From 7d2a154e6c2a07dea231d16664b40b341cacd5d8 Mon Sep 17 00:00:00 2001
From: Spyros Trigazis <strigazi@gmail.com>
Date: Tue, 12 May 2020 11:36:49 +0000
Subject: [PATCH 1/5] [cern] Update nginx-ingress to v1.36.3 and 0.32.0 tag
upstream https://review.opendev.org/#/c/727162
* remove user since it is controlled in the chart
and changed from 33 to 101
* use the latest chart v1.36.3 from stable
* use latest 0.32.0 controller image
story: 2006945
task: 39747
Change-Id: I6df49929cb8890f534afde185d56b7b6d70c691e
Signed-off-by: Spyros Trigazis <strigazi@gmail.com>
---
doc/source/user/index.rst | 17 +++++++++++++++--
.../templates/kubernetes/helm/ingress-nginx.sh | 2 +-
.../templates/kubecluster.yaml | 4 ++--
.../templates/kubecluster.yaml | 4 ++--
4 files changed, 20 insertions(+), 7 deletions(-)
diff --git a/doc/source/user/index.rst b/doc/source/user/index.rst
index a2d6340e7..be8b83ce1 100644
--- a/doc/source/user/index.rst
+++ b/doc/source/user/index.rst
@@ -390,6 +390,8 @@ the table are linked to more details elsewhere in the user guide.
+---------------------------------------+--------------------+---------------+
| `nginx_ingress_controller_tag`_ | see below | see below |
+---------------------------------------+--------------------+---------------+
+| `nginx_ingress_controller_chart_tag`_ | see below | see below |
++---------------------------------------+--------------------+---------------+
| `kubelet_options`_ | extra kubelet args | "" |
+---------------------------------------+--------------------+---------------+
| `kubeapi_options`_ | extra kubeapi args | "" |
@@ -1564,10 +1566,21 @@ _`octavia_ingress_controller_tag`
The image tag for octavia-ingress-controller. Train-default: v1.15.0
_`nginx_ingress_controller_tag`
- The image tag for nginx-ingress-controller. Stein-default: 0.23.0
+ The image tag for nginx-ingress-controller.
+ Stein-default: 0.23.0
+ Train-default: 0.26.1
+ Ussuru-default: 0.26.1
+ Victoria-default: 0.32.0
+
+_`nginx_ingress_controller_chart_tag`
+ The chart version for nginx-ingress-controller.
+ Train-default: v1.24.7
+ Ussuru-default: v1.24.7
+ Victoria-default: v1.36.3
_`traefik_ingress_controller_tag`
- The image tag for traefik_ingress_controller_tag. Stein-default: v1.7.10
+ The image tag for traefik_ingress_controller_tag.
+ Stein-default: v1.7.10
DNS
---
diff --git a/magnum/drivers/common/templates/kubernetes/helm/ingress-nginx.sh b/magnum/drivers/common/templates/kubernetes/helm/ingress-nginx.sh
index 089166df4..03c71a26f 100755
--- a/magnum/drivers/common/templates/kubernetes/helm/ingress-nginx.sh
+++ b/magnum/drivers/common/templates/kubernetes/helm/ingress-nginx.sh
@@ -1,5 +1,6 @@
#!/bin/bash
+set +x
. /etc/sysconfig/heat-params
set -ex
@@ -55,7 +56,6 @@ data:
repository: ${CONTAINER_INFRA_PREFIX:-quay.io/kubernetes-ingress-controller/}nginx-ingress-controller
tag: ${NGINX_INGRESS_CONTROLLER_TAG}
pullPolicy: IfNotPresent
- runAsUser: 33
config: {}
headers: {}
hostNetwork: true
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
index 6042b64b3..16742c360 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
@@ -898,12 +898,12 @@ parameters:
nginx_ingress_controller_tag:
type: string
description: nginx ingress controller docker image tag
- default: 0.26.1
+ default: 0.32.0
nginx_ingress_controller_chart_tag:
type: string
description: nginx ingress controller helm chart tag
- default: v1.24.7
+ default: v1.36.3
draino_tag:
type: string
diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
index f59764221..c5594b4e3 100644
--- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
@@ -898,12 +898,12 @@ parameters:
nginx_ingress_controller_tag:
type: string
description: nginx ingress controller docker image tag
- default: 0.26.1
+ default: 0.32.0
nginx_ingress_controller_chart_tag:
type: string
description: nginx ingress controller helm chart tag
- default: v1.24.7
+ default: v1.36.3
draino_tag:
type: string
--
GitLab
From 3cbc0377a1709721ae138b632d1e010d7c883cc3 Mon Sep 17 00:00:00 2001
From: Diogo Guerra <dy090.guerra@gmail.com>
Date: Tue, 12 May 2020 15:58:42 +0200
Subject: [PATCH 2/5] [cern] Move helm components from src to umbrella chart
With the usage of cern-chart we will move helm installed components from the magnum src code to the umbrella chart.
