We are stoked to announce the release of: kuryr-kubernetes 1.1.0: Kubernetes integration with OpenStack networking This release is part of the train release series. The source is available from: https://opendev.org/openstack/kuryr-kubernetes Download the package from: https://tarballs.openstack.org/kuryr-kubernetes/ Please report issues through: https://bugs.launchpad.net/kuryr-kubernetes/+bugs For more details, please see below. 1.1.0 ^^^^^ New Features ************ * kuryr-cni, that is the executable called by kubelet, is now rewritten to golang. This enables Kuryr to work containerized in environments where there is no Python or curl on the hosts running kubelet. This is the case e.g. in K8s deployed by Magnum. Upgrade Notes ************* * kuryr-daemon used to listen on port 50036, but that's a port from local range (on Ubuntu and RHEL default range is 32768-60999). This means that there might have been a port conflict ("address already in use"). To avoid that the default value of "[cni_daemon]bind_address" option was changed to "127.0.0.1:5036". * kuryr-cni is now a golang binary. The upgrade should be automatic and consists of deploying an updated kuryr-cni container. Please note that if you used a custom listening port for kuryr-daemon, it is currently hardcoded to 5036. We're planning to pass it through 10-kuryr.conf CNI configuration file in the very near future. Changes in kuryr-kubernetes 1.0.0..1.1.0 ---------------------------------------- 4521276 Ensure LBaaS state is updated upon SVC deletion 2ab2fbd Make ChunkedEncodingError less scary 51150ed Timeout connections when watching K8s API 323f01b Fix sensitivity to the initial device driver d6e5fe9 Ensure conflicts creating subnet from subnetpools are retried 94bb9f8 Remove exit_on_stop from Watcher ce5551b Improve readability of vif handler on_present skip reason 4c3e338 Reuse utils.get_lbaas_spec in lb handler ac7a593 Skipping sg rule deletion for pods without annotations 5e0dec6 Avoid Kuryrnet populating pools before namespace handler finishes d28815a Remove runtime.LockOSThread() call from kuryr-cni b0dfb4e Ensure Pod IP is retrieved after pod is annoated with the VIF 8c756bd Save logs of previous restart of containers ae98963 Ensure SG is only deleted in case it's present in the KuryrNet CRD 73cac91 Ensure controller is only restarted after the event timesout 56c8207 Increase loadbalancer timeout 20561a8 DPDK in baremetal containers using SR-IOV 5206717 Provide a proper way to choose VF in CNI ed10178 Fix for k8s client annotation a6feca6 Put correct API group for Routes RBAC permissions 492036e Ensure readiness probe waits for sync pools upon controller restart 00470c0 Bump the openstackdocstheme extension to 1.20 a446f05 cni: print different error logs for timeout errors b3d808f Print uid with log to facilitate log tracking bfa1acf Ensure namespace network resources are cleaned up e727a52 Ensure leftover ports are deleted upon kuryr-controller restart 046e4b3 Ensure tags are used to recover/clean ports 8442d47 Add PodResources gRPC API updating guide 6bc7a42 Unset --admission-control when starting K8s API 0421973 Blacklist sphinx 2.1.0 (autodoc bug) 06ca063 Skip listener creation with same port of existing one dc53a2b Fix wrong exception handled on listener creation 04c25b4 Gets