Skip to content

Releases: kubernetes-sigs/kubespray

v2.27.0

06 Jan 06:34
@yankay yankay
v2.27.0
9ec9b3a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.27.0 Latest
Latest

Urgent Upgrade Notes

No, really, you MUST read this before you upgrade

  • Action required
    Change kubeadm_patches format to use an array of inline patch instead of patch files.
    See the example for new format. (#11521, @VannTen)
  • Action required
    Removes the generation of static tokens for every node in the cluster when kube_token_auth: true (#11567, @VannTen)
  • Action required
    The kubelet_node_{config_extra_args,custom_flags} are removed. Use kubelet_{config_extra_args,custom_flags} in <your_inventory>/group_vars/kube_node.yml.
    The {kube,system}_master_{cpu,memory,ephemeral-storage,pid} are removed. Use the {kube,system}_{cpu,memory,ephemeral-storage,pid} variables in <your_inventory>/group_vars/kube_control_plane.yml. kubelet_custom_flags` can no longer be a string, an array is required. (#10643, @VannTen)
  • Action required
    k8s_cluster group is now automatically defined, it can be removed from your inventory if you're not using it for group_vars (#11559, @VannTen)
  • Action required
    kubeadm_ignore_preflight_errors is introduced to ignore specific preflight checks from kubeadm. The previous was effectively all, so some errors might surface during upgrade, in which cases, users should add the ones they choose to ignore to that variable. (#11710, @VannTen)

Container-Managers

API Change

  • If you use CRI-O and want to keep runc as your container default runtime when you upgrade cluster, you must set runc_enable: true and crio_default_runtime: "runc".
    Make CRI-O's default runtime configurable
    CRI-O v1.31 default runtime change to crun
    Crun upgrade to 1.17
    Skopeo upgrade to v1.16.1 (#11601, @tico88612)

Feature

  • Make Kubernetes v1.31.4 default
    Add hashes for Kubernetes 1.31.4, 1.30.8 and 1.29.12 (#11828, @tico88612)
    Add hashes for Kubernetes 1.31.3, 1.30.7 and 1.29.11 (#11737, @tico88612)
    Add hashes for Kubernetes 1.31.2, 1.30.6 and 1.29.10 (#11662, @robertvolkmann)
    Add hashes for Kubernetes 1.31.1 and 1.31.0 (#11533, @philipsabri)
    Add hashes for kubernetes 1.29.8, 1.29.9, 1.30.5 (#11581, @DirkTheDaring)
  • Add CI for openeuler 24.03
    Add CI Image for openeuler 24.03, 22.03 (#11689, @yankay)
  • Add ResourceQuota AdmissionController plugin Configuration (#11814, @chadswen)
  • Add a new CRI-O crio_root variable (#11692, @toliger)
  • Add external Oracle cloud infrastructure cloud controller manager (#11378, @tico88612)
  • Add optional support for Host Firewall and PolicyAuditMode features in Cilium (#11230, @ledroide)
  • Add support Fedora 39/40 (#11573, @tico88612)
  • Add support to use existing fips with terraform OpenStack (#11558, @anders-elastisys)
  • Add the support of network isolation configuration in Multus. (#11605, @Sispheor)
  • Added support for using ntpsec (#11665, @davidumea)
  • Adds ingress_nginx_service_annotations variable to allow setting annotations for ingress-nginx controller service (#11544, @ThisIsQasim)
  • Adds nodelocaldns_additional_configs variable (#11657, @0x4c6565)
  • Allow disabling cilium hubble-ui using cilium_enable_hubble_ui variable (#10939, @pedro-peter)
  • Allow to skip network configuration by setting kube_network_plugin value to none (#11844, @ant31)
  • Configuration can now be supplied to ImagePolicyWebhook and PodNodeSelector admission plugins (#11471, @VannTen)
  • Feat(calico): add support for numAllowedLocalASNumbers on bgppeers per node definition (#11570, @mirwan)
  • Feat: Kubeadm config API support v1beta4 (#11674, @tico88612)
  • Iproute is installed before gathering facts (needed for getting ansible_default_ipv4) (#11816, @0ekk)
  • Partial Support of Cilium v1.16+ - kube-proxy replacement var changes
    Add optional support for configuring BGP Control Plane, IP Load Balancer Pools , Legacy BGP Peer Config v1 and BGP Config v2 features in Cilium (#11620, @logicsys)
  • [cilium] Make cilium 1.15.9 default (#11593, @foobaar)
  • Make cri-dockerd log level configurable (#11646, @mirwan)
  • Remove support Fedora 37/38 (#11600, @tico88612)
  • Reset operation: remove /var/log/containers and disable service auto-boot, make sure that multi-user.target.wants is deleted. (#11501, @leeonfu)
  • Support Configuring EncryptionAlgorithm in Kubeadm v1beta4 (#11757, @ErikJiang)
  • Update crictl to version v1.31.1 for Kubernetes 1.31
    Update crictl to version v1.30.1 for Kubernetes 1.30 (#11661, @robertvolkmann)
  • Update multus to v4.1.0 (#11434, @ThisIsQasim)
  • Upgrade CoreDNS version to v1.11.3 (#11653, @tico88612)
  • Upgrade OpenStack Cloud Controller Manager to v1.31.1 (#11738, @tico88612)
  • Upgrade pause container to 3.10 (#11695, @tico88612)
  • [calico] Update default calico to v3.29.1 (#11798, @mzaian)
  • [cert-manager] upgrade to v1.15.3 (#11668, @tico88612)
  • [cri-o] Switch binaries to libexecdir
    Update youki version to 0.4.1 to fix ci. (#11584, @yankay)
  • [etcd] Default version to 3.5.16 for 1.28, 1.29, 1.30, 1.31 (#11572, @janosbabik)
  • [helm] Upgrade to v3.16.4, add 3.16.x checksum (#11832, @tico88612)
  • [ingress-nginx] upgrade controller to version 1.12.0 (#11846, @mzaian)
  • [need notice] update containerd max_container_log_line_size default value to 16384 (#11585, @KubeKyrie)
  • [nerdctl] Default version to 1.7.7 (#11575, @janosbabik)

