: cilium }
- { kind: ClusterRole, name: cilium-operator }
- { kind: ClusterRole, name: hubble-generate-certs }
- { kind: ClusterRole, name: hubble-relay }
- { kind: ClusterRole, name: hubble-ui }
- { kind: ClusterRoleBinding, name: cilium }
- { kind: ClusterRoleBinding, name: cilium-operator }
- { kind: ClusterRoleBinding, name: hubble-generate-certs }
- { kind: ClusterRoleBinding, name: hubble-relay }
- { kind: ClusterRoleBinding, name: hubble-ui }
- { kind: Secret, name: hubble-ca-secret }
- { kind: Secret, name: hubble-relay-client-certs }
- { kind: Secret, name: hubble-server-certs }
register: patch_result
when: inventory_hostname == groups['kube_control_plane'][0]
failed_when:
- patch_result.rc != 0
- "'not found' not in patch_result.stderr"

193
roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2
View File

@@ -1,193 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cilium-operator
rules:
- apiGroups:
- ""
resources:
# to automatically delete [core|kube]dns pods so that are starting to being
# managed by Cilium
- pods
verbs:
- get
- list
- watch
- delete
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
# To remove node taints
- nodes
# To set NetworkUnavailable false on startup
- nodes/status
verbs:
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
# to perform LB IP allocation for BGP
- services/status
verbs:
- update
- patch
- apiGroups:
- ""
resources:
# to perform the translation of a CNP that contains `ToGroup` to its endpoints
- services
- endpoints
# to check apiserver connectivity
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- cilium.io
resources:
- ciliumnetworkpolicies
- ciliumnetworkpolicies/status
- ciliumnetworkpolicies/finalizers
- ciliumclusterwidenetworkpolicies
- ciliumclusterwidenetworkpolicies/status
- ciliumclusterwidenetworkpolicies/finalizers
- ciliumendpoints
- ciliumendpoints/status
- ciliumendpoints/finalizers
- ciliumnodes
- ciliumnodes/status
- ciliumnodes/finalizers
- ciliumidentities
- ciliumidentities/status
- ciliumidentities/finalizers
- ciliumlocalredirectpolicies
- ciliumlocalredirectpolicies/status
- ciliumlocalredirectpolicies/finalizers
{% if cilium_version is version('1.11', '>=') %}
- ciliumendpointslices
{% endif %}
{% if cilium_version is version('1.12', '>=') %}
- ciliumbgploadbalancerippools
- ciliumloadbalancerippools
- ciliumloadbalancerippools/status
- ciliumbgppeeringpolicies
- ciliumenvoyconfigs
{% endif %}
{% if cilium_version is version('1.15', '>=') %}
- ciliumbgppeerconfigs
- ciliumbgpadvertisements
- ciliumbgpnodeconfigs
{% endif %}
{% if cilium_version is version('1.16', '>=') %}
- ciliumbgpclusterconfigs
- ciliumbgpclusterconfigs/status
- ciliumbgpnodeconfigoverrides
{% endif %}
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- create
- get
- list
- update
- watch
# For cilium-operator running in HA mode.
#
# Cilium operator running in HA mode requires the use of ResourceLock for Leader Election
# between multiple running instances.
# The preferred way of doing this is to use LeasesResourceLock as edits to Leases are less
# common and fewer objects in the cluster watch "all Leases".
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
{% if cilium_version is version('1.12', '>=') %}
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- update
resourceNames:
- ciliumbgploadbalancerippools.cilium.io
- ciliumbgppeeringpolicies.cilium.io
- ciliumclusterwideenvoyconfigs.cilium.io
- ciliumclusterwidenetworkpolicies.cilium.io
- ciliumegressgatewaypolicies.cilium.io
- ciliumegressnatpolicies.cilium.io
- ciliumendpoints.cilium.io
- ciliumendpointslices.cilium.io
- ciliumenvoyconfigs.cilium.io
- ciliumexternalworkloads.cilium.io
- ciliumidentities.cilium.io
- ciliumlocalredirectpolicies.cilium.io
- ciliumnetworkpolicies.cilium.io
- ciliumnodes.cilium.io
{% if cilium_version is version('1.14', '>=') %}
- ciliumnodeconfigs.cilium.io
- ciliumcidrgroups.cilium.io
- ciliuml2announcementpolicies.cilium.io
- ciliumpodippools.cilium.io
- ciliumloadbalancerippools.cilium.io
{% endif %}
{% if cilium_version is version('1.15', '>=') %}
- ciliumbgpclusterconfigs.cilium.io
- ciliumbgppeerconfigs.cilium.io
- ciliumbgpadvertisements.cilium.io
- ciliumbgpnodeconfigs.cilium.io
- ciliumbgpnodeconfigoverrides.cilium.io
{% endif %}
{% endif %}
{% for rules in cilium_clusterrole_rules_operator_extra_vars %}
- apiGroups:
{% for api in rules['apiGroups'] %}
- {{ api }}
{% endfor %}
resources:
{% for resource in rules['resources'] %}
- {{ resource }}
{% endfor %}
verbs:
{% for verb in rules['verbs'] %}
- {{ verb }}
{% endfor %}
{% if 'resourceNames' in rules %}
resourceNames:
{% for resourceName in rules['resourceNames'] %}
- {{ resourceName }}
{% endfor %}
{% endif %}
{% endfor %}

13
roles/network_plugin/cilium/templates/cilium-operator/crb.yml.j2
View File

@@ -1,13 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cilium-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cilium-operator
subjects:
- kind: ServiceAccount
name: cilium-operator
namespace: kube-system

170
roles/network_plugin/cilium/templates/cilium-operator/deploy.yml.j2
View File

@@ -1,170 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cilium-operator
namespace: kube-system
labels:
io.cilium/app: operator
name: cilium-operator
spec:
{% if groups.k8s_cluster | length == 1 %}
replicas: 1
{% else %}
replicas: {{ cilium_operator_replicas }}
{% endif %}
selector:
matchLabels:
io.cilium/app: operator
name: cilium-operator
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
{% if cilium_enable_prometheus %}
annotations:
prometheus.io/port: "{{ cilium_operator_scrape_port }}"
prometheus.io/scrape: "true"
{% endif %}
labels:
io.cilium/app: operator
name: cilium-operator
spec:
containers:
- name: cilium-operator
image: "{{ cilium_operator_image_repo }}:{{ cilium_operator_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- cilium-operator
args:
- --config-dir=/tmp/cilium/config-map
- --debug=$(CILIUM_DEBUG)
{% if cilium_operator_custom_args is string %}
- {{ cilium_operator_custom_args }}
{% else %}
{% for flag in cilium_operator_custom_args %}
- {{ flag }}
{% endfor %}
{% endif %}
env:
- name: K8S_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: CILIUM_K8S_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: CILIUM_DEBUG
valueFrom:
configMapKeyRef:
key: debug
name: cilium-config
optional: true
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: cilium-aws
key: AWS_ACCESS_KEY_ID
optional: true
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: cilium-aws
key: AWS_SECRET_ACCESS_KEY
optional: true
- name: AWS_DEFAULT_REGION
valueFrom:
secretKeyRef:
name: cilium-aws
key: AWS_DEFAULT_REGION
optional: true
{% if (cilium_kube_proxy_replacement == 'strict') or (cilium_kube_proxy_replacement | bool) or (cilium_kube_proxy_replacement | string | lower == 'true') %}
- name: KUBERNETES_SERVICE_HOST
value: "{{ kube_apiserver_global_endpoint | urlsplit('hostname') }}"
- name: KUBERNETES_SERVICE_PORT
value: "{{ kube_apiserver_global_endpoint | urlsplit('port') }}"
{% endif %}
{% if cilium_enable_prometheus %}
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
ports:
- name: prometheus
containerPort: {{ cilium_operator_scrape_port }}
hostPort: {{ cilium_operator_scrape_port }}
protocol: TCP
{% endif %}
livenessProbe:
httpGet:
{% if cilium_enable_ipv4 %}
host: 127.0.0.1
{% else %}
host: '::1'
{% endif %}
path: /healthz
port: 9234
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 3
volumeMounts:
- name: cilium-config-path
mountPath: /tmp/cilium/config-map
readOnly: true
{% if cilium_identity_allocation_mode == "kvstore" %}
- name: etcd-config-path
mountPath: /var/lib/etcd-config
readOnly: true
- name: etcd-secrets
mountPath: "{{ cilium_cert_dir }}"
readOnly: true
{% endif %}
{% for volume_mount in cilium_operator_extra_volume_mounts %}
- {{ volume_mount | to_nice_yaml(indent=2) | indent(14) }}
{% endfor %}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
restartPolicy: Always
priorityClassName: system-node-critical
serviceAccount: cilium-operator
serviceAccountName: cilium-operator
# In HA mode, cilium-operator pods must not be scheduled on the same
# node as they will clash with each other.
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
io.cilium/app: operator
tolerations:
{{ cilium_operator_tolerations | list | to_nice_yaml(indent=2) | indent(8) }}
volumes:
- name: cilium-config-path
configMap:
name: cilium-config
{% if cilium_identity_allocation_mode == "kvstore" %}
# To read the etcd config stored in config maps
- name: etcd-config-path
configMap:
name: cilium-config
defaultMode: 420
items:
- key: etcd-config
path: etcd.config
# To read the k8s etcd secrets in case the user might want to use TLS
- name: etcd-secrets
hostPath:
path: "{{ cilium_cert_dir }}"
{% endif %}
{% for volume in cilium_operator_extra_volumes %}
- {{ volume | to_nice_yaml(indent=2) | indent(10) }}
{% endfor %}

