Deploy a Production Ready Kubernetes Cluster
vip_leaseduration, vip_renewdeadline, vip_retryperiod
options for kube-vip (#11021, @KubeKyrie)remove_anonymous_access
to prevent granting RBAC permissions to anonymous users. (#11016, @nicolas-goudry)scheduler_plugins_enabled
enable or disable the installation scheduler plugins / scheduler_plugins_enabled_plugins
describe the enabled plugins / scheduler_plugins_diabled_plugins
describe the disabled plugins / scheduler_plugins_plugin_config
set the custom config for enabled plugins) (#10747, @tu1h)k8s_allowed_egress_ipv6_ips
) (#10396, @raviranjanelastisys)selinux-ng
repo in Amazon Linux to install container-selinux
(#11182, @yankay)old_dns_domains
(list) can be used for backward compatibility when changing dns_domain
(#10630, @VannTen)containerd_tracing_enabled
,containerd_tracing_endpoint
,containerd_tracing_protocol
, containerd_tracing_sampling_ratio
,containerd_tracing_service_name
); it is disabled by default. (#11103, @ugur99)dependbot
interval to weekly (#11189, @yankay)kube_apiserver_tracing
,kube_apiserver_tracing_endpoint
,kube_apiserver_tracing_sampling_rate_per_million
); it is disabled by default.
[kubelet] added distributed tracing config variables for kubelet (kubelet_tracing
,kubelet_tracing_endpoint
,kubelet_tracing_sampling_rate_per_million
); it is disabled by default. (#10795, @ugur99)dns_mode: coredns_dual
is now tested in CI. (#10903, @VannTen)cilium_l2announcements
to replace metallb with cilium l2 announcements, defaults to false
cilium_loadbalancer_mode
to switch bpf-lb-mode between snat, dsr or hybrid, default to snat
(#11106, @deveshk0)discard_unpacked_layers
to save some space (see https://github.com/containerd/containerd/discussions/6295) (#10905, @VannTen)Ensure kube-bench parameters are set
into Ensure kubelet expected parameters are set
in roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
for a clearer understanding of its operation (#11171, @kimsehwan96)cni_bin_owner
) to allow the user to set a different owner for /opt/cni/bin/
and it's contents. (#10929, @Rickkwa)recover-control-plane.yml
with offline broken etcd nodes. (#10660, @yuha0)--limit
(#10908, @VannTen)manage-offline-container-images.sh
now supports additional environment variables, e.g. it is now possible use the script to pull images listed in a file instead of checking images in a running cluster. (#10857, @anders-elastisys)N/A
The release intend to address GHSA-xr7r-f8xq-vfvv
The release intend to address GHSA-xr7r-f8xq-vfvv
The release intend to address GHSA-xr7r-f8xq-vfvv
crio_criu_support_enabled
to enable container forensic analysis (#10479, @tu1h)kubectl_alias
to set bash alias of kubectl (#10552, @tu1h)kube_proxy_ipvs_modules
) (#10580, @borgiacis)ami_name_pattern
/ami_virtualization_type
/ami_owners
) (#10520, @mertcancam)kube_apiserver_admission_plugins_podnodeselector_default_node_selector
that can be used with kube_apiserver_admission_plugins_needs_configuration: [PodNodeSelector]
defined. So allows the users to configure PodNodeSelector plugin. (#10607, @titansmc)anti_affinity_policy
to anti_affinity
) (#10474, @robinAwallace)cluster_name
variable instead of the default hardcoded "kubernetes" value (#10422, @floryut)cilium_hubble_tls_generate
is enabled (#10430, @toonalbers)kube_router_bgp_graceful_restart
optional setting for disabling graceful BGP restarts (default to true) (#10489, @rosskusler)kube_vip_lb_fwdmethod
option for kube-vip (#10762, @tu1h)crio_enable_nri
and containerd_nri_disable
) now only one var nri_enabled
