commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2019-06-01 09:49:29 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new.5148 (New) Package is "kubernetes-salt" Sat Jun 1 09:49:29 2019 rev:38 rq:705961 version:4.0.0+git_r1024_6af85a7 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2019-02-02 21:48:46.144005777 +0100 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new.5148/kubernetes-salt.changes 2019-06-01 09:49:30.539324097 +0200 @@ -1,0 +2,333 @@ +Wed Feb 27 14:35:04 UTC 2019 - Containers Team + +- Commit bb22844 by Alvaro Saurin alvaro.sau...@gmail.com + Synchronize everythihg before starting an orchestration. Replace all the + `mine.get` calls by the more compact `get_with_expr` function. + + bsc#1124784 + + Signed-off-by: Alvaro Saurin + + +--- +Fri Feb 22 15:50:20 UTC 2019 - Containers Team + +- Commit b0a79f7 by Nirmoy Das n...@suse.de + cilium: add repo for cilium + + Signed-off-by: Nirmoy Das + + +--- +Thu Feb 21 14:40:16 UTC 2019 - Containers Team + +- Commit 0fcce23 by Alvaro Saurin alvaro.sau...@gmail.com + When using file.managed, create a temporary file that is in /tmp instead of + using the same directory the target file is. This fixes some problems with + programs/daemons that could be monitoring that directory. + + bsc#1123716 + + Signed-off-by: Alvaro Saurin + + +--- +Thu Feb 21 11:38:23 UTC 2019 - Containers Team + +- Commit e49af82 by Markos Chandras mchand...@suse.de + Jenkinsfile: Update repository information for jenkins-library + + +--- +Thu Feb 21 09:26:36 UTC 2019 - Containers Team + +- Commit 1e20516 by Florian Bergmann fbergm...@suse.de + Add a dummy state to not have an empty state in an orchestration + + This is a workaround for https://github.com/saltstack/salt/issues/14553 when + upgrading crio 1.9 to 1.10. + + +--- +Wed Feb 20 17:48:50 UTC 2019 - Containers Team + +- Commit c67d8f9 by dmaiocchi dmaioc...@suse.com + Improve states stability + + - caasp_etcd.healthy function can fail even if the etcd cluster is + healty: adding a retry is better solution for avoding false-failure + during orchs. + + - add caasp_service for kubeapi-server.service, with this we are + checking 10 times that the service is running in a row. + ( having service.running only can cause false failures) + + - fixed some indentation around states. + + +--- +Wed Feb 20 15:40:52 UTC 2019 - Containers Team + +- Commit 9c06818 by Florian Bergmann fbergm...@suse.de + Use iteritems from six import for python2/3 compatibility. + + Fixes bsc#1123497 + + Commit 1b21219 by Florian Bergmann fbergm...@suse.de + Fix python3 iteration over dictionary. + + In python3 python prevents modifying the dictionary that is iterated over. + + Instead of modifying the dictionary a new one is constructed instead. + + Fixes bsc#1123497 + + +--- +Wed Feb 20 11:16:23 UTC 2019 - Containers Team + +- Commit 78435fc by Jordi Massaguer Pla jmassaguer...@suse.de + use caasp v4 images from SUSE Registry + + +--- +Tue Feb 19 16:58:55 UTC 2019 - Containers Team + +- Commit b3b4568 by Markos Chandras mchand...@suse.de + Jenkinsfile: Switch to dynamic library fetching and drop branch + + Instead of having the library hardcoded to Jenkins master, we can fetch it + dynamically. We also drop the usage of library branches since it does not + make sense to maintain such a thing in the CI. The master branch should be + able to handle both development and release branches. + + +--- +Tue Feb 19 16:34:10 UTC 2019 - Containers Team + +- Commit 4280cf4 by Maximilian Meister mmeis...@suse.de + update critical pod configuration + + https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ + + bsc#1122783 + + Signed-off-by: Maximilian Meister + + +--- +Tue Feb 19 08:59:02 UTC 2019 - Containers Team + +- Commit 32d6dbe by Maximilian Meister mmeis...@suse.de + [bsc#1125095] deployment timeout not correctly configured + + instead of setting the timeout we were only setting the retries which causes + the timeout to be prolonged too m
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2019-02-02 21:48:44 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new.28833 (New) Package is "kubernetes-salt" Sat Feb 2 21:48:44 2019 rev:37 rq:669475 version:4.0.0+git_r967_4dfc00f Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-12-04 20:58:42.160562233 +0100 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new.28833/kubernetes-salt.changes 2019-02-02 21:48:46.144005777 +0100 @@ -1,0 +2,39 @@ +Mon Jan 28 15:52:22 UTC 2019 - Containers Team + +- Commit a42b893 by Rafael Fernández López eresli...@ereslibre.es + Use `jenkins-tox-container` image instead of `jenkins-tox3-container` image. + + Maintenance update 9039 on opensuse increased `pluggy` version to 0.6.0. This + rendered `python3-tox` unusable with that pluggy version, as the current + version in OBS requires `pluggy` (pluggy>=0.3.0,<0.4.0). + + Since this is making salt pipelines fail we are including the `python3` + environment on the regular `jenkins-tox-container`. + + [1] https://build.suse.de/request/show/182868 + + +--- +Wed Jan 16 17:02:59 UTC 2019 - Containers Team + +- Commit 0da4671 by Danny Sauer dsa...@suse.com + Minor cleanup for flake8 + + Minor changes to fix flake8 warnings + - use raw strings in regex methods + - inline-suppress an incorrect unused variable warning + - update to flake8 version 3.6.0 + - switch flake8 config to use new extend-ignore option ("ignore" is an + exclusive list, so overrides the default ignored list) + + +--- +Wed Jan 16 16:08:02 UTC 2019 - Containers Team + +- Commit 98c8b40 by Maximilian Meister mmeis...@suse.de + in python3 strings need to be decoded from binary objects + + Signed-off-by: Maximilian Meister + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.eEQ6K6/_old 2019-02-02 21:48:46.936005091 +0100 +++ /var/tmp/diff_new_pack.eEQ6K6/_new 2019-02-02 21:48:46.940005088 +0100 @@ -1,7 +1,7 @@ # # spec file for package kubernetes-salt # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -33,7 +33,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:4.0.0+git_r961_7c23cdf +Version:4.0.0+git_r967_4dfc00f Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/Jenkinsfile.tests new/salt-master/Jenkinsfile.tests --- old/salt-master/Jenkinsfile.tests 2018-12-03 15:16:24.0 +0100 +++ new/salt-master/Jenkinsfile.tests 2019-01-28 16:51:16.0 +0100 @@ -26,7 +26,7 @@ ), containerTemplate( name: 'tox3', -image: 'registry.suse.de/devel/casp/ci/opensuse_leap_42.3_containers/jenkins-tox3-container:latest', +image: 'registry.suse.de/devel/casp/ci/opensuse_leap_42.3_containers/jenkins-tox-container:latest', alwaysPullImage: true, ttyEnabled: true, command: 'cat', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_modules/caasp_etcd.py new/salt-master/salt/_modules/caasp_etcd.py --- old/salt-master/salt/_modules/caasp_etcd.py 2018-12-03 15:16:24.0 +0100 +++ new/salt-master/salt/_modules/caasp_etcd.py 2019-01-28 16:51:16.0 +0100 @@ -1,5 +1,7 @@ from __future__ import absolute_import +from salt.ext import six + import re import subprocess @@ -475,11 +477,11 @@ result = {'active': [], 'unstarted': []} etcdctl_output = etcdctl(["member", "list"]) if api_version() == 'etcd2': -etcdctl_output_active_matcher = re.compile('([^:]+):\s+name=([^\s]+)\s+peerURLs=([^\s]+)\s+clientURLs=([^\s]+)') -etcdctl_output_unstarted_matcher = re.compile('([^\[]+)\[unstarted\]:\s+peerURLs=([^\s]+)') +etcdctl_output_active_matcher = re.compile(r'([^:]+):\s+name=([^\s]+)\s+peerURLs=([^\s]+)\s+clientURLs=([^\s]+)') +etcdctl_output_unstarted_matcher = re.compile(r'([^\[]+)\[unstarted\]:\s+peerURLs=([^\s]+)') else: -etcdctl_output_active_
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-12-04 20:58:36 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new.19453 (New) Package is "kubernetes-salt" Tue Dec 4 20:58:36 2018 rev:36 rq:653886 version:4.0.0+git_r961_7c23cdf Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-10-29 14:58:23.921972167 +0100 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new.19453/kubernetes-salt.changes 2018-12-04 20:58:42.160562233 +0100 @@ -1,0 +2,153 @@ +Tue Dec 4 10:09:07 UTC 2018 - Containers Team + +- Commit 99a0d11 by Maximilian Meister mmeis...@suse.de + Added migration orchestration. + + This orchestration will run transactional-update salt migration to change the + cluster to a new channel. + + bsc#1109785 + + Signed-off-by: Maximilian Meister + + +--- +Mon Nov 19 08:55:20 UTC 2018 - containers-bugow...@suse.de + +- Commit bf5feaa by Florian Bergmann fbergm...@suse.de + Use the correct key to access the etcd_version from pillars + + Commit 962a830 by Florian Bergmann fbergm...@suse.de + Only add a new etcd member if no alias is already a member + + When adding a new member to etcd, it might happen that it is already part of + the cluster using one of the aliases - when migrating from v2 to v3 it seems + common that the default nodename changes. + + If this is the case it should not be added again with the new nodename, as + one node can not have 2 etcd members. + + +--- +Fri Nov 16 12:15:13 UTC 2018 - containers-bugow...@suse.de + +- Commit 97f9dab by emilianolangella emiliano.lange...@suse.com + Fix bsc#1116005: Dex pods should run only on master nodes + + Dex pods should run only on master nodes due to firewall/security policies + that could be applied to workers nodes. + + +--- +Thu Nov 15 17:46:08 UTC 2018 - containers-bugow...@suse.de + +- Commit 11c82a5 by Maximilian Meister mmeis...@suse.de + don't run haproxy states when not really needed + + in case of a kubernetes update from 1.9 to 1.10 we can't afford to stop + kubernetes through the haproxy states, because it will not be able to restart + as the --config file flag has changed between those releases + + the update orchestration fails in the sanity check of the state + all-workers-3.0-pre-clean-shutdown because the new kubelet configuration is + already applied, but the old kubernetes version is still running before the + reboot + + This is a corner case and our other states would have to be adapted as well + to re-run configs when a node gets accidentally rebooted and the config + hasn't been applied yet. + + Furthermore this is only an issue coming from v2 during migration to v3 - so + the case that this happens is even rarer. + + Trying to run this state on each worker would require a check for + /etc/caasp/haproxy/haproxy.cfg to safely determine if it needs to be run or + not, but it is not possible to use salt runners with a target to determine if + this file exists on all worker nodes. + + salt.runners.salt.cmd doesn't accept targets salt.runners.salt.execute only + exists since salt2017.7.0 which might not be present yet for a user that + hasn't installed the salt upgrade yet. + + bsc#1114645 + + Signed-off-by: Maximilian Meister + + +--- +Thu Nov 15 12:18:47 UTC 2018 - containers-bugow...@suse.de + +- Commit b4c0474 by Michal Jura mj...@suse.com + Add log rotation options to docker daemon (bug#1114832) + + +--- +Thu Nov 15 08:52:28 UTC 2018 - containers-bugow...@suse.de + +- Commit b4c0474 by Michal Jura mj...@suse.com + Add log rotation options to docker daemon (bug#1114832) + + +--- +Thu Nov 8 16:55:28 UTC 2018 - containers-bugow...@suse.de + +- Commit 9ef0f58 by David Helkowski dhelkow...@suse.com + Add support for OIDC connectors to dex configmap + + +--- +Tue Nov 6 13:59:59 UTC 2018 - containers-bugow...@suse.de + +- Commit 793d856 by Rafael Fernández López eresli...@ereslibre.es + Add a whitelist for returned events so we only save events that we care about + + Fixes: bsc#1112967 + + +--- +Tue Oct 30 10:39:24 UTC 2018 - containers-bugow...@suse.de + +- Commit e501ce9 by Rafael Fernández López eresli...@ereslibre.es + Fix tests + + Commit 90423b6 by Rafael Fernández López eresli...
