magnum merge requestshttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests2016-12-16T15:51:56+01:00https://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/2Cern newton allpatches2016-12-16T15:51:56+01:00Ricardo RochaCern newton allpatchesSpyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/3[cern] [k8s_fedora_atomic] Enable TLS in Etcd cluster2016-12-20T14:52:39+01:00Ricardo Rocha[cern] [k8s_fedora_atomic] Enable TLS in Etcd clusterCherry-pick: https://review.openstack.org/#/c/407374/
With this patch following are done:-
- Configure Etcd with TLS support
Configure Following to commuicate with TLS enabled Etcd:-
- Flannel
Etcd also listens at http://127.0.0.1:237...Cherry-pick: https://review.openstack.org/#/c/407374/
With this patch following are done:-
- Configure Etcd with TLS support
Configure Following to commuicate with TLS enabled Etcd:-
- Flannel
Etcd also listens at http://127.0.0.1:2379, so on master nodes
etcdctl and kube apiserver can communicate without using
certificates.
if TLS_DISABLED="True" then TLS is not enabled for etcd.
Change-Id: I2147b67c4e346a4415e1f76c19ac68e94cb0a0fa
Partially-Implements: blueprint secure-etcd-cluster-coe
Conflicts:
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
magnum/drivers/common/templates/kubernetes/fragments/network-config-service.shRicardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/4OS-3825: add cvmfs container configuration2017-01-23T19:05:05+01:00Ricardo RochaOS-3825: add cvmfs container configurationadd systemd setup to configure cvmfs via docker-volume-cvmfs.
add new labels to configure cvmfs:
* cvmfs_enabled: if cvmfs configuration should be done (default true)
* cvmfs_tag: which docker-volume-cvmfs tag to use (default latest...add systemd setup to configure cvmfs via docker-volume-cvmfs.
add new labels to configure cvmfs:
* cvmfs_enabled: if cvmfs configuration should be done (default true)
* cvmfs_tag: which docker-volume-cvmfs tag to use (default latest)
Closes #3825Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/6[cern] restart kubelet after setting up cvmfs plugin2017-01-25T08:56:34+01:00Ricardo Rocha[cern] restart kubelet after setting up cvmfs pluginit seems the kubelet looks for new plugins when started, so we need to
restart the kubelet after copying the cvmfs binary to its destination.it seems the kubelet looks for new plugins when started, so we need to
restart the kubelet after copying the cvmfs binary to its destination.Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/8[cern] K8S: Allows to specify admission control plugins to enable2017-02-06T11:25:24+01:00Ricardo Rocha[cern] K8S: Allows to specify admission control plugins to enableFixes #OS-3736.
Cherry-pick: https://review.openstack.org/#/c/405374/
If nothing is specified a set of recommended default plugins is used,
which includes the ServiceAccount one.
Change-Id: I1383aae09ba68f8e83b07e3eaae40ab071f7be94
Cl...Fixes #OS-3736.
Cherry-pick: https://review.openstack.org/#/c/405374/
If nothing is specified a set of recommended default plugins is used,
which includes the ServiceAccount one.
Change-Id: I1383aae09ba68f8e83b07e3eaae40ab071f7be94
Closes-Bug: #1646489
Conflicts:
doc/source/userguide.rst
magnum/drivers/common/k8s_template_def.py
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml
magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml
magnum/tests/functional/k8s/test_k8s_python_client.py
magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py
magnum/tests/unit/drivers/test_template_definition.py
Closes #3736Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/9Resolve External Issue 30982017-02-15T17:17:27+01:00Ricardo RochaResolve External Issue 3098Closes #3098Closes #3098Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/11[cern] Fix docker-storage configuration2017-03-02T15:52:15+01:00Spyridon Trigazis[cern] Fix docker-storage configurationCherry-pick from [1] for file:
magnum/drivers/common/templates/fragments/configure_docker_storage_driver_atomic.sh
Revert changes in:
magnum/drivers/common/templates/fragments/configure-docker-storage.sh
magnum/drivers/common/templates/f...Cherry-pick from [1] for file:
magnum/drivers/common/templates/fragments/configure_docker_storage_driver_atomic.sh
Revert changes in:
magnum/drivers/common/templates/fragments/configure-docker-storage.sh
magnum/drivers/common/templates/fragments/configure-cvmfs.sh
Related-Ticket: OS-4106
[1] https://review.openstack.org/#/c/417457/Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/13[cern] Make werkzeug log the client IP when using proxy2017-03-02T16:02:28+01:00Ricardo Rocha[cern] Make werkzeug log the client IP when using proxyCherry-pick: https://review.openstack.org/#/c/437031/
By default werkzeug is taking the REMOTE_ADDR as the client IP, which
gives the proxy IP when using a reverse proxy. Check for the
X-Forwarded-For header and also log that IP when it...Cherry-pick: https://review.openstack.org/#/c/437031/
By default werkzeug is taking the REMOTE_ADDR as the client IP, which
gives the proxy IP when using a reverse proxy. Check for the
X-Forwarded-For header and also log that IP when it's available.
