3787 Commits

Author SHA1 Message Date
yatinkarel
4a5c95ae97 Pass 'context' to create_client_files method
Change-Id: Ib45dbd4e48f840edf9497aa98ca87e0ffd89e17f
Closes-Bug: #1670306
2017-03-06 16:46:08 +05:30
Jenkins
5418a64974 Merge "Add admission control to CoreOS Driver" 2017-03-06 09:55:46 +00:00
Jenkins
3205523e22 Merge "Update docs to use positional name argument" 2017-03-04 18:35:22 +00:00
Jason Dunsmore
caf811b974 Update docs to use positional name argument
Using the optional --name argument will result in a deprecation
warning.

Change-Id: Id2be01f9ec40d53c2b7ddd0807e38ee550d7ab8a
Implements: blueprint positional-name
2017-03-03 14:45:35 -06:00
Vijendar Komalla
396439f703 Set k8s apiserver preferred address type arg
Currently not able to run kubectl exec/logs commands
with a k8s cluster created on devstack. This is due
to the fact that apiserver is not able to resolve
the worker node by hostname. This change fixes the
issue by passing --kubelet-preferred-address-types
argument to apiserver.

Change-Id: I9d328626723d11372a6d912fae4edd33b8f01277
Closes-Bug: #1668337
2017-03-03 03:37:24 +00:00
ricolin
9ab31e0d03 Update test requirement
Since pbr already landed and the old version of hacking seems not
work very well with pbr>=2, we should update it to match global
requirement.
Partial-Bug: #1669276

Change-Id: I90d62333c08f4e90bccc42241fd94ad76d44bb43
2017-03-02 15:25:12 +08:00
ArchiFleKs
6f69bf220f Fix hyperkube_image_repo
hyperkube_image_repo should be hyperkube_image as per
https://review.openstack.org/#/c/432383/

Change-Id: If595a413401a4c86adafc9e5e7bdd9b7711a6f6c
Fixes-Bug: #1668998
2017-03-01 15:20:16 +01:00
ArchiFleKs
ac1184fa47 Add admission control to CoreOS Driver
This adds the default set of admission control to CoreOS driver and
enable service account that are a requirement for most K8s addons

Change-Id: Id4948973627f4517eba13901e822f22e3fb1212f
Partially-Implements: bp coreos-best-pratice
2017-03-01 11:48:42 +01:00
Corey O'Brien
27c3efa202 Remove reliance on osprofiler configuration section
Change-Id: I5b06afc0da936c1def04375e9990a20b5d53c3e2
Closes-Bug: 1667417
2017-02-25 04:38:31 +00:00
Jenkins
98bb60e338 Merge "Fix: mesos gate tests" 2017-02-25 01:57:31 +00:00
Jenkins
f45c3117ac Merge "Magnum Development Policies" 2017-02-24 22:27:26 +00:00
yatinkarel
bfa10bf202 Fix: mesos gate tests
Recent change in Infra [1] makes use of local.conf instead of
localrc. Use DEVSTACK_LOCAL_CONFIG to pass the MAGNUM_IMAGE_URL.

[1] https://review.openstack.org/#/c/326585/

Change-Id: I0426cd0aba64a3f4cc595a0919320adbbc86d5f0
2017-02-24 09:55:30 -05:00
Jenkins
121521934a Merge "Validate project-id on quota create" 2017-02-23 02:02:52 +00:00
Jenkins
ed173776ca Merge "Fix CVE-2016-7404" 2017-02-22 20:58:44 +00:00
Vijendar Komalla
34307b8c4f Validate project-id on quota create
Currently on quota create project_id is not
validated. This change is to check if the given
project id is valid or not.

Change-Id: I8f9785aa83257f3abacb5542d3329d4aef7dd849
Closes-Bug: #1665079
2017-02-22 10:54:00 -06:00
Adrian Otto
bc32d79941 Magnum Development Policies
This patch introduces a set of responsibilities, guidelines, and
policies for our conduct. It outlines our team's philosophy for
development in this stage of our maturity cycle.

It extends http://http://docs.openstack.org/project-team-guide with
care taken not to conflict with it.

This may be used for discussion at our team discussion at our upcoming
PTG session on Ocata Retrospective / Team Dynamics.

