Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
This chart follows the upstream installation guide with the following
exceptions:
- The node-role.kubernetes.io/master:NoSchedule taint is not removed.
The YAML files already included the necessary tolerations.
- No node labeling is done. Instead, the ovn-control-plane node
selector is for the master role, and the nfn-operator pod affinity
is for "role: ovn-control-plane". This ensures that the
ovn-control-plane and nfn-operator run are scheduled on the same
master node, equivalent to the labelling approach used upstream.
Also, additional allowed capabilities are needed to run the pods with
the restricted PodSecurityPolicy. These capabilities are requested by
the Pods, but not available in the default set of allowed
capabilities.
Issue-ID: MULTICLOUD-1324
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I54ae12434572e2e2dd1fe2ec9298d04557331d94
|
|
This chart deploys the CR used by the sriov-network-operator.
Issue-ID: MULTICLOUD-1324
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I9364868d3e58fd64e51a77aaa934284fad86a1b1
|
|
This chart contains the upstream sriov-network-operator from
k8snetworkplumbingwg together with an iavf driver installer.
Issue-ID: MULTICLOUD-1324
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ic925c66f8e2b28b7604240c3ed35b1a56883b60b
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The chart follows the instructions laid out in the CMK operator
manual, with the following notes:
- The nodes are prepared by running each CMK subcommand as a Pod
instead of running cmk cluster-init. The first reason for this is
that the existing addon only deploys CMK to the worker nodes in the
cluster. This is not possible using cluster-init without explicitly
providing the list of worker nodes to cluster-init, and this list is
unknown by helm. Instead it is sufficient to rely on the
node-role.kubernetes.io/master:NoSchedule taint. The second reason
is that cluster-init creates resources which are unknown to helm,
thus uninstall does not behave as expected.
- The v1.4.1 version of CMK is chosen. In v1.5.2, the description key
of the cmk-nodereport resource is not correct.
- All values listed as possibly requiring modification are exposed in
values.yaml
Issue-ID: MULTICLOUD-1324
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ibc75462de3729cd88edeb4b15602d57fe12791ca
|
|
Issue-ID: MULTICLOUD-1324
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I0c1d43de8506233eb62bde52641bb7fc95b422fc
|
|
|
|
Issue-ID: MULTICLOUD-1336
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I7a0ee4302c020e6b7ec785d6a85af636b6a85ecc
|
|
- Support for calico configuration is present but currently disabled.
Issue-ID: MULTICLOUD-1324
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I2d2161564c4da2e165e5cf13cea92fae4935f8b2
|
|
Issue-ID: MULTICLOUD-1324
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I90a9cf23a8fb01cbc579d2b6670b476494c2a7bb
|
|
This change adds iavf, qat, and pci device labels to the node feature
discovery config.
Issue-ID: MULTICLOUD-1324
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ie6296caf898983149483ac581428f2c80405bca8
|
|
Issue-ID: MULTICLOUD-1323
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Iac2046b6df4f76efc7f7745567740fffb9b8e72a
|
|
This fixes the following error when running ./setup.sh -p libvirt:
usermod: group 'libvirtd' does not exist
Newer versions of Ubuntu appear to have renamed the libvirtd group to
libvirt.
Issue-ID: MULTICLOUD-1322
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I54ffc4558cb8945e8c9f9ca751518b20a6de64d0
|
|
This fixes the following error when running ./setup.sh -p libvirt:
Installing the 'vagrant-libvirt' plugin. This can take a few minutes...
Bundler, the underlying system Vagrant uses to install plugins,
reported an error. The error is shown below. These errors are usually
caused by misconfigured plugin installations or transient network
issues. The error from Bundler is:
nokogiri requires Ruby version < 3.1.dev, >= 2.5.
Issue-ID: MULTICLOUD-1321
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ia867df9df3ec1cc27e2f17df4a72ffc88f6bdf44
|
|
|
|
It turned out prior url has been further changed and pip is unavailable
by it.
Issue-ID: MULTICLOUD-1255
Signed-off-by: Konrad Bańka <k.banka@samsung.com>
Change-Id: Id5c9285f74bda17c28ac56de8a847ab74005beba
|
|
Issue-ID: MULTICLOUD-1306
Signed-off-by: Konrad Bańka <k.banka@samsung.com>
Change-Id: Iea0c2e2a36adadc81860f622f04e85a389f53e0c
|
|
Issue-ID: MULTICLOUD-1255
Signed-off-by: Konrad Bańka <k.banka@samsung.com>
Change-Id: I800c4bdbe1fecc61f196ac3098910ae4278bf0cf
|
|
invalid syntax error when KUD is deployed
sys.stderr.write(f"ERROR: {exc}") SyntaxError: invalid syntax
Issue-ID: MULTICLOUD-1255
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: Ia4ecbad5735617a5606cbce2ed93a58cb7322cb5
|
|
|
|
|
|
Previously the installer would exit immediately after a failure by one
of the addon tests. Now, record the failure and run subsequent tests,
then exit if any fail.
