Commits · 20d99886cab523febe89bbceab791206d758dcf9 · Mirror / Kubespray

Dec 05, 2022

Update etcd log-level parameter name (#9540) · 20d99886

ERIK authored Dec 05, 2022



Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

20d99886

Oct 26, 2022

Fix inconsistent handling of admission plugin list (#9407) · eeb37646

William Turner authored Oct 26, 2022

* Fix inconsistent handling of admission plugin list

* Adjust hardening doc with the normalized admission plugin list

* Add pre-check for admission plugins format change

* Ignore checking admission plugins value when variable is not defined

eeb37646

Oct 14, 2022
- don't define kubeadm_patches by default (#9372) · 23716b0e
  Cristian Calin authored Oct 14, 2022
  
  23716b0e
Oct 06, 2022

Features/support kubeadm patches v1beta3 (#9326) · d689f57c

Huang Chen-Yi authored Oct 06, 2022

* Support kubeadm patches in v1beta3

* Update kubeadm patches sample files in inventory

* Fix pre-commit syntax

* Set kubeadm_patches  enabled to false in sample inventory

d689f57c

Sep 29, 2022
- Remove references to 1.22 (#9342) · 841e2f44
  Florian Ruynat authored Sep 28, 2022
  
  841e2f44
Aug 30, 2022
- kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod (#9223) · b46ddf35
  Kay Yan authored Aug 30, 2022
```
* fix-kube-vip-strict-arp

* fix-kube-vip-strict-arp
```
  b46ddf35
Aug 18, 2022

Add the option to enable default Pod Security Configuration (#9017) · 30c77ea4

Tomas Zvala authored Aug 18, 2022

* Add the option to enable default Pod Security Configuration

Enable Pod Security in all namespaces by default with the option to
exempt some namespaces. Without the change only namespaces explicitly
configured will receive the admission plugin treatment.

* Fix the PR according to code review comments

* Revert the latest changes

- leave the empty file when kube_pod_security_use_default, but add comment explaining the empty file
- don't attempt magic at conditionally adding PodSecurity to kube_apiserver_admission_plugins_needs_configuration

30c77ea4

Jul 19, 2022
- add kube-vip sans (#9099) · f592fa12
  Kay Yan authored Jul 20, 2022
  
  f592fa12
Jul 04, 2022
- remove-etcd-unsupported-arch (#9049) · 1d0b3829
  Kay Yan authored Jul 04, 2022
  
  1d0b3829
Jun 28, 2022
- fix-the-issue-of-miss-the-etcd-user (#9016) · d4de9d09
  Kay Yan authored Jun 29, 2022
  
  d4de9d09
Jun 22, 2022
- Fixed concatenate str & int in auto_renew_certificates_systemd_calendar var (#8979) · 6bf33064
  Florian Ruynat authored Jun 22, 2022
  
  6bf33064
Jun 17, 2022

feat: make kubernetes owner parametrized (#8952) · 97b4d79e

Alessio Greggi authored Jun 17, 2022

* feat: make kubernetes owner parametrized

* docs: update hardening guide with configuration for CIS 1.1.19

* fix: set etcd data directory permissions to be compliant to CIS 1.1.12

97b4d79e

Jun 15, 2022
- [kubernetes] drop support for configuring insecure apiserver · 24c8ba83
  Calin Cristian Andrei authored Jun 14, 2022
  
  24c8ba83
- [kubeadm] use v1beta3 configuration version · 2cd8c51a
  Calin Cristian Andrei authored Jun 06, 2022
```
* extra admission controls now don't have a version in their file names
  eventratelimit.v1beta2.yaml.j2 -> eventratelimit.yaml.j2
* cri_socket variable includes the unix:// prefix to be conformat with
  upstream
```
  2cd8c51a
- [kubernetes] drop pre 1.22.0 workarounds · ae1dcb03
  Calin Cristian Andrei authored Jun 06, 2022
  
  ae1dcb03
May 23, 2022

[etcd] Add support for setting the request size limit (#8849) · dc1af5a9

Necatican Yıldırım authored May 23, 2022



* [etcd] Add extra documentation for `etcd_memory_limit` and `etcd_quota_backend_bytes`

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [etcd] Add support for setting ETCD_MAX_REQUEST_BYTES

Signed-off-by: necatican <necaticanyildirim@gmail.com>

dc1af5a9

May 09, 2022
- [PodSecurityPolicy] Move the install of psp (#8744) · 42fc71fa
  Robin Wallace authored May 09, 2022
  
  42fc71fa
May 06, 2022

add support for `service-account-lookup` parameter (#8781) · e7df4d3d

Alessio Greggi authored May 06, 2022

* feat: add variable to manage service-account-lookup on kube-apiserver

* docs: add documentation about service-account-lookup variable

e7df4d3d

Add optional setting for ca data in auth webhook (#8777) · 3e52a0db

David Louks authored May 05, 2022

* Add optional setting for ca data in auth webhook

* add webhook token auth variables to sample inventory

3e52a0db

May 02, 2022

add support for `EventRateLimit` plugin configuration (#8711) · fa1d222e

Alessio Greggi authored May 02, 2022

* feat: add support for EventRateLimit admission plugin

* docs: add documentation about admission_control_config_file and EventRateLimit configuration

fa1d222e

Apr 17, 2022

[etcd] ensure etcd is properly upgraded when managed by kubeadm (#8722) · 3261d261

