Merge "Alerts rationalization for k8s&calico"
diff --git a/.kitchen.yml b/.kitchen.yml
index f939ef3..5bca6a9 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -53,7 +53,7 @@
platforms:
- name: <%= ENV['PLATFORM'] || 'saltstack-ubuntu-xenial-salt-stable' %>
driver_config:
- image: <%= ENV['PLATFORM'] || 'epcim/salt-formulas:saltstack-ubuntu-xenial-salt-stable' %>
+ image: <%= ENV['PLATFORM'] || 'epcim/salt:saltstack-ubuntu-xenial-salt-stable' %>
platform: ubuntu
suites:
diff --git a/.travis.yml b/.travis.yml
index 1c5139d..45062b7 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -18,22 +18,33 @@
- bundle install
env:
- - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=master-cluster
- - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=master-cluster
- - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=pool-cluster
- - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=pool-cluster
- - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=master-contrail
- - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=master-contrail
- - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=master-contrail4-0
- - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=master-contrail4-0
- - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=pool-contrail4-0
- - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=pool-contrail4-0
- - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=common-storageclass
-# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=master-cluster
-# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=pool-cluster
-# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=master-contrail
-# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=master-contrail4-0
-# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=pool-contrail4-0
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2016.3 SUITE=master-cluster
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2016.3 SUITE=pool-cluster
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2016.3 SUITE=master-contrail
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2016.3 SUITE=master-contrail4-0
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2016.3 SUITE=pool-contrail4-0
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2016.3 SUITE=common-storageclass
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2017.7 SUITE=master-cluster
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2017.7 SUITE=pool-cluster
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2017.7 SUITE=master-contrail
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2017.7 SUITE=master-contrail4-0
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2017.7 SUITE=pool-contrail4-0
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2018.3 SUITE=master-cluster
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2018.3 SUITE=pool-cluster
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2018.3 SUITE=master-contrail
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2018.3 SUITE=master-contrail4-0
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2018.3 SUITE=pool-contrail4-0
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2018.3 SUITE=common-storageclass
+# - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2017.7 SUITE=master-cluster
+# - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2017.7 SUITE=pool-cluster
+# - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2017.7 SUITE=master-contrail
+# - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2017.7 SUITE=master-contrail4-0
+# - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2017.7 SUITE=pool-contrail4-0
+# - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2018.3 SUITE=master-cluster
+# - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2018.3 SUITE=pool-cluster
+# - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2018.3 SUITE=master-contrail
+# - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2018.3 SUITE=master-contrail4-0
+# - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2018.3 SUITE=pool-contrail4-0
before_script:
- set -o pipefail
diff --git a/README.rst b/README.rst
index 3b50609..da82ccb 100644
--- a/README.rst
+++ b/README.rst
@@ -70,7 +70,7 @@
virtlet:
enabled: true
namespace: kube-system
- image: mirantis/virtlet:v1.0.0
+ image: mirantis/virtlet:v1.0.3
hosts:
- cmp01
- cmp02
diff --git a/kubernetes/files/calico/calico-node.service.master b/kubernetes/files/calico/calico-node.service.master
index c91dd5c..e79fc65 100644
--- a/kubernetes/files/calico/calico-node.service.master
+++ b/kubernetes/files/calico/calico-node.service.master
@@ -29,6 +29,7 @@
