Skip to content
  1. Mar 22, 2024
  3. Jan 25, 2024
  5. Dec 18, 2023
  7. Dec 12, 2023
    • jandres - moscardo's avatar
      New PR default node selector (#10607) · cb848fa7
      jandres - moscardo authored
      cb848fa7
    • Max Gautier's avatar
      Disable podCIDR allocation from control-plane when using calico (#10639) · 8abf49ae
      Max Gautier authored 
      * Disable control plane allocating podCIDR for nodes when using calico

Calico does not use the .spec.podCIDR field for its IP address
management.
Furthermore, it can false positives from the kube controller manager if
kube_network_node_prefix and calico_pool_blocksize are unaligned, which
is the case with the default shipped by kubespray.

If the subnets obtained from using kube_network_node_prefix are bigger,
this would result at some point in the control plane thinking it does
not have subnets left for a new node, while calico will work without
problems.

Explicitely set a default value of false for calico_ipam_host_local to
facilitate its use in templates.

* Don't default to kube_network_node_prefix for calico_pool_blocksize

They have different semantics: kube_network_node_prefix is intended to
be the size of the subnet for all pods on a node, while there can be
more than on calico block of the specified size (they are allocated on
demand).

Besides, this commit does not actually change anything, because the
current code is buggy: we don't ever default to
kube_network_node_prefix, since the variable is defined in the role
defaults.
      8abf49ae
  9. Nov 27, 2023
  11. Nov 08, 2023
    • Max Gautier's avatar
      Move control plane certs renewal "spread out" into the systemd timer (#10596) · b3f6d051
      Max Gautier authored 
      * Use RandomizedDelaySec to spread out control certificates renewal plane

If the number of control plane node is superior to 6, using (index * 10
minutes) will fail (03:60:00 is not a valid timestamp).

Compared to just fixing the jinja expression (to use a modulo for
example), this should avoid having two control planes certificates
update node being triggered at the same time.

* Make k8s-certs-renew.timer Persistent

If the control plane happens to be offline during the scheduled
certificates renewal (node failure or anything like that), we still want
the renewal to happen.
      b3f6d051
  13. Oct 17, 2023
  15. Sep 29, 2023
  17. Aug 08, 2023
  19. Jul 05, 2023
  21. Jun 13, 2023
  23. Apr 18, 2023
  25. Apr 11, 2023
  27. Mar 27, 2023
  29. Feb 06, 2023
  31. Dec 28, 2022
  33. Dec 20, 2022
  35. Dec 15, 2022
  37. Dec 05, 2022
  39. Oct 26, 2022
  41. Oct 06, 2022
  43. Sep 29, 2022
  45. Aug 18, 2022
    • Tomas Zvala's avatar
      Add the option to enable default Pod Security Configuration (#9017) · 30c77ea4
      Tomas Zvala authored 
      * Add the option to enable default Pod Security Configuration

Enable Pod Security in all namespaces by default with the option to
exempt some namespaces. Without the change only namespaces explicitly
configured will receive the admission plugin treatment.

* Fix the PR according to code review comments

* Revert the latest changes

- leave the empty file when kube_pod_security_use_default, but add comment explaining the empty file
- don't attempt magic at conditionally adding PodSecurity to kube_apiserver_admission_plugins_needs_configuration
      30c77ea4
  47. Jul 04, 2022
  49. Jun 15, 2022
  51. May 23, 2022
  53. May 09, 2022
  55. May 06, 2022
  57. May 02, 2022
  59. Apr 05, 2022
  61. Feb 24, 2022
  63. Feb 22, 2022
  65. Jan 27, 2022
  67. Jan 06, 2022
  69. Dec 21, 2021
    • Cristian Calin's avatar
      Support deploying kubernetes 1.23 (#8323) · c1954ff9
      Cristian Calin authored 
      * Ensure entries for 1.23 are added for supported_versions vars

* cri-o: add support for kubernetes 1.23 but still use cri-o 1.22

* kubescheduler-config: diferentiate config versions based on kube_version
      c1954ff9
  71. Dec 20, 2021