Werkzeug has a ProxyIP fixer which does something similar changing the
REMOTE_ADDR env var, but this is not used for logging.
Change-Id: Ib61bd9ac6767f67f06c7e7a3158be959f9a898d3
Closes-Bug: #1666943
Conflicts:
magnum/cmd/api.py
Closes #4147Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/12[cern] fix for k8s admission control list2017-03-02T16:14:16+01:00Ricardo Rocha[cern] fix for k8s admission control listSupport for Kubernetes admission control list was added in commit
0eb969073e8c14fe7920f7fb29e1d5974608879f, but we missed the update of
the heat params .sh file in the master.
The .sh file only exists at CERN (not upstream), so the cher...Support for Kubernetes admission control list was added in commit
0eb969073e8c14fe7920f7fb29e1d5974608879f, but we missed the update of
the heat params .sh file in the master.
The .sh file only exists at CERN (not upstream), so the cherry-pick
wasn't enough.Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/14[cern] Update k8s to 1.5.22017-03-02T16:26:53+01:00Spyridon Trigazis[cern] Update k8s to 1.5.2Following up the cherry-pick for k8s 1.4.7 [1] and fix for
docker-storage-setup [2], update k8s version to 1.5.2.
[1] https://gitlab.cern.ch/cloud-infrastructure/magnum/commit/280096fce4053579b4baf1c4808a6aecd95af054
[2] https://gitlab....Following up the cherry-pick for k8s 1.4.7 [1] and fix for
docker-storage-setup [2], update k8s version to 1.5.2.
[1] https://gitlab.cern.ch/cloud-infrastructure/magnum/commit/280096fce4053579b4baf1c4808a6aecd95af054
[2] https://gitlab.cern.ch/cloud-infrastructure/magnum/commit/eb5cd5186fcbb9a7e505c2a40e09bcd25b242e0cRicardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/15[cern] Missing root-ca-file parameter for proper service account support2017-03-02T16:34:01+01:00Spyridon Trigazis[cern] Missing root-ca-file parameter for proper service account supportcherry-pick: https://review.openstack.org/#/c/436558/
Change-Id: I8d581b1fbffdb4b8bc64457da6faae6d45dfc594
Closes-Bug: 1666599cherry-pick: https://review.openstack.org/#/c/436558/
Change-Id: I8d581b1fbffdb4b8bc64457da6faae6d45dfc594
Closes-Bug: 1666599Ricardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/16[cern] Add Kubernetes API Service IP to x509 certificates2017-03-02T16:48:43+01:00Ricardo Rocha[cern] Add Kubernetes API Service IP to x509 certificatesCherry-pick: https://review.openstack.org/#/c/436037
By default, API service with service account is accessible from inside
the cluster at the address 10.254.0.1. This IP should be added to SANS
when generating the certs.
Fixes-bug: #1...Cherry-pick: https://review.openstack.org/#/c/436037
By default, API service with service account is accessible from inside
the cluster at the address 10.254.0.1. This IP should be added to SANS
when generating the certs.
