diff --git a/.gitlab-ci/packet.yml b/.gitlab-ci/packet.yml index 30d6ba3f34e..9b432a19a89 100644 --- a/.gitlab-ci/packet.yml +++ b/.gitlab-ci/packet.yml @@ -39,8 +39,6 @@ packet_centos7-flannel-containerd-addons-ha: extends: .packet_pr stage: deploy-part2 when: on_success - variables: - MITOGEN_ENABLE: "true" allow_failure: true packet_centos8-crio: @@ -52,8 +50,6 @@ packet_ubuntu18-crio: extends: .packet_pr stage: deploy-part2 when: manual - variables: - MITOGEN_ENABLE: "true" packet_ubuntu16-canal-kubeadm-ha: stage: deploy-part2 @@ -89,8 +85,6 @@ packet_debian10-containerd: stage: deploy-part2 extends: .packet_pr when: on_success - variables: - MITOGEN_ENABLE: "true" packet_debian11-calico: stage: deploy-part2 @@ -214,15 +208,12 @@ packet_centos7-weave-upgrade-ha: when: on_success variables: UPGRADE_TEST: basic - MITOGEN_ENABLE: "false" # Calico HA Wireguard packet_ubuntu20-calico-ha-wireguard: stage: deploy-part2 extends: .packet_pr when: manual - variables: - MITOGEN_ENABLE: "true" packet_debian9-calico-upgrade: stage: deploy-part3 @@ -230,7 +221,6 @@ packet_debian9-calico-upgrade: when: on_success variables: UPGRADE_TEST: graceful - MITOGEN_ENABLE: "false" packet_debian9-calico-upgrade-once: stage: deploy-part3 @@ -238,7 +228,6 @@ packet_debian9-calico-upgrade-once: when: on_success variables: UPGRADE_TEST: graceful - MITOGEN_ENABLE: "false" packet_ubuntu18-calico-ha-recover: stage: deploy-part3 diff --git a/.gitlab-ci/terraform.yml b/.gitlab-ci/terraform.yml index d12ca381521..91874091f55 100644 --- a/.gitlab-ci/terraform.yml +++ b/.gitlab-ci/terraform.yml @@ -146,10 +146,6 @@ tf-validate-upcloud: OS_INTERFACE: public OS_IDENTITY_API_VERSION: "3" TF_VAR_router_id: "ab95917c-41fb-4881-b507-3a6dfe9403df" - # Since ELASTX is in Stockholm, Mitogen helps with latency - MITOGEN_ENABLE: "false" - # Mitogen doesn't support interpreter discovery yet - ANSIBLE_PYTHON_INTERPRETER: "/usr/bin/python3" tf-elastx_cleanup: stage: unit-tests diff --git a/Makefile b/Makefile index 2093b820b0f..793e763dc12 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,7 @@ mitogen: - ansible-playbook -c local mitogen.yml -vv + @echo Mitogen support is deprecated. + @echo Please run the following command manually: + @echo ansible-playbook -c local mitogen.yml -vv clean: rm -rf dist/ rm *.retry diff --git a/ansible.cfg b/ansible.cfg index 2132064985d..c17fe48fdcd 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -3,7 +3,6 @@ pipelining=True ssh_args = -o ControlMaster=auto -o ControlPersist=30m -o ConnectionAttempts=100 -o UserKnownHostsFile=/dev/null #control_path = ~/.ssh/ansible-%%r@%%h:%%p [defaults] -strategy_plugins = plugins/mitogen/ansible_mitogen/plugins/strategy # https://github.com/ansible/ansible/issues/56930 (to ignore group names with - and .) force_valid_group_names = ignore diff --git a/contrib/network-storage/heketi/roles/provision/tasks/secret.yml b/contrib/network-storage/heketi/roles/provision/tasks/secret.yml index 3249c87b483..c455b6f6ddc 100644 --- a/contrib/network-storage/heketi/roles/provision/tasks/secret.yml +++ b/contrib/network-storage/heketi/roles/provision/tasks/secret.yml @@ -5,7 +5,7 @@ changed_when: false - name: "Kubernetes Apps | Deploy cluster role binding." - when: "clusterrolebinding_state.stdout | length > 0" + when: "clusterrolebinding_state.stdout | length == 0" command: "{{ bin_dir }}/kubectl create clusterrolebinding heketi-gluster-admin --clusterrole=edit --serviceaccount=default:heketi-service-account" - name: Get clusterrolebindings again @@ -31,7 +31,7 @@ mode: 0644 - name: "Deploy Heketi config secret" - when: "secret_state.stdout | length > 0" + when: "secret_state.stdout | length == 0" command: "{{ bin_dir }}/kubectl create secret generic heketi-config-secret --from-file={{ kube_config_dir }}/heketi.json" - name: Get the heketi-config-secret secret again @@ -41,5 +41,5 @@ - name: Make sure the heketi-config-secret secret exists now assert: - that: "secret_state.stdout != \"\"" + that: "secret_state.stdout | length > 0" msg: "Heketi config secret is not present." diff --git a/docs/ansible.md b/docs/ansible.md index 044397f9f0f..cc51d261729 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -251,7 +251,7 @@ For more information about Ansible and bastion hosts, read ## Mitogen -You can use [mitogen](/docs/mitogen.md) to speed up kubespray. +Mitogen support is deprecated, please see [mitogen related docs](/docs/mitogen.md) for useage and reasons for deprecation. ## Beyond ansible 2.9 diff --git a/docs/cert_manager.md b/docs/cert_manager.md index 34378a56a69..4ed28afc224 100644 --- a/docs/cert_manager.md +++ b/docs/cert_manager.md @@ -88,6 +88,20 @@ Certificates issued by public ACME servers are typically trusted by client’s c - [DNS01 Challenges](https://cert-manager.io/v1.5-docs/configuration/acme/dns01/) - [ACME FAQ](https://cert-manager.io/v1.5-docs/faq/acme/) +#### ACME With An Internal Certificate Authority + +The ACME Issuer with an internal certificate authority requires cert-manager to trust the certificate authority. This trust must be done at the cert-manager deployment level. +To add a trusted certificate authority to cert-manager, add it's certificate to `group_vars/k8s-cluster/addons.yml`: + +```yaml +cert_manager_trusted_internal_ca: | + -----BEGIN CERTIFICATE----- + [REPLACE with your CA certificate] + -----END CERTIFICATE----- +``` + +Once the CA is trusted, you can define your issuer normally. + ### Create New TLS Root CA Certificate and Key #### Install Cloudflare PKI/TLS `cfssl` Toolkit diff --git a/docs/mitogen.md b/docs/mitogen.md index 