├── kuryr_kubernetes ├── __init__.py ├── cni │ ├── __init__.py │ ├── binding │ │ └── __init__.py │ ├── daemon │ │ └── __init__.py │ ├── plugins │ │ ├── __init__.py │ │ └── base.py │ ├── main.py │ └── prometheus_exporter.py ├── handlers │ ├── __init__.py │ ├── base.py │ ├── health.py │ └── logging.py ├── tests │ ├── __init__.py │ ├── unit │ │ ├── __init__.py │ │ ├── cmd │ │ │ ├── __init__.py │ │ │ ├── eventlet │ │ │ │ ├── __init__.py │ │ │ │ └── test_controller.py │ │ │ └── test_daemon.py │ │ ├── cni │ │ │ ├── __init__.py │ │ │ ├── plugins │ │ │ │ └── __init__.py │ │ │ ├── test_utils.py │ │ │ ├── test_main.py │ │ │ └── test_handlers.py │ │ ├── handlers │ │ │ ├── __init__.py │ │ │ ├── test_health.py │ │ │ ├── test_k8s_base.py │ │ │ └── test_logging.py │ │ ├── controller │ │ │ ├── __init__.py │ │ │ ├── drivers │ │ │ │ ├── __init__.py │ │ │ │ └── test_default_security_groups.py │ │ │ ├── handlers │ │ │ │ ├── __init__.py │ │ │ │ ├── test_fake_handler.py │ │ │ │ └── test_pipeline.py │ │ │ ├── managers │ │ │ │ └── __init__.py │ │ │ └── test_service.py │ │ ├── kuryr_fixtures.py │ │ ├── test_clients.py │ │ └── test_linux_net_utils.py │ └── base.py ├── cmd │ ├── sanity │ │ └── __init__.py │ ├── eventlet │ │ ├── __init__.py │ │ └── controller.py │ ├── cni.py │ ├── daemon.py │ ├── __init__.py │ └── gather_openstack_data.py ├── controller │ ├── __init__.py │ ├── drivers │ │ ├── __init__.py │ │ ├── default_subnet.py │ │ ├── annotation_project.py │ │ └── nested_vif.py │ ├── handlers │ │ ├── __init__.py │ │ ├── policy.py │ │ └── machine.py │ └── managers │ │ └── __init__.py ├── objects │ ├── __init__.py │ ├── fields.py │ ├── base.py │ └── vif.py ├── version.py ├── os_vif_plug_noop.py ├── linux_net_utils.py ├── opts.py └── health.py ├── babel.cfg ├── releasenotes ├── source │ ├── _static │ │ └── .placeholder │ ├── _templates │ │ └── .placeholder │ ├── unreleased.rst │ ├── zed.rst │ ├── xena.rst │ ├── yoga.rst │ ├── rocky.rst │ ├── stein.rst │ ├── train.rst │ ├── 2023.1.rst │ ├── queens.rst │ ├── ussuri.rst │ ├── wallaby.rst │ ├── victoria.rst │ ├── index.rst │ └── README.rst └── notes │ ├── started-using-reno-90dbe9da108ec5c4.yaml │ ├── remove-run-server-aca25a2d9d723dc7.yaml │ ├── cri-o-support-ab7e810775754ea7.yaml │ ├── remove-non-daemon-836e4825384b1b88.yaml │ ├── drop-py27-60f55b6bc1d082bc.yaml │ ├── network-device-mtu-default-90faa7d685d4d0ec.yaml │ ├── stein-upgrade-226c8e7b735701ee.yaml │ ├── containerization-2fba4dac5c097b19.yaml │ ├── network-policy-support-on-services-without-selectors-fea06ab71a8a6f2a.yaml │ ├── make-lbaas-timeout-configurable-8624ea32971c0cbe.yaml │ ├── remove-physical-device-mapping-15d614b70c68fc73.yaml │ ├── zuul-v3-native-gates-4ed7698667a7b92e.yaml │ ├── remove-sriov-5f44deb951264510.yaml │ ├── changing-default-url-for-k8s-api-42c3b90183783291.yaml │ ├── drop-ingress-d78a7a9be8f20da1.yaml │ ├── change-cni-daemon-default-port-e968a83fa1bf30b5.yaml │ ├── svc-without-selectors-f36bab0883459b80.yaml │ ├── support-specify-project-by-namespace-annotation-18bc6eca729bff5e.yaml │ ├── active-passive-ha-cfbda8e6b527b48e.yaml │ ├── octavia-acls-7452d3406d75ea15.yaml │ ├── deprecate-sg-mode-option-96824c33335cd74b.yaml │ ├── deprecate-handlers-caching-9cdfd772aba9a7ce.yaml │ ├── deprecate-worker-nodes-subnet-e452c84df5b5ed5c.yaml │ ├── network-namespace-2353f8013be398cd.yaml │ ├── kuryr-daemon-f09075b9eb60388f.yaml │ ├── make-listener-timeouts-configurable-f563d85eg6c6fe6d.yaml │ ├── add-tagging-ce56231f58bf7ad0.yaml │ ├── bp-openshift-router-support-5f28108b39a2826f.yaml │ ├── k8s-client-token-default-882ec49d1faffc29.yaml │ ├── deprecate_lbaasv2-a524aedf5d3a36bc.yaml │ ├── golang-kuryr-cni-aab144831d4dc9dd.yaml │ ├── fault-tolerable-watcher-24c51dbccabf5f17.yaml │ ├── cni-health-checks-d2b70f2f2551a9fc.yaml │ ├── deprecate-non-daemonized-6dd2154238b1628c.yaml │ ├── oslo-caching-b11881cfb9dc306c.yaml │ ├── make-handlers-pluggable-844475484771ffd6.yaml │ ├── make-ext-subnet-optional-99e73bfcbde96c22.yaml │ ├── reusable-pool-drivers-00e7fdc1f4738441.yaml │ └── multivif-pools-1cec757c77a8c4f8.yaml ├── devstack ├── files │ ├── debs │ │ └── kuryr-kubernetes │ └── rpms │ │ └── kuryr-kubernetes ├── kubectl ├── local.conf.pod-in-vm.undercloud.ovn.sample ├── local.conf.pod-in-vm.undercloud.sample ├── local.conf.worker.sample └── local.conf.pod-in-vm.overcloud.sample ├── .dockerignore ├── doc ├── source │ ├── readme.rst │ ├── usage.rst │ ├── contributor │ │ └── index.rst │ ├── installation │ │ ├── https_kubernetes.rst │ │ ├── devstack │ │ │ ├── index.rst │ │ │ ├── ports-pool.rst │ │ │ ├── nested-macvlan.rst │ │ │ └── containerized.rst │ │ ├── index.rst │ │ ├── trunk_ports.rst │ │ ├── listener_timeouts.rst │ │ └── multi_vif_with_npwg_spec.rst │ ├── index.rst │ ├── devref │ │ ├── index.rst │ │ └── kuryr_kubernetes_versions.rst │ ├── nested_vlan_mode.rst │ └── conf.py ├── images │ ├── controller_pipeline.png │ ├── fuxi_k8s_components.png │ ├── kuryr_k8s_components.png │ ├── pod_creation_flow_daemon.png │ ├── service_creation_diagram.png │ └── vif_handler_drivers_design.png └── requirements.txt ├── openshift-kuryr.tmpfs ├── contrib ├── devstack-heat │ ├── .gitignore │ └── hot │ │ ├── parameters.yml │ │ ├── distro_deps.sh │ │ └── networking_deployment.yaml ├── testing │ └── container │ │ ├── Dockerfile │ │ └── build.sh ├── kubectl_plugins │ ├── kubectl_kuryr_plugin_1080.gif │ ├── kuryr │ │ └── plugin.yaml │ └── README.rst ├── vagrant │ ├── config │ │ └── kuryr_rc │ ├── vagrant.sh │ ├── Vagrantfile │ └── devstack.sh ├── regenerate_controller_pod.sh ├── sctp_client.py └── regenerate_pod_resources_api.sh ├── kuryr_cni ├── hack │ ├── update-deps.sh │ └── build-go.sh ├── README ├── go.mod └── vendor │ ├── modules.txt │ └── github.com │ └── containernetworking │ └── cni │ └── pkg │ └── version │ ├── conf.go │ ├── reconcile.go │ └── version.go ├── images └── iptables-scripts │ ├── iptables │ └── ip6tables ├── .stestr.conf ├── .gitreview ├── .ci-operator.yaml ├── OWNERS ├── etc ├── oslo-config-generator │ └── kuryr.conf └── cni │ └── net.d │ ├── 10-kuryr.conflist │ └── kuryr.conflist.template ├── kuryr.logrotate ├── .pre-commit-config.yaml ├── HACKING.rst ├── playbooks ├── get_amphora_tarball.yaml ├── copy-crio-logs.yaml └── copy-k8s-logs.yaml ├── kuryr-cni.service ├── kuryr-controller.service ├── .coveragerc ├── cni_ds_init ├── openshift-kuryr-tester-rhel8.Dockerfile ├── test-requirements.txt ├── CONTRIBUTING.rst ├── kubernetes_crds ├── network_attachment_definition_crd.yaml └── kuryr_crds │ ├── kuryrport.yaml │ └── kuryrnetwork.yaml ├── openshift-kuryr-controller-rhel8.Dockerfile ├── setup.py ├── .gitignore ├── controller.Dockerfile ├── requirements.txt ├── tools ├── gate │ └── copy_crio_logs.sh ├── build-rpm-rhel8.sh └── generate_config_file_samples.sh ├── README.rst ├── openshift-kuryr-cni-rhel8.Dockerfile ├── cni.Dockerfile ├── .zuul.d ├── project.yaml └── nodesets.yaml └── tox.ini /kuryr_kubernetes/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kuryr_kubernetes/cni/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /babel.cfg: -------------------------------------------------------------------------------- 1 | [python: **.py] 2 | 3 | -------------------------------------------------------------------------------- /kuryr_kubernetes/handlers/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kuryr_kubernetes/tests/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kuryr_kubernetes/cmd/sanity/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kuryr_kubernetes/cni/binding/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kuryr_kubernetes/cni/daemon/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kuryr_kubernetes/cni/plugins/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kuryr_kubernetes/controller/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kuryr_kubernetes/tests/unit/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kuryr_kubernetes/tests/unit/cmd/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kuryr_kubernetes/tests/unit/cni/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /releasenotes/source/_static/.placeholder: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /releasenotes/source/_templates/.placeholder: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /devstack/files/debs/kuryr-kubernetes: -------------------------------------------------------------------------------- 1 | golang 2 | -------------------------------------------------------------------------------- /devstack/files/rpms/kuryr-kubernetes: -------------------------------------------------------------------------------- 1 | golang 2 | -------------------------------------------------------------------------------- /kuryr_kubernetes/controller/drivers/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kuryr_kubernetes/controller/handlers/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kuryr_kubernetes/controller/managers/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kuryr_kubernetes/tests/unit/handlers/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kuryr_kubernetes/tests/unit/cmd/eventlet/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kuryr_kubernetes/tests/unit/cni/plugins/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kuryr_kubernetes/tests/unit/controller/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | .tox 2 | .dockerignore 3 | *.Dockerfile 4 | -------------------------------------------------------------------------------- /doc/source/readme.rst: -------------------------------------------------------------------------------- 1 | .. include:: ../../README.rst 2 | -------------------------------------------------------------------------------- /kuryr_kubernetes/tests/unit/controller/drivers/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /openshift-kuryr.tmpfs: -------------------------------------------------------------------------------- 1 | d /var/run/kuryr 0755 kuryr root 2 | -------------------------------------------------------------------------------- /kuryr_kubernetes/tests/unit/controller/handlers/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kuryr_kubernetes/tests/unit/controller/managers/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /contrib/devstack-heat/.