Documentation

  • No longer support in-tree cloud provider, please delete or write external to the cloud_provider variable. (#11633, @tico88612)
  • Remove inventory_builder scripts and contrib/dind (#11748, @VannTen)
  • Update dns-stack.md reference in docs/ansible/vars.md (#11745, @emmanuel-ferdman)

Failing Test

Bug or Regression

  • Action required
    Running kubespray with --limit without cached facts is no longer supported. Improves the scaling for large clusters. (#11598, @VannTen)
  • Always copy cert generation script to first etcd to pick up fixes on existing clusters (#11612, @VannTen)
  • Fix Cilium agent permission can't read loadbalancerippools and secrets (#11466, @foobaar)
  • Fix calico dual stack installation when using ip and ip6. (#11770, @VannTen)
  • Fix collection usage for calico and other configuration depending on .sh and .conf files in Kubespray (#11707, @VannTen)
  • Fix format of kubeadm-config v1beta4 (#11709, @VannTen)
  • Fix kube-vip container securityContext (#11647, @KubeKyrie)
  • Fix openEuler system packages installation (#11688, @VannTen)
  • Fix pretty-printing (in kubectl) of nodelocaldns and coredns configmap when using dns_upstream_forward_extra_opts with an empty value option. (#11694, @VannTen)
  • Fix spurious failure with 'localhost' when using scale.yml --limit <some nodes> (#11817, @VannTen)
  • Fix task naming in bootstrap-os (#11714, @ErikJiang)
  • Fix terraform.py on python >=3.12 (#11773, @enrico9034)
  • Fix the check for cached data when using --limit (#11693, @VannTen)
  • Fix the usage of --limit when using legacy groups (#11577, @VannTen)
  • Fix usage of admission plugins configuration. (#11779, @VannTen)
  • Fix using the default network manager in reset.yml (#11678, @KubeKyrie)
  • Fix: cannot stop & remove all cri containers via remove_node.yml (#11631, @tico88612)
  • Fixed: VSphere CSI and CPI drivers and are now retrieved from registry.k8s.io instead of gcr.io, as they have been deleted from the latter. Only a few recent versions are available in the new repository; if you have pinned vsphere_csi_controller, vsphere_csi_driver_image_tag or vsphere_syncer_image_tag to a version older than v3.1.2, please check if that version is available from the new repository. The same goes for external_vsphere_cloud_controller_image_tag which can no longer be latest, and should align with the running version of Kubernetes. It now defaults to v1.31.0. (#11564, @luringens)
  • HA etcd cluster keeps quorum during upgrades. (#11677, @VannTen)
  • Kubeadm images (kube-controller-manager,kube-scheduler,kube-apiserver,kube-proxy) are properly downloaded, including when using the download cache. (#11741, @VannTen)
  • Make sure kubespray-defaults can be executed successfully by executing bootstrap-os first (#11441, @huangkevin404)
  • Make upcloud csi_driver use the correct pull secret (#11597, @VannTen)
  • Modifies Helm parameters wait and atomic to be set to false when using kube_network_plugin=cni to prevent deployment issues with kubelet-csr-approver. (#11704, @M-JavadHeydarpour)
  • Remove invalid extraArgs entry and update template file reference (#11703, @agravgaard)
  • Update calico-nopde template and remove flexvol-driver initContainer (#11634, @KubeKyrie)
  • Use correct version for community.general collection (#11724, @VannTen)

Other (Cleanup or Flake)

