diff --git a/README.md b/README.md
index daccaaec9a676b7cbdf40055fb2b7155774a3044..0db578a798c20d003de37d481a1ab1d52e45c3fc 100644
--- a/README.md
+++ b/README.md
@@ -141,7 +141,7 @@ plugins can be deployed for a given single cluster.
Requirements
------------
-- **Ansible v2.5 (or newer) and python-netaddr is installed on the machine
+- **Ansible v2.6 (or newer) and python-netaddr is installed on the machine
that will run Ansible commands**
- **Jinja 2.9 (or newer) is required to run the Ansible Playbooks**
- The target servers must have **access to the Internet** in order to pull docker images. Otherwise, additional configuration is required (See [Offline Environment](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/downloads.md#offline-environment))
diff --git a/cluster.yml b/cluster.yml
index 61e1039631ea1df102b3f7c1edfbb08446d2bb21..82a377128d2efbcac3147dc5c7c9ae1810687c3b 100644
--- a/cluster.yml
+++ b/cluster.yml
@@ -7,7 +7,7 @@
msg: "Ansible V2.7.0 can't be used until: https://github.com/ansible/ansible/issues/46600 is fixed"
that:
- ansible_version.string is version("2.7.0", "!=")
- - ansible_version.string is version("2.5.0", ">=")
+ - ansible_version.string is version("2.6.0", ">=")
tags:
- check
vars:
diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
index eb7269b85b5e169bafceca7ebffe491234cc87b0..cb4aaa8225b80950e34dbc3e3d507ae3c1490606 100644
--- a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
@@ -97,10 +97,16 @@ kube_apiserver_insecure_port: 0 # (disabled)
# Can be ipvs, iptables
kube_proxy_mode: ipvs
-# Kube-proxy nodeport address.
-# cidr to bind nodeport services. Flag --nodeport-addresses on kube-proxy manifest
-kube_proxy_nodeport_addresses: false
-# kube_proxy_nodeport_addresses_cidr: 10.0.1.0/24
+# A string slice of values which specify the addresses to use for NodePorts.
+# Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32).
+# The default empty string slice ([]) means to use all local addresses.
+# kube_proxy_nodeport_addresses_cidr is retained for legacy config
+kube_proxy_nodeport_addresses: >-
+ {%- if kube_proxy_nodeport_addresses_cidr is defined -%}
+ [{{ kube_proxy_nodeport_addresses_cidr }}]
+ {%- else -%}
+ []
+ {%- endif -%}
## Encrypting Secret Data at Rest (experimental)
kube_encrypt_secret_data: false
diff --git a/remove-node.yml b/remove-node.yml
index 77212cceddf75b8d8e0b08cf5b23c1fedb25902f..a4bd8d97a2f74d98f8e1e14fbde4add4ca4e9ae6 100644
--- a/remove-node.yml
+++ b/remove-node.yml
@@ -6,7 +6,7 @@
msg: "Ansible V2.7.0 can't be used until: https://github.com/ansible/ansible/issues/46600 is fixed"
that:
- ansible_version.string is version("2.7.0", "!=")
- - ansible_version.string is version("2.5.0", ">=")
+ - ansible_version.string is version("2.6.0", ">=")
tags:
- check
vars:
diff --git a/requirements.txt b/requirements.txt
index e36ab79d4db2bc5e5302f46c5817c16e545331cb..0d63cc24b22f641328f0604c5a00108da2d4f07c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,4 @@
-ansible>=2.5.0,!=2.7.0
+ansible>=2.6.0,!=2.7.0
jinja2>=2.9.6
netaddr
pbr>=1.6
diff --git a/reset.yml b/reset.yml
index 02f2b14c9642e1dcfd3fed7fd96d7b0bc63f9240..db8e704007744373a3e56e7bd1dc864fa801a01e 100644
--- a/reset.yml
+++ b/reset.yml
@@ -6,7 +6,7 @@
msg: "Ansible V2.7.0 can't be used until: https://github.com/ansible/ansible/issues/46600 is fixed"
that:
- ansible_version.string is version("2.7.0", "!=")
- - ansible_version.string is version("2.5.0", ">=")
+ - ansible_version.string is version("2.6.0", ">=")
tags:
- check
vars:
diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml
index a79433ca5cb40c27dccefb94826e3c7b1f75f804..2fbfac85181bc9f2ce3232ad68d88b3bd53812e3 100644
--- a/roles/kubernetes/kubeadm/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/tasks/main.yml
@@ -92,21 +92,6 @@
- kubeadm_discovery_address != kube_apiserver_endpoint
notify: restart kubelet
-- name: Update server field in kube-proxy kubeconfig
- shell: >-
- {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get configmap kube-proxy -n kube-system -o yaml
- | sed 's#server:.*#server:\ {{ kube_apiserver_endpoint }}#g'
- | {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf replace -f -
- delegate_to: "{{groups['kube-master']|first}}"
- run_once: true
- when:
- - kubeadm_config_api_fqdn is not defined
- - is_kube_master
- - kubeadm_discovery_address != kube_apiserver_endpoint
- - not kube_proxy_remove
- tags:
- - kube-proxy
-
# FIXME(mattymo): Reconcile kubelet kubeconfig filename for both deploy modes
- name: Symlink kubelet kubeconfig for calico/canal
file:
@@ -116,18 +101,6 @@
force: yes
when: kube_network_plugin in ['calico','canal']
-- name: Restart all kube-proxy pods to ensure that they load the new configmap
- shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf delete pod -n kube-system -l k8s-app=kube-proxy"
- delegate_to: "{{groups['kube-master']|first}}"
- run_once: true
- when:
- - kubeadm_config_api_fqdn is not defined
- - is_kube_master
- - kubeadm_discovery_address != kube_apiserver_endpoint
- - not kube_proxy_remove
- tags:
- - kube-proxy
-
# FIXME(jjo): need to post-remove kube-proxy until https://github.com/kubernetes/kubeadm/issues/776
# is fixed
- name: Delete kube-proxy daemonset if kube_proxy_remove set, e.g. kube_network_plugin providing proxy services
diff --git a/roles/kubernetes/master/defaults/main/kube-proxy.yml b/roles/kubernetes/master/defaults/main/kube-proxy.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b76e3db2e79d2efa0071b9f2f12a8eaddc9eca3c
--- /dev/null
+++ b/roles/kubernetes/master/defaults/main/kube-proxy.yml
@@ -0,0 +1,105 @@
+---
+# bind address for kube-proxy
+kube_proxy_bind_address: '0.0.0.0'
+
+# acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the
+# default value of 'application/json'. This field will control all connections to the server used by a particular
+# client.
+kube_proxy_client_accept_content_types: ''
+
+# burst allows extra queries to accumulate when a client is exceeding its rate.
+kube_proxy_client_burst: 10
+
+# contentType is the content type used when sending data to the server from this client.
+kube_proxy_client_content_type: application/vnd.kubernetes.protobuf
+
+# kubeconfig is the path to a KubeConfig file.
+# Leave as empty string to generate from other fields
+kube_proxy_client_kubeconfig: ''
+
+# qps controls the number of queries per second allowed for this connection.
+kube_proxy_client_qps: 5
+
+# How often configuration from the apiserver is refreshed. Must be greater than 0.
+kube_proxy_config_sync_period: 15m0s
+
+### Conntrack
+# max is the maximum number of NAT connections to track (0 to
+# leave as-is). This takes precedence over maxPerCore and min.
+kube_proxy_conntrack_max: 'null'
+
+# maxPerCore is the maximum number of NAT connections to track
+# per CPU core (0 to leave the limit as-is and ignore min).
+kube_proxy_conntrack_max_per_core: 32768
+
+# min is the minimum value of connect-tracking records to allocate,
+# regardless of conntrackMaxPerCore (set maxPerCore=0 to leave the limit as-is).
