Merge "Removing Tiller support"
This commit is contained in:
commit
52f479c8ec
|
@ -399,13 +399,6 @@ the table are linked to more details elsewhere in the user guide.
|
||||||
+---------------------------------------+--------------------+---------------+
|
+---------------------------------------+--------------------+---------------+
|
||||||
| `k8s_keystone_auth_tag`_ | see below | see below |
|
| `k8s_keystone_auth_tag`_ | see below | see below |
|
||||||
+---------------------------------------+--------------------+---------------+
|
+---------------------------------------+--------------------+---------------+
|
||||||
| `tiller_enabled`_ | - true | false |
|
|
||||||
| | - false | |
|
|
||||||
+---------------------------------------+--------------------+---------------+
|
|
||||||
| `tiller_tag`_ | see below | "" |
|
|
||||||
+---------------------------------------+--------------------+---------------+
|
|
||||||
| `tiller_namespace`_ | see below | see below |
|
|
||||||
+---------------------------------------+--------------------+---------------+
|
|
||||||
| `helm_client_url`_ | see below | see below |
|
| `helm_client_url`_ | see below | see below |
|
||||||
+---------------------------------------+--------------------+---------------+
|
+---------------------------------------+--------------------+---------------+
|
||||||
| `helm_client_sha256`_ | see below | see below |
|
| `helm_client_sha256`_ | see below | see below |
|
||||||
|
@ -1404,22 +1397,6 @@ _`k8s_keystone_auth_tag`
|
||||||
Train default: v1.14.0
|
Train default: v1.14.0
|
||||||
Ussuri default: v1.18.0
|
Ussuri default: v1.18.0
|
||||||
|
|
||||||
_`tiller_enabled`
|
|
||||||
If set to true, tiller will be deployed in the kube-system namespace.
|
|
||||||
Ussuri default: false
|
|
||||||
Train default: false
|
|
||||||
|
|
||||||
_`tiller_tag`
|
|
||||||
This label allows users to override the default container tag for Tiller.
|
|
||||||
For additional tags, `refer to Tiller page
|
|
||||||
<https://github.com/helm/helm/tags>`_ and look for tags<v3.0.0.
|
|
||||||
Train default: v2.12.3
|
|
||||||
Ussuri default: v2.16.7
|
|
||||||
|
|
||||||
_`tiller_namespace`
|
|
||||||
The namespace in which Tiller and Helm v2 chart install jobs are installed.
|
|
||||||
Default: magnum-tiller
|
|
||||||
|
|
||||||
_`helm_client_url`
|
_`helm_client_url`
|
||||||
URL of the helm client binary.
|
URL of the helm client binary.
|
||||||
Default: ''
|
Default: ''
|
||||||
|
@ -1431,8 +1408,7 @@ _`helm_client_sha256`
|
||||||
_`helm_client_tag`
|
_`helm_client_tag`
|
||||||
This label allows users to override the default container tag for Helm
|
This label allows users to override the default container tag for Helm
|
||||||
client. For additional tags, `refer to Helm client page
|
client. For additional tags, `refer to Helm client page
|
||||||
<https://github.com/helm/helm/tags>`_. You must use identical tiller_tag if
|
<https://github.com/helm/helm/tags>`_.
|
||||||
you wish to use Tiller (for helm_client_tag<v3.0.0).
|
|
||||||
Ussuri default: v3.2.1
|
Ussuri default: v3.2.1
|
||||||
|
|
||||||
_`master_lb_floating_ip_enabled`
|
_`master_lb_floating_ip_enabled`
|
||||||
|
@ -1683,8 +1659,6 @@ _`ingress_controller`
|
||||||
Controller is configured. For more details about octavia-ingress-controller
|
Controller is configured. For more details about octavia-ingress-controller
|
||||||
please refer to `cloud-provider-openstack document
|
please refer to `cloud-provider-openstack document
|
||||||
<https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/octavia-ingress-controller/using-octavia-ingress-controller.md>`_
|
<https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/octavia-ingress-controller/using-octavia-ingress-controller.md>`_
|
||||||
To use 'nginx' ingress controller, tiller_enabled must be true when using
|
|
||||||
helm_client_tag<v3.0.0.
