- Apr 07, 2021
-
-
bleech1 authored
Co-authored-by: Samuel Liu <liupeng0518@gmail.com>
-
- Mar 30, 2021
-
-
Etienne Champetier authored
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
-
Etienne Champetier authored
Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit 36a3a789)
-
David Louks authored
* Remove ignore_errors from drain tasks and enable retires * Fix lint error by checking if stdout length is not 0, ie string is not empty. (cherry picked from commit ccd3aeeb)
-
Etienne Champetier authored
Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit 2d1597bf)
-
Anthony Rabbito authored
`-%` causes `etcd-unsupported-arch: arm64` to print on COL 1 instead of COL 6. Signed-off-by: anthr76 <hello@anthonyrabbito.com> (cherry picked from commit edfa3e9b)
-
Kaleb Elwert authored
* Allow connecting to bastion via non-standard port * Fix bastion connection when ansible_port is not provided (cherry picked from commit 6fa3565d)
-
Kenichi Omichi authored
To avoid ModuleNotFoundError due to no module named 'setuptools_rust', this adds cryptography installation to requirements.txt. Created by jfc-evs originally as https://github.com/kubernetes-sigs/kubespray/pull/7264 (cherry picked from commit 49abf600)
-
- Mar 23, 2021
-
-
Etienne Champetier authored
While at it remove force_certificate_regeneration This boolean only forced the renewal of the apiserver certs Either manually use k8s-certs-renew.sh or set auto_renew_certificates Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit efa18039) Conflicts: roles/kubernetes/master/templates/k8s-certs-renew.service.j2 roles/kubernetes/master/templates/k8s-certs-renew.sh.j2 roles/kubernetes/master/templates/k8s-certs-renew.timer.j2
-
Etienne Champetier authored
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
-
Florian Ruynat authored
(cherry picked from commit 6d3dbb43)
-
Florian Ruynat authored
(cherry picked from commit ead8a4e4)
-
Florian Ruynat authored
(cherry picked from commit 05f132c1)
-
Erwan Miran authored
* Download Calico KDD CRDs * Replace kustomize with lineinfile and use ansible assemble module * Replace find+lineinfile by sed in shell module to avoid nested loop * add condition on sed * use block for kdd tasks + remove supernumerary kdd manifest apply in start "Start Calico resources" (cherry picked from commit 1c62af0c) Conflicts: roles/network_plugin/calico/tasks/install.yml
-
Florian Ruynat authored
(cherry picked from commit 5f2c8ac3)
-
Florian Ruynat authored
(cherry picked from commit de46f861)
-
Florian Ruynat authored
(cherry picked from commit edc4bb4a)
-
Maciej Wereski authored
15.1 has reached EOL on 2021-02-02. Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com> (cherry picked from commit 69d11dae)
-
Etienne Champetier authored
"The error was: 'proxy_disable_env' is undefined\n\nThe error appears to be in '<censored>scale.yml': line 72, column 7" Fixes 067db686 Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit 057e8b43)
-
- Mar 15, 2021
-
-
Lennart Jern authored
The dummy module is needed for nodelocaldns. (cherry picked from commit 5a54db2f)
-
Etienne Champetier authored
c9c0c01d only fix the problem for new clusters Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit 14b63ede) Conflicts: roles/kubernetes/master/tasks/kubelet-fix-client-cert-rotation.yml
-
Maciej authored
* Update ansible to v2.9.18 Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com> * Update jinja2 to v2.11.3 Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com> (cherry picked from commit b07c5966)
-
Victor Morales authored
When privileged is enabled for a container, all the `/dev/*` block devices from the host are mounted into the guest. The `privileged_without_host_devices` flag prevents host devices from being passed to privileged containers. More information: * https://github.com/containerd/cri/pull/1225 * https://github.com/cri-o/cri-o/commit/1d0f68156ba382651c776a44f156614c4fcf981d (cherry picked from commit dc5df57c)
-
Etienne Champetier authored
The important action in kubeadm-version.yml is the templating of the configuration, not finding / setting the version Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit a9c97e52) Conflicts: roles/kubernetes/master/tasks/kubeadm-version.yml
-
Etienne Champetier authored
There are no reasons not to backup during upgrade Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit 53e5ef6b) Conflicts: roles/kubernetes/master/tasks/kubeadm-backup.yml roles/kubernetes/master/tasks/kubeadm-certificate.yml
-
Etienne Champetier authored
kubeadm never rotates sa.key/sa.pub, so there is no need to delete tokens/restart pods Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit 8800b5c0)
-
Etienne Champetier authored
kubeadm is the default for a long time now, and admin.conf is created by it, so let kubeadm handle it Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit 280036fa)
-
Etienne Champetier authored
Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit a6e1f5ec)
-
Etienne Champetier authored
apiserver.pem is not used since ddffdb63 Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit fedd671d) Conflicts: roles/kubernetes/master/tasks/kubeadm-cleanup-old-certs.yml roles/kubernetes/master/tasks/kubeadm-migrate-certs.yml
-
Du9L.com authored
According to [etcd's docs](https://etcd.io/docs/v3.4.0/op-guide/configuration/#--log-package-levels), argument 'log-package-levels' should not contain underscores. (cherry picked from commit b7c22659)
-
Etienne Champetier authored
Using `kubeadm init phase kubeconfig all` breaks kubelet client certificate rotation as we are missing `kubeadm init phase kubelet-finalize all` to point to `kubelet-client-current.pem` kubeconfig format is stable so let's just use lineinfile, this will avoid other future breakage This revert to the logic before 6fe22483 Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit c9c0c01d)
-
Etienne Champetier authored
On CentOS 8 they seem to be ignored by default, but better be extra safe This also make it easy to exclude other network plugin interfaces Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit e442b1d2)
-
Etienne Champetier authored
By default Ansible stat module compute checksum, list extended attributes and find mime type To find all stat invocations that really use one of those: git grep -F stat. | grep -vE 'stat.(islnk|exists|lnk_source|writeable)' Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit de1d9df7) Conflicts: roles/etcd/tasks/check_certs.yml
-
- Mar 02, 2021
-
-
Florian Ruynat authored
(cherry picked from commit 05adeed1) Conflicts: recover-control-plane.yml
-
Florian Ruynat authored
(cherry picked from commit e35beceb)
-
Kenichi Omichi authored
This updates Ansible version to the latest stable version 2.9.17. (cherry picked from commit 0ddf9150)
-
Etienne Champetier authored
Since a790935d all proxy users should be properly configured Now when you have *_PROXY vars in your environment it can leads to failure if NO_PROXY is not correct, or to persistent configuration changes as seen with kubeadm in 1c5391dd Instead of playing constant whack-a-bug, inject empty *_PROXY vars everywhere at the play level, and override at the task level when needed Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit 067db686)