magnum merge requestshttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests2018-03-26T10:47:07+02:00https://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/51Cern queens patches2018-03-26T10:47:07+02:00Ricardo RochaCern queens patcheshttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/61[cern] Fix KUBE_API_ARGS2018-06-18T11:56:54+02:00Spyridon Trigazis[cern] Fix KUBE_API_ARGSAfter 42d35211c540c9b86eb91fd1c042505dbddbfcef KUBE_API_ARGS
are set only to "--runtime-config=api/all=true" append
this param at the end of the others.
Change-Id: Id6995b16326b7094705a7cc118de66d5081cfc5d
Signed-off-by: Spyros Trigazis...After 42d35211c540c9b86eb91fd1c042505dbddbfcef KUBE_API_ARGS
are set only to "--runtime-config=api/all=true" append
this param at the end of the others.
Change-Id: Id6995b16326b7094705a7cc118de66d5081cfc5d
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
Closes OS-6871Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/62[cern] Create admin cluster-role2018-06-18T11:56:55+02:00Spyridon Trigazis[cern] Create admin cluster-roleChange-Id: I112fe2ddb1d5400fcbc73bbdbc8d483d5a92d120
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
Closes OS-6474Change-Id: I112fe2ddb1d5400fcbc73bbdbc8d483d5a92d120
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
Closes OS-6474Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/66[cern] Strip signed certificate2018-06-21T13:21:05+02:00Spyridon Trigazis[cern] Strip signed certificatecherry-picked from: https://review.openstack.org/#/c/574167/
Certificate (ca.crt) has to be striped for some application parsers
as they might require pure base64 representation of
certificate itself, without empty characters
at the beg...cherry-picked from: https://review.openstack.org/#/c/574167/
Certificate (ca.crt) has to be striped for some application parsers
as they might require pure base64 representation of
certificate itself, without empty characters
at the beginning nor the end of file
Change-Id: I5f58e19d03abdf040b9a5b5df2f4dd83b4c0e3a9
Closes-Bug: #1775342
(cherry picked from commit edee7030e4deee4e95e68daa1623ea305ce202e5)
Closes OS-6907Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/75[cern] Add swarm label for networking2018-10-02T17:17:03+02:00Spyridon Trigazis[cern] Add swarm label for networking* docker_gwbridge_cidr
* docker_bip
* docker_fixed_cidr
jira: OS-7626* docker_gwbridge_cidr
* docker_bip
* docker_fixed_cidr
jira: OS-7626Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/27[cern] add support for eosd in magnum2018-11-20T15:10:29+01:00Ricardo Rocha[cern] add support for eosd in magnumadd labels eos_enabled and eos_tag to toggle eosd deployment in cern
magnum clusters. default is false (disabled), with eos_tag indicated the
tag to be used when pulling the eosd and docker-volume-eos containers.add labels eos_enabled and eos_tag to toggle eosd deployment in cern
magnum clusters. default is false (disabled), with eos_tag indicated the
tag to be used when pulling the eosd and docker-volume-eos containers.Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/95Cern stein prerelease2019-06-12T17:52:09+02:00Diogo Filipe Tomas GuerraCern stein prereleasehttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/86Cern rocky2019-07-02T10:07:47+02:00Ricardo RochaCern rockyhttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/73[cern] upgrade docker-ce version in k8s2019-07-02T10:07:57+02:00Ricardo Rocha[cern] upgrade docker-ce version in k8sAdd label to specify the docker-ce version to use in a kubernetes
cluster. This will replace the available dockerd in the image, which is
often quite old.
Fixes OS-7273.Add label to specify the docker-ce version to use in a kubernetes
cluster. This will replace the available dockerd in the image, which is
often quite old.
