We are delighted to announce the release of:
kuryr-kubernetes 1.0.0: Kubernetes integration with OpenStack networking
This release is part of the stein release series.
The source is available from:
https://git.openstack.org/cgit/openstack/kuryr-kubernetes
Download the package from:
https://tarballs.openstack.org/kuryr-kubernetes/
Please report issues through:
https://bugs.launchpad.net/kuryr-kubernetes/+bugs
For more details, please see below.
1.0.0 ^^^^^
New Features ************
* Added possibility to ensure all OpenStack resources created by Kuryr are tagged. In case of Neutron regular "tags" field is used. If Octavia supports tagging (from Octavia API 2.5, i.e. Stein), "tags" field is used as well, otherwise tags are put on "description" field. All this is controlled by "[neutron_defaults]resource_tags" config option that can hold a list of tags to be put on resources. This feature is useful to correctly identify any leftovers in OpenStack after K8s cluster Kuryr was serving gets deleted.
* It is now possible to use same pool_driver for different pod_vif_drivers when using MultiVIFPool driver.
A new config option *vif_pool.vif_pool_mapping* is introduced which is a dict/mapping from pod_vif_driver => pool_driver. So different pod_vif_drivers can be configured to use the same pool_driver.
[vif_pool] vif_pool_mapping=nested-vlan:nested,neutron-vif:neutron
Earlier each instance of a pool_driver was mapped to a single pod_driver, thus requiring a unique pool_driver for each pod_vif_driver.
Upgrade Notes *************
* As announced, possiblity of running Kuryr-Kubernetes without kuryr- daemon service is now removed from the project and considered not supported.
* If "vif_pool.pools_vif_drivers" config option is used, new config option *vif_pool.vif_pool_mapping* should be populated with inverted mapping from the present value of "vif_pool.pools_vif_drivers".
Deprecation Notes *****************
* Configuration option "vif_pool.pools_vif_drivers" has been deprecated in favour of "vif_pool.vif_pool_mapping" to allow reuse of pool_drivers for different pod_vif_drivers.
If "vif_pool_mapping" is not configured, "pools_vif_drivers" will still continue to work for now, but "pools_vif_drivers" will be completely removed in a future release.
Changes in kuryr-kubernetes 0.6.1..1.0.0 ----------------------------------------
2b77ce9 Replace openstack.org git:// URLs with https:// bee4997 Add option to tag Octavia resources created by us dfa9a39 Add support for svc with text targetPorts e8f1f17 DevStack: Bump SG quotas for "policy" SG driver 4b332cf Add option to deploy coredns 660bbf0 Ensure only affected services are updated on Pod/NetworkPolicy events b90ca1b Switch Octavia API calls to openstacksdk 05795f8 Update documentation about NP handlers needed ba89bd0 Fix LBaaS sg rules update on deployment scale 7aef10a Avoid race between NP creation and pod annotation 88e38e8 Add option to tag Neutron resources created by us 8eaeb88 Switch except statements order 6c0730f Skip exception in case kuryrnetpolicy CRD is already deleted 5cf4b41 Fix CRD podSelector update dc9e39b Avoid _get_pods_ips KeyError exception 9c2fcbc Fix SG rules on targetPort update 33594b8 Ensure kuryr-controller recover from lb in ERROR status d8c0416 Upgrade Flask version due to security concerns e8c418c Pools support with Network Policies d4b31ae Update HA doc with corections and minor fixes faa9593 Remove dragonflow job from experimental jobs f4ba0dd Fixup gate names after LBaaS v2 removal 3e3ed9d Remove way of running without kuryr-daemon b0dfd35 Use same pool_driver for different pod_vif_drivers 66faa8a Fix unused members deletion 28d2935 Remove non-voting job from gate 6cc8e4c Fix a misprint in SR-IOV binding driver 3441a70 devstack: Create LB objects only if Octavia is enabled a63abbc Avoid doing `raise ex` when only logging 70692f8 Ensure NP changes are applied to services c6253fe Ensure lb sg rules are deleted when no longer allowed 5cf228a Enable ETCD_USE_RAMDISK in Kuryr gates 0f9f5bc Handle exception raised in FIP allocation 45f4a7f Ensure host to pod connectivity for NP bf848c5 Fix CRD update when NP has namespaceSelectors 838dcf5 Revert "Ensure reaction to svc target-port update" 6f86bc1 Fixed variables error with 'public-subnet' 176b860 Removing lbaasv2 related code 60a1e19 Avoid octavia default sg rules collision with kuryr ones db6dcda Use default subnet mapping if subnet is not specified 571079d Fix CRD update on pod creation a510632 Adjust default pool values to remove gate flakiness
