openstack
/
kuryr-kubernetes
Code Issues Proposed changes

Use kubeadm for installing Kubernetes on devstack. 

Till now, for installing kuryr-kubernetes and one of the crucial service
- kubernetes, there has been used manual method for installing it in
specified version. Over time it became a burden to follow requirements
and constraints, therefore decision has been made to use recommended way
of installing Kubernetes - kubeadm. In this patch devstack installation
of the kuryr-kubernetes and its dependences has been heavily reworked.

Other than that, OpenShift related functions has been removed, since
they were all outdated and non-working for the long time.

Change-Id: Ife21874c0a71ba07723094c0f880aabcf5825b77
This commit is contained in:
Roman Dobosz 2021-02-24 12:18:13 +01:00
parent d6dfe4b074
commit c034b0060e
14 changed files with 1033 additions and 2057 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.zuul.d/base.yaml
View File

@ -45,7 +45,7 @@
Q_ML2_TENANT_NETWORK_TYPE: vxlan
Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch,linuxbridge
ML2_L3_PLUGIN: router
KURYR_K8S_API_PORT: 8080
KURYR_K8S_API_PORT: 6443
TEMPEST_PLUGINS: '/opt/stack/kuryr-tempest-plugin'
KURYR_K8S_CLOUD_PROVIDER: false
ETCD_USE_RAMDISK: true
@ -84,12 +84,8 @@
g-api: true
g-reg: true
etcd3: true
kubernetes-api: true
kubernetes-controller-manager: true
kubernetes-scheduler: true
kubelet: true
kubernetes-master: true
kuryr-kubernetes: true
kuryr-daemon: true
coredns: false
neutron-tag-ports-during-bulk-creation: true
zuul_copy_output:
@ -123,7 +119,7 @@
Q_ML2_TENANT_NETWORK_TYPE: vxlan
Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch,linuxbridge
ML2_L3_PLUGIN: router
KURYR_K8S_API_PORT: 8080
KURYR_K8S_API_PORT: 6443
Q_BUILD_OVS_FROM_GIT: true
KURYR_K8S_CLOUD_PROVIDER: false
ETCD_USE_RAMDISK: true
@ -160,12 +156,8 @@
g-api: true
g-reg: true
etcd3: true
kubernetes-api: true
kubernetes-controller-manager: true
kubernetes-scheduler: true
kubelet: true
kubernetes-master: true
kuryr-kubernetes: true
kuryr-daemon: true
coredns: false
neutron-tag-ports-during-bulk-creation: true
zuul_copy_output:

23
.zuul.d/multi-vif.yaml
View File

@ -1,23 +0,0 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- job:
name: kuryr-kubernetes-tempest-openshift-multi-vif
parent: kuryr-kubernetes-tempest-openshift
description: |
Kuryr-Kubernetes tempest job using Openshift and NPWG multi-vif driver
vars:
devstack_localrc:
KURYR_MULTI_VIF_DRIVER: npwg_multiple_interfaces
voting: false

12
.zuul.d/multinode.yaml
View File

@ -33,14 +33,11 @@
# Need to disable dstat due to bug https://github.com/dstat-real/dstat/pull/162
dstat: false
kuryr-kubernetes: false
kubernetes-api: false
kubernetes-controller-manager: false
kubernetes-scheduler: false
kubelet: true
kubernetes-worker: true
kubernetes-master: false
tls-proxy: false
c-vol: false
c-bak: false
kuryr-daemon: true
devstack_localrc:
KURYR_FORCE_IMAGE_BUILD: true
KURYR_K8S_CONTAINERIZED_DEPLOYMENT: true
@ -52,8 +49,7 @@
KURYR_K8S_MULTI_WORKER_TESTS: True
devstack_services:
tls-proxy: false
kubelet: true
kuryr-daemon: true
kubernetes-worker: true
voting: false
- job:
@ -73,4 +69,4 @@
devstack-plugin-container: https://opendev.org/openstack/devstack-plugin-container
kuryr-kubernetes: https://opendev.org/openstack/kuryr-kubernetes
devstack_services:
kubelet: true
kubernetes-worker: true

