Commit Graph

1044 Commits

Author SHA1 Message Date
Dale Smith 0fdec72128 Support Calico 3.26.x
* Renames calico script to match the version it was intended for: 3.21.
* Match calico_tag 3.26.* with the new manifest. All other versions will
  continue to use manifest intended for 3.21.*
* Calico manifest for 3.26[1] is tested for K8s versions v1.24 through v1.28[2].

[1] https://raw.githubusercontent.com/projectcalico/calico/v3.26.4/manifests/calico.yaml
[2] https://docs.tigera.io/calico/3.26/getting-started/kubernetes/requirements

Change-Id: I548e831c13be9b732303c945b2a7ba97a245b0df
2024-03-07 00:14:47 +11:00
Zuul 9d6eae72cc Merge "Drop k8s_fedora_atomic_v1 driver" 2024-03-06 10:14:19 +00:00
Zuul fcc398028c Merge "Add feature flag for beta drivers" 2024-03-06 10:09:03 +00:00
Jakub Darmach b6e2aa8af7 Move Helm client install to separate script
To deploy Calico with Tigera Operator helm charts it was necessary
to move Helm client install to separate script for earlier execution.

Change-Id: Iab738b4120c0ac823b247b04f0cd750de0147779
2024-02-29 14:41:37 +00:00
Jakub Darmach e3aaa89376 Removing Tiller support
Removed Tiller support from Helm modules install kubernetes fragment.

Change-Id: I81db0055ae82c64218498ae3e2a4fcc802f8d0e4
2024-02-29 14:41:29 +00:00
Jake Yip a41c884463 Update cloud-provider-openstack registry
cloud-provider-openstack has changed their image repo. To use the
plugins matching later versions of k8s, this needs to be updated.

Also update tags for CI test to match version being tested.

[1] https://github.com/kubernetes/cloud-provider-openstack/pull/2169

Change-Id: I9390db5e1aa357c17a39a7c208d837befafd3820
2024-02-28 18:57:55 +11:00
Michal Nasiadka ed699b0c9a Drop k8s_fedora_atomic_v1 driver
Change-Id: I3551ae244ecf99f67a9b142c964c020a5fae70a3
2024-02-27 16:35:35 +00:00
Jake Yip 34c82bdb96 Add feature flag for beta drivers
Change-Id: I9d0851e7f0c740f2a23c3ff935a21cff35769a78
2024-02-27 20:34:05 +11:00
Jakub Darmach fde7f8e73a Removing legacy calico v3.3
Removed legacy Calico v3.3 manifest and conditional.
 -

Change-Id: Ica52a670452e65c5ae012012895080c9c8d9abf7
2024-02-27 07:15:21 +00:00
Jake Yip 8a30ad3462 Add feature to specify driver explicitly
Allow ClusterTemplate to explicitly specify a driver to use for creating
Clusters.

This is initially sourced from the image property 'magnum_driver', but
may be improved to be specified via client in the future.

Falls back to old driver discovery using (coe, server_type, os) tuple to
keep existing behaviour.

Change-Id: I9e206b589951a02360d3cef0282a9538236ef53b
2024-02-26 14:50:18 +11:00
Zuul c2567f202a Merge "Drop k8s_fedora_ironic_v1 driver" 2024-02-21 23:52:53 +00:00
Zuul 007c0cd73d Merge "Drop k8s_coreos_v1 driver" 2024-02-21 23:50:02 +00:00
Takashi Kajinami 91f181e3ad Remove six from drivers module
This is part of the steps to remove usage of six library, which is no
longer needed since python 2 support was removed.

Change-Id: If6fb372f72a469e55e956e127c49863b5a557552
2024-02-19 10:43:24 +00:00
Michal Nasiadka 68c8acba39 Remove execution bit on unnecessary files
Change-Id: Ia41b843fdf20154750b129a8ab5dd42f5c3989fb
2024-02-19 00:30:21 +00:00
Michal Nasiadka fa5aa8f625 Drop k8s_fedora_ironic_v1 driver
Change-Id: Ic7114e5923b74a4202a043388701826b4e47326e
2024-02-05 08:14:56 +00:00
Michal Nasiadka 5c0c27807a Drop k8s_coreos_v1 driver
Change-Id: I64884677cf05c59c64988dfbee9bf22e97a3466b
2024-02-05 07:04:05 +00:00
Zuul 39af658193 Merge "heat: Update addresses on CREATE_FAILED" 2024-02-02 10:31:53 +00:00
Michal Nasiadka 339a771587 heat: Update addresses on CREATE_FAILED
This is required for Tempest CI to fetch master/node addresses in order
to collect logs from them on cluster creation failure.

Change-Id: I24ac7ff632a8758bfefa5b66341a19eb9712dac6
2024-01-31 11:07:10 +00:00
Zuul 1cf1ba1761 Merge "Drop Swarm support" 2024-01-31 09:23:20 +00:00
Zuul fd76e86a57 Merge "Update chart.metadata.version to reflect breaking change in helm v3.5.2" 2024-01-26 02:36:48 +00:00
Michal Nasiadka bc79012f46 Drop Swarm support
Label validator function has been left behind, although it's not
checking for anything right now - might be useful in future.