+kube_proxy_conntrack_min: 131072
+
+# tcpCloseWaitTimeout is how long an idle conntrack entry
+# in CLOSE_WAIT state will remain in the conntrack
+# table. (e.g. '60s'). Must be greater than 0 to set.
+kube_proxy_conntrack_tcp_close_wait_timeout: 1h0m0s
+
+# tcpEstablishedTimeout is how long an idle TCP connection will be kept open
+# (e.g. '2s'). Must be greater than 0 to set.
+kube_proxy_conntrack_tcp_established_timeout: 24h0m0s
+
+# Enables profiling via web interface on /debug/pprof handler.
+# Profiling handlers will be handled by metrics server.
+kube_proxy_enable_profiling: false
+
+# bind address for kube-proxy health check
+kube_proxy_healthz_bind_address: 0.0.0.0:10256
+
+# If using the pure iptables proxy, SNAT everything. Note that it breaks any
+# policy engine.
+kube_proxy_masquerade_all: false
+
+# If using the pure iptables proxy, the bit of the fwmark space to mark packets requiring SNAT with.
+# Must be within the range [0, 31].
+kube_proxy_masquerade_bit: 14
+
+# The minimum interval of how often the iptables or ipvs rules can be refreshed as
+# endpoints and services change (e.g. '5s', '1m', '2h22m').
+kube_proxy_min_sync_period: 0s
+
+# The maximum interval of how often iptables or ipvs rules are refreshed (e.g. '5s', '1m', '2h22m').
+# Must be greater than 0.
+kube_proxy_sync_period: 30s
+
+# A comma-separated list of CIDR's which the ipvs proxier should not touch when cleaning up IPVS rules.
+kube_proxy_exclude_cidrs: 'null'
+
+# The ipvs scheduler type when proxy mode is ipvs
+# rr: round-robin
+# lc: least connection
+# dh: destination hashing
+# sh: source hashing
+# sed: shortest expected delay
+# nq: never queue
+kube_proxy_scheduler: rr
+
+# The IP address and port for the metrics server to serve on
+# (set to 0.0.0.0 for all IPv4 interfaces and `::` for all IPv6 interfaces)
+kube_proxy_metrics_bind_address: 127.0.0.1:10249
+
+# A string slice of values which specify the addresses to use for NodePorts.
+# Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32).
+# The default empty string slice ([]) means to use all local addresses.
+kube_proxy_nodeport_addresses: '[]'
+
+# oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000]
+kube_proxy_oom_score_adj: -999
+
+# portRange is the range of host ports (beginPort-endPort, inclusive) that may be consumed
+# in order to proxy service traffic. If unspecified, 0, or (0-0) then ports will be randomly chosen.
+kube_proxy_port_range: ''
+
+# resourceContainer is the absolute name of the resource-only container to create and run
+# the Kube-proxy in (Default: /kube-proxy).
+kube_proxy_resource_container: /kube-proxy
+
+# udpIdleTimeout is how long an idle UDP connection will be kept open (e.g. '250ms', '2s').
+# Must be greater than 0. Only applicable for proxyMode=userspace.
