Since each nodegroup will be one independent stack, we have to add
more fields to the table and object in order to track each stack
contained in the cluster. This adds the stack_id, version, status,
status_reason and version fields to the nodegroup object.
Change-Id: I6d36b2d3bc6476efbef6a9f702ffc73cfa0fab8c
The derived cloud_provider_enabled is placed inside extra_params so that
openstack-cloud-controller-manager gets applied correctly. This required
change was unfortulately missed in https://review.opendev.org/681922.
Additionally improve the docs related to cloud_provider_enabled label.
Story: 2006531
Task: 36740
Change-Id: I4a89d25b467edd2c4be608c37055706e4e62d78b
Support boot from volume for Kubernetes all nodes (master and worker)
so that user can create a big size root volume, which could be more
flexible than using docker_volume_size. And user can specify the
volume type so that user can leverage high performance storage, e.g.
NVMe etc.
And a new label etcd_volme_type is added as well so that user can
set volume type for etcd volume.
If the boot_volume_type or etcd_volume_type are not passed by labels,
Magnum will try to read them from config option
default_boot_volume_type and default_etcd_volume_type. A random
volume type from Cinder will be used if those options are not set.
Task: 30374
Story: 2005386
Co-Authorized-By: Feilong Wang<flwang@catalyst.net.nz>
Change-Id: I39dd456bfa285bf06dd948d11c86867fc03d5afb
At the moment, cluster deployment fails when cluster_user_trust=False.
This is because the entire SoftwareDeployment exits rather than a single
script fragment. This patch fixes this by scoping the remainder of the
script conditional on whether TRUST_ID is defined.
Finally, default `cloud_provider_enabled` to false when
`cluster_user_trust` is false. Raise an error when
`cloud_provider_enabled` is overridden to true when `cluster_user_trust`
is false. This ensures that the minion kubelet is correctly configured.
Change-Id: Ibd9270c87bfa5d2f490e2e226e33ca56696d9e81
Story: 2006531
Task: 36587
The token end-point --os-url argument was removed in openstackclient
with I1b9fbb96e447889a41b705324725a2ffc8ecfd9f.
The plugin should be running as admin, I think we can remove all the
authentication arguments and just let it do it's thing.
Change-Id: I9b1dbc541c9fd6c0e3a894dd3a5dd9f2011f1e2a
We have implicit branch matchers, so there's no need to add a check for
not-ocata, this job is only run for the branch it's on - like master
now.
Remove it to not confuse Zuul when multiple branches matches and the job
is different.
Also fix heat-container-agent to make linking of /usr/bin/python to python3
conditional on whether it already exists.
Change-Id: I1fec9d19cd14cf2fe2473b7610870e8d669021b9
This also removes reference to the deprecated DevStack gate.
A few links have been removed, namely anything relating to
/elements/ as it doesn't appear to exist anymore and I cannot
find any reference to it. If anyone can point me in the right
direction, that would be appreciated.
Change-Id: Ie3fab1afc5b2958819b74c39a0e492fd7da5d6a3
Backports: stein rocky
Signed-off-by: Alexandra Settle <asettle@suse.com>
For moving to 1.15.x and beyond we need to have PSP for privileged pods.
flannel, calico and node-problem-detector need it.
PSP
story: 2006515
task: 36513
Allow-priv
story: 2006252
task: 35867
Change-Id: I306a249afb275fdbd71354ed75043ffc4d466304
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
There shouldn't be a default value for floating_ip_enabled when creating
cluster. By default, when it's not set, the cluster's floating_ip_enabled
attribute should be set with the value of cluster template. It's fixed
by removing the default value from Magnum API.
Task: 36500
Story: 2006208
Change-Id: I4077783c6a19a413d534f77f287da587353df0af
This is the fix for the "line 528: KUBE_PROXY_ARGS: unbound variable"
error in master.