Change-Id: I74c744dc957d73aef7556aff00837611dadbada7
2024-01-24 13:20:21 +13:00
Zuul 3ef20c2503 Merge "Migrate to importlib.metadata" 2024-01-11 09:09:38 +00:00
Zuul 6bb2c107ff Merge "Remove support for in-place upgrades with the Heat driver." 2024-01-04 01:14:11 +00:00
Dale Smith dc2b3724f5 Support k8s 1.27: Remove unsupported kubelet arg
This argument has been defined for containerd clusters in Magnum, and is set to
the default (and only valid) value of 'remote'.

Kubelet warning in 1.26:
  * Flag --container-runtime has been deprecated, will be removed in 1.27 as the only valid value is 'remote'
Kubelet error in 1.27:
  * E0801 03:10:26.723998    8889 run.go:74] "command failed" err="failed to parse kubelet flag: unknown flag: --container-runtime"

Change-Id: I072fab1342593941414b86e28b8a76edf2b19a6f
2024-01-02 06:44:13 +00:00
Dale Smith 2fd3059f38 Remove support for in-place upgrades with the Heat driver.
Heat stack SoftwareConfig is unable to provide a reliable upgrade
experience, so is being disabled. More details in code comments.

A Cluster API driver provides a way forward for Magnum to support
these again, and implement upgrade_cluster.

Change-Id: Ibea354ebfe36e8d689a95c30820709ec2b633964
2023-12-20 21:54:44 +13:00
Jake Yip 92bc2caa1c Migrate to importlib.metadata
pkg_resources is deprecated

Change-Id: I79fc6789b7fafd763e5a4a641d71af26fcf6e815
2023-11-27 19:15:45 +11:00
okozachenko1203 9ece9da95a Update chart.metadata.version to reflect breaking change in helm v3.5.2
https: //github.com/helm/helm/issues/9342
Change-Id: I1dbe7b0b85380e713ebb5dcdd7ecbfc6a438b852
2023-09-20 11:27:53 +00:00
Zuul fda54620ad Merge "Missing load balancer health monitors fix" 2023-08-25 03:10:28 +00:00
Jakub Darmach f2dc76823c
Missing load balancer health monitors fix
In api and etcd load balancer templates we define if Octavia
load balancer healthchecks should be enabled. Corrected
octavia_lb_healthcheck parameter value comparison.

Closes-bug: #2015393
Change-Id: Icee8be92ea3e3121934645049b81b79be9bd046a
2023-08-21 14:28:56 +02:00
ricolin eca79453c0 Fix Trust token scope for drivers
This fix driver token scope to make sure we use correct token
scope from Trust.

Change-Id: If5b31951959c7a141dc1cae5fefcabe4ebf438b3
2023-07-25 17:00:40 +08:00
Michal Nasiadka b578bd8a78 cinder-csi: Run controllerplugin in CNI network
Currently one cinder-csi-nodeplugin pod is always in Pending state,
because the nodeplugin and controllerplugin deployments share the
same TCP port.

Adapt the manifest to upstream cinder-csi manifest, and run
controllerplugin in CNI network and nodeplugin in host networking.

Change-Id: Idbec5e8e64096a1e1a932da79e656f97f8db1144
2023-05-30 07:36:40 +00:00
Zuul a1252ec553 Merge "Add `-p` param to `mkdir` in agent startup script" 2023-05-11 08:18:15 +00:00
Zuul 392120ab13 Merge "Remove PodSecurityPolicy" 2023-05-10 13:56:04 +00:00
Zuul 2c193622de Merge "Fix pods unable to send traffic to ClusterIP" 2023-05-10 10:52:51 +00:00
Zuul 034c1e5491 Merge "Support k8s 1.25 in Calico Manifest" 2023-05-10 10:52:49 +00:00
Zuul f28b25734d Merge "Support k8s 1.26: remove logtostderr" 2023-05-04 07:07:49 +00:00
Jake Yip 1b1c2122f0 Remove PodSecurityPolicy
PodSecurityPolicy has been removed in Kubernetes v1.25 [1]. To allow Magnum
to support Kubernetes v1.25 and above, PodSecurityPolicy Admission
Controller has has been removed.

[1] https://kubernetes.io/docs/concepts/security/pod-security-policy/

Change-Id: I0fb0c372b484275b0677114193289469ee788b84
2023-04-26 20:33:44 +10:00
Jake Yip ae7a50e2af Fix pods unable to send traffic to ClusterIP
Flannel with VXLAN suffers from a bug[1] where pods on the same node are
unable to send traffic to a service's ClusterIP when the endpoint is on
the same node.

This is due to improper NATTing of the return traffic.

