Commits · 78624c5bcbf52f228f4443ba5d60e2af868a6276 · Mirror / Kubespray

Oct 31, 2022

When using cilium CNI, install Cilium CLI (#9436) · 78624c5b

biqiang Wu authored Oct 31, 2022



Signed-off-by: dcwbq <biqiang.wu@daocloud.io>

Signed-off-by: dcwbq <biqiang.wu@daocloud.io>

78624c5b

Oct 28, 2022
- Add switch cilium_enable_bandwidth_manager (#9441) · c6814354
  biqiang Wu authored Oct 28, 2022
```
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>

Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
```
  c6814354
- Remove PodSecurityPolicies in Metallb for kubernetes 1.25 (#9442) · 4d3f6376
  杨刚 authored Oct 28, 2022
  
  4d3f6376
Oct 27, 2022

Upgrade ruamel.yaml.clib to work with Python 3.11 (#9426) · 5e14398a

Olivier Lemasle authored Oct 27, 2022

ruamel.yaml.clib did not build with the upcoming Python 3.11.

Cf. https://sourceforge.net/p/ruamel-yaml-clib/tickets/9/

ruamel.yaml.clib==0.2.7 fixes the issue.

5e14398a

Update kube-vip to v0.5.5 (#9437) · 990f87ac

蒋航 authored Oct 27, 2022



Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

990f87ac

Oct 26, 2022

Fix inconsistent handling of admission plugin list (#9407) · eeb37646

William Turner authored Oct 26, 2022

* Fix inconsistent handling of admission plugin list

* Adjust hardening doc with the normalized admission plugin list

* Add pre-check for admission plugins format change

* Ignore checking admission plugins value when variable is not defined

eeb37646

update-containerd-1.6.9 (#9427) · ef707b34
Kay Yan authored Oct 26, 2022

ef707b34

Oct 25, 2022
- Update kubernetes dashboard to 2.7.0 (k8s 1.25 support) (#9425) · 2af91813
  Mohamed Zaian authored Oct 25, 2022
  
  2af91813
- [nerdctl] upgrade to version 1.0.0 (#9424) · b9b65471
  Mohamed Zaian authored Oct 25, 2022
  
  b9b65471
Oct 24, 2022
- [etcd] add 3.5.5 hashes, make it default for k8s 1.25 (#9419) · fe399e0e
  Mohamed Zaian authored Oct 24, 2022
  
  fe399e0e
- as argocd 2.4.15 is releasesd , update the version (#9420) · b192053e
  杨刚 authored Oct 24, 2022
  
  b192053e
- etcd arch can support arm64 and amd64 (#9421) · a84271aa
  杨刚 authored Oct 24, 2022
  
  a84271aa
- Make the port of kube-vip dynamic based on the kube_apiserver_port (#9414) · 1901b512
  Wouter Goedhart authored Oct 24, 2022
```
variable

Fix wrong referenced variable on bgp_peers

Fix bgp_peeras field to be a string

Set default value for bgp_peeras
```
  1901b512
Oct 21, 2022
- Fix iputils install failure in Kylin OS (#9416) · 9fdda7ec
  ERIK authored Oct 21, 2022
```
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
```
  9fdda7ec
- Update kubelet checksum (#9413) · a68ed897
  ERIK authored Oct 21, 2022
```
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
```
  a68ed897
- Update docker version to 20.10.20 (#9410) · 582ff96d
  Florian Ruynat authored Oct 21, 2022
  
  582ff96d
Oct 20, 2022
- Specify securityContext for cert-manager (#9404) · 0374a55e
  Kenichi Omichi authored Oct 20, 2022
```
On hardening environments, cert-manager pods could not be created
from the corresponding deployments. This adds the securityContext
to solve the issue.
```
  0374a55e
- make-kube-1.25-default (#9364) · ccbe38f7
  Kay Yan authored Oct 20, 2022
  
  ccbe38f7
- Add var for control initialDelaySeconds in nginx ingress probe (#9405) · 958840da
  Vladimir authored Oct 20, 2022
```
Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>

Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>
```
  958840da
Oct 19, 2022

use cri-o from upstream instead of kubic/OBS (#9374) · 15304112

Cristian Calin authored Oct 19, 2022

* [cri-o] use cri-o from upstream instead of kubic/OBS

* [cri-o] add proper molecule coverage

* [skopeo] download skopeo from upstream build

* [cri-o] clean up legacy deployments

* disable cri-o per-distribution variables

15304112

Add packet_ubuntu20-calico-aio-hardening (#9359) · e5ec0f18

Kenichi Omichi authored Oct 19, 2022

To verify the hardening method works always.
The configuration comes from docs/hardening.md

