magnum merge requestshttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests2019-10-02T10:40:48+02:00https://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/99Cern stein release 12019-10-02T10:40:48+02:00Diogo Filipe Tomas GuerraCern stein release 1* Add npd_enabled to enable/disable npd on the cluster - OS-9381
* Fix some of the grafana dashboards are not showing - OS-9386
* Allow CA roll update - OS-9394* Add npd_enabled to enable/disable npd on the cluster - OS-9381
* Fix some of the grafana dashboards are not showing - OS-9386
* Allow CA roll update - OS-9394Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/98[cern] Enable K8s Central Monitoring2019-10-03T15:17:56+02:00Diogo Filipe Tomas Guerra[cern] Enable K8s Central Monitoring- Add label metrics_producer to identify the metrics producing cluster
when monit team scrapes said cluster
- Add label to specify metric_producer_version
OS-8917- Add label metrics_producer to identify the metrics producing cluster
when monit team scrapes said cluster
- Add label to specify metric_producer_version
OS-8917Ricardo RochaSpyridon TrigazisRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/94[cern] set checkdns false if not cern_enabled2019-06-13T09:51:00+02:00Ricardo Rocha[cern] set checkdns false if not cern_enabledRicardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/93[cern] Fix fluentd configmap indentation2019-05-28T21:28:13+02:00Spyridon Trigazis[cern] Fix fluentd configmap indentationWithout the correct indentation we can not create the
configmap and fluentd does not start.
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>Without the correct indentation we can not create the
configmap and fluentd does not start.
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/92[cern] Set a fixed cipher suite set for Traefik2019-04-09T19:21:01+02:00Ricardo Rocha[cern] Set a fixed cipher suite set for TraefikCherry-pick: https://review.openstack.org/#/c/648649/
Explicitly set the support cipher suite for Ingress TLS using Traefik,
following Mozilla intermediate minus DES3:
https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compa...Cherry-pick: https://review.openstack.org/#/c/648649/
Explicitly set the support cipher suite for Ingress TLS using Traefik,
following Mozilla intermediate minus DES3:
https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
Move the Traefik configuration to a ConfigMap for more flexbility than
provided by command line arguments.
Change-Id: I5a5a95385c4143cce21c60073ae168336c4b2f27
Story: 2005326
Task: 30254Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/90k8s_fedora: Add ca_key before all deployments2019-03-25T12:18:27+01:00Spyridon Trigazisk8s_fedora: Add ca_key before all deploymentscherry-picked from: https://review.openstack.org/#/c/643924/1
The script [1] that writes the ca.key depends in the apiserver to be
running and the script to start the apiserver [0] needs the ca.key to
exist.
Write the ca_key before all...cherry-picked from: https://review.openstack.org/#/c/643924/1
The script [1] that writes the ca.key depends in the apiserver to be
running and the script to start the apiserver [0] needs the ca.key to
exist.
Write the ca_key before all other scripts that depend on the apiserver.
story: 2005254
task: 30051
[0]
https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/enable-services-master.sh
[1]
https://github.com/openstack/magnum/blob/master/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml#L843
Change-Id: If532ccc4673225eb1b7e7cab77a30950ee5ee695
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
(cherry picked from commit 13e8c11f784dc4e274e1322dc64a0dab5c38b632)Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/89[cern] Move cern deployments to kubecluster2019-03-08T09:27:01+01:00Ricardo Rocha[cern] Move cern deployments to kubeclusterMove our custom deployments to kube_cluster_deploy following the changes
upstream for the rest of the configuration. This allows master and
minion to be deployed in parallel, without a wait.Move our custom deployments to kube_cluster_deploy following the changes
upstream for the rest of the configuration. This allows master and
minion to be deployed in parallel, without a wait.https://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/88[cern] Do not pass openstack ca to kubernetes2019-02-27T16:54:49+01:00Ricardo Rocha[cern] Do not pass openstack ca to kubernetesWith the full CERN CA payload configured the deployment of kubernetes
clusters breaks. We already set the CERN CA in cern-setup, and this will
move to a helm chart later.
Ignore in kubernetes, but keep it for swarm clusters.With the full CERN CA payload configured the deployment of kubernetes
clusters breaks. We already set the CERN CA in cern-setup, and this will
move to a helm chart later.
Ignore in kubernetes, but keep it for swarm clusters.Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/87[cern] Link waitdns property to cern_enabled flag2019-02-22T14:25:58+01:00Ricardo Rocha[cern] Link waitdns property to cern_enabled flagWe see issues with the AD registration when waitdns is set to false (and
ad registration is left to its default true value).
It makes sense to set the waitdns flag to the same value as cern_enabled
- when it's true, then we behave as be...We see issues with the AD registration when waitdns is set to false (and
ad registration is left to its default true value).
It makes sense to set the waitdns flag to the same value as cern_enabled
- when it's true, then we behave as before.Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/85[cern] Set reclaimPolicy to Retain on default SCs2019-02-21T10:24:26+01:00Ricardo Rocha[cern] Set reclaimPolicy to Retain on default SCsOur internal SCs (meyrin-cephfs, geneva-cephfs-testing) should have
Retain as their reclaim policy. Default in kubernetes is Delete, so we
need to explicitly set it.
Fixes OS-8535.Our internal SCs (meyrin-cephfs, geneva-cephfs-testing) should have
Retain as their reclaim policy. Default in kubernetes is Delete, so we
need to explicitly set it.
Fixes OS-8535.Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/84[cern] Allow overwriting labels on swarm mode creation2019-02-07T12:01:37+01:00Ricardo Rocha[cern] Allow overwriting labels on swarm mode creationAllow passing label values on cluster creation for swarm mode. This is
available in all kubernetes drivers as well as swarm, but somehow missed
on swarm mode.
