From 7d2a154e6c2a07dea231d16664b40b341cacd5d8 Mon Sep 17 00:00:00 2001
From: Spyros Trigazis <strigazi@gmail.com>
Date: Tue, 12 May 2020 11:36:49 +0000
Subject: [PATCH 1/5] [cern] Update nginx-ingress to v1.36.3 and 0.32.0 tag

upstream https://review.opendev.org/#/c/727162

* remove user since it is controlled in the chart
  and changed from 33 to 101
* use the latest chart v1.36.3 from stable
* use latest 0.32.0 controller image

story: 2006945
task: 39747

Change-Id: I6df49929cb8890f534afde185d56b7b6d70c691e
Signed-off-by: Spyros Trigazis <strigazi@gmail.com>
---
 doc/source/user/index.rst                       | 17 +++++++++++++++--
 .../templates/kubernetes/helm/ingress-nginx.sh  |  2 +-
 .../templates/kubecluster.yaml                  |  4 ++--
 .../templates/kubecluster.yaml                  |  4 ++--
 4 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/doc/source/user/index.rst b/doc/source/user/index.rst
index a2d6340e7..be8b83ce1 100644
--- a/doc/source/user/index.rst
+++ b/doc/source/user/index.rst
@@ -390,6 +390,8 @@ the table are linked to more details elsewhere in the user guide.
 +---------------------------------------+--------------------+---------------+
 | `nginx_ingress_controller_tag`_       | see below          | see below     |
 +---------------------------------------+--------------------+---------------+
+| `nginx_ingress_controller_chart_tag`_ | see below          | see below     |
++---------------------------------------+--------------------+---------------+
 | `kubelet_options`_                    | extra kubelet args | ""            |
 +---------------------------------------+--------------------+---------------+
 | `kubeapi_options`_                    | extra kubeapi args | ""            |
@@ -1564,10 +1566,21 @@ _`octavia_ingress_controller_tag`
   The image tag for octavia-ingress-controller. Train-default: v1.15.0
 
 _`nginx_ingress_controller_tag`
-  The image tag for nginx-ingress-controller. Stein-default: 0.23.0
+  The image tag for nginx-ingress-controller.
+  Stein-default: 0.23.0
+  Train-default: 0.26.1
+  Ussuru-default: 0.26.1
+  Victoria-default: 0.32.0
+
+_`nginx_ingress_controller_chart_tag`
+  The chart version for nginx-ingress-controller.
+  Train-default: v1.24.7
+  Ussuru-default: v1.24.7
+  Victoria-default: v1.36.3
 
 _`traefik_ingress_controller_tag`
-  The image tag for traefik_ingress_controller_tag. Stein-default: v1.7.10
+  The image tag for traefik_ingress_controller_tag.
+  Stein-default: v1.7.10
 
 DNS
 ---
diff --git a/magnum/drivers/common/templates/kubernetes/helm/ingress-nginx.sh b/magnum/drivers/common/templates/kubernetes/helm/ingress-nginx.sh
index 089166df4..03c71a26f 100755
--- a/magnum/drivers/common/templates/kubernetes/helm/ingress-nginx.sh
+++ b/magnum/drivers/common/templates/kubernetes/helm/ingress-nginx.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 
+set +x
 . /etc/sysconfig/heat-params
 
 set -ex
@@ -55,7 +56,6 @@ data:
         repository: ${CONTAINER_INFRA_PREFIX:-quay.io/kubernetes-ingress-controller/}nginx-ingress-controller
         tag: ${NGINX_INGRESS_CONTROLLER_TAG}
         pullPolicy: IfNotPresent
-        runAsUser: 33
       config: {}
       headers: {}
       hostNetwork: true
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
index 6042b64b3..16742c360 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
@@ -898,12 +898,12 @@ parameters:
   nginx_ingress_controller_tag:
     type: string
     description: nginx ingress controller docker image tag
-    default: 0.26.1
+    default: 0.32.0
 
   nginx_ingress_controller_chart_tag:
     type: string
     description: nginx ingress controller helm chart tag
-    default: v1.24.7
+    default: v1.36.3
 
   draino_tag:
     type: string
diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
index f59764221..c5594b4e3 100644
--- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
@@ -898,12 +898,12 @@ parameters:
   nginx_ingress_controller_tag:
     type: string
     description: nginx ingress controller docker image tag
-    default: 0.26.1
+    default: 0.32.0
 
   nginx_ingress_controller_chart_tag:
     type: string
     description: nginx ingress controller helm chart tag
-    default: v1.24.7
+    default: v1.36.3
 
   draino_tag:
     type: string
-- 
GitLab


From 3cbc0377a1709721ae138b632d1e010d7c883cc3 Mon Sep 17 00:00:00 2001
From: Diogo Guerra <dy090.guerra@gmail.com>
Date: Tue, 12 May 2020 15:58:42 +0200
Subject: [PATCH 2/5] [cern] Move helm components from src to umbrella chart

With the usage of cern-chart we will move helm installed components from the magnum src code to the umbrella chart.
* fluentd helm based installation for central logging
* landb-sync
* prometheus-cern for  central monitoring