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-10-29 14:21:07 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Mon Oct 29 14:21:07 2018 rev:35 rq:644679 version:4.0.0+git_r937_e9764fe Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-10-18 15:38:06.950175908 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-10-29 14:58:23.921972167 +0100 @@ -1,0 +2,21 @@ +Thu Oct 18 14:42:24 UTC 2018 - containers-bugow...@suse.de + +- Commit 0d75b49 by Florian Bergmann fbergm...@suse.de + Use the registry configuration mapped from the host node. + + +--- +Thu Oct 18 12:55:40 UTC 2018 - containers-bugow...@suse.de + +- Commit 641ab4e by Ludovic Cavajani lcavaj...@suse.com + rename aggregator to proxy-client + + Signed-off-by: Ludovic Cavajani + + Commit 081d260 by Ludovic Cavajani lcavaj...@suse.com + bsc#1108195 Aggregation layer needs configuration + + Signed-off-by: Ludovic Cavajani + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.4P5sQ2/_old 2018-10-29 14:58:24.561973337 +0100 +++ /var/tmp/diff_new_pack.4P5sQ2/_new 2018-10-29 14:58:24.561973337 +0100 @@ -33,7 +33,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:4.0.0+git_r932_c4914f4 +Version:4.0.0+git_r937_e9764fe Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/pillar/certificates.sls new/salt-master/pillar/certificates.sls --- old/salt-master/pillar/certificates.sls 2018-10-10 17:39:29.0 +0200 +++ new/salt-master/pillar/certificates.sls 2018-10-18 16:46:15.0 +0200 @@ -40,6 +40,9 @@ kube_apiserver_key: '/etc/pki/kube-apiserver.key' kube_apiserver_crt: '/etc/pki/kube-apiserver.crt' + kube_apiserver_proxy_client_key: '/etc/pki/kube-apiserver-proxy-client.key' + kube_apiserver_proxy_client_crt: '/etc/pki/kube-apiserver-proxy-client.crt' + kube_apiserver_proxy_key: '/etc/pki/private/kube-apiserver-proxy.key' kube_apiserver_proxy_crt: '/etc/pki/kube-apiserver-proxy.crt' kube_apiserver_proxy_bundle: '/etc/pki/private/kube-apiserver-proxy-bundle.pem' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_modules/caasp_registry.py new/salt-master/salt/_modules/caasp_registry.py --- old/salt-master/salt/_modules/caasp_registry.py 2018-10-10 17:39:29.0 +0200 +++ new/salt-master/salt/_modules/caasp_registry.py 2018-10-18 16:46:15.0 +0200 @@ -9,29 +9,49 @@ - use_registry_images: True if registry images should be used. - base_image_url: prefix for the container-images: /: """ -import sys +import yaml UNKNOWN_VERSION = (0, 0) +REGISTRY_CONFIGURATION_PATH = "/usr/share/caasp-container-manifests/config/registry/registry-config.yaml" def __virtual__(): return "caasp_registry" +def _registry_config(): +registry_config = { +"use_registry": False, +"host": "", +"namespace": "" +} +try: +with open(REGISTRY_CONFIGURATION_PATH) as config: +try: +registry_config = yaml.safe_load(config) +except yaml.YAMLError: +__utils__['caasp_log.warn']("Could not load registry configuration at %s", +REGISTRY_CONFIGURATION_PATH) +except IOError: +__utils__['caasp_log.warn']("Could not read registry configuration file: %s", +REGISTRY_CONFIGURATION_PATH) +return registry_config + + def _use_registry_images(): """Return whether registry or packaged images are used.""" -return False if sys.version_info < (3,) else True +return _registry_config()["use_registry"] def _registry(): """Registry to download images from.""" -return "registry.suse.de" +return _registry_config()["host"] def _namespace(): """Base namespace the images can be found in the registry""" -return "devel/casp/3.0/controllernode/images_container_base/sles12" +return _registry_config()["namespace"] def caasp_version(): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/kube-apiserver/apis
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-10-18 15:37:55 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Thu Oct 18 15:37:55 2018 rev:34 rq:642690 version:4.0.0+git_r932_c4914f4 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-09-24 13:14:09.657613042 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-10-18 15:38:06.950175908 +0200 @@ -1,0 +2,138 @@ +Wed Oct 10 15:35:58 UTC 2018 - containers-bugow...@suse.de + +- Commit 842a528 by Florian Bergmann fbergm...@suse.de + Fix unittests by mocking the __utils__ dictionary of salt. + + Fix flake8 errors. + + Update flake8 configuration to contain __utils__ as builtin. + + Commit dfa86b1 by Florian Bergmann fbergm...@suse.de + Copy the dex configmap before running kubectl_appy_dir_template. + + Otherwise there can be a different ordering, in which the configmap file has + not been copied before the 20-deployment.yaml file is rendered by jinja. + + Commit 3c7e2ff by Florian Bergmann fbergm...@suse.de + Remove all pkg.installed statements. + + Given that caasp right now only runs on transactional-update servers, these + statements are useless - they can never install a package anyhow and will + only fail should the package not be installed already. + + Commit ccc3834 by Florian Bergmann fbergm...@suse.de + Cleanup shebang lines: remove unneeded ones, use python3 else. + + Commit 5fac8c1 by Florian Bergmann fbergm...@suse.de + Use a salt module to determine base_image_url used for images. + + Remove containerfeeder states, if registry images are used. + + Commit 15cb59d by Florian Bergmann fbergm...@suse.de + Synchronize grains on minion connect. + + Commit a73f3d4 by Alvaro Saurin alvaro.sau...@gmail.com + Fix caasp_hosts: use caasp_log utililty module instead of importing. + + Importing the module would break in python3. + + Commit d0371e9 by Florian Bergmann fbergm...@suse.de + Do not ignore etcd members if they were requested without id. + + Commit 95119a5 by Florian Bergmann fbergm...@suse.de + Fix Jinja filters for python3. + + - Dictionary accesses can no longer be indexed. + + - Neither values() nor keys() return a index-accessed datastructure in + python3: in Jinja this means having to use the 'first' filter instead to + access the first element. + + get_with_expr returns dict_keys() which don't implement __add__. + + Instead converting them to lists, where needed will allow concatenating + those. + + Commit 02fa037 by Florian Bergmann fbergm...@suse.de + Add the whole /usr/share/salt/kubernetes/salt folder as module_dir. + + Otherwise the _utils/caasp_log.py module will not be available in + orchestrations. + + Commit f77ab2f by Florian Bergmann fbergm...@suse.de + Use __utils__ to access the caasp_log utility module. + + This is required for python3: + https://docs.saltstack.com/en/latest/topics/utils/index.html + + Add caasp_log module to proxy the _utils module. + + This allows salt-states and templates to call the module still. + + +--- +Wed Oct 10 10:22:54 UTC 2018 - containers-bugow...@suse.de + +- Commit d1b7960 by Florian Bergmann fbergm...@suse.de + Fix bsc#168: Do not expect masters to always need to be updated + + If the masters already updated, but workers failed to update this state will + not have any minions to run on and fail if 'execpt_minions: false' is not + set. + + +--- +Wed Oct 10 08:15:19 UTC 2018 - containers-bugow...@suse.de + +- Commit 84a115f by Florian Bergmann fbergm...@suse.de + Changes has to be dictionary. + + When using a boolean it will fail the state in salt-2018.3.0. + + Commit 5bcafd2 by Alvaro Saurin alvaro.sau...@gmail.com + Generate the /etc/hosts file from a state, merging our entries with + previously found entries. + + bsc#1098334 + + +--- +Wed Oct 10 08:03:56 UTC 2018 - containers-bugow...@suse.de + +- Commit 5e37228 by Jordi Massaguer Pla jmassaguer...@suse.de + use sle12sp3 images from suse registry + + Signed-off-by: Jordi Massaguer Pla + + +--- +Wed Oct 3 08:53:38 UTC 2018 - containers-bugow...@suse.de + +- Commit 95c1980 by Rafael Fernández López eresli...@ereslibre.es + Always wait for haproxy to be serving requests before continuing. + + We could do the wait on the different places to avoid a generic piece like + haproxy having to wait for a specific component like the apiserver, but we + are already writing spe
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-09-24 13:14:07 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Mon Sep 24 13:14:07 2018 rev:33 rq:637413 version:4.0.0+git_r909_5fac5e3 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-09-14 00:02:19.897910621 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-09-24 13:14:09.657613042 +0200 @@ -289,0 +290 @@ + (fate#324601) Other differences: --
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-09-14 00:02:17 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Fri Sep 14 00:02:17 2018 rev:32 rq:635506 version:4.0.0+git_r909_5fac5e3 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-08-24 17:14:00.002777685 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-09-14 00:02:19.897910621 +0200 @@ -1,0 +2,9 @@ +Thu Sep 6 10:00:03 UTC 2018 - containers-bugow...@suse.de + +- Commit 5fee301 by Vicente Zepeda Mas vzepeda...@suse.com + Fix bsc#1099045 adds annotation to use docker/default seccomp profile + + Signed-off-by: Vicente Zepeda Mas + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.738Rb7/_old 2018-09-14 00:02:20.385910249 +0200 +++ /var/tmp/diff_new_pack.738Rb7/_new 2018-09-14 00:02:20.389910245 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:4.0.0+git_r907_3dca76e +Version:4.0.0+git_r909_5fac5e3 Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/dex/manifests/20-deployment.yaml new/salt-master/salt/addons/dex/manifests/20-deployment.yaml --- old/salt-master/salt/addons/dex/manifests/20-deployment.yaml 2018-08-17 12:03:10.0 +0200 +++ new/salt-master/salt/addons/dex/manifests/20-deployment.yaml 2018-09-06 12:02:12.0 +0200 @@ -5,6 +5,8 @@ labels: app: dex kubernetes.io/cluster-service: "true" + annotations: +seccomp.security.alpha.kubernetes.io/pod: docker/default name: dex namespace: kube-system spec: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/dns/manifests/20-deployment.yaml new/salt-master/salt/addons/dns/manifests/20-deployment.yaml --- old/salt-master/salt/addons/dns/manifests/20-deployment.yaml 2018-08-17 12:03:10.0 +0200 +++ new/salt-master/salt/addons/dns/manifests/20-deployment.yaml 2018-09-06 12:02:12.0 +0200 @@ -22,6 +22,7 @@ k8s-app: kube-dns annotations: scheduler.alpha.kubernetes.io/critical-pod: '' +seccomp.security.alpha.kubernetes.io/pod: docker/default spec: tolerations: - key: node-role.kubernetes.io/master diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/haproxy/haproxy.yaml.jinja new/salt-master/salt/haproxy/haproxy.yaml.jinja --- old/salt-master/salt/haproxy/haproxy.yaml.jinja 2018-08-17 12:03:10.0 +0200 +++ new/salt-master/salt/haproxy/haproxy.yaml.jinja 2018-09-06 12:02:12.0 +0200 @@ -8,6 +8,7 @@ name: haproxy annotations: scheduler.alpha.kubernetes.io/critical-pod: '' +seccomp.security.alpha.kubernetes.io/pod: docker/default spec: restartPolicy: Always hostNetwork: true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/migrations/2-3/haproxy/haproxy.yaml.jinja new/salt-master/salt/migrations/2-3/haproxy/haproxy.yaml.jinja --- old/salt-master/salt/migrations/2-3/haproxy/haproxy.yaml.jinja 2018-08-17 12:03:10.0 +0200 +++ new/salt-master/salt/migrations/2-3/haproxy/haproxy.yaml.jinja 2018-09-06 12:02:12.0 +0200 @@ -8,6 +8,7 @@ name: haproxy annotations: scheduler.alpha.kubernetes.io/critical-pod: '' +seccomp.security.alpha.kubernetes.io/pod: docker/default spec: restartPolicy: Always hostNetwork: true
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-07-27 10:55:40 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Fri Jul 27 10:55:40 2018 rev:30 rq:624696 version:4.0.0+git_r867_94b4e90 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-07-13 10:21:36.354473730 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-07-27 10:55:44.477589058 +0200 @@ -1,0 +2,16 @@ +Thu Jul 19 10:13:46 UTC 2018 - containers-bugow...@suse.de + +- Commit c02c3ec by Michal Jura mj...@suse.com + Move deprecated flags to kubelet config.yaml + + +--- +Mon Jul 16 07:14:58 UTC 2018 - containers-bugow...@suse.de + +- Commit f0a0ac1 by Rafael Fernández López eresli...@ereslibre.es + Batch potentially dangerous and massive operations. + + Fixes: bsc#1101124 + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.2svNXR/_old 2018-07-27 10:55:44.909589885 +0200 +++ /var/tmp/diff_new_pack.2svNXR/_new 2018-07-27 10:55:44.909589885 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:4.0.0+git_r863_5c11a33 +Version:4.0.0+git_r867_94b4e90 Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/kubelet/init.sls new/salt-master/salt/kubelet/init.sls --- old/salt-master/salt/kubelet/init.sls 2018-07-12 09:57:10.0 +0200 +++ new/salt-master/salt/kubelet/init.sls 2018-07-19 12:15:26.0 +0200 @@ -25,7 +25,7 @@ pillar['ssl']['kubelet_key'], o = 'system:nodes') }} -kubelet-config: +kubeconfig: file.managed: - name: {{ pillar['paths']['kubelet_config'] }} - source: salt://kubeconfig/kubeconfig.jinja @@ -53,6 +53,14 @@ - dir_mode: 755 - makedirs: True +kubelet-config: + file.managed: +- name: /etc/kubernetes/kubelet-config.yaml +- source: salt://kubelet/kubelet-config.jinja +- template: jinja +- require: + - sls:kubernetes-common + kubelet: pkg.installed: - pkgs: @@ -70,6 +78,7 @@ - enable: True - watch: - file: /etc/kubernetes/config + - kubeconfig - kubelet-config - file: kubelet {% if salt.caasp_pillar.get('cloud:provider') == 'openstack' %} @@ -80,6 +89,7 @@ - require: - file: /etc/kubernetes/manifests - file: /etc/kubernetes/kubelet-initial + - kubeconfig - kubelet-config - cmd: unmount-swaps caasp_retriable.retry: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/kubelet/kubelet-config.jinja new/salt-master/salt/kubelet/kubelet-config.jinja --- old/salt-master/salt/kubelet/kubelet-config.jinja 1970-01-01 01:00:00.0 +0100 +++ new/salt-master/salt/kubelet/kubelet-config.jinja 2018-07-19 12:15:26.0 +0200 @@ -0,0 +1,59 @@ +kind: KubeletConfiguration +apiVersion: kubelet.config.k8s.io/v1beta1 +staticPodPath: "/etc/kubernetes/manifests" +syncFrequency: 1m0s +fileCheckFrequency: 20s +httpCheckFrequency: 20s +address: 0.0.0.0 +port: {{ pillar['kubelet']['port'] }} +tlsCertFile: "{{ pillar['ssl']['kubelet_crt'] }}" +tlsPrivateKeyFile: "{{ pillar['ssl']['kubelet_key'] }}" +authentication: + x509: +clientCAFile: "{{ pillar['ssl']['ca_file'] }}" + webhook: +enabled: false +cacheTTL: 2m0s + anonymous: +enabled: true +authorization: + mode: AlwaysAllow + webhook: +cacheAuthorizedTTL: 5m0s +cacheUnauthorizedTTL: 30s +healthzPort: 10248 +healthzBindAddress: 127.0.0.1 +clusterDomain: {{ pillar['dns']['domain'] }} +clusterDNS: + - {{ pillar['dns']['cluster_ip'] }} +nodeStatusUpdateFrequency: 10s +cgroupRoot: "/" +cgroupsPerQOS: true +cgroupDriver: cgroupfs +cpuManagerPolicy: none +cpuManagerReconcilePeriod: 10s +runtimeRequestTimeout: 2m0s +maxPods: 110 +podPidsLimit: -1 +resolvConf: "/etc/resolv.conf" +cpuCFSQuota: true +maxOpenFiles: 100 +contentType: application/vnd.kubernetes.protobuf +serializeImagePulls: true +evictionHard: + imagefs.available: 15% + memory.available: 100Mi + nodefs.available: 10% + nodefs.inodesFree: 5% +evictionPressureTransitionPeriod: 5m0s +enableControllerAttachDetach: true +makeIPTablesUtilChains: true +iptablesMasquerad
