k3s_server: add kube_vip_arp parameter (#550 )

With the kube_vip_arp parameter it is possible to set or unset the vip_arp environment variable of the kube-vip-ds daemonset. The value of the kube_vip_arp is true by default to not change the existing default. Signed-off-by: Christian Berendt <berendt@osism.tech> Co-authored-by: Techno Tim <timothystewart6@gmail.com>
chore(deps): bump pre-commit from 3.7.1 to 3.8.0 (#549 )
2025-12-28 19:52:40 +01:00 · 2024-07-29 16:05:30 -05:00 · 2024-07-29 13:24:20 -05:00 · 2024-07-29 11:11:43 -05:00 · 2024-07-29 09:13:20 -05:00 · 2024-07-28 18:06:27 -05:00
10 changed files with 41 additions and 24 deletions
--- a/.github/workflows/cache.yml
+++ b/.github/workflows/cache.yml
@@ -11,19 +11,19 @@ jobs:

    steps:
      - name: Check out the codebase
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
        with:
          ref: ${{ github.event.pull_request.head.sha }}

      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # 5.1.0
+        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # 5.1.1
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          cache: 'pip' # caching pip dependencies

      - name: Cache Vagrant boxes
        id: cache-vagrant
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0.2
        with:
          lookup-only: true #if it exists, we don't need to restore and can skip the next step
          path: |
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -11,18 +11,18 @@ jobs:

    steps:
      - name: Check out the codebase
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
        with:
          ref: ${{ github.event.pull_request.head.sha }}

      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # 5.1.0
+        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # 5.1.1
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          cache: 'pip' # caching pip dependencies

      - name: Restore Ansible cache
-        uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0
+        uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0.2
        with:
          path: ~/.ansible/collections
          key: ansible-${{ hashFiles('collections/requirements.yml') }}
@@ -45,9 +45,9 @@ jobs:
    runs-on: self-hosted
    steps:
      - name: Checkout code
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
      - name: Ensure SHA pinned actions
-        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@2f2ebc6d914ab515939dc13f570f91baeb2c194c # 3.0.6
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@b88cd0aad2c36a63e42c71f81cb1958fed95ac87 # 3.0.10
        with:
          allowlist: |
            aws-actions/
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -21,7 +21,7 @@ jobs:

    steps:
      - name: Check out the codebase
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
        with:
          ref: ${{ github.event.pull_request.head.sha }}

@@ -59,13 +59,13 @@ jobs:
          EOF

      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # 5.1.0
+        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # 5.1.1
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          cache: 'pip' # caching pip dependencies

      - name: Restore vagrant Boxes cache
-        uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0
+        uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0.2
        with:
          path: ~/.vagrant.d/boxes
          key: vagrant-boxes-${{ hashFiles('**/molecule.yml') }}
@@ -118,7 +118,7 @@ jobs:

      - name: Upload log files
        if: always() # do this even if a step before has failed
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # 4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # 4.3.4
        with:
          name: logs
          path: |
--- a/inventory/sample/group_vars/all.yml
+++ b/inventory/sample/group_vars/all.yml
@@ -1,5 +1,5 @@
 ---
-k3s_version: v1.29.2+k3s1
+k3s_version: v1.30.2+k3s2
 # this is the user that has ssh access to these machines
 ansible_user: ansibleuser
 systemd_dir: /etc/systemd/system
@@ -13,13 +13,13 @@ flannel_iface: "eth0"
 # uncomment calico_iface to use tigera operator/calico cni instead of flannel https://docs.tigera.io/calico/latest/about
 # calico_iface: "eth0"
 calico_ebpf: false           # use eBPF dataplane instead of iptables
-calico_tag: "v3.27.2"        # calico version tag
+calico_tag: "v3.28.0"        # calico version tag