6
roles/network_plugin/cilium/templates/cilium-operator/sa.yml.j2
View File

@@ -1,6 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: cilium-operator
namespace: kube-system

299
roles/network_plugin/cilium/templates/cilium/config.yml.j2
View File

@@ -1,299 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: cilium-config
namespace: kube-system
data:
identity-allocation-mode: {{ cilium_identity_allocation_mode }}
{% if cilium_identity_allocation_mode == "kvstore" %}
# This etcd-config contains the etcd endpoints of your cluster. If you use
# TLS please make sure you follow the tutorial in https://cilium.link/etcd-config
etcd-config: |-
---
endpoints:
{% for ip_addr in etcd_access_addresses.split(',') %}
- {{ ip_addr }}
{% endfor %}
# In case you want to use TLS in etcd, uncomment the 'ca-file' line
# and create a kubernetes secret by following the tutorial in
# https://cilium.link/etcd-config
{% if cilium_version | regex_replace('v') is version('1.17.0', '>=') %}
trusted-ca-file: "{{ cilium_cert_dir }}/ca_cert.crt"
{% else %}
ca-file: "{{ cilium_cert_dir }}/ca_cert.crt"
{% endif %}
# In case you want client to server authentication, uncomment the following
# lines and create a kubernetes secret by following the tutorial in
# https://cilium.link/etcd-config
key-file: "{{ cilium_cert_dir }}/key.pem"
cert-file: "{{ cilium_cert_dir }}/cert.crt"
# kvstore
# https://docs.cilium.io/en/latest/cmdref/kvstore/
kvstore: etcd
kvstore-opt: '{"etcd.config": "/var/lib/etcd-config/etcd.config"}'
{% endif %}
# If you want metrics enabled in all of your Cilium agents, set the port for
# which the Cilium agents will have their metrics exposed.
# This option deprecates the "prometheus-serve-addr" in the
# "cilium-metrics-config" ConfigMap
# NOTE that this will open the port on ALL nodes where Cilium pods are
# scheduled.
{% if cilium_enable_prometheus %}
prometheus-serve-addr: ":{{ cilium_agent_scrape_port }}"
operator-prometheus-serve-addr: ":{{ cilium_operator_scrape_port }}"
enable-metrics: "true"
{% endif %}
# If you want to run cilium in debug mode change this value to true
debug: "{{ cilium_debug }}"
enable-ipv4: "{{ cilium_enable_ipv4 }}"
enable-ipv6: "{{ cilium_enable_ipv6 }}"
# If a serious issue occurs during Cilium startup, this
# invasive option may be set to true to remove all persistent
# state. Endpoints will not be restored using knowledge from a
# prior Cilium run, so they may receive new IP addresses upon
# restart. This also triggers clean-cilium-bpf-state.
clean-cilium-state: "false"
# If you want to clean cilium BPF state, set this to true;
# Removes all BPF maps from the filesystem. Upon restart,
# endpoints are restored with the same IP addresses, however
# any ongoing connections may be disrupted briefly.
# Loadbalancing decisions will be reset, so any ongoing
# connections via a service may be loadbalanced to a different
# backend after restart.
clean-cilium-bpf-state: "false"
# Users who wish to specify their own custom CNI configuration file must set
# custom-cni-conf to "true", otherwise Cilium may overwrite the configuration.
custom-cni-conf: "false"
{% if cilium_version is version('1.14.0', '>=') %}
# Tell the agent to generate and write a CNI configuration file
write-cni-conf-when-ready: /host/etc/cni/net.d/05-cilium.conflist
cni-exclusive: "{{ cilium_cni_exclusive }}"
cni-log-file: "{{ cilium_cni_log_file }}"
{% endif %}
# If you want cilium monitor to aggregate tracing for packets, set this level
# to "low", "medium", or "maximum". The higher the level, the less packets
# that will be seen in monitor output.
monitor-aggregation: "{{ cilium_monitor_aggregation }}"
# ct-global-max-entries-* specifies the maximum number of connections
# supported across all endpoints, split by protocol: tcp or other. One pair
# of maps uses these values for IPv4 connections, and another pair of maps
# use these values for IPv6 connections.
#
# If these values are modified, then during the next Cilium startup the
# tracking of ongoing connections may be disrupted. This may lead to brief
# policy drops or a change in loadbalancing decisions for a connection.
#
# For users upgrading from Cilium 1.2 or earlier, to minimize disruption
# during the upgrade process, comment out these options.
bpf-ct-global-tcp-max: "524288"
bpf-ct-global-any-max: "262144"
# Pre-allocation of map entries allows per-packet latency to be reduced, at
# the expense of up-front memory allocation for the entries in the maps. The
# default value below will minimize memory usage in the default installation;
# users who are sensitive to latency may consider setting this to "true".
#
# This option was introduced in Cilium 1.4. Cilium 1.3 and earlier ignore
# this option and behave as though it is set to "true".
#
# If this value is modified, then during the next Cilium startup the restore
# of existing endpoints and tracking of ongoing connections may be disrupted.
# This may lead to policy drops or a change in loadbalancing decisions for a
# connection for some time. Endpoints may need to be recreated to restore
# connectivity.
#
# If this option is set to "false" during an upgrade from 1.3 or earlier to
# 1.4 or later, then it may cause one-time disruptions during the upgrade.
preallocate-bpf-maps: "{{ cilium_preallocate_bpf_maps }}"
# Regular expression matching compatible Istio sidecar istio-proxy
# container image names
sidecar-istio-proxy-image: "cilium/istio_proxy"
# Encapsulation mode for communication between nodes
# Possible values:
# - disabled
# - vxlan (default)
# - geneve
{% if cilium_version is version('1.14.0', '<') %}
tunnel: "{{ cilium_tunnel_mode }}"
{% elif cilium_version is version('1.14.0', '>=') and cilium_tunnel_mode == 'disabled' %}
routing-mode: 'native'
{% elif cilium_version is version('1.14.0', '>=') and cilium_tunnel_mode != 'disabled' %}
routing-mode: 'tunnel'
tunnel-protocol: "{{ cilium_tunnel_mode }}"
{% endif %}
## DSR setting
bpf-lb-mode: "{{ cilium_loadbalancer_mode }}"
# l2
enable-l2-announcements: "{{ cilium_l2announcements }}"
# Enable Bandwidth Manager
# Cilium's bandwidth manager supports the kubernetes.io/egress-bandwidth Pod annotation.
# Bandwidth enforcement currently does not work in combination with L7 Cilium Network Policies.
# In case they select the Pod at egress, then the bandwidth enforcement will be disabled for those Pods.
# Bandwidth Manager requires a v5.1.x or more recent Linux kernel.
{% if cilium_enable_bandwidth_manager %}
enable-bandwidth-manager: "true"
{% endif %}
# Host Firewall and Policy Audit Mode
enable-host-firewall: "{{ cilium_enable_host_firewall | capitalize }}"
policy-audit-mode: "{{ cilium_policy_audit_mode | capitalize }}"
# Name of the cluster. Only relevant when building a mesh of clusters.
cluster-name: "{{ cilium_cluster_name }}"
# Unique ID of the cluster. Must be unique across all conneted clusters and
# in the range of 1 and 255. Only relevant when building a mesh of clusters.
#cluster-id: 1
{% if cilium_cluster_id is defined %}
cluster-id: "{{ cilium_cluster_id }}"
{% endif %}
# `wait-bpf-mount` is removed after v1.10.4
# https://github.com/cilium/cilium/commit/d2217045cb3726a7f823174e086913b69b8090da
{% if cilium_version is version('1.10.4', '<') %}
# wait-bpf-mount makes init container wait until bpf filesystem is mounted
wait-bpf-mount: "false"
{% endif %}
# `kube-proxy-replacement=partial|strict|disabled` is deprecated since january 2024 and unsupported in 1.16.
# Replaced by `kube-proxy-replacement=true|false`
# https://github.com/cilium/cilium/pull/31286
{% if cilium_version is version('1.16', '<') %}
kube-proxy-replacement: "{{ cilium_kube_proxy_replacement }}"
{% else %}
kube-proxy-replacement: "{% if (cilium_kube_proxy_replacement == 'strict') or (cilium_kube_proxy_replacement | bool) or (cilium_kube_proxy_replacement | string | lower == 'true') %}true{% else %}false{% endif %}"
{% endif %}
# `native-routing-cidr` is deprecated in 1.10, removed in 1.12.
# Replaced by `ipv4-native-routing-cidr`
# https://github.com/cilium/cilium/pull/16695
{% if cilium_version is version('1.12', '<') %}
native-routing-cidr: "{{ cilium_native_routing_cidr }}"
{% else %}
{% if cilium_native_routing_cidr | length %}
ipv4-native-routing-cidr: "{{ cilium_native_routing_cidr }}"
{% endif %}
{% if cilium_native_routing_cidr_ipv6 | length %}
ipv6-native-routing-cidr: "{{ cilium_native_routing_cidr_ipv6 }}"
{% endif %}
{% endif %}
auto-direct-node-routes: "{{ cilium_auto_direct_node_routes }}"
operator-api-serve-addr: "{{ cilium_operator_api_serve_addr }}"
# Hubble settings
{% if cilium_enable_hubble %}
enable-hubble: "true"
{% if cilium_enable_hubble_metrics %}
hubble-metrics-server: ":{{ cilium_hubble_scrape_port }}"
hubble-metrics:
{% for hubble_metrics_cycle in cilium_hubble_metrics %}
{{ hubble_metrics_cycle }}
{% endfor %}
{% endif %}
{% if cilium_hubble_event_buffer_capacity is defined %}
hubble-event-buffer-capacity: "{{ cilium_hubble_event_buffer_capacity }}"
{% endif %}
{% if cilium_hubble_event_queue_size is defined %}
hubble-event-queue-size: "{{ cilium_hubble_event_queue_size }}"
{% endif %}
hubble-listen-address: ":4244"
{% if cilium_enable_hubble and cilium_hubble_install %}
hubble-disable-tls: "{% if cilium_hubble_tls_generate %}false{% else %}true{% endif %}"
hubble-tls-cert-file: /var/lib/cilium/tls/hubble/server.crt
hubble-tls-key-file: /var/lib/cilium/tls/hubble/server.key
hubble-tls-client-ca-files: /var/lib/cilium/tls/hubble/client-ca.crt
{% endif %}
{% endif %}
# IP Masquerade Agent
enable-ip-masq-agent: "{{ cilium_ip_masq_agent_enable }}"
{% for key, value in cilium_config_extra_vars.items() %}
{{ key }}: "{{ value }}"
{% endfor %}
# Enable transparent network encryption
{% if cilium_encryption_enabled %}
{% if cilium_encryption_type == "ipsec" %}
enable-ipsec: "true"
ipsec-key-file: /etc/ipsec/keys
encrypt-node: "{{ cilium_ipsec_node_encryption }}"
{% endif %}
{% if cilium_encryption_type == "wireguard" %}
enable-wireguard: "true"
enable-wireguard-userspace-fallback: "{{ cilium_wireguard_userspace_fallback }}"
{% endif %}
{% endif %}
# IPAM settings
ipam: "{{ cilium_ipam_mode }}"
{% if cilium_ipam_mode == "cluster-pool" %}
cluster-pool-ipv4-cidr: "{{ cilium_pool_cidr | default(kube_pods_subnet) }}"
cluster-pool-ipv4-mask-size: "{{ cilium_pool_mask_size | default(kube_network_node_prefix) }}"
{% if cilium_enable_ipv6 %}
cluster-pool-ipv6-cidr: "{{ cilium_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}"
cluster-pool-ipv6-mask-size: "{{ cilium_pool_mask_size_ipv6 | default(kube_network_node_prefix_ipv6) }}"
{% endif %}
{% endif %}
agent-health-port: "{{ cilium_agent_health_port }}"
{% if cilium_version is version('1.11', '>=') and cilium_cgroup_host_root != '' %}
cgroup-root: "{{ cilium_cgroup_host_root }}"
{% endif %}
bpf-map-dynamic-size-ratio: "{{ cilium_bpf_map_dynamic_size_ratio }}"
enable-ipv4-masquerade: "{{ cilium_enable_ipv4_masquerade }}"
enable-ipv6-masquerade: "{{ cilium_enable_ipv6_masquerade }}"
enable-bpf-masquerade: "{{ cilium_enable_bpf_masquerade }}"
enable-host-legacy-routing: "{{ cilium_enable_host_legacy_routing }}"
enable-remote-node-identity: "{{ cilium_enable_remote_node_identity }}"
enable-well-known-identities: "{{ cilium_enable_well_known_identities }}"
monitor-aggregation-flags: "{{ cilium_monitor_aggregation_flags }}"
enable-bpf-clock-probe: "{{ cilium_enable_bpf_clock_probe }}"
enable-bgp-control-plane: "{{ cilium_enable_bgp_control_plane }}"
disable-cnp-status-updates: "{{ cilium_disable_cnp_status_updates }}"
{% if cilium_ip_masq_agent_enable %}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ip-masq-agent
namespace: kube-system
data:
config: |
nonMasqueradeCIDRs:
{% for cidr in cilium_non_masquerade_cidrs %}
- {{ cidr }}
{% endfor %}
masqLinkLocal: {{ cilium_masq_link_local | bool }}
resyncInterval: "{{ cilium_ip_masq_resync_interval }}"
{% endif %}

