././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1751923691.0723774 magnum-20.1.0.dev17/0000775000175100017510000000000015033035753013117 5ustar00mylesmyles././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1751923672.0 magnum-20.1.0.dev17/.coveragerc0000664000175100017510000000016215033035730015232 0ustar00mylesmyles[run] branch = True source = magnum omit = magnum/tests/* [report] ignore_errors = True exclude_lines = pass ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1751923672.0 magnum-20.1.0.dev17/.mailmap0000664000175100017510000000013115033035730014526 0ustar00mylesmyles# Format is: # # ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1751923672.0 magnum-20.1.0.dev17/.stestr.conf0000664000175100017510000000010515033035730015357 0ustar00mylesmyles[DEFAULT] test_path=${OS_TEST_PATH:-./magnum/tests/unit} top_dir=./ ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1751923672.0 magnum-20.1.0.dev17/.zuul.yaml0000664000175100017510000001046015033035730015054 0ustar00mylesmyles- secret: name: magnum_docker_login data: user: !encrypted/pkcs1-oaep - jlvqCncV1yJNdDNydFdpAXM06vfvjRcgkgLyJyEY8X5MHOmf6VKL2RiR9nmZX4faDgGHr 797eFqJMOrWGc2iQGPmb2AwVkWSpMii3o/pV13jdIJBZ0RJ5g7kUXl8+anY27ZikwgmEM ftad6SESr/PEv1G+35S/YEDveEDqY/6mXWOiO75N2QRrTsmgI9t2ItCS/sylWg+6wam0X rpZHC7MyzMoLwi+ySDwjPDiQCskcwYxRwfwFcp2EPgc3cRx2V+YA1Y0Kaf42wCfSIswVC YhljX2Zp9qWD/WULf3sH4pewfvWEwVojbNYOC99Jh/65i2Csynif7yoAAquY1qiPkXLRf Plstz4UTpBsmx/6HSLAxaKp2gaxedrpeIM4+7lMldCQ+8Yx9ZbxXccINpDFznokHiaK60 EbjqQwNyjDeoOOO/gYytOZ8DZBFvxFHkQaiAZdS+icxSKzbl+7dZoqyET95LDnk4aIw9L 5fxIHHfpipvDrt3NGVmOaQiA9tBC5eCtCFlpJkJWFaz2ip7sqP8JlkZfWf2kr5ujK7s4B VkiUuxIOBIIhc56XbgRoaFT8z23C357k7rNBDyFu6TPItx5OYXEtWU9hqJazl55EKbcfh N7/a+zHNohrG4bLwjlwQ94AWBGkOxEbeZ2+ndK0SdhXTCtCCnu/0Xtxv3D8uSQ= password: !encrypted/pkcs1-oaep - uk0eQa5ozoUAM5Wc8qQeOjCxmGC/c74iq8EaMGTYtgpYm+teMR9CR0QcrSQA0g+1ZQnbD kIRA/7/N1e6zp59GRrJe9y5Vs9cEvbzKrsRQgkubrYx6XpUVJxxuc5IbrFkiaCfrQkB0E hIQ3RcTFVW6PBoldNGPHk3czvr0oFZbLmRZ44aOolTURFG5DUzFt5HUO4xXwTwCIxxJbO Ch/cYVMzGZaRAi41j7F07b/48Ywg3TkZqy0aAvb/wmFdmlLDR0GlDJy1MdKnmmHNzvywF bE1b4ljhSxhdeHxb5GDelHp+DLLxLAva65DcMQI58JMZiXo7THG49Ho+Msbr+2JCjSUKT qJhH2ht7c6id/VRoPdFGRJbRPCYPraGe6IQs7FWfK0ELvEY8X3g5SSylYCGhr6TdcDFWm nyRiMTuWG7n5j7V4fGnEhyqATNKV4zq5IDs08XxB0od24R346mkE75qzhnnKOi1tdfvPd F443NmZCBRqxwmrUaPLFzzXD+O0xW3qAWxHOzlMGU/VnR4uRdOcyWbCdcO+N392jTiRMX UbRYBPi1hBrBmd9/UjYVVaXESXkZEe81yDFwCR77eGQVVNSZljBJy+VErUv7+RgwTuN/z CtGD6IpE16AHl3i31/1f00t5/t857qzVbdMLJBU8ivKbLPwGAjHMwM0f+y4Ogc= - job: name: magnum-container-build pre-run: playbooks/container-builder-setup-gate.yaml run: playbooks/container-builder.yaml post-run: playbooks/container-builder-copy-logs.yaml roles: - zuul: openstack/openstack-zuul-jobs timeout: 3600 irrelevant-files: - ^.*\.rst$ - ^api-ref/.*$ - ^doc/.*$ - ^specs/.*$ - ^install-guide/.*$ - ^releasenotes/.*$ - ^magnum/.*$ - job: name: magnum-container-publish parent: magnum-container-build post-run: playbooks/container-publish.yaml secrets: - magnum_docker_login timeout: 7200 - job: name: magnum-tempest-plugin-tests-cluster-k8s_fcos_v1-1.28 parent: magnum-tempest-plugin-tests-cluster-k8s_fcos_v1 vars: devstack_localrc: MAGNUM_KUBECTL_TAG: v1.28.9 devstack_local_conf: test-config: $TEMPEST_CONFIG: magnum: labels: kube_tag: v1.28.9-rancher1 container_runtime: containerd containerd_version: 1.6.31 containerd_tarball_sha256: 75afb9b9674ff509ae670ef3ab944ffcdece8ea9f7d92c42307693efa7b6109d cloud_provider_tag: v1.27.3 cinder_csi_plugin_tag: v1.27.3 k8s_keystone_auth_tag: v1.27.3 magnum_auto_healer_tag: v1.27.3 octavia_ingress_controller_tag: v1.27.3 calico_tag: v3.26.4 - job: name: magnum-tempest-plugin-tests-cluster-k8s_fcos_v1-1.28-calico parent: magnum-tempest-plugin-tests-cluster-k8s_fcos_v1-1.28 vars: devstack_local_conf: test-config: $TEMPEST_CONFIG: magnum: network_driver: calico - job: name: magnum-tempest-plugin-tests-cluster-k8s_fcos_v1-1.28-flannel parent: magnum-tempest-plugin-tests-cluster-k8s_fcos_v1-1.28 vars: devstack_local_conf: test-config: $TEMPEST_CONFIG: magnum: network_driver: flannel - project: queue: magnum templates: - openstack-cover-jobs - openstack-python3-jobs - check-requirements - publish-openstack-docs-pti - release-notes-jobs-python3 check: jobs: - magnum-tempest-plugin-tests-api - magnum-tempest-plugin-tests-api-jammy - magnum-tempest-plugin-tests-cluster-k8s_fcos_v1-1.28-flannel - magnum-tempest-plugin-tests-cluster-k8s_fcos_v1-1.28-calico - magnum-container-build gate: jobs: - magnum-tempest-plugin-tests-api - magnum-tempest-plugin-tests-api-jammy post: jobs: - magnum-container-publish ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1751923673.0 magnum-20.1.0.dev17/AUTHORS0000664000175100017510000003722715033035731014176 0ustar00mylesmyles2172869000074 Aaron-DH Abhishek Chanda Abhishek Chanda Accela Zhao Adolfo R. Brandes Adrian Otto Ajay Kalambur Akash Gangil Akhila Alberto Gireud Alexandra Settle Amey Bhide Anandprakash Tandale Andreas Jaeger Andreas Jaeger Andrei Nistor Andrei Ozerov Andrew Melton Angus Lees Anh Tran Antoni S. Puimedon ArchiFleKs Arun prasath Attila Fazekas AvnishPal Baohua Yang Bartosz Bezak Bertrand Lallau Bertrand Lallau Bertrand NOEL Bertrand NOEL Bharat Kunwar Bharat Kunwar Bharat Kunwar Bharath Thiruveedula Bin-Lu <369283883@qq.com> Bradley Jones Cale Rath Cao Xuan Hoang Cedric Brandily Chandan Kumar Chandan Kumar Chandra Ganguly ChangBo Guo(gcb) Chaozhe.Chen Chetna Khullar Chuck Short Chulmin Kang Clenimar Filemon Clenimar Filemon Colleen Murphy Colleen Murphy Corey Bryant Corey O'Brien Costin Gamenț Cristovao Cordeiro Dale Smith Dale Smith Dane LeBlanc Daneyon Hansen Daniel Abad Daniel Meyerholt Danil Golov Davanum Srinivas Davanum Srinivas David Fairbrother David Rabel Deeksha Deepak Devdatta Kulkarni Dinesh Bhor Diogo Guerra Diogo Guerra Dirk Mueller Dmitriy Rabotyagov Dmitriy Rabotyagov Doug Hellmann Drago Rosson Egor Guz Eli Qiao Emanuel Andrecut Eric Brown Erik Olof Gunnar Andersson Fang Fenghua <449171342@qq.com> Fang fenghua <449171342@qq.com> Farid Da Encarnacao Fei Long Wang Feilong Wang Felipe Reyes Feng Shengqin Fenghuafang <449171342@qq.com> Ferenc Horváth Flavio Percoco Florian Haas Georgiy Kutsurua Ghanshyam Mann Grzegorz Bialas Grzegorz Grasza Guang Yee Gyorgy Szombathelyi HackToday Haiwei Xu Herby Hertilien Hervé Beraud Hieu LE Hironori Shiina Hongbin Lu Hongbin Lu Hongbn Lu Hua Wang Ian Main Ian Wienand Ionuț Bîru Ivan Anfimov JUNJIE NAN Jack Hodgkiss Jake Yip Jake Yip Jakub Darmach James E. Blair James E. Blair Jamie Hannaford Janek Lehr Jangwon Lee Jason Dunsmore Javier Castillo Alcíbar Jay Lau (Guangya Liu) Jay Lau Jaycen Grant Jennifer Carlucci Jeremy Stanley Jerome Caffet Jesse Pretorius Jim Bach Joe Cropper Johannes Grassler John Garbutt Jonathan Rosser Jongsoo Yoon Jose Castro Leon Juan Badia Payno Julia Kreger Kai Qiang Wu Kai Qiang Wu(Kennan) Kai Qiang Wu(Kennan) Kennan Kennan Kevin Lefevre Kevin Zhao Kien Nguyen Kirsten G Lan Qi song Larry Rensing Lars Butler LeopardMa Lin Lin Yang Lingxian Kong Lu lei Luong Anh Tuan M V P Nitesh Madhuri Madhuri Madhuri Kumari Madhuri Kumari Madhuri Kumari Madhuri Kumari Mahito Mahito OGURA Manjeet Singh Bhatia Manuel Rodriguez Mark Goddard Markus Sommer Martin Falatic Masayuki Igawa Mathieu Velten Michael Krotscheck Michael Lekkas Michael Sambol Michael Still Michael Tupitsyn Michal Arbet Michal Jura Michal Nasiadka Michal Rostecki Michał Nasiadka Mike Fedosin Mitsuhiro SHIGEMATSU Mitsuhiro Tanino Mohammed Naser Monty Taylor Motohiro OTSUKA Murali Allada Namrata Nate Potter Navneet Gupta Ngo Quoc Cuong Nguyen Hai Nguyen Hai Truong Nguyen Hung Phuong Niall Bunting OTSUKA, Yuanying OTSUKA, Yuanying OTSUKA, Yuanying OpenStack Release Bot Pan PanFengyun PanFengyun Paul Belanger Paul Czarkowski Paulo Ewerton Peiyu Lin Perry Rivera Perry Rivera Peter Pouliot Pierre Padrixe Pierre Riteau Piotr Mrowczynski Piotr Parczewski Pradeep Kilambi Qian Min Chen Rajiv Kumar Randall Burt Ricardo Rocha Rick Cano Robert Collins Robert Pothier Ronald Bradford Ronald Bradford Ryan Rossiter Samantha Blanco Saulius Alisauskas Sean Dague Sean McGinnis Sean McGinnis Sergey Filatov Sergey Vilgelm ShaoHe Feng Sharma-Ritika Shawn Aten Shinn'ya Hoshino Shu Muto Shuquan Huang Simon Merrick Spyros Spyros Trigazis (strigazi) Spyros Trigazis Spyros Trigazis Spyros Trigazis Spyros Trigazis Stanislav Dmitriev Stavros Moiras Stephen Crawley Stephen Gordon Stephen Watson Steven Dake Steven Dake Surojit Pathak Swapnil Kulkarni (coolsvap) Swapnil Kulkarni Syed Armani Takashi Kajinami Takashi Kajinami Takashi Natsume Theodoros Tsioutsias Thomas Bechtold Thomas George Hartland Thomas Goirand Thomas Hartland Thomas Maddox Tobias Urdin Tom Cammann Tom Cammann Ton Ngo Tovin Seven Travis Holton Trung Nguyen Van Tuan Do Anh Van Hung Pham Velmurugan Kumar Victor Morales Victor Sergeyev Vijendar Komalla Vikas Choudhary Vilobh Meshram Vinay Vivek Jain Vu Cong Tuan Wanghua Wanlong Gao Ward K Harold Wenzhi Yu Xi Yang Xian Chaobo Xicheng Chang Xingchao Yu Xinliang Liu YAMAMOTO Takashi Yang Hongyang YangLiYun <6618225@qq.com> Yasemin Demiral Yash Bathia Yatin Kumbhare Yolanda Robla Yongli He Yosef Hoffman Yuiko Takada Yusaku Sawai Yushiro FURUKAWA Zachary Sais Zane Bitter Zhenguo Niu ZhiQiang Fan ZhijunWei ZhouPing <11236488@qq.com> abhishekkekane akhiljain23 akhiljain23 ashish.billore avnish bismog caoyuan chao liu chenlx chenxing chestack coldmoment deepakmourya digambar digambar digambarpatil15 dimtruck dimtruck eric fengbeihong gao.hanxiang gecong1973 gengchc2 ghanshyam guilhermesteinmuller hanchao houming-wang howardlee huang.huayong huang.xiangdong indicoliteplus iswarya_vakati jacky06 jinzhenguo karolinku lei-zhang-99cloud leiyashuai leizhang leledashenqi lingyongxu liumk ljhuang lqslan lujie maliki mathspanda matthew-fuller melissaml murali allada niuke npraveen35 okozachenko okozachenko1203 oorgeron pawnesh.kumar pengdake <19921207pq@gmail.com> pengyuesheng prameswar qinchunhua qingszhao rabi rajat29 rajiv ricolin ricolin ricolin sayalilunkad scrungus shravya songwenping space ting.wang trilliams twm2016 vagrant vass venkatamahesh venkatamahesh vincent wangbo wanghui wangqi wangqun weiweigu wenchma xpress xxj <2001xxj@gmail.com> yang wang yanghuichan yangyong yatin yatin yatin karel yatinkarel yatinkarel yuanpeng yuhui_inspur yuki kasuya yuntongjin yuntongjin yuyafei zengjia zhang.lei zhangyanxian zhoulinhui zhufl ztetfger “Akhila ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1751923672.0 magnum-20.1.0.dev17/CONTRIBUTING.rst0000664000175100017510000000575215033035730015564 0ustar00mylesmyles============================ So You Want to Contribute... ============================ For general information on contributing to OpenStack, please check out the `contributor guide `_ to get started. It covers all the basics that are common to all OpenStack projects: the accounts you need, the basics of interacting with our Gerrit review system, how we communicate as a community, etc. Below will cover the more project specific information you need to get started with Magnum. Communication ~~~~~~~~~~~~~~ .. This would be a good place to put the channel you chat in as a project; when/where your meeting is, the tags you prepend to your ML threads, etc. - IRC channel: #openstack-containers - Mailing list's prefix: [magnum] - Currently, we have a weekly team meeting at 9:00 UTC, please check `here `_ for more details. Contacting the Core Team ~~~~~~~~~~~~~~~~~~~~~~~~~ .. This section should list the core team, their irc nicks, emails, timezones etc. If all this info is maintained elsewhere (i.e. a wiki), you can link to that instead of enumerating everyone here. The list of current Magnum core reviewers is available on `gerrit `_. New Feature Planning ~~~~~~~~~~~~~~~~~~~~ .. This section is for talking about the process to get a new feature in. Some projects use blueprints, some want specs, some want both! Some projects stick to a strict schedule when selecting what new features will be reviewed for a release. Magnum is using a dedicated `specs repo `_ for feature requirement. Task Tracking ~~~~~~~~~~~~~~ .. This section is about where you track tasks- launchpad? storyboard? is there more than one launchpad project? what's the name of the project group in storyboard? We track our tasks in `Launchpad `_ Reporting a Bug ~~~~~~~~~~~~~~~ .. Pretty self explanatory section, link directly to where people should report bugs for your project. You found an issue and want to make sure we are aware of it? You can do so on `Launchpad `_. Getting Your Patch Merged ~~~~~~~~~~~~~~~~~~~~~~~~~ .. This section should have info about what it takes to get something merged. Do you require one or two +2's before +W? Do some of your repos require unit test changes with all patches? etc. Though we have a small number of core reviewers of the Magnum project, we still need two +2 before ``Workflow +1``. Project Team Lead Duties ------------------------ .. this section is where you can put PTL specific duties not already listed in the common PTL guide (linked below) or if you already have them written up elsewhere, you can link to that doc here. All common PTL duties are enumerated here in the `PTL guide `_. ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1751923673.0 magnum-20.1.0.dev17/ChangeLog0000664000175100017510000040773715033035731014707 0ustar00mylesmylesCHANGES ======= * Add insecure\_registry parameter to templates API * Add unit tests to improve code coverage * Ensure cluster template can be created with no labels * Debug logging for periodic updates now outputs cluster UUID * Drop Kubernetes v1.27 tests * Migrate from wsgi scripts to module paths * Remove installation guide for openSUSE/SLES * certs: add subject key identifier extension * Update Quickstart guide to use OS client * Update master for stable/2025.1 20.0.0 ------ * Deprecate legacy heat driver * Drop redundant dependency on iso8601 * Drop binary dependencies for cmd2 * Fix trust create * Install and configure for Red Hat Enterprise Linux and CentOS - fix few mistakes * add validation for boot volume size * doc: Use dnf instead of yum * CI: Remove unused playbook * Imported Translations from Zanata * Fix sqlalchemy with osprofiler * Update gate jobs as per the 2025.1 cycle testing runtime * Replace deprecated configure\_auth\_token\_middleware * reno: Update master for unmaintained/2023.1 * Remove default override for config options policy\_file * Fix pep8 job * Switch to using enginefacade * Replace old link for hacking * Support file watcher to trigger GMR report * Imported Translations from Zanata * Remove workaround for eventlet < 0.27.0 * Drop remaining usage of six * Bump hacking * Drop synlink with no referent * Implement control plane resizing with driver * Update master for stable/2024.2 19.0.0 ------ * Fix certs ops as trustee for existing clusters * Remove default override for RBAC config options * Add tests for Kubernetes v1.28.9 * Fix oslo policy file genrator tool for Magnum * Change network driver test to use non-default driver * Drop docker\_utils * Update Python runtime for 2024.2 * Update control-plane nodes taint * Validate extensions and key\_usage at config layer * Stop describing defaults explicitly * reno: Update master for unmaintained/zed * Replace abc.abstractproperty with property and abc.abstractmethod * Doc: Update supported versions for Caracal * Update master for stable/2024.1 * chore: remove useless option 18.0.0 ------ * Remove calico\_kube\_controllers\_tag label * CI: Use Calico v3.26.4 * Support Calico 3.26.x * CI: Switch from rbac to normal job * SQLA 2.0 - Fix connection.execute * Move Helm client install to separate script * Removing Tiller support * Remove use of autocommit * Update cloud-provider-openstack registry * Drop k8s\_fedora\_atomic\_v1 driver * Add feature flag for beta drivers * Removing legacy calico v3.3 * Add feature to specify driver explicitly * Bugfix: Clean up trusts for all deleted clusters * reno: Update master for unmaintained/yoga * Remove six from requirements * Remove six from unit tests (part 5) * Remove six from unit tests (part 4) * Remove six from unit tests (part 3) * Remove six from unit tests (part 2) * Remove six from unit tests (part 1) * Remove six from functional tests * Remove six from common module * Remove six from drivers module * Remove six from db module * Remove six from conductor module * Remove six from api module * Remove execution bit on unnecessary files * add cilium in the supported network driver list of k8s * Update containerd in CI to 1.6.28 * Drop k8s\_fedora\_ironic\_v1 driver * Drop k8s\_coreos\_v1 driver * Add kubernetes fedora coreos v1 jobs * SQL Alchemy 2.x: Stop using deprecated API * heat: Update addresses on CREATE\_FAILED * Drop dependency on pytz * Drop Swarm support * Fix flakey validation tests * Move the chmod function before the write and flush functions to prevent sensitive information leakage * Remove doc for rolling upgrade * Update python classifier in setup.cfg * Support k8s 1.27: Remove unsupported kubelet arg * Replace is\_ssl\_enabled\_service * Remove support for in-place upgrades with the Heat driver * Add validator for fixed\_subnet * Migrate to importlib.metadata * CI: Bump container publish to 7200 * CI: bump container publish job timeout * Add newer cluster-autoscaler versions to Docker Hub * Fix magnum-driver-manage for drivers without template path * Remove send\_cluster\_metrics devstack config * Enable secure rbac * Add validator for fixed\_network * devstack: Install sonobuoy and kubectl * docs: Change Storyboard links to Launchpad * docs: Remove references to wiki * sqlalchemy: Import String from sqlalchemy directly * Update chart.metadata.version to reflect breaking change in helm v3.5.2 * Fix missing oslo.versionedobjects library option * Imported Translations from Zanata * Stop test\_delete\_loadbalancers\_timeout waiting * Update master for stable/2023.2 17.0.0 ------ * Add k8s v1.26.8 and FCOS 38 to docs * Deprecate CoreOS (not Fedora CoreOS) support * [doc] Add supported labels and OS for Bobcat * Remove unused policy rule for Certificate APIs * Add policies unit tests (Part three) * Add policies unit tests (Part two) * Add policies unit tests (Part one) * Allow Admin to perform all API requests * Support enables rbac policies new defaults * Add releasenote for Trust token scope fix * Missing load balancer health monitors fix * Fix Trust token scope for drivers * cinder-csi: Run controllerplugin in CNI network * Deprecate k8s fedora ironic driver * Drop bay and baymodel from magnum * Imported Translations from Zanata * Remove Swarm documentation * Deprecate Docker Swarm COE * [doc] Add supported labels kubernetes coe * Imported Translations from Zanata * Remove PodSecurityPolicy * [doc] Add FCOS version in Supported versions * Fix pods unable to send traffic to ClusterIP * Support k8s 1.25 in Calico Manifest * Update barbicanclient * Fix pep8 gate * Add \`-p\` param to \`mkdir\` in agent startup script * Update master for stable/2023.1 16.0.0 ------ * Drop Mesos code * Remove user docs for Cluster Type Definition * Deprecated fedora\_atomic driver * Remove send\_cluster\_metrics * Fix test for barbican cached client * Fix docs table formatting * Support k8s 1.26: remove logtostderr * Add supported Kubernetes version * Fix kubelet for Fedora CoreOS 36 to provide real resolvconf to containers * Containerd cni plugin path in CoreOS 35 * Use new get\_rpc\_client API from oslo.messaging * Support tox4 * Drop mesos driver * Minor fix for flannel default in docs * Imported Translations from Zanata * Remove stdout argument from coredns log * Fix pods stuck terminating * devstack: use iniset\_rpc\_backend * Update python testing as per zed cycle teting runtime * Adapt Cinder CSI to upstream manifest * Switch to 2023.1 Python3 unit tests and generic template name * Fix misuse of assertTrue * Fix compatibility with oslo.db 12.1.0 * Update master for stable/zed * Make configure-agent-env.service idempotent 15.0.0.0rc1 ----------- * Imported Translations from Zanata * Update package name for Ubuntu * remove unicode from code * setup.cfg: Replace dashes by underscores * Allow update cluster status with admin context * remove unicode literal from code * remove unicode literal from code * Use TOX\_CONSTRAINTS\_FILE * Add back pep8 test * Fix ingress-controller link in docs * Support K8s 1.24+ * Update python testing as per zed cycle testing runtime * Add support for choosing Octavia provider * Drop lower-constraints.txt and its testing * Drop mesos documentation * devstack: Create only public endpoint * Remove translation sections from setup.cfg * Drop Babel from reqs * Add Python3 zed unit tests * Fix ref in labels table * Update master for stable/yoga * Remove use of tenant in common/context.py * Remove the deprecated argument tenant from RequestContext 14.0.0.0rc1 ----------- * Upgrade chart source and version * Remove mesos API validation * Update cluster autoscaler build to v1.23 * [k8s-coreos] Default hyperkube\_prefix to rancher * CoreDNS support EndpointSlices * Update master for stable/wallaby * Update flannel version to 0.15.1 * fcos-k8s: Update to v1.22 * Fix POD to POD networking with ML2/OVN * Upgrade to calico\_tag=v3.21.2 * Drop Kubernetes Python client dependency * Add Python3 yoga unit tests * Fix docs * Quota deletion bug fix * Support quota hard\_limit values of zero * Fix health status polling interval * Add resource requests for system components * Fix deleting clusters if stack is deleted * Refix --registry-enabled * Fix the default volume api version * Fix errors caused by cryptography>=35.0.0 * Fix cluster template default policy * Imported Translations from Zanata * Update master for stable/xena * Disable and stop docker when the CRI is containerd 13.0.0 ------ * Deploy healthcheck middleware as app instead of filter * Update cluster autoscaler build for v1.22 * [fix] Detect virtio-scsi volumes correctly * [k8s] Fix CA rotate * Add cloud-provider flag to openstack cloud control manager * Remove temporal workaround to increase quota in Glance * Replace deprecated import of ABCs from collections * Use Block Storage API v3 instead of API v2 * Fix kubelet on FCOS 34 * Fix CoreDNS 1.7.0 and above * Optimize cluster list api * Ensure backward compatibility with SQLAlchemy<1.4 * Make code compatible with SQLAlchemy 1.4.18 * Revert "[K8S] Enable --use-service-account-credentials" * Add separated CA cert for etcd and front-proxy * [K8S] Enable --use-service-account-credentials * Update traefik options * Download correct cri-containerd-cni tarball * Add toleration to CSI nodeplugin 12.0.0.0rc1 ----------- * Fix debug logging during cluster upgrade * [hca] Use wallaby-stable-1 as default HCA tag * Re-factored rpc serializer * [goal] Deprecate the JSON formatted policy file * [hca] Only build/push stable images if unpublished * Build autoscaler 1.20 * Support hyperkube\_prefix label * Only allow zero node count from microversion 1.10 * Fix ostree\_\* upgrade * [doc] Replace Atomic/CoreOS with Fedora CoreOS * Add CT tags field to the database and API * 4. Update cluster monitoring documentation * 3. Configure monitoring apps path based endpoints * 2. Add persistency for grafana dashboards * 1. Configurable prometheus monitoring persistent storage * Update API version history doc * Do not create constraints for boolean fields * Allow nodegroups with node\_count equal to 0 * Re-use transport for rpc server * Switch to uwsgi and enable named uri * k8s: Do not use insecure api port * Re-use transport for rpc calls * Remove duplicated keys in dict * [k8s-fcos] Fix insecure registry * Fix cluster deletion when load balancers don't exist * Update docs for cluster resource * Make kubelet and kube-proxy use the secure port * Drop lower constraints testing * Fix validation for master\_lb\_enabled * Update containerd version and tarball URL * Imported Translations from Zanata * [k8s] Fix default admission controller * Fix gate - update lower-constraints * Update helm charts origin repository * CI: Install debianutils and vim * Add image prefix for grafana images * Use kube\_master\_ip for monitoring when no floating ip is used * Fix Cinder CSI * k8s-fcos: Source bashrc for clusterconfig * Fix misquoted comment * Revert "Fix Cinder CSI" * ci: Update dockerhub password * Fix Cinder CSI * Fix database migrations * Update default k8s admission controller list * [fix] Sync nodegroup status before delete\_complete * Update master for stable/victoria 11.0.0 ------ * [goal] Prepare pep8 testing for Ubuntu Focal * Drop KUBE\_API\_PORT for kube-apiserver * Remove cloud-config from k8s worker node * Update default values for docker nofile and vm.max\_map\_count * Fix syntax error in default rolesync configmap * Stop using delete\_on\_termination for BFV instances * ci: Log in to DockerHub using docker\_login * ci: Quote password on docker login * [k8s] Support CA certs rotate * Remove duplicated etcd\_volume\_size param in coreos template * [k8s-atomic] Support master\_lb\_allowed\_cidrs in template * Increase container-publish timeout * Build cluster-autoscaler v1.19.0 * Configure placeholder role-mapping Sync * [ci] Use stestr for coverage and fail if below 90% * Add fedora coreos cluster template to contributor docs * Remove zuul legacy jobs * Add master\_lb\_enabled to cluster * [docs] Bring user docs up to date with recent changes * [k8s] Use helm upgrade --install in deployment loop * [fix] Append v3/v1 to auth\_url/magnum\_url if discovery fails * [ci] Fix gate by installing python3-docker * Fix proxy issue for etcd and k8s * Remove shebang from scripts * Remove warning for scale\_manager * Lower log level of missing output * [fix] Use default\_ng\_worker.node\_count for patches * Fix label fixed\_network\_cidr * Use unittest.mock instead of mock * resize: Send only nodes\_to\_remove and node\_count * [hca] Use fedora:rawhide now that greenlet 0.4.16 is released * [hca] Join threads before closing file descriptor * [hca] Pin fedora to 32 until new greenlet release * Support proxy for helm install * Use full name for hyperkube image inspect * api: Do not guess based on name extension * [k8s] Use Helm v3 by default * atomic: Do not install control-plane on minions * Switch to newer openstackdocstheme and reno versions * Scrape internal kubernetes components * [k8s] Update Cluster Autoscaler ClusterRole * [ci] Fix publish of helm-client containers * Remove .testr.conf * Support upgrade on behalf of user by admin * [k8s] Fix PreDeletionFailed if Heat stack is missing * [k8s] Deprecate in-tree Cinder * Add newline to fix E004 bashate error * Fix small issues rolling upgrade * [k8s] Support configurable health polling interval * [k8s] Add label 'master\_lb\_allowed\_cidrs' * Labels override * Fix hacking min version to 3.0.1 * Update nginx-ingress to v1.36.3 and 0.32.0 tag * [K8S] Delete all related load balancers before deleting cluster * Fix pep8 for ambiguous variable name * [k8s-fedora-atomic] Build kube\_tag v1.15.12 * More verbose logs for cluster ops * Monkey patch original current\_thread \_active * [ci] Remove unnecessary container build tasks * Add py38 package metadata * [k8s] Fix docker storage of Fedora CoreOS * Deprecation note for devicemapper and overlay * Add Python3 victoria unit tests * Update master for stable/ussuri * Use unittest.mock instead of third party mock * [k8s] Build helm-client containers v2.16.6 and v3.2.0 * hca: Add hostname command * k8s: Use the same kubectl version as API * [k8s] Upgrade k8s dashboard version to v2.0.0 * Update prometheus monitoring chart and images * k8s: Add admin.conf kubeconfig * Deploy traefik from the heat-agent * Scrape traefik and autoscaler metrics * [k8s] Expose autoscaler prometheus metrics * [k8s] Fix no IP address in api\_address * [ci] Use magnum-tempest-plugin-tests-api * [ci] Use Fedora CoreOS image for devstack plugin * Ussuri contributor docs community goal 10.0.0.0rc1 ----------- * [k8s-fcos] Bump up default versions to v1.18.x * [k8s] Introduce helm\_client\_tag label * Remove nodeSelector for flannel DaemonSet * [k8s] Expose traefik prometheus metrics * Fix ServerAddressOutputMapping for private clusters * fcos-kubelet: Add rpc-statd dependency * Build new autoscaler containers * Use ensure-\* roles * fix: Open udp port 53 on master to support CoreDNS * [k8s] Support updating k8s cluster health status * Support calico v3.3.6 * Cleanup py27 support * fcos: Upgrade default flannel\_tag to v0.12.0-amd64 * fcos: Upgrade etcd to v3.4.6, use quay.io/coreos/etcd * [k8s] Upgrade calico to the latest stable version * [k8s] Improve the taint of master node kubelet * [k8s] Upgrade default coreDNS version to 1.6.6 * Update hacking for Python3 * Add selinux\_mode label * fcos: Mount /:/rootfs:ro to Kubelet * Fix calico regression issue caused by default ipv4pool change * k8s: Fix logic of when a cluster API is accessible * Use cluster name for fixed\_network instead of private * Fix join of status\_reason * Update default calico\_ipv4pool * Release k8s v1.15.11 image * fcos: Disable zincati auto-updates * k8s-fedora: Set max-size to 10m for containers * Add node groups documentation * calico: Add node/status in ClusterRole * atomic-podman: Set log imit to 50m * fcos-podman: Set max size for logging to 50m * Add fcct config for coreos user\_data * [hca] Restore deploy\_{stdout,stderr,status\_code} * [k8s] Support post install manifest URL * Remove buildimage jobs * Add an ARCH parameter to handle arch specific things * [bug] Fix regression when use\_podman=false * Add cinder\_csi\_enabled label * [k8s] Make metrics-server work without DNS * [hca] Live log for SoftwareDeployment scripts * Add opt-in containerd support * Fix typo in docs * Fix ingress traefik systemd unit * bug: Double quote CALICO\_IPV4POOL\_IPIP value * [k8s] Fix instance ID issue with podman and autoscaler * Upgrade pause image to version 3.1 * Fix the load balancer description regex pattern for deleting cluster * k8s\_coreos Set REQUESTS\_CA for heat-agent * core-podman: Mount os-release properly * Execute traefik systemd unit over ssh * Add selector in monitoring deployments * Fix Field \`health\_status\_reason[api]' cannot be None\` * Fix proxy for Grafana script * Fix api-cert-manager=true blocking cluster creation * [k8s] Support docker storage driver for fedora coreos * [k8s] Fix volumes availability zone issue * Add calico\_ipv4pool\_ipip label * Support verifying the digest for hyperkube image * Fix duplicated words issue like "meaning meaning that" * Imported Translations from Zanata * Add a link to compatibility matrix for kube\_tag * tox: Keeping going with docs * Fix proxy issue for k8s fedora drivers * [k8s] Fix RBAC for OCCM v1.17.0 * [k8s] Enable services before starting them * [k8s] Remove indentation in /etc/sysconfig/heat-params * Fix entrypoint for k8s components in podman * [k8s] Deprecate heapster * Fix heat-container-agent image building error on arm64 * [k8s] Update metrics-server * k8s\_fedora: Bump up default kube\_tag to v1.15.7 * [fix] Allow cluster OS upgrade without specifying kube\_tag * Release k8s v1.14.10 and v1.15.7 * Fix nginx getting OOM killed * Bump up prometheus operator chart to 8.2.2 * Make traefik compatible with 1.16.x * nodegroup list with --limit gives wrong next URL * [k8s] Add heapster\_enabled label * Increase backoffLimit to 10 for helm installer * Add prometheus-adapter * bug: cluster creation without docker\_volume\_size * PDF documentation build * [k8s] Fix rolling upgrade with podman * Change k8s-keystone-auth docker repo * Scrape prometheus metrics from nginx * Add nginx\_ingress\_controller\_chart\_tag * bug: Only query Cinder API if volume size > 0 * Make it possible to use uwsgi easily * Release k8s v1.14.9 and v1.15.6 * Fix cert\_manager\_api with x509keypair * Support TimeoutStartSec for etcd and heat agent systemd services * bug: Use configured heat-container-agent tag * Use --containerized flag to support 1.{13,14,15}.x in Atomic * Drop python2 tests * Support TimeoutStartSec for k8s systemd services * Fix if condition to test for var==true * coreos: Use heat params for heat-agent image * Docker volume size from nodegroups * k8s\_fedora: Add use\_podman label * No new NGs for clusters without an api\_address * heat-agent: Check if scripts exists * Use v1.15.0 as default octavia\_ingress\_controller\_tag * [fedora-atomic][k8s] Support operating system upgrade * bug: Cluster should be creatable w/o fixed subnet * Release k8s v1.13.12, v1.14.8, v1.15.5, v1.16.2 * ng-13: Support nodegroup upgrade * ng-12: Label nodegroup nodes * ng-11: API microversion 1.9 * ng-10: Fix cluster template conditions * Support Fedora CoreOS 30 * Build cluster autoscaler container images * update api-ref for clustertemplate * Failed state was ignored for default ngs * Convert fixed\_subnet name to uuid for OCCM * Fixing typos and spelling errors in driver template files * k8s\_atomic: Run all syscontainer with podman * Pass ssh public key as string * Delete the ca-rotate api-ref 'ca-rotate' hasn't been supported, 'ERROR: 'rotate\_ca\_certificate' is not supported by this driver (HTTP 400)' will be returned. So, I think we should supply the api after it's realization * Add wiki Admin guide and Contributing notes link to README * k8s\_fedora: Move rp\_filter=1 for calico up * k8s\_fedora: Label master nodes with kubectl * Add hostname-override to kube-proxy * Set cniVersion for flannel * Improve log of k8s health status check * Change the order of resource creation * Drop deprecated APIs for kube v1.16 support * ci: Add output stream fixture to fix CI * Update master for stable/train * ng-9: Driver for nodegroup operations * ng-8: APIs for nodegroup CRUD operations * ng-7: Adapt parameter and output mappings * ng-6: Add new fields to nodegroup objects * Propagate cloud\_provider\_enabled correctly 9.0.0.0rc1 ---------- * Return default quota from API * Build k8s images v1.16.0 and minor bumps * [fedora atomic k8s] Add boot from volume support * Fix k8s deployment when cluster\_user\_trust=False * Remove --os-url usage * Remove unneeded Zuul branch matcher * Fixing broken links * k8s\_fedora: Set rp\_filter=1 for calico * k8s\_fedora\_atomic: Add PodSecurityPolicy * Remove cluster floating\_ip\_enabled default value * Update flannel\_backend in user guide * Trivial fix for cluster creation in master * [fedora-atomic][k8s]Disable ssh password authentication * etcd\_volume\_size from cluster not CT * [fedora-atomic][k8s] Fix missing internal IP * Using vxlan as default value for flannel\_backend * Readable heat-container-agent log * Take kubeproxy\_options into account on proxy setup * Convert network UUID to name required for OCCM * Using Fedora Atomic 29 as default image * Publish 1.16 k8s images * kubernetes builds for v1.