  • Cleanup older terminology, replace "master" with "control plane" (#11394, @bogd)
  • Drop support for Kubernetes 1.28.x minimum version now is 1.29.x
    Drop support for CRI-O 1.28.x minimum version now is 1.29.x (#11609, @yankay)
  • Fix roles/download/tasks/download_file.yml task name typo (#11684, @dmncmn)
  • Optimize CA cert hash calculation with community.crypto (#11758, @ErikJiang)
  • Remove pip install . support and rpm spec file (#11760, @VannTen)
  • Replace deprecated unarchive.copy with unarchive.remote_src (#11207, @Payback159)
  • Update KUBESPRAY_VERSION for v2.26.0 (#11511, @yankay)
  • containerd_use_config_path is removed as kubespray now always use containerd config_path configuration. (#11755, @VannTen)

Contributors

chadswen, ant31, and 32 other contributors
Assets 2
Loading

v2.25.1

05 Nov 05:21
@yankay yankay
v2.25.1
f4dd405
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.25.1

Changes by Kind

Deprecation / Removal

Feature

Applications

Network

  • [calico] Update default calico to v3.27.4
    [calico] Fix high cpu load due to XDP program in iptables (#11476, @mzaian)

Container-Managers

  • [containerd] Default to v1.7.22
    [nerdctl] Upgrade to 1.7.7
    [runc] Upgrade to v1.1.14 (#11576, @janosbabik)

Bug or Regression

Contributors

mzaian, tico88612, and 4 other contributors
Assets 2
Loading

v2.24.3

18 Sep 03:08
@yankay yankay
v2.24.3
0b64ab1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.24.3

Changes by Kind

API Change

  • Default to kubernetes v1.28.14
    Default to etcd v3.5.16
    Default to containerd v1.7.22
    Default to cri-o v1.28.10
    Default to nerdctl 1.7.7
    Default to runc v1.1.14 (#11516, @VannTen)

Feature

Other (Cleanup or Flake)

  • Update KUBESPRAY_VERSION in galaxy.yml to v2.24.3 and Update Readme.md to v2.24.1 (#11385, @yankay)

Contributors

yankay, VannTen, and 2 other contributors
Assets 2
Loading

v2.26.0

06 Sep 02:32
@yankay yankay
v2.26.0
f9ebd45
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.26.0

Deprecation / Removal

  • Deprecating support for Centos7; they are not tested anymore (#11344, @ant31)
  • Remove Debian 10 support. (#11347, @tico88612)
  • Remove the kubeadm_version which is always equal to kube_version (#11473, @VannTen)
  • Drop support for Kubernetes 1.27.x minimum version now is 1.28.x (#11221, @mzaian)
  • if you were previously only setting serializeImagePulls: false to have unlimited parallel pulls, you will need to set kubelet_max_parallel_images_pulls to a suitable value instead (#11094, @tu1h)

Feature / Major Changes

  • Make kubernetes v1.30.4 default (#11455, @kokyhm)
  • Add hashes for Kubernetes v1.30.3 default (#11391, @tico88612), Add hashes for Kubernetes v1.30.2 default (#11343, @tmurakam), Add hashes for Kubernetes 1.30.0, 1.30.1 and 1.30.2 (#11261, @tmurakam), Add hashes for kubernetes 1.29.7, 1.28.[11-12] (#11407, @mzaian)
  • Add option ubuntu_kernel_unattended_upgrades_disabled to control unattended-upgrades for Linux kernel and all packages start with linux- on Ubuntu (#11296, @tu1h)
  • Added option to configure dependencies for kubelet.service (#11297, @ledroide)
  • Adds the possibility to add extra arguments to the various containers in the cinder-csi plugin.(#11169, @Payback159)
  • Allow to run kubespray with an empty kube_node group, to provision only the control plane (#11248, @VannTen)
  • CentOS 7 yum repo baseurl update (#11360, @tico88612)
  • Check CentOS-Base.repo exists for CentOS 7 (#11402, @tu1h)
  • Check if peers is defined when peering with routers (#11259, @ehsan310)
  • OpenStack Cloud Controller Manager upgrade to 1.30.0 (#11358, @tico88612)
  • Rename systemd module to systemd_service (#11396, @tu1h)
  • User has the ability to configure calico-kube-controllers log level (#11335, @mirwan)
  • User has the ability to configure local_volume_provisioner log level (#11336, @mirwan)
  • User has the ability to configure netchecker components log levels (#11334, @mirwan)
  • You can now disable installing OS dependencies using system's package manager by skipping system-packages tag. (#10872, @hedayat)
  • kubelet_max_parallel_image_pulls represents the maximum number of image pulls in parallel (#11094, @tu1h)
  • Update reset task to support Tencent OS (reset_restart_network_service_name) (#11459, @KubeKyrie)
  • Add conditional checking on ubuntu kernel unattended_upgrades disabling (#11479, @tu1h)

Applications

Network

  • [calico] Change calico default version to v3.28.1, add v3.28.0 and checksum , Update calico apiserver deployment to use new readiness probe (#11234, @ehsan310)
  • [calico] add calico support v3.27.4 to fix high cpu load due to XDP program in iptables (#11476, @ehsan310)
  • Add cilium_hubble_event_buffer_capacity & cilium_hubble_event_queue_size vars (#10943, @pedro-peter)
  • [network] bump cni version to v1.4.0 (#10698, @cyclinder)
  • Change weave CNI to community version and upgrade to the latest version (2.8.7) (#11228, @tico88612)
  • [kube-ovn] update to v1.12.21 (#11445, @oilbeater)

