magnum merge requestshttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests2019-07-02T13:56:00+02:00https://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/96Cern stein prerelease2019-07-02T13:56:00+02:00Spyridon TrigazisCern stein prereleaseSpyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/95Cern stein prerelease2019-06-12T17:52:09+02:00Diogo Filipe Tomas GuerraCern stein prereleasehttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/91WIP: Add (un)privileged Pod Security Policies2019-07-11T22:19:40+02:00Ricardo RochaWIP: Add (un)privileged Pod Security PoliciesAdd two PodSecurityPolicy resources:
* privileged: for workloads needed more than restricted access
* unprivileged: for all other workloads, and should be the default
Additional things to be set:
* unprivileged mapped to ClusterRole rel...Add two PodSecurityPolicy resources:
* privileged: for workloads needed more than restricted access
* unprivileged: for all other workloads, and should be the default
Additional things to be set:
* unprivileged mapped to ClusterRole relying on the 'default' service account
* privileged / unprivileged added to all existing ClusterRole resources
as appropriate
In addition a new label is available to set an alternative policy to the
default account, so that at cluster creation users can override the
restricted defaults.Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/86Cern rocky2019-07-02T10:07:47+02:00Ricardo RochaCern rockyhttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/75[cern] Add swarm label for networking2018-10-02T17:17:03+02:00Spyridon Trigazis[cern] Add swarm label for networking* docker_gwbridge_cidr
* docker_bip
* docker_fixed_cidr
jira: OS-7626* docker_gwbridge_cidr
* docker_bip
* docker_fixed_cidr
jira: OS-7626Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/73[cern] upgrade docker-ce version in k8s2019-07-02T10:07:57+02:00Ricardo Rocha[cern] upgrade docker-ce version in k8sAdd label to specify the docker-ce version to use in a kubernetes
cluster. This will replace the available dockerd in the image, which is
often quite old.
Fixes OS-7273.Add label to specify the docker-ce version to use in a kubernetes
cluster. This will replace the available dockerd in the image, which is
often quite old.
Fixes OS-7273.Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/66[cern] Strip signed certificate2018-06-21T13:21:05+02:00Spyridon Trigazis[cern] Strip signed certificatecherry-picked from: https://review.openstack.org/#/c/574167/
Certificate (ca.crt) has to be striped for some application parsers
as they might require pure base64 representation of
certificate itself, without empty characters
at the beg...cherry-picked from: https://review.openstack.org/#/c/574167/
Certificate (ca.crt) has to be striped for some application parsers
as they might require pure base64 representation of
certificate itself, without empty characters
at the beginning nor the end of file
Change-Id: I5f58e19d03abdf040b9a5b5df2f4dd83b4c0e3a9
Closes-Bug: #1775342
(cherry picked from commit edee7030e4deee4e95e68daa1623ea305ce202e5)
Closes OS-6907Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/62[cern] Create admin cluster-role2018-06-18T11:56:55+02:00Spyridon Trigazis[cern] Create admin cluster-roleChange-Id: I112fe2ddb1d5400fcbc73bbdbc8d483d5a92d120
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
Closes OS-6474Change-Id: I112fe2ddb1d5400fcbc73bbdbc8d483d5a92d120
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
Closes OS-6474Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/61[cern] Fix KUBE_API_ARGS2018-06-18T11:56:54+02:00Spyridon Trigazis[cern] Fix KUBE_API_ARGSAfter 42d35211c540c9b86eb91fd1c042505dbddbfcef KUBE_API_ARGS
are set only to "--runtime-config=api/all=true" append
this param at the end of the others.
Change-Id: Id6995b16326b7094705a7cc118de66d5081cfc5d
Signed-off-by: Spyros Trigazis...After 42d35211c540c9b86eb91fd1c042505dbddbfcef KUBE_API_ARGS
are set only to "--runtime-config=api/all=true" append
this param at the end of the others.