89b108a6c50..8505845fb41 100644 --- a/docs/mitogen.md +++ b/docs/mitogen.md @@ -1,5 +1,7 @@ # Mitogen +*Warning:* Mitogen support is now deprecated in kubespray due to upstream not releasing an updated version to support ansible 4.x (ansible-base 2.11.x) and above. The CI support has been stripped for mitogen and we are no longer validating any support or regressions for it. The supporting mitogen install playbook and integration documentation will be removed in a later version. + [Mitogen for Ansible](https://mitogen.networkgenomics.com/ansible_detailed.html) allow a 1.25x - 7x speedup and a CPU usage reduction of at least 2x, depending on network conditions, modules executed, and time already spent by targets on useful work. Mitogen cannot improve a module once it is executing, it can only ensure the module executes as quickly as possible. ## Install @@ -8,6 +10,21 @@ ansible-playbook mitogen.yml ``` +Ensure to enable mitogen use by environment varialbles: + +```ShellSession +export ANSIBLE_STRATEGY=mitogen_linear +export ANSIBLE_STRATEGY_PLUGINS=plugins/mitogen/ansible_mitogen/plugins/strategy +``` + +... or `ansible.cfg` setup: + +```ini +[defaults] +strategy_plugins = plugins/mitogen/ansible_mitogen/plugins/strategy +strategy=mitogen_linear +``` + ## Limitation If you are experiencing problems, please see the [documentation](https://mitogen.networkgenomics.com/ansible_detailed.html#noteworthy-differences). diff --git a/docs/upgrades.md b/docs/upgrades.md index ad0983b1a19..f5fe3804906 100644 --- a/docs/upgrades.md +++ b/docs/upgrades.md @@ -7,7 +7,8 @@ You can also individually control versions of components by explicitly defining versions. Here are all version vars for each component: * docker_version -* containerd_version +* docker_containerd_version (relevant when `container_manager` == `docker`) +* containerd_version (relevant when `container_manager` == `containerd`) * kube_version * etcd_version * calico_version diff --git a/docs/vars.md b/docs/vars.md index 51129cfc220..f0d7747d213 100644 --- a/docs/vars.md +++ b/docs/vars.md @@ -18,7 +18,8 @@ Some variables of note include: * *docker_version* - Specify version of Docker to used (should be quoted string). Must match one of the keys defined for *docker_versioned_pkg* in `roles/container-engine/docker/vars/*.yml`. -* *containerd_version* - Specify version of Containerd to use +* *containerd_version* - Specify version of containerd to use when setting `container_manager` to `containerd` +* *docker_containerd_version* - Specify which version of containerd to use when setting `container_manager` to `docker` * *etcd_version* - Specify version of ETCD to use * *ipip* - Enables Calico ipip encapsulation by default * *kube_network_plugin* - Sets k8s network plugin (default Calico) @@ -119,7 +120,7 @@ Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.m ``--insecure-registry=myregistry.mydomain:5000`` * *docker_plugins* - This list can be used to define [Docker plugins](https://docs.docker.com/engine/extend/) to install. * *containerd_default_runtime* - Sets the default Containerd runtime used by the Kubernetes CRI plugin. -* *containerd_runtimes* - Sets the Containerd runtime attributes used by the Kubernetes CRI plugin. +* *containerd_additional_runtimes* - Sets the additional Containerd runtimes used by the Kubernetes CRI plugin. [Default config](https://github.com/kubernetes-sigs/kubespray/blob/master/roles/container-engine/containerd/defaults/main.yml) can be overriden in inventory vars. * *http_proxy/https_proxy/no_proxy/no_proxy_exclude_workers/additional_no_proxy* - Proxy variables for deploying behind a proxy. Note that no_proxy defaults to all internal cluster IPs and hostnames diff --git a/inventory/sample/group_vars/k8s_cluster/addons.yml b/inventory/sample/group_vars/k8s_cluster/addons.yml index 5f5e37f443c..013f30bf6d5 100644 --- a/inventory/sample/group_vars/k8s_cluster/addons.yml +++ b/inventory/sample/group_vars/k8s_cluster/addons.yml @@ -129,6 +129,10 @@ ingress_alb_enabled: false # Cert manager deployment cert_manager_enabled: false # cert_manager_namespace: "cert-manager" +# cert_manager_trusted_internal_ca: | +# -----BEGIN CERTIFICATE----- +# [REPLACE with your CA certificate] +# -----END CERTIFICATE----- # MetalLB deployment metallb_enabled: false @@ -176,6 +180,19 @@ metallb_speaker_enabled: true # peer_asn: 64513 # my_asn: 4200000000 + +argocd_enabled: false +# argocd_version: v2.1.6 +# argocd_namespace: argocd +# Default password: +# - https://argoproj.github.io/argo-cd/getting_started/#4-login-using-the-cli +# --- +# The initial password is autogenerated to be the pod name of the Argo CD API server. This can be retrieved with the command: +# kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2 +# --- +# Use the following var to set admin password +# argocd_admin_password: "password" + # The plugin manager for kubectl krew_enabled: false krew_root_dir: "/usr/local/krew" diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml index bfab4aaa815..f01f85f38ce 100644 --- a/roles/container-engine/containerd/defaults/main.yml +++ b/roles/container-engine/containerd/defaults/main.yml @@ -7,13 +7,15 @@ containerd_oom_score: 0 containerd_default_runtime: "runc" # containerd_snapshotter: "native" -containerd_runtimes: - - name: runc - type: "io.containerd.runc.v2" - engine: "" - root: "" - options: - systemdCgroup: "true" +containerd_runc_runtime: + name: runc + type: "io.containerd.runc.v2" + engine: "" + root: "" + options: + systemCgroup: "true" + +containerd_additional_runtimes: [] # Example for Kata Containers as additional runtime: # - name: kata # type: "io.containerd.kata.v2" diff --git a/roles/container-engine/containerd/tasks/facts.yml b/roles/container-engine/containerd/tasks/facts.yml new file mode 100644 index 00000000000..987b784580a --- /dev/null +++ b/roles/container-engine/containerd/tasks/facts.yml @@ -0,0 +1,6 @@ +--- + +- name: set kubelet_config_extra_args options when cgroupfs is used + set_fact: + containerd_runc_runtime: "{{ containerd_runc_runtime | combine({'options':{'systemCgroup':'false'}}) }}" + when: not containerd_use_systemd_cgroup diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml index 4a76a192acb..39779e78cb5 100644 --- a/roles/container-engine/containerd/tasks/main.yml +++ b/roles/container-engine/containerd/tasks/main.yml @@ -1,4 +1,8 @@ --- +- import_tasks: facts.yml + tags: + - facts + - name: Fail containerd setup if distribution is not supported fail: msg: "{{ ansible_distribution }} is not supported by containerd." @@ -57,6 +61,19 @@ - --strip-components=1 notify: restart containerd +- name: containerd | Remove orphaned binary + file: + path: "/usr/bin/{{ item }}" + state: absent + when: containerd_bin_dir != "/usr/bin" + ignore_errors: true # noqa ignore-errors + with_items: + - containerd + - containerd-shim + - containerd-shim-runc-v1 + - containerd-shim-runc-v2 + - ctr + - name: containerd | Generate systemd service for containerd template: src: containerd.service.j2 diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2 index 35c4f933a2a..48f3628e069 100644 --- a/roles/container-engine/containerd/templates/config.toml.j2 +++ b/roles/container-engine/containerd/templates/config.toml.j2 @@ -22,7 +22,15 @@ oom_score = {{ containerd_oom_score }} default_runtime_name = "{{ containerd_default_runtime | default('runc') }}" snapshotter = "{{ containerd_snapshotter | default('overlayfs') }}" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] -{% for runtime in containerd_runtimes %} + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.{{ containerd_runc_runtime.name }}] + runtime_type = "{{ containerd_runc_runtime.type }}" + runtime_engine = "{{ containerd_runc_runtime.engine}}" + runtime_root = "{{ containerd_runc_runtime.root }}" + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.{{ containerd_runc_runtime.name }}.options] +{% for key, value in containerd_runc_runtime.options.items() %} + {{ key }} = {{ value }} +{% endfor %} +{% for runtime in containerd_additional_runtimes %} [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.{{ runtime.name }}] runtime_type = "{{ runtime.type }}" runtime_engine = "{{ runtime.engine }}" diff --git a/roles/container-engine/docker/vars/debian-stretch.yml b/roles/container-engine/docker/vars/debian-stretch.yml index 3616c64e00e..f26f60b1c10 100644 --- a/roles/container-engine/docker/vars/debian-stretch.yml +++ b/roles/container-engine/docker/vars/debian-stretch.yml @@ -28,7 +28,7 @@ docker_cli_versioned_pkg: docker_package_info: pkgs: - - "{{ containerd_versioned_pkg[containerd_version | string] }}" + - "{{ containerd_versioned_pkg[docker_containerd_version | string] }}" - "{{ docker_cli_versioned_pkg[docker_cli_version | string] }}" - "{{ docker_versioned_pkg[docker_version | string] }}" diff --git a/roles/container-engine/docker/vars/debian.yml b/roles/container-engine/docker/vars/debian.yml index 3b0c784bbdd..36b22c2d7d0 100644 --- a/roles/container-engine/docker/vars/debian.yml +++ b/roles/container-engine/docker/vars/debian.yml @@ -30,7 +30,7 @@ docker_cli_versioned_pkg: docker_package_info: pkgs: - - "{{ containerd_versioned_pkg[containerd_version | string] }}" + - "{{ containerd_versioned_pkg[docker_containerd_version | string] }}" - "{{ docker_cli_versioned_pkg[docker_cli_version | string] }}" - "{{ docker_versioned_pkg[docker_version | string] }}" diff --git a/roles/container-engine/docker/vars/fedora.yml b/roles/container-engine/docker/vars/fedora.yml index df5d3597da6..278dfe0fe73 100644 --- a/roles/container-engine/docker/vars/fedora.yml +++ b/roles/container-engine/docker/vars/fedora.yml @@ -30,6 +30,6 @@ docker_cli_versioned_pkg: docker_package_info: enablerepo: "docker-ce" pkgs: - - "{{ containerd_versioned_pkg[containerd_version | string] }}" + - "{{ containerd_versioned_pkg[docker_containerd_version | string] }}" - "{{ docker_cli_versioned_pkg[docker_cli_version | string] }}" - "{{ docker_versioned_pkg[docker_version | string] }}" diff --git a/roles/container-engine/docker/vars/redhat.yml b/roles/container-engine/docker/vars/redhat.yml index 8cc897cda79..5cc83529e80 100644 --- a/roles/container-engine/docker/vars/redhat.yml +++ b/roles/container-engine/docker/vars/redhat.yml @@ -33,6 +33,6 @@ docker_cli_versioned_pkg: docker_package_info: enablerepo: "docker-ce" pkgs: - - "{{ containerd_versioned_pkg[containerd_version | string] }}" + - "{{ containerd_versioned_pkg[docker_containerd_version | string] }}" - "{{ docker_cli_versioned_pkg[docker_cli_version | string] }}" - "{{ docker_versioned_pkg[docker_version | string] }}" diff --git a/roles/container-engine/docker/vars/ubuntu-16.yml b/roles/container-engine/docker/vars/ubuntu-16.yml index 54046cbe23d..78a6ceae412 100644 --- a/roles/container-engine/docker/vars/ubuntu-16.yml +++ b/roles/container-engine/docker/vars/ubuntu-16.yml @@ -29,7 +29,7 @@ docker_cli_versioned_pkg: docker_package_info: pkgs: - - "{{ containerd_versioned_pkg[containerd_version | string] }}" + - "{{ containerd_versioned_pkg[docker_containerd_version | string] }}" - "{{ docker_cli_versioned_pkg[docker_cli_version | string] }}" - "{{ docker_versioned_pkg[docker_version | string] }}" diff --git