magnum merge requestshttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests2023-01-23T21:28:39+01:00https://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/218Fix helm deployed cluster-autoscaler2023-01-23T21:28:39+01:00Diogo Filipe Tomas GuerraFix helm deployed cluster-autoscalerChange-Id: Id615633b7ffd6c2db1c0c1dc067ea3005c7751a7Change-Id: Id615633b7ffd6c2db1c0c1dc067ea3005c7751a7R-2022-Q3-1Diogo Filipe Tomas GuerraDiogo Filipe Tomas Guerrahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/217coredns and occm via helm2023-01-19T23:42:11+01:00Ricardo Rochacoredns and occm via helmR-2022-Q3-1Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/216fcos36: Update ignition to use iptable-legacy2022-10-11T23:20:04+02:00Spyridon Trigazisfcos36: Update ignition to use iptable-legacyhttps://discussion.fedoraproject.org/t/fedora-coreos-moving-to-iptables-nft/37302
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>https://discussion.fedoraproject.org/t/fedora-coreos-moving-to-iptables-nft/37302
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/215heat-agent: make notify-heat try up to 60 times2023-01-23T10:21:52+01:00Spyridon Trigazisheat-agent: make notify-heat try up to 60 timesref: https://gitlab.cern.ch/kubernetes/magnum/-/issues/10
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>ref: https://gitlab.cern.ch/kubernetes/magnum/-/issues/10
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/214Add multiple kube-bench suggested modifications2022-09-27T08:23:52+02:00Diogo Filipe Tomas GuerraAdd multiple kube-bench suggested modificationsAll commits come from upstream contributed merge requests:
- 5ca33ee9 [cern] Fix kube-bench 1.2.1, 1.2.23, 1.3.1.
- Set shorter apiserver timeout (from 60s to 10s)
- decrease number of terminated pods to GC
- Disallow anonymous au...All commits come from upstream contributed merge requests:
- 5ca33ee9 [cern] Fix kube-bench 1.2.1, 1.2.23, 1.3.1.
- Set shorter apiserver timeout (from 60s to 10s)
- decrease number of terminated pods to GC
- Disallow anonymous auth
- ed7b8a3c [cern] Fix kube-bench 1.2.32 and 4.2.13
- set TLS cypher-suits to use on kubelet and apiserver
- d6f950f7 [cern] Ensure kube-apiserver TLS connection to etcd server
- set keys and certificates to use for connection with etcd server
- 303e6777 [cern] Add kube-bench disable profilling
- disable profiling on kubernetes control plane components
Closes: https://gitlab.cern.ch/kubernetes/project/-/issues/251R-2022-Q3-1Diogo Filipe Tomas GuerraDiogo Filipe Tomas Guerrahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/213Use helm upgrade instead of install2022-09-12T15:46:43+02:00Diogo Filipe Tomas GuerraUse helm upgrade instead of installThis allows to skip the helm install error:
```
helm -n kube-system install cern-magnum releases/cern-magnum --wait --version 0.11.0 --values /opt/magnum/install-cern-magnum-values.yaml
Error: cannot re-use a name that is still in use
``...This allows to skip the helm install error:
```
helm -n kube-system install cern-magnum releases/cern-magnum --wait --version 0.11.0 --values /opt/magnum/install-cern-magnum-values.yaml
Error: cannot re-use a name that is still in use
```
Installation of the CERN helm chart occurs when cluster is created. https://gitlab.cern.ch/kubernetes/magnum/-/blob/cern/train/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml#L1510
After a while if the job dosen't finish (due to heavy load on master node) the cern-metachart job will create a new install pod.
There is a chance that a new chart installation might be tried while there is a chart mid installation. So the release exists but is not complete.
By using `helm install` installations that might end up being successfull will fail subsequently, while `helm upgrade` will 'upgrade' and pick up any leftover to-dos.
