| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The default is 2.14.1 (the existing value). Setting
KUBESPRAY_VERSION=2.16.0 in the installer environment uses the newer
Kubespray version.
The newer Kubespray version installs Kubernetes 1.20.7. Kubernetes
1.20.7 comes with following caveats:
- The Virtlet addon is disabled; it does not work with 1.20.7. This
requires removing the plugin_fw test as well.
- Kubernetes 1.20.7 removed support for basic auth.
Issue-ID: MULTICLOUD-1251
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ic8b9fb1f3effc31da58de5bb3768ed9e509d50de
|
|
|
|
The steps performed by the existing ansible playbook can be
performed directly by kubespray. In addtion, fix and enable the
topology-manager.sh test.
Issue-ID: MULTICLOUD-1324
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Iee2197c1fc3e35288796399cccff0d3ae0925a6c
|
|
Specifying 'latest' as the docker_version without specifying a
compatible version of containerd can lead to package dependency
errors. Let kubespray select the versions to ensure consistency.
Also, installing docker from vagrant installer instead of letting
kubespray install it can lead to the same issues.
Issue-ID: MULTICLOUD-1359
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Iff41682fa0897fae8200e0f179137af844e314c0
|
|
This chart follows the upstream installation guide with the following
exceptions:
- The node-role.kubernetes.io/master:NoSchedule taint is not removed.
The YAML files already included the necessary tolerations.
- No node labeling is done. Instead, the ovn-control-plane node
selector is for the master role, and the nfn-operator pod affinity
is for "role: ovn-control-plane". This ensures that the
ovn-control-plane and nfn-operator run are scheduled on the same
master node, equivalent to the labelling approach used upstream.
Also, additional allowed capabilities are needed to run the pods with
the restricted PodSecurityPolicy. These capabilities are requested by
the Pods, but not available in the default set of allowed
capabilities.
Issue-ID: MULTICLOUD-1324
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I54ae12434572e2e2dd1fe2ec9298d04557331d94
|
|
Issue-ID: MULTICLOUD-1323
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Iac2046b6df4f76efc7f7745567740fffb9b8e72a
|
|
The intention with this change is to disable CAP_NET_RAW (which can be
a security vulnerability) for created Pods.
kubespray provides the podsecuritypolicy_enabled variable for enabling
privileged (for kube-system) and restricted (for everyone else)
policies. Enabling this requires binding the KUD_ADDONs to the
privileged policy and specifying the security context correctly for
Pods running in the default namespace.
As of this change, the only difference between the privileged and
restricted security policies is the dropping of CAP_NET_RAW in the
restricted policy. To use the default restricted policy provided with
kubespray, additional changes must be made to the Pods that are run in
the default namespace (such as runing as a non-root user, not
requesting privileged mode, etc.).
Issue-ID: MULTICLOUD-1256
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I7d6add122ad4046f9116ef03a249f5c9da1d7eec
|
|
- Replace move of ansible.cfg from kubespray distribution to
/etc/ansible with ANSIBLE_CONFIG environment variable. Ansible
modifies ansible.cfg during installation, and the paths in it are
relative.
- kubespray 2.14.1 requires a kubernetes version > 1.16. Use the
default versions of kubernetes and helm provided by kubespray
2.14.1.
- kubespray 2.14.1 replaces helm 2 with helm 3. This removes support
for helm init and helm serve. It is no longer necessary to call
helm init, and the helm serve repository is replaced with file
relative URLs. This also triggered a subsequent update of the
kubernetes-helm ansible module to include the newer helm versions.
- Add "storageType: hostPath" to etcd/values.yaml. Helm deploy of
etcd will fail without this due to nil
PersistentVolume.metadata.labels.type.
- The mitogen module used by kubespray/ansible requires python2 on the
hosts. Use the linear strategy to bypass mitogen and install
python2 on the cluster hosts.
Issue-ID: MULTICLOUD-1230
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I9f50bb4e123fdcacab6b6a97e79cd09fb5c96634
|
|
Update kubespray to 2.12 to deploy Kubernetes 1.16
Issue-ID: MULTICLOUD-1063
Signed-off-by: Yao Le <le.yao@intel.com>
Change-Id: I537f6395e5d05d8b72411dd1e0789e19972f1947
|
|
Change docker version to fix kubespray issue
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Issue-ID: MULTICLOUD-1073
Change-Id: I79571677f81efbb12a963b7527d918eddaf8db1f
|
|
Seeing intermittent issues with DNS failing
on KUD. Disabling node local DNS for now as
a possible workaround. This can be enabled
once other issues a isolated.
Issue-ID: MULTICLOUD-861
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: I502f1a41651cb9b7f284f6be36a752d302777703
|
|
Issue-ID: MULTICLOUD-454
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: I779971c21aac6e27a7f8fcafc708c4a70438f823
|
|
Updating Kubespray version from 2.8.2 to 2.10.4 for KuD offline
support and integration with new add-ons in future.
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-772
Change-Id: I4b7887aae359cd6197e696010acde6e204c41931
|
|
This reverts commit 5f760c3fb7d0e74833b1a2137e6ff3dadc71b2f5.
Issue-ID: MULTICLOUD-772
Change-Id: I6feffd87545195992fb28e98dcee4038d9b08474
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Updating Kubespray version from 2.8.2 to 2.10.4 for KuD offline
support and integration with new add-ons in future.
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-772
Change-Id: Ib1263e86adb9815e1ee56038507a3c092aad1feb
|
|
Removing kubectl (andrewrothstein.kubectl) dependency
that conflicts with kubectl installed by Kupespray.
Copy kubectl installed by Kubespray also to host
running Ansible.
That needs kubectl_localhost: true in Kubespray configuration
to make it copy binary to localhost.
Issue-ID: MULTICLOUD-667
Change-Id: I8c5f56488a9f559c4358cea5ad56fa23b26ec6aa
Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
|
|
The idea is to restructure the existing repo create a deployment
independent of Vagrant or other hosting providers.
Renamed KRD to KUbernetes Deploy(Kud) including the ansible scripts
Added new path to functional tests.
Moved samples pdfs to sites.
Minor changes to Readme.
Updated aio.sh, moved sample config
Corrected other nits. Updated and verified test cases.
Addressed comments and changes associated with it.
Updated Readme and minor change in Vagrantfile.
Validated test cases again. Moved aio.sh into vagrant folder.
Added new README for each hosting provider and project on the whole.
Updated the installer script with relative path.
Updated the name to deployment_infra, moved the cFW sripcts to tests.
Updated the gitignore file.
Issue-ID: MULTICLOUD-301
Change-Id: Ie48c26b12ab58b604493fba58a9c5b9f8ba10942
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
|
Todd Malsbary
Eric Multanen
Yao Le
Ritu Sood
Akhila Kishore
Kiran Kamineni
Samuli Silvius