Since after v3.5.6 etcd-io switched to a
distroless base image. Etcd anchor pods
are now using etcd-utility and etcd is
running a sidecar for health checks.
Change-Id: I198dca1209097de4d60a53a7568f0c4790679599
* operator logs is now streaming to pipeline and to pod
* printing status of armada chart objects
* adjust armada container cmd parameters to support both
golang and python based images
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Change-Id: I6d8629a48c1b862db937ddc3cd68792220388b19
Upgrading htk to version 0.2.55, which deprecates the ingress class
annotation (kubernetes.io/ingress.class) with .spec.ingressClassName
https://review.opendev.org/c/openstack/openstack-helm-infra/+/891720
Change-Id: Ibdec296ed9998d8fae22256aa1efa72933d53276
Signed-off-by: Anselme, Schubert (sa246v) <sa246v@att.com>
This PS updates python modules and code to match Airflow 2.6.2:
- bionic py36 gates were removed
- python code corrected to match new modules versions
- selection of python modules versions was perfoemed based on
airflow-2.6.2 constraints
Change-Id: I9c3e139b3437414a61af7e7c0b7d7e533fadefda
These changes were not needed and have negative impact on
the node deployment process.
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Change-Id: I134a2acdf831f1c1e2f475a09b2f1d4a85cf68bf
upgrades kubernetes client to v1.26.0
remove installation of containerd during genesis.sh to prevent containerd downgrade
update bitnami kubectl image to image with curl installed for readiness check
Change-Id: I3afd5a7e7211bae3f52263167a62a012da0619a0
add focal dockerfile
update zuul jobs for focal
update tox for tox4 changes
update all requirements to latest and match deckhand
update cfssl from R1.2 to v1.6.3
fixed local gates for focal
updated examples promenade manifests to run on focal
Change-Id: I2af4043784766d36588c6f738053ad66e7b89a90
Versions of Haproxy >=2.3 require the config file to end in a newline
or they'll exit with an error.
Change-Id: I9301ea679536b10ee5ad0d87d42c1655e5852616
Address changes and deprecations in Kubernetes v1.21=>v1.23
controller-manager:
* --authorization-kubeconfig and --authentication-kubeconfig must be set
* liveness/readiness probes must use HTTPS
* the default port has been changed to 10257
kubelet:
* --dynamic-config-dir has been deprecated, will not move to GA
* --cni-bin-dir has been deprecated, will be removed with dockershim
* --cni-conf-dir has been deprecated, will be removed with dockershim
* --network-plugin has been deprecated, will be removed with dockershim
https: //github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md#deprecation
https: //kubernetes.io/docs/tasks/administer-cluster/reconfigure-kubelet/
https: //github.com/kubernetes/enhancements/tree/master/keps/sig-node/281-dynamic-kubelet-configuration
Change-Id: Ia996d7c14d81d1d8b8067f11c02ffb4ce90eb49a
The helm wrapper script should be the same for genesis and non-genesis
nodes. The one previously used by join nodes is removed.
Change-Id: I212127f258b9eba4fce776cb690060dc413061ca
* Give kube-proxy a blanket toleration
* Replace scheduler.alpha.kubernetes.io/critical-pod annotation with
priorityClassName: system-node-critical
Change-Id: I810333913c09531eefa1ded014fe090d4cca7f7d
The validation function validate_kubectl_logs, which may be executed as
part of genesis or cluster join, creates a log-test pod and checks that
the 'kubectl logs' output is correct.
These completed pods don't really need to live in the cluster beyond the
initial deployment.
This change deletes the log-test pod if the validation is successful.
Change-Id: I6ae9c55f960ea70335d1fd79380c7119dc11a5e2
Create additional directories on the host, ensuring that they exist with
the appropriate permissions:
- /etc/etcd
- /var/log/kubernetes
Change-Id: I0b7bed19b849037cfcc812453731460563270278
Warning: For remote container runtime,
--pod-infra-container-image is ignored in kubelet,
which should be set in that remote runtime instead
Change-Id: Iec2df4873857c0d74a267810ef215f246102c2f4
Deprecated warning:
1. Flag --address has been deprecated, see --bind-address instead.
2. Flag --port has been deprecated, see --secure-port instead.
Change-Id: Ie93e95ab755dd338ac31914d1a50e61e351b907e
Removed PersistentVolumeLabel from apiserver to fix below warning.
Deprecated warning:
1. PersistentVolumeLabel admission controller is deprecated.
Please remove this controller from your configuration files and scripts.
2. insecure-port has been deprecated, This flag has no effect now
and will be removed in v1.24.
Change-Id: Iaccff8467b5ed967fa41e85b38c27f7345cd97bb
In v1.20, TokenRequest and TokenRequestProjection become GA features,
and the following flags are required by the API server:
* --service-account-issuer
* --service-account-key-file
* --service-account-signing-key-file
This change ensures that the flags are set, and that the required keys
are in the right places.
Change-Id: I6606c5b1c9ff005d1943b424e3e7ad4d20b68408
The tiller container in the armada bootstrap pod relies on the insecure
port that kube-apiserver once listened on by default. The kube-apiserver
ability to serve on an insecure port, deprecated since v1.10, has been
removed in v1.20. [0]
This change updates the armada bootstrap pod to use the secure port
instead.
