Merge branch 'kubernetes-sigs:master' into patch-1

kubernetes-sigs · Aug 6, 2024 · 4dca87d · 4dca87d
2 parents 9bceb0e + cc03ca6
commit 4dca87d
Show file tree

Hide file tree

Showing 196 changed files with 591 additions and 408 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -39,10 +39,10 @@ repos:
  hooks:
  - id: ansible-lint
  additional_dependencies:
- - ansible==9.5.1
+ - ansible==9.8.0
  - jsonschema==4.22.0
  - jmespath==1.0.1
- - netaddr==1.2.1
+ - netaddr==1.3.0
  - distlib
 
  - repo: https://github.com/golangci/misspell

diff --git a/.yamllint b/.yamllint
@@ -6,17 +6,24 @@ ignore: |
  .github/
  # Generated file
  tests/files/custom_cni/cilium.yaml
-
+# https://ansible.readthedocs.io/projects/lint/rules/yaml/
 rules:
  braces:
  min-spaces-inside: 0
  max-spaces-inside: 1
  brackets:
  min-spaces-inside: 0
  max-spaces-inside: 1
+ comments:
+ min-spaces-from-content: 1
+ # https://github.com/adrienverge/yamllint/issues/384
+ comments-indentation: false
  indentation:
  spaces: 2
  indent-sequences: consistent
  line-length: disable
  new-line-at-end-of-file: disable
+ octal-values:
+ forbid-implicit-octal: true # yamllint defaults to false
+ forbid-explicit-octal: true # yamllint defaults to false
  truthy: disable
diff --git a/README.md b/README.md
@@ -160,11 +160,11 @@ Note: Upstart/SysV init based OS types are not supported.
 ## Supported Components
 
 - Core
- - [kubernetes](https://github.com/kubernetes/kubernetes) v1.30.2
+ - [kubernetes](https://github.com/kubernetes/kubernetes) v1.30.3
  - [etcd](https://github.com/etcd-io/etcd) v3.5.12
  - [docker](https://www.docker.com/) v26.1
- - [containerd](https://containerd.io/) v1.7.16
- - [cri-o](http://cri-o.io/) v1.30.2 (experimental: see [CRI-O Note](docs/CRI/cri-o.md). Only on fedora, ubuntu and centos based OS)
+ - [containerd](https://containerd.io/) v1.7.20
+ - [cri-o](http://cri-o.io/) v1.30.3 (experimental: see [CRI-O Note](docs/CRI/cri-o.md). Only on fedora, ubuntu and centos based OS)
 - Network Plugin
  - [cni-plugins](https://github.com/containernetworking/plugins) v1.2.0
  - [calico](https://github.com/projectcalico/calico) v3.27.3
@@ -189,7 +189,7 @@ Note: Upstart/SysV init based OS types are not supported.
  - [rbd-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.1-k8s1.11
  - [aws-ebs-csi-plugin](https://github.com/kubernetes-sigs/aws-ebs-csi-driver) v0.5.0
  - [azure-csi-plugin](https://github.com/kubernetes-sigs/azuredisk-csi-driver) v1.10.0
- - [cinder-csi-plugin](https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/cinder-csi-plugin/using-cinder-csi-plugin.md) v1.29.0
+ - [cinder-csi-plugin](https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/cinder-csi-plugin/using-cinder-csi-plugin.md) v1.30.0
  - [gcp-pd-csi-plugin](https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver) v1.9.2
  - [local-path-provisioner](https://github.com/rancher/local-path-provisioner) v0.0.24
  - [local-volume-provisioner](https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner) v2.5.0

diff --git a/contrib/azurerm/roles/generate-inventory/tasks/main.yml b/contrib/azurerm/roles/generate-inventory/tasks/main.yml
@@ -12,4 +12,4 @@
  template:
  src: inventory.j2
  dest: "{{ playbook_dir }}/inventory"
- mode: 0644
+ mode: "0644"
diff --git a/contrib/azurerm/roles/generate-inventory_2/tasks/main.yml b/contrib/azurerm/roles/generate-inventory_2/tasks/main.yml
@@ -22,10 +22,10 @@
  template:
  src: inventory.j2
  dest: "{{ playbook_dir }}/inventory"
- mode: 0644
+ mode: "0644"
 
