- Jun 28, 2021
-
-
jayonlau authored
Although these errors are not important, they affect the code specification.
-
- Jun 25, 2021
-
-
Cristian Calin authored
* Calico: add Wireguard support * CI: Add Calico Wireguard scenario
-
- Jun 16, 2021
-
-
Florian Ruynat authored
-
- Jun 07, 2021
-
-
Cristian Calin authored
* Calico: align manifests with upstream * allow enabling typha prometheus metrics * Calico: enable eBPF support * manage the kubernetes-services-endpoint configmap * Calico: document the use of eBPF dataplane * Calico: improve checks before deployment * enforce disabling kube-proxy when using eBPF dataplane * ensure calico_version is supported
-
- May 27, 2021
-
-
forselli-stratio authored
-
- May 26, 2021
-
-
Cristian Calin authored
* Calico: add v3.19.1 hashes * enable liveness probe for calico-kube-controllers 3.19.1 * Calico: drop support for v3.16.x * Calico: promote v3.18.3 as default
-
efrikin authored
-
- May 12, 2021
-
-
Cristian Calin authored
* add initial MetalLB docs * metallb allow disabling the deployment of the metallb speaker * calico>=3.18 allow using calico to advertise service loadbalancer IPs * Document the use of MetalLB and Calico * clean MetalLB docs
-
- May 11, 2021
-
-
emiran-orange authored
Enables Calico serviceAccount token monitoring and update of /etc/cni/net.d/calico-kubeconfig if need be. (#7586) Since K8S 1.21, BoundServiceAccountTokenVolume feature gate is in beta stage, thus activated by default (anyone who follows CSI guidelines has enabled AllAlpha and faced the issue before 1.21). With this feature, SA tokens are regenerated every hour. As a consequence for Calico CNI, token in /etc/cni/net.d/calico-kubeconfig copied from /var/run/secrets/kubernetes.io/serviceaccount in install-cni initContainer expires after one hour and any pod creation fails due to unauthorization. Calico pods need to be restarted so that /etc/cni/net.d/calico-kubeconfig is updated with the new SA token.
-
Cristian Calin authored
-
- Apr 30, 2021
-
-
bac-w authored
* Upgrade cilium roles * Del old test result * Add hubble ui examples * Refactor hubble metrics * Markdown fix pipeline errors * yamllint check and fix * refactor install from https://github.com/kubernetes-sigs/kubespray/pull/7520 * Docs syntax change (fix) * Cilium set default 1.8.9 * Update cilium version in Readme
-
muzi502 authored
* Add image_arch variable when download flannel image * Fix flannel image tag typo with image arch
-
- Apr 29, 2021
-
-
Cristian Calin authored
* rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
-
- Apr 28, 2021
-
-
muzi502 authored
-
- Apr 27, 2021
-
-
faruryo authored
Change mode so that calico-kube-controllers can be read because it was changed to run as non-root https://github.com/projectcalico/kube-controllers/pull/566
-
- Apr 24, 2021
-
-
Cristian Calin authored
* calico: drop support for version 3.15 * drop check for calico version >= 3.3, we are at 3.16 minimum now * we moved to calico 3.16+ so we can default to /opt/cni/bin/install
-
- Apr 23, 2021
-
-
Cristian Calin authored
* AlmaLinux: ansible>2.9.19 is needed to know about AlmaLinux * AlmaLinux: identify as a centos derrivative * AlmaLinux: add AlmaLinux to checks for CentOS * Use ansible_os_family to compare family and not distribution
-
- Apr 22, 2021
-
-
Florian Ruynat authored
-
Florian Ruynat authored
-
- Apr 21, 2021
-
-
Cristian Calin authored
* add hashes for calico v3.17.3 * add hashes for claico v3.18.1 * bump default calico version to v3.17.3 * calico crds are missing yaml separator breaking kdd
-
holmesb authored
Fixes issue #7528 - allow configuring CALICO_STARTUP_LOGLEVEL via a new variable: calico_node_startup_loglevel (#7530) Signed-off-by:
Brendan Holmes <5072156+holmesb@users.noreply.github.com>
-
- Apr 19, 2021
-
-
Frank Ritchie authored
This is a followup to https://github.com/kubernetes-sigs/kubespray/pull/7413 Although the code worked there was a desire for a better solution. Hopefully people will be happy with this alternative.
-
- Apr 08, 2021
-
-
Frank Ritchie authored
This PR is to move the cilium kvstore options to the configmap rather than specifying them in the deployment as args. This is not technically necessary but keeping all the options in one place is probably not a bad idea. Tested with cilium 1.9.5.
