Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rebase from upstream master #526

Merged
merged 57 commits into from Jun 16, 2021

Conversation

dulek
Copy link
Contributor

@dulek dulek commented Jun 16, 2021

No description provided.

TabbieD and others added 30 commits April 8, 2021 08:16
This patch enables the tempest test that checks that listener timeout
value is configurable.

Depends-On: https://review.opendev.org/c/openstack/kuryr-tempest-plugin/+/783966
Implements: blueprint configure-lb-listeners-timeout
Change-Id: Ie2f6ec8b193e5a90216f3ff925188ad367826e4c
For OVN Ocatvia provider we need to include service subnet as well,
otherwise we will end up in no connectivity to services from pods where
network policy which define egress to all namespaces was applied.

Change-Id: Ic1d1803c178a9b8375f2a08e021f0a046fd7ff02
Related-Bug: 1915008
This patch is fixing the bug in which was problem after the status
field is deleted, kuryr-controller is crashing because of it.
So we need to check if status field is missing and add it to the
crd.
Also I add there fixes of another parts of code where probably
in the future could be similar problem is some parts of the CRD
would be missing.

Closes-Bug: #1921109
Change-Id: Ib195aa4389e310354f163d3ba474eddea18c4f51
This is not the proper way of informing user that Octavia returns 503,
we should have a nice message or we'll start getting bug reports on us

Closes-bug: 1918708

Change-Id: I871c3998edb5b1d594067b60e908c453ad122dde
pyroute2 has a curious way of reporting details of RuntimeError raised
when an IPDB transaction fails - it just sets the .debug property of the
exception to a dictionary containing additional info. This is not
printed by default, meaning that we end up with ambiguous RuntimeError
in the logs when anything wrong happens.

This commit improves this by making sure we print traceback included in
that additional info.

Change-Id: Id86a96a662c071533e187fa1b6d87783a844086a
This commit migrates kuryr_cni to use go mod and updates its Dockerfile.

Closes-Bug: #1922235
Change-Id: If8b7c0350c0dcfd3de2735aff2efe9c86bbd4e58
The Neutron community is planning on switching the default network
backend in DevStack to OVN soon and to avoid any gate breakages we need
to explicitly enable ML2/OVS where it makes sense.

This patch is enabling ML2/OVS for the non-OVN jobs in the gate. Prior
to this patch the job were enabling the ML2/OVS services such as q-agt
and q-dhcp but it wasn't setting other required options (e.g Q_AGENT).

Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
Change-Id: Iae420403d3d84325830bded8633b2a29430b36bb
Whenever a CNI container image is generated, in CNI pod logs there were deprication warning which should be removed.

Closes-bug: 1918709

Change-Id: I4d8db9eb021d33b79a5ff688c91ba0df6cae938a
It is unnecessary to use list, set, dict around a generator expression
to get object of that type, since there are comprehensions for these types.

Change-Id: I11b9b87faacba4321ef54a48edd7f13df18e1df7
Import alias is same as original package, so making the alias unnecessary.

Change-Id: I94c23131ee96447be133e33dbda4b443c19d681a
Change-Id: I54e9f18f45b59c3ff6f3cc40e549ab9fd91d4391
Change-Id: Id899688aee86873d3a38638031592ea3e492b2d5
Setuptools v54.1.0 introduces a warning that the use of dash-separated
options in 'setup.cfg' will not be supported in a future version [1].
Get ahead of the issue by replacing the dashes with underscores. Without
this, we see 'UserWarning' messages like the following on new enough
versions of setuptools:

  UserWarning: Usage of dash-separated 'description-file' will not be
  supported in future versions. Please use the underscore name
  'description_file' instead

[1] pypa/setuptools@a2e9ae4cb

Change-Id: I40c3d36df3f7b2db683d226f5fb9edf08d2c27c8
In case of hairpin LB traffic (member of the LB calls the LB and the
request is directed back to the same member) OVN replaces the source-ip
of the request with the LB IP. This means that pods with network
policies applied may have that traffic blocked when it should be
allowed.

To fix that this commit makes sure that SGs used for NPs include ingress
rules for each of the Service in it's namespace. It's not ideal but
seems to be a fair compromise between opening as little traffic as
possible and increasing number of security groups and rules.

As this commit makes sure all the NPs in the namespaces are reanalyzed
every time a Service is created or deleted, a little fixes in order to
support that are also made.

