- Jan 14, 2025
-
-
Kay Yan authored
Signed-off-by:
Kay Yan <kay.yan@daocloud.io>
-
- Jan 13, 2025
-
-
ChengHao Yang authored
* Add `manual` option in the `external_cloud_provider` value Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com> * Update external cloud provider description in roles & sample inventory Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com> --------- Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com>
-
- Jan 09, 2025
-
-
kyrie authored
Signed-off-by:
KubeKyrie <shaolong.qin@daocloud.io>
-
- Jan 07, 2025
-
-
Chad Swenson authored
Adds the ability to configure the Kubernetes API server with a structured authorization configuration file. Structured AuthorizationConfiguration is a new feature in Kubernetes v1.29+ (GA in v1.32) that configures the API server's authorization modes with a structured configuration file. AuthorizationConfiguration files offer features not available with the `--authorization-mode` flag, although Kubespray supports both methods and authorization-mode remains the default for now. Note: Because the `--authorization-config` and `--authorization-mode` flags are mutually exclusive, the `authorization_modes` ansible variable is ignored when `kube_apiserver_use_authorization_config_file` is set to true. The two features cannot be used at the same time. Docs: https://kubernetes.io/docs/reference/access-authn-authz/authorization/#configuring-the-api-server-using-an-authorization-config-file Blog + Examples: https://kubernetes.io/blog/2024/04/26/multi-webhook-and-modular-authorization-made-much-easier/ KEP: https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/3221-structured-authorization-configuration I tested this all the way back to k8s v1.29 when AuthorizationConfiguration was first introduced as an alpha feature, although v1.29 required some additional workarounds with `kubeadm_patches`, which I included in example comments. I also included some example comments with CEL expressions that allowed me to configure webhook authorizers without hitting kubeadm 1.29+ issues that block cluster creation and upgrades such as this one: https://github.com/kubernetes/cloud-provider-openstack/issues/2575. My workaround configures the webhook to ignore requests from kubeadm and system components, which prevents fatal errors from webhooks that are not available yet, and should be authorized by Node or RBAC anyway.
-
ChengHao Yang authored
Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com>
-
Kay Yan authored
Signed-off-by:
Kay Yan <kay.yan@daocloud.io>
-
Kay Yan authored
Signed-off-by:
Kay Yan <kay.yan@daocloud.io>
-
- Jan 06, 2025
-
-
Noam authored
* remove check for os family on bash completion tasks * add Suse
-
Max Gautier authored
-
- Jan 02, 2025
-
- Dec 31, 2024
-
-
Antoine Legrand authored
-
- Dec 27, 2024
-
-
Kubernetes Prow Robot authored
Use debug stdout callback in ci rather than manual debug
-
Kubernetes Prow Robot authored
Cleanups in kubernetes/preinstall (DNS stuff)
-
ChengHao Yang authored
* Bump: Containerd upgrade to 1.7.24 Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com> * Docs: README.md update Containerd version 1.7.24 Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com> * Bump: runc upgrade to v1.2.3 Runc upgrade to v1.2.3, and add v1.1.15, v1.2.x checksum Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com> --------- Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com>
-
Max Gautier authored
* Update SECURITY_CONTACTS with active maintainers * Add yankay to SECURITY_CONTACTS
-
- Dec 26, 2024
-
-
ChengHao Yang authored
* Bump: Helm default version v3.16.4 Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com> * Docs: README.md update helm version Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com> --------- Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com>
-
Mohamed Omar Zaian authored
-
ChengHao Yang authored
* Bump: kubernetes upgrade to 1.31.4 Add Kubernetes 1.31.4, 1.30.8 and 1.29.12 version Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com> * Docs: Upgrade Kubernetes version to 1.31.4 Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com> --------- Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com>
-
- Dec 24, 2024
-
-
kyrie authored
* enhance reset network service Signed-off-by:
KubeKyrie <shaolong.qin@daocloud.io> * reset network service: use systemd module directly --------- Signed-off-by:
KubeKyrie <shaolong.qin@daocloud.io> Co-authored-by:
Max Gautier <mg@max.gautier.name>
-
dependabot[bot] authored
Bumps [molecule-plugins[vagrant]](https://github.com/ansible-community/molecule-plugins) from 23.5.3 to 23.6.0. - [Release notes](https://github.com/ansible-community/molecule-plugins/releases) - [Commits](https://github.com/ansible-community/molecule-plugins/compare/v23.5.3...v23.6.0 ) --- updated-dependencies: - dependency-name: molecule-plugins[vagrant] dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- Dec 23, 2024
-
-
Max Gautier authored
This avoids spurious failure with 'localhost'. It should also be more correct the inventory contains uncached hosts which are not in `k8s_cluster` and therefore should not be Kubespray business. (We still use hostvars for uncached hosts, because it's easier to select on 'ansible_default_ipv4' that way and does not change the end result)
-
- Dec 20, 2024
-
-
Max Gautier authored
-
- Dec 19, 2024
-
-
Chad Swenson authored
This enables [configuration](https://kubernetes.io/docs/concepts/policy/resource-quotas/#limit-priority-class-consumption-by-default) of the [ResourceQuota AdmissionController plugin](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#resourcequota). The configuration file will be empty by default when no limitedResources are set.
-
Max Gautier authored
-
Max Gautier authored
- Move validation from facts to verify-settings - Move set_fact to vars/
-
Max Gautier authored
We use a lot of facts where variables are enough, and format too early, which prevent reusing the variables in different contexts. - Moves set_fact variables to the vars directory, remove unnecessary intermediate variables, and render them at usage sites to only do logic on native Ansible/Jinja lists. - Use defaults/ rather than default filters for several variables.
-
Max Gautier authored
-
Ekko authored
Signed-off-by:
ekko <lihai.tu@daocloud.io>
-
- Dec 18, 2024
-
-
Max Gautier authored
-
Max Gautier authored
This reverts commit 742409e6.
-
- Dec 17, 2024
-
-
Emilien M authored
-
ERIK authored
Signed-off-by:
bo.jiang <bo.jiang@daocloud.io>
-
Kubernetes Prow Robot authored
Convert kubernetes-apps to use kubectl directly
-
Kubernetes Prow Robot authored
Fix flakey test + cleanup in testcases/030-checknetwork
-
- Dec 16, 2024
-
-
Kubernetes Prow Robot authored
CI: build collection before runnings tests
-
Max Gautier authored
-
dependabot[bot] authored
Bumps [ansible-lint](https://github.com/ansible/ansible-lint) from 24.10.0 to 24.12.2. - [Release notes](https://github.com/ansible/ansible-lint/releases) - [Commits](https://github.com/ansible/ansible-lint/compare/v24.10.0...v24.12.2 ) --- updated-dependencies: - dependency-name: ansible-lint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- Dec 13, 2024
-
-
Max Gautier authored
There is no test with IDEMPOT_CHECK=true since commit 7b78e687 (disable idempotency tests (#1872), 2017-10-26) Remove the related infra from our CI scripts.
-
Max Gautier authored
-
Max Gautier authored
We were running the playbooks before building the collections, so this probably wasn't testing much.
-