Commits · ccb742c7ab17c82c7ef0edd8b6b06231dac12bcd · Mirror / Kubespray

Dec 12, 2023

[containerd] add hashes for versions 1.6.25-26 and 1.7.9-11 make v1.7.11 default (#10671) · ccb742c7
Mohamed Omar Zaian authored Dec 12, 2023

ccb742c7
New PR default node selector (#10607) · cb848fa7
jandres - moscardo authored Dec 12, 2023

cb848fa7

Disable podCIDR allocation from control-plane when using calico (#10639) · 8abf49ae

Max Gautier authored Dec 12, 2023

* Disable control plane allocating podCIDR for nodes when using calico

Calico does not use the .spec.podCIDR field for its IP address
management.
Furthermore, it can false positives from the kube controller manager if
kube_network_node_prefix and calico_pool_blocksize are unaligned, which
is the case with the default shipped by kubespray.

If the subnets obtained from using kube_network_node_prefix are bigger,
this would result at some point in the control plane thinking it does
not have subnets left for a new node, while calico will work without
problems.

Explicitely set a default value of false for calico_ipam_host_local to
facilitate its use in templates.

* Don't default to kube_network_node_prefix for calico_pool_blocksize

They have different semantics: kube_network_node_prefix is intended to
be the size of the subnet for all pods on a node, while there can be
more than on calico block of the specified size (they are allocated on
demand).

Besides, this commit does not actually change anything, because the
current code is buggy: we don't ever default to
kube_network_node_prefix, since the variable is defined in the role
defaults.

8abf49ae

Fix the path of download.yml (#10711) · 8f2390a1
Louis Tu authored Dec 12, 2023
```
Signed-off-by: tu1h <lihai.tu@daocloud.io>
```
8f2390a1
Revert "Update etcd-servers for apiserver (#8253)" (#10652) · 81a3f81a
Max Gautier authored Dec 12, 2023
```
This reverts commit ee0f1e9d.

Avoid restarting all api servers at once by changing their config.
```
81a3f81a

etcd: use dynamic group for certs generation check (#10610) · 0fb404c7

Max Gautier authored Dec 12, 2023

We take advantage of group_by to create the list of nodes needing new
certs, instead of manually looping inside a Jinja template.

This should make the role more readable and less susceptible to
white space problems.

0fb404c7

Dec 11, 2023

Decouple kubespray-defaults from download (#10626) · 51069223

Max Gautier authored Dec 11, 2023

* Decouple role kubespray-defaults from download

Avoids doing re-importing the download role on every invocation of
kubespray-defaults (and skipping everything).

This has a measurable effect on playbook performance.

* Update docs refering to moved download defaults

51069223

Remove legacy crio packaging cleanup (#10702) · 17b51240

David Leadbeater authored Dec 12, 2023

This has now been removed and results in a 404 when trying to remove the
old key, even if it's not present.

17b51240

Add VannTen as reviewer (#10661) · 306103ed
Max Gautier authored Dec 11, 2023

306103ed
Update 0040-verify-settings.yml (#10699) · eb628efb
piwinkler authored Dec 11, 2023
```
remove embedded template
```
eb628efb

Dec 07, 2023

Use systemd for disabling swap when it's used (#10587) · 2c3ea84e

Max Gautier authored Dec 07, 2023

* Mask systemd swap.target do disable swap

This is a more generic way to disable swap, since it pulls .swap units
in systemd distributions; fstab is only one way to generate .swap units.

* Unconditionally disable swap

We only care to disable it (the "swapon" registered variable is not used
anywhere else.
This allows to get rid of the ignore_errors, since this was added
because swapon.stdout does not exist in check_mode (see issue #6642).

* Don't explicitly disable swapOnZram

We're already masking the swap.target, which would pull the zram unit,
hence no need to handle zram-generator specifically.

2c3ea84e

Remove unneeded workaround for removing kubeadm DNS (#10695) · 85f15900

Max Gautier authored Dec 07, 2023

Kubeadm dns phase is correctly skipped.
This was a workaround for kubernetes/kubeadm#1557, which was actually
not a bug ; the correct fix was #4867

85f15900

Updated AWS ALB ingress controller version (#10680) · af1f3188
Kundan Kumar authored Dec 07, 2023

af1f3188

Dec 06, 2023
- Final ipaddr deprecation cleanup (#10675) · b31afe23
  Max Gautier authored Dec 06, 2023
```
Followup of #10518
```
  b31afe23
- [calico] Add version 3.26.4 and make it default (#10669) · a9321aaf
  Mohamed Omar Zaian authored Dec 06, 2023
  
  a9321aaf
- Check jinja templates for syntax error (#10667) · d2944d28
  Max Gautier authored Dec 06, 2023
```
Allow to fail early (pre-commit time) for jinja error, rather than
waiting until executing the playbook and the invalid template.

I could not find a simple jinja pre-commit hook in the wild.
```
  d2944d28
Dec 05, 2023
- update nerdctl to v1.7.1 (#10685) · fe02d21d
  Kay Yan authored Dec 06, 2023
```
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
```
  fe02d21d
- using ctr pull instead of nerdctl (#10687) · 5160e7e2
  Kay Yan authored Dec 05, 2023
  
  5160e7e2
- add dnsPolicy: ClusterFirstWithHostNet to DaemonSets with hostNetwork: true... · c440106e
  Alexander authored Dec 05, 2023
```
add dnsPolicy: ClusterFirstWithHostNet to DaemonSets with hostNetwork: true value to avoid DNSConfigFormat events (#10618)
```
  c440106e
- Factorize some identical playbooks steps into their own sub-playbooks (#10633) · a1c47b1b
  Max Gautier authored Dec 04, 2023
```
* Factorize identical playboooks steps in sub-playbooks

* Copy legacy_groups.yml into its sole user
```
  a1c47b1b
Dec 04, 2023

Use non-deprecated stdout_callback (#10647) · 93724ed2

Max Gautier authored Dec 04, 2023

Skippy is deprecated as its functionality has been incorporated into
the default callback plugin.

