This option was deprecated in 4.0.0[1] in favor of the new subnet"s"
option. The latest release is 9.0.0, so we can assume enough times has
been given to users so that they can switch to the new option.
[1] b3814a33d6
Change-Id: Ie86c019bbb560cca9b5a3a77319ed639a2245a2d
This got decided at the PTG. The code is old, not maintained, not tested
and most likely doesn't work anymore. Moreover it gave us a hard
dependency on grpcio and protobuf, which is fairly problematic in Python
and gave us all sorts of headaches.
Change-Id: I0c8c91cdd3e1284e7a3c1e9fe04b4c0fbbde7e45
The implementation have some difference with the description of
blueprint. For more strict isolation, we only get project id from
namespace annotaion or configure option. The other resources's
project id inherit it's project or get from configiure option.
Implements: blueprint specify-project-by-annotation
Change-Id: Ia82cce6b211226599b4e1ca0d10416ed5e519ea2
Till now, for installing kuryr-kubernetes and one of the crucial service
- kubernetes, there has been used manual method for installing it in
specified version. Over time it became a burden to follow requirements
and constraints, therefore decision has been made to use recommended way
of installing Kubernetes - kubeadm. In this patch devstack installation
of the kuryr-kubernetes and its dependences has been heavily reworked.
Other than that, OpenShift related functions has been removed, since
they were all outdated and non-working for the long time.
Change-Id: Ife21874c0a71ba07723094c0f880aabcf5825b77
The timeout-client-data and timeout-member-data configurations
for Octavia listeners default to 50 seconds for load balancers
created by Kuryr. This patch allows the creation and modification
of load balancers handled by Kuryr with different timeouts values.
Implements: blueprint configure-lb-listeners-timeout
Change-Id: I99016001c2263023d1fa2637d7b5aeb23b3b2d9d
This commit deprecates `[pod_vif_nested]worker_nodes_subnet` in favor of
`[pod_vif_nested]worker_nodes_subnets` that will accept a list instead.
All the code using the deprecated options is updated to expect a list
and iterate over possible nodes subnets.
Change-Id: I7671fb06863d58b58905bec43555d8f21626f640
This commit adds a release note announcing the update
of the mtu config value and the reason behind it.
Change-Id: Ieeea42a49e358f48f0d567d9450dc9b2dcc14173
When deleting services and the respective load balancer
with using ovn-octavia provider, the lb sg is not deleted.
This commit fixes the issue by removing the LB sg creation
when the octavia provider is ovn-octavia, as that sg is not
really enforced.
Closes-bug: 1880207
Change-Id: I2c77b1d0ac682008ff6c31781d6075c208c689d0
Since sriov binding driver uses pod resource
service and compute particular virtual function
which was returned by pod resource service, there
is no need to have physycal_device_mapping.
Also this commit fixes documentation and
adds release note regarding physical_device_mapping removal.
Change-Id: Ibf793b78727da40283b6221c6df0da969bf5e829
Signed-off-by: Danil Golov <d.golov@samsung.com>
Current deployments of OpenShift platform with Kuryr CNI
in real OpenStack installations (multi-projects environments)
are crashing because of kuryr-controller cannot come to
READY state.
This is due to inaccurate quota calculations in the readiness
process and an unscalable fetching of objects from Neutron API
to count and comparing with limits.
This commit ensures accurate quota calculation for installation
project during the readiness checks and removes the harsh
Neutron API calls. It will dramatically speedup readiness checks.
Change-Id: Ia5e90d6bd5a8d30d0596508abd541e1508dc23ec
Closes-Bug: 1864327
Support for OpenShift Routes (Ingress) is not maintained by anyone, not
really tested and there are better ways to do it, so let's remove that
code from Kuryr.
Support for namespace isolation was done to mimic one of the modes of
openshift-sdn. It doesn't seem to make any sense to keep supporting it
if Network Policy support can provide the same isolation.
Change-Id: I8cfb3c50f491a5dbbfe6fa20b81ee1d0f8c6b4a7
Since Train, Octavia has a new API to restrict lbs access on
listeners. This is important when enforcing Network Policies
on services.
Before this patch, Kuryr required either admin priviledges to
change the security group rules associated to the loadbalancer,
or use the ovn-octavia loadbalancer that does not require those
rules as the source IP is not changed when passing through the
LoadBalancer VIP.
By adopting the new Octavia ACL API, there is no need for admin
priviledges to limit the access to the loadbalancers.
Implements: blueprint octavia-acls
Change-Id: I8f6bae00413aa181e9c2cac72c87bd93161796bc
Ussuri release is the one in which we drop Python 2 support, as its EOL
is pretty close now. This commit does so in kuryr-kubernetes by
removing Python 2 unit test jobs, switching all tempest jobs to Python
3, removing specific jobs for Python 3 and updating Dockerfiles to
centos:8 that includes Python 3 from the box.
Also CentOS 7 job is removed from check queue as it seems it doesn't
play well with Python 3. A CentOS 8 job will get created soon.
Change-Id: Id9983d2fd83cef89e3198b2760816cf4a851008b
This is follow-up commit that adds documentation regarding golang
implementation of kuryr-cni.
Change-Id: I2a9488a59141016655e7a356722a1c012aa94aec
Implements: blueprint golang-kuryr-cni
This port 50036 can be already used in the system, due
to it's in range for egress ports.
Closes-Bug: 1829188
Change-Id: Ieee291893ca342867eb408d65402a8576327ac6d
Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com>
Deploying without kuryr-daemon is deprecated since Rocky and we
announced that it will be removed in the Rocky release notes. This
commit removes all the code that allows that, updates the documentation,
DevStack plugin and gates definitions.
