Browse Source

k8s_fedora: Use external kubernetes/cloud-provider-openstack

* Use the external cloud-provider [0]
* Label master nodes
* Make the script the deploys the cloud-provider and clusterroles
  for the apiserver a SoftwareDeployment
* Rename kube_openstack_config to cloud-config,
  for cinder to workm the kubelet expects the cloud config name only
  like this. Keep a copy of kube_openstack_config for backwards
  compatibility.

Change-Id: Ife5558f1db4e581b64cc4a8ffead151f7b405702
Task: 22361
Story: 2002652
Co-Authored-By: Spyros Trigazis <spyridon.trigazis@cern.ch>
(cherry picked from commit 6c61a1a949)
tags/7.1.0^0
Jim Bach 11 months ago
parent
commit
3406b14aa0

+ 29
- 13
doc/source/user/index.rst View File

@@ -317,6 +317,8 @@ the table are linked to more details elsewhere in the user guide.
317 317
 +---------------------------------------+--------------------+---------------+
318 318
 | `kube_tag`_                           | see below          | see below     |
319 319
 +---------------------------------------+--------------------+---------------+
320
+| `cloud_provider_tag`_                 | see below          | see below     |
321
++---------------------------------------+--------------------+---------------+
320 322
 | `etcd_tag`_                           | see below          | see below     |
321 323
 +---------------------------------------+--------------------+---------------+
322 324
 | `flannel_tag`_                        | see below          | see below     |
@@ -1095,6 +1097,18 @@ _`kube_tag`
1095 1097
   If unset, the current Magnum version's default Kubernetes release is
1096 1098
   installed.
1097 1099
 
1100
+_`cloud_provider_tag`
1101
+  This label allows users to select `a specific release for the openstack
1102
+  cloud provider
1103
+  <https://hub.docker.com/r/openstackmagnum/kubernetes-apiserver/tags/>`_.
1104
+  If unset, the current Magnum version's default
1105
+  kubernetes/cloud-provider-openstack release is installed.
1106
+  For version compatibility, please consult the `release page
1107
+  <https://github.com/kubernetes/cloud-provider-openstack/releases>`_ of
1108
+  the cloud-provider. The images are hosted `here
1109
+  <https://hub.docker.com/r/k8scloudprovider/openstack-cloud-controller-manager/tags/>`_.
1110
+  Stein default: v0.2.0
1111
+
1098 1112
 _`etcd_tag`
1099 1113
   This label allows users to select `a specific etcd version,
1100 1114
   based on its container tag
@@ -2689,19 +2703,21 @@ or can be built locally using diskimagebuilder.  Details can be found in the
2689 2703
 <https://github.com/openstack/magnum/tree/master/magnum/elements/fedora-atomic>`_
2690 2704
 The image currently has the following OS/software:
2691 2705
 
2692
-+-------------+-----------+
2693
-| OS/software | version   |
2694
-+=============+===========+
2695
-| Fedora      | 26        |
2696
-+-------------+-----------+
2697
-| Docker      | 1.13.1    |
2698
-+-------------+-----------+
2699
-| Kubernetes  | 1.9.3     |
2700
-+-------------+-----------+
2701
-| etcd        | 3.1.3     |
2702
-+-------------+-----------+
2703
-| Flannel     | 0.7.0     |
2704
-+-------------+-----------+
2706
++--------------------------+-----------+
2707
+| OS/software              | version   |
2708
++==========================+===========+
2709
+| Fedora                   | 27        |
2710
++--------------------------+-----------+
2711
+| Docker                   | 1.13.1    |
2712
++--------------------------+-----------+
2713
+| Kubernetes               | 1.11.5    |
2714
++--------------------------+-----------+
2715
+| etcd                     | v3.2.7    |
2716
++--------------------------+-----------+
2717
+| Flannel                  | v0.9.0    |
2718
++--------------------------+-----------+
2719
+| Cloud Provider OpenStack | v0.2.0    |
2720
++--------------------------+-----------+
2705 2721
 
