Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-02-06 16:49:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubernetes-salt" Tue Feb 6 16:49:12 2018 rev:3 rq:573102 version:3.0.0+git_r561_e96818e Changes: -------- --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-02-02 22:22:14.461990881 +0100 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-02-06 16:49:15.219788996 +0100 @@ -1,0 +2,71 @@ +Mon Feb 5 16:52:13 UTC 2018 - [email protected] + +- Commit 21d9ab7 by Jordi Massaguer Pla [email protected] + [packaging] Replace | by # in sed expression + + as % is reserved for rpm macros + + Signed-off-by: Jordi Massaguer Pla <[email protected]> + + +------------------------------------------------------------------- +Mon Feb 5 15:53:16 UTC 2018 - [email protected] + +- Commit 0126b32 by Kiall Mac Innes [email protected] + Namespace the roles and cluster roles we create + + When we create a role, rolebinding etc, we should namespace the names in + order to make it obvious these are deployed as part of CaaSP, as well as to + help ensure these are obviously part of CaaSP, not a stock part of + Kubernetes. + + I've gone with a "suse:caasp:" prefix, which matches the "system:" prefix for + built in roles/rolebindings/etc. + + +------------------------------------------------------------------- +Mon Feb 5 10:28:39 UTC 2018 - [email protected] + +- Commit 40731ca by Flavio Castelli [email protected] + Update our manifests to reflect kubernetes 1.8 changes + + * rbac has been promoted to stable + * deploymen is now v1beta2 + * deamonset is now v1beta2 + + Signed-off-by: Flavio Castelli <[email protected]> + + +------------------------------------------------------------------- +Fri Feb 2 16:30:33 UTC 2018 - [email protected] + +- Commit 9ecb201 by Kiall Mac Innes [email protected] + Remove old mis-named tiller deployment + + Commit a66edac by Nikhil Manchanda [email protected] + helm should detect salt-installed tiller service + + The helm client looks for a tiller deployment called 'tiller-deploy' to + establish if tiller is already installed in the cluster, or not. Update our + salt install of tiller to use a deployment with the same name so that it will + be recognized by the helm client as already being installed. + + Fixes: bsc#1066201 + + +------------------------------------------------------------------- +Fri Feb 2 11:55:31 UTC 2018 - [email protected] + +- Commit 5b2893d by Alvaro Saurin [email protected] + Do not try to remove some flannel file that cannot be removed, and remove + some other instead + + +------------------------------------------------------------------- +Fri Feb 2 10:42:01 UTC 2018 - [email protected] + +- Commit cb27ba1 by Kiall Mac Innes [email protected] + Update flannel image tag to match flannel version + + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kubernetes-salt.spec ++++++ --- /var/tmp/diff_new_pack.Q0VFPX/_old 2018-02-06 16:49:16.447731539 +0100 +++ /var/tmp/diff_new_pack.Q0VFPX/_new 2018-02-06 16:49:16.447731539 +0100 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version: 3.0.0+git_r549_76bcd68 +Version: 3.0.0+git_r561_e96818e Release: 0 BuildArch: noarch Summary: Production-Grade Container Scheduling and Management @@ -68,8 +68,8 @@ echo "ERROR: File not found $file" exit -1 fi - sed -e "s%image:[ ]*sles12/\(.*\):%image: %{_base_image}/\1:%g" -i $file - sed -e "s%image:[ ]*'sles12/\(.*\):%image: '%{_base_image}/\1:%g" -i $file + sed -e "s|image:[ ]*sles12/\(.*\):|image: %{_base_image}/\1:|g" -i $file + sed -e "s|image:[ ]*'sles12/\(.*\):|image: '%{_base_image}/\1:|g" -i $file done %files ++++++ master.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/packaging/suse/make_spec.sh new/salt-master/packaging/suse/make_spec.sh --- old/salt-master/packaging/suse/make_spec.sh 2018-02-02 10:42:57.000000000 +0100 +++ new/salt-master/packaging/suse/make_spec.sh 2018-02-05 17:51:16.000000000 +0100 @@ -90,8 +90,8 @@ echo "ERROR: File not found \$file" exit -1 fi - sed -e "s%image:[ ]*sles12/\(.