For moving to 1.15.x and beyond we need to have PSP for privileged pods.
flannel, calico and node-problem-detector need it.
PSP
story: 2006515
task: 36513
Allow-priv
story: 2006252
task: 35867
Change-Id: I306a249afb275fdbd71354ed75043ffc4d466304
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
This is the fix for the "line 528: KUBE_PROXY_ARGS: unbound variable"
error in master.
Change-Id: Iaf5bbc8e4946c6625e82b6f68e754328f08b6ce7
Story: 2006492
Task: 36448
Regarding passwords, they could be guessed if there is no
faild-to-ban-like solution. So it'd better to disable it
for security reasons.
Task: 36300
Story: 2006413
Change-Id: Ie7534c12612750d9aafd4feae5193b34997b22ff
The size of the etcd volume should be taken from the cluster and not
the cluster template.
story: 2005143
Change-Id: I4cdbb436558fba90adec717e228e2970be509b87
This is a missing case after we fixed[1]. When user passing in
an existing network when creating cluster, the network name is
missed in the code. This patch fixes it.
[1] https://review.opendev.org/678067
Task: 36430
Story: 2005333
Change-Id: I3a005089c4a755812c40589d8fa1e3ab7bbf062d
Flannel is recommending using vxlan[1] and udp is just for debugging
or the kernel doesn't support vxlan or host-gw. So this patch is
proposing using 'vxlan' as the default value of label 'flannel_backend'
and it has been verified with sonobuoy.
[1] https://github.com/coreos/flannel/blob/master/Documentation/backends.md
Task: 36425
Story: 2006482
Change-Id: Ibe7f3446be894c593c6147186cc159bd01834d29
The output of heat-container-agent has become unreadable. This patch
aims to address this in order to make debugging easier.
Additionally, this patch also adds missing dependencies in the most
recent fedora:rawhide (32) image.
Task: 36392
Story: 2006463
Change-Id: I54180b96357f6fa6d4044d818740ae70e036e435
The label kubeproxy_options was being ignored when setting up both
master and minions. Add it to the kube proxy args.
Change-Id: Ic830f19e1af062e90d066e6df4df2e4376e4f379
Story: 2006465
Task: 36394
Sometimes, the fixed_network value gets rendered as UUID. However OCCM's
internal-network-name requires the network name, it does not support
UUID. This patch introduces a new parameter called fixed_network_name
which converts fixed_network UUID to name if it is UUID-like.
Story: 2005333
Task: 36313
Change-Id: I3453bc0dbea285687d39c9782685cb1f2a3ecd39
Fedora Atomic 27 has end of life for a while, it's time to replace it
with Fedora Atomic 29 now.
Task: 36356
Story: 2006441
Change-Id: Iab131745854b0b908be17bd17c7510cd54dde1f5
At the moment, the Python locale module expects `en_US.utf8` to be
present. More recent fedora rawhides only come with `C`, `C.utf8` and
`POSIX` locale options unlike the older rawhides. The workaround is to
build the Dockerfile with environment variable `LC_ALL` set to `C`. See
https://storyboard.openstack.org/#!/story/2006381#comment-141003 for a
longer description of the problem.
Change-Id: I412dd84f09dc217f2c9d974fe203c296b0710ef0
Story: 2006381
Task: 36184
The heat-container-agent is currently failing to build due to misconfigured
upstream fedora:rawhide image. We can revert this change later.
Change-Id: I66723ae4329985c84a4549e44a4a7624927b3045
Story: 2006381
Task: 36184
Add API ref change for fixed-network, fixed-subnet and
floating_ip_enabled for cluster creation.
Task: 36326
Story: 2006208
Change-Id: I2724934de96de1a348d72bf39ff114e3f323eb9e
This patch fixes bad generated cloud-config file due to missing double quotes.
As a result, kube-controller-manager and kubelet services fail to start.
This is a regression introduced in https://review.opendev.org/#/c/666625/.
Change-Id: I0e0a3786e084fc4d3aae3151791d79c3956d2e52
Task: 36192
Story: 2005333
When doing rolling upgrade, the addon tag/version will be parsed
to make sure there is no downgrade. But if there is tag/version
is not well-formated, it can't be parsed by pbr.version.SemanticVersion.
This patch adds a catch to avoid throwing error and just skip
this case.
Task: 36186
Story: 2002210
Change-Id: I846cd0fd40a6607c36fff8992d98d8a55c49b3fa
We kept introspecting the name of the instance with the assumption
that the network always existed under .novalocal
This is not always the case, with certain variables changed inside
Neutron it is possible to control this, therefore, leading in failing
deploys.
With this change, we pass the instance name directly to the cluster
and therefore we always have the accurate name.
Task: 36160
Story: 2006371
Change-Id: I2ba32844b822ffc14da043e6ef7d071bb62a22ee
This project uses storyboard for new bugs, so fix a few places:
* Fix the "Report a bug" links so that bugs get reported against
storyboard, not launchpad.
* Update CONTRIBUTING to link to storyboard.
Change-Id: I2760db2e14015407af46ec52ffe4883262ccb5ba
Spyros Trigazis
Zuul
Theodoros Tsioutsias
Feilong Wang
Bharat Kunwar
Ricardo Rocha
Mohammed Naser
Andreas Jaeger