Commit Graph

4825 Commits (cbe05aa97d90d3ac38d55fcee472ec2130aa1327)

Author SHA1 Message Date
Theodoros Tsioutsias cbe05aa97d ng-6: Add new fields to nodegroup objects
Since each nodegroup will be one independent stack, we have to add
more fields to the table and object in order to track each stack
contained in the cluster. This adds the stack_id, version, status,
status_reason and version fields to the nodegroup object.

Change-Id: I6d36b2d3bc6476efbef6a9f702ffc73cfa0fab8c
4 years ago
Zuul 9c55bcba91 Merge "Propagate cloud_provider_enabled correctly" 4 years ago
Bharat Kunwar 459e27e688 Propagate cloud_provider_enabled correctly
The derived cloud_provider_enabled is placed inside extra_params so that
openstack-cloud-controller-manager gets applied correctly. This required
change was unfortulately missed in

Additionally improve  the docs related to cloud_provider_enabled label.

Story: 2006531
Task: 36740

Change-Id: I4a89d25b467edd2c4be608c37055706e4e62d78b
4 years ago
Zuul a0c894a222 Merge "Fixing broken links" 4 years ago
Zuul b546f547a7 Merge "Improve dns format validation" 4 years ago
Zuul 60d2485d83 Merge "[fedora atomic k8s] Add boot from volume support" 4 years ago
Zuul 2bbeffa570 Merge "Build k8s images v1.16.0 and minor bumps" 4 years ago
Zuul 83569e8394 Merge "calico: drop calico_cni_tag" 4 years ago
Spyros Trigazis 45730c787e Build k8s images v1.16.0 and minor bumps

story: 2005124
task: 36730

Change-Id: I79221423314545978d30be474f7d2b78a918a30f
Signed-off-by: Spyros Trigazis <>
4 years ago
Mohammed Naser cfe2753fd3 [fedora atomic k8s] Add boot from volume support
Support boot from volume for Kubernetes all nodes (master and worker)
so that user can create a big size root volume, which could be more
flexible than using docker_volume_size. And user can specify the
volume type so that user can leverage high performance storage, e.g.
NVMe etc.

And a new label etcd_volme_type is added as well so that user can
set volume type for etcd volume.

If the boot_volume_type or etcd_volume_type are not passed by labels,
Magnum will try to read them from config option
default_boot_volume_type and default_etcd_volume_type. A random
volume type from Cinder will be used if those options are not set.

Task: 30374
Story: 2005386

Co-Authorized-By: Feilong Wang<>

Change-Id: I39dd456bfa285bf06dd948d11c86867fc03d5afb
4 years ago
Bharat Kunwar eebcc9b7a1 Fix k8s deployment when cluster_user_trust=False
At the moment, cluster deployment fails when cluster_user_trust=False.
This is because the entire SoftwareDeployment exits rather than a single
script fragment. This patch fixes this by scoping the remainder of the
script conditional on whether TRUST_ID is defined.

Finally, default `cloud_provider_enabled` to false when
`cluster_user_trust` is false. Raise an error when
`cloud_provider_enabled` is overridden to true when `cluster_user_trust`
is false. This ensures that the minion kubelet is correctly configured.

Change-Id: Ibd9270c87bfa5d2f490e2e226e33ca56696d9e81
Story: 2006531
Task: 36587
4 years ago
Ian Wienand 41768e0ae1 Remove --os-url usage
The token end-point --os-url argument was removed in openstackclient
with I1b9fbb96e447889a41b705324725a2ffc8ecfd9f.

The plugin should be running as admin, I think we can remove all the
authentication arguments and just let it do it's thing.

Change-Id: I9b1dbc541c9fd6c0e3a894dd3a5dd9f2011f1e2a
4 years ago
Zuul 13e017a80c Merge "Update "auth_url" port in install docs" 4 years ago
Andreas Jaeger 997497d8f4 Remove unneeded Zuul branch matcher
We have implicit branch matchers, so there's no need to add a check for
not-ocata, this job is only run for the branch it's on - like master

Remove it to not confuse Zuul when multiple branches matches and the job
is different.

Also fix heat-container-agent to make linking of /usr/bin/python to python3
conditional on whether it already exists.

Change-Id: I1fec9d19cd14cf2fe2473b7610870e8d669021b9
4 years ago
Zuul a36fb7af50 Merge "Update flannel_backend in user guide" 4 years ago
Alexandra Settle 2153287a6d Fixing broken links
This also removes reference to the deprecated DevStack gate.
A few links have been removed, namely anything relating to
/elements/ as it doesn't appear to exist anymore and I cannot
find any reference to it. If anyone can point me in the right
direction, that would be appreciated.