2706 2722
 The following software are managed as systemd services:
2707 2723
 

+ 10
- 2
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh View File

@@ -76,9 +76,10 @@ if [ -n "${ADMISSION_CONTROL_LIST}" ] && [ "${TLS_DISABLED}" == "False" ]; then
76 76
 fi
77 77
 
78 78
 if [ -n "$TRUST_ID" ] && [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" = "true" ]; then
79
-    KUBE_API_ARGS="$KUBE_API_ARGS --cloud-config=/etc/kubernetes/kube_openstack_config --cloud-provider=openstack"
79
+    KUBE_API_ARGS="$KUBE_API_ARGS --cloud-provider=external"
80 80
 fi
81 81
 
82
+
82 83
 sed -i '
83 84
     /^KUBE_API_ADDRESS=/ s/=.*/="'"${KUBE_API_ADDRESS}"'"/
84 85
     /^KUBE_SERVICE_ADDRESSES=/ s|=.*|="--service-cluster-ip-range='"$PORTAL_NETWORK_CIDR"'"|
@@ -97,9 +98,11 @@ if [ -n "${ADMISSION_CONTROL_LIST}" ] && [ "${TLS_DISABLED}" == "False" ]; then
97 98
 fi
98 99
 
99 100
 if [ -n "$TRUST_ID" ] && [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" = "true" ]; then
100
-    KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --cloud-config=/etc/kubernetes/kube_openstack_config --cloud-provider=openstack"
101
+    KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --cloud-provider=external"
102
+    KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --external-cloud-volume-plugin=openstack --cloud-config=/etc/kubernetes/cloud-config"
101 103
 fi
102 104
 
105
+
103 106
 if [ "$(echo $CERT_MANAGER_API | tr '[:upper:]' '[:lower:]')" = "true" ]; then
104 107
     KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --cluster-signing-cert-file=$CERT_DIR/ca.crt --cluster-signing-key-file=$CERT_DIR/ca.key"
105 108
 fi
@@ -119,6 +122,10 @@ KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=$
119 122
 KUBELET_ARGS="${KUBELET_ARGS} --volume-plugin-dir=/var/lib/kubelet/volumeplugins"
120 123
 KUBELET_ARGS="${KUBELET_ARGS} ${KUBELET_OPTIONS}"
121 124
 
125
+if [ -n "$TRUST_ID" ] && [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" = "true" ]; then
126
+    KUBELET_ARGS="${KUBELET_ARGS} --cloud-provider=external"
127
+fi
128
+
122 129
 # For using default log-driver, other options should be ignored
123 130
 sed -i 's/\-\-log\-driver\=journald//g' /etc/sysconfig/docker
124 131
 
@@ -130,6 +137,7 @@ if [ "$NETWORK_DRIVER" = "calico" ]; then
130 137
     KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
131 138
 fi
132 139
 KUBELET_ARGS="${KUBELET_ARGS} --register-with-taints=CriticalAddonsOnly=True:NoSchedule,dedicated=master:NoSchedule"
140
+KUBELET_ARGS="${KUBELET_ARGS} --node-labels=node-role.kubernetes.io/master=\"\""
133 141
 
134 142
 KUBELET_KUBECONFIG=/etc/kubernetes/kubelet-config.yaml
135 143
 HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')

+ 2
- 2
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh View File

@@ -120,8 +120,8 @@ KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=$
120 120
 KUBELET_ARGS="${KUBELET_ARGS} --volume-plugin-dir=/var/lib/kubelet/volumeplugins"
121 121
 KUBELET_ARGS="${KUBELET_ARGS} ${KUBELET_OPTIONS}"
122 122
 
123
-if [ -n "$TRUST_ID" ] && [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" = "true" ]; then
124
-    KUBELET_ARGS="$KUBELET_ARGS --cloud-provider=openstack --cloud-config=/etc/kubernetes/kube_openstack_config"
123
+if [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" = "true" ]; then
124
+    KUBELET_ARGS="${KUBELET_ARGS} --cloud-provider=external"
125 125
 fi
126 126
 