 - name: Generate Load Balancer variables
  template:
  src: loadbalancer_vars.j2
  dest: "{{ playbook_dir }}/loadbalancer_vars.yml"
- mode: 0644
+ mode: "0644"
diff --git a/contrib/azurerm/roles/generate-templates/tasks/main.yml b/contrib/azurerm/roles/generate-templates/tasks/main.yml
@@ -8,13 +8,13 @@
  path: "{{ base_dir }}"
  state: directory
  recurse: true
- mode: 0755
+ mode: "0755"
 
 - name: Store json files in base_dir
  template:
  src: "{{ item }}"
  dest: "{{ base_dir }}/{{ item }}"
- mode: 0644
+ mode: "0644"
  with_items:
  - network.json
  - storage.json

diff --git a/contrib/dind/roles/dind-cluster/tasks/main.yaml b/contrib/dind/roles/dind-cluster/tasks/main.yaml
@@ -35,7 +35,7 @@
  path-exclude=/usr/share/doc/*
  path-include=/usr/share/doc/*/copyright
  dest: /etc/dpkg/dpkg.cfg.d/01_nodoc
- mode: 0644
+ mode: "0644"
  when:
  - ansible_os_family == 'Debian'
 
@@ -64,7 +64,7 @@
  copy:
  content: "{{ distro_user }} ALL=(ALL) NOPASSWD:ALL"
  dest: "/etc/sudoers.d/{{ distro_user }}"
- mode: 0640
+ mode: "0640"
 
 - name: "Add my pubkey to {{ distro_user }} user authorized keys"
  ansible.posix.authorized_key:

diff --git a/contrib/dind/roles/dind-host/tasks/main.yaml b/contrib/dind/roles/dind-host/tasks/main.yaml
@@ -42,7 +42,7 @@
  template:
  src: inventory_builder.sh.j2
  dest: /tmp/kubespray.dind.inventory_builder.sh
- mode: 0755
+ mode: "0755"
  tags:
  - addresses
 

diff --git a/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml b/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml
@@ -20,7 +20,7 @@
  br-netfilter
  owner: root
  group: root
- mode: 0644
+ mode: "0644"
  when: br_netfilter is defined
 
 

diff --git a/contrib/kvm-setup/roles/kvm-setup/tasks/user.yml b/contrib/kvm-setup/roles/kvm-setup/tasks/user.yml
@@ -11,7 +11,7 @@
  state: directory
  owner: "{{ k8s_deployment_user }}"
  group: "{{ k8s_deployment_user }}"
- mode: 0700
+ mode: "0700"
 
 - name: Configure sudo for deployment user
  copy:
@@ -20,13 +20,13 @@
  dest: "/etc/sudoers.d/55-k8s-deployment"
  owner: root
  group: root
- mode: 0644
+ mode: "0644"
 
 - name: Write private SSH key
  copy:
  src: "{{ k8s_deployment_user_pkey_path }}"
  dest: "/home/{{ k8s_deployment_user }}/.ssh/id_rsa"
- mode: 0400
+ mode: "0400"
  owner: "{{ k8s_deployment_user }}"
  group: "{{ k8s_deployment_user }}"
  when: k8s_deployment_user_pkey_path is defined
@@ -41,7 +41,7 @@
 - name: Fix ssh-pub-key permissions
  file:
  path: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
- mode: 0600
+ mode: "0600"
  owner: "{{ k8s_deployment_user }}"
  group: "{{ k8s_deployment_user }}"
  when: k8s_deployment_user_pkey_path is defined
diff --git a/contrib/mitogen/mitogen.yml b/contrib/mitogen/mitogen.yml
@@ -14,7 +14,7 @@
  file:
  path: "{{ item }}"
  state: directory
- mode: 0755
+ mode: "0755"
  become: false
  loop:
  - "{{ playbook_dir }}/plugins/mitogen"
@@ -25,7 +25,7 @@
  url: "{{ mitogen_url }}"
  dest: "{{ playbook_dir }}/dist/mitogen_{{ mitogen_version }}.tar.gz"
  validate_certs: true
- mode: 0644
+ mode: "0644"
 