Container-Managers

Documentation

Bug or Regression

  • Delete /etc/NetworkManager/conf.d/dns.conf on reset. (#11440, @HoKim98)
  • Fix Hetzner kubernetes group names (#11232, @jmaccabee13)
  • Fix: skip multus when not defined (#10934, @darkobas2)
  • Ingress-nginx-controller admission service is automatically created when ingress_nginx_webhook_enabled: true (#11309, @mochizuki875)
  • Provide missing advertise-address flag to kube-apiserver (#11387, @derselbst)
  • Update reset task to support Kylin OS (reset_restart_network_service_name) (#11406, @KubeKyrie)
  • Updated indentation in cni-kube-ovn.yml.j2 (L658) (#11357, @sanshah1211)
  • Fix CI with fail docker pull in gitlab runner by change DOCKER_HOST (#11315, @yankay)
  • Fix etcd not starting up when using a custom access address (#11388, @derselbst)
  • Fix the Auto Bump PR is blocked by the label do-not-merge/release-note-label-needed by adding dependabot release-note-none label. (#11256, @yankay)
  • Fix kube_reserved so it only controls kubeReservedCgroup . (#11367, @rptaylor)
  • Disables reconfiguring the cluster during upgrade (remove --config option from kubeadm upgrade apply) (#11352, @tmurakam)
  • Fix error in boostrap-os when git does not handle symlinks (#11508, @VannTen)
  • Fix static kube-apiserver advertise address based on first control plane (#11457, @Seljuke)
  • Fix incorrect member matching when removing etcd nodes (#11488, @ErikJiang)
  • Fix double pop of access_ip (#11435, @rptaylor)
  • Fix use super-admin.conf for kube-vip on first master when it exists to support initial k8s v1.29+ installation with kube-vip enabled (#11422, @Seljuke)

Other (Cleanup or Flake)

  • Contrib playbooks are no longer included in the ansible kubespray collection (#11239, @VannTen)
  • Reduced required python packages in requirements.txt (#11199, @itayporezky)
  • Fix openstack cleanup by change the delete security_group order (#11299, @yankay)
  • RHEL 7, Centos 7 and derivatives are no longer supported. (#11246, @VannTen)
  • Use TasksMask=infinity on ostree systems for docker systemd service (#11493, @VannTen)

Supported Components

Known issues

N/A

Notes

Maintainers

Great respect for joining maintainers πŸŽ‰

Contributors

tmurakam, hedayat, and 32 other contributors
Assets 2
Loading

v2.24.2

17 Jul 06:46
@yankay yankay
v2.24.2
1601b0d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.24.2

Changes by Kind

Feature

  • Make kubernetes v1.28.10 default (#11269, @mzaian)
  • Revert 'Support CoreDNS use host network & config CoreDNS port' (#10617, @liuxu623)
  • User has a possibility to modify Service type with "ingress_nginx_service_type" property in addons. (#11330, @mochizuki875)

Bug or Regression

  • Ingress-nginx-controller admission service is automatically created when ingress_nginx_webhook_enabled: true (#11331, @mochizuki875)
  • Fix CentOS 7 yum repo baseurl update (#11364, @tico88612 )

Other (Cleanup or Flake)

  • Remove the archived debian apt repository when installing docker-engine (#11215, @VannTen )
  • Update KUBESPRAY_VERSION in galaxy.yml v2.24.1 (#10961, @yankay)