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | *.pem 3 | __pycache__ 4 | *.pyc 5 | -------------------------------------------------------------------------------- /kuryr_cni/hack/update-deps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | go mod vendor 3 | go mod tidy 4 | -------------------------------------------------------------------------------- /images/iptables-scripts/iptables: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | exec chroot /host /sbin/iptables "$@" 4 | -------------------------------------------------------------------------------- /.stestr.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | test_path=${OS_TEST_PATH:-./kuryr_kubernetes/tests/} 3 | top_dir=./ 4 | -------------------------------------------------------------------------------- /images/iptables-scripts/ip6tables: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | exec chroot /host /sbin/ip6tables "$@" 4 | -------------------------------------------------------------------------------- /kuryr_cni/README: -------------------------------------------------------------------------------- 1 | This is golang part of Kuryr, that is the CNI plugin that gets injected into 2 | the host. -------------------------------------------------------------------------------- /.gitreview: -------------------------------------------------------------------------------- 1 | [gerrit] 2 | host=review.opendev.org 3 | port=29418 4 | project=openstack/kuryr-kubernetes.git 5 | -------------------------------------------------------------------------------- /devstack/kubectl: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | /usr/local/bin/hyperkube kubectl "--kubeconfig=${HOME}/.kube/config" "$@" 4 | -------------------------------------------------------------------------------- /releasenotes/notes/started-using-reno-90dbe9da108ec5c4.yaml: -------------------------------------------------------------------------------- 1 | other: 2 | - Started using reno for release notes. 3 | -------------------------------------------------------------------------------- /contrib/testing/container/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | ADD kuryr_testing_rootfs.tar.gz / 3 | CMD ["/usr/bin/kuryr_hostname"] 4 | -------------------------------------------------------------------------------- /kuryr_kubernetes/objects/__init__.py: -------------------------------------------------------------------------------- 1 | def register_locally_defined_vifs(): 2 | __import__('kuryr_kubernetes.objects.vif') 3 | -------------------------------------------------------------------------------- /doc/images/controller_pipeline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/kuryr-kubernetes/HEAD/doc/images/controller_pipeline.png -------------------------------------------------------------------------------- /doc/images/fuxi_k8s_components.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/kuryr-kubernetes/HEAD/doc/images/fuxi_k8s_components.png -------------------------------------------------------------------------------- /doc/images/kuryr_k8s_components.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/kuryr-kubernetes/HEAD/doc/images/kuryr_k8s_components.png -------------------------------------------------------------------------------- /doc/source/usage.rst: -------------------------------------------------------------------------------- 1 | ===== 2 | Usage 3 | ===== 4 | 5 | To use kuryr-kubernetes in a project:: 6 | 7 | import kuryr_kubernetes 8 | -------------------------------------------------------------------------------- /.ci-operator.yaml: -------------------------------------------------------------------------------- 1 | build_root_image: 2 | name: release 3 | namespace: openshift 4 | tag: rhel-8-release-golang-1.20-openshift-4.14 5 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - gryf 3 | - mandre 4 | - pierreprinetti 5 | - stephenfin 6 | 7 | component: "Networking" 8 | subcomponent: "kuryr" 9 | -------------------------------------------------------------------------------- /doc/images/pod_creation_flow_daemon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/kuryr-kubernetes/HEAD/doc/images/pod_creation_flow_daemon.png -------------------------------------------------------------------------------- /doc/images/service_creation_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/kuryr-kubernetes/HEAD/doc/images/service_creation_diagram.png -------------------------------------------------------------------------------- /etc/oslo-config-generator/kuryr.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | output_file = etc/kuryr.conf.sample 3 | wrap_width = 79 4 | namespace = kuryr_kubernetes 5 | -------------------------------------------------------------------------------- /kuryr.logrotate: -------------------------------------------------------------------------------- 1 | /var/log/kuryr/*.log { 2 | rotate 14 3 | size 10M 4 | missingok 5 | compress 6 | copytruncate 7 | } 8 | -------------------------------------------------------------------------------- /doc/images/vif_handler_drivers_design.