The fix is to load the br_netfilter module as specified in the
kubernetes doc.[2]

[1] https://github.com/flannel-io/flannel/issues/1702
[2] https://kubernetes.io/docs/setup/production-environment/container-runtimes/#forwarding-ipv4-and-letting-iptables-see-bridged-traffic

Change-Id: Ic182bba9d480421c2cb581558ebde8dfb20421c8
2023-03-29 19:27:17 +11:00
Dale Smith 5abcab4efd Support k8s 1.25 in Calico Manifest
PodDisruptionBudget is `policy/v1` since 1.21.

https://github.com/projectcalico/calico/issues/4570

Change-Id: I07786095a30ae15fe856fd3966fc073267d2ae9d
2023-03-20 20:13:19 +00:00
ricolin 6169eb26ed Fix pep8 gate
This fix propose two parts:
* introduce timeout (60s) to requests calls
* remove `file` scheme support for requests calls.

Change-Id: Ide2c2915ba5d6ff03933160b74f7206492276968
2023-03-14 09:17:54 +08:00
Jake Yip 18348d5f7b Add `-p` param to `mkdir` in agent startup script
This script `/root/configure-agent-env.sh` is called by the systemd
service file `configure-agent-env.service`.

This fixes the following error in the configure-agent-env.service if the node
has been rebooted after the first boot:

 bash[870]: + mkdir /etc/kubernetes/
 bash[954]: mkdir: cannot create directory '/etc/kubernetes/': File exists

Change-Id: Ib962e5a70ee35513f4a04ef87bfda71b2a2a80a1
2023-03-09 23:17:48 +11:00
Dale Smith 16baf85716 Support k8s 1.26: remove logtostderr
klog args have been removed from kubernetes in 1.26, and
deprecated since 1.23. https://github.com/kubernetes/kubernetes/pull/112120

The argument --logtostderr has defaulted to true for a long time, so
this removal on older versions should have no impact.

Change-Id: I64f934a9bbc39c5e054d8a83b3f6edee061469e6
2023-02-13 23:12:26 +00:00
Dale Smith 5061dc5bb5 Fix kubelet for Fedora CoreOS 36 to provide real resolvconf to containers.
In Fedora CoreOS 36 CoreDNS cannot start correctly due to a loopback issue
where /etc/resolv.conf is mounted and points to localhost.

Tested on Fedora CoreOS 35,36,37, with Docker and containerd.

https://coredns.io/plugins/loop/#troubleshooting-loops-in-kubernetes-clusters
https://fedoraproject.org/wiki/Changes/systemd-resolved#Detailed_Description

Story: 2010519
Depends-On: I3242b718e32c92942ac471bc7e182a42e803005b

Change-Id: I8106324ce71d6c22fa99e1a84b5a09743315811a
2023-02-05 09:01:56 +00:00
Jakub Darmach fbfd3ce9a3 Containerd cni plugin path in CoreOS 35
Task: 45387
Story: 2010041

In Fedora CoreOS 35 default containerd cni bin_dir is set to
/usr/libexec/cni. Since we're installing our own in /opt/cni/bin need to
override in containerd config.toml otherwise pods get stuck in
ContainerCreating state looking for for ex. calico in wrong path.

Change-Id: I3242b718e32c92942ac471bc7e182a42e803005b
2023-02-04 13:05:01 +00:00
guilhermesteinmuller d3d28594b3 Drop mesos driver
The coe mesos has not been maitenaned for quite some
time and hasn't got much attetion from the community
in general. As discussed in the mailing list [1] we
are dropping for now.

In this patch, we start by removing the mesos driver
and its test cases. This part of the code has no impact
for other drivers. Then we can clean up mesos references
that affect the API.

[1] http://lists.openstack.org/pipermail/openstack-discuss/2021-December/026230.html

Conflicts:
	lower-constraints.txt
	tox.ini

Change-Id: Ied76095f1f1c57c6af93d1a6094baa6c7cc31c9b
2022-11-11 23:01:43 +11:00
Zuul 379062eff7 Merge "Make configure-agent-env.service idempotent." 2022-11-09 12:16:58 +00:00
Zuul b5918de996 Merge "Fix pods stuck terminating." 2022-11-09 11:32:39 +00:00
Travis Holton e4e0843ed1 Remove stdout argument from coredns log
According to the documentation the first argument to log is either a
domain or a '.' (dot). The current setting of 'log stdout' appears to
blackhole query logs. The default output of log is stdout so the
argument would not be necessary.

Removing `stdout` allows coredns to send query logs to stdout.

Reference: https://coredns.io/plugins/log/

Change-Id: I7837015c37eb58ba43ff42cc8b647c717fa1c650
2022-10-26 16:31:03 +13:00
Dale Smith b318560b59 Fix pods stuck terminating.
If the kubelet container is restarted on a host (during upgrades, or manually)
the bind mounts duplicate into /rootfs and kubelet cannot unmount these.

This leads to stuck terminating pods that must be resolved with either --force
or restart of kubelet container.

Adding 'rslave' means that when the kubelet unmounts volumes at /var/lib/kubelet/pods
this propogates to the host (using 'rshared'), and back into the container in /rootfs.

This bug was likely introduced when mounting of /rootfs was added[0].

[0] 1994e9448a

Change-Id: I44f80ccc97c0eeab98f1edbe4a22763732b7f4da
2022-10-26 00:09:48 +00:00
Zuul 0748588e79 Merge "Support K8s 1.24+" 2022-09-26 17:11:03 +00:00