Commits · fe399e0e0c6226da630c0148bcfbd20c10338440 · Mirror / Kubespray

Oct 24, 2022
- [etcd] add 3.5.5 hashes, make it default for k8s 1.25 (#9419) · fe399e0e
  Mohamed Zaian authored Oct 24, 2022
  
  fe399e0e
- as argocd 2.4.15 is releasesd , update the version (#9420) · b192053e
  杨刚 authored Oct 24, 2022
  
  b192053e
- etcd arch can support arm64 and amd64 (#9421) · a84271aa
  杨刚 authored Oct 24, 2022
  
  a84271aa
- Make the port of kube-vip dynamic based on the kube_apiserver_port (#9414) · 1901b512
  Wouter Goedhart authored Oct 24, 2022
```
variable

Fix wrong referenced variable on bgp_peers

Fix bgp_peeras field to be a string

Set default value for bgp_peeras
```
  1901b512
Oct 21, 2022
- Fix iputils install failure in Kylin OS (#9416) · 9fdda7ec
  ERIK authored Oct 21, 2022
```
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
```
  9fdda7ec
- Update kubelet checksum (#9413) · a68ed897
  ERIK authored Oct 21, 2022
```
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
```
  a68ed897
- Update docker version to 20.10.20 (#9410) · 582ff96d
  Florian Ruynat authored Oct 21, 2022
  
  582ff96d
Oct 20, 2022
- Specify securityContext for cert-manager (#9404) · 0374a55e
  Kenichi Omichi authored Oct 20, 2022
```
On hardening environments, cert-manager pods could not be created
from the corresponding deployments. This adds the securityContext
to solve the issue.
```
  0374a55e
- make-kube-1.25-default (#9364) · ccbe38f7
  Kay Yan authored Oct 20, 2022
  
  ccbe38f7
- Add var for control initialDelaySeconds in nginx ingress probe (#9405) · 958840da
  Vladimir authored Oct 20, 2022
```
Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>

Signed-off-by: Zemtsov Vladimir <vl.zemtsov@gmail.com>
```
  958840da
Oct 19, 2022

use cri-o from upstream instead of kubic/OBS (#9374) · 15304112

Cristian Calin authored Oct 19, 2022

* [cri-o] use cri-o from upstream instead of kubic/OBS

* [cri-o] add proper molecule coverage

* [skopeo] download skopeo from upstream build

* [cri-o] clean up legacy deployments

* disable cri-o per-distribution variables

15304112

Add packet_ubuntu20-calico-aio-hardening (#9359) · e5ec0f18

Kenichi Omichi authored Oct 19, 2022

To verify the hardening method works always.
The configuration comes from docs/hardening.md

Fix yaml format of hardening.yml

Add condition to skip 040 test for hardening

e5ec0f18

[ingress-nginx] upgrade to 1.4.0 (#9403) · 0f44e8c8
Mohamed Zaian authored Oct 19, 2022

0f44e8c8

Oct 18, 2022
- mirror-for-china · 1cc0f3c8
  Kay Yan authored Oct 17, 2022
  
  1cc0f3c8
- fix(defaults): wrong cri_socket path for containerd (#9401) · d9c39c27
  Maxime Leroy authored Oct 18, 2022
  
  d9c39c27
- Update securityContext of netchecker (#9398) · c38fb866
  Kenichi Omichi authored Oct 18, 2022
```
To run netchecker with necessary privilege,
this updates the securityContext.
```
  c38fb866
Oct 17, 2022
- [kubernetes] Add hashes for 1.25.3, 1.24.7, 1.23.13 and make v1.24.7 default (#9397) · 5ad1d9db
  Mohamed Zaian authored Oct 17, 2022
  
  5ad1d9db
- Remove PodSecurityPolicies in Calico (#9395) · 32f3d92d
  Kay Yan authored Oct 17, 2022
  
  32f3d92d
Oct 14, 2022

Use agnhost instead of busybox for network test (#9390) · 72b45eec

Kenichi Omichi authored Oct 14, 2022

busybox container requires a root permission for ping.
For testing hardening method at CI, we need to switch to another image
which doesn't require the root permission for network testing.
On kubernetes/kubernetes repo, we are using agnhost which doesn't
require it. So this makes the test use aghhost image.

In addition, this updates the test manifest to specify securityContext
without any privilege.