|
|
||||||
|
|
||||||
_`ingress_controller_role`
|
_`ingress_controller_role`
|
||||||
This label defines the role nodes should have to run an instance of the
|
This label defines the role nodes should have to run an instance of the
|
||||||
|
|
|
@ -28,16 +28,12 @@ The installation of these services is controlled with the following labels:
|
||||||
_`metrics_server_enabled`
|
_`metrics_server_enabled`
|
||||||
metrics_server_enabled is used to enable disable the installation of
|
metrics_server_enabled is used to enable disable the installation of
|
||||||
the metrics server.
|
the metrics server.
|
||||||
To use this service tiller_enabled must be true when using
|
|
||||||
helm_client_tag<v3.0.0.
|
|
||||||
Train default: true
|
Train default: true
|
||||||
Stein default: true
|
Stein default: true
|
||||||
|
|
||||||
_`monitoring_enabled`
|
_`monitoring_enabled`
|
||||||
Enable installation of cluster monitoring solution provided by the
|
Enable installation of cluster monitoring solution provided by the
|
||||||
stable/prometheus-operator helm chart.
|
stable/prometheus-operator helm chart.
|
||||||
To use this service tiller_enabled must be true when using
|
|
||||||
helm_client_tag<v3.0.0.
|
|
||||||
Default: false
|
Default: false
|
||||||
|
|
||||||
_`prometheus_adapter_enabled`
|
_`prometheus_adapter_enabled`
|
||||||
|
|
|
@ -1,237 +0,0 @@
|
||||||
. /etc/sysconfig/heat-params
|
|
||||||
|
|
||||||
step="enable-helm-tiller"
|
|
||||||
printf "Starting to run ${step}\n"
|
|
||||||
|
|
||||||
if [ "$(echo ${TILLER_ENABLED} | tr '[:upper:]' '[:lower:]')" == "true" ]; then
|
|
||||||
CERTS_DIR="/etc/kubernetes/helm/certs/"
|
|
||||||
mkdir -p "${CERTS_DIR}"
|
|
||||||
|
|
||||||
# Private CA key
|
|
||||||
openssl genrsa -out "${CERTS_DIR}/ca.key.pem" 4096
|
|
||||||
|
|
||||||
# CA public cert
|
|
||||||
openssl req -key "${CERTS_DIR}/ca.key.pem" -new -x509 -days 7300 -sha256 -out "${CERTS_DIR}/ca.cert.pem" -extensions v3_ca -subj "/C=US/ST=Texas/L=Austin/O=OpenStack/OU=Magnum/CN=tiller"
|
|
||||||
|
|
||||||
# Private tiller-server key
|
|
||||||
openssl genrsa -out "${CERTS_DIR}/tiller.key.pem" 4096
|
|
||||||
|
|
||||||
# Private helm-client key
|
|
||||||
openssl genrsa -out "${CERTS_DIR}/helm.key.pem" 4096
|
|
||||||
|
|
||||||
# Request for tiller-server cert
|
|
||||||
openssl req -key "${CERTS_DIR}/tiller.key.pem" -new -sha256 -out "${CERTS_DIR}/tiller.csr.pem" -subj "/C=US/ST=Texas/L=Austin/O=OpenStack/OU=Magnum/CN=tiller-server"
|
|
||||||
|
|
||||||
# Request for helm-client cert
|
|
||||||
openssl req -key "${CERTS_DIR}/helm.key.pem" -new -sha256 -out "${CERTS_DIR}/helm.csr.pem" -subj "/C=US/ST=Texas/L=Austin/O=OpenStack/OU=Magnum/CN=helm-client"
|
|
||||||
|
|
||||||
# Sign tiller-server cert
|
|
||||||
openssl x509 -req -CA "${CERTS_DIR}/ca.cert.pem" -CAkey "${CERTS_DIR}/ca.key.pem" -CAcreateserial -in "${CERTS_DIR}/tiller.csr.pem" -out "${CERTS_DIR}/tiller.cert.pem" -days 365
|
|
||||||
|
|
||||||
# Sign helm-client cert
|
