- Apr 11, 2024
-
-
Barry M authored
Signed-off-by: bmelbourne <barry.melbourne0@gmail.com>
-
- Apr 03, 2024
-
-
Nicolas Goudry authored
* feat: add user facing variable with default * feat: remove rolebinding to anonymous users after init and upgrade * feat: use file discovery for secondary control plane nodes * feat: use file discovery for nodes * fix: do not fail if rolebinding does not exist * docs: add warning about kube_api_anonymous_auth * style: improve readability of delegate_to parameter * refactor: rename discovery kubeconfig file * test: enable new variable in hardening and upgrade test cases * docs: add option to config parameters * test: multiple instances and upgrade
-
- Mar 29, 2024
-
-
Max Gautier authored
* Move fedora ansible python install to bootstrap-os * /bin/dir is set in bootstrap-os * Removing ansible_os_family workarounds Support for these distributions was merged in Ansible, no need to override it ourselves now. https://github.com/ansible/ansible/pull/69324 openEuler https://github.com/ansible/ansible/pull/77275/ UnionTech OS Server 20 https://github.com/ansible/ansible/pull/78232/ Kylin * Don't unconditionnaly set VARIANT_ID=coreos in os-release WTF, this is so wrong. Furthermore, is_fedora_coreos is already handled in boostrap-os * Handle Clearlinux generically Followup of 4eec302e (since we're using package module anyway, let's get rid of the custom task)
-
- Mar 25, 2024
-
-
kyrie authored
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
-
- Mar 22, 2024
-
-
Tom M authored
-
ERIK authored
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
-
- Mar 11, 2024
-
-
Max Gautier authored
-
- Feb 18, 2024
-
-
R. P. Taylor authored
-
- Jan 31, 2024
-
-
Takuya Murakami authored
* [kubernetes] Make kubernetes 1.29.1 default * [cri-o]: support cri-o 1.29 Use "crio status" instead of "crio-status" for cri-o >=1.29.0 * Remove GAed feature gates SecCompDefault The SecCompDefault feature gate was removed since k8s 1.29 https://github.com/kubernetes/kubernetes/pull/121246
-
- Jan 30, 2024
-
-
Saber authored
-
- Jan 25, 2024
-
-
Ugur Can Ozturk authored
* [apiserver-kubelet/tracing]: add distributed tracing config flags Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com> * [apiserver-kubelet/tracing]: add distributed tracing config flags - fix Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com> * [apiserver-kubelet/tracing]: add distributed tracing config flags - fix Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com> --------- Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
-
- Jan 24, 2024
-
-
kimsehwan96 authored
- Fix 'Set fact joined_control_panes' into 'Set fact joined_control_planes'
-
- Jan 23, 2024
-
-
Maxime Leroy authored
Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
-
- Jan 22, 2024
-
-
yun authored
-
Max Gautier authored
Also remove redundant check in the kubelet config template (we define a default, so the setting will always be "true")
-
- Jan 12, 2024
-
-
Gaëtan Trellu authored
-
- Jan 09, 2024
-
-
Louis Tu authored
Signed-off-by: tu1h <lihai.tu@daocloud.io>
-
- Jan 08, 2024
-
-
Kay Yan authored
-
- Dec 21, 2023
-
-
Andrei Costescu authored
* Fix modprobe module on Flatcar * Add todo about upstream issue report
-
Max Gautier authored
This avoid needlessly overriding things and make cleanup easier. Also simplifies the template a bit.
-
- Dec 18, 2023
-
-
Max Gautier authored
This is removed from kubernetes since 1.25, time to cut some dead code.
-
- Dec 12, 2023
-
-
jandres - moscardo authored
-
Max Gautier authored
* Disable control plane allocating podCIDR for nodes when using calico Calico does not use the .spec.podCIDR field for its IP address management. Furthermore, it can false positives from the kube controller manager if kube_network_node_prefix and calico_pool_blocksize are unaligned, which is the case with the default shipped by kubespray. If the subnets obtained from using kube_network_node_prefix are bigger, this would result at some point in the control plane thinking it does not have subnets left for a new node, while calico will work without problems. Explicitely set a default value of false for calico_ipam_host_local to facilitate its use in templates. * Don't default to kube_network_node_prefix for calico_pool_blocksize They have different semantics: kube_network_node_prefix is intended to be the size of the subnet for all pods on a node, while there can be more than on calico block of the specified size (they are allocated on demand). Besides, this commit does not actually change anything, because the current code is buggy: we don't ever default to kube_network_node_prefix, since the variable is defined in the role defaults.
