Merge branch 'master' into multus

kubernetes-sigs · Aug 30, 2024 · 9aa0ee4 · 9aa0ee4
2 parents f56a48a + b0be5f2
commit 9aa0ee4
Show file tree

Hide file tree

Showing 194 changed files with 2,730 additions and 757 deletions.
diff --git a/.gitlab-ci/packet.yml b/.gitlab-ci/packet.yml
@@ -88,6 +88,11 @@ packet_ubuntu20-crio:
 packet_ubuntu22-calico-all-in-one:
   extends: .packet_pr
 
+packet_ubuntu22-calico-all-in-one-upgrade:
+  extends: .packet_pr
+  variables:
+    UPGRADE_TEST: graceful
+
 packet_ubuntu24-calico-etcd-datastore:
   extends: .packet_pr
 

diff --git a/.yamllint b/.yamllint
@@ -26,4 +26,3 @@ rules:
   octal-values:
     forbid-implicit-octal: true # yamllint defaults to false
     forbid-explicit-octal: true # yamllint defaults to false
-  truthy: disable
diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES
@@ -7,11 +7,13 @@ aliases:
     - oomichi
     - yankay
     - ant31
+    - vannten
   kubespray-reviewers:
     - cyclinder
     - erikjiang
     - mrfreezeex
     - mzaian
+    - tico88612
     - vannten
     - yankay
   kubespray-emeritus_approvers:

diff --git a/README.md b/README.md
@@ -160,28 +160,28 @@ Note: Upstart/SysV init based OS types are not supported.
 ## Supported Components
 
 - Core
-  - [kubernetes](https://github.com/kubernetes/kubernetes) v1.30.3
+  - [kubernetes](https://github.com/kubernetes/kubernetes) v1.30.4
   - [etcd](https://github.com/etcd-io/etcd) v3.5.12
   - [docker](https://www.docker.com/) v26.1
-  - [containerd](https://containerd.io/) v1.7.20
+  - [containerd](https://containerd.io/) v1.7.21
   - [cri-o](http://cri-o.io/) v1.30.3 (experimental: see [CRI-O Note](docs/CRI/cri-o.md). Only on fedora, ubuntu and centos based OS)
 - Network Plugin
   - [cni-plugins](https://github.com/containernetworking/plugins) v1.2.0
-  - [calico](https://github.com/projectcalico/calico) v3.27.3
+  - [calico](https://github.com/projectcalico/calico) v3.28.1
   - [cilium](https://github.com/cilium/cilium) v1.15.4
   - [flannel](https://github.com/flannel-io/flannel) v0.22.0
-  - [kube-ovn](https://github.com/alauda/kube-ovn) v1.11.5
+  - [kube-ovn](https://github.com/alauda/kube-ovn) v1.12.21
   - [kube-router](https://github.com/cloudnativelabs/kube-router) v2.0.0
   - [multus](https://github.com/k8snetworkplumbingwg/multus-cni) v3.8
   - [weave](https://github.com/rajch/weave) v2.8.7
   - [kube-vip](https://github.com/kube-vip/kube-vip) v0.8.0
 - Application
   - [cert-manager](https://github.com/jetstack/cert-manager) v1.14.7
   - [coredns](https://github.com/coredns/coredns) v1.11.1
-  - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.10.1
+  - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.11.2
   - [krew](https://github.com/kubernetes-sigs/krew) v0.4.4
   - [argocd](https://argoproj.github.io/) v2.11.0
-  - [helm](https://helm.sh/) v3.14.2
+  - [helm](https://helm.sh/) v3.15.4
   - [metallb](https://metallb.universe.tf/)  v0.13.9
   - [registry](https://github.com/distribution/distribution) v2.8.1
 - Storage Plugin
@@ -193,7 +193,7 @@ Note: Upstart/SysV init based OS types are not supported.
   - [gcp-pd-csi-plugin](https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver) v1.9.2
   - [local-path-provisioner](https://github.com/rancher/local-path-provisioner) v0.0.24
   - [local-volume-provisioner](https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner) v2.5.0
-  - [node-feature-discovery](https://github.com/kubernetes-sigs/node-feature-discovery) v0.14.2
+  - [node-feature-discovery](https://github.com/kubernetes-sigs/node-feature-discovery) v0.16.4
 