0: https://github.com/kubernetes/kubernetes/pull/95856
Change-Id: I6a37fa4e7f97c7aaa3cd0f61b56214483a7dc217
The extraction of the monolithic hyperkube binary from its container
image to be used as kubelet was last relevant in Kubernetes 1.16. Since
then, the hyperkube image has been deprecated, the structure of the
image has been changed, and it has ultimately been eliminated in
Kubernetes 1.19.
This change cleans up promenade accordingly.
Reverts the following commits:
* 886007b New CLI option to extract hyperkube
* 32a6c15 hyperkube image in promenade init
* 955deed New source for hyperkube binary definition
Change-Id: Ib62ecdf1af13abe8202a4ba4f86c39b9042ed13f
This change allows the HostSystem and Genesis document to specify direct
URLs to files (for example, kubelet and kubectl) that are to be written
to the deployed hosts.
Change-Id: I1828d4a9e654537448631434b26b5becc4d2d717
The /hyperkube prefix isn't required and causes problems when using
non-hyperkube images elsewhere.
Related earlier change: https://review.opendev.org/#/c/754487/
Change-Id: I23918669bae4d9b7d41140b2c26d3176c45665ee
When pip is upgraded to 20.3, the pip dependency resolver is much more
strict and will no longer install a combination of packages that is mutually
inconsistent[0].
These changes account for the fact that Shipyard imports Armada, Drydock,
Promenade, and Deckhand. Having said that, with pip 20.3, the pip
packages amongst those projects cannot conflict. A follow-up change may
be needed if more conflicts are found.
Change-Id: Ie6effbdae759158e19b0b0adb2bdac0396eab047
Patch PyYAML (via the pylibyaml library) to automatically enable the
LibYAML parser and emitter, which are faster than the Python versions.
https://pypi.org/project/pylibyaml/
Change-Id: Iad54bfd21083b24cad5429bd8ecf794a9ead513e
When serializing a block literal, be explicit that we want to treat it
as a string, instead of relying on implicit conversion.
Change-Id: Ia79600ebc228d8417342a0703167f34703169d5a
This ps makes following changes to upgrade kubernetes from v1.17.3
to v1.18.6.
- Updated all references to k8s images to 1.18.6
- Updated command options and api object and versions based on
k8s 1.18 release notes:
https://kubernetes.io/docs/setup/release/notes/
- Uplifted uwsgi to 2.0.19.1 to align with other airship
components, and to bring in fixes and improvements.
- Added build-essentials and python3-dev packages to pass the zull
gate, which was looking for a c compiler.
Change-Id: I1160d1e6e2f02a0524043641b9296ea39edb301e
Updated resiliency gate script to consistently pass all gate stages,
using ubuntu bionic image for node deployment.
- Updated developer-onbording.rst with information on how to configure
and run the resilency gate behind corporate proxy.
- Updated the gate scripts to use the proxy configuration.
- Updated up.sh to pull the hyperkube image as cache, to speed up and
stabalize the initial kublet deployment of kubernetes cluster services.
- Updated and added sleeps and retries in some of gate stages and
scripts to avoid gate failures due to transient environment issues.
- Updated the ubuntu base image for node deployments from xenial to\
bionic base image.
- Added code in treadown-nodes stage to manually remove the etcd
members: kubernetes and calico, since they still remain listed as
etcd members on genesis node, even after genesis is torn down.
Change-Id: Ia11d66ab30ac7a07626d4f1d02a6da48155f862d
Some YAML parsers (e.g. libyaml) don't like : without a trailing space.
This adds whitespace to improve parser compatibility and readability.
Change-Id: I62230ab3caef4963b2b63a264396e7057530fd3f
The cleanup process runs concurrently with pods that are actively
using kubernetes endpoints. In kubelet restart the endpoints are
often recreated breaking networking.
For now avoid the final restart.
Change-Id: I852721caa853315c6550e253cd3813ae49f00a4a
If the kubernetes apiserver (in the bootstrap Armada pod) runs with the
reconciler enabled, the kubernetes endpoint can be created with an
invalid port which will not be corrected later.
Change-Id: I6d5fb86c6c4ffded9f42bda6e2ffbf2fbc13806f
1. systemd-resolved should be removed/disabled before the symlink is
2. `domain` is redundant with the FQDN and replaced by `search`
3. correct resolv.conf EOL formatting issue
Change-Id: If7f8037c0623d9b1eb43171f09e492985a66b351
The kubelet restart at the end of the join script appears
to be unnecessary, since the only action taken by the script
between that and the previous kubelet start is node labelling
(which doesn't require a kubelet restart).
In addition, the timing of this restart may be triggering
a kubernetes state synchronization bug, where a pod's status
isn't updated to reflect the readiness of all of its containers.
Change-Id: I480d1b345e5ddcce0cac961ff9c2b76526c5b76f
When there is failure to fetch any of the apt urls, it skips and
continues. Due to which apt install fails in next step.
So added retry if apt fetch fails before proceeding to apt install.
Change-Id: I658024481b1be98d280cb1c9c4c2fb733a0d5697