166
roles/network_plugin/cilium/templates/cilium/cr.yml.j2
View File

@@ -1,166 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cilium
rules:
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
- services
- pods
- endpoints
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
{% if cilium_version is version('1.12', '<') %}
- apiGroups:
- ""
resources:
- pods
- pods/finalizers
verbs:
- get
- list
- watch
- update
- delete
- apiGroups:
- ""
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- update
{% endif %}
- apiGroups:
- ""
resources:
- nodes
- nodes/status
verbs:
- patch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
# Deprecated for removal in v1.10
- create
- list
- watch
- update
# This is used when validating policies in preflight. This will need to stay
# until we figure out how to avoid "get" inside the preflight, and then
# should be removed ideally.
- get
- apiGroups:
- cilium.io
resources:
- ciliumnetworkpolicies
- ciliumnetworkpolicies/status
- ciliumclusterwidenetworkpolicies
- ciliumclusterwidenetworkpolicies/status
- ciliumendpoints
- ciliumendpoints/status
- ciliumnodes
- ciliumnodes/status
- ciliumidentities
- ciliumlocalredirectpolicies
- ciliumlocalredirectpolicies/status
- ciliumegressnatpolicies
{% if cilium_version is version('1.11', '>=') %}
- ciliumendpointslices
{% endif %}
{% if cilium_version is version('1.12', '>=') %}
- ciliumbgploadbalancerippools
- ciliumbgppeeringpolicies
{% if cilium_version is version('1.13', '>=') %}
- ciliumloadbalancerippools
{% endif %}
{% endif %}
{% if cilium_version is version('1.11.5', '<') %}
- ciliumnetworkpolicies/finalizers
- ciliumclusterwidenetworkpolicies/finalizers
- ciliumendpoints/finalizers
- ciliumnodes/finalizers
- ciliumidentities/finalizers
- ciliumlocalredirectpolicies/finalizers
{% endif %}
{% if cilium_version is version('1.14', '>=') %}
- ciliuml2announcementpolicies/status
{% endif %}
{% if cilium_version is version('1.15', '>=') %}
- ciliumbgpnodeconfigs
- ciliumbgpnodeconfigs/status
- ciliumbgpadvertisements
- ciliumbgppeerconfigs
{% endif %}
{% if cilium_version is version('1.16', '>=') %}
- ciliumbgpclusterconfigs
{% endif %}
verbs:
- '*'
{% if cilium_version is version('1.12', '>=') %}
- apiGroups:
- cilium.io
resources:
- ciliumclusterwideenvoyconfigs
- ciliumenvoyconfigs
- ciliumegressgatewaypolicies
verbs:
- list
- watch
{% endif %}
{% if cilium_version is version('1.14', '>=') %}
- apiGroups:
- cilium.io
resources:
- ciliumcidrgroups
- ciliuml2announcementpolicies
- ciliumpodippools
- ciliumloadbalancerippools
- ciliuml2announcementpolicies/status
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
- list
- delete
{% endif %}

