Add file to the reno documentation build to show release notes for
stable/2024.2.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2024.2.
Sem-Ver: feature
Change-Id: Ie1d3141eb59e9da7511787134e3743c17f16820c
The old taint 'node-role.kubernetes.io/master' has been deprecated since
v1.20 and removed since v1.25[1].
Starting from v1.28, the taint of 'node-role.kubernetes.io/master' does
not pass conformance.
[1] https://kubernetes.io/blog/2022/04/07/upcoming-changes-in-kubernetes-1-24/
node-role.kubernetes.io/master
Change-Id: I32616ea7f382601ecca9fce0a84da007e5471dfb
Add file to the reno documentation build to show release notes for
stable/2024.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2024.1.
Sem-Ver: feature
Change-Id: Ie52bc49730f040e8cd4a815ec5d0eab025add620
cloud-provider-openstack has changed their image repo. To use the
plugins matching later versions of k8s, this needs to be updated.
Also update tags for CI test to match version being tested.
[1] https://github.com/kubernetes/cloud-provider-openstack/pull/2169
Change-Id: I9390db5e1aa357c17a39a7c208d837befafd3820
Allow ClusterTemplate to explicitly specify a driver to use for creating
Clusters.
This is initially sourced from the image property 'magnum_driver', but
may be improved to be specified via client in the future.
Falls back to old driver discovery using (coe, server_type, os) tuple to
keep existing behaviour.
Change-Id: I9e206b589951a02360d3cef0282a9538236ef53b
Label validator function has been left behind, although it's not
checking for anything right now - might be useful in future.
Change-Id: I74c744dc957d73aef7556aff00837611dadbada7
Heat stack SoftwareConfig is unable to provide a reliable upgrade
experience, so is being disabled. More details in code comments.
A Cluster API driver provides a way forward for Magnum to support
these again, and implement upgrade_cluster.
Change-Id: Ibea354ebfe36e8d689a95c30820709ec2b633964
This setting policies (RBAC) new defaults and scope to ``True`` by default.
Note: This should only merged, after at least a cycle gap to allow
operators to adopt new changes.
Depends-On: https://review.opendev.org/c/openstack/magnum-tempest-plugin/+/877086
Change-Id: I6db4eaa64e2efd455dc3d37ccc74ebd8e7a5dbb2
Add file to the reno documentation build to show release notes for
stable/2023.2.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.
Sem-Ver: feature
Change-Id: Icf2e3fa1363ac0cddb05ad18d58dd2d2c6f82829
Cluster user is no longer used for drivers in Magnum since [1].
Remove unused policy rule to reflect that fix.
[1] https://review.opendev.org/c/openstack/magnum/+/889144
Change-Id: Ic7ef89a61835a7045d81dbf5af77714a3270cd7c
This propose changes is base on same concerns as this bug in neutron
https://bugs.launchpad.net/neutron/+bug/1997089
This propose to keep and make sure ADMIN can perform all API requests.
Change-Id: I9a3003963bf13a591cc363fa04ec8e5719ae9114
The Magnum service allow enables policies (RBAC) new defaults and scope by
default. The Default value of config options ``[oslo_policy] enforce_scope``
and ``[oslo_policy] oslo_policy.enforce_new_defaults`` are both to
``False``, but will change to ``True`` in following cycles.
To enable them then modify the below config options value in
``magnum.conf`` file::
[oslo_policy]
enforce_new_defaults=True
enforce_scope=True
reference tc goal for more detail:
https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html
Related blueprint secure-rbac
Change-Id: I249942a355577c4f1ef51b3988f0cc4979959d0b
PodSecurityPolicy has been removed in Kubernetes v1.25 [1]. To allow Magnum
to support Kubernetes v1.25 and above, PodSecurityPolicy Admission
Controller has has been removed.
[1] https://kubernetes.io/docs/concepts/security/pod-security-policy/
Change-Id: I0fb0c372b484275b0677114193289469ee788b84
Add file to the reno documentation build to show release notes for
stable/2023.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.1.
Sem-Ver: feature
Change-Id: I41b10eb5fd865b0cce1b98193dd48ee382ec78d5
Log a warning about fedora-atomic driver deprecation this cycle, so that
users can start migrating to using fedora-coreos.
fedora-atomic driver will be removed in a future cycle.
Change-Id: I026d4fa722cd132e5989998bf902b8a2c73c5a8d
This period job has been deprecated since Change
I3ca0f2e96fe63870406cc5323f08fa018ac6e8be in Rocky/Stein.
As it defaults to disabled, it causes logs like the following to be sent
over and over again.
Running periodic task MagnumPeriodicTasks._send_cluster_metrics
Skip sending cluster metrics _send_cluster_metrics
Remove the code totally as it has basically been a noop for a few
cycles.
Change-Id: Ib9142ab17d562b1d7ccf1409a9e0d934585a094d
The coe mesos has not been maitenaned for quite some
time and hasn't got much attetion from the community
in general. As discussed in the mailing list [1] we
are dropping for now.
In this patch, we start by removing the mesos driver
and its test cases. This part of the code has no impact
for other drivers. Then we can clean up mesos references
that affect the API.
[1] http://lists.openstack.org/pipermail/openstack-discuss/2021-December/026230.html
Conflicts:
lower-constraints.txt
tox.ini
Change-Id: Ied76095f1f1c57c6af93d1a6094baa6c7cc31c9b
In Zed cycle, we have dropped the python 3.6/3.7[1] testing
and its support. Removing the py36 centos8 job as well as
updating the python classifier also to reflect the same.
[1] https://governance.openstack.org/tc/reference/runtimes/zed.html
Change-Id: Ife222160c3ad40668a90450226fd45ba37d4ec51
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I27ac9995b6907ca9ef7a5887730b7bc819c761ca
Only specify dockershim options when container runtime is not containerd.
Those options were ignored in the past when using containerd but since 1.24
kubelet refuses to start.
Task: 45282
Story: 2010028
Signed-off-by: Daniel Meyerholt <dxm523@gmail.com>
Change-Id: Ib44cc30285c8bd4219d4a45dc956696505ddd570