magnum merge requestshttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests2018-11-20T14:27:52+01:00https://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/79[cern] Adapt csi-cvmfs to 0.3.02018-11-20T14:27:52+01:00Ricardo Rocha[cern] Adapt csi-cvmfs to 0.3.0Fixes OS-7323.Fixes OS-7323.Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/78[cern] Add iptables -P FORWARD ACCEPT unit2018-11-21T16:26:16+01:00Spyridon Trigazis[cern] Add iptables -P FORWARD ACCEPT unitOn node reboot, kubelet and kube-proxy set
iptables -P FORWARD DROP which doesn't work with
flannel in the way we use it.
Add a systemd unit to set the rule to ACCEPT after
flannel,docker,kubelet,kube-proxy.
jira: OS-7556
Signed-off-by...On node reboot, kubelet and kube-proxy set
iptables -P FORWARD DROP which doesn't work with
flannel in the way we use it.
Add a systemd unit to set the rule to ACCEPT after
flannel,docker,kubelet,kube-proxy.
jira: OS-7556
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/80[cern] Adapt cvmfs and cephfs to CSI 0.3.02018-11-28T11:36:34+01:00Ricardo Rocha[cern] Adapt cvmfs and cephfs to CSI 0.3.0Adapt both CVMFS and CephFS plugin drivers to CSI 0.3.0, with no
attacher and using CSIDriver and CSINodePlugin CRDs.
Fixes OS-7323.Adapt both CVMFS and CephFS plugin drivers to CSI 0.3.0, with no
attacher and using CSIDriver and CSINodePlugin CRDs.
Fixes OS-7323.Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/81[cern] OS-8105 - [ADD] StorageClasses for testing(default) and production2018-11-30T12:14:40+01:00Diogo Filipe Tomas Guerra[cern] OS-8105 - [ADD] StorageClasses for testing(default) and productionThis commit will allow the automatic creation of two storage classes when a k8s cluster is cretated.
This classes are:
testing: Which is the manila share on geneva, and it is also the one used by default if the user does not specify a cl...This commit will allow the automatic creation of two storage classes when a k8s cluster is cretated.
This classes are:
testing: Which is the manila share on geneva, and it is also the one used by default if the user does not specify a class to use
production: The manila share on meyrin to be used for production purposes.
Change-Id: Ib4306d5b586b78ebb39893384d937b855b658d0fDiogo Filipe Tomas GuerraDiogo Filipe Tomas Guerrahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/82[cern] Use existing templates for cluster-update command2019-01-23T13:26:00+01:00Spyridon Trigazis[cern] Use existing templates for cluster-update commandCluster update was used for scaling operations only,
but if the heat-temaplates where changed for any reason
(eg upgrade of the magnum server), the stack update command
was destructive.
This patch uses the existing parameter in the stac...Cluster update was used for scaling operations only,
but if the heat-temaplates where changed for any reason
(eg upgrade of the magnum server), the stack update command
was destructive.
This patch uses the existing parameter in the stack update call.
story: 1722573
task: 21583
Change-Id: Id84e5d878b21c908021e631514c2c58b3fe8b8b0
(cherry picked from commit 3f773f1fd045a507c3962ae509fcd57352cdc9ae)
Conflicts:
magnum/tests/unit/drivers/test_template_definition.pyhttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/71[cern] Get minion ip from metadata or host2019-01-23T13:27:30+01:00Ghost User[cern] Get minion ip from metadata or hostChange-Id: I8eb334abc9fb8fa6637f80a43900509d1bce1812Change-Id: I8eb334abc9fb8fa6637f80a43900509d1bce1812Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/83OS-6966 [cern] Handle error call to metadata service2019-01-24T09:51:45+01:00Spyridon TrigazisOS-6966 [cern] Handle error call to metadata serviceWhen trying to get the host ip from the metadata service,
curl returns a non-zero exiy code. Some scripts run with
'set -o errexit' and exit because of this call.
jira: OS-6966
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>When trying to get the host ip from the metadata service,
curl returns a non-zero exiy code. Some scripts run with
'set -o errexit' and exit because of this call.
jira: OS-6966
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/84[cern] Allow overwriting labels on swarm mode creation2019-02-07T12:01:37+01:00Ricardo Rocha[cern] Allow overwriting labels on swarm mode creationAllow passing label values on cluster creation for swarm mode. This is
available in all kubernetes drivers as well as swarm, but somehow missed
on swarm mode.
Story: 2004942
Task: 29343
Cherry-pick: https://review.openstack.org/#/c/634...Allow passing label values on cluster creation for swarm mode. This is
available in all kubernetes drivers as well as swarm, but somehow missed
on swarm mode.
Story: 2004942
Task: 29343
Cherry-pick: https://review.openstack.org/#/c/634501/
Change-Id: Ie3ac66f45e27cc92993116c3df0b33873dc67e24
Conflicts:
magnum/tests/unit/drivers/test_template_definition.pySpyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/85[cern] Set reclaimPolicy to Retain on default SCs2019-02-21T10:24:26+01:00Ricardo Rocha[cern] Set reclaimPolicy to Retain on default SCsOur internal SCs (meyrin-cephfs, geneva-cephfs-testing) should have
Retain as their reclaim policy. Default in kubernetes is Delete, so we
need to explicitly set it.