a/roles/container-engine/docker/vars/ubuntu.yml b/roles/container-engine/docker/vars/ubuntu.yml index 0fdc778e31f..fb85f24066b 100644 --- a/roles/container-engine/docker/vars/ubuntu.yml +++ b/roles/container-engine/docker/vars/ubuntu.yml @@ -30,7 +30,7 @@ docker_cli_versioned_pkg: docker_package_info: pkgs: - - "{{ containerd_versioned_pkg[containerd_version | string] }}" + - "{{ containerd_versioned_pkg[docker_containerd_version | string] }}" - "{{ docker_cli_versioned_pkg[docker_cli_version | string] }}" - "{{ docker_versioned_pkg[docker_version | string] }}" diff --git a/roles/container-engine/runc/defaults/main.yml b/roles/container-engine/runc/defaults/main.yml index 9c2fafffdf6..af8aa0837d7 100644 --- a/roles/container-engine/runc/defaults/main.yml +++ b/roles/container-engine/runc/defaults/main.yml @@ -1,5 +1,5 @@ --- -runc_bin_dir: /usr/bin/ +runc_bin_dir: "{{ bin_dir }}" runc_package_name: runc diff --git a/roles/container-engine/runc/tasks/main.yml b/roles/container-engine/runc/tasks/main.yml index be1014d7924..94f97c0baf1 100644 --- a/roles/container-engine/runc/tasks/main.yml +++ b/roles/container-engine/runc/tasks/main.yml @@ -1,8 +1,14 @@ --- +- name: runc | set is_ostree + set_fact: + is_ostree: "{{ ostree.stat.exists }}" + - name: runc | Uninstall runc package managed by package manager package: name: "{{ runc_package_name }}" state: absent + when: + - not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar")) - name: runc | Download runc binary include_tasks: "../../../download/tasks/download_file.yml" @@ -15,3 +21,10 @@ dest: "{{ runc_bin_dir }}/runc" mode: 0755 remote_src: true + +- name: runc | Remove orphaned binary + file: + path: /usr/bin/runc + state: absent + when: runc_bin_dir != "/usr/bin" + ignore_errors: true # noqa ignore-errors diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index f4bae3ce520..8e858bb3a8f 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -51,7 +51,7 @@ image_arch: "{{host_architecture | default('amd64')}}" # Versions kubeadm_version: "{{ kube_version }}" etcd_version: v3.5.0 -crun_version: 1.2 +crun_version: 1.3 runc_version: v1.0.2 kata_containers_version: 2.2.0 gvisor_version: 20210921 @@ -91,7 +91,7 @@ ovn4nfv_ovn_image_version: "v1.0.0" ovn4nfv_k8s_plugin_image_version: "v1.1.0" helm_version: "v3.7.0" nerdctl_version: "0.12.1" -krew_version: "v0.4.1" +krew_version: "v0.4.2" # Get kubernetes major version (i.e. 1.17.4 => 1.17) kube_major_version: "{{ kube_version | regex_replace('^v([0-9])+\\.([0-9]+)\\.[0-9]+', 'v\\1.\\2') }}" @@ -118,7 +118,7 @@ kata_containers_download_url: "https://github.com/kata-containers/kata-container gvisor_runsc_download_url: "https://storage.googleapis.com/gvisor/releases/release/{{ gvisor_version }}/{{ ansible_architecture }}/runsc" gvisor_containerd_shim_runsc_download_url: "https://storage.googleapis.com/gvisor/releases/release/{{ gvisor_version }}/{{ ansible_architecture }}/containerd-shim-runsc-v1" nerdctl_download_url: "https://github.com/containerd/nerdctl/releases/download/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz" -krew_download_url: "https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz" +krew_download_url: "https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew-{{ host_os }}_{{ image_arch }}.tar.gz" containerd_download_url: "https://github.com/containerd/containerd/releases/download/v{{ containerd_version }}/containerd-{{ containerd_version }}-linux-{{ image_arch }}.tar.gz" crictl_checksums: @@ -390,12 +390,33 @@ calicoctl_binary_checksums: v3.19.3: ec3cfbd2dccbd614ac353be8c9abf8e336d8700fbd2b9b76da1c3c4c14a6dfe2 v3.18.5: 2080b2cd8efb71df98dce8678edaba8fce9252801c4b8f987609a4f4d6ddb4e2 calico_crds_archive_checksums: - v3.20.2: aaeaebf3d11d88a09d8564c0655932fd2a80c158b71325c80a324199a847ed8a + v3.20.2: b75b9965197073d2ae510275f61779ad38ff961ffe95a2fc3e0f452f94949c40 v3.19.3: 7066d0e6b0136920f82a75a5bd2d595e9f69bd3ab823403e920906569ec6be07 v3.18.5: ed7065c5a90b71cf7b3b525d5107a4573bd051c3ff004a56ab6017c222b3e2d6 krew_archive_checksums: - v0.4.1: a26deea175f70264260d59a4e061778a892f8a8e301ac261660dd7d24c551c99 + linux: + arm: + v0.4.2: 115f503e35ef7f63f00a9b01236d80a9f94862ec684010a81c3a3b51bdca1351 + arm64: + v0.4.2: 7581be80d803536acc63cceb20065023b96f07fd7eb9f4ee495dce0294a866eb + amd64: + v0.4.2: 203bfd8006b304c1e58d9e96f9afdc5f4a055e0fbd7ee397fac9f36bf202e721 + darwin: + arm: + v0.4.2: 0 + arm64: + v0.4.2: a69d48f8cad7d87b379071129cde3ee4abcaaa1c3f3692bc80887178b2cc7d33 + amd64: + v0.4.2: 47c6b5b647c5de679a2302444f75a36a70530fa4751cb655e0edd5da56a5f110 + windows: + arm: + v0.4.2: 0 + arm64: + v0.4.2: 0 + amd64: + v0.4.2: 3150ff0291ac876ebe4fe0e813ee90a18aa2bc0510c3adcfae6117dec44ef269 + helm_archive_checksums: arm: @@ -425,6 +446,7 @@ crun_checksums: 0.20.1: 9fac3040c95adbeced9110ceb79fd49556dd5027e39f98473c3c3e1f7edf5d16 0.21: b96cbdf549b69d20ce5dc81c300a138e5c1fd3d11555674043143ace8303c9a7 1.2: 2228a8e0e0f10920b230f9b8bc7c4fd951b603b278ccf0ebdba794339a49c33b + 1.3: 020a2e74d48f1e52f888a31b8bf873a1a99e9f89713ac9ff9403e14b2b9d5c18 arm64: 0.16: 0 0.17: 0 @@ -435,6 +457,7 @@ crun_checksums: 0.20.1: bcbb1ad85cbd953c9c2eb8d8651fee2bbc949516c4c6ac4fd03a9dffc7d2ff53 0.21: 7207d328978ee478be6dcf673ada0674305a624f57ee7ae1660c688751feb725 1.2: 3aee1057196b40b9786a08c875569c9046e58f97d29333b454359668b6088fb1 + 1.3: c0955cf6d3d832c0249bbaa71ed235abb35b8ca45fe07f2bd4501a00afb9bdc4 kata_containers_binary_checksums: arm: @@ -474,20 +497,22 @@ nerdctl_archive_checksums: amd64: 0.12.1: 868dc5997c3edb0bd06f75012e71c2b15ee0885b83bad191fbe2a1d6d5f4f2ac -# TODO(cristicalin): remove compatibility