To deploy Calico with Tigera Operator helm charts it was necessary
to move Helm client install to separate script for earlier execution.
Change-Id: Iab738b4120c0ac823b247b04f0cd750de0147779
cloud-provider-openstack has changed their image repo. To use the
plugins matching later versions of k8s, this needs to be updated.
Also update tags for CI test to match version being tested.
[1] https://github.com/kubernetes/cloud-provider-openstack/pull/2169
Change-Id: I9390db5e1aa357c17a39a7c208d837befafd3820
This argument has been defined for containerd clusters in Magnum, and is set to
the default (and only valid) value of 'remote'.
Kubelet warning in 1.26:
* Flag --container-runtime has been deprecated, will be removed in 1.27 as the only valid value is 'remote'
Kubelet error in 1.27:
* E0801 03:10:26.723998 8889 run.go:74] "command failed" err="failed to parse kubelet flag: unknown flag: --container-runtime"
Change-Id: I072fab1342593941414b86e28b8a76edf2b19a6f
Currently one cinder-csi-nodeplugin pod is always in Pending state,
because the nodeplugin and controllerplugin deployments share the
same TCP port.
Adapt the manifest to upstream cinder-csi manifest, and run
controllerplugin in CNI network and nodeplugin in host networking.
Change-Id: Idbec5e8e64096a1e1a932da79e656f97f8db1144
PodSecurityPolicy has been removed in Kubernetes v1.25 [1]. To allow Magnum
to support Kubernetes v1.25 and above, PodSecurityPolicy Admission
Controller has has been removed.
[1] https://kubernetes.io/docs/concepts/security/pod-security-policy/
Change-Id: I0fb0c372b484275b0677114193289469ee788b84
klog args have been removed from kubernetes in 1.26, and
deprecated since 1.23. https://github.com/kubernetes/kubernetes/pull/112120
The argument --logtostderr has defaulted to true for a long time, so
this removal on older versions should have no impact.
Change-Id: I64f934a9bbc39c5e054d8a83b3f6edee061469e6
Task: 45387
Story: 2010041
In Fedora CoreOS 35 default containerd cni bin_dir is set to
/usr/libexec/cni. Since we're installing our own in /opt/cni/bin need to
override in containerd config.toml otherwise pods get stuck in
ContainerCreating state looking for for ex. calico in wrong path.
Change-Id: I3242b718e32c92942ac471bc7e182a42e803005b
According to the documentation the first argument to log is either a
domain or a '.' (dot). The current setting of 'log stdout' appears to
blackhole query logs. The default output of log is stdout so the
argument would not be necessary.
Removing `stdout` allows coredns to send query logs to stdout.
Reference: https://coredns.io/plugins/log/
Change-Id: I7837015c37eb58ba43ff42cc8b647c717fa1c650
If the kubelet container is restarted on a host (during upgrades, or manually)
the bind mounts duplicate into /rootfs and kubelet cannot unmount these.
This leads to stuck terminating pods that must be resolved with either --force
or restart of kubelet container.
Adding 'rslave' means that when the kubelet unmounts volumes at /var/lib/kubelet/pods
this propogates to the host (using 'rshared'), and back into the container in /rootfs.
This bug was likely introduced when mounting of /rootfs was added[0].
[0] 1994e9448a
Change-Id: I44f80ccc97c0eeab98f1edbe4a22763732b7f4da
- Bump also components to upstream manifest versions.
- Add small tool to sync Cinder CSI manifests automatically
Change-Id: Icd19b41d03b7aa200965a3357a8ddf8b4b40794a
Only specify dockershim options when container runtime is not containerd.
Those options were ignored in the past when using containerd but since 1.24
kubelet refuses to start.
Task: 45282
Story: 2010028
Signed-off-by: Daniel Meyerholt <dxm523@gmail.com>
Change-Id: Ib44cc30285c8bd4219d4a45dc956696505ddd570
In order to properly support EndpointSlices, enhance ClusterRole.
story: 2009874
task: 44582
Signed-off-by: Daniel Meyerholt <dxm523@gmail.com>
Change-Id: Ib9d81e8d215bb50cb0d80b954949012cbbf45a5c
Set resource requests for system pods to
guarantee at least some amount of resources.
This prevents them from being starved of
CPU/memory when running alongside resource
intensive workloads in the cluster and
gives them a higher quality of service class.
metrics-server:
100m/200Mi recommended for up to 100 node clusters.
https://github.com/kubernetes-sigs/metrics-server#scaling
openstack-cloud-controller-manager:
200m CPU taken from example manifests.
kubernetes-dashboard:
100m/100Mi taken from helm chart defaults.
heapster:
100m/128Mi taken from helm chart defaults.
influxdb:
100m/256Mi taken from influx helm chart defaults.
grafana (for influxdb):
100m/200Mi same as monitoring grafana.
ingress-traefik:
100m/50Mi taken from helm chart defaults.
cluster-autoscaler:
100m/300Mi taken from helm chart defaults.
csi-cinder-nodeplugin:
25m CPU on both containers to ensure
Burstable QoS class.
csi-cinder-controllerplugin:
20m CPU on all containers to ensure
Burstable QoS class.
tiller-deploy:
25m CPU to ensure it can always handle
the readiness probe.
octavia-ingress-controller:
50m CPU, just a guess really.
Story: 2008825
Task: 42290
Change-Id: Ifcd764c00d7046744ba63609078cc6c5d02fdc1c
This fixes an issue with --registry-enabled that was previously fixed [1] but
somehow dropped after a refactoring [2]
[1] Change Ib93a7c0f761d047da3408703a5cf4208821acb33
[2] Change Ibbed59bc135969174a20e5243ff8464908801a23
Task: 41306
Story: 2008383
Change-Id: I76fedd34edec55f5a906a96672529ed15775f5da
Previously the docker service was disabled but kept running.
And if stopped, would be restarted by the docker socket.
Docker can be fully disabled and stopped when using containerd.
Change-Id: Ic3529106806f90dcafc24006c6c0dbc30e33766b
When the Cinder volume is presented as a virtio-scsi volume, the
device_name detection fails. This change allows the device name to be
retrieved correctly for both virtio-pci and virtio-scsi cases.
Story: 2008618
Task: 41808
Change-Id: Ia6a848eae11bc38ff71ef4575247010a8ffaa47b
Using admin.conf as the kubeconfig to get correct permissions
to run kubectl command to update pods to use the new CA certs.
Besides, now we need to create client certs on master nodes
as well.
Story:2008858
Task: 42379
Change-Id: I4996060dd18ef3c448d4b225caec53bf0ae0ba75
Fedora CoreOS 34 has switched from cgroups v1 to
cgroups v2 by default, which changes the sysfs hierarchy.
Task: 42809
Story: 2009045
Change-Id: I2f9651421370ba44e2f0ddc7bb6526745b62ad40
Starting from CoreDNS 1.7.0 the upstream option is not valid anymore
and CoreDNS does not start when it is set. It has been effectively a
noop since 1.5.2.
Task: 42765
Story: 2009030
Change-Id: I4e8029a4cd5e89d7173758fa1dc2e718895fdbe7
Jake Yip