93724ed2

Nov 29, 2023
- Update nodelocaldns version (#10621) · 75fecf15
  Mohamed Omar Zaian authored Nov 29, 2023
  
  75fecf15
- pre-upgrade cleanup (#10656) · 0d7bdc6c
  Max Gautier authored Nov 28, 2023
```
* Clean up redondant defaulting

drain_{timeout,grace_period}_after_failure don't exist at this point, so
they always default.

* Remove useless facts

The drain_*_after_failure are never used
```
  0d7bdc6c
- [cert-manager] Upgrade to v1.12.6 · c87d70b0
  chansuke authored Nov 02, 2023
  
  c87d70b0
- Drop installation notes for Debian Jessie (#10642) · fa7a504f
  Jelmer Vernooĳ authored Nov 28, 2023
```
Jessie has not received security updates for at least three years. See https://www.debian.org/releases/jessie/
```
  fa7a504f
Nov 28, 2023

Check conntrack module presence instead of kernel version (#10662) · 612cfdce

Max Gautier authored Nov 28, 2023

* Try both conntrack modules instead of checking kernel version

Depending on kernel distributor, the kernel version might not be a
correct indicator of the conntrack module use.
Instead, we check both (and use the first found).

* Use modproble.persistent rather than manual persistence

612cfdce

fix copy etcdctl retries (#10634) · 70bb19dd
ERIK authored Nov 28, 2023
```
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
```
70bb19dd
ipaddr (deprecated alias) => ansible.utils.ipaddr (#10650) · 94d3f65f
Max Gautier authored Nov 28, 2023

94d3f65f
revert env section deletion (#10655) · cf3ac625
Valerii Kretinin authored Nov 28, 2023

cf3ac625

kubespray-defaults: Check for boostrap-os FQDN (#10590) · c2e3071a

Max Gautier authored Nov 28, 2023

When installed as an ansible collection, roles in
ansible_play_role_names will be designated by their FQDN (i.e
'kubernetes-sigs.kubespray.<role-name>).

It means we need to check for both when checking for roles in the play.

c2e3071a

Drop the drain check for kubectl > v1.10.0 (#10657) · 21e8b96e
Max Gautier authored Nov 28, 2023
```
Older versions are unsupported for a long time.
```
21e8b96e

Nov 27, 2023
- add kube_apiserver_etcd_compaction_interval (#10644) · 3acacc61
  Samuel Liu authored Nov 27, 2023
  
  3acacc61
Nov 24, 2023
- Convert exoscale tf provider to new version (#10646) · d583d331
  Max Gautier authored Nov 24, 2023
```
This is untested. It passes terraform validate to un-broke the CI.
```
  d583d331
- [kubernetes] Add hashes for kubernetes 1.28.4, 1.27.8, 1.26.11 (#10624) · b321ca3e
  Mohamed Omar Zaian authored Nov 24, 2023
  
  b321ca3e
Nov 20, 2023
- [fix] modprobe_nf_conntrack for new Linux Kernel, when using ipvs (#10625) · 6b1188e3
  AbhishekKr authored Nov 20, 2023
```
Signed-off-by: AbhishekKr <abhikumar163@gmail.com>
```
  6b1188e3
Nov 17, 2023

Validate systemd unit files (#10597) · 0d4f57aa

Max Gautier authored Nov 17, 2023

* Validate systemd unit files

This ensure that we fail early if we have a bad systemd unit file
(syntax error, using a version not available in the local version, etc)

* Hack to check systemd version for service files validation

factory-reset.target was introduced in system 250, same version as the
aliasing feature we need for verifying systemd services with ansible.
So we only actually executes the validation if that target is present.

This is an horrible hack which should be reverted as soon as we drop
support for distributions with systemd<250.

0d4f57aa

support CoreDNS use host network and config dns port (#10617) · bc5b38a7
刘旭 authored Nov 17, 2023

bc5b38a7

Nov 16, 2023

Add helm support for custom_cni deployment (#10529) · f46910ea

Lukáš Kubín authored Nov 16, 2023



* Add helm support for custom_cni deployment

* Linting correction

* Ansible linting correction

* Add test packet with values

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Add custom_cni configuration file with comments

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Default values cleanup

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Add details to custom_cni configuration file

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Set correct yaml type of helm values

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Set CNI filesystem ownership to root

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

* Update cilium example parameter name

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

---------

Signed-off-by: Lukáš Kubín <lukas.kubin@gmail.com>

f46910ea

Nov 15, 2023

fix: invalid version check in containerd jinja-template config (#10620) · adb8ff14
Khanh Ngo Van Kim authored Nov 15, 2023

adb8ff14

Update to ansible 2.15 (#10481) · 7ba85710

Arthur Outhenin-Chalandre authored Nov 15, 2023



* ansible: upgrade to version >= 2.15.5

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* tests: update requirements

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* contrib/openstack: fix wrong gitignore pattern

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* tests: add missing tzdata requirement

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* tests: remove some molecules tests

Those doesn't work in Ansible 2.15. Ansible can't load builtin now
apparently and these tests are not worth it.

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

7ba85710