39
.zuul.d/octavia.yaml
View File

@ -40,6 +40,7 @@
health_update_threads: 2
stats_update_threads: 2
devstack_services:
kuryr-daemon: true
octavia: true
o-api: true
o-cw: true
@ -103,27 +104,6 @@
devstack_localrc:
KURYR_K8S_OCTAVIA_MEMBER_MODE: L2
- job:
name: kuryr-kubernetes-tempest-openshift
parent: kuryr-kubernetes-tempest
description: |
Kuryr-Kubernetes tempest job using OpenShift
vars:
devstack_localrc:
DOCKER_CGROUP_DRIVER: "systemd"
KURYR_ENABLED_HANDLERS: vif,endpoints,service,namespace,pod_label,policy,kuryrnetworkpolicy,kuryrnetwork,kuryrport,kuryrloadbalancer
KURYR_SG_DRIVER: policy
KURYR_SUBNET_DRIVER: namespace
devstack_services:
kubernetes-api: false
kubernetes-controller-manager: false
kubernetes-scheduler: false
kubelet: false
coredns: true
openshift-master: true
openshift-node: true
voting: false
- job:
name: kuryr-kubernetes-tempest-containerized-pools-namespace
description: |
@ -150,23 +130,6 @@
KURYR_SG_DRIVER: policy
KURYR_SUBNET_DRIVER: namespace
- job:
name: kuryr-kubernetes-tempest-containerized-openshift
description: Tempest with containers and OpenShift
parent: kuryr-kubernetes-tempest-openshift
vars:
devstack_localrc:
KURYR_K8S_CONTAINERIZED_DEPLOYMENT: true
- job:
name: kuryr-kubernetes-tempest-containerized-openshift-serial
description: Tempest running in serial, containers and OpenShift
parent: kuryr-kubernetes-tempest-containerized-openshift
vars:
devstack_localrc:
KURYR_K8S_SERIAL_TESTS: True
tempest_concurrency: 1
- job:
name: kuryr-kubernetes-tempest-containerized-crio
parent: kuryr-kubernetes-tempest-containerized

4
.zuul.d/project.yaml
View File

@ -35,12 +35,8 @@
experimental:
jobs:
- kuryr-kubernetes-tempest-containerized-l2
- kuryr-kubernetes-tempest-containerized-openshift
- kuryr-kubernetes-tempest-containerized-pools-namespace
- kuryr-kubernetes-tempest-containerized-openshift-serial
- kuryr-kubernetes-tempest-ovn
- kuryr-kubernetes-tempest-openshift
- kuryr-kubernetes-tempest-openshift-multi-vif
- kuryr-kubernetes-tempest-multinode-ha
- kuryr-kubernetes-tempest-containerized-crio
- kuryr-kubernetes-tempest-containerized-dual-stack