Change-Id: I2c18624e343d109891b9d19b67b4961e917ebe37R-2022-Q3-1Diogo Filipe Tomas GuerraDiogo Filipe Tomas Guerrahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/212install kubernetes-dashboard from cern-metachart2022-10-12T14:24:26+02:00Diogo Filipe Tomas Guerrainstall kubernetes-dashboard from cern-metachartInstallation of kubernetes-dashboard via cern metachart
will only be available on version 0.12.0 onwards.
DependsOn: https://gitlab.cern.ch/kubernetes/automation/releases/cern-magnum/-/merge_requests/92
Closes: https://gitlab.cern.ch/...Installation of kubernetes-dashboard via cern metachart
will only be available on version 0.12.0 onwards.
DependsOn: https://gitlab.cern.ch/kubernetes/automation/releases/cern-magnum/-/merge_requests/92
Closes: https://gitlab.cern.ch/kubernetes/project/-/issues/202
Change-Id: Icaff87cf6780d065d79d1965238efcab05dfe842R-2022-Q3-1Diogo Filipe Tomas GuerraDiogo Filipe Tomas Guerrahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/211Add etcd secrets to kube-system ns to allow metric collection by prometheus2022-10-11T08:35:46+02:00Diogo Filipe Tomas GuerraAdd etcd secrets to kube-system ns to allow metric collection by prometheusThis commit is based on https://review.opendev.org/c/openstack/magnum/+/825421
Allow metrics collection for etcd by prometheus.
DependsOn: https://gitlab.cern.ch/kubernetes/automation/releases/cern-magnum/-/merge_requests/90
Closes: ht...This commit is based on https://review.opendev.org/c/openstack/magnum/+/825421
Allow metrics collection for etcd by prometheus.
DependsOn: https://gitlab.cern.ch/kubernetes/automation/releases/cern-magnum/-/merge_requests/90
Closes: https://gitlab.cern.ch/kubernetes/automation/releases/cern-magnum/-/issues/11
Change-Id: I599568dd016e935936d0bc5bf3c9046615dba46bR-2022-Q3-1Diogo Filipe Tomas GuerraDiogo Filipe Tomas Guerrahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/210[cern] Fix master_availability_zones for k8s FCOS templates2022-06-30T16:42:01+02:00Spyridon Trigazis[cern] Fix master_availability_zones for k8s FCOS templatesSigned-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/209Add label landb_sync_set2022-10-10T13:40:51+02:00Diogo Filipe Tomas GuerraAdd label landb_sync_setThis label is used with the landb-sync utility to set
automatically the landb-set property on the nodes
that are configured as role=ingress
Closes: https://gitlab.cern.ch/kubernetes/magnum/-/issues/6
Signed-off-by: Diogo Guerra <diogo.f...This label is used with the landb-sync utility to set
automatically the landb-set property on the nodes
that are configured as role=ingress
Closes: https://gitlab.cern.ch/kubernetes/magnum/-/issues/6
Signed-off-by: Diogo Guerra <diogo.filipe.tomas.guerra@cern.ch>
Change-Id: Id6e01d0a7d90d57106a90bb818cabc7197d823c4R-2022-Q3-1Diogo Filipe Tomas GuerraDiogo Filipe Tomas Guerrahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/208[cern] Make dual_stack an opt-out feature2022-06-27T13:31:44+02:00Spyridon Trigazis[cern] Make dual_stack an opt-out feature* add ip_family_policy which defaults to dual_stack
* expose portal_network6_cidr,pods_network6_cidr as a labels
keeping the same default cidr
* drop EndpointSlice, IPv6DualStack which are True anyway since
1.18 and 1.21 respectively...* add ip_family_policy which defaults to dual_stack
* expose portal_network6_cidr,pods_network6_cidr as a labels
keeping the same default cidr
* drop EndpointSlice, IPv6DualStack which are True anyway since
1.18 and 1.21 respectively
closes https://gitlab.cern.ch/kubernetes/project/-/issues/300
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/207[cern] set clusterID in helm values for cinder-csi and manila-csi2022-06-13T16:12:45+02:00Robert Vasek[cern] set clusterID in helm values for cinder-csi and manila-csiclusterID is appended to volume/share metadata while provisioning,
making it easier to identify where that volume originates from.