-
- Apr 06, 2021
-
-
Frank Ritchie authored
When attempting a fresh install without cilium_ipsec_enabled I ran into the following error: failed: [k8m01] (item={'name': 'cilium', 'file': 'cilium-secret.yml', 'type': 'secret', 'when': 'cilium_ipsec_enabled'}) => {"ansible_loop_var": "item", "changed": false, "item": {"file": "cilium-secret.yml", "name": "cilium", "type": "secret", "when": "cilium_ipsec_enabled"},"msg": "AnsibleUndefinedVariable: 'cilium_ipsec_key' is undefined"} Moving the when condition from the item level to the task level solved the issue.
-
- Apr 01, 2021
-
-
Frank Ritchie authored
Starting with Cilium v1.9 the default ipam mode has changed to "Cluster Scope". See: https://docs.cilium.io/en/v1.9/concepts/networking/ipam/ With this ipam mode Cilium handles assigning subnets to nodes to use for pod ip addresses. The default Kubespray deploy uses the Kube Controller Manager for this (the --allocate-node-cidrs kube-controller-manager flag is set). This makes the proper ipam mode for kubespray using cilium v1.9+ "kubernetes". Tested with Cilium 1.9.5. This PR also mounts the cilium-config ConfigMap for this variable to be read properly. In the future we can probably remove the kvstore and kvstore-opt Cilium Operator args since they can be in the ConfigMap. I will tackle that after this merges.
-
- Mar 29, 2021
-
-
Fernando authored
-
Frank Ritchie authored
When upgrading cilium from 1.8.8 to 1.9.5 I ran into the following error: level=error msg="Unable to update CRD" error="customresourcedefinitions.apiextensions.k8s.io \"ciliumnodes.cilium.io\" is forbidden: User \"system:serviceaccount:kube-system:cilium-operator\" cannot update resource \"customresourcedefinitions\" in API group \"apiextensions.k8s.io\" at the cluster scope" name=CiliumNode/v2 subsys=k8s The fix was to add the update verb to the clusterrole. I also added create to match the clusterrole created by the cilium helm chart.
-
Samuel Liu authored
-
- Mar 24, 2021
-
-
Jacky Wu authored
-
Kenichi Omichi authored
This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
-
Qasim Sarfraz authored
* Add support for cilium ipsec * Fix typo for bpffs
-
- Mar 19, 2021
-
-
Erwan Miran authored
* Download Calico KDD CRDs * Replace kustomize with lineinfile and use ansible assemble module * Replace find+lineinfile by sed in shell module to avoid nested loop * add condition on sed * use block for kdd tasks + remove supernumerary kdd manifest apply in start "Start Calico resources"
-
- Mar 03, 2021
-
-
Etienne Champetier authored
On CentOS 8 they seem to be ignored by default, but better be extra safe This also make it easy to exclude other network plugin interfaces Signed-off-by:
Etienne Champetier <e.champetier@ateme.com>
-
- Feb 16, 2021
-
-
Etienne Champetier authored
This is dead code since 28073c76 Signed-off-by:
Etienne Champetier <e.champetier@ateme.com>
-
- Feb 10, 2021
-
-
Etienne Champetier authored
By default Ansible stat module compute checksum, list extended attributes and find mime type To find all stat invocations that really use one of those: git grep -F stat. | grep -vE 'stat.(islnk|exists|lnk_source|writeable)' Signed-off-by:
Etienne Champetier <e.champetier@ateme.com>
-
Florian Ruynat authored
-
- Feb 05, 2021
-
-
Matt Calvert authored
-
- Feb 03, 2021
-
-
forselli-stratio authored
* Fix calico-rr tasks * revert stdin only when it's already a string
-
- Jan 26, 2021
-
-
Jorik Jonker authored
Previous check for presence of NM assumed "systemctl show NetworkManager" would exit with a nonzero status code, which seems not the case anymore with recent Flatcar Container Linux. This new check also checks the activeness of network manager, as `is-active` implies presence. Signed-off-by Jorik Jonker <jorik@kippendief.biz>
-
- Jan 22, 2021
-
-
Etienne Champetier authored
calicoctl.sh get ipPool default-pool -o json { "kind": "IPPool", "apiVersion": "projectcalico.org/v3", "metadata": { "name": "default-pool", ... }, "spec": { "cidr": "10.233.64.0/18", "ipipMode": "Always", "natOutgoing": true, "blockSize": 24, "nodeSelector": "all()" } } Signed-off-by:
Etienne Champetier <champetier.etienne@gmail.com>
-