This PS updates python modules and code to match Airflow 2.6.2:
- bionic py36 gates were removed
- python code corrected to match new modules versions
- selection of python modules versions was perfoemed based on
airflow-2.6.2 constraints
Change-Id: I9c3e139b3437414a61af7e7c0b7d7e533fadefda
The Corefile in values.yaml has been unchanged since before CoreDNS
version 1.1.3, but the specified image version is 1.6.4.
This change aligns the Corefile with the CoreDNS version, as generated
by the Corefile migration tool [0]:
corefile-tool migrate --from 1.1.3 --to 1.6.4
0: https://github.com/coredns/corefile-migration/tree/master/corefile-tool
Change-Id: I8912737bf219e43e1b8e477109a76d38085014f2
This updates the coredns, haproxy and etcd chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag
Change-Id: I9b5b0ea83acd4c5656577d8cbc684a5031ca0111
This is uplift for CoreDNS to version 1.6.2
Upstream CoreDNS image has no tools inside like wget/dig and can't
be used as is because pod probes will fail. Coredns pod has
Liveness/Readiness probes which are just a shell script to run
wget/dig to determine that CoreDNS is functional. So, decided
to add tools for probes in promenade image and do refactoring.
New endpoints for health check are running in side-car:
/externalhealth - to do the same check like previous shell script,
/selfcheck - to do check of the health of side-car itself.
Main container should be pointed to check endpoint provided by
side-car container.
Change-Id: Ib7fcf309b6cc34a86eeeec6e2109988cfa862955
This updates coredns chart to include the podsecurity context
on the pod template
This also adds the container security context to set
readOnlyRootFilesystem to true
Change-Id: Ib44e7b9e5d0ccc642ee095062f3aefcfef2a98f8
CoreDNS is critical to cluster operations, and is also a very lightweight
service. This change makes the CoreDNS service deployable as a Deployment
(current behavior), a DaemonSet, or both simultaneously. This allows
DNS to be easily configured to run on all nodes (or all control
plane nodes if desired) for high availability of the service and
resiliency of the cluster.
The "deplyoment and daemonset" behavior can be used to provide an
uninterrupted migration path from a Deployment-based environment
to a DaemonSet-based one.
Change-Id: I58c3e62ac4892a4d9374d99eefe8055865cebf1e
This removes an external dependency from the default
liveness check. Previously the coredns liveness probe
would attempt to resolve both an internal and external DNS
name to ensure DNS is working properly. In practice, however,
external DNS resolution errors tend to be the result of
external networking issues, which won't be solved by deleting
and recreating the coredns service pod (which is the result
of the failed liveness probe).
If extneral name resolution is desired, it can still be
specified in the coredns chart override list.
Change-Id: Ife0d8ebab7bd298e1429bc23140c291e129ac9f5
This change updates the following components in the Promenade charts,
docs, and example bootstrap configuration:
Kubernetes 1.10.11 -> 1.11.6
CoreDNS 1.1.2 -> 1.1.3 (per k8s 1.11 recommendations)
Etcd 3.2.14 -> 3.2.18 (per k8s 1.11 recommendations)
Tiller 2.10.0 -> 2.12.1 (per Helm k8s support)
This change has been tested by the Promenade resiliency gate.
Change-Id: Ia70de212dd2d50c6638578b92c750a4d5c791229
This patchset makes possible to set/update the quantity of replicas
for CoreDNS through the variable in values.yaml.
Change-Id: I9a6ad0f7f2fe95b7d8cfd2ac5f4c6e235e8bb1a4
- Update Makefile to more closely match UCP standards
- Add resource limits to any Pods missing them
Change-Id: Ia791a6b207c2baca7dd3141be71aef513c916661
Adds a values.yaml api to the CoreDNS chart for configuring prometheus
monitoring service annotations.
Change-Id: I54cee618fc7a0b2f45fe1ef0e9820feccdc73cae
This removes the reliance on coredns for APIserver discovery, allowing
a simpler configuration that is compatible with corednx 1.0.x
Change-Id: Ia3b7b5627c16ec47af6b0d6d5e8dee2674e9b1ee
This PS bumps the version of K8s used to 1.8.6 which adds:
* prometheus metrics for the PodSecurityPolicy admission controller
* Numerious scheduler fixes
* fixes for overlay2 metrics
* fixes for podSecurityPolicy
Change-Id: Ib46ea1a68c9f34f83b04976f49230ae67f811e66
This change includes several interconnected features:
* Migration to Deckhand-based configuration. This is integrated here,
because new configuration data were needed, so it would have been
wasted effort to either implement it in the old format or to update
the old configuration data to Dechkand format.
* Failing faster with stronger validation. Migration to Deckhand
configuration was a good opportunity to add schema validation, which
is a requirement in the near term anyway. Additionally, rendering
all templates up front adds an additional layer of "fail-fast".
* Separation of certificate generation and configuration assembly into
different commands. Combined with Deckhand substitution, this creates
a much clearer distinction between Promenade configuration and
deployable secrets.
* Migration of components to charts. This is a key step that will
enable support for dynamic node management. Additionally, this paves
the way for significant configurability in component deployment.
* Version of kubelet is configurable & controlled via download url.
* Restructuring templates to be more intuitive. Many of the templates
require changes or deletion due to the migration to charts.
* Installation of pre-configured useful tools on hosts, including calicoctl.
* DNS is now provided by coredns, which is highly configurable.
Change-Id: I9f2d8da6346f4308be5083a54764ce6035a2e10c