Implements: blueprint remove-non-daemon
Change-Id: I65598d4a6ecb5c3dfde04dc5fefd7b02fc72a0cb
New config option vif_pool_mapping is added and pools_vif_drivers is
deprecated. The newer vif_pool_mapping is simply inverted mapping of
pools_vif_drivers.
Also, with the scoping ability added in cb2d308f84, independent
drv_pool instances can be acquired from base driver manager.
Earlier as a single instance of drv_pool was used by all
pod_drivers. This meant only the pod_driver which was
passed to drv_pool.set_vif_driver finally was used (for a given
drv_pool).
Please see release notes for further details.
Related-Bug: 1747406
Change-Id: Id0137f6b1a78e7aa3e3d3de639a5e989f4fd408c
Signed-off-by: Yash Gupta <y.gupta@samsung.com>
This commit adds support for cri-o by changing the binary initially used
to run CNI plugin to runc and falling back to docker only in case it's
not available.
Also DevStack support for installing and configuring Kubernetes with
cri-o is added.
Implements: blueprint crio-support
Depends-On: Ib049d66058429e499f5d0932c4a749820bec73ff
Depends-On: Ic3c7d355a455298f43e37fb2aceddfd1e7eefaf2
Change-Id: I081edf0dbd4eb57826399c4820376381950080ed
As there's another kuryr-status binary in kuryr repo this creates issues
when creating packags out of the repo and could get confusing, therefore
I'm renaming this one.
Change-Id: I4b958d53c6530dd5099b3ac1dbcde4648055ff38
This commit adds kuryr-status utility that can be used to check if
upgrade is possible, convert annotations to new format and rollback
those changes if needed.
Implements: blueprint upgrade-checkers
Change-Id: I7a40a68518d7fbba18146b64befb6f585176ec8d
Patch also changes the way we run kuryr-controller in the DevStack
plugin by removing the scripts/run_server.py and using the Python
executable in the system directly.
Implements: blueprint goal-python36
Change-Id: I1e1c62023b6018bf49163be12fdca5b42d5f46d6
This commit marks the deprecation of the support of neutron-lbaasv2 in
Kuryr-Kubernetes. It adds a deprecation message, release note and
removes the usage of lbaasv2 in the upstream gates.
From now on, the default option for lbaasv2 will always be octavia.
Change-Id: I528fc7c0462445c880d13268435c993c2e2ff00f
This is the third patch of the Ingress Controller capability.
This patch implements OCP-Route and Ingress LBaaS handlers.
Those handlers should retrieve the L7 LB details from the
Ingress controller and update L7 policy/rules and pool/members
upon changes in OCP-route and k8S-endpoint resources.
Please follow the instructions below to verify
OCP-Router functionality:
https://docs.google.com/document/d/1c3mfBToBbWlwFcw3S8fr7pQZb5_YZqFYdlG1HqaQPkQ/edit?usp=sharing
Implements: blueprint openshift-router-support
Change-Id: Ibfb6cda6dde9613ad31859d38235be031ade0639
This commit implements initial version of high availability support in
kuryr-controller - Active/Passive mode. In this mode only one instance
of controller is processing the resources while other ones are in
standby mode. If current leader dies, one of standbys is taking the
leader role and starts processing resources.
Please note that as leader election is based on Kubernetes mechanisms,
this is only supported when kuryr-controller is run as Pod on Kubernetes
cluster.
Implements: bp high-availability
Change-Id: I2c6c9315612d64158fb9f8284e0abb065aca7208
This patch adds a new subnet driver that creates a new network
for each created k8s namespace. It makes use of K8s CRDs to store
the information about the network resources created for each
namespace
Partially Implements: blueprint network-namespace
Change-Id: I7988e1da7a9ed57f29c85ddcd99bb2c87808010e
This changes _ACTIVATION_TIMEOUT of LBaaS driver from constant to
configurable value in order to make it flexible to production
environment.
This commit also increases the timeout value in DevStack plugin to make
sure Octavia has time to run Amphorae in the gate.
Co-Authored-By: Michał Dulko <mdulko@redhat.com>
Change-Id: I895d3e5af71ccc7219be422b9ca9e9f8833bad8f
Related-Bug: 1753653
Signed-off-by: Eunsoo Park <esevan.park@gmail.com>
This patch introduces a new way for configuring which handlers the
Kuryr controller should be using. This will allow people to use
externally provided handlers as long as they are installed as
entrypoints of the right namespace.
Implements: blueprint kuryr-pluggable-handlers
Change-Id: I52ce0ef00771c8587d7f7113cc5eb4839d1309a5
Signed-off-by: Antoni Segura Puimedon <antonisp@celebdor.com>
This commit implements what was discussed on the PTG, i.e. deprecation
of running Kuryr-Kubernetes without kuryr-daemon services. This commit
includes changes in configuration defaults, sample local.conf files,
documentation, gates and a release note explaining the change.
Change-Id: I152c81797cb83237af4917a4487cb1f1918270aa
This patch adds support for nodes with different vif drivers as
well as different pool drivers for each vif driver type.
Closes-Bug: 1747406
Change-Id: I842fd4b513a5f325d598d677e5008f9ea51adab9
It is common for Neutron deployment's policy to forbid GETs to the
public subnet, only allowing GETs for the public net. Since the only
required field of those two for creating a FIP is the public net, let's
change public net to be the only required config option and have the
subnet stick around as optional.
Change-Id: I31c3c51ad2dc12f8f560cbab01c86d04aabb754e
Closes-Bug: 1749921
Signed-off-by: Antoni Segura Puimedon <antonisp@celebdor.com>
This patch adds oslo_cache to the default subnet driver to
avoid unneed calls to neutron when creating pods (or when
getting subnet information)
Change-Id: I93b6bed424757e4138ba656251ae5da46b857da1