entries once debian9 and ubuntu16 jobs are dropped or docker is dropped containerd_archive_checksums: arm: - latest: 0 # this is needed to make debian9 and ubuntu16 CI jobs happy 1.4.9: 0 + 1.4.11: 0 1.5.5: 0 + 1.5.7: 0 arm64: - latest: 0 # this is needed to make debian9 and ubuntu16 CI jobs happy 1.4.9: 0 + 1.4.11: 0 1.5.5: 0 + 1.5.7: 0 amd64: - latest: 0 # this is needed to make debian9 and ubuntu16 CI jobs happy 1.4.9: 346f88ad5b973960ff81b5539d4177af5941ec2e4703b479ca9a6081ff1d023b + 1.4.11: 80c47ec5ce2cd91a15204b5f5b534892ca653e75f3fba0c451ca326bca45fb00 1.5.5: 8efc527ffb772a82021800f0151374a3113ed2439922497ff08f2596a70f10f1 + 1.5.7: 109fc95b86382065ea668005c376360ddcd8c4ec413e7abe220ae9f461e0e173 etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch] }}" cni_binary_checksum: "{{ cni_binary_checksums[image_arch] }}" @@ -504,7 +529,7 @@ kata_containers_binary_checksum: "{{ kata_containers_binary_checksums[image_arch gvisor_runsc_binary_checksum: "{{ gvisor_runsc_binary_checksums[image_arch][gvisor_version] }}" gvisor_containerd_shim_binary_checksum: "{{ gvisor_containerd_shim_binary_checksums[image_arch][gvisor_version] }}" nerdctl_archive_checksum: "{{ nerdctl_archive_checksums[image_arch][nerdctl_version] }}" -krew_archive_checksum: "{{ krew_archive_checksums[krew_version] }}" +krew_archive_checksum: "{{ krew_archive_checksums[host_os][image_arch][krew_version] }}" containerd_archive_checksum: "{{ containerd_archive_checksums[image_arch][containerd_version] }}" # Containers @@ -1104,7 +1129,7 @@ downloads: enabled: "{{ krew_enabled }}" file: true version: "{{ krew_version }}" - dest: "{{ local_release_dir }}/krew.tar.gz" + dest: "{{ local_release_dir }}/krew-{{ host_os }}_{{ image_arch }}.tar.gz" sha256: "{{ krew_archive_checksum }}" url: "{{ krew_download_url }}" unarchive: true diff --git a/roles/kubernetes-apps/argocd/defaults/main.yml b/roles/kubernetes-apps/argocd/defaults/main.yml new file mode 100644 index 00000000000..39014108bcd --- /dev/null +++ b/roles/kubernetes-apps/argocd/defaults/main.yml @@ -0,0 +1,5 @@ +--- +argocd_enabled: false +argocd_version: v2.1.6 +argocd_namespace: argocd +# argocd_admin_password: diff --git a/roles/kubernetes-apps/argocd/tasks/main.yml b/roles/kubernetes-apps/argocd/tasks/main.yml new file mode 100644 index 00000000000..e80e63e694a --- /dev/null +++ b/roles/kubernetes-apps/argocd/tasks/main.yml @@ -0,0 +1,77 @@ +--- +- name: Kubernetes Apps | Install yq + become: yes + get_url: + url: "https://github.com/mikefarah/yq/releases/download/v4.11.2/yq_linux_amd64" + dest: "{{ bin_dir }}/yq" + mode: '0755' + +- name: Kubernetes Apps | Set ArgoCD template list + set_fact: + argocd_templates: + - name: namespace + file: argocd-namespace.yml + - name: install + file: argocd-install.yml + namespace: "{{ argocd_namespace }}" + url: "https://raw.githubusercontent.com/argoproj/argo-cd/{{argocd_version}}/manifests/install.yaml" + when: + - "inventory_hostname == groups['kube_control_plane'][0]" + +- name: Kubernetes Apps | Download ArgoCD remote manifests + become: yes + get_url: + url: "{{ item.url }}" + dest: "{{ kube_config_dir }}/{{ item.file }}" + with_items: "{{ argocd_templates | selectattr('url', 'defined') | list }}" + loop_control: + label: "{{ item.file }}" + when: + - "inventory_hostname == groups['kube_control_plane'][0]" + +- name: Kubernetes Apps | Set ArgoCD namespace for remote manifests + become: yes + command: | + {{ bin_dir }}/yq eval-all -i '.metadata.namespace="{{argocd_namespace}}"' {{ kube_config_dir }}/{{ item.file }} + with_items: "{{ argocd_templates | selectattr('url', 'defined') | list }}" + loop_control: + label: "{{ item.file }}" + when: + - "inventory_hostname == groups['kube_control_plane'][0]" + +- name: Kubernetes Apps | Create ArgoCD manifests from templates + become: yes + template: + src: "{{ item.file }}.j2" + dest: "{{ kube_config_dir }}/{{ item.file }}" + with_items: "{{ argocd_templates | selectattr('url', 'undefined') | list }}" + loop_control: + label: "{{ item.file }}" + when: + - "inventory_hostname == groups['kube_control_plane'][0]" + +- name: Kubernetes Apps | Install ArgoCD + become: yes + kube: + name: ArgoCD + kubectl: "{{ bin_dir }}/kubectl" + filename: "{{ kube_config_dir }}/{{ item.file }}" + state: latest + with_items: "{{ argocd_templates }}" + when: + - "inventory_hostname == groups['kube_control_plane'][0]" + +# https://github.com/argoproj/argo-cd/blob/master/docs/faq.md#i-forgot-the-admin-password-how-do-i-reset-it +- name: Kubernetes Apps | Set ArgoCD custom admin password + become: yes + shell: | + {{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf -n {{argocd_namespace}} patch secret argocd-secret -p \ + '{ + "stringData": { + "admin.password": "{{argocd_admin_password|password_hash('bcrypt')}}", + "admin.passwordMtime": "'$(date +%FT%T%Z)'" + } + }' + when: + - argocd_admin_password is defined + - "inventory_hostname == groups['kube_control_plane'][0]" diff --git a/roles/kubernetes-apps/argocd/templates/argocd-namespace.yml.j2 b/roles/kubernetes-apps/argocd/templates/argocd-namespace.yml.j2 new file mode 100644 index 00000000000..99962f13f25 --- /dev/null +++ b/roles/kubernetes-apps/argocd/templates/argocd-namespace.yml.j2 @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{argocd_namespace}} + labels: + app: argocd diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2 index 200ab268016..3f51b19ad66 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2 @@ -875,6 +875,17 @@ spec: resources: {} --- +{% if cert_manager_trusted_internal_ca is defined %} +apiVersion: v1 +data: + internal-ca.pem: | + {{ cert_manager_trusted_internal_ca | indent(width=4, indentfirst=False) }} +kind: ConfigMap +metadata: + name: ca-internal-truststore + namespace: {{ cert_manager_namespace }} +--- +{% endif %} # Source: cert-manager/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment @@ -928,6 +939,17 @@ spec: fieldPath: metadata.namespace resources: {} +{% if cert_manager_trusted_internal_ca is defined %} + volumeMounts: + - mountPath: /etc/ssl/certs/internal-ca.pem + name: ca-internal-truststore + subPath: internal-ca.pem + volumes: + - configMap: + defaultMode: 420 + name: ca-internal-truststore + name: ca-internal-truststore +{% endif %} --- # Source: cert-manager/templates/webhook-deployment.yaml apiVersion: apps/v1 diff --git a/roles/kubernetes-apps/krew/tasks/krew.yml b/roles/kubernetes-apps/krew/tasks/krew.yml index ebd98212090..dab6b8057bb 100644 --- a/roles/kubernetes-apps/krew/tasks/krew.yml +++ b/roles/kubernetes-apps/krew/tasks/krew.yml @@ -15,7 +15,19 @@ dest: "{{ local_release_dir }}/krew.yml" - name: Krew | Install krew # noqa 301 305 - shell: "{{ local_release_dir }}/krew-linux_{{ image_arch }} install --archive={{ local_release_dir }}/krew.tar.gz --manifest={{ local_release_dir }}/krew.yml" + shell: "{{ local_release_dir }}/krew-{{ host_os }}_{{ image_arch }} install --archive={{ local_release_dir }}/krew-{{ host_os }}_{{ image_arch }}.tar.gz --manifest={{ local_release_dir }}/krew.yml" environment: KREW_ROOT: "{{ krew_root_dir }}" KREW_DEFAULT_INDEX_URI: "{{ krew_default_index_uri | default('') }}" + +- name: Krew | Get krew completion + command: "{{ local_release_dir }}/krew-{{ host_os }}_{{ image_arch }} completion bash" + changed_when: False + register: krew_completion + check_mode: False + +- name: Krew | Install krew completion + copy: + dest: /etc/bash_completion.d/krew.sh + content: "{{ krew_completion.stdout }}" + become: True \ No newline at end of file diff --git a/roles/kubernetes-apps/krew/templates/krew.yml.j2 b/roles/kubernetes-apps/krew/templates/krew.yml.j2 index 9c036a93109..8235067adb4 100644 --- a/roles/kubernetes-apps/krew/templates/krew.yml.j2 +++ b/roles/kubernetes-apps/krew/templates/krew.yml.j2 @@ -26,7 +26,7 @@ spec: https://krew.sigs.k8s.io/docs/user-guide/quickstart/. platforms: - - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz + - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew-{{ host_os }}_{{ image_arch }}.tar.gz sha256: {{ krew_archive_checksum }} bin: krew files: @@ -38,7 +38,7 @@ spec: matchLabels: os: darwin arch: amd64 - - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz + - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew-{{ host_os }}_{{ image_arch }}.tar.gz sha256: {{ krew_archive_checksum }} bin: krew files: @@ -50,7 +50,7 @@ spec: matchLabels: os: darwin arch: arm64 - - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz + - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew-{{ host_os }}_{{ image_arch }}.tar.gz sha256: {{ krew_archive_checksum }} bin: krew files: @@ -62,7 +62,7 @@ spec: matchLabels: os: linux arch: amd64 - - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz + - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew-{{ host_os }}_{{ image_arch }}.tar.gz sha256: {{ krew_archive_checksum }} bin: krew files: @@ -74,7 +74,7 @@ spec: matchLabels: os: linux arch: arm - - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz + - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew-{{ host_os }}_{{ image_arch }}.tar.gz sha256: {{ krew_archive_checksum }} bin: krew files: @@ -86,7 +86,7 @@ spec: matchLabels: os: linux arch: arm64 - - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz + - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew-{{ host_os }}_{{ image_arch }}.tar.gz sha256: {{ krew_archive_checksum }} bin: krew.exe files: diff --git a/roles/kubernetes-apps/meta/main.yml b/roles/kubernetes-apps/meta/main.yml index 8ed80387d53..4650b38c162 100644 --- a/roles/kubernetes-apps/meta/main.yml +++ b/roles/kubernetes-apps/meta/main.yml @@ -110,3 +110,10 @@ dependencies: - inventory_hostname == groups['kube_control_plane'][0] tags: - metallb + + - role: kubernetes-apps/argocd + when: + - argocd_enabled + - inventory_hostname == groups['kube_control_plane'][0] + tags: + - argocd diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml index 686e2e6096e..d42fa555ad0 100644 --- a/roles/kubernetes/node/defaults/main.yml +++ b/roles/kubernetes/node/defaults/main.yml @@ -14,11 +14,14 @@ kube_resolv_conf: "/etc/resolv.conf" # Set to empty to avoid cgroup creation kubelet_enforce_node_allocatable: "\"\"" -# Set runtime cgroups +# Set runtime and kubelet cgroups when using systemd as cgroup driver (default) kubelet_runtime_cgroups: "/systemd/system.slice" -# Set kubelet cgroups kubelet_kubelet_cgroups: "/systemd/system.slice" +# Set runtime and kubelet cgroups when using cgroupfs as cgroup driver +kubelet_runtime_cgroups_cgroupfs: "/system.slice/containerd.service" +kubelet_kubelet_cgroups_cgroupfs: "/system.slice/kubelet.slice" + ### fail with swap on (default true) kubelet_fail_swap_on: true @@ -66,6 +69,11 @@ kubelet_max_pods: 110 ## Support parameters to be passed to kubelet via kubelet-config.yaml kubelet_config_extra_args: {} +## Parameters to be passed to kubelet via kubelet-config.yaml when cgroupfs is used as cgroup driver +kubelet_config_extra_args_cgroupfs: + systemCgroups: /system.slice + cgroupRoot: / + ## Support parameters to be passed to kubelet via kubelet-config.yaml only on nodes, not masters kubelet_node_config_extra_args: {} diff --git a/roles/kubernetes/node/tasks/facts.yml