* fluentd helm based installation for central logging
* landb-sync
* prometheus-cern for central monitoring
Change-Id: Ia3ec6d00a0a90da4b94b9e290bd0b1573bd42cf7
---
.../helm/cern-central-monitoring-logging.sh | 3 ++-
.../templates/kubernetes/helm/cern-chart.sh | 26 +++++++++++++++++++
.../kubernetes/helm/cern-prometheus-rules.sh | 3 ++-
.../templates/kubernetes/helm/landb-sync.sh | 3 ++-
4 files changed, 32 insertions(+), 3 deletions(-)
diff --git a/magnum/drivers/common/templates/kubernetes/helm/cern-central-monitoring-logging.sh b/magnum/drivers/common/templates/kubernetes/helm/cern-central-monitoring-logging.sh
index 02d356f98..018144a5b 100644
--- a/magnum/drivers/common/templates/kubernetes/helm/cern-central-monitoring-logging.sh
+++ b/magnum/drivers/common/templates/kubernetes/helm/cern-central-monitoring-logging.sh
@@ -12,7 +12,8 @@ printf "Starting to run ${step}\n"
CHART_NAME="fluentd"
# Check if prometheus monitoring is enabled and if user specified a METRICS_PRODUCER
-if [ "$(echo ${LOGGING_INSTALLER} | tr '[:upper:]' '[:lower:]')" = "helm" ] && \
+if [ "$(echo ${CERN_CHART_ENABLED} | tr '[:upper:]' '[:lower:]')" != "true" ] && \
+ [ "$(echo ${LOGGING_INSTALLER} | tr '[:upper:]' '[:lower:]')" = "helm" ] && \
[ ! -z "${LOGGING_PRODUCER}" ]; then
HELM_MODULE_CONFIG_FILE="/srv/magnum/kubernetes/helm/${CHART_NAME}.yaml"
[ -f ${HELM_MODULE_CONFIG_FILE} ] || {
diff --git a/magnum/drivers/common/templates/kubernetes/helm/cern-chart.sh b/magnum/drivers/common/templates/kubernetes/helm/cern-chart.sh
index 8683e0c0a..c6787c657 100644
--- a/magnum/drivers/common/templates/kubernetes/helm/cern-chart.sh
+++ b/magnum/drivers/common/templates/kubernetes/helm/cern-chart.sh
@@ -7,6 +7,22 @@ set -ex
step="cern-chart"
printf "Starting to run ${step}\n"
+### Configure installation dependencies
+###############################################################################
+if [ "$(echo ${MONITORING_ENABLED} | tr '[:upper:]' '[:lower:]')" = "true" ] && \
+ [ "$(echo ${METRICS_PRODUCER})" != "" ]; then
+ CERN_CENTRAL_MONITORING="true"
+else
+ CERN_CENTRAL_MONITORING="false"
+fi
+
+if [ "$(echo ${LOGGING_INSTALLER} | tr '[:upper:]' '[:lower:]')" = "helm" ] && \
+ [ ! -z "${LOGGING_PRODUCER}" ]; then
+ CERN_CENTRAL_LOGGING="true"
+else
+ CERN_CENTRAL_LOGGING="false"
+fi
+
### Configuration
###############################################################################
CHART_NAME="cern-magnum"
@@ -52,6 +68,16 @@ data:
enabled: ${EOS_ENABLED}
nvidia-gpu:
enabled: ${NVIDIA_GPU_ENABLED}
+ fluentd:
+ enabled: ${CERN_CENTRAL_LOGGING}
+ output:
+ producer: ${LOGGING_PRODUCER}
+ endpoint: ${LOGGING_HTTP_DESTINATION}
+ includeInternal: ${LOGGING_INCLUDE_INTERNAL}
+ landb-sync:
+ enabled: ${LANDB_SYNC_ENABLED}
+ prometheus-cern:
+ enabled: ${CERN_CENTRAL_MONITORING}
---
diff --git a/magnum/drivers/common/templates/kubernetes/helm/cern-prometheus-rules.sh b/magnum/drivers/common/templates/kubernetes/helm/cern-prometheus-rules.sh
index 5705e4e0c..b59c080a0 100644
--- a/magnum/drivers/common/templates/kubernetes/helm/cern-prometheus-rules.sh
+++ b/magnum/drivers/common/templates/kubernetes/helm/cern-prometheus-rules.sh
@@ -13,7 +13,8 @@ CHART_NAME="prometheus-cern"
CHART_VERSION=${METRICS_PRODUCER_VERSION}
# Check if prometheus monitoring is enabled and if user specified a METRICS_PRODUCER
-if [ "$(echo ${MONITORING_ENABLED} | tr '[:upper:]' '[:lower:]')" = "true" ] && \
+if [ "$(echo ${CERN_CHART_ENABLED} | tr '[:upper:]' '[:lower:]')" != "true" ] && \
+ [ "$(echo ${MONITORING_ENABLED} | tr '[:upper:]' '[:lower:]')" = "true" ] && \
[ "$(echo ${METRICS_PRODUCER})" != "" ]; then
HELM_MODULE_CONFIG_FILE="/srv/magnum/kubernetes/helm/${CHART_NAME}.yaml"
[ -f ${HELM_MODULE_CONFIG_FILE} ] || {
diff --git a/magnum/drivers/common/templates/kubernetes/helm/landb-sync.sh b/magnum/drivers/common/templates/kubernetes/helm/landb-sync.sh
