Commits · 9468642269ce19ca59128f8db2f847e9ef9edae0 · Mirror / Kubespray

Sep 23, 2022

feat: allows users to have more control on DNS (#9270) · 94686422

Emin AKTAS authored Sep 23, 2022



Signed-off-by: eminaktas <eminaktas34@gmail.com>

Signed-off-by: eminaktas <eminaktas34@gmail.com>

94686422

Sep 19, 2022

Cilium 1.12 Upgrade (#9225) · 7da3dbcb

Necatican Yıldırım authored Sep 19, 2022



* Drop support for Cilium < 1.10

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* Synchronize Cilium templates for 1.11.7

Signed-off-by: necatican <contact@necatican.com>

* Set Cilium v1.12.1 as the default version

Signed-off-by: necatican <contact@necatican.com>

Signed-off-by: necatican <necaticanyildirim@gmail.com>
Signed-off-by: necatican <contact@necatican.com>

7da3dbcb

Sep 15, 2022
- Add variable for the vsphere-csi namespace (#9278) · 023b1634
  Mahdi Abbasi authored Sep 15, 2022
  
  023b1634
- Fix typos in docs (#9276) · c4976437
  lijin-union authored Sep 15, 2022
  
  c4976437
- add-timezone-support (#9263) · 97ca2f3c
  Kay Yan authored Sep 15, 2022
  
  97ca2f3c
Sep 13, 2022

Remove mutual exclusivity in calico: NAT and router mode (#9255) · 952cad8d

Ho Kim authored Sep 13, 2022

* Add optional NAT support in calico router mode

* Add a blank line in front of lists

* Remove mutual exclusivity: NAT and router mode

* Ignore router mode from NAT

* Update calico doc

952cad8d

Sep 05, 2022
- add-Rocky-9-support (#9212) · e2f1f8d6
  Kay Yan authored Sep 05, 2022
  
  e2f1f8d6
Sep 04, 2022
- Add Support for Rewrite Plugin to CoreDNS/NodelocalDNS (#9245) · be2bfd86
  Michael Schmitz authored Sep 04, 2022
  
  be2bfd86
Aug 31, 2022
- disable kubelet_authorization_mode_webhook by default (#9238) · 6db6c867
  Cristian Calin authored Aug 31, 2022
  
  6db6c867
Aug 30, 2022

feat: add kubelet systemd service hardening option (#9194) · acb6f243

Alessio Greggi authored Aug 30, 2022



* feat: add kubelet systemd service hardening option

* refactor: move variable name to kubelet_secure_addresses

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

* docs: add diagram about kubelet_secure_addresses variable

Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>

acb6f243

Fix typo. · 8af86e4c
lijin-union authored Aug 25, 2022

8af86e4c
kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod (#9223) · b46ddf35
Kay Yan authored Aug 30, 2022
```
* fix-kube-vip-strict-arp

* fix-kube-vip-strict-arp
```
b46ddf35

Aug 24, 2022

add pre-commit hook to facilitate local testing (#9158) · e6976a54

Cristian Calin authored Aug 24, 2022

* add pre-commit hook configuration

* add tmp.md to .gitignore

* describe the use of pre-commit hook in CONTRIBUTING.md

* fix docs/integration.md errors identified by markdownlint

* fix docs/<file>.md errors identified by markdownlint

* docs/azure-csi.md
* docs/azure.md
* docs/bootstrap-os.md
* docs/calico.md
* docs/debian.md
* docs/fcos.md
* docs/vagrant.md
* docs/gcp-lb.md
* docs/kubernetes-apps/registry.md
* docs/setting-up-your-first-cluster.md
* docs/vagrant.md
* docs/vars.md

* fix contrib/<file>.md errors identified by markdownlint

e6976a54

Aug 23, 2022
- Update vars.md (#9172) · aeeae767
  Bishal das authored Aug 23, 2022
  
  aeeae767
- fix one bug in docs/nodes (#9203) · 30b062fd
  Shelming.Song authored Aug 23, 2022
  
  30b062fd
Aug 22, 2022
- Update vsphere-csi.md (#9170) · fddff783
  Bishal das authored Aug 22, 2022
  
  fddff783
- 9035: Make Cilium rolling-restart delay/timeout configurable (#9176) · bbd11611
  Tristan authored Aug 22, 2022
```
See #9035
```
  bbd11611
Aug 19, 2022
- Add 'avoid-buggy-ips' support of MetalLB (#9166) · e3189080
  Ho Kim authored Aug 19, 2022
  
  e3189080
Aug 18, 2022

Add the option to enable default Pod Security Configuration (#9017) · 30c77ea4

Tomas Zvala authored Aug 18, 2022

* Add the option to enable default Pod Security Configuration

Enable Pod Security in all namespaces by default with the option to
exempt some namespaces. Without the change only namespaces explicitly
configured will receive the admission plugin treatment.