Cristian Calin authored Apr 17, 2022

* [etcd] ensure etcd is properly upgraded when managed by kubeadm

* [CI] add periodic job to test upgrade of etcd managed by kubeadm

3261d261

Apr 12, 2022
- Enable external CA mode for control-plane deployment (#8620) · 30306d6e
  Julien Le Fur authored Apr 12, 2022
  
  30306d6e
Apr 05, 2022
- split kube_feature_gates variable for different kubernetes components (#8677) · bba91a75
  Alessio Greggi authored Apr 05, 2022
```
* feat: split kube_feature_gates variable for different kubernetes components

* docs: add kube_feaute_gates componet variables
```
  bba91a75
Feb 24, 2022
- fix(coredns): make sure to keep coredns repository namespace (#8572) · ee079f47
  Nicolas Goudry authored Feb 24, 2022
```
fix: regex

fix: wrong regex_replace usage
```
  ee079f47
Feb 23, 2022

Encrypting Secret Data at Rest (#8574) · 36393d77

Alex authored Feb 23, 2022

* change default value for Encrypting Secret Data at Rest to secretbox, remove experimental flag and add documentation

* fix MD012/no-multiple-blanks

36393d77

Feb 22, 2022

Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable (#8317) · e9c89132

Necatican Yıldırım authored Feb 22, 2022



* Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Add etcd kubeadm deployment documentation

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Refactor warning for the deprecated 'etcd_kubeadm_enabled' variable

Signed-off-by: necatican <necaticanyildirim@gmail.com>

e9c89132

Jan 27, 2022
- Adaptive Kube-ovn (#8454) · 52f221f9
  华忠啊 authored Jan 27, 2022
  
  52f221f9
Jan 13, 2022
- Fix kubectl call before installing it (#8412) · 7c67ec49
  Florian Ruynat authored Jan 13, 2022
  
  7c67ec49
Jan 10, 2022
- Improve first_kube_control_plane variable management to avoid installation... · 57a1d18d
  Unai Arríen authored Jan 10, 2022
```
Improve first_kube_control_plane variable management to avoid installation failures due to variable overlapping (#8388)
```
  57a1d18d
Jan 06, 2022
- Ensure taint configuration for secondary control-plane nodes (#8363) · 92abf26d
  Unai Arríen authored Jan 06, 2022
  
  92abf26d
Jan 05, 2022

Use a variable for standardizing kubectl invocation (#8329) · cb54eb40

Max Gautier authored Jan 05, 2022

* Add kubectl variable

* Replace kubectl usage by kubectl variable in roles

* Remove redundant --kubeconfig on kubectl usage

* Replace unecessary shell usage with command

cb54eb40

Dec 21, 2021

Support deploying kubernetes 1.23 (#8323) · c1954ff9

Cristian Calin authored Dec 21, 2021

* Ensure entries for 1.23 are added for supported_versions vars

* cri-o: add support for kubernetes 1.23 but still use cri-o 1.22

* kubescheduler-config: diferentiate config versions based on kube_version

c1954ff9

Dec 20, 2021

Delete "kubeadm alpha certs" code (#8322) · b49ae8c2

Kenichi Omichi authored Dec 20, 2021

"kubeadm alpha certs" command has been promoted to "kubeadm certs" command,
and "kubeadm alpha certs" has been deprecated since Kubernetes v1.20 as [1].
In addition, Kubespray supports Kubernetes v1.20+.
This delete the deprecated command for cleanup.

[1]: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.20.md#deprecation

b49ae8c2

Dec 06, 2021

Improve control plane scale flow (#13) (#7989) · 27ab364d

Alvaro Campesino authored Dec 06, 2021

* Improve control plane scale flow (#13)

* Added version 1.20.10 of K8s

* Setting first_kube_control_plane to a existing one

* Setting first_kube_control_plane to a existing one

* change first_kube_master for first_kube_control_plane

* Ansible-lint changes

27ab364d

Fix if bind-address is not set to 0.0.0.0 (#8262) · 615216f3

Hanna Bledai authored Dec 06, 2021

* if bind-address is not set to 0.0.0.0

* Update docs and left comments

* fix yamllist check: remove space

615216f3

Dec 03, 2021
- Update etcd-servers for apiserver (#8253) · ee0f1e9d
  Samuel Liu authored Dec 03, 2021
  
  ee0f1e9d
Nov 16, 2021

add gce support (#8179) · 424163c7

Lubos Mercl authored Nov 16, 2021

Author:    lmercl <lubos.mercl@gmail.com>
Date:      Wed Nov 10 15:30:04 2021 +0000

fix markdown

424163c7

Oct 11, 2021

Add kubeadm_join_phases_skip variable (#8067) · 1a57780a

Necatican Yıldırım authored Oct 11, 2021



* Add kubeadm_join_phases_skip variable

* Update kubeadm_join_phases_skip comment

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* Add kubeadm_join_phases_skip_default variable to follow the same logic with kubeadm_init_phases_skip

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

1a57780a

Sep 23, 2021

Use kube_config_dir for kubeconfig (#7996) · 843252c9

Kenichi Omichi authored Sep 23, 2021

The path of kubeconfig should be configurable, and its default value
is /etc/kubernetes/admin.conf. Most paths of the file are configurable
but some were not. This make those configurable.

843252c9

Sep 21, 2021
- Fix k8s-certs-renew cp path (#7992) · 22115047
  Wang Zhen authored Sep 21, 2021
```
Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
```
  22115047