127 127
 # Workaround for Cinder support (fixed in k8s >= 1.6)

+ 241
- 0
magnum/drivers/common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh View File

@@ -5,6 +5,8 @@ printf "Starting to run ${step}\n"
5 5
 
6 6
 . /etc/sysconfig/heat-params
7 7
 
8
+set -x
9
+
8 10
 echo "Waiting for Kubernetes API..."
9 11
 until  [ "ok" = "$(curl --silent http://127.0.0.1:8080/healthz)" ]
10 12
 do
@@ -79,4 +81,243 @@ EOF
79 81
 
80 82
 kubectl apply --validate=false -f ${ADMIN_RBAC}
81 83
 
84
+if [ -z "${TRUST_ID}" ] || [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" != "true" ]; then
85
+    exit 0
86
+fi
87
+
88
+#TODO: add heat variables for master count to determine leaderelect true/False ?
89
+
90
+occm_image="${CONTAINER_INFRA_PREFIX:-docker.io/k8scloudprovider/}openstack-cloud-controller-manager:${CLOUD_PROVIDER_TAG}"
91
+
92
+OCCM=/srv/magnum/kubernetes/openstack-cloud-controller-manager.yaml
93
+[ -f ${OCCM} ] || {
94
+    echo "Writing File: ${OCCM}"
95
+    mkdir -p $(dirname ${OCCM})
96
+    cat << EOF > ${OCCM}
97
+---
98
+apiVersion: v1
99
+kind: ServiceAccount
100
+metadata:
101
+  name: cloud-controller-manager
102
+  namespace: kube-system
103
+---
104
+apiVersion: v1
105
+items:
106
+- apiVersion: rbac.authorization.k8s.io/v1
107
+  kind: ClusterRole
108
+  metadata:
109
+    name: system:cloud-controller-manager
110
+  rules:
111
+  - apiGroups:
112
+    - ""
113
+    resources:
114
+    - events
115
+    verbs:
116
+    - create
117
+    - patch
118
+    - update
119
+  - apiGroups:
120
+    - ""
121
+    resources:
122
+    - nodes
123
+    verbs:
124
+    - '*'
125
+  - apiGroups:
126
+    - ""
127
+    resources:
128
+    - nodes/status
129
+    verbs:
130
+    - patch
131
+  - apiGroups:
132
+    - ""
133
+    resources:
134
+    - services
135
+    verbs:
136
+    - list
137
+    - patch
138
+    - update
139
+    - watch
140
+  - apiGroups:
141
+    - ""
142
+    resources:
143
+    - serviceaccounts
144
+    verbs:
145
+    - create
146
+    - get
147
+  - apiGroups:
148
+    - ""
149
+    resources:
150
+    - persistentvolumes
151
+    verbs:
152
+    - '*'
153
+  - apiGroups:
154
+    - ""
155
+    resources:
156
+    - endpoints
157
+    verbs:
158
+    - create
159
+    - get
160
+    - list
161
+    - watch
162
+    - update
163
+  - apiGroups:
164
+    - ""
165
+    resources:
166
+    - configmaps
167
+    verbs:
168
+    - get
169
+    - list
170
+    - watch
171
+  - apiGroups:
172
+    - ""
173
+    resources:
174
+    - secrets
175
+    verbs:
176
+    - list
177
+    - get
178
+- apiVersion: rbac.authorization.k8s.io/v1
179
+  kind: ClusterRole
180
+  metadata:
181
+    name: system:cloud-node-controller
182
+  rules:
183
+  - apiGroups:
184
+    - ""
185
+    resources:
186
+    - nodes
187
+    verbs:
188
+    - '*'
189
+  - apiGroups:
190
+    - ""
191
+    resources:
192
+    - nodes/status
193
+    verbs:
194
+    - patch
195
+  - apiGroups:
196
+    - ""
197
+    resources:
198
+    - events
199
+    verbs:
200
+    - create
201
+    - patch
202
+    - update
203
+- apiVersion: rbac.authorization.k8s.io/v1
204
+  kind: ClusterRole
205
+  metadata:
206
+    name: system:pvl-controller
207
+  rules:
208
+  - apiGroups:
209
+    - ""
210
+    resources:
211
+    - persistentvolumes
212
+    verbs:
213
+    - '*'
214
+  - apiGroups:
215
+    - ""
216
+    resources:
