Update README.md

.gitlab-ci.yml

@@ -8,11 +8,11 @@ stages:
 variables:
   FAILFASTCI_NAMESPACE: 'kargo-ci'
   GITLAB_REPOSITORY: 'kargo-ci/kubernetes-sigs-kubespray'
-  GIT_CONFIG_COUNT: 2
-  GIT_CONFIG_KEY_0: user.email
+  GIT_CONFIG_COUNT: 1
+  GIT_CONFIG_KEY_0: user.key
   GIT_CONFIG_VALUE_0: "ci@kubespray.io"
   GIT_CONFIG_KEY_1: user.name
-  GIT_CONFIG_VALUE_1: "Kubespray CI"
+  GIT_CONFIG_VALUE_1: "CI"
   ANSIBLE_FORCE_COLOR: "true"
   MAGIC: "ci check this"
   GS_ACCESS_KEY_ID: $GS_KEY

.gitlab-ci/packet.yml

@@ -122,7 +122,7 @@ packet_amazon-linux-2-all-in-one:
     - when: manual
       allow_failure: true
 
-packet_opensuse15-6-calico:
+packet_opensuse-docker-cilium:
   extends: .packet_pr
 
 packet_ubuntu20-cilium-sep:
@@ -159,9 +159,6 @@ packet_almalinux9-calico:
 packet_almalinux9-docker:
   extends: .packet_pr_extended
 
-packet_opensuse15-6-docker-cilium:
-  extends: .packet_pr_extended
-
 packet_ubuntu24-calico-all-in-one:
   extends: .packet_pr_extended
 

README.md

@@ -1,3 +1,4 @@
+test 
 # Deploy a Production Ready Kubernetes Cluster
 
 ![Kubernetes Logo](https://raw.githubusercontent.com/kubernetes-sigs/kubespray/master/docs/img/kubernetes-logo.png)
@@ -113,7 +114,7 @@ Note:
 - Core
   - [kubernetes](https://github.com/kubernetes/kubernetes) 1.32.3
   - [etcd](https://github.com/etcd-io/etcd) 3.5.16
-  - [docker](https://www.docker.com/) 28.0
+  - [docker](https://www.docker.com/) 26.1
   - [containerd](https://containerd.io/) 2.0.3
   - [cri-o](http://cri-o.io/) 1.32.0 (experimental: see [CRI-O Note](docs/CRI/cri-o.md). Only on fedora, ubuntu and centos based OS)
 - Network Plugin
@@ -129,7 +130,7 @@ Note:
 - Application
   - [cert-manager](https://github.com/jetstack/cert-manager) 1.15.3
   - [coredns](https://github.com/coredns/coredns) 1.11.3
-  - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) 1.12.1
+  - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) 1.12.0
   - [argocd](https://argoproj.github.io/) 2.14.5
   - [helm](https://helm.sh/) 3.16.4
   - [metallb](https://metallb.universe.tf/) 0.13.9

Vagrantfile

@@ -33,7 +33,7 @@ SUPPORTED_OS = {
   "fedora40"            => {box: "fedora/40-cloud-base",       user: "vagrant"},
   "fedora39-arm64"      => {box: "bento/fedora-39-arm64",      user: "vagrant"},
   "fedora40-arm64"      => {box: "bento/fedora-40",            user: "vagrant"},
-  "opensuse"            => {box: "opensuse/Leap-15.6.x86_64",  user: "vagrant"},
+  "opensuse"            => {box: "opensuse/Leap-15.4.x86_64",  user: "vagrant"},
   "opensuse-tumbleweed" => {box: "opensuse/Tumbleweed.x86_64", user: "vagrant"},
   "oraclelinux"         => {box: "generic/oracle7",            user: "vagrant"},
   "oraclelinux8"        => {box: "generic/oracle8",            user: "vagrant"},

docs/ansible/vars.md

@@ -25,7 +25,7 @@ Some variables of note include:
 * *calico_vxlan_mode* - Configures Calico vxlan encapsulation - valid values are 'Never', 'Always' and 'CrossSubnet' (default 'Always')
 * *calico_network_backend* - Configures Calico network backend - valid values are 'none', 'bird' and 'vxlan' (default 'vxlan')
 * *kube_network_plugin* - Sets k8s network plugin (default Calico)
-* *kube_proxy_mode* - Changes k8s proxy mode to iptables, ipvs, nftables mode
+* *kube_proxy_mode* - Changes k8s proxy mode to iptables mode
 * *kube_version* - Specify a given Kubernetes version
 * *searchdomains* - Array of DNS domains to search when looking up hostnames
 * *remove_default_searchdomains* - Boolean that removes the default searchdomain