Change-Id: Ia3ec6d00a0a90da4b94b9e290bd0b1573bd42cf7
---
 .../helm/cern-central-monitoring-logging.sh   |  3 ++-
 .../templates/kubernetes/helm/cern-chart.sh   | 26 +++++++++++++++++++
 .../kubernetes/helm/cern-prometheus-rules.sh  |  3 ++-
 .../templates/kubernetes/helm/landb-sync.sh   |  3 ++-
 4 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/magnum/drivers/common/templates/kubernetes/helm/cern-central-monitoring-logging.sh b/magnum/drivers/common/templates/kubernetes/helm/cern-central-monitoring-logging.sh
index 02d356f98..018144a5b 100644
--- a/magnum/drivers/common/templates/kubernetes/helm/cern-central-monitoring-logging.sh
+++ b/magnum/drivers/common/templates/kubernetes/helm/cern-central-monitoring-logging.sh
@@ -12,7 +12,8 @@ printf "Starting to run ${step}\n"
 CHART_NAME="fluentd"
 
 # Check if prometheus monitoring is enabled and if user specified a METRICS_PRODUCER
-if [ "$(echo ${LOGGING_INSTALLER} | tr '[:upper:]' '[:lower:]')" = "helm" ] && \
+if [ "$(echo ${CERN_CHART_ENABLED} | tr '[:upper:]' '[:lower:]')" != "true" ] && \
+   [ "$(echo ${LOGGING_INSTALLER} | tr '[:upper:]' '[:lower:]')" = "helm" ] && \
    [ ! -z "${LOGGING_PRODUCER}" ]; then
     HELM_MODULE_CONFIG_FILE="/srv/magnum/kubernetes/helm/${CHART_NAME}.yaml"
     [ -f ${HELM_MODULE_CONFIG_FILE} ] || {
diff --git a/magnum/drivers/common/templates/kubernetes/helm/cern-chart.sh b/magnum/drivers/common/templates/kubernetes/helm/cern-chart.sh
index 8683e0c0a..c6787c657 100644
--- a/magnum/drivers/common/templates/kubernetes/helm/cern-chart.sh
+++ b/magnum/drivers/common/templates/kubernetes/helm/cern-chart.sh
@@ -7,6 +7,22 @@ set -ex
 step="cern-chart"
 printf "Starting to run ${step}\n"
 
+### Configure installation dependencies
+###############################################################################
+if [ "$(echo ${MONITORING_ENABLED} | tr '[:upper:]' '[:lower:]')" = "true" ] && \
+   [ "$(echo ${METRICS_PRODUCER})" != "" ]; then
+    CERN_CENTRAL_MONITORING="true"
+else
+    CERN_CENTRAL_MONITORING="false"
+fi
+
+if [ "$(echo ${LOGGING_INSTALLER} | tr '[:upper:]' '[:lower:]')" = "helm" ] && \
+   [ ! -z "${LOGGING_PRODUCER}" ]; then
+    CERN_CENTRAL_LOGGING="true"
+else
+    CERN_CENTRAL_LOGGING="false"
+fi
+
 ### Configuration
 ###############################################################################
 CHART_NAME="cern-magnum"
@@ -52,6 +68,16 @@ data:
       enabled: ${EOS_ENABLED}
     nvidia-gpu:
       enabled: ${NVIDIA_GPU_ENABLED}
+    fluentd:
+      enabled: ${CERN_CENTRAL_LOGGING}
+      output:
+        producer: ${LOGGING_PRODUCER}
+        endpoint: ${LOGGING_HTTP_DESTINATION}
+        includeInternal: ${LOGGING_INCLUDE_INTERNAL}
+    landb-sync:
+      enabled: ${LANDB_SYNC_ENABLED}
+    prometheus-cern:
+      enabled: ${CERN_CENTRAL_MONITORING}
 
 ---
 
diff --git a/magnum/drivers/common/templates/kubernetes/helm/cern-prometheus-rules.sh b/magnum/drivers/common/templates/kubernetes/helm/cern-prometheus-rules.sh
index 5705e4e0c..b59c080a0 100644
--- a/magnum/drivers/common/templates/kubernetes/helm/cern-prometheus-rules.sh
+++ b/magnum/drivers/common/templates/kubernetes/helm/cern-prometheus-rules.sh
@@ -13,7 +13,8 @@ CHART_NAME="prometheus-cern"
 CHART_VERSION=${METRICS_PRODUCER_VERSION}
 
 # Check if prometheus monitoring is enabled and if user specified a METRICS_PRODUCER
-if [ "$(echo ${MONITORING_ENABLED} | tr '[:upper:]' '[:lower:]')" = "true" ] && \
+if [ "$(echo ${CERN_CHART_ENABLED} | tr '[:upper:]' '[:lower:]')" != "true" ] && \
+   [ "$(echo ${MONITORING_ENABLED} | tr '[:upper:]' '[:lower:]')" = "true" ] && \
    [ "$(echo ${METRICS_PRODUCER})" != "" ]; then
     HELM_MODULE_CONFIG_FILE="/srv/magnum/kubernetes/helm/${CHART_NAME}.yaml"
     [ -f ${HELM_MODULE_CONFIG_FILE} ] || {
diff --git a/magnum/drivers/common/templates/kubernetes/helm/landb-sync.sh b/magnum/drivers/common/templates/kubernetes/helm/landb-sync.sh
index 857c2d126..595d08dca 100644
--- a/magnum/drivers/common/templates/kubernetes/helm/landb-sync.sh
+++ b/magnum/drivers/common/templates/kubernetes/helm/landb-sync.sh
@@ -11,7 +11,8 @@ printf "Starting to run ${step}\n"
 ###############################################################################
 CHART_NAME="landb-sync"
 
