openstack
/
magnum
Code Issues Proposed changes

Merge "[k8s] Set traefik to stable version v1.7.10"

This commit is contained in:
Zuul 2019-04-17 19:23:58 +00:00 committed by Gerrit Code Review
parent 309c60e527 b3ceb252ef
commit 9de64b994e
9 changed files with 51 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
doc/source/user/index.rst
View File

@ -311,6 +311,8 @@ the table are linked to more details elsewhere in the user guide.
| | - binpack | | | | - binpack | |
| | - random | | | | - random | |
+---------------------------------------+--------------------+---------------+ +---------------------------------------+--------------------+---------------+
| `traefik_ingress_controller_tag`_ | see below | see below |
+---------------------------------------+--------------------+---------------+
| `admission_control_list`_ | see below | see below | | `admission_control_list`_ | see below | see below |
+---------------------------------------+--------------------+---------------+ +---------------------------------------+--------------------+---------------+
| `prometheus_monitoring`_ | - true | false | | `prometheus_monitoring`_ | - true | false |
@ -1114,26 +1116,31 @@ _`container_infra_prefix`
all other components used in the cluster will be prefixed with this label, all other components used in the cluster will be prefixed with this label,
which assumes an operator has cloned all expected images in which assumes an operator has cloned all expected images in
myregistry.example.com/mycloud. myregistry.example.com/mycloud.
Images that must be mirrored: Images that must be mirrored:
* docker.io/coredns/coredns:1.0.1 * docker.io/coredns/coredns:1.3.0
* docker.io/grafana/grafana:5.1.5 * docker.io/openstackmagnum/etcd
* docker.io/openstackmagnum/flannel
* docker.io/openstackmagnum/kubernetes-apiserver * docker.io/openstackmagnum/kubernetes-apiserver
* docker.io/openstackmagnum/kubernetes-controller-manager * docker.io/openstackmagnum/kubernetes-controller-manager
* docker.io/openstackmagnum/kubernetes-kubelet * docker.io/openstackmagnum/kubernetes-kubelet
* docker.io/openstackmagnum/kubernetes-proxy * docker.io/openstackmagnum/kubernetes-proxy
* docker.io/openstackmagnum/kubernetes-scheduler * docker.io/openstackmagnum/kubernetes-scheduler
* docker.io/openstackmagnum/etcd * gcr.io/google_containers/pause:3.0
* docker.io/openstackmagnum/flannel
Images that might be needed:
* docker.io/grafana/grafana:5.1.5
* docker.io/prom/node-exporter:latest * docker.io/prom/node-exporter:latest
* docker.io/prom/prometheus:latest * docker.io/prom/prometheus:latest
* docker.io/traefik:v1.7.10
* gcr.io/google_containers/kubernetes-dashboard-amd64:v1.5.1 * gcr.io/google_containers/kubernetes-dashboard-amd64:v1.5.1
* gcr.io/google_containers/pause:3.0
* gcr.io/google-containers/hyperkube:v1.12.1 * gcr.io/google-containers/hyperkube:v1.12.1
* quay.io/prometheus/alertmanager:v0.15.3
* quay.io/coreos/prometheus-operator:v0.15.3
* quay.io/coreos/configmap-reload:v0.0.1 * quay.io/coreos/configmap-reload:v0.0.1
* quay.io/coreos/prometheus-config-reloader:v0.26.0 * quay.io/coreos/prometheus-config-reloader:v0.26.0
* quay.io/coreos/prometheus-operator:v0.15.3
* quay.io/prometheus/alertmanager:v0.15.3
* quay.io/prometheus/prometheus:v2.5.0 * quay.io/prometheus/prometheus:v2.5.0
* k8s.gcr.io/node-problem-detector:v0.6.2 * k8s.gcr.io/node-problem-detector:v0.6.2
* docker.io/planetlabs/draino:abf028a * docker.io/planetlabs/draino:abf028a
@ -1375,6 +1382,9 @@ _`octavia_ingress_controller_tag`
_`nginx_ingress_controller_tag` _`nginx_ingress_controller_tag`
The image tag for nginx-ingress-controller. Stein-default: 0.23.0 The image tag for nginx-ingress-controller. Stein-default: 0.23.0
_`traefik_ingress_controller_tag`
The image tag for traefik_ingress_controller_tag. Stein-default: v1.7.10
DNS DNS
--- ---

9
magnum/drivers/common/templates/kubernetes/fragments/enable-ingress-traefik.sh
View File

