magnum

Commit Graph

Author	SHA1	Message	Date
Spyros Trigazis	2329cb7fb4	k8s: Fix kubelet, add RBAC and pass e2e tests Due to a few several small connected patches for the fedora atomic driver, this patch includes 4 smaller patches. Patch 1: k8s: Do not start kubelet and kube-proxy on master Patch [1], misses the removal of kubelet and kube-proxy from enable-services-master.sh and therefore they are started if they exist in the image or the script will fail. https://review.openstack.org/#/c/533593/ Closes-Bug: #1726482 Patch 2: k8s: Set require-kubeconfig when needed From kubernetes 1.8 [1] --require-kubeconfig is deprecated and in kubernetes 1.9 it is removed. Add --require-kubeconfig only for k8s <= 1.8. [1] https://github.com/kubernetes/kubernetes/issues/36745 Closes-Bug: #1718926 https://review.openstack.org/#/c/534309/ Patch 3: k8s_fedora: Add RBAC configuration * Make certificates and kubeconfigs compatible with NodeAuthorizer [1]. * Add CoreDNS roles and rolebindings. * Create the system:kube-apiserver-to-kubelet ClusterRole. * Bind the system:kube-apiserver-to-kubelet ClusterRole to the kubernetes user. * remove creation of kube-system namespaces, it is created by default * update client cert generation in the conductor with kubernetes' requirements * Add --insecure-bind-address=127.0.0.1 to work on multi-master too. The controller manager on each node needs to contact the apiserver (on the same node) on 127.0.0.1:8080 [1] https://kubernetes.io/docs/admin/authorization/node/ Closes-Bug: #1742420 Depends-On: If43c3d0a0d83c42ff1fceffe4bcc333b31dbdaab https://review.openstack.org/#/c/527103/ Patch 4: k8s_fedora: Update coredns config to pass e2e To pass the e2e conformance tests, coredns needs to be configured with POD-MODE verified. Otherwise, pods won't be resolvable [1]. [1] https://github.com/coredns/coredns/tree/master/plugin/kubernetes https://review.openstack.org/#/c/528566/ Closes-Bug: #1738633 Change-Id: Ibd5245ca0f5a11e1d67a2514cebb2ffe8aa5e7de	2018-02-08 13:35:00 +00:00
Hongbin Lu	865702f5b3	Fix failure of systemd service kube-ui The systemd service kube-ui failed because it does not know the HOME environment variable. Also updated script to handle already existing namespace, rc and service. Similar issue from upstream is as follows: https://github.com/kubernetes/kubernetes/pull/23975 Change-Id: I71925a232b57f3c2cdfe82ae97b3fd7395e37343 Co-Authored-By: yatinkarel <yatin.karel@nectechnologies.in> Closes-Bug: #1584931	2016-09-28 17:08:09 +05:30
Spyros Trigazis	2c635692ae	Split k8s atomic vm and ironic drivers The 2 k8s atomic drivers we currently support are added to the same driver. This breaks ironic support with the stevedore work I'm currently doing. With stevedore, we can choose only one driver based on the server_type, os and coe. We won't be able to pick a driver and then choose an implementation bases on server_type. Partially-Implements: blueprint magnum-baremetal-full-support Co-Authored-By: Spyros Trigazis <strigazi@gmail.com> Change-Id: Ic1b8103551f48f85baa2ed9ff32d5b70b1fab84e	2016-09-09 18:10:08 +02:00

Author

SHA1

Message

Date

Spyros Trigazis

2329cb7fb4

k8s: Fix kubelet, add RBAC and pass e2e tests

Due to a few several small connected patches for the
fedora atomic driver, this patch includes 4 smaller patches.

Patch 1:
k8s: Do not start kubelet and kube-proxy on master

Patch [1], misses the removal of kubelet and kube-proxy from
enable-services-master.sh and therefore they are started if they
exist in the image or the script will fail.

https://review.openstack.org/#/c/533593/
Closes-Bug: #1726482

Patch 2:
k8s: Set require-kubeconfig when needed

From kubernetes 1.8 [1] --require-kubeconfig is deprecated and
in kubernetes 1.9 it is removed.

Add --require-kubeconfig only for k8s <= 1.8.

[1] https://github.com/kubernetes/kubernetes/issues/36745

Closes-Bug: #1718926

https://review.openstack.org/#/c/534309/

Patch 3:
k8s_fedora: Add RBAC configuration

* Make certificates and kubeconfigs compatible
  with NodeAuthorizer [1].
* Add CoreDNS roles and rolebindings.
* Create the system:kube-apiserver-to-kubelet ClusterRole.
* Bind the system:kube-apiserver-to-kubelet ClusterRole to
  the kubernetes user.
* remove creation of kube-system namespaces, it is created
  by default
* update client cert generation in the conductor with
  kubernetes' requirements
* Add --insecure-bind-address=127.0.0.1 to work on
  multi-master too. The controller manager on each
  node needs to contact the apiserver (on the same node)
  on 127.0.0.1:8080

[1] https://kubernetes.io/docs/admin/authorization/node/

Closes-Bug: #1742420
Depends-On: If43c3d0a0d83c42ff1fceffe4bcc333b31dbdaab
https://review.openstack.org/#/c/527103/

Patch 4:
k8s_fedora: Update coredns config to pass e2e

To pass the e2e conformance tests, coredns needs to
be configured with POD-MODE verified. Otherwise, pods
won't be resolvable [1].

[1] https://github.com/coredns/coredns/tree/master/plugin/kubernetes

https://review.openstack.org/#/c/528566/
Closes-Bug: #1738633

Change-Id: Ibd5245ca0f5a11e1d67a2514cebb2ffe8aa5e7de

2018-02-08 13:35:00 +00:00

Hongbin Lu

865702f5b3

Fix failure of systemd service kube-ui

The systemd service kube-ui failed because it does not
know the HOME environment variable.
Also updated script to handle already existing namespace,
rc and service.

Similar issue from upstream is as follows:
https://github.com/kubernetes/kubernetes/pull/23975

Change-Id: I71925a232b57f3c2cdfe82ae97b3fd7395e37343
Co-Authored-By: yatinkarel <yatin.karel@nectechnologies.in>
Closes-Bug: #1584931

2016-09-28 17:08:09 +05:30

Spyros Trigazis

2c635692ae

Split k8s atomic vm and ironic drivers

The 2 k8s atomic drivers we currently support are added to the
same driver. This breaks ironic support with the stevedore
work I'm currently doing.

With stevedore, we can choose only one driver based on the
server_type, os and coe. We won't be able to pick a driver and
then choose an implementation bases on server_type.

Partially-Implements: blueprint magnum-baremetal-full-support
Co-Authored-By: Spyros Trigazis <strigazi@gmail.com>
Change-Id: Ic1b8103551f48f85baa2ed9ff32d5b70b1fab84e

2016-09-09 18:10:08 +02:00

3 Commits