Change-Id: I4878672c99fec0e5ea8c4beb0001cb9dfb4a30f5
2017-02-22 09:12:50 -05:00
Jenkins
0319fb9c89 Merge "Update reno for stable/ocata" 2017-02-22 12:24:28 +00:00
Mathieu Velten
42e36895ef Missing root-ca-file parameter for proper service account support
Change-Id: I8d581b1fbffdb4b8bc64457da6faae6d45dfc594
Closes-Bug: 1666599
2017-02-21 18:09:36 +01:00
Jenkins
ca2982e83b Merge "Add Kubernetes API Service IP to x509 certificates" 2017-02-21 15:54:54 +00:00
Jenkins
b7a8f0b66e Merge "[suse] Add SERVICE_ACCOUNT_KEY to Kuberneres cluster configuration" 2017-02-21 06:40:46 +00:00
Jenkins
ad6dc2b6f0 Merge "Make INSECURE_REGISTRY_URL works for CoreOS" 2017-02-21 05:41:14 +00:00
Michal Jura
43bec106c7 [suse] Add SERVICE_ACCOUNT_KEY to Kuberneres cluster configuration
Change-Id: I18d6598e2f4b68ae7a672b794023e7408b7f8696
Partial-Bug: #1622949
2017-02-21 04:35:59 +00:00
ArchiFleKs
288bb34fe3 Add Kubernetes API Service IP to x509 certificates
By default, API service with service account is accessible from inside
the cluster at the address 10.254.0.1. This IP should be added to SANS
when generating the certs.

Fixes-bug: #1660811
Change-Id: I214b4296bea55bb0c4015165c56fbd8ca3cebd39
2017-02-20 16:36:21 +01:00
Jenkins
88ddece127 Merge "[suse] Fix flanneld overlay network configuration" 2017-02-20 06:59:22 +00:00
72757b8c38 Update reno for stable/ocata
Change-Id: I4dcf2d92781128569cb9cb9a88ebc2d080af8d43
2017-02-17 20:32:53 +00:00
Vijendar Komalla
3a20d30696 Fix quota API get-all parameter type
Currently for admin user, quota get-all method returning
all the quotas if all_tenants parameter is passed
irrespective of whether the flag is set to True or False.
This change fixes the issue by setting the correct
parameter type in quotas get-all method.

Change-Id: I6992c4b648bbbd01ce7d6ef4c53c031fa1f1c9aa
Closes-Bug: #1665109
2017-02-16 14:47:53 -06:00
ArchiFleKs
7117ff28ca Make INSECURE_REGISTRY_URL works for CoreOS
Parent commit allow custom secure HYPERKUBE_IMAGE_REPO (which can also
be a local registry). Here we implement INSECURE_REGISTRY_URL which
allow settings custom insecure registry for Kubernetes infra components.

It also enable the insecure registry for Docker daemon.

Partially-Implements: blueprint coreos-best-pratice
Partially-Implements: blueprint support-insecure-registry
Change-Id: If00afa2e8a9100546301f9a1f161daed6e3ffc4f
2017-02-16 12:17:42 +01:00
yuhui_inspur
5cbb881c50 Fix some typos
Change-Id: Ic68dcbb8c2d850b3b42c73db8774637068c94645
2017-02-16 00:20:01 -08:00
Vijendar Komalla
ee509ae323 Fix for cluster-update rollback issue
Currently cluster-update is rolling back in case of update
failure irrespective of whether the rollback flag set to
True or False. This change fixes the issue by setting the
right parameter type in cluster patch method.

Change-Id: I6c28c583e7e3b98622634ac2381513b442eb57b6
Closes-Bug: #1664781
2017-02-15 13:44:12 -06:00
Jenkins
e71dbd3492 Merge "Add keypair to api-ref cluster create" 2017-02-15 10:28:48 +00:00
Jenkins
085058bfb2 Merge "Support magnum-api multiple process workers" 2017-02-15 08:37:27 +00:00
Jenkins
82b464bcd4 Merge "Remove support for py34" 2017-02-15 05:20:15 +00:00
Jenkins
cc40e47335 Merge "Switch to kubernetes upstream python client" 2017-02-14 22:56:58 +00:00
Stephen Watson
e3c11196b2 Add keypair to api-ref cluster create
Keypair was missing in api-ref for cluster create, so
add it and update example accordingly.