Fixes OS-7273.Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/96Cern stein prerelease2019-07-02T13:56:00+02:00Spyridon TrigazisCern stein prereleaseSpyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/97Cern stein release 1rc02019-07-03T16:32:17+02:00Diogo Filipe Tomas GuerraCern stein release 1rc0* Add metrics_producer magnum label (CERN internal) - OS-8917
* Add npd_enabled to enable/disable npd on the cluster - OS-9381
* Fix some of the grafana dashboards are not showing - OS-9386 (temporary)
RPM: https://gitlab.cern.ch/cloud...* Add metrics_producer magnum label (CERN internal) - OS-8917
* Add npd_enabled to enable/disable npd on the cluster - OS-9381
* Fix some of the grafana dashboards are not showing - OS-9386 (temporary)
RPM: https://gitlab.cern.ch/cloud-infrastructure/openstack-magnum/merge_requests/97https://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/91WIP: Add (un)privileged Pod Security Policies2019-07-11T22:19:40+02:00Ricardo RochaWIP: Add (un)privileged Pod Security PoliciesAdd two PodSecurityPolicy resources:
* privileged: for workloads needed more than restricted access
* unprivileged: for all other workloads, and should be the default
Additional things to be set:
* unprivileged mapped to ClusterRole rel...Add two PodSecurityPolicy resources:
* privileged: for workloads needed more than restricted access
* unprivileged: for all other workloads, and should be the default
Additional things to be set:
* unprivileged mapped to ClusterRole relying on the 'default' service account
* privileged / unprivileged added to all existing ClusterRole resources
as appropriate
In addition a new label is available to set an alternative policy to the
default account, so that at cluster creation users can override the
restricted defaults.Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/104Add Magnum flag for auto-dns install2020-01-06T13:41:55+01:00Diogo Filipe Tomas GuerraAdd Magnum flag for auto-dns installOS-9672
Change-Id: Idb57a99e731ea1571a06c5511749a451d1aae855
Signed-off-by: Diogo Guerra <diogo.filipe.tomas.guerra@cern.ch>OS-9672
Change-Id: Idb57a99e731ea1571a06c5511749a451d1aae855
Signed-off-by: Diogo Guerra <diogo.filipe.tomas.guerra@cern.ch>Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/110Update cern logging2020-02-11T12:01:59+01:00Diogo Filipe Tomas GuerraUpdate cern logging* Allow fluentd to run on master
* Logging type defaults to http
* Fluentd is only installed if user specifies Producer* Allow fluentd to run on master
* Logging type defaults to http
* Fluentd is only installed if user specifies ProducerRicardo RochaSpyridon TrigazisRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/120calico: Add node/status in ClusterRole2020-03-24T09:28:27+01:00Spyridon Trigaziscalico: Add node/status in ClusterRoleThe upstream docs [0] were missing a parameters
for the calico-node ClusterRole.
Without it we get:
2020-02-21 11:41:35.762 [ERROR][8]
...
User "system:serviceaccount:kube-system:calico-node"
cannot patch resource "nodes/status" ...The upstream docs [0] were missing a parameters
for the calico-node ClusterRole.
Without it we get:
2020-02-21 11:41:35.762 [ERROR][8]
...
User "system:serviceaccount:kube-system:calico-node"
cannot patch resource "nodes/status" in API group ""
at the cluster scope
[0] https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
Needs to be backported to train.
story: 2005318
task: 39041
Change-Id: Ib7d3068ee53c08fea32a69c997b6de6477a17f0a
Signed-off-by: Spyros Trigazis <strigazi@gmail.com>Ricardo RochaSpyridon TrigazisRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/121OS-10946 log size2020-03-24T09:28:44+01:00Spyridon TrigazisOS-10946 log sizeRicardo RochaSpyridon TrigazisRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/115[OS-10777] Vesbose logging for cluster ops2020-04-20T00:02:56+02:00Theodoros Tsioutsias[OS-10777] Vesbose logging for cluster opsChanges existing logs messages for cluster update and resize from debug
to info. Adds a log message for cluster upgrade.Changes existing logs messages for cluster update and resize from debug
to info. Adds a log message for cluster upgrade.https://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/127[cern] Make fluentd work with selinux2020-05-06T17:17:50+02:00Theodoros Tsioutsias[cern] Make fluentd work with selinuxhttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/125[cern] Deploy traefik from the heat-agent2020-05-06T17:18:26+02:00Spyridon Trigazis[cern] Deploy traefik from the heat-agentupstream https://review.opendev.org/#/c/721838/
Use kubectl from the heat agent to apply the
traefik deployment. Current behaviour was to
create a systemd unit to send the manifests
to the API.
This way we will have only one way for ap...upstream https://review.opendev.org/#/c/721838/
Use kubectl from the heat agent to apply the
traefik deployment. Current behaviour was to
create a systemd unit to send the manifests
to the API.
This way we will have only one way for applying
manifests to the API.
This change is triggered to adddress the kubectl
change [0] that is not using 127.0.0.1:8080 as
the default kubernetes API.
[0] https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.18.md#kubectl
story: 2005286
task: 39522
Change-Id: I8982bd4ec2ab69f35938970d604c16ac5e62e1fa
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>Ricardo RochaSpyridon TrigazisRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/126[cern] add resources for master lb2020-05-06T17:18:34+02:00Ricardo Rocha[cern] add resources for master lbReadd dropped resources to enable lb instances for api and etcd on the
master, as well as the required pool and members to register each master
with the lbs.Readd dropped resources to enable lb instances for api and etcd on the
master, as well as the required pool and members to register each master
with the lbs.Ricardo RochaRicardo Rocha