  - name: Extract archive
  unarchive:
@@ -40,7 +40,7 @@
  - name: Add strategy to ansible.cfg
  community.general.ini_file:
  path: ansible.cfg
- mode: 0644
+ mode: "0644"
  section: "{{ item.section | d('defaults') }}"
  option: "{{ item.option }}"
  value: "{{ item.value }}"

diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/main.yml b/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/main.yml
@@ -15,7 +15,7 @@
  file:
  path: "{{ item }}"
  state: directory
- mode: 0775
+ mode: "0775"
  with_items:
  - "{{ gluster_mount_dir }}"
  when: ansible_os_family in ["Debian","RedHat"] and groups['gfs-cluster'] is defined
diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml b/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml
@@ -49,7 +49,7 @@
  file:
  path: "{{ item }}"
  state: directory
- mode: 0775
+ mode: "0775"
  with_items:
  - "{{ gluster_brick_dir }}"
  - "{{ gluster_mount_dir }}"
@@ -101,7 +101,7 @@
  template:
  dest: "{{ gluster_mount_dir }}/.test-file.txt"
  src: test-file.txt
- mode: 0644
+ mode: "0644"
  when: groups['gfs-cluster'] is defined and inventory_hostname == groups['gfs-cluster'][0]
 
 - name: Unmount glusterfs

diff --git a/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml b/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml
@@ -3,7 +3,7 @@
  template:
  src: "{{ item.file }}"
  dest: "{{ kube_config_dir }}/{{ item.dest }}"
- mode: 0644
+ mode: "0644"
  with_items:
  - { file: glusterfs-kubernetes-endpoint.json.j2, type: ep, dest: glusterfs-kubernetes-endpoint.json}
  - { file: glusterfs-kubernetes-pv.yml.j2, type: pv, dest: glusterfs-kubernetes-pv.yml}

diff --git a/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/deploy.yml b/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/deploy.yml
@@ -4,7 +4,7 @@
  template:
  src: "heketi-bootstrap.json.j2"
  dest: "{{ kube_config_dir }}/heketi-bootstrap.json"
- mode: 0640
+ mode: "0640"
  register: "rendering"
 - name: "Kubernetes Apps | Install and configure Heketi Bootstrap"
  kube:

diff --git a/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/topology.yml b/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/topology.yml
@@ -10,7 +10,7 @@
  template:
  src: "topology.json.j2"
  dest: "{{ kube_config_dir }}/topology.json"
- mode: 0644
+ mode: "0644"
 - name: "Copy topology configuration into container."
  changed_when: false
  command: "{{ bin_dir }}/kubectl cp {{ kube_config_dir }}/topology.json {{ initial_heketi_pod_name }}:/tmp/topology.json"

diff --git a/contrib/network-storage/heketi/roles/provision/tasks/glusterfs.yml b/contrib/network-storage/heketi/roles/provision/tasks/glusterfs.yml
@@ -3,7 +3,7 @@
  template:
  src: "glusterfs-daemonset.json.j2"
  dest: "{{ kube_config_dir }}/glusterfs-daemonset.json"
- mode: 0644
+ mode: "0644"
  become: true
  register: "rendering"
 - name: "Kubernetes Apps | Install and configure GlusterFS daemonset"
@@ -33,7 +33,7 @@
  template:
  src: "heketi-service-account.json.j2"
  dest: "{{ kube_config_dir }}/heketi-service-account.json"
- mode: 0644
+ mode: "0644"
  become: true
  register: "rendering"
 - name: "Kubernetes Apps | Install and configure Heketi Service Account"

diff --git a/contrib/network-storage/heketi/roles/provision/tasks/heketi.yml b/contrib/network-storage/heketi/roles/provision/tasks/heketi.yml
@@ -4,7 +4,7 @@
  template:
  src: "heketi-deployment.json.j2"
  dest: "{{ kube_config_dir }}/heketi-deployment.json"
- mode: 0644
+ mode: "0644"
  register: "rendering"
 
 - name: "Kubernetes Apps | Install and configure Heketi"

diff --git a/contrib/network-storage/heketi/roles/provision/tasks/secret.yml b/contrib/network-storage/heketi/roles/provision/tasks/secret.yml
@@ -28,7 +28,7 @@
  template:
  src: "heketi.json.j2"
  dest: "{{ kube_config_dir }}/heketi.json"
- mode: 0644
+ mode: "0644"
 
