Do not update or delete the function package if updating the function
with the same package but not providing the md5.
Change-Id: Iea24978106984111b61b0b19336cf1eb9ded9ed6
Story: 2003482
Task: 24749
This is a mechanically generated patch to switch the documentation
jobs to use the new PTI versions of the jobs as part of the
python3-first goal.
See the python3-first goal document for details:
https://governance.openstack.org/tc/goals/stein/python3-first.html
Change-Id: I75cc999d7d3c75bff82e912739ec50769a1bb76c
Story: #2002586
Task: #24326
This is a mechanically generated patch to complete step 1 of moving
the zuul job settings out of project-config and into each project
repository.
Because there will be a separate patch on each branch, the branch
specifiers for branch-specific jobs have been removed.
Because this patch is generated by a script, there may be some
cosmetic changes to the layout of the YAML file(s) as the contents are
normalized.
See the python3-first goal document for details:
https://governance.openstack.org/tc/goals/stein/python3-first.html
Change-Id: I05d2f5ba10b75cba28290a5dfb195a6a5d93c6b5
Story: #2002586
Task: #24326
This change also modifies the devstack installation script to re-use
k8s api server etcd client certs as qinling etcd certs, and use TLS to
connect with etcd by default in devstack.
Because the etcd server in k8s 1.10 doesn't support https by default, this
patch also upgrade k8s to 1.11 in devstack installation.
Change-Id: I10959188eb8543d006f65b751557787171334a97
Task: 24227
Story: 2003284
Created a new runtime for python3 taking clues from the available python2
runtime. The runtime has been tested on various test functions.
Change-Id: Iccf3360ea5a389a7dfa2b091979c5713062fa73a
Task: 22199
Story: 2002590
This commit add function alias check of delete function and delete
function version, if there is alias associated with the function or
function version, the function or function version deletion will
fail.
Change-Id: Ic45f5e0bcf30266fccd7b1ed649e79f94eaccdc3
Story: #2002143
Task: 23265
Support to specify ``trusted`` for runtime creation. In Kubernetes
orchestrator implementation, it's using
``io.kubernetes.cri-o.TrustedSandbox`` annotation in the pod specification
to choose the underlying container runtime. This feature is useful to
leverage the security container technology such as Kata containers or
gVisor. It also gets rid of the security concerns for running image type
function.
Story: 2003088
Task: 23172
Change-Id: Ic4fa3e97dcc239c7177448e3cef5d0f02340d302
This commit to support alias for webhook creation, to create webhook
use function_alias pramater, and get function_id and function_version
from function_alias. Also add function tests for webhook creation.
Change-Id: Ia5db0b446b6b0e0980da596ed073fa6e2d66d7cc
Story: #2002143
Task: #19988
By default pods in Kubernetes can connect to each other. However in
Qinling, each pod should be independent acting as a worker of a function
or running an execution of a function. Disabling the inter-pods traffic
in the namespace used by Qinling would ensure the isolation of each pod.
This commit leverages the NetworkPolicy in Kubernetes[1] to isolate the
pods. So a network solution which supports NetworkPolicy (for example,
cailco) for Kubernetes must be used or there will be no effect.
[1] https://kubernetes.io/docs/concepts/services-networking/network-policies/
Story: 2001585
Task: 6534
Change-Id: I368323410e92cc23c9a7b50e4936c7070cd57ef7
This commit to support alias for job creation, to create job
use function_alias pramater, and get function_id and function_version
from function_alias. Also add function tests for job creation.
Change-Id: If3df940b9bc8453036f8615173136ba05e8769d6
Story: #2002143
Task: #19984
When resource limiting fails, just log a message instead of failing the
execution.
Change-Id: I1942620ecbe35508032e11dafc4784f6ff2300e1
Story: 2003053
Task: 23090
There is an upstream issue[1] in etcd3gw, when running on Python3, a
lock is never treated as acquired (although in fact it is acquired).
This makes that qinling cannot work properly on Python3.
The fix[2] is included in etcd3gw 0.2.2. So the requirements must be
updated for qinling to run normally on Python3.
[1]. https://github.com/dims/etcd3-gateway/issues/24
[2]. https://github.com/dims/etcd3-gateway/pull/25
Change-Id: I3868864b957c8a5cd8c26acadc7e17f1c427699c
This commit to support alias for execution creation, to create execution
only use function_alias pramater, and get function_id and function_version
from function_alias. Also add function tests for execution creation.
Change-Id: Iea6d3b3ac3d58d539fae88ffe455013ad08d2c43
Story: #2002143
Task: #19986
Add an administrative operation for getting the pool information for the
runtime, so that the admin user can check the capacity of the runtime and
scale up or scale down the pool accordingly.
Change-Id: Iec4536396c1c31a9e545b09c5f46b46dc6d79ae6
Story: 2002969
Task: 22975
If a function version is created and then we create an execution using
version 0 of that function, then the service of version 0 of that
function will never expire. This commit fixes the problem.
Change-Id: I67ad2611b121b36368c15f9bf5d2268d430df3a6
Story: 2002956
Task: 22958
The original file size limit is too small and not suitable for common
user case. This patch changes the file size limit to 50M but it could
be configurable in future.
Change-Id: Ie48c9374f8eb2b6a15416fb5ec775f6a444063c3
Story: 2002967
Task: 22973
It doesn't make sense to expose the cglimit API to the outside as it is
only accessed locally. Limiting it only listen on localhost prevents
access from the outside and thus improves the security.
Change-Id: I941b7f8c33e5a631bef18df6667423c5bbdbf779
Lingxian Kong
Vieri
Zuul
Neerja Narayan
OpenStack Release Bot
heychirag
Dong Ma
Hunt Xu