161
devstack/lib/kubernetes Normal file
View File

@ -0,0 +1,161 @@
#!/bin/bash
function get_k8s_log_level {
if [[ ${ENABLE_DEBUG_LOG_LEVEL} == "True" ]]; then
echo "4"
else
echo "2"
fi
}
function kubeadm_install {
if ! is_ubuntu; then
(>&2 echo "WARNING: kubeadm installation is not supported in this \
distribution.")
return
fi
apt_get install apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | \
sudo apt-key add -
sudo add-apt-repository -y \
"deb https://apt.kubernetes.io/ kubernetes-xenial main"
REPOS_UPDATED=False apt_get_update
# NOTE(gryf): kubectl will be installed alongside with the kubeadm as
# a dependency
apt_get install \
kubelet="${KURYR_KUBERNETES_VERSION}-00" \
kubeadm="${KURYR_KUBERNETES_VERSION}-00"
sudo apt-mark hold kubelet kubeadm kubectl
# NOTE(hongbin): This work-around an issue that kubelet pick a wrong
# IP address if the node has multiple network interfaces.
# See https://github.com/kubernetes/kubeadm/issues/203
echo "KUBELET_EXTRA_ARGS=--node-ip=$HOST_IP" | sudo tee -a \
/etc/default/kubelet
sudo systemctl daemon-reload && sudo systemctl restart kubelet
}
function kubeadm_init {
local cluster_ip_ranges
local output_dir="${DATA_DIR}/kuryr-kubernetes"
mkdir -p "${output_dir}"
cluster_ip_ranges=()
for service_subnet_id in ${KURYR_SERVICE_SUBNETS_IDS[@]}; do
service_cidr=$(openstack --os-cloud devstack-admin \
--os-region "$REGION_NAME" \
subnet show "$service_subnet_id" \
-c cidr -f value)
cluster_ip_ranges+=($(split_subnet "$service_cidr" | cut -f1))
done
# TODO(gryf): take care of cri-o case aswell
rm -f ${output_dir}/kubeadm-init.yaml
cat >> ${output_dir}/kubeadm-init.yaml << EOF
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
etcd:
external:
endpoints:
- "http://${SERVICE_HOST}:${ETCD_PORT}"
networking:
serviceSubnet: "$(IFS=, ; echo "${cluster_ip_ranges[*]}")"
apiServer:
extraArgs:
min-request-timeout: "300"
allow-privileged: "true"
v: "$(get_k8s_log_level)"
logtostderr: "true"
controllerManager:
extraArgs:
master: "$KURYR_K8S_API_URL"
min-resync-period: "3m"
v: "$(get_k8s_log_level)"
logtostderr: "true"
leader-elect: "false"
scheduler:
extraArgs:
master: "${KURYR_K8S_API_URL}"
v: "$(get_k8s_log_level)"
logtostderr: "true"
leader-elect: "false"
---
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- token: "${KURYR_K8S_TOKEN}"
ttl: 0s
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: "${K8S_API_SERVER_IP}"
bindPort: ${K8S_API_SERVER_PORT}
nodeRegistration:
kubeletExtraArgs:
cgroup-driver: "$(docker info -f '{{.CgroupDriver}}')"
cni-bin-dir: "$CNI_BIN_DIR"
cni-conf-dir: "$CNI_CONF_DIR"
enable-server: "true"
taints:
[]
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
failSwapOn: false
address: "0.0.0.0"
enableServer: true
EOF
args="--config ${output_dir}/kubeadm-init.yaml"
# NOTE(gryf): skip installing kube proxy, kuryr will handle services.
args+=" --skip-phases=addon/kube-proxy"
args+=" --ignore-preflight-errors Swap"
if ! is_service_enabled coredns; then
# FIXME(gryf): Do we need specific configuration for coredns?
args+=" --skip-phases=addon/coredns"
fi
sudo kubeadm init $args
local kube_config_file=$HOME/.kube/config
mkdir -p $(dirname ${kube_config_file})
sudo cp /etc/kubernetes/admin.conf $kube_config_file
safe_chown $STACK_USER:$STACK_USER $kube_config_file
}
function get_k8s_apiserver {
# assumption is, there is no other cluster, so there is only one API
# server.
echo "$(kubectl config view -o jsonpath='{.clusters[].cluster.server}')"
}
function get_k8s_token {
local secret
secret=$(kubectl get secrets -o jsonpath='{.items[0].metadata.name}')
echo $(kubectl get secret $secret -o jsonpath='{.items[0].data.token}' | \
base64 -d)
}
function kubeadm_reset {
local nodename
nodename=$(kubectl get nodes -o jsonpath="{.items[0].metadata.name}")
kubectl drain $nodename --delete-emptydir-data --force --ignore-daemonsets
kubectl delete node $nodename
sudo kubeadm reset -f
sudo iptables -F
sudo iptables -t nat -F
sudo iptables -t mangle -F
sudo iptables -X
sudo ipvsadm -C
}
function kubeadm_uninstall {
sudo systemctl stop kubelet
apt_get purge --allow-change-held-packages. kubelet kubeadm kubeadm \
kubernetes-cni apt-transport-https
sudo add-apt-repository -r -y \
"deb https://apt.kubernetes.io/ kubernetes-xenial main"
REPOS_UPDATED=False apt_get_update
sudo rm -fr /etc/default/kubelet /etc/kubernetes
}