217
+    - events
218
+    verbs:
219
+    - create
220
+    - patch
221
+    - update
222
+kind: List
223
+metadata: {}
224
+---
225
+apiVersion: v1
226
+items:
227
+- apiVersion: rbac.authorization.k8s.io/v1
228
+  kind: ClusterRoleBinding
229
+  metadata:
230
+    name: system:cloud-node-controller
231
+  roleRef:
232
+    apiGroup: rbac.authorization.k8s.io
233
+    kind: ClusterRole
234
+    name: system:cloud-node-controller
235
+  subjects:
236
+  - kind: ServiceAccount
237
+    name: cloud-node-controller
238
+    namespace: kube-system
239
+- apiVersion: rbac.authorization.k8s.io/v1
240
+  kind: ClusterRoleBinding
241
+  metadata:
242
+    name: system:pvl-controller
243
+  roleRef:
244
+    apiGroup: rbac.authorization.k8s.io
245
+    kind: ClusterRole
246
+    name: system:pvl-controller
247
+  subjects:
248
+  - kind: ServiceAccount
249
+    name: pvl-controller
250
+    namespace: kube-system
251
+- apiVersion: rbac.authorization.k8s.io/v1
252
+  kind: ClusterRoleBinding
253
+  metadata:
254
+    name: system:cloud-controller-manager
255
+  roleRef:
256
+    apiGroup: rbac.authorization.k8s.io
257
+    kind: ClusterRole
258
+    name: system:cloud-controller-manager
259
+  subjects:
260
+  - kind: ServiceAccount
261
+    name: cloud-controller-manager
262
+    namespace: kube-system
263
+kind: List
264
+metadata: {}
265
+---
266
+apiVersion: apps/v1
267
+kind: DaemonSet
268
+metadata:
269
+  labels:
270
+    k8s-app: openstack-cloud-controller-manager
271
+  name: openstack-cloud-controller-manager
272
+  namespace: kube-system
273
+spec:
274
+  selector:
275
+    matchLabels:
276
+      k8s-app: openstack-cloud-controller-manager
277
+  template:
278
+    metadata:
279
+      labels:
280
+        k8s-app: openstack-cloud-controller-manager
281
+    spec:
282
+      hostNetwork: true
283
+      serviceAccountName: cloud-controller-manager
284
+      containers:
285
+      - name: openstack-cloud-controller-manager
286
+        image: ${occm_image}
287
+        command:
288
+        - /bin/openstack-cloud-controller-manager
289
+        - --v=2
290
+        - --cloud-config=/etc/kubernetes/cloud-config
291
+        - --cluster-name=${CLUSTER_UUID}
292
+        - --use-service-account-credentials=true
293
+        - --bind-address=127.0.0.1
294
+        volumeMounts:
295
+        - name: cloudconfig
296
+          mountPath: /etc/kubernetes
297
+          readOnly: true
298
+      volumes:
299
+      - name: cloudconfig
300
+        hostPath:
301
+          path: /etc/kubernetes
302
+      tolerations:
303
+      # this is required so CCM can bootstrap itself
304
+      - key: node.cloudprovider.kubernetes.io/uninitialized
305
+        value: "true"
306
+        effect: NoSchedule
307
+      # this is to have the daemonset runnable on master nodes
308
+      # the taint may vary depending on your cluster setup
309
+      - key: dedicated
310
+        value: master
311
+        effect: NoSchedule
312
+      - key: CriticalAddonsOnly
313
+        value: "True"
314
+        effect: NoSchedule
315
+      # this is to restrict CCM to only run on master nodes
316
+      # the node selector may vary depending on your cluster setup
317
+      nodeSelector:
318
+        node-role.kubernetes.io/master: ""
319
+EOF
320
+}
321
+
322
+kubectl create -f ${OCCM}
82 323
 printf "Finished running ${step}\n"