{13,14,15,16}.x * Fix heat-container-agent by setting LC\_ALL=C * Disable gpg check in fedora:rawhide image * [api-ref] Add network,subnet and FIP for cluster * Fix cloud-config file * Improve dns format validation * Fix addon tag/version parsing * k8s: stop introspecting instance name * Release k8s images v1.15.2, v1.14.5, v1.13.9 and v1.12.10 * Update "auth\_url" port in install docs * Update for Storyboard * Bump the openstackdocstheme extension to 1.20 * Allow setting network, subnet and FIP when creating cluster * Blacklist sphinx 2.1.0 (autodoc bug) * Support py3.x for make cert scripts * Fix py3 issue of heat-container-agent * Add network config to stabilise multi-NIC scenario * Add information about the cluster in magnum event notifications * Update docs links * Set train-dev as the default tag for heat-container-agent * Return ClusterID for resize and upgrade * Update current k8s version after upgrade * heat-agent: Do not use absolute path * Support auto\_healing\_controller * Fix kubernetes systemd service templates * Update api-ref location * Add Python 3 Train unit tests * ci: Fix ADD\_ALLOW\_PRIV build-arg * Allow for cluster-autoscaler deployment roll-out * k8s: Clear cni configuration * [fedora-atomic] kube\_tag is not respcted * Set default value for keystone\_auth\_default\_policy * Hardcode the names of the default NGs * [k8s] Update prometheus monitoring helm based configuration * Make kubernetes apiserver start after network * k8s: refactor functions into KubernetesDriver * Fix auto\_scaling\_enabled default in docs * Add build-arg for --allow-privileged * Add npd\_enabled label * Build kubernetes v1.15.0 * ci: Rotate dockerhub password * calico: drop calico\_cni\_tag * k8s\_fedora: Update to kubernetes v1.14.3 * k8s\_fedora: Update to kubernetes v1.14.3 * Update keystone\_authtoken config reference * Build kubernetes images * [k8s][fedora atomic] Using node instead of minion * [fedora-atomic][k8s] Support default Keystone auth policy file * Fix coe\_version for k8s driver * Fix overlay2 + docker\_volume\_size * Update calico to v3.3 * [k8s][fedora atomic] Rolling upgrade support * Add API reference for cluster upgrade * Add cluster upgrade to the API * Add missing ws separator between words * [k8s\_fedora\_atomic] Make calico devices unmanaged in NetworkManager config for master node * Replace git.openstack.org URLs with opendev.org URLs * Revert "support http/https proxy for discovery url" * Blacklist bandit 1.6.0 and cap Sphinx on Python2 * Fix up installation instructions for openSUSE * Release k8s v1.12.8 * Disable broken image building * Fix container-build job * OpenDev Migration Patch * Build kubernetes v1.15.0-alpha.1 * Update coredns from upstream manifest and to 1.3.1 * [k8s] Set traefik to stable version v1.7.10 * [fedora\_atomic] Support auto healing for k8s * [fedora atomic] Allow traffic between k8s workers * Dropping the py35 testing * Fix registry on k8s\_fedora\_atomic * Fix proportional autoscaler image * Build kubernetes v1.14.1 * Fix missing print format error * [k8s] Add nginx based ingress controller * Support multi DNS server * Revert "Specify internal network to improve stability in a multi-NIC scenario." * Specify internal network to improve stability in a multi-NIC scenario * ng-5: APIs for listing and showing nodegroups * ng-4: Adapt cluster object * Set a fixed cipher suite set for Traefik * Allow admin update cluster/template in any project * ng-3: Adapt existing drivers * ng-2: Adapt existing cluster APIs and conductor * Publish k8s v1.14.0 image * Kubernetes images release * [fedora-atomic-k8s] Allow all traffic from master to worker nodes * Add API ref for /actions/resize * Replace openstack.org git:// URLs with https:// * Update master for stable/stein * ng-1: Add nodegroup representation 8.0.0.0rc1 ---------- * [k8s] Install prometheus monitoring with helm * Fix openstack-cloud-controller-manager restarts * Improve floating IP allocation * Support /actions/resize API * k8s\_fedora: Add ca\_key before all deployments * Migrate legacy jobs to Ubuntu Bionic * [fedora-atomic-k8s] Adding Node Problem Detector * ci: Disable functional tests * Ensure http proxy environment is available during 'atomic install' for k8s * [k8s] Make flannel self-hosted * Update min tox version to 2.0 * Release k8s v1.11.8, v1.12.6 and v1.13.4 * make sure to set node\_affinity\_policy for Mesos template definition * Fix swarm functional job * Fix prometheus installation script * Return health\_status for cluster listing * Do not exit in the enable-helm-tiller script * FakeLoopingCall raises IOError * [k8s-fedora-atomic] Security group definition for worker nodes * [k8s-fedora-atomic] Use ClusterIP for prometheus service * Return instance ID of worker node * Add server group for cluster worker nodes * python3 fix: decode binary cert data if encountered * Add python 3.6 unit test job * Add reno for flannel reboot fix * Fix async reserved word in python3.7 * [k8s] Add trustee as a secret in kube-system * [k8s] Update cluster health status by native API * add python 3.7 unit test job * [k8s] helm install metrics service * [k8s\_fedora] Add heat-agent to worker nodes * Add hidden flag to cluster template * k8s\_fedora: Deploy tiller * Fixing container-build job * Fix typo in octavia-ingress-controller doc * Allow overwriting labels on swarm mode creation * Delete loadbalancers and floatingips for service and ingress * Support octavia-ingress-controller * heat-agent: Add openssh-clients * [k8s-fedora-atomic] Update k8s default version * Support multi k8s image versions * Allow cluster template being renamed * ci: Rebuild kubernetes v1.11.6 containers * Update kube cmd documentation links * Add framework for magnum-status upgrade check * [k8s\_fedora\_atomic] Delete floating ip for load balancer * Use oslo\_serialization instead of the json module directly * Use python3 for functional tests * Use MultiType and types.text instead of str * Bump k8s version up to v1.11.5 * Fix python3 compatibility * Fix prometheus monitoring * Do not use 'exit' in the script * Remove -U from pip install * Enable CoreDNS prometheus metrics plugin * Support Keystone AuthN and AuthZ for k8s * support http/https proxy for discovery url * Removed admin\_\* from devstack config * Change docker image pulling policy from Always to IfNotPresent * k8s\_fedora: Use external kubernetes/cloud-provider-openstack * containers: clean-up build code * k8s\_build: Build kubernetes v1.11.6 containers * Fix use of magnum\_repository in container-publish * Changes in container builder * [k8s] Cluster creation speedup * Build images in the ci * Release note for cluster pre-delete * Delete Octavia loadbalancers for fedora atomic k8s driver * functional: stop using concurrency of 1 for api tests * functional: bump flavor specs * functional: use vexxhost-specific nodes with nested virt * functional: use default admission\_control\_list values * functional: bump atomic version to latest * functional: add body for delete\_namespaced\_service in k8s * functional: retrieve cluster to get stack\_id * fix bug link in readme * Add support for www\_authenticate\_uri in ContextHook * Add iptables -P FORWARD ACCEPT unit * Make providing a keypair optional * Add missing ws separator between words * Cleaned up devstack logging * Add support for www\_authentication\_uri * Add Octavia python client for Magnum * [K8S] Pass cluster name to controller-manager * Add heat\_container\_agent\_tag label * Minor fixes to re-align with Ironic * [swarm-mode] Remove --live-restore from Docker daemon options * Update heat-container-agent version tag * Fixing gate failing due to bad AMQP virtual\_host * Make master node schedulable with taints * Trivial code cleanups * Use existing templates for cluster-update command * Make cover jobs non-voting * Add prometheus-monitoring namespace * add python 3.6 unit test job * switch documentation job to new PTI * Use templates for cover and lower-constraints * Make X-Subject-Token search case unsensitive * Add prometheus & grafana container image tags * import zuul job settings from project-config * [swarm-mode] allow TCP port 2377 to swarm master node * [k8s] Add kubelet to the master nodes * Fix unit test failure with python3.6 * Remove deprecated \`tls-ca-file\` option from kube-apiserver * Add health\_status and health\_status\_reason to cluster * Fixing CoreOS driver * Deprecate send\_cluster\_metrics * Remove -u root as mysql is executed with root user * [k8s] Add proxy to master and set cluster-cidr * Imported Translations from Zanata * Fix enable\_cloud\_provider check * Imported Translations from Zanata * Remove the last slash of extra\_params['auth\_url'] * [k8s] Set order in kubemaster software deployments * [k8s] Add new label \`service\_cluster\_ip\_range\` * Update reno for stable/rocky * Fix doc format 7.0.0 ----- * Bump k8s version to v1.11.1 * Using cgroupfs as default cgroup-driver * [k8s] Fix docker volume issue * Docs: Replace non-existing command * Reno for embed certs in kubernetes config * Using simple public/private key for k8s service account keys * Create /etc/kubernetes/manifests on k8s master * Change Kubelet flexvolume directory * Trustee: provide region\_name to auth\_url searching * Fix the heat-container-agent docker image * Resolve stack outputs only on COMPLETE * Add etcd\_volume\_size parameter in coreos template * Update the default admission control list * k8s\_fedora: Add cloud\_provider\_enabled label * Switch to stestr * Fix etcd race condition issue * Support disabling floating IPs in swarm mode * Add release notes link in README * Provide a region to the K8S Fedora Atomic config * Rename scripts * Make service account private key hidden * Pass in \`region\_name\` to get correct heat endpoint * Revert "Rename scripts" * Rename scripts * Allow multimaster lb with no floating ip option * Sync service account keys for multi masters * Added error handling for discoveryurl * k8s\_fedora: Create admin cluster-role * k8s\_fedora: enable tls in traefik ingress * k8s\_fedora: set ingress traefik log level to INFO * Use HostAddressOpt for opts that accept IP and hostnames * Fix race condition issue for k8s multi masters * Add option to specify Cgroup driver for Kubelet * Remove fedora-atomic diskimage-builder element * fix tox python3 overrides * Strip signed certificate * Revert "Strip signed certificate" * Devicemapper storage driver need specified volume * Release note for supporting Octavia as LoadBalancer type service backend * Strip signed certificate * Use Octavia for LoadBalancer type service * k8s\_fedora: Make CoreDNS config a SoftwareDeployment * Update ca related magnum comands to osc * [doc] fix coredns correct image verison * [doc] Correct the non-existent link for the Fedora image * Open the 8472 port of master for vxlan * k8s\_fedora: Add admin user * Follow the new PTI for document build * Imported Translations from Zanata * Fix incompatible requirement * Add and improve tests for certificate manager * Stop using slave\_scripts/install-distro-packages.sh * Add bindep.txt file * Add calico-node on k8s master node * Make DNS pod autoscale * fix a typo * Adding documentations about network in vms * Adding glossary.rst * k8s\_fedora: Add flannel to master nodes * Cache barbican certs for periodic tasks * k8s\_fedora: Explicitly set etcd authentication * Move openstackdocstheme to extensions in api-ref * k8s\_fedora: Add kubelet authentication/authorization * Updated from global requirements * Add oslo\_log command options to magnum-db-manage * add lower-constraints job * Add service account to daemonset in traefik * Add missing RBAC config for Prometheus * TrivialFix: Correcting JSON syntax * Update minimum version of docker in unit tests * Add reno for RBAC and client incompatibility * Add minimum system requirements to docs * Use pip\_check\_reqs module * Specify grafana version * Imported Translations from Zanata * Update kubernetes dashboard to v1.8.3 * kuberntes: Disable the scale\_manager for scale down * k8s: allow passing extra options to kube daemons * [kubernetes] add ingress controller * Admin can now delete clusters in any project * Run etcd and flanneld in a system container * Support calico as network driver * Add disabled\_drivers config option * Using v1.9.3 as default k8s version * Enables MySQL Cluster Support for Magnum * Check CERT\_MANAGER\_API if True or False * Add missed space in k8s template file * Add support for Octavia resources in Heat * [k8s] allow enabling kubernetes cert manager api * Document use of kube\_tag label * Change swarm ClusterTemplate coe to swarm-mode * Now user can update label values in cluster-template * federation api: api endpoints * Driver's name are case sensitive * Update reno for stable/queens * Replace CentOS package mysql-devel > mariadb-devel 6.0.1 ----- * Add issue to reno for the incompatible k8s client * k8s: Fix kubelet, add RBAC and pass e2e tests * Support accessing all clusters/templates across projects * Deprecate usage of tenant and user in context * Add label availability\_zone * Corrected some misspellings in magnum * Add send\_cluster\_metrics configuration parameter * Start RPC service before waiting * Remove broken job magnum-non-functional-tox-migration * Zuul: Remove project name * Support soft-anti-affinity policy for nodes * ci: Add redirection from /v2 to /identity/v2 * Add openstack\_ca\_file configuration option * [k8s] Add missing verify\_ca in minion\_wc\_notify * fix url for versioned objects docs in code * federation api: federation table and db layer * Change the name of kubernetes-dashboard deployment * [k8s] Take container\_infra\_prefix from cluster if specified * Don't run functional jobs on api-ref changes * Fix policies for quotas * Use barbicanclient.v1 instead of barbicanclient * Fix image list and usage in contributor quickstart * Fix: functional CI Jobs * doc: Use os\_distro instead of os-distro * Fix Usage of cliff commandmanager * Update docs to use openstack client commands * Update Fedora Atomic image name * Add missing translation for verify\_ca * Updated from global requirements * [k8s] Take kube\_tag from cluster if specified * Leverage heat-container-agent for monitoring * Allow flavor\_id on cluster create * Make docker\_storage\_driver a str instead of enum * Remove intree magnum tempest plugin * [doc-migration] Consolidate install guide * The os\_distro of image is case sensitive * k8s\_atomic: Remove kubelet and kube-proxy from master * Updated from global requirements * Generate lower case stack name * Add verify\_ca configuration parameter * k8s\_atomic: Add server to kubeconfig * Add app.wsgi to target of pep8 * Remove setting of version/release from releasenotes * Updated from global requirements * Fix: magnum devstack installation with tls-proxy * Updated from global requirements * Updated from global requirements * Redundant alias in import statement * Do not use “-y” for package install * Using --option ARGUMENT * Generate stack name as a valid hostname * Zuul: add file extension to playbook path * Doc Fix for Alembic multiple heads error * Add sample policy configuration to doc * Register default magnum service and stat policies in code * Register default certificate policies in code * Register default quota policies in code * Register default cluster template policies in code * Register default cluster policies in code * Register default baymodel policies in code * Register default bay policies in code * Implement basic policy module in code * use keystoneauth1 session in functional test * Fix use of irrelevant-files parameter * Add /etc/environment to flannel/etcd/kubelet * Updated from global requirements * Add labels to api-ref cluster create * Migrate to Zuul v3 * Fix user-guide formatting * Fix magnum TLS cert generation * Fix to use the correct hyperlink * Swarm: Incorrect reference to Flannel variables * [swarm-fedora-atomic] fix cluster etcd\_lb protocol definition * Allow master\_flavor\_id on cluster create * Add kube\_dashboard\_enabled label to user guide * Updated from global requirements * Fix prometheus scrape configuration * writing convention: do not use “-y” for package install * k8s\_fedora: Add container\_infra\_prefix label * Add default configuration files to data\_files * Remove SCREEN\_LOGDIR from devstack setting * Updated from global requirements * Avoid running periodic processes inside each worker process * Update CoreDNS to 011 * Updated from global requirements * k8s: Fix node-exporter manifest * Use newer location for iso8601 UTC * Updated from global requirements * Imported Translations from Zanata * writing convention set to use "." to source script files * Updated from global requirements * Imported Translations from Zanata * Update reno for stable/pike * Remove TENANT\_NAME from /etc/sysconfig/heat-params * Fix no\_proxy evaluation for Swarm clusters 5.0.0 ----- * Trivial typo fix * Add a kube\_tag label to control the k8s containers to pull * Launch kube-proxy as a system container * Launch k8s scheduler & controller-manager as system containers * Use atomic containers for kubelet & apiserver * Allow labels on cluster create * Remove /etc/ssl/certs in the controller manager pod * Add default for [cinder]default\_docker\_volume\_type * tests: Use swarm-mode for api tests * Updated from global requirements * Remove deprecated usage of CORS.set\_latent * Deal with db\_exc.DBDuplicate of conductor startup * Remove unused config periodic\_global\_stack\_list * Fix usage of --kubelet-preferred-address arg for apiserver * Copy service configurations also * Clean-up server names in drivers * Imported Translations from Zanata * Remove repeated auth\_url * Move to OpenStack client * Fix barbicanclient and swarm-ci * Don't poll heat if no stack exists * Extract kubernetes baremetal ports * Move all kubernetes files in /etc/kubernetes * [doc-migration] Adds configuration folder * [doc-migration] Add user folder for related documents * [doc-migration] Add install folder for related documents * Stop using deprecated 'message' attribute in Exception * Use kubernetes service name in cert request * Updated from global requirements * k8s: Fix apiserver configuration * Fix some reST field lists in docstrings in magnum * Add attribute 'disabled' for service-list * Updated from global requirements * [doc-migration] Add admin folder for related documents * Add swarm-mode driver * Copy cluster nodes logs always whether tests pass or fail * Update URL home-page in documents according to document migration * [Fix ironic gate] Use IP\_VERSION=4 in devstack local.conf * Add a hacking rule for string interpolation at logging String interpolation should be delayed to be handled by the logging code, rather than being done at the point of the logging call. See the oslo i18n guideline \* https://docs.openstack.org/oslo.i18n/latest/user/guidelines.html#adding-variables-to-log-messages and \* https://github.com/openstack-dev/hacking/blob/master/hacking/checks/other.py#L39 * Add Cinder-API-ver to k8s-cloud-provider config * Add reno for etcd\_volume\_size label * Use 'sudo' to access /etc/sysconfig/heat-params * Add warning-is-error in setup.cfg * Move the contributor related docs to contributor/ dir * Update Documentation link in README * Switch from oslosphinx to openstackdocstheme * ci: Remove \*\_ssh ironic drivers * k8s-fedora: Add etcd\_volume\_size label * Fix cluster inheritence of docker\_volume\_size * Updated from global requirements * Use DIB\_RELEASE to set fedora-atomic variable defaults * [opensuse] Increase wait\_condition\_timeout * Update .gitignore to ignore .eggs * Enable some off-by-default checks * Allow docker\_volume\_size on cluster create * Add needed details for Magnum Project * Set access\_policy for messaging's dispatcher * Updated from global requirements * Swarm: simplify heat WC signalling with $WAIT\_CURL * Use lowercase keys for swarm waitcondition signal * Fix typo in magnum/hacking/checks.py for consistency * Add api-ref about quotas-delete * Updated from global requirements * Revert "Using assertFalse(A) instead of assertEqual(False, A)" * Fix the unexist url * Updated from global requirements * Move to docker python SDK 2.x.x * Updated from global requirements * Fix wrong references url to right * Remove duplicated hacking rule M318,M319 * fix the function named get\_count\_all * Use get\_rpc\_transport instead of get\_transport * Updated from global requirements * Update the 'service-list' api-ref * Fix html\_last\_updated\_fmt for Python3 * [opensuse] Enabling external loadbalancer feature * k8s-fedora: Add docker\_volume\_type label * Updated from global requirements * Add DC/OS dependency installation script * Optimize the link address * swarm: Add docker\_volume\_type label * Add reno for docker\_volume\_type label * Use eventlet executor in rpc\_service * Document docker\_volume\_type option * doc: Add kubernetes example in Launch an instance * Update link to k8s doc and minor formatting * Updated from global requirements * Remove disable script of firewalld * Updated from global requirements * Updated from global requirements * doc: Add Xenial to devstack quickstart guide * Specified cgroup driver * Add CoreDNS deployment in kubernetes atomic * reno: add custom keystone endpoint\_type in configuration * [k8s\_coreos] use host-gw as flannel default driver * [k8s\_coreos] update kubelet args * [k8s\_coreos] enable CoreDNS addon * Fix the link to Cluster Template in quickstart * Add more details to example template * [suse] Build openSUSE Leap 42.1 OpenStack Magnum image * Ignore: Try pxe\_ipmitool since vbmc is used * update doc dcos\_centos\_v1/README.md * fix the devstack\_neutron's url * [k8s\_coreos] update to etcdv3 and kube 1.6 * Updated from global requirements * [k8s-fedora-atomic] fix multimaster cluster * Use 'virt\_type=kvm' in devstack vm if supported * Add release note and doc changes for kube dashboard * Update Steps for creating dib images * Updated from global requirements * Update doc 'functional-test.rst' * TrivialFix: Typo in launch-instances.rst * Add Command for using default docker log-driver * Updated from global requirements * Update api-ref about 'ca-show' * Pass a mutable target to oslo policy enforcer * CI: multinode job with larger flavors * Fix rexray systemd unit * update the detail of the latest fedora atomic image * informations -> information * Add 'keypair' to 'list all clusters' response * Updated from global requirements * Set clustertemplate:publish to admin only * [k8s\_coreos] Avoid regenerating certs on reboot * Support magnum-conductor multiple process workers * Enable custom keystone endpoint\_type in templates * [k8s\_coreos] Add kubernetes dashboard * Add kube dashboard and remove kube ui * Fix the API Microversions's doc * Added tempest to test-requirements * Adding quota unit test * [suse] Add DOCKER\_DEV to /etc/fstab * [suse] Remove defaults network from child templates * Updated from global requirements * Fix config type of copy\_logs from string to Boolean * Fix keystone auth\_uri and auth\_url * Replace "bay" with "cluster" in user guide * Update SUSE distro information in install guide * Add net creating in install-guide * Updated from global requirements * Remove kube-examples software configs * Fix CoreOS multi master with LB cluster creation * Fix CoreOS cluster creation and heat notify * Support dcos installation on centos vm cluster * Fix usage of the trustee user in K8S Cinder plugin * Fix gate: Revert mesos image to ocata * Remove old oslo.messaging transport aliases * Install client in install guide instructions * Fix database grant instructions in install guide * Add 'rm -f .testrepository/times.dbm' command in testenv * Update Fedora images * Format the quickstart doc * Remove log translations * Add reno for cluster\_user\_trust option * Fix db config * ci: Rename ssh key * Use 'os\_distro' instead of 'os-distro' * Add "ca-rotate" command to userguide * Unbreak gate * Move cover.sh to the tools directory * Add CoreOS/K8s recommended defaults to kube-proxy * Remove support message for using keypair UUID * Updated from global requirements * [k8s] Monitoring with Prometheus and Grafana * Fix some grammar or spelling de-normalization * Remove unused logging import * Update quickstart to use OpenStack CLI * Fix exception codes * Glance v1 is deprecated and removed in devstack [1] * Delete redundant Magnum::Optional::Neutron::FloatingIP * Indicating the location tests directory in oslo\_debug\_helper * Updated from global requirements * Updated from global requirements * Pass 'context' to create\_client\_files method * Fix api-ref with Sphinx 1.5 * Update docs to use positional name argument * Set k8s apiserver preferred address type arg * Set is\_admin flag correctly in RequestContext * Add WSGI script to deploy Magnum behind Apache * [suse] Add TLS support for k8s\_opensuse\_v1 driver * Update test requirement * Fix hyperkube\_image\_repo * Add admission control to CoreOS Driver * Prepare Kubelet for multiple container runtime * Remove reliance on osprofiler configuration section * Pass 'client', 'message' param to AuthorizationFailure Exception * Fix: mesos gate tests * Validate project-id on quota create * Magnum Development Policies * Missing root-ca-file parameter for proper service account support * [suse] Add SERVICE\_ACCOUNT\_KEY to Kuberneres cluster configuration * Add Kubernetes API Service IP to x509 certificates * Update reno for stable/ocata * Fix quota API get-all parameter type * Make INSECURE\_REGISTRY\_URL works for CoreOS 4.1.0 ----- * Fix some typos * Fix for cluster-update rollback issue * Add keypair to api-ref cluster create * Fix quotas API pagination * [doc] install 'curl' as a prerequisite * Use variables for hyperkube and kube version * Switch to kubernetes upstream python client * Updated from global requirements * Add reno: bp secure-etcd-cluster-coe * Updated from global requirements * Remove $myip when unnecessary and use KUBE\_NODE\_IP * Make KUBE\_ALLOW\_PRIV used for api server * Add microversion and release notes for quotas API * Don't enforce microversion for stats API * Fix CVE-2016-7404 * Remove heat-params sourcing * Improve consistency for SSL PATH accross template * Remove support for py34 * Don't enforce microversion for rotate CA cert API * Remove carriage return when getting user token * Use https instead of http for git.openstack.org * [mesos] Use latest build for mesos image * Don't create clusters of an unsupported type * Fix missing $ in CoreOS proxy conf * Use heat-params in systemd unit * Trivial: Fix typo in exception message * K8S: Allows to specify admission control plugins to enable * Use right no proxy settings for swarm master and agent * Remove unused enforce\_cluster\_types decorator * [k8s] Get logs of controller-manager and scheduler 4.0.0 ----- * Pass OpenStack-API-Version header in make-cert scripts * Make Kubernetes pods' health checks configurable * Upgrade to Fedora 25 * Updated from global requirements * Resource Quota - API documentation * Resource Quota - Limit clusters per project * Add release note for BP OSProfiler in Magnum * Fix: Pass external\_network to kube-minion * Updated from global requirements * Update MY\_IP to use curl and metadata instead of cut * Fix getting capacity in k8s\_monitor * Add an API to rotate a cluster CA certificate * Integrate OSProfiler in Magnum * Fix Ironic driver * Resource Quota - Adding quota API * Resource Quota - DB layer changes * Resource Quota - Add config option to limit clusters * Move scale managers at driver level * Move monitors at driver level * Fix LB heat template parameter name * [Doc] Update User Guide: User Examples * Updated from global requirements * Fix compatibility with novaclient 7.0.0 * Add debug-py34 to tox.ini * [k8s\_ironic] Move software configs out of minion * Magnum stats API documentation * [Mesos]Move software configs out of resource group * [Mesos]Move wait condition out of resource group * [k8s\_ironic] Move wc out of master resource group * [k8s\_ironic] Move wc out of minion resource group * Magnum stats API * [devstack] Copy bash\_completion script during magnum installation * Remove extra spaces * [Doc] Update quickstart Guide: Using a Kubernetes Cluster * Updated from global requirements * [swarm] Fix cert filename in swarm-agent service * Remove unused context variable in db api * [suse] Fix flanneld overlay network configuration * [swarm] Enable TLS in Etcd cluster * CI: Set storage driver to overlay * CI: Increase master-flavor size * [suse] Update security group for kube\_masters * [suse] Add min and max to flannel\_network\_subnet option * Make private network optional * Support magnum-api multiple process workers * Fix the incorrect initialization of context roles * used openstack cli in magnum devstack plugin * Use Kubernetes config to launch services pods * Fully clean up requirement.txt dependencies * [suse] Update k8s\_opensuse\_v1 driver * Remove the usage of MagnumObjectDictCompat from magnum\_service * [suse] Tune default value for docker\_volume\_size * Fix gate: caused by tempest(removal of "service" param) * Remove PrettyTable useless requirement * Modify variable's using method in Log Messages * [suse] Setting correct permissions for Kubernetes files * Updated from global requirements * Remove provision\_state parameters(specific to ironic) * Add cluster record to db right after API request * [k8s\_coreos] Enable TLS in Etcd cluster * [k8s\_coreos] Remove podmaster * Updated from global requirements * Removes unnecessary utf-8 encoding * Use correct context synching status * Make Docker proxy configuration consistent across template * Remove the usage of MagnumObjectDictCompat from certificate * Fix multiple typos in unit tests names * List all the possibilities of cluster's name through a list * Specification for Magnum stats API * Remove the usage of MagnumObjectDictCompat from x509keypair * Import magnum.i18n.\_ in driver/heat/driver.py * Updated from global requirements * Use UUID instead of "00000" for UniqueId * Update Swarm version to 1.2.5 * cors: update default configuration * Updated from global requirements * [suse] Allow k8s cluster without floating ip * [suse] add support of LBaaS v2 * [suse] Add proxy config * [suse] Fix template descriptions * Change gate Fedora Atomic image to the automated f24 build * Add docker-d options in sysconfig/docker * [install] Fix endpoint creation * Disable horizon, ceilomter and swift in gate hook * Consolidate heat network resources * Updated from global requirements * Missing lines in lb refactor for CoreOS driver * [k8s\_fedora\_atomic] Enable TLS in Etcd cluster * Remove docker\_volume\_size from functional-test * Disable horizon, swift and ceilometer * Move cluster status notifications out of driver * Add bashate checks to pep8 step * Add a SELinux policy to relabel files in /usr/local/bin as bin\_t * [doc|install\_guide] Fix 'host' config param in [api] section * Updated from global requirements * Factorize load balancer code into its own template * [ironic][doc] Updated ironic image build doc * [k8s\_fedora\_atomic] Remove podmaster * functional: don't create flavors if ironic testing * DIB elements to support dcos for magnum * Use keystone v3 for functional tests * [mesos]remove redundant security group * Disable lbaas from ci tests * func-test-docs: Use iniget and set concurrecy 1 * Move cluster status updates into driver * Refactor driver interface (pt 1) * k8s\_ironic: fix minion template * Add RESUME\_FAILED to cluster's status field * Remove underscores from Nova server names * Doc: update server type in userguide * Show team and repo badges on README * Updated from global requirements * Improve security for swarm * Remove KEYSTONE\_CATALOG\_BACKEND from magnum plugin * [trivial] Fix DIB element path in Readme * [suse] Add hidden attr to password in the Heat Template * Revert "devstack: Fix neutron configuration to run in OSIC" * Fix few typos in documents * Reduce security groups # for k8s coreos cluster * Use 'code-block' for pieces of code * Fix a typo * Updated from global requirements * Add Flatten Attributes Specification * Fix typo in cover.sh * Drop id suffix in launch-an-instance guide * [docs]Update quickstart guide to use cluster-config command * Set config param [DEFAULT]/host to hostname * Combine master security groups in k8s driver * Remove out-dated method for installing in Devstack * [install] Update rabbitmq configuration * Updates Documentation for non-ID Params * Make cinder volume optional * Add insecure option in functional tests for SSL endpoints * remove extra bracket from script in docs * typo: Fix in docker storage configuration * Updated from global requirements * Restart swarm infra containers if deleted * Remove unused configure-flannel.sh * Fix: InvalidParameterValue Exception not raised correctly * Updated from global requirements * Add use of label 'swarm\_strategy' in userguide * Support scheduler strategy for swarm cluster * Updated from global requirements * Updated from global requirements * Add user-domain in role creation * [instll] Update a more simple rabbitmq configuration * Add http\_proxy\_to\_wsgi to api-paste * Enable DeprecationWarning in test environments * [suse] configure flanneld on master node * [suse] Update copyright/ownership information * Fix magnum cluster-update error * Added reno for stable/mitaka and stable/liberty * [suse] Sync with cluster drivers * Use function is\_valid\_mac from oslo.utils * fix cover.sh to allow db version changes without ut * [Trivial] Fix two typos in magnum * add some tests for db * add some tests for cluster and clustertemplate api * Remove pod/svc/container object reference from doc * Move cluster delete method to driver * Replace naked exceptions in barbican\_cert\_manager * corrected hyperlink typo fix * Updated from global requirements * add cluster and clustertemplate to fake\_policy.py * Enable release notes translation * Fix magnum-template-manage * Add docker daemon systemd proxy variables * Remove unnecessary fingerprint of MyObj object * Fix typo: clustser-->cluster in python\_client\_base.py * Make k8s cloud config consistent * Centralize config option: docker\_registry section * Centralize config option: urlfetch and periodic * Clean rc from unit tests * Fix the config args of kubernetes service * Fix PEP8 issues, OpenStack Licencing and Version details * Remove rc from policy.json * Disable cert checks while talking to endpoints * Allow keypair to be added during cluster create * Cluster Drivers * Updated from global requirements * [api-ref] configure LogABug feature * Remove fixed\_network from functional tests * devstack: Fix neutron configuration to run in OSIC * [coreos] Allow k8s cluster without floating ip * [api-ref] Remove temporary block in conf.py * Add dns server access confirmation * Revises 'json' to 'JSON' and 'yaml' to 'YAML' * Remove not really translated file * Implement mesos cluster smart scale down * Fix failure of systemd service kube-ui * [k8s\_common]Remove enable-etcd.sh * Fix typo 'mesoscluster' to 'mesos-cluster' * Fix K8s load balancer with LBaaS v1 * [mesos]Fix output param: mesos\_slaves\_private * Remove safe\_utils.py * Remove yamlutils.py * Remove k8s\_manifest.py * Remove Exceptions for Container/Pod/Service * [mesos] Make dib scipts executable * Remove unnecessary use of sudo in k8s scripts * Using sys.exit(main()) instead of main() * Change several RabbitMQ config settings * Updated from global requirements * Remove default=None when set value in Config * Fix quickstart guide URL * Fix typo 'duplcate' to 'duplicate' in status.yaml * Update Fedora Atomic element from 23 to 24 * Centralize config option: x509 section * Centralize config option: keystone\_auth section * Centralize config option: trust section * Centralize config option: certificates section * Centralize config option: docker section * Centralize config option: service section * Centralize config option: rpc periodic section * Centralize config option: utils section * Centralize config option: database section * Centralize config option: paths section * Centralize config option: cluster\_heat section * Centralize config option: cluster\_template section * Fix k8s\_fedora to work with cinder volume driver * Centralize config option: conductor section * Centralize config option: cluster section * Centralize config option: all clients section * Centralize config option: api section * Add Horizon and Native Clients to user guide * Update name of ubuntu-mesos image * Split swarm atomic template * Updated from global requirements * Register master node but make it non schedulable * Remove duplicate AUTH\_URL parameter * Remove unnecessary setUp and tearDown * Init magnum centralize config * Update reno for stable/newton * Delete coreos driver elements directory 3.1.0 ----- * Updates Ubuntu Mesos build * [install] Fix keystone\_authtoken and trust sections * Add optional magnum-ui in quickstart * Restrict server type only to vm/bm * delete python bytecode including pyo before every test run * Updated from global requirements * [install] Fix the cli install instructions * [install] Fix optional services bullet-list * Fix the order of enabling devstack plugin * Update kubernetes external load balancer dev guide * [suse] Fix OS::stack\_id in kubeminion * Use heat devstack plugin * [install] Add cli install in IT * [install] Add launch an instance section * [install] Update required services and remove bay * Add exceptions to cluster db to show failures * [suse] Sync heat template version with other drivers * [suse] Rename bay to cluster * TrivialFix: Remove logging import unused * Change the type of flannel\_network\_subnetlen to 'number' * Create sysconfig mount for kubernetes controller mgr * Import environment variables from testenv * Updated from global requirements * Split k8s atomic vm and ironic drivers * Create bay/cluster api reference * Disable lbaas on k8s-ironic job * Create baymodel/cluster template api reference * Add Scaling section to User Guide * Add Support of LBaaS v2 API * Rename Bay DB, Object, and internal usage to Cluster * Fix swarm functional tests * Add support for overlay networks in Swarm * Fixed fetching api\_server address * Update fedora image for ironic driver * Improve unit test coverage for cmd/db\_manage.py * Make magnum manage\_template read config file and increase coverage * Remove magnum service Dockerfile * Factor out common k8s definitions and mappings * Consolidate enable docker registery fragments * Clean imports in code * Add rexray volume driver to Swarm * Fix typo in quickstart guide * Update documentation with bay/cluster version info * Add python-dev and kpartx to mesos img build * Fix mesos image dockerfile elements location * Fix dev quickstart pointer to mesos img build * Consolidate configure docker storage fragments * Fix release note * Updates drivers from BayModel to ClusterTemplate * Rename BayModel DB, Object, and internal usage to ClusterTemplate * Rename bay to cluster in certificate object and references * Correctly raising MagnumServiceNotFound exception * Update service-list output in quickstart * Use cls in class method and remove unused CONF * Add missing release notes * Updates CONF usage from bay to cluster 3.0.0 ----- * Rename Bay to Cluster in functional tests * Include version info in bay/cluster show operation * Install Guide: Set bug project * Fix bay status: after bay-delete status is not DELETE\_IN\_PROGRESS * Correction in quickstart * Fix incorrect reference to bay-template-example.html * Revert "Update mesos slave to mesos agent" * Create certificates api reference * Create