2329cb7fb4
Due to a few several small connected patches for the fedora atomic driver, this patch includes 4 smaller patches. Patch 1: k8s: Do not start kubelet and kube-proxy on master Patch [1], misses the removal of kubelet and kube-proxy from enable-services-master.sh and therefore they are started if they exist in the image or the script will fail. https://review.openstack.org/#/c/533593/ Closes-Bug: #1726482 Patch 2: k8s: Set require-kubeconfig when needed From kubernetes 1.8 [1] --require-kubeconfig is deprecated and in kubernetes 1.9 it is removed. Add --require-kubeconfig only for k8s <= 1.8. [1] https://github.com/kubernetes/kubernetes/issues/36745 Closes-Bug: #1718926 https://review.openstack.org/#/c/534309/ Patch 3: k8s_fedora: Add RBAC configuration * Make certificates and kubeconfigs compatible with NodeAuthorizer [1]. * Add CoreDNS roles and rolebindings. * Create the system:kube-apiserver-to-kubelet ClusterRole. * Bind the system:kube-apiserver-to-kubelet ClusterRole to the kubernetes user. * remove creation of kube-system namespaces, it is created by default * update client cert generation in the conductor with kubernetes' requirements * Add --insecure-bind-address=127.0.0.1 to work on multi-master too. The controller manager on each node needs to contact the apiserver (on the same node) on 127.0.0.1:8080 [1] https://kubernetes.io/docs/admin/authorization/node/ Closes-Bug: #1742420 Depends-On: If43c3d0a0d83c42ff1fceffe4bcc333b31dbdaab https://review.openstack.org/#/c/527103/ Patch 4: k8s_fedora: Update coredns config to pass e2e To pass the e2e conformance tests, coredns needs to be configured with POD-MODE verified. Otherwise, pods won't be resolvable [1]. [1] https://github.com/coredns/coredns/tree/master/plugin/kubernetes https://review.openstack.org/#/c/528566/ Closes-Bug: #1738633 Change-Id: Ibd5245ca0f5a11e1d67a2514cebb2ffe8aa5e7de |
||
|---|---|---|
| .. | ||
| image | ||
| templates | ||
| __init__.py | ||
| driver.py | ||
| k8s_monitor.py | ||
| k8s_scale_manager.py | ||