Kubernetes should initialize its Global configuration for the OpenStack
provider with the region specified in the Heat stack.
This will allow user to create Magnum Kubernetes clusters in
multiregional OpenStack installation with different public endpoint for
services.
Task: 22576
Story: 2002728
Change-Id: I66820369b889e16445cad7a48cd0f458aae1c41f
Scripts are the core of Magnum for COE deployment. To be more
clear and consistent, two changes proposed in this patch:
1. Rename network related script to xxx-flannel-xxx given they
are all for flannel and now we have calico driver.
2. Adding .sh for some scripts to be consistent with others.
Change-Id: I1a8dfe21d4ff0c58f7f52ebea05c9b22dff16bf0
Currently the option of selecting no floating IP will not apply to
a multimaster configuration and loadbalancers will be expected to use
floating IPs. This patch allows the floating IP resources to be
disabled among the load balancers.
Task: 22121
Story: 2002557
Change-Id: I8f96fba8aa41319ac209baedd9d3a927aad0eb91
Multi master deployments for k8s driver use different service account
keys for each api/controller manager server which leads to 401 errors
for service accounts. This patch will create a signed cert and private
key for k8s service account keys explicitly, dedicatedly for the k8s
cluster to avoid the inconsistent keys issue.
Task: 21653
Story: 1766546
Change-Id: I61547405f866d3c5a84da63de66724b55af1066a
This adds an immediate failure response if the etcd discovery service returns
a bad status code. Before Magnum would continue to run and fail to configure
but with vague information of its failure. This would cause Magnum to generally
wait until the entire timeout before failing.
Change-Id: Iebd51e5dc8a3e3c285cb0c2af35c19f6f37ed0a7
Task: 22193
Story: 2002584
Create admin cluster role for k8s_fedora_atomic, it is defined in
the configuration but it wasn't applied.
story: 1766284
task: 22208
Change-Id: I112fe2ddb1d5400fcbc73bbdbc8d483d5a92d120
Add explicit entrypoints to the traefik controller configuration, with
the existing http but also adding a tls enable entrypoint on port 443.
Add corresponding ports to service and container definitions.
Story: 2002555
Task: 22117
Change-Id: I3413947276019b584db15a92f62a1a427ac26594
Explicitly pass --logLevel instead of using -d.
Also renamed option --web (deprecated) to --api.
Change-Id: I3bcc679eae833cec6086c744d48adfa86f6f51b8
Story: 2002556
Task: 22118
Some configuration options were accepting both IP addresses
and hostnames. Since there was no specific OSLO opt type to
support this, we were using ``StrOpt``. The change [1] that
added support for ``HostAddressOpt`` type was merged in Ocata
and became available for use with oslo version 3.22.
This patch changes the opt type of configuration options to use
this more relevant opt type - HostAddressOpt.
[1] I77bdb64b7e6e56ce761d76696bc4448a9bd325eb
Change-Id: Id179ad55d4344a7dc2214896290890862b560e0c
When creating a multi-master cluster, all master nodes will attempt to
create kubernetes resources in the cluster at this same time, like
coredns, the dashboard, calico etc. This race conditon shouldn't be
a problem when doing declarative calls instead of imperative (kubectl
apply instead of create). However, due to [1], kubectl fails to apply
the changes and the deployemnt scripts fail causing cluster to creation
to fail in the case of Heat SoftwareDeployments. This patch passes the
ResourceGroup index of every master so that resource creation will be
attempted only from the first master node.
[1] https://github.com/kubernetes/kubernetes/issues/44165
Task: 21673
Story: 1775759
Change-Id: I83f78022481aeef945334c37ac6c812bba9791fd
This patch allows specification of Cgroup driver for Kubelet service.
The necessity of this patch was realised after upgrading Docker to the
new community edition (17.3+) which defaults to `cgroupfs` Cgroup
driver but on the other hand, Fedora Atomic (version 27) comes with
1.13. Cgroup drivers for Docker need to be identical for the two
services, Docker and Kubelet, need to be able to work together.
Story: 2002533
Task: 22079
Change-Id: Ia4b38a63ede59e18c8edb01e93acbb66f1e0b0e4
We want to default to running all tox environments under python 3, so
set the basepython value in each environment.
We do not want to specify a minor version number, because we do not
want to have to update the file every time we upgrade python.
We do not want to set the override once in testenv, because that
breaks the more specific versions used in default environments like
py35 and py36.
Change-Id: Idba5b407405e7d1457a02b074bf60b7fded284ee
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
Certificate (ca.crt) has to be striped for some application parsers
as they might require pure base64 representation of
certificate itself, without empty characters
at the beginning nor the end of file
Change-Id: I5f58e19d03abdf040b9a5b5df2f4dd83b4c0e3a9
Closes-Bug: #1775342
For the 'devicemapper' storage driver, must specify volume and
the minimum value is 3GB.
Change-Id: I2b5ab83ac00b4a5bc6f113924e022f8952dd7766
Closes-Bug: #1772782
Certificate (ca.crt) has to be striped for some application parsers
as they might require pure base64 representation of
certificate itself, without empty characters
at the beginning nor the end of file
Change-Id: I85457e0e2adcf21003300fafc6e2502f74b1afb5
In the OpenStack deployment with Octavia service enabled, the octavia
service should be used not only for master nodes high availability, but
also for k8s LoadBalancer type service implementation as well.
Change-Id: Ib61f59507510253794a4780a91e49aa6682c8039
Closes-Bug: #1770133
After adding the autoscaler for coredns, the limit
for user_data was reached again. Make coredns
config a SoftwareDeployment.
Change-Id: I0a9852e9293842e859947acf0c4b6da20394436a
Closes-Bug: #1757554
After merging https://review.openstack.org/#/c/503952
update the according documentation to walk towards
deprecation of the magnum client
In addition, update old reference to bay in cluster commands.
Change-Id: Idf316f93dbc897ea0558da9b26a349644d4b98cf
Partially-Implements: blueprint deprecate-magnum-client
When the backend of flanneld service is vxlan(it listens to 8472
UDP port), magnum need open the port from master.
Closes-Bug: #1767546
Change-Id: Iac5beac5a90d9f81a0cd9f481531677a710608a8
Add an admin service account and give it the
cluster role. It can be used for access apps
with token authentication like the
kubernetes-dashboard.
Remove the cluster role from the dashboard service account.
Change-Id: I7980c0e72b0d71921e42af7338d02b8a1e563c34
Closes-Bug: #1766284
