At present, when a cluster is patched without node_count (e.g. when
health_status and health_status_reason are patched), the node_count in
the cluster_update invocation contains cluster.node_count instead of
default_ng_worker.node_count which causes unexpected behaviour when a
cluster has additional nodegroups (e.g. the default-worker size gets
incremented by 1 if the additional nodegroup has 1 worker each time the
cluster is patched).
This PS fixes this issue by using default_ng_worker.node_count if path
"/node_count" is not present in the patch object.
Story: 2005266
Task: 39962
Change-Id: I0df5149860604f0adf52701df371e34a6e667b9d
Now the label `fixed_network_cidr` is not handled correctly, no matter
if the label is set, the default value '10.0.0.0/24' is used for
fixed network anyway. This patch fixes it and renamed it as
`fixed_subnet_cidr` to make less confusion. The new behaviour will be:
1. If the label `fixed_subnet_cidr` is set but no fixed subnet passed
in, then a new subnet will be created with the given CIDR.
2. If a fixed subnet is passed in by user, then label `fixed_subnet_cidr`
will be override with the CIDR from the given subnet.
Task: 39847
Story: 2007712
Change-Id: Id05e36696bf85297a556fcd959ed897fe47b7354
When resizing a NG we should strictly send the
desired node_count and the nodes_to_remove.
Otherwise the stack update operation may replace/rebuild
nodes or other resources.
This was the functionality with:
Id84e5d878b21c908021e631514c2c58b3fe8b8b0
But it was reverted with:
I725413e77f5a7bdb48131e8a10e5dc884b5e066a
Story: 2005266
task: 39860
Change-Id: Ib31b6801e0e2d954c31ac91e77ae9d3ef1afebd2
Signed-off-by: Spyros Trigazis <strigazi@gmail.com>
In some environments, heat container agent is erroring because of file
descriptor closing before threads have joined.
Change-Id: I1de5042ea5f4229518e96b985b1832dcacb052db
Story: 2007264
Task: 39788
Eventlet used by many openstack packages depends on greenlet which does
not have a pip release supported by Python 3.9 (default Python version
on Fedora 33). Therefore, pin Fedora to version 32 until new greenlet
release is cut which includes the required fix [0].
Also update default heat_container_agent_tag to victoria-dev.
[0] https://github.com/python-greenlet/greenlet/pull/161
Change-Id: Ice75ae880925cd15c096eb6d1cdabf7f802bccde
Story: 2007264
Task: 39941
Export proxy settings for helm install to make sure
helm can reach charts site.
Task: 39877
Story: 2007725
Change-Id: I4de26d40b7c5ba2759b4892349c59cf3cc870241
Same issue as [0].
If a name ends in .json for example kube.json,
the API fails to process the request.
Create CT with name kube.json and try to do
openstack coe cluster template show kube.json
story: 1643995
task: 39862
[0] I789ecfeac9b64a9c4105a20619f7bf5dfc133189
Change-Id: I0db38880de0727aeed0290fd7f36002f17c0b8f2
Signed-off-by: Spyros Trigazis <strigazi@gmail.com>
- Refactor helm installer to use a single meta chart install job
install job and config which use Helm v3 client.
- Use upstream helm client binary instead of using helm-client container
maintained by us. To verify checksum, helm_client_sha256 label is
introduced for helm_client_tag (or alternatively for URL specified
using new helm_client_url label).
- Default helm_client_tag=v3.2.1.
- Default tiller_tag=v2.16.7, tiller_enabled=false.
Story: 2007514
Task: 39295
Change-Id: I9b9633c81afb08b91576a9a4d3c5a0c445e0cee4
apiserver controller-manager and scheduler are not used in the minions.
story: 2007568
task: 39837
Change-Id: I93b380c484b7e3881b2aa0620fe41ab9d61c1eec
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
Switch to openstackdocstheme 2.2.1 and reno 3.1.0 versions. Using
these versions will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering problems
Update Sphinx version as well.
Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
Remove docs requirements from lower-constraints, they are not needed
during install or test but only for docs building.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: Ic07c726697a8ed7d0a837bf0d16feec222e805f1
The publish step was using helm_version which has been renamed to
helm_versions to accomodate build of v2 and v3 clients.
Story: 2007514
Task: 39733
Change-Id: I69aa13b708a95530a4a86eb066885f3e56a91273
This commit removes .testr.conf since this repo already has
.stestr.conf. We just need .stestr.conf instead of .testr.conf.
Change-Id: Icd34dd62af0b33b2194084ca90858d21d4065630
Unleash the capability that admin user can do rolling upgrade on
behalf of the end user so that cloud admin can do urgent security
patching when it's really necessary.
Task: 39784
Story: 2007675
Change-Id: I8fa9a30ee8252b94baa80e4bbca197b285fb7f71
When a stack has already been deleted, the pre-deletion tries to check
for loadbalancer for stack_id=None which returns PreDeletionFailed
exception. This patch addresses this issue.