b/roles/kubernetes/node/tasks/facts.yml index b7b3ad01180..d4bd428f585 100644 --- a/roles/kubernetes/node/tasks/facts.yml +++ b/roles/kubernetes/node/tasks/facts.yml @@ -27,6 +27,23 @@ {%- if containerd_use_systemd_cgroup -%}systemd{%- else -%}cgroupfs{%- endif -%} when: container_manager == 'containerd' +- name: set kubelet_cgroup_driver + set_fact: + kubelet_cgroup_driver: "{{ kubelet_cgroup_driver_detected }}" + when: kubelet_cgroup_driver is undefined + +- name: set kubelet_cgroups options when cgroupfs is used + set_fact: + kubelet_runtime_cgroups: "{{ kubelet_runtime_cgroups_cgroupfs }}" + kubelet_kubelet_cgroups: "{{ kubelet_kubelet_cgroups_cgroupfs }}" + when: kubelet_cgroup_driver == 'cgroupfs' + +- name: set kubelet_config_extra_args options when cgroupfs is used + vars: + set_fact: + kubelet_config_extra_args: "{{ kubelet_config_extra_args | combine(kubelet_config_extra_args_cgroupfs) }}" + when: kubelet_cgroup_driver == 'cgroupfs' + - name: os specific vars include_vars: "{{ item }}" with_first_found: diff --git a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 index 673c6178831..13ed5f4c424 100644 --- a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 +++ b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 @@ -23,7 +23,7 @@ enforceNodeAllocatable: {% endfor %} {% endif %} staticPodPath: {{ kube_manifest_dir }} -cgroupDriver: {{ kubelet_cgroup_driver|default(kubelet_cgroup_driver_detected) }} +cgroupDriver: {{ kubelet_cgroup_driver }} containerLogMaxFiles: {{ kubelet_logfiles_max_nr }} containerLogMaxSize: {{ kubelet_logfiles_max_size }} maxPods: {{ kubelet_max_pods }} diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml index 6b666ba0649..524027c18cf 100644 --- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml @@ -183,8 +183,8 @@ - name: check cloud_provider value assert: - that: cloud_provider in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', 'external'] - msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', or external" + that: cloud_provider in ['gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', 'external'] + msg: "If set the 'cloud_provider' var must be set either to 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci' or 'external'" when: - cloud_provider is defined - not ignore_assert_errors diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index bb00672845f..99aec470e3d 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -67,7 +67,7 @@ haproxy_config_dir: "/etc/haproxy" # Directory where the binaries will be installed bin_dir: /usr/local/bin docker_bin_dir: /usr/bin -containerd_bin_dir: /usr/bin +containerd_bin_dir: "{{ bin_dir }}" etcd_data_dir: /var/lib/etcd # Where the binaries will be downloaded. # Note: ensure that you've enough disk space (about 1G) @@ -330,10 +330,13 @@ docker_plugins: [] # Experimental kubeadm etcd deployment mode. Available only for new deployment etcd_kubeadm_enabled: false -# Containerd options -containerd_version: 1.4.9 +# Containerd options - thse are relevant when container_manager == 'containerd' +containerd_version: 1.4.11 containerd_use_systemd_cgroup: true +# Docker options - this is relevant when container_manager == 'docker' +docker_containerd_version: 1.4.9 + # Settings for containerized control plane (etcd/kubelet/secrets) # deployment type for legacy etcd mode etcd_deployment_type: docker @@ -377,6 +380,7 @@ ingress_alb_enabled: false cert_manager_enabled: false expand_persistent_volumes: false metallb_enabled: false +argocd_enabled: false # containerd official CLI tool nerdctl_enabled: false @@ -575,6 +579,17 @@ host_architecture: >- {{ ansible_architecture }} {%- endif -%} +_host_os_groups: + Linux: linux + Darwin: darwin + Win32NT: windows +host_os: >- + {%- if ansible_system in _host_os_groups -%} + {{ _host_os_groups[ansible_system] }} + {%- else -%} + {{ ansible_system }} + {%- endif -%} + # Sets the eventRecordQPS parameter in kubelet-config.yaml. The default value is 5 (see types.go) # Setting it to 0 allows unlimited requests per second. kubelet_event_record_qps: 5 diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml index cac20ea5e2d..e2ad4a78cd9 100644 --- a/roles/network_plugin/calico/tasks/install.yml +++ b/roles/network_plugin/calico/tasks/install.yml @@ -159,7 +159,8 @@ "bpfEnabled": {{ calico_bpf_enabled | bool }}, "bpfExternalServiceMode": "{{ calico_bpf_service_mode }}", "wireguardEnabled": {{ calico_wireguard_enabled | bool }}, - "logSeverityScreen": "{{ calico_felix_log_severity_screen }}" }} + "logSeverityScreen": "{{ calico_felix_log_severity_screen }}", + "vxlanEnabled": {{ calico_vxlan_mode != 'Never' }} }} when: - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/remove-node/post-remove/tasks/main.yml b/roles/remove-node/post-remove/tasks/main.yml index 3205c008fa7..6ca8c2a687e 100644 --- a/roles/remove-node/post-remove/tasks/main.yml +++ b/roles/remove-node/post-remove/tasks/main.yml @@ -1,5 +1,10 @@ --- -- name: Delete node # noqa 301 ignore-errors +- name: Delete node command: "{{ bin_dir }}/kubectl delete node {{ kube_override_hostname|default(inventory_hostname) }}" delegate_to: "{{ groups['kube_control_plane']|first }}" - ignore_errors: true + when: inventory_hostname in groups['k8s_cluster'] + retries: 10 + # Sometimes the api-server can have a short window of indisponibility when we delete a master node + delay: 3 + register: result + until: result is not failed diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index 737e6b15174..6941f2150e8 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -322,6 +322,7 @@ - /etc/bash_completion.d/crictl - /etc/bash_completion.d/nerdctl - /etc/bash_completion.d/krew + - /etc/bash_completion.d/krew.sh - "{{ krew_root_dir | default('/usr/local/krew') }}" - /etc/modules-load.d/kube_proxy-ipvs.conf - /etc/modules-load.d/kubespray-br_netfilter.conf @@ -373,7 +374,7 @@ - dns - name: reset | include file with reset tasks specific to the network_plugin if exists - include_tasks: "{{ (role_path,'../network_plugin',kube_network_plugin,'tasks/reset.yml') | path_join | realpath }}" + include_tasks: "{{ (role_path,'../network_plugin',kube_network_plugin,'tasks/reset.yml') | community.general.path_join | realpath }}" when: - kube_network_plugin in ['flannel', 'cilium', 'kube-router', 'calico'] tags: diff --git a/tests/files/packet_debian9-calico-upgrade-once.yml b/tests/files/packet_debian9-calico-upgrade-once.yml index 9e4fa1b553c..dcf4186c795 100644 --- a/tests/files/packet_debian9-calico-upgrade-once.yml +++ b/tests/files/packet_debian9-calico-upgrade-once.yml @@ -10,4 +10,4 @@ dns_min_replicas: 1 download_run_once: true # Make docker happy -containerd_version: latest +docker_containerd_version: latest diff --git a/tests/files/packet_debian9-calico-upgrade.yml b/tests/files/packet_debian9-calico-upgrade.yml index dd02770246f..bc6837a11fb 100644 --- a/tests/files/packet_debian9-calico-upgrade.yml +++ b/tests/files/packet_debian9-calico-upgrade.yml @@ -9,4 +9,4 @@ deploy_netchecker: true dns_min_replicas: 1 # Make docker happy -containerd_version: latest +docker_containerd_version: latest diff --git a/tests/files/packet_debian9-macvlan.yml b/tests/files/packet_debian9-macvlan.yml index 9a481b2b939..accf275df12 100644 --- a/tests/files/packet_debian9-macvlan.yml +++ b/tests/files/packet_debian9-macvlan.yml @@ -14,4 +14,4 @@ macvlan_interface: "eth0" auto_renew_certificates: true # Make docker happy -containerd_version: latest +docker_containerd_version: latest diff --git a/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml b/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml index 9861b350210..ac64817aa6e 100644 --- a/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml +++ b/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml @@ -10,4 +10,4 @@ deploy_netchecker: true dns_min_replicas: 1 # Make docker jobs happy -containerd_version: latest +docker_containerd_version: latest diff --git a/tests/files/packet_ubuntu16-canal-sep.yml b/tests/files/packet_ubuntu16-canal-sep.yml index 44df4f948cc..01fcaff8812 100644 --- a/tests/files/packet_ubuntu16-canal-sep.yml +++ b/tests/files/packet_ubuntu16-canal-sep.yml @@ -10,4 +10,4 @@ deploy_netchecker: true dns_min_replicas: 1 # Make docker jobs happy -containerd_version: latest +docker_containerd_version: latest diff --git a/tests/files/packet_ubuntu16-flannel-ha.yml b/tests/files/packet_ubuntu16-flannel-ha.yml index 5f3b19d9bec..c4af804a153 100644 --- a/tests/files/packet_ubuntu16-flannel-ha.yml +++ b/tests/files/packet_ubuntu16-flannel-ha.yml @@ -12,4 +12,4 @@ deploy_netchecker: true dns_min_replicas: 1 # Make docker jobs happy -containerd_version: latest +docker_containerd_version: latest diff --git a/tests/files/packet_ubuntu16-kube-router-sep.yml b/tests/files/packet_ubuntu16-kube-router-sep.yml index e923834aa4e..91aa6cbe1ca 100644 --- a/tests/files/packet_ubuntu16-kube-router-sep.yml +++ b/tests/files/packet_ubuntu16-kube-router-sep.yml @@ -10,4 +10,4 @@ deploy_netchecker: true dns_min_replicas: 1 # Make docker jobs happy -containerd_version: latest +docker_containerd_version: latest diff --git a/tests/files/packet_ubuntu16-kube-router-svc-proxy.yml b/tests/files/packet_ubuntu16-kube-router-svc-proxy.yml index 043639ad9e1..433557b9832 100644 --- a/tests/files/packet_ubuntu16-kube-router-svc-proxy.yml +++ b/tests/files/packet_ubuntu16-kube-router-svc-proxy.yml @@ -12,4 +12,4 @@ dns_min_replicas: 1 kube_router_run_service_proxy: true # Make docker jobs happy -containerd_version: latest +docker_containerd_version: latest diff --git a/tests/files/packet_ubuntu16-weave-sep.yml b/tests/files/packet_ubuntu16-weave-sep.yml index e424a6cc847..22cfe0e516c 100644 --- a/tests/files/packet_ubuntu16-weave-sep.yml +++ b/tests/files/packet_ubuntu16-weave-sep.yml @@ -11,4 +11,4 @@ dns_min_replicas: 1 auto_renew_certificates: true # Make docker jobs happy -containerd_version: latest +docker_containerd_version: latest diff --git a/tests/scripts/md-table/requirements.txt b/tests/scripts/md-table/requirements.txt index 754da38d8da..ecf5aac53a7 100644 --- a/tests/scripts/md-table/requirements.txt +++ b/tests/scripts/md-table/requirements.txt @@ -1,4 +1,4 @@ pyaml jinja2 -pathlib -pydblite \ No newline at end of file +pathlib ; python_version < '3.10' +pydblite diff --git a/tests/scripts/testcases_run.sh b/tests/scripts/testcases_run.sh index 55cf7c3c75a..2461d29c6c6 100755 --- a/tests/scripts/testcases_run.sh +++ b/tests/scripts/testcases_run.sh @@ -50,13 +50,6 @@ test "${UPGRADE_TEST}" != "false" && git fetch --all && git checkout "$KUBESPRAY test "${UPGRADE_TEST}" != "false" && git checkout "${CI_BUILD_REF}" tests/files/${CI_JOB_NAME}.yml test "${UPGRADE_TEST}" != "false" && git checkout "${CI_BUILD_REF}" ${CI_TEST_REGISTRY_MIRROR} -# Install mitogen ansible plugin -if [ "${MITOGEN_ENABLE}" = "true" ]; then - ansible-playbook ${ANSIBLE_LOG_LEVEL} mitogen.yml - export ANSIBLE_STRATEGY=mitogen_linear - export ANSIBLE_STRATEGY_PLUGINS=plugins/mitogen/ansible_mitogen/plugins/strategy -fi - # Create cluster ansible-playbook ${ANSIBLE_LOG_LEVEL} -e @${CI_TEST_REGISTRY_MIRROR} -e @${CI_TEST_VARS} -e local_release_dir=${PWD}/downloads --limit "all:!fake_hosts" cluster.yml