 ## Container Runtime Notes
 

diff --git a/contrib/azurerm/generate-inventory.yml b/contrib/azurerm/generate-inventory.yml
@@ -1,6 +1,6 @@
 ---
 - name: Generate Azure inventory
   hosts: localhost
-  gather_facts: False
+  gather_facts: false
   roles:
     - generate-inventory
diff --git a/contrib/azurerm/generate-inventory_2.yml b/contrib/azurerm/generate-inventory_2.yml
@@ -1,6 +1,6 @@
 ---
 - name: Generate Azure inventory
   hosts: localhost
-  gather_facts: False
+  gather_facts: false
   roles:
     - generate-inventory_2
diff --git a/contrib/azurerm/generate-templates.yml b/contrib/azurerm/generate-templates.yml
@@ -1,6 +1,6 @@
 ---
 - name: Generate Azure templates
   hosts: localhost
-  gather_facts: False
+  gather_facts: false
   roles:
     - generate-templates
diff --git a/contrib/dind/dind-cluster.yaml b/contrib/dind/dind-cluster.yaml
@@ -1,7 +1,7 @@
 ---
 - name: Create nodes as docker containers
   hosts: localhost
-  gather_facts: False
+  gather_facts: false
   roles:
     - { role: dind-host }
 

diff --git a/contrib/dind/kubespray-dind.yaml b/contrib/dind/kubespray-dind.yaml
@@ -15,7 +15,7 @@ docker_storage_options: -s overlay2 --storage-opt overlay2.override_kernel_check
 
 dns_mode: coredns
 
-deploy_netchecker: True
+deploy_netchecker: true
 netcheck_agent_image_repo: quay.io/l23network/k8s-netchecker-agent
 netcheck_server_image_repo: quay.io/l23network/k8s-netchecker-server
 netcheck_agent_image_tag: v1.0

diff --git a/contrib/dind/roles/dind-cluster/tasks/main.yaml b/contrib/dind/roles/dind-cluster/tasks/main.yaml
@@ -14,7 +14,7 @@
     src: "/bin/true"
     dest: "{{ item }}"
     state: link
-    force: yes
+    force: true
   with_items:
     # DIND box may have swap enable, don't bother
     - /sbin/swapoff
@@ -58,7 +58,7 @@
     name: "{{ distro_user }}"
     uid: 1000
     # groups: sudo
-    append: yes
+    append: true
 
 - name: Allow password-less sudo to "{{ distro_user }}"
   copy:

diff --git a/contrib/dind/roles/dind-host/tasks/main.yaml b/contrib/dind/roles/dind-host/tasks/main.yaml
@@ -19,7 +19,7 @@
     state: started
     hostname: "{{ item }}"
     command: "{{ distro_init }}"
-    # recreate: yes
+    # recreate: true
     privileged: true
     tmpfs:
       - /sys/module/nf_conntrack/parameters

diff --git a/contrib/kvm-setup/kvm-setup.yml b/contrib/kvm-setup/kvm-setup.yml
@@ -1,8 +1,8 @@
 ---
 - name: Prepare Hypervisor to later install kubespray VMs
   hosts: localhost
-  gather_facts: False
-  become: yes
+  gather_facts: false
+  become: true
   vars:
     bootstrap_os: none
   roles:

diff --git a/contrib/kvm-setup/roles/kvm-setup/tasks/main.yml b/contrib/kvm-setup/roles/kvm-setup/tasks/main.yml
@@ -11,12 +11,12 @@
 
 - name: Install required packages
   apt:
-    upgrade: yes
-    update_cache: yes
+    upgrade: true
+    update_cache: true
     cache_valid_time: 3600
     name: "{{ item }}"
     state: present
-    install_recommends: no
+    install_recommends: false
   with_items:
     - dnsutils
     - ntp

diff --git a/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml b/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml
@@ -30,15 +30,15 @@
     value: 1
     sysctl_file: "{{ sysctl_file_path }}"
     state: present
-    reload: yes
+    reload: true
 
