Deploy a Production Ready Kubernetes Cluster
The release intend to address GHSA-xr7r-f8xq-vfvv
The release intend to address GHSA-xr7r-f8xq-vfvv
The release intend to address GHSA-xr7r-f8xq-vfvv
crio_criu_support_enabled
to enable container forensic analysis (#10479, @tu1h)kubectl_alias
to set bash alias of kubectl (#10552, @tu1h)kube_proxy_ipvs_modules
) (#10580, @borgiacis)ami_name_pattern
/ami_virtualization_type
/ami_owners
) (#10520, @mertcancam)kube_apiserver_admission_plugins_podnodeselector_default_node_selector
that can be used with kube_apiserver_admission_plugins_needs_configuration: [PodNodeSelector]
defined. So allows the users to configure PodNodeSelector plugin. (#10607, @titansmc)anti_affinity_policy
to anti_affinity
) (#10474, @robinAwallace)cluster_name
variable instead of the default hardcoded "kubernetes" value (#10422, @floryut)cilium_hubble_tls_generate
is enabled (#10430, @toonalbers)kube_router_bgp_graceful_restart
optional setting for disabling graceful BGP restarts (default to true) (#10489, @rosskusler)kube_vip_lb_fwdmethod
option for kube-vip (#10762, @tu1h)crio_enable_nri
and containerd_nri_disable
) now only one var nri_enabled
default to false (#10470, @fmuyassarov)enable_cdi
to enable cdi (false by default) (#10603, @krembu)containerd_nri_disable
and crio_enable_nri
) (#10454, @fmuyassarov)override_path
(#10776, @yankay)docker_repo_key_keyring
) (#10513, @emiran-orange)maxUnavailable
of the coredns rolling update strategy to 1 (#10748, @tu1h)--logtostderr
from metrics-server (#10709, @michaelkebe)N/A
/etc/fstab
. #10587download.yml
path changed. #10626anti_affinity_policy
to anti_affinity
) #10474false
) [⚠️ NOTE users using a non-true value for calico_ipam_host_local will need to change it to true
] (#10639, @VannTen)cilium_hubble_tls_generate
is enabled (#10476, @toonalbers)crio_enable_nri
and containerd_nri_disable
) now only one var nri_enabled
default to false (#10496, @fmuyassarov)download.timeout
to update download timeout value (#10149, @yjqg6666)kubelet_topology_manager_scope
and kubelet_topoloy_manager_policy
) (#10370, @tu1h)SSL_CERT_FILE
for offline installation using custom CA for https proxy (#10215, @HappyFX)etcd_listen_metrics_urls
variable) (#10332, @forselli-stratio)containerd_registries_mirrors
(deprecate and remove containerd_insecure_registries
for containrd and nerdctl_extra_flags
and insecure_registry
setting for nerdctl (#10196, @yckaolalala)runroot
now needs to be setup in storage.conf instead of crio.conf (#10372, @floryut)github_image_repo
) to docs/offline-environment.md (#10265, @blackliner)reset_confirmation_prompt
variable in reset play (#10303, @Mishavint)systemd_resolved_disable_stub_listener
variable to disable systemd-resolved's stub listener, defaults to true
on Flatcar. (#9875, @cosandr)auto_attach
and syspurpose
in RHEL subscription Organization ID/Activation Key registration. (#10258, @yckaolalala)populate_inventory_to_hosts_file
is false (#10144, @rptaylor)N/A
containerd_registries_mirrors
(#10196, @yckaolalala)crun_bin_dir
unused variable, now using only bin_dir
var (#9845, @electrocucaracha)nerdctl_snapshotter
with default "overlayfs" value (#9979, @dmitrytretyakov)cert_manager_dns_policy|config
) (#9673, @ErikJiang)coredns_additional_configuration
variable to define extra Coredns configurations (#10025, @navidnabavi)coredns_rewrite_block
to perform internal message rewriting (#10045, @maxime1907)download_retries
(#9911, @tu1h)allow_unsupported_distribution_setup
(#9827, @XDRAGON2002)kube-profile
config to the kubeadm's kube-scheduler
config. (#9993, @yankay)kubelet_rotate_server_certificates
. (#9877, @j4m3s-s)dns_cpu_limit
value to support large scaled coredns deployments (#10103, @mzaian)kubelet_image_gc_high_threshold
and kubelet_image_gc_low_threshold
) (#9832, @zhan9san)containerd_use_config_path
config field. (#9770, @lengrongfu)metrics_server_nodeselector
, metrics_server_extra_affinity
,metrics_server_extra_tolerations
) (#9972, @pli01)disable_swap
variable with kubelet_fail_swap_on
(#10036, @Manuelraa)k8s-app: node-local-dns
(#9745, @stelucz)kube_apiserver_address
variable for advertiseAddress (#9967, @liupeng0518)calico_kubeconfig_wait_timeout
(#9994, @tu1h)external_openstack_cloud_controller_bind_address
(#9958, @dominykasn)etcd_deployment=host
(#9686, @tjanson)rhel_enable_repos
is false (#9973, @tu1h)cert_manager_trusted_internal_ca
manifest failing when dns policy is set (#9922, @peschmae)containerd_insecure_registries
=> move with_item
to with_dict
(#9729, @lengrongfu)kubelet_enforce_node_allocatable
variable (#9694, @Tristan971)become
(#9669, @chok)cluster.yml
playbook when vsphere_csi_namespace
is set to non-default (#9946, @eugene-marchanka)N/A
disable_host_nameservers
) to disable host nameservers (#9357, @eminaktas)populate_loadbalancer_apiserver_to_hosts_file
) to skip adding load balancer name in the hosts file (#9331, @JRaver)coredns_kubernetes_extra_opts
) (#9608, @mvandergiesen)dns_upstream_forward_extra_opts
) (#9311, @emiran-orange)ingress_nginx_probe_initial_delay_seconds
) for control initialDelaySeconds in ingress-nginx probes (#9405, @zvlb)vsphere_csi_block_volume_snapshot
) (#9429, @yanggangtony)metrics_server_replicas
) to enable HA mode (#9539, @ugur99)host_resolvconf
(#9378, @unai-ttxu)kube_override_hostname
is set (#9556, @chadswen)ruamel.yaml.clib
need to be updated to 0.2.7 (#9426, @olivierlemasle)additional_sysctl
(#9351, @yankay)kubeadm_patches
) (#9326, @titaneric)ETCD_LOG_LEVEL
) (#9540, @ErikJiang)coredns_kubernetes_extra_domains
) (#9635, @mvandergiesen)extra_ingress_firewalls
(#9658, @sathieu)v1.25.3
(#9500, @robinAwallace)kube_reserved
, see docs for more information) (#9209, @shelmingsong)containerd_base_runtime_spec_rlimit_nofile
, or remove base_runtime_spec
from runc runtime to revert to previous behaviour. (#9319, @fungusakafungus)config_path
var in config.toml.j2 file (#9566, @lengrongfu)calico_felix_mtu_iface_pattern
) (#9330, @shelmingsong)calico_felix_floating_ips
) (#9680, @MatthieuFin)cilium_enable_hubble
variable) (#9376, @ErikJiang)include
to import_playbook
in recover_control_plane playbook, to support ansible 2.12+ (#9576, @floryut)kube_control_plane
node. (#9430, @kerryeon)kube_apiserver_enable_admission_plugins
must be specified as a list of individual plugin names instead of a single item comma-separated list) (#9407, @willtrnr)csi-snapshotter-role
(#9610, @maxime1907)N/A