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-07-13 10:21:35 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Fri Jul 13 10:21:35 2018 rev:29 rq:622262 version:4.0.0+git_r863_5c11a33 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-06-27 10:20:37.537778059 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-07-13 10:21:36.354473730 +0200 @@ -1,0 +2,70 @@ +Thu Jul 12 07:56:05 UTC 2018 - containers-bugow...@suse.de + +- Commit d03c2fa by Rafael Fernández López eresli...@ereslibre.es + Add haproxy migration sls to apply during upgrade + + During an upgrade from 2.0 to 3.0, workers will lose communication with the + apiservers on the master nodes because of an auth change. After we have + applied all the master nodes, and before we start looping over the workers, + apply haproxy system-wide on all the workers, allowing their haproxy to + update its configuration, thus, being able to authenticate against the + apiservers again. + + This patch includes a new tree structure, meant to be destroyed between + versions, but that allows to not poison the main structure of states with + transient migration logic. The structure is as follows: + + - migrations + - - + - overriden-sls/* + - * (direct actions that can spawn other migration tasks) + + Fixes: bsc#1100212 + + Commit f190a7a by Rafael Fernández López eresli...@ereslibre.es + Migrate all labels when renaming a node (builtin and user-defined labels). + + Fixes: bsc#1100891 + + Commit a7e1b72 by Rafael Fernández López eresli...@ereslibre.es + Only perform migrations on machines that are going to be updated. + + On an upgrade process we are going to perform different migrations; only + perform these migrations on machines that are part of the current subset of + machines to be updated. + + Fixes: bsc#1100115 + + +--- +Mon Jul 9 09:49:10 UTC 2018 - containers-bugow...@suse.de + +- Commit a609b3c by David Helkowski dhelkow...@suse.com + Add configmap from pillar data to dex ldap connectors + + +--- +Fri Jul 6 09:44:10 UTC 2018 - containers-bugow...@suse.de + +- Commit 8ded363 by Michal Jura mj...@suse.com + [CPI] Add option to ignore OpenStack Cinder availability zone, bsc#1095572 + + Ignore OpenStack Cinder avability zone when attaching volumes. When Nova and + Cinder have different availability zones, this should be set to true. Default + is false. + + +--- +Thu Jul 5 12:22:41 UTC 2018 - containers-bugow...@suse.de + +- Commit fd3507f by Kiall Mac Innes ki...@macinnes.ie + Stop kubelet before any other services + + Explicitly stop kubelet before any other services. If cri.stop is ran in + parallel to or before kubelet.stop, kubelet will be unable to successfully + drain. + + bsc#1085980 + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.3Qf5cu/_old 2018-07-13 10:21:38.086475803 +0200 +++ /var/tmp/diff_new_pack.3Qf5cu/_new 2018-07-13 10:21:38.086475803 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:4.0.0+git_r853_e2b520b +Version:4.0.0+git_r863_5c11a33 Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/pillar/params.sls new/salt-master/pillar/params.sls --- old/salt-master/pillar/params.sls 2018-06-22 16:03:13.0 +0200 +++ new/salt-master/pillar/params.sls 2018-07-12 09:57:10.0 +0200 @@ -158,6 +158,9 @@ lb_mon_retries: '3' # OpenStack Cinder Block Storage API version bs_version: 'v2' +# Ignore OpenStack Cinder avability zone when attaching volumes. +# When Nova and Cinder have different availability zones, this should be set to true. +ignore_vol_az: 'false' # Configuration for the reboot manager (https://github.com/SUSE/rebootmgr). # notes: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/dex/manifests/15-configmap.yaml new/salt-master/salt/addons/dex/manifests/15-configmap.yaml --- old/salt-master/salt/addons/dex/manifests/15-configmap.yaml 2018-06-22 16:03:13.0 +0200 +++ new/
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-06-27 10:20:35 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Wed Jun 27 10:20:35 2018 rev:28 rq:618553 version:4.0.0+git_r853_e2b520b Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-06-20 15:35:02.454055999 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-06-27 10:20:37.537778059 +0200 @@ -1,0 +2,29 @@ +Fri Jun 22 14:01:41 UTC 2018 - containers-bugow...@suse.de + +- Commit 8a746bc by Flavio Castelli fcaste...@suse.com + Do not install recommends + + Instruct salt to not install recommended packages. + + feature#do-not-install-recommends + + Signed-off-by: Flavio Castelli + + +--- +Thu Jun 21 09:48:51 UTC 2018 - containers-bugow...@suse.de + +- Commit 97d8178 by Rafael Fernández López eresli...@ereslibre.es + Call to `mine.update` after `saltutil.sync_pillar` has been called. + + During an upgrade we want to call to `mine.update` after + `saltutil.sync_pillar` has been called, because the `mine_functions` reside + on the pillar, we first want to make sure to sync that, and update the mine + afterwards. Otherwise, we risk doing this in a race condition when the salt + minion starts, and it could or could not lead to update orchestration + failure. + + Fixes: bsc#1097478 + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.BCZR4U/_old 2018-06-27 10:20:38.145755952 +0200 +++ /var/tmp/diff_new_pack.BCZR4U/_new 2018-06-27 10:20:38.149755807 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:4.0.0+git_r847_002982b +Version:4.0.0+git_r853_e2b520b Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/crio/init.sls new/salt-master/salt/crio/init.sls --- old/salt-master/salt/crio/init.sls 2018-06-19 17:12:12.0 +0200 +++ new/salt-master/salt/crio/init.sls 2018-06-22 16:03:13.0 +0200 @@ -5,6 +5,7 @@ crio: pkg.installed: - name: cri-o +- install_recommends: False file.managed: - name: /etc/crio/crio.conf - source: salt://crio/crio.conf.jinja diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/crypto/init.sls new/salt-master/salt/crypto/init.sls --- old/salt-master/salt/crypto/init.sls2018-06-19 17:12:12.0 +0200 +++ new/salt-master/salt/crypto/init.sls2018-06-22 16:03:13.0 +0200 @@ -1,8 +1,9 @@ python-M2Crypto: - pkg.installed + pkg.installed: +- install_recommends: False /etc/pki: file.directory: - user: root - group: root -- mode: 755 \ No newline at end of file +- mode: 755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/etcd/init.sls new/salt-master/salt/etcd/init.sls --- old/salt-master/salt/etcd/init.sls 2018-06-19 17:12:12.0 +0200 +++ new/salt-master/salt/etcd/init.sls 2018-06-22 16:03:13.0 +0200 @@ -10,6 +10,7 @@ add-etcd-to-cluster: pkg.installed: - name: etcdctl +- install_recommends: False caasp_etcd.member_add: - retry: interval: 4 @@ -39,6 +40,7 @@ - iptables - etcdctl - etcd +- install_recommends: False caasp_retriable.retry: - name: iptables-etcd - target: iptables.append diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/kube-apiserver/init.sls new/salt-master/salt/kube-apiserver/init.sls --- old/salt-master/salt/kube-apiserver/init.sls2018-06-19 17:12:12.0 +0200 +++ new/salt-master/salt/kube-apiserver/init.sls2018-06-22 16:03:13.0 +0200 @@ -17,6 +17,7 @@ - pkgs: - iptables - kubernetes-master +- install_recommends: False caasp_retriable.retry: - name: iptables-kube-apiserver - target: iptables.append diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/kube-controller-manager/init.sls new/salt-master/salt/kube-controller-manager/init.sls --- old/salt-master/salt/kube-controller-manager/init.sls 2018-06-19 17:12:12.0 +0200 +
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-06-20 15:35:02 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Wed Jun 20 15:35:02 2018 rev:27 rq:617896 version:4.0.0+git_r847_002982b Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-06-15 14:46:38.635532904 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-06-20 15:35:02.454055999 +0200 @@ -1,0 +2,57 @@ +Tue Jun 19 15:10:41 UTC 2018 - containers-bui...@suse.de + +- Commit 45b8f7b by Maximilian Meister mmeis...@suse.de + explicitly pass unix_socket + + this affects only kubic for now where we use PyMySQL + + we cant use the MYSQL_UNIX_PORT workaround anymore as we could do with + MySQLdb + + salt#mysql-unix-socket + + Signed-off-by: Maximilian Meister + + +--- +Mon Jun 18 14:16:54 UTC 2018 - containers-bui...@suse.de + +- Commit de8bd66 by Maximilian Meister mmeis...@suse.de + override volume plugin dir (bsc#1084766) + + kubernetes 1.10 uses /usr/libexec by default which doesnt exist, and we want + to stick with /usr/lib + + Signed-off-by: Maximilian Meister + + +--- +Mon Jun 18 10:53:37 UTC 2018 - containers-bui...@suse.de + +- Commit 5804349 by Alvaro Saurin alvaro.sau...@gmail.com + Move the early services setup even before updating the masters (we can do + this by removing some unnecessary dependencies). + + bsc#1096992 + + +--- +Fri Jun 15 19:25:25 UTC 2018 - containers-bui...@suse.de + +- Commit ba20582 by Alvaro Saurin alvaro.sau...@gmail.com + Try to load the manifests once we have at least one updated master. + + bsc#1096992 + + +--- +Fri Jun 15 15:19:41 UTC 2018 - containers-bui...@suse.de + +- Commit 180e545 by Alvaro Saurin alvaro.sau...@gmail.com + Early setup some services on updates Removed "allowedFlexVolumes" in PSP (as + it doesn't pass the API verification in 2.1) + + bsc#1096992 + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.ZZEOHH/_old 2018-06-20 15:35:03.522017235 +0200 +++ /var/tmp/diff_new_pack.ZZEOHH/_new 2018-06-20 15:35:03.530016944 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:4.0.0+git_r837_d08a652 +Version:4.0.0+git_r847_002982b Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/config/master.d/50-returner.conf new/salt-master/config/master.d/50-returner.conf --- old/salt-master/config/master.d/50-returner.conf2018-06-13 11:25:22.0 +0200 +++ new/salt-master/config/master.d/50-returner.conf2018-06-19 17:12:12.0 +0200 @@ -1,8 +1,7 @@ mysql: - # salt does not support specifying the UNIX socket location here - as a workaround, - # use the MYSQL_UNIX_PORT environment variable used by libmysqlclient # you still need the 'host' value here, or it will use the defaults and try to connect # on a host named 'salt' host: 'localhost' user: 'salt' - db: 'velum_production' \ No newline at end of file + db: 'velum_production' + unix_socket: '/var/run/mysql/mysql.sock' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/init.sls new/salt-master/salt/addons/init.sls --- old/salt-master/salt/addons/init.sls2018-06-13 11:25:22.0 +0200 +++ new/salt-master/salt/addons/init.sls2018-06-19 17:12:12.0 +0200 @@ -1,7 +1,5 @@ include: - - kube-apiserver - kubectl-config - - cri /etc/kubernetes/addons: file.directory: @@ -9,8 +7,6 @@ - group:root - dir_mode: 755 - makedirs: True -- require: - - file: /etc/cni/net.d/87-podman-bridge.conflist {% from '_macros/kubectl.jinja' import kubectl_apply_template with context %} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/psp/init.sls new/salt-master/salt/addons/psp/init.sls --- old/salt-master/salt/addons/psp/init.sls2018-06-13 11:25:22.0 +0200 +++ new/salt-master/salt/addons/psp/init.sls2018-06-19 17:12:12.0 +02
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-06-15 14:46:36 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Fri Jun 15 14:46:36 2018 rev:26 rq:616508 version:4.0.0+git_r837_d08a652 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-06-08 23:16:54.876923710 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-06-15 14:46:38.635532904 +0200 @@ -1,0 +2,68 @@ +Wed Jun 13 09:24:18 UTC 2018 - containers-bui...@suse.de + +- Commit a4480ed by Alvaro Saurin alvaro.sau...@gmail.com + Do not set the `bootstrap_complete` flag in all the nodes: do it only in the + nodes that had some role assigned. Remove the `bootstrap_in_progress` even if + the orchestration fails. Fixed typo in target. + + bsc#1094078 + + +--- +Wed Jun 13 09:22:07 UTC 2018 - containers-bui...@suse.de + +- Commit cf5b83b by Rafael Fernández López eresli...@ereslibre.es + Remove mine information when removing a node + + This will avoid to render stale information about critical components, like + `etcd` endpoints in the `etcd` configuration. + + `etcd` is very sensitive to this kind of misleading (stale) information, if + more endpoints are provided in `ETCD_INITIAL_CLUSTER` than the ones that + actually exist in the cluster, a new instance of etcd will refuse to start. + + Fixes: bsc#1097001 Fixes: bsc#1097147 + + +--- +Mon Jun 11 14:17:04 UTC 2018 - containers-bui...@suse.de + +- Commit 23ce1f2 by Rafael Fernández López eresli...@ereslibre.es + Force `etc-hosts` sls to be run before `etcd` + + Before the real update orchestration happens we are updating etcd + certificates, so this machine isn't left isolated. However, in this process, + the configuration for etcd might refer to the new machine names if this + happens during the upgrade of 2.0 to 3.0. This might leave the etcd instances + in a state in which they cannot resolve other etcd peer names (because their + `/etc/hosts` file is outdated). + + In order to prevent this, force the `etc-hosts` sls to be run before we + execute the `etcd` sls, so we are sure that `/etc/hosts` will contain both + the old and the new names during the upgrade, and etcd will be able to refer + to other peers using the new hostnames. + + Fixes: bsc#1096750 + + +--- +Mon Jun 11 11:57:40 UTC 2018 - containers-bui...@suse.de + +- Commit ec6238c by Rafael Fernández López eresli...@ereslibre.es + Also stop `kubelet` on masters when performing an upgrade + + If some important change lands between Kubernetes updates, it might happen + that since we don't disable the `kubelet` service on the master nodes, when + the machine gets rebooted, `systemd` will try to start the + `kubelet` service, failing in a burst mode. + + This will prevent our salt states from trying to start it again, because the + service will be in a failed state. Stop the service and disable it on the + masters too when we are performing an upgrade, this way we are sure that + we'll try to start and enable it when we have performed the required changes + for it to succeed. + + Fixes: bsc#1096768 + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.6eD1eR/_old 2018-06-15 14:46:39.323507738 +0200 +++ /var/tmp/diff_new_pack.6eD1eR/_new 2018-06-15 14:46:39.331507445 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:4.0.0+git_r829_b3f572e +Version:4.0.0+git_r837_d08a652 Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/orch/force-removal.sls new/salt-master/salt/orch/force-removal.sls --- old/salt-master/salt/orch/force-removal.sls 2018-06-06 15:44:49.0 +0200 +++ new/salt-master/salt/orch/force-removal.sls 2018-06-13 11:25:22.0 +0200 @@ -39,6 +39,12 @@ - kwarg: destructive: True +remove-target-mine: + salt.function: +- tgt: {{ target }} +- name: mine.flush +- fail_minions: {{ target }} + remove-target-salt-key: salt.wheel: - name: key.reject diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/orch/kub
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-06-08 23:16:50 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Fri Jun 8 23:16:50 2018 rev:25 rq:614578 version:4.0.0+git_r829_b3f572e Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-06-05 12:52:57.857522171 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-06-08 23:16:54.876923710 +0200 @@ -1,0 +2,19 @@ +Wed Jun 6 13:48:35 UTC 2018 - containers-bui...@suse.de + +- Commit c77b0ee by Alvaro Saurin alvaro.sau...@gmail.com + Use the cache whenever something bad happens when refreshing the Pillar from + Velum. + + bsc#1093123 + + +--- +Tue Jun 5 14:14:40 UTC 2018 - containers-bui...@suse.de + +- Commit 450cfdb by Alvaro Saurin alvaro.sau...@gmail.com + Perform some checks before starting the node removal. + + feature#node_removal + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.ErBkO7/_old 2018-06-08 23:16:55.596897705 +0200 +++ /var/tmp/diff_new_pack.ErBkO7/_new 2018-06-08 23:16:55.604897416 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:4.0.0+git_r823_5652fd8 +Version:4.0.0+git_r829_b3f572e Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_pillar/velum.py new/salt-master/salt/_pillar/velum.py --- old/salt-master/salt/_pillar/velum.py 2018-06-01 16:37:28.0 +0200 +++ new/salt-master/salt/_pillar/velum.py 2018-06-06 15:44:49.0 +0200 @@ -67,20 +67,25 @@ with open(os.environ['VELUM_INTERNAL_API_PASSWORD_FILE'], 'r') as f: password = f.read().strip() -data = __salt__['http.query'](url=url, - ca_bundle=ca_bundle, - username=username, - password=password, - decode=True, - decode_type='json') +try: +data = __salt__['http.query'](url=url, + ca_bundle=ca_bundle, + username=username, + password=password, + decode=True, + decode_type='json') +except Exception as e: +log.error('Error when getting pillar from Velum: {0}. Will try to use the cache...'.format(e)) +data = {} -if 'dict' in data: +if data and 'dict' in data: try: cache.store('caasp/pillar', minion_id, data['dict']) except Exception as e: log.warning('Error when populating the cache: {0}. Moving on, not critical'.format(e)) return data['dict'] -elif cache.contains('caasp/pillar', minion_id): + +if cache.contains('caasp/pillar', minion_id): log.warning('Serving pillar from cache for minion {0}, since {1} was not available'.format(minion_id, url)) return cache.fetch('caasp/pillar', minion_id) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/etcd/remove-pre-orchestration.sls new/salt-master/salt/etcd/remove-pre-orchestration.sls --- old/salt-master/salt/etcd/remove-pre-orchestration.sls 1970-01-01 01:00:00.0 +0100 +++ new/salt-master/salt/etcd/remove-pre-orchestration.sls 2018-06-06 15:44:49.0 +0200 @@ -0,0 +1,3 @@ +etcd: + # check the etcd cluster is healthy + caasp_etcd.healthy diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/kube-apiserver/remove-pre-orchestration.sls new/salt-master/salt/kube-apiserver/remove-pre-orchestration.sls --- old/salt-master/salt/kube-apiserver/remove-pre-orchestration.sls 1970-01-01 01:00:00.0 +0100 +++ new/salt-master/salt/kube-apiserver/remove-pre-orchestration.sls 2018-06-06 15:44:49.0 +0200 @@ -0,0 +1,40 @@ +include: + - kubectl-config + +{%- set target = salt.caasp_pillar.get('target') %} +{%- set target_nodename = salt.caasp_net.get_nodename(host=target) %} + +# Check the local ("internal") API server is reachable, and +# then the API-through