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/kuryr-kubernetes/HEAD/doc/images/vif_handler_drivers_design.png -------------------------------------------------------------------------------- /releasenotes/source/unreleased.rst: -------------------------------------------------------------------------------- 1 | ============================ 2 | Current Series Release Notes 3 | ============================ 4 | 5 | .. release-notes:: 6 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | - repo: https://github.com/pre-commit/pre-commit-hooks 3 | rev: v1.4.0 4 | hooks: 5 | - id: flake8 6 | 7 | -------------------------------------------------------------------------------- /contrib/kubectl_plugins/kubectl_kuryr_plugin_1080.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/kuryr-kubernetes/HEAD/contrib/kubectl_plugins/kubectl_kuryr_plugin_1080.gif -------------------------------------------------------------------------------- /contrib/vagrant/config/kuryr_rc: -------------------------------------------------------------------------------- 1 | export OS_USERNAME=admin 2 | export OS_PASSWORD=pass 3 | export OS_PROJECT_NAME=admin 4 | export OS_AUTH_URL=http://127.0.0.1/identity 5 | -------------------------------------------------------------------------------- /releasenotes/source/zed.rst: -------------------------------------------------------------------------------- 1 | ======================== 2 | Zed Series Release Notes 3 | ======================== 4 | 5 | .. release-notes:: 6 | :branch: stable/zed 7 | -------------------------------------------------------------------------------- /releasenotes/source/xena.rst: -------------------------------------------------------------------------------- 1 | ========================= 2 | Xena Series Release Notes 3 | ========================= 4 | 5 | .. release-notes:: 6 | :branch: stable/xena 7 | -------------------------------------------------------------------------------- /releasenotes/source/yoga.rst: -------------------------------------------------------------------------------- 1 | ========================= 2 | Yoga Series Release Notes 3 | ========================= 4 | 5 | .. release-notes:: 6 | :branch: stable/yoga 7 | -------------------------------------------------------------------------------- /releasenotes/source/rocky.rst: -------------------------------------------------------------------------------- 1 | ========================== 2 | Rocky Series Release Notes 3 | ========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/rocky 7 | -------------------------------------------------------------------------------- /releasenotes/source/stein.rst: -------------------------------------------------------------------------------- 1 | ========================== 2 | Stein Series Release Notes 3 | ========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/stein 7 | -------------------------------------------------------------------------------- /releasenotes/source/train.rst: -------------------------------------------------------------------------------- 1 | ========================== 2 | Train Series Release Notes 3 | ========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/train 7 | -------------------------------------------------------------------------------- /releasenotes/source/2023.1.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | 2023.1 Series Release Notes 3 | =========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/2023.1 7 | -------------------------------------------------------------------------------- /releasenotes/source/queens.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | Queens Series Release Notes 3 | =========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/queens 7 | -------------------------------------------------------------------------------- /releasenotes/source/ussuri.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | Ussuri Series Release Notes 3 | =========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/ussuri 7 | -------------------------------------------------------------------------------- /releasenotes/source/wallaby.rst: -------------------------------------------------------------------------------- 1 | ============================ 2 | Wallaby Series Release Notes 3 | ============================ 4 | 5 | .. release-notes:: 6 | :branch: stable/wallaby 7 | -------------------------------------------------------------------------------- /doc/source/contributor/index.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | Contributor Documentation 3 | =========================== 4 | 5 | .. toctree:: 6 | :maxdepth: 2 7 | 8 | contributing 9 | -------------------------------------------------------------------------------- /releasenotes/source/victoria.rst: -------------------------------------------------------------------------------- 1 | ============================= 2 | Victoria Series Release Notes 3 | ============================= 4 | 5 | .. release-notes:: 6 | :branch: stable/victoria 7 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-run-server-aca25a2d9d723dc7.