+ 2
- 1
magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml View File

@@ -42,6 +42,8 @@ write_files:
42 42
       HTTPS_PROXY="$HTTPS_PROXY"
43 43
       NO_PROXY="$NO_PROXY"
44 44
       KUBE_TAG="$KUBE_TAG"
45
+      CLOUD_PROVIDER_TAG="$CLOUD_PROVIDER_TAG"
46
+      CLOUD_PROVIDER_ENABLED="$CLOUD_PROVIDER_ENABLED"
45 47
       ETCD_TAG="$ETCD_TAG"
46 48
       FLANNEL_TAG="$FLANNEL_TAG"
47 49
       KUBE_VERSION="$KUBE_VERSION"
@@ -50,7 +52,6 @@ write_files:
50 52
       TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
51 53
       TRUST_ID="$TRUST_ID"
52 54
       AUTH_URL="$AUTH_URL"
53
-      CLOUD_PROVIDER_ENABLED="$CLOUD_PROVIDER_ENABLED"
54 55
       INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
55 56
       CONTAINER_INFRA_PREFIX="$CONTAINER_INFRA_PREFIX"
56 57
       SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"

+ 9
- 1
magnum/drivers/common/templates/kubernetes/fragments/write-kube-os-config.sh View File

@@ -3,7 +3,12 @@
3 3
 . /etc/sysconfig/heat-params
4 4
 
5 5
 mkdir -p /etc/kubernetes/
6
-KUBE_OS_CLOUD_CONFIG=/etc/kubernetes/kube_openstack_config
6
+
7
+if [ -z "${TRUST_ID}" ]; then
8
+    exit 0
9
+fi
10
+
11
+KUBE_OS_CLOUD_CONFIG=/etc/kubernetes/cloud-config
7 12
 cp /etc/pki/tls/certs/ca-bundle.crt /etc/kubernetes/ca-bundle.crt
8 13
 
9 14
 # Generate a the configuration for Kubernetes services
@@ -30,3 +35,6 @@ EOF
30 35
 if [ -n ${REGION_NAME} ]; then
31 36
     sed -i '/ca-file/a region='${REGION_NAME}'' $KUBE_OS_CLOUD_CONFIG
32 37
 fi
38
+
39
+# backwards compatibility, some apps may expect this file from previous magnum versions.
40
+cp ${KUBE_OS_CLOUD_CONFIG} /etc/kubernetes/kube_openstack_config

+ 1
- 0
magnum/drivers/heat/k8s_fedora_template_def.py View File

@@ -110,6 +110,7 @@ class K8sFedoraTemplateDefinition(k8s_template_def.K8sTemplateDefinition):
110 110
                       'calico_kube_controllers_tag', 'calico_ipv4pool',
111 111
                       'etcd_tag', 'flannel_tag',
112 112
                       'cloud_provider_enabled',
113
+                      'cloud_provider_tag',
113 114
                       'prometheus_tag',
114 115
                       'grafana_tag']
115 116
 

+ 16
- 6
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml View File

@@ -327,6 +327,20 @@ parameters:
327 327
     description: tag of the k8s containers used to provision the kubernetes cluster
328 328
     default: v1.11.1
329 329
 
330
+  # FIXME update cloud_provider_tag when a fix for PVC is released
331
+  # https://github.com/kubernetes/cloud-provider-openstack/pull/405
332
+  cloud_provider_tag:
333
+    type: string
334
+    description:
335
+      tag of the kubernetes/cloud-provider-openstack
336
+      https://hub.docker.com/r/k8scloudprovider/openstack-cloud-controller-manager/tags/
337
+    default: v0.2.0
338
+
339
+  cloud_provider_enabled:
340
+    type: boolean
341
+    description: Enable or disable the openstack kubernetes cloud provider
342
+    default: true
343
+
330 344
   etcd_tag:
331 345
     type: string
332 346
     description: tag of the etcd system container
@@ -489,11 +503,6 @@ parameters:
489 503
       The private key will be used to sign generated k8s service account
490 504
       tokens.
491 505
 