|
||||||
openssl x509 -req -CA "${CERTS_DIR}/ca.cert.pem" -CAkey "${CERTS_DIR}/ca.key.pem" -CAcreateserial -in "${CERTS_DIR}/helm.csr.pem" -out "${CERTS_DIR}/helm.cert.pem" -days 365
|
|
||||||
|
|
||||||
_tiller_prefix=${CONTAINER_INFRA_PREFIX:-gcr.io/kubernetes-helm/}
|
|
||||||
TILLER_RBAC=/srv/magnum/kubernetes/manifests/tiller-rbac.yaml
|
|
||||||
TILLER_DEPLOYER=/srv/magnum/kubernetes/manifests/deploy-tiller.yaml
|
|
||||||
|
|
||||||
TILLER_IMAGE="${_tiller_prefix}tiller:${TILLER_TAG}"
|
|
||||||
|
|
||||||
[ -f ${TILLER_RBAC} ] || {
|
|
||||||
echo "Writing File: $TILLER_RBAC"
|
|
||||||
mkdir -p $(dirname ${TILLER_RBAC})
|
|
||||||
cat << EOF > ${TILLER_RBAC}
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: ${TILLER_NAMESPACE}
|
|
||||||
---
|
|
||||||
# Tiller service account
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
name: tiller
|
|
||||||
namespace: ${TILLER_NAMESPACE}
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: tiller
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: cluster-admin
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: tiller
|
|
||||||
namespace: ${TILLER_NAMESPACE}
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
|
|
||||||
[ -f ${TILLER_DEPLOYER} ] || {
|
|
||||||
echo "Writing File: $TILLER_DEPLOYER"
|
|
||||||
mkdir -p $(dirname ${TILLER_DEPLOYER})
|
|
||||||
cat << EOF > ${TILLER_DEPLOYER}
|
|
||||||
---
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
labels:
|
|
||||||
app: helm
|
|
||||||
name: tiller
|
|
||||||
name: tiller-deploy
|
|
||||||
namespace: ${TILLER_NAMESPACE}
|
|
||||||
spec:
|
|
||||||
replicas: 1
|
|
||||||
strategy: {}
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: helm
|
|
||||||
name: tiller
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
labels:
|
|
||||||
app: helm
|
|
||||||
name: tiller
|
|
||||||
spec:
|
|
||||||
automountServiceAccountToken: true
|
|
||||||
containers:
|
|
||||||
- env:
|
|
||||||
- name: TILLER_NAMESPACE
|
|
||||||
value: ${TILLER_NAMESPACE}
|
|
||||||
- name: TILLER_HISTORY_MAX
|
|
||||||
value: "0"
|
|
||||||
- name: TILLER_TLS_VERIFY
|
|
||||||
value: "1"
|
|
||||||
- name: TILLER_TLS_ENABLE
|
|
||||||
value: "1"
|
|
||||||
- name: TILLER_TLS_CERTS
|
|
||||||
value: /etc/certs
|
|
||||||
image: ${TILLER_IMAGE}
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /liveness
|
|
||||||
port: 44135
|
|
||||||
initialDelaySeconds: 1
|
|
||||||
timeoutSeconds: 1
|
|
||||||
name: tiller
|
|
||||||
ports:
|
|
||||||
- containerPort: 44134
|
|
||||||
name: tiller
|
|
||||||
- containerPort: 44135
|
|
||||||
name: http
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /readiness
|
|
||||||
port: 44135
|
|
||||||
initialDelaySeconds: 1
|
|
||||||
timeoutSeconds: 1
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 25m
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /etc/certs
|
|
||||||
name: tiller-certs
|
|
||||||
readOnly: true
|
|
||||||
serviceAccountName: tiller
|
|
||||||
tolerations:
|
|
||||||
# Make sure the pod can be scheduled on master kubelet.
|
|
||||||
- effect: NoSchedule
|
|
||||||
operator: Exists
|
|
||||||
# Mark the pod as a critical add-on for rescheduling.
|
|
||||||
- key: CriticalAddonsOnly
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoExecute
|
|
||||||
operator: Exists
|
|
||||||
# run only on master nodes
|
|
||||||
nodeSelector:
|
|
||||||
node-role.kubernetes.io/master: ""
|
|
||||||
volumes:
|
|
||||||
- name: tiller-certs
|
|
||||||
secret:
|
|
||||||
secretName: tiller-secret
|
|
||||||
status: {}
|
|
||||||
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
labels:
|
|
||||||
app: helm
|
|
||||||
name: tiller
|
|
||||||
name: tiller-deploy
|
|
||||||
namespace: ${TILLER_NAMESPACE}
|
|
||||||
spec:
|
|
||||||
ports:
|
|
||||||
- name: tiller
|
|
||||||
port: 44134
|
|
||||||
targetPort: tiller
|
|
||||||
selector:
|
|
||||||
app: helm
|
|
||||||
name: tiller
|
|
||||||
type: ClusterIP
|
|
||||||
status:
|
|
||||||
loadBalancer: {}
|
|
||||||
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
type: Opaque
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
labels:
|
|
||||||
app: helm
|
|
||||||
name: tiller
|
|
||||||
name: tiller-secret
|
|
||||||
namespace: ${TILLER_NAMESPACE}
|
|
||||||
data:
|
|
||||||
ca.crt: $(cat "${CERTS_DIR}/ca.cert.pem" | base64 --wrap=0)
|
|
||||||
tls.crt: $(cat "${CERTS_DIR}/tiller.cert.pem" | base64 --wrap=0)
|
|
||||||
tls.key: $(cat "${CERTS_DIR}/tiller.key.pem" | base64 --wrap=0)
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
type: Opaque
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
labels:
|
|
||||||
app: helm
|
|
||||||
name: tiller-ca-key
|
|
||||||
name: tiller-ca-key
|
|
||||||
namespace: ${TILLER_NAMESPACE}
|
|
||||||
data:
|
|
||||||
ca.key.pem: $(cat "${CERTS_DIR}/ca.key.pem" | base64 --wrap=0)
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
type: Opaque
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
labels:
|
|
||||||
app: helm
|
|
||||||
name: helm-client
|
|
||||||
name: helm-client-secret
|
|
||||||
namespace: ${TILLER_NAMESPACE}
|
|
||||||
data:
|
|
||||||
ca.pem: $(cat "${CERTS_DIR}/ca.cert.pem" | base64 --wrap=0)
|
|
||||||
cert.pem: $(cat "${CERTS_DIR}/helm.cert.pem" | base64 --wrap=0)
|
|
||||||
key.pem: $(cat "${CERTS_DIR}/helm.key.pem" | base64 --wrap=0)
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
|
|
||||||
until [ "ok" = "$(kubectl get --raw='/healthz')" ]
|
|
||||||
do
|
|
||||||
echo "Waiting for Kubernetes API..."
|
|
||||||
sleep 5
|
|
||||||
done
|
|
||||||
|
|
||||||
kubectl apply -f ${TILLER_RBAC}
|
|
||||||
kubectl apply -f ${TILLER_DEPLOYER}
|
|
||||||
fi
|
|
||||||
|
|
||||||
printf "Finished running ${step}\n"
|
|
|
@ -24,68 +24,63 @@ until [ "ok" = "$(kubectl get --raw='/healthz')" ]; do
|
||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
|
|
||||||
if [[ "$(echo ${TILLER_ENABLED} | tr '[:upper:]' '[:lower:]')" != "true" && "${HELM_CLIENT_TAG}" == v2.* ]]; then
|
if [ -z "${HELM_CLIENT_URL}" ] ; then
|
||||||
echo "Use --labels tiller_enabled=True for helm_client_tag<v3.0.0 to allow for tiller dependent resources to be installed."
