Browse Source

[k8s] Set traefik to stable version v1.7.10

The current magnum traefik deployment will always pull latest traefik
container image. With the new launch of traefik v2
(https://blog.containo.us/back-to-traefik-2-0-2f9aa17be305) this will
have impact on how the ingress is described in k8s.

This patch:
* Sets the traefik version to default tag v1.7.9, stable release
prior to v2.
* Adds a new label <traefik_ingress_controller_tag> to enable user
to specify other than default traefik release.

Task: 30143
Task: 30146
Story: 2005286

Change-Id: I031a594f7b6014d88df055664afcf51b1cd2cd94
Signed-off-by: Diogo Guerra <dy090.guerra@gmail.com>
changes/32/645632/9
Diogo Guerra 2 years ago
parent
commit
b3ceb252ef
9 changed files with 51 additions and 10 deletions
  1. +17
    -7
      doc/source/user/index.rst
  2. +6
    -3
      magnum/drivers/common/templates/kubernetes/fragments/enable-ingress-traefik.sh
  3. +1
    -0
      magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
  4. +1
    -0
      magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml
  5. +1
    -0
      magnum/drivers/heat/k8s_fedora_template_def.py
  6. +6
    -0
      magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
  7. +5
    -0
      magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
  8. +6
    -0
      magnum/tests/unit/drivers/test_template_definition.py
  9. +8
    -0
      releasenotes/notes/set-traefik-tag-7d4aca5685147970.yaml

+ 17
- 7
doc/source/user/index.rst View File

@ -311,6 +311,8 @@ the table are linked to more details elsewhere in the user guide.
| | - binpack | |
| | - random | |
+---------------------------------------+--------------------+---------------+
| `traefik_ingress_controller_tag`_ | see below | see below |
+---------------------------------------+--------------------+---------------+
| `admission_control_list`_ | see below | see below |
+---------------------------------------+--------------------+---------------+
| `prometheus_monitoring`_ | - true | false |
@ -1114,26 +1116,31 @@ _`container_infra_prefix`
all other components used in the cluster will be prefixed with this label,
which assumes an operator has cloned all expected images in
myregistry.example.com/mycloud.
Images that must be mirrored:
* docker.io/coredns/coredns:1.0.1
* docker.io/grafana/grafana:5.1.5
* docker.io/coredns/coredns:1.3.0
* docker.io/openstackmagnum/etcd
* docker.io/openstackmagnum/flannel
* docker.io/openstackmagnum/kubernetes-apiserver
* docker.io/openstackmagnum/kubernetes-controller-manager
* docker.io/openstackmagnum/kubernetes-kubelet
* docker.io/openstackmagnum/kubernetes-proxy
* docker.io/openstackmagnum/kubernetes-scheduler
* docker.io/openstackmagnum/etcd
* docker.io/openstackmagnum/flannel
* gcr.io/google_containers/pause:3.0
Images that might be needed:
* docker.io/grafana/grafana:5.1.5
* docker.io/prom/node-exporter:latest
* docker.io/prom/prometheus:latest
* docker.io/traefik:v1.7.10
* gcr.io/google_containers/kubernetes-dashboard-amd64:v1.5.1
* gcr.io/google_containers/pause:3.0
* gcr.io/google-containers/hyperkube:v1.12.1
* quay.io/prometheus/alertmanager:v0.15.3
* quay.io/coreos/prometheus-operator:v0.15.3
* quay.io/coreos/configmap-reload:v0.0.1
* quay.io/coreos/prometheus-config-reloader:v0.26.0
* quay.io/coreos/prometheus-operator:v0.15.3
* quay.io/prometheus/alertmanager:v0.15.3
* quay.io/prometheus/prometheus:v2.5.0
* k8s.gcr.io/node-problem-detector:v0.6.2
* docker.io/planetlabs/draino:abf028a
@ -1375,6 +1382,9 @@ _`octavia_ingress_controller_tag`
_`nginx_ingress_controller_tag`
The image tag for nginx-ingress-controller. Stein-default: 0.23.0
_`traefik_ingress_controller_tag`
The image tag for traefik_ingress_controller_tag. Stein-default: v1.7.10
DNS
---


+ 6
- 3
magnum/drivers/common/templates/kubernetes/fragments/enable-ingress-traefik.sh View File

@ -58,7 +58,7 @@ spec:
terminationGracePeriodSeconds: 60
hostNetwork: true
containers:
- image: ${CONTAINER_INFRA_PREFIX:-docker.io/}traefik
- image: ${CONTAINER_INFRA_PREFIX:-docker.io/}traefik:${TRAEFIK_INGRESS_CONTROLLER_TAG}
name: ingress-traefik-backend
ports:
- name: http
@ -70,7 +70,11 @@ spec:
- name: admin
containerPort: 8080
securityContext:
privileged: true
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
volumeMounts:
- name: ingress-traefik
mountPath: /etc/traefik/traefik.toml
@ -100,7 +104,6 @@ spec:
- name: admin
protocol: TCP
port: 8080
type: NodePort
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1


