A user may not rely on nova-keypairs to access their cluster
such as a preconfigured SSSD.
story: 2004402
task: 28035
Change-Id: I77fbdc174d3dddfd312fb8dac20516314d4c182e
The cluster name is useful to identify resources created in different
k8s clusters, especially in the cloud environment, the cluster name is
always injected into the name of the cloud resources(e.g. the load
balancer, volume, etc.), which is helpful for the cluster resource
clean up.
The magnum cluster UUID is used as the value of '--cluster-name' option.
Story: 2004242
Task: 27766
Change-Id: I245a8869948a0b8bfa8d5cc32e7fb9277477026a
Ironic has evolved and a few items were no longer correct
in the contributed scripts for use with ironic.
Additionally a database workaround was fixed, and as such
commented out.
Change-Id: I105791985973e8348d43d41982ac7ba3e0cf970c
Ensure the --live-restore is not in the Docker daemon OPTIONS.
Some images has this option by default which will cause the node
not being able to perform it swarm init process.
Change-Id: I287a5274143903fad5d4476e9d1640b26bdb46d4
Story: 2004095
Task: 27497
Update heat-container-agent version tag to include the multi region
fix.
Task: 27051
Story: 2003992
Change-Id: Ided337dafa52cce771126e96ef41a62a3358fda1
--register-with-taints take no effect when --register-schedulable=false
configured. It's better to drop --register-schedulable and
leave --register-with-taints to make master schedulable
add --pod-infra-container-image=CONTAINER_INFRA_PREFIX
for kubelet on master nodes.
Change-Id: Ia2ce59841d823ba02a65224088e5af1a8c9610b1
Cleaning up comments and logging to make sure they properly adhere
to Openstack standards.
* Consistently use """ instead of ''' for comments.
* Always lazy-load logging parameters.
* Fixed bad log line in cert_manager.
Change-Id: I547f5dfa61609a899aef9b1470be8d8a6d8e4b81
Cluster update was used for scaling operations only,
but if the heat-temaplates where changed for any reason
(eg upgrade of the magnum server), the stack update command
was destructive.
This patch uses the existing parameter in the stack update call.
story: 1722573
task: 21583
Change-Id: Id84e5d878b21c908021e631514c2c58b3fe8b8b0
When using 'prometheus_monitoring=true' in the label option,
'kube-enable-monitoring.service' in the master node has stuck in
'Wait for Grafana pod and then inject data source'.
It caused the 'prometheus-monitoring' namespace doesn't exist,
so scripts don't create pods about Prometheus and Grafana.
To fix the error, I added codes in 'magnum/drivers/common/templates/
kubernetes/fragments/enable-prometheus-monitoring.sh' to make
'prometheus-monitoring' namespace.
We could put codes in a new file like 'magnum/magnum/drivers/
k8s_coreos_v1/templates/fragments/create-kube-namespace.yaml',
but I think it's ok.
Change-Id: I23395b41919c6f39cfcc2b4480bcd4b040cae031
Task: 26347
Story: 2003697
USER_TOKEN variable is empty because the grep expression
is not ignoring case and certs are not created.
Change-Id: I175cb2d4c64d5f7024b13ce11c1184029f63c317
Task: 26189
Story: 2003671
To upgrade cluster we need to be able to set image tags
so this change adds to labels for corresponding containers
Task: 23314
Story: 2003171
Change-Id: I4cd0270a69fb889c59bdb28966821adb11fd0292
Allow traffic on TCP port 2377 to the swarm master node
which is used by the nodes to join the cluster using a token.
Story: 2003582
Task: 24888
Change-Id: Iee662e7d76c6863f83d28dfe7a8897fb25b33ed1
Add kubelet on the master nodes. This work was
done already for calico, this patch applies the
same config when calico is used as well.
story: 2003521
task: 24797
Change-Id: Id33fb59ef23da740712d9a9b7ec4205bd6579b35
Since python3.6 os.path.join can be either bytes or
a str. So mock os.path.join in order for the unit tests to
pass.
Change-Id: I82c793875d888092e5c814727a6c4ad4053e76fb
Signed-off-by: Chuck Short <chucks@redhat.com>
tls-ca-file flag is unused and was removed from kube-apiserver
in kubernetes 1.11. This means that any cluster with this
option specified will fail on apiserver start
Pull request on flag removal:
https://github.com/kubernetes/kubernetes/pull/61386
Task: 24858
Story: 2003566
Change-Id: I9c192b94056629a949ee92d867e8cda5c4ff6810
Currently, Magnum is running periodic tasks to collect k8s cluster
metrics to message bus. Unfortunately, it's collecting pods info
only from "default" namespace which makes this function useless.
What's more, even Magnum can get all pods from all namespaces, it
doesn't make much sense to keep this function in Magnum. Because
operators only care about the health of cluster nodes. If they
want to know the status of pods, they can use heapster or other
tools to get that.
Task: 22619
Story: 1775116
Change-Id: I3ca0f2e96fe63870406cc5323f08fa018ac6e8be
1. pods with host network can not reach coredns or any svc or resolve
their own hostname
2. If webhooks are deployed in the cluster, the apiserver needs to
contact them, which means kube-proxy is required in the master node with
the cluster-cidr set.
Change-Id: Icb8e7c3b8c75a3ab087c818c8580c0c8a9111d30
story: 2003460
task: 24719
The statement in configure-kubernetes-master and minion
that is checking weather to enable the cloud provider needs
to be split into two and use one '='.
Change-Id: I64b2d5be10058b2d03c406519b3d80e212844d15
story: 1775358
When create a cluster in Openstack, a master-node has failed during
cloud-init scripts. It failed in 'make-cert.sh' because it couldn't get
a right token. The extra_params['auth_url'] has a slash at the end so
the requested url was wrong.
Returend url of url_for() has a slash at the end.
Just add rstrip('/') to fix this error.
Change-Id: I1f2f0e07a913268b2ba821a8b85b8a3973cb59dc
Task: 23277
Story: 2003144
When we create a cluster and pass the ca.key in a software deployment we
must ensure that the apiserver will start before calico, dashboard etc
which require the api to return ok. [0]
The heat agent process the deployment serially, so if coredns arrives
first in the agent, it will wait forever for the coredns script to
complete.
Putting the cert_manager_api first solves the issue.
[0] curl http://127.0.0.1:8080/healthz
Change-Id: I031ab34141045dde171bcf6206e227fa7eb5885d
story: 2003434
task: 24630
A new label `service_cluster_ip_range` is added for k8s so that
user can set the service portal ip range to avoid conflicts with
pod ip range.
Task: 22568
Story: 2002725
Change-Id: Ie6e95a953059cc4bd5cf15a44f8666b714defb13
Jim Bach