| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
|
|
Issue-ID: MULTICLOUD-1262
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ie83fad2ad8146b3b33d3a3f0438ff7fe1ac4e475
|
|
The intention with this change is to disable CAP_NET_RAW (which can be
a security vulnerability) for created Pods.
kubespray provides the podsecuritypolicy_enabled variable for enabling
privileged (for kube-system) and restricted (for everyone else)
policies. Enabling this requires binding the KUD_ADDONs to the
privileged policy and specifying the security context correctly for
Pods running in the default namespace.
As of this change, the only difference between the privileged and
restricted security policies is the dropping of CAP_NET_RAW in the
restricted policy. To use the default restricted policy provided with
kubespray, additional changes must be made to the Pods that are run in
the default namespace (such as runing as a non-root user, not
requesting privileged mode, etc.).
Issue-ID: MULTICLOUD-1256
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I7d6add122ad4046f9116ef03a249f5c9da1d7eec
|
|
Note that as mentioned in install_qat.sh, the kernel command line must
include "intel_iommu=on iommu=pt" for the deploy and test to succeed.
The underlying issue is that the playbook was expecting to be run on
the same host it executed on and was looking for files in the wrong
places.
Issue-ID: MULTICLOUD-1261
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I5f59b9147f34f077fcdc63d7fc5f80b56977054c
|
|
The test incorrectly checked the node running the test for sriov
feature support. This fix now checks the cluster for it.
Issue-ID: MULTICLOUD-1260
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I869823cc062968c8ac7b9fa037d425244a03799c
|
|
Issue-ID: MULTICLOUD-1259
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I92cc722818b9023b4aa29d191cf92e2c319f957b
|
|
The emco-fluentd pod is stuck in CrashLoopBackOff due to a failure to
resolve the "cluster.local" name. Explicitly set the
fluentd.clusterDomain value to the actual cluster name during helm
install.
Issue-ID: MULTICLOUD-1244
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ia6424e7ce8d4544511ad88c478e65fa8c4df0c52
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Previous empty template detection pattern matched only against templates
resolved to empty-or-whitespace-only files. This change makes it handle
other case of empty yaml correctly, namely, yaml containing comments
only.
Issue-ID: MULTICLOUD-1252
Signed-off-by: Konrad Bańka <k.banka@samsung.com>
Change-Id: I9132e167ec607c8a4a4ca5584141ed043c6ddd4f
|
|
The only change to the upstream yml is the removal of the
kube-multus-ds-ppc64le DaemonSet and the replacement of
"default-cni-network" with "cni0".
Note also that the v3.6 yml actually uses the v3.4.1 image tag. The
yml now points to a v3.4.1 image with the addition of code to merge
the results from all delegates to support Virtlet.
Issue-ID: MULTICLOUD-1230
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I0e18644a567facfac1fd7dc1c053002b2d906288
|
|
- Replace move of ansible.cfg from kubespray distribution to
/etc/ansible with ANSIBLE_CONFIG environment variable. Ansible
modifies ansible.cfg during installation, and the paths in it are
relative.
- kubespray 2.14.1 requires a kubernetes version > 1.16. Use the
default versions of kubernetes and helm provided by kubespray
2.14.1.
- kubespray 2.14.1 replaces helm 2 with helm 3. This removes support
for helm init and helm serve. It is no longer necessary to call
helm init, and the helm serve repository is replaced with file
relative URLs. This also triggered a subsequent update of the
kubernetes-helm ansible module to include the newer helm versions.
- Add "storageType: hostPath" to etcd/values.yaml. Helm deploy of
etcd will fail without this due to nil
PersistentVolume.metadata.labels.type.
- The mitogen module used by kubespray/ansible requires python2 on the
hosts. Use the linear strategy to bypass mitogen and install
python2 on the cluster hosts.
Issue-ID: MULTICLOUD-1230
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I9f50bb4e123fdcacab6b6a97e79cd09fb5c96634
|
|
NOTE: This is not a complete fix, it is only a workaround so that
installer.sh can succeed when Optane hardware is not present.
Without this, "No such file or directory" is reported during the
"Apply Optane PMEM CSI Daemonset" task of the configure-optane
playbook. This error was observed with kubespray 2.14.1 and not with
2.12.6.
Issue-ID: MULTICLOUD-1234
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I1e23741d704ab117a84b4ed11e2f7ac02f0f2ec2
|
|
This was triggered by the failure of plugin_fw.sh when run via the
containerized installer.
The full list of changes is:
- etcd-amd64: 3.2.24 => 3.3.17. Note that 3.4.9 is the latest as of
this commit, but 3.4.9 removed the coreutils necessary to run the
k8s Command (i.e. hostname, seq, ...).
- readiness-check: 2.0.0 => 2.2.2
- mongo: 4.0.8 => 4.4.1
- nfs-provisioner: 1.0.8 => 2.3.0
- filebeat: 5.5.0 => 7.9.3
- multicloud-k8s: 0.5.0 => 0.7.0
- fluentd: 1.10.2-debian-10-r11 => 1.11.4-debian-10-r7
Issue-ID: MULTICLOUD-1245
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ic0454086c390f6b24a77fcf2ea0e5d24507fa153
|
|
The delete is run at the start of the test, it is expected that the
resource does not exist.
Issue-ID: MULTICLOUD-1243
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I1b060ec8f17fd4b9b76ed03d8dc3bd7c21756690
|
|
Issue-ID: MULTICLOUD-1242
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I5aa45daf92ebfbee32d154dc17f7d2afd72bf255
|
|
Without this change, the '.request.release-name' query causes jq to
get confused by the '-' and fail the test script:
jq: error: name/0 is not defined at <top-level>, line 1:
.request.release-name
jq: 1 compile error
Issue-ID: MULTICLOUD-1241
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I386cd46db8e44c92bc24d8eb8a9e3964d9b87d39
|
|
grep returns a non-zero error code if the pattern is not found. This
would cause the topology-manager.sh test to exit prematurely instead
of capturing and logging the error and returning zero as intended.
Issue-ID: MULTICLOUD-1240
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I29c4d30630c0f803325c2ed024d4c0b9e8a0e911
|
|
Issue-ID: MULTICLOUD-1239
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ibf7c7d2a64889b72cdc67a587548fb6a0dac6ba0
|
|
|
|
|
|
|
|
Restore the previously commented-out unit test TestDeleteLogicalCloud.
That test was disabled due to a failure introduced by interacting with
AppContext for the first time in module/logicalcloud.go and it not
being ready to do so.
This commit restores it and modifies code so dependent mocks can plug
in correctly. This was done in order to keep testing the code that was
previously being tested, not so much to add additional coverage.
Although it would be a significant undertaking, the different types and
interfaces in pkg/module should be redesigned to achieve better
decoupling and thus make unit testing more straightforward.
Issue-ID: MULTICLOUD-1143
Change-Id: I1e6b7bb9111fc6883f0c9cee887329a9e0b27fbd
Signed-off-by: Igor D.C <igor.duarte.cardoso@intel.com>
|
|
Update emco_apis.yaml with all new API paths provided by DCM and
its /logical-clouds URL prefix. Update schemas and parameters too.
Issue-ID: MULTICLOUD-1143
Change-Id: I9d94cb2954c2f0131ffb8c3061a87a6b6a235cba
Signed-off-by: Igor D.C <igor.duarte.cardoso@intel.com>
|
|
Fixes the mispelled "currentcontext" with the right key name
"current-context" which was introduced as a regression with or
before the latest version of the kubeconfig code (probably a bad
search/replace).
This 1-character long bug was preventing the generated kubeconfigs
from being correctly interpreted by kubectl. Thus, kubectl couldn't
set any context of the kubeconfig as the current context.
Observable output before this fix:
$ kubectl get pods
The connection to the server localhost:8080 was refused - did you
specify the right host or port?
Issue-ID: MULTICLOUD-1143
Change-Id: I617d1e20b7be2567729b84d3746b22e4ceaf8b9d
Signed-off-by: Igor D.C <igor.duarte.cardoso@intel.com>
|
|
API definition updated to add
generic placemnent intent under
deployment group
Issue-ID: MULTICLOUD-1096
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: Ida830de0f17038925651bc604440b11547b7320d
|
|
|
|
Add k8splugin file for 0.7.0
Issue-ID: MULTICLOUD-1213
Signed-off-by: Eric Multanen <eric.w.multanen@intel.com>
Change-Id: I54d7610f39be4d05e176ff7e2f67bd7594e50677
|
|
|
|
Update image version of k8splugin to 0.7.0-SNAPSHOT
This will be then be used to create the release image
Issue-ID: MULTICLOUD-1213
Signed-off-by: Eric Multanen <eric.w.multanen@intel.com>
Change-Id: Ice57a61bc98397a2bbb5c313452459b02ec86139
|
|
DCM's apply function had a lot of error handling code that cleans up
the AppContext if something goes wrong while adding to AppContext.
Most of that handling was using multiline duplicate code with the only
change being in the log/error strings. This commit attempts to reuse
all that error handling code and make it easier to follow main code.
Issue-ID: MULTICLOUD-1143
Change-Id: I3a35387b1ed46279c1b973dbd852352276ff5cc8
Signed-off-by: Igor D.C <igor.duarte.cardoso@intel.com>
|
|
|
|
Mostly just make the identifiers consistent with each other
so copy-paste works without surprises. No more rel- prefix, just emco-.
Additionally suggest a 2nd workaround to the persistentvolumes issue.
Issue-ID: MULTICLOUD-1143
Change-Id: I7ad1d3a4b20f7563226a9d487c388275e56429b5
Signed-off-by: Igor D.C <igor.duarte.cardoso@intel.com>
|
|
Also add DCM to cleanup-emco.sh.
Issue-ID: MULTICLOUD-1143
Change-Id: I2496c1fef2e2588c1c8e750105568afc210d54c3
Signed-off-by: Igor D.C <igor.duarte.cardoso@intel.com>
|
|
|
|
|
|
|
|
Building on the target host fixes a couple issues:
- In the containerized installer, the container image does not include
the necessary kernel headers to build the module.
- The build and target host must have the same kernel version. There
is no guarantee of this.
The deploy uses NFD, similar to the QAT playbook.
Issue-ID: MULTICLOUD-1228
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I58705b73b8ce6d381b4649d5a20b8644e51e1b13
|
|
Update the ovnaction controller APIs to support
the api change of including the deployment intent
group in the URL. Also fixup:
- vfw and other test cases to support the change
- updates to emcoctl tool and examples
Issue-ID: MULTICLOUD-1218
Signed-off-by: Eric Multanen <eric.w.multanen@intel.com>
Change-Id: Icadacb5ec6d7c238bb3bf8a44a39c30692ecebee
|
Eric Multanen
Todd Malsbary
Ritu Sood
Konrad Bańka
Igor D.C