docs/developers/ci.md

@@ -14,7 +14,7 @@ debian12 |  :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: |
 fedora39 |  :white_check_mark: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: |
 fedora40 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 openeuler24 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
-opensuse15 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
+opensuse |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 rockylinux8 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
 rockylinux9 |  :white_check_mark: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: |
 ubuntu20 |  :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: |
@@ -33,7 +33,7 @@ debian12 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 fedora39 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
 fedora40 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 openeuler24 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
-opensuse15 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
+opensuse |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 rockylinux8 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 rockylinux9 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 ubuntu20 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
@@ -52,7 +52,7 @@ debian12 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
 fedora39 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 fedora40 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
 openeuler24 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
-opensuse15 |  :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: |
+opensuse |  :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: |
 rockylinux8 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 rockylinux9 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 ubuntu20 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |

docs/operating_systems/opensuse.md

@@ -1,4 +1,4 @@
-# openSUSE Leap 15.6 and Tumbleweed
+# openSUSE Leap 15.3 and Tumbleweed
 
 openSUSE Leap installation Notes:
 

inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml

@@ -118,8 +118,7 @@ kube_apiserver_ip: "{{ kube_service_subnets.split(',') | first | ansible.utils.i
 kube_apiserver_port: 6443  # (https)
 
 # Kube-proxy proxyMode configuration.
-# Can be ipvs, iptables, nftables
-# TODO: it needs to be changed to nftables when the upstream use nftables as default
+# Can be ipvs, iptables
 kube_proxy_mode: ipvs
 
 # configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface

roles/container-engine/docker/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-docker_version: '28.0'
+docker_version: '26.1'
 docker_cli_version: "{{ docker_version }}"
 
 docker_package_info:
@@ -53,8 +53,8 @@ docker_fedora_repo_base_url: 'https://download.docker.com/linux/fedora/{{ ansibl
 docker_fedora_repo_gpgkey: 'https://download.docker.com/linux/fedora/gpg'
 
 # CentOS/RedHat docker-ce repo
-docker_rh_repo_base_url: 'https://download.docker.com/linux/rhel/{{ ansible_distribution_major_version }}/$basearch/stable'
-docker_rh_repo_gpgkey: 'https://download.docker.com/linux/rhel/gpg'
+docker_rh_repo_base_url: 'https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/$basearch/stable'
+docker_rh_repo_gpgkey: 'https://download.docker.com/linux/centos/gpg'
 
 # Ubuntu docker-ce repo
 docker_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu"

roles/container-engine/docker/vars/debian.yml

@@ -25,17 +25,8 @@ containerd_versioned_pkg:
   '1.6.28': "{{ containerd_package }}=1.6.28-2"
   '1.6.31': "{{ containerd_package }}=1.6.31-1"
   '1.6.32': "{{ containerd_package }}=1.6.32-1"
-  '1.6.33': "{{ containerd_package }}=1.6.33-1"
-  '1.7.18': "{{ containerd_package }}=1.7.18-1"
-  '1.7.19': "{{ containerd_package }}=1.7.19-1"
-  '1.7.20': "{{ containerd_package }}=1.7.20-1"
-  '1.7.21': "{{ containerd_package }}=1.7.21-1"
-  '1.7.22': "{{ containerd_package }}=1.7.22-1"
-  '1.7.23': "{{ containerd_package }}=1.7.23-1"
-  '1.7.24': "{{ containerd_package }}=1.7.24-1"
-  '1.7.25': "{{ containerd_package }}=1.7.25-1"
-  'stable': "{{ containerd_package }}=1.7.25-1"
-  'edge': "{{ containerd_package }}=1.7.25-1"
+  'stable': "{{ containerd_package }}=1.6.32-1"
+  'edge': "{{ containerd_package }}=1.6.32-1"
 
 # https://download.docker.com/linux/debian/
 docker_versioned_pkg:
@@ -47,16 +38,9 @@ docker_versioned_pkg:
   '24.0': docker-ce=5:24.0.9-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
   '25.0': docker-ce=5:25.0.5-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
   '26.0': docker-ce=5:26.0.2-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  '26.1': docker-ce=5:26.1.4-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  '27.0': docker-ce=5:27.0.3-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  '27.1': docker-ce=5:27.1.2-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  '27.2': docker-ce=5:27.2.1-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  '27.3': docker-ce=5:27.3.1-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  '27.4': docker-ce=5:27.4.1-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  '27.5': docker-ce=5:27.5.4-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  '28.0': docker-ce=5:28.0.2-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  'stable': docker-ce=5:28.0.2-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  'edge': docker-ce=5:28.0.2-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
+  '26.1': docker-ce=5:26.1.2-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
+  'stable': docker-ce=5:24.0.9-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
+  'edge': docker-ce=5:24.0.9-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
 
 docker_cli_versioned_pkg:
   'latest': docker-ce-cli
@@ -67,16 +51,9 @@ docker_cli_versioned_pkg:
   '24.0': docker-ce-cli=5:24.0.9-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
   '25.0': docker-ce-cli=5:25.0.5-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
   '26.0': docker-ce-cli=5:26.0.2-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  '26.1': docker-ce-cli=5:26.1.4-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  '27.0': docker-ce-cli=5:27.0.3-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  '27.1': docker-ce-cli=5:27.1.2-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  '27.2': docker-ce-cli=5:27.2.1-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  '27.3': docker-ce-cli=5:27.3.1-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  '27.4': docker-ce-cli=5:27.4.1-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  '27.5': docker-ce-cli=5:27.5.4-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  '28.0': docker-ce-cli=5:28.0.2-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  'stable': docker-ce-cli=5:28.0.2-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
-  'edge': docker-ce-cli=5:28.0.2-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
+  '26.1': docker-ce-cli=5:26.1.2-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
+  'stable': docker-ce-cli=5:26.1.2-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
+  'edge': docker-ce-cli=5:26.1.2-1~debian.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release | lower }}
 