Contributors

mzaian, yankay, and 4 other contributors
Assets 2
Loading

v2.25.0

21 May 10:01
@mzaian mzaian
v2.25.0
7e0a407
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.25.0

Deprecation / Removal

Feature / Major Changes

  • A check is introduced to fail the playbook if cgroups are not enabled on the node (#11165, @franznemeth)
  • Add Calico v3.27.3 and make it default (#11141, @pomland-94)
  • Add extra_vars support to vagrant setup (#10932, @VannTen)
  • Add kube-vip LeaderElection variables vip_leaseduration, vip_renewdeadline, vip_retryperiod options for kube-vip (#11021, @KubeKyrie)
  • Add new option remove_anonymous_access to prevent granting RBAC permissions to anonymous users. (#11016, @nicolas-goudry)
  • Add scheduler plugins support (scheduler_plugins_enabled enable or disable the installation scheduler plugins / scheduler_plugins_enabled_plugins describe the enabled plugins / scheduler_plugins_diabled_plugins describe the disabled plugins / scheduler_plugins_plugin_config set the custom config for enabled plugins) (#10747, @tu1h)
  • Added a config option to filter ntp interfaces (#11066, @Pavan-Gunda)
  • Adding egress IPv6 for node-local-dns queries (k8s_allowed_egress_ipv6_ips) (#10396, @raviranjanelastisys)
  • Bump docker version for kylin linux (#11203, @ErikJiang)
  • Bump docker version for openeuler linux (#11206, @ErikJiang)
  • Update almalinux-8 base image to 8.9 (#10918, @VannTen)
  • Bumping checksums and various versions (#10999, @MrFreezeex)
  • Containerd: allow to configure fallback server (#10988, @sathieu)
  • Docker upgrade from 24.0 to 26.1 (#11198, @tico88612)
  • Download hash script: auto discover versions (#10849, @VannTen)
  • Enable configuring mountOptions, reclaimPolicy and volumeBindingMode for cinder-csi StorageClasses. (#10450, @Payback159)
  • Make containerd v1.7.15 default (#11083, @Payback159)
  • Make kubernetes v1.28.6 default (#10810, @mzaian)
  • Make kubernetes v1.29.1 default
    Remove SecCompDefault feature gate from hardening configuration for kubernetes 1.29 (#10820, @tmurakam)
  • Make kubernetes v1.29.2 default (#10919, @mzaian)
  • Make kubernetes v1.29.3 default (#11035, @mzaian)
  • Make kubernetes v1.29.4 default (#11108, @mzaian)
  • Make kubernetes v1.29.5 default (#11196, @mzaian)
  • Metallb: added metallb_namespace variable to parameterize namespace (#11136, @oik741)
  • OpenStack Cloud Controller Manager upgrade to 1.28.2 (#11174, @tico88612)
  • Opensuse deployment is now tested in CI. (#11159, @VannTen)
  • Add selinux-ng repo in Amazon Linux to install container-selinux (#11182, @yankay)
  • Add CI Image for Ubuntu 24.04 (#11167, @yankay)
  • Allows .vagrant folder location to be configured (#10718, @kri5)
  • Prevent nodelocaldns to be OOM-killed (#11056, @sathieu)
  • Support Node Feature Discovery (#10861, @yankay)
  • Support Ubuntu 24.04 (#11132, @tico88612)
  • Support following k8s version selection pause image (#10756, @my-git9)
  • The variable old_dns_domains (list) can be used for backward compatibility when changing dns_domain (#10630, @VannTen)
  • Update external huawei cloud controller to 0.26.6 (#10824, @dabeck)
  • Update external huawei cloud controller to 0.26.8 (#11172, @dabeck)
  • Update kube-vip to v0.8.0 (#11156, @jisnardo)
  • Update metrics server to v0.7.0 (#10856, @mzaian)
  • Updated ingress controller version to 1.9.6 (#10868, @kundan2707)
  • User has a possibility to modify Service type with "ingress_nginx_service_type" property in addons. (#10925, @chrxmvtik)
  • [Terraform-openstack] Added possibility to build an octavia loadbalancer for the Kubernetes Api. (#10924, @jaszil)
  • [containerd] added distributed tracing config variables for containerd (containerd_tracing_enabled,containerd_tracing_endpoint,containerd_tracing_protocol, containerd_tracing_sampling_ratio,containerd_tracing_service_name ); it is disabled by default. (#11103, @ugur99)
  • [etcd] Default version to 3.5.12 for k8s 1.27 , 1.28 , 1.29 (#11036, @mzaian)
  • Minimum ansible-core version is now 2.16.4 (#10984, @VannTen)
  • Remove the archived debian apt repository when installing docker-engine (#11088, @yankay)
  • Change dependbot interval to weekly (#11189, @yankay)
  • Allow specifying CPU Manager Policy options through kubelet_cpu_manager_policy_options (#11023, @derselbst)
  • [kube-apiserver] added distributed tracing config variables for kube-apiserver (kube_apiserver_tracing,kube_apiserver_tracing_endpoint,kube_apiserver_tracing_sampling_rate_per_million); it is disabled by default.
    [kubelet] added distributed tracing config variables for kubelet (kubelet_tracing,kubelet_tracing_endpoint,kubelet_tracing_sampling_rate_per_million); it is disabled by default. (#10795, @ugur99)

Applications

Network

  • Adds support for cilium v1.15
    • Adds support for cilium_l2announcements to replace metallb with cilium l2 announcements, defaults to false
    • Adds support for cilium_loadbalancer_mode to switch bpf-lb-mode between snat, dsr or hybrid, default to snat (#11106, @deveshk0)
  • Adds the option to install calico 3.27.3 (#11059, @danielfrg)
  • [calico] Update default calico to v3.27.2 (#10960, @mzaian)

Container-Managers

API Change

Design

  • Merge stop and remove systemd service task in reset/tasks/main.yml (#10902, @kimsehwan96)