* Fix the PR according to code review comments

* Revert the latest changes

- leave the empty file when kube_pod_security_use_default, but add comment explaining the empty file
- don't attempt magic at conditionally adding PodSecurity to kube_apiserver_admission_plugins_needs_configuration

30c77ea4

docs(kube-vip): fix broken links (#9165) · 68653c31

maxgio92 authored Aug 18, 2022



Signed-off-by: Massimiliano Giovagnoli <me@maxgio.it>

Signed-off-by: Massimiliano Giovagnoli <me@maxgio.it>

68653c31

[calico] calico rr supports multiple groups (#9134) · b36bb911

Samuel Liu authored Aug 18, 2022

* update calico rr

* fix bgppeer conf

* fix yamllint

* fix ansible lint

* fix calico deploy

* fix yamllint

* fix some typo

b36bb911

Aug 04, 2022
- Add docker support for Kylin V10 (#9144) · 47050003
  ERIK authored Aug 04, 2022
```
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
```
  47050003
Aug 03, 2022
- Move oracle7-canal to centos7-canal · 4df6e352
  Florian Ruynat authored Jul 26, 2022
  
  4df6e352
Aug 01, 2022
- Add kylin OS support (#9078) · f2f9f1d3
  ERIK authored Aug 02, 2022
```
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
```
  f2f9f1d3
Jul 22, 2022
- Switch fedora36se to 35 and 35docker to 36 · 9c51ac51
  Florian Ruynat authored Jun 22, 2022
  
  9c51ac51
- Add Fedora 36 support and CI, remove Fedora 34 (eol) · 07eab539
  Florian Ruynat authored Jun 13, 2022
  
  07eab539
Jul 19, 2022

hardening: Add `SeccompDefault` admission plugin for kubelet (#9074) · 3ce5458f

Alessio Greggi authored Jul 19, 2022

* docs(hardening): add SeccompDefault admission plugin to kubelet feature gates

* fix(kubelet-config): enable config through kubelet_feature_gates

* feat(kubelet): add kubelet_seccomp_default variable

3ce5458f

Jul 05, 2022
- Add Rocky Linux 8 support for vagrant (#8905) · f3ea8cf4
  Kenichi Omichi authored Jul 05, 2022
```
To test Kubespray on Rocky Linux 8 with vagrant, this adds it to
the Vagrantfile.
```
  f3ea8cf4
Jun 28, 2022

add-managed-ntp-support (#9027) · 4b03f6c2
Kay Yan authored Jun 29, 2022

4b03f6c2

update deprecated syntax (#9040) · d0a2ba37

boeto authored Jun 29, 2022

* `ansible.builtin.include` removed in version 2.16

Read the `ansible.builtin.include DEPRECATED` doc:

 https://docs.ansible.com/ansible/latest/collections/ansible/builtin/include_module.html#deprecated

* Update integration.md

d0a2ba37

Jun 27, 2022
- let containerd_default_runtime be undefined by default (#9026) · 6f82cf12
  rptaylor authored Jun 27, 2022
  
  6f82cf12
Jun 17, 2022
- [CI] ensure upgrade tests cover defaults (containerd currently) · a22ae614
  Calin Cristian Andrei authored Jun 16, 2022
  
  a22ae614
- feat: make kubernetes owner parametrized (#8952) · 97b4d79e
  Alessio Greggi authored Jun 17, 2022
```
* feat: make kubernetes owner parametrized

* docs: update hardening guide with configuration for CIS 1.1.19

* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
```
  97b4d79e
- suggest-to-use-nft-in-centos8 (#8987) · 890fad38
  Kay Yan authored Jun 17, 2022
  
  890fad38
Jun 15, 2022
- [kubernetes] drop support for configuring insecure apiserver · 24c8ba83
  Calin Cristian Andrei authored Jun 14, 2022
  
  24c8ba83
- [docker] use cri-dockerd instead of dockershim for any kubernetes version... · fad29661
  Calin Cristian Andrei authored Jun 06, 2022
```
[docker] use cri-dockerd instead of dockershim for any kubernetes version deployed with docker as the container_manager
```
  fad29661
- add-ci-for-ubuntu2204 (#8958) · 85271fc2
  Kay Yan authored Jun 15, 2022
  
  85271fc2
Jun 09, 2022

Drop Ansible support for v2.9 and v2.10 (#8925) · cd7381d8

Kenichi Omichi authored Jun 09, 2022

Ansible v2.9 and v2.10 are EOL as [1].
This drops those version supports by following the upstream Ansible.

This sets use_ssh_args true always because that is required to use
ssh_args on ansible.cfg on Ansible v2.11 or later[2].

ansible_ssh_host is replaced with ansible_host because ansible_ssh_host
has been deprecated already and cenots7 jobs were failed due to the
deprecated ansible_ssh_host.

[1]: https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-changelogs
[2]: https://docs.ansible.com/ansible/latest/collections/ansible/posix/synchronize_module.html#parameter-use_ssh_args

cd7381d8

Jun 07, 2022

Allow disabling calico CNI logs with calico_cni_log_file_path (#8921) · cc6cbfbe

Ilya Margolin authored Jun 07, 2022

* Allow disabling calico CNI logs with calico_cni_log_file_path

Calico CNI logs up to 1G if it log a lot with current default settings:
log_file_max_size	100	Max file size in MB log files can reach before they are rotated.
log_file_max_age	30	Max age in days that old log files will be kept on the host before they are removed.
log_file_max_count	10	Max number of rotated log files allowed on the host before they are cleaned up.

See https://projectcalico.docs.tigera.io/reference/cni-plugin/configuration#logging



To save disk space, make the path configurable and allow disabling this log by setting
`calico_cni_log_file_path: false`

* Fix markdown

* Update roles/network_plugin/canal/templates/cni-canal.conflist.j2

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>

cc6cbfbe

Jun 06, 2022
- the KUESPRAYDIR defined but never used (#8930) · 14c0f368
  zhougw authored Jun 06, 2022
```
* fix dir error

* the command line should align
```
  14c0f368