Closes https://gitlab.cern.ch/kubernetes/magnum/-/issues/2clusterID is appended to volume/share metadata while provisioning,
making it easier to identify where that volume originates from.
Closes https://gitlab.cern.ch/kubernetes/magnum/-/issues/2R-2022-Q2-1Robert VasekRobert Vasekhttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/206[cern] Add master_availability_zones label2022-06-10T14:27:44+02:00Spyridon Trigazis[cern] Add master_availability_zones labelmaster_availability_zones is a comma_delimited_list of
availability_zones. master-0 gets az master_availability_zones[0],
master-N gets az master_availability_zones[N].
If the labels availability_zone is set all nodes (master and worker...master_availability_zones is a comma_delimited_list of
availability_zones. master-0 gets az master_availability_zones[0],
master-N gets az master_availability_zones[N].
If the labels availability_zone is set all nodes (master and worker)
will use this availability zone, for backwards compatibility.
closes #1
Change-Id: I5c7c0b0819fe350dce58ab8175466eda9e285c8e
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>R-2022-Q2-1Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/205OIDC fix2022-06-07T15:09:41+02:00Stavros MoirasOIDC fixhttps://its.cern.ch/jira/browse/OS-15824https://its.cern.ch/jira/browse/OS-15824Stavros MoirasStavros Moirashttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/204Check tiller_enabled when cern chart is enabled2022-06-10T14:47:42+02:00Stavros MoirasCheck tiller_enabled when cern chart is enabledhttps://its.cern.ch/jira/browse/OS-14392https://its.cern.ch/jira/browse/OS-14392R-2022-Q2-1Stavros MoirasStavros Moirashttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/203DRAFT: network policy to disable host metadata access2022-05-25T13:48:28+02:00Diogo Filipe Tomas GuerraDRAFT: network policy to disable host metadata accessCreate a network policy to drop all egress connections
to the host metadata cloud provider endpoint. The manifest is
installed as a configuration step on cluster create
Change-Id: I54a87fe87417e74b085eb436964be35e3c2ca91dCreate a network policy to drop all egress connections
to the host metadata cloud provider endpoint. The manifest is
installed as a configuration step on cluster create
Change-Id: I54a87fe87417e74b085eb436964be35e3c2ca91dhttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/202[Magnum] openstack cloud provider via helm2022-10-18T00:04:42+02:00Stavros Moiras[Magnum] openstack cloud provider via helmhttps://its.cern.ch/jira/browse/OS-11503 <br>
Moved from https://gitlab.cern.ch/cloud-infrastructure/magnum/-/merge_requests/188https://its.cern.ch/jira/browse/OS-11503 <br>
Moved from https://gitlab.cern.ch/cloud-infrastructure/magnum/-/merge_requests/188R-2022-Q2-1Stavros MoirasStavros Moirashttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/201[cern] configure cvmfs csi via umbrella chart2022-01-25T11:50:33+01:00Ricardo Rocha[cern] configure cvmfs csi via umbrella chartRicardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/200[Magnum] Coredns via helm2022-10-18T00:04:42+02:00Stavros Moiras[Magnum] Coredns via helmhttps://its.cern.ch/jira/browse/OS-14231
Moved from: https://gitlab.cern.ch/cloud-infrastructure/magnum/-/merge_requests/191https://its.cern.ch/jira/browse/OS-14231
Moved from: https://gitlab.cern.ch/cloud-infrastructure/magnum/-/merge_requests/191R-2022-Q2-1Stavros MoirasStavros Moirashttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/199[cern] cloud-config: set ignore-volume-az=true for Cinder2022-01-25T11:50:22+01:00Robert Vasek[cern] cloud-config: set ignore-volume-az=true for Cinderignore-volume-az is an option specific to cinder-csi driver.
It needs to be set if compute and volume AZs are distinct.
OS-15285ignore-volume-az is an option specific to cinder-csi driver.
It needs to be set if compute and volume AZs are distinct.
OS-15285Ricardo RochaSpyridon TrigazisRicardo Rocha