492
-  cloud_provider_enabled:
493
-    type: boolean
494
-    description: Enable or disable the openstack kubernetes cloud provider
495
-    default: true
496
-
497 506
   prometheus_tag:
498 507
     type: string
499 508
     description: tag of the prometheus container
@@ -692,6 +701,8 @@ resources:
692 701
           https_proxy: {get_param: https_proxy}
693 702
           no_proxy: {get_param: no_proxy}
694 703
           kube_tag: {get_param: kube_tag}
704
+          cloud_provider_tag: {get_param: cloud_provider_tag}
705
+          cloud_provider_enabled: {get_param: cloud_provider_enabled}
695 706
           kube_version: {get_param: kube_version}
696 707
           etcd_tag: {get_param: etcd_tag}
697 708
           flannel_tag: {get_param: flannel_tag}
@@ -700,7 +711,6 @@ resources:
700 711
           trustee_password: {get_param: trustee_password}
701 712
           trust_id: {get_param: trust_id}
702 713
           auth_url: {get_param: auth_url}
703
-          cloud_provider_enabled: {get_param: cloud_provider_enabled}
704 714
           insecure_registry_url: {get_param: insecure_registry_url}
705 715
           container_infra_prefix: {get_param: container_infra_prefix}
706 716
           etcd_lb_vip: {get_attr: [etcd_lb, address]}

+ 12
- 5
magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml View File

@@ -221,6 +221,16 @@ parameters:
221 221
     type: string
222 222
     description: tag of the k8s containers used to provision the kubernetes cluster
223 223
 
224
+  cloud_provider_tag:
225
+    type: string
226
+    description:
227
+      tag of the kubernetes/cloud-provider-openstack
228
+      https://hub.docker.com/r/k8scloudprovider/openstack-cloud-controller-manager/tags/
229
+
230
+  cloud_provider_enabled:
231
+    type: boolean
232
+    description: Enable or disable the openstack kubernetes cloud provider
233
+
224 234
   etcd_tag:
225 235
     type: string
226 236
     description: tag of the etcd system container
@@ -376,10 +386,6 @@ parameters:
376 386
       The private key will be used to sign generated k8s service account
377 387
       tokens.
378 388
 
379
-  cloud_provider_enabled:
380
-    type: boolean
381
-    description: Enable or disable the openstack kubernetes cloud provider
382
-
383 389
   prometheus_tag:
384 390
     type: string
385 391
     description: tag of prometheus container
@@ -456,6 +462,8 @@ resources:
456 462
             "$HTTPS_PROXY": {get_param: https_proxy}
457 463
             "$NO_PROXY": {get_param: no_proxy}
458 464
             "$KUBE_TAG": {get_param: kube_tag}
465
+            "$CLOUD_PROVIDER_TAG": {get_param: cloud_provider_tag}
466
+            "$CLOUD_PROVIDER_ENABLED": {get_param: cloud_provider_enabled}
459 467
             "$ETCD_TAG": {get_param: etcd_tag}
460 468
             "$FLANNEL_TAG": {get_param: flannel_tag}
461 469
             "$KUBE_VERSION": {get_param: kube_version}
@@ -463,7 +471,6 @@ resources:
463 471
             "$TRUSTEE_USER_ID": {get_param: trustee_user_id}
464 472
             "$TRUSTEE_PASSWORD": {get_param: trustee_password}
465 473
             "$TRUST_ID": {get_param: trust_id}
466
-            "$CLOUD_PROVIDER_ENABLED": {get_param: cloud_provider_enabled}
467 474
             "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
468 475
             "$CONTAINER_INFRA_PREFIX": {get_param: container_infra_prefix}
469 476
             "$ETCD_LB_VIP": {get_param: etcd_lb_vip}

