Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-10-29 14:21:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubernetes-salt" Mon Oct 29 14:21:07 2018 rev:35 rq:644679 version:4.0.0+git_r937_e9764fe Changes: -------- --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-10-18 15:38:06.950175908 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-10-29 14:58:23.921972167 +0100 @@ -1,0 +2,21 @@ +Thu Oct 18 14:42:24 UTC 2018 - [email protected] + +- Commit 0d75b49 by Florian Bergmann [email protected] + Use the registry configuration mapped from the host node. + + +------------------------------------------------------------------- +Thu Oct 18 12:55:40 UTC 2018 - [email protected] + +- Commit 641ab4e by Ludovic Cavajani [email protected] + rename aggregator to proxy-client + + Signed-off-by: Ludovic Cavajani <[email protected]> + + Commit 081d260 by Ludovic Cavajani [email protected] + bsc#1108195 Aggregation layer needs configuration + + Signed-off-by: Ludovic Cavajani <[email protected]> + + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kubernetes-salt.spec ++++++ --- /var/tmp/diff_new_pack.4P5sQ2/_old 2018-10-29 14:58:24.561973337 +0100 +++ /var/tmp/diff_new_pack.4P5sQ2/_new 2018-10-29 14:58:24.561973337 +0100 @@ -33,7 +33,7 @@ Name: kubernetes-salt %define gitrepo salt -Version: 4.0.0+git_r932_c4914f4 +Version: 4.0.0+git_r937_e9764fe Release: 0 BuildArch: noarch Summary: Production-Grade Container Scheduling and Management ++++++ master.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/pillar/certificates.sls new/salt-master/pillar/certificates.sls --- old/salt-master/pillar/certificates.sls 2018-10-10 17:39:29.000000000 +0200 +++ new/salt-master/pillar/certificates.sls 2018-10-18 16:46:15.000000000 +0200 @@ -40,6 +40,9 @@ kube_apiserver_key: '/etc/pki/kube-apiserver.key' kube_apiserver_crt: '/etc/pki/kube-apiserver.crt' + kube_apiserver_proxy_client_key: '/etc/pki/kube-apiserver-proxy-client.key' + kube_apiserver_proxy_client_crt: '/etc/pki/kube-apiserver-proxy-client.crt' + kube_apiserver_proxy_key: '/etc/pki/private/kube-apiserver-proxy.key' kube_apiserver_proxy_crt: '/etc/pki/kube-apiserver-proxy.crt' kube_apiserver_proxy_bundle: '/etc/pki/private/kube-apiserver-proxy-bundle.pem' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_modules/caasp_registry.py new/salt-master/salt/_modules/caasp_registry.py --- old/salt-master/salt/_modules/caasp_registry.py 2018-10-10 17:39:29.000000000 +0200 +++ new/salt-master/salt/_modules/caasp_registry.py 2018-10-18 16:46:15.000000000 +0200 @@ -9,29 +9,49 @@ - use_registry_images: True if registry images should be used. - base_image_url: prefix for the container-images: <prefix>/<image>:<tag> """ -import sys +import yaml UNKNOWN_VERSION = (0, 0) +REGISTRY_CONFIGURATION_PATH = "/usr/share/caasp-container-manifests/config/registry/registry-config.yaml" def __virtual__(): return "caasp_registry" +def _registry_config(): + registry_config = { + "use_registry": False, + "host": "", + "namespace": "" + } + try: + with open(REGISTRY_CONFIGURATION_PATH) as config: + try: + registry_config = yaml.safe_load(config) + except yaml.YAMLError: + __utils__['caasp_log.warn']("Could not load registry configuration at %s", + REGISTRY_CONFIGURATION_PATH) + except IOError: + __utils__['caasp_log.warn']("Could not read registry configuration file: %s", + REGISTRY_CONFIGURATION_PATH) + return registry_config + + def _use_registry_images(): """Return whether registry or packaged images are used.""" - return False if sys.version_info < (3,) else True + return _registry_config()["use_registry"] def _registry(): """Registry to download images from.""" - return "registry.suse.de" + return _registry_config()["host"] def _namespace(): """Base namespace the images can be found in the registry""" - return "devel/casp/3.0/controllernode/images_container_base/sles12" + return _registry_config()["namespace"] def caasp_version(): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/kube-apiserver/apiserver.jinja new/salt-master/salt/kube-apiserver/apiserver.jinja --- old/salt-master/salt/kube-apiserver/apiserver.jinja 2018-10-10 17:39:29.000000000 +0200 +++ new/salt-master/salt/kube-apiserver/apiserver.jinja 2018-10-18 16:46:15.000000000 +0200 @@ -54,6 +54,8 @@ --requestheader-group-headers=X-Remote-Group \ --requestheader-extra-headers-prefix=X-Remote-Extra \ --requestheader-client-ca-file={{ pillar['ssl']['ca_file'] }} \ + --proxy-client-cert-file={{ pillar['ssl']['kube_apiserver_proxy_client_crt'] }} \ + --proxy-client-key-file={{ pillar['ssl']['kube_apiserver_proxy_client_key'] }} \ --storage-backend={{ pillar['api']['etcd_version'] }} \ --storage-media-type=application/json \ --service-account-key-file={{ pillar['paths']['service_account_key'] }} \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/kube-apiserver/init.sls new/salt-master/salt/kube-apiserver/init.sls --- old/salt-master/salt/kube-apiserver/init.sls 2018-10-10 17:39:29.000000000 +0200 +++ new/salt-master/salt/kube-apiserver/init.sls 2018-10-18 16:46:15.000000000 +0200 @@ -12,6 +12,13 @@ cn = grains['nodename'], o = pillar['certificate_information']['subject_properties']['O']) }} +{% from '_macros/certs.jinja' import certs with context %} +{{ certs("kube-apiserver-proxy-client", + pillar['ssl']['kube_apiserver_proxy_client_crt'], + pillar['ssl']['kube_apiserver_proxy_client_key'], + cn = grains['nodename'], + o = pillar['certificate_information']['subject_properties']['O']) }} + kube-apiserver: caasp_retriable.retry: - name: iptables-kube-apiserver
