Commits · 3527cb19160308e872d94a680e47c83867f70fbd · Mirror / Kubespray

Jan 14, 2025
- Update CI test from AlmaLinux8 to AlmaLinux9 (#11889) · 3527cb19
  Kay Yan authored Jan 14, 2025
  
  Signed-off-by: Kay Yan <kay.yan@daocloud.io>
  3527cb19
Jan 13, 2025

Add `manual` option to the `external_cloud_provider` variable (#11883) · 5a353cb0

ChengHao Yang authored Jan 13, 2025



* Add `manual` option in the `external_cloud_provider` value

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Update external cloud provider description in roles & sample inventory

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

5a353cb0

Jan 09, 2025
- add containerd registry mirror certificate configuration (#11857) · 1f186ed4
  kyrie authored Jan 09, 2025
  
  Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
  1f186ed4
Jan 07, 2025

Structured AuthorizationConfiguration (#11852) · 8443f370

Chad Swenson authored Jan 07, 2025

Adds the ability to configure the Kubernetes API server with a structured authorization configuration file.

Structured AuthorizationConfiguration is a new feature in Kubernetes v1.29+ (GA in v1.32) that configures the API server's authorization modes with a structured configuration file.
AuthorizationConfiguration files offer features not available with the `--authorization-mode` flag, although Kubespray supports both methods and authorization-mode remains the default for now.

Note: Because the `--authorization-config` and `--authorization-mode` flags are mutually exclusive, the `authorization_modes` ansible variable is ignored when `kube_apiserver_use_authorization_config_file` is set to true. The two features cannot be used at the same time.

Docs: https://kubernetes.io/docs/reference/access-authn-authz/authorization/#configuring-the-api-server-using-an-authorization-config-file
Blog + Examples: https://kubernetes.io/blog/2024/04/26/multi-webhook-and-modular-authorization-made-much-easier/
KEP: https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/3221-structured-authorization-configuration

I tested this all the way back to k8s v1.29 when AuthorizationConfiguration was first introduced as an alpha feature, although v1.29 required some additional workarounds with `kubeadm_patches`, which I included in example comments.

I also included some example comments with CEL expressions that allowed me to configure webhook authorizers without hitting kubeadm 1.29+ issues that block cluster creation and upgrades such as this one: https://github.com/kubernetes/cloud-provider-openstack/issues/2575.
My workaround configures the webhook to ignore requests from kubeadm and system components, which prevents fatal errors from webhooks that are not available yet, and should be authorized by Node or RBAC anyway.

8443f370

Add Flatcar 4081.2.1 image to test-infra (#11849) · 1801deba
ChengHao Yang authored Jan 07, 2025
```
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
```
1801deba
increase the memory requirement to 2GB (#11864) · 369be009
Kay Yan authored Jan 07, 2025
```
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
```
369be009
cleaup for 2.27.0 (#11854) · ae180558
Kay Yan authored Jan 07, 2025
```
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
```
ae180558

Jan 06, 2025
- enable bash completion tasks for Suse OS family (#11860) · 55d1e4a4
  Noam authored Jan 06, 2025
  
  * remove check for os family on bash completion tasks * add Suse
  55d1e4a4
- Ignore Mem preflight errors on ubuntu upgrade testcase (#11859) · ac9b76eb
  Max Gautier authored Jan 06, 2025
  
  ac9b76eb
Jan 02, 2025
- [ingress-nginx] upgrade to 1.12.0 (#11846) · 9ec9b3a2
  Mohamed Omar Zaian authored Jan 02, 2025
  
  View commits for tag v2.27.0 v2.27.0
  
  9ec9b3a2
Dec 31, 2024
- Add option to skip network plugin installation (#11844) · 0222a2a6
  Antoine Legrand authored Dec 31, 2024
  