rid of the following IPDB warning 67954fa Delete Kuryr Net CRD in case of k8s exception 3da5398 Change trace pod/pool drivers are incompatible ca222d4 Use CNI_IFNAME environment variable 1174848 Fix ip address formattig in kuryr-cni 7f90ffc Create lbaas driver instance only when it's needed 5edf3d0 Set the validate CRD enabled flag at tempest.conf 0b7f8fa Add Python 3 Train unit tests 1347e93 Speed up pools prepopulation on namespace creation 37b8e3e Fix fail to recreate namespace when previous KuryrNet CRD is not deleted 2e98c7b Increase admin project quotas 5290e52 Remove subPaths when mounting Kuryr pods volumes e94e4be Count cni DEL failure as well to mark it unhealthy 4273434 Raise keystoneauth version in lower-constraints 135311f Make SG modifications for LoadBalancers optional 3e3c9b8 Ensure correct exception is catched in case of not found exception c8d41c0 Raise right exception in case Kubernetes respond with not found 0345cd8 Fix adding pods with host networking to svc in L2 mode 6b58a1b Replace git.openstack.org with opendev.org in URLs 446a73f Support None from Octavia get_api_major_version() e685d72 Add `yum/dnf clean all` to dockerfiles a85a7bc Add CRD validation to KuryrNet and KuryrNetPolicy 3aa486d Add release note and docs about golang kuryr-cni e2e63cf Ensure kuryrnet does not perform multiple repopulations 1904541 Fix network pool deletion method 4230c87 Access Pool.listeners elements like dict 245eb07 Implement kuryr-cni in golang 1ec05b5 Add Tempest gate with lower-constraints d801e9b Create Kuryr router for devstack deployment fadcec3 Fix lBaaS sg rules corresponding to the NP rules are being deleted c8a87bf Use non local port for CNI Daemon 9ddea6e Fix misprints in vif_pool.py 3a5e0ed Add Network Policy devref Spec ddfa9e6 Update upper-constraints references in Dockerfile b5823e3 Use constant when calling namespaces K8s endpoint 45be6d6 Update Python 3 containers to Fedora 30 35ae428 Ensure NP Security Group is update on pod events e897c48 Change openstack security group rule create CLI 8f035cd Fix Pod creation do not triggers affected SVC SG update e46b74b Update octavia CLI to openstack CLI 91a6221 Move route URL to apis/route.openshift.io ebe57d3 Improve behaviour of VIFHandler 3f9c80e Populate pools upon namespace creation e7d95c4 Fix CRD update on SG rule creation 43f169a Add note about 'protoc' compiler version 533ab7c Fix incombatilibity with openstacksdk <= 0.17.2 4f75760 Add py36 to default tox environments d5a1df3 Fix sphinx requirements due to dropped 2.7 support f463afa Fix sriov driver leaking resources and exceptions 25b8374 Use proper log type when logging errors in cni 16d14d6 Fix Multiple SG rules created when Pod creation follows a NP creation c725f82 Fix interval ignoring by exponential sleep 685f4c4 Add PodResources service client 14a685d Update sriov neutron ports with pci info 30e1279 Fix SG rule creation when Pod is created after NP b0ce301 Annotate nodes with pci info for direct ports 3791b84 Support sriovdp arbitrary resource names 7b0fbcc Fix ingress/egress of UDP traffic on allow to/from everywhere Policy 59e761a Ensure Pod SG is updated on podSelector of NP spec update 004efce Use Octavia endpoint paths from openstacksdk da76fb1 Update Python 3 containers to use Fedora 29 d2b223f Set MAC address for