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | The scripts/run_server.py scripts gets removed as we no longer use it in 5 | DevStack plugin. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/cri-o-support-ab7e810775754ea7.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added support for using cri-o (and podman & buildah) as container engine in 5 | both container images and DevStack. 6 | -------------------------------------------------------------------------------- /HACKING.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | kuryr-kubernetes Style Commandments 3 | =================================== 4 | 5 | Read the OpenStack Style Commandments https://docs.openstack.org/hacking/latest 6 | -------------------------------------------------------------------------------- /kuryr_cni/go.mod: -------------------------------------------------------------------------------- 1 | module main 2 | 3 | go 1.15 4 | 5 | require ( 6 | github.com/containernetworking/cni v0.8.1 7 | github.com/onsi/ginkgo v1.16.1 // indirect 8 | github.com/onsi/gomega v1.11.0 // indirect 9 | ) 10 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-non-daemon-836e4825384b1b88.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | As announced, possiblity of running Kuryr-Kubernetes without kuryr-daemon 5 | service is now removed from the project and considered not supported. 6 | -------------------------------------------------------------------------------- /etc/cni/net.d/10-kuryr.conflist: -------------------------------------------------------------------------------- 1 | { 2 | "name": "kuryr", 3 | "cniVersion": "0.3.1", 4 | "plugins": [ 5 | { 6 | "type": "kuryr-cni", 7 | "kuryr_conf": "/etc/kuryr/kuryr.conf", 8 | "debug": true 9 | } 10 | ] 11 | } 12 | -------------------------------------------------------------------------------- /etc/cni/net.d/kuryr.conflist.template: -------------------------------------------------------------------------------- 1 | { 2 | "name": "kuryr", 3 | "cniVersion": "0.3.1", 4 | "plugins": [ 5 | { 6 | "type": "kuryr-cni", 7 | "kuryr_conf": "/etc/kuryr/kuryr.conf", 8 | "debug": true 9 | } 10 | ] 11 | } 12 | -------------------------------------------------------------------------------- /releasenotes/notes/drop-py27-60f55b6bc1d082bc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Python 2.7 support has been dropped. Last release of Kuryr-Kubernetes to support 5 | py2.7 is OpenStack Train. The minimum version of Python now supported by 6 | Kuryr-Kubernetes is Python 3.6. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/network-device-mtu-default-90faa7d685d4d0ec.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | In order to match the default value of MTU defined 5 | in Neutron, regardless of the SDN used, the default 6 | value ``[neutron_defaults]network_device_mtu`` is now 7 | set to 0. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/stein-upgrade-226c8e7b735701ee.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Before upgrading to T (0.7.x) run ``kuryr-k8s-status upgrade check`` to 5 | check if upgrade is possible. In case of negative result refer to 6 | kuryr-kubernetes documentation for mitigation steps. 7 | -------------------------------------------------------------------------------- /playbooks/get_amphora_tarball.yaml: -------------------------------------------------------------------------------- 1 | - hosts: controller 2 | tasks: 3 | - name: Download amphora tarball 4 | get_url: 5 | url: "https://tarballs.openstack.org/octavia/test-images/test-only-amphora-x64-haproxy-ubuntu-focal.qcow2" 6 | dest: /tmp/test-only-amphora-x64-haproxy-ubuntu-focal.qcow2 7 | -------------------------------------------------------------------------------- /releasenotes/notes/containerization-2fba4dac5c097b19.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Kuryr can now be run in containers on top of K8s cluster it is providing 5 | networking for. A tool to generate K8s resource definitions is provided. 6 | More information can be found in the kuryr-kubernetes documentation. 7 | -------------------------------------------------------------------------------- /doc/requirements.txt: -------------------------------------------------------------------------------- 1 | # The order of packages is significant, because pip processes them in the order 2 | # of appearance. Changing the order has an impact on the overall integration 3 | # process, which may cause wedges in the gate later. 4 | sphinx>=2.0.0,!=2.1.0 # BSD 5 | openstackdocstheme>=2.2.1 # Apache-2.0 6 | reno>=3.1.0 # Apache-2.0 7 | -------------------------------------------------------------------------------- /contrib/devstack-heat/hot/parameters.yml: -------------------------------------------------------------------------------- 1 | parameter_defaults: 2 | vm_net_cidr: 10.11.0.0/24 3 | vm_net_gateway: 10.11.0.1 4 | public_net: 316eeb47-1498-46b4-b39e-00ddf73bd2a5 5 | image: Ubuntu20.04 6 | flavor: m1.xlarge 7 | 8 | resource_registry: 9 | OS::Kuryr::DevstackNetworking: networking_deployment.yaml 10 | OS::Kuryr::DevstackNode: node.yaml 11 | -------------------------------------------------------------------------------- /kuryr_cni/hack/build-go.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -eu 3 | cmd=kuryr-cni 4 | eval $(go env | grep -e "GOHOSTOS" -e "GOHOSTARCH") 5 | GOOS=${GOOS:-${GOHOSTOS}} 6 | GOARCH=${GOACH:-${GOHOSTARCH}} 7 | GOFLAGS=${GOFLAGS:-} 8 | GLDFLAGS=${GLDFLAGS:-} 9 | CGO_ENABLED=0 GOOS=${GOOS} GOARCH=${GOARCH} go build ${GOFLAGS} -ldflags "${GLDFLAGS}" -o bin/${cmd} pkg/* 10 | -------------------------------------------------------------------------------- /releasenotes/notes/network-policy-support-on-services-without-selectors-fea06ab71a8a6f2a.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Kuryr can now handle egress Network Policy that allows 5 | traffic to Pods being Pointed by a Service without Selector. 6 | Also, ingress Network Policy is not enforced on Services 7 | without Selectors when the Octavia provider is Amphora. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/make-lbaas-timeout-configurable-8624ea32971c0cbe.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | As the openstack performance differs in production environments, 5 | fixed timeout of LBaaS activation might create the kuryr-kubernetes error. 6 | In order to adapt to the environment, a new option 7 | ``[neutron_defaults]lbaas_activation_timeout`` was added. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-physical-device-mapping-15d614b70c68fc73.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Since kuryr-kubernetes works with pod-resource-service 5 | provided by kubelet, and now it can get particular virtual 6 | function chosen by sriov-device-plugin to compute, there 7 | is no need to keep config option mapping physnets to 8 | physical devices. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/zuul-v3-native-gates-4ed7698667a7b92e.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Migrated all upstream gates to Zuul V3 [1] native format. This commit also 5 | introduces several new (for now) experimental gates such as multinode and 6 | centos-7 based. These will be moved to check and voting once they have been 7 | behaving at a stable pace for some time. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-sriov-5f44deb951264510.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prelude: > 3 | In this release we're removing SR-IOV support completely from Kuryr. The 4 | motivation is that it is not tested upstream or maintained. Moreover the 5 | preferred way of attaching additional SR-IOV ports is to use Multus. 6 | upgrade: 7 | - | 8 | Support for SR-IOV additional ports is removed in this release. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/changing-default-url-for-k8s-api-42c3b90183783291.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Option 'api_root' from kubernetes section changed default value from: 5 | 6 | .. code-block:: ini 7 | 8 | [kubernetes] 9 | api_root=http://localhost:8080 10 | 11 | to: 12 | 13 | .. code-block:: ini 14 | 15 | [kubernetes] 16 | api_root=https://localhost:6443 17 | -------------------------------------------------------------------------------- /releasenotes/notes/drop-ingress-d78a7a9be8f20da1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | Support for OpenShift's Routes (Ingress) gets removed as is not mantained 5 | nor tested, and openshift route pods can be used instead. 6 | - | 7 | Support for namespace isolation is now deprecated and will be removed on 8 | the first occasion as the same effect can now be achieved using Network 9 | Policies support. 10 | -------------------------------------------------------------------------------- /kuryr-cni.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=OpenShift Kuryr-Kubernetes CNI daemon 3 | After=syslog.target network.target 4 | 5 | [Service] 6 | Type=simple 7 | User=root 8 | ExecStart=/usr/bin/kuryr-daemon --config-file /etc/kuryr/kuryr.conf --log-file /var/log/kuryr/kuryr-cni.log 9 | PrivateTmp=true 10 | KillMode=process 11 | Restart=on-failure 12 | TimeoutStartSec=0 13 | TimeoutStopSec=10 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | -------------------------------------------------------------------------------- /kuryr-controller.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=OpenShift Kuryr-Kubernetes controller 3 | After=syslog.target network.target 4 | 5 | [Service] 6 | Type=simple 7 | User=kuryr 8 | ExecStart=/usr/bin/kuryr-k8s-controller --config-file /etc/kuryr/kuryr.conf --log-file /var/log/kuryr/kuryr-controller.log 9 | PrivateTmp=true 10 | KillMode=process 11 | Restart=on-failure 12 | TimeoutStartSec=0 13 | 14 | [Install] 15 | WantedBy=multi-user.target 16 | -------------------------------------------------------------------------------- /releasenotes/notes/change-cni-daemon-default-port-e968a83fa1bf30b5.