-if [ "$(echo ${LANDB_SYNC_ENABLED} | tr '[:upper:]' '[:lower:]')" = "true" ]; then
+if [ "$(echo ${CERN_CHART_ENABLED} | tr '[:upper:]' '[:lower:]')" != "true" ] && \
+   [ "$(echo ${LANDB_SYNC_ENABLED} | tr '[:upper:]' '[:lower:]')" = "true" ]; then
 
 HELM_MODULE_CONFIG_FILE="/srv/magnum/kubernetes/helm/${CHART_NAME}.yaml"
 [ -f ${HELM_MODULE_CONFIG_FILE} ] || {
-- 
GitLab


From c192227ae812eb6b5384685a0d2907c3a4d0c7b0 Mon Sep 17 00:00:00 2001
From: Ricardo Rocha <rocha.porto@gmail.com>
Date: Wed, 27 May 2020 23:43:04 +0200
Subject: [PATCH 3/5] [cern] Set csi provisioner replicas to 1

---
 .../common/templates/kubernetes/fragments/cephfs-csi-1x.sh      | 2 +-
 .../common/templates/kubernetes/fragments/cvmfs-csi-1x.sh       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/magnum/drivers/common/templates/kubernetes/fragments/cephfs-csi-1x.sh b/magnum/drivers/common/templates/kubernetes/fragments/cephfs-csi-1x.sh
index c28e19ecd..1eb03e741 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/cephfs-csi-1x.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/cephfs-csi-1x.sh
@@ -349,7 +349,7 @@ spec:
   selector:
     matchLabels:
       app: csi-cephfsplugin-provisioner
-  replicas: 3
+  replicas: 1
   template:
     metadata:
       labels:
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/cvmfs-csi-1x.sh b/magnum/drivers/common/templates/kubernetes/fragments/cvmfs-csi-1x.sh
index 4cadca66c..736eabd90 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/cvmfs-csi-1x.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/cvmfs-csi-1x.sh
@@ -404,7 +404,7 @@ spec:
   selector:
     matchLabels:
       app: csi-cvmfsplugin-provisioner
-  replicas: 3
+  replicas: 1
   template:
     metadata:
       labels:
-- 
GitLab


From a1fd6ecd7bcfea22254a651d7e0adc08dd91a1ff Mon Sep 17 00:00:00 2001
From: Ricardo Rocha <rocha.porto@gmail.com>
Date: Wed, 27 May 2020 23:54:04 +0200
Subject: [PATCH 4/5] [cern] Set network-id, cascade in lbaas config

---
 .../templates/kubernetes/fragments/write-kube-os-config.sh   | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-kube-os-config.sh b/magnum/drivers/common/templates/kubernetes/fragments/write-kube-os-config.sh
index 39b91ac4f..869f0ec20 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/write-kube-os-config.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/write-kube-os-config.sh
@@ -21,8 +21,9 @@ trust-id=$TRUST_ID
 ca-file=/etc/kubernetes/ca-bundle.crt
 [LoadBalancer]
 use-octavia=$OCTAVIA_ENABLED
-subnet-id=$CLUSTER_SUBNET
-floating-network-id=$EXTERNAL_NETWORK_ID
+network-id=$EXTERNAL_NETWORK_ID
+internal-lb=True
+cascade-delete=False
 create-monitor=yes
 monitor-delay=1m
 monitor-timeout=30s
-- 
GitLab


From a42e80163f8be518c3885a5703cf3d3c4aa1ec96 Mon Sep 17 00:00:00 2001
From: Ricardo Rocha <rocha.porto@gmail.com>
Date: Wed, 27 May 2020 23:48:32 +0200
Subject: [PATCH 5/5] [cern] Use public-subnet-2 for lbaas instances

---
 .../drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
index c5594b4e3..b455b46fd 100644
--- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
@@ -1015,7 +1015,7 @@ resources:
     condition: create_cluster_resources
     type: ../../common/templates/lb_api.yaml
     properties:
-      fixed_subnet: "public-subnet-1"
+      fixed_subnet: "public-subnet-2"
       external_network: {get_param: external_network}
       protocol: {get_param: loadbalancing_protocol}
       port: {get_param: kubernetes_port}
@@ -1024,7 +1024,7 @@ resources:
     condition: create_cluster_resources
     type: ../../common/templates/lb_etcd.yaml
     properties:
-      fixed_subnet: "public-subnet-1"
+      fixed_subnet: "public-subnet-2"
       protocol: {get_param: loadbalancing_protocol}
       port: 2379
 
-- 
GitLab