VF via netlink message to PF 8006da0 Fix pod creation diagram in devref f59fffa OpenDev Migration Patch b644083 Add support for text ports on Network Policy Spec 9b3182c Add ipBlock support to NP d193767 Dropping the py35 testing 5a2d0f6 Ensure LBaaS SG update upon allow from everywhere NP is enforced 7d03fb1 Ensure port_range_min is optional 2a9f5fd Fix conflict exceptions handling in LB creation 559b785 Pin coredns container image to 1.4.0 tag b653be4 Add support for policyTypes at Network Policies ae1d1dd Fix LBaaS SG rules update 69a02f6 NP: Create allow-all SG and add it to pod SG's 591d8bc Enable tox to run inside containers b35b087 Switch to CentOS Amphora f4d826b Improve logging for event dispatcher 49ca932 Add missing ws separator between words d29e150 NP: Delete default egress rules 4a3b23d Update master for stable/stein d977fba Enable debug logs on Kubernetes services Diffstat (except docs and test files) ------------------------------------- .gitreview | 2 +- .zuul.d/base.yaml | 9 +- .zuul.d/multinode.yaml | 16 +- .zuul.d/octavia.yaml | 21 +- .zuul.d/project.yaml | 4 +- .zuul.d/sdn.yaml | 5 +- README.rst | 2 +- cni.Dockerfile | 13 +- cni_ds_init | 48 +- cni_py3.Dockerfile | 20 +- contrib/devstack-heat/hot/node.yaml | 4 +- contrib/devstack-heat/lib/devstack-heat | 2 +- contrib/regenerate_pod_resources_api.sh | 88 ++ contrib/vagrant/README.md | 2 +- controller.Dockerfile | 5 +- controller_py3.Dockerfile | 12 +- devstack/lib/kuryr_kubernetes | 38 +- devstack/local.conf.df.sample | 10 +- devstack/local.conf.odl.sample | 8 +- devstack/local.conf.openshift.sample | 8 +- devstack/local.conf.ovn.sample | 12 +- devstack/local.conf.pod-in-vm.overcloud.sample | 4 +- devstack/local.conf.pod-in-vm.undercloud.df.sample | 8 +- .../local.conf.pod-in-vm.undercloud.odl.sample | 4 +- .../local.conf.pod-in-vm.undercloud.ovn.sample | 8 +- devstack/local.conf.pod-in-vm.undercloud.sample | 4 +- devstack/local.conf.sample | 15 +- devstack/local.conf.worker.sample | 4 +- devstack/plugin.sh | 78 +- devstack/settings | 4 + .../update_network_policy_on_pod_creation.svg | 2 + .../installation/devstack/dragonflow_support.rst | 6 +- .../installation/testing_nested_connectivity.rst | 2 +- kubernetes_crds/kuryrnet.yaml | 30 + kubernetes_crds/kuryrnetpolicy.yaml | 104 ++ kuryr_cni/Gopkg.lock | 37 + kuryr_cni/Gopkg.toml | 34 + kuryr_cni/README | 2 + kuryr_cni/main.go | 188 ++++ kuryr_cni/ovo.go | 120 +++ .../github.com/containernetworking/cni/LICENSE | 202 ++++ .../containernetworking/cni/pkg/skel/skel.go | 307 ++++++ .../containernetworking/cni/pkg/types/020/types.go | 140 +++ .../containernetworking/cni/pkg/types/args.go | 112 ++ .../cni/pkg/types/current/types.go | 293 +++++ .../containernetworking/cni/pkg/types/types.go | 199 ++++ .../containernetworking/cni/pkg/version/conf.go | 37 + .../containernetworking/cni/pkg/version/plugin.go | 144 +++ .../cni/pkg/version/reconcile.go | 49 + .../containernetworking/cni/pkg/version/version.go | 83 ++ kuryr_cni/vendor/github.com/pkg/errors/.gitignore | 24 + kuryr_cni/vendor/github.com/pkg/errors/.travis.yml | 15 + kuryr_cni/vendor/github.com/pkg/errors/LICENSE | 23 + kuryr_cni/vendor/github.com/pkg/errors/README.md | 52 + .../vendor/github.com/pkg/errors/appveyor.yml | 32 + kuryr_cni/vendor/github.com/pkg/errors/errors.go | 282 +++++ kuryr_cni/vendor/github.com/pkg/errors/stack.go | 147 +++ kuryr_kubernetes/clients.py | 11 + kuryr_kubernetes/cmd/status.py | 34 +- kuryr_kubernetes/cni/api.py | 2 +- kuryr_kubernetes/cni/binding/base.py | 30 +- kuryr_kubernetes/cni/binding/sriov.py | 346 ++++-- kuryr_kubernetes/cni/daemon/service.py | 19 +- kuryr_kubernetes/cni/health.py | 10 +- kuryr_kubernetes/cni/plugins/k8s_cni_registry.py | 3 + kuryr_kubernetes/config.py | 43 +- kuryr_kubernetes/constants.py | 12 +- kuryr_kubernetes/controller/drivers/base.py | 11 + kuryr_kubernetes/controller/drivers/lbaasv2.py | 173 +-- .../controller/drivers/namespace_subnet.py | 102 +- .../controller/drivers/network_policy.py | 327 ++++-- .../drivers/network_policy_security_groups.py | 369 +++++-- kuryr_kubernetes/controller/drivers/sriov.py | 81 +- kuryr_kubernetes/controller/drivers/utils.py | 155 ++- kuryr_kubernetes/controller/drivers/vif_pool.py | 135 ++- .../controller/handlers/ingress_lbaas.py | 3 +- kuryr_kubernetes/controller/handlers/kuryrnet.py | 88 ++ kuryr_kubernetes/controller/handlers/lbaas.py | 99 +- kuryr_kubernetes/controller/handlers/namespace.py | 65 +- kuryr_kubernetes/controller/handlers/pod_label.py | 7 +- kuryr_kubernetes/controller/handlers/policy.py | 22 +- kuryr_kubernetes/controller/handlers/vif.py | 90 +- kuryr_kubernetes/controller/service.py | 2 +- kuryr_kubernetes/handlers/dispatch.py | 9 +- kuryr_kubernetes/k8s_client.py | 106 +- kuryr_kubernetes/objects/vif.py | 7 +- kuryr_kubernetes/platform/constants.py | 2 +- kuryr_kubernetes/pod_resources/__init__.py | 0 kuryr_kubernetes/pod_resources/api.proto | 40 + kuryr_kubernetes/pod_resources/api_pb2.py | 273 +++++ kuryr_kubernetes/pod_resources/api_pb2_grpc.py | 48 + kuryr_kubernetes/pod_resources/client.py | 43 + .../controller/drivers/test_namespace_subnet.py | 67 +- .../unit/controller/drivers/test_network_policy.py | 172 ++- .../drivers/test_network_policy_security_groups.py | 60 +- .../unit/controller/handlers/test_ingress_lbaas.py | 5 +- .../unit/controller/handlers/test_kuryrnet.py | 101 ++ .../unit/controller/handlers/test_namespace.py | 36 +- .../platform/ocp/controller/handlers/test_route.py | 3 +- kuryr_kubernetes/utils.py | 94 +- kuryr_kubernetes/watcher.py | 11 +- lower-constraints.txt | 10 +- playbooks/get_amphora_tarball.yaml | 4 +- ...e-cni-daemon-default-port-e968a83fa1bf30b5.yaml | 8 + .../notes/golang-kuryr-cni-aab144831d4dc9dd.yaml | 14 + releasenotes/source/conf.py | 19 - releasenotes/source/index.rst | 1 + releasenotes/source/stein.rst | 6 + requirements.txt | 7 +- setup.cfg | 4 +- tools/gate/copy_k8s_logs.sh | 1 + tools/generate_k8s_resource_definitions.sh | 48 +- tox.ini | 14 +- 143 files changed, 7120 insertions(+), 2273 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 070e827..00aa883 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5 +5 @@ -cotyledon>=1.3.0 # Apache-2.0 +cotyledon>=1.5.0 # Apache-2.0 @@ -10,0 +11 @@ eventlet!=0.18.3,!=0.20.1,!=0.21.0,>=0.18.2 # MIT +netaddr>=0.7.19 # BSD @@ -21 +22 @@ PrettyTable<0.8,>=0.7.2 # BSD -pyroute2>=0.5.1;sys_platform!='win32' # Apache-2.0 (+ dual licensed GPL2) +pyroute2>=0.5.3;sys_platform!='win32' # Apache-2.0 (+ dual licensed GPL2) @@ -24,0 +26,2 @@ stevedore>=1.20.0 # Apache-2.0 +grpcio>=1.12.0 # Apache-2.0 +protobuf>=3.6.0 # 3-Clause BSD