We've switched to the kubernetes binaries from kubernetes project itself
a while ago. There are still some of the mentions in the sample
local.conf about it and a wrapper shell script for the kubectl. In this
commit it will be removed.
Change-Id: Id2ea00db502a9a77c7686c1f2c60637f37bd72df
Turns out, that all the images has been moved from k8s.gcr.io to
registry.k8s.io, so that there is no need to distinguish between those
two locations for older version of k8s (especially the one which we are
relaying on for docker gate). In this patch we switch over to the
registry.k8s.io for all of the supported kubernetes versions.
To make it work it is also requires to bump kubernetes 1.23 to latest
minor version, otherwise there will be issues with pulling coredns
image.
Change-Id: I7ed0ae76108a409bc72bc61ab7c12164e8277257
Depends-On: https://review.opendev.org/c/openstack/devstack-plugin-container/+/874573
Starting from 1.24 kubernetes started to use different registry for it's
images. That results with inability for kuryr to use the newer versions.
In this commit support for both registry is added.
Closes-Bug: #1991757
Change-Id: I3576159e5afbeb788369519fee12788260b0555f
During devstack deployment it can happen, that changing desired version
of the kubernetes, kubectl will be intalled with different version. This
patch make sure, that all of the installed kubernetes components are
coherent.
Closes-Bug: #1991773
Change-Id: Ied04e93bbe16e7a40213c35f0c6775bbcbf514ac
This got decided at the PTG. The code is old, not maintained, not tested
and most likely doesn't work anymore. Moreover it gave us a hard
dependency on grpcio and protobuf, which is fairly problematic in Python
and gave us all sorts of headaches.
Change-Id: I0c8c91cdd3e1284e7a3c1e9fe04b4c0fbbde7e45
There are some of the mentions of KuryrNetPolicy around our code. In
this patch we are removing it (with one exception - the spec for
originally designed CRD for network policy handling), just to avoid
confusion with currently used KuryrNetworkPolicy.
Change-Id: Ie9bb46467a249e1c0ada3a9810c4fff59fd57757
CRD KuryrNet was already replaced by KuryrNetwork, although there are
some spots, where it is mentioned - mostly docs and log messages. In
this commit we get rid of it once and for all.
Change-Id: I20345a1f4d4288534d620f0bd2196fc77ee795e9
In some places of which network environment was limited, kubeadm
can't pull images from k8s.gcr.io. This patch add a variable
`KURYR_KUBEADMIN_IMAGE_REPOSITORY` in order to the developer who
located in these places can set the kubeadm to pull container images
from repository that they can access.
Change-Id: Id966747d8c09ea14bb37880f8fb37447591564b5
The healthz endpoint is deprecated since Kubernetes v1.16. The k8s
docs [1] suggest that use the livez and readyz endpoints to instead.
[1] https://kubernetes.io/docs/reference/using-api/health-checks/
Change-Id: I1211fa3bb4450b9178e13ca5a46255242ee480a2
Permissions to create Events was added to the kuryr-controller
ServiceAccount, but not to the kuryr-cni one. This commit fixes this,
allowing kuryr-daemon to create Events in DevStack.
Change-Id: I59a9de2f6cd3314b1326c43c4c1eefa8e445b9ee
This commit is to allow reconciliation to run only if
OVN Octavia is enabled. Using OVN is faster when
creating LoadBalancers
Change-Id: I08f7fe4d9970559f10eaadce35bde082e831968d
Before switch to kubeadm we used to use manual approach for installing
all the bits with option for switching container runtimes between docker
and cri-o. With this patch we re-gain that ability with simply setting
appropriate container engine variable for devstack-plugin-contaier to
use either CRI-O or default Docker.
Depends-On: https://review.opendev.org/c/openstack/devstack-plugin-container/+/817231
Change-Id: I273888a7428611b40802dc5dd53fcee864ce43da
Ensures Namespaces are only handled when there
is any Pod on Pod Network present on it to avoid
creating Networks and Subnets without really being
used.
Depends-On: https://review.opendev.org/c/openstack/kuryr-tempest-plugin/+/813404
Change-Id: Idbc1e2868c54eb1151d2498a0324731fe099592e
let containers aware of the host's netns changes
Signed-off-by: yue.lg <yuelg@chinaunicom.cn>
Change-Id: I312817db503002f918276d0ff41baeb816f39404
Closes-Bug: 1945293
Also, rearrange tests files.
