Bug #1718926 “kubernetes-fedora: make configuration 1.8 compatib...” : Bugs : Magnum

Spyros Trigazis (strigazi) on 2017-09-22

summary:	- kubernetes-fedora: make kubelet configuration 1.8 compatible + kubernetes-fedora: make configuration 1.8 compatible
description:	updated

Spyros Trigazis (strigazi) on 2017-09-22

description:

updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-10-24: Fix proposed to magnum (master)

#1

Fix proposed to branch: master
Review: https://review.openstack.org/514603

Changed in magnum:
assignee:	nobody → Spyros Trigazis (strigazi)
status:	New → In Progress

OpenStack Infra (hudson-openstack) on 2017-11-20

Changed in magnum:
assignee:	Spyros Trigazis (strigazi) → yatin (yatinkarel)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-11-24: Fix merged to magnum (master)

#2

Reviewed: https://review.openstack.org/514603
Committed: https://git.openstack.org/cgit/openstack/magnum/commit/?id=f89cc4c98cd231b26e94e85526c59f7107ec7dd7
Submitter: Zuul
Branch: master

commit f89cc4c98cd231b26e94e85526c59f7107ec7dd7
Author: Spyros Trigazis <email address hidden>
Date: Tue Oct 24 10:03:12 2017 +0000

k8s_atomic: Add server to kubeconfig

    Since 1.6 --apiservers is deprecated and it is removed in
    1.8. Add the server parameter in kubeconfig and remove
    --apiservers.

Change-Id: Ie766ec0797fdc86a93e7f70a321d39332a73b552
Closes-Bug: #1718926

Changed in magnum:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-01-16: Fix proposed to magnum (master)

#3

Fix proposed to branch: master
Review: https://review.openstack.org/534309

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-01-17: Change abandoned on magnum (master)

#4

Change abandoned by Spyros Trigazis (strigazi) (<email address hidden>) on branch: master
Review: https://review.openstack.org/534309
Reason: In favor of https://review.openstack.org/#/c/533593/

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-02-08: Fix included in openstack/magnum 6.0.0

#5

This issue was fixed in the openstack/magnum 6.0.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-02-09: Fix proposed to magnum (stable/queens)

#6

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/542742

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-02-13: Fix merged to magnum (master)

#7

Reviewed: https://review.openstack.org/533593
Committed: https://git.openstack.org/cgit/openstack/magnum/commit/?id=2329cb7fb4d197e49d6c07d37b2f7ec14a11c880
Submitter: Zuul
Branch: master

commit 2329cb7fb4d197e49d6c07d37b2f7ec14a11c880
Author: Spyros Trigazis <email address hidden>
Date: Mon Jan 15 11:16:02 2018 +0100

k8s: Fix kubelet, add RBAC and pass e2e tests

Due to a few several small connected patches for the
fedora atomic driver, this patch includes 4 smaller patches.

Patch 1:
k8s: Do not start kubelet and kube-proxy on master

    Patch [1], misses the removal of kubelet and kube-proxy from
    enable-services-master.sh and therefore they are started if they
    exist in the image or the script will fail.

https://review.openstack.org/#/c/533593/
Closes-Bug: #1726482

Patch 2:
k8s: Set require-kubeconfig when needed

From kubernetes 1.8 [1] --require-kubeconfig is deprecated and
in kubernetes 1.9 it is removed.

Add --require-kubeconfig only for k8s <= 1.8.

[1] https://github.com/kubernetes/kubernetes/issues/36745

Closes-Bug: #1718926

https://review.openstack.org/#/c/534309/

Patch 3:
k8s_fedora: Add RBAC configuration

    * Make certificates and kubeconfigs compatible
      with NodeAuthorizer [1].
    * Add CoreDNS roles and rolebindings.
    * Create the system:kube-apiserver-to-kubelet ClusterRole.
    * Bind the system:kube-apiserver-to-kubelet ClusterRole to
      the kubernetes user.
    * remove creation of kube-system namespaces, it is created
      by default
    * update client cert generation in the conductor with
      kubernetes' requirements
    * Add --insecure-bind-address=127.0.0.1 to work on
      multi-master too. The controller manager on each
      node needs to contact the apiserver (on the same node)
      on 127.0.0.1:8080

[1] https://kubernetes.io/docs/admin/authorization/node/

    Closes-Bug: #1742420
    Depends-On: If43c3d0a0d83c42ff1fceffe4bcc333b31dbdaab
    https://review.openstack.org/#/c/527103/

Patch 4:
k8s_fedora: Update coredns config to pass e2e

    To pass the e2e conformance tests, coredns needs to
    be configured with POD-MODE verified. Otherwise, pods
    won't be resolvable [1].

