This is a follow-up of [1], as a release note is needed for such a
change.
[1] I532f131abbfc8ed90de398cc135e9b8248d2757a
Change-Id: I14a03e7b5df4bcb2c04f3b42818947a695ec3edb
By now, qinling connects to the Kubernetes API server insecurely.
kubectl proxy is used for testing purpose. However, in real production
deployments, it is not a good idea to let qinling connect to the
Kubernetes API server without any authentication and authorization.
This commit adds the support in qinling for it to connect to the
Kubernetes API server with X509 Client Certs for authentication [1].
An example file is also added for users to grant specific access to the
Kubernetes API for qinling using the RBAC authorization of
Kubernetes [2]. With these users can control qinling's access to the
Kubernetes API [3] and ensure qinling uses a secure connection to talk
with the Kubernetes API.
Devstack plugin also setups qinling to connect to Kubernetes API server
using TLS certificates by default. This makes the deployment with
devstack closer to a production-ready environment. For testing purpose,
user can set the QINLING_K8S_APISERVER_TLS variable to False in
devstack's local.conf.
Note: a HOTWO document will be added in a follow-up commit.
[1] https://kubernetes.io/docs/admin/authentication/#x509-client-certs
[2] https://kubernetes.io/docs/admin/authorization/rbac/
[3] https://kubernetes.io/docs/admin/accessing-the-api/
Change-Id: I532f131abbfc8ed90de398cc135e9b8248d2757a
It is important to guarantee that a change won't break any existing
tempest checks before the change can be merged.
Change-Id: I9295d6cb1097d48a17c890eea2afc5850182fc54
This is a follow-up of [1]. As we switched from oslo_service to
cotyledon, eventlet is not monkey_patched anymore. Thus the API of the
periodic tasks from oslo_service should be replaced by futurist.
[1] Ib99565e00eedc72c388e8ebec6b7f1453f77f30f
Change-Id: I80b865f4e9d782b747f33eaae2ba6cf3f264bdf2
When scaling down a function, the information of the workers in etcd is
not taken good care of. This commit fixes the issue.
Change-Id: I18a1d3565b52b521fda6a1fb5b5e63a6d30e6654
We use kubernetes 1.9.3 to run the tests.
An experimental zuul job to run tempest on CentOS 7 is also added.
Co-Authored-By: Hunt Xu <mhuntxu@gmail.com>
Change-Id: I757684b38e754b74420ee88304e05d09231b9d58
Create a tox environment for running the unit tests against the lower
bounds of the dependencies.
Create a lower-constraints.txt to be used to enforce the lower bounds
in those tests.
Add openstack-tox-lower-constraints job to the zuul configuration.
See http://lists.openstack.org/pipermail/openstack-dev/2018-March/128352.html
for more details.
Change-Id: I9e4b1c12d04434e387eb75f435ef0afbc70dc701
Depends-On: https://review.openstack.org/555034
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
We don't need to put the specs files in a separate place to avoid
maintaince overhead, putting them in qinling's repo will also make it
easy to build qinling documenatation.
Change-Id: Ica8c68c6f15f97231a87e9e82fdf2d7e475a6e03
Some methods of the function API controller are not well covered by the
unit tests.
Change-Id: I0afec56aff461dccabf09548a308cde7bf28e09f
Story: 2001595
With [1] the devstack zuul job will try to update Neutron's
configuration, even though we don't use Neutron for Qinling at all.
This commit is a workaround to create a Neutron config dir to satisfy
devstack when the Neutron service is actually disabled.
[1] I2dcbd9bdb401860820e655d97aa3c4775af2827f
Change-Id: I6ecc7d631c7deccf7d5011ec68a08759441a0318
This allows tempest tests to run in parallel. The tempest concurrency by
default is set to 3 as the default number of replicas in a deployment to
avoid more than 'replica' number of tests running at the same time that
some of them may fail because of no available pods.
Change-Id: I6e2731ca36376d28573138d4d404c3918801142c
This commit improves the unit tests coverage by covering branches and
exceptions in internal helper methods in the module of
qinling.orchestrator.
Depends-On: I47df26435d93a3dc310314252cd20e624b4d0bb2
Change-Id: I0a2b784b04e0c9541d1c90d32bab61a2a1abcedd
This commit adds unit tests for exposed methods in qinling.orchestrator.
This commit only covers branches and exceptions found in the exposed
methods. Those in internal helper functions would be covered by a
following patch.
Change-Id: I47df26435d93a3dc310314252cd20e624b4d0bb2
Zuul
Lingxian Kong
Hunt Xu
Jiangyuan
OpenStack Proposal Bot
Doug Hellmann
bettybai