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-06-05 12:52:57 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Tue Jun 5 12:52:57 2018 rev:24 rq:614020 version:4.0.0+git_r823_5652fd8 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-06-02 12:11:53.584551492 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-06-05 12:52:57.857522171 +0200 @@ -1,0 +2,42 @@ +Fri Jun 1 14:37:21 UTC 2018 - containers-bugow...@suse.de + +- Commit 33b39b3 by Alvaro Saurin alvaro.sau...@gmail.com + Skip nodes that are being removed in the list of servers in haproxy. + + bsc#1095330 + + Commit 8484c28 by Alvaro Saurin alvaro.sau...@gmail.com + Fix the "targets" priorities for getting nodes for replacements. Minor: use + the same pattern for targeting nodes in removals.sls + as in kubernetes.sls. Do not use "unassigned" nodes when looking for + replacements. Minor improvements + + bsc#1095336 bsc#1094078 + + Commit b80c8f1 by Alvaro Saurin alvaro.sau...@gmail.com + Minor cleanups and "beautifications" + + feature#cleanups + + +--- +Thu May 31 20:50:24 UTC 2018 - containers-bugow...@suse.de + +- Commit 0979191 by Florian Bergmann fbergm...@suse.de + Remove 'range' imports from six. + + There were problems when running 'salt' using these imports and the + difference in semantics seems not significant. + + +--- +Thu May 31 11:37:06 UTC 2018 - containers-bugow...@suse.de + +- Commit 138358b by David Cassany dcass...@suse.de + Spec update + + * make use of %license macro + * update image prefix for sle15 + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.RPogJx/_old 2018-06-05 12:52:58.397502392 +0200 +++ /var/tmp/diff_new_pack.RPogJx/_new 2018-06-05 12:52:58.401502246 +0200 @@ -20,8 +20,8 @@ %define _base_image sles12 %endif -%if 0%{?suse_version} == 1500 && !0%{?is_opensuse} - %define _base_image sles15 +%if 0%{?suse_version} >= 1500 && !0%{?is_opensuse} + %define _base_image caasp %endif %if 0%{?is_opensuse} && 0%{?suse_version} > 1500 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:4.0.0+git_r815_4d4d315 +Version:4.0.0+git_r823_5652fd8 Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management @@ -67,6 +67,11 @@ mkdir -p %{buildroot}%{_datadir}/salt/kubernetes cp -R %{_builddir}/%{gitrepo}-master/* %{buildroot}%{_datadir}/salt/kubernetes/ +# license macro installs LICENSE file, if not removed it is duplicated +%if 0%{?suse_version} >= 1500 +rm %{buildroot}%{_datadir}/salt/kubernetes/LICENSE +%endif + # fix image name dir_name=%{buildroot}/%{_datadir}/salt/kubernetes files=$(grep "image:[ ]*sles12" $dir_name -r | cut -d: -f1 | uniq) @@ -84,6 +89,9 @@ %files %defattr(-,root,root) +%if 0%{?suse_version} >= 1500 +%license LICENSE +%endif %dir %{_datadir}/salt %dir %{_datadir}/salt/kubernetes %{_datadir}/salt/kubernetes/* ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/packaging/suse/make_spec.sh new/salt-master/packaging/suse/make_spec.sh --- old/salt-master/packaging/suse/make_spec.sh 2018-05-25 11:42:05.0 +0200 +++ new/salt-master/packaging/suse/make_spec.sh 2018-06-01 16:37:28.0 +0200 @@ -42,8 +42,8 @@ %define _base_image sles12 %endif -%if 0%{?suse_version} == 1500 && !0%{?is_opensuse} - %define _base_image sles15 +%if 0%{?suse_version} >= 1500 && !0%{?is_opensuse} + %define _base_image caasp %endif %if 0%{?is_opensuse} && 0%{?suse_version} > 1500 @@ -89,6 +89,11 @@ mkdir -p %{buildroot}%{_datadir}/salt/kubernetes cp -R %{_builddir}/%{gitrepo}-${SAFE_BRANCH}/* %{buildroot}%{_datadir}/salt/kubernetes/ +# license macro installs LICENSE file, if not removed it is duplicated +%if 0%{?suse_version} >= 1500 +rm %{buildroot}%{_datadir}/salt/kubernetes/LICENSE +%endif + # fix image name dir_name=%{buildroot}/%{_datadir}/salt/kubernetes files=\$(grep "image:[ ]*sles12" \$dir_name -r | cut -d: -f1 | uniq) @@ -106,6 +111,9 @@ %files %defattr(-,root,root) +%if 0%{?suse_version} >= 1500 +%license LICENSE +%endif %dir %{_datadir}/salt %dir %{_datadir}/salt/kubernetes %{_datadir}/salt/kubernetes/* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclu
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-06-02 12:11:13 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Sat Jun 2 12:11:13 2018 rev:23 rq:613133 version:4.0.0+git_r815_4d4d315 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-05-29 10:44:22.589695753 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-06-02 12:11:53.584551492 +0200 @@ -105,2 +105,6 @@ -- Commit 37556bb by tdaines42 tdai...@suse.com - updated pillar and openstack config to use project and domain ids +- Commit 34d9f0 by Ty Daines and Florian Bergmann + + fix bsc#1091809: pillar and openstack config can use project and + domain ids + + (cherry picked from commit 37556bb) Other differences: --
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-05-29 10:44:20 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Tue May 29 10:44:20 2018 rev:22 rq:612254 version:4.0.0+git_r815_4d4d315 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-05-22 17:02:49.610337287 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-05-29 10:44:22.589695753 +0200 @@ -1,0 +2,61 @@ +Fri May 25 09:41:05 UTC 2018 - containers-bugow...@suse.de + +- Commit 2a6eb07 by Rafael Fernández López eresli...@ereslibre.es + Remove unsupported `--require-kubeconfig` argument deprecated in Kubernetes + (and removed in 1.10) + + Fixes: bsc#1094217 + + +--- +Thu May 24 09:46:08 UTC 2018 - containers-bugow...@suse.de + +- Commit 200ee84 by Florian Bergmann fbergm...@suse.de + Use six compatibility library to make modules 2 and 3 compatible. + + +--- +Wed May 23 18:24:38 UTC 2018 - containers-bugow...@suse.de + +- Commit ccde36b by Maximilian Meister mmeis...@suse.de + fix crio reload and drop a duplicated reload watcher + + fix#reload + + Signed-off-by: Maximilian Meister + + Commit 9a47960 by Maximilian Meister mmeis...@suse.de + fix docker reload again + + it apparently doesnt work to use service.running to do the reload. using + cmd.run is reliable + + fix#reload-cert + + Signed-off-by: Maximilian Meister + + +--- +Tue May 22 22:07:10 UTC 2018 - containers-bugow...@suse.de + +- Commit 7a0c421 by Kiall Mac Innes ki...@macinnes.ie + Run CollaboratorCheck as part of unit test job + + +--- +Tue May 22 17:24:06 UTC 2018 - containers-bugow...@suse.de + +- Commit a4dfabb by Kiall Mac Innes ki...@macinnes.ie + Fix module tests on python3 + + +--- +Tue May 22 16:54:54 UTC 2018 - containers-bugow...@suse.de + +- Commit 8b75460 by Rafael Fernández López eresli...@ereslibre.es + Log all CRI issues as we go, and show them if we really timeout + + Related: bsc#1093918 + + +--- @@ -99,0 +161,2 @@ + + fixes bsc#1090067 Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.wbzmDd/_old 2018-05-29 10:44:23.109676564 +0200 +++ /var/tmp/diff_new_pack.wbzmDd/_new 2018-05-29 10:44:23.113676416 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:4.0.0+git_r801_c7e2229 +Version:4.0.0+git_r815_4d4d315 Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/Jenkinsfile.flake8 new/salt-master/Jenkinsfile.flake8 --- old/salt-master/Jenkinsfile.flake8 2018-05-22 02:05:02.0 +0200 +++ new/salt-master/Jenkinsfile.flake8 2018-05-25 11:42:05.0 +0200 @@ -14,8 +14,9 @@ podTemplate(label: label, containers: [ containerTemplate( -name: 'opensuse', -image: 'opensuse:42.3', +name: 'tox', +image: 'registry.suse.de/devel/casp/ci/opensuse_leap_42.3_containers/jenkins-tox-container:latest', +alwaysPullImage: true, ttyEnabled: true, command: 'cat', envVars: [ @@ -29,31 +30,13 @@ checkout scm } -stage('Install Dependencies') { -try { -container('opensuse') { -// TODO: Build a opensuse based python-tox image.. -sh 'zypper in --no-confirm python-tox python-pip python-pyOpenSSL libopenssl1_0_0 openssl' -sh 'tox --notest -e flake8' -} -} catch (Exception e) { -containerLog 'opensuse' -throw e -} -} - stage('Style Checks') { -try { -container('opensuse') { -try { -sh 'tox -e flake8 -- --format=junit-xml --output-file junit.xml' -} finally { -junit "junit.xml" -} +container('tox') { +try { +sh 'tox -e flake8 -- --format=junit-xml --o
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-05-22 17:02:48 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Tue May 22 17:02:48 2018 rev:21 rq:611200 version:4.0.0+git_r801_c7e2229 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-05-13 16:06:25.727346804 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-05-22 17:02:49.610337287 +0200 @@ -1,0 +2,239 @@ +Tue May 22 00:03:26 UTC 2018 - containers-bugow...@suse.de + +- Commit 987f865 by Kiall Mac Innes ki...@macinnes.ie + Allow salt tests to be ran via tox and Jenkins + + Example to run them locally: + + tox -e tests-salt-2016.11.4-py27 + + or: + + tox -e tests-salt-2016.11.4-py34 + + +--- +Mon May 21 22:52:25 UTC 2018 - containers-bugow...@suse.de + +- Commit becdf82 by Kiall Mac Innes ki...@macinnes.ie + Add Collaborator Check to flake8 job + + +--- +Mon May 21 22:51:25 UTC 2018 - containers-bugow...@suse.de + +- Commit 3935f83 by Kiall Mac Innes ki...@macinnes.ie + Add Collaborator Check to flake8 job + + +--- +Mon May 21 16:13:54 UTC 2018 - containers-bugow...@suse.de + +- Commit b5a6432 by Maximilian Meister mmeis...@suse.de + also reload docker when certificates change + + fix#reload-certs + + Signed-off-by: Maximilian Meister + + +--- +Mon May 21 16:11:55 UTC 2018 - containers-bugow...@suse.de + +- Commit 37556bb by tdaines42 tdai...@suse.com + updated pillar and openstack config to use project and domain ids + + +--- +Sat May 19 10:10:23 UTC 2018 - containers-bugow...@suse.de + +- Commit 8fa6128 by Flavio Castelli fcaste...@suse.com + Add support for kube API auditing + + Allow users to enable kubernetes API server auditing feature. + + The auditing will produce an audit log file locally that can then be pushed + to a central logging solution (eg: by using a fluentd daemonset running on + the master nodes). + + By default there's no auditing in place. This is enabled only when the user + provides a value for each one of the new pillars introduced by this commit. + + feature#kube-api-audit fate#325337 + + Signed-off-by: Flavio Castelli + + +--- +Fri May 18 22:16:39 UTC 2018 - containers-bugow...@suse.de + +- Commit 4497dac by Flavio Castelli fcaste...@suse.com + Remove unneeded state + + The registries state is something from the early days of caasp. Something we + don't need (and use) anymore. + + feature#remove-unneeded-code-registries + + Signed-off-by: Flavio Castelli + + +--- +Fri May 18 20:22:19 UTC 2018 - containers-bugow...@suse.de + +- Commit b501d9f by Flavio Castelli fcaste...@suse.com + Provide configuration to transactional-update + + Fixes bsc#1088675 + + Signed-off-by: Flavio Castelli + + +--- +Fri May 18 19:08:02 UTC 2018 - containers-bugow...@suse.de + +- Commit 22a3b23 by Florian Bergmann fbergm...@suse.de + Install system wide certificates from pillars. + + `cert`-state will install the certificates as trust anchors. + + +--- +Fri May 18 15:18:37 UTC 2018 - containers-bugow...@suse.de + +- Commit 6c4ec0c by Maximilian Meister mmeis...@suse.de + skip removed etcd servers (bsc#1093305) + + Signed-off-by: Maximilian Meister + + +--- +Fri May 18 07:42:06 UTC 2018 - containers-bugow...@suse.de + +- Commit 03d371f by Rafael Fernández López eresli...@ereslibre.es + Remove default grace period and timeout when draining a node. + + By default, the grace period is -1, or whatever the pod specifies on its + `terminationGracePeriodSeconds` spec. The pod can know better than us what it + needs to cleanly stop, and we don't need to apply arbitrary timeouts. If this + is not specified, the default `terminationGracePeriodSeconds` value is 30 + seconds. After this grace termination period, a SIGKILL will be sent to the + process when evicting pods. + + Aside from this, we should have an "inifinite" timeout. Given that this + process doesn't stall, it's safer to perform this operation until it + succeeds. If we have proof that this is causing problems we should add a + timeout, but in general
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-05-13 16:05:59 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Sun May 13 16:05:59 2018 rev:20 rq:606451 version:4.0.0+git_r763_dad9d01 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-05-11 09:18:05.498914112 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-05-13 16:06:25.727346804 +0200 @@ -1,0 +2,13 @@ +Fri May 11 12:00:52 UTC 2018 - containers-bugow...@suse.de + +- Commit 1657de5 by Flavio Castelli fcaste...@suse.com + Add missing cri-o removal states + + This is required to fix node removal on clusters using CRI-O as CRI. + + Fixes bsc#1092614 + + Signed-off-by: Flavio Castelli + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.9qZ0zX/_old 2018-05-13 16:06:26.691311638 +0200 +++ /var/tmp/diff_new_pack.9qZ0zX/_new 2018-05-13 16:06:26.695311492 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:4.0.0+git_r761_6b2cce7 +Version:4.0.0+git_r763_dad9d01 Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/crio/remove-pre-reboot.sls new/salt-master/salt/crio/remove-pre-reboot.sls --- old/salt-master/salt/crio/remove-pre-reboot.sls 1970-01-01 01:00:00.0 +0100 +++ new/salt-master/salt/crio/remove-pre-reboot.sls 2018-05-11 14:01:23.0 +0200 @@ -0,0 +1 @@ +# Nothing to be done yet diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/crio/stop.sls new/salt-master/salt/crio/stop.sls --- old/salt-master/salt/crio/stop.sls 1970-01-01 01:00:00.0 +0100 +++ new/salt-master/salt/crio/stop.sls 2018-05-11 14:01:23.0 +0200 @@ -0,0 +1,4 @@ +# Stop and disable the crio daemon +crio: + service.dead: +- enable: False
