magnum merge requestshttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests2022-09-27T08:23:52+02:00https://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/214Add multiple kube-bench suggested modifications2022-09-27T08:23:52+02:00Diogo Filipe Tomas GuerraAdd multiple kube-bench suggested modificationsAll commits come from upstream contributed merge requests:
- 5ca33ee9 [cern] Fix kube-bench 1.2.1, 1.2.23, 1.3.1.
- Set shorter apiserver timeout (from 60s to 10s)
- decrease number of terminated pods to GC
- Disallow anonymous au...All commits come from upstream contributed merge requests:
- 5ca33ee9 [cern] Fix kube-bench 1.2.1, 1.2.23, 1.3.1.
- Set shorter apiserver timeout (from 60s to 10s)
- decrease number of terminated pods to GC
- Disallow anonymous auth
- ed7b8a3c [cern] Fix kube-bench 1.2.32 and 4.2.13
- set TLS cypher-suits to use on kubelet and apiserver
- d6f950f7 [cern] Ensure kube-apiserver TLS connection to etcd server
- set keys and certificates to use for connection with etcd server
- 303e6777 [cern] Add kube-bench disable profilling
- disable profiling on kubernetes control plane components
Closes: https://gitlab.cern.ch/kubernetes/project/-/issues/251R-2022-Q3-1Diogo Filipe Tomas GuerraDiogo Filipe Tomas Guerrahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/212install kubernetes-dashboard from cern-metachart2022-10-12T14:24:26+02:00Diogo Filipe Tomas Guerrainstall kubernetes-dashboard from cern-metachartInstallation of kubernetes-dashboard via cern metachart
will only be available on version 0.12.0 onwards.
DependsOn: https://gitlab.cern.ch/kubernetes/automation/releases/cern-magnum/-/merge_requests/92
Closes: https://gitlab.cern.ch/...Installation of kubernetes-dashboard via cern metachart
will only be available on version 0.12.0 onwards.
DependsOn: https://gitlab.cern.ch/kubernetes/automation/releases/cern-magnum/-/merge_requests/92
Closes: https://gitlab.cern.ch/kubernetes/project/-/issues/202
Change-Id: Icaff87cf6780d065d79d1965238efcab05dfe842R-2022-Q3-1Diogo Filipe Tomas GuerraDiogo Filipe Tomas Guerrahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/209Add label landb_sync_set2022-10-10T13:40:51+02:00Diogo Filipe Tomas GuerraAdd label landb_sync_setThis label is used with the landb-sync utility to set
automatically the landb-set property on the nodes
that are configured as role=ingress
Closes: https://gitlab.cern.ch/kubernetes/magnum/-/issues/6
Signed-off-by: Diogo Guerra <diogo.f...This label is used with the landb-sync utility to set
automatically the landb-set property on the nodes
that are configured as role=ingress
Closes: https://gitlab.cern.ch/kubernetes/magnum/-/issues/6
Signed-off-by: Diogo Guerra <diogo.filipe.tomas.guerra@cern.ch>
Change-Id: Id6e01d0a7d90d57106a90bb818cabc7197d823c4R-2022-Q3-1Diogo Filipe Tomas GuerraDiogo Filipe Tomas Guerrahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/211Add etcd secrets to kube-system ns to allow metric collection by prometheus2022-10-11T08:35:46+02:00Diogo Filipe Tomas GuerraAdd etcd secrets to kube-system ns to allow metric collection by prometheusThis commit is based on https://review.opendev.org/c/openstack/magnum/+/825421
Allow metrics collection for etcd by prometheus.
DependsOn: https://gitlab.cern.ch/kubernetes/automation/releases/cern-magnum/-/merge_requests/90
Closes: ht...This commit is based on https://review.opendev.org/c/openstack/magnum/+/825421
Allow metrics collection for etcd by prometheus.
DependsOn: https://gitlab.cern.ch/kubernetes/automation/releases/cern-magnum/-/merge_requests/90
Closes: https://gitlab.cern.ch/kubernetes/automation/releases/cern-magnum/-/issues/11
Change-Id: I599568dd016e935936d0bc5bf3c9046615dba46bR-2022-Q3-1Diogo Filipe Tomas GuerraDiogo Filipe Tomas Guerrahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/217coredns and occm via helm2023-01-19T23:42:11+01:00Ricardo Rochacoredns and occm via helmR-2022-Q3-1Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/220[cern] Don't relabel /var/lib/kubelet in kubelet.service unit2023-01-23T10:16:02+01:00Robert Vasek[cern] Don't relabel /var/lib/kubelet in kubelet.service unitCSI volume mounts used by Pods live under:
* `/var/lib/kubelet/plugins/kubernetes.io/csi/pv/<PV>/globalmount`
* `/var/lib/kubelet/pods/<POD>/volumes/kubernetes.io~csi/<PV>/mount`
If the filesystem of the mounted volume doesn't support x...CSI volume mounts used by Pods live under:
* `/var/lib/kubelet/plugins/kubernetes.io/csi/pv/<PV>/globalmount`
* `/var/lib/kubelet/pods/<POD>/volumes/kubernetes.io~csi/<PV>/mount`
If the filesystem of the mounted volume doesn't support xattrs (e.g. FUSE),
relabeling fails, and `podman run` exits with error.
`/var/lib/kubelet` may still need to be relabeled, but maybe we can do this at node creation time?