1268
devstack/lib/kuryr_kubernetes
View File

File diff suppressed because it is too large Load Diff

204
devstack/local.conf.openshift.sample
View File

@ -1,204 +0,0 @@
[[local|localrc]]
enable_plugin kuryr-kubernetes \
https://opendev.org/openstack/kuryr-kubernetes
# If you do not want stacking to clone new versions of the enabled services,
# like for example when you did local modifications and need to ./unstack.sh
# and ./stack.sh again, uncomment the following
# RECLONE="no"
# Log settings for better readability
LOGFILE=devstack.log
LOG_COLOR=False
# Credentials
ADMIN_PASSWORD=pass
DATABASE_PASSWORD=pass
RABBIT_PASSWORD=pass
SERVICE_PASSWORD=pass
SERVICE_TOKEN=pass
# Enable Keystone v3
IDENTITY_API_VERSION=3
# In pro of speed and being lightweight, we will be explicit in regards to
# which services we enable
ENABLED_SERVICES=""
# Neutron services
enable_plugin neutron https://opendev.org/openstack/neutron
enable_service q-agt
enable_service q-dhcp
enable_service q-l3
enable_service q-api
enable_service q-meta
enable_service q-svc
enable_service neutron-tag-ports-during-bulk-creation
# OCTAVIA
# Uncomment it to use L2 communication between loadbalancer and member pods
# KURYR_K8S_OCTAVIA_MEMBER_MODE=L2
# Octavia LBaaSv2
LIBS_FROM_GIT+=python-octaviaclient
enable_plugin octavia https://opendev.org/openstack/octavia
enable_service octavia
enable_service o-api
enable_service o-cw
enable_service o-hm
enable_service o-hk
## Octavia Deps
### Nova
enable_service n-api
enable_service n-api-meta
enable_service n-cpu
enable_service n-cond
enable_service n-sch
enable_service placement-api
enable_service placement-client
### Glance
enable_service g-api
enable_service g-reg
# Keystone
enable_service key
# dependencies
enable_service mysql
enable_service rabbit
# By default use all the services from the kuryr-kubernetes plugin
# Docker
# ======
# If you already have docker configured, running and with its socket writable
# by the stack user, you can omit the following line.
enable_plugin devstack-plugin-container https://opendev.org/openstack/devstack-plugin-container
# Etcd
# ====
# The default is for devstack to run etcd for you.
enable_service etcd3
# If you already have an etcd cluster configured and running, you can just
# comment out the lines enabling legacy_etcd and etcd3
# then uncomment and set the following line:
# KURYR_ETCD_CLIENT_URL="http://etcd_ip:etcd_client_port"
# OpenShift
# ==========
#
# OpenShift is run from the binaries conained in a binary release tarball
enable_service openshift-master
enable_service openshift-node
enable_service openshift-dnsmasq
enable_service openshift-dns
# OpenShift node uses systemd as its cgroup driver. Thus we need Docker to
# use the same.
DOCKER_CGROUP_DRIVER="systemd"
# We default to the 3.6 release, but you should be able to replace with other
# releases by redefining the following
# OPENSHIFT_BINARY_URL=https://github.com/openshift/origin/releases/download/v3.6.0/openshift-origin-server-v3.6.0-c4dd4cf-linux-64bit.tar.gz
#
# If you want to test with a different range for the Cluster IPs uncomment and
# set the following ENV var to a different CIDR
# KURYR_K8S_CLUSTER_IP_RANGE="10.0.0.0/24"
#
# If, however, you are reusing an existing deployment, you should uncomment and
# set an ENV var so that the Kubelet devstack runs can find the API server:
# OPENSHIFT_API_URL="http (or https, if OpenShift is SSL/TLS enabled)://openshift_api_ip:openshift_api_port"
#
# Since OpenShift defaults to its API server being 'https' enabled, set path of
# the ssl cert files if you are reusing an environment, otherwise devstack will
# do it for you.
# KURYR_K8S_API_CERT="/etc/origin/master/kuryr.crt"
# KURYR_K8S_API_KEY="/etc/origin/master/kuryr.key"
# KURYR_K8S_API_CACERT="/etc/origin/master/ca.crt"
# Kuryr watcher
# =============
#
# Just like the Kubelet, you'll want to have the watcher enabled. It is the
# part of the codebase that connects to the Kubernetes API server to read the
# resource events and convert them to Neutron actions
enable_service kuryr-kubernetes
# Kuryr Daemon
# ============
#
# Kuryr runs CNI plugin in daemonized way - i.e. kubelet will run kuryr CNI
# driver and the driver will pass requests to Kuryr daemon running on the node,
# instead of processing them on its own. This limits the number of Kubernetes
# API requests (as only Kuryr Daemon will watch for new pod events) and should
# increase scalability in environments that often delete and create pods.
# Since Rocky release this is a default deployment configuration.
enable_service kuryr-daemon
# Containerized Kuryr
# ===================
#
# Kuryr can be installed on Kubernetes as a pair of Deployment
# (kuryr-controller) and DaemonSet (kuryr-cni). If you want DevStack to deploy
# Kuryr services as pods on Kubernetes uncomment next line.
# KURYR_K8S_CONTAINERIZED_DEPLOYMENT=True
# Kuryr POD VIF Driver
# ====================
#
# Set up the VIF Driver to be used. The default one is the neutron-vif, but if
# a nested deployment is desired, the corresponding driver need to be set,
# e.g.: nested-vlan or nested-macvlan
# KURYR_POD_VIF_DRIVER=neutron-vif
# Kuryr Enabled Handlers
# ======================
#
# By default, some Kuryr Handlers are set for DevStack installation. This can be
# further tweaked in order to enable additional ones such as Network Policy. If
# you want to add additional handlers those can be set here:
# KURYR_ENABLED_HANDLERS = vif,endpoints,service,kuryrloadbalancer,kuryrport
# Kuryr Ports Pools
# =================
#
# To speed up containers boot time the kuryr ports pool driver can be enabled
# by uncommenting the next line, so that neutron port resources are precreated
# and ready to be used by the pods when needed
# KURYR_USE_PORTS_POOLS=True
#
# By default the pool driver is noop, i.e., there is no pool. If pool
# optimizations want to be used you need to set it to 'neutron' for the
# baremetal case, or to 'nested' for the nested case
# KURYR_VIF_POOL_DRIVER=noop
#
# There are extra configuration options for the pools that can be set to decide
# on the minimum number of ports that should be ready to use at each pool, the
# maximum (0 to unset), and the batch size for the repopulation actions, i.e.,
# the number of neutron ports to create in bulk operations. Finally, the update
# frequency between actions over the pool can be set too
# KURYR_VIF_POOL_MIN=2
# KURYR_VIF_POOL_MAX=0
# KURYR_VIF_POOL_BATCH=5
# KURYR_VIF_POOL_UPDATE_FREQ=30
# Kuryr VIF Pool Manager
# ======================
#
# Uncomment the next line to enable the pool manager. Note it requires the
# nested-vlan pod vif driver, as well as the ports pool being enabled and
# configured with the nested driver
# KURYR_VIF_POOL_MANAGER=True
# Increase Octavia amphorae timeout so that the first LB amphora has time to
# build and boot
IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
[[post-config|$OCTAVIA_CONF]]
[controller_worker]
amp_active_retries=9999
[[post-config|/$Q_PLUGIN_CONF_FILE]]
[securitygroup]
firewall_driver = openvswitch