mservices api reference * Create version api reference * Updated from global requirements * Init api-ref structure and requirements * Compare test coverage with the master branch * Cleanup coverage configuration * Removed not required style.css file * To use cinder with rexray downgrade to version: 0.3.3 * Rename Bay to Cluster in docs * Add cluster to cert commands * Add history for API versions supported by magnum * Use werkzeug to run Magnum API with SSL * Make templates env path be const variable * Allow k8s cluster without Floating IP * Bay to Cluster api cleanup * Openvswitch image build * Get mandatory patch attrs from WSME properties * Clean up docstrings in BayModel * Simplify test\_create\_list\_sign\_delete\_clusters() tempest test * Restrict magnum service name * Updated from global requirements * Revert "Use symlinks for common template files" * Add Mesos labels and summary for labels * Rename Bay to Cluster in api * Updates k8s example rc to use correct label * Remove reference: 'modindex' from releasenotes documentation * Use upper constraints for all jobs in tox.ini * Add floating\_ip\_enabled field to baymodel * Increase in UT coverage * Fix tempest.conf generation * Align k8s CoreOS with atomic: add proxy config * Update to User Guide * Rollback bay on update failure * Set bay status: DELETE\_IN\_PROGRESS before updated by poll * Add i18n translation for Log messages * Increase test coverage * Fix an issue on kube-proxy in CoreOS bay * Fix the CoreOS fragment write-kubeconfig.yaml * Correct the get\_file patch in CoreOS template * Increased UT of magnum/api/app.py * Updated from global requirements * Add test for update baymodel public * Improve unit test coverage for cmd/conductor.py * Improve unit test coverage for cmd/api.py * Improve unit test coverage for common/service.py * Change stacks:global\_index heat policy to context\_is\_admin * Support for async bay operations * Fix indentation and if expressions in make-cert * Use memory mode for sqlite in db test * Functional: validate OpenStack resources * Use symlinks for common template files * Remove ReplicationController object * Add openSUSE driver support to Magnum * Increased test coverage * Remove Invalid README.md for mesos * Remove Invalid README.md for k8s * Makes config file generation reproducible * Add functional test for k8s ironic * Fix ironic template * Re: Remove dependency of metadata service * Support HA for k8s coreos bay * Pass missing variables to heat-params * Updated from global requirements * Use kubelet-wrapper provided by CoreOS * Remove kube-user.yaml * Fix copying logs from nodes * Fix for enum type docker\_storage\_driver * Updated from global requirements * Add microversioning support for methods * Correct hyperlink syntax in userguide * Restricted Magnum service state to 'up' and 'down' * Add support for master elected component * Drop MANIFEST.in - it's not needed by pbr * API: restrict length of bay's name to 242 * Updated from global requirements * Remove container object * Add TLS section to User Guide * Add functional test for public baymodel * Add hacking rule for explicit import of \_ function * modify the home-page info with the developer documentation * Add functional test for image/flavor validation * Create a base class for tempest tests * Add Bay section to User Guide * Remove unnecessary code * Consolidate heat fragments * Fix some simple mistake * Bay name must start with alphabets only * k8s\_coreos\_driver: cleanup file naming * Fix global stack list in periodic task * De-duplicate the decouple-LBaaS-related files * Corrected import module in gmr.rst * k8s: Remove unused volume mount for kube-proxy * Added hacking check to ensure LOG.warn is not used * Fix typo in baymodel param * Move common/fragments into templates directory * Pass private ip address to scale manager * Updated from global requirements * fix bug for configure-kubernetes-minion.sh * Fix the permission of these files -rwxr-xr-x * Add Mesos section to User Guide * Set swarm api\_address protocol to tcp on all cases * Correction in heat template description * Add check on docker\_volume\_size * [install] Add debian and ubunutu IGs * [install] Refactor configuration in IG * Updated from global requirements * Removed unwanted files * add hacking for assertIsNotNone * Fix wrong COE name in template * modify test\_assert\_is\_not\_none * Formatting userguide * Remove repeated WaitConditionHandle resource * Update mesos slave to mesos agent * Updated from global requirements * Add i18n support for some ERROR message * Replace "LOG.info(\_" with "LOG.info(\_LI" * Fix for k8s bay creation stall * Allow swarm cluster without LBaaS * Fix bug for write-kube-os-config.sh * Support the OpenStack-API-Version header * Updated from global requirements * Allow mesos cluster without LBaaS * Replace assertEqual(None, \*) with assertIsNone in tests * Correction in kube-ui-service.sh script * Fix OS::stack\_id is set as stack id instead of private ip * Remove unused LOG to keep code clean * Nit documentation formatting * Add Python 3.5 classifier and venv * Update default version of heat template * Correct the rest of the reraising of exception * k8s coreos bay driver * Bay driver: k8s Fedora Atomic * Add "WAIT\_CURL" parameter to the template of swarm * tempest: Allow the old-style name project name * Nit document formatted * Updates microversion root and error messages * Remove dependency of metadata service * Add description to the output\_key of stack * Correct reraising of exception * Move common bay drivers fragments in common dir * tempest: Don't hardcode external network id * Fix string declaration in periodic.py * Misspelled text corresponding to method 'get\_template\_definition' is commited * Change the type of flannel\_network\_subnetlen to 'number' * Delete unused discovery\_url for swarm * Allow k8s cluster without LBaaS * Mesos-Ubuntu bay driver implementation * Bay driver implementation * Move Initialization of variables inside if/else * Improve validation for the external network parameter * Add a explanatory text when flavor is None * Bay\_create\_timeout should be set to 60 default * Fix typos for Magnum * Fixed typo for Availability * Fix typos in resource-quotas.rst * Add Bay Drivers section in user guide * Updated from global requirements * Change service name from "magnum" to "container-infra" * Delete certs when deleting bay * Add fixed\_subnet field to baymodel * Improve unit test coverage * Validate discovery url when create a bay * Fix typo in create-trustee-user-for-each-bay.rst * Fix typo in async-container-operation.rst * Add Baymodel section to User Guide * [install] Add obs install-guide * Fix file permission in dib elements * Add master\_lb\_enabled field to baymodel * Allow Bay templates to include Heat environments * Pass some common cert related arguments to clients * Fix DIB dependencies for >= Fedora 22 * Fix docker storage drivers configuration * Updated from global requirements * Delete unused cert\_group variable * Modify mesos template to support removal policy * Add x509keypair\_cert\_manager to store certs in DB * [install] Add install guide from template for rdo * Add Swarm section to User Guide * Remove K8sResourceBase * Updated from global requirements * Make 'signing csr' accept Unicode CA Private key * Updated from global requirements * Modify the manual-devstack document for copying api-paste.ini * Wrong parameter in InvalidName exception message * Auto generate Bay/BayModel name * Use kojipkgs for diskimage-builder * Moving feroda atomic image to the bay driver folder * Fix typo in open-dcos.rst file * Load heat-params before setting nounset * Updated from global requirements * Remove unused POT files * Add Kubernetes section to User Guide * Gate: fix the credential object type error * Change here doc limit strings to fix EOF in EOF * Fix cli usage to get ca.crt and client.crt * Set 'nested\_depth=2' when calling heat.resources.list * Updated from global requirements * Run the unit tests to test magnum objects * First check whether output\_value is None * Duplicated parameter definition in template * Put fault info of bay resources into bay-show outputs * Delete duplicate statement * Support trustee\_domain\_name in config file * Fix get\_coe\_valodator() clear unused Validator * Fix indentation in install-guide * Updated from global requirements * [install] Add install guide from source * Update microversion header to include service type magnum * Fix string format in cmd/conductor * Remove service object * Spec for Open DC/OS and Magnum Integration * Add docker-storage-driver attribute to baymodel * Update swarm templates to use Heat resources * Fix Kubernetes-related deprecation in quickstart * Update for Swarm Bay quickstart docs * Add Bay Drivers specification * Updated from global requirements * X509keypair cleanup * Delete unused \_admin\_client variable * Updated from global requirements * Support using insecure registry for k8s COE * Fix an EndpointNotFound error * Updated from global requirements * Use fixtures.TempDir in unit tests * Remove pod object * Remove redundant utils code * devstack: fix magnum service name in is\_magnum\_enabled * Fix spelling error on get\_docker\_quantity method * Use oslo\_utils.is\_int\_like support * Use oslo\_utils.uuidutils support * Remove redundant exceptions code * Add accidentally deleted test\_hooks.py * Gate: fix tempest config error * Update Magnum service name and description * Updated from global requirements * Document usage of notifications * Add insecure\_registry column to baymoddel * Remove k8s APIs pod, rcs, svc and container API * Register k8s node but make it unschedulable * Add mesos\_slave\_executor\_env\_variables validate * Fix the swarm test for gate * Add Storage section in user guide * Updated from global requirements * Emit notifications when bay operations get executed * Fix two issues on k8s bay * Update Image section in user guide * Added "Choosing a COE" to user guide * Move k8s specific terms to k8s section * Code refactoring in conductor/k8s\_api.py * Honor insecure and cafile options in a trustee session * Updated from global requirements * Fix the quickstart guide for using kubectl * Updated from global requirements * Correct attribute name in TestListBayModel * Update documentation to use native APIs * Updated from global requirements * Cleanup in Mesos template * Add troubleshooting steps for trustee creation * Always expand Baymodel fields * Correct parameter order for assertEqual() method * Add mesos\_slave\_image\_providers validate * Corrected spelling mistake in quickstart.rst * Revert "Remove KUBE\_API\_PUBLIC\_ADDRESS" * Updated from global requirements * Enable TLS support for k8s CoreOS * Use the latest atomic image name * Start using fedora atomic images that live in our mirrors * Add mesos\_slave\_isolation validate * Add tox test for k8s coreos bay * Updated from global requirements * Fix parameter mismatch in CoreOS templates * Copy logs if test failed and bay nodes existed * Remove KUBE\_API\_PUBLIC\_ADDRESS * Update docs to use the latest image link * Replace tempest-lib with tempest.lib * Add docker registry support for swarm * Updated from global requirements * [Trivial] Remove executable privilege of doc/source/conf.py * Updated from global requirements * Functional: Add prefix when copy logs on failure * Update outdated doc index file * Cleanup some validation functions * Healthcheck Middleware * Add script to validate fedora atomic images * Heat params are different in swarm master and swarm node * Grab heat-params for debugging * Updated from global requirements * Enable Mesos Bay export more slave flags * Log copy for failed functional tests cannot be disabled * devstack: Use magnum-api and magnum-cond for services * Fix container-create memory not passed * Imported Translations from Zanata * Fix specs reference rst format * Remove constraints envs from tox.ini * Fix post jobs * Imported Translations from Zanata * Use k8sclient library * Gate: Remove neutron-lbaas devstack plugin * Functional tests should support DNS nameserver config * Fix bashisms in k8s conf minion template fragment * Fix bashisms in k8s os config template fragment * Docs: switch to neutron-lbaas plugin * Move project-configs to gate hook * Updated from global requirements * Fix bashisms found in swarm template fragments * Config docker registry in devstack * Add support for docker registry * Updated from global requirements * Fix the rst url format * Add subjectAltName back to CSR config * Fix bashisms found in shell scripts * Fix uuid cases with real UUID * replace wsexpose by magnum.api.expose.expose * Add script to install image build dependencies * Fix doc for certificate * Format template * update doc for ca-show and ca-sign * Notify Heat only if kube-apiserver is running * Update Kube version for latest image * Fix two issues that broke the gate * Updated from global requirements * Doc: fix flannel etcd key * Fix wrong parameter while creating bay * Use fedorapeople for getting fedora image * Fix an incorrect key path on copying logs * Bay can not be deleted by other users in the same project * Use trust for tls cert generation in swarm * Add cpu util to K8sMonitor * Add reno to Magnum * Updated from global requirements * Magnum's tox test should respect upper-constraints * Switch to Atomic 23 * Revert "Gate: fix AttributeError: load\_pem\_x509\_csr" * Update Using Container Volume Integration Feature doc * Add Container Volume Model into Kubernetes Heat Templates * Add cpu util to MesosMonitor * Generate fedora-atomic images using dib * Fix config error * Fix typos in Magnum files * Cleanup duplicated auth\_url in k8scluster/master template * Remove the "Patch" function * Use trust for tls generation * Fix usage of registering magnum endpoint * Fix bashisms in enable-kube scripts * Refactor Keystone client with keystoneauth * Remove unnecessary blank at command line usage * cleanup usage of LOG.debug in magnum * Add hacking check to ensure not use xrange() * Allow update baymodel's public field even if referenced * Cleanup container client api rewrite function * Release certs/trust when creating bay is failed * Allow show public baymodel * Use bay to init K8sAPI instead of bay\_uuid * Allow to parameterize image name in tests * Make kubernetes image version united into a variable * Gate: fix AttributeError: load\_pem\_x509\_csr * Raise OperationInProgres(400) when deleting bay conflict 2.0.0 ----- * Add flannel's host-gw backend option * Add the container volume integration document * The type of node\_count is number * Fix config parser error magnum-template-manage list-templates * Replace hardcoded eth0 interface in scripts * Cleanup dict usage in bay\_conductor * Pass host\_config if docker api version >=1.19 * Add Image Management section in User Guide * Add tests for container action policy * Functional: Remove unused log copying * Refactor bay\_conductor to split trust methods * Rename flavor name used in gate tests * register the config generator default hook with the right name * Fix baymodel with invalid parameter can updated * Replace deprecated LOG.warn with LOG.warning * devstack: Comment out some environment dependent neutron settings * devstack: Add python3.4-dev to quickstart prereqs * Remove the redundant code * Moved CORS middleware configuration into oslo-config-generator * Remove bandit.yaml in favor of defaults * Mark trustee\_domain\_admin\_password secret * Pass target in enforce * Bay status returns None initially after create * Spec for asynchronous container operations * Enable SELinux in swarm bay * Add setup methods for trust config in dev document * Add missing cinder\_client config * Functional test for flavor validation in bay creation * remove devstack/create\_magnum\_conf\_magnum\_network * Functional: Wait for swarm bay creation * Remove method which has no rpc calls * Load wsgi app(api) with paste.deploy * Revert "Turn selinux back on after cloud-init" * Fix log message error when create trustee failed * Functional: Set private key outside of remote\_exec * Updated from global requirements * Remove minion dependency on master * Add external\_network unit test for post baymodel * Add flavor\_id unit test for post baymodel * Add auth\_url * Magnum api show wrong bookmark link for baymodels * limit access to certificate and container:create * Fix baymodel with invalid parameter can created * Adds standardised error messages * Add Container Volume Model into Mesos Heat Templates * Fix Definitions part for container-networking-model.rst * Use obj\_attr\_is\_set to check whether an attr is set in oslo\_versionedobject * handle bytes list in api middleware * Correctly compare utf8 strings * Fix x509 cert generation python3 compability * Use str() to generate IOError exception message * Fix the jenkins run script * Ignore the generated config file * Add py34 to tox envlist * Copy logs on test failure * Add trust info * Add hidden attr to password in the Heat Templete * Use exception.faultstring instead of exception.message * Do not use translate to delete chars * Convert bytes to string in get\_id for python3 compatibility * Encode string before hash it * Use specific key to sort list of dicts * Use six.moves.reload\_module instead of builltin reload * Avoid compare None type using min() * Return correct object type * Fix api access with public acl routes * Get region\_name that volume\_driver rexray region\_name needs * Initial command-line interface documentation * Improved tests for updating bay properties * Remove unused attribute "ssh\_authorized\_key" * Add skipped RST files to toctree * Resource Quota - Introduce Quota Table * certificate sign with a non-existing cert should throw HTTP 400 * Remove redundant password when create create\_trustee * Remove duplicate X-Roles * Rename get\_rpc\_resource to get\_resource * Updated from global requirements * Added documentation to BayModel attrs * Add etcd troubleshooting * Add Flannel troubleshooting * Init oslo\_context before magnum context init * Updated from global requirements * Fix gate for client and devstack * Rename network driver name in Validator class * Avoid to create $SCREEN\_LOGDIR * Add trust info into heat params * Replace string format arguments with function parameters * Add master\_flavor\_id to baymodel data funtion test * Updated from global requirements * Add tempest logging to bay\_client and test\_bay helper methods * devstack: Comment out logging configuration * Add \`q-lbaas\` to manual-devstack.rst * Add missing test-requirements * Create a trustee user for each bay * Fix misleading M310 unit test outputs * Updated from global requirements * Fix string formatting bug * Cleanup unused conf variables * Updated from global requirements * Add magnum certificate api tests * Bay test cleanup * Reduce memory consumption of gate tests * Make bandit job voting * Turn selinux back on after cloud-init * Enable swift services * Fix invalid import order * Updated from global requirements * Fix gate issues with functional-api job * API: Move validate\_properties to REST API layer * Change BayModel#coe type to wtypes.Enum * Change Bay#status type to wtypes.Enum * Updated from global requirements * Remove node object from Magnum * Enable Tempest without devstack * Minor tweak to simplify api validator code * Correct internal links syntax error * Add more types of status to Bay's status * Revert "Fix socket descriptor leak" * Update functional test docs * Propose Magnum Resource Quota * Add Pod, Service, Replication Controller terms * Fixed a DBerror on reducing node\_count on bay * Update the spec for container network attributes * Troubleshooting Kubernetes networking * Add func test to validate baymodel-update referenced by bay * Removed unused config coreos\_discovery\_token\_url * Networking user guide * Replace logging with oslo\_log * Use keystone v2.0 in gates * Cleanup MagnumService Object usage * Add introduce doc how to generate magnum.conf.sample * Remove unused hacking rule from HACKING.rst * Add python 3 support * Validates baymodel volume\_driver patch requests * Validates baymodel volume\_driver requests * Fixed an issue that prevent kube-proxy to start * Add initial terminology definitions * Document how to create a CoreOS bay * Spec for trust * Use magnum-config-generator.conf to generate Magnum config sample file * Updated from global requirements * Remove dev prefix in magnum/doc/source/dev * Adds volume\_driver in db api * Fix typo in comment of several files * UT: cleanup in API test cases for response attr verification * Fixing typo in comment of several files * Revert "fixed\_network should be fixed\_network\_cidr" * Updated from global requirements * Improve Tempest credential provider usage * Fix the network\_driver update invalid parameter can be update * Add troubleshooting for network * Updated from global requirements * Add volume to Kub master * properly sign a certificate without bay name * Fix the CoreOS template definition * Remove redundant checks * Updated from global requirements * "notification\_driver" from group "DEFAULT" is deprecated * Fix the CoreOS Heat templates * Add initial documentation for troubleshooting gate * Imported Translations from Zanata * Change 404 to 400 when resource not found exception raises * Add debug testenv in tox * Updated from global requirements * Revert "Pass environment variables of proxy to tox" * Gate: Fixed an Unauthorized error on api tests * Add bay status attr value list for API consumer * Use oslo.i18n in magnum/api/controllers/v1/service.py * Enable test\_magnum\_service\_list\_needs\_admin * Do not use inner class of glanceclient * Do not use inner class of heatclient * Do not use inner class of novaclient * Fix ignored E711 rule and remove this exception * Proxy support for Mesos cluster * Remove unnecessary setting of default node\_count * Use bay name as Mesos cluster name * Delete negative case of create bay without name * Add the k8s and mesos proxy doc * Highlighted NOTE in dev document * Disallow updating baymodel when it is referenced * Fix doc comment for default value * Fix doc comment for \`baymodel\_id\` attr * A bay without name should be successfully created * Updated from global requirements * Add magnum bay api tempest tests * Propose Magnum Volume Integration Model * Add mandatory\_attrs to BayModelPatchType * Highlighted NOTE in magnum-proxy.rst * Added Keystone and RequestID headers to CORS middleware * Don't add exception in msg when using LOG.exception * Increase size of Docker volume size * Add policy enforcement unittest to magnum\_service * Add copying tempest.conf instructions to guide * Fix Docker storage configuration for Swarm * Update kube-ui to v4 * Updated from global requirements * Skeleton for User Guide * Fix the content of 'discovery\_endpoint' not show up in exception * Add proxy for mesos * Skeleton for Troubleshooting Guide * Add the lost M338 in Hacking * Fix socket descriptor leak * Swithc to using dynamic credentials in tempest tests * oslo\_messaging requires stop() before wait() * (Quick-Fix) Adds back tempest identity back to gate * Functional: Fix mesos baymodel creation case * Fixed the incorrect policy enforcement * WSGI enfore fails should return 403 instead of 500 * Updated from global requirements * Remove redudant code * HTTP 400 instead of 500 when Unicode Bay name * Correct wrong parameter passing when create k8s\_api in k8s monitor * Functional: Add mesos functional bay creation basic testing frame work * Do not use \_\_builtin\_\_ in python3 * Trivial: Remove vim header in source files * Use six.moves.reload\_module instead of builtin reload * Devstack: Fix typo of MANGUM\_GUEST\_IMAGE\_URL * Python 3 deprecated the logger.warn method in favor of warning * Raise exception when failed to get discovery\_url * Trival: Remove unused logging import * Devstack: support download ubuntu image * bay-show doesn't return stack\_id * Remove oslo-incubator code from Magnum * Use cliff instead of cliutils * Keep py3.X compatibility for urllib * SIGUSR1 is deprecated in Guru mediation * Migration to utilize tempest plugin * "lock\_path" from group "DEFAULT" is deprecated * Replace dict.iteritems() with dict.items() * Separate flavor between master and agent node * Gate: Fix docker swarm disconnect issue * Move swarm-agent out of swarm master node * Updated from global requirements * Make kubernetes API client generic * Gate: Attempt to fix a memory allocation error * Clean up baymodel query of usage from a bay * Object: Add BayModel as an ObjectField to Bay object * Errors in docker registry configuration * Enable docker registry in heat template * Gate: Fixed an empty service catalog error * Move Kubernetes proxy to the container * Remove baylock * API: enforce bay type when do rc/service/pod api actions * Update dev-quickstart.rst * Improve tox to show coverage results * Updated from global requirements * Change $LOGFILE path in configuration devstack * API: add filters when try to list containers * Object: Add filters to contianer list * Create trust\_id for bay * Handle the case that stack has no "outputs" * Always log if disconnect from docker swarm * Copy Docker containers configs/logs * Updated from global requirements * Add retrieve\_bay\_uuid in conductor\_utils * The type of number\_of\_masters should be int not string * Updated from global requirements * use wild card for passing env variables * Refactor image check in Baymodel * Validate image when create a Bay * Avoid to use common.cert\_manager directly * Swarm: Cleanup of swarm heat template * Avoid to use keystone CLI in doc * Fix mesos monitor for handling multiple masters * Make consistent usage of mock.patch decorators * Refactor keypair existence check in Baymodel * Consolidate code for docker conductor tests * Enable HA mode for mesos bay in Magnum * Enable HA mode for mesos bay in Heat templates * Fix wrong exception messages * Add Kubernetes podmaster * Add Kubernetes UI * Share get\_discovery\_url in templates * Performance: leverage dict comprehension in PEP-0274 * Remove Python 2.6 classifier * Functional: only copy logs on exception * Objects from Bay - Pods * Add missing bay\_create\_timeout to bay object * Wait more time after swarm bay creation before doing functional testing * Hide user credentials * Register neutron client option * Functional: Raise Exception if bay created failed * Remove circle reference * Swarm: Add swarm master HA support * Document how to download the mesos image * Objects from Bay - Services * Decoupling magnum service from periodic task * Optimize "open" method with context manager * Validate keypair when create a bay * Fix typo in db api doc string * Fixes for magnum objects doc string * Add support to set env to a container * Validate external network when create a bay * Updated from global requirements * Functional: Use Magnum client to test container actions on Swarm bay * Swarm: Split swarm.yaml to swarmcluster.yaml and swarmmaster.yaml * add neutron client support * Remove hardcoded default docker client setting * Docs: specify --docker-volume-size for swarm bay * add unittest testcase for Openstack Nova client * Validate baymodel's flavor when create a bay * Fixed typo in the dev guide for Mesos * Remove temp fix for new oslo.versionedobjects * Add a global var to maintain swarm version * Improve yml template test case * Chmod enable-etcd.sh 1.1.0 ----- * Record diagnostic info from bay nodes * Swarm: add proxy for etcd service * Remove typo in magnum-proxy.rst * Functional: Add container creation/deletion on swarm bay * Adding dev-notes for try-catch block in periodic task * Cleanup baymodel operations in conductor api * Updated from global requirements * Refactor Mesos templates * Adds Magnum Container Network Model to Swarm * Changes Swarm Bootstrapping from Public to Etcd * Pin oslo.versionedobjects version * Add support for different disk bus * Updated from global requirements * Import option before using it * Bay: Update node's ip addresses even bay creation failed * Updates Swarm Heat Templates to Support Container Network Model * API: use baymodel\_ident to update a baymodel * Make bandit included in test-requirements.txt * Updated from global requirements * Add mising requirements * Adds Cinder Volume Support to Swarm Bay Type * Objects from Bay - Replication Controller * Delete kube-register * API: Add debug message for every API call * Save functional testing files after testing done * Fix typos * Add the description of the output parameters to the Mesos * Remove unused opts * Monitor driver for mesos bay type * Updated from global requirements * Add functional test cases for swarm baymodel/bay * Add Magnum config for default network driver per COE * Make server.key/client.key as private in k8s node * always use constraints * Add -constraints sections for CI jobs * Swarm: Add TimeoutStartSec=300 to docker service * Updated from global requirements * Add iptables rule to listen m-api * Create BayModel with provided(VM/BM) server type * Rename heat-kubernetes, heat-mesos, docker-swarm * Generate missing baymodel sample configs * Update deprecated option for docker * Functional: Add testcase of tls\_enabled bay creation case * Update functional testing doc * Swarm: Add description for Heat Template output * Removed old k8s python client * Update usage of glance client * Swarm: Map master address to api\_address based on TLS * Added 'master\_addresses' to Bay in API * Removed personal SSH key name and assigned value as testkey * Unify common output keys across Heat templates * Minor fixes for the functional test guide * split out k8s and api functional testing * Object: refacor of x509keypair.py * Replace oslo\_utils.timeutils.isotime * Devstack: Use HOST\_IP to set MAGNUM\_SERVICE\_HOST * Revert "Fix the neutron-lbaas agent config" * Update functional test document * Fix typo error * Enable network services at Kub master * remove default=None for config options * Add support for allowable network drivers configuration * Use oslo\_config PortOpt type for port options * use importutils in monitors.py to avoid cyclic imports * Document how to run functional test locally * Monitor driver for k8s bay type * timeutils.utcnow should be used instead of datetime.datetime.utcnow * Imported Translations from Zanata * Fix the neutron-lbaas agent config * Use \_assert\_has\_(no)\_errors() in hacking tests * Added CORS support to Magnum * Improve tox.ini to easy developer's life * Raise exception when adding an existed attribute while update bay * Use assertIn and assertNotIn * Improving comment in monitors.py * Use assertIsInstance instead of assertTrue(isinstance(a, b)) * Avoid JsonPatch twice * Use assertIsNotNone instead of assertEqual(\*\* is not None) * Use assertTrue/False instead of assertEqual(T/F) * Updated from global requirements * Use assertIsNone instead of assertEqual(None, \*\*\*) * Add bay filter to container * Upgrade to Swarm 1.0.0 (production ready release) * Fix argument order in assertEqual to (expect, obs) * Use oslo\_config IPOpt support * Update devstack doc to cover the latest atomic image * Remove unnecessary parameter * Fix the failure to scale-down k8s cluster * Fix exception when create bay failed * The default of filters should be an empty dict * Fix k8s CLI to work with Bay name * Kubectl configuration for certificates * Refactor MagnumException to reduce complexity * Refactor config setup to reduce complexity * Refactor periodic task sync\_bay\_status * Reduce complexity of poll\_and\_check method * Add functional\_creds.conf to .gitignore * Add doc8 to pep8 job * Some improvement in swarm cluster add-proxy.sh * Fix docker proxy config file not correctly seting on k8s master * Cleanup template formatting * Add proxy for k8s 1.0.0.0b1 --------- * Some fixes or improvements of quickstart guide * Several fixes for the TLS guide * Fix incorrect usage of CertManager in k8s\_api * Split test\_bay\_conductor tests * Fix a 409 failure on bay-update * Open port 6443 in security group for k8s bay * Fix bay-create failure without "name" * Fix registration failure caused by TLS support * Document how to enable barbican in devstack * Fix command line in document example * Fix swarm monitor exception * Read auth\_uri from config file and remove is\_public\_api * Move security group setting to kubecluster.yaml * Upgrade to Swarm 0.4.0 (latest) * Update Kubernetes examples * Added a guide to explain how to use secure Kubernetes API * Fix wrong doc output * Adding new test case to do heat yaml file validation * Fix mesos build image error * Fix order of arguments in assertEqual * Fix order of arguments in assertEqual * Fix order of arguments in assertEqual * Fix order of arguments in assertEqual * Fix order of arguments in assertEqual * Functional tests for magnum service * Modify admin\_api policy rule * Baymodel create should allow no network\_driver specified * Fix an occasional 400 error on functional gate * Pull metrics by using TLS enabled client * Update and clarify redis examples in quickstart * Make Kubernetes API call secure * Fix typos in document * Add TLS support in heat kubernetes * Fix comment container delete should accept both uuid/name * Move 'docker\_for\_container' to a common module * Move k8s resources test to TestKubernetesAPIs * Fix swarm bay failure reporting * Enabled ceilometer using plugin model * Update Dev Quick-Start links to officail docs * Fix D001 Line too long error * Allow container memory size to be specified * Fix double-wrapping of exception in conductor * Fix TypeError at magnum API for service-list * Minor documentation correction * Add TLS support to container handler * Adding support for public baymodels * Remove unnecessary util method temporary\_mutation * Add versioned objects to docs.openstack.org * Adding Documentation for use of proxies in magnum * Remove name from test token * Set up temp files containing client TLS certs * Use dockerpy logs operation instead of attach * Reduce complexity of filter methods * Rename "insecure" to "tls\_disabled" * Swarm: Set to CREATE\_FAILED status if swarm services not started * Swarm: Fix NODE\_SERVICES in template * Remove unused DB API get\_rcs\_by\_bay\_uuid * Documentation update for 'magnum service-list' * Configure Ironic for Kubernetes load balancer feature * Configure CoreOS for Kubernetes load balancer feature * Configure Fedora Atomic for Kubernetes load balancer feature * Remove unused DB API and Service object API * Fixes Neutron security groups for Swarm Bay type * Removes --tls flag from docker and swarm-manager daemons * Adding API support for magnum service * Implement bay monitoring and notifications * Fix E251 unnecessarily ignored pep8 rule * Add details to developer quick-start Mesos section * Add heat template plugins to documentation * Create master tmptls for k8s ironic/coreos bay * Make network-driver check based on COE type * Add bay\_uuid to RC Read/Write API's * Add bay\_uuid to Service Read/Write API's * Add bay\_uuid to Pod Read/Write API's * Introduce BayType that declares valid COEs * Backend support for magnum service * Migrate to Kubernetes Release 1 (docs) * Update Developer Quick-Start to Kubernetes 1.0 * User guide for Kubernetes external load balancer * Adds client test for labels * Fixes Kubernetes Pod and Service Manifest Examples * Fix container status when showing a paused containers * Functional: Split python client functional testing case * Swarm: move write-docker-service.sh before other configure scripts * Move the code for local cert to the right place * Remove unused DB API and Pod object API * Swarm: Add configure-swarm.sh to configure docker-storage * TLS integration for latest pythonk8sclient * Add TLS to Docker-Swarm Template * Eggnore the .egg directory * Remove ERROR\_ON\_CLONE references * Enable barbican cert manager in devstack * Use api version 1 to set image property * Add TLS support in Magnum * Use --max-complexity flake8 rule * Fix H405 and E131 ignored pep8 rules * Unwedge the gate by only enabling barbican once * Fix container action debug log not accurate * Docs update for new fedora atomic 1.0.4 * Fix funtional gate: specify missing network\_driver * Sync the description with Kubernetes Release 1 version * Code refactor for keystoneclient * Add registry to template * Functional tests with Tempest - BayModel CRUD * Validates baymodel network\_driver requests * Change ignore-errors to ignore\_errors * Migrate to Kubernetes Release 1 * Enabled ceilometer services using new model * Adds labels support to baymodels * Fix naming of variables/classes in tests * Updated from global requirements * Adds network\_driver Support of Container Network Model * Refactors Heat templates for Container Networking Model * doc8 all documentation and fix doc style * Add registry\_enabled to api and db * Readme : Change swarm\_manager to swarm\_master * Temporarily remove dependency on package certifi * Change swarm\_manager to swarm\_master * Allow unicode text as CSR * If headerParams = None, don't use it to .update() * Fix calling parameter at get\_cert/delete\_cert * Add a link versioned object document * Update documentation for generating k8s v1 client * Avoid to use eval in pythonk8sclient * Fix missing value types for log message * Check file existence in local cert manager * Add test to local\_cert\_manager * Update swarm discovery url * Delete certs while deleting bay * Enable Barbican in devstack * DB Migration does not work for SQLite backend * Add version hashes to enforce version updates * Swarm agent to get templated proxy values * Porting function\_exists to post\_test\_hook.sh * Cleanup Baymodel correctly when Teardown TestKubernetesAPIs * "keypair\_id" should be existent when creating a baymodel * Checkout generated k8s client * Add documentation for testing objects * Fix typo in magnum/common/x509/config.py * Fix wrong parameter passed to heat-params * Conductor: Remove \_update\_stack\_outputs from bay\_conductor * Fix heat-mesos README * Fix retrieving ca\_cert * Change instructions to use get-pip * Modify log message * tox: rm all pyc before doing unit test * Code refactor for ConfFixture * Add Certificate controller for TLS support * Generate certs while creating bay * Add a tool to manage x509 objects * Add CertManager to store CA and client certificate * Fix keystone client usage in barbican client * Enhanced error checking in get\_discovery\_url * Updates the node count key for all types of bay * Updated from global requirements * Remove retrieving external-network-id * Introduce unit test for genconfig * Fix missing sql\_opts * Fix the hard-coded etcd cluster size * Fix jenkins failure for image not found * Change manager to master in docker-swarm * Indirection API implementation * Fix the link for Docker Remote API * Change bay.