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-05-11 09:18:02 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Fri May 11 09:18:02 2018 rev:19 rq:606230 version:4.0.0+git_r761_6b2cce7 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-05-10 15:50:49.754120664 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-05-11 09:18:05.498914112 +0200 @@ -1,0 +2,77 @@ +Wed May 9 16:15:31 UTC 2018 - containers-bugow...@suse.de + +- Commit e286f9b by Flavio Castelli fcaste...@suse.com + Make crictl handling more robust + + Some of our states are now depending on `crictl` tool. All these states have + to depend on the `kubelet service.running` one, otherwise the + `crictl` socket won't be available and the state will fail. + + Also, with these changes, the "blame" of a failure should point directly to + the guilty (`kubelet` service not running for whatever reason) instead of + falling on the `haproxy` one. + + Finally, the check looking for `crictl` socket has been changed to ensure the + socket file exists and the service is actually listening. + + This will help with bugs like bsc#1091419 + + Signed-off-by: Flavio Castelli + + +--- +Wed May 9 16:12:15 UTC 2018 - containers-bugow...@suse.de + +- Commit bcf5415 by Flavio Castelli fcaste...@suse.com + kubelet: allow resource reservation + + Allow kubelet to take into account resource reservation and eviction + threshold. + + == Resource reservation == + + It's possible to reserve resources for the `kube` and the `system` + components. + + The `kube` component is the one including the kubernetes components: api + server, controller manager, scheduler, proxy, kubelet and the container + engine components (docker, containerd, cri-o, runc). + + The `system` component is the `system.slice`, basically all the system + services: sshd, cron, logrotate,... + + By default don't specify any kind of resource reservation. Note well: when + the resource reservations are in place kubelet will reduce the amount or + resources allocatable by the node. However **no** enforcement will be done + neither on the `kube.slice` nor on the `system.slice`. + + This is not happening because: + + * Resource enforcement is done using cgroups. + * The slices are created by systemd. + * systemd doesn't manage all the available cgroups yet. + * kubelet tries to manage cgroups that are not handled by systemd, + resulting in the kubelet failing at startup. + * Changing the cgroup driver to `systemd` doesn't fix the issue. + + Moreover enforcing limits on the `system` and the `kube` slices can lead to + resource starvation of core components of the system. As advised even by the + official kubernetes docs, this is something that only expert users should do + only after extensive profiling of their nodes. + + Finally, even if we wanted to enforce the limits, the right place would be + systemd (by tuning the slice settings). + + For more information see the official documentation: + https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/ + + == Eviction threshold == + + By default no eviction threshold is set. + + bsc#1086185 + + Signed-off-by: Flavio Castelli + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.DPVnbC/_old 2018-05-11 09:18:06.350883244 +0200 +++ /var/tmp/diff_new_pack.DPVnbC/_new 2018-05-11 09:18:06.358882954 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:4.0.0+git_r757_3c2b52a +Version:4.0.0+git_r761_6b2cce7 Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/pillar/params.sls new/salt-master/pillar/params.sls --- old/salt-master/pillar/params.sls 2018-05-08 16:14:27.0 +0200 +++ new/salt-master/pillar/params.sls 2018-05-09 18:15:58.0 +0200 @@ -112,6 +112,22 @@ kubelet: port: '10250' + compute-resources: +kube: + cpu: '' + memory: '' + ephemeral-storage: '' + # example: + # cpu: 100m + # memory: 100M + # ephemeral-storage: 1G +system: + cpu: '' + memory: '' + ephemeral-storage: '' +eviction-hard: '' +# example: +# eviction-hard: me
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-05-10 15:50:47 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Thu May 10 15:50:47 2018 rev:18 rq:605706 version:4.0.0+git_r757_3c2b52a Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-05-08 13:37:58.368182689 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-05-10 15:50:49.754120664 +0200 @@ -1,0 +2,31 @@ +Tue May 8 14:13:40 UTC 2018 - containers-bugow...@suse.de + +- Commit 964deee by Maximilian Meister mmeis...@suse.de + add condition to KUBE_ADMISSION_CONTROL + + bsc#1092140 + + Signed-off-by: Maximilian Meister + + Commit eaab500 by Maximilian Meister mmeis...@suse.de + fix conflicting sls id's + + they need to be globally unique + + orch error happened when setting psp to false in params.sls + + partially fixes https://bugzilla.suse.com/show_bug.cgi?id=1092140 + + bsc#1092140 + + Signed-off-by: Maximilian Meister + + +--- +Tue May 8 10:41:39 UTC 2018 - containers-bugow...@suse.de + +- Commit 843a9a4 by Jordi Massaguer Pla jmassaguer...@suse.de + update version to 4.0.0+dev + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.kslxNG/_old 2018-05-10 15:50:50.474094276 +0200 +++ /var/tmp/diff_new_pack.kslxNG/_new 2018-05-10 15:50:50.478094128 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:3.0.0+git_r752_f9c2358 +Version:4.0.0+git_r757_3c2b52a Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/VERSION new/salt-master/VERSION --- old/salt-master/VERSION 2018-05-07 11:18:58.0 +0200 +++ new/salt-master/VERSION 2018-05-08 16:14:27.0 +0200 @@ -1 +1 @@ -3.0.0+dev +4.0.0+dev diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/dns/init.sls new/salt-master/salt/addons/dns/init.sls --- old/salt-master/salt/addons/dns/init.sls2018-05-07 11:18:58.0 +0200 +++ new/salt-master/salt/addons/dns/init.sls2018-05-08 16:14:27.0 +0200 @@ -17,7 +17,7 @@ {% else %} -dummy: +dns-dummy: cmd.run: - name: echo "DNS addon not enabled in config" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/psp/init.sls new/salt-master/salt/addons/psp/init.sls --- old/salt-master/salt/addons/psp/init.sls2018-05-07 11:18:58.0 +0200 +++ new/salt-master/salt/addons/psp/init.sls2018-05-08 16:14:27.0 +0200 @@ -11,7 +11,7 @@ {% else %} -dummy: +psp-dummy: cmd.run: - name: echo "PSP addon not enabled in config" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/tiller/deployment-wait.sls new/salt-master/salt/addons/tiller/deployment-wait.sls --- old/salt-master/salt/addons/tiller/deployment-wait.sls 2018-05-07 11:18:58.0 +0200 +++ new/salt-master/salt/addons/tiller/deployment-wait.sls 2018-05-08 16:14:27.0 +0200 @@ -6,7 +6,7 @@ {% else %} -dummy: +tiller-deployment-wait-dummy: cmd.run: - name: echo "Tiller addon not enabled in config" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/tiller/init.sls new/salt-master/salt/addons/tiller/init.sls --- old/salt-master/salt/addons/tiller/init.sls 2018-05-07 11:18:58.0 +0200 +++ new/salt-master/salt/addons/tiller/init.sls 2018-05-08 16:14:27.0 +0200 @@ -21,7 +21,7 @@ {% else %} -dummy: +tiller-dummy: cmd.run: - name: echo "Tiller addon not enabled in config" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/cleanup/remove-post-orchestration.sls new/salt-master/salt/cleanup/remove-post-orchestration.sls --- old/salt-master/salt/cleanup/remove-post-orchestration.sls 2018-05-07 11:18:58.0 +0200 +++ new/salt-master/salt/cleanup/remove-post-orchestration.sls 2018-05-08 16:14:27.0 +0200 @@ -36,7 +36,7 @@ {%- if not (forced or target in k8s_nodes + etcd_members) %} {# Make suse we do not generate an empty file if tar
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-05-08 13:37:46 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Tue May 8 13:37:46 2018 rev:17 rq:605055 version:3.0.0+git_r752_f9c2358 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-05-04 11:30:54.696658103 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-05-08 13:37:58.368182689 +0200 @@ -1,0 +2,11 @@ +Mon May 7 09:18:12 UTC 2018 - containers-bugow...@suse.de + +- Commit 8388498 by Alvaro Saurin alvaro.sau...@gmail.com + Try to resist existent data in the mine + + https://bugzilla.suse.com/show_bug.cgi?id=1091361 + + bsc#1091361 + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.pfDTZO/_old 2018-05-08 13:37:59.084156847 +0200 +++ /var/tmp/diff_new_pack.pfDTZO/_new 2018-05-08 13:37:59.088156703 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:3.0.0+git_r750_8f19e53 +Version:3.0.0+git_r752_f9c2358 Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/pillar/params.sls new/salt-master/pillar/params.sls --- old/salt-master/pillar/params.sls 2018-05-03 12:03:26.0 +0200 +++ new/salt-master/pillar/params.sls 2018-05-07 11:18:58.0 +0200 @@ -28,6 +28,10 @@ internal_infra_domain: 'infra.caasp.local' ldap_internal_infra_domain: 'dc=infra,dc=caasp,dc=local' +hw: + # fallback value when we cannot detect the default interface + netiface: 'eth0' + api: # the API service IP (must be inside the 'services_cidr') cluster_ip: '172.24.0.1' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_modules/caasp_net.py new/salt-master/salt/_modules/caasp_net.py --- old/salt-master/salt/_modules/caasp_net.py 2018-05-03 12:03:26.0 +0200 +++ new/salt-master/salt/_modules/caasp_net.py 2018-05-07 11:18:58.0 +0200 @@ -6,6 +6,13 @@ from __future__ import absolute_import +# note: do not import caasp modules other than caasp_log +from caasp_log import error + + +DEFAULT_INTERFACE = 'eth0' + + def __virtual__(): return "caasp_net" @@ -15,15 +22,19 @@ given an 'iface' (and an optional 'host' and list of 'ifaces'), return the IP address associated with 'iface' ''' -if not ifaces: -if not host or host == get_nodename(): -ifaces = __salt__['network.interfaces']() -else: -ifaces = __salt__['caasp_grains.get'](host, 'network.interfaces', type='glob') - -iface = ifaces.get(iface) -ipv4addr = iface.get('inet', [{}]) -return ipv4addr[0].get('address') +try: +if not ifaces: +if not host or host == get_nodename(): +ifaces = __salt__['network.interfaces']() +else: +ifaces = __salt__['caasp_grains.get'](host, 'network.interfaces', type='glob') + +iface = ifaces.get(iface) +ipv4addr = iface.get('inet', [{}]) +return ipv4addr[0].get('address') +except Exception as e: +error('could not get IP for interface %s: %s', iface, e) +return '' def get_primary_iface(host=None): @@ -31,12 +42,16 @@ (given some optional 'host') return the name of the primary iface (the iface associated with the default route) ''' -if not host or host == get_nodename(): -default_route_lst = __salt__['network.default_route']() -return default_route_lst[0]['interface'] -else: -all_routes = __salt__['caasp_grains.get'](host, 'network.default_route', type='glob') -return all_routes[host][0]['interface'] +try: +if not host or host == get_nodename(): +default_route_lst = __salt__['network.default_route']() +return default_route_lst[0]['interface'] +else: +all_routes = __salt__['caasp_grains.get'](host, 'network.default_route', type='glob') +return all_routes[host][0]['interface'] +except Exception as e: +error('could not get the primary interface: %s', e) +return __salt__['caasp_pillar.get']('hw:netiface', DEFAULT_INTERFACE) def get_primary_ip(host=None, ifaces=None): @@ -52,9 +67,13 @@ given a compound expression 'compound',
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-05-04 11:30:49 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Fri May 4 11:30:49 2018 rev:16 rq:603698 version:3.0.0+git_r750_8f19e53 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-04-27 16:10:20.752038484 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-05-04 11:30:54.696658103 +0200 @@ -1,0 +2,45 @@ +Thu May 3 10:02:57 UTC 2018 - containers-bugow...@suse.de + +- Commit 0294ed9 by Alvaro Saurin alvaro.sau...@gmail.com + Do not try to use the mine when we can get the same information with a + module. + + (cherry picked from commit dfd3b8a6a65c7d969466b09a1f20536a525ae42a) + + bsc#1091077 + + +--- +Wed May 2 11:57:18 UTC 2018 - containers-bugow...@suse.de + +- Commit 17e9533 by Kiall Mac Innes ki...@macinnes.ie + Harden the waiting for CRI socket to become active + + * Allow more time for the CRI socket to become active - 20 seconds + * Explicitly fail if the socket does not become active within this + time. + + Related to bsc#1091419 + + +--- +Sun Apr 29 13:31:42 UTC 2018 - containers-bugow...@suse.de + +- Commit c03b41d by Alvaro Saurin alvaro.sau...@gmail.com + Retry the `wait_for_http` when waiting for the API server. Use the same + cleanup.post-orchestration that tyhe forces removal uses. Some other removal + orchestration fixes and improvements. + + feature#node_removal + + +--- +Fri Apr 27 15:15:36 UTC 2018 - containers-bugow...@suse.de + +- Commit 03242db by Kiall Mac Innes ki...@macinnes.ie + Fix caasp_etcd.get_member_id error handling + + caasp_etcd.get_member_id was referencing a variable that doesn't exist. + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.CtkU2t/_old 2018-05-04 11:30:55.264637263 +0200 +++ /var/tmp/diff_new_pack.CtkU2t/_new 2018-05-04 11:30:55.268637117 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:3.0.0+git_r742_8508870 +Version:3.0.0+git_r750_8f19e53 Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/pillar/cri.sls new/salt-master/pillar/cri.sls --- old/salt-master/pillar/cri.sls 2018-04-26 11:56:10.0 +0200 +++ new/salt-master/pillar/cri.sls 2018-05-03 12:03:26.0 +0200 @@ -1,6 +1,6 @@ cri: chosen: 'docker' - socket_timeout: 10 + socket_timeout: 20 docker: description: Docker open-source container engine package: docker diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_modules/caasp_cri.py new/salt-master/salt/_modules/caasp_cri.py --- old/salt-master/salt/_modules/caasp_cri.py 2018-04-26 11:56:10.0 +0200 +++ new/salt-master/salt/_modules/caasp_cri.py 2018-05-03 12:03:26.0 +0200 @@ -199,7 +199,7 @@ ''' socket = cri_runtime_endpoint() -timeout = int(__salt__['pillar.get']('cri:socket_timeout', '10')) +timeout = int(__salt__['pillar.get']('cri:socket_timeout', '20')) expire = time.time() + timeout while time.time() < expire: @@ -207,6 +207,11 @@ return time.sleep(0.3) +raise CommandExecutionError( +'CRI socket did not become ready', +info={'errors': ['CRI socket did not become ready']} +) + def needs_docker(): ''' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_modules/caasp_etcd.py new/salt-master/salt/_modules/caasp_etcd.py --- old/salt-master/salt/_modules/caasp_etcd.py 2018-04-26 11:56:10.0 +0200 +++ new/salt-master/salt/_modules/caasp_etcd.py 2018-05-03 12:03:26.0 +0200 @@ -222,7 +222,7 @@ return member_line.split(':')[0] except Exception as e: -error('cannot get member ID for "%s": %s', e, this_nodename) +error('cannot get member ID for "%s": %s', e, target_nodename) error('output: %s', members_output) return '' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_m
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-04-27 16:10:18 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Fri Apr 27 16:10:18 2018 rev:15 rq:601903 version:3.0.0+git_r742_8508870 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-04-24 15:34:13.207854421 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-04-27 16:10:20.752038484 +0200 @@ -1,0 +2,84 @@ +Thu Apr 26 09:56:06 UTC 2018 - containers-bugow...@suse.de + +- Commit c3b81a6 by Flavio Castelli fcaste...@suse.com + Ensure swap is disabled before kubelet is started + + We have to ensure the swap state is executed before the kubelet service is + started, otherwise kubelt won't run and this will lead to issues like the + ones causing bsc#1090337 + + Signed-off-by: Flavio Castelli + + +--- +Wed Apr 25 12:10:02 UTC 2018 - containers-bugow...@suse.de + +- Commit 24bea3d by Nirmoy Das n...@suse.de + cni: add cilium as alternate to flannel plugin + + +--- +Tue Apr 24 15:58:27 UTC 2018 - containers-bugow...@suse.de + +- Commit 1fd2a98 by Alvaro Saurin alvaro.sau...@gmail.com + Remove leftover file + + feature#node_removal + + +--- +Tue Apr 24 09:21:14 UTC 2018 - containers-bugow...@suse.de + +- Commit e1b9c75 by Kiall Mac Innes ki...@macinnes.ie + Update tiller tag to 2.8.2 + + This matches the tag used in the updated image via SR#162727. + + +--- +Tue Apr 24 08:42:18 UTC 2018 - containers-bugow...@suse.de + +- Commit 3e70e4f by Alvaro Saurin alvaro.sau...@gmail.com + Use get_with_expr() + + feature#node_removal + + Commit b4d09dd by Alvaro Saurin alvaro.sau...@gmail.com + Convert integers in the pillar to real integers. Unit tests for the + get_pillar() function. + + See https://trello.com/c/O7daOErL + + feature#node_removal + + Commit 0d65d79 by Alvaro Saurin alvaro.sau...@gmail.com + Fix: do not include the current node in the list + of endpoints when adding a new member. Unit tests for the etcd modoule. + + See https://trello.com/c/O7daOErL + + feature#node_removal + + Commit 399f7ea by Alvaro Saurin alvaro.sau...@gmail.com + Try to resist unresponsive nodes when removing a node. + * the replacement will not be chosen from + the unresponsive nodes + * affected nodes will exclude them too. Possibility to skip any action on + the target (with the `skip` pillar), so we can remove unresponsive targets + while still looking for replacements. + + See https://trello.com/c/O7daOErL + + feature#node_removal + + +--- +Tue Apr 24 07:58:31 UTC 2018 - containers-bugow...@suse.de + +- Commit f80f752 by Alvaro Saurin alvaro.sau...@gmail.com + Don't to remove some things that are not so important. + + feature#node_removal + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.UxiAiM/_old 2018-04-27 16:10:21.396014867 +0200 +++ /var/tmp/diff_new_pack.UxiAiM/_new 2018-04-27 16:10:21.400014720 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:3.0.0+git_r727_68280fa +Version:3.0.0+git_r742_8508870 Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/pillar/certificates.sls new/salt-master/pillar/certificates.sls --- old/salt-master/pillar/certificates.sls 2018-04-23 14:03:55.0 +0200 +++ new/salt-master/pillar/certificates.sls 2018-04-26 11:56:10.0 +0200 @@ -50,3 +50,6 @@ kube_proxy_key: '/etc/pki/kube-proxy.key' kube_proxy_crt: '/etc/pki/kube-proxy.crt' + + cilium_key: '/etc/pki/cilium.key' + cilium_crt: '/etc/pki/cilium.crt' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_modules/caasp_etcd.py new/salt-master/salt/_modules/caasp_etcd.py --- old/salt-master/salt/_modules/caasp_etcd.py 2018-04-23 14:03:55.0 +0200 +++ new/salt-master/salt/_modules/caasp_etcd.py 2018-04-26 11:56:10.0 +0200 @@ -173,6 +173,7 @@ error('no etcd members available!!') raise NoEtcdServersExcepti