  0222a2a6
Dec 27, 2024

Merge pull request #11793 from VannTen/cleanup/ci_testcases_better_callback · 57490d5e
Kubernetes Prow Robot authored Dec 27, 2024
```
Use debug stdout callback in ci rather than manual debug
```
57490d5e
Merge pull request #11819 from VannTen/cleanup/preinstall_fact · 5af3a34d
Kubernetes Prow Robot authored Dec 27, 2024
```
Cleanups in kubernetes/preinstall (DNS stuff)
```
5af3a34d

Bump: Containerd upgrade to 1.7.24 & runc upgrade to v1.2.3 (#11833) · 54a01f27

ChengHao Yang authored Dec 27, 2024



* Bump: Containerd upgrade to 1.7.24

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: README.md update Containerd version 1.7.24

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Bump: runc upgrade to v1.2.3

Runc upgrade to v1.2.3, and add v1.1.15, v1.2.x checksum

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

54a01f27

Update SECURITY_CONTACTS with active maintainers (#11827) · 6f6da3d3
Max Gautier authored Dec 27, 2024
```
* Update SECURITY_CONTACTS with active maintainers

* Add yankay to SECURITY_CONTACTS
```
6f6da3d3

Dec 26, 2024

Bump: Helm upgrade to v3.16.4 (#11832) · a6bc327d

ChengHao Yang authored Dec 26, 2024



* Bump: Helm default version v3.16.4

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: README.md update helm version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

a6bc327d

[calico] Add version 3.29.1 and make it default (#11798) · 25d0380d
Mohamed Omar Zaian authored Dec 25, 2024

25d0380d

Bump: Kubernetes default version v1.31.4 (#11828) · 3305ae92

ChengHao Yang authored Dec 26, 2024



* Bump: kubernetes upgrade to 1.31.4

Add Kubernetes 1.31.4, 1.30.8 and 1.29.12 version

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

* Docs: Upgrade Kubernetes version to 1.31.4

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

---------

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

3305ae92

Dec 24, 2024

Fix using the default network manager in reset.yml (#11678) · e7a5e3ca

kyrie authored Dec 24, 2024



* enhance reset network service

Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>

* reset network service: use systemd module directly

---------

Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
Co-authored-by: Max Gautier <mg@max.gautier.name>

e7a5e3ca

build(deps): bump molecule-plugins[vagrant] from 23.5.3 to 23.6.0 (#11826) · 6c69ffed

dependabot[bot] authored Dec 24, 2024

Bumps [molecule-plugins[vagrant]](https://github.com/ansible-community/molecule-plugins) from 23.5.3 to 23.6.0.
- [Release notes](https://github.com/ansible-community/molecule-plugins/releases)
- [Commits](https://github.com/ansible-community/molecule-plugins/compare/v23.5.3...v23.6.0

)

---
updated-dependencies:
- dependency-name: molecule-plugins[vagrant]
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

6c69ffed

Dec 23, 2024

Only consider host in 'k8s_cluster' when checking if ip is a cached fact (#11817) · d173f1d9

Max Gautier authored Dec 23, 2024

This avoids spurious failure with 'localhost'.

It should also be more correct the inventory contains uncached hosts
which are not in `k8s_cluster` and therefore should not be Kubespray
business.

(We still use hostvars for uncached hosts, because it's easier to select
on 'ansible_default_ipv4' that way and does not change the end result)

d173f1d9

Dec 20, 2024
- Update ansible-lint pre-commit + drop jsonschema dep (#11818) · 91ad58a1
  Max Gautier authored Dec 20, 2024
  
  91ad58a1
Dec 19, 2024

Add ResourceQuota plugin configuration (#11814) · 2fbf4806

Chad Swenson authored Dec 19, 2024

This enables [configuration](https://kubernetes.io/docs/concepts/policy/resource-quotas/#limit-priority-class-consumption-by-default) of the [ResourceQuota AdmissionController plugin](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#resourcequota). The configuration file will be empty by default when no limitedResources are set.

