This patch brings the Fedora Atomic version used in gating to
the latest one which includes some improvements alongside a newer
version of Docker (which seems to run things better overall).
Change-Id: Iad0a1f57b29aec9a0cdb2a104fdaa5970133cfb4
To upgrade cluster we need to be able to set image tags
so this change adds to labels for corresponding containers
Task: 23314
Story: 2003171
Change-Id: I4cd0270a69fb889c59bdb28966821adb11fd0292
As openstack installation guides suggest to run mysql with root shell
user, mysql will not ask for password, so the "-u root -p" is useless.
Change-Id: I5ffa77971ecbcc9210b185a39842140b3acd8147
Related-Bug: #1785025
A new label `service_cluster_ip_range` is added for k8s so that
user can set the service portal ip range to avoid conflicts with
pod ip range.
Task: 22568
Story: 2002725
Change-Id: Ie6e95a953059cc4bd5cf15a44f8666b714defb13
Blank line broke formatting in doc/source/user/index.rst. I therefore
deleted it.
Use code blocks instead of indentation in admin/magnum-proxy.rst
Old indentation was wrongly formated as quotation.
contributor/api-microversion.rst : Note was wrongly indented and
therefore interpreted as a quotation.
Change-Id: I47797a05be22a3b38f7994432ed75b67b6a4962a
This is a part of fixes for k8s v1.11.1 recently we're doing. When
testing the k8s v1.11.1, we just found some small but annoying issues:
1. cgroup-driver with systemd not working well with Fedora Atomic, so
we're going to use cgroupfs as the default cgroup-driver.
2. The $ char need to be escaped wc-notify-master.sh
Task: 23223
Story: 2003103
Change-Id: I995f5b82abadfdb7f78f7c098ac7a7f1e5c34fd3
Add 'cloud_provider_enabled' label for the k8s_fedora_atomic
driver. Defaults to true. For specific kubernetes versions if
'cinder' is selected as a 'volume_driver', it is implied that
the cloud provider will be enabled since they are combined.
The motivation for this change is that in environments with
high load to the OpenStack APIs, users might want to disable
the cloud provider.
story: 1775358
task: 1775358
Change-Id: I2920f699654af1f4ba45644ab60a04a3f70918fe
This patch allows specification of Cgroup driver for Kubelet service.
The necessity of this patch was realised after upgrading Docker to the
new community edition (17.3+) which defaults to `cgroupfs` Cgroup
driver but on the other hand, Fedora Atomic (version 27) comes with
1.13. Cgroup drivers for Docker need to be identical for the two
services, Docker and Kubelet, need to be able to work together.
Story: 2002533
Task: 22079
Change-Id: Ia4b38a63ede59e18c8edb01e93acbb66f1e0b0e4
For the 'devicemapper' storage driver, must specify volume and
the minimum value is 3GB.
Change-Id: I2b5ab83ac00b4a5bc6f113924e022f8952dd7766
Closes-Bug: #1772782
After merging https://review.openstack.org/#/c/503952
update the according documentation to walk towards
deprecation of the magnum client
In addition, update old reference to bay in cluster commands.
Change-Id: Idf316f93dbc897ea0558da9b26a349644d4b98cf
Partially-Implements: blueprint deprecate-magnum-client
DNS service is a very critical service in k8s world, though it's not
a part of k8s itself. So it would be nice to have it replicate more
than 1 and on differents nodes to have high availbility. Otherwise,
services running on k8s cluster will be broken if the node contains
DNS pod down. Another sample is, when user would like to do a cluster
upgrade, services will be borken when the node containers DNS pod
being replaced. You can find lots of discussion about this, please
refer [1],[2] and [3].
[1] https://github.com/kubernetes/kubeadm/issues/128
[2] https://github.com/kubernetes/kubernetes/issues/40063
[3] https://github.com/kubernetes/kops/issues/2693
Closes-Bug: #1757554
Change-Id: Ic64569d4bdcf367955398d5badef70e7afe33bbb
This patch attemps to take some of the content from the guides and make a
glossary which can then be referenced where needed.
Change-Id: Ifb360401556fb0aacd4136e7a08ee1440b7c9d62
Partially-Implements: blueprint docs-refactor
Added subsection in contributor quickstart guide with minimum system
resources required to use Magnum with DevStack.
Change-Id: Icd6b3ecd7011a75c0ad0a50943c1934eeeb7351a
Define a set of new labels to pass additional options to the kubernetes
daemons - kubelet_options, kubeapi_options, kubescheduler_options,
kubecontroller_options, kubeproxy_options.
In all cases the default value is "", meaning no extra options are
passed to the daemons.
Change-Id: Idabe33b1365c7530edc53d1a81dee3c857a4ea47
Closes-Bug: #1701223
Add ingress controller configuration and backend to kubernetes clusters.
A new label 'ingress_controller' defines which backend should serve
ingress, with traefik added as the only option for now.