Change-Id: Id6995b16326b7094705a7cc118de66d5081cfc5d
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
Closes OS-6871Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/51Cern queens patches2018-03-26T10:47:07+02:00Ricardo RochaCern queens patcheshttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/47Workaround to provide ssh keys to ironic machines2017-11-30T15:48:26+01:00Ghost UserWorkaround to provide ssh keys to ironic machinesChange-Id: I27fc91597b0fdb9789844e1917eee5ada352d22d
Conflicts:
magnum/drivers/heat/k8s_fedora_template_def.py
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.ya...Change-Id: I27fc91597b0fdb9789844e1917eee5ada352d22d
Conflicts:
magnum/drivers/heat/k8s_fedora_template_def.py
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
Conflicts:
magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yamlhttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/46Temporal patch to allow testing on physical instances2017-11-06T14:32:36+01:00Ghost UserTemporal patch to allow testing on physical instancesRicardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/36Cern pike2017-09-26T15:06:24+02:00Ricardo RochaCern pikehttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/27[cern] add support for eosd in magnum2018-11-20T15:10:29+01:00Ricardo Rocha[cern] add support for eosd in magnumadd labels eos_enabled and eos_tag to toggle eosd deployment in cern
magnum clusters. default is false (disabled), with eos_tag indicated the
tag to be used when pulling the eosd and docker-volume-eos containers.add labels eos_enabled and eos_tag to toggle eosd deployment in cern
magnum clusters. default is false (disabled), with eos_tag indicated the
tag to be used when pulling the eosd and docker-volume-eos containers.Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/24[cern] Update docker version for swarm_v22017-08-23T11:54:52+02:00Spyridon Trigazis[cern] Update docker version for swarm_v2Update docker engine version to 1.13.1. This update is just to
show the right version when a user does:
magnum cluster-show <cluster>Update docker engine version to 1.13.1. This update is just to
show the right version when a user does:
magnum cluster-show <cluster>Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/17Fix usage of the trustee user in K8S Cinder plugin2017-04-06T13:51:16+02:00Mathieu VeltenFix usage of the trustee user in K8S Cinder pluginOS-3365
Upstream review :
https://review.openstack.org/445404OS-3365
Upstream review :
https://review.openstack.org/445404Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/10[CERN] Fix docker-storage configuration2017-02-15T17:28:42+01:00Spyridon Trigazis[CERN] Fix docker-storage configurationCherry-pick from [1] for file:
magnum/drivers/common/templates/fragments/configure_docker_storage_driver_atomic.sh
Revert changes in:
magnum/drivers/common/templates/fragments/configure-docker-storage.sh
magnum/drivers/common/templates/f...Cherry-pick from [1] for file:
magnum/drivers/common/templates/fragments/configure_docker_storage_driver_atomic.sh
Revert changes in:
magnum/drivers/common/templates/fragments/configure-docker-storage.sh
magnum/drivers/common/templates/fragments/configure-cvmfs.sh
Related-Ticket: OS-4106
[1] https://review.openstack.org/#/c/417457/Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/7WIP: [cern] [swarm] Enable TLS in Etcd cluster2017-02-06T10:57:46+01:00Ricardo RochaWIP: [cern] [swarm] Enable TLS in Etcd clusterSpyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/5[cern] Upgrade to Fedora Atomic 252017-01-23T17:50:37+01:00Spyridon Trigazis[cern] Upgrade to Fedora Atomic 25Cherry-pick: https://review.openstack.org/#/c/417457/8
Image contains:
kubernetes-1.4.7-1.fc25.x86_64
docker-1.12.5-4.git03508cc.fc25.x86_64
flannel-0.5.5-8.fc25.x86_64
etcd-3.0.15-1.fc25.x86_64
* For this upgrade the upstream image is...Cherry-pick: https://review.openstack.org/#/c/417457/8
Image contains:
kubernetes-1.4.7-1.fc25.x86_64
docker-1.12.5-4.git03508cc.fc25.x86_64
flannel-0.5.5-8.fc25.x86_64
etcd-3.0.15-1.fc25.x86_64
* For this upgrade the upstream image is used, which is
uploaded here [1].
* Minor changes for flannel and docker-storage-setup
were needed.
* The image will be built in the CI and uploaded to
tarballs.openstack.org as soon as possible.
[1] https://fedorapeople.org/groups/magnum/fedora-atomic-25-20161221.qcow2
Change-Id: Iac6e30c530821a49a5c3978e335e0b1d56a576e0
Conflicts:
magnum/drivers/common/templates/fragments/configure_docker_storage_driver_atomic.sh
magnum/drivers/common/templates/kubernetes/fragments/write-network-config.sh
magnum/drivers/k8s_fedora_atomic_v1/version.py
magnum/drivers/swarm_fedora_atomic_v1/version.py
magnum/tests/contrib/gate_hook.shRicardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/1CP make optional cinder in cern-newton2017-01-23T17:51:09+01:00Spyridon TrigazisCP make optional cinder in cern-newton