Fixes OS-8535.Our internal SCs (meyrin-cephfs, geneva-cephfs-testing) should have
Retain as their reclaim policy. Default in kubernetes is Delete, so we
need to explicitly set it.
Fixes OS-8535.Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/87[cern] Link waitdns property to cern_enabled flag2019-02-22T14:25:58+01:00Ricardo Rocha[cern] Link waitdns property to cern_enabled flagWe see issues with the AD registration when waitdns is set to false (and
ad registration is left to its default true value).
It makes sense to set the waitdns flag to the same value as cern_enabled
- when it's true, then we behave as be...We see issues with the AD registration when waitdns is set to false (and
ad registration is left to its default true value).
It makes sense to set the waitdns flag to the same value as cern_enabled
- when it's true, then we behave as before.Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/88[cern] Do not pass openstack ca to kubernetes2019-02-27T16:54:49+01:00Ricardo Rocha[cern] Do not pass openstack ca to kubernetesWith the full CERN CA payload configured the deployment of kubernetes
clusters breaks. We already set the CERN CA in cern-setup, and this will
move to a helm chart later.
Ignore in kubernetes, but keep it for swarm clusters.With the full CERN CA payload configured the deployment of kubernetes
clusters breaks. We already set the CERN CA in cern-setup, and this will
move to a helm chart later.
Ignore in kubernetes, but keep it for swarm clusters.Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/89[cern] Move cern deployments to kubecluster2019-03-08T09:27:01+01:00Ricardo Rocha[cern] Move cern deployments to kubeclusterMove our custom deployments to kube_cluster_deploy following the changes
upstream for the rest of the configuration. This allows master and
minion to be deployed in parallel, without a wait.Move our custom deployments to kube_cluster_deploy following the changes
upstream for the rest of the configuration. This allows master and
minion to be deployed in parallel, without a wait.https://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/90k8s_fedora: Add ca_key before all deployments2019-03-25T12:18:27+01:00Spyridon Trigazisk8s_fedora: Add ca_key before all deploymentscherry-picked from: https://review.openstack.org/#/c/643924/1
The script [1] that writes the ca.key depends in the apiserver to be
running and the script to start the apiserver [0] needs the ca.key to
exist.
Write the ca_key before all...cherry-picked from: https://review.openstack.org/#/c/643924/1
The script [1] that writes the ca.key depends in the apiserver to be
running and the script to start the apiserver [0] needs the ca.key to
exist.
Write the ca_key before all other scripts that depend on the apiserver.
story: 2005254
task: 30051
[0]
https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/enable-services-master.sh
[1]
https://github.com/openstack/magnum/blob/master/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml#L843
Change-Id: If532ccc4673225eb1b7e7cab77a30950ee5ee695
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
(cherry picked from commit 13e8c11f784dc4e274e1322dc64a0dab5c38b632)Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/92[cern] Set a fixed cipher suite set for Traefik2019-04-09T19:21:01+02:00Ricardo Rocha[cern] Set a fixed cipher suite set for TraefikCherry-pick: https://review.openstack.org/#/c/648649/
Explicitly set the support cipher suite for Ingress TLS using Traefik,
following Mozilla intermediate minus DES3:
https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compa...Cherry-pick: https://review.openstack.org/#/c/648649/
Explicitly set the support cipher suite for Ingress TLS using Traefik,
following Mozilla intermediate minus DES3:
https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
Move the Traefik configuration to a ConfigMap for more flexbility than
provided by command line arguments.
Change-Id: I5a5a95385c4143cce21c60073ae168336c4b2f27
Story: 2005326
Task: 30254Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/93[cern] Fix fluentd configmap indentation2019-05-28T21:28:13+02:00Spyridon Trigazis[cern] Fix fluentd configmap indentationWithout the correct indentation we can not create the
configmap and fluentd does not start.
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>Without the correct indentation we can not create the
configmap and fluentd does not start.
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/94[cern] set checkdns false if not cern_enabled2019-06-13T09:51:00+02:00Ricardo Rocha[cern] set checkdns false if not cern_enabledRicardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/100[cern] k8s: Clear cni configuration2019-07-11T22:20:17+02:00Spyridon Trigazis[cern] k8s: Clear cni configurationcherry-picked from: https://review.opendev.org/#/c/669166/1
In fedora atomic 29, podman is present and configures
its own cni. We need to clear the cni configuration
otherwise we will get that cni0 is already used.
story: 2006171
task...cherry-picked from: https://review.opendev.org/#/c/669166/1
In fedora atomic 29, podman is present and configures
its own cni. We need to clear the cni configuration
otherwise we will get that cni0 is already used.
story: 2006171
task: 35682
Change-Id: Ic70938184bdb98eaaf4f384ce553818cf2624a2a
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/101Disable health check2019-07-11T22:20:47+02:00Spyridon TrigazisDisable health checkRicardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/102[cern] Update csi-cephfs to csi 1.02019-08-26T23:21:05+02:00Ricardo Rocha[cern] Update csi-cephfs to csi 1.0Update csi-cephfs setup to CSI 1.0. Changes in manifests and requires
updated images as well.Update csi-cephfs setup to CSI 1.0. Changes in manifests and requires
updated images as well.Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/103[cern] Add support for cvmfs csi 1.x2019-08-26T23:21:05+02:00Ricardo Rocha[cern] Add support for cvmfs csi 1.xRicardo RochaRicardo Rocha