-p {{ pool.network.calico.prometheus.get('address', '0.0.0.0') }}:{{ master.network.calico.get('prometheus', {}).get('port', 9091) }}:9091 \
{%- endif %}
-v /var/log/calico:/var/log/calico \
+ -v /var/lib/calico:/var/lib/calico \
-v /run/docker/plugins:/run/docker/plugins \
-v /lib/modules:/lib/modules \
-v /var/run/calico:/var/run/calico \
diff --git a/kubernetes/files/calico/calico-node.service.pool b/kubernetes/files/calico/calico-node.service.pool
index 034a900..0797fa3 100644
--- a/kubernetes/files/calico/calico-node.service.pool
+++ b/kubernetes/files/calico/calico-node.service.pool
@@ -30,6 +30,7 @@
-p {{ pool.network.calico.prometheus.get('address', '0.0.0.0') }}:{{ pool.network.calico.prometheus.get('port', 9091) }}:9091 \
{%- endif %}
-v /var/log/calico:/var/log/calico \
+ -v /var/lib/calico:/var/lib/calico \
-v /run/docker/plugins:/run/docker/plugins \
-v /lib/modules:/lib/modules \
-v /var/run/calico:/var/run/calico \
diff --git a/kubernetes/files/dockershim/default.master b/kubernetes/files/dockershim/default.master
index c5f3174..f224475 100644
--- a/kubernetes/files/dockershim/default.master
+++ b/kubernetes/files/dockershim/default.master
@@ -14,6 +14,9 @@
--hostname-override={{ master.host.name }} \
--v={{ master.get('verbosity', 2) }} \
--node-labels=node-role.kubernetes.io/master=true \
+{%- if common.hyperkube.pause_image is defined %}
+--pod-infra-container-image={{ common.hyperkube.pause_image }} \
+{%- endif %}
{%- if master.get('unschedulable', 'false') %}
--register-with-taints=node-role.kubernetes.io/master=:NoSchedule \
{%- endif %}
diff --git a/kubernetes/files/dockershim/default.pool b/kubernetes/files/dockershim/default.pool
index 308b5d6..1cbbbd7 100644
--- a/kubernetes/files/dockershim/default.pool
+++ b/kubernetes/files/dockershim/default.pool
@@ -13,6 +13,9 @@
--cluster_domain={{ common.addons.dns.domain|replace('_', '-') }} \
--hostname-override={{ pool.host.name }} \
--v={{ pool.get('verbosity', 2) }} \
+{%- if common.hyperkube.pause_image is defined %}
+--pod-infra-container-image={{ common.hyperkube.pause_image }} \
+{%- endif %}
{%- if pillar.kubernetes.master is defined %}
--node-labels=node-role.kubernetes.io/master=true \
{%- if pillar.kubernetes.get('master', {}).get('unschedulable', 'false') %}
diff --git a/kubernetes/files/kube-addons/calico-policy/calico-policy-controller.yml b/kubernetes/files/kube-addons/calico-policy/calico-policy-controller.yml
index 19611f2..52d1b26 100644
--- a/kubernetes/files/kube-addons/calico-policy/calico-policy-controller.yml
+++ b/kubernetes/files/kube-addons/calico-policy/calico-policy-controller.yml
@@ -1,36 +1,58 @@
{%- from "kubernetes/map.jinja" import common with context -%}
{%- from "kubernetes/map.jinja" import master with context -%}
+# This manifest deploys the Calico Kubernetes controllers.
+# See https://github.com/projectcalico/kube-controllers
apiVersion: extensions/v1beta1
-kind: ReplicaSet
+kind: Deployment
metadata:
- name: calico-policy-controller
+ name: calico-kube-controllers
namespace: {{ common.addons.calico_policy.namespace }}
labels:
- k8s-app: calico-policy
- kubernetes.io/cluster-service: "true"
+ k8s-app: calico-kube-controllers
addonmanager.kubernetes.io/mode: Reconcile
spec:
+ # The controllers can only have a single active instance.
replicas: 1
selector:
matchLabels:
- k8s-app: calico-policy
+ k8s-app: calico-kube-controllers
+ strategy:
+ type: Recreate
template:
metadata:
- name: calico-policy-controller
+ name: calico-kube-controllers
namespace: {{ common.addons.calico_policy.namespace }}
labels:
- k8s-app: calico-policy
+ k8s-app: calico-kube-controllers
annotations:
+ # Mark this pod as a critical add-on; when enabled, the critical add-on scheduler
+ # reserves resources for critical add-on pods so that they can be rescheduled after
+ # a failure. This annotation works in tandem with the toleration below.
+ # Note. Rescheduler is deprecated in k8s v1.10 and is to be removed in k8s v1.11.
+ scheduler.alpha.kubernetes.io/critical-pod: ''
{%- if common.addons.calico_policy.cni is defined %}
cni: {{ common.addons.calico_policy.cni }}
{%- endif %}
spec:
+ # The controllers must run in the host network namespace so that
+ # it isn't governed by policy that would prevent it from working.
hostNetwork: true
tolerations:
- - key: node-role.kubernetes.io/master
- effect: NoSchedule
+ # this taint is set by all kubelets running `--cloud-provider=external`
+ # so we should tolerate it to schedule the calico pods
+ - key: node.cloudprovider.kubernetes.io/uninitialized
+ value: "true"
+ effect: NoSchedule
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
+ # Allow this pod to be rescheduled while the node is in "critical add-ons only" mode.