@ -58,7 +58,7 @@ spec:
terminationGracePeriodSeconds: 60 terminationGracePeriodSeconds: 60
hostNetwork: true hostNetwork: true
containers: containers:
- image: ${CONTAINER_INFRA_PREFIX:-docker.io/}traefik - image: ${CONTAINER_INFRA_PREFIX:-docker.io/}traefik:${TRAEFIK_INGRESS_CONTROLLER_TAG}
name: ingress-traefik-backend name: ingress-traefik-backend
ports: ports:
- name: http - name: http
@ -70,7 +70,11 @@ spec:
- name: admin - name: admin
containerPort: 8080 containerPort: 8080
securityContext: securityContext:
privileged: true capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
volumeMounts: volumeMounts:
- name: ingress-traefik - name: ingress-traefik
mountPath: /etc/traefik/traefik.toml mountPath: /etc/traefik/traefik.toml
@ -100,7 +104,6 @@ spec:
- name: admin - name: admin
protocol: TCP protocol: TCP
port: 8080 port: 8080
type: NodePort
--- ---
kind: ClusterRole kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1

1
magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
View File

@ -12,6 +12,7 @@ write_files:
KUBE_NODE_PUBLIC_IP="$KUBE_NODE_PUBLIC_IP" KUBE_NODE_PUBLIC_IP="$KUBE_NODE_PUBLIC_IP"
KUBE_NODE_IP="$KUBE_NODE_IP" KUBE_NODE_IP="$KUBE_NODE_IP"
KUBE_ALLOW_PRIV="$KUBE_ALLOW_PRIV" KUBE_ALLOW_PRIV="$KUBE_ALLOW_PRIV"
TRAEFIK_INGRESS_CONTROLLER_TAG="$TRAEFIK_INGRESS_CONTROLLER_TAG"
ENABLE_CINDER="$ENABLE_CINDER" ENABLE_CINDER="$ENABLE_CINDER"
ETCD_VOLUME="$ETCD_VOLUME" ETCD_VOLUME="$ETCD_VOLUME"
ETCD_VOLUME_SIZE="$ETCD_VOLUME_SIZE" ETCD_VOLUME_SIZE="$ETCD_VOLUME_SIZE"

1
magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml
View File

@ -25,6 +25,7 @@ write_files:
REGISTRY_INSECURE="$REGISTRY_INSECURE" REGISTRY_INSECURE="$REGISTRY_INSECURE"
REGISTRY_CHUNKSIZE="$REGISTRY_CHUNKSIZE" REGISTRY_CHUNKSIZE="$REGISTRY_CHUNKSIZE"
TLS_DISABLED="$TLS_DISABLED" TLS_DISABLED="$TLS_DISABLED"
TRAEFIK_INGRESS_CONTROLLER_TAG="$TRAEFIK_INGRESS_CONTROLLER_TAG"
VERIFY_CA="$VERIFY_CA" VERIFY_CA="$VERIFY_CA"
CLUSTER_UUID="$CLUSTER_UUID" CLUSTER_UUID="$CLUSTER_UUID"
MAGNUM_URL="$MAGNUM_URL" MAGNUM_URL="$MAGNUM_URL"

1
magnum/drivers/heat/k8s_fedora_template_def.py
View File

@ -128,6 +128,7 @@ class K8sFedoraTemplateDefinition(k8s_template_def.K8sTemplateDefinition):
'tiller_enabled', 'tiller_enabled',
'tiller_tag', 'tiller_tag',
'tiller_namespace', 'tiller_namespace',
'traefik_ingress_controller_tag',
'node_problem_detector_tag', 'node_problem_detector_tag',
'nginx_ingress_controller_tag', 'nginx_ingress_controller_tag',
'auto_healing_enabled', 'auto_scaling_enabled', 'auto_healing_enabled', 'auto_scaling_enabled',

6
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
View File

@ -161,6 +161,11 @@ parameters:
the docker cgroup driver. the docker cgroup driver.
default: "cgroupfs" default: "cgroupfs"
traefik_ingress_controller_tag:
type: string
description: tag of the traefik containers to be used.
default: v1.7.10
wait_condition_timeout: wait_condition_timeout:
type: number type: number
description: > description: >
@ -822,6 +827,7 @@ resources:
discovery_url: {get_param: discovery_url} discovery_url: {get_param: discovery_url}
cluster_uuid: {get_param: cluster_uuid} cluster_uuid: {get_param: cluster_uuid}
magnum_url: {get_param: magnum_url} magnum_url: {get_param: magnum_url}
traefik_ingress_controller_tag: {get_param: traefik_ingress_controller_tag}
volume_driver: {get_param: volume_driver} volume_driver: {get_param: volume_driver}
region_name: {get_param: region_name} region_name: {get_param: region_name}
fixed_network: {get_attr: [network, fixed_network]} fixed_network: {get_attr: [network, fixed_network]}