13
roles/network_plugin/cilium/templates/cilium/crb.yml.j2
View File

@@ -1,13 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cilium
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cilium
subjects:
- kind: ServiceAccount
name: cilium
namespace: kube-system

446
roles/network_plugin/cilium/templates/cilium/ds.yml.j2
View File

@@ -1,446 +0,0 @@
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: cilium
namespace: kube-system
labels:
k8s-app: cilium
spec:
selector:
matchLabels:
k8s-app: cilium
updateStrategy:
rollingUpdate:
# Specifies the maximum number of Pods that can be unavailable during the update process.
maxUnavailable: 2
type: RollingUpdate
template:
metadata:
annotations:
{% if cilium_enable_prometheus %}
prometheus.io/port: "{{ cilium_agent_scrape_port }}"
prometheus.io/scrape: "true"
{% endif %}
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"dedicated","operator":"Equal","value":"master","effect":"NoSchedule"}]'
labels:
k8s-app: cilium
spec:
containers:
- name: cilium-agent
image: "{{ cilium_image_repo }}:{{ cilium_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- cilium-agent
args:
- --config-dir=/tmp/cilium/config-map
{% if cilium_mtu != "" %}
- --mtu={{ cilium_mtu }}
{% endif %}
{% if cilium_agent_custom_args is string %}
- {{ cilium_agent_custom_args }}
{% else %}
{% for flag in cilium_agent_custom_args %}
- {{ flag }}
{% endfor %}
{% endif %}
startupProbe:
httpGet:
host: '127.0.0.1'
path: /healthz
port: {{ cilium_agent_health_port }}
scheme: HTTP
httpHeaders:
- name: "brief"
value: "true"
failureThreshold: 105
periodSeconds: 2
successThreshold: 1
livenessProbe:
httpGet:
host: '127.0.0.1'
path: /healthz
port: {{ cilium_agent_health_port }}
scheme: HTTP
httpHeaders:
- name: "brief"
value: "true"
failureThreshold: 10
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
httpGet:
host: 127.0.0.1
path: /healthz
port: {{ cilium_agent_health_port }}
scheme: HTTP
httpHeaders:
- name: "brief"
value: "true"
initialDelaySeconds: 5
periodSeconds: 30
successThreshold: 1
failureThreshold: 3
timeoutSeconds: 5
env:
- name: K8S_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: CILIUM_K8S_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: CILIUM_CLUSTERMESH_CONFIG
value: /var/lib/cilium/clustermesh/
{% if (cilium_kube_proxy_replacement == 'strict') or (cilium_kube_proxy_replacement | bool) or (cilium_kube_proxy_replacement | string | lower == 'true') %}
- name: KUBERNETES_SERVICE_HOST
value: "{{ kube_apiserver_global_endpoint | urlsplit('hostname') }}"
- name: KUBERNETES_SERVICE_PORT
value: "{{ kube_apiserver_global_endpoint | urlsplit('port') }}"
{% endif %}
{% for env_var in cilium_agent_extra_env_vars %}
- {{ env_var | to_nice_yaml(indent=2) | indent(10) }}
{% endfor %}
lifecycle:
{% if cilium_version is version('1.14', '<') %}
postStart:
exec:
command:
- "/cni-install.sh"
- "--cni-exclusive={{ cilium_cni_exclusive | string | lower }}"
{% if cilium_version is version('1.12', '>=') %}
- "--enable-debug={{ cilium_debug | string | lower }}"
- "--log-file={{ cilium_cni_log_file }}"
{% endif %}
{% endif %}
preStop:
exec:
command:
- /cni-uninstall.sh
resources:
limits:
cpu: {{ cilium_cpu_limit }}
memory: {{ cilium_memory_limit }}
requests:
cpu: {{ cilium_cpu_requests }}
memory: {{ cilium_memory_requests }}
{% if cilium_enable_prometheus or cilium_enable_hubble_metrics %}
ports:
{% endif %}
{% if cilium_enable_prometheus %}
- name: prometheus
containerPort: {{ cilium_agent_scrape_port }}
hostPort: {{ cilium_agent_scrape_port }}
protocol: TCP
{% endif %}
{% if cilium_enable_hubble_metrics %}
- name: hubble-metrics
containerPort: {{ cilium_hubble_scrape_port }}
hostPort: {{ cilium_hubble_scrape_port }}
protocol: TCP
{% endif %}
securityContext:
privileged: true
volumeMounts:
- name: bpf-maps
mountPath: /sys/fs/bpf
mountPropagation: Bidirectional
- name: cilium-run
mountPath: /var/run/cilium
{% if cilium_version is version('1.13.1', '<') %}
- name: cni-path
mountPath: /host/opt/cni/bin
{% endif %}
- name: etc-cni-netd
mountPath: /host/etc/cni/net.d
{% if cilium_identity_allocation_mode == "kvstore" %}
- name: etcd-config-path
mountPath: /var/lib/etcd-config
readOnly: true
- name: etcd-secrets
mountPath: "{{ cilium_cert_dir }}"
readOnly: true
{% endif %}
- name: clustermesh-secrets
mountPath: /var/lib/cilium/clustermesh
readOnly: true
- name: cilium-config-path
mountPath: /tmp/cilium/config-map
readOnly: true
{% if cilium_ip_masq_agent_enable %}
- name: ip-masq-agent
mountPath: /etc/config
readOnly: true
{% endif %}
# Needed to be able to load kernel modules
- name: lib-modules
mountPath: /lib/modules
readOnly: true
- name: xtables-lock
mountPath: /run/xtables.lock
{% if cilium_encryption_enabled and cilium_encryption_type == "ipsec" %}
- name: cilium-ipsec-secrets
mountPath: /etc/ipsec
readOnly: true
{% endif %}
{% if cilium_hubble_install %}
- name: hubble-tls
mountPath: /var/lib/cilium/tls/hubble
readOnly: true
{% endif %}
{% for volume_mount in cilium_agent_extra_volume_mounts %}
- {{ volume_mount | to_nice_yaml(indent=2) | indent(10) }}
{% endfor %}
# In managed etcd mode, Cilium must be able to resolve the DNS name of the etcd service
{% if cilium_identity_allocation_mode == "kvstore" %}
dnsPolicy: ClusterFirstWithHostNet
{% endif %}
hostNetwork: true
initContainers:
{% if cilium_version is version('1.11', '>=') and cilium_cgroup_auto_mount %}
- name: mount-cgroup
image: "{{ cilium_image_repo }}:{{ cilium_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
env:
- name: CGROUP_ROOT
value: {{ cilium_cgroup_host_root }}
- name: BIN_PATH
value: /opt/cni/bin
command:
- sh
- -ec
# The statically linked Go program binary is invoked to avoid any
# dependency on utilities like sh and mount that can be missing on certain
# distros installed on the underlying host. Copy the binary to the
# same directory where we install cilium cni plugin so that exec permissions
# are available.
- |
cp /usr/bin/cilium-mount /hostbin/cilium-mount;
nsenter --cgroup=/hostproc/1/ns/cgroup --mount=/hostproc/1/ns/mnt "${BIN_PATH}/cilium-mount" $CGROUP_ROOT;
rm /hostbin/cilium-mount
volumeMounts:
- name: hostproc
mountPath: /hostproc
- name: cni-path
mountPath: /hostbin
securityContext:
privileged: true
{% endif %}
{% if cilium_version is version('1.11.7', '>=') %}
- name: apply-sysctl-overwrites
image: "{{ cilium_image_repo }}:{{ cilium_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
env:
- name: BIN_PATH
value: /opt/cni/bin
command:
- sh
- -ec
# The statically linked Go program binary is invoked to avoid any
# dependency on utilities like sh that can be missing on certain
# distros installed on the underlying host. Copy the binary to the
# same directory where we install cilium cni plugin so that exec permissions
# are available.
- |
cp /usr/bin/cilium-sysctlfix /hostbin/cilium-sysctlfix;
nsenter --mount=/hostproc/1/ns/mnt "${BIN_PATH}/cilium-sysctlfix";
rm /hostbin/cilium-sysctlfix
volumeMounts:
- name: hostproc
mountPath: /hostproc
- name: cni-path
mountPath: /hostbin
securityContext:
privileged: true
{% endif %}
- name: clean-cilium-state
image: "{{ cilium_image_repo }}:{{ cilium_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- /init-container.sh
env:
- name: CILIUM_ALL_STATE
valueFrom:
configMapKeyRef:
name: cilium-config
key: clean-cilium-state
optional: true
- name: CILIUM_BPF_STATE
valueFrom:
configMapKeyRef:
name: cilium-config
key: clean-cilium-bpf-state
optional: true
# Removed in 1.11 and up.
# https://github.com/cilium/cilium/commit/f7a3f59fd74983c600bfce9cac364b76d20849d9
{% if cilium_version is version('1.11', '<') %}
- name: CILIUM_WAIT_BPF_MOUNT
valueFrom:
configMapKeyRef:
key: wait-bpf-mount
name: cilium-config
optional: true
{% endif %}
{% if (cilium_kube_proxy_replacement == 'strict') or (cilium_kube_proxy_replacement | bool) or (cilium_kube_proxy_replacement | string | lower == 'true') %}
- name: KUBERNETES_SERVICE_HOST
value: "{{ kube_apiserver_global_endpoint | urlsplit('hostname') }}"
- name: KUBERNETES_SERVICE_PORT
value: "{{ kube_apiserver_global_endpoint | urlsplit('port') }}"
{% endif %}
securityContext:
privileged: true
volumeMounts:
- name: bpf-maps
mountPath: /sys/fs/bpf
{% if cilium_version is version('1.11', '>=') %}
# Required to mount cgroup filesystem from the host to cilium agent pod
- name: cilium-cgroup
mountPath: {{ cilium_cgroup_host_root }}
mountPropagation: HostToContainer
{% endif %}
- name: cilium-run
mountPath: /var/run/cilium
resources:
requests:
cpu: 100m
memory: 100Mi
{% if cilium_version is version('1.13.1', '>=') %}
# Install the CNI binaries in an InitContainer so we don't have a writable host mount in the agent
- name: install-cni-binaries
image: "{{ cilium_image_repo }}:{{ cilium_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- "/install-plugin.sh"
resources:
requests:
cpu: 100m
memory: 10Mi
securityContext:
privileged: true
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- name: cni-path
mountPath: /host/opt/cni/bin
{% endif %}
restartPolicy: Always
priorityClassName: system-node-critical
serviceAccount: cilium
serviceAccountName: cilium
terminationGracePeriodSeconds: 1
hostNetwork: true
# In managed etcd mode, Cilium must be able to resolve the DNS name of the etcd service
{% if cilium_identity_allocation_mode == "kvstore" %}
dnsPolicy: ClusterFirstWithHostNet
{% endif %}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
k8s-app: cilium
tolerations:
- operator: Exists
volumes:
# To keep state between restarts / upgrades
- name: cilium-run
hostPath:
path: /var/run/cilium
type: DirectoryOrCreate
# To keep state between restarts / upgrades for bpf maps
- name: bpf-maps
hostPath:
path: /sys/fs/bpf
type: DirectoryOrCreate
{% if cilium_version is version('1.11', '>=') %}
# To mount cgroup2 filesystem on the host
- name: hostproc
hostPath:
path: /proc
type: Directory
# To keep state between restarts / upgrades for cgroup2 filesystem
- name: cilium-cgroup
hostPath:
path: {{ cilium_cgroup_host_root }}
type: DirectoryOrCreate
{% endif %}
# To install cilium cni plugin in the host
- name: cni-path
hostPath:
path: /opt/cni/bin
type: DirectoryOrCreate
# To install cilium cni configuration in the host
- name: etc-cni-netd
hostPath:
path: /etc/cni/net.d
type: DirectoryOrCreate
# To be able to load kernel modules
- name: lib-modules
hostPath:
path: /lib/modules
# To access iptables concurrently with other processes (e.g. kube-proxy)
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
{% if cilium_identity_allocation_mode == "kvstore" %}
# To read the etcd config stored in config maps
- name: etcd-config-path
configMap:
name: cilium-config
# note: the leading zero means this number is in octal representation: do not remove it
defaultMode: 0400
items:
- key: etcd-config
path: etcd.config
# To read the k8s etcd secrets in case the user might want to use TLS
- name: etcd-secrets
hostPath:
path: "{{ cilium_cert_dir }}"
{% endif %}
# To read the clustermesh configuration
- name: clustermesh-secrets
secret:
secretName: cilium-clustermesh
# note: the leading zero means this number is in octal representation: do not remove it
defaultMode: 0400
optional: true
# To read the configuration from the config map
- name: cilium-config-path
configMap:
name: cilium-config
{% if cilium_ip_masq_agent_enable %}
- name: ip-masq-agent
configMap:
name: ip-masq-agent
optional: true
items:
- key: config
path: ip-masq-agent
{% endif %}
{% if cilium_encryption_enabled and cilium_encryption_type == "ipsec" %}
- name: cilium-ipsec-secrets
secret:
secretName: cilium-ipsec-keys
{% endif %}
{% if cilium_hubble_install %}
- name: hubble-tls
projected:
# note: the leading zero means this number is in octal representation: do not remove it
defaultMode: 0400
sources:
- secret:
name: hubble-server-certs
optional: true
items:
- key: ca.crt
path: client-ca.crt
- key: tls.crt
path: server.crt
- key: tls.key
path: server.key
{% endif %}