1274
devstack/plugin.sh
View File

File diff suppressed because it is too large Load Diff

29
devstack/settings
View File

@ -1,5 +1,5 @@
KURYR_HOME=${KURYR_HOME:-$DEST/kuryr-kubernetes}
CNI_BIN_DIR=${CNI_BIN_DIR:-$DEST/cni/bin}
CNI_BIN_DIR=${CNI_BIN_DIR:-/opt/cni/bin}
CNI_CONF_DIR=${CNI_CONF_DIR:-$DEST/cni/conf}
KURYR_CONFIG_DIR=${KURYR_CONFIG_DIR:-/etc/kuryr}
@ -27,34 +27,19 @@ ETCD_PORT=${ETCD_PORT:-2379}
# KUBERNETES
KURYR_KUBERNETES_DATA_DIR=${KURYR_KUBERNETES_DATA_DIR:-${DATA_DIR}/kubernetes}
KURYR_CNI_PLUGINS=${KURYR_CNI_PLUGINS:-"https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-amd64-v0.8.6.tgz"}
KURYR_KUBERNETES_VERSION=${KURYR_KUBERNETES_VERSION:-v1.19.1}
KURYR_KUBERNETES_BINARIES=${KURYR_KUBERNETES_BINARIES:-"https://storage.googleapis.com/kubernetes-release/release/${KURYR_KUBERNETES_VERSION}/bin/linux/amd64"}
KURYR_KUBECTL_BINARY=${KURYR_KUBECTL_BINARY:-/usr/local/bin/kubectl}
KURYR_KUBELET_BINARY=${KURYR_KUBELET_BINARY:-/usr/local/bin/kubelet}
KURYR_KUBE_APISERVER_BINARY=${KURYR_KUBE_APISERVER_BINARY:-/usr/local/bin/kube-apiserver}
KURYR_KUBE_CONTROLLER_MANAGER_BINARY=${KURYR_KUBE_CONTROLLER_MANAGER_BINARY:-/usr/local/bin/kube-controller-manager}
KURYR_KUBE_SCHEDULER_BINARY=${KURYR_KUBE_SCHEDULER_BINARY:-/usr/local/bin/kube-scheduler}
KURYR_K8S_API_PORT=${KURYR_K8S_API_PORT:-8080}
KURYR_KUBERNETES_VERSION=${KURYR_KUBERNETES_VERSION:-1.20.4}
KURYR_K8S_API_PORT=${KURYR_K8S_API_PORT:-6443}
# NOTE(dulek): [kubernetes]api_root option will use LB IP instead.
KURYR_K8S_API_URL=${KURYR_K8S_API_URL:-"http://${SERVICE_HOST}:${KURYR_K8S_API_PORT}"}
KURYR_K8S_API_CERT=${KURYR_K8S_API_CERT:-"${KURYR_KUBERNETES_DATA_DIR}/kuryr.crt"}
KURYR_K8S_API_KEY=${KURYR_K8S_API_KEY:-"${KURYR_KUBERNETES_DATA_DIR}/kuryr.key"}
KURYR_K8S_API_URL=${KURYR_K8S_API_URL:-"https://${SERVICE_HOST}:${KURYR_K8S_API_PORT}"}
KURYR_K8S_API_CERT=${KURYR_K8S_API_CERT:-"/etc/kubernetes/pki/apiserver-kubelet-client.crt"}
KURYR_K8S_API_KEY=${KURYR_K8S_API_KEY:-"/etc/kubernetes/pki/kuryr-client.key"}
KURYR_K8S_API_CACERT=${KURYR_K8S_API_CACERT:-}
KURYR_K8S_API_LB_PORT=${KURYR_K8S_API_LB_PORT:-443}
KURYR_PORT_DEBUG=${KURYR_PORT_DEBUG:-True}
KURYR_SUBNET_DRIVER=${KURYR_SUBNET_DRIVER:-default}
KURYR_SG_DRIVER=${KURYR_SG_DRIVER:-default}
KURYR_ENABLED_HANDLERS=${KURYR_ENABLED_HANDLERS:-vif,endpoints,service,kuryrloadbalancer,kuryrport}
# OpenShift
OPENSHIFT_BINARY_VERSION=${OPENSHIFT_BINARY_VERSION:-v3.11.0}
OPENSHIFT_BINARY_BASE_URL=${OPENSHIFT_BINARY_BASE_URL:-https://github.com/openshift/origin/releases/download}
OPENSHIFT_DATA_DIR=${OPENSHIFT_DATA_DIR:-${DATA_DIR}/openshift}
OPENSHIFT_BIN=${OPENSHIFT_BIN:-${OPENSHIFT_DATA_DIR}/bin}
OPENSHIFT_API_PORT=${OPENSHIFT_API_PORT:-8443}
OPENSHIFT_API_URL=${OPENSHIFT_API_URL:-https://${HOST_IP}:${OPENSHIFT_API_PORT}}
OPENSHIFT_CNI_BINARY_URL=${OPENSHIFT_CNI_BINARY_URL:-https://github.com/containernetworking/cni/releases/download/v0.5.2/cni-v0.5.2.tgz}
KURYR_K8S_TOKEN=${KURYR_K8S_TOKEN:-5c54f8.34eb2d4f30bccf81}
# Octavia
KURYR_K8S_OCTAVIA_MEMBER_MODE=${KURYR_K8S_OCTAVIA_MEMBER_MODE:-L3}

