The derived cloud_provider_enabled is placed inside extra_params so that
openstack-cloud-controller-manager gets applied correctly. This required
change was unfortulately missed in https://review.opendev.org/681922.
Additionally improve the docs related to cloud_provider_enabled label.
Story: 2006531
Task: 36740
Change-Id: I4a89d25b467edd2c4be608c37055706e4e62d78b
Support boot from volume for Kubernetes all nodes (master and worker)
so that user can create a big size root volume, which could be more
flexible than using docker_volume_size. And user can specify the
volume type so that user can leverage high performance storage, e.g.
NVMe etc.
And a new label etcd_volme_type is added as well so that user can
set volume type for etcd volume.
If the boot_volume_type or etcd_volume_type are not passed by labels,
Magnum will try to read them from config option
default_boot_volume_type and default_etcd_volume_type. A random
volume type from Cinder will be used if those options are not set.
Task: 30374
Story: 2005386
Co-Authorized-By: Feilong Wang<flwang@catalyst.net.nz>
Change-Id: I39dd456bfa285bf06dd948d11c86867fc03d5afb
At the moment, cluster deployment fails when cluster_user_trust=False.
This is because the entire SoftwareDeployment exits rather than a single
script fragment. This patch fixes this by scoping the remainder of the
script conditional on whether TRUST_ID is defined.
Finally, default `cloud_provider_enabled` to false when
`cluster_user_trust` is false. Raise an error when
`cloud_provider_enabled` is overridden to true when `cluster_user_trust`
is false. This ensures that the minion kubelet is correctly configured.
Change-Id: Ibd9270c87bfa5d2f490e2e226e33ca56696d9e81
Story: 2006531
Task: 36587
The token end-point --os-url argument was removed in openstackclient
with I1b9fbb96e447889a41b705324725a2ffc8ecfd9f.
The plugin should be running as admin, I think we can remove all the
authentication arguments and just let it do it's thing.
Change-Id: I9b1dbc541c9fd6c0e3a894dd3a5dd9f2011f1e2a
We have implicit branch matchers, so there's no need to add a check for
not-ocata, this job is only run for the branch it's on - like master
now.
Remove it to not confuse Zuul when multiple branches matches and the job
is different.
Also fix heat-container-agent to make linking of /usr/bin/python to python3
conditional on whether it already exists.
Change-Id: I1fec9d19cd14cf2fe2473b7610870e8d669021b9
This also removes reference to the deprecated DevStack gate.
A few links have been removed, namely anything relating to
/elements/ as it doesn't appear to exist anymore and I cannot
find any reference to it. If anyone can point me in the right
direction, that would be appreciated.
Change-Id: Ie3fab1afc5b2958819b74c39a0e492fd7da5d6a3
Backports: stein rocky
Signed-off-by: Alexandra Settle <asettle@suse.com>
For moving to 1.15.x and beyond we need to have PSP for privileged pods.
flannel, calico and node-problem-detector need it.
PSP
story: 2006515
task: 36513
Allow-priv
story: 2006252
task: 35867
Change-Id: I306a249afb275fdbd71354ed75043ffc4d466304
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
There shouldn't be a default value for floating_ip_enabled when creating
cluster. By default, when it's not set, the cluster's floating_ip_enabled
attribute should be set with the value of cluster template. It's fixed
by removing the default value from Magnum API.
Task: 36500
Story: 2006208
Change-Id: I4077783c6a19a413d534f77f287da587353df0af
This is the fix for the "line 528: KUBE_PROXY_ARGS: unbound variable"
error in master.
Change-Id: Iaf5bbc8e4946c6625e82b6f68e754328f08b6ce7
Story: 2006492
Task: 36448
Regarding passwords, they could be guessed if there is no
faild-to-ban-like solution. So it'd better to disable it
for security reasons.
Task: 36300
Story: 2006413
Change-Id: Ie7534c12612750d9aafd4feae5193b34997b22ff
The size of the etcd volume should be taken from the cluster and not
the cluster template.
story: 2005143
Change-Id: I4cdbb436558fba90adec717e228e2970be509b87
This is a missing case after we fixed[1]. When user passing in
an existing network when creating cluster, the network name is
missed in the code. This patch fixes it.