Change-Id: Ie3fab1afc5b2958819b74c39a0e492fd7da5d6a3
Backports: stein rocky
Signed-off-by: Alexandra Settle <>
4 years ago
Zuul df3d5a3150 Merge "k8s_fedora_atomic: Add PodSecurityPolicy" 4 years ago
Spyros Trigazis 3a38cfb2ef k8s_fedora: Set rp_filter=1 for calico
upstream docs:
Cluster nodes must have rp_filter set to strict (1).

story: 2006441
task: 36564

Change-Id: I828cec27968ffe0961011e34a66e0eef3e567c91
Signed-off-by: Spyros Trigazis <>
4 years ago
Spyros Trigazis 7267c1ea43 k8s_fedora_atomic: Add PodSecurityPolicy
For moving to 1.15.x and beyond we need to have PSP for privileged pods.
flannel, calico and node-problem-detector need it.

story: 2006515
task: 36513

story: 2006252
task: 35867

Change-Id: I306a249afb275fdbd71354ed75043ffc4d466304
Signed-off-by: Spyros Trigazis <>
4 years ago
Feilong Wang e59e3e070f Remove cluster floating_ip_enabled default value
There shouldn't be a default value for floating_ip_enabled when creating
cluster. By default, when it's not set, the cluster's floating_ip_enabled
attribute should be set with the value of cluster template. It's fixed
by removing the default value from Magnum API.

Task: 36500
Story: 2006208

Change-Id: I4077783c6a19a413d534f77f287da587353df0af
4 years ago
Zuul 6fe3d5d7f1 Merge "Trivial fix for cluster creation in master" 4 years ago
Zuul 57f43c2667 Merge "Update for Storyboard" 4 years ago
Feilong Wang 17c770e875 Update flannel_backend in user guide
Task: 36425
Story: 2006482

Change-Id: If78ec62c94b93ed4735ba40ec977836ad7a92a7c
4 years ago
Theodoros Tsioutsias 7871859514 Trivial fix for cluster creation in master
This is the fix for the "line 528: KUBE_PROXY_ARGS: unbound variable"
error in master.

Change-Id: Iaf5bbc8e4946c6625e82b6f68e754328f08b6ce7
Story: 2006492
Task: 36448
4 years ago
Zuul d5c6945c93 Merge "Using Fedora Atomic 29 as default image" 4 years ago
Zuul 5ad2003cf6 Merge "[fedora-atomic][k8s]Disable ssh password authentication" 4 years ago
Zuul a143ffdef1 Merge "etcd_volume_size from cluster not CT" 4 years ago
Feilong Wang 3a0a43877a [fedora-atomic][k8s]Disable ssh password authentication
Regarding passwords, they could be guessed if there is no
faild-to-ban-like solution. So it'd better to disable it
for security reasons.

Task: 36300
Story: 2006413

Change-Id: Ie7534c12612750d9aafd4feae5193b34997b22ff
4 years ago
Theodoros Tsioutsias e655db3338 etcd_volume_size from cluster not CT
The size of the etcd volume should be taken from the cluster and not
the cluster template.

story: 2005143
Change-Id: I4cdbb436558fba90adec717e228e2970be509b87
4 years ago
Zuul c099128a61 Merge "Hardcode the names of the default NGs" 4 years ago
Zuul f35f931a6c Merge "Readable heat-container-agent log" 4 years ago
Zuul c85a10e4e1 Merge "Take kubeproxy_options into account on proxy setup" 4 years ago
Zuul 401f90e7d9 Merge "Using vxlan as default value for flannel_backend" 4 years ago
Feilong Wang c3bce488d7 [fedora-atomic][k8s] Fix missing internal IP
This is a missing case after we fixed[1]. When user passing in
an existing network when creating cluster, the network name is
missed in the code. This patch fixes it.


Task: 36430
Story: 2005333

Change-Id: I3a005089c4a755812c40589d8fa1e3ab7bbf062d
4 years ago
Feilong Wang 0b033f03d0 Using vxlan as default value for flannel_backend
Flannel is recommending using vxlan[1] and udp is just for debugging
or the kernel doesn't support vxlan or host-gw. So this patch is
proposing using 'vxlan' as the default value of label 'flannel_backend'
and it has been verified with sonobuoy.


Task: 36425
Story: 2006482

Change-Id: Ibe7f3446be894c593c6147186cc159bd01834d29
4 years ago
Zuul 6212fc974d Merge "Convert network UUID to name required for OCCM" 4 years ago
Bharat Kunwar e47d6f6cfe Readable heat-container-agent log
The output of heat-container-agent has become unreadable. This patch
aims to address this in order to make debugging easier.