+ 1
- 0
magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml View File

@ -12,6 +12,7 @@ write_files:
KUBE_NODE_PUBLIC_IP="$KUBE_NODE_PUBLIC_IP"
KUBE_NODE_IP="$KUBE_NODE_IP"
KUBE_ALLOW_PRIV="$KUBE_ALLOW_PRIV"
TRAEFIK_INGRESS_CONTROLLER_TAG="$TRAEFIK_INGRESS_CONTROLLER_TAG"
ENABLE_CINDER="$ENABLE_CINDER"
ETCD_VOLUME="$ETCD_VOLUME"
ETCD_VOLUME_SIZE="$ETCD_VOLUME_SIZE"


+ 1
- 0
magnum/drivers/common/templates/kubernetes/fragments/write-heat-params.yaml View File

@ -25,6 +25,7 @@ write_files:
REGISTRY_INSECURE="$REGISTRY_INSECURE"
REGISTRY_CHUNKSIZE="$REGISTRY_CHUNKSIZE"
TLS_DISABLED="$TLS_DISABLED"
TRAEFIK_INGRESS_CONTROLLER_TAG="$TRAEFIK_INGRESS_CONTROLLER_TAG"
VERIFY_CA="$VERIFY_CA"
CLUSTER_UUID="$CLUSTER_UUID"
MAGNUM_URL="$MAGNUM_URL"


+ 1
- 0
magnum/drivers/heat/k8s_fedora_template_def.py View File

@ -128,6 +128,7 @@ class K8sFedoraTemplateDefinition(k8s_template_def.K8sTemplateDefinition):
'tiller_enabled',
'tiller_tag',
'tiller_namespace',
'traefik_ingress_controller_tag',
'node_problem_detector_tag',
'nginx_ingress_controller_tag',
'auto_healing_enabled', 'auto_scaling_enabled',


+ 6
- 0
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml View File

@ -161,6 +161,11 @@ parameters:
the docker cgroup driver.
default: "cgroupfs"
traefik_ingress_controller_tag:
type: string
description: tag of the traefik containers to be used.
default: v1.7.10
wait_condition_timeout:
type: number
description: >
@ -820,6 +825,7 @@ resources:
discovery_url: {get_param: discovery_url}
cluster_uuid: {get_param: cluster_uuid}
magnum_url: {get_param: magnum_url}
traefik_ingress_controller_tag: {get_param: traefik_ingress_controller_tag}
volume_driver: {get_param: volume_driver}
region_name: {get_param: region_name}
fixed_network: {get_attr: [network, fixed_network]}


+ 5
- 0
magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml View File

@ -119,6 +119,10 @@ parameters:
type: boolean
description: whether or not to enable TLS
traefik_ingress_controller_tag:
type: string
description: tag of the traefik containers to be used.
kube_dashboard_enabled:
type: boolean
description: whether or not to disable kubernetes dashboard
@ -532,6 +536,7 @@ resources:
"$PASSWORD": {get_param: password}
"$CLUSTER_SUBNET": {get_param: fixed_subnet}
"$TLS_DISABLED": {get_param: tls_disabled}
"$TRAEFIK_INGRESS_CONTROLLER_TAG": {get_param: traefik_ingress_controller_tag}
"$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled}
"$INFLUX_GRAFANA_DASHBOARD_ENABLED": {get_param: influx_grafana_dashboard_enabled}
"$VERIFY_CA": {get_param: verify_ca}


+ 6
- 0
magnum/tests/unit/drivers/test_template_definition.py View File

@ -517,6 +517,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
tiller_namespace = mock_cluster.labels.get(
'tiller_namespace')
npd_tag = mock_cluster.labels.get('node_problem_detector_tag')
traefik_ingress_controller_tag = mock_cluster.labels.get(
'traefik_ingress_controller_tag')
auto_healing_enabled = mock_cluster.labels.get(
'auto_healing_enabled')
auto_scaling_enabled = mock_cluster.labels.get(
@ -595,6 +597,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
'autoscaler_tag': autoscaler_tag,
'min_node_count': min_node_count,
'max_node_count': max_node_count,
'traefik_ingress_controller_tag': traefik_ingress_controller_tag,
}}
mock_get_params.assert_called_once_with(mock_context,
mock_cluster_template,
@ -907,6 +910,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
tiller_namespace = mock_cluster.labels.get(
'tiller_namespace')
npd_tag = mock_cluster.labels.get('node_problem_detector_tag')
traefik_ingress_controller_tag = mock_cluster.labels.get(
'traefik_ingress_controller_tag')
auto_healing_enabled = mock_cluster.labels.get(
'auto_healing_enabled')
auto_scaling_enabled = mock_cluster.labels.get(
@ -987,6 +992,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
'autoscaler_tag': autoscaler_tag,
'min_node_count': min_node_count,
'max_node_count': max_node_count,
'traefik_ingress_controller_tag': traefik_ingress_controller_tag,
}}
mock_get_params.assert_called_once_with(mock_context,
mock_cluster_template,


+ 8
- 0
releasenotes/notes/set-traefik-tag-7d4aca5685147970.yaml View File

@ -0,0 +1,8 @@
---
features:
- |
Added label traefik_ingress_controller_tag to enable specifying traefik container version.
fixes:
- |
Traefik container now defaults to a fixed tag (v1.7.10) instead of tag
(latest)

Loading…
Cancel
Save