[1] https://github.com/coredns/coredns/tree/master/plugin/kubernetes

https://review.openstack.org/#/c/528566/
Closes-Bug: #1738633

Change-Id: Ibd5245ca0f5a11e1d67a2514cebb2ffe8aa5e7de

Reviewed:  https://review.openstack.org/533593
Committed: https://git.openstack.org/cgit/openstack/magnum/commit/?id=2329cb7fb4d197e49d6c07d37b2f7ec14a11c880
Submitter: Zuul
Branch:    master

commit 2329cb7fb4d197e49d6c07d37b2f7ec14a11c880
Author: Spyros Trigazis <spyridon.trigazis@cern.ch>
Date:   Mon Jan 15 11:16:02 2018 +0100

k8s: Fix kubelet, add RBAC and pass e2e tests
    
    Due to a few several small connected patches for the
    fedora atomic driver, this patch includes 4 smaller patches.
    
    Patch 1:
    k8s: Do not start kubelet and kube-proxy on master
    
    Patch [1], misses the removal of kubelet and kube-proxy from
    enable-services-master.sh and therefore they are started if they
    exist in the image or the script will fail.
    
    https://review.openstack.org/#/c/533593/
    Closes-Bug: #1726482
    
    Patch 2:
    k8s: Set require-kubeconfig when needed
    
    From kubernetes 1.8 [1] --require-kubeconfig is deprecated and
    in kubernetes 1.9 it is removed.
    
    Add --require-kubeconfig only for k8s <= 1.8.
    
    [1] https://github.com/kubernetes/kubernetes/issues/36745
    
    Closes-Bug: #1718926
    
    https://review.openstack.org/#/c/534309/
    
    Patch 3:
    k8s_fedora: Add RBAC configuration
    
    * Make certificates and kubeconfigs compatible
      with NodeAuthorizer [1].
    * Add CoreDNS roles and rolebindings.
    * Create the system:kube-apiserver-to-kubelet ClusterRole.
    * Bind the system:kube-apiserver-to-kubelet ClusterRole to
      the kubernetes user.
    * remove creation of kube-system namespaces, it is created
      by default
    * update client cert generation in the conductor with
      kubernetes' requirements
    * Add --insecure-bind-address=127.0.0.1 to work on
      multi-master too. The controller manager on each
      node needs to contact the apiserver (on the same node)
      on 127.0.0.1:8080
    
    [1] https://kubernetes.io/docs/admin/authorization/node/
    
    Closes-Bug: #1742420
    Depends-On: If43c3d0a0d83c42ff1fceffe4bcc333b31dbdaab
    https://review.openstack.org/#/c/527103/
    
    Patch 4:
    k8s_fedora: Update coredns config to pass e2e
    
    To pass the e2e conformance tests, coredns needs to
    be configured with POD-MODE verified. Otherwise, pods
    won't be resolvable [1].
    
    [1] https://github.com/coredns/coredns/tree/master/plugin/kubernetes
    
    https://review.openstack.org/#/c/528566/
    Closes-Bug: #1738633
    
    Change-Id: Ibd5245ca0f5a11e1d67a2514cebb2ffe8aa5e7de

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-02-14: Fix merged to magnum (stable/queens)

#8

Reviewed: https://review.openstack.org/542742
Committed: https://git.openstack.org/cgit/openstack/magnum/commit/?id=eb92701e05bb57e4d608e5bc66a69ed33c82c76e
Submitter: Zuul
Branch: stable/queens

commit eb92701e05bb57e4d608e5bc66a69ed33c82c76e
Author: Spyros Trigazis <email address hidden>
Date: Mon Jan 15 11:16:02 2018 +0100

k8s: Fix kubelet, add RBAC and pass e2e tests

Due to a few several small connected patches for the
fedora atomic driver, this patch includes 4 smaller patches.

Patch 1:
k8s: Do not start kubelet and kube-proxy on master

    Patch [1], misses the removal of kubelet and kube-proxy from
    enable-services-master.sh and therefore they are started if they
    exist in the image or the script will fail.

https://review.openstack.org/#/c/533593/
Closes-Bug: #1726482

Patch 2:
k8s: Set require-kubeconfig when needed

From kubernetes 1.8 [1] --require-kubeconfig is deprecated and
in kubernetes 1.9 it is removed.

Add --require-kubeconfig only for k8s <= 1.8.

