Add a new label 'cert_manager_api' to kubernetes clusters controlling the
enable/disable of the kubernetes certificate manager api.
The same cluster cert/key pair is used by this api. The heat agent is used
to install the key in the master node(s), as this is required for kubernetes
to later sign new certificate requests.
The master template init order is changed so the heat agent is launched
previous to enabling the services - the controller manager requires the CA key
to be locally available before being launched.
Change-Id: Ibf85147316e3a194d8a3f92cbb4ae9ce8e16c98f
Partial-Bug: #1734318
Explain how to select a specific Kubernetes version by specifying the
kube_tag label.
In the process, also fix the broken list of images that must be
mirrored, immediately above kube_tag.
In addition, fix an unrelated whitespace error in
specs/containers-service.rst which would cause tox -e docs to fail.
Change-Id: Ieff1474b74e0b1595c05d945b69bec16bfef9c3b
Update contributor guide instructions for using devstack. When creating
a swarm ClusterTemplate in devstack, coe should be set to swarm-mode.
Change-Id: I03083708e22888a0f10f7802c5883a3ec105485f
In Magnum Labels are stored in the form of dictionary. previously we
are passing string value directly to store the value of label. Now we
are parsing it and storing it in the form of dictionary.
Change-Id: I4d64da78dc4ed4d5599533b54861b65bce609c28
Closes-Bug: #1638863
this commit introduces a new '/federations'
endpoint to Magnum API, as well as its controllers,
entities and conductor handlers.
this corresponds to the first phase of the
federation-api spec. please refer to [1] for more
details.
[1] https://review.openstack.org/#/c/489609/
Change-Id: I662ac2d6ddec07b50712109541486fd26c5d21de
Partially-Implements: blueprint federation-api
The network driver and volume driver used in template are case
sensitive, so it would be nice to use the correct case in document
to avoid confusion.
Closes-Bug: #1748307
Change-Id: I1709acbd18a37f5e5987b3a0eb9a0e8b3ac0e42a
Advice users to disable the periodic task collection which
uses the incompatible python kubernetes client.
Change-Id: Ifb77774cf70e1391f97d9bc6f4cf45756913db47
Related-Bug: #1746510
Due to a few several small connected patches for the
fedora atomic driver, this patch includes 4 smaller patches.
Patch 1:
k8s: Do not start kubelet and kube-proxy on master
Patch [1], misses the removal of kubelet and kube-proxy from
enable-services-master.sh and therefore they are started if they
exist in the image or the script will fail.
https://review.openstack.org/#/c/533593/
Closes-Bug: #1726482
Patch 2:
k8s: Set require-kubeconfig when needed
From kubernetes 1.8 [1] --require-kubeconfig is deprecated and
in kubernetes 1.9 it is removed.
Add --require-kubeconfig only for k8s <= 1.8.
[1] https://github.com/kubernetes/kubernetes/issues/36745
Closes-Bug: #1718926https://review.openstack.org/#/c/534309/
Patch 3:
k8s_fedora: Add RBAC configuration
* Make certificates and kubeconfigs compatible
with NodeAuthorizer [1].
* Add CoreDNS roles and rolebindings.
* Create the system:kube-apiserver-to-kubelet ClusterRole.
* Bind the system:kube-apiserver-to-kubelet ClusterRole to
the kubernetes user.
* remove creation of kube-system namespaces, it is created
by default
* update client cert generation in the conductor with
kubernetes' requirements
* Add --insecure-bind-address=127.0.0.1 to work on
multi-master too. The controller manager on each
node needs to contact the apiserver (on the same node)
on 127.0.0.1:8080
[1] https://kubernetes.io/docs/admin/authorization/node/
Closes-Bug: #1742420
Depends-On: If43c3d0a0d83c42ff1fceffe4bcc333b31dbdaab
https://review.openstack.org/#/c/527103/
Patch 4:
k8s_fedora: Update coredns config to pass e2e
To pass the e2e conformance tests, coredns needs to
be configured with POD-MODE verified. Otherwise, pods
won't be resolvable [1].
[1] https://github.com/coredns/coredns/tree/master/plugin/kuberneteshttps://review.openstack.org/#/c/528566/
Closes-Bug: #1738633
Change-Id: Ibd5245ca0f5a11e1d67a2514cebb2ffe8aa5e7de
As an admin user, I'd like to access all clusters or templates across
all projects for operation purpose. Similar function is supported by
most of the other services, like Nova, Neutron, Cinder, Heat, etc.
