Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
The intention with this change is to disable CAP_NET_RAW (which can be
a security vulnerability) for created Pods.
kubespray provides the podsecuritypolicy_enabled variable for enabling
privileged (for kube-system) and restricted (for everyone else)
policies. Enabling this requires binding the KUD_ADDONs to the
privileged policy and specifying the security context correctly for
Pods running in the default namespace.
As of this change, the only difference between the privileged and
restricted security policies is the dropping of CAP_NET_RAW in the
restricted policy. To use the default restricted policy provided with
kubespray, additional changes must be made to the Pods that are run in
the default namespace (such as runing as a non-root user, not
requesting privileged mode, etc.).
Issue-ID: MULTICLOUD-1256
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I7d6add122ad4046f9116ef03a249f5c9da1d7eec
|
|
Note that as mentioned in install_qat.sh, the kernel command line must
include "intel_iommu=on iommu=pt" for the deploy and test to succeed.
The underlying issue is that the playbook was expecting to be run on
the same host it executed on and was looking for files in the wrong
places.
Issue-ID: MULTICLOUD-1261
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I5f59b9147f34f077fcdc63d7fc5f80b56977054c
|
|
The emco-fluentd pod is stuck in CrashLoopBackOff due to a failure to
resolve the "cluster.local" name. Explicitly set the
fluentd.clusterDomain value to the actual cluster name during helm
install.
Issue-ID: MULTICLOUD-1244
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ia6424e7ce8d4544511ad88c478e65fa8c4df0c52
|
|
|
|
|
|
- Replace move of ansible.cfg from kubespray distribution to
/etc/ansible with ANSIBLE_CONFIG environment variable. Ansible
modifies ansible.cfg during installation, and the paths in it are
relative.
- kubespray 2.14.1 requires a kubernetes version > 1.16. Use the
default versions of kubernetes and helm provided by kubespray
2.14.1.
- kubespray 2.14.1 replaces helm 2 with helm 3. This removes support
for helm init and helm serve. It is no longer necessary to call
helm init, and the helm serve repository is replaced with file
relative URLs. This also triggered a subsequent update of the
kubernetes-helm ansible module to include the newer helm versions.
- Add "storageType: hostPath" to etcd/values.yaml. Helm deploy of
etcd will fail without this due to nil
PersistentVolume.metadata.labels.type.
- The mitogen module used by kubespray/ansible requires python2 on the
hosts. Use the linear strategy to bypass mitogen and install
python2 on the cluster hosts.
Issue-ID: MULTICLOUD-1230
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I9f50bb4e123fdcacab6b6a97e79cd09fb5c96634
|
|
NOTE: This is not a complete fix, it is only a workaround so that
installer.sh can succeed when Optane hardware is not present.
Without this, "No such file or directory" is reported during the
"Apply Optane PMEM CSI Daemonset" task of the configure-optane
playbook. This error was observed with kubespray 2.14.1 and not with
2.12.6.
Issue-ID: MULTICLOUD-1234
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I1e23741d704ab117a84b4ed11e2f7ac02f0f2ec2
|
|
Building on the target host fixes a couple issues:
- In the containerized installer, the container image does not include
the necessary kernel headers to build the module.
- The build and target host must have the same kernel version. There
is no guarantee of this.
The deploy uses NFD, similar to the QAT playbook.
Issue-ID: MULTICLOUD-1228
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I58705b73b8ce6d381b4649d5a20b8644e51e1b13
|
|
Rename v2/onap4k8s to v2/emco, and rename sanity-check-for-v2.sh to
emco.sh. This allows --plugins emco to be passed to installer.sh in
place of --plugins onap4k8s.
Issue-ID: MULTICLOUD-1181
Signed-off-by: Todd <todd.malsbary@intel.com>
Change-Id: Idb427a8aa4c8aaff181965a540078c8cf6dd88aa
|
|
Integrate topology manager by utilizing ansible
scripts from openness.