 # uncomment cilium_iface to use cilium cni instead of flannel or calico
 # ensure v4.19.57, v5.1.16, v5.2.0 or more recent kernel
 # cilium_iface: "eth0"
 cilium_mode: "native"        # native when nodes on same subnet or using bgp, else set routed
-cilium_tag: "v1.15.2"        # cilium version tag
+cilium_tag: "v1.16.0"        # cilium version tag
 cilium_hubble: true          # enable hubble observability relay and ui

 # if using calico or cilium, you may specify the cluster pod cidr pool
@@ -72,7 +72,7 @@ extra_agent_args: >-
  {{ extra_args }}

 # image tag for kube-vip
-kube_vip_tag_version: "v0.7.2"
+kube_vip_tag_version: "v0.8.2"

 # tag for kube-vip-cloud-provider manifest
 # kube_vip_cloud_provider_tag_version: "main"
@@ -93,8 +93,8 @@ metal_lb_mode: "layer2"
 # metal_lb_bgp_peer_address: "192.168.30.1"

 # image tag for metal lb
-metal_lb_speaker_tag_version: "v0.14.3"
-metal_lb_controller_tag_version: "v0.14.3"
+metal_lb_speaker_tag_version: "v0.14.8"
+metal_lb_controller_tag_version: "v0.14.8"

 # metallb ip range for load balancer
 metal_lb_ip_range: "192.168.30.80-192.168.30.90"
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,7 +6,7 @@
 #
 ansible-compat==4.1.11
    # via molecule
-ansible-core==2.17.0
+ansible-core==2.17.2
    # via
    #   -r requirements.in
    #   ansible-compat
@@ -96,7 +96,7 @@ platformdirs==4.1.0
    # via virtualenv
 pluggy==1.3.0
    # via molecule
-pre-commit==3.7.1
+pre-commit==3.8.0
    # via -r requirements.in
 pre-commit-hooks==4.6.0
    # via -r requirements.in
--- a/roles/k3s_server/defaults/main.yml
+++ b/roles/k3s_server/defaults/main.yml
@@ -4,6 +4,9 @@
 # will determine the right interface automatically at runtime.
 kube_vip_iface: null

+# Enables ARP broadcasts from Leader
+kube_vip_arp: true
+
 # Name of the master group
 group_name_master: master

--- a/roles/k3s_server/tasks/main.yml
+++ b/roles/k3s_server/tasks/main.yml
@@ -29,7 +29,7 @@
 - name: Deploy metallb manifest
  include_tasks: metallb.yml
  tags: metallb
-  when: kube_vip_lb_ip_range is not defined and (cilium_bgp is not defined or cilium_iface is not defined)
+  when: kube_vip_lb_ip_range is not defined and (not cilium_bgp or cilium_iface is not defined)

 - name: Deploy kube-vip manifest
  include_tasks: kube-vip.yml
--- a/roles/k3s_server/templates/vip.yaml.j2
+++ b/roles/k3s_server/templates/vip.yaml.j2
@@ -27,7 +27,7 @@ spec:
        - manager
        env:
        - name: vip_arp
-          value: "true"
+          value: "{{ 'true' if kube_vip_arp | bool else 'false' }}"
        - name: port
          value: "6443"
 {% if kube_vip_iface %}
--- a/roles/k3s_server_post/tasks/main.yml
+++ b/roles/k3s_server_post/tasks/main.yml
@@ -12,7 +12,7 @@
 - name: Deploy metallb pool
  include_tasks: metallb.yml
  tags: metallb
-  when: kube_vip_lb_ip_range is not defined and (cilium_bgp is not defined or cilium_iface is not defined)
+  when: kube_vip_lb_ip_range is not defined and (not cilium_bgp or cilium_iface is not defined)

 - name: Remove tmp directory used for manifests
  file:
--- a/roles/k3s_server_post/tasks/metallb.yml
+++ b/roles/k3s_server_post/tasks/metallb.yml
@@ -83,9 +83,23 @@
  loop_control:
    label: "{{ item.description }}"