5
magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
View File

@ -119,6 +119,10 @@ parameters:
type: boolean type: boolean
description: whether or not to enable TLS description: whether or not to enable TLS
traefik_ingress_controller_tag:
type: string
description: tag of the traefik containers to be used.
kube_dashboard_enabled: kube_dashboard_enabled:
type: boolean type: boolean
description: whether or not to disable kubernetes dashboard description: whether or not to disable kubernetes dashboard
@ -532,6 +536,7 @@ resources:
"$PASSWORD": {get_param: password} "$PASSWORD": {get_param: password}
"$CLUSTER_SUBNET": {get_param: fixed_subnet} "$CLUSTER_SUBNET": {get_param: fixed_subnet}
"$TLS_DISABLED": {get_param: tls_disabled} "$TLS_DISABLED": {get_param: tls_disabled}
"$TRAEFIK_INGRESS_CONTROLLER_TAG": {get_param: traefik_ingress_controller_tag}
"$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled} "$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled}
"$INFLUX_GRAFANA_DASHBOARD_ENABLED": {get_param: influx_grafana_dashboard_enabled} "$INFLUX_GRAFANA_DASHBOARD_ENABLED": {get_param: influx_grafana_dashboard_enabled}
"$VERIFY_CA": {get_param: verify_ca} "$VERIFY_CA": {get_param: verify_ca}

6
magnum/tests/unit/drivers/test_template_definition.py
View File

@ -517,6 +517,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
tiller_namespace = mock_cluster.labels.get( tiller_namespace = mock_cluster.labels.get(
'tiller_namespace') 'tiller_namespace')
npd_tag = mock_cluster.labels.get('node_problem_detector_tag') npd_tag = mock_cluster.labels.get('node_problem_detector_tag')
traefik_ingress_controller_tag = mock_cluster.labels.get(
'traefik_ingress_controller_tag')
auto_healing_enabled = mock_cluster.labels.get( auto_healing_enabled = mock_cluster.labels.get(
'auto_healing_enabled') 'auto_healing_enabled')
auto_scaling_enabled = mock_cluster.labels.get( auto_scaling_enabled = mock_cluster.labels.get(
@ -595,6 +597,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
'autoscaler_tag': autoscaler_tag, 'autoscaler_tag': autoscaler_tag,
'min_node_count': min_node_count, 'min_node_count': min_node_count,
'max_node_count': max_node_count, 'max_node_count': max_node_count,
'traefik_ingress_controller_tag': traefik_ingress_controller_tag,
}} }}
mock_get_params.assert_called_once_with(mock_context, mock_get_params.assert_called_once_with(mock_context,
mock_cluster_template, mock_cluster_template,
@ -907,6 +910,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
tiller_namespace = mock_cluster.labels.get( tiller_namespace = mock_cluster.labels.get(
'tiller_namespace') 'tiller_namespace')
npd_tag = mock_cluster.labels.get('node_problem_detector_tag') npd_tag = mock_cluster.labels.get('node_problem_detector_tag')
traefik_ingress_controller_tag = mock_cluster.labels.get(
'traefik_ingress_controller_tag')
auto_healing_enabled = mock_cluster.labels.get( auto_healing_enabled = mock_cluster.labels.get(
'auto_healing_enabled') 'auto_healing_enabled')
auto_scaling_enabled = mock_cluster.labels.get( auto_scaling_enabled = mock_cluster.labels.get(
@ -987,6 +992,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
'autoscaler_tag': autoscaler_tag, 'autoscaler_tag': autoscaler_tag,
'min_node_count': min_node_count, 'min_node_count': min_node_count,
'max_node_count': max_node_count, 'max_node_count': max_node_count,
'traefik_ingress_controller_tag': traefik_ingress_controller_tag,
}} }}
mock_get_params.assert_called_once_with(mock_context, mock_get_params.assert_called_once_with(mock_context,
mock_cluster_template, mock_cluster_template,

8
releasenotes/notes/set-traefik-tag-7d4aca5685147970.yaml Normal file
View File

@ -0,0 +1,8 @@
---
features:
- |
Added label traefik_ingress_controller_tag to enable specifying traefik container version.
fixes:
- |
Traefik container now defaults to a fixed tag (v1.7.10) instead of tag
(latest)