2
kuryr_kubernetes/config.py
View File

@ -78,7 +78,7 @@ daemon_opts = [
k8s_opts = [
cfg.StrOpt('api_root',
help=_("The root URL of the Kubernetes API"),
default=os.environ.get('K8S_API', 'http://localhost:8080')),
default=os.environ.get('K8S_API', 'https://localhost:6443')),
cfg.StrOpt('ssl_client_crt_file',
help=_("Absolute path to client cert to "
"connect to HTTPS K8S_API")),

6
playbooks/run_k8s_e2e_tests.yaml
View File

@ -76,7 +76,7 @@
become: yes
- name: Copy kubeconfig file
shell: "cp /opt/stack/.kube/config {{ ansible_env.HOME }}/.kube/"
shell: "cp /etc/kubernetes/admin.conf {{ ansible_env.HOME }}/.kube/config"
become: yes
- name: Change kubeconfig file permission
@ -89,7 +89,7 @@
- name: Run Network Policy tests
block:
- name: Run Network Policy tests without SCTPConnectivity
shell: kubetest --provider=local --check-version-skew=false --test --ginkgo-parallel={{ np_parallel_number }} --test_args="--ginkgo.focus=\[Feature:NetworkPolicy --ginkgo.skip=\[Feature:SCTPConnectivity|should.enforce.policies.to.check.ingress.and.egress.policies.can.be.controlled.independently.based.on.PodSelector --host=http://127.0.0.1:8080" --dump=/tmp > ~/np_kubetest.log
shell: kubetest --provider=local --check-version-skew=false --test --ginkgo-parallel={{ np_parallel_number }} --test_args="--ginkgo.focus=\[Feature:NetworkPolicy --ginkgo.skip=\[Feature:SCTPConnectivity|should.enforce.policies.to.check.ingress.and.egress.policies.can.be.controlled.independently.based.on.PodSelector" --dump=/tmp > ~/np_kubetest.log
args:
chdir: ~/kubernetes
environment:
@ -98,7 +98,7 @@
PATH: "{{ ansible_env.PATH }}:/usr/local/go/bin:{{ ansible_env.HOME }}/go/bin"
always:
- name: Run Network Policy SCTPConnectivity tests
shell: kubetest --provider=local --check-version-skew=false --test --ginkgo-parallel={{ np_parallel_number }} --test_args="--ginkgo.focus=NetworkPolicy.\[Feature:SCTPConnectivity --host=http://127.0.0.1:8080" --dump=/tmp > ~/np_sctp_kubetest.log
shell: kubetest --provider=local --check-version-skew=false --test --ginkgo-parallel={{ np_parallel_number }} --test_args="--ginkgo.focus=NetworkPolicy.\[Feature:SCTPConnectivity" --dump=/tmp > ~/np_sctp_kubetest.log
args:
chdir: ~/kubernetes
environment:

16
releasenotes/notes/changing-default-url-for-k8s-api-42c3b90183783291.yaml Normal file
View File

@ -0,0 +1,16 @@
---
upgrade:
- |
Option 'api_root' from kubernetes section changed default value from:
.. code-block:: ini
[kubernetes]
api_root=http://localhost:8080
to:
.. code-block:: ini
[kubernetes]
api_root=https://localhost:6443

36
tools/gate/copy_k8s_logs.sh
View File

@ -25,32 +25,32 @@ mkdir -p ${K8S_LOG_DIR}
mkdir ${HOME}/.kube
sudo cp /opt/stack/.kube/config ${HOME}/.kube/
sudo chown ${USER}:${USER} ${HOME}/.kube/config
/usr/local/bin/kubectl --kubeconfig=${HOME}/.kube/config get pods -o yaml --all-namespaces >> ${K8S_LOG_DIR}/pods.txt
/usr/local/bin/kubectl --kubeconfig=${HOME}/.kube/config get svc -o yaml --all-namespaces >> ${K8S_LOG_DIR}/services.txt
/usr/local/bin/kubectl --kubeconfig=${HOME}/.kube/config get cm -o yaml --all-namespaces >> ${K8S_LOG_DIR}/configmaps.txt
/usr/local/bin/kubectl --kubeconfig=${HOME}/.kube/config get deploy -o yaml --all-namespaces >> ${K8S_LOG_DIR}/deployments.txt
/usr/local/bin/kubectl --kubeconfig=${HOME}/.kube/config get ds -o yaml --all-namespaces >> ${K8S_LOG_DIR}/daemonsets.txt
/usr/local/bin/kubectl --kubeconfig=${HOME}/.kube/config get nodes -o yaml --all-namespaces >> ${K8S_LOG_DIR}/nodes.txt
/usr/local/bin/kubectl --kubeconfig=${HOME}/.kube/config get ingress -o yaml --all-namespaces >> ${K8S_LOG_DIR}/ingress.txt
/usr/local/bin/kubectl --kubeconfig=${HOME}/.kube/config get namespaces -o yaml >> ${K8S_LOG_DIR}/namespaces.txt
/usr/local/bin/kubectl --kubeconfig=${HOME}/.kube/config get kuryrnets -o yaml --all-namespaces >> ${K8S_LOG_DIR}/kuryrnets_crds.txt
/usr/local/bin/kubectl --kubeconfig=${HOME}/.kube/config get kuryrnetworks -o yaml --all-namespaces >> ${K8S_LOG_DIR}/kuryrnetworks_crds.txt
/usr/local/bin/kubectl --kubeconfig=${HOME}/.kube/config get endpoints -o yaml --all-namespaces >> ${K8S_LOG_DIR}/endpoints.txt
/usr/local/bin/kubectl --kubeconfig=${HOME}/.kube/config get kuryrnetpolicy -o yaml --all-namespaces >> ${K8S_LOG_DIR}/kuryrnetpolicy_crds.txt
/usr/local/bin/kubectl --kubeconfig=${HOME}/.kube/config get kuryrport -o yaml --all-namespaces >> ${K8S_LOG_DIR}/kuryrport_crds.txt
/usr/local/bin/kubectl --kubeconfig=${HOME}/.kube/config get kuryrnetworkpolicy -o yaml --all-namespaces >> ${K8S_LOG_DIR}/kuryrnetworkpolicy_crds.txt
/usr/bin/kubectl --kubeconfig=${HOME}/.kube/config get pods -o yaml --all-namespaces >> ${K8S_LOG_DIR}/pods.txt
/usr/bin/kubectl --kubeconfig=${HOME}/.kube/config get svc -o yaml --all-namespaces >> ${K8S_LOG_DIR}/services.txt
/usr/bin/kubectl --kubeconfig=${HOME}/.kube/config get cm -o yaml --all-namespaces >> ${K8S_LOG_DIR}/configmaps.txt
/usr/bin/kubectl --kubeconfig=${HOME}/.kube/config get deploy -o yaml --all-namespaces >> ${K8S_LOG_DIR}/deployments.txt