Story: 2004942
Task: 29343
Cherry-pick: https://review.openstack.org/#/c/634...Allow passing label values on cluster creation for swarm mode. This is
available in all kubernetes drivers as well as swarm, but somehow missed
on swarm mode.
Story: 2004942
Task: 29343
Cherry-pick: https://review.openstack.org/#/c/634501/
Change-Id: Ie3ac66f45e27cc92993116c3df0b33873dc67e24
Conflicts:
magnum/tests/unit/drivers/test_template_definition.pySpyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/83OS-6966 [cern] Handle error call to metadata service2019-01-24T09:51:45+01:00Spyridon TrigazisOS-6966 [cern] Handle error call to metadata serviceWhen trying to get the host ip from the metadata service,
curl returns a non-zero exiy code. Some scripts run with
'set -o errexit' and exit because of this call.
jira: OS-6966
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>When trying to get the host ip from the metadata service,
curl returns a non-zero exiy code. Some scripts run with
'set -o errexit' and exit because of this call.
jira: OS-6966
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/82[cern] Use existing templates for cluster-update command2019-01-23T13:26:00+01:00Spyridon Trigazis[cern] Use existing templates for cluster-update commandCluster update was used for scaling operations only,
but if the heat-temaplates where changed for any reason
(eg upgrade of the magnum server), the stack update command
was destructive.
This patch uses the existing parameter in the stac...Cluster update was used for scaling operations only,
but if the heat-temaplates where changed for any reason
(eg upgrade of the magnum server), the stack update command
was destructive.
This patch uses the existing parameter in the stack update call.
story: 1722573
task: 21583
Change-Id: Id84e5d878b21c908021e631514c2c58b3fe8b8b0
(cherry picked from commit 3f773f1fd045a507c3962ae509fcd57352cdc9ae)
Conflicts:
magnum/tests/unit/drivers/test_template_definition.pyhttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/81[cern] OS-8105 - [ADD] StorageClasses for testing(default) and production2018-11-30T12:14:40+01:00Diogo Filipe Tomas Guerra[cern] OS-8105 - [ADD] StorageClasses for testing(default) and productionThis commit will allow the automatic creation of two storage classes when a k8s cluster is cretated.
This classes are:
testing: Which is the manila share on geneva, and it is also the one used by default if the user does not specify a cl...This commit will allow the automatic creation of two storage classes when a k8s cluster is cretated.
This classes are:
testing: Which is the manila share on geneva, and it is also the one used by default if the user does not specify a class to use
production: The manila share on meyrin to be used for production purposes.
Change-Id: Ib4306d5b586b78ebb39893384d937b855b658d0fDiogo Filipe Tomas GuerraDiogo Filipe Tomas Guerrahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/80[cern] Adapt cvmfs and cephfs to CSI 0.3.02018-11-28T11:36:34+01:00Ricardo Rocha[cern] Adapt cvmfs and cephfs to CSI 0.3.0Adapt both CVMFS and CephFS plugin drivers to CSI 0.3.0, with no
attacher and using CSIDriver and CSINodePlugin CRDs.
Fixes OS-7323.Adapt both CVMFS and CephFS plugin drivers to CSI 0.3.0, with no
attacher and using CSIDriver and CSINodePlugin CRDs.
Fixes OS-7323.Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/79[cern] Adapt csi-cvmfs to 0.3.02018-11-20T14:27:52+01:00Ricardo Rocha[cern] Adapt csi-cvmfs to 0.3.0Fixes OS-7323.Fixes OS-7323.Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/78[cern] Add iptables -P FORWARD ACCEPT unit2018-11-21T16:26:16+01:00Spyridon Trigazis[cern] Add iptables -P FORWARD ACCEPT unitOn node reboot, kubelet and kube-proxy set
iptables -P FORWARD DROP which doesn't work with
flannel in the way we use it.
Add a systemd unit to set the rule to ACCEPT after
flannel,docker,kubelet,kube-proxy.
jira: OS-7556
Signed-off-by...On node reboot, kubelet and kube-proxy set
iptables -P FORWARD DROP which doesn't work with
flannel in the way we use it.
Add a systemd unit to set the rule to ACCEPT after
flannel,docker,kubelet,kube-proxy.
jira: OS-7556
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/77[cern] set cern-waitdns false, drop cern-services2018-10-17T10:50:20+02:00Ricardo Rocha[cern] set cern-waitdns false, drop cern-servicesFollowing the introduction of the waitdns and active-directory flags,
drop the setting of cern-services leaving default to True, and set
cern-waitdns to false instead. This will allow nodes to not wait for dns
registration but still get ...Following the introduction of the waitdns and active-directory flags,
drop the setting of cern-services leaving default to True, and set
cern-waitdns to false instead. This will allow nodes to not wait for dns
registration but still get registered in active directory.
Fixes OS-7807Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/76OS-7626 and OS-76312018-10-03T15:53:13+02:00Spyridon TrigazisOS-7626 and OS-7631Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/74[cern] set hpa rest clients to false2018-08-29T11:36:34+02:00Ricardo Rocha[cern] set hpa rest clients to falseSet --horizontal-pod-autoscaler-use-rest-clients=false in the controller
manager configuration. This is required due to the new metric
architecture, for compatibility with heapster.
Fixes OS-6772.Set --horizontal-pod-autoscaler-use-rest-clients=false in the controller
manager configuration. This is required due to the new metric
architecture, for compatibility with heapster.
Fixes OS-6772.Spyridon TrigazisSpyridon Trigazis