Merge https://github.com/kubernetes-sigs/kubespray

Author: psychomantys

.gitlab-ci/kubevirt.yml

@@ -40,7 +40,6 @@ pr:
           - debian11-macvlan
           - debian12-cilium
           - fedora39-kube-router
-            # FIXME: this test if broken (perma-failing)
           - openeuler24-calico
           - rockylinux9-cilium
           - ubuntu22-calico-all-in-one
@@ -53,6 +52,7 @@ pr:
           - ubuntu24-kube-router-svc-proxy
           - ubuntu24-ha-separate-etcd
           - flatcar4081-calico
+          - fedora40-flannel-crio-collection-scale
 
 # The ubuntu24-calico-all-in-one jobs are meant as early stages to prevent running the full CI if something is horribly broken
 ubuntu24-calico-all-in-one:

.gitlab-ci/vagrant.yml

@@ -40,6 +40,8 @@ vagrant:
       when: on_success
     - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_PIPELINE_SCHEDULE_DESCRIPTION == "daily-ci"
       when: on_success
+    - when: manual
+      allow_failure: true
   parallel:
     matrix:
       - TESTCASE:

Vagrantfile

@@ -4,6 +4,8 @@
 # For help on using kubespray with vagrant, check out docs/developers/vagrant.md
 
 require 'fileutils'
+require 'ipaddr'
+require 'socket'
 
 Vagrant.require_version ">= 2.0.0"
 
@@ -99,6 +101,33 @@ $extra_vars ||= {}
 
 host_vars = {}
 
+def collect_networks(subnet, subnet_ipv6)
+  Socket.getifaddrs.filter_map do |iface|
+    next unless iface&.netmask&.ip_address && iface.addr
+
+    is_ipv6 = iface.addr.ipv6?
+    ip      = IPAddr.new(iface.addr.ip_address.split('%').first)
+    ip_test = is_ipv6 ? IPAddr.new("#{subnet_ipv6}::0") : IPAddr.new("#{subnet}.0")
+
+    prefix  = IPAddr.new(iface.netmask.ip_address).to_i.to_s(2).count('1')
+    network = ip.mask(prefix)
+
+    [IPAddr.new("#{network}/#{prefix}"), ip_test]
+  end
+end
+
+def subnet_in_use?(network_ips)
+  network_ips.any? { |net, test_ip| net.include?(test_ip) && test_ip != net }
+end
+
+network_ips = collect_networks($subnet, $subnet_ipv6)
+
+if subnet_in_use?(network_ips)
+  puts "Invalid subnet provided, subnet is already in use: #{$subnet}.0"
+  puts "Subnets in use: #{network_ips.inspect}"
+  exit 1
+end
+
 # throw error if os is not supported
 if ! SUPPORTED_OS.key?($os)
   puts "Unsupported OS: #{$os}"

docs/ansible/ansible.md

@@ -155,10 +155,6 @@ The following tags are defined in playbooks:
 | win_nodes                      | Running windows specific tasks                        |
 | youki                          | Configuring youki runtime                             |
 
-Note: Use the ``bash scripts/gen_tags.sh`` command to generate a list of all
-tags found in the codebase. New tags will be listed with the empty "Used for"
-field.
-
 ## Example commands
 
 Example command to filter and apply only DNS configuration tasks and skip

docs/ansible/ansible_collection.md

@@ -2,14 +2,13 @@
 
 Kubespray can be installed as an [Ansible collection](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html).
 