/usr/bin/kubectl --kubeconfig=${HOME}/.kube/config get ds -o yaml --all-namespaces >> ${K8S_LOG_DIR}/daemonsets.txt
/usr/bin/kubectl --kubeconfig=${HOME}/.kube/config get nodes -o yaml --all-namespaces >> ${K8S_LOG_DIR}/nodes.txt
/usr/bin/kubectl --kubeconfig=${HOME}/.kube/config get ingress -o yaml --all-namespaces >> ${K8S_LOG_DIR}/ingress.txt
/usr/bin/kubectl --kubeconfig=${HOME}/.kube/config get namespaces -o yaml >> ${K8S_LOG_DIR}/namespaces.txt
/usr/bin/kubectl --kubeconfig=${HOME}/.kube/config get kuryrnets -o yaml --all-namespaces >> ${K8S_LOG_DIR}/kuryrnets_crds.txt
/usr/bin/kubectl --kubeconfig=${HOME}/.kube/config get kuryrnetworks -o yaml --all-namespaces >> ${K8S_LOG_DIR}/kuryrnetworks_crds.txt
/usr/bin/kubectl --kubeconfig=${HOME}/.kube/config get endpoints -o yaml --all-namespaces >> ${K8S_LOG_DIR}/endpoints.txt
/usr/bin/kubectl --kubeconfig=${HOME}/.kube/config get kuryrnetpolicy -o yaml --all-namespaces >> ${K8S_LOG_DIR}/kuryrnetpolicy_crds.txt
/usr/bin/kubectl --kubeconfig=${HOME}/.kube/config get kuryrport -o yaml --all-namespaces >> ${K8S_LOG_DIR}/kuryrport_crds.txt
/usr/bin/kubectl --kubeconfig=${HOME}/.kube/config get kuryrnetworkpolicy -o yaml --all-namespaces >> ${K8S_LOG_DIR}/kuryrnetworkpolicy_crds.txt
# Kubernetes pods logs
mkdir -p ${K8S_LOG_DIR}/pod_logs
while read -r line
do
name=$(echo ${line} | cut -f1 -d " ")
namespace=$(echo ${line} | cut -f2 -d " ")
containers=`/usr/local/bin/kubectl --kubeconfig=${HOME}/.kube/config -n ${namespace} get pods ${name} -o jsonpath="{.spec.containers[*].name} {.spec.initContainers[*].name}"`
containers=`/usr/bin/kubectl --kubeconfig=${HOME}/.kube/config -n ${namespace} get pods ${name} -o jsonpath="{.spec.containers[*].name} {.spec.initContainers[*].name}"`
for container in ${containers}
do
/usr/local/bin/kubectl --kubeconfig=${HOME}/.kube/config logs -n ${namespace} -c ${container} ${name} >> ${K8S_LOG_DIR}/pod_logs/${namespace}-${name}-${container}.txt
/usr/local/bin/kubectl --kubeconfig=${HOME}/.kube/config logs -n ${namespace} -p -c ${container} ${name} >> ${K8S_LOG_DIR}/pod_logs/${namespace}-${name}-${container}-prev.txt
/usr/bin/kubectl --kubeconfig=${HOME}/.kube/config logs -n ${namespace} -c ${container} ${name} >> ${K8S_LOG_DIR}/pod_logs/${namespace}-${name}-${container}.txt
/usr/bin/kubectl --kubeconfig=${HOME}/.kube/config logs -n ${namespace} -p -c ${container} ${name} >> ${K8S_LOG_DIR}/pod_logs/${namespace}-${name}-${container}-prev.txt
done
done < <(/usr/local/bin/kubectl get pods -o=custom-columns=NAME:.metadata.name,NAMESPACE:.metadata.namespace --all-namespaces | tail -n +2)
done < <(/usr/bin/kubectl get pods -o=custom-columns=NAME:.metadata.name,NAMESPACE:.metadata.namespace --all-namespaces | tail -n +2)
sudo chown -R zuul:zuul ${K8S_LOG_DIR}