All unittests using FakeLoopingCall raise an IOError if an initial
delay is not specified, because the default initial_dealy is -1.
Changing the default initial delay to 0.
story: 2005112
task: 29748
Change-Id: I6cbae0996c2347e25d8be617e4b3fd93f4d9cc95
Defines more strict security group rules for kubernetes worker nodes. The
ports that are open by default: default port range(30000-32767) for
external service ports; kubelet healthcheck port; Calico BGP network ports;
flannel overlay network ports. The cluster admin should manually config the
security group on the nodes where Traefik is allowed.
Story: #2005082
Task: #29661
Change-Id: Idbc67cb95133d3a4029105e6d4dc92519c816288
Return the nova instance UUID of worker nodes in kubeminion
templates. We will be able to remove resources from the
ResourceGroups based on nova instance uuid.
Backstory:
In heat a ResourceGroup creates a stack of depth 2. ResourceGroups
support removal policies to declare which resources must be removed.
This can be done by passing the index of the resource or the stack_id
of the nested stack. If a stack update call receives a list of
indices (eg [0, 5, 3]) or nested stack uuid (eg [uuidA, uuidB]), it
will remove the corresponding nested stacks.
In magnum's heat templates, a nested stack logically represents a
nova compute instance which is a cluster node. Using composition in
heat, we can change the way a resources group references the nested
stacks. This proposes to use the nova instance uuid as
'OS::stack_id'.
With this change, an external consumer of the stack (the cluster
autoscaler or an actual user) can remove resources from the
ResourceGroup using the nova instance uuid or resource index. Without
this change, a user or system (which typically knows the name,
server uuid or ip) would have to find in which nested stack a
kubernetes node belongs too. Resulting multiple call to heat.
The end result of this patch can be verified like this:
nested_stack_id=$(openstack stack resource show <STACK_ID_OR_NAME> kube_minions -c physical_resource_id -f value)
openstack stack show "${nested_stack_id}"
Task: 29664
Story: 2005054
Change-Id: I6d776f62d640c72b3228460392b92df94fe56fe6
Now Magnums onlys has one server group for all master and worker nodes
per cluster, which is not very flexible for small cloud scale. For a
3+ master clusters, it's easily meeting the capacity when using hard
anti-affinity policy. This patch is proposing one server group for each
master and worker nodes group to have better flexibility.
story: 2004195
Change-Id: If11ba863a2aa538efe1e3e850084bdd33afd27d2
This is a mechanically generated patch to add a unit test job running
under Python 3.6 as part of the python3-first goal.
See the python3-first goal document for details:
https://governance.openstack.org/tc/goals/stein/python3-first.html
Change-Id: I5a92105f7cfbcabf521150d65f89b14cea62db0f
Change [0] fixed the issue of reseting iptables on node reboot
when flannel was configured which made pods lose connectivity.
[0] I7f6200a4966fda1cc701749bf1f37ddc492390c5
Change-Id: I07771f2c4711b0b86a53610517abdc3dad270574
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
Add a new secret in kube-system holding the trustee information. This is
useful for any service running within kubernetes needing to contact
OpenStack services.
Change-Id: I1939fb6a33c9eb6a45697d070f58c9510be774b3
Calling Kubernetes native API to update the cluster health status
so that it can used for cluster auto healing.
Task: 24593
Story: 2002742
Change-Id: Ia76eeeb2f1734dff38d9660c804d7d2d0f65b9fb
* Add Folder specific for helm managed resources
* Add first use case of helm install script
* Install metrics-server with helm (parallel to heapster to allow back compatibility)
* Added extra ARGS to kube-apiserver to enable communication with metrics-server
Known Issues:
* Tiller pod sometimes is presented as not active due to (possibly) Heartbeat/Healthz
story: 2004816
task: 28980
depends_on: I99d3a78085ba10030200f12bbfe58a72964e2326
Change-Id: I1b2432bc09ccde02e43124ed010120b99d853d65
Signed-off-by: Diogo Guerra <dy090.guerra@gmail.com>
Add a new hidden flag to cluster templates. This allows an operator to
keep a cluster public (accessible to all users) while not showing them
in cluster template listing.
Story: 2004941
Task: 29342
Change-Id: Ia2717ca960041753f6e772bf2d41c7f5a196dae6
Add enable_tiller label to install tiller in k8s_fedora_atomic
clusters. Defaults to false.
Add tiller_tag label to select the version of tiller. If the
tag is not set the tag that matches the helm client version in
the heat-agent will be picked. The tiller image can be stored
in a private registry and the cluster can pull it using the
container_infra_prefix label.
Install tiller securely using helper container.
TODO:
*add instructions on how RBAC is designed
https://docs.helm.sh/using_helm/#example-deploy-tiller-in-a-namespace-restricted-to-deploying-resources-in-another-namespace
* add docs on how to install addon in the cluster using this tiller
* how users can get the creds to talk to tiller
NOTE:
The main goal of this tiller is internal usage!
Users can still deploy other tillers in other namespaces.
story: 2003902
task: 26780
Change-Id: I99d3a78085ba10030200f12bbfe58a72964e2326
Signed-off-by: dioguerra <dy090.guerra@gmail.com>
When the base zuul job moved from openstack-infra to
opendev the role openstack-zuul-jobs which we depend
on for the swap was removed.
This patch manually imports that repo.
Change-Id: I90acaf010014664879f5c0d2f1a1ef660baf498f
Allow passing label values on cluster creation for swarm mode. This is
available in all kubernetes drivers as well as swarm, but somehow missed
on swarm mode.
Story: 2004942
Task: 29343
Change-Id: Ie3ac66f45e27cc92993116c3df0b33873dc67e24
- Add "octavia" as one of the "ingress_controller" options.
- Add label "octavia_ingress_controller_tag".
- Use external network ID in the heat templates.
Story: 2004838
Change-Id: I7d889a054cd5feb2eeef523b20607a6c7630d777
Add openssh-client to the heat-agent to act on the
host.
story: 2002210
task: 29142
Change-Id: I6e52291e4fc750418c70a22cc386034fa729d765
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
And also update the default value of keystone_auth_enabled from False
to True in favor of prompting the integration of OpenStack and K8s.
Change-Id: I0fcea762d467e1afeecb175f65b9b13ad9ee1f71
To get a better cluster template versioning and relieve the pain
of maintaining public cluster template, the patch is proposing
that the name of cluster template can be changed.
A folllowing patch/spec will be proposed to add a new field
'deprecated' to allow ops to hide old/deprecated templates.
Task: 26889
Story: 2003960
Change-Id: Id1db81d35bc3dccff0fac481be7801de200d52de
This commit adds the functionality of magnum-status CLI for performing
upgrade checks as part of the Stein cycle upgrade-checkers goal.
It only includes a sample check which must be replaced by real checks in
future.
Change-Id: Ia8a74fd8bd5a804e71bb04eb0615fa114a517bc4
Story: 2003657
Task: 26138
When user creates LoadBalancer type service in k8s cluster, a floating
ip may be created and associated with the load balancer VIP. Magnum
now could delete the load balancers automatically in the cluster
pre-delete method, should also remove the floating ip as needed.
This patch depends on the github PR for cloud-provider-openstack:
https://github.com/kubernetes/cloud-provider-openstack/pull/433
Story: 2004836
Change-Id: Ia553aff4e66033346c6bfe120a72992bec79e136