Change-Id: Iaf5bbc8e4946c6625e82b6f68e754328f08b6ce7
Story: 2006492
Task: 36448
Regarding passwords, they could be guessed if there is no
faild-to-ban-like solution. So it'd better to disable it
for security reasons.
Task: 36300
Story: 2006413
Change-Id: Ie7534c12612750d9aafd4feae5193b34997b22ff
The size of the etcd volume should be taken from the cluster and not
the cluster template.
story: 2005143
Change-Id: I4cdbb436558fba90adec717e228e2970be509b87
This is a missing case after we fixed[1]. When user passing in
an existing network when creating cluster, the network name is
missed in the code. This patch fixes it.
[1] https://review.opendev.org/678067
Task: 36430
Story: 2005333
Change-Id: I3a005089c4a755812c40589d8fa1e3ab7bbf062d
Flannel is recommending using vxlan[1] and udp is just for debugging
or the kernel doesn't support vxlan or host-gw. So this patch is
proposing using 'vxlan' as the default value of label 'flannel_backend'
and it has been verified with sonobuoy.
[1] https://github.com/coreos/flannel/blob/master/Documentation/backends.md
Task: 36425
Story: 2006482
Change-Id: Ibe7f3446be894c593c6147186cc159bd01834d29
The output of heat-container-agent has become unreadable. This patch
aims to address this in order to make debugging easier.
Additionally, this patch also adds missing dependencies in the most
recent fedora:rawhide (32) image.
Task: 36392
Story: 2006463
Change-Id: I54180b96357f6fa6d4044d818740ae70e036e435
The label kubeproxy_options was being ignored when setting up both
master and minions. Add it to the kube proxy args.
Change-Id: Ic830f19e1af062e90d066e6df4df2e4376e4f379
Story: 2006465
Task: 36394
Sometimes, the fixed_network value gets rendered as UUID. However OCCM's
internal-network-name requires the network name, it does not support
UUID. This patch introduces a new parameter called fixed_network_name
which converts fixed_network UUID to name if it is UUID-like.
Story: 2005333
Task: 36313
Change-Id: I3453bc0dbea285687d39c9782685cb1f2a3ecd39
Fedora Atomic 27 has end of life for a while, it's time to replace it
with Fedora Atomic 29 now.
Task: 36356
Story: 2006441
Change-Id: Iab131745854b0b908be17bd17c7510cd54dde1f5
At the moment, the Python locale module expects `en_US.utf8` to be
present. More recent fedora rawhides only come with `C`, `C.utf8` and
`POSIX` locale options unlike the older rawhides. The workaround is to
build the Dockerfile with environment variable `LC_ALL` set to `C`. See
https://storyboard.openstack.org/#!/story/2006381#comment-141003 for a
longer description of the problem.
Change-Id: I412dd84f09dc217f2c9d974fe203c296b0710ef0
Story: 2006381
Task: 36184
The heat-container-agent is currently failing to build due to misconfigured
upstream fedora:rawhide image. We can revert this change later.
Change-Id: I66723ae4329985c84a4549e44a4a7624927b3045
Story: 2006381
Task: 36184
Add API ref change for fixed-network, fixed-subnet and
floating_ip_enabled for cluster creation.
Task: 36326
Story: 2006208
Change-Id: I2724934de96de1a348d72bf39ff114e3f323eb9e
This patch fixes bad generated cloud-config file due to missing double quotes.
As a result, kube-controller-manager and kubelet services fail to start.
This is a regression introduced in https://review.opendev.org/#/c/666625/.
Change-Id: I0e0a3786e084fc4d3aae3151791d79c3956d2e52
Task: 36192
Story: 2005333
Currently, if variable dns-nameserver is a list which
contains extra spaces, e.g., '8.8.8.8, 8.8.4.4', then
validate_dns will fail and API will throw 400 Bad request.
This patch strips extra spaces before the dns format validation.
Change-Id: I8d7c94f42e9ea70009157c5de3dce75620ff5fe8
Story: 2006407
Task: 36291
Theodoros Tsioutsias