[release-announce] magnum 7.2.0 (rocky)

no-reply at openstack.org no-reply at openstack.org
Fri Dec 6 14:00:45 UTC 2019 

We contentedly announce the release of:

magnum 7.2.0: Container Management project for OpenStack

This release is part of the rocky stable release series.

The source is available from:

    https://opendev.org/openstack/magnum

Download the package from:

    https://tarballs.openstack.org/null/

Please report issues through:

    https://bugs.launchpad.net/magnum/+bugs

For more details, please see below.

7.2.0
^^^^^


New Features
************

* To get a better cluster template versioning and relieve the pain
  of maintaining public cluster template, now the name of cluster
  template can be changed.

* Add heat_container_agent_tag label to allow users select the heat-
  agent tag. Rocky default: rocky-stable

* Now cloud-provider-openstack of Kubernetes has a webhook to
  support Keystone authorization and authentication. With this
  feature, user can use a new label 'keystone-auth-enabled' to enable
  the keystone authN and authZ.

* Add a new option 'octavia' for the label 'ingress_controller' and
  a new label 'octavia_ingress_controller_tag' to enable the
  deployment of octavia-ingress-controller
  (https://github.com/kubernetes/cloud- provider-
  openstack/blob/master/docs/using-octavia-ingress- controller.md) in
  the kubernetes cluster. The 'ingress_controller_role' label is not
  used for this option.

* k8s_fedora_atomic_v1 Add PodSecurityPolicy for privileged pods.
  Use privileged PSP for calico and node-problem-detector. Add PSP for
  flannel from upstream.


Bug Fixes
*********

* Fixes the problem with Mesos cluster creation where the
  nodes_affinity_policy was not properly conveyed as it is required in
  order to create the corresponding server group in Nova.
  https://storyboard.openstack.org/#!/story/2005116

* Add iptables -P FORWARD ACCEPT unit. On node reboot, kubelet and
  kube-proxy set iptables -P FORWARD DROP which doesn't work with
  flannel in the way we use it.  Add a systemd unit to set the rule to
  ACCEPT after flannel, docker, kubelet, kube-proxy.

* In kubernetes cluster, a floating IP is created and associated
  with the vip of a load balancer which is created corresponding to
  the service of LoadBalancer type inside kubernetes, it should be
  deleted when the cluster is deleted.

Changes in magnum 7.1.0..7.2.0
------------------------------

1df886df k8s_fedora: Move rp_filter=1 for calico up
925628b6 k8s_fedora_atomic: Add PodSecurityPolicy
dbe2abd2 k8s: Clear cni configuration
174fc15a fix: Deploy enable_service last (rocky only)
7aa12a55 k8s_fedora: Label master nodes with kubectl
ca7eed7a k8s: stop introspecting instance name
e430da9b Fix proportional autoscaler image
9c79084a Using Fedora Atomic 29 as default image
660e62b0 Revert "support http/https proxy for discovery url"
acb30af7 Fix registry on k8s_fedora_atomic
98847b8c Blacklist bandit 1.6.0 and cap Sphinx on Python2
f12a91ca Partial backport: Disable broken image building
62ab17f6 Use rocky heat-container-agent for stable/rocky
da3c37c3 OpenDev Migration Patch
29324920 Replace openstack.org git:// URLs with https://
dfa0d515 k8s_fedora: Add ca_key before all deployments
5d3e0eac Ensure http proxy environment is available during 'atomic install' for k8s
fb47454f make sure to set node_affinity_policy for Mesos template definition
263d0788 Add iptables -P FORWARD ACCEPT unit
c056ac4c Delete loadbalancers and floatingips for service and ingress
4d814229 Allow cluster template being renamed
b153fb5e Support octavia-ingress-controller
50bddcb1 [k8s_fedora_atomic] Delete floating ip for load balancer
a7dc26a2 Support Keystone AuthN and AuthZ for k8s
21720308 Add heat_container_agent_tag label
a2097745 Fix prometheus monitoring
e8d0ee1b support http/https proxy for discovery url
baf46f03 Bump k8s version up to v1.11.5