+- name: Set metallb webhook service name
+  set_fact:
+    metallb_webhook_service_name: >-
+      {{
+        (
+          (metal_lb_controller_tag_version | regex_replace('^v', ''))
+          is
+          version('0.14.4', '<', version_type='semver')
+        ) | ternary(
+          'webhook-service',
+          'metallb-webhook-service'
+        )
+      }}
+
 - name: Test metallb-system webhook-service endpoint
  command: >-
-    k3s kubectl -n metallb-system get endpoints webhook-service
+    k3s kubectl -n metallb-system get endpoints {{ metallb_webhook_service_name }}
  changed_when: false
  with_items: "{{ groups[group_name_master | default('master')] }}"
  run_once: true
Author	SHA1	Message	Date
Christian Berendt	668d7fb896	k3s_server: add kube_vip_arp parameter (#550 ) With the kube_vip_arp parameter it is possible to set or unset the vip_arp environment variable of the kube-vip-ds daemonset. The value of the kube_vip_arp is true by default to not change the existing default. Signed-off-by: Christian Berendt <berendt@osism.tech> Co-authored-by: Techno Tim <timothystewart6@gmail.com>	2024-07-29 16:05:30 -05:00
dependabot[bot]	6cee0e9051	chore(deps): bump pre-commit from 3.7.1 to 3.8.0 (#549 ) Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 3.7.1 to 3.8.0. - [Release notes](https://github.com/pre-commit/pre-commit/releases) - [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md) - [Commits](https://github.com/pre-commit/pre-commit/compare/v3.7.1...v3.8.0) --- updated-dependencies: - dependency-name: pre-commit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Techno Tim <timothystewart6@gmail.com>	2024-07-29 13:24:20 -05:00
dependabot[bot]	6823ad51d5	chore(deps): bump ansible-core from 2.17.0 to 2.17.2 (#544 ) Bumps [ansible-core](https://github.com/ansible/ansible) from 2.17.0 to 2.17.2. - [Release notes](https://github.com/ansible/ansible/releases) - [Commits](https://github.com/ansible/ansible/compare/v2.17.0...v2.17.2) --- updated-dependencies: - dependency-name: ansible-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Techno Tim <timothystewart6@gmail.com>	2024-07-29 11:11:43 -05:00
dependabot[bot]	1a521ea0d9	chore(deps): bump actions/setup-python from 5.1.0 to 5.1.1 (#541 ) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.0 to 5.1.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](`82c7e631bb...39cd14951b`) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Techno Tim <timothystewart6@gmail.com>	2024-07-29 09:13:20 -05:00
dependabot[bot]	e48bb6df26	chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 (#538 ) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.3 to 4.3.4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](`65462800fd...0b2256b8c0`) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Techno Tim <timothystewart6@gmail.com>	2024-07-28 18:06:27 -05:00
dependabot[bot]	36893c27fb	chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#536 ) Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) from 3.0.6 to 3.0.10. - [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases) - [Commits](`2f2ebc6d91...b88cd0aad2`) --- updated-dependencies: - dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-07-28 16:27:55 -05:00
Techno Tim	e8cd10d49b	chore(deps): Updated all k8s components (#532 ) * chore(deps): Updated all k8s components * Metallb 0.14.4 support (#533) * Added support for metallb >= 0.14.4 * update gpg * Added support for metallb >= 0.14.4 * remove extra file --------- Co-authored-by: Konstantin Kornienko <k.kornienko@postgrespro.ru> Co-authored-by: Konstantin Kornienko <konstantin.kornienko@gmail.com> * chore(deps): Updated actions * chore(dependencies): Roll back ansible-core * chore(deps): Updated kube-vip * chore(deps): Updated dependencies * chore(deps): Updated dependencies * fix(cilium): fixing logic * fix(cilium): fixing logic --------- Co-authored-by: Konstantin Kornienko <k.kornienko@postgrespro.ru> Co-authored-by: Konstantin Kornienko <konstantin.kornienko@gmail.com>	2024-07-28 14:29:32 -05:00
Timothy Stewart	b86156b995	chore(deps): Updated actions	2024-06-19 12:33:21 -05:00