+ 1
- 0
magnum/tests/contrib/copy_instance_logs.sh View File

@@ -87,6 +87,7 @@ if [[ "$COE" == "kubernetes" ]]; then
87 87
     remote_exec $SSH_USER "sudo tail -n +1 -- /etc/kubernetes/certs/*" kubernetes-certs
88 88
     remote_exec $SSH_USER "sudo cat /usr/local/bin/wc-notify" bin-wc-notify
89 89
     remote_exec $SSH_USER "sudo cat /etc/kubernetes/kube_openstack_config" kube_openstack_config
90
+    remote_exec $SSH_USER "sudo cat /etc/kubernetes/cloud-config" cloud-config
90 91
     remote_exec $SSH_USER "sudo cat /etc/sysconfig/flanneld" flanneld.sysconfig
91 92
     remote_exec $SSH_USER "sudo cat /usr/local/bin/flannel-config" bin-flannel-config
92 93
     remote_exec $SSH_USER "sudo cat /etc/sysconfig/flannel-network.json" flannel-network.json.sysconfig

+ 6
- 0
magnum/tests/unit/drivers/test_template_definition.py View File

@@ -399,6 +399,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
399 399
             'kubeproxy_options')
400 400
         cloud_provider_enabled = mock_cluster.labels.get(
401 401
             'cloud_provider_enabled')
402
+        cloud_provider_tag = mock_cluster.labels.get(
403
+            'cloud_provider_tag')
402 404
         service_cluster_ip_range = mock_cluster.labels.get(
403 405
             'service_cluster_ip_range')
404 406
         prometheus_tag = mock_cluster.labels.get(
@@ -431,6 +433,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
431 433
             'kubescheduler_options': kubescheduler_options,
432 434
             'kubeproxy_options': kubeproxy_options,
433 435
             'cloud_provider_enabled': cloud_provider_enabled,
436
+            'cloud_provider_tag': cloud_provider_tag,
434 437
             'username': 'fake_user',
435 438
             'magnum_url': mock_osc.magnum_url.return_value,
436 439
             'region_name': mock_osc.cinder_region_name.return_value,
@@ -572,6 +575,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
572 575
             'kubeproxy_options')
573 576
         cloud_provider_enabled = mock_cluster.labels.get(
574 577
             'cloud_provider_enabled')
578
+        cloud_provider_tag = mock_cluster.labels.get(
579
+            'cloud_provider_tag')
575 580
         service_cluster_ip_range = mock_cluster.labels.get(
576 581
             'service_cluster_ip_range')
577 582
         prometheus_tag = mock_cluster.labels.get(
@@ -604,6 +609,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
604 609
             'kubescheduler_options': kubescheduler_options,
605 610
             'kubeproxy_options': kubeproxy_options,
606 611
             'cloud_provider_enabled': cloud_provider_enabled,
612
+            'cloud_provider_tag': cloud_provider_tag,
607 613
             'username': 'fake_user',
608 614
             'magnum_url': mock_osc.magnum_url.return_value,
609 615
             'region_name': mock_osc.cinder_region_name.return_value,

+ 14
- 0
releasenotes/notes/kubernetes-cloud-config-6c9a4bfec47e3bb4.yaml View File

@@ -0,0 +1,14 @@
1
+---
2
+features:
3
+  - |
4
+    Use the external cloud provider in k8s_fedora_atomic. The
5
+    cloud_provider_tag label can be used to select the container tag for it,
6
+    together with the cloud_provider_enabled label. The cloud provider runs
7
+    as a DaemonSet on all master nodes.
8
+upgrade:
9
+  - |
10
+    The cloud config for kubernets has been renamed from
11
+    /etc/kubernetes/kube_openstack_config to /etc/kubernetes/cloud-config as
12
+    the kubelet expects this exact name when the external cloud provider is
13
+    used. A copy of /etc/kubernetes/kube_openstack_config is in place for
14
+    applications developed for previous versions of magnum.

Loading…
Cancel
Save