According to the documentation the first argument to log is either a
domain or a '.' (dot). The current setting of 'log stdout' appears to
blackhole query logs. The default output of log is stdout so the
argument would not be necessary.
Removing `stdout` allows coredns to send query logs to stdout.
Reference: https://coredns.io/plugins/log/
Change-Id: I7837015c37eb58ba43ff42cc8b647c717fa1c650
Now the label `fixed_network_cidr` is not handled correctly, no matter
if the label is set, the default value '10.0.0.0/24' is used for
fixed network anyway. This patch fixes it and renamed it as
`fixed_subnet_cidr` to make less confusion. The new behaviour will be:
1. If the label `fixed_subnet_cidr` is set but no fixed subnet passed
in, then a new subnet will be created with the given CIDR.
2. If a fixed subnet is passed in by user, then label `fixed_subnet_cidr`
will be override with the CIDR from the given subnet.
Task: 39847
Story: 2007712
Change-Id: Id05e36696bf85297a556fcd959ed897fe47b7354
The current default Calico IPv4 CIDR 192.168.0.0/16 is too common and
it has bring us some IP conflicts troubles on production. This patch is
proposing to replace it with a rare CIDR range.
Task: 39052
Story: 2007426
Change-Id: I13aa0c58bf168bc069edf1d5c0187f89011fffdb
With this change each node will be labeled with the following:
* --node-labels=magnum.openstack.org/role=${NODEGROUP_ROLE}
* --node-labels=magnum.openstack.org/nodegroup=${NODEGROUP_NAME}
Change-Id: Ic410a059b19a1252cdf6eed786964c5c7b03d01c
Removes the role heat param from all templates. Instead and only for
k8s templates adds the master_role and worker_role params. The new
worker_only condition should be true for all roles except for master.
Finally, adds the missing is_cluster_stack param to all templates.
Change-Id: Ie0799373fe492c2e0a0cad903ed6e8c93e6266b5
* Changing the reference to 'Atomic' in the k8s_coreos_v1 driver
to 'Container Linux'
* Changing a misspelled 'mater' to 'master'
in swarm_fedora_atomic_v1/templates/swarmmaster.yaml description
* Changing a misspelled 'mater' to 'master' in
swarm_fedora_atomic_v1/templates/swarmmaster.yaml description
Change-Id: I69a31d2b91fed48f07f649fa876e208e268fb339
* Fedora CoreOS need the key to be passed as
a string.
* We can adopt in all drivers so that users in
the same project can do cluster resize.
story: 2005201
task: 36934
Change-Id: I9a18ce4dcbd74f0dcd23274baed7c8c3d2029d50
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
We kept introspecting the name of the instance with the assumption
that the network always existed under .novalocal
This is not always the case, with certain variables changed inside
Neutron it is possible to control this, therefore, leading in failing
deploys.
With this change, we pass the instance name directly to the cluster
and therefore we always have the accurate name.
Task: 36160
Story: 2006371
Change-Id: I2ba32844b822ffc14da043e6ef7d071bb62a22ee
We currently have a lot of duplicate functions across our drivers
which use Kubernetes. This takes them and brings them into a
common class called KubernetesDriver and cleans up the subclasses.
Change-Id: I6f880cb03ed43ec3bc9d3d9e5a7b87eaceda40e9
To enable the rolling upgrade ability of Kubernetes Cluster, this
patch is proposing a new API /upgrade to support upgrade the
base operating system of nodes and the version of Kubernetes, even
add-ons running on the k8s cluster:
POST <ClusterID>/actions/upgrade
And the post body will be:
{
"cluster_template": 'dd9cc5ed-3a2b-11e9-9233-fa163e46bcc2',
"max_batch_size": 1,
"nodegroup": "production_group"
}
Co-Authored-By: Feilong Wang <flwang@catalyst.net.nz>
Task: 30168
Story: 2002210
Change-Id: Ia168877778aa0d473383eb06b1c8a16dc06b0576
Using comma delimited ipv4 address list to specify multi dns server
"8.8.8.8,114.114.114.114".
Task: 29465
Story: 2004994
Change-Id: I031247b0cc2ae417f18b2a5b9b3832e78ed9dafd
- Never allocate floating IP for etcd service.
- Introduce a new label `master_lb_floating_ip_enabled` which controls
if Magnum allocates floating IP for the master load balancer. This
label only takes effect when the `master_lb_enabled` is set. The
default value is the same with `floating_ip_enabled`.
- The `floating_ip_enabled` property now only controls if Magnum
should allocate the floating IPs for the master and worker nodes.
Change-Id: I0a232406deaf112b0cb9e445735d7b49206c676d
Story: #2005153
Task: #29868
Return the nova instance UUID of worker nodes in kubeminion
templates. We will be able to remove resources from the
ResourceGroups based on nova instance uuid.
Backstory:
In heat a ResourceGroup creates a stack of depth 2. ResourceGroups
support removal policies to declare which resources must be removed.
This can be done by passing the index of the resource or the stack_id
of the nested stack. If a stack update call receives a list of
indices (eg [0, 5, 3]) or nested stack uuid (eg [uuidA, uuidB]), it
will remove the corresponding nested stacks.
In magnum's heat templates, a nested stack logically represents a
nova compute instance which is a cluster node. Using composition in
heat, we can change the way a resources group references the nested
stacks. This proposes to use the nova instance uuid as
'OS::stack_id'.
With this change, an external consumer of the stack (the cluster
autoscaler or an actual user) can remove resources from the
ResourceGroup using the nova instance uuid or resource index. Without
this change, a user or system (which typically knows the name,
server uuid or ip) would have to find in which nested stack a
kubernetes node belongs too. Resulting multiple call to heat.