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-04-24 15:34:11 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Tue Apr 24 15:34:11 2018 rev:14 rq:600111 version:3.0.0+git_r727_68280fa Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-04-16 12:48:51.829385650 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-04-24 15:34:13.207854421 +0200 @@ -1,0 +2,256 @@ +Mon Apr 23 12:03:59 UTC 2018 - containers-bugow...@suse.de + +- Commit 44798f4 by Rafael Fernández López eresli...@ereslibre.es + Use `expr_form` instead of `tgt_type` until we update salt + + This is producing an error on our current salt version: + + `Rendering SLS 'base:cleanup.remove-post-orchestration' failed: Jinja + error: get() + got an unexpected keyword argument 'tgt_type'` + + Go back to using `expr_form` until we update. + + feature#deployment-stability + + +--- +Mon Apr 23 10:16:50 UTC 2018 - containers-bugow...@suse.de + +- Commit 352e4f5 by Rafael Fernández López eresli...@ereslibre.es + Always remove the "we are removing a machine" grain from the cluster + + Even if the `removal` orchestration has failed, we want to remove this grain + from the cluster, or the subsequent `etc-hosts` orchestrations won't be + executed if a removal failed. + + feature#deployment-stability + + +--- +Mon Apr 23 07:43:54 UTC 2018 - containers-bugow...@suse.de + +- Commit f2190ca by Alvaro Saurin alvaro.sau...@gmail.com + Instead of running things on the forced-removal orchestration, move actions + to SLS files (so they can be shared with the regular removal orchestration). + + feature#node_removal + + +--- +Sat Apr 21 10:16:14 UTC 2018 - containers-bugow...@suse.de + +- Commit 6d5dcda by Federico Ceratto federico.cera...@suse.de + Stop using __opts__ and os_data() + + bsc#1087115 + + +--- +Fri Apr 20 08:47:24 UTC 2018 - containers-bugow...@suse.de + +- Commit ec9c37c by Flavio Castelli fcaste...@suse.com + Introduce feature-gates pillar + + Allow feature gates to be toggled via a dedicated pillar. + + feature#feature-gates + + +--- +Thu Apr 19 09:00:00 UTC 2018 - containers-bugow...@suse.de + +- Commit 165baf2 by Federico Ceratto federico.cera...@suse.de + Switch caasp_nodename to using __opts__ + bsc#1087115 + +--- +Wed Apr 18 15:23:47 UTC 2018 - containers-bugow...@suse.de + +- Commit 52b61c2 by Flavio Castelli fcaste...@suse.com + crio: fix upgrade orchestration + + Ensure everything is fine on the admin node + + feature#crio + + Signed-off-by: Flavio Castelli + + Commit 33256f0 by Flavio Castelli fcaste...@suse.com + crio: cleanup code + + Several changes to reflect the feedback got on the pull request. + + feature#crio + + Signed-off-by: Flavio Castelli + + Commit f62aaec by Flavio Castelli fcaste...@suse.com + Do not rely on salt virtual_subtype grain + + The `virtual_subtype` grain cannot be used to identify salt minions that are + running inside of containers started by kubernetes. + + The salt core code sets this grain to `Docker` by looking at the cgroup + hierarchy of PID 1 on the minion. + + On regular docker container (not managed by kubernetes!) the cgroup hierarchy + includes a `docker` slice. However all the containers started by kubelet are + placed under the `kubepods` slice. + + Right now the only salt minion running inside of a container is the `ca` one, + which can be easily identified by looking at its roles. + + This commit changes our salt states to use roles instead of the unreliable + `virtual_subtype` grain. + + feature#crio + + Signed-off-by: Flavio Castelli + + Commit 569c9aa by Flavio Castelli fcaste...@suse.com + Extend motd + + Show information about the container runtime used on the node. + + feature#crio + + Signed-off-by: Flavio Castelli + + Commit 1bae9eb by Flavio Castelli fcaste...@suse.com + Remove unused cri abstractions + + cri-o doesn't have yet a way to copy files from the host into its running + containers. Fortunately this feature is required only on the admin node, + which is still using docker. + + This commit removes some of the abstractions introduced to be able to copy + files into running containers. + + We will revert this commit later on, once we migrate the admin node to use + cri-o. + + fe
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-04-16 12:48:46 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Mon Apr 16 12:48:46 2018 rev:13 rq:596327 version:3.0.0+git_r688_ac25f0d Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-04-13 12:50:00.187046065 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-04-16 12:48:51.829385650 +0200 @@ -1,0 +2,45 @@ +Fri Apr 13 12:11:18 UTC 2018 - containers-bugow...@suse.de + +- Commit 0e7d745 by Alvaro Saurin alvaro.sau...@gmail.com + Configure taints/labels on the replacement node Fix typo + + feature#node_removal + + +--- +Fri Apr 13 11:44:45 UTC 2018 - containers-bugow...@suse.de + +- Commit 69d271d by Rafael Fernández López eresli...@ereslibre.es + Remove unneeded includes `ca-cert` and `cert` for `velum/init.sls` and + `ldap/init.sls` + + feature#deployment-stability + + +--- +Fri Apr 13 11:04:32 UTC 2018 - containers-bugow...@suse.de + +- Commit 1de5846 by Kiall Mac Innes ki...@macinnes.ie + Add PodSecurityPolicy Support + + Add support for PodSecurityPolicy's, allowing us to disable use of the + hostPath volume type. + + This change adds 2 PSP's: + + * unprivileged (Default assigned to all users) + + The unprivileged PodSecurityPolicy is intended to be a reasonable compromise + between the reality of Kubernetes workloads, and suse:caasp:psp:privileged. + By default, we'll grant this PSP to all users and service accounts. + + * privileged + + The privileged PodSecurityPolicy is intended to be given only to trusted + workloads. It provides for as few restrictions as possible and should only be + assigned to highly trusted users. + + Fixes bsc#1047535 + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.d4vtxZ/_old 2018-04-16 12:48:53.741316100 +0200 +++ /var/tmp/diff_new_pack.d4vtxZ/_new 2018-04-16 12:48:53.745315954 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:3.0.0+git_r682_143b3e6 +Version:3.0.0+git_r688_ac25f0d Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/pillar/params.sls new/salt-master/pillar/params.sls --- old/salt-master/pillar/params.sls 2018-04-11 09:40:33.0 +0200 +++ new/salt-master/pillar/params.sls 2018-04-13 14:11:30.0 +0200 @@ -67,6 +67,7 @@ # install the addons (ie, DNS) addons: + psp:'true' dns:'true' tiller: 'false' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/dex/manifests/10-clusterrolebinding.yaml new/salt-master/salt/addons/dex/manifests/10-clusterrolebinding.yaml --- old/salt-master/salt/addons/dex/manifests/10-clusterrolebinding.yaml 2018-04-11 09:40:33.0 +0200 +++ new/salt-master/salt/addons/dex/manifests/10-clusterrolebinding.yaml 2018-04-13 14:11:30.0 +0200 @@ -26,3 +26,18 @@ - kind: Group name: "{{ pillar['ldap']['admin_group_name'] }}" apiGroup: rbac.authorization.k8s.io +--- +# Allow Dex to use the suse:caasp:psp:privileged +# PodSecurityPolicy. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: suse:caasp:psp:dex +roleRef: + kind: ClusterRole + name: suse:caasp:psp:privileged + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: dex + namespace: kube-system diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/dex/manifests/20-deployment.yaml new/salt-master/salt/addons/dex/manifests/20-deployment.yaml --- old/salt-master/salt/addons/dex/manifests/20-deployment.yaml 2018-04-11 09:40:33.0 +0200 +++ new/salt-master/salt/addons/dex/manifests/20-deployment.yaml 2018-04-13 14:11:30.0 +0200 @@ -26,6 +26,7 @@ checksum/secret: {{ salt.hashutil.digest_file("/etc/kubernetes/addons/dex/15-secret.yaml", "sha256") }} spec: serviceAccountName: dex + tolerations: - key: node-role.kubernetes.io/master operator: Exists @@ -90,9 +91,11 @@ items: - key: config.yaml
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-04-13 12:49:45 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Fri Apr 13 12:49:45 2018 rev:12 rq:595612 version:3.0.0+git_r682_143b3e6 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-04-11 14:04:47.600727213 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-04-13 12:50:00.187046065 +0200 @@ -1,0 +2,9 @@ +Wed Apr 11 07:39:47 UTC 2018 - containers-bugow...@suse.de + +- Commit 489cbef by Alvaro Saurin alvaro.sau...@gmail.com + Fix race condition on update-etc-hosts + + fix#update-etc-hosts + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.3cD7s9/_old 2018-04-13 12:50:01.474999403 +0200 +++ /var/tmp/diff_new_pack.3cD7s9/_new 2018-04-13 12:50:01.478999258 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:3.0.0+git_r680_7a3c61f +Version:3.0.0+git_r682_143b3e6 Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_modules/caasp_nodes.py new/salt-master/salt/_modules/caasp_nodes.py --- old/salt-master/salt/_modules/caasp_nodes.py2018-04-10 13:16:22.0 +0200 +++ new/salt-master/salt/_modules/caasp_nodes.py2018-04-11 09:40:33.0 +0200 @@ -130,8 +130,8 @@ if kwargs.get('exclude_in_progress', False): expr_items.append('not G@bootstrap_in_progress:true') expr_items.append('not G@update_in_progress:true') -expr_items.append('not G@removal_in_progress:true') -expr_items.append('not G@addition_in_progress:true') +expr_items.append('not G@node_removal_in_progress:true') +expr_items.append('not G@node_addition_in_progress:true') excluded = _sanitize_list(kwargs.get('excluded', [])) if excluded: @@ -466,8 +466,8 @@ if kwargs.get('exclude_in_progress', True): affected_items.append('not G@bootstrap_in_progress:true') affected_items.append('not G@update_in_progress:true') -affected_items.append('not G@removal_in_progress:true') -affected_items.append('not G@addition_in_progress:true') +affected_items.append('not G@node_removal_in_progress:true') +affected_items.append('not G@node_addition_in_progress:true') excluded_nodes = _sanitize_list([target] + kwargs.get('excluded', [])) if excluded_nodes: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_modules/tests/test_caasp_nodes.py new/salt-master/salt/_modules/tests/test_caasp_nodes.py --- old/salt-master/salt/_modules/tests/test_caasp_nodes.py 2018-04-10 13:16:22.0 +0200 +++ new/salt-master/salt/_modules/tests/test_caasp_nodes.py 2018-04-11 09:40:33.0 +0200 @@ -305,8 +305,8 @@ 'G@bootstrap_complete:true', 'not G@bootstrap_in_progress:true', 'not G@update_in_progress:true', -'not G@removal_in_progress:true', -'not G@addition_in_progress:true' +'not G@node_removal_in_progress:true', +'not G@node_addition_in_progress:true' ] def test_get_expr_affected_by_master_removal(self): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/orch/update-etc-hosts.sls new/salt-master/salt/orch/update-etc-hosts.sls --- old/salt-master/salt/orch/update-etc-hosts.sls 2018-04-10 13:16:22.0 +0200 +++ new/salt-master/salt/orch/update-etc-hosts.sls 2018-04-11 09:40:33.0 +0200 @@ -2,8 +2,7 @@ 'G@bootstrap_complete:true and ' + 'not G@bootstrap_in_progress:true and ' + 'not G@update_in_progress:true and ' + - 'not G@node_removal_in_progress:true and ' + - 'not G@node_addition_in_progress:true' %} + 'not G@removal_in_progress:true' %} {%- if salt.saltutil.runner('mine.get', tgt=updates_all_target, fun='nodename', tgt_type='compound')|length > 0 %} update_pillar:
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-04-11 14:02:25 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Wed Apr 11 14:02:25 2018 rev:11 rq:595182 version:3.0.0+git_r680_7a3c61f Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-04-05 15:33:21.936415765 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-04-11 14:04:47.600727213 +0200 @@ -1,0 +2,96 @@ +Tue Apr 10 11:15:39 UTC 2018 - containers-bugow...@suse.de + +- Commit 0ef0581 by Alvaro Saurin alvaro.sau...@gmail.com + * Do some code cleanups in caasp_etcd.py by using + the same logic for getting etcd replacements as + for getting additional etcd servers when bootstrapping. + * Move most of the removal logic to a caasp_nodes.py + Python module, as Jinja is not a proper language... + * Add the corresponding unit tests for this new + Python code. + * Do not be so strict when finding a replacement: if + the replacement is not valid for a k8s master, do not + make it unsuitable for etcd too. + * Use some basic k8s master replacement finder. + * Try to use some common logging functions + * Refactor out the grains.get code to a new + caasp_grains.py module (as it is shared by several + custom modules) + + See https://trello.com/c/O7daOErL + + feature#node_removal + + +--- +Tue Apr 10 07:54:00 UTC 2018 - containers-bugow...@suse.de + +- Commit c189bca by Alvaro Saurin alvaro.sau...@gmail.com + Try to resist to transient node failures on updates + + See https://trello.com/c/irviWd1m + + feature#update_on_node_failures + + +--- +Mon Apr 9 08:55:51 UTC 2018 - containers-bugow...@suse.de + +- Commit caa100b by Alvaro Saurin alvaro.sau...@gmail.com + Change the meaning of some grains: + * removal_in_progress -> node_removal_in_progress (only for + the node that is being removed) + * addition_in_progress -> node_addition_in_progress (only for + the node that is being added) + * removal_in_progress: cluster-wide grain for marking that a + removal is being done. This should avoid conflicts with the etc-hosts-update + orchestration... + + https://bugzilla.suse.com/show_bug.cgi?id=1087108 + + bsc#1087108 + + +--- +Fri Apr 6 07:57:48 UTC 2018 - containers-bugow...@suse.de + +- Commit 3a529ab by Alvaro Saurin alvaro.sau...@gmail.com + Reject keys of removed nodes instead of just deleting them. + + https://bugzilla.suse.com/show_bug.cgi?id=1087062 + + bsc#1087062 + + +--- +Thu Apr 5 08:41:48 UTC 2018 - containers-bugow...@suse.de + +- Commit ae4018a by Rafael Fernández López eresli...@ereslibre.es + Force drain when trying to drain a node + + When trying to drain a node we can get an error if the kubelet is running a + pod created by local manifests (manifests living in the local filesystem): + + ``` caasp-admin:~ # kubectl drain --ignore-daemonsets caasp-worker-1 node + "caasp-worker-1" cordoned error: unable to drain node "caasp-worker-1", + aborting command... + + There are pending nodes to be drained: + caasp-worker-1 error: pods not managed by ReplicationController, ReplicaSet, + Job, DaemonSet or StatefulSet (use --force to override): + haproxy-caasp-worker-1 + ``` + + As opposed to: + + ``` caasp-admin:~ # kubectl drain --force --ignore-daemonsets caasp-worker-1 + node "caasp-worker-1" already cordoned WARNING: Deleting pods not managed by + ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet: + haproxy-caasp-worker-1; Ignoring DaemonSet-managed pods: kube-flannel-vklfc + node "caasp-worker-1" drained + ``` + + Related: bsc#1085980 + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.mnk9KE/_old 2018-04-11 14:04:48.356699895 +0200 +++ /var/tmp/diff_new_pack.mnk9KE/_new 2018-04-11 14:04:48.360699749 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:3.0.0+git_r670_185e941 +Version:3.0.0+git_r680_7a3c61f Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ 2235 lines of diff (skipped)