Documentation

  • Add documentation for configuring nat outgoing ipv6 (#10866, @anders-elastisys)
  • Add new OpenStack Cloud for terraform (#10910, @DragomirAlin)
  • BREAKING CHANGE: This script is introduced to facilitate living documentation and its administration. This leads to a restructuring in the documentation at https://kubespray.io/#/ to simplify the automatic creation of links, as the structure in the sidebar changes. (#11128, @Payback159)
  • Change a task name Ensure kube-bench parameters are set into Ensure kubelet expected parameters are set in roles/kubernetes/preinstall/tasks/0080-system-configurations.yml for a clearer understanding of its operation (#11171, @kimsehwan96)
  • Do not disable SELinux surreptitiously (#10920, @rptaylor)
  • Doc clarification: skipping patches releases is OK (#10850, @VannTen)
  • Docs: vagrant-libvirt is tested in CI (#10847, @VannTen)
  • Explicit private/public nature of *ip vars (#10904, @VannTen)
  • Fix typo in vagrant.md (#10836, @kundan2707)
  • Fix typo mistake in roles/kubernetes/control-plane/tasks/define-first-kube-control.yml (#10835, @kimsehwan96)
  • Fixed typos in inventory/sample/group_vars/k8s_cluster (#10911, @arahmangulov)
  • Kubespray used as a collection will have the correct collection version (#10727, @VannTen)
  • Make large-deployments.md link to downloads.md (#10840, @spantaleev)
  • Removed not needed graduated feature gates. (#10448, @Smidra)
  • Update upgrades.md with serial=1 for rolling updates (#10837, @titansmc)
  • Variable cilium_ipsec_key must be base64 encoded (#10781, @ledroide)

Bug or Regression

  • Added an optional variable (cni_bin_owner) to allow the user to set a different owner for /opt/cni/bin/ and it's contents. (#10929, @Rickkwa)
  • Change the position of the containerd_extra_args parameter to enhance its universality. (#11013, @qcu266)
  • Configure crio container runtime to use kube reserved cgroup (#11028, @pedro-peter)
  • Don't overwrite changes to openstack allowed_address_pairs #10760 (#10760, @rptaylor)
  • Download cache directory permissions are no longer reset recursively (#10900, @VannTen)
  • Fix ClusterRole for Calico >=v1.26.x with Calico API Server installed (#11089, @RaSerge)
  • Fix ansible parameter ssh_args in ansible.cfg file not work (#10981, @joy717)
  • Fix boostrap for Amazon Linux (#11139, @VannTen)
  • Fix crio registries config file when using slashes in the registry path (#11030, @pedro-peter)
  • Fix file loss during download (#10779, @ErikJiang)
  • Fix kubespray-defaults: Check for boostrap-os FQCN (#11073, @KubeKyrie)
  • Fix local path provisioner image repo in sample inventory. (#11180, @tico88612)
  • Fix logical error when checking for boostrap-os (#10867, @VannTen)
  • Fix lsattr command error when kubelet has symbolic link (#11074, @KubeKyrie)
  • Fix network manage service of Debian 12 (#11058, @KubeKyrie)
  • Fix nginx controller leader election RBAC (#10913, @VannTen)
  • Fix python regex matching problem when finding docker packages (#11075, @KubeKyrie)
  • Fix waiting for MetalLB controller (#10858, @flxbwr)
  • Fix(kubernetes): taint nodes on cluster upgrade (#10705, @maxime1907)
  • Fix: config hostname as string type in kubeadmConfig rendering (#10997, @ErikJiang)
  • Fixes running recover-control-plane.yml with offline broken etcd nodes. (#10660, @yuha0)
  • Revert OCCM standard dnsPolicy to ClusterFirst to fix #10914 which was introduced with #10618 and make dnsPolicy configurable to furthermore support #10618 (#11168, @Payback159)
  • Force update helm repo if ...
Read more

Contributors

kri5, tmurakam, and 53 other contributors
Assets 2
Loading

v2.24.1

27 Feb 01:49
@yankay yankay
v2.24.1
2cb8c85
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.24.1

Changes by Kind

Feature

Bug or Regression

Other (Cleanup or Flake)

The release intend to address GHSA-xr7r-f8xq-vfvv

Contributors

mzaian, VannTen, and cleman95
Assets 2
Loading

v2.22.2

07 Feb 01:26
@yankay yankay
v2.22.2
12a65c4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.22.2

Changes by Kind

Network

  • [calico] Use calico_pool_blocksize from cluster when existing (#10516, @VannTen)

API Change

Feature

  • Add hashes for kubernetes version 1.26.6, 1.26.7, 1.26.8 & 1.26.9 (#10444, @bozzo)
  • Don't let find search filesystem mounts in docker build run step (#10131, @tomodachi)
  • Make kubernetes 1.26.13 the default version (#10823, @VannTen)

Failing Test

Bug or Regression

The release intend to address GHSA-xr7r-f8xq-vfvv

Contributors

tomodachi, yankay, and 4 other contributors
Assets 2
Loading

v2.23.3

06 Feb 10:54
@yankay yankay
v2.23.3
3f6567b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.23.3

Changes by Kind

Feature

Bug or Regression

Other (Cleanup or Flake)