72b45eec

don't define kubeadm_patches by default (#9372) · 23716b0e
Cristian Calin authored Oct 14, 2022

23716b0e
remove-psp-in-flannel (#9365) · 859df84b
Kay Yan authored Oct 14, 2022

859df84b
Fix ensure ping package error in fedora CoreOS & Flatcar (#9370) · 131bd933
Kay Yan authored Oct 14, 2022
```
* fix-ensure-package-in-coreos

* clean blank line
```
131bd933

Avoid MetalLB speaker image download when MetalLB speaker is disabled (#9248) · 52904ee6

Unai Arríen authored Oct 14, 2022

* Avoid MetalLB speaker image download when metallb_speaker_enabled is set to

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Move metallb_speaker_enabled var to allow outside metalLB role references

* Improve metallb_speaker_enabled default values

52904ee6

Oct 13, 2022
- update_calico_doc_for_the_ChecksumOffloadBroken (#9388) · e3339fe3
  Kay Yan authored Oct 13, 2022
  
  e3339fe3
- fix helm install with password authentication (#9343) · 547ef747
  ghostloda authored Oct 13, 2022
  
  547ef747
- Fix YAML format in hardening.md (#9387) · 63b27ea0
  Kenichi Omichi authored Oct 13, 2022
```
When trying to add a hardening CI job by copying configuration from
hardening.md, yamllint CI job deleted invalid format.
This fixes it for maintaining the CI job.
```
  63b27ea0
- Add the cilium hubble images to download role (#9376) · bc5881b7
  ERIK authored Oct 13, 2022
```
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>

Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
```
  bc5881b7
Oct 12, 2022

Add note for containerd oom_score (#9384) · f4b95d42

Kenichi Omichi authored Oct 12, 2022

When we saw 0 as the default value of containerd_oom_score, we had
a question why the value was not -999.
This adds the note to explain it.

f4b95d42

Oct 11, 2022
- Change dns upstream condition for nodelocaldns (#9378) · ef76a578
  Unai Arríen authored Oct 11, 2022
  
  ef76a578
- Fix: install calico-kube-controller on kdd (#9358) · 3b99d24c
  Piotr Kowalczyk authored Oct 11, 2022
```
* Fix: install policy controller on kdd too

* Remove the calico_policy_version condition altogether

* Install policy controller both on canal and calico under same condition
```
  3b99d24c
- upgrade-api-version-for-PodDisruptionBudget (#9369) · 4701abff
  Kay Yan authored Oct 11, 2022
  
  4701abff
Oct 08, 2022
- Download coredns image to all hosts in k8s_cluster (#9316) · 717b8daa
  Joe Siponen authored Oct 08, 2022
```
Coredns image must be available everywhere as it
may be rescheduled to a non-control-plane-node.
```
  717b8daa
- fix(cinder-csi-nodeplugin): Remove the pods-cloud-data volume (#9362) · c346e460
  Kevin Huang authored Oct 08, 2022
  
  c346e460
Oct 07, 2022
- Add check_typo job (#9361) · 24632ae8
  Kenichi Omichi authored Oct 07, 2022
```
To block merging pull requests which contain typo automatically.
```
  24632ae8
- Use hostname override in post-remove role, just as pre-remove role does (#9360) · befde271
  JSpon authored Oct 06, 2022
  
  befde271
Oct 06, 2022
- Features/support kubeadm patches v1beta3 (#9326) · d689f57c
  Huang Chen-Yi authored Oct 06, 2022
```
* Support kubeadm patches in v1beta3

* Update kubeadm patches sample files in inventory

* Fix pre-commit syntax

* Set kubeadm_patches  enabled to false in sample inventory
```
  d689f57c
- Fix default value for kubelet_secure_addresses (#9355) · ad3f503c
  William Turner authored Oct 06, 2022
  
  ad3f503c
Oct 04, 2022
- add-Kubean (#9352) · ae6c780a
  Kay Yan authored Oct 04, 2022
  
  ae6c780a
- Add possibility to skip adding load balancer name in the hosts file (#9331) · 8b9cd395
  Eugene Artemenko authored Oct 04, 2022
  
  8b9cd395
- feat: add a paramater to disable host nameservers (#9357) · dffeab32
  Emin AKTAS authored Oct 04, 2022
```
Signed-off-by: eminaktas <eminaktas34@gmail.com>

Signed-off-by: eminaktas <eminaktas34@gmail.com>
```
  dffeab32