Fixes-bug: #1660811
Change-Id: I214b4296bea55bb0c4015165c56fbd8ca3cebd39
Conflicts:
magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml
Closes #4120Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/18Swarm mode cern newton2017-03-28T19:00:24+02:00Spyridon TrigazisSwarm mode cern newtonRicardo RochaRicardo Rochahttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/19OS-4374: set swarm mode osdistro to fedora-atomic2017-03-28T19:13:37+02:00Ricardo RochaOS-4374: set swarm mode osdistro to fedora-atomicUpstream name is fedora-atomic-swarm-mode to keep coe as swarm, but that
means having two similar images with different osdistros. Set it to
fedora-atomic in our setup as we don't care about legacy swarm anymore.
Closes #4374Upstream name is fedora-atomic-swarm-mode to keep coe as swarm, but that
means having two similar images with different osdistros. Set it to
fedora-atomic in our setup as we don't care about legacy swarm anymore.
Closes #4374Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/20[cern] enable cvmfs in swarm mode2017-04-03T09:04:36+02:00Ricardo Rocha[cern] enable cvmfs in swarm modesetup docker-volume-cvmfs in all nodes, including the master nodes.
swarm mode schedules services and containers in any of the manager or
workers, so we should enable it everywhere.
Closes #4411setup docker-volume-cvmfs in all nodes, including the master nodes.
swarm mode schedules services and containers in any of the manager or
workers, so we should enable it everywhere.
Closes #4411Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/21Fix usage of the trustee user in K8S Cinder plugin2017-04-07T10:38:41+02:00Ricardo RochaFix usage of the trustee user in K8S Cinder pluginCloses #3365Closes #3365Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/22[cern] [k8s] Monitoring with Prometheus and Grafana2017-04-11T14:59:19+02:00Ricardo Rocha[cern] [k8s] Monitoring with Prometheus and GrafanaCherry-pick: https://review.openstack.org/#/c/426291/
Profit from the default cAdvisor deployed by k8s to deploy the
remaining monitoring stack on top, made of node-exporter,
Prometheus and Grafana.
Node-exporter is ran as a normal pod...Cherry-pick: https://review.openstack.org/#/c/426291/
Profit from the default cAdvisor deployed by k8s to deploy the
remaining monitoring stack on top, made of node-exporter,
Prometheus and Grafana.
Node-exporter is ran as a normal pod through a manifest, while
Prometheus and Grafana are deployments with 1 replica.
Prometheus has compliance with Kubernetes, so the discovery of
the nodes and other k8s components is configured directly in
Prometheus configuration.
Change-Id: If2cab996b9458580a55b5212ab298c909622e7f3
Partially-Implements: blueprint container-monitoring
Conflicts:
magnum/drivers/common/k8s_template_def.py
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml
magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml
magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py
Closes #4373Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/23[cern] add missing cluster-dns minion config2017-05-03T16:13:57+02:00Ricardo Rocha[cern] add missing cluster-dns minion configdropped by mistake while cherry-picking with 60be1038dropped by mistake while cherry-picking with 60be1038Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/25OS-4178: add coredns to magnum kubernetes driver2017-05-30T23:12:41+02:00Ricardo RochaOS-4178: add coredns to magnum kubernetes driverdrop the existing implementation of kube-dns and add coredns instead.
configuration includes a cache layer with a default of 30 seconds
for all domains.
Closes #4178drop the existing implementation of kube-dns and add coredns instead.
configuration includes a cache layer with a default of 30 seconds
for all domains.
Closes #4178Spyridon TrigazisSpyridon Trigazishttps://gitlab.cern.ch/kubernetes/magnum/-/merge_requests/26[cern] drop k8s requirement on .sh file2017-06-23T11:18:12+02:00Ricardo Rocha[cern] drop k8s requirement on .sh fileRely purely on nova metadata to get the IP of the master VM and use that
IP for all subject alt name settings. Drop requirement on getting the ip
using a bash command.
Closes #4221Rely purely on nova metadata to get the IP of the master VM and use that
IP for all subject alt name settings. Drop requirement on getting the ip
using a bash command.
Closes #4221Spyridon TrigazisSpyridon Trigazis