Since after v3.5.6 etcd-io switched to a
distroless base image. Etcd anchor pods
are now using etcd-utility and etcd is
running a sidecar for health checks.
Change-Id: I198dca1209097de4d60a53a7568f0c4790679599
This PS updates python modules and code to match Airflow 2.6.2:
- bionic py36 gates were removed
- python code corrected to match new modules versions
- selection of python modules versions was perfoemed based on
airflow-2.6.2 constraints
Change-Id: I9c3e139b3437414a61af7e7c0b7d7e533fadefda
upgrades kubernetes client to v1.26.0
remove installation of containerd during genesis.sh to prevent containerd downgrade
update bitnami kubectl image to image with curl installed for readiness check
Change-Id: I3afd5a7e7211bae3f52263167a62a012da0619a0
add focal dockerfile
update zuul jobs for focal
update tox for tox4 changes
update all requirements to latest and match deckhand
update cfssl from R1.2 to v1.6.3
fixed local gates for focal
updated examples promenade manifests to run on focal
Change-Id: I2af4043784766d36588c6f738053ad66e7b89a90
Address changes and deprecations in Kubernetes v1.21=>v1.23
controller-manager:
* --authorization-kubeconfig and --authentication-kubeconfig must be set
* liveness/readiness probes must use HTTPS
* the default port has been changed to 10257
kubelet:
* --dynamic-config-dir has been deprecated, will not move to GA
* --cni-bin-dir has been deprecated, will be removed with dockershim
* --cni-conf-dir has been deprecated, will be removed with dockershim
* --network-plugin has been deprecated, will be removed with dockershim
https: //github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md#deprecation
https: //kubernetes.io/docs/tasks/administer-cluster/reconfigure-kubelet/
https: //github.com/kubernetes/enhancements/tree/master/keps/sig-node/281-dynamic-kubelet-configuration
Change-Id: Ia996d7c14d81d1d8b8067f11c02ffb4ce90eb49a
Update the anchor pods to use a regularly patched and updated kubectl
image that contains the necessary components (bash, jq, curl, etc.) in
addition to kubectl: https://hub.docker.com/r/bitnami/kubectl
Change-Id: Ia3e75dc334c3c1a88abfec10fb0367447e79a538
Removing set -x from within the dump_databases_to_directory function.
The set -x from within the function is causing all the code that
follows the function call to have debug tracing on. This in turns
causing multiple identical logs for the same event. Looking at this
function, there should be enough logging to aid debugging.
Reference ps: https://review.opendev.org/c/openstack/openstack-helm-infra/+/830533
(commit 2fc1ce4a142e605a9fc6c90dceabbf7c4bfb81e3)
Change-Id: Id442972bbcca983afab7c4f3c29f3686e9e0b481
Uplifting tiller image to ghcr.io/helm/tiller:v2.17.0 since
v2.16.1 is not available anymore
Update the helm installation script to download and install v2.17.0
Change-Id: I92a7fe096a32377e155a298dc258bc2f4b93a2c1
Removed PersistentVolumeLabel from apiserver to fix below warning.
Deprecated warning:
1. PersistentVolumeLabel admission controller is deprecated.
Please remove this controller from your configuration files and scripts.
2. insecure-port has been deprecated, This flag has no effect now
and will be removed in v1.24.
Change-Id: Iaccff8467b5ed967fa41e85b38c27f7345cd97bb
Update example manifests to use latest bionic based armada and deckhand images to fix the zuul gates.
Change-Id: Ic70b7269a73a3b34608442ee71620358fa8785c2
In v1.20, TokenRequest and TokenRequestProjection become GA features,
and the following flags are required by the API server:
* --service-account-issuer
* --service-account-key-file
* --service-account-signing-key-file
This change ensures that the flags are set, and that the required keys
are in the right places.
Change-Id: I6606c5b1c9ff005d1943b424e3e7ad4d20b68408
The TaintBasedEvictions feature gate graduated to GA in v1.18, and is on
by default. This change removes references to the feature gate.
Change-Id: Ice2dd335cb9358583d0751eb50ce5ec0f9c4f999
Interesting gate failure:
* kubernetes-etcd chart is installed
* kubernetes-etcd-anchor pod creates a new kubernetes-etcd manifest
* kubernetes-etcd pod restarts
* an etcd leader election happens, triggering a tiller failure
* tiller tries to purge/delete the chart
* the kubernetes-etcd-anchor can't terminate, because the preStop gets
stuck in a loop trying to talk to etcd via the service endpoint, and the
termination grace period is 3600s
This change just takes the approach of disabling the cleanup for the
kubernetes etcd anchor pod.
An alternative fix is to change the grace period to something shorter.
However, at this point, the haproxy anchor and kube-apiserver anchor
pods have done their jobs, so kube-apiserver is talking to etcd via
haproxy, and haproxy only knows about the kubernetes-etcd pod, not the
auxiliary etcd pods. It is likely that the kubernetes-etcd anchor would
restart and spin up a new kubernetes etcd pod in time, but it may
occasionally fail.
Change-Id: Ifa71394b2f87e227a6c4ad1b4c80900cec6f5684
Replace all usages of the hyperkube image with standalone container
images for apiserver, controller, scheduler, and proxy.
Change-Id: I44392c7900a72edd35bc5afa1c50bec8e04f927f
gcr.io/google_containers/ no longer contains some of the image
versions we require, use the new location.
Change-Id: I8f9a976a35ca632d785dd4d05f2a55713bde8c3e
This patch includes the upstream helm toolkit change below which adds
the capability to delete an archive from the local or remote data stores.
https://review.opendev.org/#/c/758859/
(commit 2d1fe882bb751c03ee741a6166c9c8a5fad8f926)
Change-Id: Iec3f234f5be780bd90d233b1cba58d11127d5d28
Include below patchset to make database backups work with
openstack Train release.
https://review.opendev.org/#/c/754831
Change-Id: I8004ac8320f02bb0acbf0edd9caa9520a94aada1
This ps makes following changes to upgrade kubernetes from v1.17.3
to v1.18.6.
- Updated all references to k8s images to 1.18.6
- Updated command options and api object and versions based on
k8s 1.18 release notes:
https://kubernetes.io/docs/setup/release/notes/
- Uplifted uwsgi to 2.0.19.1 to align with other airship
components, and to bring in fixes and improvements.
- Added build-essentials and python3-dev packages to pass the zull
gate, which was looking for a c compiler.
Change-Id: I1160d1e6e2f02a0524043641b9296ea39edb301e
Include fix [0] to add namespace to error logs generated.
[0] https://review.opendev.org/#/c/741548
Change-Id: I1d3ab8be54f6a4de001d79ed1fd6297523042cd6
Include fix [0] return code when remote rgw fails.
Moving set -x in backup/restore.tpl below the source
of the framework code to reduce debug output.
[0] https://review.opendev.org/#/c/738665/
Change-Id: If9b7b317dff439ecb293d9837cac256884c53c6a
1) Include framework for remote etcd backups.
2) Use porthole etcdctl utility image for backups.
3) Move helm-toolkit pin to latest commit.
4) Add a keystone user for RGW.
5) Add a secret for Swift API access.
6) Add a secret for backup/restore configuration.
Change-Id: Ica549c3b6bc00ca55540b8ffedd4c46af0d8d25e
Added ntp server configuration to be used by chrony as the recommended
ntp service for ubuntu 18.04.
Since, chorny is not installed by default in ubuntu 18.04, also added
chrony apt package to be installed on airship nodes.
Change-Id: If1437a79cf89806043f62e2eac49c3b4b5eae2cd