It is defined as a DaemonSet, with instances on all nodes defined with a
certain role. This role is set as an additional cluster label
'ingress_controller_role', with a default value of 'ingress'.
For now no node is automatically set with this role, with users or operators
having to do this manually after cluster creation.
Change-Id: I5175cf91f37e2988dc3d33042558d994810842f3
Closes-Bug: #1738808
In Fedora Atomic 27 etcd and flanneld are removed from the base image.
Install them as a system containers.
* update docker-storage configuration
* add etcd and flannel tags as labels
Change-Id: I2103c7c3d50f4b68ddc11abff72bc9e3f22839f3
Closes-Bug: #1735381
Currently, the default k8s version in Magnum is v1.7.4, but based on the
deprecation policy of k8s. It will be deprecated at March 2018, see
https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/
So it would be nice to change the default k8s version to latest.
Closes-Bug: #1750549
Change-Id: I053e50ac879b031c8438a2587a99de44e0360c47
Add a new label 'cert_manager_api' to kubernetes clusters controlling the
enable/disable of the kubernetes certificate manager api.
The same cluster cert/key pair is used by this api. The heat agent is used
to install the key in the master node(s), as this is required for kubernetes
to later sign new certificate requests.
The master template init order is changed so the heat agent is launched
previous to enabling the services - the controller manager requires the CA key
to be locally available before being launched.
Change-Id: Ibf85147316e3a194d8a3f92cbb4ae9ce8e16c98f
Partial-Bug: #1734318
Explain how to select a specific Kubernetes version by specifying the
kube_tag label.
In the process, also fix the broken list of images that must be
mirrored, immediately above kube_tag.
In addition, fix an unrelated whitespace error in
specs/containers-service.rst which would cause tox -e docs to fail.
Change-Id: Ieff1474b74e0b1595c05d945b69bec16bfef9c3b
Update contributor guide instructions for using devstack. When creating
a swarm ClusterTemplate in devstack, coe should be set to swarm-mode.
Change-Id: I03083708e22888a0f10f7802c5883a3ec105485f
The network driver and volume driver used in template are case
sensitive, so it would be nice to use the correct case in document
to avoid confusion.
Closes-Bug: #1748307
Change-Id: I1709acbd18a37f5e5987b3a0eb9a0e8b3ac0e42a
MySQL is no longer in CentOS repos. MariaDB has become the
default database offered. MariaDB is considered a binary
drop-in replacement for MySQL.
https://mariadb.com/kb/en/library/mariadb-vs-mysql-compatibility/
Change-Id: Ib0c971361ae0e5742cf0beaad2859579df601e5b
Due to a few several small connected patches for the
fedora atomic driver, this patch includes 4 smaller patches.
Patch 1:
k8s: Do not start kubelet and kube-proxy on master
Patch [1], misses the removal of kubelet and kube-proxy from
enable-services-master.sh and therefore they are started if they
exist in the image or the script will fail.
https://review.openstack.org/#/c/533593/
Closes-Bug: #1726482
Patch 2:
k8s: Set require-kubeconfig when needed
From kubernetes 1.8 [1] --require-kubeconfig is deprecated and
in kubernetes 1.9 it is removed.
Add --require-kubeconfig only for k8s <= 1.8.
[1] https://github.com/kubernetes/kubernetes/issues/36745
Closes-Bug: #1718926https://review.openstack.org/#/c/534309/
Patch 3:
k8s_fedora: Add RBAC configuration
* Make certificates and kubeconfigs compatible
with NodeAuthorizer [1].
* Add CoreDNS roles and rolebindings.
* Create the system:kube-apiserver-to-kubelet ClusterRole.
* Bind the system:kube-apiserver-to-kubelet ClusterRole to
the kubernetes user.
* remove creation of kube-system namespaces, it is created
by default
* update client cert generation in the conductor with
kubernetes' requirements
* Add --insecure-bind-address=127.0.0.1 to work on
multi-master too. The controller manager on each
node needs to contact the apiserver (on the same node)
on 127.0.0.1:8080
[1] https://kubernetes.io/docs/admin/authorization/node/
Closes-Bug: #1742420
Depends-On: If43c3d0a0d83c42ff1fceffe4bcc333b31dbdaab
https://review.openstack.org/#/c/527103/
Patch 4:
k8s_fedora: Update coredns config to pass e2e
To pass the e2e conformance tests, coredns needs to
be configured with POD-MODE verified. Otherwise, pods
won't be resolvable [1].
[1] https://github.com/coredns/coredns/tree/master/plugin/kuberneteshttps://review.openstack.org/#/c/528566/
Closes-Bug: #1738633
Change-Id: Ibd5245ca0f5a11e1d67a2514cebb2ffe8aa5e7de
Add a new label 'availability_zone' allowing users to specify the AZ
the nodes should be deployed in. Only one AZ can be passed for this
first implementation.
Change-Id: I9e55d7631191fffa6cc6b9bebbeb4faf2497815b
Partially-Implements: blueprint magnum-availability-zones