*\):%image: %{_base_image}/\1:%g" -i \$file - sed -e "s%image:[ ]*'sles12/\(.*\):%image: '%{_base_image}/\1:%g" -i \$file + sed -e "s|image:[ ]*sles12/\(.*\):|image: %{_base_image}/\1:|g" -i \$file + sed -e "s|image:[ ]*'sles12/\(.*\):|image: '%{_base_image}/\1:|g" -i \$file done %files diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/pillar/cni.sls new/salt-master/pillar/cni.sls --- old/salt-master/pillar/cni.sls 2018-02-02 10:42:57.000000000 +0100 +++ new/salt-master/pillar/cni.sls 2018-02-05 17:51:16.000000000 +0100 @@ -1,6 +1,6 @@ # the flannel backend ('udp', 'vxlan', 'host-gw', etc) flannel: - image: 'sles12/flannel:1.0.0' + image: 'sles12/flannel:0.9.1' backend: 'vxlan' # UDP seems to be near end of life (https://github.com/coreos/flannel/pull/786) # log level for flanneld service # 0 - Generally useful for this to ALWAYS be visible to an operator. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_macros/kubectl.jinja new/salt-master/salt/_macros/kubectl.jinja --- old/salt-master/salt/_macros/kubectl.jinja 2018-02-02 10:42:57.000000000 +0100 +++ new/salt-master/salt/_macros/kubectl.jinja 2018-02-05 17:51:16.000000000 +0100 @@ -39,6 +39,10 @@ - check_cmd: - {{ kwargs['check_cmd'] }} {%- endif %} +{%- if 'onlyif' in kwargs %} + - onlyif: + - {{ kwargs['onlyif'] }} +{%- endif %} {%- endmacro %} ##################################################################### diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/dns/init.sls new/salt-master/salt/addons/dns/init.sls --- old/salt-master/salt/addons/dns/init.sls 2018-02-02 10:42:57.000000000 +0100 +++ new/salt-master/salt/addons/dns/init.sls 2018-02-05 17:51:16.000000000 +0100 @@ -10,11 +10,10 @@ "/etc/kubernetes/addons/kubedns.yaml", check_cmd="kubectl get deploy kube-dns -n kube-system | grep kube-dns") }} -{{ kubectl("create-dns-clusterrolebinding", - "create clusterrolebinding system:kube-dns --clusterrole=cluster-admin --serviceaccount=kube-system:default", - unless="kubectl get clusterrolebindings | grep kube-dns", - check_cmd="kubectl get clusterrolebindings | grep kube-dns", - watch=["/etc/kubernetes/addons/kubedns.yaml"]) }} +# TODO: Transitional code, remove for CaaSP v4 +{{ kubectl("remove-old-kube-dns-clusterrolebinding", + "delete clusterrolebinding system:kube-dns", + onlyif="kubectl get clusterrolebinding system:kube-dns") }} {% else %} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/dns/kubedns.yaml.jinja new/salt-master/salt/addons/dns/kubedns.yaml.jinja --- old/salt-master/salt/addons/dns/kubedns.yaml.jinja 2018-02-02 10:42:57.000000000 +0100 +++ new/salt-master/salt/addons/dns/kubedns.yaml.jinja 2018-02-05 17:51:16.000000000 +0100 @@ -1,4 +1,28 @@ -apiVersion: extensions/v1beta1 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kube-dns + namespace: kube-system + labels: + kubernetes.io/cluster-service: "true" + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: suse:caasp:kube-dns +subjects: +- kind: ServiceAccount + name: kube-dns + namespace: kube-system +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: apps/v1beta2 kind: Deployment metadata: name: kube-dns @@ -174,12 +198,3 @@ metadata: name: kube-dns namespace: kube-system - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kube-dns - namespace: kube-system - labels: - kubernetes.io/cluster-service: "true" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/tiller/init.sls new/salt-master/salt/addons/tiller/init.sls --- old/salt-master/salt/addons/tiller/init.sls 2018-02-02 10:42:57.000000000 +0100 +++ new/salt-master/salt/addons/tiller/init.sls 2018-02-05 17:51:16.000000000 +0100 @@ -8,13 +8,17 @@ {{ kubectl_apply_template("salt://addons/tiller/tiller.yaml.jinja", "/etc/kubernetes/addons/tiller.yaml", - check_cmd="kubectl