|
HELM_CLIENT_URL="https://get.helm.sh/helm-$HELM_CLIENT_TAG-linux-amd64.tar.gz"
|
||||||
else
|
fi
|
||||||
if [ -z "${HELM_CLIENT_URL}" ] ; then
|
i=0
|
||||||
HELM_CLIENT_URL="https://get.helm.sh/helm-$HELM_CLIENT_TAG-linux-amd64.tar.gz"
|
until curl -o /srv/magnum/helm-client.tar.gz "${HELM_CLIENT_URL}"; do
|
||||||
fi
|
i=$((i + 1))
|
||||||
i=0
|
[ $i -lt 5 ] || break;
|
||||||
until curl -o /srv/magnum/helm-client.tar.gz "${HELM_CLIENT_URL}"; do
|
sleep 5
|
||||||
i=$((i + 1))
|
done
|
||||||
[ $i -lt 5 ] || break;
|
|
||||||
sleep 5
|
if ! echo "${HELM_CLIENT_SHA256} /srv/magnum/helm-client.tar.gz" | sha256sum -c - ; then
|
||||||
|
echo "ERROR helm-client.tar.gz computed checksum did NOT match, exiting."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
source /etc/bashrc
|
||||||
|
$ssh_cmd tar xzvf /srv/magnum/helm-client.tar.gz linux-amd64/helm -O > /srv/magnum/bin/helm
|
||||||
|
$ssh_cmd chmod +x /srv/magnum/bin/helm
|
||||||
|
|
||||||
|
helm_install_cmd="helm upgrade --install magnum . --namespace kube-system --values values.yaml --render-subchart-notes"
|
||||||
|
helm_history_cmd="helm history magnum --namespace kube-system"
|
||||||
|
if [[ "${HELM_CLIENT_TAG}" == v2.* ]]; then
|
||||||
|
CERTS_DIR="/etc/kubernetes/helm/certs"
|
||||||
|
export HELM_HOME="/srv/magnum/kubernetes/helm/home"
|
||||||
|
export HELM_TLS_ENABLE="true"
|
||||||
|
mkdir -p "${HELM_HOME}"
|
||||||
|
ln -s ${CERTS_DIR}/helm.cert.pem ${HELM_HOME}/cert.pem
|
||||||
|
ln -s ${CERTS_DIR}/helm.key.pem ${HELM_HOME}/key.pem
|
||||||
|
ln -s ${CERTS_DIR}/ca.cert.pem ${HELM_HOME}/ca.pem
|
||||||
|
|
||||||
|
# HACK - Force wait because of bug https://github.com/helm/helm/issues/5170
|
||||||
|
until helm init --client-only --wait; do
|
||||||
|
sleep 5s
|
||||||
done
|
done
|
||||||
|
helm_install_cmd="helm upgrade --install --name magnum . --namespace kube-system --values values.yaml --render-subchart-notes"
|
||||||
|
helm_history_cmd="helm history magnum"
|
||||||
|
fi
|
||||||
|
|
||||||
if ! echo "${HELM_CLIENT_SHA256} /srv/magnum/helm-client.tar.gz" | sha256sum -c - ; then
|
HELM_CHART_DIR="/srv/magnum/kubernetes/helm/magnum"
|
||||||
echo "ERROR helm-client.tar.gz computed checksum did NOT match, exiting."
|
if [[ -d "${HELM_CHART_DIR}" ]]; then
|
||||||
exit 1
|
pushd ${HELM_CHART_DIR}
|
||||||
fi
|
cat << EOF > Chart.yaml
|
||||||
|
|
||||||
source /etc/bashrc
|
|
||||||
$ssh_cmd tar xzvf /srv/magnum/helm-client.tar.gz linux-amd64/helm -O > /srv/magnum/bin/helm
|
|
||||||
$ssh_cmd chmod +x /srv/magnum/bin/helm
|
|
||||||
|
|
||||||
helm_install_cmd="helm upgrade --install magnum . --namespace kube-system --values values.yaml --render-subchart-notes"
|
|
||||||
helm_history_cmd="helm history magnum --namespace kube-system"
|
|
||||||
if [[ "${HELM_CLIENT_TAG}" == v2.* ]]; then
|
|
||||||
CERTS_DIR="/etc/kubernetes/helm/certs"
|
|
||||||
export HELM_HOME="/srv/magnum/kubernetes/helm/home"
|
|
||||||
export HELM_TLS_ENABLE="true"
|
|
||||||
export TILLER_NAMESPACE
|
|
||||||
mkdir -p "${HELM_HOME}"
|
|
||||||
ln -s ${CERTS_DIR}/helm.cert.pem ${HELM_HOME}/cert.pem
|
|
||||||
ln -s ${CERTS_DIR}/helm.key.pem ${HELM_HOME}/key.pem
|
|
||||||
ln -s ${CERTS_DIR}/ca.cert.pem ${HELM_HOME}/ca.pem
|
|
||||||
|
|
||||||