Diffstat (except docs and test files) -------------------------------------
.zuul.d/base.yaml | 4 +- .zuul.d/lbaasv2.yaml | 39 -- .zuul.d/multi-vif.yaml | 6 +- .zuul.d/multinode.yaml | 13 +- .zuul.d/octavia.yaml | 100 ++-- .zuul.d/project.yaml | 48 +- .zuul.d/sdn.yaml | 18 +- cni_ds_init | 7 +- devstack/lib/kuryr_kubernetes | 114 +---- devstack/local.conf.df.sample | 66 +-- devstack/local.conf.odl.sample | 8 +- devstack/local.conf.openshift.sample | 66 +-- devstack/local.conf.ovn.sample | 67 +-- devstack/local.conf.pod-in-vm.overcloud.sample | 6 +- devstack/local.conf.pod-in-vm.undercloud.df.sample | 37 +- .../local.conf.pod-in-vm.undercloud.odl.sample | 2 +- .../local.conf.pod-in-vm.undercloud.ovn.sample | 38 +- devstack/local.conf.pod-in-vm.undercloud.sample | 38 +- devstack/local.conf.sample | 82 ++- devstack/plugin.sh | 202 +++++--- devstack/settings | 7 +- kuryr_kubernetes/clients.py | 39 +- kuryr_kubernetes/cni/api.py | 20 - kuryr_kubernetes/cni/binding/sriov.py | 2 +- kuryr_kubernetes/cni/main.py | 10 +- kuryr_kubernetes/cni/plugins/k8s_cni.py | 49 -- kuryr_kubernetes/config.py | 24 +- kuryr_kubernetes/controller/drivers/base.py | 17 +- .../controller/drivers/lb_public_ip.py | 9 +- kuryr_kubernetes/controller/drivers/lbaasv2.py | 558 ++++++++++++--------- kuryr_kubernetes/controller/drivers/multi_vif.py | 19 +- .../drivers/namespace_security_groups.py | 138 +---- .../controller/drivers/namespace_subnet.py | 11 +- .../controller/drivers/nested_macvlan_vif.py | 10 +- kuryr_kubernetes/controller/drivers/nested_vif.py | 4 +- .../controller/drivers/nested_vlan_vif.py | 46 +- .../controller/drivers/network_policy.py | 76 +-- .../drivers/network_policy_security_groups.py | 229 +++++++-- kuryr_kubernetes/controller/drivers/neutron_vif.py | 28 +- kuryr_kubernetes/controller/drivers/public_ip.py | 20 +- kuryr_kubernetes/controller/drivers/sriov.py | 5 +- kuryr_kubernetes/controller/drivers/utils.py | 54 +- kuryr_kubernetes/controller/drivers/vif_pool.py | 259 +++++++--- .../controller/handlers/kuryrnetpolicy.py | 37 ++ kuryr_kubernetes/controller/handlers/lbaas.py | 170 +++---- kuryr_kubernetes/controller/handlers/namespace.py | 3 +- kuryr_kubernetes/controller/handlers/pod_label.py | 17 +- kuryr_kubernetes/controller/handlers/policy.py | 66 ++- kuryr_kubernetes/controller/handlers/vif.py | 33 +- kuryr_kubernetes/controller/managers/pool.py | 28 +- kuryr_kubernetes/k8s_client.py | 29 +- kuryr_kubernetes/objects/lbaas.py | 5 +- .../drivers/test_namespace_security_groups.py | 140 ------ .../unit/controller/drivers/test_network_policy.py | 36 +- .../drivers/test_network_policy_security_groups.py | 299 +++++++++-- .../unit/controller/drivers/test_neutron_vif.py | 4 +- .../unit/controller/handlers/test_pod_label.py | 15 +- kuryr_kubernetes/utils.py | 83 ++- lower-constraints.txt | 4 +- .../notes/add-tagging-ce56231f58bf7ad0.yaml | 11 + .../notes/remove-non-daemon-836e4825384b1b88.yaml | 5 + .../reusable-pool-drivers-00e7fdc1f4738441.yaml | 31 ++ requirements.txt | 3 +- setup.cfg | 1 + 80 files changed, 2829 insertions(+), 2166 deletions(-)
Requirements updates --------------------
diff --git a/requirements.txt b/requirements.txt index 9a55d20..070e827 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6 +6 @@ cotyledon>=1.3.0 # Apache-2.0 -Flask!=0.11,>=0.10 # BSD +Flask!=0.11,>=0.12.3 # BSD @@ -10,0 +11 @@ eventlet!=0.18.3,!=0.20.1,!=0.21.0,>=0.18.2 # MIT +openstacksdk>=0.13.0 # Apache-2.0