Diffstat (except docs and test files)
-------------------------------------

.gitreview                                         |   2 +-
.zuul.yaml                                         |  20 +-
devstack/lib/magnum                                |  13 +-
devstack/plugin.sh                                 |   3 +-
magnum/common/neutron.py                           |  76 +++++++
magnum/common/octavia.py                           |  13 +-
magnum/db/sqlalchemy/api.py                        |   7 +-
.../kubernetes/fragments/configure-etcd.sh         |  12 ++
.../fragments/configure-kubernetes-master.sh       |  76 ++++++-
.../fragments/configure-kubernetes-minion.sh       |  39 +++-
.../kubernetes/fragments/core-dns-service.sh       |   2 +-
.../fragments/enable-ingress-controller.sh         |  19 +-
.../kubernetes/fragments/enable-ingress-octavia.sh | 122 ++++++++++++
.../kubernetes/fragments/enable-keystone-auth.sh   | 185 +++++++++++++++++
.../kubernetes/fragments/enable-node-exporter.sh   |  32 ---
.../fragments/enable-prometheus-monitoring.sh      |  89 ++++++++-
.../kubernetes/fragments/enable-services-master.sh |  10 +-
.../kubernetes/fragments/flannel-service.sh        |  23 +++
.../fragments/kube-apiserver-to-kubelet-role.sh    |  72 ++++++-
.../kubernetes/fragments/make-cert-client.sh       |   3 +-
.../templates/kubernetes/fragments/make-cert.sh    |   1 -
.../kubernetes/fragments/start-container-agent.sh  |  14 +-
.../fragments/write-heat-params-master.yaml        |   7 +
.../kubernetes/fragments/write-heat-params.yaml    |   4 +
.../kubernetes/fragments/write-kube-os-config.sh   |   1 +
.../templates/swarm/fragments/network-service.sh   |  23 +++
magnum/drivers/heat/k8s_fedora_template_def.py     |   6 +-
magnum/drivers/heat/k8s_template_def.py            |  25 ++-
.../templates/fragments/enable-kubelet-master.yaml |   4 +-
.../templates/fragments/enable-kubelet-minion.yaml |   4 +-
.../templates/kubecluster.yaml                     |  47 ++++-
.../k8s_fedora_atomic_v1/templates/kubemaster.yaml |  35 +++-
.../k8s_fedora_atomic_v1/templates/kubeminion.yaml |  15 +-
.../templates/kubecluster.yaml                     |   3 +
.../templates/kubeminion_software_configs.yaml     |   7 -
magnum/drivers/mesos_ubuntu_v1/template_def.py     |   5 +
.../api/controllers/v1/test_cluster_template.py    |  21 +-
.../handlers/test_k8s_cluster_conductor.py         |  25 ++-
.../handlers/test_mesos_cluster_conductor.py       |   5 +
playbooks/magnum-buildimages-base.yaml             |   2 +-
playbooks/magnum-functional-base.yaml              |   2 +-
playbooks/pre/prepare-workspace.yaml               |   6 +-
...cy-for-mesos-template-def-82627eb231aa4d28.yaml |   7 +
...er-template-being-renamed-82f7d5d1f33a7957.yaml |   7 +
.../notes/flannel-reboot-fix-f1382818daed4fa8.yaml |   7 +
.../heat-container-agent-tag-92848c1062c16c76.yaml |   5 +
.../notes/k8s-delete-vip-fip-b2ddf61ddbc080bc.yaml |   6 +
.../notes/k8s-keystone-auth-6c88c1a2d406fb61.yaml  |   7 +
...ctavia-ingress-controller-32c0b97031fd0dd4.yaml |   8 +
.../notes/podsecuritypolicy-2400063d73524e06.yaml  |   6 +
test-requirements.txt                              |   5 +-
59 files changed, 1562 insertions(+), 155 deletions(-)


Requirements updates
--------------------

diff --git a/test-requirements.txt b/test-requirements.txt
index 209b0c4b..ff04da12 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -8 +8 @@
-bandit>=1.1.0 # Apache-2.0
+bandit!=1.6.0,>=1.1.0 # Apache-2.0
@@ -20 +20,2 @@ pytz>=2013.6 # MIT
-sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD

More information about the Release-announce mailing list