Age | Commit message (Collapse) | Author | Files | Lines |
|
The default is 2.14.1 (the existing value). Setting
KUBESPRAY_VERSION=2.16.0 in the installer environment uses the newer
Kubespray version.
The newer Kubespray version installs Kubernetes 1.20.7. Kubernetes
1.20.7 comes with following caveats:
- The Virtlet addon is disabled; it does not work with 1.20.7. This
requires removing the plugin_fw test as well.
- Kubernetes 1.20.7 removed support for basic auth.
Issue-ID: MULTICLOUD-1251
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ic8b9fb1f3effc31da58de5bb3768ed9e509d50de
|
|
|
|
The steps performed by the existing ansible playbook can be
performed directly by kubespray. In addtion, fix and enable the
topology-manager.sh test.
Issue-ID: MULTICLOUD-1324
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Iee2197c1fc3e35288796399cccff0d3ae0925a6c
|
|
Specifying 'latest' as the docker_version without specifying a
compatible version of containerd can lead to package dependency
errors. Let kubespray select the versions to ensure consistency.
Also, installing docker from vagrant installer instead of letting
kubespray install it can lead to the same issues.
Issue-ID: MULTICLOUD-1359
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Iff41682fa0897fae8200e0f179137af844e314c0
|
|
This chart follows the upstream installation guide with the following
exceptions:
- The node-role.kubernetes.io/master:NoSchedule taint is not removed.
The YAML files already included the necessary tolerations.
- No node labeling is done. Instead, the ovn-control-plane node
selector is for the master role, and the nfn-operator pod affinity
is for "role: ovn-control-plane". This ensures that the
ovn-control-plane and nfn-operator run are scheduled on the same
master node, equivalent to the labelling approach used upstream.
Also, additional allowed capabilities are needed to run the pods with
the restricted PodSecurityPolicy. These capabilities are requested by
the Pods, but not available in the default set of allowed
capabilities.
Issue-ID: MULTICLOUD-1324
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I54ae12434572e2e2dd1fe2ec9298d04557331d94
|
|
Issue-ID: MULTICLOUD-1323
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Iac2046b6df4f76efc7f7745567740fffb9b8e72a
|
|
The intention with this change is to disable CAP_NET_RAW (which can be
a security vulnerability) for created Pods.
kubespray provides the podsecuritypolicy_enabled variable for enabling
privileged (for kube-system) and restricted (for everyone else)
policies. Enabling this requires binding the KUD_ADDONs to the
privileged policy and specifying the security context correctly for
Pods running in the default namespace.
As of this change, the only difference between the privileged and
restricted security policies is the dropping of CAP_NET_RAW in the
restricted policy. To use the default restricted policy provided with
kubespray, additional changes must be made to the Pods that are run in
the default namespace (such as runing as a non-root user, not
requesting privileged mode, etc.).
Issue-ID: MULTICLOUD-1256
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I7d6add122ad4046f9116ef03a249f5c9da1d7eec
|
|
- Replace move of ansible.cfg from kubespray distribution to
/etc/ansible with ANSIBLE_CONFIG environment variable. Ansible
modifies ansible.cfg during installation, and the paths in it are
relative.
- kubespray 2.14.1 requires a kubernetes version > 1.16. Use the
default versions of kubernetes and helm provided by kubespray
2.14.1.
- kubespray 2.14.1 replaces helm 2 with helm 3. This removes support
for helm init and helm serve. It is no longer necessary to call
helm init, and the helm serve repository is replaced with file
relative URLs. This also triggered a subsequent update of the
kubernetes-helm ansible module to include the newer helm versions.
- Add "storageType: hostPath" to etcd/values.yaml. Helm deploy of
etcd will fail without this due to nil
PersistentVolume.metadata.labels.type.
- The mitogen module used by kubespray/ansible requires python2 on the
hosts. Use the linear strategy to bypass mitogen and install
python2 on the cluster hosts.
Issue-ID: MULTICLOUD-1230
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I9f50bb4e123fdcacab6b6a97e79cd09fb5c96634
|
|
Update kubespray to 2.12 to deploy Kubernetes 1.16
Issue-ID: MULTICLOUD-1063
Signed-off-by: Yao Le <le.yao@intel.com>
Change-Id: I537f6395e5d05d8b72411dd1e0789e19972f1947
|
|
Change docker version to fix kubespray issue in containerization soltuion
Co-authored-by: Ritu Sood <ritu.sood@intel.com>
Co-authored-by: Le yao <le.yao@intel.com>
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
Issue-ID: MULTICLOUD-1073
Change-Id: Id575c64b1630127f1a06ce89ba5b89249d004956
|
|
Issue-ID: MULTICLOUD-867
Co-authored-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
Co-authored-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: I37b8112bdd5809f1ae0eaa58ddb0d834d395e8d8
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
|
|
Issue-ID: MULTICLOUD-827
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
Change-Id: I0205459a032c8876943e9b50e61b2c315b138af9
|