 docker_package_info:
   pkgs:

roles/container-engine/docker/vars/fedora.yml

@@ -25,17 +25,8 @@ containerd_versioned_pkg:
   '1.6.28': "{{ containerd_package }}-1.6.28-3.2.fc{{ ansible_distribution_major_version }}"
   '1.6.31': "{{ containerd_package }}-1.6.31-3.1.fc{{ ansible_distribution_major_version }}"
   '1.6.32': "{{ containerd_package }}-1.6.32-3.1.fc{{ ansible_distribution_major_version }}"
-  '1.6.33': "{{ containerd_package }}-1.6.33-3.1.fc{{ ansible_distribution_major_version }}"
-  '1.7.18': "{{ containerd_package }}-1.7.18-3.1.fc{{ ansible_distribution_major_version }}"
-  '1.7.19': "{{ containerd_package }}-1.7.19-3.1.fc{{ ansible_distribution_major_version }}"
-  '1.7.20': "{{ containerd_package }}-1.7.20-3.1.fc{{ ansible_distribution_major_version }}"
-  '1.7.21': "{{ containerd_package }}-1.7.21-3.1.fc{{ ansible_distribution_major_version }}"
-  '1.7.22': "{{ containerd_package }}-1.7.22-3.1.fc{{ ansible_distribution_major_version }}"
-  '1.7.23': "{{ containerd_package }}-1.7.23-3.1.fc{{ ansible_distribution_major_version }}"
-  '1.7.24': "{{ containerd_package }}-1.7.24-3.1.fc{{ ansible_distribution_major_version }}"
-  '1.7.25': "{{ containerd_package }}-1.7.25-3.1.fc{{ ansible_distribution_major_version }}"
-  'stable': "{{ containerd_package }}-1.7.25-3.1.fc{{ ansible_distribution_major_version }}"
-  'edge': "{{ containerd_package }}-1.7.25-3.1.fc{{ ansible_distribution_major_version }}"
+  'stable': "{{ containerd_package }}-1.6.32-3.1.fc{{ ansible_distribution_major_version }}"
+  'edge': "{{ containerd_package }}-1.6.32-3.1.fc{{ ansible_distribution_major_version }}"
 
 # https://docs.docker.com/install/linux/docker-ce/fedora/
 # https://download.docker.com/linux/fedora/<fedora-version>/x86_64/stable/Packages/
@@ -46,16 +37,9 @@ docker_versioned_pkg:
   '23.0': docker-ce-3:23.0.6-1.fc{{ ansible_distribution_major_version }}
   '24.0': docker-ce-3:24.0.9-1.fc{{ ansible_distribution_major_version }}
   '26.0': docker-ce-3:26.0.2-1.fc{{ ansible_distribution_major_version }}
-  '26.1': docker-ce-3:26.1.4-1.fc{{ ansible_distribution_major_version }}
-  '27.0': docker-ce-3:27.0.3-1.fc{{ ansible_distribution_major_version }}
-  '27.1': docker-ce-3:27.1.2-1.fc{{ ansible_distribution_major_version }}
-  '27.2': docker-ce-3:27.2.1-1.fc{{ ansible_distribution_major_version }}
-  '27.3': docker-ce-3:27.3.1-1.fc{{ ansible_distribution_major_version }}
-  '27.4': docker-ce-3:27.4.1-1.fc{{ ansible_distribution_major_version }}
-  '27.5': docker-ce-3:27.5.1-1.fc{{ ansible_distribution_major_version }}
-  '28.0': docker-ce-3:28.0.2-1.fc{{ ansible_distribution_major_version }}
-  'stable': docker-ce-3:28.0.2-1.fc{{ ansible_distribution_major_version }}
-  'edge': docker-ce-3:28.0.2-1.fc{{ ansible_distribution_major_version }}
+  '26.1': docker-ce-3:26.1.2-1.fc{{ ansible_distribution_major_version }}
+  'stable': docker-ce-3:26.1.2-1.fc{{ ansible_distribution_major_version }}
+  'edge': docker-ce-3:26.1.2-1.fc{{ ansible_distribution_major_version }}
 