[1] https://review.opendev.org/678067
Task: 36430
Story: 2005333
Change-Id: I3a005089c4a755812c40589d8fa1e3ab7bbf062d
Flannel is recommending using vxlan[1] and udp is just for debugging
or the kernel doesn't support vxlan or host-gw. So this patch is
proposing using 'vxlan' as the default value of label 'flannel_backend'
and it has been verified with sonobuoy.
[1] https://github.com/coreos/flannel/blob/master/Documentation/backends.md
Task: 36425
Story: 2006482
Change-Id: Ibe7f3446be894c593c6147186cc159bd01834d29
The output of heat-container-agent has become unreadable. This patch
aims to address this in order to make debugging easier.
Additionally, this patch also adds missing dependencies in the most
recent fedora:rawhide (32) image.
Task: 36392
Story: 2006463
Change-Id: I54180b96357f6fa6d4044d818740ae70e036e435
The label kubeproxy_options was being ignored when setting up both
master and minions. Add it to the kube proxy args.
Change-Id: Ic830f19e1af062e90d066e6df4df2e4376e4f379
Story: 2006465
Task: 36394
Sometimes, the fixed_network value gets rendered as UUID. However OCCM's
internal-network-name requires the network name, it does not support
UUID. This patch introduces a new parameter called fixed_network_name
which converts fixed_network UUID to name if it is UUID-like.
Story: 2005333
Task: 36313
Change-Id: I3453bc0dbea285687d39c9782685cb1f2a3ecd39
Fedora Atomic 27 has end of life for a while, it's time to replace it
with Fedora Atomic 29 now.
Task: 36356
Story: 2006441
Change-Id: Iab131745854b0b908be17bd17c7510cd54dde1f5
At the moment, the Python locale module expects `en_US.utf8` to be
present. More recent fedora rawhides only come with `C`, `C.utf8` and
`POSIX` locale options unlike the older rawhides. The workaround is to
build the Dockerfile with environment variable `LC_ALL` set to `C`. See
https://storyboard.openstack.org/#!/story/2006381#comment-141003 for a
longer description of the problem.
Change-Id: I412dd84f09dc217f2c9d974fe203c296b0710ef0
Story: 2006381
Task: 36184
The heat-container-agent is currently failing to build due to misconfigured
upstream fedora:rawhide image. We can revert this change later.
Change-Id: I66723ae4329985c84a4549e44a4a7624927b3045
Story: 2006381
Task: 36184
Add API ref change for fixed-network, fixed-subnet and
floating_ip_enabled for cluster creation.
Task: 36326
Story: 2006208
Change-Id: I2724934de96de1a348d72bf39ff114e3f323eb9e
This patch fixes bad generated cloud-config file due to missing double quotes.
As a result, kube-controller-manager and kubelet services fail to start.
This is a regression introduced in https://review.opendev.org/#/c/666625/.
Change-Id: I0e0a3786e084fc4d3aae3151791d79c3956d2e52
Task: 36192
Story: 2005333
Currently, if variable dns-nameserver is a list which
contains extra spaces, e.g., '8.8.8.8, 8.8.4.4', then
validate_dns will fail and API will throw 400 Bad request.
This patch strips extra spaces before the dns format validation.
Change-Id: I8d7c94f42e9ea70009157c5de3dce75620ff5fe8
Story: 2006407
Task: 36291
When doing rolling upgrade, the addon tag/version will be parsed
to make sure there is no downgrade. But if there is tag/version
is not well-formated, it can't be parsed by pbr.version.SemanticVersion.
This patch adds a catch to avoid throwing error and just skip
this case.
Task: 36186
Story: 2002210
Change-Id: I846cd0fd40a6607c36fff8992d98d8a55c49b3fa
Zuul
Bharat Kunwar
Spyros Trigazis
Mohammed Naser
Ian Wienand
Andreas Jaeger
Alexandra Settle
Feilong Wang
Theodoros Tsioutsias
Ricardo Rocha
Xingchao Yu