Issue-ID: MULTICLOUD-1102
Signed-off-by: ChenjieXu <chenjie.xu@intel.com>
Change-Id: Ibaaf77e44c97edffe1ae03bf77c2422c89783e75
|
|
|
|
Issue-ID: MULTICLOUD-1046
Change-Id: I1853e071a99702c5e6f7ba9ca819746576fd0aca
Signed-off-by: Chen, Tingjie <tingjie.chen@intel.com>
|
|
Update kubespray to 2.12 to deploy Kubernetes 1.16
Issue-ID: MULTICLOUD-1063
Signed-off-by: Yao Le <le.yao@intel.com>
Change-Id: I537f6395e5d05d8b72411dd1e0789e19972f1947
|
|
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
Issue-ID: MULTICLOUD-1074
Change-Id: I5c497aef954945c4baee10ff5613b220ed9b8152
|
|
- deploy cmk related pods
- untaint compute nodes if necessary
- run cmk unit tests: allocate CPUs from exclusive and shared pools
- deploy a testing nginx pod along with cmk testing pods
- preset 1/2 CPUs for shared/exlusive pools to fit CI server machines
users can adjust the parameters to meet their own requirements
Test Results:
- many rounds of vagrant/5 VMs(controller01/02/03 and compute01/02)
based test are all OK
- 14 rounds tests on my local server (S2600WFQ (36C/72T) )and
PC(HP Z228 (4C/4T)) with all-in-one bare metal deployment are all OK
- CI(a 4C/4T machine) results of latest patch set also show that the
test of bare metal deployment is OK
- NOTE: both my local test and CI use the same testing method of calling
aio.sh after applying the latest patch set.
Change-Id: I046a4a63b94f92f23347ab76c21a661521e01119
Issue-ID: MULTICLOUD-879
Signed-off-by: Liang Ding <liang.ding@intel.com>
|
|
MULTICLOUD-1051"
|
|
The fedora 29 image link is out of date. It is not reachable now.
So upgrade the link to fedora 31.
Issue-ID: MULTICLOUD-1057
Signed-off-by: Yao Le <le.yao@intel.com>
Change-Id: I5f384cb906bf080c55ea4ea2a27b1514722c8b76
|
|
Issue-ID: MULTICLOUD-1051
Signed-off-by: Eric Tang <qcorba@gmail.com>
Change-Id: I96443ee539de0e2a18011148f86f97e70634cae3
Signed-off-by: Eric Tang <qcorba@gmail.com>
|
|
Basic working skeleton. Adding install script
adding vars and updated the playbook. Working on Kernel
mode updates and driver installation. Removing SRIOV vars
Adding script to change the SSL value for 2 kinds of config files.
Updating daemonset image. Adding prereq packages for qat.
Minor edits for bashate.Adding testcase and conditions to
Ansible tasks for clean, uninstall and install the driver.
Updating the plays to use templating.
Adding qat-kernel mode test case.
Signed-off-by: akhilakishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-860
Change-Id: I5ad99e7211c859dc3cb054df644edd3fa77b2596
|
|
OVN related test cases are failing.
This patch updates the installation
of OVN.
Issue-ID: MULTICLOUD-474
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: Idfa7d256b74d01d9ff604a02ba06d6ce82a8f09d
|
|
Official ubuntu repositories already contain all ovn/ovs packages. WAND
repository may introduce unnecessary complications, as it pins package
dependencies to exact version making conflicts with ubuntu ones.
Issue-ID: MULTICLOUD-957
Signed-off-by: Konrad Bańka <k.banka@samsung.com>
Change-Id: Ida75e5a38ab5796c4b95e7d633aebb276383a745
|
|
|
|
Previous sriov playbook supported X710 SRIOV NIC. Updating
the scripts to support new device XL710.
Other changes include syntactical corrections
to "WHEN" condition in ansible.
Co-authored-by: hle2 <huifeng.le@intel.com>
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-929
Change-Id: I697a49a64472ad2d755753e58f8fd4e7857b0456
|
|
Issue-ID: MULTICLOUD-927
Co-authored-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com>
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
Change-Id: I97019f3ab06c948b77e189f526c4e217e7706fb6
|
|
|
|
|
|
Issue-ID: MULTICLOUD-867
Co-authored-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
Co-authored-by: Ritu Sood <ritu.sood@intel.com>
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
Change-Id: I72f3b56fd709da21854280abeaadb0c6d03b72fb
|
|
Issue-ID: MULTICLOUD-867
Co-authored-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
Co-authored-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: I37b8112bdd5809f1ae0eaa58ddb0d834d395e8d8
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
|
|
Integrating SRIOV as an add-on to KuD. A device
should have X700 series NIC for this Add-on to work.
Getting the device driver, build and installing it is
a part of this patch. Followed by running the SRIOV CNI
Daemonset, and NetworkAttachmentDefinition.
Reworked the way SRIOV check happens.
Previously ran on installer.sh.
Now the script is injected into kube-nodes and playbook will run
only if the hardware check is true by creating a conf file.
Removed unwanted comments and nit changes.
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-832
Change-Id: I1701a50bc717ddca0d332d6a42d329eaf4c03820
|
|
Removed not needed packages for 18.04 for
OVN, updated the vagrant image to 18.04
and added some needed apt packages
Issue-ID: MULTICLOUD-474
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: I82550f8e58371af1c2476540c6b864384c450967
|
|
|
|
Removing unsused ovn-kubernetes
playbook and test from KUD.
Currently there is no plan to use
and also this is untested.
Issue-ID: MULTICLOUD-684
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: I684bf82c7d4ab6d051178a027a385923ec9c4f2b
|
|
Current NFD code in KuD is unused and obsolete.
Integrating NFD as DaemonSet and updating test case for NFD.
Added comments. Addressed comments and changed the
matchExpression to kernel features. Changed operator from "In" to Gt,
and values 4 to 3 better fit broader spectrum of O.S's.
Adding exit conditon in case there's an error status.
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-797
Change-Id: I454fb1998fc84e5f0d566f32b7dcfd85872c5183
|
|
|
|
Currently KuD uses Ansible scripts for installing Multus.
Multus has a daemonset that should be used for installing the multus
as part of an add-on.
This is also helpful for KuD offline deployment in the future.
Removed the comment. Updated the images path and removed
error supression addressed by comments.
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-681
Change-Id: Id3702a2b5bd18804c2d7e4d063eba656202cb840
|
|
|
|
ovn4nfv url and other information not
required now after the patch
https://gerrit.onap.org/r/#/c/multicloud/k8s/+/93602/
Issue-ID: MULTICLOUD-684
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: Ic4ccc67647c85a39d482ff7d71122f05641d1acb
|
|
Relative playbook path breaks
in aio configuration.
Issue-ID: MULTICLOUD-684
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: Id064157d010438dea33500dd0dc200b1c1b0f0d1
|
|
ovn4nfvk8s plugin now uses operator sdk
and controller runtime. It now includes
support for Network operator. This patch
includes changes needed in KUD for that.
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Issue-ID: MULTICLOUD-684
Change-Id: I63dc971e257067c69c70a8996eaffd1a9d8a4c2c
|
|
Updating Kubespray version from 2.8.2 to 2.10.4 for KuD offline
support and integration with new add-ons in future.
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-772
Change-Id: I4b7887aae359cd6197e696010acde6e204c41931
|
|
This reverts commit 5f760c3fb7d0e74833b1a2137e6ff3dadc71b2f5.
Issue-ID: MULTICLOUD-772
Change-Id: I6feffd87545195992fb28e98dcee4038d9b08474
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Updating Kubespray version from 2.8.2 to 2.10.4 for KuD offline
support and integration with new add-ons in future.
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-772
Change-Id: Ib1263e86adb9815e1ee56038507a3c092aad1feb
|
|
* changes:
Update plugin.sh with new helper functions
Provide connection info for plugin testcase
Correct k8splugin endpoint configuration in KUD test
|
|
Plugin.sh has been refactored to use new wrapper functions as well
as utilize helm package command for creating resource bundle in
order to test proper handling of this scenario by plugin
Issue-ID: MULTICLOUD-686
Signed-off-by: Konrad Bańka <k.banka@samsung.com>
Change-Id: Ia35fac70153fdb34ba75bfff31f9b2566b986cf1
|
|
Andrewrothstein.go galaxy role, that was responsible for
go installation was in too old tag to support demanded
(1.12.4) go version. It also blocked ovn-kubernetes addon
installation that's fixed now. Go version has been also
upgraded to 1.12.5
Issue-ID: MULTICLOUD-644
Signed-off-by: Konrad Bańka <k.banka@samsung.com>
Change-Id: I926bd061a361b2ae2efa2aecedf4fa6321f04cc8
|
|
Blockinfile task overrides marker section in order to provide
valid json content in file. Because of this, generated block is
added each time this playbook is run. This makes CNI config file
contain malformed content when launched more than once.
Issue-ID: MULTICLOUD-676
Signed-off-by: Konrad Bańka <k.banka@samsung.com>
Change-Id: If1c98414be4fb3a5b6c1c63fada0bd934448f040
|
|
Kubespray installs helm client on kubernetes master. The same client
has to be installed on host running installation playbooks. In single
node scenario, local host already has helm client installed by
kubespray, thus leading to conflict due to way of provisioning.
This helm installation has been moved to global configure playbook, as
well as corrected, not to fail on single host deployments.
Issue-ID: MULTICLOUD-690
Signed-off-by: Konrad Bańka <k.banka@samsung.com>
Change-Id: I1ef779ed0f2fde82758ce9e229c3f5bb015b2aeb
|
|
Add ovn custom resource for Multus as part
of installation
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: I4e01a06ba76515fa271790b461f473045eb174a2
Issue-ID: MULTICLOUD-670
|
|
Removing andrewrothstein.kubectl role
which was causing issues in aio
baremetal scenario
Change-Id: If3c8c71319c4b14dedfa5997881307e5424fd453
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Issue-ID: MULTICLOUD-301
|