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | kuryr-daemon used to listen on port 50036, but that's a port from local 5 | range (on Ubuntu and RHEL default range is 32768-60999). This means that 6 | there might have been a port conflict ("address already in use"). To avoid 7 | that the default value of ``[cni_daemon]bind_address`` option was changed 8 | to ``127.0.0.1:5036``. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/svc-without-selectors-f36bab0883459b80.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added support for Services without Selectors. Kuryr now handles Services 5 | that do not define the .spec.selector, allowing the user to manually 6 | manage the Endpoints object. When using ovn-octavia provider, Kuryr 7 | only creates the Load Balancer resources for this type of Service if 8 | the IPs on Endpoints are on the Pods or Nodes Subnet. 9 | -------------------------------------------------------------------------------- /.coveragerc: -------------------------------------------------------------------------------- 1 | [run] 2 | branch = True 3 | source = kuryr_kubernetes 4 | omit = kuryr_kubernetes/tests/* 5 | 6 | 7 | [report] 8 | ignore_errors = True 9 | exclude_lines = 10 | # Have to re-enable the standard pragma 11 | pragma: no cover 12 | 13 | # Don't complain if tests don't hit defensive assertion code: 14 | raise NotImplementedError 15 | 16 | # Don't complain if non-runnable code isn't run: 17 | if __name__ == .__main__.: 18 | -------------------------------------------------------------------------------- /releasenotes/notes/support-specify-project-by-namespace-annotation-18bc6eca729bff5e.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Introduced a new project driver that is able to specify different project 5 | for each namespace. 6 | 7 | .. code-block:: ini 8 | 9 | [kubernetes] 10 | pod_project_driver = annotation 11 | service_project_driver = annotation 12 | namespace_project_driver = annotation 13 | network_policy_project_driver = annotation 14 | -------------------------------------------------------------------------------- /releasenotes/source/index.rst: -------------------------------------------------------------------------------- 1 | ======================================================== 2 | Welcome to Kuryr-Kubernetes Release Notes documentation! 3 | ======================================================== 4 | 5 | Contents 6 | -------- 7 | 8 | .. toctree:: 9 | :maxdepth: 1 10 | 11 | README.rst 12 | unreleased 13 | 2023.1 14 | zed 15 | yoga 16 | xena 17 | wallaby 18 | victoria 19 | ussuri 20 | train 21 | stein 22 | rocky 23 | queens 24 | -------------------------------------------------------------------------------- /contrib/kubectl_plugins/kuryr/plugin.yaml: -------------------------------------------------------------------------------- 1 | name: kuryr 2 | shortDesc: "OpenStack kuryr tools" 3 | tree: 4 | - name: get 5 | shortDesc: "Retrieves Kuryr managed resources" 6 | command: "./kuryr get" 7 | flags: 8 | - name: selector 9 | shorthand: l 10 | desc: "Selects which pods to find kuryr vif info for" 11 | defValue: "" 12 | - name: output 13 | shorthand: o 14 | desc: How to format the output 15 | defValue: tabular 16 | -------------------------------------------------------------------------------- /playbooks/copy-crio-logs.yaml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | tasks: 3 | - set_fact: 4 | devstack_base_dir: /opt/stack 5 | when: devstack_base_dir is not defined 6 | 7 | - name: Copy CRI-O logs 8 | shell: 9 | cmd: "{{ devstack_base_dir }}/kuryr-kubernetes/tools/gate/copy_crio_logs.sh" 10 | executable: /bin/bash 11 | chdir: "{{ zuul.project.src_dir }}" 12 | environment: 13 | DEVSTACK_BASE_DIR: "{{ devstack_base_dir }}" 14 | become: true 15 | -------------------------------------------------------------------------------- /kuryr_cni/vendor/modules.txt: -------------------------------------------------------------------------------- 1 | # github.com/containernetworking/cni v0.8.1 2 | ## explicit 3 | github.com/containernetworking/cni/pkg/skel 4 | github.com/containernetworking/cni/pkg/types 5 | github.com/containernetworking/cni/pkg/types/020 6 | github.com/containernetworking/cni/pkg/types/current 7 | github.com/containernetworking/cni/pkg/utils 8 | github.com/containernetworking/cni/pkg/version 9 | # github.com/onsi/ginkgo v1.16.1 10 | ## explicit 11 | # github.com/onsi/gomega v1.11.0 12 | ## explicit 13 | -------------------------------------------------------------------------------- /cni_ds_init: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | function cleanup() { 4 | rm -f "/etc/cni/net.d/10-kuryr.conflist" 5 | rm -f "/opt/cni/bin/kuryr-cni" 6 | } 7 | 8 | function deploy() { 9 | # Copy the binary into the designated location 10 | cp /kuryr-cni "/opt/cni/bin/kuryr-cni" 11 | chmod +x /opt/cni/bin/kuryr-cni 12 | cp /etc/kuryr-cni/10-kuryr.conflist /etc/cni/net.d/10-kuryr.conflist 13 | } 14 | 15 | cleanup 16 | deploy 17 | 18 | exec kuryr-daemon --config-file /etc/kuryr/kuryr.conf 19 | -------------------------------------------------------------------------------- /contrib/regenerate_controller_pod.