Closes: https://gitlab.cern.ch/kubernetes/magnum/-/issues/19R-2022-Q3-1Ricardo RochaSpyridon TrigazisDiogo Filipe Tomas GuerraRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/215heat-agent: make notify-heat try up to 60 times2023-01-23T10:21:52+01:00Spyridon Trigazisheat-agent: make notify-heat try up to 60 timesref: https://gitlab.cern.ch/kubernetes/magnum/-/issues/10
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>ref: https://gitlab.cern.ch/kubernetes/magnum/-/issues/10
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/226[cern] Fix cern-chart cvmfs-csi values section name2023-01-31T08:47:14+01:00Ricardo Rocha[cern] Fix cern-chart cvmfs-csi values section nameR-2023-Q1-0Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/222drop logtostderr config option2023-01-31T21:42:33+01:00Ricardo Rochadrop logtostderr config optionThis option has been removed in 1.26.This option has been removed in 1.26.R-2023-Q1-0Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/225disable prometheus adapter when monitoring_enabled is false2023-01-31T22:06:40+01:00Diogo Filipe Tomas Guerradisable prometheus adapter when monitoring_enabled is falseFrom: https://cern.service-now.com/nav_to.do?uri=incident.do?sysparm_query=number=INC3365942%26sysparm_view=it_operations_management
Not sure we want to add this. When we where installing with magnum
the validation that monitoring_enabl...From: https://cern.service-now.com/nav_to.do?uri=incident.do?sysparm_query=number=INC3365942%26sysparm_view=it_operations_management
Not sure we want to add this. When we where installing with magnum
the validation that monitoring_enabled was true was happening when installing
the prometheus-adapter but not when we moved to helm.
There is a label for prometheus_adapter_enabled so maybe this is not usefull.R-2023-Q1-0Diogo Filipe Tomas GuerraDiogo Filipe Tomas Guerrahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/227[cern] set cern-magnum helm install timeout to 15m2023-02-01T11:57:24+01:00Ricardo Rocha[cern] set cern-magnum helm install timeout to 15mCloses #24.Closes #24.R-2023-Q1-0Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/223Fix cern enable autoscaler label not working2023-02-01T20:47:00+01:00Diogo Filipe Tomas GuerraFix cern enable autoscaler label not workingWhen the original commit by @stavros was merged into
cern/train we seem to have droped some configurations
and also, enabling the autoscaler in the cern-magnum
was not set. This patch fixes this issues
Closes: https://gitlab.cern.ch/kub...When the original commit by @stavros was merged into
cern/train we seem to have droped some configurations
and also, enabling the autoscaler in the cern-magnum
was not set. This patch fixes this issues
Closes: https://gitlab.cern.ch/kubernetes/magnum/-/issues/14
Change-Id: Ice5e597386e612ffed20091b79c5ca5e35737b74
EDIT: looks like the last push of this branch was not merged
into magnum and the original commit was what was merged, and
this is not working.
Closes: https://gitlab.cern.ch/kubernetes/magnum/-/issues/14Diogo Filipe Tomas GuerraDiogo Filipe Tomas Guerrahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/219[cern] Allow OS magnum admin to get cluster certificate2023-03-03T14:53:36+01:00Diogo Filipe Tomas Guerra[cern] Allow OS magnum admin to get cluster certificateCloses: https://gitlab.cern.ch/kubernetes/project/-/issues/153
Change-Id: Ibc02c96e94be33e4329fc71a382d3bb1e953f96bCloses: https://gitlab.cern.ch/kubernetes/project/-/issues/153
Change-Id: Ibc02c96e94be33e4329fc71a382d3bb1e953f96bR-2023-Q3-1Diogo Filipe Tomas GuerraDiogo Filipe Tomas Guerrahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/232move CI to magnum repo2023-03-20T08:40:52+01:00Ricardo Rochamove CI to magnum repoRicardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/230[cern] drop etcd load balancer2023-03-20T16:13:56+01:00Ricardo Rocha[cern] drop etcd load balancerR-2023-Q3-1Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/224integrate tn patches into main branch2023-06-05T15:12:24+02:00Ricardo Rochaintegrate tn patches into main branchThis should disable the discovery url and bootstrap a fresh etcd
staticallyThis should disable the discovery url and bootstrap a fresh etcd
staticallyR-2023-Q3-1Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/236[cern] Add support for arm64 builds2023-06-09T09:11:24+02:00Ricardo Rocha[cern] Add support for arm64 buildsThis works with docker buildx with --platform linux/amd64,linux/arm64
--build-arg v3.2.0 ...This works with docker buildx with --platform linux/amd64,linux/arm64
--build-arg v3.2.0 ...https://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/238[cern] move k8s-keystone-auth to helm2023-06-09T09:13:22+02:00Ricardo Rocha[cern] move k8s-keystone-auth to helmRicardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/231[cern] make helm client version configuration for cern-chart2023-06-09T17:32:25+02:00Ricardo Rocha[cern] make helm client version configuration for cern-chartR-2023-Q3-1Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/240[cern] Allow nodegroups with node_count equal to 02023-08-15T11:21:37+02:00Spyridon Trigazis[cern] Allow nodegroups with node_count equal to 0upstream: https://review.opendev.org/c/openstack/magnum/+/737580
This change allows users to create clusters and nodegroups with
node_count equal to 0. Also adds support for resizing existing
nodegroups to 0.
Change-Id: Id63459d0fe9836...upstream: https://review.opendev.org/c/openstack/magnum/+/737580
This change allows users to create clusters and nodegroups with
node_count equal to 0. Also adds support for resizing existing
nodegroups to 0.
Change-Id: Id63459d0fe9836e678bb7569f23d29eabc225e9e
story: 2007851
task: 40145
Signed-off-by: Diogo Guerra <diogo.filipe.tomas.guerra@cern.ch>Spyridon TrigazisDiana GaponcicSpyridon Trigazis