 docker_cli_versioned_pkg:
   'latest': docker-ce-cli
@@ -64,16 +48,9 @@ docker_cli_versioned_pkg:
   '23.0': docker-ce-cli-1:23.0.6-1.fc{{ ansible_distribution_major_version }}
   '24.0': docker-ce-cli-1:24.0.9-1.fc{{ ansible_distribution_major_version }}
   '26.0': docker-ce-cli-1:26.0.2-1.fc{{ ansible_distribution_major_version }}
-  '26.1': docker-ce-cli-1:26.1.4-1.fc{{ ansible_distribution_major_version }}
-  '27.0': docker-ce-cli-1:27.0.3-1.fc{{ ansible_distribution_major_version }}
-  '27.1': docker-ce-cli-1:27.1.2-1.fc{{ ansible_distribution_major_version }}
-  '27.2': docker-ce-cli-1:27.2.1-1.fc{{ ansible_distribution_major_version }}
-  '27.3': docker-ce-cli-1:27.3.1-1.fc{{ ansible_distribution_major_version }}
-  '27.4': docker-ce-cli-1:27.4.1-1.fc{{ ansible_distribution_major_version }}
-  '27.5': docker-ce-cli-1:27.5.1-1.fc{{ ansible_distribution_major_version }}
-  '28.0': docker-ce-cli-1:28.0.2-1.fc{{ ansible_distribution_major_version }}
-  'stable': docker-ce-cli-1:28.0.2-1.fc{{ ansible_distribution_major_version }}
-  'edge': docker-ce-cli-1:28.0.2-1.fc{{ ansible_distribution_major_version }}
+  '26.1': docker-ce-cli-1:26.0.2-1.fc{{ ansible_distribution_major_version }}
+  'stable': docker-ce-cli-1:26.0.2-1.fc{{ ansible_distribution_major_version }}
+  'edge': docker-ce-cli-1:26.0.2-1.fc{{ ansible_distribution_major_version }}
 
 docker_package_info:
   enablerepo: "docker-ce"

roles/container-engine/docker/vars/redhat-7.yml

@@ -0,0 +1,63 @@
+---
+# containerd versions are only relevant for docker
+containerd_versioned_pkg:
+  'latest': "{{ containerd_package }}"
+  '1.3.7': "{{ containerd_package }}-1.3.7-3.1.el7"
+  '1.3.9': "{{ containerd_package }}-1.3.9-3.1.el7"
+  '1.4.3': "{{ containerd_package }}-1.4.3-3.2.el7"
+  '1.4.4': "{{ containerd_package }}-1.4.4-3.1.el7"
+  '1.4.6': "{{ containerd_package }}-1.4.6-3.1.el7"
+  '1.4.9': "{{ containerd_package }}-1.4.9-3.1.el7"
+  '1.4.12': "{{ containerd_package }}-1.4.12-3.1.el7"
+  '1.6.4': "{{ containerd_package }}-1.6.4-3.1.el7"
+  '1.6.6': "{{ containerd_package }}-1.6.6-3.1.el7"
+  '1.6.7': "{{ containerd_package }}-1.6.7-3.1.el7"
+  '1.6.8': "{{ containerd_package }}-1.6.8-3.1.el7"
+  '1.6.9': "{{ containerd_package }}-1.6.9-3.1.el7"
+  '1.6.10': "{{ containerd_package }}-1.6.10-3.1.el7"
+  '1.6.11': "{{ containerd_package }}-1.6.11-3.1.el7"
+  '1.6.12': "{{ containerd_package }}-1.6.12-3.1.el7"
+  '1.6.13': "{{ containerd_package }}-1.6.13-3.1.el7"
+  '1.6.14': "{{ containerd_package }}-1.6.14-3.1.el7"
+  '1.6.15': "{{ containerd_package }}-1.6.15-3.1.el7"
+  '1.6.16': "{{ containerd_package }}-1.6.16-3.1.el7"
+  '1.6.18': "{{ containerd_package }}-1.6.18-3.1.el7"
+  '1.6.28': "{{ containerd_package }}-1.6.28-3.1.el7"
+  '1.6.31': "{{ containerd_package }}-1.6.31-3.1.el7"
+  '1.6.32': "{{ containerd_package }}-1.6.32-3.1.el7"
+  'stable': "{{ containerd_package }}-1.6.32-3.1.el7"
+  'edge': "{{ containerd_package }}-1.6.32-3.1.el7"
+
+# https://docs.docker.com/engine/installation/linux/centos/#install-from-a-package
+# https://download.docker.com/linux/centos/<centos_version>>/x86_64/stable/Packages/
+# or do 'yum --showduplicates list docker-engine'
+docker_versioned_pkg:
+  'latest': docker-ce
+  '18.09': docker-ce-18.09.9-3.el7
+  '19.03': docker-ce-19.03.15-3.el7
+  '20.10': docker-ce-20.10.20-3.el7
+  '23.0': docker-ce-23.0.6-1.el7
+  '24.0': docker-ce-24.0.9-1.el7
+  '26.0': docker-ce-26.0.2-1.el7
+  '26.1': docker-ce-26.1.2-1.el7
+  'stable': docker-ce-26.1.2-1.el7
+  'edge': docker-ce-26.1.2-1.el7
+
+docker_cli_versioned_pkg:
+  'latest': docker-ce-cli
+  '18.09': docker-ce-cli-18.09.9-3.el7
+  '19.03': docker-ce-cli-19.03.15-3.el7
+  '20.10': docker-ce-cli-20.10.20-3.el7
+  '23.0': docker-ce-cli-23.0.6-1.el7
+  '24.0': docker-ce-cli-24.0.9-1.el7
+  '26.0': docker-ce-cli-26.0.2-1.el7
+  '26.1': docker-ce-cli-26.1.2-1.el7
+  'stable': docker-ce-cli-26.1.2-1.el7
+  'edge': docker-ce-cli-26.1.2-1.el7
+
+docker_package_info:
+  enablerepo: "docker-ce"
+  pkgs:
+    - "{{ containerd_versioned_pkg[docker_containerd_version | string] }}"
+    - "{{ docker_cli_versioned_pkg[docker_cli_version | string] }}"
+    - "{{ docker_versioned_pkg[docker_version | string] }}"