\*\_cert\_uuid to bay.\*\_cert\_ref * Fix the representation of REST * Change grep option dev-build-atomic-image.rst * Fix method and parameter descriptions * tools/colorizer.py is not used anywhere * Add explicit requirement for decorator module * Add field for container status * Add UNKNOWN constant to container statuses * Removing unused dependency: discover * Sync bay status reason in periodic task * Move 'all\_tenants' options to context * Enable Magnum to send notifications via RPC * Correct exception raised in few db APIs * Use oslo.versionedobjects enums instead of status strings * Add cert\_uuid attributes to Bay in db * Updated from global requirements * Add port type on port option * Doc update for 'magnum coe-service-\*' * Updated from global requirements * Unify using of migration tools * Set project\_id and user\_id from context directly * Enable barbican in devstack * Gate failure due to introduction of new WSME 0.8.0 * proxy-blue print for docker swarm * Fix unit test for replication controller * documentation: fix formatting * Remove retrieving external-network-id * Updated from global requirements * Remove deprecated config 'verbose' * Add roles to context * Remove hardcoded config file in error message * X-User is deprecated and X-Storage-Token is useless * Add default for node\_count and bay\_create\_timeout * Fix wrong usage of filters in periodic task * Add 'master\_addresses' attribute to bay * Add required packages to Developer Quick-Start guide * Updated from global requirements * Fix replication controller unit test sample record * Rename wraper to wrapper * Fix race condition in bay\_update * Adding more information in dev-quickstart.rst * Remove unsed file magnum/config.py * Added gcc in OS-specific prerequisites * Enable ceilometer in devstack * Updated from global requirements * Check before \_update\_stack * Add X509KeyPair controller and conductor * Sets FLANNEL\_ETCD to 127.0.0.1:2379 * Provides correct master IP address for kube-proxy * Updated from global requirements * Use magnum specific flavor * Fix typo in dev-build-atmoic-image.rst * Updated from global requirements * Magnum Container Networking Spec * Switched to Ubuntu 14.04 LTS (Trusty) base image * Fix race condition when syncing bay status across conductors * Make simultaneous bay deletion workable * Updated from global requirements * Add docker method for building mesos image * Add a new field 'master\_count' to bay in API * Updated from global requirements * Unify templating style between templates * Added X509KeyPair object and data model * Remove redundant code about fake\_policy * Use new docker apt repos * Add barbicanclient support in Magnum * Make doc use automatic install and consistent url * Update test cases for test\_bay.py and test\_baymodel.py * API: Handler exception when doing container-list * Updated from global requirements * Fix the string type in k8s templates * Set default node\_count to 1 * Remove coding:utf-8 * Correct the usage of decorator.decorator * Remove XML parsing code from magnum * Add test cases for pagination marker * Instruction for building Fedora Atomic image * update comments in k8s template * Add a new field 'master\_count' to bay in DB * Put kube\_master into a resource group * Bootstrap etcd cluster by discovery\_url * Configure IP tables in devstack plugin * Remove \_\_name\_\_ attribute in UserType * Remove redundant argument in container\_create api * Updated from global requirements * Add magnum\_url method to clients module * Replace etcd ports by its offical ports * Split TemplateDefinitionTestCase to different test case * Some parameter in heat template should be string * Remove incorrect variable in etcd.conf * Add tests for rpcapi container methods * Register kube minions through load balancers * Make k8sclient use the load balancer address * Add test\_policy\_disallow\_detail case for bay/baymodel/node/pod * policy check for container * policy check for service * policy check for rc * Register glance client and other options * Change ca to ca-cert for consistency in k8sclient * Updated from global requirements * Correction for the container-name * Port upstream commit "keep chasing etcd" * Clean up miscellaneous help strings * Add context to TemplateDefinition.extract\_definition * Fix permission error on running periodic task * Update manual guide to not harcode br-ex * Disable expansion for cat commands work as expected * Add guru meditation report for magnum * Do not inspect contianer doesn't exist * Set default of number\_of\_minions to 1 in comments * Contextlib.nested is deprecated * Remove redundant codes * Remove redundant code from FunctionalTest class * Updated from global requirements * Rename "k8s\_master\_url" to a better name * Remove unused oslo-incubator modules * Fix error related policy.json file * Updated from global requirements * Fix the wrong platform usage * Derive the public interface * Remove redundant section about setting up venv from quick-start * Remove redundant code from magnum.test.utils * Replace tearDown with addCleanup in magnum unit tests * Remove duplicate app loading * Remove H302, H803, H904 * Add periodic task to sync up bay status * Use a simple way to determine whether a wsme type is null * Add load balancers in front of kube-master node * Updated from global requirements * Rename PeriodictTestCase to PeriodicTestCase * Add template definition of Mesos bay * Updated from global requirements * policy check for pod * Add manual links into dev-quickstart.rst * Remove redundant FunctionalTest class * Remove a redundant file * Remove redundant commas * Updated from global requirements * Code refactor for tests/unit/db/test\_baymodel.py * Remove unused file in heat-kubernetes template * Remind the user when sort\_key is invalid * Remove setUp function * Fix setup of tests to remove intermittent failure * The nullable parameter is not necessary * Updated from global requirements * Add return value to mocks to allow serialisation * Clean up getting started docs * Updated Magnum documentation * Add \`sudo\` before \`docker\` command on dev docs * Use constraints * Remove unnecessary codes * Drop XML support in Magnum * Remove redundant Copyright text from heat-mesos * Override \_setUp instead setUp when we use fixtures.Fixture * Enable Load-Balancing-as-a-Service in devstack * Temporary work around of functional test failure * Use the pythonic way to catch exceptions * Add .DS\_Store to .gitignore * Eliminate mutable default arguments * Fix unit test failure * Add documentation for smart scale down feature * Implement bay smart scale down * Fix old network\_id usage * Code refactor for prepare\_service * add .idea to .gitignore * Make ironic templates working * 'nose' is no longer required for testing Magnum * Validate bay type on creating resources * Remove unreachable code in API utils * Check for Python 2 when using unicode builtin * Fix minion registration failure * Docker container-create fails with Unicode is not supported * Modify k8s template to support removal policy * Fix the function "wrap\_exception" * Remove duplicated definition of class "APIBase" * Fix sample link in magnum/api/controllers/link.py * Remove unused fields "from\_\*" from API controller * Upgrade code to be python 3 compatible * use bdict instead of cdict for baymodel testcase * pass baymodel date instead of bay data for baymodel create request * Fix os-distro property name to os\_distro * Move conductor common implementations into module * Backport "docker\_volume\_size should be numeric" * Backport "tie minion registration to kubelet activation" * Update heat policy.json * Add periodic task framework * Swith auth\_uri to use v2.0 * Updated from global requirements * policy check for node * Updated from global requirements * Adding functional test cases for Kubernetes APIs * Devstack: Add admin creds in magnum.conf * port to oslo.service * Make swarm work with atomic image * remove duplicate option settings * Add elements for building a Mesos bay node image * Add 'host' field to Pod object * Replace dict.iteritems() with dict.items() * Adds TLS support in pythonk8sclient * Add Bay.list\_all method to allow admin context to query all tenants bay * Fix unit test case error * Updated from global requirements * Backport "configure docker storage correctly" * Backport "docker group is no longer used" * Backport "docker.socket is no longer used" * Fix the wrong number for minion node * Support use admin creds in KeystoneClientV3 * Add make\_admin\_context to Magnum context * Not need to use bay uuid * DB: Support filter\_by status in get\_bay\_list * Create new k8s\_api instance on every calls * Rename image\_id to image in container object * Object: pass filter to bay list * Updated from global requirements * Unknown type 'any' in pythonk8sclient removed * Updated from global requirements * Attempt to fix functional gate test * Web Interface for Magnum in Horizon * policy check for baymodel * Add documentation for how to scale a bay * Backport "doc update -- this is no longer tied to Fedora 20" * Handle Interrupt in conductor service * Update changes in container-create command in quickstart * Correct Hacking rule code * Update config example * Fix the kubernetes opts * Add oslo.policy namespace * Add hacking rule framework for magnum * Updated from global requirements * Add test case for bay policy check * Eliminate eval from swagger.py in k8sclient * Make quickstart more consistent * Modify magnum api context to use user\_name and project\_name * first policy check for bay * enhancement for the common policy enforce * Backport multiple template fixes * Backport "Cleanup the templates" * Backport "Avoid usage of deprecated properties" * Pass environment variables of proxy to tox * Consolidate repeated codes in test\_bay\_conductor * Minor improvement of the quickstart guide * Fix an error on generating configs * Initial Heat template for Mesos * Update quickstart to point to kubernetes 0.15 and v1beta3 manifest * Fix the KeyError and change type 'any' in k8s client code * Return proper response object in Kubernetes APIs * Add test to API Version object * Unify the conductor file and class naming style * Remove major version checking * Cloud driver is not needed * Refactor magnum functional test to add Kubernetes API test * Updated from global requirements * Changes container\_execute to container\_exec * cleanup openstack-common.conf and sync updated files * Updated from global requirements * Remove unused PodFactory class and add parent class for Pod * NotAcceptable exception should be 406 * Fix ignored E121 to E125 pep 8 rules * Add support for API microversions * Add netaddr to requirements * Fix RequestContext's to\_dict method * Remove unused files that used kubectl * Improve unit test code coverage of test\_utils * Updated from global requirements * Add different version support for docker-py * Updated from global requirements * Add license header to swagger.py * Remove IPv4AddressType validate function in magnum * Updated from global requirements * Fix the i18n import * Fix return IPv4 address after validation * Remove old hack for requirements * Fix method signatures unmatching in db api * introduce policy for magnum * Added kube\_register file which required by configure-kubernetes-minion.sh * Add status\_reason field to bay * Passing posargs to flake8 * Change value for logging\_context\_format\_string option * Fix continuation line under/over indented problems * Use oslo.log instead of oslo.incubator log module * Fixing import error in kubernetes client code * Use new docker exec call * Backport "added required id: top-level key" * Backport "Replace CFN resources with heat native" * Semi-Backport "successfully add new minions via stack-update" * Manually import all pot files * Improve dev-quickstart documentation * Improving Unit Test coverage of k8s\_manifest * Use the status defined in bay object Status class * Only define RequestContextSerializer once * Rename bay\_k8s\_heat to more general name * Backport "fixup! added script for dynamically registering a minion" * Backport "added script for dynamically registering a minion" * Backport "minor updates to README" * Backport "added some output descriptions" * remove allow\_logical\_names check * Reorder requirements into ascii-betical order * Correct the wrong parameter pass * Fix the doc format * Catch common Exception in container conductor * Backport "kubenode -> kubeminion" * Setup for translation * Add missing dependencies (from pip-missing-reqs) * Add more note when play magnum with devstack * Add wait condition on swarm services in swarm bay * Remove unused methods and functions * Make functional test work with new tox env * Fix the docker build image issue * Avoid hard-coded UUID in quickstart guide * Fix the ipaddress validate issue * Fix doc according to devstack support * Update docs and some files to remove kubectl * Updated from global requirements * Create container json file under home directory * Remove unused parameter * Added support of Kubernetes API in magnum * Correct a spelling error in quickstart guide * Remove dependency on python-kubernetes * Keypair\_id should be a required option when creating a baymodel * Image\_id should be a required option when creating a baymodel * Add support for container status * Make docker volume config more resilient * Allow container name as identifier in API calls * Move VersionedObject registration to the new scheme * Use oslo.versionedobjects remotable decorators * Make MagnumObject a subclass of Oslo VersionedObject * Fix the container delete uuid issue * Update quickstart guide to v1beta3 manifests * Update service manifest parsing according to v1beta3 * Configure minions properly * Removing unused code in docker\_client * Make Docker client timeout configurable * Move our ObjectSerializer to subclass from the Oslo one * Add local.sh to dev guides * Remove oslo config warnings * Remove trailing spaces in container-service.rst * Update rc manifest parsing according to v1beta3 * Update rc support a manifest change * Update service support a manifest change * Delete swarm bay also delete related containers * Improve validation on baymodel api calls * Add unique column constraints to db 2015.1.0 -------- * Add image name support when create a baymodel * Functional tests for listing resources and templates * Remove cluster\_coe from magnum conf * Add string length validation to names in APIs * fixed\_network should be fixed\_network\_cidr * Remove cluster\_type from conf and Update conf example for opts changes * Add full name of coe to README * Image distro not updated when magnum configured with devstack * Print right message when OSDistroFieldNotFound exception raised * Update Kubernetes version for supporting v1beta3 * Update pod manifest parsing according to v1beta3 * Bay show return api address and node addresses * Add coe attribute to BayModel * Fix the genconfig issue * Fix keyerror issue when create baymodel * Exit the poll loop when bay update failed * Fix bay\_create\_timeout not specify issue * Change from kubernetes 0.11 to 0.15 * Invalid JSON in dynamic registration of minion * Log the reason when bay create or delete failed * Add http:// prefix to kubelet api server * Add etcd 2.0 config file support * Implementation of Cluster distro for baymodel * Fix the versionedobject version issue * Add timeout parameter to bay create * Use container's bay for docker endpoint * Use proper rpcapi in Containers API * Correct spelling mistake in dev-quickstart * Add bay\_uuid attribute to Container model * Remove duplicate replacePod API * Update requirement to fix gate error * Allow rc-update with rc name also * Allow service-update with service name also * Allow pod-update with pod name also * Add command field for container * Add Swarm TemplateDefinition * Move our ObjectListBase to subclass from the Oslo one * Start the conversion to oslo.versionedobjects * Load definitions without requirement checking * Update swarm template for latest atomic image * Add return vlaue judge * Add return response in some of Kubernetes APIs * Correct ImportError in python-k8sclient code * Fix the doc wrong refer marker * New docker-py needs a later version of requests library * Enable Kubernetes v1beta3 API * Update pod support a manifest change * Fix typos and add Glance need * Fix requirements to fit for gate test * Update conf example file * Update dev quick start * Add template test for gate job * Not call dockerclient-api del none exist container * Remove exit from conductor * Implement baylock in conductor for horizontal-scale * Enabld conductor check new template path * Implement listener API for conductor horizontal-scale * Sync heat status to magnum when max\_attempts exceeds * Validate scheme used in urlopen * Remove unsafe usage of eval * Use yaml.safe\_loader instead of yaml.loader * Implements: Fix bug 1442496, add more info in logs * Objects changes for horizontal-scale support * Database changes for conductor horizontal scale * Implements: Fix typos in containers-service.rst * Update bandit for new usage requirement * Use new location for atomic images * Add Template Definitions * DRY Up The Exception Module Tests * Fix the localrc issue * Adding support of python-k8client * Remove contrib directory for devstack * Add Bandit security lint checking via tox * Add a few more operations in post\_test\_hook.sh * Update dev-quickstart doc to match new devstack model * Add glance support in magnum * Add heat for manual steps * Enable Heat services in Devstack settings * Adding a functional test that uses python-magnumclient * Disable test on non-supported environment * Raise more generic exception in bay\_update API * Allow bay-update with bay name also * Add tox functional target * Remove useless exception * Destroy the related resources when delete a bay * Sync heat stack status when delete bay * Add tests for docker conductor * Compare to the right heat status when bay CREATE\_FAILED * Convert to new DevStack plugin model for functional testing * Make room for functional tests * Add tests for docker container * Fix some typos in magnum document * Fix pod tests in kube handler * Rename bay's minions\_address to node\_addresses * Add service test for kube handler * Add more tests for kube handler * Fix the parameters mismatch * Specify region while creating magnum endpoint * Remove unused code in kube handler * Update magnum document to use openstack as namespace * Remove downgrade from existing migrations * Update .gitreview for project rename * WaitCondition timeout attribute should be a number * Reflect client change which is name based management * Add kube pod tests in kubeutils * Add kube service tests in kubeutils * Add kube rc tests in kubeutils * Support keystone regions * Add tests for kubeutils rc * Add tests for kubeutils service * Remove unused code * Rename bay's master\_address to api\_address * Add a spce between the words of feature and set in the spec file * Add os support * Update pod\_delete call for new log message * Modify documentation to point to kubernetes-0.11 atomic image * Handle heat exception in create\_stack * Fix a small architectural error * Removing duplicate service definition * Sync with latest oslo-incubator * Fix an issue on updating bay's node\_count on DB * Fix typo in magnum/magnum/common/rpc?service.py * Allow baymodel name when bay is created * Update quickstart doc * Changed kubectl command to delete rc in magnum * Adjust Gerrit workflow Link * Allow baymodel resource management by "name" * Allow rc resource management by "name" * Allow pod resource management by "name" * Allow service resource management by "name" * Fix typo in magnum/doc/source/dev/dev-manual-quickstart.rst * Fix typos in magnum/specs/containers-service.rst * Remove non-ascii characters in magnum/doc/source/dev/dev-quickstart.rst * Fix the wrong path in the dev-quickstart.rst * Assign docker-volume-size to baymodel in document * Fix the wrong image name * Allow bay resource management by "name" * Fix the token in stack creation issue * Remove beaker.yaml * When polling heat set bay status * Fixed path in Devstack plugin README * Add docker\_volume\_size in the kubecluster-coreos.yaml template * Allow specification of ssh authorized key and token url for coreos * Add devstack module to contrib * Make resource creation fail when no 'id' in manifest * Make resource creation return 400 with empty manifest 2015.1.0b2 ---------- * Make service\_create return 400 with invalid json manifest * Make rc\_create return 400 with invalid json manifest * Make pod\_create return 400 with invalid json manifest * Add Heat tasks * Pull updates from larsks heat-kubernetes repo * Fix doc typo and make style consistent * Fix an error on cloning kubenetes repo * Make service\_create return 400 status on empty manifest * Requirements List Updates * Update dev-quickstart.rst * Change default path of kubecluster.yaml to absolute one * Fix the missing magnum dir creation * Remove unused ironic handler * Correctly delete replica controller * Improve logging in kube handler * Move folder heat-kubernetes to magnum/templates * Correct doc format * Add master flavor * Added requests in requirements * Introduce a coreos for heat-kubernetes in magnum * Support i18n log format for error in magnum * Allow specification of fixed\_network * Patch timeutils from oslo\_utils * Support i18n log format for warning in magnum * Support i18n in magnum * Register all magnum exceptions in allow\_remote\_exmods * Allow specification of docker volume size * Implement a Heat k8s template for Ironic * Catch PodNotFound during pod\_delete and continue * Fix BayNotFound error on deleting replica controller * Change link of quick start to git.openstack.org * Create heat template for docker-swarm bay * Allow pod delete to succeed when not found on bay * Fix typo in openstack-common * Fix MagnumException for parsing custom message * Allow Json patch to take an integer value * Fix docker client server mismatch * Fix the wrong parameter * Disallow bay-create with non-positive integer * Do not call get\_json() in TestPost * Update requirement * Fix the wrong number * Remove # -\*- encoding: utf-8 -\*- from some python files * Remove get\_xxxinfo\_list from magnum * Move bay defintion extraction code * Implement update bay node\_count * Add status attribute to bay * Pull in updates from larsks heat template repo * Change replicas to 2 in dev quick start * Move variable attempts\_count to local scope * Change ctxt to context to for consistency * Container logs should use HTTP GET other actions use PUT * Refactor bay\_create at k8s conductor * Remove imports from oslo namespaces * Change ctxt to context to for consistency * Freshen up the magnum conf file * Tech Debt: Fixed code alignment issues * Change command for creating a virtualenv * Cleanup code and remove newly ignored hack rules * Keep up with the global requirements * Adding python-kubernetes to requirements * Update quickstart-dev guide * Add tests for Node Rest API * Add tests for Replication Controller Rest API * Remove API get() for some magnum objects * Enable multi tenant for k8s resource get\_xx\_by\_id * Enable multi tenant for k8s resource get\_xxx\_list * Enable multi tenant for two k8s resource operation APIs * Removed container\_id from container api * Add tests for Service Rest API * Enable multi tenant for get\_pod\_by\_uuid * Fix and clean up Container api * Add project\_id and user\_id to service and rc * Add project\_id and user\_id to pod * Clean up codes in node API * Consolidate codes for k8s resources api * Fix and clean up Container api * Enable multi tenant for get\_xxx\_by\_id * Enable multi tenant for get\_xxx\_list * Enable multi tenant for get\_xx\_by\_uuid * Don't use deprecated auth header * Add tests for Pod api * Correct typo for function name * Remove redundant query from get\_bay\_by\_uuid * Pull RequestContext Patching Into Test Base * Use real context for db test * Update doc string for api base.py * Ensure auth\_token\_info present on RequestContext * Enable bay delete support multi tenant * Persist project\_id and user\_id for baymodel object * Add tests for Bay API * Persist project\_id and user\_id * Fix manifest url doesn't work * Fix and clean up ReplicationController api * Fix and clean up codes at service api * Fix and clean up codes at Pod api * Add project\_id and user\_id to db query filter * Fix the stamp parameter in db-manage * Make db-manage instructions same as usage * Rename test\_baymodels.py to test\_baymodel.py for db test * Fix and clean up BayModel and Bay api * Point to proper quickstart guide in index.rst * Fix documentation to display on git hub correctly * Add a DB management README * Add project\_id and user\_id to magnum objects * Rest back objects for test\_objects * Update the conf sample file * Fixed typos * Fix the miss opts in genconfig * Devstack is broken with heat/juno branch * Reduce resources required to launch example * Add documentation about installing kubectl * Make sure no duplicate stack name when creating k8s bay * Improve the quickstart guide * Claim tested OS/version on quickstart guide * Neutron is required by Magnum not Ironic * Add more tests for test\_objects.py * Add devstack neutron configuration link to quick start * Make the quickstart guide to work * Add a link for "Getting Started Guides" * Allow deletion of rc/service/pod if stack has been deleted * Delete bay independent of presence of heat stack * Rename "ackend" to "conductor" * Remove automatic deletion of failed stacks * Remove redundant information * Log error and exit if templates are not installed * Add note about heat finishing the job before continuing * Port NoExceptionTracebackHook from Ironic * Get rid of = and replace with space * Change Service name to magnum * Use sudo in installation of templates * Port parsable error middleware from Ironic * Fix \_retrive\_k8s\_master\_url * Rename \`resource\`\_data/url attributes to manifest/manifest\_url * Make replication controller delete working * Fix the typo in specs * Fix deprecated warning for oslo.serialization * Set replication controller name from rc manifest * Update developer quickstart * Implement bay deletion on api * Sync from oslo requirements * Add rc\_data support for magnum replication controller * Implement service deletion * Set service name from service manifest * Enable kube.py get k8s api server port from baymodel * Implement pod deletion * Set pod name from pod manifest * Add parser for k8s manifest * Parse stack output value for bay * Remove apiserver\_port attribute from bay\_definition * Add tests for baymodel rest api * Fix the list of unset fields in baymodel * Add max\_limit to sample config * Update the sequence for master\_address and minion\_addresses * Correct the typo in dev-quickstart.rst * Add tests for objects * Add apiserver\_port to BayModel * Add some test for magnum objects * Remove inappropriate exceptions and their usages * Add use case: Permit use of native ReST APIs * Implement service creation * Implement pod creation * Fix dbapi method \_add\_baymodels\_filters * Raise on deleting a referenced baymodel * Update README.rst * Docker: Pull Image Before Container Create * Adjusted README to add ReplicationController * Implements k8s resource creation/updating with data * Add some comments for delete logic in bay\_create * Add master endpoint support to kube\_utils.py * Add unit tests for dbapi of Node and Container * Add more unit test for replication controller * Add unit tests for the conductor AMQP API * Remove usage of BayLocked * Add missing Exceptions * Add bay\_uuid for replication controller * Fix the opts in genconfig issue * Add test and refactoring on bay\_create * Remove ctxt from RPC API * Remove ctxt from rpcapi for pod create * bay-create does not need ctxt on the rpcapi side * Add oslo concurrency namespace * Add tests for Pod and Service on dbapi * Add DB unit test for JSONEncodedDict and JSONEncodedList * Make bay, service and pod show call db directly * Make baymodel operations working * Add ctxt for all conductor APIs * Prune DB API * Add k8s replication support for magnum * Added multi-region/multi-cloud use case to specs * Added container network use case to specs * execute and logs API response should be JSON * Add tests for Bay dbapi and make them pass * Move out docker client logic from docker conductor * get container-execute to work * Get pause and unpause working * Remove type from bay object * Add tests for baymodel dbapi and make them pass * change old oslo.concurrency to oslo\_concurrency * Add service\_update for k8s * Service create need filename as parameter * Enable pod update using pod\_defintion\_url * Relocate and rename kubecli.py * Add replication controller to magnum db * Add bay\_delete support for bay handler * Add bay\_show support for bay handler * Remove get\_service\_by\_instance * Add BayModel to magnum README * Update description for magnum service * Implement creating Bay using heat * Fix and cleanup baymodel dbapi * Fix keystoneclient and heatclient incompatibility * Fix context is not set correctly * Catch Docker API errors * Pod create need filename as parameter * Add hooks to obtain conductor api * Split up extracting auth.py file * Add more fields for service * Add more test for magnum API * Add more fields for Pod * container\_delete should call docker.remove\_container * Get container-list REST API working * Container Controller gets container uuid not name * Add more tests for magnum/common * Add some tests for app and auth * Remove objects.registry.py * Split test\_all\_objects.py to different files * Implement "docker execute" for magnum * Update container operation parameter to name * Fix RequestContext attributes * Flesh out some more docker container methods * Remove redundant version info for magnum objects * fix the wrong order of steps and missing password in db connection * Implement docker backend for magnum service * Implement container\_list * Remove bay\_list from bay\_ironic.py and bay\_k8s\_heat.py * Implement bay\_ironic.py * Add a hyper-link for quick start * Add a new API of get\_by\_pod\_name for pod object * Update log message for kubecli.py * Update log message and some functions in kube.py * Fix external\_network\_id * Fix authentication * Fix auth\_url type * Remove type and image\_id replace with baymodel\_id * Add a baymodel object * Add bay kubernetes\_heat type WIP * Migrate to oslo.context * Reference proper file in cmd.conductor * Knitting Pod and Service object flow for Kubernetes backend * Update migration files to reflect new schema * Implement Service object Rest APIs * Add heat client * Add keystone client * Fix failing creation of MagnumException subclasses * Rename backend to conductor * Remove conductor * Rename the test\_functional.py to the api * Add RPC backend service * Add bay uuid to Service Objects * Add documentation for a developer quickstart guide * Add a node object * Update db migration for pod * Add image\_id and node\_count to bay * Copy ironic/common files to magnum/common for RPC server * Remove common/rpc directory * Add dependencies from oslo-incubator for RPC services * Update openstack.common from oslo-incubator * Add bay uuid to pod model objects * Remove stray print which caused magnum-db-manage to fail * Workflow documentation is now in infra-manual * Add stubs for the container actions * removed unused file for root controller * Fix REST API and test case for Containers * Implement python interface to execute k8s CLI services * Remove crud in magnum/objects/sqlalchemy * Get the Pod REST API and tests working * Add missing exceptions in code borrowed from Ironic * Get HTTP Patch test working with Bay REST API * Look for tests only under magnum/tests directory * Remove cruft in api tree * Use versioned objects for Container objects * Use versioned objects for bays * Add object.service * Add object.pod * Add an object.container * Modify the object registry to support ver objects * Remove unnecessary model init call * Set max limit as required by versioned objects * Add objects/utils.py copied from Ironic * Copy Ironic's database model codebase * Add some common code copied from Ironic * Add versioned object dependency modules * Add versionutils from oslo-incubator * Add sqlalchemy subclass for Bay * Switch to keystonemiddleware * Fix dockerfile comment containing unrecognized argument 'host' * Split up Base and Query class * Add sqlalchemy subclass for Container * Update README for magnum * Add base files for sqlalchemy implementation * Replaces Solum with Magnum * Fix arguments to bay\_create in AMQP * Change backends references to backend * Remove client installation from "Run" section * Call proper bay\_create backend * Add Functional tests for bays and pods * fix awkward use of \_\_len\_\_() * Flesh out the Container REST API * Fix returning bad variable * Standardize on id in the REST API * Make pod in sync with bay * Avoid apt-get update getting cached in Dockerfile * Add simple objects interface and registry * Fix docker container * Fully implement bay object in ReST API * Fix python-pip package not found in Dockerfile * Fix README.rst code block * Add Heat and Ironic Bay placeholder Handlers * Authenticate all API calls * REST API for container actions * Add getting started guide to README.rst * Flesh out the container REST API a tiny bit * Get the root version and v1 REST API working * Tidy up the ReST API * Enable automatic sample config generation * Added Magnum Configuration file * Added doc string & solved pep8 issue * Add backend processor for AMQP * Update README.rst * Add exception.py * Add safe\_utils to the source base * Initial import of prototyped interfaces * Add initial conductor API and service * Add RPC server code * Small Dockerfile changes * Dockerfile Improvements * Containers Service Spec * Add DockerFile to run magnum-api service * Modify gitignore to ignore cover * Do not say we support py3 * Add Keystone authentication to rest API * Replaces Solum with Magnum. Added doc string for the Magnum API * Add context base module from oslo-incubator * Create a ReST API entrypoint * Add H302 to the ignored hacking rules list * Import oslo-incubator's logging library * Incorporate feedback from the Initial commit review * Initial commit from github (squashed) * Added .gitreview ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1751923672.0 magnum-20.1.0.dev17/HACKING.rst0000664000175100017510000000176115033035730014715 0ustar00mylesmylesMagnum Style Commandments ========================= - Step 1: Read the OpenStack Style Commandments https://docs.openstack.org/hacking/latest/ - Step 2: Read on Magnum Specific Commandments ---------------------------- - [M302] Change assertEqual(A is not None) by optimal assert like assertIsNotNone(A). - [M310] timeutils.utcnow() wrapper must be used instead of direct calls to datetime.datetime.utcnow() to make it easy to override its return value. - [M316] Change assertTrue(isinstance(A, B)) by optimal assert like assertIsInstance(A, B). - [M322] Method's default argument shouldn't be mutable. - [M336] Must use a dict comprehension instead of a dict constructor with a sequence of key-value pairs. - [M338] Use assertIn/NotIn(A, B) rather than assertEqual(A in B, True/False). - [M339] Don't use xrange() - [M340] Check for explicit import of the _ function. - [M352] LOG.warn is deprecated. Enforce use of LOG.warning. - [M353] String interpolation should be delayed at logging calls. ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1751923672.0 magnum-20.1.0.dev17/LICENSE0000664000175100017510000002363715033035730014132 0ustar00mylesmyles Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. ././@PaxHeader0000000000000000000000000000003400000000000010212 xustar0028 mtime=1751923691.0723774 magnum-20.1.0.dev17/PKG-INFO0000644000175100017510000001127315033035753014216 0ustar00mylesmylesMetadata-Version: 2.2 Name: magnum Version: 20.1.0.dev17 Summary: Container Management project for OpenStack Home-page: http://docs.openstack.org/magnum/latest/ Author: OpenStack Author-email: openstack-dev@lists.openstack.org Classifier: Environment :: OpenStack Classifier: Intended Audience :: Information Technology Classifier: Intended Audience :: System Administrators Classifier: License :: OSI Approved :: Apache Software License Classifier: Operating System :: POSIX :: Linux Classifier: Programming Language :: Python Classifier: Programming Language :: Python :: Implementation :: CPython Classifier: Programming Language :: Python :: 3 :: Only Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3.8 Classifier: Programming Language :: Python :: 3.9 Classifier: Programming Language :: Python :: 3.10 Classifier: Programming Language :: Python :: 3.11 Requires-Python: >=3.8 License-File: LICENSE Requires-Dist: PyYAML>=3.13 Requires-Dist: SQLAlchemy>=1.2.0 Requires-Dist: WSME>=0.8.0 Requires-Dist: WebOb>=1.8.1 Requires-Dist: alembic>=0.9.6 Requires-Dist: cliff>=4.0.0 Requires-Dist: decorator>=3.4.0 Requires-Dist: eventlet>=0.28.0 Requires-Dist: jsonpatch!=1.20,>=1.16 Requires-Dist: keystoneauth1>=3.14.0 Requires-Dist: keystonemiddleware>=9.0.0 Requires-Dist: netaddr>=0.7.18 Requires-Dist: oslo.concurrency>=4.1.0 Requires-Dist: oslo.config>=8.1.0 Requires-Dist: oslo.context>=3.1.0 Requires-Dist: oslo.db>=8.2.0 Requires-Dist: oslo.i18n>=5.0.0 Requires-Dist: oslo.log>=4.8.0 Requires-Dist: oslo.messaging>=14.1.0 Requires-Dist: oslo.middleware>=4.1.0 Requires-Dist: oslo.policy>=4.5.0 Requires-Dist: oslo.reports>=2.1.0 Requires-Dist: oslo.serialization>=3.2.0 Requires-Dist: oslo.service>=2.2.0 Requires-Dist: oslo.upgradecheck>=1.3.0 Requires-Dist: oslo.utils>=4.2.0 Requires-Dist: oslo.versionedobjects>=2.1.0 Requires-Dist: pbr>=5.5.0 Requires-Dist: pecan>=1.3.3 Requires-Dist: pycadf!=2.0.0,>=1.1.0 Requires-Dist: python-barbicanclient>=5.0.0 Requires-Dist: python-cinderclient>=7.1.0 Requires-Dist: python-glanceclient>=3.2.0 Requires-Dist: python-heatclient>=2.2.0 Requires-Dist: python-neutronclient>=7.2.0 Requires-Dist: python-novaclient>=17.2.0 Requires-Dist: python-keystoneclient>=3.20.0 Requires-Dist: python-octaviaclient>=2.1.0 Requires-Dist: requests>=2.20.1 Requires-Dist: setuptools!=34.0.0,!=34.0.1,!=34.0.2,!=34.0.3,!=34.1.0,!=34.1.1,!=34.2.0,!=34.3.0,!=34.3.1,!=34.3.2,!=36.2.0,>=30.0.0 Requires-Dist: stevedore>=3.3.0 Requires-Dist: taskflow>=2.16.0 Requires-Dist: cryptography>=2.1.4 Requires-Dist: Werkzeug>=0.9 Provides-Extra: osprofiler Requires-Dist: osprofiler>=3.4.0; extra == "osprofiler" Provides-Extra: test Requires-Dist: bandit!=1.6.0,>=1.1.0; extra == "test" Requires-Dist: bashate>=2.0.0; extra == "test" Requires-Dist: coverage>=5.3; extra == "test" Requires-Dist: doc8>=0.8.1; extra == "test" Requires-Dist: fixtures>=3.0.0; extra == "test" Requires-Dist: hacking<6.2.0,>=6.1.0; extra == "test" Requires-Dist: oslotest>=4.4.1; extra == "test" Requires-Dist: osprofiler>=3.4.0; extra == "test" Requires-Dist: Pygments>=2.7.2; extra == "test" Requires-Dist: python-subunit>=1.4.0; extra == "test" Requires-Dist: requests-mock>=1.2.0; extra == "test" Requires-Dist: testrepository>=0.0.20; extra == "test" Requires-Dist: stestr>=3.1.0; extra == "test" Requires-Dist: testscenarios>=0.4; extra == "test" Requires-Dist: testtools>=2.4.0; extra == "test" Requires-Dist: WebTest>=2.0.27; extra == "test" Dynamic: author Dynamic: author-email Dynamic: classifier Dynamic: description Dynamic: home-page Dynamic: provides-extra Dynamic: requires-dist Dynamic: requires-python Dynamic: summary ======================== Team and repository tags ======================== .. image:: https://governance.openstack.org/badges/magnum.svg :target: https://governance.openstack.org/reference/tags/index.html .. Change things from this point on ====== Magnum ====== Magnum is an OpenStack project which offers container orchestration engines for deploying and managing containers as first class resources in OpenStack. For more information, please refer to the following resources: * **Free software:** under the `Apache license ` * **Documentation:** https://docs.openstack.org/magnum/latest/ * **Admin guide:** https://docs.openstack.org/magnum/latest/admin/index.html * **Source:** https://opendev.org/openstack/magnum * **Blueprints:** https://blueprints.launchpad.net/magnum * **Bugs:** https://bugs.launchpad.net/magnum * **REST Client:** https://opendev.org/openstack/python-magnumclient * **Release notes:** https://docs.openstack.org/releasenotes/magnum/index.html * **Contributing:** https://docs.openstack.org/magnum/latest/contributor/index.html ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1751923672.0 magnum-20.1.0.dev17/README.rst0000664000175100017510000000212415033035730014600 0ustar00mylesmyles======================== Team and repository tags ======================== .. image:: https://governance.openstack.org/badges/magnum.svg :target: https://governance.openstack.org/reference/tags/index.html .. Change things from this point on ====== Magnum ====== Magnum is an OpenStack project which offers container orchestration engines for deploying and managing containers as first class resources in OpenStack. For more information, please refer to the following resources: * **Free software:** under the `Apache license ` * **Documentation:** https://docs.openstack.org/magnum/latest/ * **Admin guide:** https://docs.openstack.org/magnum/latest/admin/index.html * **Source:** https://opendev.org/openstack/magnum * **Blueprints:** https://blueprints.launchpad.net/magnum * **Bugs:** https://bugs.launchpad.net/magnum * **REST Client:** https://opendev.org/openstack/python-magnumclient * **Release notes:** https://docs.openstack.org/releasenotes/magnum/index.html * **Contributing:** https://docs.openstack.org/magnum/latest/contributor/index.html ././@PaxHeader0000000000000000000000000000002600000000000010213 xustar0022 mtime=1751923691.0 magnum-20.1.0.dev17/RELEASENOTES.rst0000664000175100017510000044107615033035753015556 0ustar00mylesmyles====== magnum ====== .. _magnum_20.0.0-13: 20.0.0-13 ========= .. _magnum_20.0.0-13_New Features: New Features ------------ .. releasenotes/notes/add-boot-volume-size-check-0262c2b61abc7ccf.yaml @ b'd8d2016ede09a92ee2a789e2984267bd4c21895f' - Add a validation for the case when boot_volume_size label and flavor's disk are both zero. .. releasenotes/notes/add-subject-key-identifer-ae5c6ebe86749239.yaml @ b'89f185b1972db25c8af84c7ca50c5ffc2af65613' - Add subject key identifier extension to x509 operations signing function. Allows for magnum Kubernetes clusters to generate certificates with authority key identifier extension. .. _magnum_20.0.0-13_Deprecation Notes: Deprecation Notes ----------------- .. releasenotes/notes/deprecate-magnum-api-wsgi-entrypoint-25878b2d8b7d30b3.yaml @ b'd3587f1b6331e5e4a478b84f39af4bd955295565' - The 'magnum-api-wsgi' wsgi entrypoint has been deprecated will be removed in a future release. This is due to changes in Python packaging. Operators using the 'magnum-api-wsgi' should migrate away from it. See the `OpenStack goverance page `_ for more info. .. _magnum_20.0.0-13_Other Notes: Other Notes ----------- .. releasenotes/notes/periodic-logs-use-uuid-65b257ab9c227494.yaml @ b'5d96148c721a25e30857c41fadc9b96b633266bf' - When debug logging is enabled, periodic update logging will now output Cluster UUID instead of database ID to better identify the object being updated. .. _magnum_3.2.0: 3.2.0 ===== .. _magnum_3.2.0_New Features: New Features ------------ .. releasenotes/notes/bp-magnum-lbaasv2-support-3e7023c23b7c864e.yaml @ b'7521a94adf846d3d3f762e4a3de6416526fbb981' - Add Support of LBaaS v2, LBaaS v1 is removed by neutron community in Newton release. Until now, LBaaS v1 was used by all clusters created using magnum. This release adds support of LBaaS v2 for all supported drivers. .. _magnum_3.2.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/CVE-2016-7404-f53e62a4a40e4d30.yaml @ b'96797bf354824b398782e73080ef712844fadd5b' - To let clusters communicate directly with OpenStack service other than Magnum, in the `trust` section of magnum.conf, set `cluster_user_trust` to True. The default value is False. .. _magnum_3.2.0_Security Issues: Security Issues --------------- .. releasenotes/notes/CVE-2016-7404-f53e62a4a40e4d30.yaml @ b'96797bf354824b398782e73080ef712844fadd5b' - Every magnum cluster is assigned a trustee user and a trustID. This user is used to allow clusters communicate with the key-manager service (Barbican) and get the certificate authority of the cluster. This trust user can be used by other services too. It can be used to let the cluster authenticate with other OpenStack services like the Block Storage service, Object Storage service, Load Balancing etc. The cluster with this user and the trustID has full access to the trustor's OpenStack project. A new configuration parameter has been added to restrict the access to other services than Magnum. .. _magnum_3.2.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/CVE-2016-7404-f53e62a4a40e4d30.yaml @ b'96797bf354824b398782e73080ef712844fadd5b' - Fixes CVE-2016-7404 for newly created clusters. Existing clusters will have to be re-created to benefit from this fix. Part of this fix is the newly introduced setting `cluster_user_trust` in the `trust` section of magnum.conf. This setting defaults to False. `cluster_user_trust` dictates whether to allow passing a trust ID into a cluster's instances. For most clusters this capability is not needed. Clusters with `registry_enabled=True` or `volume_driver=rexray` will need this capability. Other features that require this capability may be introduced in the future. To be able to create such clusters you will need to set `cluster_user_trust` to True. .. _magnum_3.1.0: 3.1.0 ===== .. _magnum_3.1.0_Prelude: Prelude ------- .. releasenotes/notes/change-bay-to-cluster-in-config-1f2b95d1176d7231.yaml @ b'ba8de7f66a81cb18c690700b78cefff1d8128269' Magnum's bay-to-cluster blueprint [1] required changes across much of its codebase to align to industry standards. To support this blueprint, certain group and option names were changed in configuration files [2]. See the deprecations section for more details. [1] https://review.openstack.org/#/q/topic:bp/rename-bay-to-cluster [2] https://review.openstack.org/#/c/362660/ .. releasenotes/notes/remove-container-endpoint-3494eb8bd2406e87.yaml @ b'6a7c4f8bce09976dea75a8718fa88577eb34ebac' Magnum service type and mission statement was changed [1]. Change service type from "Container service" to "Container Infrastructure Management service". In addition, the mission statement is changed to "To provide a set of services for provisioning, scaling, and managing container orchestration engines." The intend is to narrow the scope of the Magnum project to focus on integrating container orchestration engines (COEs) with OpenStack. API features intended to uniformly create, manage, and delete individual containers across any COE will be removed from Magnum's API, and will be re-introduced as a separate project called Zun. [1] https://review.openstack.org/#/c/311476/ .. _magnum_3.1.0_New Features: New Features ------------ .. releasenotes/notes/add-hostgw-backend-option-1d1f9d8d95ec374f.yaml @ b'6a7c4f8bce09976dea75a8718fa88577eb34ebac' - Add flannel's host-gw backend option. Magnum deploys cluster over a dedicated neutron private network by using flannel. Flannel's host-gw backend gives the best performance in this topopolgy (private layer2) since there is no packet processing overhead, no reduction to MTU, scales to many hosts as well as the alternatives. The label "flannel_use_vxlan" was repurposed when the network driver is flannel. First, rename the label flannel_use_vxlan to flannel_backend. Second, redefine the value of this label from "yes/no" to "udp/vxlan/host-gw". .. releasenotes/notes/add-opensuse-driver-f69b6d346ca82b87.yaml @ b'6a7c4f8bce09976dea75a8718fa88577eb34ebac' - Add support for a new OpenSUSE driver for running k8s cluster on OpenSUSE. This driver is experimental for now, and operators need to get it from /contrib folder. .. releasenotes/notes/add-overlay-networks-to-swarm-4467986d7853fcd8.yaml @ b'7c0be2d3840bcfbaa5b3e13898110cc945896833' - Add configuration for overlay networks for the docker network driver in swarm. To use this feature, users need to create a swarm cluster with network_driver set to 'docker'. After the cluster is created, users can create an overlay network (docker network create -d overlay mynetwork) and use it when launching a new container (docker run --net=mynetwork ...). .. releasenotes/notes/bp-auto-generate-name-052ea3fdf05fdbbf.yaml @ b'6a7c4f8bce09976dea75a8718fa88577eb34ebac' - Auto generate name for cluster and cluster-template. If users create a cluster/cluster-template without specifying a name, the name will be auto-generated. .. releasenotes/notes/bp-barbican-alternative-store-35ec3eda0abb0e25.yaml @ b'6a7c4f8bce09976dea75a8718fa88577eb34ebac' - Decouple the hard requirement on barbican. Introduce a new certificate store called x509keypair. If x509keypair is used, TLS certificates will be stored at magnum's database instead of barbican. To do that, set the value of the config ``cert_manager_type`` as ``x509keypair``. .. releasenotes/notes/bp-decouple-lbaas-c8f2d73313c40b98.yaml @ b'6a7c4f8bce09976dea75a8718fa88577eb34ebac' - Decouple the hard requirement on neutron-lbaas. Introduce a new property master_lb_enabled in cluster template. This property will determines if a cluster's master nodes should be load balanced. Set the value to false if neutron-lbaas is not installed. .. releasenotes/notes/bp-magnum-notifications-8bd44cfe9e80f82b.yaml @ b'6a7c4f8bce09976dea75a8718fa88577eb34ebac' - Emit notifications when there is an event on a cluster. An event could be a status change of the cluster due to an operation issued by end-users (i.e. users create, update or delete the cluster). Notifications are sent by using oslo.notify and PyCADF. Ceilometer can capture the events and generate samples for auditing, billing, monitoring, or quota purposes. .. releasenotes/notes/bp-mesos-slave-flags-de6cf8c4d2c3c916.yaml @ b'6a7c4f8bce09976dea75a8718fa88577eb34ebac' - Enable Mesos cluster to export more slave flags via labels in cluster template. Add the following labels: mesos_slave_isolation, mesos_slave_image_providers, mesos_slave_work_dir, and mesos_slave_executor_environment_variables. .. releasenotes/notes/swarm-integration-with-cinder-e3068138a3f75dbe.yaml @ b'1466f93b21dbec10f69475f4dff50ea89086c6da' - Integrate Docker Swarm Fedora Atomic driver with the Block Storage Service (cinder). The rexray volume driver was added based on rexray v0.4. Users can create and attach volumes using docker's navive client and they will authenticate using the per cluster trustee user. Rexray can be either added in the Fedora Atomic image or can be used running in a container. .. _magnum_3.1.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/bug-1614596-support-ssl-magnum-api-e4896928c6562e03.yaml @ b'70c803bfc1be9457aa51e14e81baf654f7dcf7e8' - Magnum now support SSL for API service. User can enable SSL for API via new 3 config options 'enabled_ssl', 'ssl_cert_file' and 'ssl_key_file'. .. releasenotes/notes/bug-1614596-support-ssl-magnum-api-e4896928c6562e03.yaml @ b'70c803bfc1be9457aa51e14e81baf654f7dcf7e8' - Change default API development service from wsgiref simple_server to werkzeug for better supporting SSL. .. releasenotes/notes/remove-container-endpoint-3494eb8bd2406e87.yaml @ b'6a7c4f8bce09976dea75a8718fa88577eb34ebac' - All container/pod/service/replication controller operations were removed. Users are recommended to use the COE's native tool (i.e. docker, kubectl) to do the equivalent of the removed operations. .. _magnum_3.1.0_Deprecation Notes: Deprecation Notes ----------------- .. releasenotes/notes/change-bay-to-cluster-in-config-1f2b95d1176d7231.yaml @ b'ba8de7f66a81cb18c690700b78cefff1d8128269' - The 'bay' group has been renamed to 'cluster' and all options in the former 'bay' group have been moved to 'cluster'. .. releasenotes/notes/change-bay-to-cluster-in-config-1f2b95d1176d7231.yaml @ b'ba8de7f66a81cb18c690700b78cefff1d8128269' - The 'bay_heat' group has been renamed to 'cluster_heat' and all options in the former 'bay_heat' group have been moved to 'cluster_heat'. .. releasenotes/notes/change-bay-to-cluster-in-config-1f2b95d1176d7231.yaml @ b'ba8de7f66a81cb18c690700b78cefff1d8128269' - The 'bay_create_timeout' option in the former 'bay_heat' group has been renamed to 'create_timeout' inside the 'cluster_heat' group. .. releasenotes/notes/change-bay-to-cluster-in-config-1f2b95d1176d7231.yaml @ b'ba8de7f66a81cb18c690700b78cefff1d8128269' - The 'baymodel' group has been renamed to 'cluster_template' and all options in the former 'baymodel' group have been moved to 'cluster_template'. .. _magnum_3.1.0_Security Issues: Security Issues --------------- .. releasenotes/notes/fix-global-stack-list-7a3a66169f5c4aa8.yaml @ b'6a7c4f8bce09976dea75a8718fa88577eb34ebac' - Fix global stack list in periodic task. In before, magnum's periodic task performs a `stack-list` operation across all tenants. This is disabled by Heat by default since it causes a security issue. At this release, magnum performs a `stack-get` operation on each Heat stack by default. This might not be scalable and operators have an option to fall back to `stack-list` by setting the config `periodic_global_stack_list` to `True` (`False` by default) and updating the heat policy file (usually /etc/heat/policy.json) to allow magnum list stacks. .. _magnum_3.0.0: 3.0.0 ===== .. _magnum_3.0.0_New Features: New Features ------------ .. releasenotes/notes/add-docker-storage-driver-to-baymodel-1ed9ba8d43ecfea1.yaml @ b'dec85b538f092d83ab37446f1298324692b01279' - Add docker-storage-driver parameter to baymodel to allow user select from the supported drivers. Until now, only devicemapper was supported. This release adds support for OverlayFS on Fedora Atomic hosts with kernel version >= 3.18 (Fedora 22 or higher) resulting significant performance improvement. To use OverlayFS, SELinux must be enabled and in enforcing mode on the physical machine, but must be disabled in the container. Thus, if you select overlay for docker-storage-driver SELinux will be disable inside the containers. .. releasenotes/notes/async-bay-operations-support-9819bd06122ea9e5.yaml @ b'bf30b9b4cb51fb4c09cfc1b1c099f3773a5ace33' - Current implementation of magnum bay operations are synchronous and as a result API requests are blocked until response from HEAT service is received. This release adds support for asynchronous bay operations (bay-create, bay-update, and bay-delete). Please note that with this change, bay-create, bay-update API calls will return bay uuid instead of bay object and also return HTTP status code 202 instead of 201. Microversion 1.2 is added for new behavior. .. releasenotes/notes/rollback-bay-on-update-failure-83e5ff8a7904d5c4.yaml @ b'63b5c21c8dc998772cb5933babac0bcf8c9c62eb' - Add Microversion 1.3 to support Magnum bay rollback, user can enable rollback on bay update failure by setting 'OpenStack-API-Version' to 'container-infra 1.3' in request header and passing 'rollback=True' param in bay update request. .. _magnum_3.0.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/async-bay-operations-support-9819bd06122ea9e5.yaml @ b'bf30b9b4cb51fb4c09cfc1b1c099f3773a5ace33' - Magnum bay operations API default behavior changed from synchronous to asynchronous. User can specify OpenStack-API-Version 1.1 in request header for synchronous bay operations. .. releasenotes/notes/change-service-name-ce5c72642fe1d3d1.yaml @ b'754233c51dd8915514ba9052dc7b68836dbe6018' - Magnum default service type changed from "container" to "container-infra". It is recommended to update the service type at Keystone service catalog accordingly. .. _magnum_4.1.4-8: 4.1.4-8 ======= .. _magnum_4.1.4-8_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/swarm-live-restore-b03ad192367abced.yaml @ b'46fc9dfd780c22c43326b1d2518cddc002a9a1fb' - Fixed a bug where --live-restore was passed to Docker daemon causing the swarm init to fail. Magnum now ensures the --live-restore is not passed to the Docker daemon if it's default in an image. .. _magnum_4.1.2: 4.1.2 ===== .. _magnum_4.1.2_New Features: New Features ------------ .. releasenotes/notes/keystone_trustee_interface-6d63b74616dda1d4.yaml @ b'12a3cc01ca556ce77a4556fc4d691061f509feba' - Keystone URL used by Cluster Templates instances to authenticate is now configurable with the ``trustee_keystone_interface`` parameter which default to ``public``. .. _magnum_4.1.1: 4.1.1 ===== .. _magnum_4.1.1_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/CVE-2016-7404-f53e62a4a40e4d30.yaml @ b'aaa94e1a28ed95b9343abed6488378b8522f1ec2' - To let clusters communicate directly with OpenStack service other than Magnum, in the `trust` section of magnum.conf, set `cluster_user_trust` to True. The default value is False. .. _magnum_4.1.1_Security Issues: Security Issues --------------- .. releasenotes/notes/CVE-2016-7404-f53e62a4a40e4d30.yaml @ b'aaa94e1a28ed95b9343abed6488378b8522f1ec2' - Every magnum cluster is assigned a trustee user and a trustID. This user is used to allow clusters communicate with the key-manager service (Barbican) and get the certificate authority of the cluster. This trust user can be used by other services too. It can be used to let the cluster authenticate with other OpenStack services like the Block Storage service, Object Storage service, Load Balancing etc. The cluster with this user and the trustID has full access to the trustor's OpenStack project. A new configuration parameter has been added to restrict the access to other services than Magnum. .. _magnum_4.1.1_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/CVE-2016-7404-f53e62a4a40e4d30.yaml @ b'aaa94e1a28ed95b9343abed6488378b8522f1ec2' - Fixes CVE-2016-7404 for newly created clusters. Existing clusters will have to be re-created to benefit from this fix. Part of this fix is the newly introduced setting `cluster_user_trust` in the `trust` section of magnum.conf. This setting defaults to False. `cluster_user_trust` dictates whether to allow passing a trust ID into a cluster's instances. For most clusters this capability is not needed. Clusters with `registry_enabled=True` or `volume_driver=rexray` will need this capability. Other features that require this capability may be introduced in the future. To be able to create such clusters you will need to set `cluster_user_trust` to True. .. _magnum_4.1.0: 4.1.0 ===== .. _magnum_4.1.0_New Features: New Features ------------ .. releasenotes/notes/bp-secure-etcd-cluster-coe-5abd22546f05a85b.yaml @ b'25b2863e2b179515febddedda13490274c1c3298' - Secure etcd cluster for swarm and k8s. Etcd cluster is secured using TLS by default. TLS can be disabled by passing --tls-disabled during cluster template creation. .. _magnum_4.0.0: 4.0.0 ===== .. _magnum_4.0.0_Prelude: Prelude ------- .. releasenotes/notes/bp-keypair-override-on-create-ca8f12ffca41cd62.yaml @ b'06f056f60675d1df41aae84ca872100952739f71' Magnum's keypair-override-on-create blueprint [1] allows for optional keypair value in ClusterTemplates and the ability to specify a keypair value during cluster creation. .. releasenotes/notes/no-cinder-volume-87b9339e066c30a0.yaml @ b'f82749457c0da6879ba5d189a0fcd8d7a7914602' Currently, the swarm and the kubernetes drivers use a dedicated cinder volume to store the container images. It was been observed that one cinder volume per node is a bottleneck for large clusters. .. _magnum_4.0.0_New Features: New Features ------------ .. releasenotes/notes/bp-keypair-override-on-create-ca8f12ffca41cd62.yaml @ b'06f056f60675d1df41aae84ca872100952739f71' - Added parameter in cluster-create to specify the keypair. If keypair is not provided, the default value from the matching ClusterTemplate will be used. .. releasenotes/notes/bp-keypair-override-on-create-ca8f12ffca41cd62.yaml @ b'06f056f60675d1df41aae84ca872100952739f71' - Keypair is now optional for ClusterTemplate, in order to allow Clusters to use keypairs separate from their parent ClusterTemplate. .. releasenotes/notes/integrate-osprofiler-79bdf2d0cd8a39fb.yaml @ b'e77ac1ee510b6bc77a98ca57301e82623099f46e' - Magnum now support OSProfiler for HTTP, RPC and DB request tracing. User can enable OSProfiler via Magnum configuration file in 'profiler' section. .. releasenotes/notes/quota-api-182cd1bc9e706b17.yaml @ b'aa56874bfbc9e9b41626b085bc3880c70849e8c6' - This release introduces 'quota' endpoint that enable admin users to set, update and show quota for a given tenant. A non-admin user can get self quota limits. .. releasenotes/notes/rotate-cluster-cert-9f84deb0adf9afb1.yaml @ b'a65ef7d3c349b7663ed4149fa9da2291b7ea69af' - Add microversion 1.5 to support rotation of a cluster's CA certificate. This gives admins a way to restrict/deny access to an existing cluster once a user has been granted access. .. releasenotes/notes/stats-api-68bc66147ac027e6.yaml @ b'51e833137be46cb6e84ccdc8cab301a3295461e9' - This release introduces 'stats' endpoint that provide the total number of clusters and the total number of nodes for the given tenant and also overall stats across all the tenants. .. releasenotes/notes/update-swarm-73d4340a881bff2f.yaml @ b'472af7fd8eba69b33b86570dd82ceb59ddeaa577' - Update Swarm default version to 1.2.5. It should be the last version since Docker people are now working on the new Swarm mode integrated in Docker. .. _magnum_4.0.0_Deprecation Notes: Deprecation Notes ----------------- .. releasenotes/notes/bp-keypair-override-on-create-ca8f12ffca41cd62.yaml @ b'06f056f60675d1df41aae84ca872100952739f71' - --keypair-id parameter in magnum CLI cluster-template-create has been renamed to --keypair. .. _magnum_4.0.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/no-cinder-volume-87b9339e066c30a0.yaml @ b'f82749457c0da6879ba5d189a0fcd8d7a7914602' - Make the dedicated cinder volume per node an opt-in option. By default, no cinder volumes will be created unless the user passes the docker-volume-size argument. .. _magnum_5.0.2: 5.0.2 ===== .. _magnum_5.0.2_Security Issues: Security Issues --------------- .. releasenotes/notes/bug-1580704-32a0e91e285792ea.yaml @ b'7167aff3c1f8d42f37f05d21d5d28ea39468dbff' - Add new configuration option `openstack_ca_file` in the `drivers` section to pass the CA bundle used for the OpenStack API. Setting this file and setting `verify_ca` to `true` will result to all requests from the cluster nodes to the OpenStack APIs to be verified. .. _magnum_5.0.2_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/bug-1663757-198e1aa8fa810984.yaml @ b'1f4a13e9e88aa2844431db7147c7df939994c271' - [`bug 1663757 `_] A configuration parameter, verify_ca, was added to magnum.conf with a default value of True and passed to the heat templates to indicate whether the cluster nodes validate the Certificate Authority when making requests to the OpenStack APIs (Keystone, Magnum, Heat). This parameter can be set to False to disable CA validation if you have self-signed certificates for the OpenStack APIs or you have your own Certificate Authority and you have not installed the Certificate Authority to all nodes. .. releasenotes/notes/bug-1718947-0d4e67529e2817d7.yaml @ b'6a2d14d3276bb4fe289ad2dd839ffe7b73f80794' - From now on, server names are prefixed with the cluster name. The cluster name is truncated to 30 characters, ('_', '.') are mapped to '-' and non alpha-numeric characters are removed to ensure FQDN compatibility. .. releasenotes/notes/swarm-live-restore-b03ad192367abced.yaml @ b'01aec17237a90a782b14a60cd0951f3662892a24' - Fixed a bug where --live-restore was passed to Docker daemon causing the swarm init to fail. Magnum now ensures the --live-restore is not passed to the Docker daemon if it's default in an image. .. _magnum_5.0.1: 5.0.1 ===== .. _magnum_5.0.1_New Features: New Features ------------ .. releasenotes/notes/pike-352b155a4d2e8eec.yaml @ b'8d936de12200f8e4eb4f98b0896d39ae95ad79b3' - Kubernetes for fedora-atomic runs in system containers [1]. These containers are stored in ostree in the fedora-atomic hosts and they don't require docker to be running. Pulling and storing them in ostree is very fast and they can easily be managed as systemd services. Since these containers are based on fedora packages, they are working as drop in replacements of the binaries in the fedora atomic host. The ProjectAtomic hasn't found a solution yet [3] on tagging the images, so the magnum team builds and publishes images in this [2] account in dockerhub. Users can select the tag they want using the `kube_tag` label. [1] https://github.com/projectatomic/atomic-system-containers [2] https://hub.docker.com/r/openstackmagnum/kubernetes-kubelet/tags/ [3] https://pagure.io/atomic/kubernetes-sig/issue/6 .. releasenotes/notes/pike-352b155a4d2e8eec.yaml @ b'8d936de12200f8e4eb4f98b0896d39ae95ad79b3' - Add swarm-mode driver based on fedora-atomic. Users can select the swarm-mode COE by using the `coe` field in cluster-template. This is a new driver, it is recommended to let magnum create a private-network and security groups per cluster. .. _magnum_5.0.0: 5.0.0 ===== .. _magnum_5.0.0_New Features: New Features ------------ .. releasenotes/notes/bp-add-kube-dashboard-8a9f7d7c73c2debd.yaml @ b'44845bf306ec5954f2e6a5c8881d976da32cbc94' - Include kubernetes dashboard in kubernetes cluster by default. Users can use this kubernetes dashboard to manage the kubernetes cluster. Dashboard can be disabled by setting the label 'kube_dashboard_enabled' to false. .. releasenotes/notes/bp-container-monitoring-d4bb1cbd0a4e44cc.yaml @ b'248e45f75cb65bd17e82f3bd3e5ac6c88f73f237' - Includes a monitoring stack based on cAdvisor, node-exporter, Prometheus and Grafana. Users can enable this stack through the label prometheus_monitoring. Prometheus scrapes metrics from the Kubernetes cluster and then serves them to Grafana through Grafana's Prometheus data source. Upon completion, a default Grafana dashboard is provided. .. releasenotes/notes/bug-1697655-add-etcd-volume-size-label-abde0060595bbbeb.yaml @ b'eba956061bcf595ed392bd0da26774677d6a5df0' - Add support to store the etcd configuration in a cinder volume. k8s_fedora_atomic accepts a new label etcd_volume_size defining the size of the volume. A value of 0 or leaving the label unset means no volume should be used, and the data will go to the instance local storage. .. releasenotes/notes/docker-volume-type-46044734f5a27661.yaml @ b'd735f4321eefa9525c7ab1138e9e8eed7e34d0cd' - Support different volume types for the drivers that support docker storage in cinder volumes. swarm_fedora_atomic and k8s_fedora_atomic accept a new label to specify a docker_volume_type. .. releasenotes/notes/keystone_trustee_interface-6d63b74616dda1d4.yaml @ b'8e0dd3d8e03128b22f0ed1d487759363bf8680dd' - Keystone URL used by Cluster Templates instances to authenticate is now configurable with the ``trustee_keystone_interface`` parameter which default to ``public``. .. _magnum_5.0.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/CVE-2016-7404-f53e62a4a40e4d30.yaml @ b'd9aa5c7077bc59e66f1456eaf94ef628e1b3f2e0' - To let clusters communicate directly with OpenStack service other than Magnum, in the `trust` section of magnum.conf, set `cluster_user_trust` to True. The default value is False. .. releasenotes/notes/docker-volume-type-46044734f5a27661.yaml @ b'd735f4321eefa9525c7ab1138e9e8eed7e34d0cd' - A new section is created in magnum.conf named cinder. In this cinder section, you need to set a value for the key default_docker_volume_type, which should be a valid type for cinder volumes in your cinder deployment. This default value will be used if no volume_type is provided by the user when using a cinder volume for container storage. The suggested default value the one set in cinder.conf of your cinder deployment. .. _magnum_5.0.0_Security Issues: Security Issues --------------- .. releasenotes/notes/CVE-2016-7404-f53e62a4a40e4d30.yaml @ b'd9aa5c7077bc59e66f1456eaf94ef628e1b3f2e0' - Every magnum cluster is assigned a trustee user and a trustID. This user is used to allow clusters communicate with the key-manager service (Barbican) and get the certificate authority of the cluster. This trust user can be used by other services too. It can be used to let the cluster authenticate with other OpenStack services like the Block Storage service, Object Storage service, Load Balancing etc. The cluster with this user and the trustID has full access to the trustor's OpenStack project. A new configuration parameter has been added to restrict the access to other services than Magnum. .. _magnum_5.0.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/CVE-2016-7404-f53e62a4a40e4d30.yaml @ b'd9aa5c7077bc59e66f1456eaf94ef628e1b3f2e0' - Fixes CVE-2016-7404 for newly created clusters. Existing clusters will have to be re-created to benefit from this fix. Part of this fix is the newly introduced setting `cluster_user_trust` in the `trust` section of magnum.conf. This setting defaults to False. `cluster_user_trust` dictates whether to allow passing a trust ID into a cluster's instances. For most clusters this capability is not needed. Clusters with `registry_enabled=True` or `volume_driver=rexray` will need this capability. Other features that require this capability may be introduced in the future. To be able to create such clusters you will need to set `cluster_user_trust` to True. .. _magnum_6.3.0-9: 6.3.0-9 ======= .. _magnum_6.3.0-9_New Features: New Features ------------ .. releasenotes/notes/add-kubelet-to-master-nodes-da2d4ea0d3a332cd.yaml @ b'e8e8cffb54c96505eb74b6ce33f072c1b28dbc73' - Deploy kubelet in master nodes for the k8s_fedora_atomic driver. Previously it was done only for calico, now kubelet will run in all cases. Really useful, for monitoing the master nodes (eg deploy fluentd) or run the kubernetes control-plance self-hosted. .. releasenotes/notes/k8s-cluster-creation-speedup-21b5b368184d7bf0.yaml @ b'9e973c12e9c0ad535428a7715e63b30c5405a403' - Start Kubernetes workers installation right after the master instances are created rather than waiting for all the services inside masters, which could decrease the Kubernetes cluster launch time significantly. .. releasenotes/notes/kubernetes-cloud-config-6c9a4bfec47e3bb4.yaml @ b'a4224c258ed9340e92a5e6f9cc5149ebda212ea0' - Use the external cloud provider in k8s_fedora_atomic. The cloud_provider_tag label can be used to select the container tag for it, together with the cloud_provider_enabled label. The cloud provider runs as a DaemonSet on all master nodes. .. _magnum_6.3.0-9_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/kubernetes-cloud-config-6c9a4bfec47e3bb4.yaml @ b'a4224c258ed9340e92a5e6f9cc5149ebda212ea0' - The cloud config for kubernets has been renamed from /etc/kubernetes/kube_openstack_config to /etc/kubernetes/cloud-config as the kubelet expects this exact name when the external cloud provider is used. A copy of /etc/kubernetes/kube_openstack_config is in place for applications developed for previous versions of magnum. .. _magnum_6.3.0: 6.3.0 ===== .. _magnum_6.3.0_New Features: New Features ------------ .. releasenotes/notes/enable_cloud_provider_label-ed79295041bc46a8.yaml @ b'7f4d92d6a3551b6b4ea2838fe9f9fc23775c3fa1' - Add 'cloud_provider_enabled' label for the k8s_fedora_atomic driver. Defaults to true. For specific kubernetes versions if 'cinder' is selected as a 'volume_driver', it is implied that the cloud provider will be enabled since they are combined. .. _magnum_6.3.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/bug-2002728-kube-os-conf-region-46cd60537bdabdb2.yaml @ b'78f5528e582a39f2cd3365e5b7c83b633639a6de' - Add `region` parameter to the Global configuration section of the Kubernetes configuration file. Setting this parameter will allow Magnum cluster to be created in the multi-regional OpenStack installation. .. releasenotes/notes/swarm-live-restore-b03ad192367abced.yaml @ b'87cb6461d9c7dcb5e5692d04d51c516e9af225bc' - Fixed a bug where --live-restore was passed to Docker daemon causing the swarm init to fail. Magnum now ensures the --live-restore is not passed to the Docker daemon if it's default in an image. .. _magnum_6.2.0: 6.2.0 ===== .. _magnum_6.2.0_New Features: New Features ------------ .. releasenotes/notes/allow-multimaster-no-fip-b11520485012d949.yaml @ b'8b9b6b64d86c6452f31189a2cd924496619bf6cc' - This is allowing no floating IP to be usable with a multimaster configuration in terms of load balancers. .. _magnum_6.2.