Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
The intention with this change is to disable CAP_NET_RAW (which can be
a security vulnerability) for created Pods.
kubespray provides the podsecuritypolicy_enabled variable for enabling
privileged (for kube-system) and restricted (for everyone else)
policies. Enabling this requires binding the KUD_ADDONs to the
privileged policy and specifying the security context correctly for
Pods running in the default namespace.
As of this change, the only difference between the privileged and
restricted security policies is the dropping of CAP_NET_RAW in the
restricted policy. To use the default restricted policy provided with
kubespray, additional changes must be made to the Pods that are run in
the default namespace (such as runing as a non-root user, not
requesting privileged mode, etc.).
Issue-ID: MULTICLOUD-1256
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I7d6add122ad4046f9116ef03a249f5c9da1d7eec
|
|
Note that as mentioned in install_qat.sh, the kernel command line must
include "intel_iommu=on iommu=pt" for the deploy and test to succeed.
The underlying issue is that the playbook was expecting to be run on
the same host it executed on and was looking for files in the wrong
places.
Issue-ID: MULTICLOUD-1261
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I5f59b9147f34f077fcdc63d7fc5f80b56977054c
|
|
The emco-fluentd pod is stuck in CrashLoopBackOff due to a failure to
resolve the "cluster.local" name. Explicitly set the
fluentd.clusterDomain value to the actual cluster name during helm
install.
Issue-ID: MULTICLOUD-1244
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ia6424e7ce8d4544511ad88c478e65fa8c4df0c52
|
|
|
|
|
|
|
|
The only change to the upstream yml is the removal of the
kube-multus-ds-ppc64le DaemonSet and the replacement of
"default-cni-network" with "cni0".
Note also that the v3.6 yml actually uses the v3.4.1 image tag. The
yml now points to a v3.4.1 image with the addition of code to merge
the results from all delegates to support Virtlet.
Issue-ID: MULTICLOUD-1230
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I0e18644a567facfac1fd7dc1c053002b2d906288
|
|
- Replace move of ansible.cfg from kubespray distribution to
/etc/ansible with ANSIBLE_CONFIG environment variable. Ansible
modifies ansible.cfg during installation, and the paths in it are
relative.
- kubespray 2.14.1 requires a kubernetes version > 1.16. Use the
default versions of kubernetes and helm provided by kubespray
2.14.1.
- kubespray 2.14.1 replaces helm 2 with helm 3. This removes support
for helm init and helm serve. It is no longer necessary to call
helm init, and the helm serve repository is replaced with file
relative URLs. This also triggered a subsequent update of the
kubernetes-helm ansible module to include the newer helm versions.
- Add "storageType: hostPath" to etcd/values.yaml. Helm deploy of
etcd will fail without this due to nil
PersistentVolume.metadata.labels.type.
- The mitogen module used by kubespray/ansible requires python2 on the
hosts. Use the linear strategy to bypass mitogen and install
python2 on the cluster hosts.
Issue-ID: MULTICLOUD-1230
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I9f50bb4e123fdcacab6b6a97e79cd09fb5c96634
|
|
NOTE: This is not a complete fix, it is only a workaround so that
installer.sh can succeed when Optane hardware is not present.
Without this, "No such file or directory" is reported during the
"Apply Optane PMEM CSI Daemonset" task of the configure-optane
playbook. This error was observed with kubespray 2.14.1 and not with
2.12.6.
Issue-ID: MULTICLOUD-1234
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I1e23741d704ab117a84b4ed11e2f7ac02f0f2ec2
|
|
Building on the target host fixes a couple issues:
- In the containerized installer, the container image does not include
the necessary kernel headers to build the module.
- The build and target host must have the same kernel version. There
is no guarantee of this.
The deploy uses NFD, similar to the QAT playbook.
Issue-ID: MULTICLOUD-1228
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I58705b73b8ce6d381b4649d5a20b8644e51e1b13
|
|
|
|
Rename v2/onap4k8s to v2/emco, and rename sanity-check-for-v2.sh to
emco.sh. This allows --plugins emco to be passed to installer.sh in
place of --plugins onap4k8s.
Issue-ID: MULTICLOUD-1181
Signed-off-by: Todd <todd.malsbary@intel.com>
Change-Id: Idb427a8aa4c8aaff181965a540078c8cf6dd88aa
|
|
Create helm chart for sdewan-controller in KUD
Issue-ID: MULTICLOUD-1104
Signed-off-by: Yao Le <le.yao@intel.com>
Change-Id: Ic5d8daecdecba52c05d3ed38fa91ebd555ce5533
|
|
Prior to this change qat_plugin_privileges.yaml fails to kubectl apply
due to a validation error.
Issue-ID: MULTICLOUD-1182
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ibe73c1b39d1164fe05ea5cdede74dc93f846c943
|
|
Integrate topology manager by utilizing ansible
scripts from openness.
Issue-ID: MULTICLOUD-1102
Signed-off-by: ChenjieXu <chenjie.xu@intel.com>
Change-Id: Ibaaf77e44c97edffe1ae03bf77c2422c89783e75
|
|
Issue-ID: MULTICLOUD-1075
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
Change-Id: I0b02a3872b525a061bbdaf87aabad8b3fee539cc
|
|
|
|
|
|
Issue-ID: MULTICLOUD-1046
Change-Id: I1853e071a99702c5e6f7ba9ca819746576fd0aca
Signed-off-by: Chen, Tingjie <tingjie.chen@intel.com>
|
|
Update kubespray to 2.12 to deploy Kubernetes 1.16
Issue-ID: MULTICLOUD-1063
Signed-off-by: Yao Le <le.yao@intel.com>
Change-Id: I537f6395e5d05d8b72411dd1e0789e19972f1947
|
|
Issue-ID: MULTICLOUD-1076
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
Change-Id: I2b6bfb265ce5e055987788f6f28fc475a8b5b46c
|
|
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
Issue-ID: MULTICLOUD-1074
Change-Id: I5c497aef954945c4baee10ff5613b220ed9b8152
|
|
* Update the image version to integratedcloudnative/ovn4nfv-k8s-plugin
* Update the CRD of provider network to support direct provider network
Issue-ID: MULTICLOUD-1070
Change-Id: Icfa321bbd354de47af4db65b2021c87facc26871
Signed-off-by: Ruoyu <ruoyu.ying@intel.com>
|
|
- deploy cmk related pods
- untaint compute nodes if necessary
- run cmk unit tests: allocate CPUs from exclusive and shared pools
- deploy a testing nginx pod along with cmk testing pods
- preset 1/2 CPUs for shared/exlusive pools to fit CI server machines
users can adjust the parameters to meet their own requirements
Test Results:
- many rounds of vagrant/5 VMs(controller01/02/03 and compute01/02)
based test are all OK
- 14 rounds tests on my local server (S2600WFQ (36C/72T) )and
PC(HP Z228 (4C/4T)) with all-in-one bare metal deployment are all OK
- CI(a 4C/4T machine) results of latest patch set also show that the
test of bare metal deployment is OK
- NOTE: both my local test and CI use the same testing method of calling
aio.sh after applying the latest patch set.
Change-Id: I046a4a63b94f92f23347ab76c21a661521e01119
Issue-ID: MULTICLOUD-879
Signed-off-by: Liang Ding <liang.ding@intel.com>
|
|
MULTICLOUD-1051"
|
|
The fedora 29 image link is out of date. It is not reachable now.
So upgrade the link to fedora 31.
Issue-ID: MULTICLOUD-1057
Signed-off-by: Yao Le <le.yao@intel.com>
Change-Id: I5f384cb906bf080c55ea4ea2a27b1514722c8b76
|
|
Issue-ID: MULTICLOUD-1051
Signed-off-by: Eric Tang <qcorba@gmail.com>
Change-Id: I96443ee539de0e2a18011148f86f97e70634cae3
Signed-off-by: Eric Tang <qcorba@gmail.com>
|
|
Basic working skeleton. Adding install script
adding vars and updated the playbook. Working on Kernel
mode updates and driver installation. Removing SRIOV vars
Adding script to change the SSL value for 2 kinds of config files.
Updating daemonset image. Adding prereq packages for qat.
Minor edits for bashate.Adding testcase and conditions to
Ansible tasks for clean, uninstall and install the driver.
Updating the plays to use templating.
Adding qat-kernel mode test case.
Signed-off-by: akhilakishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-860
Change-Id: I5ad99e7211c859dc3cb054df644edd3fa77b2596
|
|
OVN related test cases are failing.
This patch updates the installation
of OVN.
Issue-ID: MULTICLOUD-474
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: Idfa7d256b74d01d9ff604a02ba06d6ce82a8f09d
|
|
Issue-ID: MULTICLOUD-474
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: I92d0d34a46b8faadda8aa698307ede4306316ef7
|
|
Official ubuntu repositories already contain all ovn/ovs packages. WAND
repository may introduce unnecessary complications, as it pins package
dependencies to exact version making conflicts with ubuntu ones.
Issue-ID: MULTICLOUD-957
Signed-off-by: Konrad Bańka <k.banka@samsung.com>
Change-Id: Ida75e5a38ab5796c4b95e7d633aebb276383a745
|
|
Issue-ID: MULTICLOUD-944
Signed-off-by: r.kuralamudhan <kuralamudhan.ramakrishnan@intel.com>
Change-Id: I22b92adaad8d4f778b97821df68c1d42e2012e9c
|
|
|
|
Previous sriov playbook supported X710 SRIOV NIC. Updating
the scripts to support new device XL710.
Other changes include syntactical corrections
to "WHEN" condition in ansible.
Co-authored-by: hle2 <huifeng.le@intel.com>
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-929
Change-Id: I697a49a64472ad2d755753e58f8fd4e7857b0456
|
|
Issue-ID: MULTICLOUD-927
Co-authored-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com>
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
Change-Id: I97019f3ab06c948b77e189f526c4e217e7706fb6
|
|
|
|
|
|
Issue-ID: MULTICLOUD-867
Co-authored-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
Co-authored-by: Ritu Sood <ritu.sood@intel.com>
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
Change-Id: I72f3b56fd709da21854280abeaadb0c6d03b72fb
|
|
Issue-ID: MULTICLOUD-867
Co-authored-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
Co-authored-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: I37b8112bdd5809f1ae0eaa58ddb0d834d395e8d8
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
|
|
Integrating SRIOV as an add-on to KuD. A device
should have X700 series NIC for this Add-on to work.
Getting the device driver, build and installing it is
a part of this patch. Followed by running the SRIOV CNI
Daemonset, and NetworkAttachmentDefinition.
Reworked the way SRIOV check happens.
Previously ran on installer.sh.
Now the script is injected into kube-nodes and playbook will run
only if the hardware check is true by creating a conf file.
Removed unwanted comments and nit changes.
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-832
Change-Id: I1701a50bc717ddca0d332d6a42d329eaf4c03820
|
|
Removed not needed packages for 18.04 for
OVN, updated the vagrant image to 18.04
and added some needed apt packages
Issue-ID: MULTICLOUD-474
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: I82550f8e58371af1c2476540c6b864384c450967
|
|
|
|
Removing unsused ovn-kubernetes
playbook and test from KUD.
Currently there is no plan to use
and also this is untested.
Issue-ID: MULTICLOUD-684
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: I684bf82c7d4ab6d051178a027a385923ec9c4f2b
|
|
Current NFD code in KuD is unused and obsolete.
Integrating NFD as DaemonSet and updating test case for NFD.
Added comments. Addressed comments and changed the
matchExpression to kernel features. Changed operator from "In" to Gt,
and values 4 to 3 better fit broader spectrum of O.S's.
Adding exit conditon in case there's an error status.
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-797
Change-Id: I454fb1998fc84e5f0d566f32b7dcfd85872c5183
|
|
|
|
Currently KuD uses Ansible scripts for installing Multus.
Multus has a daemonset that should be used for installing the multus
as part of an add-on.
This is also helpful for KuD offline deployment in the future.
Removed the comment. Updated the images path and removed
error supression addressed by comments.
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-681
Change-Id: Id3702a2b5bd18804c2d7e4d063eba656202cb840
|
|
|
|
ovn4nfv url and other information not
required now after the patch
https://gerrit.onap.org/r/#/c/multicloud/k8s/+/93602/
Issue-ID: MULTICLOUD-684
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: Ic4ccc67647c85a39d482ff7d71122f05641d1acb
|
|
Relative playbook path breaks
in aio configuration.
Issue-ID: MULTICLOUD-684
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: Id064157d010438dea33500dd0dc200b1c1b0f0d1
|