Job hierarchy looks as follows:
- kuryr-kubernetes-base (base tempest job)
- kuryr-kubernetes-base-ovn (derived from base for neutron OVN)
- kuryr-kubernetes-tempest-amphora
- kuryr-kubernetes-octavia-base (ovn-octavia-provider)
- kuryr-kubernetes-tempest (alias for the parent,
used in projects kuryr-tempest-plugin and os-vif)
- kuryr-kubernetes-tempest-ovn-provider-ovn (alias for the parent,
used in project ovn-octavia-provider)
- kuryr-kubernetes-tempest-systemd
- kuryr-kubernetes-tempest-centos-7 (this one is probably
broken)
- kuryr-kubernetes-tempest-defaults (default settings for
kuryr-kubernetes, so OVN + amphora + default set of handlers,
default subnet and sg drivers)
- kuryr-kubernetes-tempest-ipv6
- kuryr-kubernetes-tempest-dual-stack
- kuryr-kubernetes-tempest-lower-constraints
- kuryr-kubernetes-tempest-l2
- kuryr-kubernetes-tempest-pools-namespace
- kuryr-kubernetes-tempest-crio (currently broken)
- kuryr-kubernetes-tempest-multinode
- kuryr-kubernetes-tempest-multinode-ha
- kuryr-kubernetes-base-ovs (derived from base for neutron OVS)
- kuryr-kubernetes-octavia-base-ovs (amphora)
- kuryr-kubernetes-tempest-ipv6-ovs
- kuryr-kubernetes-tempest-amphora-ovs
- kuryr-kubernetes-tempest-multinode-ovs
- kuryr-kubernetes-e2e-np (base devstack job)
For convenience, tempest jobs are in two files: one for multinode jobs,
and one for one node jobs. Network policy job is in its own file, since
it have different parent (devstack).
Change-Id: I198f138feb9bd7b6cc659ac8cd788cddd5be9439
Octavia tempest plugin is required to test for loadbalancer
reconciliation. As a result, there is need to configure the
gate to enable reconciliation by default.
Implements: blueprint reconcile-openstack-resources-with-k8s
Change-Id: Ifab3a4f45da29141d7889bc0f110ace6c5b96eab
There were a changes regarding OVN on Neutron side, let's reflect them
on our local.conf's samples. Now, we will install assume neutron will
have enabled OVN by default.
Change-Id: I2943e55b7d69908261ec71d8014730034bd481a2
Currently, we were relying on our dependencies which pulls golang
package, so that we don't need to do that ourselves. Although, as it was
pointed out in mentioned bug, explicit is better than implicit.
Even though, it's worth to mention, that kuryr-kubernetes relies on
both: Neutron and Octavia (which brings golang as it binary dep), and
without either of it, it will not work.
Change-Id: I3efb100e8ea47b7eb74e5addf5c2171c4606cad0
Closes-Bug: #1930368
When executing kubectl drain node it sometimes removing
kuryr-controller first, which may happen, that deployments will hang
during removing, since the dependency on the controller.
Also, turns out, that we can simply skip it, and `kubeadm reset` will
remove everything for us, so that's enough.
Change-Id: I396fb8fa5658617d03f5fdeed93cc86aa61e4a2d
This patch provides an implementation for joining node to the Kubernetes
cluster by using `kubeadm join` command.
Change-Id: I71d2b99e0c92a12c4e64395f6c4dafa4b69f168f
Depends-On: Ife21874c0a71ba07723094c0f880aabcf5825b77
Currently, by default, kuryr-kubernetes services (controller and CNI
daemon) are suppose to be run as a systemd services. The reality is,
that in most real world deployments we are using containerized services.
In this patch variable KURYR_K8S_CONTAINERIZED_DEPLOYMENT will now have
default value set to True, which means, that without even setting it,
deploying kuryr-kubernetes will be containerized.
Secondly, we agreed[1], that all the gate names should also reflect that
change in their names.
And finally, non working and outdated local.conf samples for
OpenDaylight has to be removed.
Behaviour for sample local.confs wasn't change: using them to spin up
devstack will still use systemd services.
[1] https://etherpad.opendev.org/p/apr2021-ptg-kuryr
Change-Id: I2c13893c80e9e5b3b2ac0cb64dd9bd9a40d99e63
Till now, for installing kuryr-kubernetes and one of the crucial service
- kubernetes, there has been used manual method for installing it in
specified version. Over time it became a burden to follow requirements
and constraints, therefore decision has been made to use recommended way
of installing Kubernetes - kubeadm. In this patch devstack installation
of the kuryr-kubernetes and its dependences has been heavily reworked.
Other than that, OpenShift related functions has been removed, since
they were all outdated and non-working for the long time.
Change-Id: Ife21874c0a71ba07723094c0f880aabcf5825b77
This patch enables the tempest test that checks that listener timeout
value is configurable.
Depends-On: https://review.opendev.org/c/openstack/kuryr-tempest-plugin/+/783966
Implements: blueprint configure-lb-listeners-timeout
Change-Id: Ie2f6ec8b193e5a90216f3ff925188ad367826e4c
The timeout-client-data and timeout-member-data configurations
for Octavia listeners default to 50 seconds for load balancers
created by Kuryr. This patch allows the creation and modification
of load balancers handled by Kuryr with different timeouts values.
Implements: blueprint configure-lb-listeners-timeout
Change-Id: I99016001c2263023d1fa2637d7b5aeb23b3b2d9d
This commit makes sure DevStack plugin is able to run with dual stack
and create 2 subnetpools, 2 service subnets and 2 pod subnets. The K8s
is also configured with that.
Implements: blueprint dual-stack
Change-Id: I9c53bc4dd3529a48f5ba1ab77268d6a984a84808
Ayumu Ueha