+kube_proxy_udp_idle_timeout: 250ms
\ No newline at end of file
diff --git a/roles/kubernetes/master/defaults/main.yml b/roles/kubernetes/master/defaults/main/main.yml
similarity index 100%
rename from roles/kubernetes/master/defaults/main.yml
rename to roles/kubernetes/master/defaults/main/main.yml
diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
index 41e744bc7f914bdac10a60617fcde445ac3276d6..0957824d913cc8c311d44e2c901f6e3302f191fb 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
@@ -40,7 +40,7 @@ kubeProxy:
mode: ipvs
{% endif %}
{% if kube_proxy_nodeport_addresses %}
- nodePortAddresses: [{{ kube_proxy_nodeport_addresses_cidr }}]
+ nodePortAddresses: {{ kube_proxy_nodeport_addresses }}
{% endif %}
resourceContainer: ""
authorizationModes:
diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
index 141087d3dd1c029ed338e3192e80238bb5fc22d3..1743d03aa723995c1b7e113145543dc4a8a7691d 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
@@ -26,7 +26,7 @@ kubeProxy:
config:
mode: {{ kube_proxy_mode }}
{% if kube_proxy_nodeport_addresses %}
- nodePortAddresses: [{{ kube_proxy_nodeport_addresses_cidr }}]
+ nodePortAddresses: {{ kube_proxy_nodeport_addresses }}
{% endif %}
resourceContainer: ""
authorizationModes:
diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
index 9cba6a40f1321884dfa74d74ad649be14927e6c8..55861c511343fdbc73738598ae0b422db7f0d80b 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
@@ -221,39 +221,37 @@ schedulerExtraVolumes:
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
-bindAddress: 0.0.0.0
+bindAddress: {{ kube_proxy_bind_address }}
clientConnection:
- acceptContentTypes: ""
- burst: 10
- contentType: application/vnd.kubernetes.protobuf
- kubeconfig: /var/lib/kube-proxy/kubeconfig.conf
- qps: 5
-clusterCIDR: ""
-configSyncPeriod: 15m0s
+ acceptContentTypes: {{ kube_proxy_client_accept_content_types }}
+ burst: {{ kube_proxy_client_burst }}
+ contentType: {{ kube_proxy_client_content_type }}
+ kubeconfig: {{ kube_proxy_client_kubeconfig }}
+ qps: {{ kube_proxy_client_kubeconfig }}
+clusterCIDR: {{ kube_pods_subnet }}
+configSyncPeriod: {{ kube_proxy_config_sync_period }}
conntrack:
- max: null
- maxPerCore: 32768
- min: 131072
- tcpCloseWaitTimeout: 1h0m0s
- tcpEstablishedTimeout: 24h0m0s
-enableProfiling: false
-healthzBindAddress: 0.0.0.0:10256
+ max: {{ kube_proxy_conntrack_max }}
+ maxPerCore: {{ kube_proxy_conntrack_max_per_core }}
+ min: {{ kube_proxy_conntrack_min }}
+ tcpCloseWaitTimeout: {{ kube_proxy_conntrack_tcp_close_wait_timeout }}
+ tcpEstablishedTimeout: {{ kube_proxy_conntrack_tcp_established_timeout }}
+enableProfiling: {{ kube_proxy_enable_profiling }}
+healthzBindAddress: {{ kube_proxy_healthz_bind_address }}
iptables:
- masqueradeAll: false
- masqueradeBit: 14
- minSyncPeriod: 0s
- syncPeriod: 30s
+ masqueradeAll: {{ kube_proxy_masquerade_all }}
+ masqueradeBit: {{ kube_proxy_masquerade_bit }}
+ minSyncPeriod: {{ kube_proxy_min_sync_period }}
+ syncPeriod: {{ kube_proxy_sync_period }}
ipvs:
- excludeCIDRs: null
- minSyncPeriod: 0s
- scheduler: ""
- syncPeriod: 30s
-metricsBindAddress: 127.0.0.1:10249
+ excludeCIDRs: {{ kube_proxy_exclude_cidrs }}
+ minSyncPeriod: {{ kube_proxy_min_sync_period }}
+ scheduler: {{ kube_proxy_scheduler }}
+ syncPeriod: {{ kube_proxy_sync_period }}
+metricsBindAddress: {{ kube_proxy_metrics_bind_address }}
mode: {{ kube_proxy_mode }}
-{% if kube_proxy_nodeport_addresses %}
-nodePortAddresses: [{{ kube_proxy_nodeport_addresses_cidr }}]