[1] https://github.com/kubernetes/kubernetes/issues/36745

Closes-Bug: #1718926

https://review.openstack.org/#/c/534309/

Patch 3:
k8s_fedora: Add RBAC configuration

    * Make certificates and kubeconfigs compatible
      with NodeAuthorizer [1].
    * Add CoreDNS roles and rolebindings.
    * Create the system:kube-apiserver-to-kubelet ClusterRole.
    * Bind the system:kube-apiserver-to-kubelet ClusterRole to
      the kubernetes user.
    * remove creation of kube-system namespaces, it is created
      by default
    * update client cert generation in the conductor with
      kubernetes' requirements
    * Add --insecure-bind-address=127.0.0.1 to work on
      multi-master too. The controller manager on each
      node needs to contact the apiserver (on the same node)
      on 127.0.0.1:8080

[1] https://kubernetes.io/docs/admin/authorization/node/

    Closes-Bug: #1742420
    Depends-On: If43c3d0a0d83c42ff1fceffe4bcc333b31dbdaab
    https://review.openstack.org/#/c/527103/

Patch 4:
k8s_fedora: Update coredns config to pass e2e

    To pass the e2e conformance tests, coredns needs to
    be configured with POD-MODE verified. Otherwise, pods
    won't be resolvable [1].

[1] https://github.com/coredns/coredns/tree/master/plugin/kubernetes

https://review.openstack.org/#/c/528566/
Closes-Bug: #1738633

Change-Id: Ibd5245ca0f5a11e1d67a2514cebb2ffe8aa5e7de

Reviewed:  https://review.openstack.org/542742
Committed: https://git.openstack.org/cgit/openstack/magnum/commit/?id=eb92701e05bb57e4d608e5bc66a69ed33c82c76e
Submitter: Zuul
Branch:    stable/queens

commit eb92701e05bb57e4d608e5bc66a69ed33c82c76e
Author: Spyros Trigazis <spyridon.trigazis@cern.ch>
Date:   Mon Jan 15 11:16:02 2018 +0100

k8s: Fix kubelet, add RBAC and pass e2e tests
    
    Due to a few several small connected patches for the
    fedora atomic driver, this patch includes 4 smaller patches.
    
    Patch 1:
    k8s: Do not start kubelet and kube-proxy on master
    
    Patch [1], misses the removal of kubelet and kube-proxy from
    enable-services-master.sh and therefore they are started if they
    exist in the image or the script will fail.
    
    https://review.openstack.org/#/c/533593/
    Closes-Bug: #1726482
    
    Patch 2:
    k8s: Set require-kubeconfig when needed
    
    From kubernetes 1.8 [1] --require-kubeconfig is deprecated and
    in kubernetes 1.9 it is removed.
    
    Add --require-kubeconfig only for k8s <= 1.8.
    
    [1] https://github.com/kubernetes/kubernetes/issues/36745
    
    Closes-Bug: #1718926
    
    https://review.openstack.org/#/c/534309/
    
    Patch 3:
    k8s_fedora: Add RBAC configuration
    
    * Make certificates and kubeconfigs compatible
      with NodeAuthorizer [1].
    * Add CoreDNS roles and rolebindings.
    * Create the system:kube-apiserver-to-kubelet ClusterRole.
    * Bind the system:kube-apiserver-to-kubelet ClusterRole to
      the kubernetes user.
    * remove creation of kube-system namespaces, it is created
      by default
    * update client cert generation in the conductor with
      kubernetes' requirements
    * Add --insecure-bind-address=127.0.0.1 to work on
      multi-master too. The controller manager on each
      node needs to contact the apiserver (on the same node)
      on 127.0.0.1:8080
    
    [1] https://kubernetes.io/docs/admin/authorization/node/
    
    Closes-Bug: #1742420
    Depends-On: If43c3d0a0d83c42ff1fceffe4bcc333b31dbdaab
    https://review.openstack.org/#/c/527103/
    
    Patch 4:
    k8s_fedora: Update coredns config to pass e2e
    
    To pass the e2e conformance tests, coredns needs to
    be configured with POD-MODE verified. Otherwise, pods
    won't be resolvable [1].
    
    [1] https://github.com/coredns/coredns/tree/master/plugin/kubernetes
    
    https://review.openstack.org/#/c/528566/
    Closes-Bug: #1738633
    
    Change-Id: Ibd5245ca0f5a11e1d67a2514cebb2ffe8aa5e7de

tags:

added: in-stable-queens

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-02-23: Fix included in openstack/magnum 6.1.0

#9

This issue was fixed in the openstack/magnum 6.1.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-08-13: Fix included in openstack/magnum 7.0.0

#10

This issue was fixed in the openstack/magnum 7.0.0 release.

Magnum

kubernetes-fedora: make configuration 1.8 compatible

Bug Description

Other bug subscribers

Remote bug watches