Revisions of kubernetes-salt
Containers Team (containersteam)
committed
(revision 217)
new commit from concourse: Commit ec9c37c by Flavio Castelli fcastelli@suse.com Introduce feature-gates pillar Allow feature gates to be toggled via a dedicated pillar. feature#feature-gates
Containers Team (containersteam)
committed
(revision 216)
new commit from concourse: Commit 165baf2 by Federico Ceratto federico.ceratto@suse.de Switch caasp_nodename to using __opts__
Containers Team (containersteam)
committed
(revision 215)
new commit from concourse: Commit 52b61c2 by Flavio Castelli fcastelli@suse.com crio: fix upgrade orchestration Ensure everything is fine on the admin node feature#crio Signed-off-by: Flavio Castelli <fcastelli@suse.com> Commit 33256f0 by Flavio Castelli fcastelli@suse.com crio: cleanup code Several changes to reflect the feedback got on the pull request. feature#crio Signed-off-by: Flavio Castelli <fcastelli@suse.com> Commit f62aaec by Flavio Castelli fcastelli@suse.com Do not rely on salt virtual_subtype grain The `virtual_subtype` grain cannot be used to identify salt minions that are running inside of containers started by kubernetes. The salt core code sets this grain to `Docker` by looking at the cgroup hierarchy of PID 1 on the minion. On regular docker container (not managed by kubernetes!) the cgroup hierarchy includes a `docker` slice. However all the containers started by kubelet are placed under the `kubepods` slice. Right now the only salt minion running inside of a container is the `ca` one, which can be easily identified by looking at its roles. This commit changes our salt states to use roles instead of the unreliable `virtual_subtype` grain. feature#crio Signed-off-by: Flavio Castelli <fcastelli@suse.com> Commit 569c9aa by Flavio Castelli fcastelli@suse.com Extend motd Show information about the container runtime used on the node. feature#crio Signed-off-by: Flavio Castelli <fcastelli@suse.com> Commit 1bae9eb by Flavio Castelli fcastelli@suse.com Remove unused cri abstractions cri-o doesn't have yet a way to copy files from the host into its running containers. Fortunately this feature is required only on the admin node, which is still using docker. This commit removes some of the abstractions introduced to be able to copy files into running containers. We will revert this commit later on, once we migrate the admin node to use cri-o. feature#crio Signed-off-by: Flavio Castelli <fcastelli@suse.com> Commit 0c7a2b2 by Flavio Castelli fcastelli@suse.com Fix issue caused by velum pillar override Pillars set by velum are going to override what is set via the `salt/pillars` files. That caused all the nodes to be using cri-o. The following code enforces 'docker' to be used for all the nodes with a certain role (eg: the admin and the ca ones). feature#crio Signed-off-by: Flavio Castelli <fcastelli@suse.com> Commit 72e93b8 by Flavio Castelli fcastelli@suse.com Full support of cri-o Allow to deploy new SUSE CaaS Platform clusters using cri-o as a container runtime instead of docker. The cluster will keep using docker on the admin node, while all the other nodes are going to use cri-o. It's not possible to have mixed environments, all nodes have to use the same container runtime. The CRI can be chosen by setting the value of the `cri:name` pillar, which is defined inside of the `pillar/cri.sls` file. By default `docker` is being used. feature#crio Signed-off-by: Flavio Castelli <fcastelli@suse.com> Commit 8bc9d1b by Flavio Castelli fcastelli@suse.com Remove e2e image puller manifest This is no longer used. Commit e4b586a by Alvaro Saurin alvaro.saurin@gmail.com Added support for the CRIO containers runtime
Containers Team (containersteam)
committed
(revision 214)
new commit from concourse: Commit 902cc67 by Kiall Mac Innes kiall@macinnes.ie Ensure salt master and api configs are complete This moves the external_auth section over to 50-master.conf, as this is needed by the salt-master process, and duplicates `user: root` from 50-master.conf to 50-api.conf - which allows salt-api to start and function without it reading 50-master.conf
Containers Team (containersteam)
committed
(revision 213)
new commit from concourse: Commit 24835c2 by Alvaro Saurin alvaro.saurin@gmail.com Fix: always remove the "we-are-removing-a-node" cluster-wide grain. Make sure we flush the mine (for the target) after removing the target's key. feature#node_removal
Containers Team (containersteam)
committed
(revision 212)
new commit from concourse: Commit 9d782ee by Michal Jura mjura@suse.com Add cinder volume type to cluster user policy, bsc#1089863
Containers Team (containersteam)
committed
(revision 211)
new commit from concourse: Commit 32b868a by Rafael Fernández López ereslibre@ereslibre.es Remove unneeded variables feature#code-cleanup
Containers Team (containersteam)
committed
(revision 210)
new commit from concourse: Commit 2355abd by Rafael Fernández López ereslibre@ereslibre.es Add force removal orchestration This orchestration will try to unregister a node on a best-effort basis, and is considered to always succeed. feature#force-node-removal
Containers Team (containersteam)
committed
(revision 209)
new commit from concourse: Commit 009516d by Federico Ceratto federico.ceratto@suse.de Lowercase hostnames
buildservice-autocommit
accepted
request 596327
from
Containers Team (containersteam)
(revision 208)
baserev update by copy to link target
Containers Team (containersteam)
committed
(revision 207)
new commit from concourse: Commit 5e89e09 by Thorsten Kukuk kukuk@thkukuk.de Add pyroute2 and etcd python modules as Requires (moved from patterns) Commit 026ea39 by Thorsten Kukuk kukuk@thkukuk.de Use python3 for post SLE12 and kubic as image name for Factory
Containers Team (containersteam)
committed
(revision 206)
new commit from concourse: Commit 236835f by Alvaro Saurin alvaro.saurin@gmail.com Code cleanup: use `caasp_grains.get` instead of a local version. feature#code_cleanup
Containers Team (containersteam)
committed
(revision 205)
new commit from concourse: Commit 0e7d745 by Alvaro Saurin alvaro.saurin@gmail.com Configure taints/labels on the replacement node Fix typo feature#node_removal
Containers Team (containersteam)
committed
(revision 204)
new commit from concourse: Commit 69d271d by Rafael Fernández López ereslibre@ereslibre.es Remove unneeded includes `ca-cert` and `cert` for `velum/init.sls` and `ldap/init.sls` feature#deployment-stability
Containers Team (containersteam)
committed
(revision 203)
new commit from concourse: Commit 1de5846 by Kiall Mac Innes kiall@macinnes.ie Add PodSecurityPolicy Support Add support for PodSecurityPolicy's, allowing us to disable use of the hostPath volume type. This change adds 2 PSP's: _service kubernetes-salt.changes kubernetes-salt.spec master.tar.gz unprivileged (Default assigned to all users) The unprivileged PodSecurityPolicy is intended to be a reasonable compromise between the reality of Kubernetes workloads, and suse:caasp:psp:privileged. By default, we'll grant this PSP to all users and service accounts. _service kubernetes-salt.changes kubernetes-salt.spec master.tar.gz privileged The privileged PodSecurityPolicy is intended to be given only to trusted workloads. It provides for as few restrictions as possible and should only be assigned to highly trusted users. Fixes bsc#1047535
buildservice-autocommit
accepted
request 595612
from
Containers Team (containersteam)
(revision 202)
baserev update by copy to link target
buildservice-autocommit
accepted
request 595182
from
Containers Team (containersteam)
(revision 201)
baserev update by copy to link target
Containers Team (containersteam)
committed
(revision 200)
new commit from concourse: Commit 489cbef by Alvaro Saurin alvaro.saurin@gmail.com Fix race condition on update-etc-hosts fix#update-etc-hosts
Containers Team (containersteam)
committed
(revision 199)
new commit from concourse: Commit 0ef0581 by Alvaro Saurin alvaro.saurin@gmail.com _service kubernetes-salt.changes kubernetes-salt.spec master.tar.gz Do some code cleanups in caasp_etcd.py by using the same logic for getting etcd replacements as for getting additional etcd servers when bootstrapping. _service kubernetes-salt.changes kubernetes-salt.spec master.tar.gz Move most of the removal logic to a caasp_nodes.py Python module, as Jinja is not a proper language... _service kubernetes-salt.changes kubernetes-salt.spec master.tar.gz Add the corresponding unit tests for this new Python code. _service kubernetes-salt.changes kubernetes-salt.spec master.tar.gz Do not be so strict when finding a replacement: if the replacement is not valid for a k8s master, do not make it unsuitable for etcd too. _service kubernetes-salt.changes kubernetes-salt.spec master.tar.gz Use some basic k8s master replacement finder. _service kubernetes-salt.changes kubernetes-salt.spec master.tar.gz Try to use some common logging functions _service kubernetes-salt.changes kubernetes-salt.spec master.tar.gz Refactor out the grains.get code to a new caasp_grains.py module (as it is shared by several custom modules) See https://trello.com/c/O7daOErL feature#node_removal
Containers Team (containersteam)
committed
(revision 198)
new commit from concourse: Commit c189bca by Alvaro Saurin alvaro.saurin@gmail.com Try to resist to transient node failures on updates See https://trello.com/c/irviWd1m feature#update_on_node_failures
Displaying revisions 161 - 180 of 377