6
roles/network_plugin/cilium/templates/cilium/sa.yml.j2
View File

@@ -1,6 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: cilium
namespace: kube-system

9
roles/network_plugin/cilium/templates/cilium/secret.yml.j2
View File

@@ -1,9 +0,0 @@
---
apiVersion: v1
data:
keys: {{ cilium_ipsec_key }}
kind: Secret
metadata:
name: cilium-ipsec-keys
namespace: kube-system
type: Opaque

71
roles/network_plugin/cilium/templates/hubble/config.yml.j2
View File

@@ -1,71 +0,0 @@
#jinja2: trim_blocks:False
---
# Source: cilium helm chart: cilium/templates/hubble-relay/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: hubble-relay-config
namespace: kube-system
data:
config.yaml: |
cluster-name: "{{ cilium_cluster_name }}"
peer-service: "hubble-peer.kube-system.svc.{{ dns_domain }}:443"
listen-address: :4245
metrics-listen-address: ":9966"
dial-timeout:
retry-timeout:
sort-buffer-len-max:
sort-buffer-drain-timeout:
tls-client-cert-file: /var/lib/hubble-relay/tls/client.crt
tls-client-key-file: /var/lib/hubble-relay/tls/client.key
tls-server-cert-file: /var/lib/hubble-relay/tls/server.crt
tls-server-key-file: /var/lib/hubble-relay/tls/server.key
tls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt
disable-server-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %}
disable-client-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %}
---
# Source: cilium/templates/hubble-ui/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: hubble-ui-nginx
namespace: kube-system
data:
nginx.conf: |
server {
listen 8081;
{% if cilium_enable_ipv6 %}
listen [::]:8081;
{% endif %}
server_name localhost;
root /app;
index index.html;
client_max_body_size 1G;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# CORS
add_header Access-Control-Allow-Methods "GET, POST, PUT, HEAD, DELETE, OPTIONS";
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Max-Age 1728000;
add_header Access-Control-Expose-Headers content-length,grpc-status,grpc-message;
add_header Access-Control-Allow-Headers range,keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout;
if ($request_method = OPTIONS) {
return 204;
}
# /CORS
location /api {
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_hide_header Access-Control-Allow-Origin;
proxy_pass http://127.0.0.1:8090;
}
location / {
try_files $uri $uri/ /index.html;
}
}
}