get deploy tiller -n kube-system | grep tiller") }} + check_cmd="kubectl get deploy tiller-deploy -n kube-system | grep tiller-deploy") }} -{{ kubectl("create-tiller-clusterrolebinding", - "create clusterrolebinding system:tiller --clusterrole=cluster-admin --serviceaccount=kube-system:tiller", - unless="kubectl get clusterrolebindings | grep tiller", - check_cmd="kubectl get clusterrolebindings | grep tiller", - watch=["/etc/kubernetes/addons/tiller.yaml"]) }} +# TODO: Transitional code, remove for CaaSP v4 +{{ kubectl("remove-old-tiller-clusterrolebinding", + "delete clusterrolebinding system:tiller", + onlyif="kubectl get clusterrolebinding system:tiller") }} + +# TODO: Transitional code, remove for CaaSP v4 +{{ kubectl("remove-old-tiller-deployment", + "delete deploy tiller -n kube-system", + onlyif="kubectl get deploy tiller -n kube-system") }} {% else %} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/tiller/tiller.yaml.jinja new/salt-master/salt/addons/tiller/tiller.yaml.jinja --- old/salt-master/salt/addons/tiller/tiller.yaml.jinja 2018-02-02 10:42:57.000000000 +0100 +++ new/salt-master/salt/addons/tiller/tiller.yaml.jinja 2018-02-05 17:51:16.000000000 +0100 @@ -1,4 +1,28 @@ -apiVersion: extensions/v1beta1 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tiller + namespace: kube-system + labels: + kubernetes.io/cluster-service: "true" + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: suse:caasp:tiller +subjects: +- kind: ServiceAccount + name: tiller + namespace: kube-system +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: apps/v1beta2 kind: Deployment metadata: creationTimestamp: null @@ -6,9 +30,13 @@ app: helm name: tiller kubernetes.io/cluster-service: "true" - name: tiller + name: tiller-deploy namespace: kube-system spec: + selector: + matchLabels: + app: helm + name: tiller strategy: {} template: metadata: @@ -73,12 +101,3 @@ type: ClusterIP status: loadBalancer: {} - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tiller - namespace: kube-system - labels: - kubernetes.io/cluster-service: "true" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/cni/init.sls new/salt-master/salt/cni/init.sls --- old/salt-master/salt/cni/init.sls 2018-02-02 10:42:57.000000000 +0100 +++ new/salt-master/salt/cni/init.sls 2018-02-05 17:51:16.000000000 +0100 @@ -48,4 +48,3 @@ - file: /etc/kubernetes/addons/kube-flannel-rbac.yaml {% endif %} - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/cni/kube-flannel-rbac.yaml.jinja new/salt-master/salt/cni/kube-flannel-rbac.yaml.jinja --- old/salt-master/salt/cni/kube-flannel-rbac.yaml.jinja 2018-02-02 10:42:57.000000000 +0100 +++ new/salt-master/salt/cni/kube-flannel-rbac.yaml.jinja 2018-02-05 17:51:16.000000000 +0100 @@ -3,12 +3,13 @@ kind: ServiceAccount metadata: name: flannel - namespace: "kube-system" + namespace: kube-system + --- kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: flannel + name: suse:caasp:flannel rules: - apiGroups: - "" @@ -29,16 +30,17 @@ - nodes/status verbs: - patch + --- kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: flannel + name: suse:caasp:flannel roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: flannel + name: suse:caasp:flannel subjects: - kind: ServiceAccount name: flannel - namespace: "kube-system" + namespace: kube-system diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/cni/kube-flannel.yaml.jinja new/salt-master/salt/cni/kube-flannel.yaml.jinja --- old/salt-master/salt/cni/kube-flannel.yaml.jinja 2018-02-02 10:42:57.000000000 +0100 +++ new/salt-master/salt/cni/kube-flannel.yaml.jinja 2018-02-05 17:51:16.000000000 +0100 @@ -50,7 +50,7 @@ } } --- -apiVersion: extensions/v1beta1 +apiVersion: apps/v1beta2 kind: DaemonSet metadata: name: kube-flannel @@ -59,6 +59,10 @@ tier: node k8s-app: flannel spec: + selector: + matchLabels: + tier: node + k8s-app: flannel template: metadata: labels: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/cni/update-pre-reboot.sls new/salt-master/salt/cni/update-pre-reboot.sls --- old/salt-master/salt/cni/update-pre-reboot.sls 2018-02-02 10:42:57.000000000 +0100 +++ new/salt-master/salt/cni/update-pre-reboot.sls 2018-02-05 17:51:16.000000000 +0100 @@ -7,10 +7,10 @@ service.disabled: - name: flanneld -remove-flannel-unit: +remove-flannel-files-1: file.absent: - - name: /usr/lib/systemd/system/docker.service.d/flannel.conf + - name: /run/flannel/docker -remove-flannel-subnets: +remove-flannel-files-2: file.absent: - name: /var/run/flannel diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/dex/dex.yaml new/salt-master/salt/dex/dex.yaml --- old/salt-master/salt/dex/dex.yaml 2018-02-02 10:42:57.000000000 +0100 +++ new/salt-master/salt/dex/dex.yaml 2018-02-05 17:51:16.000000000 +0100 @@ -9,9 +9,9 @@ --- # Map the LDAP Administrators role to the Kubernetes system:masters group kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: system:dex + name: suse:caasp:dex subjects: - kind: ServiceAccount name: dex @@ -77,7 +77,7 @@ name: "CaaSP CLI" secret: "swac7qakes7AvucH8bRucucH" --- -apiVersion: extensions/v1beta1 +apiVersion: apps/v1beta2 kind: Deployment metadata: labels: @@ -86,6 +86,9 @@ name: dex namespace: kube-system spec: + selector: + matchLabels: + app: dex replicas: 3 template: metadata: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/dex/init.sls new/salt-master/salt/dex/init.sls --- old/salt-master/salt/dex/init.sls 2018-02-02 10:42:57.000000000 +0100 +++ new/salt-master/salt/dex/init.sls 2018-02-05 17:51:16.000000000 +0100 @@ -31,6 +31,26 @@ "/root/roles.yaml", watch=["dex_secrets", "/root/dex.yaml"]) }} +# TODO: Transitional code, remove for CaaSP v4 +{{ kubectl("remove-old-find-dex-role", + "delete role find-dex -n kube-system", + onlyif="kubectl get role find-dex -n kube-system") }} + +# TODO: Transitional code, remove for CaaSP v4 +{{ kubectl("remove-old-find-dex-rolebinding", + "delete rolebinding find-dex -n kube-system", + onlyif="kubectl get rolebinding find-dex -n kube-system") }} + +# TODO: Transitional code, remove for CaaSP v4 +{{ kubectl("remove-old-administrators-in-ldap-clusterrolebinding", + "delete clusterrolebinding administrators-in-ldap", + onlyif="kubectl get clusterrolebinding administrators-in-ldap") }} + +# TODO: Transitional code, remove for CaaSP v4 +{{ kubectl("remove-old-dex-clusterrolebinding", + "delete clusterrolebinding system:dex", + onlyif="kubectl get clusterrolebinding system:dex") }} + ensure_dex_running: # Wait until the Dex API is actually up and running http.wait_for_successful_query: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/dex/roles.yaml new/salt-master/salt/dex/roles.yaml --- old/salt-master/salt/dex/roles.yaml 2018-02-02 10:42:57.000000000 +0100 +++ new/salt-master/salt/dex/roles.yaml 2018-02-05 17:51:16.000000000 +0100 @@ -3,9 +3,9 @@ # any time. It will be in a different location in a # cloud provider environment. kind: Role -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: find-dex + name: suse:caasp:read-dex-service namespace: kube-system rules: - apiGroups: [""] @@ -16,9 +16,9 @@ # Allow any authenticated *or* unauthenticated # user to look up Dex's service entry kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: find-dex + name: suse:caasp:read-dex-service namespace: kube-system subjects: - kind: Group @@ -29,14 +29,14 @@ apiGroup: rbac.authorization.k8s.io roleRef: kind: Role - name: find-dex + name: suse:caasp:read-dex-service apiGroup: rbac.authorization.k8s.io --- # Map the LDAP Administrators role to the Kubernetes system:masters group kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: administrators-in-ldap + name: suse:caasp:ldap-administrators subjects: - kind: Group name: "{{ pillar['ldap']['admin_group_name'] }}"