2fbf4806

kubernetes/preinstall: remove unused variable · 684f52ea
Max Gautier authored Dec 19, 2024

684f52ea
kubernetes/preinstall: dns vars cleanup · 55e095c1
Max Gautier authored Dec 19, 2024
```
- Move validation from facts to verify-settings
- Move set_fact to vars/
```
55e095c1

kubernetes/preinstall: dns setting cleanup(dhclient, resolvconf) · 1127a621

Max Gautier authored Dec 19, 2024

We use a lot of facts where variables are enough, and format too early,
which prevent reusing the variables in different contexts.

- Moves set_fact variables to the vars directory, remove unnecessary
 intermediate variables, and render them at usage sites to only do logic
 on native Ansible/Jinja lists.
- Use defaults/ rather than default filters for several variables.

1127a621

kubernetes/preinstall: switch coredns_server to vars/ · a3e569f5
Max Gautier authored Dec 18, 2024

a3e569f5
Add iproute(2) package checking (#11816) · bf703354
Ekko authored Dec 19, 2024
```
Signed-off-by: ekko <lihai.tu@daocloud.io>
```
bf703354

Dec 18, 2024
- CI: test hardening setup in normal CI run (#11809) · 180ce0b2
  Max Gautier authored Dec 18, 2024
  
  180ce0b2
- Revert "apiserver: fix incorrect path to admission plugins config files (#11779)" (#11808) · 331671ac
  Max Gautier authored Dec 18, 2024
  
  This reverts commit 742409e6.
  331671ac
Dec 17, 2024
- Fix Ansible example values for OpenStack controller (#11803) · 03de8ff5
  Emilien M authored Dec 17, 2024
  
  03de8ff5
- remove legacy kubelet container pre-upgrade tasks (#11805) · 540c6ddb
  ERIK authored Dec 17, 2024
  
  Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
  540c6ddb
- Merge pull request #11700 from VannTen/feat/kubectl_stdin · da077ab8
  Kubernetes Prow Robot authored Dec 17, 2024
  
  Convert kubernetes-apps to use kubectl directly
  da077ab8
- Merge pull request #11792 from VannTen/flake/race_sa_creation · 30f0a144
  Kubernetes Prow Robot authored Dec 17, 2024
  
  Fix flakey test + cleanup in testcases/030-checknetwork
  30f0a144
Dec 16, 2024

Merge pull request #11797 from VannTen/ci/fix_collection_testing · acfaef2a
Kubernetes Prow Robot authored Dec 16, 2024
```
CI: build collection before runnings tests
```
acfaef2a
apiserver: fix incorrect path to admission plugins config files (#11779) · 742409e6
Max Gautier authored Dec 16, 2024

742409e6

build(deps): bump ansible-lint from 24.10.0 to 24.12.2 (#11799) · a2cde9e7

dependabot[bot] authored Dec 16, 2024

Bumps [ansible-lint](https://github.com/ansible/ansible-lint) from 24.10.0 to 24.12.2.
- [Release notes](https://github.com/ansible/ansible-lint/releases)
- [Commits](https://github.com/ansible/ansible-lint/compare/v24.10.0...v24.12.2

)

---
updated-dependencies:
- dependency-name: ansible-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

a2cde9e7

Dec 13, 2024
- CI: remove IDEMPOT_CHECK (#11796) · 7da31734
  Max Gautier authored Dec 13, 2024
  
  There is no test with IDEMPOT_CHECK=true since commit 7b78e687 (disable idempotency tests (#1872), 2017-10-26) Remove the related infra from our CI scripts.
  7da31734
- CI: test collections in one packet job · 2dddb4fb
  Max Gautier authored Dec 13, 2024
  
  2dddb4fb
- CI: build collection before runnings tests · 18fab585
  Max Gautier authored Dec 13, 2024
  
  We were running the playbooks before building the collections, so this probably wasn't testing much.
  18fab585