  • Update KUBESPRAY_VERSION in galaxy.yml and Readme for v2.23.2 (#10801, @yankay)

The release intend to address GHSA-xr7r-f8xq-vfvv

Contributors

yankay, ErikJiang, and VannTen
Assets 2
Loading

v2.24.0

19 Jan 08:19
@yankay yankay
v2.24.0
64447e7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.24.0

Deprecation / Removal

  • Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane (#10464, @unai-ttxu)
  • Drop support for Kubernetes 1.25.x (move min version to 1.26.x) (#10420, @yankay)
  • Drop installation notes for Debian Jessie (#10642, @jelmer)

Feature / Major Changes

  • Make kubernetes v1.28.6 default (#10810, @mzaian)
  • Add kubernetes v1.28.0, v1.28.1, v1.28.2, v1.28.3, v1.28.4, v1.28.5 hash (#10435, #10541, #10739, @mzaian ; #10390, @tmurakam ; #10624, @tmurakam)
  • Add Retry for Applying PriorityClass (#10469, @hangscer8)
  • Add option crio_criu_support_enabled to enable container forensic analysis (#10479, @tu1h)
  • Add option kubectl_alias to set bash alias of kubectl (#10552, @tu1h)
  • Add variable to configure ipvs modules (kube_proxy_ipvs_modules) (#10580, @borgiacis)
  • Check nameserver only when dns is enable (#10561, @yckaolalala)
  • Correctly handle remove_default_searchdomains when value is undefined (#10533, @yckaolalala)
  • Kube-scheduler: remove/update deprecated component component config v1beta3. (#10484, @mzaian)
  • Terraform-aws: variable driven ami selection (ami_name_pattern/ami_virtualization_type/ami_owners) (#10520, @mertcancam)
  • Terraform-openstack: Added possibility to enable dhcp flag critical on one interface (#10446, @Xartos)
  • This will introduce a new variable kube_apiserver_admission_plugins_podnodeselector_default_node_selector that can be used with kube_apiserver_admission_plugins_needs_configuration: [PodNodeSelector] defined. So allows the users to configure PodNodeSelector plugin. (#10607, @titansmc)
  • UpCloud: Terraform provider updated to v2.12.0. Server groups with strict anti-affinity (move var from anti_affinity_policy to anti_affinity) (#10474, @robinAwallace)
  • Update dockerfile to follow best practices (#10708, @maxime1907)
  • Update to ansible 2.15 and set minimum version to 2.15.5 (#10481, @MrFreezeex)
  • [etcd] Update Default etcd version to 3.5.10 for kubernetes 1.28, 1.27 and 1.26 (#10798, @VannTen)
  • [etcd] update version to 3.5.9 for k8s 1.28 , 1.27 , 1.26 (#10482, @mzaian)
  • [etcd] add 3.5.10 hashes (#10566, @mzaian)
  • [vsphere_csi] Update to 3.1.0 supports Kubernetes Version 1.28 (#10451, @mzaian)
  • [cinder_csi] Cinder-CSI now use cluster_name variable instead of the default hardcoded "kubernetes" value (#10422, @floryut)

Applications

Network

  • [cilium] Fix invalid hubble yaml if cilium_hubble_tls_generate is enabled (#10430, @toonalbers)
  • [cilium] Use correct ports in cilium metrics services if metrics are enabled. (#10519, @bakito)
  • [cilium] Adds support for deploying clusters with cilium 1.14+ (#10684, @rl0nergan)
  • [calico] Separate calico-node and calico-cni-plugin service accounts and update default calico to v3.26.1 (#10416, @mzaian)
  • [calico] Use calico_pool_blocksize from cluster when existing (#10516, @VannTen)
  • [calico] Update default calico to v3.26.3 (#10526, @mzaian)
  • [calico] Update default calico to v3.26.4 (#10669, @mzaian)
  • [kube-router] Default kube-router version updated to v2.0.0 (#10503, @bozzo)
  • [kube-router] Default kube-router version updated to v1.6.0 (#10478, @bozzo)
  • [kube-router] Add kube_router_bgp_graceful_restart optional setting for disabling graceful BGP restarts (default to true) (#10489, @rosskusler)
  • [metallb] Add option to set avoidBuggyIPs in IPAddressPools and change the default back to false (#10458, @zeeZ)
  • [metallb] Metallb --lb-class cmd arg to support multiple LoadBalancer implementations (#10550, @Seal1998)
  • [custom_cni] Add helm support for custom_cni deployment (#10529, @kukacz)
  • [kube_vip] Add kube_vip_lb_fwdmethod option for kube-vip (#10762, @tu1h)