-{% endif %}
-oomScoreAdj: -999
-portRange: ""
-resourceContainer: ""
-udpIdleTimeout: 250ms
+nodePortAddresses: {{ kube_proxy_nodeport_addresses }}
+oomScoreAdj: {{ kube_proxy_oom_score_adj }}
+portRange: {{ kube_proxy_port_range }}
+resourceContainer: {{ kube_proxy_resource_container }}
+udpIdleTimeout: {{ kube_proxy_udp_idle_timeout }}
diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
index f2589c9bbfc808e71ec1cd22b099da4eab4e9f8a..88876ee7448a0f0a9c9741f36fc81c0a108badcb 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
@@ -227,39 +227,37 @@ scheduler:
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
-bindAddress: 0.0.0.0
+bindAddress: {{ kube_proxy_bind_address }}
clientConnection:
- acceptContentTypes: ""
- burst: 10
- contentType: application/vnd.kubernetes.protobuf
- kubeconfig: /var/lib/kube-proxy/kubeconfig.conf
- qps: 5
-clusterCIDR: ""
-configSyncPeriod: 15m0s
+ acceptContentTypes: {{ kube_proxy_client_accept_content_types }}
+ burst: {{ kube_proxy_client_burst }}
+ contentType: {{ kube_proxy_client_content_type }}
+ kubeconfig: {{ kube_proxy_client_kubeconfig }}
+ qps: {{ kube_proxy_client_kubeconfig }}
+clusterCIDR: {{ kube_pods_subnet }}
+configSyncPeriod: {{ kube_proxy_config_sync_period }}
conntrack:
- max: null
- maxPerCore: 32768
- min: 131072
- tcpCloseWaitTimeout: 1h0m0s
- tcpEstablishedTimeout: 24h0m0s
-enableProfiling: false
-healthzBindAddress: 0.0.0.0:10256
+ max: {{ kube_proxy_conntrack_max }}
+ maxPerCore: {{ kube_proxy_conntrack_max_per_core }}
+ min: {{ kube_proxy_conntrack_min }}
+ tcpCloseWaitTimeout: {{ kube_proxy_conntrack_tcp_close_wait_timeout }}
+ tcpEstablishedTimeout: {{ kube_proxy_conntrack_tcp_established_timeout }}
+enableProfiling: {{ kube_proxy_enable_profiling }}
+healthzBindAddress: {{ kube_proxy_healthz_bind_address }}
iptables:
- masqueradeAll: false
- masqueradeBit: 14
- minSyncPeriod: 0s
- syncPeriod: 30s
+ masqueradeAll: {{ kube_proxy_masquerade_all }}
+ masqueradeBit: {{ kube_proxy_masquerade_bit }}
+ minSyncPeriod: {{ kube_proxy_min_sync_period }}
+ syncPeriod: {{ kube_proxy_sync_period }}
ipvs:
- excludeCIDRs: null
- minSyncPeriod: 0s
- scheduler: ""
- syncPeriod: 30s
-metricsBindAddress: 127.0.0.1:10249
+ excludeCIDRs: {{ kube_proxy_exclude_cidrs }}
+ minSyncPeriod: {{ kube_proxy_min_sync_period }}
+ scheduler: {{ kube_proxy_scheduler }}
+ syncPeriod: {{ kube_proxy_sync_period }}
+metricsBindAddress: {{ kube_proxy_metrics_bind_address }}
mode: {{ kube_proxy_mode }}
-{% if kube_proxy_nodeport_addresses %}
-nodePortAddresses: [{{ kube_proxy_nodeport_addresses_cidr }}]
-{% endif %}
-oomScoreAdj: -999
-portRange: ""
-resourceContainer: ""
-udpIdleTimeout: 250ms
+nodePortAddresses: {{ kube_proxy_nodeport_addresses }}
+oomScoreAdj: {{ kube_proxy_oom_score_adj }}
+portRange: {{ kube_proxy_port_range }}
+resourceContainer: {{ kube_proxy_resource_container }}
+udpIdleTimeout: {{ kube_proxy_udp_idle_timeout }}
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index ecd75e3cc990639664e2534779aa1dc4a2511498..99c1b8c869c9d649814365e014c8a4cf0a574276 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -11,16 +11,6 @@ kubelet_bind_address: "{{ ip | default('0.0.0.0') }}"
# resolv.conf to base dns config
kube_resolv_conf: "/etc/resolv.conf"
-# bind address for kube-proxy health check
-kube_proxy_healthz_bind_address: "127.0.0.1"
-
-# Can be ipvs, iptables
-kube_proxy_mode: ipvs
-
-# If using the pure iptables proxy, SNAT everything. Note that it breaks any
-# policy engine.