+ # This, along with the annotation above marks this pod as a critical add-on.
+ # Note. Rescheduler is deprecated in k8s v1.10 and is to be removed in k8s v1.11.
+ - key: CriticalAddonsOnly
+ operator: Exists
+ serviceAccountName: calico-kube-controllers
containers:
- - name: calico-policy-controller
+ - name: calico-kube-controllers
image: {{ common.addons.calico_policy.image }}
imagePullPolicy: IfNotPresent
resources:
@@ -41,25 +63,25 @@
cpu: 30m
memory: 64M
env:
+ # The list of etcd nodes in the cluster.
- name: ETCD_ENDPOINTS
value: "{% for member in master.network.calico.etcd.members %}http{% if master.network.calico.etcd.get('ssl', {}).get('enabled') %}s{% endif %}://{{ member.host }}:{{ member.port }}{% if not loop.last %},{% endif %}{% endfor %}"
+ # CA certificate, client certificate, client key files for accessing the etcd cluster.
- name: ETCD_CA_CERT_FILE
value: "/var/lib/etcd/ca.pem"
- name: ETCD_CERT_FILE
value: "/var/lib/etcd/etcd-client.pem"
- name: ETCD_KEY_FILE
value: "/var/lib/etcd/etcd-client.pem"
- # Location of the Kubernetes API - this shouldn't need to be
- # changed so long as it is used in conjunction with
- # CONFIGURE_ETC_HOSTS="true".
- - name: K8S_API
- value: "https://kubernetes.default"
- # Configure /etc/hosts within the container to resolve
- # the kubernetes.default Service to the correct clusterIP
- # using the environment provided by the kubelet.
- # This removes the need for KubeDNS to resolve the Service.
- - name: CONFIGURE_ETC_HOSTS
- value: "true"
+ # Which controllers to run.
+ - name: ENABLED_CONTROLLERS
+ value: "policy,profile,workloadendpoint,node"
+ # Minimum log level to be displayed.
+ - name: LOG_LEVEL
+ value: "info"
+ # Period to perform reconciliation with the Calico datastore. Default is 5m.
+ - name: RECONCILER_PERIOD
+ value: "1m"
volumeMounts:
- mountPath: /var/lib/etcd/
name: etcd-certs
@@ -69,3 +91,57 @@
path: /var/lib/etcd
name: etcd-certs
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+ name: calico-kube-controllers
+ labels:
+ addonmanager.kubernetes.io/mode: Reconcile
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: calico-kube-controllers
+subjects:
+- kind: ServiceAccount
+ name: calico-kube-controllers
+ namespace: {{ common.addons.calico_policy.namespace }}
+
+---
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: calico-kube-controllers
+ labels:
+ addonmanager.kubernetes.io/mode: Reconcile
+rules:
+ - apiGroups:
+ - ""
+ - extensions
+ resources:
+ - pods
+ - namespaces
+ - networkpolicies
+ - nodes
+ verbs:
+ - watch
+ - list
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - networkpolicies
+ verbs:
+ - watch
+ - list
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: calico-kube-controllers
+ namespace: {{ common.addons.calico_policy.namespace }}
+ labels:
+ addonmanager.kubernetes.io/mode: Reconcile
diff --git a/kubernetes/files/kube-addons/virtlet/virtlet-ds.yml b/kubernetes/files/kube-addons/virtlet/virtlet-ds.yml
index 45d352f..1e75fb1 100644
--- a/kubernetes/files/kube-addons/virtlet/virtlet-ds.yml
+++ b/kubernetes/files/kube-addons/virtlet/virtlet-ds.yml
@@ -5,6 +5,7 @@
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
+ creationTimestamp: null
name: virtlet
namespace: {{ common.addons.virtlet.namespace }}
labels:
@@ -12,6 +13,7 @@
spec:
template:
metadata:
+ creationTimestamp: null
labels:
runtime: virtlet
name: virtlet
@@ -29,6 +31,12 @@
- command:
- /libvirt.sh
env:
+ - name: VIRTLET_SRIOV_SUPPORT
+ valueFrom:
+ configMapKeyRef:
+ key: sriov_support
+ name: virtlet-config
+ optional: true
- name: VIRTLET_DISABLE_KVM
valueFrom:
configMapKeyRef:
@@ -122,8 +130,6 @@
optional: true
- name: IMAGE_TRANSLATIONS_DIR
value: /etc/virtlet/images
- - name: KUBERNETES_POD_LOGS
- value: /kubernetes-log
image: {{ common.addons.virtlet.image }}
imagePullPolicy: IfNotPresent
name: virtlet
@@ -159,15 +165,9 @@
name: k8s-pods-dir
- mountPath: /var/log/vms
name: vms-log
- {%- if master.network.get('opencontrail', {}).get('enabled', False) %}
- - name: contrail-log
- mountPath: /var/log/contrail
- - name: contrail-data
- mountPath: /var/lib/contrail
- {%- endif %}
- mountPath: /etc/virtlet/images
name: image-name-translations
- - mountPath: /kubernetes-log
+ - mountPath: /var/log/pods
name: pods-log
- command:
- /vms.sh
@@ -186,9 +186,7 @@
name: dev
- mountPath: /lib/modules
name: modules
- {%- if master.network.get('opencontrail', {}).get('enabled', False) %}
dnsPolicy: ClusterFirstWithHostNet
- {%- endif %}
hostNetwork: true
hostPID: true
initContainers:
@@ -277,17 +275,6 @@
- configMap:
name: virtlet-image-translations
name: image-name-translations
- {%- if master.network.get('opencontrail', {}).get('enabled', False) %}
- - hostPath:
- path: /var/log/contrail
- name: contrail-log
- - hostPath:
- path: /var/lib/contrail
- name: contrail-data
- - hostPath:
- path: /virtlet
- name: virtlet-bin
- {%- endif %}
updateStrategy: {}
status:
currentNumberScheduled: 0
@@ -299,6 +286,7 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
+ creationTimestamp: null
name: virtlet
labels:
addonmanager.kubernetes.io/mode: Reconcile
@@ -315,6 +303,7 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
+ creationTimestamp: null
name: virtlet
namespace: {{ common.addons.virtlet.namespace }}
labels:
@@ -331,6 +320,7 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
+ creationTimestamp: null
name: configmap-reader
labels:
addonmanager.kubernetes.io/mode: Reconcile
@@ -348,6 +338,7 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
+ creationTimestamp: null
name: virtlet-userdata-reader
labels:
addonmanager.kubernetes.io/mode: Reconcile
@@ -364,6 +355,7 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
+ creationTimestamp: null
name: kubelet-node-binding
labels:
addonmanager.kubernetes.io/mode: Reconcile
@@ -380,6 +372,7 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
+ creationTimestamp: null
name: vm-userdata-binding
labels:
addonmanager.kubernetes.io/mode: Reconcile
@@ -396,6 +389,7 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
+ creationTimestamp: null
name: virtlet-crd
labels:
addonmanager.kubernetes.io/mode: Reconcile
@@ -418,6 +412,7 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
+ creationTimestamp: null
name: virtlet-crd
labels:
addonmanager.kubernetes.io/mode: Reconcile
@@ -434,6 +429,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
+ creationTimestamp: null
name: virtlet
namespace: {{ common.addons.virtlet.namespace }}
labels:
diff --git a/kubernetes/files/kubelet/default.master b/kubernetes/files/kubelet/default.master
index adf0f64..b3f0e41 100644
--- a/kubernetes/files/kubelet/default.master