-## Requirements
-
-- An inventory file with the appropriate host groups. See the [README](../README.md#usage).
-- A `group_vars` directory. These group variables **need** to match the appropriate variable names under `inventory/local/group_vars`. See the [README](../README.md#usage).
-
 ## Usage
 
-1. Add Kubespray to your requirements.yml file
+1. Set up an inventory with the appropriate host groups and required group vars.
+   See also the documentation on [kubespray inventories](./inventory.md) and the
+   general ["Getting started" documentation](../getting_started/getting-started.md#building-your-own-inventory).
+
+2. Add Kubespray to your requirements.yml file
 
    ```yaml
    collections:
@@ -18,20 +17,20 @@ Kubespray can be installed as an [Ansible collection](https://docs.ansible.com/a
      version: master # use the appropriate tag or branch for the version you need
    ```
 
-2. Install your collection
+3. Install your collection
 
    ```ShellSession
    ansible-galaxy install -r requirements.yml
    ```
 
-3. Create a playbook to install your Kubernetes cluster
+4. Create a playbook to install your Kubernetes cluster
 
    ```yaml
    - name: Install Kubernetes
      ansible.builtin.import_playbook: kubernetes_sigs.kubespray.cluster
    ```
 
-4. Update INVENTORY and PLAYBOOK so that they point to your inventory file and the playbook you created above, and then install Kubespray
+5. Update INVENTORY and PLAYBOOK so that they point to your inventory file and the playbook you created above, and then install Kubespray
 
    ```ShellSession
    ansible-playbook -i INVENTORY --become --become-user=root PLAYBOOK

docs/developers/ci.md

@@ -28,7 +28,7 @@ amazon |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 debian11 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 debian12 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 fedora39 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
-fedora40 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
+fedora40 |  :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
 flatcar4081 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 openeuler24 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |
 rockylinux9 |  :x: | :x: | :x: | :x: | :x: | :x: | :x: |

inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml

@@ -25,15 +25,9 @@ calico_pool_blocksize: 26
 # add default ippool CIDR (must be inside kube_pods_subnet, defaults to kube_pods_subnet otherwise)
 # calico_pool_cidr: 1.2.3.4/5
 
-# add default ippool CIDR to CNI config
-# calico_cni_pool: true
-
 # Add default IPV6 IPPool CIDR. Must be inside kube_pods_subnet_ipv6. Defaults to kube_pods_subnet_ipv6 if not set.
 # calico_pool_cidr_ipv6: fd85:ee78:d8a6:8607::1:0000/112
 
-# Add default IPV6 IPPool CIDR to CNI config
-# calico_cni_pool_ipv6: true
-
 # Global as_num (/calico/bgp/v1/global/as_num)
 # global_as_num: "64512"
 

inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml

@@ -175,6 +175,10 @@ cilium_l2announcements: false
 ### Buffer size of the channel to receive monitor events.
 # cilium_hubble_event_queue_size: 50
 
+# Override the DNS suffix that Hubble-Relay uses to resolve its peer service.
+# It defaults to the inventory's `dns_domain`.
+# cilium_hubble_peer_service_cluster_domain: "{{ dns_domain }}"
+
 # IP address management mode for v1.9+.
 # https://docs.cilium.io/en/v1.9/concepts/networking/ipam/
 # cilium_ipam_mode: kubernetes

requirements.txt

@@ -1,6 +1,6 @@
 ansible==10.7.0
 # Needed for community.crypto module
-cryptography==45.0.4
+cryptography==45.0.5
 # Needed for jinja2 json_query templating
 jmespath==1.0.1
 # Needed for ansible.utils.ipaddr

roles/etcd/tasks/join_etcd-events_member.yml

@@ -19,7 +19,7 @@
     etcd_events_peer_addresses: >-
       {% for host in groups['etcd'] -%}
         {%- if hostvars[host]['etcd_events_member_in_cluster'].rc == 0 -%}
-          {{ "etcd" + loop.index | string }}="https://{{ hostvars[host].etcd_events_access_address | default(hostvars[host]['main_ip']) | ansible.utils.ipwrap }}:2382",
+          {{ "etcd" + loop.index | string }}=https://{{ hostvars[host].etcd_events_access_address | default(hostvars[host]['main_ip']) | ansible.utils.ipwrap }}:2382,
         {%- endif -%}
         {%- if loop.last -%}
           {{ etcd_member_name }}={{ etcd_events_peer_url }}