Change-Id: Id7a9c5080633bca411398b7989026004e74ccb65
Story: 2007657
Task: 39783
- Deprecate in-tree Cinder volume driver for removal in X cycle in
favour of out-of-tree Cinder CSI plugin for Kubernetes.
- Set cinder_csi_enabled to True by default from V cycle.
- Add unit test for in-tree Cinder deprecation.
- Add mssing unit tests for resent docker_storage_driver deprecation.
Change-Id: I6f033049b5ff18c19866637efc8cf964272097f5
Story: 2007048
Task: 37873
There are several some issues in current upgrade script.
1. The kubectl command location has changed
2. Before checking the digest of the hyperkube image, better wait
until the image fully downloaded.
3. Using full name to inspect image
4. Get the correct ostree commit id
Task: 39785
Story: 2007676
Change-Id: I5c16b123683ef1173c22d4e4628c36234871cb93
The default 10 seconds health polling interval is too frequent for most of
the cases. Now it has been changed to 60s. A new config
`health_polling_interval` is added to make the interval configurable.
Cloud admin can totally disable the health polling by set a negative value
for the config.
Task: 39795
Story: 2007683
Change-Id: Iad30487b8c119e94ee21d75f53fb86eb23dff365
A new label named `master_lb_allowed_cidrs` is added to control
the IP range which can access the k8s api and etcd load balancers.
It's a good security enhancement.
Task: 39188
Story: 2007414
Change-Id: I157a3b01d169e550e79b94316803fde8ddf77b03
The post for both clusters and nodegroups is adapted to wait for a
boolean flag called merge_labels. Based on this flag the API will
either merge the provided with the parent labels or just use the
provided labels.
At the same time, the get methods of both clusters and nodegroups
are adapted to include new fields in the response called
"labels_overridden", "labels_added", "labels_skipped". The fields
contain the differnces with the parent labels.
story: 2007515
task: 39691
Change-Id: I1054c54da96005a49e874de6f4cf60b5db57fc02
flake8 new release 3.8.0 added new checks and gate pep8
job start failing. hacking 3.0.1 fix the pinning of flake8 to
avoid bringing in a new version with new checks.
Though it is fixed in latest hacking but 2.0 and 3.0 has cap for
flake8 as <4.0.0 which mean flake8 new version 3.9.0 can also
break the pep8 job if new check are added.
To avoid similar gate break in future, we need to bump the hacking min
version.
- http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014828.html
Change-Id: I27e6ff946f5785d551ff6ae19bea7c1246f3960f
* remove user since it is controlled in the chart
and changed from 33 to 101
* use the latest chart v1.36.3 from stable
* use latest 0.32.0 controller image
story: 2006945
task: 39747
Change-Id: I6df49929cb8890f534afde185d56b7b6d70c691e
Signed-off-by: Spyros Trigazis <strigazi@gmail.com>
When deleting cluster, Magnum only deletes the load balancers for
Kubernetes services/ingresses before deleting Heat stack. The process of
stack deletion is to delete resources in dependencies, which means, for
Octavia resources, member is deleted first, then pool, listener, and
finally load balancer. The whole process is error-prone, especially
Octavia controller needs to talk to amphora for each API call before
deleting load balancer, if any step fails, the deletion operation will
fail.
Octavia provides cascade deletion API[1] for the load balancer, which
could delete all the related resources in one API call and doesn't
involve communication between Octavia controller and amphora instance.
This patch deletes the api/etcd load balancers (if applicable) before
deleting Heat stack, making the cluster deletion process more robust.
[1]: https://docs.openstack.org/api-ref/load-balancer/v2/index.html?expanded=remove-a-load-balancer-detail#remove-a-load-balancer
story: 2007657
task: 39743
Change-Id: Ibe8f788559d0977475d0991fc99ad91ccfd7dca7
While working on [0], we encountered a pep8 warning
for "E741 ambiguous variable name".
story: 2007657
task: 39744
Change-Id: I72546aca1a50d479c7fad8a2b56bae13d4f20469
Signed-off-by: Spyros Trigazis <strigazi@gmail.com>
Despite the policy that Kubernetes project maintains release branches
for the most recent three minor releases (1.18, 1.17, 1.16) [0],
v1.15.12 has been released so this change partially restores the
builder for this tag as an alternative to completely reverting
26411c2970.
[0] https://kubernetes.io/docs/setup/release/version-skew-policy/#supported-versions
Story: 2005124
Task: 39686
Change-Id: Ia458c5a87ba2357f845eb095548403cc7a25b58c
Zuul
Bharat Kunwar
Feilong Wang
Spyros Trigazis
Spyros Trigazis
Andreas Jaeger
Diogo Guerra
Masayuki Igawa
Theodoros Tsioutsias
Ghanshyam Mann
Lingxian Kong