108
roles/network_plugin/cilium/templates/hubble/cr.yml.j2
View File

@@ -1,108 +0,0 @@
{% if cilium_hubble_tls_generate %}
---
# Source: cilium/templates/hubble-generate-certs-clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: hubble-generate-certs
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- hubble-server-certs
- hubble-relay-client-certs
- hubble-relay-server-certs
verbs:
- update
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- hubble-ca-cert
verbs:
- update
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- hubble-ca-secret
verbs:
- get
{% endif %}
---
# Source: cilium/templates/hubble-relay-clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: hubble-relay
rules:
- apiGroups:
- ""
resources:
- componentstatuses
- endpoints
- namespaces
- nodes
- pods
- services
verbs:
- get
- list
- watch
{% if cilium_enable_hubble_ui %}
---
# Source: cilium/templates/hubble-ui-clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: hubble-ui
rules:
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- componentstatuses
- endpoints
- namespaces
- nodes
- pods
- services
verbs:
- get
- list
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- cilium.io
resources:
- "*"
verbs:
- get
- list
- watch
{% endif %}

46
roles/network_plugin/cilium/templates/hubble/crb.yml.j2
View File

@@ -1,46 +0,0 @@
{% if cilium_hubble_tls_generate %}
---
# Source: cilium/templates/hubble-generate-certs-clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: hubble-generate-certs
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: hubble-generate-certs
subjects:
- kind: ServiceAccount
name: hubble-generate-certs
namespace: kube-system
{% endif %}
---
# Source: cilium/templates/hubble-relay-clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: hubble-relay
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: hubble-relay
subjects:
- kind: ServiceAccount
namespace: kube-system
name: hubble-relay
{% if cilium_enable_hubble_ui %}
---
# Source: cilium/templates/hubble-ui-clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: hubble-ui
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: hubble-ui
subjects:
- kind: ServiceAccount
namespace: kube-system
name: hubble-ui
{% endif %}

38
roles/network_plugin/cilium/templates/hubble/cronjob.yml.j2
View File

@@ -1,38 +0,0 @@
---
# Source: cilium/templates/hubble-generate-certs-cronjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
name: hubble-generate-certs
namespace: kube-system
labels:
k8s-app: hubble-generate-certs
spec:
schedule: "0 0 1 */4 *"
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
metadata:
labels:
k8s-app: hubble-generate-certs
spec:
serviceAccount: hubble-generate-certs
serviceAccountName: hubble-generate-certs
containers:
- name: certgen
image: "{{ cilium_hubble_certgen_image_repo }}:{{ cilium_hubble_certgen_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- "/usr/bin/cilium-certgen"
# Because this is executed as a job, we pass the values as command
# line args instead of via config map. This allows users to inspect
# the values used in past runs by inspecting the completed pod.
args:
{% for key, value in cilium_certgen_args.items() -%}
- "--{{ key }}={{ value }}"
{% endfor %}
hostNetwork: true
restartPolicy: OnFailure
ttlSecondsAfterFinished: 1800

203
roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
View File

@@ -1,203 +0,0 @@
---
# Source: cilium/templates/hubble-relay-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: hubble-relay
labels:
k8s-app: hubble-relay
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
k8s-app: hubble-relay
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
annotations:
labels:
k8s-app: hubble-relay
spec:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: "k8s-app"
operator: In
values:
- cilium
topologyKey: "kubernetes.io/hostname"
containers:
- name: hubble-relay
image: "{{ cilium_hubble_relay_image_repo }}:{{ cilium_hubble_relay_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- hubble-relay
args:
- serve
ports:
- name: grpc
containerPort: 4245
{% if cilium_enable_prometheus %}
- name: prometheus
containerPort: 9966
protocol: TCP
{% endif %}
readinessProbe:
tcpSocket:
port: grpc
livenessProbe:
tcpSocket:
port: grpc
volumeMounts:
- mountPath: /var/run/cilium
name: hubble-sock-dir
readOnly: true
- mountPath: /etc/hubble-relay
name: config
readOnly: true
{% if cilium_hubble_tls_generate -%}
- mountPath: /var/lib/hubble-relay/tls
name: tls
readOnly: true
{%- endif %}
restartPolicy: Always
serviceAccount: hubble-relay
serviceAccountName: hubble-relay
terminationGracePeriodSeconds: 0
volumes:
- configMap:
name: hubble-relay-config
items:
- key: config.yaml
path: config.yaml
name: config
- hostPath:
path: /var/run/cilium
type: Directory
name: hubble-sock-dir
{% if cilium_hubble_tls_generate -%}
- projected:
sources:
- secret:
name: hubble-relay-client-certs
items:
- key: ca.crt
path: hubble-server-ca.crt
- key: tls.crt
path: client.crt
- key: tls.key
path: client.key
- secret:
name: hubble-server-certs
items:
- key: tls.crt
path: server.crt
- key: tls.key
path: server.key
name: tls
{%- endif %}
{% if cilium_enable_hubble_ui %}
---
# Source: cilium/templates/hubble-ui/deployment.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
namespace: kube-system
labels:
k8s-app: hubble-ui
name: hubble-ui
spec:
replicas: 1
selector:
matchLabels:
k8s-app: hubble-ui
template:
metadata:
annotations:
labels:
k8s-app: hubble-ui
spec:
securityContext:
runAsUser: 1001
serviceAccount: hubble-ui
serviceAccountName: hubble-ui
containers:
- name: frontend
image: "{{ cilium_hubble_ui_image_repo }}:{{ cilium_hubble_ui_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
ports:
- containerPort: 8081
name: http
volumeMounts:
- name: hubble-ui-nginx-conf
mountPath: /etc/nginx/conf.d/default.conf
subPath: nginx.conf
- name: tmp-dir
mountPath: /tmp
resources:
{}
- name: backend
image: "{{ cilium_hubble_ui_backend_image_repo }}:{{ cilium_hubble_ui_backend_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
env:
- name: EVENTS_SERVER_PORT
value: "8090"
{% if cilium_hubble_tls_generate -%}
- name: TLS_TO_RELAY_ENABLED
value: "true"
- name: FLOWS_API_ADDR
value: "hubble-relay:443"
- name: TLS_RELAY_SERVER_NAME
value: ui.{{ cilium_cluster_name }}.hubble-grpc.cilium.io
- name: TLS_RELAY_CA_CERT_FILES
value: /var/lib/hubble-ui/certs/hubble-server-ca.crt
- name: TLS_RELAY_CLIENT_CERT_FILE
value: /var/lib/hubble-ui/certs/client.crt
- name: TLS_RELAY_CLIENT_KEY_FILE
value: /var/lib/hubble-ui/certs/client.key
{% else -%}
- name: FLOWS_API_ADDR
value: "hubble-relay:80"
{% endif %}
{% if cilium_hubble_tls_generate -%}
volumeMounts:
- name: tls
mountPath: /var/lib/hubble-ui/certs
readOnly: true
{%- endif %}
ports:
- containerPort: 8090
name: grpc
resources:
{}
volumes:
- configMap:
defaultMode: 420
name: hubble-ui-nginx
name: hubble-ui-nginx-conf
{% if cilium_hubble_tls_generate -%}
- projected:
sources:
- secret:
name: hubble-relay-client-certs
items:
- key: ca.crt
path: hubble-server-ca.crt
- key: tls.crt
path: client.crt
- key: tls.key
path: client.key
name: tls
{%- endif %}
- emptyDir: {}
name: tmp-dir
{% endif %}

34
roles/network_plugin/cilium/templates/hubble/job.yml.j2
View File

@@ -1,34 +0,0 @@
---
# Source: cilium/templates/hubble-generate-certs-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: hubble-generate-certs
namespace: kube-system
labels:
k8s-app: hubble-generate-certs
spec:
template:
metadata:
labels:
k8s-app: hubble-generate-certs
spec:
serviceAccount: hubble-generate-certs
serviceAccountName: hubble-generate-certs
containers:
- name: certgen
image: "{{ cilium_hubble_certgen_image_repo }}:{{ cilium_hubble_certgen_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- "/usr/bin/cilium-certgen"
# Because this is executed as a job, we pass the values as command
# line args instead of via config map. This allows users to inspect
# the values used in past runs by inspecting the completed pod.
args:
{% for key, value in cilium_certgen_args.items() -%}
- "--{{ key }}={{ value }}"
{% endfor %}
hostNetwork: true
restartPolicy: OnFailure
ttlSecondsAfterFinished: 1800

