github kubernetes-sigs/kubespray v2.15.0

latest releases: v2.25.1, v2.24.3, v2.26.0...
3 years ago

Announcements

We are looking for maintainers, reach out in #5432.

Deprecation / Removal

  • Remove support for Fedora 31 (EOL)
  • Remove support for Contiv CNI (#6964)
  • Remove hyperkube support, no longer available in Kubernetes (#6965)
  • Helm 2 can no longer be installed (#6846)

Major changes

  • Add support for Fedora 33 (#7072) (see Notes)
  • Add Kata Containers support to CRI-O runtime (#6830)
  • Add RHEL support subscription registration (#6572)
  • Add crun support (#6864)
  • Add etcd tls cipher suites support (#7001)
  • Add GCP terraform support (#6974)
  • Allow airgapped CRI-O installation (#6927)
  • Harden reset to work in more cases (#6781)
  • Disable Kubernetes Dashboard by default (#6804) (see Notes)
  • Add an option to force apiserver and respective client certificate to be regenerated without upgrading (#6403)
  • Add a script to collect necessary container images and register the images to local registry (#7024)
  • Major proxy rework on different playbooks (#7095)

Applications

  • Allow configuration of nodelabels in local_volume_provisioner (#6620)
  • [Openstack] Add external_openstack_lbaas_provider setting for occm (#6566)
  • [Openstack] Add security groups not managed by terraform (#6865)
  • [Openstack] Do not apply floating IP's before router port is created (#6887)
  • [Openstack] Add cluster-name to external-openstack-cloud-controller-manager (#7055)
  • [Azure / AWS] Added support for dynamic tags in AWS and Azure (#6752)

Container managers

  • [All] Remove libseccomp install tasks (#7074)
  • [Containerd] Add registry mirror support (#6962)
  • [Containerd] Ensure libseccomp is installed before starting containerd on CentOS 8 (#6922)
  • [Containerd] Add download run once feature (#6997)
  • [Containerd] Allow root path and state path to be configured (#7098)
  • [CRI-O] Use system default for storage driver by default (#6637)
  • [CRI-O] Ensure service is started and enabled (#6753)
  • [CRI-O] Reset is now working when CRI is set to CRI-O (#6812)
  • [CRI-O] Avoid extra restart after install and upgrade (#6882)
  • [CRI-O] Disable CRI-O restart by Multus (#6930)
  • [CRI-O] Add registry mirror support (#6977)
  • [CRI-O] Allow to enable download_run_once (#6998)
  • [Docker] Add CentOS 8 and Fedora 32 docker repository (#6747)

Network

  • [Weave] Add iptables_backend to weave options (#6639)
  • [Calico] Add support for Calico CNI host-local IPAM plugin (#6580)
  • [Calico] Added ability to set VXLAN vni and port. defaults to calico's documented default (#6678)
  • [Calico] default to using kdd datastore (#6693)
  • [Calico] Add retries to update calico-rr data in etcd through calicoctl (#6505)
  • [Calico] Handle calico-rr nodes as workers so they get upgraded too (#6447)
  • [Calico] Avoid POD restart during initial deploy (#6886)
  • [Calico] Add serviceExternalIPs option for calico installation (#6928)
  • [Calico] Update files to handle multi-asn bgp peering conditions (#6971)
  • [Calico] Blacklist Calico's VXLAN interface from NetworkManager (#7037)
  • [Calico] Check if inventory settings match cluster settings (#6969)
  • [Flannel] Add multi architeture support to flannel (#6166)

Other note worthy changes

  • Allow pre-existing floating IPs to be specified with k8s_master_fips (#6755)
  • Set ansible_python_interpreter to python3 on debian (#6633)
  • Allow resource management of metrics-server container (#6652)
  • Use "kubeadm join" to join masters to control plane (#6661)
  • Add new variable allowing additionnal audit webhook server configuration (#6726)
  • Add leader election timeouts and durations to available parameters (#6691)
  • Make sure node_ip is set if node is in etcd group (#6719)
  • Install etcdctl to host when etcd deployment type is kubeadm (#6857)
  • Chmod kubeconfig to avoid group-readable (#6800)
  • Hold the docker-ce-cli upgrade in Debian (#6995)
  • Removes apps tags from apps meta dependencies (#7041)
  • Change owner to root for bin_dir directory (#6814)
  • Add an option to disable globally applying a proxy to etc/yum.conf (#6828)
  • Set feature gates in kube-proxy ConfigMap (#6851)
  • Allow configuring container log limits for Kubelet (#6933) (see Notes)
  • Remove executable bit from yaml and j2 files (#6894)
  • Fails if kubeadm_version do not matches kubernetes version (#6302)
  • Disable docker-ce yum repo by default (#7080)
  • Improve reset with many tweak (#7094)
  • Small Proxy fixes (add svc,svc.{{ dns_domain }} to no_proxy) (#7102)
  • Restore ability to set pod eviction timer (#7114) (see Notes)
  • Add ping_access_ip variable to enable/disable ping test during preinstall. Enabled by default (#7020)
  • Remove unnecessary condition check when updating server field in kube-proxy kubeconfig (#7145)

Component versions:

  • Kubernetes v1.19.7
  • Etcd 3.4.13
  • Docker 19.03
  • Containerd 1.3.9
  • CRI-O 1.19
  • CNI-plugins v0.9.0
  • Calico v3.16.5
  • Cilium 1.8.6
  • Flannel 0.13.0
  • Kube-Router 1.1.1
  • Multus 3.6
  • Kube-ovn 1.5.2
  • Weave 2.7.0
  • CoreDNS 1.7.0
  • Nodelocaldns 1.16.0
  • Helm 3.3.4
  • Nginx-ingress 0.41.2
  • Cert-manager 1.0.4
  • Kubernetes Dashboard v2.1.0

Known issues

  • Ansible 2.10 is not supported and using it will results in errors (cf #7130)

Notes

  • Kubernetes Dashboard deployment needs to be explicitly configured with dashboard_enabled: true
  • Docker version for Fedora 33 needs to be set to 20.10 as they are the only packages available and validated
  • Two new variables are used for this use case kube_apiserver_pod_eviction_not_ready_timeout_seconds and kube_apiserver_pod_eviction_unreachable_timeout_seconds
  • Action required: users that relies on the default value of calico_datastore needs to explicitly configure their datastore choice.

Don't miss a new kubespray release

NewReleases is sending notifications on new releases.