| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The intention with this change is to disable CAP_NET_RAW (which can be
a security vulnerability) for created Pods.
kubespray provides the podsecuritypolicy_enabled variable for enabling
privileged (for kube-system) and restricted (for everyone else)
policies. Enabling this requires binding the KUD_ADDONs to the
privileged policy and specifying the security context correctly for
Pods running in the default namespace.
As of this change, the only difference between the privileged and
restricted security policies is the dropping of CAP_NET_RAW in the
restricted policy. To use the default restricted policy provided with
kubespray, additional changes must be made to the Pods that are run in
the default namespace (such as runing as a non-root user, not
requesting privileged mode, etc.).
Issue-ID: MULTICLOUD-1256
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I7d6add122ad4046f9116ef03a249f5c9da1d7eec
|
|
|
|
The only change to the upstream yml is the removal of the
kube-multus-ds-ppc64le DaemonSet and the replacement of
"default-cni-network" with "cni0".
Note also that the v3.6 yml actually uses the v3.4.1 image tag. The
yml now points to a v3.4.1 image with the addition of code to merge
the results from all delegates to support Virtlet.
Issue-ID: MULTICLOUD-1230
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I0e18644a567facfac1fd7dc1c053002b2d906288
|
|
Building on the target host fixes a couple issues:
- In the containerized installer, the container image does not include
the necessary kernel headers to build the module.
- The build and target host must have the same kernel version. There
is no guarantee of this.
The deploy uses NFD, similar to the QAT playbook.
Issue-ID: MULTICLOUD-1228
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I58705b73b8ce6d381b4649d5a20b8644e51e1b13
|
|
Prior to this change qat_plugin_privileges.yaml fails to kubectl apply
due to a validation error.
Issue-ID: MULTICLOUD-1182
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ibe73c1b39d1164fe05ea5cdede74dc93f846c943
|
|
Issue-ID: MULTICLOUD-1075
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
Change-Id: I0b02a3872b525a061bbdaf87aabad8b3fee539cc
|
|
|
|
|
|
Issue-ID: MULTICLOUD-1046
Change-Id: I1853e071a99702c5e6f7ba9ca819746576fd0aca
Signed-off-by: Chen, Tingjie <tingjie.chen@intel.com>
|
|
Update kubespray to 2.12 to deploy Kubernetes 1.16
Issue-ID: MULTICLOUD-1063
Signed-off-by: Yao Le <le.yao@intel.com>
Change-Id: I537f6395e5d05d8b72411dd1e0789e19972f1947
|
|
Issue-ID: MULTICLOUD-1076
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
Change-Id: I2b6bfb265ce5e055987788f6f28fc475a8b5b46c
|
|
* Update the image version to integratedcloudnative/ovn4nfv-k8s-plugin
* Update the CRD of provider network to support direct provider network
Issue-ID: MULTICLOUD-1070
Change-Id: Icfa321bbd354de47af4db65b2021c87facc26871
Signed-off-by: Ruoyu <ruoyu.ying@intel.com>
|
|
- deploy cmk related pods
- untaint compute nodes if necessary
- run cmk unit tests: allocate CPUs from exclusive and shared pools
- deploy a testing nginx pod along with cmk testing pods
- preset 1/2 CPUs for shared/exlusive pools to fit CI server machines
users can adjust the parameters to meet their own requirements
Test Results:
- many rounds of vagrant/5 VMs(controller01/02/03 and compute01/02)
based test are all OK
- 14 rounds tests on my local server (S2600WFQ (36C/72T) )and
PC(HP Z228 (4C/4T)) with all-in-one bare metal deployment are all OK
- CI(a 4C/4T machine) results of latest patch set also show that the
test of bare metal deployment is OK
- NOTE: both my local test and CI use the same testing method of calling
aio.sh after applying the latest patch set.
Change-Id: I046a4a63b94f92f23347ab76c21a661521e01119
Issue-ID: MULTICLOUD-879
Signed-off-by: Liang Ding <liang.ding@intel.com>
|
|
Basic working skeleton. Adding install script
adding vars and updated the playbook. Working on Kernel
mode updates and driver installation. Removing SRIOV vars
Adding script to change the SSL value for 2 kinds of config files.
Updating daemonset image. Adding prereq packages for qat.
Minor edits for bashate.Adding testcase and conditions to
Ansible tasks for clean, uninstall and install the driver.
Updating the plays to use templating.
Adding qat-kernel mode test case.
Signed-off-by: akhilakishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-860
Change-Id: I5ad99e7211c859dc3cb054df644edd3fa77b2596
|
|
Issue-ID: MULTICLOUD-474
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: I92d0d34a46b8faadda8aa698307ede4306316ef7
|
|
Issue-ID: MULTICLOUD-944
Signed-off-by: r.kuralamudhan <kuralamudhan.ramakrishnan@intel.com>
Change-Id: I22b92adaad8d4f778b97821df68c1d42e2012e9c
|
|
Previous sriov playbook supported X710 SRIOV NIC. Updating
the scripts to support new device XL710.
Other changes include syntactical corrections
to "WHEN" condition in ansible.
Co-authored-by: hle2 <huifeng.le@intel.com>
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-929
Change-Id: I697a49a64472ad2d755753e58f8fd4e7857b0456
|
|
|
|
Issue-ID: MULTICLOUD-867
Co-authored-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
Co-authored-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: I37b8112bdd5809f1ae0eaa58ddb0d834d395e8d8
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
|
|
Integrating SRIOV as an add-on to KuD. A device
should have X700 series NIC for this Add-on to work.
Getting the device driver, build and installing it is
a part of this patch. Followed by running the SRIOV CNI
Daemonset, and NetworkAttachmentDefinition.
Reworked the way SRIOV check happens.
Previously ran on installer.sh.
Now the script is injected into kube-nodes and playbook will run
only if the hardware check is true by creating a conf file.
Removed unwanted comments and nit changes.
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-832
Change-Id: I1701a50bc717ddca0d332d6a42d329eaf4c03820
|
|
Current NFD code in KuD is unused and obsolete.
Integrating NFD as DaemonSet and updating test case for NFD.
Added comments. Addressed comments and changed the
matchExpression to kernel features. Changed operator from "In" to Gt,
and values 4 to 3 better fit broader spectrum of O.S's.
Adding exit conditon in case there's an error status.
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-797
Change-Id: I454fb1998fc84e5f0d566f32b7dcfd85872c5183
|
|
|
|
Currently KuD uses Ansible scripts for installing Multus.
Multus has a daemonset that should be used for installing the multus
as part of an add-on.
This is also helpful for KuD offline deployment in the future.
Removed the comment. Updated the images path and removed
error supression addressed by comments.
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-681
Change-Id: Id3702a2b5bd18804c2d7e4d063eba656202cb840
|
|
ovn4nfvk8s plugin now uses operator sdk
and controller runtime. It now includes
support for Network operator. This patch
includes changes needed in KUD for that.
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Issue-ID: MULTICLOUD-684
Change-Id: I63dc971e257067c69c70a8996eaffd1a9d8a4c2c
|
Todd Malsbary
Ritu Sood
Kuralamudhan Ramakrishnan
Huang Haibin
Chen, Tingjie
Yao Le
Ruoyu
Liang Ding
akhilakishore