default to false (#10470, @fmuyassarov)enable_cdi
to enable cdi (false by default) (#10603, @krembu)containerd_nri_disable
and crio_enable_nri
) (#10454, @fmuyassarov)override_path
(#10776, @yankay)docker_repo_key_keyring
) (#10513, @emiran-orange)maxUnavailable
of the coredns rolling update strategy to 1 (#10748, @tu1h)--logtostderr
from metrics-server (#10709, @michaelkebe)N/A
/etc/fstab
. #10587download.yml
path changed. #10626anti_affinity_policy
to anti_affinity
) #10474false
) [⚠️ NOTE users using a non-true value for calico_ipam_host_local will need to change it to true
] (#10639, @VannTen)cilium_hubble_tls_generate
is enabled (#10476, @toonalbers)crio_enable_nri
and containerd_nri_disable
) now only one var nri_enabled
default to false (#10496, @fmuyassarov)download.timeout
to update download timeout value (#10149, @yjqg6666)kubelet_topology_manager_scope
and kubelet_topoloy_manager_policy
) (#10370, @tu1h)SSL_CERT_FILE
for offline installation using custom CA for https proxy (#10215, @HappyFX)etcd_listen_metrics_urls
variable) (#10332, @forselli-stratio)containerd_registries_mirrors
(deprecate and remove containerd_insecure_registries
for containrd and nerdctl_extra_flags
and insecure_registry
setting for nerdctl (#10196, @yckaolalala)runroot
now needs to be setup in storage.conf instead of crio.conf (#10372, @floryut)github_image_repo
) to docs/offline-environment.md (#10265, @blackliner)reset_confirmation_prompt
variable in reset play (#10303, @Mishavint)systemd_resolved_disable_stub_listener
variable to disable systemd-resolved's stub listener, defaults to true
on Flatcar. (#9875, @cosandr)auto_attach
and syspurpose
in RHEL subscription Organization ID/Activation Key registration. (#10258, @yckaolalala)populate_inventory_to_hosts_file
is false (#10144, @rptaylor)N/A
containerd_registries_mirrors
(#10196, @yckaolalala)crun_bin_dir
unused variable, now using only bin_dir
var (#9845, @electrocucaracha)nerdctl_snapshotter
with default "overlayfs" value (#9979, @dmitrytretyakov)cert_manager_dns_policy|config
) (#9673, @ErikJiang)coredns_additional_configuration
variable to define extra Coredns configurations (#10025, @navidnabavi)coredns_rewrite_block
to perform internal message rewriting (#10045, @maxime1907)download_retries
(#9911, @tu1h)allow_unsupported_distribution_setup
(#9827, @XDRAGON2002)kube-profile
config to the kubeadm's kube-scheduler
config. (#9993, @yankay)kubelet_rotate_server_certificates
. (#9877, @j4m3s-s)dns_cpu_limit
value to support large scaled coredns deployments (#10103, @mzaian)kubelet_image_gc_high_threshold
and kubelet_image_gc_low_threshold
) (#9832, @zhan9san)containerd_use_config_path
config field. (#9770, @lengrongfu)metrics_server_nodeselector
, metrics_server_extra_affinity
,metrics_server_extra_tolerations
) (#9972, @pli01)disable_swap
variable with kubelet_fail_swap_on
(#10036, @Manuelraa)k8s-app: node-local-dns
(#9745, @stelucz)kube_apiserver_address
variable for advertiseAddress (#9967, @liupeng0518)calico_kubeconfig_wait_timeout
(#9994, @tu1h)external_openstack_cloud_controller_bind_address
(#9958, @dominykasn)etcd_deployment=host
(#9686, @tjanson)rhel_enable_repos
is false (#9973, @tu1h)cert_manager_trusted_internal_ca
manifest failing when dns policy is set (#9922, @peschmae)containerd_insecure_registries
=> move with_item
to with_dict
(#9729, @lengrongfu)kubelet_enforce_node_allocatable
variable (#9694, @Tristan971)become
(#9669, @chok)cluster.yml
playbook when vsphere_csi_namespace
is set to non-default (#9946, @eugene-marchanka)N/A