roles/container-engine/docker/vars/redhat.yml

@@ -25,20 +25,11 @@ containerd_versioned_pkg:
   '1.6.28': "{{ containerd_package }}-1.6.28-3.1.el{{ ansible_distribution_major_version }}"
   '1.6.31': "{{ containerd_package }}-1.6.31-3.1.el{{ ansible_distribution_major_version }}"
   '1.6.32': "{{ containerd_package }}-1.6.32-3.1.el{{ ansible_distribution_major_version }}"
-  '1.6.33': "{{ containerd_package }}-1.6.33-3.1.el{{ ansible_distribution_major_version }}"
-  '1.7.18': "{{ containerd_package }}-1.7.18-3.1.el{{ ansible_distribution_major_version }}"
-  '1.7.19': "{{ containerd_package }}-1.7.19-3.1.el{{ ansible_distribution_major_version }}"
-  '1.7.20': "{{ containerd_package }}-1.7.20-3.1.el{{ ansible_distribution_major_version }}"
-  '1.7.21': "{{ containerd_package }}-1.7.21-3.1.el{{ ansible_distribution_major_version }}"
-  '1.7.22': "{{ containerd_package }}-1.7.22-3.1.el{{ ansible_distribution_major_version }}"
-  '1.7.23': "{{ containerd_package }}-1.7.23-3.1.el{{ ansible_distribution_major_version }}"
-  '1.7.24': "{{ containerd_package }}-1.7.24-3.1.el{{ ansible_distribution_major_version }}"
-  '1.7.25': "{{ containerd_package }}-1.7.25-3.1.el{{ ansible_distribution_major_version }}"
-  'stable': "{{ containerd_package }}-1.7.25-3.1.el{{ ansible_distribution_major_version }}"
-  'edge': "{{ containerd_package }}-1.7.25-3.1.el{{ ansible_distribution_major_version }}"
+  'stable': "{{ containerd_package }}-1.6.32-3.1.el{{ ansible_distribution_major_version }}"
+  'edge': "{{ containerd_package }}-1.6.32-3.1.el{{ ansible_distribution_major_version }}"
 
-# https://docs.docker.com/engine/installation/linux/rhel/#install-from-a-package
-# https://download.docker.com/linux/rhel/<rhel_version>>/x86_64/stable/Packages/
+# https://docs.docker.com/engine/installation/linux/centos/#install-from-a-package
+# https://download.docker.com/linux/centos/<centos_version>>/x86_64/stable/Packages/
 # or do 'yum --showduplicates list docker-engine'
 docker_versioned_pkg:
   'latest': docker-ce
@@ -48,16 +39,9 @@ docker_versioned_pkg:
   '23.0': docker-ce-3:23.0.6-1.el{{ ansible_distribution_major_version }}
   '24.0': docker-ce-3:24.0.9-1.el{{ ansible_distribution_major_version }}
   '26.0': docker-ce-3:26.0.2-1.el{{ ansible_distribution_major_version }}
-  '26.1': docker-ce-3:26.1.4-1.el{{ ansible_distribution_major_version }}
-  '27.0': docker-ce-3:27.0.3-1.el{{ ansible_distribution_major_version }}
-  '27.1': docker-ce-3:27.1.3-1.el{{ ansible_distribution_major_version }}
-  '27.2': docker-ce-3:27.2.3-1.el{{ ansible_distribution_major_version }}
-  '27.3': docker-ce-3:27.3.3-1.el{{ ansible_distribution_major_version }}
-  '27.4': docker-ce-3:27.4.3-1.el{{ ansible_distribution_major_version }}
-  '27.5': docker-ce-3:27.5.3-1.el{{ ansible_distribution_major_version }}
-  '28.0': docker-ce-3:28.0.2-1.el{{ ansible_distribution_major_version }}
-  'stable': docker-ce-3:28.0.2-1.el{{ ansible_distribution_major_version }}
-  'edge': docker-ce-3:28.0.2-1.el{{ ansible_distribution_major_version }}
+  '26.1': docker-ce-3:26.1.2-1.el{{ ansible_distribution_major_version }}
+  'stable': docker-ce-3:26.1.2-1.el{{ ansible_distribution_major_version }}
+  'edge': docker-ce-3:26.1.2-1.el{{ ansible_distribution_major_version }}
 