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/fix-race-condition-for-k8s-multi-masters-29bd36de57df355a.yaml @ b'587fa6e7e3c0f83ec1856d98e65c82f5413eb498' - When creating a multi-master cluster, all master nodes will attempt to create kubernetes resources in the cluster at this same time, like coredns, the dashboard, calico etc. This race conditon shouldn't be a problem when doing declarative calls instead of imperative (kubectl apply instead of create). However, due to [1], kubectl fails to apply the changes and the deployemnt scripts fail causing cluster to creation to fail in the case of Heat SoftwareDeployments. This patch passes the ResourceGroup index of every master so that resource creation will be attempted only from the first master node. [1] https://github.com/kubernetes/kubernetes/issues/44165 .. releasenotes/notes/k8s_fedora_atomic_apply_cluster_role-8a46c881de1a1fa3.yaml @ b'25cd7ac5aa77d87fa973caa098f0d0c42918960a' - Create admin cluster role for k8s_fedora_atomic, it is defined in the configuration but it wasn't applied. .. releasenotes/notes/strip-ca-certificate-a09d0c31c45973df.yaml @ b'ef5c1b8999c491517b3e2b861ac7ce85f65b7ea0' - Strip signed certificate. Certificate (ca.crt) has to be striped for some application parsers as they might require pure base64 representation of the certificate itself, without empty characters at the beginning nor the end of file. .. _magnum_6.1.1: 6.1.1 ===== .. _magnum_6.1.1_New Features: New Features ------------ .. releasenotes/notes/RBAC-and-client-incompatibility-fdfeab326dfda3bf.yaml @ b'23bc66790554b4c9e89e738203e49cb90d37e416' - k8s_fedora_atomic clusters are deployed with RBAC support. Along with RBAC Node authorization is added so the appropriate certificates are generated. .. _magnum_6.1.1_Known Issues: Known Issues ------------ .. releasenotes/notes/dns-autoscale-90b63e3d71d7794e.yaml @ b'2fc72e9b0f189c5c105fabddd8fca66c8212b8d0' - Currently, the replicas of coreDNS pod is hardcoded as 1. It's not a reasonable number for such a critical service. Without DNS, probably all workloads running on the k8s cluster will be broken. Now Magnum is making the coreDNS pod autoscaling based on the nodes and cores number. .. _magnum_6.1.1_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/RBAC-and-client-incompatibility-fdfeab326dfda3bf.yaml @ b'23bc66790554b4c9e89e738203e49cb90d37e416' - Using the queens (>=2.9.0) python-magnumclient, when a user executes openstack coe cluster config, the client certificate has admin as Common Name (CN) and system:masters for Organization which are required for authorization with RBAC enabled clusters. This change in the client is backwards compatible, so old clusters (without RBAC enabled) can be reached with certificates generated by the new client. However, old magnum clients will generate certificates that will not be able to contact RBAC enabled clusters. This issue affects only k8s_fedora_atomic clusters and clients <=2.8.0, note that 2.8.0 is still a queens release but only 2.9.0 includes the relevant patch. Finally, users can always generate and sign the certificates using this [0] procedure even with old clients since only the cluster config command is affected. [0] https://docs.openstack.org/magnum/latest/user/index.html#interfacing-with-a-secure-cluster .. _magnum_6.1.1_Security Issues: Security Issues --------------- .. releasenotes/notes/bug-1766284-k8s-fedora-admin-user-e760f9b0edf49391.yaml @ b'b8f6261f44e0f7bfcb04ffb6af6c16c041eb8dcd' - k8s_fedora Remove cluster role from the kubernetes-dashboard account. When accessing the dashboard and skip authentication, users login with the kunernetes-dashboard service account, if that service account has the cluster role, users have admin access without authentication. Create an admin service account for this use case and others. .. _magnum_6.1.1_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/configure-etcd-auth-bug-1759813-baac5e0fe8a2e97f.yaml @ b'beb124e81ead85dd04b2e839a68c941222b945c5' - Fix etcd configuration in k8s_fedora_atomic driver. Explicitly enable client and peer authentication and set trusted CA (ETCD_TRUSTED_CA_FILE, ETCD_PEER_TRUSTED_CA_FILE, ETCD_CLIENT_CERT_AUTH, ETCD_PEER_CLIENT_CERT_AUTH). Only new clusters will benefit from the fix. .. releasenotes/notes/k8s_fedora_protect_kubelet-8468ddcb92c2a624.yaml @ b'dba9203f6a62a32c24a6540ae37fcd5814b11b4a' - Fix bug #1758672 [1] to protect kubelet in the k8s_fedora_atomic driver. Before this patch kubelet was listening to 0.0.0.0 and for clusters with floating IPs the kubelet was exposed. Also, even on clusters without fips the kubelet was exposed inside the cluster. This patch allows access to the kubelet only over https and with the appropriate roles. The apiserver and heapster have the appropriate roles to access it. Finally, all read-only ports have been closed to not expose any cluster data. The only remaining open ports without authentication are for healthz. [1] https://bugs.launchpad.net/magnum/+bug/1758672 .. _magnum_6.1.0: 6.1.0 ===== .. _magnum_6.1.0_New Features: New Features ------------ .. releasenotes/notes/add-federation-api-cf55d04f96772b0f.yaml @ b'f13b7ff013c55f2c86c60aba3eb11da8133c889c' - This release introduces 'federations' endpoint to Magnum API, which allows an admin to create and manage federations of clusters through Magnum. As the feature is still under development, the endpoints are not bound to any driver yet. For more details, please refer to bp/federation-api [1]. [1] https://review.openstack.org/#/q/topic:bp/federation-api .. releasenotes/notes/cert-manager-api-ee0cf7f3b767bb5d.yaml @ b'6f762b3d52bbb522ed829821858428bbe6c9e4cc' - Add new label 'cert_manager_api' enabling the kubernetes certificate manager api. .. releasenotes/notes/ingress-controller-552ea956ceabdd25.yaml @ b'5d0d7c31a69853db7a5b4b0e6893c34841ba464c' - Add new labels 'ingress_controller' and 'ingress_controller_role' enabling the deployment of a Kubernetes Ingress Controller backend for clusters. Default for 'ingress_controller' is '' (meaning no controller deployed), with possible values being 'traefik'. Default for 'ingress_controller_role' is 'ingress'. .. releasenotes/notes/update-kubernetes-dashboard-5196831c32d55aee.yaml @ b'49822b0b3d120a69052fedca26f47b467d881386' - Update kubernetes dashboard to `v1.8.3` which is compatible via kubectl proxy. Addionally, heapster is deployed as standalone deployemt and the user can enable a grafana-influx stack with the `influx_grafana_dashboard_enabled` label. See the kubernetes dashboard documenation for more details. https://github.com/kubernetes/dashboard/wiki .. releasenotes/notes/update-to-f27-cc8aa873cdf111bc.yaml @ b'bbb478c2077fb3d01a4f8d0c3b2303d1f7dfbe31' - Update k8s_fedora_atomic driver to the latest Fedora Atomic 27 release and run etcd and flanneld in system containers which are removed from the base OS. .. _magnum_6.1.0_Known Issues: Known Issues ------------ .. releasenotes/notes/calico-network-driver-0199c2459041ae81.yaml @ b'ba5def167baed72f0ca1ce50456aa6131d1297ef' - Adding 'calico' as network driver for Kubernetes so as to support network isolation between namespace with k8s network policy. .. _magnum_6.1.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/update-to-f27-cc8aa873cdf111bc.yaml @ b'bbb478c2077fb3d01a4f8d0c3b2303d1f7dfbe31' - New clusters should be created with kube_tag=v1.9.3 or later. v1.9.3 is the default version in the queens release. .. _magnum_6.1.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/cluster_template_update_labels-10ce66c87795f11c.yaml @ b'15c0adfba8d895c7dc94d7cc575fa16de2ac3e8e' - Now user can update labels in cluster-template. Previously string is passed as a value to labels, but we know that labels can only hold dictionary values. Now we are parsing the string and storing it as dictionary for labels in cluster-template. .. _magnum_6.0.1: 6.0.1 ===== .. _magnum_6.0.1_Known Issues: Known Issues ------------ .. releasenotes/notes/broken-kuberenetes-client-d2d1da6029825208.yaml @ b'1eb9bf16f5d60c5024b76fdc6691f0dc82e05a81' - Kubernetes client is incompatible with evenlet and breaks the periodic tasks. After kubernetes client 4.0.0 magnum is affected by the bug below. https://github.com/eventlet/eventlet/issues/147 Magnum has three periodic tasks, one to sync the magnum service, one to update the cluster status and one send cluster metrics The send_metrics task uses the kubernetes client for kubernetes clusters and it crashes the sync_cluster_status and send_cluster_metrics tasks. https://bugs.launchpad.net/magnum/+bug/1746510 Additionally, the kubernetes scale manager needs to be disabled to not break the scale down command completely. Note, that when magnum scales down the cluster will pick the nodes to scale randomly. .. _magnum_6.0.1_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/broken-kuberenetes-client-d2d1da6029825208.yaml @ b'1eb9bf16f5d60c5024b76fdc6691f0dc82e05a81' - In magnum configuration, in [drivers] set send_cluster_metrics = False to to avoid collecting metrics using the kubernetes client which crashes the periodic tasks. .. _magnum_7.2.0: 7.2.0 ===== .. _magnum_7.2.0_New Features: New Features ------------ .. releasenotes/notes/allow-cluster-template-being-renamed-82f7d5d1f33a7957.yaml @ b'4d814229ffb11c069b44d7f47b6ec78c052a6e12' - To get a better cluster template versioning and relieve the pain of maintaining public cluster template, now the name of cluster template can be changed. .. releasenotes/notes/heat-container-agent-tag-92848c1062c16c76.yaml @ b'62ab17f696248a20f8956a5213b67df96a617b06' - Add heat_container_agent_tag label to allow users select the heat-agent tag. Stein default: stein-dev .. releasenotes/notes/k8s-keystone-auth-6c88c1a2d406fb61.yaml @ b'a7dc26a2b15114698d96aa24d7de1bb46e99e7dd' - Now cloud-provider-openstack of Kubernetes has a webhook to support Keystone authorization and authentication. With this feature, user can use a new label 'keystone-auth-enabled' to enable the keystone authN and authZ. .. releasenotes/notes/k8s-octavia-ingress-controller-32c0b97031fd0dd4.yaml @ b'b153fb5ed408fc92bef33fc176bc3a870c33a9cd' - Add a new option 'octavia' for the label 'ingress_controller' and a new label 'octavia_ingress_controller_tag' to enable the deployment of `octavia-ingress-controller `_ in the kubernetes cluster. The 'ingress_controller_role' label is not used for this option. .. releasenotes/notes/podsecuritypolicy-2400063d73524e06.yaml @ b'925628b627a8c86f259519ea7dc3b0742eb3226f' - k8s_fedora_atomic_v1 Add PodSecurityPolicy for privileged pods. Use privileged PSP for calico and node-problem-detector. Add PSP for flannel from upstream. .. _magnum_7.2.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/affinity-policy-for-mesos-template-def-82627eb231aa4d28.yaml @ b'fb47454f1167b1153fcb59df69bb9e2b4989a5b7' - Fixes the problem with Mesos cluster creation where the nodes_affinity_policy was not properly conveyed as it is required in order to create the corresponding server group in Nova. https://storyboard.openstack.org/#!/story/2005116 .. releasenotes/notes/flannel-reboot-fix-f1382818daed4fa8.yaml @ b'263d0788a91c171cd696eb26c6a09ef7a680e4e5' - Add iptables -P FORWARD ACCEPT unit. On node reboot, kubelet and kube-proxy set iptables -P FORWARD DROP which doesn't work with flannel in the way we use it. Add a systemd unit to set the rule to ACCEPT after flannel, docker, kubelet, kube-proxy. .. releasenotes/notes/k8s-delete-vip-fip-b2ddf61ddbc080bc.yaml @ b'50bddcb17d1722776b875cd7222eaf6061bfbb59' - In kubernetes cluster, a floating IP is created and associated with the vip of a load balancer which is created corresponding to the service of LoadBalancer type inside kubernetes, it should be deleted when the cluster is deleted. .. _magnum_7.1.0: 7.1.0 ===== .. _magnum_7.1.0_New Features: New Features ------------ .. releasenotes/notes/add-octavia-client-4e5520084eae3c2b.yaml @ b'e65a80a98340a736736e7190452ce285c211c90e' - This will add the octavia client code for client to interact with the Octavia component of OpenStack .. releasenotes/notes/k8s-cluster-creation-speedup-21b5b368184d7bf0.yaml @ b'0dee6ab20a87867ac0ba066774f0d05e5f459271' - Start Kubernetes workers installation right after the master instances are created rather than waiting for all the services inside masters, which could decrease the Kubernetes cluster launch time significantly. .. releasenotes/notes/kubernetes-cloud-config-6c9a4bfec47e3bb4.yaml @ b'3406b14aa086b6f9f13b97d971ef5098a76f43c7' - Use the external cloud provider in k8s_fedora_atomic. The cloud_provider_tag label can be used to select the container tag for it, together with the cloud_provider_enabled label. The cloud provider runs as a DaemonSet on all master nodes. .. _magnum_7.1.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/kubernetes-cloud-config-6c9a4bfec47e3bb4.yaml @ b'3406b14aa086b6f9f13b97d971ef5098a76f43c7' - The cloud config for kubernets has been renamed from /etc/kubernetes/kube_openstack_config to /etc/kubernetes/cloud-config as the kubelet expects this exact name when the external cloud provider is used. A copy of /etc/kubernetes/kube_openstack_config is in place for applications developed for previous versions of magnum. .. _magnum_7.0.2: 7.0.2 ===== .. _magnum_7.0.2_New Features: New Features ------------ .. releasenotes/notes/add-kubelet-to-master-nodes-da2d4ea0d3a332cd.yaml @ b'a8a014413d8aa273f30c61b4b67f8f166ad930d3' - Deploy kubelet in master nodes for the k8s_fedora_atomic driver. Previously it was done only for calico, now kubelet will run in all cases. Really useful, for monitoing the master nodes (eg deploy fluentd) or run the kubernetes control-plance self-hosted. .. releasenotes/notes/grafana_prometheus_tag_label-78540ea106677485.yaml @ b'658907c9ea5448a9cb95ef161e61a1ac97852f8e' - Add 'grafana_tag' and 'prometheus_tag' labels for the k8s_fedora_atomic driver. Grafana defaults to 5.1.5 and Prometheus defaults to v1.8.2. .. _magnum_7.0.2_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/add-k8s-label-for-portal-network-cidr-a09edab29da6e7da.yaml @ b'eaa5ee404efad3adf67952dc9d94f158e14f430c' - Add a new label `service_cluster_ip_range` for kubernetes so that user can set the IP range for service portals to avoid conflicts with pod IP range. .. releasenotes/notes/fix-cluster-update-886bd2d1156bef88.yaml @ b'b21b052d63f95299221db48ec9e068a64367ec8c' - When doing a cluster update magnum is now passing the existing parameter to heat which will use the heat templates stored in the heat db. This change will prevent heat from replacacing all nodes when the heat templates change, for example after an upgrade of the magnum server code. https://storyboard.openstack.org/#!/story/1722573 .. releasenotes/notes/swarm-live-restore-b03ad192367abced.yaml @ b'72e612b6d91334156701de9ca3cc962807fa6654' - Fixed a bug where --live-restore was passed to Docker daemon causing the swarm init to fail. Magnum now ensures the --live-restore is not passed to the Docker daemon if it's default in an image. .. _magnum_7.0.1: 7.0.1 ===== .. _magnum_7.0.1_Deprecation Notes: Deprecation Notes ----------------- .. releasenotes/notes/deprecate-send_cluster_metrics-8adaac64a979f720.yaml @ b'0dbe6806ed51fdc08e7b118ac10eedd53d365b5b' - Currently, Magnum is running periodic tasks to collect k8s cluster metrics to message bus. Unfortunately, it's collecting pods info only from "default" namespace which makes this function useless. What's more, even Magnum can get all pods from all namespaces, it doesn't make much sense to keep this function in Magnum. Because operators only care about the health of cluster nodes. If they want to know the status of pods, they can use heapster or other tools to get that. So the feauture is being deprecated now and will be removed in Stein release. And the default value is changed to False, which means won't send the metrics. .. _magnum_7.0.0: 7.0.0 ===== .. _magnum_7.0.0_New Features: New Features ------------ .. releasenotes/notes/RBAC-and-client-incompatibility-fdfeab326dfda3bf.yaml @ b'1431be0f50b4b2269a5c91e89bc32556d8bdfe5f' - k8s_fedora_atomic clusters are deployed with RBAC support. Along with RBAC Node authorization is added so the appropriate certificates are generated. .. releasenotes/notes/add-federation-api-cf55d04f96772b0f.yaml @ b'ec950be894e07077012518ff996c48a6e91cdb35' - This release introduces 'federations' endpoint to Magnum API, which allows an admin to create and manage federations of clusters through Magnum. As the feature is still under development, the endpoints are not bound to any driver yet. For more details, please refer to bp/federation-api [1]. [1] https://review.openstack.org/#/q/topic:bp/federation-api .. releasenotes/notes/allow-multimaster-no-fip-b11520485012d949.yaml @ b'393e70f0b0b12fe45b0271f2c2e53391d462076d' - This is allowing no floating IP to be usable with a multimaster configuration in terms of load balancers. .. releasenotes/notes/cert-manager-api-ee0cf7f3b767bb5d.yaml @ b'faa9e90402bcf78acdd166198fff9612fa8be81c' - Add new label 'cert_manager_api' enabling the kubernetes certificate manager api. .. releasenotes/notes/client-embed-certs-322701471e4d6e1d.yaml @ b'9d147fa793353aae0ca359e8dc0bd7a13cf513e7' - Embed certificates in kubernetes config file when issuing 'cluster config', instead of generating additional files with the certificates. This is now the default behavior. To get the old behavior and still generate cert files, pass --output-certs. .. releasenotes/notes/enable_cloud_provider_label-ed79295041bc46a8.yaml @ b'974399a912b02ebe1587ad932a405ca8b44dc947' - Add 'cloud_provider_enabled' label for the k8s_fedora_atomic driver. Defaults to true. For specific kubernetes versions if 'cinder' is selected as a 'volume_driver', it is implied that the cloud provider will be enabled since they are combined. .. releasenotes/notes/ingress-controller-552ea956ceabdd25.yaml @ b'0b18989a50ec7c7323d23f5e84c94dda70363fba' - Add new labels 'ingress_controller' and 'ingress_controller_role' enabling the deployment of a Kubernetes Ingress Controller backend for clusters. Default for 'ingress_controller' is '' (meaning no controller deployed), with possible values being 'traefik'. Default for 'ingress_controller_role' is 'ingress'. .. releasenotes/notes/support-octavia-for-k8s-service-d5d7fd041f9d76fa.yaml @ b'8996e35f86a7a10ad6105fa182b1a542f72e36c9' - In the OpenStack deployment with Octavia service enabled, the Octavia service should be used not only for master nodes high availability, but also for k8s LoadBalancer type service implementation as well. .. releasenotes/notes/update-kubernetes-dashboard-5196831c32d55aee.yaml @ b'30785acd3cd90594cb5d9913ae3830d6faeee0b6' - Update kubernetes dashboard to `v1.8.3` which is compatible via kubectl proxy. Addionally, heapster is deployed as standalone deployemt and the user can enable a grafana-influx stack with the `influx_grafana_dashboard_enabled` label. See the kubernetes dashboard documenation for more details. https://github.com/kubernetes/dashboard/wiki .. releasenotes/notes/update-to-f27-cc8aa873cdf111bc.yaml @ b'd95ba4d1fff69df506928339bb9eb3472bb4f3d1' - Update k8s_fedora_atomic driver to the latest Fedora Atomic 27 release and run etcd and flanneld in system containers which are removed from the base OS. .. _magnum_7.0.0_Known Issues: Known Issues ------------ .. releasenotes/notes/calico-network-driver-0199c2459041ae81.yaml @ b'838b8daf6eb7670dfb44b5058aba278734f287f1' - Adding 'calico' as network driver for Kubernetes so as to support network isolation between namespace with k8s network policy. .. releasenotes/notes/dns-autoscale-90b63e3d71d7794e.yaml @ b'54a4ac9f8453716d84150d4fe0b88e65dba24fbf' - Currently, the replicas of coreDNS pod is hardcoded as 1. It's not a reasonable number for such a critical service. Without DNS, probably all workloads running on the k8s cluster will be broken. Now Magnum is making the coreDNS pod autoscaling based on the nodes and cores number. .. _magnum_7.0.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/RBAC-and-client-incompatibility-fdfeab326dfda3bf.yaml @ b'1431be0f50b4b2269a5c91e89bc32556d8bdfe5f' - Using the queens (>=2.9.0) python-magnumclient, when a user executes openstack coe cluster config, the client certificate has admin as Common Name (CN) and system:masters for Organization which are required for authorization with RBAC enabled clusters. This change in the client is backwards compatible, so old clusters (without RBAC enabled) can be reached with certificates generated by the new client. However, old magnum clients will generate certificates that will not be able to contact RBAC enabled clusters. This issue affects only k8s_fedora_atomic clusters and clients <=2.8.0, note that 2.8.0 is still a queens release but only 2.9.0 includes the relevant patch. Finally, users can always generate and sign the certificates using this [0] procedure even with old clients since only the cluster config command is affected. [0] https://docs.openstack.org/magnum/latest/user/index.html#interfacing-with-a-secure-cluster .. releasenotes/notes/update-to-f27-cc8aa873cdf111bc.yaml @ b'd95ba4d1fff69df506928339bb9eb3472bb4f3d1' - New clusters should be created with kube_tag=v1.9.3 or later. v1.9.3 is the default version in the queens release. .. releasenotes/notes/upgrade-to-k8s-v1.11.1-8065fd768873295d.yaml @ b'cf12bb7a04a61d9f4511ed789fc9ea49e431481e' - New clusters will be created with kube_tag=v1.11.1 or later. v1.11.1 is the default version in the Rocky release. .. _magnum_7.0.0_Security Issues: Security Issues --------------- .. releasenotes/notes/bug-1766284-k8s-fedora-admin-user-e760f9b0edf49391.yaml @ b'91d5229b9c0e083cae60a8dc3e546145a82c7f93' - k8s_fedora Remove cluster role from the kubernetes-dashboard account. When accessing the dashboard and skip authentication, users login with the kunernetes-dashboard service account, if that service account has the cluster role, users have admin access without authentication. Create an admin service account for this use case and others. .. _magnum_7.0.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/bug-2002728-kube-os-conf-region-46cd60537bdabdb2.yaml @ b'a28e5609f991ce32255f7badcad2514ca8e66ab8' - Add `region` parameter to the Global configuration section of the Kubernetes configuration file. Setting this parameter will allow Magnum cluster to be created in the multi-regional OpenStack installation. .. releasenotes/notes/bug-2002981-trustee-auth-region-name-37796a4e6a274fb8.yaml @ b'a127c669574fb5ce1aa586d96296f481cd88c790' - Add `trustee_keystone_region_name` optional parameter to the `trust` section. This parameter is useful for multi-regional OpenStack installations with different Identity service for every region. In such installation it is necessary to specify a region when searching for `auth_url` to authenticate a trustee user. .. releasenotes/notes/cluster_template_update_labels-10ce66c87795f11c.yaml @ b'21c87f35a0910963ac525dca829e98fe9f9a73f8' - Now user can update labels in cluster-template. Previously string is passed as a value to labels, but we know that labels can only hold dictionary values. Now we are parsing the string and storing it as dictionary for labels in cluster-template. .. releasenotes/notes/configure-etcd-auth-bug-1759813-baac5e0fe8a2e97f.yaml @ b'a1fb448c3a2a1761ba337c67cd38d11a74ab15f9' - Fix etcd configuration in k8s_fedora_atomic driver. Explicitly enable client and peer authentication and set trusted CA (ETCD_TRUSTED_CA_FILE, ETCD_PEER_TRUSTED_CA_FILE, ETCD_CLIENT_CERT_AUTH, ETCD_PEER_CLIENT_CERT_AUTH). Only new clusters will benefit from the fix. .. releasenotes/notes/fix-race-condition-for-k8s-multi-masters-29bd36de57df355a.yaml @ b'3c72d7b88b6c41d2a85a71c438018313d6169f7f' - When creating a multi-master cluster, all master nodes will attempt to create kubernetes resources in the cluster at this same time, like coredns, the dashboard, calico etc. This race conditon shouldn't be a problem when doing declarative calls instead of imperative (kubectl apply instead of create). However, due to [1], kubectl fails to apply the changes and the deployemnt scripts fail causing cluster to creation to fail in the case of Heat SoftwareDeployments. This patch passes the ResourceGroup index of every master so that resource creation will be attempted only from the first master node. [1] https://github.com/kubernetes/kubernetes/issues/44165 .. releasenotes/notes/k8s_fedora_atomic_apply_cluster_role-8a46c881de1a1fa3.yaml @ b'4c5d38adefad6f3bc4bb8dc497a62af6227e6ef7' - Create admin cluster role for k8s_fedora_atomic, it is defined in the configuration but it wasn't applied. .. releasenotes/notes/k8s_fedora_protect_kubelet-8468ddcb92c2a624.yaml @ b'205e8adafaf883e6dc81177eee3fa08d12b26f77' - Fix bug #1758672 [1] to protect kubelet in the k8s_fedora_atomic driver. Before this patch kubelet was listening to 0.0.0.0 and for clusters with floating IPs the kubelet was exposed. Also, even on clusters without fips the kubelet was exposed inside the cluster. This patch allows access to the kubelet only over https and with the appropriate roles. The apiserver and heapster have the appropriate roles to access it. Finally, all read-only ports have been closed to not expose any cluster data. The only remaining open ports without authentication are for healthz. [1] https://bugs.launchpad.net/magnum/+bug/1758672 .. releasenotes/notes/strip-ca-certificate-a09d0c31c45973df.yaml @ b'edee7030e4deee4e95e68daa1623ea305ce202e5' - Strip signed certificate. Certificate (ca.crt) has to be striped for some application parsers as they might require pure base64 representation of the certificate itself, without empty characters at the beginning nor the end of file. .. releasenotes/notes/sync-service-account-keys-for-multi-masters-71217c4cf4dd472c.yaml @ b'043c57da74731c5f2448cb74bfe6145ec46379ca' - Multi master deployments for k8s driver use different service account keys for each api/controller manager server which leads to 401 errors for service accounts. This patch will create a signed cert and private key for k8s service account keys explicitly, dedicatedly for the k8s cluster to avoid the inconsistent keys issue. .. _magnum_8.2.0: 8.2.0 ===== .. _magnum_8.2.0_New Features: New Features ------------ .. releasenotes/notes/podsecuritypolicy-2400063d73524e06.yaml @ b'6762a97439ac8feeac05db5b49ac26498c1f0e95' - k8s_fedora_atomic_v1 Add PodSecurityPolicy for privileged pods. Use privileged PSP for calico and node-problem-detector. Add PSP for flannel from upstream. .. _magnum_8.2.0_Other Notes: Other Notes ----------- .. releasenotes/notes/using-vxlan-for-flannel-backend-8d82a290ca97d6e2.yaml @ b'261b0eeab61762894272df2dba8c4f3f45ff9d8f' - The default value of flannel_backend will be replaced with `vxlan` which was `udp` based on the recommendation at https://github.com/coreos/flannel/blob/master/Documentation/backends.md .. _magnum_8.1.0: 8.1.0 ===== .. _magnum_8.1.0_New Features: New Features ------------ .. releasenotes/notes/helm-install-ingress-nginx-fe2acec1dd3032e3.yaml @ b'0400a0427b238a0a601c7e62d79336a59754ce42' - Add nginx as an additional Ingress controller option for Kubernetes. Installation is done via the upstream nginx-ingress helm chart, and selection can be done via label ingress_controller=nginx. .. releasenotes/notes/set-traefik-tag-7d4aca5685147970.yaml @ b'9493f4db27668a4b1fa0a9889ef9d3a932cd79aa' - Added label traefik_ingress_controller_tag to enable specifying traefik container version. .. releasenotes/notes/support-auto-healing-3e07c16c55209b0a.yaml @ b'd24614103f377759a28fc5d2eb7f40666be4cc80' - Using Node Problem Detector, Draino and AutoScaler to support auto healing for K8s cluster, user can use a new label "auto_healing_enabled' to turn on/off it. Meanwhile, a new label "auto_scaling_enabled" is also introduced to enable the capability to let the k8s cluster auto scale based its workload. .. releasenotes/notes/support-multi-dns-server-0528be20f0e6aa62.yaml @ b'14cebe7fd07c50bef71ac9c03fafb656e191d883' - Support multi DNS server when creating template. User can use a comma delimited ipv4 address list to specify multi dns server, for example "8.8.8.8,114.114.114.114" .. _magnum_8.1.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/ignore-calico-devices-in-network-manager-e1bdb052834e11e9.yaml @ b'71a05369dd76aa98a1da280c0252ef438a3d8829' - Fixed an issue that applications running on master nodes which rely on network connection keep restarting because of timeout or connection lost, by making calico devices unmanaged in NetworkManager config on master nodes. .. releasenotes/notes/set-traefik-tag-7d4aca5685147970.yaml @ b'9493f4db27668a4b1fa0a9889ef9d3a932cd79aa' - Traefik container now defaults to a fixed tag (v1.7.10) instead of tag (latest) .. _magnum_8.0.0: 8.0.0 ===== .. _magnum_8.0.0_Prelude: Prelude ------- .. releasenotes/notes/add-upgrade-check-framework-5057ad67a7690a14.yaml @ b'2ccf639a396decdb87d0a9e02aafcb59c5cd2610' Added new tool ``magnum-status upgrade check``. .. _magnum_8.0.0_New Features: New Features ------------ .. releasenotes/notes/add-kubelet-to-master-nodes-da2d4ea0d3a332cd.yaml @ b'6390e0dbd3a20f71d1b17999e1f21774fbb1c27e' - Deploy kubelet in master nodes for the k8s_fedora_atomic driver. Previously it was done only for calico, now kubelet will run in all cases. Really useful, for monitoing the master nodes (eg deploy fluentd) or run the kubernetes control-plance self-hosted. .. releasenotes/notes/add-octavia-client-4e5520084eae3c2b.yaml @ b'9a6698fb4535e408b6c4a522088197af0ab4aa4d' - This will add the octavia client code for client to interact with the Octavia component of OpenStack .. releasenotes/notes/add-upgrade-check-framework-5057ad67a7690a14.yaml @ b'2ccf639a396decdb87d0a9e02aafcb59c5cd2610' - New framework for ``magnum-status upgrade check`` command is added. This framework allows adding various checks which can be run before a Magnum upgrade to ensure if the upgrade can be performed safely. .. releasenotes/notes/allow-cluster-template-being-renamed-82f7d5d1f33a7957.yaml @ b'766a64a41a8afe6b86137a78651f8dcbcc5f56d4' - To get a better cluster template versioning and relieve the pain of maintaining public cluster template, now the name of cluster template can be changed. .. releasenotes/notes/deploy-tiller-in-k8s-df12ee41d00dd7ff.yaml @ b'0b5f4260d9891c13164979ea2eee733fbadcee94' - Add tiller_enabled to install tiller in k8s_fedora_atomic clusters. Defaults to false. Add tiller_tag label to select the version of tiller. If the tag is not set the tag that matches the helm client version in the heat-agent will be picked. The tiller image can be stored in a private registry and the cluster can pull it using the container_infra_prefix label. Add tiller_namespace label to select in which namespace to install tiller. Tiller is install with a Kubernetes job. This job runs with a container that includes the helm client. This image is maintained by the magnum team and lives in, docker.io/openstackmagnum/helm-client. This container follows the same versions as helm and tiller. .. releasenotes/notes/flannel-cni-4a5c9f574325761e.yaml @ b'2ab874a5be951a6eba4f9d4f54c106bc0c53d9b1' - For k8s_fedora_atomic, run flannel as a cni plugin. The deployment method is taken from the flannel upstream documentation. One more label for the cni tag is added `flannel_cni_tag` for the container, quay.io/repository/coreos/flannel-cni. The flannel container is taken from flannel upsteam as well quay.io/repository/coreos/flannel. .. releasenotes/notes/grafana_prometheus_tag_label-78540ea106677485.yaml @ b'0cf61dfb7412f05fd98f597f3f451e3f1dcd8c08' - Add 'grafana_tag' and 'prometheus_tag' labels for the k8s_fedora_atomic driver. Grafana defaults to 5.1.5 and Prometheus defaults to v1.8.2. .. releasenotes/notes/heat-container-agent-tag-92848c1062c16c76.yaml @ b'c98e9525c7db34734afb29d1b9fb409a08d16ef7' - Add heat_container_agent_tag label to allow users select the heat-agent tag. Stein default: stein-dev .. releasenotes/notes/heat-container-agent-tag-fe7cec6b890329af.yaml @ b'b2a6a7715aea805f38b451a29f25267ff6d5bfcc' - Add heat container agent into Kubernetes cluster worker nodes to support cluster rolling upgrade. .. releasenotes/notes/helm-install-metrics-service-cd18be76c4ed0e5f.yaml @ b'230ad3f2db0a5daa08696b109d39d716406ff243' - Installs the metrics-server service that is replacing kubernetes deprecated heapster as a cluster wide metrics reporting service used by schedulling, HPA and others. This service is installed and configured using helm and so tiller_enabled flag must be True. Heapster service is maintained active to allow compatibility. .. releasenotes/notes/helm-install-prometheus-operator-ea87752bc57a0945.yaml @ b'a46d2ffc915de69f1ffafe42071192daffb1de4c' - Added monitoring_enabled to install prometheus-operator monitoring solution by means of helm stable/prometheus-operator public chart. Defaults to false. grafana_admin_passwd label can be used to set grafana dashboard admin access password. If grafana_admin_passwd is not set the password defaults to prom_operator. .. releasenotes/notes/k8s-cluster-creation-speedup-21b5b368184d7bf0.yaml @ b'cae7fa21b63d471bb5bbc878fee68cace7a7d4a6' - Start Kubernetes workers installation right after the master instances are created rather than waiting for all the services inside masters, which could decrease the Kubernetes cluster launch time significantly. .. releasenotes/notes/k8s-improve-floating-ip-enabled-84cd00224d6b7bc1.yaml @ b'c47fde0cbe371490e7191cd637e609b7ea7a5025' - A new label named ``master_lb_floating_ip_enabled`` is introduced which controls if Magnum allocates floating IP for the load balancer of master nodes. This label only takes effect when the ``master_lb_enabled`` is set. The default value is the same as ``floating_ip_enabled``. The ``floating_ip_enabled`` property now only controls if Magnum should allocate the floating IPs for the master and worker nodes. .. releasenotes/notes/k8s-keystone-auth-6c88c1a2d406fb61.yaml @ b'59da4e25a6a31e296f8ad734395a791015769424' - Now cloud-provider-openstack of Kubernetes has a webhook to support Keystone authorization and authentication. With this feature, user can use a new label 'keystone-auth-enabled' to enable the keystone authN and authZ. .. releasenotes/notes/k8s-octavia-ingress-controller-32c0b97031fd0dd4.yaml @ b'a941822c8ecffa50f3b16ff137eba3f7c9897ca5' - Add a new option 'octavia' for the label 'ingress_controller' and a new label 'octavia_ingress_controller_tag' to enable the deployment of `octavia-ingress-controller `_ in the kubernetes cluster. The 'ingress_controller_role' label is not used for this option. .. releasenotes/notes/k8s-prometheus-clusterip-b191fa163e3f1125.yaml @ b'2bbfd52abccc491e3e021d5b2269c3c8136d17d4' - Use ClusterIP as the default Prometheus service type, because the NodePort type service has the requirement that extra security group rule is properly configured. Kubernetes cluster administrator could still change the service type after the cluster creation. .. releasenotes/notes/kubernetes-cloud-config-6c9a4bfec47e3bb4.yaml @ b'6c61a1a949615f6dc1df36f3098cd97466ac7238' - Use the external cloud provider in k8s_fedora_atomic. The cloud_provider_tag label can be used to select the container tag for it, together with the cloud_provider_enabled label. The cloud provider runs as a DaemonSet on all master nodes. .. releasenotes/notes/make-keypair-optional-fcf4a17e440d0879.yaml @ b'8f4643d85ce9d5d8ad7442a0534e4e5f84fb8c48' - This makes the keypair optional. The user should not have to include the keypair because they may use some other method of security such as using SSSD, preconfigured on the image. .. releasenotes/notes/pre-delete-cluster-5e27cfdf45e25805.yaml @ b'a980208984fc8c4f387f6b37f681b24197f38c19' - Add Kubernetes cluster pre-delete support to remove the cloud resources before deleting the cluster. For now, only load balancers for Kubernetes services of LoadBalancer type are deleted. .. releasenotes/notes/resize-api-2bf1fb164484dea9.yaml @ b'15ecdb8033b5df7af5d2ea9309eda4473c55c925' - Now an OpenStack driver for Kubernetes Cluster Autoscaler is being proposed to support autoscaling when running k8s cluster on top of OpenStack. However, currently there is no way in Magnum to let the external consumer to control which node will be removed. The alternative option is calling Heat API directly but obviously it is not the best solution and it's confusing k8s community. So this new API is being added into Magnum: POST /actions/resize .. releasenotes/notes/server-groups-for-both-master-and-workder-bdd491e4323955d4.yaml @ b'4f84c849f6aa83630d95e269f228753fbba85e8d' - Magnums onlys has one server group for all master and worker nodes per cluster, which is not very flexible for small cloud scale. For a 3+ master clusters, it's easily meeting the capacity when using hard anti-affinity policy. Now one server group is added for each master and worker nodes group to have better flexibility. .. _magnum_8.0.