Change-Id: Ibf9280cec7000c1303b7898494fec9f3a2020068
Closes-Bug: 1660296
2017-02-14 15:37:44 -07:00
Jenkins
08c4b3ed72 Merge "Fix quotas API pagination" 2017-02-14 21:30:33 +00:00
Vijendar Komalla
528dff14f0 Fix quotas API pagination
Currently quotas-list operation with limit is failing
since there is no uuid attribute defined in Quota object.
(Please refer to bug#1662935 report for more details)

Change-Id: I7ec53f990b1223fe3c72fc7a20fb8261c12e8398
Closes-Bug: #1662935
2017-02-14 12:33:27 -06:00
Jenkins
fc49fea35c Merge "[doc] install 'curl' as a prerequisite" 2017-02-14 18:31:44 +00:00
Jenkins
2351d78be2 Merge "Use variables for hyperkube and kube version" 2017-02-14 11:09:26 +00:00
yatin
754eb88737 [doc] install 'curl' as a prerequisite
'curl' is required for installing pip in "Install pip"
section.

Change-Id: I7ca3263aa2dffd751e4668697c2bb2e9a16c88a8
2017-02-14 11:24:32 +05:30
Kevin Lefevre
8b3ebbe8bf Use variables for hyperkube and kube version
Introduce HYPERKUBE_IMAGE_REPO variable which is set to CoreOS
hyperkube by default. Also remove "_coreos.0" from script as it can be a
different build number. This number should be included in the kubernetes
version parameters and not in scripts.

With this, it is possible to use any combination of hyperkube image with
any tags. by default we use the CoreOS one.

Partially-Implements: blueprint support-insecure-registry
Partially-Implements: blueprint coreos-best-pratice
Change-Id: Ie0fbed4b160fa972cfe130c252e87765690e2f5f
2017-02-14 01:48:46 +01:00
Davanum Srinivas
e634b55637 Switch to kubernetes upstream python client
For a really long time, we generated and maintained our very own python
client generated from kubernetes swagger json files. Now in Kubernetes
Community there is a concerted effort to organize an official python
client (also generated from swagger) for everyone to use. So let us
please switch over from our python-k8sclient and use the community
driven python client. I have ported all of our end-to-end tests and got
them working in kubernetes client-python project upstream so we should
be protected from regressions.

Implements: blueprint replace-k8sclient-with-upstream-kubernetes-client

Depends-On: I72359f2b811392008eb5267812bf343797b1553a
Change-Id: Ib81a69cfdc25198e259e3b3d4081c92c01fd1bc5
2017-02-13 14:48:08 -05:00
OpenStack Proposal Bot
26fb77bc0b Updated from global requirements
Change-Id: I73d45d37f256ac1b9c8ac0438d4fa20026fef5c3
2017-02-13 15:13:24 +00:00
yatin
25b2863e2b Add reno: bp secure-etcd-cluster-coe
Change-Id: I84877c258014c57fbcf013a784ab1a35ec6e04f8
Implements: blueprint secure-etcd-cluster-coe
2017-02-13 11:08:43 +05:30
Jenkins
faed9a18ed Merge "Remove $myip when unnecessary and use KUBE_NODE_IP" 2017-02-11 19:11:33 +00:00
OpenStack Proposal Bot
c0fac8e8f1 Updated from global requirements
Change-Id: Ia8979759fabda6e8b9500e84fe4000c53dd7d934
2017-02-11 00:16:34 +00:00
Jenkins
41e15562f7 Merge "Don't enforce microversion for rotate CA cert API" 2017-02-10 18:54:11 +00:00
Kevin Lefevre
44f364b2ef Remove $myip when unnecessary and use KUBE_NODE_IP
myip is defined almost in every fragment. It is unnecessary. We can use
KUBE_NODE_IP that is defined in HEAT. Also, if for some reason
KUBE_NODE_IP is empty, we use the failsafe like in make-cert fragment
where we curl metadata to make sure KUBE_NODE_IP is not empty.

Implements: blueprint coreos-best-pratice
Change-Id: I8597a5afa9b4bc7a5c740738303102e7b60ec63e
2017-02-10 14:35:27 +01:00
ArchiFleKs
6aae3235de Make KUBE_ALLOW_PRIV used for api server
Change-Id: I7513a992cebce46d46308b8263d61efc56d17096
Implements: blueprint coreos-best-pratice
2017-02-10 11:59:00 +01:00
Jenkins
23f13584af Merge "Use https instead of http for git.openstack.org" 2017-02-10 09:35:56 +00:00
Jenkins
f7386549dc Merge "[k8s] Get logs of controller-manager and scheduler" 2017-02-10 09:35:49 +00:00