Without this, heat container agents using kubectl version
1.18.x (e.g. ussuri-dev) fail because they do not have the correct
KUBECONFIG in the environment.
Task: 39938
Story: 2007591
Change-Id: Ifc212478ae09c658adeb6ba4c8e8afc8943e3977
According to upstream kube-flannel.yml PR[1], node-selector introduced
is because flannel image doesn't support multiarch manifestes. Which
means that it can't specify flannel:version-arch images in the same
daemonset for every arch platform. To make every arch platform can
deploy flannel upstream add one daemonset with nodeSelector per arch.
But in magnum flannel image tag is configurable via label, thus every
arch platform can use one daemonset to deploy by specify corresponding
flannel image tag. So nodeSelector is unnecessary here.
[1]: https://github.com/coreos/flannel/pull/989
Change-Id: I97e78e8d77973e03eeff598b212287945ca00190
Task: 39453
Story: 2007026
Add an ARCH parameter to handle arch specific things, mostly are the
docker image repo names.
Because not all the docker images magnum used support multi-arch
manifest[1] like kubernetes-dashboard, it will need to specific the
arch name in the docker image repo name.
[1]
https://kubernetes.io/docs/concepts/containers/images/#building-multi-architecture-images-with-manifests
Change-Id: Iccb3a030aefd2d4e55a455d1a0401cbc4eb7fd14
Task: 37884
Story: 2007026
Add fedora coreos driver. To deploy clusters with fedora coreos operators
or users need to add os_distro=fedora-coreos to the image. The scripts
to deploy kubernetes on top are the same with fedora atomic. Note that
this driver has selinux enabled.
The startup of the heat-container-agent uses a workaround to copy the
SoftwareDeployment credentials to /var/lib/cloud/data/cfn-init-data.
The fedora coreos driver requires heat train to support ignition.
Task: 29968
Story: 2005201
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
Change-Id: Iffcaa68d385b1b829b577ebce2df465073dfb5a1
For moving to 1.15.x and beyond we need to have PSP for privileged pods.
flannel, calico and node-problem-detector need it.
PSP
story: 2006515
task: 36513
Allow-priv
story: 2006252
task: 35867
Change-Id: I306a249afb275fdbd71354ed75043ffc4d466304
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
Similar to calico, deploy flannel as a DS.
Flannel can use the kubernetes API to store
data, so it doesn't need to contact the etcd
server directly anymore.
This patch drops to relatively large files for
flannel's config, flannel-config-service.sh and
write-flannel-config.sh. All required config is
in the manifests.
Additional options to the controller manager:
--allocate-node-cidrs=true and --cluster-cidr.
Change-Id: I4f1129e155e2602299394b5866165260f4ea0df8
story: 2002751
task: 24870
On node reboot, kubelet and kube-proxy set
iptables -P FORWARD DROP which doesn't work with
flannel in the way we use it.
Add a systemd unit to set the rule to ACCEPT after
flannel,docker,kubelet,kube-proxy.
Change-Id: I7f6200a4966fda1cc701749bf1f37ddc492390c5
Co-Authored-By: Spyros Trigazis <spyridon.trigazis@cern.ch>
Scripts are the core of Magnum for COE deployment. To be more
clear and consistent, two changes proposed in this patch:
1. Rename network related script to xxx-flannel-xxx given they
are all for flannel and now we have calico driver.
2. Adding .sh for some scripts to be consistent with others.
Change-Id: I97f3e53b4b43648a4896193fb4ce469dbf42c611
Scripts are the core of Magnum for COE deployment. To be more
clear and consistent, two changes proposed in this patch:
1. Rename network related script to xxx-flannel-xxx given they
are all for flannel and now we have calico driver.
2. Adding .sh for some scripts to be consistent with others.
Change-Id: I1a8dfe21d4ff0c58f7f52ebea05c9b22dff16bf0
In Fedora Atomic 27 etcd and flanneld are removed from the base image.
Install them as a system containers.
* update docker-storage configuration
* add etcd and flannel tags as labels
Change-Id: I2103c7c3d50f4b68ddc11abff72bc9e3f22839f3
Closes-Bug: #1735381
* Swarm-mode is the fastest cluster to deploy since it doesn't
require to pull anything from outside.
* Add the output nodes for swarm-mode too.
* Disable copy logs (I think a better practice is to copy logs
on demand).
* Don't run test_create_list_sign_delete_clusters, because it is
very unstable on the CI.
Partially-Implements: blueprint swarm-mode-support
2nd commit message:
Update to Fedora Atomic 26
This patch moves the current master to test against Fedora Atomic 26,
in addition, it switches to downloading from Fedora mirrors.
2nd-Change-Id: I9a97c0eb78b2c9d10e8be1501babb19e73ee70c1
3rd commit message:
Set default iptables FORWARD policy to ACCEPT
With the release of Docker 1.13 which is available in Fedora
Atomic 26, it no longer sets the policy of the FORWARD chain
to ACCEPT[1]. Therefore, CNI networking such as Flannel will
cease to work.
This patch sets the policy to ACCEPT so that traffic can work
once again for deployments which are based on Docker versions
which are newer than 1.13
[1]: https://github.com/moby/moby/pull/28257
3rd-Change-Id: I1457602748619f38f87542fc01a2996ee80e58b7
Closes-Bug: #1708454
Co-Authored-By: Mohammed Naser <mnaser@vexxhost.com>
Change-Id: I86d4dcc94fff622be4ee2acc8dd60ed81bc5d433
The 2 k8s atomic drivers we currently support are added to the
same driver. This breaks ironic support with the stevedore
work I'm currently doing.
With stevedore, we can choose only one driver based on the
server_type, os and coe. We won't be able to pick a driver and
then choose an implementation bases on server_type.
Partially-Implements: blueprint magnum-baremetal-full-support
Co-Authored-By: Spyros Trigazis <strigazi@gmail.com>
Change-Id: Ic1b8103551f48f85baa2ed9ff32d5b70b1fab84e
File contained a cat script within a cat script causing a syntax error.
Changed the limit strings from EOF and EOF to EOF1 and EOF2.
Change-Id: I2970f893f1cd2bfeefd13aae2f09c713770c0499
Closes-Bug: 1584934
Rename heat-kubernetes to kubernetes, heat-mesos to mesos,
docker-swarm to swarm in templates. We use heat templates and
no other methods, so I think it is unnecessary to add heat before
coe. kubernetes, mesos, swarm are better than
heat-kubernetes, heat-mesos, docker-swarm.
Change-Id: I257b35c1c4ef55d3172095736f550f2c55c8d81f
Closes-Bug: #1514682
This patch is meant to cleanup indentations in the templates, as
well some other house keeping fixes.
Closes-Bug: #1504685
Change-Id: I43f6cca8f449dea2db4de6a5308bfa5e4551838e
Refactors Heat templates to support multiple container network
implementations through the network_driver parameter. Keeps
Flannel and its associated parameters as-is for backwards
compatibility.
Partially-Implements: blueprint heat-network-refactor
Change-Id: If00adf5db9187b4ade33785bc19becedb4e688a0
Bharat Kunwar
Xinliang Liu
Spyros Trigazis
Spyros Trigazis
Ricardo Rocha
Mohammed Naser
Feilong Wang
Spyros Trigazis
Vijendar Komalla
Shawn Aten
Hua Wang
Zachary Sais
Daneyon Hansen