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/k8s-improve-floating-ip-enabled-84cd00224d6b7bc1.yaml @ b'c47fde0cbe371490e7191cd637e609b7ea7a5025' - The etcd service for Kubernetes cluster is no longer allocated a floating IP. .. releasenotes/notes/kubernetes-cloud-config-6c9a4bfec47e3bb4.yaml @ b'6c61a1a949615f6dc1df36f3098cd97466ac7238' - The cloud config for kubernets has been renamed from /etc/kubernetes/kube_openstack_config to /etc/kubernetes/cloud-config as the kubelet expects this exact name when the external cloud provider is used. A copy of /etc/kubernetes/kube_openstack_config is in place for applications developed for previous versions of magnum. .. _magnum_8.0.0_Deprecation Notes: Deprecation Notes ----------------- .. releasenotes/notes/deprecate-send_cluster_metrics-8adaac64a979f720.yaml @ b'a26c2225b656b3c5e057f4b02e17fb70385c40a6' - Currently, Magnum is running periodic tasks to collect k8s cluster metrics to message bus. Unfortunately, it's collecting pods info only from "default" namespace which makes this function useless. What's more, even Magnum can get all pods from all namespaces, it doesn't make much sense to keep this function in Magnum. Because operators only care about the health of cluster nodes. If they want to know the status of pods, they can use heapster or other tools to get that. So the feauture is being deprecated now and will be removed in Stein release. And the default value is changed to False, which means won't send the metrics. .. _magnum_8.0.0_Security Issues: Security Issues --------------- .. releasenotes/notes/k8s-nodes-security-group-9d8dbb91b006d9dd.yaml @ b'31c82625d6cae5b9cc8fae6f09c9107818dee9b7' - Defines more strict security group rules for kubernetes worker nodes. The ports that are open by default: default port range(30000-32767) for external service ports; kubelet healthcheck port; Calico BGP network ports; flannel overlay network ports. The cluster admin should manually config the security group on the nodes where Traefik is allowed. To allow traffic to the default ports (80, 443) that the traefik ingress controller exposes users will need to create additional rules or expose traefik with a kubernetes service with type: LoadBalaner. Finally, the ssh port in worker nodes is closed as well. If ssh access is required, users will need to create a rule for port 22 as well. .. _magnum_8.0.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/add-k8s-label-for-portal-network-cidr-a09edab29da6e7da.yaml @ b'80fcf76d27f961685150cf0a43931446dc817b16' - Add a new label `service_cluster_ip_range` for kubernetes so that user can set the IP range for service portals to avoid conflicts with pod IP range. .. releasenotes/notes/affinity-policy-for-mesos-template-def-82627eb231aa4d28.yaml @ b'a47f5a39944920f694114c0e1cb964bbf60c93ba' - Fixes the problem with Mesos cluster creation where the nodes_affinity_policy was not properly conveyed as it is required in order to create the corresponding server group in Nova. https://storyboard.openstack.org/#!/story/2005116 .. releasenotes/notes/bug-2004942-052321df27529562.yaml @ b'b555f90c10df371275a709a98dbbcc28637493d5' - Allow overriding cluster template labels for swarm mode clusters - this functionality was missed from this COE when it was introduced. .. releasenotes/notes/fix-cluster-update-886bd2d1156bef88.yaml @ b'3f773f1fd045a507c3962ae509fcd57352cdc9ae' - When doing a cluster update magnum is now passing the existing parameter to heat which will use the heat templates stored in the heat db. This change will prevent heat from replacacing all nodes when the heat templates change, for example after an upgrade of the magnum server code. https://storyboard.openstack.org/#!/story/1722573 .. releasenotes/notes/flannel-reboot-fix-f1382818daed4fa8.yaml @ b'e6b3325120a0ff333ebaea2db2d64e07d5011248' - Add iptables -P FORWARD ACCEPT unit. On node reboot, kubelet and kube-proxy set iptables -P FORWARD DROP which doesn't work with flannel in the way we use it. Add a systemd unit to set the rule to ACCEPT after flannel, docker, kubelet, kube-proxy. .. releasenotes/notes/k8s-delete-vip-fip-b2ddf61ddbc080bc.yaml @ b'f63761a804b240dd0e33832e1e57d9cdb3873277' - In kubernetes cluster, a floating IP is created and associated with the vip of a load balancer which is created corresponding to the service of LoadBalancer type inside kubernetes, it should be deleted when the cluster is deleted. .. releasenotes/notes/return-server-id-in-kubeminion-cb33f5141e0b7fa9.yaml @ b'20d03919fb1741223de37e67f9af363d3ca85f76' - Return instance ID of workder node in k8s minion template so that consumer can send API request to Heat to remove a particular node with removal_policies. Otherwise, the consumer (e.g. AutoScaler) has to use index to do the remove which is confusing out of the OpenStack world. https://storyboard.openstack.org/#!/story/2005054 .. releasenotes/notes/swarm-live-restore-b03ad192367abced.yaml @ b'095b49e6f532f961854d8e0363e0f4aae01d189f' - Fixed a bug where --live-restore was passed to Docker daemon causing the swarm init to fail. Magnum now ensures the --live-restore is not passed to the Docker daemon if it's default in an image. .. _magnum_9.4.1: 9.4.1 ===== .. _magnum_9.4.1_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/ensure-delete-complete-2f9bb53616e1e02b.yaml @ b'e0a4683c081533f5c2ee7da0950366e5af1c02b6' - Fixes a regression which left behind trustee user accounts and certificates when a cluster is deleted. .. _magnum_9.4.0: 9.4.0 ===== .. _magnum_9.4.0_New Features: New Features ------------ .. releasenotes/notes/configurable-k8s-health-polling-interval-75bb83b4701d48c5.yaml @ b'02e47978d755d20cb420be10db11d1bedd521a04' - The default 10 seconds health polling interval is too frequent for most of the cases. Now it has been changed to 60s. A new config `health_polling_interval` is supported to make the interval configurable. Cloud admin can totally disable the health polling by set a negative value for the config. .. releasenotes/notes/containerd-598761bb536af6ba.yaml @ b'd75195b3aec019dd3d67297093982e95a825a4bb' - New labels to support containerd as a runtime. container_runtime The container runtime to use. Empty value means, use docker from the host. Since ussuri, apart from empty (host-docker), containerd is also an option. containerd_version The containerd version to use as released in https://github.com/containerd/containerd/releases and https://storage.googleapis.com/cri-containerd-release/ containerd_tarball_url Url with the tarball of containerd's binaries. containerd_tarball_sha256 sha256 of the tarball fetched with containerd_tarball_url or from https://storage.googleapis.com/cri-containerd-release/. .. _magnum_9.4.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/configurable-k8s-health-polling-interval-75bb83b4701d48c5.yaml @ b'02e47978d755d20cb420be10db11d1bedd521a04' - If it's still preferred to have 10s health polling interval for Kubernetes cluster. It can be set by config `health_polling_interval` under `kubernetes` section. .. _magnum_9.4.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/fix-serveraddressoutputmapping-for-private-clusters-73a874bb4827d568.yaml @ b'2f656c66a5d2640268d22c3322fc757909fc7708' - Fix an issue with private clusters getting stuck in CREATE_IN_PROGRESS status where floating_ip_enabled=True in the cluster template but this is disabled when the cluster is created. .. releasenotes/notes/improve-k8s-master-kubelet-taint-0c56ffede270116d.yaml @ b'5ea259d8ed1a9de3df55b2e543e733e50d84598b' - The taint of master node kubelet has been improved to get the conformance test (sonobuoy) passed. .. releasenotes/notes/kubelet-nfs-b51e572adfb56378.yaml @ b'752250e89e35c970e884c2c7651ebe645cd17594' - For fcos-kubelet, add rpc-statd dependency. To mount nfs volumes with the embedded volume pkg [0], rpc-statd is required and should be started by mount.nfs. When running kubelet in a chroot this fails. With atomic containers it used to work. [0] https://github.com/kubernetes/kubernetes/tree/master/pkg/volume/nfs .. _magnum_9.3.0: 9.3.0 ===== .. _magnum_9.3.0_New Features: New Features ------------ .. releasenotes/notes/cinder-csi-enabled-label-ab2b8ade63c57cf3.yaml @ b'5fa5ca40c32ba69cb0b2ec0a7fec397b9495145d' - Add cinder_csi_enabled label to support out of tree Cinder CSI. .. releasenotes/notes/support-sha256-verification-for-hyperkube-fb2292c6a8bb00ba.yaml @ b'5b625257d365186cdf68f55f9a794ceb805251d7' - Now the Fedora CoreOS driver can support the sha256 verification for the hyperkube image when bootstraping the Kubernetes cluster. .. _magnum_9.3.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/fix-cert-apimanager-527352622c5a9c3b.yaml @ b'f61fef6771a4f466fce76f64086d107b642f017b' - Fixed the usage of cert_manager_api=true making cluster creation fail due to a logic lock between kubemaster.yaml and kubecluster.yaml .. releasenotes/notes/fix-proxy-of-grafana-script-8b408d9d103dfc06.yaml @ b'84cd9ca381ff3e11fba321649a3ca4e058832e84' - This proxy issue of Prometheus/Grafana script has been fixed. .. _magnum_9.2.0: 9.2.0 ===== .. _magnum_9.2.0_New Features: New Features ------------ .. releasenotes/notes/heapster-enabled-label-292ca1ddac68a156.yaml @ b'18c4585528a9b19167a4c6eae2de8341a9071261' - Added label heapster_enabled to control heapster installation in the cluster. .. releasenotes/notes/helm-install-metrics-service-e7a5459417504a75.yaml @ b'da2474e3b95bf4bf313e5d1853e4002f816ba1c2' - Installs the metrics-server service that is replacing kubernetes deprecated heapster as a cluster wide metrics reporting service used by schedulling, HPA and others. This service is installed and configured using helm and so tiller_enabled flag must be True. The label metrics_server_chart_tag can be used to specify the stable/metrics-server chart tag to be used. The label metrics_server_enabled is used to enable disable the installation of the metrics server (default: true). .. releasenotes/notes/prometheus-adapter-15fba9d739676e70.yaml @ b'47a86d47da8d30e97739b7b9b45e8812afc1d296' - Added custom.metrics.k8s.io API installer by means of stable/prometheus-adapter helm chart. The label prometheus_adapter_enabled (default: true) controls configuration. You can also use prometheus_adapter_chart_tag to select helm chart version, and prometheus_adapter_configmap if you would like to setup your own metrics (specifying this other than default overwrites default configurations). This feature requires the usage of label monitoring_enabled=true. .. _magnum_9.2.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/fix-nginx-getting-oom-killed-76139fd8b57e6c15.yaml @ b'0d94ccb93a8124c70451ec7aeb9f255ed7cd1779' - nginx-ingress-controller QoS changed from Guaranteed to Burstable. Priority class 'system-cluster-critical' or higher for nginx-ingress-controller. .. _magnum_9.2.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/fix-fedora-proxy-a4b8d5fc4ec65e80.yaml @ b'57479b18d29a2d738955bc5bb599805bb8f4aceb' - A regression issue about downloading images has been fixed. Now both Fedora Atomic driver and Fedora CoreOS driver can support using proxy in template to create cluster. .. releasenotes/notes/fix-nginx-getting-oom-killed-76139fd8b57e6c15.yaml @ b'0d94ccb93a8124c70451ec7aeb9f255ed7cd1779' - nginx-ingress-controller requests.memory increased to 256MiB. This is a result of tests that showed the pod getting oom killed by the node on a relatively generic use case. .. releasenotes/notes/keystone-auth-repo-6970c05f44299326.yaml @ b'57e7eddb273ec7194de370973d42a5157712e653' - k8s-keystone-auth now uses the upstream k8scloudprovider docker repo instead of the openstackmagnum repo. .. releasenotes/notes/nodegroup-limit-89930d45ee06c621.yaml @ b'0cf32964820cbde5be967b733d8e6b13525e99df' - Fixes the next url in the list nodegroups API response. .. releasenotes/notes/prometheus-operator-compatible-with-k8s-1-16-f8be99cf527075b8.yaml @ b'7f40b9bb39ff15ce51e0e7f0bec2fbe5e6823530' - Bump up prometheus operator chart version to 8.2.2 so that it is compatible with k8s 1.16.x. .. releasenotes/notes/traefik-compatible-with-k8s-1-16-9a9ef6d3ccc92fb4.yaml @ b'8a4bf2f92213366adcc07b644b87051b276c8a77' - Bump up traefik to 1.7.19 for compatibility with Kubernetes 1.16.x. .. _magnum_9.1.0: 9.1.0 ===== .. _magnum_9.1.0_New Features: New Features ------------ .. releasenotes/notes/fedora_coreos-e66b44d86dea380f.yaml @ b'86c579c84167e3c778bb0c072d6695c25a4f83f0' - Add fedora coreos driver. To deploy clusters with fedora coreos operators or users need to add os_distro=fedora-coreos to the image. The scripts to deploy kubernetes on top are the same with fedora atomic. Note that this driver has selinux enabled. .. releasenotes/notes/support-fedora-atomic-os-upgrade-9f47182b21c6c028.yaml @ b'be992a7dc6bfb6a1f5169dcf0b3cc14ff13ae9e2' - Along with the kubernetes version upgrade support we just released, we're adding the support to upgrade the operating system of the k8s cluster (including master and worker nodes). It's an inplace upgrade leveraging the atomic/ostree upgrade capability. .. releasenotes/notes/upgrade_api-1fecc206e5b0ef99.yaml @ b'3c984603fc3b20cf8a19705afe945693a0ba22fe' - Cluster upgrade API supports upgrading specific nodegroups in kubernetes clusters. If a user chooses a default nodegroup to be upgraded, then both of the default nodegroups will be upgraded since they are in one stack. For non-default nodegroups users are allowed to use only the cluster template already set in the cluster. This means that the cluster (default nodegroups) has to be upgraded on the first hand. For now, the only label that is taken into consideration during upgrades is the kube_tag. All other labels are ignored. .. releasenotes/notes/use_podman-39532143be2296c2.yaml @ b'ba89a6c43f672f9e9998c0caaaa15d15254856fd' - Choose whether system containers etcd, kubernetes and the heat-agent will be installed with podman or atomic. This label is relevant for k8s_fedora drivers. k8s_fedora_atomic_v1 defaults to use_podman=false, meaning atomic will be used pulling containers from docker.io/openstackmagnum. use_podman=true is accepted as well, which will pull containers by k8s.gcr.io. k8s_fedora_coreos_v1 defaults and accepts only use_podman=true. Note that, to use kubernetes version greater or equal to v1.16.0 with the k8s_fedora_atomic_v1 driver, you need to set use_podman=true. This is necessary since v1.16 dropped the --containerized flag in kubelet. https://github.com/kubernetes/kubernetes/pull/80043/files .. _magnum_9.1.0_Known Issues: Known Issues ------------ .. releasenotes/notes/fedora_coreos-e66b44d86dea380f.yaml @ b'86c579c84167e3c778bb0c072d6695c25a4f83f0' - The startup of the heat-container-agent uses a workaround to copy the SoftwareDeployment credentials to /var/lib/cloud/data/cfn-init-data. The fedora coreos driver requires heat train to support ignition. .. _magnum_9.1.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/fedora_coreos-e66b44d86dea380f.yaml @ b'86c579c84167e3c778bb0c072d6695c25a4f83f0' - For k8s_coreos set REQUESTS_CA for heat-agent. The heat-agent as a python service needs to use the ca bundle of the host. .. releasenotes/notes/use_podman-39532143be2296c2.yaml @ b'ba89a6c43f672f9e9998c0caaaa15d15254856fd' - core-podman Mount os-release properly To display the node OS-IMAGE in k8s properly we need to mount /usr/lib/os-release, /ets/os-release is just a symlink. .. _magnum_9.0.0: 9.0.0 ===== .. _magnum_9.0.0_New Features: New Features ------------ .. releasenotes/notes/add-information-about-cluster-in-event-notifications-a3c992ab24b32fbd.yaml @ b'e5eade03dc36f74f57dba756f43d15a198155b2d' - Add information about the cluster in magnum event notifications. Previously the CADF notification's target ID was randomly generated and no other relevant info about the cluster was sent. Cluster details are now included in the notifications. This is useful for other OpenStack projects like Searchlight or third party projects that cache information regarding OpenStack objects or have custom actions running on notification. Caching systems can now efficiently update one single object (e.g. cluster), while without notifications they need to periodically retrieve object list, which is inefficient. .. releasenotes/notes/allow-setting-network-subnet-FIP-when-creating-cluster-ae0cda35ade28a9f.yaml @ b'32989b4f7b1fdee40768188289bce4a8baf624b7' - When using a public cluster template, user still need the capability to reuse their existing network/subnet, and they also need to be able to turn of/off the floating IP to overwrite the setting in the public template. Now this is supported by adding those three items as parameters when creating cluster. .. releasenotes/notes/boot-from-volume-7c73df68d7f325aa.yaml @ b'cfe2753fd300aaab03dd43b72e83e2b19331ed2a' - Support boot from volume for Kubernetes all nodes (master and worker) so that user can create a big size root volume, which could be more flexible than using docker_volume_size. And user can specify the volume type so that user can leverage high performance storage, e.g. NVMe etc. And a new label etcd_volme_type is added as well so that user can set volume type for etcd volume. If the boot_volume_type or etcd_volume_type are not passed by labels, Magnum will try to read them from config option default_boot_volume_type and default_etcd_volume_type. A random volume type from Cinder will be used if those options are not set. .. releasenotes/notes/coredns-update-9b03da4b89be18ad.yaml @ b'8fb27da2fc39c8be32ec756c1cc3779ae07d30a4' - Add coredns_tag label to control the tag of the coredns container in k8s_fedora_atomic. Taken from https://hub.docker.com/r/coredns/coredns/tags/ Since stein default to 1.3.1 .. releasenotes/notes/helm-install-ingress-nginx-fe2acec1dd3032e3.yaml @ b'375fbccf587a9e19afbad4c138977f222023393a' - Add nginx as an additional Ingress controller option for Kubernetes. Installation is done via the upstream nginx-ingress helm chart, and selection can be done via label ingress_controller=nginx. .. releasenotes/notes/k8s-fedora-atomic-rolling-upgrade-3d8edcdd91fa1529.yaml @ b'05c27f2d7399517c660ea233df816e74d8a75eae' - Now the fedora atomic Kubernetes driver can support rolling upgrade for k8s version change or the image change. User can call command `openstack coe cluster upgrade ` to upgrade current cluster to the new version defined in the new cluster template. At this moment, only the image change and the kube_tag change are supported. .. releasenotes/notes/podsecuritypolicy-2400063d73524e06.yaml @ b'7267c1ea43b72849ece0bedb0a18bfc438829354' - k8s_fedora_atomic_v1 Add PodSecurityPolicy for privileged pods. Use privileged PSP for calico and node-problem-detector. Add PSP for flannel from upstream. .. releasenotes/notes/set-traefik-tag-7d4aca5685147970.yaml @ b'b3ceb252ef044f09496429e2663220c24c5d0f38' - Added label traefik_ingress_controller_tag to enable specifying traefik container version. .. releasenotes/notes/support-auto-healing-3e07c16c55209b0a.yaml @ b'75fab6ff37d5f91c10c883d0e67ac17234250f72' - Using Node Problem Detector, Draino and AutoScaler to support auto healing for K8s cluster, user can use a new label "auto_healing_enabled' to turn on/off it. Meanwhile, a new label "auto_scaling_enabled" is also introduced to enable the capability to let the k8s cluster auto scale based its workload. .. releasenotes/notes/support-auto-healing-controller-333d1266918111e9.yaml @ b'52155f0e76d2f2dd9aeff1ed49ed82353d734fb8' - A new tag ``auto_healing_controller`` is introduced to allow the user to choose the auto-healing service when ``auto_healing_enabled`` is specified in the labels, ``draino`` and ``magnum-auto-healer`` are supported for now. Another label ``magnum_auto_healer_tag`` is also added to specify the ``magnum-auto-healer`` image tag. .. releasenotes/notes/support-multi-dns-server-0528be20f0e6aa62.yaml @ b'3cb6226ff08cac571654466029d5bfca5ea54702' - Support multi DNS server when creating template. User can use a comma delimited ipv4 address list to specify multi dns server, for example "8.8.8.8,114.114.114.114" .. releasenotes/notes/upgrade-api-975233ab93c0c092.yaml @ b'9b1bd5da54b9b3a5ad10a8efa1962b61320c3150' - A new API endpoint /actions/upgrade is added to support rolling upgrade the base OS of nodes and the version of Kubernetes. More details please refer the API Refreence document. .. _magnum_9.0.0_Known Issues: Known Issues ------------ .. releasenotes/notes/default-policy-k8s-keystone-auth-fa74aa03dcc12ef3.yaml @ b'd8df9d0c367943546e2f6498f7e3f5d1396126bc' - With the new config option keystone_auth_default_policy, cloud admin can set a default keystone auth policy for k8s cluster when the keystone auth is enabled. As a result, user can use their current keystone user to access k8s cluster as long as they're assigned correct roles, and they will get the pre-defined permissions defined by the cloud provider. .. releasenotes/notes/k8s-fedora-atomic-rolling-upgrade-3d8edcdd91fa1529.yaml @ b'05c27f2d7399517c660ea233df816e74d8a75eae' - There is a known issue when doing image(operating system) upgrade for k8s cluster. Because when doing image change for a server resource, Heat will trigger the Nova rebuild to rebuild the instnace and there is no chance to call kubectl drain to drain the node, so there could be a very minior downtime when doing(starting to do) the rebuild and meanwhile a request is routed to that node. .. releasenotes/notes/rename-minion-to-node-9d32fe77d765f149.yaml @ b'8f6612b2e92bfbf3140b9ef6f63108687a814cf7' - Minion is not a good name for k8s worker node anymore, now it has been replaced in the fedora atomic driver with 'node' to align with the k8s terminologies. So the server name of a worker will be something like `k8s-1-lnveovyzpreg-node-0` instead of `k8s-1-lnveovyzpreg-worker-0`. .. _magnum_9.0.0_Security Issues: Security Issues --------------- .. releasenotes/notes/disable-ssh-password-authn-f2baf619710e52aa.yaml @ b'3a0a43877a5670b1f8c9b769c7e4b723af2406c9' - Regarding passwords, they could be guessed if there is no faild-to-ban-like solution. So it'd better to disable it for security reasons. It's only effected for fedora atomic images. .. _magnum_9.0.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/fix-cluster-floating-ip-enabled-default-value-4e24d4bf09fc08c8.yaml @ b'e59e3e070ffac3634ebe989461bafe31e4e23277' - There shouldn't be a default value for floating_ip_enabled when creating cluster. By default, when it's not set, the cluster's floating_ip_enabled attribute should be set with the value of cluster template. It's fixed by removing the default value from Magnum API. .. releasenotes/notes/fix-k8s-coe-version-a8ea38f327ea6bb3.yaml @ b'dc100551e4b1d4bf6fcd90600149134dc474efea' - The coe_version was out of sync with the k8s version deployed for the cluster. Now it is fixed by making sure the kube_version is consistent with the kube_tag when creating the cluster and upgrading the cluster. .. releasenotes/notes/ignore-calico-devices-in-network-manager-e1bdb052834e11e9.yaml @ b'49e5f17cb55348868720befe9bc67e065eabffea' - Fixed an issue that applications running on master nodes which rely on network connection keep restarting because of timeout or connection lost, by making calico devices unmanaged in NetworkManager config on master nodes. .. releasenotes/notes/return-clusterid-for-resize-upgrade-6e841c7b568fa807.yaml @ b'92d516903a8850b3d203a1e5669b4167655a8ebf' - Now the resize and upgrade action of cluster will return cluster ID to be consistent with other actions of Magnum cluster. .. releasenotes/notes/set-traefik-tag-7d4aca5685147970.yaml @ b'b3ceb252ef044f09496429e2663220c24c5d0f38' - Traefik container now defaults to a fixed tag (v1.7.10) instead of tag (latest) .. _magnum_9.0.0_Other Notes: Other Notes ----------- .. releasenotes/notes/heat-container-agent-for-train-e63bc1559750fe9c.yaml @ b'c6bf1da085383795d4f412c6af78693ee395badf' - Now the heat-container-agent default tag for Train release is train-dev. .. releasenotes/notes/using-vxlan-for-flannel-backend-8d82a290ca97d6e2.yaml @ b'0b033f03d02d31b42fd38cf6e9aadaeca5e7b7ca' - The default value of flannel_backend will be replaced with `vxlan` which was `udp` based on the recommendation at https://github.com/coreos/flannel/blob/master/Documentation/backends.md .. _magnum_10.1.0-3: 10.1.0-3 ======== .. _magnum_10.1.0-3_New Features: New Features ------------ .. releasenotes/notes/hyperkube-prefix-01b9a5f4664edc90.yaml @ b'63b3f20affd8f62ef175aa0aede40566c0002a60' - Support `hyperkube_prefix` label which defaults to k8s.gcr.io/. Users now have the option to define alternative hyperkube image source since the default source has discontinued publication of hyperkube images for `kube_tag` greater than 1.18.x. Note that if `container_infra_prefix` label is define, it still takes precedence over this label. .. _magnum_10.1.0: 10.1.0 ====== .. _magnum_10.1.0_New Features: New Features ------------ .. releasenotes/notes/add-master_lb_enabled-to-cluster-c773fac9086b2531.yaml @ b'53f6de609d99ec82f96640259ad345fb5262292d' - Users can enable or disable master_lb_enabled when creating a cluster. .. releasenotes/notes/configurable-k8s-health-polling-interval-75bb83b4701d48c5.yaml @ b'dbe461c16b853e9cfaa647c5d848b8312d09b6dd' - The default 10 seconds health polling interval is too frequent for most of the cases. Now it has been changed to 60s. A new config `health_polling_interval` is supported to make the interval configurable. Cloud admin can totally disable the health polling by set a negative value for the config. .. releasenotes/notes/expose_autoscaler_metrics-0ea9c61660409efe.yaml @ b'1309a8296d51a4184f19bfcdc2fcaa1f0fb83a3d' - Expose autoscaler prometheus metrics on pod port metrics (8085). .. releasenotes/notes/master-lb-allowed-cidrs-cc599da4eb96e983.yaml @ b'57aab5a065730f1e9bccd944c9519047502fac73' - Add a new label named `master_lb_allowed_cidrs` to control the IP ranges which can access the k8s API and etcd load balancers of master. To get this feature, the minimum version of Heat is stable/ussuri and minimum version of Octavia is stable/train. .. releasenotes/notes/merge-labels-9ba7deffc5bb3c7f.yaml @ b'b5ec954560ce635586be08622a3a490a8c00aa0b' - A new boolean flag is introduced in the CLuster and Nodegroup create API calls. Using this flag, users can override label values when clusters or nodegroups are created without having to specify all the inherited values. To do that, users have to specify the labels with their new values and use the flag --merge-labels. At the same time, three new fields are added in the cluster and nodegroup show outputs, showing the differences between the actual and the iherited labels. .. releasenotes/notes/pre-delete-all-loadbalancers-350a69ec787e11ea.yaml @ b'bcffb630d3fbceaa90add95443a620be92a59493' - Magnum now cascade deletes all the load balancers before deleting the cluster, not only including load balancers for the cluster services and ingresses, but also those for Kubernetes API/etcd endpoints. .. releasenotes/notes/support-helm-v3-5c68eca89fc9446b.yaml @ b'ca058f89274dd81ab5e3ee4cdcb2d72928f54ab2' - Support Helm v3 client to install helm charts. To use this feature, users will need to use helm_client_tag>=v3.0.0 (default helm_client_tag=v3.2.1). All the existing chart used to depend on Helm v2, e.g. nginx ingress controller, metrics server, prometheus operator and prometheus adapter are now also installable using v3 client. Also introduce helm_client_sha256 and helm_client_url that users can specify to install non-default helm client version (https://github.com/helm/helm/releases). .. releasenotes/notes/support-upgrade-on-behalf-of-user-c04994831360f8c1.yaml @ b'a3942670f07911eae854b72cde68ffa4abaf2535' - Cloud admin user now can do rolling upgrade on behalf of end user so as to do urgent security patching when it's necessary. .. releasenotes/notes/update_prometheus_monitoring-342a86f826be6579.yaml @ b'08202e80cb40db491ef58034d85f9830c8506d49' - Add to prometheus federation exported metrics the cluster_uuid label. .. _magnum_10.1.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/configurable-k8s-health-polling-interval-75bb83b4701d48c5.yaml @ b'dbe461c16b853e9cfaa647c5d848b8312d09b6dd' - If it's still preferred to have 10s health polling interval for Kubernetes cluster. It can be set by config `health_polling_interval` under `kubernetes` section. .. releasenotes/notes/default-admission-controller-04398548cf63597c.yaml @ b'2b353f58cafdf6e1d8147f71ced8baf00126adfb' - Now the default admission controller list is updated by as "NodeRestriction, PodSecurityPolicy, NamespaceLifecycle, LimitRanger, ServiceAccount, ResourceQuota, TaintNodesByCondition, Priority, DefaultTolerationSeconds, DefaultStorageClass, StorageObjectInUseProtection, PersistentVolumeClaimResize, MutatingAdmissionWebhook, ValidatingAdmissionWebhook, RuntimeClass" .. releasenotes/notes/support-helm-v3-5c68eca89fc9446b.yaml @ b'ca058f89274dd81ab5e3ee4cdcb2d72928f54ab2' - Default tiller_tag is set to v2.16.7. The charts remain compatible but helm_client_tag will also need to be set to the same value as tiller_tag, i.e. v2.16.7. In this case, the user will also need to provide helm_client_sha256 for the helm client binary intended for use. .. releasenotes/notes/update_prometheus_monitoring-342a86f826be6579.yaml @ b'08202e80cb40db491ef58034d85f9830c8506d49' - Bumped prometheus-operator chart tag to 8.12.13. Added container_infra_prefix to missing prometheusOperator images. .. _magnum_10.1.0_Deprecation Notes: Deprecation Notes ----------------- .. releasenotes/notes/support-helm-v3-5c68eca89fc9446b.yaml @ b'ca058f89274dd81ab5e3ee4cdcb2d72928f54ab2' - Support for Helm v2 client will be removed in X release. .. _magnum_10.1.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/Deploy-traefik-from-the-heat-agent-0bb32f0f2c97405d.yaml @ b'1055bf2d4cbe0f9253b6ca1dadd7e52aba1bdd7a' - Deploy traefik from the heat-agent Use kubectl from the heat agent to apply the traefik deployment. Current behaviour was to create a systemd unit to send the manifests to the API. This way we will have only one way for applying manifests to the API. This change is triggered to adddress the kubectl change [0] that is not using 127.0.0.1:8080 as the default kubernetes API. [0] https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.18.md#kubectl .. releasenotes/notes/default-ng-worker-node-count-a88911a0b7a760a7.yaml @ b'709c448fdf17452ec5d4b67f809bf86e7f36385e' - Fixes an edge case where when a cluster with additional nodegroups is patched with health_status and health_status_reason, it was leading to the default-worker nodegroup being resized. .. releasenotes/notes/ensure-delete-complete-2f9bb53616e1e02b.yaml @ b'5bd16d9d4015bf87b8b4bc58d69eeb1ad29ff307' - Fixes a regression which left behind trustee user accounts and certificates when a cluster is deleted. .. releasenotes/notes/fix-label-fixed_network_cidr-95d6a2571b58a8fc.yaml @ b'3b4288819808b37dd3bc2c63743ef40ba7a44a67' - Now the label `fixed_network_cidr` have been renamed with `fixed_subnet_cidr`. And it can be passed in and set correctly. .. releasenotes/notes/fix-serveraddressoutputmapping-for-private-clusters-73a874bb4827d568.yaml @ b'bb5805332a6c108f32cfa52e6fdac652830360a0' - Fix an issue with private clusters getting stuck in CREATE_IN_PROGRESS status where floating_ip_enabled=True in the cluster template but this is disabled when the cluster is created. .. releasenotes/notes/migrations-1.3.20-60e5f990422f2ca5.yaml @ b'93a47e762e320155529f9f66ea400e5f5b60009c' - Fixes database migrations with SQLAlchemy 1.3.20. .. releasenotes/notes/monitoring_scrape_ca_and_traefik-5544d8dd5ab7c234.yaml @ b'6191c93e924346c95e0155cda0493232d73d8def' - Prometheus server now scrape metrics from traefik proxy. Prometheus server now scrape metrics from cluster autoscaler. .. releasenotes/notes/monitoring_scrape_internal-6697e50f091b0c9c.yaml @ b'5ae48c26ddf02cfba5a583563fe64d61745bab79' - Scrape metrics from kube-{controller-manager,scheduler}. Disable PrometheusRule for etcd. .. releasenotes/notes/story-2008548-65a571ad15451937.yaml @ b'9a21fe750520f4a98e16f2f67df475ab7f334034' - Fixes an issue with cluster deletion if load balancers do not exist. See `story 2008548 ` for details. .. _magnum_10.0.0: 10.0.0 ====== .. _magnum_10.0.0_New Features: New Features ------------ .. releasenotes/notes/calico-configuration-label-ae0b43a7c7123f02.yaml @ b'355c71924b6883a52d0ef81284ff3d5a13e634ee' - Added calico_ipv4pool_ipip label for configuring calico network_driver IPIP Mode to use for the IPv4 POOL created at start up. Allowed_values: Always, CrossSubnet, Never, Off. .. releasenotes/notes/cinder-csi-enabled-label-ab2b8ade63c57cf3.yaml @ b'9565984fd90af340462d3b388e9137001da77133' - Add cinder_csi_enabled label to support out of tree Cinder CSI. .. releasenotes/notes/containerd-598761bb536af6ba.yaml @ b'de21e0431aa4785184d43b79525f610c9f07a4eb' - New labels to support containerd as a runtime. container_runtime The container runtime to use. Empty value means, use docker from the host. Since ussuri, apart from empty (host-docker), containerd is also an option. containerd_version The containerd version to use as released in https://github.com/containerd/containerd/releases and https://storage.googleapis.com/cri-containerd-release/ containerd_tarball_url Url with the tarball of containerd's binaries. containerd_tarball_sha256 sha256 of the tarball fetched with containerd_tarball_url or from https://storage.googleapis.com/cri-containerd-release/. .. releasenotes/notes/expose_traefik_metrics-aebbde99d4ecc231.yaml @ b'0732251db3c0f4bb403f9a0ac8f905ae736c7646' - Expose traefik prometheus metrics. .. releasenotes/notes/fedora_coreos-e66b44d86dea380f.yaml @ b'7da53fe3b89ec9bbf89824acfe32ce57f787037d' - Add fedora coreos driver. To deploy clusters with fedora coreos operators or users need to add os_distro=fedora-coreos to the image. The scripts to deploy kubernetes on top are the same with fedora atomic. Note that this driver has selinux enabled. .. releasenotes/notes/heapster-enabled-label-292ca1ddac68a156.yaml @ b'1ad4a9d0a014ae82fbc6219e1ff879ff57f3e142' - Added label heapster_enabled to control heapster installation in the cluster. .. releasenotes/notes/helm-install-metrics-service-e7a5459417504a75.yaml @ b'df52f9c9ea08b67158491583d47a8a10113de129' - Installs the metrics-server service that is replacing kubernetes deprecated heapster as a cluster wide metrics reporting service used by schedulling, HPA and others. This service is installed and configured using helm and so tiller_enabled flag must be True. The label metrics_server_chart_tag can be used to specify the stable/metrics-server chart tag to be used. The label metrics_server_enabled is used to enable disable the installation of the metrics server (default: true). .. releasenotes/notes/helm_client_label-1d6e70dfcf8ecd0d.yaml @ b'06659759f1213df23f1d456503b1dd2ea8e90963' - Added label helm_client_tag to allow user to specify helm client container version. .. releasenotes/notes/prometheus-adapter-15fba9d739676e70.yaml @ b'354575804f216fa24716a7f5256ceaf3241ba512' - Added custom.metrics.k8s.io API installer by means of stable/prometheus-adapter helm chart. The label prometheus_adapter_enabled (default: true) controls configuration. You can also use prometheus_adapter_chart_tag to select helm chart version, and prometheus_adapter_configmap if you would like to setup your own metrics (specifying this other than default overwrites default configurations). This feature requires the usage of label monitoring_enabled=true. .. releasenotes/notes/support-fedora-atomic-os-upgrade-9f47182b21c6c028.yaml @ b'09f85f37460e8de2002122e2ede469b0f55ce193' - Along with the kubernetes version upgrade support we just released, we're adding the support to upgrade the operating system of the k8s cluster (including master and worker nodes). It's an inplace upgrade leveraging the atomic/ostree upgrade capability. .. releasenotes/notes/support-post-install-file-1fe7afe7698dd7b2.yaml @ b'd61dd1d5b5507644f618713d7a270bf36987acb3' - A new config option `post_install_manifest_url` is added to support installing cloud provider/vendor specific manifest after booted the k8s cluster. It's an URL pointing to the manifest file. For example, cloud admin can set their specific storageclass into this file, then it will be automatically setup after created the cluster. .. releasenotes/notes/support-selinux-mode-5bd2a3ece23a2caa.yaml @ b'fd80e1989f74c4e63663f80b1518d0709621e78d' - Add selinux_mode label. By default, selinux_mode=permissive with Fedora Atomic driver and selinux_mode=enforcing with Fedora CoreOS. .. releasenotes/notes/support-sha256-verification-for-hyperkube-fb2292c6a8bb00ba.yaml @ b'a943756aeab2a6f54485da39be0d986660cd7db0' - Now the Fedora CoreOS driver can support the sha256 verification for the hyperkube image when bootstraping the Kubernetes cluster. .. releasenotes/notes/support-updating-k8s-cluster-health-via-api-b8a3cac3031c50a5.yaml @ b'63e80c31088206e75c2df8a2ffc9360d1a46acf2' - The original design of k8s cluster health status is allowing the health status being updated by Magnum control plane. However, it doesn't work when the cluster is private. Now Magnum supports updating the k8s cluster health status via the Magnum cluster update API so that a controller (e.g. magnum-auto-healer) running inside the k8s cluster can call the Magnum update API to update the cluster health status. .. releasenotes/notes/upgrade_api-1fecc206e5b0ef99.yaml @ b'0ac4db955f6a63a977bea6c2d8946fa46e14b6a2' - Cluster upgrade API supports upgrading specific nodegroups in kubernetes clusters. If a user chooses a default nodegroup to be upgraded, then both of the default nodegroups will be upgraded since they are in one stack. For non-default nodegroups users are allowed to use only the cluster template already set in the cluster. This means that the cluster (default nodegroups) has to be upgraded on the first hand. For now, the only label that is taken into consideration during upgrades is the kube_tag. All other labels are ignored. .. releasenotes/notes/use_podman-39532143be2296c2.yaml @ b'e731a7cb5e5a6fbb7099170607d801bae2f576ef' - Choose whether system containers etcd, kubernetes and the heat-agent will be installed with podman or atomic. This label is relevant for k8s_fedora drivers. k8s_fedora_atomic_v1 defaults to use_podman=false, meaning atomic will be used pulling containers from docker.io/openstackmagnum. use_podman=true is accepted as well, which will pull containers by k8s.gcr.io. k8s_fedora_coreos_v1 defaults and accepts only use_podman=true. Note that, to use kubernetes version greater or equal to v1.16.0 with the k8s_fedora_atomic_v1 driver, you need to set use_podman=true. This is necessary since v1.16 dropped the --containerized flag in kubelet. https://github.com/kubernetes/kubernetes/pull/80043/files .. _magnum_10.0.0_Known Issues: Known Issues ------------ .. releasenotes/notes/fedora_coreos-e66b44d86dea380f.yaml @ b'7da53fe3b89ec9bbf89824acfe32ce57f787037d' - The startup of the heat-container-agent uses a workaround to copy the SoftwareDeployment credentials to /var/lib/cloud/data/cfn-init-data. The fedora coreos driver requires heat train to support ignition. .. releasenotes/notes/support-docker-storage-driver-for-fedora-coreos-697ffcc47e7e8359.yaml @ b'0fab6a7089fe9e580dd9cf16bf59b5e5737488d5' - Now Fedora CoreOS driver can support using docker storage driver, only overlay2 is supported. .. _magnum_10.0.