Additionally, this patch also adds missing dependencies in the most
recent fedora:rawhide (32) image.

Task: 36392
Story: 2006463

Change-Id: I54180b96357f6fa6d4044d818740ae70e036e435
4 years ago
Ricardo Rocha 00f518fc59 Take kubeproxy_options into account on proxy setup
The label kubeproxy_options was being ignored when setting up both
master and minions. Add it to the kube proxy args.

Change-Id: Ic830f19e1af062e90d066e6df4df2e4376e4f379
Story: 2006465
Task: 36394
4 years ago
Zuul 3e665ed0d9 Merge "Fix addon tag/version parsing" 4 years ago
Bharat Kunwar e84cc4c975 Convert network UUID to name required for OCCM
Sometimes, the fixed_network value gets rendered as UUID. However OCCM's
internal-network-name requires the network name, it does not support
UUID. This patch introduces a new parameter called fixed_network_name
which converts fixed_network UUID to name if it is UUID-like.

Story: 2005333
Task: 36313

Change-Id: I3453bc0dbea285687d39c9782685cb1f2a3ecd39
4 years ago
Feilong Wang 703de97cd4 Using Fedora Atomic 29 as default image
Fedora Atomic 27 has end of life for a while, it's time to replace it
with Fedora Atomic 29 now.

Task: 36356
Story: 2006441

Change-Id: Iab131745854b0b908be17bd17c7510cd54dde1f5
4 years ago
Spyros Trigazis efff708625 Publish 1.16 k8s images
Missed from I35617f67af1157cb39d22a17f10defa26bce2f09

story: 2005124
task: 36320

Change-Id: I8b4d20fb393883ca700347d94ed9d7adb4d176f5
Signed-off-by: Spyros Trigazis <>
4 years ago
Zuul 7665c0a707 Merge "kubernetes builds for v1.{13,14,15,16}.x" 4 years ago
Zuul 479022eb3e Merge "[api-ref] Add network,subnet and FIP for cluster" 4 years ago
Spyros Trigazis 68c0e86a46 kubernetes builds for v1.{13,14,15,16}.x
kubernetes_version_v1_13: v1.13.10
kubernetes_version_v1_14: v1.14.6
kubernetes_version_v1_15: v1.15.3
kubernetes_version_v1_16: v1.16.0-beta.1

story: 2005124
task: 36320

Change-Id: I35617f67af1157cb39d22a17f10defa26bce2f09
Signed-off-by: Spyros Trigazis <>
4 years ago
Bharat Kunwar 06f78353f4 Fix heat-container-agent by setting LC_ALL=C
At the moment, the Python locale module expects `en_US.utf8` to be
present.  More recent fedora rawhides only come with `C`, `C.utf8` and
`POSIX` locale options unlike the older rawhides. The workaround is to
build the Dockerfile with environment variable `LC_ALL` set to `C`.  See!/story/2006381#comment-141003 for a
longer description of the problem.

Change-Id: I412dd84f09dc217f2c9d974fe203c296b0710ef0
Story: 2006381
Task: 36184
4 years ago
Bharat Kunwar b99673f87c Disable gpg check in fedora:rawhide image
The heat-container-agent is currently failing to build due to misconfigured
upstream fedora:rawhide image. We can revert this change later.

Change-Id: I66723ae4329985c84a4549e44a4a7624927b3045
Story: 2006381
Task: 36184
4 years ago
Feilong Wang 3b147e368e [api-ref] Add network,subnet and FIP for cluster
Add API ref change for fixed-network, fixed-subnet and
floating_ip_enabled for cluster creation.

Task: 36326
Story: 2006208

Change-Id: I2724934de96de1a348d72bf39ff114e3f323eb9e
4 years ago
Bharat Kunwar 9e815f6af4 Fix cloud-config file
This patch fixes bad generated cloud-config file due to missing double quotes.

As a result, kube-controller-manager and kubelet services fail to start.

This is a regression introduced in

Change-Id: I0e0a3786e084fc4d3aae3151791d79c3956d2e52
Task: 36192
Story: 2005333
4 years ago
Xingchao Yu 893e2cdf60 Improve dns format validation
Currently, if variable dns-nameserver is a list which
contains extra spaces, e.g., ',', then
validate_dns will fail and API will throw 400 Bad request.

This patch strips extra spaces before the dns format validation.

Change-Id: I8d7c94f42e9ea70009157c5de3dce75620ff5fe8
Story: 2006407
Task: 36291
4 years ago