index 857c2d126..595d08dca 100644
--- a/magnum/drivers/common/templates/kubernetes/helm/landb-sync.sh
+++ b/magnum/drivers/common/templates/kubernetes/helm/landb-sync.sh
@@ -11,7 +11,8 @@ printf "Starting to run ${step}\n"
###############################################################################
CHART_NAME="landb-sync"
-if [ "$(echo ${LANDB_SYNC_ENABLED} | tr '[:upper:]' '[:lower:]')" = "true" ]; then
+if [ "$(echo ${CERN_CHART_ENABLED} | tr '[:upper:]' '[:lower:]')" != "true" ] && \
+ [ "$(echo ${LANDB_SYNC_ENABLED} | tr '[:upper:]' '[:lower:]')" = "true" ]; then
HELM_MODULE_CONFIG_FILE="/srv/magnum/kubernetes/helm/${CHART_NAME}.yaml"
[ -f ${HELM_MODULE_CONFIG_FILE} ] || {
--
GitLab
From c192227ae812eb6b5384685a0d2907c3a4d0c7b0 Mon Sep 17 00:00:00 2001
From: Ricardo Rocha <rocha.porto@gmail.com>
Date: Wed, 27 May 2020 23:43:04 +0200
Subject: [PATCH 3/5] [cern] Set csi provisioner replicas to 1
---
.../common/templates/kubernetes/fragments/cephfs-csi-1x.sh | 2 +-
.../common/templates/kubernetes/fragments/cvmfs-csi-1x.sh | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/cephfs-csi-1x.sh b/magnum/drivers/common/templates/kubernetes/fragments/cephfs-csi-1x.sh
index c28e19ecd..1eb03e741 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/cephfs-csi-1x.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/cephfs-csi-1x.sh
@@ -349,7 +349,7 @@ spec:
selector:
matchLabels:
app: csi-cephfsplugin-provisioner
- replicas: 3
+ replicas: 1
template:
metadata:
labels:
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/cvmfs-csi-1x.sh b/magnum/drivers/common/templates/kubernetes/fragments/cvmfs-csi-1x.sh
index 4cadca66c..736eabd90 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/cvmfs-csi-1x.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/cvmfs-csi-1x.sh
@@ -404,7 +404,7 @@ spec:
selector:
matchLabels:
app: csi-cvmfsplugin-provisioner
- replicas: 3
+ replicas: 1
template:
metadata:
labels:
--
GitLab
From a1fd6ecd7bcfea22254a651d7e0adc08dd91a1ff Mon Sep 17 00:00:00 2001
From: Ricardo Rocha <rocha.porto@gmail.com>
Date: Wed, 27 May 2020 23:54:04 +0200
Subject: [PATCH 4/5] [cern] Set network-id, cascade in lbaas config
---
.../templates/kubernetes/fragments/write-kube-os-config.sh | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-kube-os-config.sh b/magnum/drivers/common/templates/kubernetes/fragments/write-kube-os-config.sh
index 39b91ac4f..869f0ec20 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/write-kube-os-config.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/write-kube-os-config.sh
@@ -21,8 +21,9 @@ trust-id=$TRUST_ID
ca-file=/etc/kubernetes/ca-bundle.crt
[LoadBalancer]
use-octavia=$OCTAVIA_ENABLED
-subnet-id=$CLUSTER_SUBNET
-floating-network-id=$EXTERNAL_NETWORK_ID
+network-id=$EXTERNAL_NETWORK_ID
+internal-lb=True
+cascade-delete=False
create-monitor=yes
monitor-delay=1m
monitor-timeout=30s
--
GitLab
From a42e80163f8be518c3885a5703cf3d3c4aa1ec96 Mon Sep 17 00:00:00 2001
From: Ricardo Rocha <rocha.porto@gmail.com>
Date: Wed, 27 May 2020 23:48:32 +0200
Subject: [PATCH 5/5] [cern] Use public-subnet-2 for lbaas instances
---
.../drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
index c5594b4e3..b455b46fd 100644
--- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
@@ -1015,7 +1015,7 @@ resources:
condition: create_cluster_resources
type: ../../common/templates/lb_api.yaml
properties:
- fixed_subnet: "public-subnet-1"
+ fixed_subnet: "public-subnet-2"
external_network: {get_param: external_network}
protocol: {get_param: loadbalancing_protocol}
port: {get_param: kubernetes_port}
@@ -1024,7 +1024,7 @@ resources:
condition: create_cluster_resources
type: ../../common/templates/lb_etcd.yaml
properties:
- fixed_subnet: "public-subnet-1"
+ fixed_subnet: "public-subnet-2"
protocol: {get_param: loadbalancing_protocol}
port: 2379
--
GitLab