- Jan 14, 2025
-
-
Max Gautier authored
- remove unused parts in the response - clarify variables names
-
Max Gautier authored
This is handy when some component releases is buggy (missing file at the download links) to not block everything else. Move the filtering up the stack so we don't have to do it multiples times.
-
Max Gautier authored
This means the update-hashes command can be run anywhere in Kubespray repository without having to figure out the correct path.
-
Max Gautier authored
-
Max Gautier authored
-
Max Gautier authored
Can operate on several branches without the need for backport
-
Max Gautier authored
-
Max Gautier authored
-
Max Gautier authored
-
Max Gautier authored
-
Max Gautier authored
-
Max Gautier authored
-
Max Gautier authored
Gvisor releases, besides only being tags, have some particularities: - they are of the form yyyymmdd.p -> this get interpreted as a yaml float, so we need to explicitely convert to string to make it work. - there is no semver-like attached to the version numbers, but the API (= OCI container runtime interface) is expected to be stable (see linked discussion) - some older tags don't have hashs for some archs Link: https://groups.google.com/g/gvisor-users/c/SxMeHt0Yb6Y/m/Xtv7seULCAAJ
-
Max Gautier authored
Gvisor is the only one of our deployed components which use tags instead of proper releases. So the tags scraping support will, for now, cater to gvisor particularities, notably in the tag name format and the fact that some older releases don't have the same URL scheme.
-
Max Gautier authored
-
Max Gautier authored
(the url should use `alt_arch` instead of `arch` for those)
-
Max Gautier authored
-
Max Gautier authored
-
Max Gautier authored
-
Max Gautier authored
-
Max Gautier authored
Also, always raise even for 404 not found (should not happen now that we'll use GraphQL to find the exact set of versions)
-
Max Gautier authored
-
Max Gautier authored
We're only interested in new patch releases for auto-update.
-
Max Gautier authored
Containerd use the same repository for releases of it's gRPC API (which we are not interested in). Conveniently, those releases have tags which are not valid version number (being prefixed with 'api/'). This could also be potentially useful for similar cases. The risk of missing releases because of this are low, since it would require that a project issue a new release with an invalid format, then switch back to the previous format (or we miss the fact it's not updating for a long period of time).
-
Max Gautier authored
We obtain the set of version from Github, then for each component we do a set comparison to determine which versions we don't have.
-
Max Gautier authored
-
Max Gautier authored
The Github graphQL API needs IDs for querying a variable array of repository. Use a dict for components instead of an array of url and record the corresponding node ID for each component (there are duplicates because some binaries are provided by the same project/repository).
-
Max Gautier authored
Add the script used to obtain graphql node IDs from Github so it's easier to add a new component.
-
- Jan 13, 2025
-
-
ChengHao Yang authored
* Add `manual` option in the `external_cloud_provider` value Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com> * Update external cloud provider description in roles & sample inventory Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com> --------- Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com>
-
- Jan 09, 2025
-
-
kyrie authored
Signed-off-by:
KubeKyrie <shaolong.qin@daocloud.io>
-
- Jan 07, 2025
-
-
Chad Swenson authored
Adds the ability to configure the Kubernetes API server with a structured authorization configuration file. Structured AuthorizationConfiguration is a new feature in Kubernetes v1.29+ (GA in v1.32) that configures the API server's authorization modes with a structured configuration file. AuthorizationConfiguration files offer features not available with the `--authorization-mode` flag, although Kubespray supports both methods and authorization-mode remains the default for now. Note: Because the `--authorization-config` and `--authorization-mode` flags are mutually exclusive, the `authorization_modes` ansible variable is ignored when `kube_apiserver_use_authorization_config_file` is set to true. The two features cannot be used at the same time. Docs: https://kubernetes.io/docs/reference/access-authn-authz/authorization/#configuring-the-api-server-using-an-authorization-config-file Blog + Examples: https://kubernetes.io/blog/2024/04/26/multi-webhook-and-modular-authorization-made-much-easier/ KEP: https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/3221-structured-authorization-configuration I tested this all the way back to k8s v1.29 when AuthorizationConfiguration was first introduced as an alpha feature, although v1.29 required some additional workarounds with `kubeadm_patches`, which I included in example comments. I also included some example comments with CEL expressions that allowed me to configure webhook authorizers without hitting kubeadm 1.29+ issues that block cluster creation and upgrades such as this one: https://github.com/kubernetes/cloud-provider-openstack/issues/2575. My workaround configures the webhook to ignore requests from kubeadm and system components, which prevents fatal errors from webhooks that are not available yet, and should be authorized by Node or RBAC anyway.
-
ChengHao Yang authored
Signed-off-by:
ChengHao Yang <17496418+tico88612@users.noreply.github.com>
-
Kay Yan authored
Signed-off-by:
Kay Yan <kay.yan@daocloud.io>
-
Kay Yan authored
Signed-off-by:
Kay Yan <kay.yan@daocloud.io>
-
- Jan 06, 2025
-
-
Noam authored
* remove check for os family on bash completion tasks * add Suse
-
Max Gautier authored
-
- Jan 02, 2025
-
- Dec 31, 2024
-
-
Antoine Legrand authored
-
- Dec 27, 2024
-
-
Kubernetes Prow Robot authored
Use debug stdout callback in ci rather than manual debug
-
Kubernetes Prow Robot authored
Cleanups in kubernetes/preinstall (DNS stuff)
-