The end result of this patch can be verified like this:
nested_stack_id=$(openstack stack resource show <STACK_ID_OR_NAME> kube_minions -c physical_resource_id -f value)
openstack stack show "${nested_stack_id}"
Task: 29664
Story: 2005054
Change-Id: I6d776f62d640c72b3228460392b92df94fe56fe6
Now Magnums onlys has one server group for all master and worker nodes
per cluster, which is not very flexible for small cloud scale. For a
3+ master clusters, it's easily meeting the capacity when using hard
anti-affinity policy. This patch is proposing one server group for each
master and worker nodes group to have better flexibility.
story: 2004195
Change-Id: If11ba863a2aa538efe1e3e850084bdd33afd27d2
A user may not rely on nova-keypairs to access their cluster
such as a preconfigured SSSD.
story: 2004402
task: 28035
Change-Id: I77fbdc174d3dddfd312fb8dac20516314d4c182e
Without those fixes new cluster fails with message:
ERROR: The Parameter (etcd_volume_size) was not defined in template.
Task: 1722523
Story: 20337
Change-Id: Ie38c9e010b61fafeda51ae8dccba94b6ed743f1d
In the OpenStack deployment with Octavia service enabled, the octavia
service should be used not only for master nodes high availability, but
also for k8s LoadBalancer type service implementation as well.
Change-Id: Ib61f59507510253794a4780a91e49aa6682c8039
Closes-Bug: #1770133
Due to bug #1746510, the kubernetes scale manager needs to be
disabled to not break the scale down command completely. Note, that when
magnum scales down the cluster will pick the nodes to scale randomly.
Related-Bug: #1746510
Change-Id: I8c3505ec6d155323288217e0c8ea54adabdff1c3
Currently, there is no guarantee to make sure all nodes of one cluster are
created on different compute hosts. So it would be nice if we can create
a server group and set it with anti-affinity policy to get a better HA
for cluster. This patch is proposing to create a server group for master
and minion nodes with soft-anti-affinity policy by default.
Closes-Bug: #1737802
Change-Id: Icc7a73ef55296a58bf00719ca4d1cdcc304fab86
In the drivers section of magnum.conf add openstack_ca_file.
This file is expected to be a CA Certificate OR CA bundle
which will be passed on every node and it will be installed
on the host's CA bundle.
Update devstack plugin to use the ssl bundle if tls-proxy is
enabled.
Install the CA for drivers:
k8s_coreos_v1
k8s_fedora_atomic_v1
k8s_fedora_ironic_v1
mesos_ubuntu_v1
swarm_fedora_atomic_v1
swarm_fedora_atomic_v2
Add doc in troubleshooting-guide.
Add release notes.
Closes-Bug: #1580704
Partially-Implements: blueprint heat-agent
Change-Id: Id48fbea187da667a5e7334694c3ec17c8e2504db
Added configuration parameter, verify_ca, to magnum.conf with default
value of True. This parameter is passed to the heat templates to
indicate whether the cluster nodes validate the Certificate Authority
when making requests to the OpenStack APIs (Keystone, Magnum, Heat).
This configuration parameter can be set to False to disable CA
validation.
Co-Authored-By: Vijendar Komalla <vijendar.komalla@rackspace.com>
Change-Id: Iab02cb1338b811dac0c147378dbd0e63c83f0413
Partial-Bug: #1663757
Everything is containerized in rkt. If behind proxy, flannel, etcd
and kubelet will failed to rkt fetch images and cluster creation
will failed.
Closes-Bug: #1689618
Change-Id: Ia12deeb659483980d2a20e4cba5d449167b600d0
The instance type of servers at the moment can become quite long
due to the Heat autogenerated names. This patch cleans up the names
so that they are shorter yet contain all the info needed to be able
to know where they belong to.
Change-Id: I5bcbe73f08844242d049b8408221da40d22cd3dc
Add docker_volume_size as an option during cluster create. If not given,
the default is taken from the cluster template.
Add docker_volume_size in the Cluster object and use that instead
of the one from ClusterTemplate.
Update both magnum and magnum cli documentation to reflect the above changes.
Partial-Bug: #1697648
Implements: blueprint flatten-attributes
Change-Id: Ic6d77e6fdf5b068fa5319b238f4fd98b4d499be4
host-gw offer better performances out of the box. Allowed address pair
are automatically configured by Magnum.
Change-Id: I5fd18b8d6b76f6a5f73b13bc4cfd19e52c33791c
Allow to specify a custom AUTH_URL for the templates in case instances
cannot reach internalURL which is the case in mose deployment.
A new variable in trust section: trustee_keystone_interface which
default to public is introduced.
Change-Id: I2a908c0752387e4ff4ad2b0fdf0c1025a73ce806
Closes-Bug: #1643197
kubernetes dashboard [1] has lot of features and is actively
managed.
With this patch kubernetes dashboard is added and enabled in
k8s coreos cluster by default.
The kubernetes dashboard is enabled by default. To disable it, set the
label 'kube_dashboard_enabled' to False
Reference:
[1] https://github.com/kubernetes/dashboard
Implements: blueprint add-kube-dashboard
Change-Id: I9b001ec3c232aea2395df7d83c6ac991cbf5dea3
Cluster that uses ETCD like swarm and K8s failed with LB and TLS enable
because ETCD LB protocol is HTTP but SSL termination in on the ETCD
node. ETCD LB protocol should be the same as K8s with TLS enable
Partial-Bug: #1679724
Change-Id: Ie8c8a7e4609c0e2e63095d4c18af84cc653654e1