# HACK - Force wait because of bug https://github.com/helm/helm/issues/5170
|
|
||||||
until helm init --client-only --wait; do
|
|
||||||
sleep 5s
|
|
||||||
done
|
|
||||||
helm_install_cmd="helm upgrade --install --name magnum . --namespace kube-system --values values.yaml --render-subchart-notes"
|
|
||||||
helm_history_cmd="helm history magnum"
|
|
||||||
fi
|
|
||||||
|
|
||||||
HELM_CHART_DIR="/srv/magnum/kubernetes/helm/magnum"
|
|
||||||
if [[ -d "${HELM_CHART_DIR}" ]]; then
|
|
||||||
pushd ${HELM_CHART_DIR}
|
|
||||||
cat << EOF > Chart.yaml
|
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
name: magnum
|
name: magnum
|
||||||
version: 1.0.0
|
version: 1.0.0
|
||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: Magnum Helm Charts
|
description: Magnum Helm Charts
|
||||||
EOF
|
EOF
|
||||||
sed -i '1i\dependencies:' requirements.yaml
|
sed -i '1i\dependencies:' requirements.yaml
|
||||||
|
|
||||||
i=0
|
i=0
|
||||||
until ($helm_history_cmd | grep magnum | grep deployed) || (helm dep update && $helm_install_cmd); do
|
until ($helm_history_cmd | grep magnum | grep deployed) || (helm dep update && $helm_install_cmd); do
|
||||||
i=$((i + 1))
|
i=$((i + 1))
|
||||||
[ $i -lt 60 ] || break;
|
[ $i -lt 60 ] || break;
|
||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
popd
|
popd
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "END: ${step}"
|
echo "END: ${step}"
|
||||||
|
|
|
@ -124,9 +124,6 @@ KEYSTONE_AUTH_ENABLED="$KEYSTONE_AUTH_ENABLED"
|
||||||
K8S_KEYSTONE_AUTH_TAG="$K8S_KEYSTONE_AUTH_TAG"
|
K8S_KEYSTONE_AUTH_TAG="$K8S_KEYSTONE_AUTH_TAG"
|
||||||
PROJECT_ID="$PROJECT_ID"
|
PROJECT_ID="$PROJECT_ID"
|
||||||
EXTERNAL_NETWORK_ID="$EXTERNAL_NETWORK_ID"
|
EXTERNAL_NETWORK_ID="$EXTERNAL_NETWORK_ID"
|
||||||
TILLER_ENABLED="$TILLER_ENABLED"
|
|
||||||
TILLER_TAG="$TILLER_TAG"
|
|
||||||
TILLER_NAMESPACE="$TILLER_NAMESPACE"
|
|
||||||
HELM_CLIENT_URL="$HELM_CLIENT_URL"
|
HELM_CLIENT_URL="$HELM_CLIENT_URL"
|
||||||
HELM_CLIENT_SHA256="$HELM_CLIENT_SHA256"
|
HELM_CLIENT_SHA256="$HELM_CLIENT_SHA256"
|
||||||
HELM_CLIENT_TAG="$HELM_CLIENT_TAG"
|
HELM_CLIENT_TAG="$HELM_CLIENT_TAG"
|
||||||
|
|
|
@ -111,9 +111,6 @@ class K8sFedoraTemplateDefinition(k8s_template_def.K8sTemplateDefinition):
|
||||||
'prometheus_adapter_chart_tag',
|
'prometheus_adapter_chart_tag',
|
||||||
'prometheus_adapter_configmap',
|
'prometheus_adapter_configmap',
|
||||||
'selinux_mode',
|
'selinux_mode',
|
||||||
'tiller_enabled',
|
|
||||||
'tiller_tag',
|
|
||||||
'tiller_namespace',
|
|
||||||
'helm_client_url', 'helm_client_sha256',
|
'helm_client_url', 'helm_client_sha256',
|
||||||
'helm_client_tag',
|
'helm_client_tag',
|
||||||
'traefik_ingress_controller_tag',
|
'traefik_ingress_controller_tag',
|
||||||
|
|
|
@ -789,21 +789,6 @@ parameters:
|
||||||
description: >
|
description: >
|
||||||
project id of current project
|
project id of current project
|
||||||
|
|
||||||
tiller_enabled:
|
|
||||||
type: boolean
|
|
||||||
description: Choose whether to install tiller or not.
|
|
||||||
default: false
|
|
||||||
|
|
||||||
tiller_tag:
|
|
||||||
type: string
|
|
||||||
description: tag of tiller container
|
|
||||||
default: "v2.16.7"
|
|
||||||
|
|
||||||
tiller_namespace:
|
|
||||||
type: string
|
|
||||||
description: namespace where tiller will be installed.