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-04-05 15:33:18 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Thu Apr 5 15:33:18 2018 rev:10 rq:593475 version:3.0.0+git_r670_185e941 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-03-28 10:32:53.861773620 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-04-05 15:33:21.936415765 +0200 @@ -1,0 +2,12 @@ +Tue Apr 3 10:26:04 UTC 2018 - containers-bugow...@suse.de + +- Commit c7ee6be by Rafael Fernández López eresli...@ereslibre.es + Wait for deployments during the orchestration time. + + Additionally to other checks, we should also consider the orchestration done + once that the expected pods are running. + + feature#deployment-stability + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.4SJSge/_old 2018-04-05 15:33:23.420362132 +0200 +++ /var/tmp/diff_new_pack.4SJSge/_new 2018-04-05 15:33:23.424361987 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:3.0.0+git_r668_8e45600 +Version:3.0.0+git_r670_185e941 Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_macros/kubectl.jinja new/salt-master/salt/_macros/kubectl.jinja --- old/salt-master/salt/_macros/kubectl.jinja 2018-03-27 12:02:53.0 +0200 +++ new/salt-master/salt/_macros/kubectl.jinja 2018-04-03 12:26:19.0 +0200 @@ -84,3 +84,19 @@ watch=["file: " + dest] + kwargs.pop('watch', []), **kwargs) }} {%- endmacro %} + +# + +{% macro kubectl_wait_for_deployment(deployment, namespace = 'kube-system', timeout = 600) -%} +wait-for-{{ deployment }}-deployment: + caasp_cmd.run: +- name: |- +desiredReplicas=$(kubectl --kubeconfig={{ pillar['paths']['kubeconfig'] }} get deployment {{ deployment }} --namespace={{ namespace }} --template {{ '{{.spec.replicas}}' }}) +readyReplicas=$(kubectl --kubeconfig={{ pillar['paths']['kubeconfig'] }} get deployment {{ deployment }} --namespace={{ namespace }} --template {{ '{{.status.readyReplicas}}' }}) +availableReplicas=$(kubectl --kubeconfig={{ pillar['paths']['kubeconfig'] }} get deployment {{ deployment }} --namespace={{ namespace }} --template {{ '{{.status.availableReplicas}}' }}) +updatedReplicas=$(kubectl --kubeconfig={{ pillar['paths']['kubeconfig'] }} get deployment {{ deployment }} --namespace={{ namespace }} --template {{ '{{.status.updatedReplicas}}' }}) +[ "$readyReplicas" == "$desiredReplicas" ] && [ "$availableReplicas" == "$desiredReplicas" ] && [ "$updatedReplicas" == "$desiredReplicas" ] +- retry: +attempts: {{ timeout }} +interval: 1 +{%- endmacro %} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/dex/deployment-wait.sls new/salt-master/salt/addons/dex/deployment-wait.sls --- old/salt-master/salt/addons/dex/deployment-wait.sls 1970-01-01 01:00:00.0 +0100 +++ new/salt-master/salt/addons/dex/deployment-wait.sls 2018-04-03 12:26:19.0 +0200 @@ -0,0 +1,3 @@ +{% from '_macros/kubectl.jinja' import kubectl_wait_for_deployment with context %} + +{{ kubectl_wait_for_deployment('dex') }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/dns/deployment-wait.sls new/salt-master/salt/addons/dns/deployment-wait.sls --- old/salt-master/salt/addons/dns/deployment-wait.sls 1970-01-01 01:00:00.0 +0100 +++ new/salt-master/salt/addons/dns/deployment-wait.sls 2018-04-03 12:26:19.0 +0200 @@ -0,0 +1,3 @@ +{% from '_macros/kubectl.jinja' import kubectl_wait_for_deployment with context %} + +{{ kubectl_wait_for_deployment('kube-dns') }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/tiller/deployment-wait.sls new/salt-master/salt/addons/tiller/deployment-wait.sls --- old/salt-master/salt/addons/tiller/deployment-wait.sls 1970-01-01 01:00:00.0 +0100 +++ new/salt-master/salt/addons/tiller/deployment-wait.sls 2018-04-03 12:26:19.0 +0200 @@ -0,0 +1,13 @@ +{% if sa
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-03-28 10:32:47 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Wed Mar 28 10:32:47 2018 rev:9 rq:591543 version:3.0.0+git_r668_8e45600 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-03-26 13:07:02.288772975 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-03-28 10:32:53.861773620 +0200 @@ -1,0 +2,12 @@ +Tue Mar 27 10:03:43 UTC 2018 - containers-bugow...@suse.de + +- Commit 043a686 by Kiall Mac Innes ki...@macinnes.ie + Extend certificates to one year lifespan + + 100 days is a very short lifespan, lets bump this to one year - a much more + common value for certificate lifetime. + + Related to bsc#1082722 + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.ZbvZyB/_old 2018-03-28 10:32:54.685743986 +0200 +++ /var/tmp/diff_new_pack.ZbvZyB/_new 2018-03-28 10:32:54.685743986 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:3.0.0+git_r666_603e9dc +Version:3.0.0+git_r668_8e45600 Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/pillar/certificates.sls new/salt-master/pillar/certificates.sls --- old/salt-master/pillar/certificates.sls 2018-03-22 17:53:50.0 +0100 +++ new/salt-master/pillar/certificates.sls 2018-03-27 12:02:53.0 +0200 @@ -10,7 +10,7 @@ ST: Bavaria days_valid: ca_certificate: 3650 -certificate: 100 +certificate: 365 days_remaining: ca_certificate: 90 certificate: 90
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-03-26 13:06:58 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Mon Mar 26 13:06:58 2018 rev:8 rq:590602 version:3.0.0+git_r666_603e9dc Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-03-22 12:12:13.138400408 +0100 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-03-26 13:07:02.288772975 +0200 @@ -1,0 +2,52 @@ +Thu Mar 22 16:53:56 UTC 2018 - containers-bugow...@suse.de + +- Commit 0901ff0 by Kiall Mac Innes ki...@macinnes.ie + Increase Kube-DNS replicas to 3 + + Having only a single Kube-DNS replica means that, during upgrades or other + failure scenarios, Kube-DNS will not be functional. A value of 3 matches what + we use for Dex. + + Commit 2c42773 by Kiall Mac Innes ki...@macinnes.ie + Dex should not have cluster-admin + + Dex does not require cluster admin access. Instead, it should use a new role + defined with just the permissions Dex requires. + + Commit 38e654d by Kiall Mac Innes ki...@macinnes.ie + Kube-DNS should not have cluster-admin + + Kubernetes DNS service does not require cluster admin access. Instead, it + should use the build in system:kube-dns role. + + Commit 9dec359 by Kiall Mac Innes ki...@macinnes.ie + Remove duplicated Dex ClusterRoleBinding + + The ClusterRoleBinding's for Dex were duplicated - this removes the extra + copy. + + Commit 0aebc0d by Kiall Mac Innes ki...@macinnes.ie + Match addons/{dns,tiller} patterns to addons/dex + + This pattern is cleaner, and lets Kubernetes do more of the hard work related + to applying and updating manifests changes. This will be further extended to + CNI/flannel soon. + + +--- +Thu Mar 22 11:54:08 UTC 2018 - containers-bugow...@suse.de + +- Commit 3b3f0ae by Rafael Fernández López eresli...@ereslibre.es + Refresh modules before we call to any `sls`, they might use undiscovered + modules + + Commit 8b49308 by Rafael Fernández López eresli...@ereslibre.es + When we explicitly run `haproxy` sls in the update, run `etc-hosts` too. + + During a rename, it might happen that `haproxy` refuses to start because it + cannot resolve the new names `nodename.infra.caasp.local` in the + configuration because its + `/etc/hosts` file hasn't been updated yet. + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.nF9Tw8/_old 2018-03-26 13:07:04.420696334 +0200 +++ /var/tmp/diff_new_pack.nF9Tw8/_new 2018-03-26 13:07:04.424696190 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:3.0.0+git_r657_c294782 +Version:3.0.0+git_r666_603e9dc Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/pillar/params.sls new/salt-master/pillar/params.sls --- old/salt-master/pillar/params.sls 2018-03-21 18:10:02.0 +0100 +++ new/salt-master/pillar/params.sls 2018-03-22 17:53:50.0 +0100 @@ -46,7 +46,7 @@ dns: cluster_ip: '172.24.0.2' domain: 'cluster.local' - replicas: '1' + replicas: '3' # user and group for running services and some other stuff... kube_user:'kube' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/dex/manifests/05-clusterrole.yaml new/salt-master/salt/addons/dex/manifests/05-clusterrole.yaml --- old/salt-master/salt/addons/dex/manifests/05-clusterrole.yaml 1970-01-01 01:00:00.0 +0100 +++ new/salt-master/salt/addons/dex/manifests/05-clusterrole.yaml 2018-03-22 17:53:50.0 +0100 @@ -0,0 +1,12 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: suse:caasp:dex +rules: +- apiGroups: ["dex.coreos.com"] + resources: ["*"] + verbs: ["*"] +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create"] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/dex/manifests/10-clusterrolebinding.yaml new/salt-master/salt/addons/dex/manifests/10-clusterrolebinding.yaml --- old/salt-master/salt/addons/dex/manifests/10-clusterrolebinding.yaml 2018-03-21 18:10:02.0 +0100 +++ new/salt-master/salt/addon
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-03-22 12:08:12 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Thu Mar 22 12:08:12 2018 rev:7 rq:589836 version:3.0.0+git_r657_c294782 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-03-19 23:38:22.813349004 +0100 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-03-22 12:12:13.138400408 +0100 @@ -1,0 +2,46 @@ +Wed Mar 21 17:10:41 UTC 2018 - containers-bugow...@suse.de + +- Commit 0926982 by Kiall Mac Innes ki...@macinnes.ie + Add flannel readiness/liveness probe + + This makes sure flannel has at least reached the point where it starts the + healthz API endpoint. However, that point in the flannel code is *very* early + and not all that useful for actual health checking. Additionally, as long as + the HTTP gorouting is running, healthz will *always* respond with a 200. It + performs no actual health checking. + + Even still, lets include the probe. If flannel gets better health checking, + it will be enabled for us, on the other hand, if flannel doesn't get better + health checking, it's still *very slightly* useful to know that flannel has + at least reached this point in it's code. + + +--- +Wed Mar 21 17:06:31 UTC 2018 - containers-bugow...@suse.de + +- Commit 4259116 by Rafael Fernández López eresli...@ereslibre.es + Wait for dex on the admin node before calling the orchestration done + + When we finish the orchestration all bits and pieces should be working as + expected. Wait for the haproxy on the admin node to be correctly pointing to + dex before finishing the orchestration. + + +--- +Wed Mar 21 08:43:52 UTC 2018 - containers-bugow...@suse.de + +- Commit 113a807 by Rafael Fernández López eresli...@ereslibre.es + If no replacement provided do not ask for nonexistent states. + + If no replacement is provided, `sync-all` was trying to refer to states that + didn't exist because those states also were wrapped with a `replacement` + guard. + + Commit f6d8787 by Rafael Fernández López eresli...@ereslibre.es + Always set `replacement_provided` variable + + Salt was complaining that this variable didn't exist in the `orch.removal` + orchestration when removing a master when no replacement was provided. + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.gkwDUO/_old 2018-03-22 12:12:14.214361845 +0100 +++ /var/tmp/diff_new_pack.gkwDUO/_new 2018-03-22 12:12:14.222361559 +0100 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:3.0.0+git_r650_e65e789 +Version:3.0.0+git_r657_c294782 Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/pillar/cni.sls new/salt-master/pillar/cni.sls --- old/salt-master/pillar/cni.sls 2018-03-16 18:05:32.0 +0100 +++ new/salt-master/pillar/cni.sls 2018-03-21 18:10:02.0 +0100 @@ -3,6 +3,7 @@ image: 'sles12/flannel:0.9.1' backend:'vxlan' port: '8472'# UDP port to use for sending encapsulated packets. Defaults to kernel default, currently 8472. + healthz_port: '8471'# TCP port used for flannel healthchecks # log level for flanneld service # 0 - Generally useful for this to ALWAYS be visible to an operator. # 1 - A reasonable default log level if you don't want verbosity. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/dex/init.sls new/salt-master/salt/addons/dex/init.sls --- old/salt-master/salt/addons/dex/init.sls2018-03-16 18:05:32.0 +0100 +++ new/salt-master/salt/addons/dex/init.sls2018-03-21 18:10:02.0 +0100 @@ -40,18 +40,3 @@ {{ kubectl("remove-old-dex-clusterrolebinding", "delete clusterrolebinding system:dex", onlyif="kubectl get clusterrolebinding system:dex") }} - -ensure_dex_running: - # Wait until the Dex API is actually up and running - http.wait_for_successful_query: -{% set dex_api_server = "api." + pillar['internal_infra_domain'] -%} -{% set dex_api_server_ext = pillar['api']['server']['external_fqdn'] -%} -{% set dex_api_port = pillar['dex']['nod
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-03-19 23:38:21 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Mon Mar 19 23:38:21 2018 rev:6 rq:588115 version:3.0.0+git_r650_e65e789 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-03-16 10:45:16.848299820 +0100 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-03-19 23:38:22.813349004 +0100 @@ -1,0 +2,55 @@ +Fri Mar 16 17:05:34 UTC 2018 - containers-bugow...@suse.de + +- Commit 30b9ae5 by Kiall Mac Innes ki...@macinnes.ie + Dex: Delay liveness probe in addition to readiness probe + + Delay the liveness probe by 30 seconds, matching the readiness probe. + + +--- +Fri Mar 16 16:57:20 UTC 2018 - containers-bugow...@suse.de + +- Commit 753978f by Rafael Fernández López eresli...@ereslibre.es + Use complete host references on haproxy configuration + + This avoids an incompatibility on the admin node in which if the external + fqdn field matched any of the master nodes host, haproxy would be checking + 127.0.0.1:6444 for the apiserver for healthchecks. + + Now, we are using the internal infra domain suffix so we are sure we are + referring to the real /etc/hosts entry with the ip address of the target + machines. + + +--- +Fri Mar 16 16:56:19 UTC 2018 - containers-bugow...@suse.de + +- Commit 9f06d7d by Rafael Fernández López eresli...@ereslibre.es + PCRE grain expressions only allow the regexp on the value side. + + Fix PCRE grain query expressions so they are matching what we expect. + + ``` caasp-admin:~ # docker exec -it 06bf salt -P 'bootstrap_complete:.*' + cmd.run hostname admin: + caasp-admin 6b5cb85d20f94f6eb813449b228cfe13: + caasp-worker-1 4c0e4d31bc754369940ffcbae28e2f0a: + caasp-worker-0 cb92123fa85d4170807e0aa24573501b: + caasp-master-0 66d5844bc5f14d1480896b1bc234dd92: + caasp-master-1 3f3f505c6eb3464e8a08cc0ae6fbc8f4: + caasp-master-2 caasp-admin:~ # docker exec -it 06bf salt -P + 'bootstrap_.*:true' cmd.run hostname No minions matched the target. No + command was sent, no jid was assigned. ERROR: No return received + ``` + + +--- +Thu Mar 15 21:22:34 UTC 2018 - containers-bugow...@suse.de + +- Commit afc91fe by Kiall Mac Innes ki...@macinnes.ie + Wipe out our /etc/hosts changes before reboot + + This ensures the systemd/wicked logic is unaffected by our /etc/hosts + changes. + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.bGJU80/_old 2018-03-19 23:38:23.453325918 +0100 +++ /var/tmp/diff_new_pack.bGJU80/_new 2018-03-19 23:38:23.457325773 +0100 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:3.0.0+git_r642_292b025 +Version:3.0.0+git_r650_e65e789 Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_modules/caasp_etcd.py new/salt-master/salt/_modules/caasp_etcd.py --- old/salt-master/salt/_modules/caasp_etcd.py 2018-03-14 09:56:11.0 +0100 +++ new/salt-master/salt/_modules/caasp_etcd.py 2018-03-16 18:05:32.0 +0100 @@ -135,7 +135,9 @@ expr = '' expr += 'not G@roles:etcd' expr += ' and not G@roles:admin and not G@roles:ca' -expr += ' and not P@.*_in_progress:true' +expr += ' and not G@bootstrap_in_progress:true' +expr += ' and not G@update_in_progress:true' +expr += ' and not G@removal_in_progress:true' expr += ' and {}'.format(role) log.debug('CaaS: trying to find an etcd replacement with %s', expr) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/dex/manifests/20-deployment.yaml new/salt-master/salt/addons/dex/manifests/20-deployment.yaml --- old/salt-master/salt/addons/dex/manifests/20-deployment.yaml 2018-03-14 09:56:11.0 +0100 +++ new/salt-master/salt/addons/dex/manifests/20-deployment.yaml 2018-03-16 18:05:32.0 +0100 @@ -68,6 +68,8 @@ scheme: HTTPS livenessProbe: + # Give Dex a little time to startup + initialDelaySeconds: 30 httpGet: path: /hea