-
Max Gautier authored
This reverts commit ee0f1e9d. Avoid restarting all api servers at once by changing their config.
-
- Dec 11, 2023
-
-
piwinkler authored
remove embedded template
-
- Dec 07, 2023
-
-
Max Gautier authored
* Mask systemd swap.target do disable swap This is a more generic way to disable swap, since it pulls .swap units in systemd distributions; fstab is only one way to generate .swap units. * Unconditionally disable swap We only care to disable it (the "swapon" registered variable is not used anywhere else. This allows to get rid of the ignore_errors, since this was added because swapon.stdout does not exist in check_mode (see issue #6642). * Don't explicitly disable swapOnZram We're already masking the swap.target, which would pull the zram unit, hence no need to handle zram-generator specifically.
-
- Nov 28, 2023
-
-
Max Gautier authored
* Try both conntrack modules instead of checking kernel version Depending on kernel distributor, the kernel version might not be a correct indicator of the conntrack module use. Instead, we check both (and use the first found). * Use modproble.persistent rather than manual persistence
-
- Nov 27, 2023
-
-
Samuel Liu authored
-
- Nov 20, 2023
-
-
AbhishekKr authored
Signed-off-by: AbhishekKr <abhikumar163@gmail.com>
-
- Nov 17, 2023
-
-
Max Gautier authored
* Validate systemd unit files This ensure that we fail early if we have a bad systemd unit file (syntax error, using a version not available in the local version, etc) * Hack to check systemd version for service files validation factory-reset.target was introduced in system 250, same version as the aliasing feature we need for verifying systemd services with ansible. So we only actually executes the validation if that target is present. This is an horrible hack which should be reverted as soon as we drop support for distributions with systemd<250.
-
- Nov 08, 2023
-
-
Samuel Mutel authored
-
borgiacis authored
* Create variables for ipvs kernel modules * Corrected kubernetes role node task missing name * Added changes as suggested during review by VannTen
-
Max Gautier authored
* Use RandomizedDelaySec to spread out control certificates renewal plane If the number of control plane node is superior to 6, using (index * 10 minutes) will fail (03:60:00 is not a valid timestamp). Compared to just fixing the jinja expression (to use a modulo for example), this should avoid having two control planes certificates update node being triggered at the same time. * Make k8s-certs-renew.timer Persistent If the control plane happens to be offline during the scheduled certificates renewal (node failure or anything like that), we still want the renewal to happen.
-
Max Gautier authored
* containerd: refactor handlers to use 'listen' * cri-dockerd: refactor handlers to use 'listen' * cri-o: refactor handlers to use 'listen' * docker: refactor handlers to use 'listen' * etcd: refactor handlers to use 'listen' * control-plane: refactor handlers to use 'listen' * kubeadm: refactor handlers to use 'listen' * node: refactor handlers to use 'listen' * preinstall: refactor handlers to use 'listen' * calico: refactor handlers to use 'listen' * kube-router: refactor handlers to use 'listen' * macvlan: refactor handlers to use 'listen'
-
- Nov 01, 2023
-
-
Hedayat Vatankhah (هدایت) authored
It was not 'false', which made some tasks (e.g. using systemd-resolved template) to effectively remove default search domains; caused DNS loop after rebooting the node/restarting cluster, so localdns service didn't run correctly.
-
yun authored
-
- Oct 30, 2023
-
-
yun authored
-
Louis Tu authored
Signed-off-by: tu1h <lihai.tu@daocloud.io>
-
- Oct 17, 2023
-
-
Unai Arríen authored
* Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane * Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane * Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane
-
Max Gautier authored
-