|
|
||||||
default: "magnum-tiller"
|
|
||||||
|
|
||||||
helm_client_url:
|
helm_client_url:
|
||||||
type: string
|
type: string
|
||||||
description: url of helm client tarball
|
description: url of helm client tarball
|
||||||
|
@ -1364,9 +1349,6 @@ resources:
|
||||||
prometheus_adapter_chart_tag: {get_param: prometheus_adapter_chart_tag}
|
prometheus_adapter_chart_tag: {get_param: prometheus_adapter_chart_tag}
|
||||||
prometheus_adapter_configmap: {get_param: prometheus_adapter_configmap}
|
prometheus_adapter_configmap: {get_param: prometheus_adapter_configmap}
|
||||||
project_id: {get_param: project_id}
|
project_id: {get_param: project_id}
|
||||||
tiller_enabled: {get_param: tiller_enabled}
|
|
||||||
tiller_tag: {get_param: tiller_tag}
|
|
||||||
tiller_namespace: {get_param: tiller_namespace}
|
|
||||||
helm_client_url: {get_param: helm_client_url}
|
helm_client_url: {get_param: helm_client_url}
|
||||||
helm_client_sha256: {get_param: helm_client_sha256}
|
helm_client_sha256: {get_param: helm_client_sha256}
|
||||||
helm_client_tag: {get_param: helm_client_tag}
|
helm_client_tag: {get_param: helm_client_tag}
|
||||||
|
@ -1417,7 +1399,6 @@ resources:
|
||||||
- get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh
|
- get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh
|
||||||
- get_file: ../../common/templates/kubernetes/fragments/calico-service.sh
|
- get_file: ../../common/templates/kubernetes/fragments/calico-service.sh
|
||||||
- get_file: ../../common/templates/kubernetes/fragments/flannel-service.sh
|
- get_file: ../../common/templates/kubernetes/fragments/flannel-service.sh
|
||||||
- get_file: ../../common/templates/kubernetes/fragments/enable-helm-tiller.sh
|
|
||||||
- str_replace:
|
- str_replace:
|
||||||
template: {get_file: ../../common/templates/kubernetes/fragments/enable-prometheus-monitoring.sh}
|
template: {get_file: ../../common/templates/kubernetes/fragments/enable-prometheus-monitoring.sh}
|
||||||
params:
|
params:
|
||||||
|
|
|
@ -545,18 +545,6 @@ parameters:
|
||||||
description: >
|
description: >
|
||||||
project id of current project
|
project id of current project
|
||||||
|
|
||||||
tiller_enabled:
|
|
||||||
type: string
|
|
||||||
description: Whether to enable tiller or not
|
|
||||||
|
|
||||||
tiller_tag:
|
|
||||||
type: string
|
|
||||||
description: tag of tiller container
|
|
||||||
|
|
||||||
tiller_namespace:
|
|
||||||
type: string
|
|
||||||
description: namespace where tiller will be installed
|
|
||||||
|
|
||||||
helm_client_url:
|
helm_client_url:
|
||||||
type: string
|
type: string
|
||||||
description: url of helm client tarball
|
description: url of helm client tarball
|
||||||
|
@ -895,9 +883,6 @@ resources:
|
||||||
"$PROMETHEUS_ADAPTER_CONFIGMAP": {get_param: prometheus_adapter_configmap}
|
"$PROMETHEUS_ADAPTER_CONFIGMAP": {get_param: prometheus_adapter_configmap}
|
||||||
"$PROJECT_ID": {get_param: project_id}
|
"$PROJECT_ID": {get_param: project_id}
|
||||||
"$EXTERNAL_NETWORK_ID": {get_param: external_network}
|
"$EXTERNAL_NETWORK_ID": {get_param: external_network}
|
||||||
"$TILLER_ENABLED": {get_param: tiller_enabled}
|
|
||||||
"$TILLER_TAG": {get_param: tiller_tag}
|
|
||||||
"$TILLER_NAMESPACE": {get_param: tiller_namespace}
|
|
||||||
"$HELM_CLIENT_URL": {get_param: helm_client_url}
|
"$HELM_CLIENT_URL": {get_param: helm_client_url}
|
||||||
"$HELM_CLIENT_SHA256": {get_param: helm_client_sha256}
|
"$HELM_CLIENT_SHA256": {get_param: helm_client_sha256}
|
||||||
"$HELM_CLIENT_TAG": {get_param: helm_client_tag}
|