 docker_cli_versioned_pkg:
   'latest': docker-ce-cli
@@ -67,16 +51,9 @@ docker_cli_versioned_pkg:
   '23.0': docker-ce-cli-1:23.0.6-1.el{{ ansible_distribution_major_version }}
   '24.0': docker-ce-cli-1:24.0.9-1.el{{ ansible_distribution_major_version }}
   '26.0': docker-ce-cli-1:26.0.2-1.el{{ ansible_distribution_major_version }}
-  '26.1': docker-ce-cli-1:26.1.4-1.el{{ ansible_distribution_major_version }}
-  '27.0': docker-ce-cli-1:27.0.3-1.el{{ ansible_distribution_major_version }}
-  '27.1': docker-ce-cli-1:27.1.3-1.el{{ ansible_distribution_major_version }}
-  '27.2': docker-ce-cli-1:27.2.3-1.el{{ ansible_distribution_major_version }}
-  '27.3': docker-ce-cli-1:27.3.3-1.el{{ ansible_distribution_major_version }}
-  '27.4': docker-ce-cli-1:27.4.3-1.el{{ ansible_distribution_major_version }}
-  '27.5': docker-ce-cli-1:27.5.3-1.el{{ ansible_distribution_major_version }}
-  '28.0': docker-ce-cli-1:28.0.2-1.el{{ ansible_distribution_major_version }}
-  'stable': docker-ce-cli-1:28.0.2-1.el{{ ansible_distribution_major_version }}
-  'edge': docker-ce-cli-1:28.0.2-1.el{{ ansible_distribution_major_version }}
+  '26.1': docker-ce-cli-1:26.1.2-1.el{{ ansible_distribution_major_version }}
+  'stable': docker-ce-cli-1:26.1.2-1.el{{ ansible_distribution_major_version }}
+  'edge': docker-ce-cli-1:26.1.2-1.el{{ ansible_distribution_major_version }}
 
 docker_package_info:
   enablerepo: "docker-ce"

roles/container-engine/docker/vars/ubuntu.yml

@@ -2,6 +2,13 @@
 # containerd versions are only relevant for docker
 containerd_versioned_pkg:
   'latest': "{{ containerd_package }}"
+  '1.3.7': "{{ containerd_package }}=1.3.7-1"
+  '1.3.9': "{{ containerd_package }}=1.3.9-1"
+  '1.4.3': "{{ containerd_package }}=1.4.3-2"
+  '1.4.4': "{{ containerd_package }}=1.4.4-1"
+  '1.4.6': "{{ containerd_package }}=1.4.6-1"
+  '1.4.9': "{{ containerd_package }}=1.4.9-1"
+  '1.4.12': "{{ containerd_package }}=1.4.12-1"
   '1.6.4': "{{ containerd_package }}=1.6.4-1"
   '1.6.6': "{{ containerd_package }}=1.6.6-1"
   '1.6.7': "{{ containerd_package }}=1.6.7-1"
@@ -18,17 +25,8 @@ containerd_versioned_pkg:
   '1.6.28': "{{ containerd_package }}=1.6.28-2"
   '1.6.31': "{{ containerd_package }}=1.6.31-1"
   '1.6.32': "{{ containerd_package }}=1.6.32-1"
-  '1.6.33': "{{ containerd_package }}=1.6.33-1"
-  '1.7.18': "{{ containerd_package }}=1.7.18-1"
-  '1.7.19': "{{ containerd_package }}=1.7.19-1"
-  '1.7.20': "{{ containerd_package }}=1.7.20-1"
-  '1.7.21': "{{ containerd_package }}=1.7.21-1"
-  '1.7.22': "{{ containerd_package }}=1.7.22-1"
-  '1.7.23': "{{ containerd_package }}=1.7.23-1"
-  '1.7.24': "{{ containerd_package }}=1.7.24-1"
-  '1.7.25': "{{ containerd_package }}=1.7.25-1"
-  'stable': "{{ containerd_package }}=1.7.25-1"
-  'edge': "{{ containerd_package }}=1.7.25-1"
+  'stable': "{{ containerd_package }}=1.6.32-1"
+  'edge': "{{ containerd_package }}=1.6.32-1"
 