Related-Bug: #1740982
Change-Id: Icaba09de79a3452286fb60fee80a53430317cba0
Update usage of tenant to project_id and user to user_id when handling context
fields. This drops deprecation warnings.
Change-Id: I8001be34bcc25678ed99b6b6717ad170ae6d2d77
Add a new label 'availability_zone' allowing users to specify the AZ
the nodes should be deployed in. Only one AZ can be passed for this
first implementation.
Change-Id: I9e55d7631191fffa6cc6b9bebbeb4faf2497815b
Partially-Implements: blueprint magnum-availability-zones
Added configuration parameter, send_cluster_metrics, to magnum.conf
with default value of True. If set to True, periodic tasks will pull
COE data and send to ceilometer. This parameter can be set to False to
disable periodic collection of data to avoid unnecessary load from the
cluster.
Closes-Bug: #1668330
Related-Bug: #1746510
Change-Id: I9945293e7b2b52731f6e220d0925c1f6ad097caa
Stoping magnum-cond without having invoke start(),
results in "WARNING oslo_messaging.server Possible
hang: stop is waiting for start to complete".
A magnum instance with 16 workers was taking 1m to stop
with this change it takes 1 to 10 seconds. This change
doesn't break the fix in [1].
[1] If9e13effc14fd35e646d02bb4f568e79786aa958
Related-Bug: #1702349
Related issue in sahara:
Related-Bug: #1546119
Change-Id: Ied7ab43398d4e499514fa0bd5dba64971d1956bf
This job cannot work, it calls 'tox -e migration' but there's no
migration environment.
Remove it, it's not needed and used.
Note that this is an alternative to change
https://review.openstack.org/537785 .
Change-Id: I38034695958b65c6d8abfa67ab51dfd719cb8ef6
Zuul no longer requires the project-name for in-repo configuration.
Omitting it makes forking or renaming projects easier.
Change-Id: I1c6718eb5b83015b324598aa667081b6250ab99b
Currently, there is no guarantee to make sure all nodes of one cluster are
created on different compute hosts. So it would be nice if we can create
a server group and set it with anti-affinity policy to get a better HA
for cluster. This patch is proposing to create a server group for master
and minion nodes with soft-anti-affinity policy by default.
Closes-Bug: #1737802
Change-Id: Icc7a73ef55296a58bf00719ca4d1cdcc304fab86
Until [1] is in kubernetes we need to redirect from /v2 to
/identity/v2 for the cloud provider to work.
[1] https://github.com/gophercloud/gophercloud/pull/423
Change-Id: I5206e75e9528ceb8428c70df67e6ba26d01c4772
In the drivers section of magnum.conf add openstack_ca_file.
This file is expected to be a CA Certificate OR CA bundle
which will be passed on every node and it will be installed
on the host's CA bundle.
Update devstack plugin to use the ssl bundle if tls-proxy is
enabled.
Install the CA for drivers:
k8s_coreos_v1
k8s_fedora_atomic_v1
k8s_fedora_ironic_v1
mesos_ubuntu_v1
swarm_fedora_atomic_v1
swarm_fedora_atomic_v2
Add doc in troubleshooting-guide.
Add release notes.
Closes-Bug: #1580704
Partially-Implements: blueprint heat-agent
Change-Id: Id48fbea187da667a5e7334694c3ec17c8e2504db
this commit introduces a new `Federation` table to
Magnum database, as well as the necessary DB layer
APIs to access and manage it.
this belongs to the first phase of the implementation
of the federation api. check [1] for more details.
[1] https://review.openstack.org/#/c/489609/
Change-Id: Ie8a68cd3198c8fc7930069fd2e55f1cad55b6c9b
Partially-Implements: blueprint federation-api
Fix the setting of container_infra_prefix on the template definition, we were
taking the cluster template and ignoring cluster even if an explicit value
was given.
Change-Id: I658178c31080e4ea74d4e78fc1c76536d5aea73e
Closes-Bug: #1739424
Direct import of barbicanclient is being deprecated, we should use
barbicanclient.v1 as per the warning message.
Closes-Bug: #1737145
Change-Id: I59d9ecfefd6a432cb8004da0d3676c576e53c5f0
After [1] jobs are return false(SUCCESS) status due
to wrong EXIT_CODE.
After [2] kubernetes client is updated to v4.0.0 and
no longer contains ConfiugrationObject so we need create
instance of Configuration class.
Also don't use local to create variable as local
can only be used in a function.
[1] https://review.openstack.org/#/c/526618/
[2] https://review.openstack.org/#/c/528406
Change-Id: Ida5aac40b234a358b2a13b2e51a41d0242031ebb