 - name: Set bridge-nf-call-{arptables,iptables} to 0
   ansible.posix.sysctl:
     name: "{{ item }}"
     state: present
     value: 0
     sysctl_file: "{{ sysctl_file_path }}"
-    reload: yes
+    reload: true
   with_items:
     - net.bridge.bridge-nf-call-arptables
     - net.bridge.bridge-nf-call-ip6tables

diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/README.md b/contrib/network-storage/glusterfs/roles/glusterfs/README.md
@@ -21,7 +21,7 @@ glusterfs_default_release: ""
 You can specify a `default_release` for apt on Debian/Ubuntu by overriding this variable. This is helpful if you need a different package or version for the main GlusterFS packages (e.g. GlusterFS 3.5.x instead of 3.2.x with the `wheezy-backports` default release on Debian Wheezy).
 
 ```yaml
-glusterfs_ppa_use: yes
+glusterfs_ppa_use: true
 glusterfs_ppa_version: "3.5"
 ```
 

diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/client/defaults/main.yml b/contrib/network-storage/glusterfs/roles/glusterfs/client/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 # For Ubuntu.
 glusterfs_default_release: ""
-glusterfs_ppa_use: yes
+glusterfs_ppa_use: true
 glusterfs_ppa_version: "4.1"
 
 # Gluster configuration.

diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/setup-Debian.yml b/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/setup-Debian.yml
@@ -3,7 +3,7 @@
   apt_repository:
     repo: 'ppa:gluster/glusterfs-{{ glusterfs_ppa_version }}'
     state: present
-    update_cache: yes
+    update_cache: true
   register: glusterfs_ppa_added
   when: glusterfs_ppa_use
 

diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/server/defaults/main.yml b/contrib/network-storage/glusterfs/roles/glusterfs/server/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 # For Ubuntu.
 glusterfs_default_release: ""
-glusterfs_ppa_use: yes
+glusterfs_ppa_use: true
 glusterfs_ppa_version: "3.12"
 
 # Gluster configuration.

diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml b/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml
@@ -43,7 +43,7 @@
   service:
     name: "{{ glusterfs_daemon }}"
     state: started
-    enabled: yes
+    enabled: true
 
 - name: Ensure Gluster brick and mount directories exist.
   file:
@@ -62,7 +62,7 @@
     replicas: "{{ groups['gfs-cluster'] | length }}"
     cluster: "{% for item in groups['gfs-cluster'] -%}{{ hostvars[item]['ip'] | default(hostvars[item].ansible_default_ipv4['address']) }}{% if not loop.last %},{% endif %}{%- endfor %}"
     host: "{{ inventory_hostname }}"
-    force: yes
+    force: true
   run_once: true
   when: groups['gfs-cluster'] | length > 1
 
@@ -73,7 +73,7 @@
     brick: "{{ gluster_brick_dir }}"
     cluster: "{% for item in groups['gfs-cluster'] -%}{{ hostvars[item]['ip'] | default(hostvars[item].ansible_default_ipv4['address']) }}{% if not loop.last %},{% endif %}{%- endfor %}"
     host: "{{ inventory_hostname }}"
-    force: yes
+    force: true
   run_once: true
   when: groups['gfs-cluster'] | length <= 1
 

diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/setup-Debian.yml b/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/setup-Debian.yml
@@ -3,7 +3,7 @@
   apt_repository:
     repo: 'ppa:gluster/glusterfs-{{ glusterfs_ppa_version }}'
     state: present
-    update_cache: yes
+    update_cache: true
   register: glusterfs_ppa_added
   when: glusterfs_ppa_use
 

diff --git a/contrib/network-storage/heketi/heketi-tear-down.yml b/contrib/network-storage/heketi/heketi-tear-down.yml
@@ -6,6 +6,6 @@
 
 - name: Teardown disks in heketi
   hosts: heketi-node
-  become: yes
+  become: true
   roles:
     - { role: tear-down-disks }
diff --git a/contrib/offline/generate_list.yml b/contrib/offline/generate_list.yml
@@ -1,7 +1,7 @@
 ---
 - name: Collect container images for offline deployment
   hosts: localhost
-  become: no
+  become: false
 
   roles:
     # Just load default variables from roles.

diff --git a/contrib/os-services/roles/prepare/tasks/main.yml b/contrib/os-services/roles/prepare/tasks/main.yml
@@ -10,14 +10,14 @@
     systemd_service:
       name: firewalld
       state: stopped
-      enabled: no
+      enabled: false
     when:
       "'firewalld.service' in services and services['firewalld.service'].status != 'not-found'"
 
