Max Gautier
Max Gautier
> The modifications: > > - Set iptables default policies to ACCEPT before modifications > - Add explicit rules to preserve SSH port connectivity > - Selectively remove Kubernetes-related iptables...
Closing (no response from contributor). Thanks for the time you took though :+1:
> Install the cluster with calico ebpf enabled. > Remove Kube-proxy DS kube-proxy should not be deployed in the first place when calico_bpf_enabled is true, see https://github.com/kubernetes-sigs/kubespray/blob/4b9349a052ba181b110dd4d751c8ccc153e22207/roles/kubespray-defaults/defaults/main/main.yml#L41 (kubeadm handle the...
Hum, not sure. We should check if it's a template for kubeadm config, but presumably we should renew those on upgrade. Maybe kubeadm create a config map in the cluster...
Hum, maybe it's because kubeadm does not bother removing kube-proxy (or can't ) ?
/remove-lifecycle rotten /lifecyle frozen
/lifecycle frozen
fix: GatewayAPI installation, condition not satisfied when role called with delegate_to and run_once
> When gateway_api_enabled is set to true, GatewayAPI is installed using role kubernetes-apps/gateway_api Since Kubespray 2.28.0, the role is called with delegate_to: "{{ groups['kube_control_plane'][0] }}" i.e. first control plane node...
fix: GatewayAPI installation, condition not satisfied when role called with delegate_to and run_once
No, as explained, run_once + delegate_to run on the delegated host, once, (instead of one for each host in the play).
fix: GatewayAPI installation, condition not satisfied when role called with delegate_to and run_once
Run_once does not select necessarily the first host, it's random (or at least, undefined). But yes, you're correct IIRC than the variables are still those of the original host, in...