25
roles/network_plugin/cilium/templates/hubble/sa.yml.j2
View File

@@ -1,25 +0,0 @@
{% if cilium_hubble_tls_generate %}
---
# Source: cilium/templates/hubble-generate-certs-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: hubble-generate-certs
namespace: kube-system
{% endif %}
---
# Source: cilium/templates/hubble-relay-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: hubble-relay
namespace: kube-system
{% if cilium_enable_hubble_ui %}
---
# Source: cilium/templates/hubble-ui-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: hubble-ui
namespace: kube-system
{% endif %}

106
roles/network_plugin/cilium/templates/hubble/service.yml.j2
View File

@@ -1,106 +0,0 @@
{% if cilium_enable_prometheus or cilium_enable_hubble_metrics %}
---
# Source: cilium/templates/cilium-agent-service.yaml
kind: Service
apiVersion: v1
metadata:
name: hubble-metrics
namespace: kube-system
annotations:
prometheus.io/scrape: 'true'
prometheus.io/port: "{{ cilium_hubble_scrape_port }}"
labels:
k8s-app: hubble
spec:
clusterIP: None
type: ClusterIP
ports:
- name: hubble-metrics
port: 9091
protocol: TCP
targetPort: hubble-metrics
selector:
k8s-app: cilium
---
# Source: cilium/templates/hubble-relay/metrics-service.yaml
# We use a separate service from hubble-relay which can be exposed externally
kind: Service
apiVersion: v1
metadata:
name: hubble-relay-metrics
namespace: kube-system
labels:
k8s-app: hubble-relay
annotations:
prometheus.io/scrape: 'true'
prometheus.io/port: "9966"
spec:
clusterIP: None
type: ClusterIP
selector:
k8s-app: hubble-relay
ports:
- name: metrics
port: 9966
protocol: TCP
targetPort: prometheus
{% endif %}
---
# Source: cilium/templates/hubble-relay-service.yaml
kind: Service
apiVersion: v1
metadata:
name: hubble-relay
namespace: kube-system
labels:
k8s-app: hubble-relay
spec:
type: ClusterIP
selector:
k8s-app: hubble-relay
ports:
- protocol: TCP
{% if cilium_hubble_tls_generate -%}
port: 443
{% else -%}
port: 80
{% endif -%}
targetPort: 4245
---
{% if cilium_enable_hubble_ui %}
# Source: cilium/templates/hubble-ui-service.yaml
kind: Service
apiVersion: v1
metadata:
name: hubble-ui
labels:
k8s-app: hubble-ui
namespace: kube-system
spec:
selector:
k8s-app: hubble-ui
ports:
- name: http
port: 80
targetPort: 8081
type: ClusterIP
---
{% endif %}
# Source: cilium/templates/hubble/peer-service.yaml
apiVersion: v1
kind: Service
metadata:
name: hubble-peer
namespace: kube-system
labels:
k8s-app: cilium
spec:
selector:
k8s-app: cilium
ports:
- name: peer-service
port: 443
protocol: TCP
targetPort: 4244
internalTrafficPolicy: Local

172
roles/network_plugin/cilium/templates/values.yaml.j2 Normal file
View File

@@ -0,0 +1,172 @@
#jinja2: trim_blocks: True, lstrip_blocks: True
MTU: {{ cilium_mtu }}
debug:
enabled: {{ cilium_debug | to_json }}
image:
repository: {{ cilium_image_repo }}
tag: {{ cilium_image_tag }}
k8sServiceHost: "auto"
k8sServicePort: "auto"
ipv4:
enabled: {{ cilium_enable_ipv4 | to_json }}
ipv6:
enabled: {{ cilium_enable_ipv6 | to_json }}
l2announcements:
enabled: {{ cilium_l2announcements | to_json }}
bgpControlPlane:
enabled: {{ cilium_enable_bgp_control_plane | to_json }}
healthPort: {{ cilium_agent_health_port }}
identityAllocationMode: {{ cilium_identity_allocation_mode }}
tunnelProtocol: {{ cilium_tunnel_mode }}
loadbalancer:
mode: {{ cilium_loadbalancer_mode }}
kubeProxyReplacement: {{ cilium_kube_proxy_replacement | to_json }}
{% if cilium_dns_proxy_enable_transparent_mode is defined %}
dnsProxy:
enableTransparentMode: {{ cilium_dns_proxy_enable_transparent_mode | to_json }}
{% endif %}
extraVolumes:
{{ cilium_agent_extra_volumes | to_nice_yaml(indent=2) | indent(2) }}
extraVolumeMounts:
{{ cilium_agent_extra_volume_mounts | to_nice_yaml(indent=2) | indent(2) }}
extraArgs:
{{ cilium_agent_extra_args | to_nice_yaml(indent=2) | indent(2) }}
bpf:
masquerade: {{ cilium_enable_bpf_masquerade | to_json }}
hostLegacyRouting: {{ cilium_enable_host_legacy_routing | to_json }}
monitorAggregation: {{ cilium_monitor_aggregation }}
preallocateMaps: {{ cilium_preallocate_bpf_maps | to_json }}
mapDynamicSizeRatio: {{ cilium_bpf_map_dynamic_size_ratio }}
cni:
exclusive: {{ cilium_cni_exclusive | to_json }}
logFile: {{ cilium_cni_log_file }}
autoDirectNodeRoutes: {{ cilium_auto_direct_node_routes | to_json }}
ipv4NativeRoutingCIDR: {{ cilium_native_routing_cidr }}
ipv6NativeRoutingCIDR: {{ cilium_native_routing_cidr_ipv6 }}
encryption:
enabled: {{ cilium_encryption_enabled | to_json }}
{% if cilium_encryption_enabled %}
type: {{ cilium_encryption_type }}
{% if cilium_encryption_type == 'wireguard' %}
nodeEncryption: {{ cilium_encryption_node_encryption | to_json }}
{% endif %}
{% endif %}
bandwidthManager:
enabled: {{ cilium_enable_bandwidth_manager | to_json }}
bbr: {{ cilium_enable_bandwidth_manager_bbr | to_json }}
ipMasqAgent:
enabled: {{ cilium_ip_masq_agent_enable | to_json }}
{% if cilium_ip_masq_agent_enable %}
config:
nonMasqueradeCIDRs: {{ cilium_non_masquerade_cidrs }}
masqLinkLocal: {{ cilium_masq_link_local | to_json }}
masqLinkLocalIPv6: {{ cilium_masq_link_local_ipv6 | to_json }}
# cilium_ip_masq_resync_interval
{% endif %}
hubble:
peerService:
clusterDomain: {{ cilium_hubble_peer_service_cluster_domain }}
enabled: {{ cilium_enable_hubble | to_json }}
relay:
enabled: {{ cilium_enable_hubble | to_json }}
image:
repository: {{ cilium_hubble_relay_image_repo }}
tag: {{ cilium_hubble_relay_image_tag }}
ui:
enabled: {{ cilium_enable_hubble_ui | to_json }}
backend:
image:
repository: {{ cilium_hubble_ui_backend_image_repo }}
tag: {{ cilium_hubble_ui_backend_image_tag }}
frontend:
image:
repository: {{ cilium_hubble_ui_image_repo }}
tag: {{ cilium_hubble_ui_image_tag }}
metrics:
enabled: {{ cilium_hubble_metrics | to_json }}
export:
fileMaxBackups: {{ cilium_hubble_export_file_max_backups }}
fileMaxSizeMb: {{ cilium_hubble_export_file_max_size_mb }}
dynamic:
enabled: {{ cilium_hubble_export_dynamic_enabled | to_json }}
config:
content:
{{ cilium_hubble_export_dynamic_config_content | to_nice_yaml(indent=10) | indent(10) }}
gatewayAPI:
enabled: {{ cilium_gateway_api_enabled | to_json }}
ipam:
mode: {{ cilium_ipam_mode }}
operator:
clusterPoolIPv4PodCIDRList:
- {{ cilium_pool_cidr | default(kube_pods_subnet) }}
clusterPoolIPv4MaskSize: {{ cilium_pool_mask_size | default(kube_network_node_prefix) }}
clusterPoolIPv6PodCIDRList:
- {{ cilium_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}
clusterPoolIPv6MaskSize: {{ cilium_pool_mask_size_ipv6 | default(kube_network_node_prefix_ipv6) }}
cgroup:
autoMount:
enabled: {{ cilium_cgroup_auto_mount | to_json }}
hostRoot: {{ cilium_cgroup_host_root }}
operator:
image:
repository: {{ cilium_operator_image_repo }}
tag: {{ cilium_operator_image_tag }}
replicas: {{ cilium_operator_replicas }}
extraArgs:
{{ cilium_operator_extra_args | to_nice_yaml(indent=2) | indent(4) }}
extraVolumes:
{{ cilium_operator_extra_volumes | to_nice_yaml(indent=2) | indent(4) }}
extraVolumeMounts:
{{ cilium_operator_extra_volume_mounts | to_nice_yaml(indent=2) | indent(4) }}
tolerations:
{{ cilium_operator_tolerations | to_nice_yaml(indent=2) | indent(4) }}
cluster:
id: {{ cilium_cluster_id }}
name: {{ cilium_cluster_name }}
enableIPv4Masquerade: {{ cilium_enable_ipv4_masquerade | to_json }}
enableIPv6Masquerade: {{ cilium_enable_ipv6_masquerade | to_json }}
hostFirewall:
enabled: {{ cilium_enable_host_firewall | to_json }}
certgen:
image:
repository: {{ cilium_hubble_certgen_image_repo }}
tag: {{ cilium_hubble_certgen_image_tag }}
envoy:
image:
repository: {{ cilium_hubble_envoy_image_repo }}
tag: {{ cilium_hubble_envoy_image_tag }}
extraConfig:
{{ cilium_config_extra_vars | to_yaml | indent(2) }}