 # https://download.docker.com/linux/ubuntu/
 docker_versioned_pkg:
@@ -39,16 +37,9 @@ docker_versioned_pkg:
   '23.0': docker-ce=5:23.0.6-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
   '24.0': docker-ce=5:24.0.9-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
   '26.0': docker-ce=5:26.0.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  '26.1': docker-ce=5:26.1.4-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  '27.0': docker-ce=5:27.0.3-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  '27.1': docker-ce=5:27.1.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  '27.2': docker-ce=5:27.2.1-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  '27.3': docker-ce=5:27.3.1-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  '27.4': docker-ce=5:27.4.1-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  '27.5': docker-ce=5:27.5.4-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  '28.0': docker-ce=5:28.0.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  'stable': docker-ce=5:28.0.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  'edge': docker-ce=5:28.0.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
+  '26.1': docker-ce=5:26.1.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
+  'stable': docker-ce=5:26.1.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
+  'edge': docker-ce=5:26.1.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
 
 docker_cli_versioned_pkg:
   'latest': docker-ce-cli
@@ -58,16 +49,9 @@ docker_cli_versioned_pkg:
   '23.0': docker-ce-cli=5:23.0.6-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
   '24.0': docker-ce-cli=5:24.0.9-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
   '26.0': docker-ce-cli=5:26.0.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  '26.1': docker-ce-cli=5:26.1.4-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  '27.0': docker-ce-cli=5:27.0.3-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  '27.1': docker-ce-cli=5:27.1.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  '27.2': docker-ce-cli=5:27.2.1-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  '27.3': docker-ce-cli=5:27.3.1-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  '27.4': docker-ce-cli=5:27.4.1-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  '27.5': docker-ce-cli=5:27.5.4-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  '28.0': docker-ce-cli=5:28.0.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  'stable': docker-ce-cli=5:28.0.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
-  'edge': docker-ce-cli=5:28.0.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
+  '26.1': docker-ce-cli=5:26.1.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
+  'stable': docker-ce-cli=5:26.1.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
+  'edge': docker-ce-cli=5:26.1.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release | lower }}
 
 docker_package_info:
   pkgs:

roles/kubernetes/control-plane/defaults/main/etcd.yml

@@ -27,11 +27,3 @@ etcd_extra_vars: {}
 # etcd_max_request_bytes: "1572864"
 
 etcd_compaction_retention: "8"
-
-
-# softlink to etcd certs
-etcd_cert_paths:
-  client:
-    ca: "{{ etcd_cert_dir }}/ca.pem"
-    cert: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
-    key: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"

roles/kubernetes/control-plane/defaults/main/main.yml

@@ -23,6 +23,10 @@ kube_apiserver_etcd_compaction_interval: "5m0s"
 # in the request is actually present in etcd.
 kube_apiserver_service_account_lookup: true
 
+kube_etcd_cacert_file: ca.pem
+kube_etcd_cert_file: node-{{ inventory_hostname }}.pem
+kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem
+
 # Associated interfaces must be reachable by the rest of the cluster, and by
 # CLI/web clients.
 kube_controller_manager_bind_address: "::"

roles/kubernetes/control-plane/tasks/0010-etcd-link.yml

@@ -1,24 +0,0 @@
----
-- name: Create etcd cert directory
-  ansible.builtin.file:
-    path: "{{ etcd_cert_dir }}"
-    state: directory
-    mode: '0750'
-  when:
-    - inventory_hostname  in groups['kube_control_plane']
-
-- name: Generate symlink to etcd certs
-  ansible.builtin.file:
-    src: "{{ etcd_cert_paths.client[item.src] }}"
-    dest: "{{ etcd_cert_dir }}/{{ item.dest }}"
-    state: link
-    force: true
-  loop:
-    - src: ca
-      dest: "{{ kube_etcd_cacert_file }}"
-    - src: cert
-      dest: "{{ kube_etcd_cert_file }}"
-    - src: key
-      dest: "{{ kube_etcd_key_file }}"
-  when:
-    - inventory_hostname  in groups['kube_control_plane']

roles/kubernetes/control-plane/tasks/main.yml

@@ -4,11 +4,6 @@
   tags:
     - k8s-pre-upgrade
 
-- name: Create etcd cert symbolic links
-  import_tasks: 0010-etcd-link.yml
-  when:
-    - etcd_deployment_type != "kubeadm"
-
 - name: Create webhook token auth config
   template:
     src: webhook-token-auth-config.yaml.j2

roles/kubernetes/node/tasks/main.yml

@@ -132,15 +132,6 @@
   tags:
     - kube-proxy
 
-- name: Modprobe Kernel Module for nftables
-  community.general.modprobe:
-    name: "nf_tables"
-    state: present
-    persistent: present
-  when: kube_proxy_mode == 'nftables'
-  tags:
-    - kube-proxy
-
 - name: Install kubelet
   import_tasks: kubelet.yml
   tags:

roles/kubernetes/preinstall/tasks/0040-verify-settings.yml

@@ -202,20 +202,13 @@
     - dashboard_enabled
     - not ignore_assert_errors
 
-- name: Stop if kernel version is too low for cilium
+- name: Stop if kernel version is too low
   assert:
     that: ansible_kernel.split('-')[0] is version('4.9.17', '>=')
   when:
     - kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool
     - not ignore_assert_errors
 
