This project is mirrored from Pull mirroring updated .
  1. 22 Feb, 2019 1 commit
    • Ricardo Rocha's avatar
      [cern] Link waitdns property to cern_enabled flag · af7ffeba
      Ricardo Rocha authored and Ricardo Rocha's avatar Ricardo Rocha committed
      We see issues with the AD registration when waitdns is set to false (and
      ad registration is left to its default true value).
      It makes sense to set the waitdns flag to the same value as cern_enabled
      - when it's true, then we behave as before.
  2. 07 Feb, 2019 1 commit
  3. 06 Feb, 2019 1 commit
  4. 24 Jan, 2019 1 commit
  5. 15 Jan, 2019 1 commit
  6. 05 Dec, 2018 1 commit
  7. 30 Nov, 2018 1 commit
  8. 27 Nov, 2018 1 commit
  9. 20 Nov, 2018 1 commit
  10. 19 Nov, 2018 1 commit
  11. 17 Oct, 2018 1 commit
    • Ricardo Rocha's avatar
      [cern] set cern-waitdns false, drop cern-services · 628dc44a
      Ricardo Rocha authored
      Following the introduction of the waitdns and active-directory flags,
      drop the setting of cern-services leaving default to True, and set
      cern-waitdns to false instead. This will allow nodes to not wait for dns
      registration but still get registered in active directory.
      Fixes OS-7807
  12. 03 Oct, 2018 2 commits
  13. 29 Aug, 2018 1 commit
    • Ricardo Rocha's avatar
      [cern] set hpa rest clients to false · e05fba3e
      Ricardo Rocha authored
      Set --horizontal-pod-autoscaler-use-rest-clients=false in the controller
      manager configuration. This is required due to the new metric
      architecture, for compatibility with heapster.
  14. 17 Aug, 2018 1 commit
    • Spyridon Trigazis's avatar
      [cern][k8s] Add proxy to master and set cluster-cidr · 8d39a5aa
      Spyridon Trigazis authored
      cherry-picked from:
      1. pods with host network can not reach coredns or any svc or resolve
      their own hostname
      2. If webhooks are deployed in the cluster, the apiserver needs to
      contact them, which means kube-proxy is required in the master node with
      the cluster-cidr set.
      Change-Id: Icb8e7c3b8c75a3ab087c818c8580c0c8a9111d30
      story: 2003460
      task: 24719
      jira: OS-6826
  15. 20 Jul, 2018 4 commits
  16. 10 Jul, 2018 1 commit
  17. 02 Jul, 2018 1 commit
    • Bharat Kunwar's avatar
      [cern] Add option to specify Cgroup driver for Kubelet · 3a943ee7
      Bharat Kunwar authored and Spyridon Trigazis's avatar Spyridon Trigazis committed
      This patch allows specification of Cgroup driver for Kubelet service.
      The necessity of this patch was realised after upgrading Docker to the
      new community edition (17.3+) which defaults to  `cgroupfs` Cgroup
      driver but on the other hand, Fedora Atomic (version 27) comes with
      1.13. Cgroup drivers for Docker need to be identical for the two
      services, Docker and Kubelet, need to be able to work together.
      Story: 2002533
      Task: 22079
      Change-Id: Ia4b38a63ede59e18c8edb01e93acbb66f1e0b0e4
        Drop changes for master node. In master kubelet runs on the master
        nodes too.
  18. 21 Jun, 2018 2 commits
  19. 18 Jun, 2018 2 commits
  20. 14 Jun, 2018 1 commit
    • Ricardo Rocha's avatar
      [cern] enable tls in traefik ingress · 10a35cbd
      Ricardo Rocha authored
      Change traefik configuration to explicit declare the endpoints, and
      include an additional TLS endpoint on port 443.
      Drop -d as an option in traefik (debug), explicitly setting the logLevel
      for easier change if required by users.
      Rename --web (deprecated) to --api.
      Fixes OS-6287.
  21. 12 Jun, 2018 1 commit
  22. 08 Jun, 2018 2 commits
    • Spyros Trigazis's avatar
      [cern] k8s_fedora: Add admin user · c9487736
      Spyros Trigazis authored
      jira: OS-6474
      Add an admin service account and give it the
      cluster role. It can be used for access apps
      with token authentication like the
      Remove the cluster role from the dashboard service account.
      Change-Id: I7980c0e72b0d71921e42af7338d02b8a1e563c34
      Closes-Bug: #1766284
      (cherry picked from commit 91d5229b)
    • Ricardo Rocha's avatar
      [cern] Add CSI and CEPH support to Kubernetes · 42d35211
      Ricardo Rocha authored
      Add a new label 'kube_csi_enabled' controlling the configuration of the
      CSI provisioner and attacher. These are the basic sidecar containers
      required to have additional CSI drivers - but they do not include the
      configuration of any specific driver.
      Additional feature gates are enabled - CSIPersistentVolume and
      MountPropagation, on apiserver, controller-manager and kubelet.
      Configure the ceph csi plugin by deploying the driver container in every
      minion, along with the driver registrar.
  23. 04 Jun, 2018 1 commit
  24. 20 Apr, 2018 1 commit
  25. 16 Apr, 2018 1 commit
    • Ricardo Rocha's avatar
      [cern] Add host certificate setup, uniform cern-setup · 6c17e06e
      Ricardo Rocha authored
      Add configuration of the cern-hostcert atomic system container, filling
      in /etc/grid-security with the key and cert pem files.
      As we rely on the host keytab for this, move all the CERN certificate
      related setup to one file (, and wait for the keytab to be
      properly set before proceeding to the host certificate configuration.
      New flags cern_enabled and cern_tag control if this setup should be done
      and which tag to use for the cern related setup container images.
  26. 26 Mar, 2018 2 commits
  27. 08 Mar, 2018 3 commits
  28. 07 Mar, 2018 1 commit
  29. 27 Feb, 2018 2 commits