Fix yaml format of hardening.yml

Add condition to skip 040 test for hardening

e5ec0f18

[ingress-nginx] upgrade to 1.4.0 (#9403) · 0f44e8c8
Mohamed Zaian authored Oct 19, 2022

0f44e8c8

Oct 18, 2022
- mirror-for-china · 1cc0f3c8
  Kay Yan authored Oct 17, 2022
  
  1cc0f3c8
- fix(defaults): wrong cri_socket path for containerd (#9401) · d9c39c27
  Maxime Leroy authored Oct 18, 2022
  
  d9c39c27
- Update securityContext of netchecker (#9398) · c38fb866
  Kenichi Omichi authored Oct 18, 2022
```
To run netchecker with necessary privilege,
this updates the securityContext.
```
  c38fb866
Oct 17, 2022
- [kubernetes] Add hashes for 1.25.3, 1.24.7, 1.23.13 and make v1.24.7 default (#9397) · 5ad1d9db
  Mohamed Zaian authored Oct 17, 2022
  
  5ad1d9db
- Remove PodSecurityPolicies in Calico (#9395) · 32f3d92d
  Kay Yan authored Oct 17, 2022
  
  32f3d92d
Oct 14, 2022

Use agnhost instead of busybox for network test (#9390) · 72b45eec

Kenichi Omichi authored Oct 14, 2022

busybox container requires a root permission for ping.
For testing hardening method at CI, we need to switch to another image
which doesn't require the root permission for network testing.
On kubernetes/kubernetes repo, we are using agnhost which doesn't
require it. So this makes the test use aghhost image.

In addition, this updates the test manifest to specify securityContext
without any privilege.

72b45eec

don't define kubeadm_patches by default (#9372) · 23716b0e
Cristian Calin authored Oct 14, 2022

23716b0e
remove-psp-in-flannel (#9365) · 859df84b
Kay Yan authored Oct 14, 2022

859df84b
Fix ensure ping package error in fedora CoreOS & Flatcar (#9370) · 131bd933
Kay Yan authored Oct 14, 2022
```
* fix-ensure-package-in-coreos

* clean blank line
```
131bd933

Avoid MetalLB speaker image download when MetalLB speaker is disabled (#9248) · 52904ee6

Unai Arríen authored Oct 14, 2022

* Avoid MetalLB speaker image download when metallb_speaker_enabled is set to

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Improve metallb_speaker_enabled default values

52904ee6

Oct 13, 2022
- update_calico_doc_for_the_ChecksumOffloadBroken (#9388) · e3339fe3
  Kay Yan authored Oct 13, 2022
  
  e3339fe3
- fix helm install with password authentication (#9343) · 547ef747
  ghostloda authored Oct 13, 2022
  
  547ef747
- Fix YAML format in hardening.md (#9387) · 63b27ea0
  Kenichi Omichi authored Oct 13, 2022
```
When trying to add a hardening CI job by copying configuration from
hardening.md, yamllint CI job deleted invalid format.
This fixes it for maintaining the CI job.
```
  63b27ea0
- Add the cilium hubble images to download role (#9376) · bc5881b7
  ERIK authored Oct 13, 2022
```
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
```
  bc5881b7
Oct 12, 2022

Add note for containerd oom_score (#9384) · f4b95d42

Kenichi Omichi authored Oct 12, 2022

When we saw 0 as the default value of containerd_oom_score, we had
a question why the value was not -999.
This adds the note to explain it.

f4b95d42

Oct 11, 2022
- Change dns upstream condition for nodelocaldns (#9378) · ef76a578
  Unai Arríen authored Oct 11, 2022
  
  ef76a578
- Fix: install calico-kube-controller on kdd (#9358) · 3b99d24c
  Piotr Kowalczyk authored Oct 11, 2022
```
* Fix: install policy controller on kdd too

* Remove the calico_policy_version condition altogether

* Install policy controller both on canal and calico under same condition
```
  3b99d24c
- upgrade-api-version-for-PodDisruptionBudget (#9369) · 4701abff
  Kay Yan authored Oct 11, 2022
  
  4701abff