[openstack-dev] [magnum] kubernetes images for magnum rocky
Hello all, Following the vulnerability [0], with magnum rocky and the kubernetes driver on fedora atomic you can use this tag "v1.11.5-1" [1] for new clusters. To upgrade the apiserver in existing clusters, on the master node(s) you can run: sudo atomic pull --storage ostree docker.io/openstackmagnum/kubernetes-apiserver:v1.11.5-1 sudo atomic containers update --rebase docker.io/openstackmagnum/kubernetes-apiserver:v1.11.5-1 kube-apiserver You can upgrade the other k8s components with similar commands. I'll share instructions for magnum queens tomorrow morning CET time. Cheers, Spyros [0] https://github.com/kubernetes/kubernetes/issues/71411 [1] https://hub.docker.com/r/openstackmagnum/kubernetes-apiserver/tags/ __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Magnum queens, uses kubernetes 1.9.3 by default. You can upgrade to v1.10.11-1. From a quick test v1.11.5-1 is also compatible with 1.9.x. We are working to make this painless, sorry you have to ssh to the nodes for now. Cheers, Spyros On Mon, 3 Dec 2018 at 23:24, Spyros Trigazis <strigazi@gmail.com> wrote:
Hello all,
Following the vulnerability [0], with magnum rocky and the kubernetes driver on fedora atomic you can use this tag "v1.11.5-1" [1] for new clusters. To upgrade the apiserver in existing clusters, on the master node(s) you can run: sudo atomic pull --storage ostree docker.io/openstackmagnum/kubernetes-apiserver:v1.11.5-1 sudo atomic containers update --rebase docker.io/openstackmagnum/kubernetes-apiserver:v1.11.5-1 kube-apiserver
You can upgrade the other k8s components with similar commands.
I'll share instructions for magnum queens tomorrow morning CET time.
Cheers, Spyros
[0] https://github.com/kubernetes/kubernetes/issues/71411 [1] https://hub.docker.com/r/openstackmagnum/kubernetes-apiserver/tags/
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Hello again, address space issues: # uninstall the running container sudo atomic uninstall kube-apiserver # delete the old image, check which one you use sudo atomic images delete --storage ostree docker.io/openstackmagnum/kubernetes-apiserver:v1.9.3 # prune to actually claim the space back sudo atomic images prune # install the new image sudo atomic install --system --storage ostree --name kube-apiserver docker.io/openstackmagnum/kubernetes-apiserver:v1.10.11-1 # start the service sudo systemctl start kube-apiserver I haven't used it, but there is an ansible module [0]. Cheers, Spyros [0] https://docs.ansible.com/ansible/2.5/modules/atomic_container_module.html On Tue, 4 Dec 2018 at 00:13, Spyros Trigazis <strigazi@gmail.com> wrote:
Magnum queens, uses kubernetes 1.9.3 by default. You can upgrade to v1.10.11-1. From a quick test v1.11.5-1 is also compatible with 1.9.x.
We are working to make this painless, sorry you have to ssh to the nodes for now.
Cheers, Spyros
On Mon, 3 Dec 2018 at 23:24, Spyros Trigazis <strigazi@gmail.com> wrote:
Hello all,
Following the vulnerability [0], with magnum rocky and the kubernetes driver on fedora atomic you can use this tag "v1.11.5-1" [1] for new clusters. To upgrade the apiserver in existing clusters, on the master node(s) you can run: sudo atomic pull --storage ostree docker.io/openstackmagnum/kubernetes-apiserver:v1.11.5-1 sudo atomic containers update --rebase docker.io/openstackmagnum/kubernetes-apiserver:v1.11.5-1 kube-apiserver
You can upgrade the other k8s components with similar commands.
I'll share instructions for magnum queens tomorrow morning CET time.
Cheers, Spyros
[0] https://github.com/kubernetes/kubernetes/issues/71411 [1] https://hub.docker.com/r/openstackmagnum/kubernetes-apiserver/tags/
participants (1)
-
Spyros Trigazis