+++ b/kubernetes/files/kubelet/default.master
@@ -13,6 +13,9 @@
--hostname-override={{ master.host.name }} \
--v={{ master.get('verbosity', 2) }} \
--node-labels=node-role.kubernetes.io/master=true \
+{%- if common.hyperkube.pause_image is defined %}
+--pod-infra-container-image={{ common.hyperkube.pause_image }} \
+{%- endif %}
{%- if salt['pkg.version_cmp'](version,'1.8') >= 0 %}
--fail-swap-on={{ master.kubelet.fail_on_swap }} \
{%- if common.addons.get('virtlet', {}).get('enabled') %}
diff --git a/kubernetes/files/kubelet/default.pool b/kubernetes/files/kubelet/default.pool
index 19bb8f6..06f2cf4 100644
--- a/kubernetes/files/kubelet/default.pool
+++ b/kubernetes/files/kubelet/default.pool
@@ -12,6 +12,9 @@
--cluster_domain={{ common.addons.dns.domain|replace('_', '-') }} \
--hostname-override={{ pool.host.name }} \
--v={{ pool.get('verbosity', 2) }} \
+{%- if common.hyperkube.pause_image is defined %}
+--pod-infra-container-image={{ common.hyperkube.pause_image }} \
+{%- endif %}
{%- if salt['pkg.version_cmp'](version,'1.8') >= 0 %}
--fail-swap-on={{ pool.kubelet.fail_on_swap }} \
{%- if common.addons.get('virtlet', {}).get('enabled') %}
diff --git a/kubernetes/files/manifest/kube-apiserver.manifest b/kubernetes/files/manifest/kube-apiserver.manifest
index dddf336..e22ac90 100644
--- a/kubernetes/files/manifest/kube-apiserver.manifest
+++ b/kubernetes/files/manifest/kube-apiserver.manifest
@@ -42,7 +42,6 @@
{%- if master.auth.get('token', {}).enabled|default(True) %}
--token-auth-file={{ master.auth.token.file|default("/srv/kubernetes/known_tokens.csv") }}
{%- endif %}
- --apiserver-count={{ master.apiserver.get('count', 1) }}
--etcd-quorum-read=true
--v={{ master.get('verbosity', 2) }}
--allow-privileged=True
@@ -50,6 +49,11 @@
{%- if salt['pkg.version_cmp'](version,'1.8') >= 0 %}
--feature-gates=MountPropagation=true
{%- endif %}
+ {%- if version|float >= 1.9 %}
+ --endpoint-reconciler-type={{ master.apiserver.get('endpoint-reconciler', 'lease') }}
+ {%- else %}
+ --apiserver-count={{ master.apiserver.get('count', 1) }}
+ {%- endif %}
{%- endif %}
{%- if master.auth.get('mode') %}
--authorization-mode={{ master.auth.mode }}
diff --git a/kubernetes/master/controller.sls b/kubernetes/master/controller.sls
index 720302d..a735a6b 100644
--- a/kubernetes/master/controller.sls
+++ b/kubernetes/master/controller.sls
@@ -123,7 +123,6 @@
{%- if master.auth.get('token', {}).enabled|default(True) %}
--token-auth-file={{ master.auth.token.file|default("/srv/kubernetes/known_tokens.csv") }}
{%- endif %}
- --apiserver-count={{ master.apiserver.get('count', 1) }}
--v={{ master.get('verbosity', 2) }}
--advertise-address={{ master.apiserver.address }}
--etcd-servers=
@@ -148,6 +147,12 @@
{%- if salt['pkg.version_cmp'](version,'1.8') >= 0 %}
--feature-gates=MountPropagation=true
{%- endif %}
+{%- if version|float >= 1.9 %}
+ --endpoint-reconciler-type={{ master.apiserver.get('endpoint-reconciler', 'lease') }}
+{%- else %}
+ --apiserver-count={{ master.apiserver.get('count', 1) }}
+{%- endif %}
+
{%- endif %}
{%- for key, value in master.get('apiserver', {}).get('daemon_opts', {}).items() %}
--{{ key }}={{ value }}
diff --git a/metadata/service/common.yml b/metadata/service/common.yml
index 161e025..0fa49df 100644
--- a/metadata/service/common.yml
+++ b/metadata/service/common.yml
@@ -35,7 +35,7 @@