 - name: "Deploy Heketi config secret"
  when: "secret_state.stdout | length == 0"

diff --git a/contrib/network-storage/heketi/roles/provision/tasks/storage.yml b/contrib/network-storage/heketi/roles/provision/tasks/storage.yml
@@ -5,7 +5,7 @@
  template:
  src: "heketi-storage.json.j2"
  dest: "{{ kube_config_dir }}/heketi-storage.json"
- mode: 0644
+ mode: "0644"
  register: "rendering"
 - name: "Kubernetes Apps | Install and configure Heketi Storage"
  kube:

diff --git a/contrib/network-storage/heketi/roles/provision/tasks/storageclass.yml b/contrib/network-storage/heketi/roles/provision/tasks/storageclass.yml
@@ -16,7 +16,7 @@
  template:
  src: "storageclass.yml.j2"
  dest: "{{ kube_config_dir }}/storageclass.yml"
- mode: 0644
+ mode: "0644"
  register: "rendering"
 - name: "Kubernetes Apps | Install and configure Storace Class"
  kube:

diff --git a/contrib/network-storage/heketi/roles/provision/tasks/topology.yml b/contrib/network-storage/heketi/roles/provision/tasks/topology.yml
@@ -10,7 +10,7 @@
  template:
  src: "topology.json.j2"
  dest: "{{ kube_config_dir }}/topology.json"
- mode: 0644
+ mode: "0644"
 - name: "Copy topology configuration into container." # noqa no-handler
  when: "rendering.changed"
  command: "{{ bin_dir }}/kubectl cp {{ kube_config_dir }}/topology.json {{ heketi_pod_name }}:/tmp/topology.json"

diff --git a/contrib/offline/generate_list.yml b/contrib/offline/generate_list.yml
@@ -16,7 +16,7 @@
  template:
  src: ./contrib/offline/temp/{{ item }}.list.template
  dest: ./contrib/offline/temp/{{ item }}.list
- mode: 0644
+ mode: "0644"
  with_items:
  - files
  - images
diff --git a/contrib/os-services/roles/prepare/tasks/main.yml b/contrib/os-services/roles/prepare/tasks/main.yml
@@ -7,15 +7,15 @@
  service_facts:
 
  - name: Disable service firewalld
- systemd:
+ systemd_service:
  name: firewalld
  state: stopped
  enabled: no
  when:
  "'firewalld.service' in services and services['firewalld.service'].status != 'not-found'"
 
  - name: Disable service ufw
- systemd:
+ systemd_service:
  name: ufw
  state: stopped
  enabled: no

diff --git a/contrib/terraform/upcloud/cluster-settings.tfvars b/contrib/terraform/upcloud/cluster-settings.tfvars
@@ -1,5 +1,11 @@
 # See: https://developers.upcloud.com/1.3/5-zones/
-zone = "fi-hel1"
+zone = "fi-hel1"
+private_cloud = false
+
+# Only used if private_cloud = true, public zone equivalent
+# For example use finnish public zone for finnish private zone
+public_zone = "fi-hel2"
+
 username = "ubuntu"
 
 # Prefix to use for all resources to separate them from other resources

diff --git a/contrib/terraform/upcloud/main.tf b/contrib/terraform/upcloud/main.tf
@@ -11,8 +11,10 @@ provider "upcloud" {
 module "kubernetes" {
  source = "./modules/kubernetes-cluster"
 
- prefix = var.prefix
- zone = var.zone
+ prefix = var.prefix
+ zone = var.zone
+ private_cloud = var.private_cloud
+ public_zone = var.public_zone
 
  template_name = var.template_name
  username = var.username

diff --git a/contrib/terraform/upcloud/modules/kubernetes-cluster/main.tf b/contrib/terraform/upcloud/modules/kubernetes-cluster/main.tf
@@ -515,7 +515,7 @@ resource "upcloud_loadbalancer" "lb" {
  configured_status = "started"
  name = "${local.resource-prefix}lb"
  plan = var.loadbalancer_plan
- zone = var.zone
+ zone = var.private_cloud ? var.public_zone : var.zone
  networks {
  name = "Private-Net"
  type = "private"

diff --git a/contrib/terraform/upcloud/modules/kubernetes-cluster/variables.tf b/contrib/terraform/upcloud/modules/kubernetes-cluster/variables.tf
@@ -6,6 +6,14 @@ variable "zone" {
  type = string
 }
 
+variable "private_cloud" {
+ type = bool
+}
+
+variable "public_zone" {
+ type = string
+}
+
 variable "template_name" {}
 
 variable "username" {}