Change-Id: I7e0458c4071e4a43ab4d158429e05c67cd897a3c
Closes-Bug: 1923452
Due to coding error I not only switched "used" with "limit" in our
quota check messages but also made it impossible for the check to fail.
This commit fixes it.

Closes-Bug: 1927241
Change-Id: I6e6a396d0e0467ec424bb403064a19cb4f1a586e
As Devstack is dropping support for Ubuntu Bionic in favor
of Focal and the bionic node is not needed anymore on the crio
gate with the change os repos to kubic OBS project[1], we can
remove the nodeset definition.

[1] openstack/devstack-plugin-container@d4de1bb

Change-Id: I64bcfe8f9c5795f1724aa1e3b7278660f79fa7f6
This commit updates the GO Version to 1.16

Change-Id: Ic83148d51bf2cc1b2a8c8e5bf8ba3c28e6fa588f
gryf and others added 17 commits May 24, 2021 13:25
This patch provides an implementation for joining node to the Kubernetes
cluster by using `kubeadm join` command.

Change-Id: I71d2b99e0c92a12c4e64395f6c4dafa4b69f168f
Depends-On: Ife21874c0a71ba07723094c0f880aabcf5825b77
When executing kubectl drain node it sometimes removing
kuryr-controller first, which may happen, that deployments will hang
during removing, since the dependency on the controller.

Also, turns out, that we can simply skip it, and `kubeadm reset` will
remove everything for us, so that's enough.

Change-Id: I396fb8fa5658617d03f5fdeed93cc86aa61e4a2d
Upating the tetsing template to Xena testing runtime:
https://governance.openstack.org/tc/reference/runtimes/xena.html

Change-Id: I59fd5f35320a337a9b8eaa519ca3156d5fcdd25b
The patch bumps min version of tox to 3.18.0 in order to
replace tox's whitelist_externals by allowlist_externals option:
https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23

Change-Id: Ib37ac703ae9a49c31f0797f210174c591a4b8109
Change-Id: I5dfcc0786d8cc296f792b268fe3dcd5d73b3341c
Currently, we were relying on our dependencies which pulls golang
package, so that we don't need to do that ourselves. Although, as it was
pointed out in mentioned bug, explicit is better than implicit.

Even though, it's worth to mention, that kuryr-kubernetes relies on
both: Neutron and Octavia (which brings golang as it binary dep), and
without either of it, it will not work.

Change-Id: I3efb100e8ea47b7eb74e5addf5c2171c4606cad0
Closes-Bug: #1930368
It's possible that the Listener timeouts data was
included in the CRD status, even though there is
no annotation on the Service, probably the Listener
was not present on the CRD, but created and the
controller attempts to find it and includes the timeouts
value. The timeouts included on the CRD then differs
from the spec values causing the constant update
of the Listener. This commit fixes the issue by ensuring
the timeouts information is only included on the CRD
when there was annoation(s) on the Service.

Closes-bug: 1930220
Change-Id: Iaaa6805287c175de618e0ec20099887f129e7536
pyroute2 0.6.4 seems to break us due to their packages split. This
commit attempts to fix it by making sure we import modules correctly.

Change-Id: I30ef9ce99b039d00f63ced6e78fd4cfe432b50f6
Neutron should make a subport that is already attached to a trunk ACTIVE
immediately. Unfortunately there seems to be an OVN bug causing an event
triggering this to be lost, leaving the port in DOWN state forever. This
is a disaster for Kuryr, because we can't proceed to wire the pods in
such case.

This commit attempts to workaround this by making Kuryr reattach the
ports that are in DOWN state for more than 90 seconds after they're
plugged.

Change-Id: If9a3968d68dced588614cd5521d4a111e78d435f
Change-Id: Icd217150c510d9a25759347e2b6d3710b60ad40a
@dulek dulek requested review from MaysaMacedo, gryf and luis5tb and removed request for gryf June 16, 2021 11:03
@openshift-ci openshift-ci bot requested a review from gryf June 16, 2021 11:03
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 16, 2021
Upstream switched to use golang modules, this commit adapts
openshift-kuryr-cni-rhel8.Dockerfile to those changes.

Change-Id: I1fa697819952e5d25f150219dc805ad0cc911104
@MaysaMacedo
Copy link
Contributor

/lgtm

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 16, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dulek, MaysaMacedo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jun 16, 2021
@openshift-merge-robot openshift-merge-robot merged commit 7756a24 into openshift:master Jun 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet