The default behavior of crio service is `disable` if you install it with
devstack. So, kubelet cannot launch after rebooting a host because crio
isn't run on the host before. To fix the issue, enable crio in systemctl
while installing kubeadm.
Change-Id: Ic042494d1cd588fb2b06f7e1d5544206b20b5ad6
Signed-off-by: Yasufumi Ogawa <yasufum.o@gmail.com>
cri-o repository for centos need to be added in
/etc/yum.repos.d to successfully install cri-o on centos system.
Change-Id: I6b215cb0efb3c53e97a4a6605e94a262c0d04f25
k8s gate is still on focal, so patch which unblock the apparmor for
jammy does not affect it. Here is the fix for focal as well.
Change-Id: I2a9bc69a59e7d6d21d61e79115d5a3c726c73ab0
Kubernetes 1.19 is long gone over a year now. Current minimal supported
version is 1.23.x. It is also last version, which supports docker-shim.
In this patch we propose to bump the version of k8s to 1.23.16 and crio
to 1.23.
Change-Id: I822217e769cc5cd041032fb2302c3a9c130d11ff
Last year, kubernetes community has made a move from k8s.gcr.io to
registry.k8s.io. Currently images on k8s.gcr.io has been stopped from
serving therefore, there is a need to migrate to the new one.
Change-Id: I20305b380d26fdaa30632107b29debc519e13e54
Recently there are failures observed with docker installations. Newest
version (23.x) started to fail to create containers, when there are no
tools for apparmor available, and yet, this feature is enabled on
kernel, which is true in case of Ubuntu Jammy (22.04) stable release.
There are couple[1] of bugs[2] reported to the upstream, and as a
workaround, proposal is to install apparmor.
[1] https://github.com/moby/moby/issues/44900
[2] https://github.com/moby/moby/issues/44970
Change-Id: Ie10de8a8b074daa19ba4a882528e78cd1ee74245
In earlier version of cri-o (at least that been seen in 1.18) cri-o
packages have default configuration stored as /etc/crio/crio.conf, with
all the default values defined. Setting a value for the key means that
was a need to actually change the default. In version up to 1.23 there
was even no configuration stored at all, but starting from 1.24, all the
default config options has been commented out, and only section names
are not commented.
Similar situation has been detected for registry configuration, but here
it is even more difficult, as in recent version toml format has been
used instead of ini.
With this patch all of the cases has been covered.
Change-Id: Ia1b3dee3979841e798cec11c02ba1412dccef6c2
In some places of which network environment was limited, ciro can't
pull images from k8s.gcr.io. This patch add a variable
`CRIO_PAUSE_IMAGE` in order to the developer who located in these
places can set the ciro to pull pause container images from
repository that they can access.
The `CRIO_PAUSE_COMMAND` used to configure crio's `pause_command`
(the pause container's bootstrap command), in order to the developer
can use the special pause image the they customized.
Change-Id: Ib0d4c42870d40ef583546758513a36b906c7663b
In some places of which network environment was limited, kubeadm
can't pull images from k8s.gcr.io. This patch add a variable
`KUBEADMIN_IMAGE_REPOSITORY` in order to the developer who located in
these places can set the kubeadm to pull container images from
repository that they can access.
Change-Id: I14aed50077ef0760635e575770fd2274cb759c53
By default, CRI-O doesn't allow to have ICMP traffic between the pods
and pods to/from host. It's convenient to have such ability for testing
and debugging purpose.
In this patch there is added appropriate configuration to crio.conf, and
also a setting to disable it if needed.
Change-Id: I1133815d9cbce311313bff7a219a9b3939390660
There are also two new configuration option introduced:
- CNI_PLUGIN_DIR
- CNI_CONF_DIR
which, if defined, are used to configure crio paths for plugins and
networks config.
Change-Id: Ica4277b06740f8dca3ff5be77432cf6ab2f3cdeb
Let's bump minimal tox version so that we can rename
whitelist_externals option to allowlist_externals one.
https: //tox.wiki/en/latest/changelog.html#v3-18-0-2020-07-23
Change-Id: I0be6023da2c0b720728ce62a0eb91930c7a5cd28
Since projectatomic Ubuntu builds are deprecated, and advice was to
consult upstream documentation[1], Kubernetes with cri-o now rely on
Kubic project, which (among the others) provides packages for Ubuntu
20.04. Let us switch for those.
[1] https://kubernetes.io/docs/setup/production-environment/container-runtimes/#cri-o
Change-Id: Ib06753d22f8859eefedc031094851b052f4105b6
We need to configure CNI plugin first, then configure and restart
containerd. In before, the order is reverse so the CNI config
is not picked.
Change-Id: I1c0e753b19289c339e44f288cae02d7ee2957da6
Installing docker will install the CRI plugin for containerd.
This commit support enabling the CRI-containerd plugin.
By default, this is disabled.
Change-Id: Ica8d5f91ae77d1d6599bfadc4031552016ad8953
The CI job configuration was auto-converted from legacy job in before.
This commit convert the job to zuul v3 native format.
Change-Id: I591ca197b6860db31e76fc7af3547ff4a92b2a55
The job install Docker and use basic scenario to verifies if
Docker is working properly. The job is quite stable so far.
This commit changes this job from non-voting to voting.
Change-Id: I7da8471fc9b3b362bf6502f379b60cfeb2a9ad92
Add support for installing kubernetes cluster via devstack.
It uses kubeadm to bootstrap the k8s cluster.
Change-Id: I7877ceda08bbdab807116a13d74ff884136dc501
This is a mechanically generated change to replace openstack.org
git:// URLs with https:// equivalents.
This is in aid of a planned future move of the git hosting
infrastructure to a self-hosted instance of gitea (https://gitea.io),
which does not support the git wire protocol at this stage.
This update should result in no functional change.
For more information see the thread at
http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003825.html
Change-Id: I22b7533894aae3f217b183a6c8d89221c02dd7aa
This commit adds support for installing cri-o as container engine in
CentOS and Fedora. Tested on CentOS 7.6 and Fedora 28.
Change-Id: I0e10e06156e02397b5cd64efe802869d0e96b231
Seems like aforementioned package is not available on Ubuntu 18.04
(Bionic). This commit excludes that version from installation of Docker.
Change-Id: Ib1864497dd19caadf9077386ce278712e4f5de8f
This is a mechanically generated patch to complete step 1 of moving
the zuul job settings out of project-config and into each project
repository.
Because there will be a separate patch on each branch, the branch
specifiers for branch-specific jobs have been removed.
Because this patch is generated by a script, there may be some
cosmetic changes to the layout of the YAML file(s) as the contents are
normalized.
See the python3-first goal document for details:
https://governance.openstack.org/tc/goals/stein/python3-first.html
Change-Id: I31bc574b8f66f4fc483c3758e787886fd49d4843
Story: #2002586
Task: #24327
ENABLE_CLEAR_CONTAINER should be set to false by default as they're
relying on third party repos which could break devstack installation at
some point.
Change-Id: I99b26650f6c68e8563dcde589bda7ccdc6a19a46