   - name: Disable service ufw
     systemd_service:
       name: ufw
       state: stopped
-      enabled: no
+      enabled: false
     when:
       "'ufw.service' in services and services['ufw.service'].status != 'not-found'"
diff --git a/contrib/terraform/terraform.py b/contrib/terraform/terraform.py
@@ -368,7 +368,7 @@ def iter_host_ips(hosts, ips):
                 'ansible_host': ip,
             })
 
-        if 'use_access_ip' in host[1]['metadata'] and host[1]['metadata']['use_access_ip'] == "0":
+        if 'use_access_ip' in host[1]['metadata'] and host[1]['metadata']['use_access_ip'] == "0" and 'access_ip' in host[1]:
                 host[1].pop('access_ip')
 
         yield host

diff --git a/docs/ingress/ingress_nginx.md b/docs/ingress/ingress_nginx.md
@@ -35,7 +35,7 @@ kubectl create clusterrolebinding cluster-admin-binding \
 The following **Mandatory Command** is required for all deployments except for AWS. See below for the AWS version.
 
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/cloud/deploy.yaml
 ```
 
 ### Provider Specific Steps

diff --git a/extra_playbooks/upgrade-only-k8s.yml b/extra_playbooks/upgrade-only-k8s.yml
@@ -12,7 +12,7 @@
 
 - name: Setup ssh config to use the bastion
   hosts: localhost
-  gather_facts: False
+  gather_facts: false
   roles:
     - { role: kubespray-defaults}
     - { role: bastion-ssh-config, tags: ["localhost", "bastion"]}

diff --git a/inventory/sample/group_vars/all/containerd.yml b/inventory/sample/group_vars/all/containerd.yml
@@ -24,8 +24,21 @@
 # containerd_grpc_max_recv_message_size: 16777216
 # containerd_grpc_max_send_message_size: 16777216
 
+# Containerd debug socket location: unix or tcp format
+# containerd_debug_address: ""
+
+# Containerd log level
 # containerd_debug_level: "info"
 
+# Containerd logs format, supported values: text, json
+# containerd_debug_format: ""
+
+# Containerd debug socket UID
+# containerd_debug_uid: 0
+
+# Containerd debug socket GID
+# containerd_debug_gid: 0
+
 # containerd_metrics_address: ""
 
 # containerd_metrics_grpc_histogram: false

diff --git a/inventory/sample/group_vars/all/offline.yml b/inventory/sample/group_vars/all/offline.yml
@@ -18,7 +18,7 @@
 # quay_image_repo: "{{ registry_host }}"
 
 ## Kubernetes components
-# kubeadm_download_url: "{{ files_repo }}/dl.k8s.io/release/{{ kubeadm_version }}/bin/linux/{{ image_arch }}/kubeadm"
+# kubeadm_download_url: "{{ files_repo }}/dl.k8s.io/release/{{ kube_version }}/bin/linux/{{ image_arch }}/kubeadm"
 # kubectl_download_url: "{{ files_repo }}/dl.k8s.io/release/{{ kube_version }}/bin/linux/{{ image_arch }}/kubectl"
 # kubelet_download_url: "{{ files_repo }}/dl.k8s.io/release/{{ kube_version }}/bin/linux/{{ image_arch }}/kubelet"
 

diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
@@ -17,7 +17,7 @@ kube_token_dir: "{{ kube_config_dir }}/tokens"
 kube_api_anonymous_auth: true
 
 ## Change this to use another Kubernetes version, e.g. a current beta release
-kube_version: v1.30.3
+kube_version: v1.30.4
 
 # Where the binaries will be downloaded.
 # Note: ensure that you've enough disk space (about 1G)

diff --git a/playbooks/ansible_version.yml b/playbooks/ansible_version.yml
@@ -2,7 +2,7 @@
 - name: Check Ansible version
   hosts: all
   gather_facts: false
-  become: no
+  become: false
   run_once: true
   vars:
     minimal_ansible_version: 2.16.4

diff --git a/playbooks/boilerplate.yml b/playbooks/boilerplate.yml
@@ -51,7 +51,7 @@
 
 - name: Install bastion ssh config
   hosts: bastion[0]
-  gather_facts: False
+  gather_facts: false
   environment: "{{ proxy_disable_env }}"
   roles:
     - { role: kubespray-defaults }