Container-Managers

  • [containerd] Fix invalid version check in containerd jinja-template config (#10620, @khanhngobackend)
  • [containerd] Make containerd 1.7.11 default (#10671, @mzaian)
  • [containerd] Add hashes for containerd versions 1.7.6 ~ 1.7.8 default (#10439, #10525, #10589, @mzaian)
  • [containerd] Specify the runc path when we use the containerd container engine and change the bin_dir path. (#10154, @qlijin)
  • [containerd] Refactor NRI activation for containerd and CRI-O (remove crio_enable_nri and containerd_nri_disable) now only one var nri_enabled default to false (#10470, @fmuyassarov)
  • [containerd] Add Boolean option enable_cdi to enable cdi (false by default) (#10603, @krembu)
  • [containerd] Add configuration option for NRI (disable by default) in crio & containerd (using new containerd_nri_disable and crio_enable_nri) (#10454, @fmuyassarov)
  • [containerd] add config support override_path (#10776, @yankay)
  • [runc] Upgrade to v1.1.10 (#10671, @mzaian)
  • [crio] Update to v1.28.1 (#10480, @qlijin)
  • [crio] Remove crio package configuration during cleanup (#10584, @yckaolalala)
  • [crio] Update docs for crio_registry_auth (#10785, @qlijin)
  • [docker] Ability to define GPG key path for Docker APT (using new variable docker_repo_key_keyring) (#10513, @emiran-orange)
  • [kata-containers] Freshens configuration-qemu to latest template compatible with kata-containers 3.1.3. (#10466, @Alphadelta14)
  • [nerdctl] Bump nerdctl version 1.7.1 (#10685, @yankay)
  • [nerdctl] Change nerdctl version from 1.5.0 to 1.6.0 (#10475, @MaGaroo)

Documentation

Bug or Regression

  • Add a variable reset_restart_network_service_name in the reset role to be able to configure the name of the service which is restarted. (#10428, @RomainMou)
  • Add dnsPolicy: ClusterFirstWithHostNet to DaemonSets with hostNetwork: true (#10618, @Payback159)
  • Check for correct conntrack module presence, regardless of kernel versions (#10662, @VannTen)
  • Fallback_ips: ignore unreachable hosts (#10601, @poblahblahblah)
  • Fix 'kube-apiserver' tag inappropriately overwriting secrets at rest encryption token (#10460, @jwitko)
  • Fix assertion for task item verify-settings (#10699, @piwinkler)
  • Fix external-lb in kubelet.conf server address and kube-proxy api-server address (#10490, @ugur99)
  • Fix forgotten update of etcd-servers list in apiserver manifest when scaling (#8253, @liupeng0518)
  • Fix metallb example yaml (#10545, @caruccio)
  • Fix reset job for cri-o container engine (#10197, @turbosnail)
  • Fix restart network task cannot be skipped (ansible boolean conversion needed) (#10512, @ErikJiang)
  • Fix: add kubelet tag in task of Fetch facts to avoid kubelet config inconsistencies (#10423, @NierYYDS)
  • Fixes the path of the certificates use in the etcdctl.sh wrapper when the deployment type is not kubeadm. (#10467, @RomainMou)
  • Hubble relay will work when cilium_cluster_name is customised. (#10614, @eugene-eeo)
  • Disable podCIDR allocation from control-plane when using calico (#10639, @VannTen)
  • Kubespray-defaults: Check for boostrap-os FQDN (#10590, @VannTen)
  • Patch for modprobe_nf_conntrack for new Linux Kernel, when using ipvs (#10625, @abhishekkr)
  • Remove always tag applied on bootstrap (#10556, @yckaolalala)
  • Set remove_default_searchdomains to false by default (#10554, @hedayat)
  • Swap is now disabled using systemd (mask of swap.target) (#10587, @VannTen)
  • Fix undefined retries variable when copying etcdctl (#10634, @ErikJiang)
  • Move control plane certs renewal "spread out" into the systemd timer (#10596, @VannTen)
  • The dhcp configuration for dns nameservers are now the same than during installation (#10548, @smutel)
  • Use correct env var name for kube-vip per service leader election (#10433, @ThisIsQasim)
  • Don't fail on 304 Not Modified for an already downloaded file (#10452, @sathieu)
  • Fix download retry when get_url has no status_code (#10613, @RomainMou)
  • Fix ntp installation on SLES and openSUSE (#10786, @goldyfruit)
  • Set the maxUnavailable of the coredns rolling update strategy to 1 (#10748, @tu1h)
  • Fix crio_version version comparison (#10780, @ledroide)
  • Fix disable swap failed in Centos/RHEL 7 (#10751, @yankay)
  • Fix image pull fail with insecure-registry (#10775, @yankay)
  • Refactor check_galaxy + fix version (#10729, @VannTen)
  • Fix Helm installation on SLES and openSUSE (#10794, @goldyfruit)
  • Fix incorrect ciliumcli binary (#10575, @tu1h)
  • Fix ntp installation on SLES and openSUSE (#10786, @goldyfruit)
  • Fix the cluster installation on cluster using etcd clients nodes (cilium / calico / ...) (#10769, @VannTen)

Other (Cleanup or Flake)

Read more

Contributors

abhishekkr, jelmer, and 55 other contributors
Assets 2
Loading