"$HELM_CLIENT_TAG": {get_param: helm_client_tag}
|
||||||
|
|
|
@ -509,12 +509,6 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
||||||
prometheus_adapter_configmap = mock_cluster.labels.get(
|
prometheus_adapter_configmap = mock_cluster.labels.get(
|
||||||
'prometheus_adapter_configmap')
|
'prometheus_adapter_configmap')
|
||||||
project_id = mock_cluster.project_id
|
project_id = mock_cluster.project_id
|
||||||
tiller_enabled = mock_cluster.labels.get(
|
|
||||||
'tiller_enabled')
|
|
||||||
tiller_tag = mock_cluster.labels.get(
|
|
||||||
'tiller_tag')
|
|
||||||
tiller_namespace = mock_cluster.labels.get(
|
|
||||||
'tiller_namespace')
|
|
||||||
helm_client_url = mock_cluster.labels.get(
|
helm_client_url = mock_cluster.labels.get(
|
||||||
'helm_client_url')
|
'helm_client_url')
|
||||||
helm_client_sha256 = mock_cluster.labels.get(
|
helm_client_sha256 = mock_cluster.labels.get(
|
||||||
|
@ -655,9 +649,6 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
||||||
'prometheus_adapter_configmap': prometheus_adapter_configmap,
|
'prometheus_adapter_configmap': prometheus_adapter_configmap,
|
||||||
'project_id': project_id,
|
'project_id': project_id,
|
||||||
'external_network': external_network_id,
|
'external_network': external_network_id,
|
||||||
'tiller_enabled': tiller_enabled,
|
|
||||||
'tiller_tag': tiller_tag,
|
|
||||||
'tiller_namespace': tiller_namespace,
|
|
||||||
'helm_client_url': helm_client_url,
|
'helm_client_url': helm_client_url,
|
||||||
'helm_client_sha256': helm_client_sha256,
|
'helm_client_sha256': helm_client_sha256,
|
||||||
'helm_client_tag': helm_client_tag,
|
'helm_client_tag': helm_client_tag,
|
||||||
|
@ -1072,12 +1063,6 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
||||||
prometheus_adapter_configmap = mock_cluster.labels.get(
|
prometheus_adapter_configmap = mock_cluster.labels.get(
|
||||||
'prometheus_adapter_configmap')
|
'prometheus_adapter_configmap')
|
||||||
project_id = mock_cluster.project_id
|
project_id = mock_cluster.project_id
|
||||||
tiller_enabled = mock_cluster.labels.get(
|
|
||||||
'tiller_enabled')
|
|
||||||
tiller_tag = mock_cluster.labels.get(
|
|
||||||
'tiller_tag')
|
|
||||||
tiller_namespace = mock_cluster.labels.get(
|
|
||||||
'tiller_namespace')
|
|
||||||
helm_client_url = mock_cluster.labels.get(
|
helm_client_url = mock_cluster.labels.get(
|
||||||
'helm_client_url')
|
'helm_client_url')
|
||||||
helm_client_sha256 = mock_cluster.labels.get(
|
helm_client_sha256 = mock_cluster.labels.get(
|
||||||
|
@ -1222,9 +1207,6 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
||||||
'prometheus_adapter_configmap': prometheus_adapter_configmap,
|
'prometheus_adapter_configmap': prometheus_adapter_configmap,
|
||||||
'project_id': project_id,
|
'project_id': project_id,
|
||||||
'external_network': external_network_id,
|
'external_network': external_network_id,
|
||||||
'tiller_enabled': tiller_enabled,
|
|
||||||
'tiller_tag': tiller_tag,
|
|
||||||
'tiller_namespace': tiller_namespace,
|
|
||||||
'helm_client_url': helm_client_url,
|
'helm_client_url': helm_client_url,
|
||||||
'helm_client_sha256': helm_client_sha256,
|
'helm_client_sha256': helm_client_sha256,
|
||||||
'helm_client_tag': helm_client_tag,
|
'helm_client_tag': helm_client_tag,
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
``Tiller`` support has been dropped, following labels are not functional
|
||||||
|
anymore:
|
||||||
|
* ``tiller_enabled``
|
||||||
|
* ``tiller_tag``
|
||||||
|
* ``tiller_namespace``
|
Loading…
Reference in New Issue