server_image: mirantis/k8s-netchecker-server:stable
calico_policy:
enabled: False
- image: calico/kube-policy-controller:v0.5.4
+ image: docker-prod-virtual.docker.mirantis.net/mirantis/projectcalico/calico/kube-controllers:v1.0.4
namespace: kube-system
contrail_network_controller:
enabled: False
@@ -58,7 +58,7 @@
virtlet:
enabled: False
namespace: kube-system
- image: mirantis/virtlet:v1.0.0
+ image: mirantis/virtlet:v1.0.3
criproxy_version: v0.10.0
criproxy_source: md5=52717b1f70f15558ef4bdb0e4d4948da
cni:
diff --git a/metadata/service/master/single.yml b/metadata/service/master/single.yml
index 8eb6b63..223b4f0 100644
--- a/metadata/service/master/single.yml
+++ b/metadata/service/master/single.yml
@@ -53,7 +53,7 @@
tiller_image: gcr.io/kubernetes-helm/tiller:v2.4.2
calico_policy:
enabled: False
- image: calico/kube-policy-controller:v0.5.4
+ image: docker-prod-virtual.docker.mirantis.net/mirantis/projectcalico/calico/kube-controllers:v1.0.4
namespace: kube-system
contrail_network_controller:
enabled: False
@@ -62,7 +62,7 @@
virtlet:
enabled: False
namespace: kube-system
- image: mirantis/virtlet:v1.0.0
+ image: mirantis/virtlet:v1.0.3
token:
admin: ${_param:kubernetes_admin_token}
kubelet: ${_param:kubernetes_kubelet_token}
diff --git a/tests/pillar/master_cluster.sls b/tests/pillar/master_cluster.sls
index 9e8afa2..91c1ff3 100644
--- a/tests/pillar/master_cluster.sls
+++ b/tests/pillar/master_cluster.sls
@@ -40,7 +40,7 @@
hosts:
- cmp01
- cmp02
- image: mirantis/virtlet:v1.0.0
+ image: mirantis/virtlet:v1.0.3
monitoring:
backend: prometheus
master:
diff --git a/tests/pillar/master_contrail.sls b/tests/pillar/master_contrail.sls
index e86a293..32478f7 100644
--- a/tests/pillar/master_contrail.sls
+++ b/tests/pillar/master_contrail.sls
@@ -37,7 +37,7 @@
virtlet:
enabled: true
namespace: kube-system
- image: mirantis/virtlet:v1.0.0
+ image: mirantis/virtlet:v1.0.3
hosts:
- cmp01
- cmp02
diff --git a/tests/pillar/master_contrail4_0.sls b/tests/pillar/master_contrail4_0.sls
index ec48f54..e6c6085 100644
--- a/tests/pillar/master_contrail4_0.sls
+++ b/tests/pillar/master_contrail4_0.sls
@@ -37,7 +37,7 @@
virtlet:
enabled: true
namespace: kube-system
- image: mirantis/virtlet:v1.0.0
+ image: mirantis/virtlet:v1.0.3
hosts:
- cmp01
- cmp02
diff --git a/tests/pillar/pool_cluster.sls b/tests/pillar/pool_cluster.sls
index 4de3614..c75b87b 100644
--- a/tests/pillar/pool_cluster.sls
+++ b/tests/pillar/pool_cluster.sls
@@ -16,7 +16,7 @@
virtlet:
enabled: true
namespace: kube-system
- image: mirantis/virtlet:v1.0.0
+ image: mirantis/virtlet:v1.0.3
hosts:
- cmp01
- cmp02
diff --git a/tests/pillar/pool_cluster_with_domain.sls b/tests/pillar/pool_cluster_with_domain.sls
index 271d762..4fea3dc 100644
--- a/tests/pillar/pool_cluster_with_domain.sls
+++ b/tests/pillar/pool_cluster_with_domain.sls
@@ -16,7 +16,7 @@
virtlet:
enabled: true
namespace: kube-system
- image: mirantis/virtlet:v1.0.0
+ image: mirantis/virtlet:v1.0.3
hosts:
- cmp01
- cmp02
diff --git a/tests/pillar/pool_contrail4_0.sls b/tests/pillar/pool_contrail4_0.sls
index f396906..98c1cf7 100644
--- a/tests/pillar/pool_contrail4_0.sls
+++ b/tests/pillar/pool_contrail4_0.sls
@@ -16,7 +16,7 @@
virtlet:
enabled: true
namespace: kube-system
- image: mirantis/virtlet:v1.0.0
+ image: mirantis/virtlet:v1.0.3
hosts:
- cmp01
- cmp02