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-03-16 10:44:18 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Fri Mar 16 10:44:18 2018 rev:5 rq:587556 version:3.0.0+git_r642_292b025 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-02-13 10:31:41.396150322 +0100 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-03-16 10:45:16.848299820 +0100 @@ -1,0 +2,372 @@ +Wed Mar 14 08:56:12 UTC 2018 - containers-bugow...@suse.de + +- Commit 292b025 by Kiall Mac Innes ki...@macinnes.ie + Rename salt/dex -> salt/addons/dex + + Fundamentally, there is no difference between how dex is deployed and managed + vs how kube-dns or tiller is deployed and managed. Lets treat them the same. + + +--- +Wed Mar 14 08:55:10 UTC 2018 - containers-bugow...@suse.de + +- Commit e77e865 by Alvaro Saurin alvaro.sau...@gmail.com + Node removal constraint: we must have at least one k8s minion + + https://trello.com/c/O7daOErL + + +--- +Tue Mar 13 10:38:44 UTC 2018 - containers-bugow...@suse.de + +- Commit 83ae5d3 by Kiall Mac Innes ki...@macinnes.ie + Add liveness/readiness probes to Dex deployment + + This will ensure Kubernetes waits for the pods to become ready before + starting to send them traffic, which should in turn prevent the orchestration + proceeding and bootstrap completing until we have at least one working Dex + pod + + Fixes bsc#1062542 + + +--- +Mon Mar 12 09:55:53 UTC 2018 - containers-bugow...@suse.de + +- Commit 0ebaf16 by Maximilian Meister mmeis...@suse.de + cmd has moved to its own state for the proxy config + + require the pkg instead to make sure that the docker requisite is met + + Signed-off-by: Maximilian Meister + + +--- +Fri Mar 9 11:15:27 UTC 2018 - containers-bugow...@suse.de + +- Commit 1427b2f by Rafael Fernández López eresli...@ereslibre.es + When populating the cache, don't fail if this fails for some reason. + + There's a race condition in which the cache directory does not exist, but + when tried to be created it has already been created by something else, and + an exception is raised, stopping the execution. + + When populating the cache, we don't really care if it was correctly populated + or not in that *specific* call, so move on. + + Fixes: bsc#1084441 + + +--- +Fri Mar 9 08:35:50 UTC 2018 - containers-bugow...@suse.de + +- Commit d0ce17c by Rafael Fernández López eresli...@ereslibre.es + Run the highstate on the admin after `sync_all` has been called. + + The admin node might use features not yet discovered, make sure we run + `sync_all` before we enforce a `highstate` on the admin node too. + + +--- +Tue Mar 6 16:13:45 UTC 2018 - containers-bugow...@suse.de + +- Commit d68ff78 by Rafael Fernández López eresli...@ereslibre.es + Remove the TODO message for using the standard `/opt/cni/bin`. + + Internal constraints won't allow us to use `/opt`, so we'll stick to + `/var/lib/kubelet/cni/bin`. + + +--- +Mon Mar 5 12:24:44 UTC 2018 - containers-bugow...@suse.de + +- Commit f129021 by Kiall Mac Innes ki...@macinnes.ie + Ensure external_fqdn is not rendered to /etc/hosts if it's an IP + + +--- +Mon Mar 5 10:50:19 UTC 2018 - containers-bugow...@suse.de + +- Commit 7464fda by Rafael Fernández López eresli...@ereslibre.es + Update `etcd` certificates before updating any machine + + We need to include the new SAN on all the certificates before restarting the + first machine. Otherwise, this machine (a master) can find itself isolated + without being able to contact any etcd member with the name it has (as the + rest of the nodes haven't updated their certificates yet to also include the + new name on the SAN). + + +--- +Mon Mar 5 09:39:21 UTC 2018 - containers-bugow...@suse.de + +- Commit 453260e by Kiall Mac Innes ki...@macinnes.ie + Add a suse:caasp:tiller-user ClusterRole + + This role represents the minimum RBAC requirements needed to make use of + Helm's Tiller service. + + +--- +Mon Mar 5 08:53:32 UTC 2018 - containers-bugow...@suse.de + +- Commit 4746436
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-02-13 10:31:39 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Tue Feb 13 10:31:39 2018 rev:4 rq:575829 version:3.0.0+git_r575_cbc22fb Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-02-06 16:49:15.219788996 +0100 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-02-13 10:31:41.396150322 +0100 @@ -1,0 +2,100 @@ +Mon Feb 12 15:21:42 UTC 2018 - containers-bugow...@suse.de + +- Commit cbc22fb by Alvaro Saurin alvaro.sau...@gmail.com + Make sure we do not crash on pillars that are not properly formatted. + + +--- +Mon Feb 12 13:38:51 UTC 2018 - containers-bugow...@suse.de + +- Commit c194707 by Alvaro Saurin alvaro.sau...@gmail.com + Remove the etcd discovery mechanism Mark all the etcd members of the cluster + with the 'etcd' role before doing the update + + +--- +Mon Feb 12 11:25:24 UTC 2018 - containers-bugow...@suse.de + +- Commit d85fb55 by Kiall Mac Innes ki...@macinnes.ie + Move haproxy config to /etc/caasp/haproxy + + This avoids a conflict between the caasp-container-manifests package, and the + haproxy package. + + +--- +Thu Feb 8 17:55:45 UTC 2018 - containers-bugow...@suse.de + +- Commit 37fccd3 by Flavio Castelli fcaste...@suse.com + Dex pods: introduce anti-affinity rule + + Our dex deployment creates 3 pods running the dex service. There are really + high chances (or even certainty in the case of clusters made by 1 or 2 worker + nodes) that all the dex pods end up running on the same node. + + This is bad from a HA perspective, plus we end up taking away resources from + small clusters. + + With the following change we enforce the kubernetes scheduler to always + spread the dex pods over different nodes. + + On small clusters (1 or 2 nodes) the deployment will be running with a lower + number of replicas until new nodes are added. This doesn't cause our + orchestration to fail. + + Adding new nodes at a later stage will allow the deployment to reach the + desired replica size without any intervention from us or the user. + + Signed-off-by: Flavio Castelli + + +--- +Thu Feb 8 17:35:30 UTC 2018 - containers-bugow...@suse.de + +- Commit b578f87 by Kiall Mac Innes ki...@macinnes.ie + Dex: Avoid using the external_fqdn to reach dex + + In some environments, the external_fqdn is unreachable from inside the + cluster - avoid using it where possible. + + +--- +Wed Feb 7 17:24:14 UTC 2018 - containers-bugow...@suse.de + +- Commit 6a11de3 by Kiall Mac Innes ki...@macinnes.ie + Use separate Dex clients for each actual client + + Previously Velum, CaaSP CLI, and Kubernetes all shared a single Dex client. + From a security perspective, this was far from ideal. + + Update Dex with 3 clients, one for each actual client. Both the Velum and + CaaSP CLI clients are allowed to issue tokens for the Kubernetes client. + + +--- +Wed Feb 7 10:12:48 UTC 2018 - containers-bugow...@suse.de + +- Commit 3d63b18 by Joachim Gleissner jgleiss...@suse.com + Add pillar root for public cloud specific config + + +--- +Tue Feb 6 17:49:24 UTC 2018 - containers-bugow...@suse.de + +- Commit e23fb43 by Flavio Castelli fcaste...@suse.com + Mark the haproxy as critical pod + + Flag the haproxy pods providing connectivity to the API server as critical + ones. + + This should force kubelet and the scheduler to never ever get rid of them. If + these pods are killed to make more space for other ones, the node would not + be able to talk with the API server making it useless. + + More details inside upstream doc: + https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ + + Signed-off-by: Flavio Castelli + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.tCVscJ/_old 2018-02-13 10:31:43.104088780 +0100 +++ /var/tmp/diff_new_pack.tCVscJ/_new 2018-02-13 10:31:43.108088636 +0100 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:3.0.0+git_r561_e96818e +Version:
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-02-06 16:49:12 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Tue Feb 6 16:49:12 2018 rev:3 rq:573102 version:3.0.0+git_r561_e96818e Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-02-02 22:22:14.461990881 +0100 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-02-06 16:49:15.219788996 +0100 @@ -1,0 +2,71 @@ +Mon Feb 5 16:52:13 UTC 2018 - containers-bugow...@suse.de + +- Commit 21d9ab7 by Jordi Massaguer Pla jmassaguer...@suse.de + [packaging] Replace | by # in sed expression + + as % is reserved for rpm macros + + Signed-off-by: Jordi Massaguer Pla + + +--- +Mon Feb 5 15:53:16 UTC 2018 - containers-bugow...@suse.de + +- Commit 0126b32 by Kiall Mac Innes ki...@macinnes.ie + Namespace the roles and cluster roles we create + + When we create a role, rolebinding etc, we should namespace the names in + order to make it obvious these are deployed as part of CaaSP, as well as to + help ensure these are obviously part of CaaSP, not a stock part of + Kubernetes. + + I've gone with a "suse:caasp:" prefix, which matches the "system:" prefix for + built in roles/rolebindings/etc. + + +--- +Mon Feb 5 10:28:39 UTC 2018 - containers-bugow...@suse.de + +- Commit 40731ca by Flavio Castelli fcaste...@suse.com + Update our manifests to reflect kubernetes 1.8 changes + + * rbac has been promoted to stable + * deploymen is now v1beta2 + * deamonset is now v1beta2 + + Signed-off-by: Flavio Castelli + + +--- +Fri Feb 2 16:30:33 UTC 2018 - containers-bugow...@suse.de + +- Commit 9ecb201 by Kiall Mac Innes ki...@macinnes.ie + Remove old mis-named tiller deployment + + Commit a66edac by Nikhil Manchanda slick...@gmail.com + helm should detect salt-installed tiller service + + The helm client looks for a tiller deployment called 'tiller-deploy' to + establish if tiller is already installed in the cluster, or not. Update our + salt install of tiller to use a deployment with the same name so that it will + be recognized by the helm client as already being installed. + + Fixes: bsc#1066201 + + +--- +Fri Feb 2 11:55:31 UTC 2018 - containers-bugow...@suse.de + +- Commit 5b2893d by Alvaro Saurin alvaro.sau...@gmail.com + Do not try to remove some flannel file that cannot be removed, and remove + some other instead + + +--- +Fri Feb 2 10:42:01 UTC 2018 - containers-bugow...@suse.de + +- Commit cb27ba1 by Kiall Mac Innes ki...@macinnes.ie + Update flannel image tag to match flannel version + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.Q0VFPX/_old 2018-02-06 16:49:16.447731539 +0100 +++ /var/tmp/diff_new_pack.Q0VFPX/_new 2018-02-06 16:49:16.447731539 +0100 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version:3.0.0+git_r549_76bcd68 +Version:3.0.0+git_r561_e96818e Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management @@ -68,8 +68,8 @@ echo "ERROR: File not found $file" exit -1 fi -sed -e "s%image:[ ]*sles12/\(.*\):%image: %{_base_image}/\1:%g" -i $file -sed -e "s%image:[ ]*'sles12/\(.*\):%image: '%{_base_image}/\1:%g" -i $file +sed -e "s|image:[ ]*sles12/\(.*\):|image: %{_base_image}/\1:|g" -i $file +sed -e "s|image:[ ]*'sles12/\(.*\):|image: '%{_base_image}/\1:|g" -i $file done %files ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/packaging/suse/make_spec.sh new/salt-master/packaging/suse/make_spec.sh --- old/salt-master/packaging/suse/make_spec.sh 2018-02-02 10:42:57.0 +0100 +++ new/salt-master/packaging/suse/make_spec.sh 2018-02-05 17:51:16.0 +0100 @@ -90,8 +90,8 @@ echo "ERROR: File not found \$file" exit -1 fi -sed -e "s%image:[ ]*sles12/\(.*\):%image: %{_base_image}/\1:%g" -i \$file -sed -e "s%image:[ ]*'sles12/\(.*\):%image: '%{_base_image}/\1:%g" -i \$file +sed -e "s|image:[ ]*sles12/\(.*\):|image: %{_base_image}/\1:|g" -i \$file +sed -e "s|image:[ ]*'sles12/\(.*\):|
commit kubernetes-salt for openSUSE:Factory
Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-02-02 22:22:13 Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) Package is "kubernetes-salt" Fri Feb 2 22:22:13 2018 rev:2 rq:571950 version:3.0.0+git_r549_76bcd68 Changes: --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-02-01 21:29:22.677103692 +0100 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-02-02 22:22:14.461990881 +0100 @@ -1,0 +2,36 @@ +Fri Feb 2 09:41:56 UTC 2018 - containers-bugow...@suse.de + +- Commit 2eb40f1 by Jordi Massaguer Pla jmassaguer...@suse.de + replace sle12 for tumbleweed if the package is building in tumbleweed + + +--- +Fri Feb 2 09:16:38 UTC 2018 - containers-bugow...@suse.de + +- Commit 37e99c4 by Alvaro Saurin alvaro.sau...@gmail.com + Use the same code convention for ids in the orchestration as all the other + ids. Cleanup some files when updating CNI. + + +--- +Thu Feb 1 15:53:55 UTC 2018 - containers-bugow...@suse.de + +- Commit cf53150 by Kiall Mac Innes ki...@macinnes.ie + No longer use machine-id's as node names + + With CaaSP 3.0, we're introducing a requirement for machines to have + valid+unique hostnames in order to allow for the K8S CPIs to function + correctly. + + This means our generated hostname is no longer needed, as our environment + requirements force operators to provision servers with unique hostnames. + + +--- +Thu Feb 1 13:06:16 UTC 2018 - containers-bugow...@suse.de + +- Commit 4ba7007 by Kiall Mac Innes ki...@macinnes.ie + Update dex binary name to caasp-dex + + +--- Other differences: -- ++ kubernetes-salt.spec ++ --- /var/tmp/diff_new_pack.GqdEai/_old 2018-02-02 22:22:15.177957455 +0100 +++ /var/tmp/diff_new_pack.GqdEai/_new 2018-02-02 22:22:15.177957455 +0100 @@ -15,11 +15,24 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + +%if 0%{?suse_version} == 1315 && !0%{?is_opensuse} + %define _base_image sles12 +%endif + +%if 0%{?suse_version} == 1500 && !0%{?is_opensuse} + %define _base_image sles15 +%endif + +%if 0%{?is_opensuse} && 0%{?suse_version} > 1500 + %define _base_image tumbleweed +%endif + %{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create} Name: kubernetes-salt %define gitrepo salt -Version:3.0.0+git_r542_d522c0a +Version:3.0.0+git_r549_76bcd68 Release:0 BuildArch: noarch Summary:Production-Grade Container Scheduling and Management @@ -28,8 +41,8 @@ Url:https://github.com/kubic-project/salt Source: master.tar.gz BuildRequires: systemd-rpm-macros -Requires: salt Requires: python-m2crypto +Requires: salt %description Salt scripts for deploying a Kubernetes cluster @@ -44,6 +57,21 @@ mkdir -p %{buildroot}%{_datadir}/salt/kubernetes cp -R %{_builddir}/%{gitrepo}-master/* %{buildroot}%{_datadir}/salt/kubernetes/ +# fix image name +dir_name=%{buildroot}/%{_datadir}/salt/kubernetes +files=$(grep "image:[ ]*sles12" $dir_name -r | cut -d: -f1 | uniq) +files="$files $(grep "image:[ ]*'sles12" $dir_name -r | cut -d: -f1 | uniq)" + +for file in $files;do +echo "DEBUG: Replacing sles12 by %{_base_image} in $file" +if [ ! -f $file ];then +echo "ERROR: File not found $file" +exit -1 +fi +sed -e "s%image:[ ]*sles12/\(.*\):%image: %{_base_image}/\1:%g" -i $file +sed -e "s%image:[ ]*'sles12/\(.*\):%image: '%{_base_image}/\1:%g" -i $file +done + %files %defattr(-,root,root) %dir %{_datadir}/salt ++ master.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/packaging/suse/make_spec.sh new/salt-master/packaging/suse/make_spec.sh --- old/salt-master/packaging/suse/make_spec.sh 2018-01-31 14:11:12.0 +0100 +++ new/salt-master/packaging/suse/make_spec.sh 2018-02-02 10:42:57.0 +0100 @@ -38,6 +38,18 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # +%if 0%{?suse_version} == 1315 && !0%{?is_opensuse} + %define _base_image sles12 +%endif + +%if 0%{?suse_version} == 1500 && !0%{?is_opensuse} + %define _base_image sles15 +%endif + +%if 0%{?is_opensuse} && 0%{?suse_version} > 1500 + %define _base_image tumbleweed +%endif + %{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create}