11
roles/system_packages/tasks/main.yml
View File

@@ -65,14 +65,19 @@
tags: tags:
- bootstrap_os - bootstrap_os
- name: Install packages requirements - name: Manage packages
package: package:
name: "{{ pkgs | dict2items | selectattr('value', 'ansible.builtin.all') | map(attribute='key') }}" name: "{{ item.packages | dict2items | selectattr('value', 'ansible.builtin.all') | map(attribute='key') }}"
state: present state: "{{ item.state }}"
register: pkgs_task_result register: pkgs_task_result
until: pkgs_task_result is succeeded until: pkgs_task_result is succeeded
retries: "{{ pkg_install_retries }}" retries: "{{ pkg_install_retries }}"
delay: "{{ retry_stagger | random + 3 }}" delay: "{{ retry_stagger | random + 3 }}"
when: not (ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] or is_fedora_coreos) when: not (ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] or is_fedora_coreos)
loop:
- { packages: "{{ pkgs_to_remove }}", state: "absent", action_label: "remove" }
- { packages: "{{ pkgs }}", state: "present", action_label: "install" }
loop_control:
label: "{{ item.action_label }}"
tags: tags:
- bootstrap_os - bootstrap_os

14
roles/system_packages/vars/main.yml
View File

@@ -1,4 +1,9 @@
--- ---
pkgs_to_remove:
systemd-timesyncd:
- "{{ ntp_enabled }}"
- "{{ ntp_package == 'ntp' }}"
- "{{ ansible_os_family == 'Debian' }}"
pkgs: pkgs:
apparmor: apparmor:
- "{{ ansible_os_family == 'Debian' }}" - "{{ ansible_os_family == 'Debian' }}"
@@ -9,6 +14,9 @@ pkgs:
- "{{ ansible_distribution_major_version == '10' }}" - "{{ ansible_distribution_major_version == '10' }}"
- "{{ 'k8s_cluster' in group_names }}" - "{{ 'k8s_cluster' in group_names }}"
bash-completion: [] bash-completion: []
chrony:
- "{{ ntp_enabled }}"
- "{{ ntp_package == 'chrony' }}"
conntrack: conntrack:
- "{{ ansible_os_family in ['Debian', 'RedHat'] }}" - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
- "{{ ansible_distribution != 'openEuler' }}" - "{{ ansible_distribution != 'openEuler' }}"
@@ -70,6 +78,12 @@ pkgs:
- "{{ 'k8s_cluster' in group_names }}" - "{{ 'k8s_cluster' in group_names }}"
nss: nss:
- "{{ ansible_os_family == 'RedHat' }}" - "{{ ansible_os_family == 'RedHat' }}"
ntp:
- "{{ ntp_enabled }}"
- "{{ ntp_package == 'ntp' }}"
ntpsec:
- "{{ ntp_enabled }}"
- "{{ ntp_package == 'ntpsec' }}"
openssl: [] openssl: []
python-apt: python-apt:
- "{{ ansible_os_family == 'Debian' }}" - "{{ ansible_os_family == 'Debian' }}"

7
scripts/assert-sorted-checksums.yml
View File

@@ -40,12 +40,15 @@
include_vars: ../roles/system_packages/vars/main.yml include_vars: ../roles/system_packages/vars/main.yml
- name: Verify that the packages list is sorted - name: Verify that the packages list is sorted
loop:
- pkgs_to_remove
- pkgs
vars: vars:
pkgs_lists: "{{ pkgs.keys() | list }}" pkgs_lists: "{{ lookup('vars', item).keys() | list }}"
ansible_distribution: irrelevant ansible_distribution: irrelevant
ansible_distribution_major_version: irrelevant ansible_distribution_major_version: irrelevant
ansible_distribution_minor_version: irrelevant ansible_distribution_minor_version: irrelevant
ansible_os_family: irrelevant ansible_os_family: irrelevant
assert: assert:
that: "pkgs_lists | sort == pkgs_lists" that: "pkgs_lists | sort == pkgs_lists"
fail_msg: "pkgs is not sorted: {{ pkgs_lists | ansible.utils.fact_diff(pkgs_lists | sort) }}" fail_msg: "{{ item }} is not sorted: {{ pkgs_lists | ansible.utils.fact_diff(pkgs_lists | sort) }}"

2
scripts/component_hash_update/src/component_hash_update/download.py
View File

@@ -25,7 +25,7 @@ from typing import Optional, Any
from . import components from . import components
CHECKSUMS_YML = Path("roles/kubespray_defaults/defaults/main/checksums.yml") CHECKSUMS_YML = Path("roles/kubespray_defaults/vars/main/checksums.yml")
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)

1
tests/files/almalinux9-calico.yml
View File

@@ -14,6 +14,7 @@ kube_proxy_mode: nftables
# NTP mangement # NTP mangement
ntp_enabled: true ntp_enabled: true
ntp_package: chrony
ntp_timezone: Etc/UTC ntp_timezone: Etc/UTC
ntp_manage_config: true ntp_manage_config: true
ntp_tinker_panic: true ntp_tinker_panic: true

4
tests/files/debian12-cilium-svc-proxy.yml
View File

@@ -7,4 +7,6 @@ mode: ha
kube_network_plugin: cilium kube_network_plugin: cilium
enable_network_policy: true enable_network_policy: true
cilium_kube_proxy_replacement: strict cilium_kube_proxy_replacement: true
kube_owner: root

6
tests/files/debian12-cilium.yml
View File

@@ -4,3 +4,9 @@ cloud_image: debian-12
# Kubespray settings # Kubespray settings
kube_network_plugin: cilium kube_network_plugin: cilium
# ntp settings
ntp_enabled: true
ntp_package: ntp
kube_owner: root

2
tests/files/opensuse15-6-docker-cilium.yml
View File

@@ -5,6 +5,8 @@ cloud_image: opensuse-leap-15-6
# Kubespray settings # Kubespray settings
kube_network_plugin: cilium kube_network_plugin: cilium
kube_owner: root
# Docker specific settings: # Docker specific settings:
container_manager: docker container_manager: docker
etcd_deployment_type: docker etcd_deployment_type: docker

4
tests/files/rockylinux9-cilium.yml
View File

@@ -6,7 +6,9 @@ vm_memory: 3072
# Kubespray settings # Kubespray settings
kube_network_plugin: cilium kube_network_plugin: cilium
cilium_kube_proxy_replacement: strict cilium_kube_proxy_replacement: true
kube_owner: root
# Node Feature Discovery # Node Feature Discovery
node_feature_discovery_enabled: true node_feature_discovery_enabled: true

2
tests/files/ubuntu20-cilium-sep.yml
View File

@@ -7,3 +7,5 @@ mode: separate
kube_network_plugin: cilium kube_network_plugin: cilium
enable_network_policy: true enable_network_policy: true
auto_renew_certificates: true auto_renew_certificates: true
kube_owner: root

4
tests/files/ubuntu24-calico-etcd-datastore.yml
View File

@@ -44,3 +44,7 @@ kubeadm_patches:
example.com/test: "false" example.com/test: "false"
labels: labels:
example.com/prod_level: "prep" example.com/prod_level: "prep"
# ntp settings
ntp_enabled: true
ntp_package: ntpsec