The old taint 'node-role.kubernetes.io/master' has been deprecated since
v1.20 and removed since v1.25[1].
Starting from v1.28, the taint of 'node-role.kubernetes.io/master' does
not pass conformance.
[1] https://kubernetes.io/blog/2022/04/07/upcoming-changes-in-kubernetes-1-24/
node-role.kubernetes.io/master
Change-Id: I32616ea7f382601ecca9fce0a84da007e5471dfb
To deploy Calico with Tigera Operator helm charts it was necessary
to move Helm client install to separate script for earlier execution.
Change-Id: Iab738b4120c0ac823b247b04f0cd750de0147779
cloud-provider-openstack has changed their image repo. To use the
plugins matching later versions of k8s, this needs to be updated.
Also update tags for CI test to match version being tested.
[1] https://github.com/kubernetes/cloud-provider-openstack/pull/2169
Change-Id: I9390db5e1aa357c17a39a7c208d837befafd3820
Allow ClusterTemplate to explicitly specify a driver to use for creating
Clusters.
This is initially sourced from the image property 'magnum_driver', but
may be improved to be specified via client in the future.
Falls back to old driver discovery using (coe, server_type, os) tuple to
keep existing behaviour.
Change-Id: I9e206b589951a02360d3cef0282a9538236ef53b
This is part of the steps to remove usage of six library, which is no
longer needed since python 2 support was removed.
Change-Id: If6fb372f72a469e55e956e127c49863b5a557552
Label validator function has been left behind, although it's not
checking for anything right now - might be useful in future.
Change-Id: I74c744dc957d73aef7556aff00837611dadbada7
This argument has been defined for containerd clusters in Magnum, and is set to
the default (and only valid) value of 'remote'.
Kubelet warning in 1.26:
* Flag --container-runtime has been deprecated, will be removed in 1.27 as the only valid value is 'remote'
Kubelet error in 1.27:
* E0801 03:10:26.723998 8889 run.go:74] "command failed" err="failed to parse kubelet flag: unknown flag: --container-runtime"
Change-Id: I072fab1342593941414b86e28b8a76edf2b19a6f
In api and etcd load balancer templates we define if Octavia
load balancer healthchecks should be enabled. Corrected
octavia_lb_healthcheck parameter value comparison.
Closes-bug: #2015393
Change-Id: Icee8be92ea3e3121934645049b81b79be9bd046a
Currently one cinder-csi-nodeplugin pod is always in Pending state,
because the nodeplugin and controllerplugin deployments share the
same TCP port.
Adapt the manifest to upstream cinder-csi manifest, and run
controllerplugin in CNI network and nodeplugin in host networking.
Change-Id: Idbec5e8e64096a1e1a932da79e656f97f8db1144
PodSecurityPolicy has been removed in Kubernetes v1.25 [1]. To allow Magnum
to support Kubernetes v1.25 and above, PodSecurityPolicy Admission
Controller has has been removed.
[1] https://kubernetes.io/docs/concepts/security/pod-security-policy/
Change-Id: I0fb0c372b484275b0677114193289469ee788b84
This fix propose two parts:
* introduce timeout (60s) to requests calls
* remove `file` scheme support for requests calls.
Change-Id: Ide2c2915ba5d6ff03933160b74f7206492276968
klog args have been removed from kubernetes in 1.26, and
deprecated since 1.23. https://github.com/kubernetes/kubernetes/pull/112120
The argument --logtostderr has defaulted to true for a long time, so
this removal on older versions should have no impact.
Change-Id: I64f934a9bbc39c5e054d8a83b3f6edee061469e6
Task: 45387
Story: 2010041
In Fedora CoreOS 35 default containerd cni bin_dir is set to
/usr/libexec/cni. Since we're installing our own in /opt/cni/bin need to
override in containerd config.toml otherwise pods get stuck in
ContainerCreating state looking for for ex. calico in wrong path.
Change-Id: I3242b718e32c92942ac471bc7e182a42e803005b
The coe mesos has not been maitenaned for quite some
time and hasn't got much attetion from the community
in general. As discussed in the mailing list [1] we
are dropping for now.
In this patch, we start by removing the mesos driver
and its test cases. This part of the code has no impact
for other drivers. Then we can clean up mesos references
that affect the API.
[1] http://lists.openstack.org/pipermail/openstack-discuss/2021-December/026230.html
Conflicts:
lower-constraints.txt
tox.ini
Change-Id: Ied76095f1f1c57c6af93d1a6094baa6c7cc31c9b
According to the documentation the first argument to log is either a
domain or a '.' (dot). The current setting of 'log stdout' appears to
blackhole query logs. The default output of log is stdout so the
argument would not be necessary.
Removing `stdout` allows coredns to send query logs to stdout.
Reference: https://coredns.io/plugins/log/
Change-Id: I7837015c37eb58ba43ff42cc8b647c717fa1c650
If the kubelet container is restarted on a host (during upgrades, or manually)
the bind mounts duplicate into /rootfs and kubelet cannot unmount these.
This leads to stuck terminating pods that must be resolved with either --force
or restart of kubelet container.
Adding 'rslave' means that when the kubelet unmounts volumes at /var/lib/kubelet/pods
this propogates to the host (using 'rshared'), and back into the container in /rootfs.
This bug was likely introduced when mounting of /rootfs was added[0].
[0] 1994e9448a
Change-Id: I44f80ccc97c0eeab98f1edbe4a22763732b7f4da
- Bump also components to upstream manifest versions.
- Add small tool to sync Cinder CSI manifests automatically
Change-Id: Icd19b41d03b7aa200965a3357a8ddf8b4b40794a
Trust token can be deleted outside of magnum,
But when trust token not found, the periodic update status job will
stay in inprogress unless another cluster action triggered.
Propose to use admin context when trust can not be found in periodic
update status job.
Story: 2010232
Task: 46031
Change-Id: I9cc9a0e654fb26ebec517e3413a592ac6613777c
In Change I523a4a85867f82d234ba1f3e6fad8b8cd2291182, the pep8 test was
accidentally dropped.
Fix up code so that pep8 passes.
In addition to that following change has been added here to unbreak CI:
Add WebTest as an indirect test dependency
Pecan has made webtest an optional dependency for testing only [1].
Since it is still used for testing we need to add it to our
test-requirements.txt.
[1]: https://github.com/pecan/pecan/pull/140
Change-Id: I2f85adb4ef29a43389897c201e6152fd4c7be9d6
Only specify dockershim options when container runtime is not containerd.
Those options were ignored in the past when using containerd but since 1.24
kubelet refuses to start.
Task: 45282
Story: 2010028
Signed-off-by: Daniel Meyerholt <dxm523@gmail.com>
Change-Id: Ib44cc30285c8bd4219d4a45dc956696505ddd570
In order to properly support EndpointSlices, enhance ClusterRole.
story: 2009874
task: 44582
Signed-off-by: Daniel Meyerholt <dxm523@gmail.com>
Change-Id: Ib9d81e8d215bb50cb0d80b954949012cbbf45a5c