Issue-ID: MULTICLOUD-1258
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I4fcad9b51b58277344de4fed0e40e87493dc3663
|
|
|
|
|
|
|
|
The intention with this change is to disable CAP_NET_RAW (which can be
a security vulnerability) for created Pods.
kubespray provides the podsecuritypolicy_enabled variable for enabling
privileged (for kube-system) and restricted (for everyone else)
policies. Enabling this requires binding the KUD_ADDONs to the
privileged policy and specifying the security context correctly for
Pods running in the default namespace.
As of this change, the only difference between the privileged and
restricted security policies is the dropping of CAP_NET_RAW in the
restricted policy. To use the default restricted policy provided with
kubespray, additional changes must be made to the Pods that are run in
the default namespace (such as runing as a non-root user, not
requesting privileged mode, etc.).
Issue-ID: MULTICLOUD-1256
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I7d6add122ad4046f9116ef03a249f5c9da1d7eec
|
|
Note that as mentioned in install_qat.sh, the kernel command line must
include "intel_iommu=on iommu=pt" for the deploy and test to succeed.
The underlying issue is that the playbook was expecting to be run on
the same host it executed on and was looking for files in the wrong
places.
Issue-ID: MULTICLOUD-1261
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I5f59b9147f34f077fcdc63d7fc5f80b56977054c
|
|
The test incorrectly checked the node running the test for sriov
feature support. This fix now checks the cluster for it.
Issue-ID: MULTICLOUD-1260
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I869823cc062968c8ac7b9fa037d425244a03799c
|
|
Issue-ID: MULTICLOUD-1259
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I92cc722818b9023b4aa29d191cf92e2c319f957b
|
|
Deploy the sdewan controller on master node
Change sdewan-contoller-manager to sdewan-crd-controller
Issue-ID: MULTICLOUD-1253
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: Ic55744914266278f1c344c10af587d41f4426918
|
|
The emco-fluentd pod is stuck in CrashLoopBackOff due to a failure to
resolve the "cluster.local" name. Explicitly set the
fluentd.clusterDomain value to the actual cluster name during helm
install.
Issue-ID: MULTICLOUD-1244
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ia6424e7ce8d4544511ad88c478e65fa8c4df0c52
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The only change to the upstream yml is the removal of the
kube-multus-ds-ppc64le DaemonSet and the replacement of
"default-cni-network" with "cni0".
Note also that the v3.6 yml actually uses the v3.4.1 image tag. The
yml now points to a v3.4.1 image with the addition of code to merge
the results from all delegates to support Virtlet.
Issue-ID: MULTICLOUD-1230
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I0e18644a567facfac1fd7dc1c053002b2d906288
|
|
- Replace move of ansible.cfg from kubespray distribution to
/etc/ansible with ANSIBLE_CONFIG environment variable. Ansible
modifies ansible.cfg during installation, and the paths in it are
relative.
- kubespray 2.14.1 requires a kubernetes version > 1.16. Use the
default versions of kubernetes and helm provided by kubespray
2.14.1.
- kubespray 2.14.1 replaces helm 2 with helm 3. This removes support
for helm init and helm serve. It is no longer necessary to call
helm init, and the helm serve repository is replaced with file
relative URLs. This also triggered a subsequent update of the
kubernetes-helm ansible module to include the newer helm versions.
- Add "storageType: hostPath" to etcd/values.yaml. Helm deploy of
etcd will fail without this due to nil
PersistentVolume.metadata.labels.type.
- The mitogen module used by kubespray/ansible requires python2 on the
hosts. Use the linear strategy to bypass mitogen and install
python2 on the cluster hosts.
Issue-ID: MULTICLOUD-1230
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I9f50bb4e123fdcacab6b6a97e79cd09fb5c96634
|
|
NOTE: This is not a complete fix, it is only a workaround so that
installer.sh can succeed when Optane hardware is not present.
Without this, "No such file or directory" is reported during the
"Apply Optane PMEM CSI Daemonset" task of the configure-optane
playbook. This error was observed with kubespray 2.14.1 and not with
2.12.6.
Issue-ID: MULTICLOUD-1234
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I1e23741d704ab117a84b4ed11e2f7ac02f0f2ec2
|
|
The delete is run at the start of the test, it is expected that the
resource does not exist.
Issue-ID: MULTICLOUD-1243
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I1b060ec8f17fd4b9b76ed03d8dc3bd7c21756690
|