-kube_proxy_masquerade_all: false
-
# These options reflect limitations of running kubelet in a container.
# Modify at your own risk
kubelet_enable_cri: true
@@ -49,11 +39,7 @@ kube_master_cpu_reserved: 200m
kubelet_status_update_frequency: 10s
-# Limits for kube components and nginx load balancer app
-kube_proxy_memory_limit: 2000M
-kube_proxy_cpu_limit: 500m
-kube_proxy_memory_requests: 64M
-kube_proxy_cpu_requests: 150m
+# Limits for nginx load balancer app
nginx_memory_limit: 512M
nginx_cpu_limit: 300m
nginx_memory_requests: 32M
@@ -63,10 +49,6 @@ nginx_cpu_requests: 25m
# - extensions/v1beta1/daemonsets=true
# - extensions/v1beta1/deployments=true
-nginx_image_repo: nginx
-nginx_image_tag: 1.13
-nginx_config_dir: "/etc/nginx"
-
kubelet_flexvolumes_plugins_dir: /var/lib/kubelet/volume-plugins
# A port range to reserve for services with NodePort visibility.
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 269e1cae9c6e26474db6e1aa6255bcfda20e5d4d..c5e8f55f60ed0f48fca6faa3efec2cecc5242eea 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -17,10 +17,16 @@ kube_version: v1.13.1
## Kube Proxy mode One of ['iptables','ipvs']
kube_proxy_mode: ipvs
-# Kube-proxy nodeport address.
-# cidr to bind nodeport services. Flag --nodeport-addresses on kube-proxy manifest
-kube_proxy_nodeport_addresses: false
-# kube_proxy_nodeport_addresses_cidr: 10.0.1.0/24
+# A string slice of values which specify the addresses to use for NodePorts.
+# Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32).
+# The default empty string slice ([]) means to use all local addresses.
+# kube_proxy_nodeport_addresses_cidr is retained for legacy config
+kube_proxy_nodeport_addresses: >-
+ {%- if kube_proxy_nodeport_addresses_cidr is defined -%}
+ [{{ kube_proxy_nodeport_addresses_cidr }}]
+ {%- else -%}
+ []
+ {%- endif -%}
# Set to true to allow pre-checks to fail and continue deployment
ignore_assert_errors: false
diff --git a/scale.yml b/scale.yml
index 84bd638d230a566d7ce4315380c18b99ac5f0b6d..13472f66161020ef4587ff02aefe80aebee30b36 100644
--- a/scale.yml
+++ b/scale.yml
@@ -7,7 +7,7 @@
msg: "Ansible V2.7.0 can't be used until: https://github.com/ansible/ansible/issues/46600 is fixed"
that:
- ansible_version.string is version("2.7.0", "!=")
- - ansible_version.string is version("2.5.0", ">=")
+ - ansible_version.string is version("2.6.0", ">=")
tags:
- check
vars:
diff --git a/upgrade-cluster.yml b/upgrade-cluster.yml
index e542cc80090c3c03ef83092fa9a815b7c2857c0d..59e2d988cbbe9d150f0757d63b25eb9c1fba72e7 100644
--- a/upgrade-cluster.yml
+++ b/upgrade-cluster.yml
@@ -7,7 +7,7 @@
msg: "Ansible V2.7.0 can't be used until: https://github.com/ansible/ansible/issues/46600 is fixed"
that:
- ansible_version.string is version("2.7.0", "!=")
- - ansible_version.string is version("2.5.0", ">=")
+ - ansible_version.string is version("2.6.0", ">=")
tags:
- check
vars: