Skip to content

v2.25.0
Compare
Choose a tag to compare
@mzaian mzaian released this 21 May 10:01
· 270 commits to master since this release
v2.25.0
7e0a407
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Deprecation / Removal

Feature / Major Changes

  • A check is introduced to fail the playbook if cgroups are not enabled on the node (#11165, @franznemeth)
  • Add Calico v3.27.3 and make it default (#11141, @pomland-94)
  • Add extra_vars support to vagrant setup (#10932, @VannTen)
  • Add kube-vip LeaderElection variables vip_leaseduration, vip_renewdeadline, vip_retryperiod options for kube-vip (#11021, @KubeKyrie)
  • Add new option remove_anonymous_access to prevent granting RBAC permissions to anonymous users. (#11016, @nicolas-goudry)
  • Add scheduler plugins support (scheduler_plugins_enabled enable or disable the installation scheduler plugins / scheduler_plugins_enabled_plugins describe the enabled plugins / scheduler_plugins_diabled_plugins describe the disabled plugins / scheduler_plugins_plugin_config set the custom config for enabled plugins) (#10747, @tu1h)
  • Added a config option to filter ntp interfaces (#11066, @Pavan-Gunda)
  • Adding egress IPv6 for node-local-dns queries (k8s_allowed_egress_ipv6_ips) (#10396, @raviranjanelastisys)
  • Bump docker version for kylin linux (#11203, @ErikJiang)
  • Bump docker version for openeuler linux (#11206, @ErikJiang)
  • Update almalinux-8 base image to 8.9 (#10918, @VannTen)
  • Bumping checksums and various versions (#10999, @MrFreezeex)
  • Containerd: allow to configure fallback server (#10988, @sathieu)
  • Docker upgrade from 24.0 to 26.1 (#11198, @tico88612)
  • Download hash script: auto discover versions (#10849, @VannTen)
  • Enable configuring mountOptions, reclaimPolicy and volumeBindingMode for cinder-csi StorageClasses. (#10450, @Payback159)
  • Make containerd v1.7.15 default (#11083, @Payback159)
  • Make kubernetes v1.28.6 default (#10810, @mzaian)
  • Make kubernetes v1.29.1 default
    Remove SecCompDefault feature gate from hardening configuration for kubernetes 1.29 (#10820, @tmurakam)
  • Make kubernetes v1.29.2 default (#10919, @mzaian)
  • Make kubernetes v1.29.3 default (#11035, @mzaian)
  • Make kubernetes v1.29.4 default (#11108, @mzaian)
  • Make kubernetes v1.29.5 default (#11196, @mzaian)
  • Metallb: added metallb_namespace variable to parameterize namespace (#11136, @oik741)
  • OpenStack Cloud Controller Manager upgrade to 1.28.2 (#11174, @tico88612)
  • Opensuse deployment is now tested in CI. (#11159, @VannTen)
  • Add selinux-ng repo in Amazon Linux to install container-selinux (#11182, @yankay)
  • Add CI Image for Ubuntu 24.04 (#11167, @yankay)
  • Allows .vagrant folder location to be configured (#10718, @kri5)
  • Prevent nodelocaldns to be OOM-killed (#11056, @sathieu)
  • Support Node Feature Discovery (#10861, @yankay)
  • Support Ubuntu 24.04 (#11132, @tico88612)
  • Support following k8s version selection pause image (#10756, @my-git9)
  • The variable old_dns_domains (list) can be used for backward compatibility when changing dns_domain (#10630, @VannTen)
  • Update external huawei cloud controller to 0.26.6 (#10824, @dabeck)
  • Update external huawei cloud controller to 0.26.8 (#11172, @dabeck)
  • Update kube-vip to v0.8.0 (#11156, @jisnardo)
  • Update metrics server to v0.7.0 (#10856, @mzaian)
  • Updated ingress controller version to 1.9.6 (#10868, @kundan2707)
  • User has a possibility to modify Service type with "ingress_nginx_service_type" property in addons. (#10925, @chrxmvtik)
  • [Terraform-openstack] Added possibility to build an octavia loadbalancer for the Kubernetes Api. (#10924, @jaszil)
  • [containerd] added distributed tracing config variables for containerd (containerd_tracing_enabled,containerd_tracing_endpoint,containerd_tracing_protocol, containerd_tracing_sampling_ratio,containerd_tracing_service_name ); it is disabled by default. (#11103, @ugur99)
  • [etcd] Default version to 3.5.12 for k8s 1.27 , 1.28 , 1.29 (#11036, @mzaian)
  • Minimum ansible-core version is now 2.16.4 (#10984, @VannTen)
  • Remove the archived debian apt repository when installing docker-engine (#11088, @yankay)
  • Change dependbot interval to weekly (#11189, @yankay)
  • Allow specifying CPU Manager Policy options through kubelet_cpu_manager_policy_options (#11023, @derselbst)
  • [kube-apiserver] added distributed tracing config variables for kube-apiserver (kube_apiserver_tracing,kube_apiserver_tracing_endpoint,kube_apiserver_tracing_sampling_rate_per_million); it is disabled by default.
    [kubelet] added distributed tracing config variables for kubelet (kubelet_tracing,kubelet_tracing_endpoint,kubelet_tracing_sampling_rate_per_million); it is disabled by default. (#10795, @ugur99)

Applications

Network

  • Adds support for cilium v1.15
    • Adds support for cilium_l2announcements to replace metallb with cilium l2 announcements, defaults to false
    • Adds support for cilium_loadbalancer_mode to switch bpf-lb-mode between snat, dsr or hybrid, default to snat (#11106, @deveshk0)
  • Adds the option to install calico 3.27.3 (#11059, @danielfrg)
  • [calico] Update default calico to v3.27.2 (#10960, @mzaian)

Container-Managers

API Change

Design

  • Merge stop and remove systemd service task in reset/tasks/main.yml (#10902, @kimsehwan96)

Documentation

  • Add documentation for configuring nat outgoing ipv6 (#10866, @anders-elastisys)
  • Add new OpenStack Cloud for terraform (#10910, @DragomirAlin)
  • BREAKING CHANGE: This script is introduced to facilitate living documentation and its administration. This leads to a restructuring in the documentation at https://kubespray.io/#/ to simplify the automatic creation of links, as the structure in the sidebar changes. (#11128, @Payback159)
  • Change a task name Ensure kube-bench parameters are set into Ensure kubelet expected parameters are set in roles/kubernetes/preinstall/tasks/0080-system-configurations.yml for a clearer understanding of its operation (#11171, @kimsehwan96)
  • Do not disable SELinux surreptitiously (#10920, @rptaylor)
  • Doc clarification: skipping patches releases is OK (#10850, @VannTen)
  • Docs: vagrant-libvirt is tested in CI (#10847, @VannTen)
  • Explicit private/public nature of *ip vars (#10904, @VannTen)
  • Fix typo in vagrant.md (#10836, @kundan2707)
  • Fix typo mistake in roles/kubernetes/control-plane/tasks/define-first-kube-control.yml (#10835, @kimsehwan96)
  • Fixed typos in inventory/sample/group_vars/k8s_cluster (#10911, @arahmangulov)
  • Kubespray used as a collection will have the correct collection version (#10727, @VannTen)
  • Make large-deployments.md link to downloads.md (#10840, @spantaleev)
  • Removed not needed graduated feature gates. (#10448, @Smidra)
  • Update upgrades.md with serial=1 for rolling updates (#10837, @titansmc)
  • Variable cilium_ipsec_key must be base64 encoded (#10781, @ledroide)

Bug or Regression

  • Added an optional variable (cni_bin_owner) to allow the user to set a different owner for /opt/cni/bin/ and it's contents. (#10929, @Rickkwa)
  • Change the position of the containerd_extra_args parameter to enhance its universality. (#11013, @qcu266)
  • Configure crio container runtime to use kube reserved cgroup (#11028, @pedro-peter)
  • Don't overwrite changes to openstack allowed_address_pairs #10760 (#10760, @rptaylor)
  • Download cache directory permissions are no longer reset recursively (#10900, @VannTen)
  • Fix ClusterRole for Calico >=v1.26.x with Calico API Server installed (#11089, @RaSerge)
  • Fix ansible parameter ssh_args in ansible.cfg file not work (#10981, @joy717)
  • Fix boostrap for Amazon Linux (#11139, @VannTen)
  • Fix crio registries config file when using slashes in the registry path (#11030, @pedro-peter)
  • Fix file loss during download (#10779, @ErikJiang)
  • Fix kubespray-defaults: Check for boostrap-os FQCN (#11073, @KubeKyrie)
  • Fix local path provisioner image repo in sample inventory. (#11180, @tico88612)
  • Fix logical error when checking for boostrap-os (#10867, @VannTen)
  • Fix lsattr command error when kubelet has symbolic link (#11074, @KubeKyrie)
  • Fix network manage service of Debian 12 (#11058, @KubeKyrie)
  • Fix nginx controller leader election RBAC (#10913, @VannTen)
  • Fix python regex matching problem when finding docker packages (#11075, @KubeKyrie)
  • Fix waiting for MetalLB controller (#10858, @flxbwr)
  • Fix(kubernetes): taint nodes on cluster upgrade (#10705, @maxime1907)
  • Fix: config hostname as string type in kubeadmConfig rendering (#10997, @ErikJiang)
  • Fixes running recover-control-plane.yml with offline broken etcd nodes. (#10660, @yuha0)
  • Revert OCCM standard dnsPolicy to ClusterFirst to fix #10914 which was introduced with #10618 and make dnsPolicy configurable to furthermore support #10618 (#11168, @Payback159)
  • Force update helm repo if exists on host (#11043, @LuckySB)
  • Kubespray ansible version checks are now performed even when running with --limit (#10908, @VannTen)
  • None. (#11061, @bmelbourne)
  • Revert crictl version (#11042, @ErikJiang)
  • The script manage-offline-container-images.sh now supports additional environment variables, e.g. it is now possible use the script to pull images listed in a file instead of checking images in a running cluster. (#10857, @anders-elastisys)
  • Update Snapshot Controller to 7.0.2 for all supported Kubernetes versions. (#11041, @jess-sol)
  • Workaround for terraform bug related to no_floating and extra_groups (#10764, @rptaylor)
  • [etcd] fixes wrong distributed tracing flag for etcd (#11175, @ugur99)
  • Correct the POLY1305 cipher suites by adding the suffix _SHA256 (#10641, @yckaolalala)

Other (Cleanup or Flake)

Supported Components

Known issues

N/A

Contributors

kri5, tmurakam, and 53 other contributors
Assets 2
Loading