-- name: Stop if kernel version is too low for nftables
-  assert:
-    that: ansible_kernel.split('-')[0] is version('5.13', '>=')
-  when:
-    - kube_proxy_mode == 'nftables'
-    - not ignore_assert_errors
-
 - name: Stop if bad hostname
   assert:
     that: inventory_hostname is match("[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$")
@@ -321,7 +314,7 @@
     that:
       - kube_network_plugin in ['calico', 'flannel', 'weave', 'cloud', 'cilium', 'cni', 'kube-ovn', 'kube-router', 'macvlan', 'custom_cni', 'none']
       - dns_mode in ['coredns', 'coredns_dual', 'manual', 'none']
-      - kube_proxy_mode in ['iptables', 'ipvs', 'nftables']
+      - kube_proxy_mode in ['iptables', 'ipvs']
       - cert_management in ['script', 'none']
       - resolvconf_mode in ['docker_dns', 'host_resolvconf', 'none']
       - etcd_deployment_type in ['host', 'docker', 'kubeadm']

roles/kubernetes/preinstall/vars/main.yml

@@ -52,9 +52,6 @@ pkgs:
   mergerfs:
     - "{{ ansible_distribution == 'Debian' }}"
     - "{{ ansible_distribution_major_version == '12' }}"
-  nftables:
-    - "{{ kube_proxy_mode == 'nftables' }}"
-    - "{{ 'k8s_cluster' in group_names }}"
   nss:
     - "{{ ansible_os_family == 'RedHat' }}"
   openssl: []

roles/kubespray-defaults/defaults/main/download.yml

@@ -323,13 +323,13 @@ rbd_provisioner_image_tag: "v{{ rbd_provisioner_version }}"
 local_path_provisioner_version: "0.0.24"
 local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner"
 local_path_provisioner_image_tag: "v{{ local_path_provisioner_version }}"
-ingress_nginx_version: "1.12.1"
+ingress_nginx_version: "1.12.0"
 ingress_nginx_controller_image_repo: "{{ kube_image_repo }}/ingress-nginx/controller"
 ingress_nginx_opentelemetry_image_repo: "{{ kube_image_repo }}/ingress-nginx/opentelemetry"
 ingress_nginx_controller_image_tag: "v{{ ingress_nginx_version }}"
 ingress_nginx_opentelemetry_image_tag: "v20230721-3e2062ee5"
 ingress_nginx_kube_webhook_certgen_image_repo: "{{ kube_image_repo }}/ingress-nginx/kube-webhook-certgen"
-ingress_nginx_kube_webhook_certgen_image_tag: "v1.5.2"
+ingress_nginx_kube_webhook_certgen_image_tag: "v1.5.0"
 alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
 alb_ingress_image_tag: "v1.1.9"
 cert_manager_version: "1.15.3"

roles/kubespray-defaults/vars/main.yml

@@ -27,8 +27,3 @@ kube_pods_subnets: >-
   {%- else -%}
   {{ kube_pods_subnet_ipv6 }}
   {%- endif -%}
-
-# Symlinks to etcd certs
-kube_etcd_cacert_file: "kube-client-ca.pem"
-kube_etcd_cert_file: "kube-client-cert.pem"
-kube_etcd_key_file: "kube-client-key.pem"

test-infra/image-builder/roles/kubevirt-images/defaults/main.yml

@@ -132,13 +132,6 @@ images:
     converted: true
     tag: "latest"
 
-  opensuse-leap-15-6:
-    filename: openSUSE-Leap-15.6.x86_64-1.0.1-NoCloud-Build1.177.qcow2
-    url: https://download.opensuse.org/repositories/Cloud:/Images:/Leap_15.6/images/openSUSE-Leap-15.6.x86_64-1.0.1-NoCloud-Build1.177.qcow2
-    checksum: sha256:9ecd197b34faf1b43627946d0c26e38b5c3058207d1c86c4784b8f765c3289f3
-    converted: true
-    tag: "latest"
-
   openeuler-2203:
     filename: openEuler-22.03-LTS-SP4-x86_64.qcow2.xz
     url: https://mirrors.ocf.berkeley.edu/openeuler/openEuler-22.03-LTS-SP4/virtual_machine_img/x86_64/openEuler-22.03-LTS-SP4-x86_64.qcow2.xz

tests/files/packet_almalinux9-calico.yml

@@ -10,8 +10,6 @@ dashboard_enabled: true
 loadbalancer_apiserver_type: haproxy
 local_path_provisioner_enabled: true
 
-kube_proxy_mode: nftables
-
 # NTP mangement
 ntp_enabled: true
 ntp_timezone: Etc/UTC

tests/files/packet_opensuse-docker-cilium.yml

@@ -1,6 +1,6 @@
 ---
 # Instance settings
-cloud_image: opensuse-leap-15-6
+cloud_image: opensuse-leap-15
 
 # Kubespray settings
 kube_network_plugin: cilium

tests/files/packet_opensuse15-6-calico.yml

@@ -1,5 +0,0 @@
----
-# Instance settings
-cloud_image: opensuse-leap-15-6
-
-kube_proxy_mode: nftables

tests/files/packet_ubuntu24-calico-etcd-datastore.yml

@@ -8,7 +8,7 @@ vm_memory: 1800
 auto_renew_certificates: true
 
 # Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=noble&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko
-kube_proxy_mode: nftables
+kube_proxy_mode: iptables
 enable_nodelocaldns: false
 
 containerd_registries: