Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
The intention with this change is to disable CAP_NET_RAW (which can be
a security vulnerability) for created Pods.
kubespray provides the podsecuritypolicy_enabled variable for enabling
privileged (for kube-system) and restricted (for everyone else)
policies. Enabling this requires binding the KUD_ADDONs to the
privileged policy and specifying the security context correctly for
Pods running in the default namespace.
As of this change, the only difference between the privileged and
restricted security policies is the dropping of CAP_NET_RAW in the
restricted policy. To use the default restricted policy provided with
kubespray, additional changes must be made to the Pods that are run in
the default namespace (such as runing as a non-root user, not
requesting privileged mode, etc.).
Issue-ID: MULTICLOUD-1256
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I7d6add122ad4046f9116ef03a249f5c9da1d7eec
|
|
Note that as mentioned in install_qat.sh, the kernel command line must
include "intel_iommu=on iommu=pt" for the deploy and test to succeed.
The underlying issue is that the playbook was expecting to be run on
the same host it executed on and was looking for files in the wrong
places.
Issue-ID: MULTICLOUD-1261
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I5f59b9147f34f077fcdc63d7fc5f80b56977054c
|
|
The emco-fluentd pod is stuck in CrashLoopBackOff due to a failure to
resolve the "cluster.local" name. Explicitly set the
fluentd.clusterDomain value to the actual cluster name during helm
install.
Issue-ID: MULTICLOUD-1244
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ia6424e7ce8d4544511ad88c478e65fa8c4df0c52
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The only change to the upstream yml is the removal of the
kube-multus-ds-ppc64le DaemonSet and the replacement of
"default-cni-network" with "cni0".
Note also that the v3.6 yml actually uses the v3.4.1 image tag. The
yml now points to a v3.4.1 image with the addition of code to merge
the results from all delegates to support Virtlet.
Issue-ID: MULTICLOUD-1230
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I0e18644a567facfac1fd7dc1c053002b2d906288
|
|
- Replace move of ansible.cfg from kubespray distribution to
/etc/ansible with ANSIBLE_CONFIG environment variable. Ansible
modifies ansible.cfg during installation, and the paths in it are
relative.
- kubespray 2.14.1 requires a kubernetes version > 1.16. Use the
default versions of kubernetes and helm provided by kubespray
2.14.1.
- kubespray 2.14.1 replaces helm 2 with helm 3. This removes support
for helm init and helm serve. It is no longer necessary to call
helm init, and the helm serve repository is replaced with file
relative URLs. This also triggered a subsequent update of the
kubernetes-helm ansible module to include the newer helm versions.
- Add "storageType: hostPath" to etcd/values.yaml. Helm deploy of
etcd will fail without this due to nil
PersistentVolume.metadata.labels.type.
- The mitogen module used by kubespray/ansible requires python2 on the
hosts. Use the linear strategy to bypass mitogen and install
python2 on the cluster hosts.
Issue-ID: MULTICLOUD-1230
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I9f50bb4e123fdcacab6b6a97e79cd09fb5c96634
|
|
NOTE: This is not a complete fix, it is only a workaround so that
installer.sh can succeed when Optane hardware is not present.
Without this, "No such file or directory" is reported during the
"Apply Optane PMEM CSI Daemonset" task of the configure-optane
playbook. This error was observed with kubespray 2.14.1 and not with
2.12.6.
Issue-ID: MULTICLOUD-1234
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I1e23741d704ab117a84b4ed11e2f7ac02f0f2ec2
|
|
The delete is run at the start of the test, it is expected that the
resource does not exist.
Issue-ID: MULTICLOUD-1243
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I1b060ec8f17fd4b9b76ed03d8dc3bd7c21756690
|
|
Without this change, the '.request.release-name' query causes jq to
get confused by the '-' and fail the test script:
jq: error: name/0 is not defined at <top-level>, line 1:
.request.release-name
jq: 1 compile error
Issue-ID: MULTICLOUD-1241
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I386cd46db8e44c92bc24d8eb8a9e3964d9b87d39
|
|
grep returns a non-zero error code if the pattern is not found. This
would cause the topology-manager.sh test to exit prematurely instead
of capturing and logging the error and returning zero as intended.
Issue-ID: MULTICLOUD-1240
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I29c4d30630c0f803325c2ed024d4c0b9e8a0e911
|
|
Building on the target host fixes a couple issues:
- In the containerized installer, the container image does not include
the necessary kernel headers to build the module.
- The build and target host must have the same kernel version. There
is no guarantee of this.
The deploy uses NFD, similar to the QAT playbook.
Issue-ID: MULTICLOUD-1228
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I58705b73b8ce6d381b4649d5a20b8644e51e1b13
|
|
Update the ovnaction controller APIs to support
the api change of including the deployment intent
group in the URL. Also fixup:
- vfw and other test cases to support the change
- updates to emcoctl tool and examples
Issue-ID: MULTICLOUD-1218
Signed-off-by: Eric Multanen <eric.w.multanen@intel.com>
Change-Id: Icadacb5ec6d7c238bb3bf8a44a39c30692ecebee
|
|
Modify the genericPlacementIntent API such that deploymentIntentGroup
becomes a mandatory parameter.
Issue-ID: MULTICLOUD-1218
Signed-off-by: Rajamohan Raj <rajamohan.raj@intel.com>
Change-Id: I33d2eeac5b60228e9c08921c9347b1b6aa3f8d28
|
|
|
|
Provide information about instance resources and Pods inside status
response.
Issue-ID: MULTICLOUD-1177
Signed-off-by: Konrad Bańka <k.banka@samsung.com>
Change-Id: Iee6fd56120d091dddfa6b6d0e4aa7eb36d40e888
|
|
To deploy to multiple clusters, set the KUD_PLUGIN_FW_CLUSTERS
environment variable to the following format (an array of cluster data
objects):
[
{
"metadata": {
"name": "NAME",
"description": "DESCRIPTION",
"userData1": "USER_DATA_1",
"userData2": "USER_DATA_2"
},
"file": "KUBECONFIG_PATH"
},
{
...
}
]
Issue-ID: MULTICLOUD-1217
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I4c80fbcef1162b441c4dfba4ce2bfd3ac419bc25
|
|
|
|
|
|
Rename v2/onap4k8s to v2/emco, and rename sanity-check-for-v2.sh to
emco.sh. This allows --plugins emco to be passed to installer.sh in
place of --plugins onap4k8s.
Issue-ID: MULTICLOUD-1181
Signed-off-by: Todd <todd.malsbary@intel.com>
Change-Id: Idb427a8aa4c8aaff181965a540078c8cf6dd88aa
|
|
Issue-ID: MULTICLOUD-1181
Signed-off-by: Todd <todd.malsbary@intel.com>
Change-Id: Ibfdf401d40398bf6b94543dedf4c860951d50de7
|
|
Create helm chart for sdewan-controller in KUD
Issue-ID: MULTICLOUD-1104
Signed-off-by: Yao Le <le.yao@intel.com>
Change-Id: Ic5d8daecdecba52c05d3ed38fa91ebd555ce5533
|
|
|
|
This allows it to be used as an automated test.
Issue-ID: MULTICLOUD-1181
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ib8636159291243bbb60f974984f296b67f6e397e
|
|
Allow release-name property to be provided during instantiation that, if
provided, overrides release-name specified in profile.
Additionally updated Makefile to allow easy compilation with different
go version easily.
Issue-ID: MULTICLOUD-1175
Signed-off-by: Konrad Bańka <k.banka@samsung.com>
Change-Id: Id8db484369045cfb0bc99543a80317644fc838f9
|
|
|
|
Issue-ID: MULTICLOUD-1146
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
Change-Id: I221cfc74809c3179c6bc389b513f20128138d24f
|
|
Prior to this change qat_plugin_privileges.yaml fails to kubectl apply
due to a validation error.
Issue-ID: MULTICLOUD-1182
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ibe73c1b39d1164fe05ea5cdede74dc93f846c943
|
|
Removed dependency of rsync registration
from orchestrator.RSYNC shall have a function NewRsyncInfo to initiate a
new rsync independent of the orchestrator and make
gRPC calls.
Issue-ID: MULTICLOUD-1196
Signed-off-by: Rajamohan Raj <rajamohan.raj@intel.com>
Change-Id: I16bbac6a6865cf3c4ee7b763dac72abe2ed1ad0a
|
|
All negative tests are in negative_tests directory
Null is provided as an input to the POST, DELETE, and GET commands
and the behavior is observed
Issue-ID: MULTICLOUD-1142
Signed-off-by: Aditya Sharoff <aditya.sharoff@intel.com>
Change-Id: I8ccf4b5615fc378698faf7f88971db1e250de9b6
Signed-off-by: Aditya Sharoff <aditya.sharoff@intel.com>
|
|
Update plugin_fw.sh test script to also check for proper work of
override parameters functionality of instance API.
Also update instance API response to exclude duplicated
override-parameters entry, that's anyway accessible under
'.request.override-values' json path.
Issue-ID: MULTICLOUD-1176
Signed-off-by: Konrad Bańka <k.banka@samsung.com>
Change-Id: Ie1a336ceb7de1a656f77d4c43ee4775c60cb88fb
|
|
In this patch, updated all the charts related to m3db.
Developed scripts for deployment m3db stack through
orchestrator.
Issue-ID: MULTICLOUD-1112
Signed-off-by: Rajamohan Raj <rajamohan.raj@intel.com>
Change-Id: I42677809709fc4d12f16a156e563d6618a8f8437
|
|
|
|
Issue-ID: MULTICLOUD-1005
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
Change-Id: I2ebf81bf61d1eb6ea245ab421b426f4d44667f5b
|
|
|
|
Add support in the AppContext for managing an AppContext
(composite app level) status value.
Also adds support for tracking rsync status at the resource
level.
A mechanism for tracking history at the controlling resource
level (i.e. DeploymentGroupIntnt or Cluster) is added, in part,
so that all AppContexts associated can be deleted when
the resource is eventually deleted.
Issue-ID: MULTICLOUD-1042
Change-Id: I3d0a9a97ea45ca11f9f873104476e4b67521e56a
Signed-off-by: Eric Multanen <eric.w.multanen@intel.com>
|
|
|
|
Integrate topology manager by utilizing ansible
scripts from openness.
Issue-ID: MULTICLOUD-1102
Signed-off-by: ChenjieXu <chenjie.xu@intel.com>
Change-Id: Ibaaf77e44c97edffe1ae03bf77c2422c89783e75
|
|
Issue-ID: MULTICLOUD-1174
Signed-off-by: Rajamohan Raj <rajamohan.raj@intel.com>
Change-Id: I21186c464a2e41d9ec44e4002295c94de060e8c6
|
|
Add a StateInfo structure to the Cluster and
Deployment-Intent-Group resources to keep track of
the lifecycle state of these resources. Moved the
appcontext id that was being kept into this structure
as well. Enabled the approve state (and API) for
the deployment intent group.
Issue-ID: MULTICLOUD-1042
Signed-off-by: Eric Multanen <eric.w.multanen@intel.com>
Change-Id: I36602d8a0658d9d6d37b8799f9a372a7d1042496
|
|
Developed a script which can be used to test a new release and
confirm that the minimum components like clm, instantiation by
orchestrator and rsync are working fine after the code change.
Issue-ID: MULTICLOUD-1174
Signed-off-by: Rajamohan Raj <rajamohan.raj@intel.com>
Change-Id: I7d519fa88b71fb34d13b7d61f3f8b36edc9fa5f3
|
|
|
|
|
|
|
|
Updates the kud/hosting_providers/vagrant/README.md to include
info about the ./config/samples/pdf.yml.* sample files.
Issue-ID: MULTICLOUD-1129
Change-Id: I5ab02948932d8a9e9e5a8cfc65350726183cd78d
Signed-off-by: Larry Sachs <larry.j.sachs@intel.com>
|