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/drop-py27-support-7e2c4300341f9719.yaml @ b'3d17c6eb4959e5ec1d07e0cc49bd042ae9a89dc0' - Python 2.7 support has been dropped. Last release magnum support py2.7 is OpenStack Train. The minimum version of Python now supported by magnum is Python 3.6. .. releasenotes/notes/fix-nginx-getting-oom-killed-76139fd8b57e6c15.yaml @ b'e75e28dcbf2c6281e175fbe05217712e8e879a01' - nginx-ingress-controller QoS changed from Guaranteed to Burstable. Priority class 'system-cluster-critical' or higher for nginx-ingress-controller. .. releasenotes/notes/k8s-dashboard-v2.0.0-771ce78b527209d3.yaml @ b'45563f37aeb62a7aaee68470f901780d976b9e05' - The default version of Kubernetes dashboard has been upgraded to v2.0.0 and metrics-server is supported by k8s dashboard now. .. releasenotes/notes/k8s-fcos-version-bumps-ca89507d2cf15384.yaml @ b'e8ef675a982ff1c856a0346f5be6b719dc18dbea' - Bump up default versions for fedora-coreos driver kube_tag: v1.18.2 autoscaler_tag: v1.18.1 cloud_provider_tag: v1.18.0 cinder_csi_plugin_tag: v1.18.0 k8s_keystone_auth_tag: v1.18.0 magnum_auto_healer_tag: v1.18.0 octavia_ingress_controller_tag: v1.18.0 .. releasenotes/notes/upgrade-calico-6912a6f4fb5c21de.yaml @ b'dd4b79263f37deaa56d551b1daaa82ab19867fd4' - The default Calico version has been upgraded from v3.3.6 to v3.13.1. Calico v3.3.6 is still a valid option. .. releasenotes/notes/upgrade-coredns-25f3879c3a658309.yaml @ b'9f5203bf5fa421a0ea278cd0afff7bec30013690' - The default CoreDNS version has been upgraded to 1.6.6 and now it can be schedule to master nodes. .. releasenotes/notes/upgrade-etcd-and-use-quay-io-coreos-etcd-1cb8e38e974f5975.yaml @ b'd3984dd4c2237b211a33230a5ab0fd2a782a0cf1' - Upgrade etcd to v3.4.6 and use quay.io/coreos/etcd since the tags on follow the same format as https://github.com/etcd-io/etcd/releases compared to k8s.gcr.io which modifies the canonical version tag. Users will need to pay attention to the format of etcd_tag, e.g. v3.4.5 is valid whereas 3.4.5 is not. Existing cluster templates and clusters which which use the latter will fail to complete. .. releasenotes/notes/upgrade-flannel-db5ef049e23fc4a8.yaml @ b'4a1c6eb17c3f473f851620e339366ca4337cfcee' - Upgrade flannel version to v0.12.0-amd64 for Fedora CoreOS driver. .. _magnum_10.0.0_Deprecation Notes: Deprecation Notes ----------------- .. releasenotes/notes/deprecate-heapster-7e8dea0bab06aa51.yaml @ b'05193caaa18353d53b9fc19c37ea7942cc9cd64a' - Heapster phased out in favor of metrics-server. Last openstack/magnum version to include heapster has standard version is magnum train. .. _magnum_10.0.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/fedora_coreos-e66b44d86dea380f.yaml @ b'7da53fe3b89ec9bbf89824acfe32ce57f787037d' - For k8s_coreos set REQUESTS_CA for heat-agent. The heat-agent as a python service needs to use the ca bundle of the host. .. releasenotes/notes/fix-cert-apimanager-527352622c5a9c3b.yaml @ b'1ecec95b8cea1001fa762f09ed3fa40fbb1b4bd8' - Fixed the usage of cert_manager_api=true making cluster creation fail due to a logic lock between kubemaster.yaml and kubecluster.yaml .. releasenotes/notes/fix-fedora-proxy-a4b8d5fc4ec65e80.yaml @ b'ad2ef4962c83a42692fb0662e4eac2484fd7cf83' - A regression issue about downloading images has been fixed. Now both Fedora Atomic driver and Fedora CoreOS driver can support using proxy in template to create cluster. .. releasenotes/notes/fix-nginx-getting-oom-killed-76139fd8b57e6c15.yaml @ b'e75e28dcbf2c6281e175fbe05217712e8e879a01' - nginx-ingress-controller requests.memory increased to 256MiB. This is a result of tests that showed the pod getting oom killed by the node on a relatively generic use case. .. releasenotes/notes/fix-proxy-of-grafana-script-8b408d9d103dfc06.yaml @ b'4346d776e5887af71e33748212bf4dcc2a220b66' - This proxy issue of Prometheus/Grafana script has been fixed. .. releasenotes/notes/improve-k8s-master-kubelet-taint-0c56ffede270116d.yaml @ b'076547e17044b00b6f08b539fadb04ca1a3ce4f5' - The taint of master node kubelet has been improved to get the conformance test (sonobuoy) passed. .. releasenotes/notes/k8s-volumes-az-fix-85ad48998d2c12aa.yaml @ b'a0e62df0935bbf4e65663c8ca8b732ee69495809' - In a multi availability zone (AZ) environment, if Nova doesn't support cross AZ volume mount, then the cluster creation may fail because Nova can not mount volume in different AZ. This issue only impact Fedora Atomic and Fedora CoreOS drivers. Now this issue is fixed by passing in the AZ info when creating volumes. .. releasenotes/notes/keystone-auth-repo-6970c05f44299326.yaml @ b'9910925da98f251dc9417dea8342cb0af54595d4' - k8s-keystone-auth now uses the upstream k8scloudprovider docker repo instead of the openstackmagnum repo. .. releasenotes/notes/kubelet-nfs-b51e572adfb56378.yaml @ b'1ea8db948ccd55eb5b1ceb76944a778fd81a4b16' - For fcos-kubelet, add rpc-statd dependency. To mount nfs volumes with the embedded volume pkg [0], rpc-statd is required and should be started by mount.nfs. When running kubelet in a chroot this fails. With atomic containers it used to work. [0] https://github.com/kubernetes/kubernetes/tree/master/pkg/volume/nfs .. releasenotes/notes/missing-ip-in-api-address-c25eef757d5336aa.yaml @ b'c2f4b9b56edba934b70f14c2ad70272d1af21e44' - There was a corner case that when floating_ip_enabled=False, master_lb_enabled=True,master_lb_floating_ip_enabled=False in cluster template, but setting floating_ip_enabled=True when creating the cluster, which causes missing IP address in the api_address of cluster. Now the isssue has been fixed. .. releasenotes/notes/nodegroup-limit-89930d45ee06c621.yaml @ b'82d71cd8d0aa663fc348f90fb5766f804fb2122f' - Fixes the next url in the list nodegroups API response. .. releasenotes/notes/prometheus-operator-compatible-with-k8s-1-16-f8be99cf527075b8.yaml @ b'4eff195cc0e0f99de8a043aab8ea2bc2294c45aa' - Bump up prometheus operator chart version to 8.2.2 so that it is compatible with k8s 1.16.x. .. releasenotes/notes/traefik-compatible-with-k8s-1-16-9a9ef6d3ccc92fb4.yaml @ b'a14d0cc04efccea7d744db23e18684e77c4e5e58' - Bump up traefik to 1.7.19 for compatibility with Kubernetes 1.16.x. .. releasenotes/notes/use_podman-39532143be2296c2.yaml @ b'e731a7cb5e5a6fbb7099170607d801bae2f576ef' - core-podman Mount os-release properly To display the node OS-IMAGE in k8s properly we need to mount /usr/lib/os-release, /ets/os-release is just a symlink. .. _magnum_11.2.0: 11.2.0 ====== .. _magnum_11.2.0_New Features: New Features ------------ .. releasenotes/notes/hyperkube-prefix-01b9a5f4664edc90.yaml @ b'1bddba7d34a26dcb7fa1b205a92a8d14c6d3a16e' - Support `hyperkube_prefix` label which defaults to k8s.gcr.io/. Users now have the option to define alternative hyperkube image source since the default source has discontinued publication of hyperkube images for `kube_tag` greater than 1.18.x. Note that if `container_infra_prefix` label is define, it still takes precedence over this label. .. _magnum_11.1.0: 11.1.0 ====== .. _magnum_11.1.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/default-admission-controller-04398548cf63597c.yaml @ b'3360b8d82f497650b644756d9a75191046f8958f' - Now the default admission controller list is updated by as "NodeRestriction, PodSecurityPolicy, NamespaceLifecycle, LimitRanger, ServiceAccount, ResourceQuota, TaintNodesByCondition, Priority, DefaultTolerationSeconds, DefaultStorageClass, StorageObjectInUseProtection, PersistentVolumeClaimResize, MutatingAdmissionWebhook, ValidatingAdmissionWebhook, RuntimeClass" .. releasenotes/notes/update-containerd-version-url-c095c0ee3c1a538b.yaml @ b'90f89276a071cf363c9623305d2e78483e168ebf' - The default containerd version is updated with 1.4.3. .. _magnum_11.1.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/ensure-delete-complete-2f9bb53616e1e02b.yaml @ b'3ced2fa8cf85c63e27c9615bb2cdd0d4f6915281' - Fixes a regression which left behind trustee user accounts and certificates when a cluster is deleted. .. releasenotes/notes/migrations-1.3.20-60e5f990422f2ca5.yaml @ b'210984fa264af876201b0099a8b7153fa09c5856' - Fixes database migrations with SQLAlchemy 1.3.20. .. releasenotes/notes/story-2008548-65a571ad15451937.yaml @ b'9621d8e43df068ac88be7f653cadaea0ac7f89b7' - Fixes an issue with cluster deletion if load balancers do not exist. See `story 2008548 ` for details. .. _magnum_11.0.0: 11.0.0 ====== .. _magnum_11.0.0_New Features: New Features ------------ .. releasenotes/notes/add-master_lb_enabled-to-cluster-c773fac9086b2531.yaml @ b'946c1d67c73a1b325dadd27018c38555acfee52f' - Users can enable or disable master_lb_enabled when creating a cluster. .. releasenotes/notes/configurable-k8s-health-polling-interval-75bb83b4701d48c5.yaml @ b'8e9df14d2773a16c21d2c7c52e3e9d40dd0f84df' - The default 10 seconds health polling interval is too frequent for most of the cases. Now it has been changed to 60s. A new config `health_polling_interval` is supported to make the interval configurable. Cloud admin can totally disable the health polling by set a negative value for the config. .. releasenotes/notes/expose_autoscaler_metrics-0ea9c61660409efe.yaml @ b'4cb8837d21752fc9eb24cb028bd647f6a00b225f' - Expose autoscaler prometheus metrics on pod port metrics (8085). .. releasenotes/notes/master-lb-allowed-cidrs-cc599da4eb96e983.yaml @ b'3b87c5cc6f7aaca40089b74d1ea1c4d6eaa91bb5' - Add a new label named `master_lb_allowed_cidrs` to control the IP ranges which can access the k8s API and etcd load balancers of master. To get this feature, the minimum version of Heat is stable/ussuri and minimum version of Octavia is stable/train. .. releasenotes/notes/merge-labels-9ba7deffc5bb3c7f.yaml @ b'61648f7c7ce0b001cfd1a43525a3a96ab8549ec5' - A new boolean flag is introduced in the CLuster and Nodegroup create API calls. Using this flag, users can override label values when clusters or nodegroups are created without having to specify all the inherited values. To do that, users have to specify the labels with their new values and use the flag --merge-labels. At the same time, three new fields are added in the cluster and nodegroup show outputs, showing the differences between the actual and the iherited labels. .. releasenotes/notes/pre-delete-all-loadbalancers-350a69ec787e11ea.yaml @ b'33cc92efe23057aad30ec167364e2930faef82a2' - Magnum now cascade deletes all the load balancers before deleting the cluster, not only including load balancers for the cluster services and ingresses, but also those for Kubernetes API/etcd endpoints. .. releasenotes/notes/support-helm-v3-5c68eca89fc9446b.yaml @ b'a79f8f52f9185fb4f9dd79bd32bb11ee3473f3c7' - Support Helm v3 client to install helm charts. To use this feature, users will need to use helm_client_tag>=v3.0.0 (default helm_client_tag=v3.2.1). All the existing chart used to depend on Helm v2, e.g. nginx ingress controller, metrics server, prometheus operator and prometheus adapter are now also installable using v3 client. Also introduce helm_client_sha256 and helm_client_url that users can specify to install non-default helm client version (https://github.com/helm/helm/releases). .. releasenotes/notes/support-rotate-ca-certs-913a6ef1b571733c.yaml @ b'8020391e4afdda59168339ce85c697be7481729b' - Kubernetes cluster owner can now do CA cert rotate to re-generate CA of the cluster, service account keys and the certs of all nodes will be regenerated as well. Cluster user needs to get a new kubeconfig to access kubernetes API. This function is only supported by Fedora CoreOS driver. .. releasenotes/notes/support-upgrade-on-behalf-of-user-c04994831360f8c1.yaml @ b'2cb23153bdf3e31dd88cd271e650afb11af09d94' - Cloud admin user now can do rolling upgrade on behalf of end user so as to do urgent security patching when it's necessary. .. releasenotes/notes/update_prometheus_monitoring-342a86f826be6579.yaml @ b'62a4b8ba09861d02f271c3ebbefe167fcd515c14' - Add to prometheus federation exported metrics the cluster_uuid label. .. _magnum_11.0.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/configurable-k8s-health-polling-interval-75bb83b4701d48c5.yaml @ b'8e9df14d2773a16c21d2c7c52e3e9d40dd0f84df' - If it's still preferred to have 10s health polling interval for Kubernetes cluster. It can be set by config `health_polling_interval` under `kubernetes` section. .. releasenotes/notes/deprecate-in-tree-cinder-c781a5c160d45ab6.yaml @ b'3179921f0cdac0330307b200a2309b1670fe7b1e' - Label cinder_csi_enabled defaults to True from V cycle. .. releasenotes/notes/k8s-dashboard-v2.0.0-771ce78b527209d3.yaml @ b'b4965416b145c741fa344110ae27a2536458135c' - The default version of Kubernetes dashboard has been upgraded to v2.0.0 and metrics-server is supported by k8s dashboard now. .. releasenotes/notes/support-helm-v3-5c68eca89fc9446b.yaml @ b'a79f8f52f9185fb4f9dd79bd32bb11ee3473f3c7' - Default tiller_tag is set to v2.16.7. The charts remain compatible but helm_client_tag will also need to be set to the same value as tiller_tag, i.e. v2.16.7. In this case, the user will also need to provide helm_client_sha256 for the helm client binary intended for use. .. releasenotes/notes/update_prometheus_monitoring-342a86f826be6579.yaml @ b'62a4b8ba09861d02f271c3ebbefe167fcd515c14' - Bumped prometheus-operator chart tag to 8.12.13. Added container_infra_prefix to missing prometheusOperator images. .. _magnum_11.0.0_Deprecation Notes: Deprecation Notes ----------------- .. releasenotes/notes/deprecate-in-tree-cinder-c781a5c160d45ab6.yaml @ b'3179921f0cdac0330307b200a2309b1670fe7b1e' - Deprecate in-tree Cinder volume driver for removal in X cycle in favour of out-of-tree Cinder CSI plugin. .. releasenotes/notes/devicemapper-deprecation-46a59adbf131bde1.yaml @ b'63436a94afe2494381160258ed6dfcfc335be663' - The devicemapper and overlay storage driver is deprecated in favor of overlay2 in docker, and will be removed in a future release from docker. Users of the devicemapper and overlay storage driver are recommended to migrate to a different storage driver, such as overlay2. overlay2 will be set as the default storage driver from Victoria cycle. .. releasenotes/notes/support-helm-v3-5c68eca89fc9446b.yaml @ b'a79f8f52f9185fb4f9dd79bd32bb11ee3473f3c7' - Support for Helm v2 client will be removed in X release. .. _magnum_11.0.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/Deploy-traefik-from-the-heat-agent-0bb32f0f2c97405d.yaml @ b'3e7924ffda45a1d750700ff1e86019359f90870c' - Deploy traefik from the heat-agent Use kubectl from the heat agent to apply the traefik deployment. Current behaviour was to create a systemd unit to send the manifests to the API. This way we will have only one way for applying manifests to the API. This change is triggered to adddress the kubectl change [0] that is not using 127.0.0.1:8080 as the default kubernetes API. [0] https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.18.md#kubectl .. releasenotes/notes/default-ng-worker-node-count-a88911a0b7a760a7.yaml @ b'55fd12a47caba23db96a34a8a8ee603cae12f841' - Fixes an edge case where when a cluster with additional nodegroups is patched with health_status and health_status_reason, it was leading to the default-worker nodegroup being resized. .. releasenotes/notes/fix-label-fixed_network_cidr-95d6a2571b58a8fc.yaml @ b'001b9c61019841a4a8755118f45be02b69daf673' - Now the label `fixed_network_cidr` have been renamed with `fixed_subnet_cidr`. And it can be passed in and set correctly. .. releasenotes/notes/fix-serveraddressoutputmapping-for-private-clusters-73a874bb4827d568.yaml @ b'0e58e267d1eb0acd55d943e0abd208bf41377285' - Fix an issue with private clusters getting stuck in CREATE_IN_PROGRESS status where floating_ip_enabled=True in the cluster template but this is disabled when the cluster is created. .. releasenotes/notes/missing-ip-in-api-address-c25eef757d5336aa.yaml @ b'5dfb0d94c026a64c774b8363790002cdc15684fc' - There was a corner case that when floating_ip_enabled=False, master_lb_enabled=True,master_lb_floating_ip_enabled=False in cluster template, but setting floating_ip_enabled=True when creating the cluster, which causes missing IP address in the api_address of cluster. Now the isssue has been fixed. .. releasenotes/notes/monitoring_scrape_ca_and_traefik-5544d8dd5ab7c234.yaml @ b'2ca71f4bc99c281721145318722520433424fec2' - Prometheus server now scrape metrics from traefik proxy. Prometheus server now scrape metrics from cluster autoscaler. .. releasenotes/notes/monitoring_scrape_internal-6697e50f091b0c9c.yaml @ b'7ab504d1e2a0bf06d49d51bbef8853fd3f013743' - Scrape metrics from kube-{controller-manager,scheduler}. Disable PrometheusRule for etcd. .. _magnum_12.1.0: 12.1.0 ====== .. _magnum_12.1.0_New Features: New Features ------------ .. releasenotes/notes/hyperkube-prefix-01b9a5f4664edc90.yaml @ b'1ef305f4f663ad3d14c3ac6498188a0f6d51a346' - Support `hyperkube_prefix` label which defaults to k8s.gcr.io/. Users now have the option to define alternative hyperkube image source since the default source has discontinued publication of hyperkube images for `kube_tag` greater than 1.18.x. Note that if `container_infra_prefix` label is define, it still takes precedence over this label. .. _magnum_12.0.0: 12.0.0 ====== .. _magnum_12.0.0_New Features: New Features ------------ .. releasenotes/notes/add_cluster_template_observations_db_and_api_objects-d7350c8193da9470.yaml @ b'332e2b6fe4069b5348d62273819f16492d1567e0' - When creating a cluster template the administrator can use --tags argument to add any information that he considers important. The received text is a comma separated list with the pretended tags. This information is also shown when the user lists all the available cluster templates. .. releasenotes/notes/allow-empty-node_groups-ec16898bfc82aec0.yaml @ b'f46923cc5ea74da663640bb0c470a4b1039c777e' - Clusters can now be created with empty nodegroups. Existing nodegroups can be set to node_count = 0. min_node_count defaults to 0. This is usefull for HA or special hardware clusters with multiple nodegroups managed by the cluster auto-scaller. .. releasenotes/notes/altered_grafanaUI_dashboards_persistency-1106b2e259a769b0.yaml @ b'aec5d469bea83312a4886f88603945407a7f166e' - Add persistency for grafana UI altered dashboards. To enable this use monitoring_storage_class_name label. It is recommended that dashboards be persisted by other means, mainly by using kubernetes configMaps. More info [0]. [0] https://github.com/helm/charts/tree/master/stable/grafana#sidecar-for-dashboards .. releasenotes/notes/configure_monitoring_app_endpoints-f00600c244a76cf4.yaml @ b'ea64468ab31b493191e9419f10542810a9ba7b4d' - Added monitoring_ingress_enabled magnum label to set up ingress with path based routing for all the configured services {alertmanager,grafana,prometheus}. When using this, cluster_root_domain_name magnum label must be used to setup base path where this services are available. Added cluster_basic_auth_secret magnum label to configure basic auth on unprotected services {alertmanager and prometheus}. This is only in effect when app access is routed by ingress. .. releasenotes/notes/monitoring_persistent_storage-c5857fc099bd2f65.yaml @ b'37497ccf5b3b92b6b5186f46fb8a059360824318' - Added metrics_retention_days magnum label allowing user to specify prometheus server scraped metrics retention days (default: 14). Added metrics_retention_size_gi magnum label allowing user to specify prometheus server metrics storage maximum size in Gi (default: 14). Added metrics_interval_seconds allowing user to specify prometheus scrape frequency in seconds (default: 30). Added metrics_storage_class_name allowing user to specify the storageClass to use as external retention for pod fail-over data persistency. .. _magnum_12.0.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/add_cluster_template_observations_db_and_api_objects-d7350c8193da9470.yaml @ b'332e2b6fe4069b5348d62273819f16492d1567e0' - A new column was added to the cluster_templates DB table. .. releasenotes/notes/configure_monitoring_app_endpoints-f00600c244a76cf4.yaml @ b'ea64468ab31b493191e9419f10542810a9ba7b4d' - Configured {alertmanager,grafana,prometheus} services logFormat to json to enable easier machine log parsing. .. releasenotes/notes/default-admission-controller-04398548cf63597c.yaml @ b'fade2451705b915c2625ae006d28d92eddbba27e' - Now the default admission controller list is updated by as "NodeRestriction, PodSecurityPolicy, NamespaceLifecycle, LimitRanger, ServiceAccount, ResourceQuota, TaintNodesByCondition, Priority, DefaultTolerationSeconds, DefaultStorageClass, StorageObjectInUseProtection, PersistentVolumeClaimResize, MutatingAdmissionWebhook, ValidatingAdmissionWebhook, RuntimeClass" .. releasenotes/notes/deprecate-json-formatted-policy-file-b52d805359bc73b7.yaml @ b'3b7a33eb640b5164c05be81be9ee08a4f0b87196' - The default value of ``[oslo_policy] policy_file`` config option has been changed from ``policy.json`` to ``policy.yaml``. Operators who are utilizing customized or previously generated static policy JSON files (which are not needed by default), should generate new policy files or convert them in YAML format. Use the `oslopolicy-convert-json-to-yaml `_ tool to convert a JSON to YAML formatted policy file in backward compatible way. .. releasenotes/notes/update-containerd-version-url-c095c0ee3c1a538b.yaml @ b'8bdf0e76c63c4aa44394f7bd71483d843bccb22c' - The default containerd version is updated with 1.4.3. .. _magnum_12.0.0_Deprecation Notes: Deprecation Notes ----------------- .. releasenotes/notes/deprecate-json-formatted-policy-file-b52d805359bc73b7.yaml @ b'3b7a33eb640b5164c05be81be9ee08a4f0b87196' - Use of JSON policy files was deprecated by the ``oslo.policy`` library during the Victoria development cycle. As a result, this deprecation is being noted in the Wallaby cycle with an anticipated future removal of support by ``oslo.policy``. As such operators will need to convert to YAML policy files. Please see the upgrade notes for details on migration of any custom policy files. .. _magnum_12.0.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/ensure-delete-complete-2f9bb53616e1e02b.yaml @ b'1cdc0628a28da32ef52324244a4c97b0794c2542' - Fixes a regression which left behind trustee user accounts and certificates when a cluster is deleted. .. releasenotes/notes/migrations-1.3.20-60e5f990422f2ca5.yaml @ b'f5cf6b958c20e560d2baff3fb21adcb4ce4a3aa4' - Fixes database migrations with SQLAlchemy 1.3.20. .. releasenotes/notes/story-2008548-65a571ad15451937.yaml @ b'8018bf9124a17bc386ee06cc0a4ea9c36c3bbb55' - Fixes an issue with cluster deletion if load balancers do not exist. See `story 2008548 ` for details. .. _magnum_13.1.0: 13.1.0 ====== .. _magnum_13.1.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/fix-volume-api-version-908c3f1cf154b231.yaml @ b'3b95debcb3afbe63f31ca40e0a58d25a29e1a5e0' - Default value of ``[cinder_client] api_version`` has been updated from ``2`` to ``3``, because volume v2 API is no longer available. .. _magnum_13.0.0: 13.0.0 ====== .. _magnum_13.0.0_New Features: New Features ------------ .. releasenotes/notes/hyperkube-prefix-01b9a5f4664edc90.yaml @ b'fc1f27a569b068c2e889f86073c10a994c607bf1' - Support `hyperkube_prefix` label which defaults to k8s.gcr.io/. Users now have the option to define alternative hyperkube image source since the default source has discontinued publication of hyperkube images for `kube_tag` greater than 1.18.x. Note that if `container_infra_prefix` label is define, it still takes precedence over this label. .. _magnum_13.0.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/update-traefik-min-tls-protocol-de7e36de90c1a2f3.yaml @ b'b4016783d5713d4260c0d5f089bf8d5202b34b19' - Upgrade traefik version to v1.7.28 .. _magnum_13.0.0_Security Issues: Security Issues --------------- .. releasenotes/notes/update-traefik-min-tls-protocol-de7e36de90c1a2f3.yaml @ b'b4016783d5713d4260c0d5f089bf8d5202b34b19' - Force traefik https port connections to use TLSv1.2 or greater .. _magnum_14.0.0: 14.0.0 ====== .. _magnum_14.0.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/calico-3.21.2-193c895134e9c3c1.yaml @ b'9643abc9aeca6584f1dd3aa36e96310dac038fb5' - Upgrade to calico_tag=v3.21.2. Additionally, use fixed subnet CIDR for IP_AUTODETECTION_METHOD supported from v3.16.x onwards. .. releasenotes/notes/ingress-ngnix-de3c70ca48552833.yaml @ b'526ecb865adde03f64f90274f3e949accee2f9fa' - Upgrade of ingress controler. Chart name nginx-ingress has been changed to ingress-nginx. Chart repository also has been changed. More details about why this change take place can be found in github repository https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx .. _magnum_14.0.0_Deprecation Notes: Deprecation Notes ----------------- .. releasenotes/notes/disable-mesos-from-api-0087ef02ba0477df.yaml @ b'ab1ebed7f47a63d0bbecd9c409127c6e35066ce2' - Remove mesos from the API. This means new clusters of coe type 'mesos' cannot be created. The mesos driver will be removed in the next release. .. _magnum_14.0.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/fix-volume-api-version-908c3f1cf154b231.yaml @ b'3ae0f65bbb70f0345aced73e40bb293d0e44eade' - Default value of ``[cinder_client] api_version`` has been updated from ``2`` to ``3``, because volume v2 API is no longer available. .. _magnum_15.0.0: 15.0.0 ====== .. _magnum_15.0.0_New Features: New Features ------------ .. releasenotes/notes/lb-algorithm-36a15eb21fd5c4b1.yaml @ b'5af49aa2fac601569faa38f42b46f988b8059a82' - Added support for choosing Octavia LB algorithm by using ``octavia_lb_algorithm`` tag. .. releasenotes/notes/octavia-provider-3984ee3bf381ced1.yaml @ b'5af49aa2fac601569faa38f42b46f988b8059a82' - Added support for choosing Octavia provider driver by using ``octavia_provider`` tag. .. _magnum_16.0.1: 16.0.1 ====== .. _magnum_16.0.1_Deprecation Notes: Deprecation Notes ----------------- .. releasenotes/notes/deprecate-docker-swarm-b506a766b91fe98e.yaml @ b'a4d8145f8871e1da6885e6cea4f9cb3c41767434' - Deprecate the Docker Swarm COE ('swarm' and 'swarm-mode'). Docker Swarm relies on Fedora Atomic OS which has been EOL. Users are encourged to use the 'kubernetes' COE as it is better supported. .. _magnum_16.0.0: 16.0.0 ====== .. _magnum_16.0.0_Other Notes: Other Notes ----------- .. releasenotes/notes/drop_mesos-DzAlnyYHjbQC6IfMq.yaml @ b'6e8657912c40fc56c243f1c300e36c629ce6b6c0' - We are dropping mesos for the lack of support/test and no usage from the community. .. _magnum_17.0.0: 17.0.0 ====== .. _magnum_17.0.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/allow_admin_perform_acitons-cc988655bb72b3f3.yaml @ b'74897768e30995d8b5806e8688b8d3907733ccca' - To make sure better have backward compatibility, we set specific rule to allow admin perform all actions. This will apply on part of APIs in * Cluster * Cluster Template * federation .. releasenotes/notes/enable-enforce-scope-and-new-defaults-7e6e503f74283071.yaml @ b'5971243169c5df863ebe81cff7ebd07f190b840a' - The Magnum service now allows enables policies (RBAC) new defaults and scope checks. These are controlled by the following (default) config options in ``magnum.conf`` file:: [oslo_policy] enforce_new_defaults=False enforce_scope=False We will change the default to True in 2024.1 (Caracal) cycle. If you want to enable them then modify both values to True. .. _magnum_17.0.0_Deprecation Notes: Deprecation Notes ----------------- .. releasenotes/notes/deprecate-coreos-8240e173af9fd931.yaml @ b'098d78a023e96012f1a7dc0729ccc0322541539d' - Deprecate the use of os_distro 'coreos' with COE 'kubernetes'. CoreOS (not Fedora CoreOS) has been EOL since 2020-05-26. Users using COE 'kubernetes' are encouraged to migrate to Fedora CoreOS and the 'fedora-coreos' driver. 'coreos' driver will be removed in a future Magnum verison. .. releasenotes/notes/deprecate-docker-swarm-b506a766b91fe98e.yaml @ b'71ede8257cd4e8baad0362870856c898cb42a33b' - Deprecate the Docker Swarm COE ('swarm' and 'swarm-mode'). Docker Swarm relies on Fedora Atomic OS which has been EOL. Users are encourged to use the 'kubernetes' COE as it is better supported. .. releasenotes/notes/deprecate-k8s-fedora-ironic-f806cbdb090431e2.yaml @ b'05d9dd5cd1db8b0cee36ef92ad882b767b859f31' - Due to the lack of maintainers for the Fedora Kubernetes Ironic driver, it has been deprecated. Users are encouraged to use the Fedora CoreOS Kubernetes VM driver to create their Kubernetes clusters. .. releasenotes/notes/remove-podsecuritypolicy-5851f4009f1a166c.yaml @ b'1b1c2122f04d3aa03929a2e3af6cd62a219c1d6c' - PodSecurityPolicy has been removed in Kubernetes v1.25 [1]. To allow Magnum to support Kubernetes v1.25 and above, PodSecurityPolicy Admission Controller has has been removed. This means that there is a behaviour change in Cluster Templates created after this change, where new Clusters with such Cluster Templates will not have PodSecurityPolicy. Please be aware of the subsequent impact on Helm Charts, etc. [1] https://kubernetes.io/docs/concepts/security/pod-security-policy/ .. _magnum_17.0.0_Bug Fixes: Bug Fixes --------- .. releasenotes/notes/fix-driver-token-scope-a2c2b4b4ef813ec7.yaml @ b'4bca51b72e610f178699ea327712e7027b8affa3' - We have corrected the authentication scope in Magnum drivers when authenticating to create certs, so that trusts can work properly. This will change the authenticated user from trustee to trustor (as trusts designed for). This change affects all drivers that inherit from common Magnum drivers (Heat drivers). If you have custom policies that checks for trustee user, you will need to update them to trustor. .. releasenotes/notes/update-certificate-api-policy-rules-027c80f2c9ff4598.yaml @ b'0ff50c542eab2aeeb3951d1f12dab11374f17dee' - Remove checking cluster user from rules in default policy for Certificate APIs to reflect recent fixes (https://review.opendev.org/c/openstack/magnum/+/889144). .. _magnum_18.0.0: 18.0.0 ====== .. _magnum_18.0.0_New Features: New Features ------------ .. releasenotes/notes/add-cilium-network-driver-8715190b14cb4f89.yaml @ b'9c31886a809ed08392452eb9439d4d76f88834da' - Add Cilium as a supported network driver of Kubernetes .. releasenotes/notes/improve-driver-discovery-df61e03c8749a34d.yaml @ b'8a30ad3462521df0c21321691c163552896a14b2' - Add a feature to prevent drivers clashing when multiple drivers are able to provide the same functionality. Drivers used to be selected based on a tuple of (server_type, os, coe). This can be a problem if multiple drivers provides the same functionality, e.g. a tuple like (vm, ubuntu, kubernetes). To allow for this, it is now possible to explicitly specify a driver name, instead of relying on the lookup. The driver name is the same as the entrypoint name, and can be specified by a Cluster Template through the Glance image property "magnum_driver". .. _magnum_18.0.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/drop-calico-v3-3-7d47eb04fcb392dc.yaml @ b'fde7f8e73ab7928a18027cd8edd041d7d0b50248' - Support for deploying ``Calico v3.3`` has been dropped. .. releasenotes/notes/drop-fedora-atomic-driver-76da9f0ea0cf20bb.yaml @ b'ed699b0c9af7564225f6b0cc446e43d892fca7c2' - ``k8s_fedora_atomic_v1`` driver has been dropped. .. releasenotes/notes/drop-k8s-coreos-9604dd23b0e884b6.yaml @ b'5c0c27807ac6fcf0d6b2b61aa8ecaf55c6f0f631' - ``k8s_coreos_v1`` driver has been dropped. .. releasenotes/notes/drop-k8s-fedora-ironic-6c9750a0913435e2.yaml @ b'fa5aa8f6252fd985f977c7d22beae4eceada7fee' - ``k8s_fedora_ironic_v1`` driver has been dropped. .. releasenotes/notes/drop-tiller-5b98862961003df8.yaml @ b'e3aaa89376c2b405d74c91995888c6370b25dc51' - ``Tiller`` support has been dropped, following labels are not functional anymore: * ``tiller_enabled`` * ``tiller_tag`` * ``tiller_namespace`` .. releasenotes/notes/drop_swarm_driver-3a2e1927053cf372.yaml @ b'bc79012f4645b793ae42b9e7fdb2ed841534541f' - Dropped swarm drivers, Docker Swarm is not supported in Magnum anymore. .. releasenotes/notes/enable-enforce-scope-and-new-defaults-572730ea8804a843.yaml @ b'a48df816cbf902a71508df64941587b11fe6f84a' - The Magnum service enable the API policies (RBAC) new defaults and scope by default. The Default value of config options ``[oslo_policy] enforce_scope`` and ``[oslo_policy] enforce_new_defaults`` have been changed to ``True``. This means if you are using system scope token to access Magnum API then the request will be failed with 403 error code. Also, new defaults will be enforced by default. To know about the new defaults of each policy rule, refer to the `Policy New Defaults Sample File`_. If you want to disable them then modify the below config options value in ``magnum.conf`` file:: [oslo_policy] enforce_new_defaults=False enforce_scope=False .. _`Policy New Defaults Sample File`: https://docs.openstack.org/magnum/latest/configuration/samples/policy-yaml.html .. releasenotes/notes/update-cloud-provider-openstack-repo-e6209ce2e3986e12.yaml @ b'a41c8844635f02500e7c20f358ea24fb47de288a' - The registry for cloud-provider-openstack has been updated from `docker.io/k8scloudprovider` to `registry.k8s.io/provider-os/`. .. _magnum_18.0.0_Deprecation Notes: Deprecation Notes ----------------- .. releasenotes/notes/upgrade-api-heat-removal-300f15d863515257.yaml @ b'2fd3059f3885ff4a14f7f0141016196062b4c0b1' - Remove support for cluster upgrades with the Heat driver. The Heat driver can longer support cluster upgrades due to these being unreliable and untested. The action now returns an HTTP 500 error. A Cluster API driver provides a way forward for Magnum to support this api action again for Kubernetes. In the meantime blue/green deployments, where a replacement cluster is created, remain a viable alternative to cluster upgrades. .. _magnum_18.0.0_Critical Issues: Critical Issues --------------- .. releasenotes/notes/update-cloud-provider-openstack-repo-e6209ce2e3986e12.yaml @ b'a41c8844635f02500e7c20f358ea24fb47de288a' - Magnum Core Team has historically limit changing of defaults in labels. This is because existing Cluster Templates in a deployment falls back to using the defaults in code if a specific label is not specified. If defaults change, an existing deployment's Cluster Templates may stop working after a Magnum upgrade. Magnum will now no longer keep image tag labels (e.g. cloud_provider_tag, flannel_tag) static. Please specify explicitly all image tags for the images your Cluster Templates will be using, to prevent a future change breaking your Cluster Templates. Refer to the documentation under 'Supported Labels' for a list of labels Magnum is tested with. .. _magnum_19.0.0: 19.0.0 ====== .. _magnum_19.0.0_New Features: New Features ------------ .. releasenotes/notes/control-plane-taint-c6194f968f0817e8.yaml @ b'f9e13270eee987c076952e286a99a09c8e32f6af' - Adds initial support for Kubernetes v1.28 .. _magnum_19.0.0_Upgrade Notes: Upgrade Notes ------------- .. releasenotes/notes/control-plane-taint-c6194f968f0817e8.yaml @ b'f9e13270eee987c076952e286a99a09c8e32f6af' - The taint for control plane nodes have been updated from 'node-role.kubernetes.io/master' to 'node-role.kubernetes.io/control-plane', in line with upstream. Starting from v1.28, the old taint no longer passes conformance. New clusters from existing cluster templates will have this change. Existing clusters are not affected. This will be a breaking change for Kubernetes