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -o errexit 4 | 5 | KURYR_DIR=${KURYR_DIR:-/opt/stack/kuryr-kubernetes} 6 | KURYR_CONTROLLER_NAME=${KURYR_CONTROLLER_NAME:-kuryr-controller} 7 | 8 | function build_tagged_container { 9 | docker build -t kuryr/controller -f $KURYR_DIR/controller.Dockerfile $KURYR_DIR 10 | } 11 | 12 | function recreate_controller { 13 | kubectl delete pods -n kube-system -l name=$KURYR_CONTROLLER_NAME 14 | } 15 | 16 | build_tagged_container 17 | recreate_controller 18 | -------------------------------------------------------------------------------- /playbooks/copy-k8s-logs.yaml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | tasks: 3 | - set_fact: 4 | devstack_base_dir: /opt/stack 5 | when: devstack_base_dir is not defined 6 | 7 | - name: Copy Kubernetes resources and pods logs 8 | shell: 9 | cmd: "{{ devstack_base_dir }}/kuryr-kubernetes/tools/gate/copy_k8s_logs.sh" 10 | executable: /bin/bash 11 | chdir: "{{ zuul.project.src_dir }}" 12 | environment: 13 | DEVSTACK_BASE_DIR: "{{ devstack_base_dir }}" 14 | become: true 15 | -------------------------------------------------------------------------------- /releasenotes/notes/active-passive-ha-cfbda8e6b527b48e.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Kuryr-Kubernetes now supports running kuryr-controller service in 5 | **Active/Passive HA mode**. This is only possible when running those services 6 | as Pods on Kubernetes cluster, as Kubernetes is used for leader election. 7 | Also it is required to add leader-elector container to the kuryr-controller 8 | Pods. HA is controlled by ``[kubernetes]controller_ha`` option, which 9 | defaults to ``False``. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/octavia-acls-7452d3406d75ea15.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added support for Octavia VIP access control list. This new Octavia API 5 | allows users to limit incomming traffic to a set of allowed CIDRs. Kuryr 6 | uses this to enforce Network Policies on services, changing the security 7 | group associated to the Load Balancer through this new API instead of 8 | directly. Thanks to it, Kuryr no longer needs admin priviledges to 9 | restrict the access to the loadbalancers VIPs some details. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecate-sg-mode-option-96824c33335cd74b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | Setting the ``sg_mode`` option for octavia is being deprecated. 5 | Main reason is that when ``sg_mode`` is create a new load balancer 6 | security group is created. However, when ovn-octavia provider is 7 | used that security group is not enforced, and thus there is no 8 | need to have been created. 9 | To address the other operation handled on this config, the 10 | ``enforce_sg_rules`` config can be used instead. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecate-handlers-caching-9cdfd772aba9a7ce.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | Configuration sections ``[namespace_handler_caching]``, ``[np_handler_caching]`` 5 | and ``[vif_handler_caching]`` have been deprecated due to simplifying quota usage 6 | calculation for readiness checks. Instead of counting Neutron objects 7 | (ports, sg, subnets, and networks), the quota_details extension is used, 8 | which includes used, limit and reserved counts per resource. 9 | In this way, caching becomes unnecessary. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecate-worker-nodes-subnet-e452c84df5b5ed5c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Kuryr will now support nested mode with nodes VMs running in multiple 5 | subnets. In order to use that functionality a new option 6 | `[pod_vif_nested]worker_nodes_subnets` is introduced and will accept a list 7 | of subnet IDs. 8 | deprecations: 9 | - | 10 | Option `[pod_vif_nested]worker_nodes_subnet` is deprecated in favor of 11 | `[pod_vif_nested]worker_nodes_subnets` that accepts a list instead of a 12 | single ID. 13 | -------------------------------------------------------------------------------- /releasenotes/notes/network-namespace-2353f8013be398cd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Introduced a new subnet driver that is able to create a new subnet 5 | (including the network and its connection to the router) for each 6 | namespace creation event. 7 | 8 | To enable it the namespace subnet driver must be selected and the 9 | namespace handler needs to be enabled: 10 | 11 | .. code-block:: ini 12 | 13 | [kubernetes] 14 | enabled_handlers=vif,lb,lbaasspec,namespace 15 | pod_subnets_driver = namespace 16 | 17 | -------------------------------------------------------------------------------- /releasenotes/notes/kuryr-daemon-f09075b9eb60388f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Introduced kuryr-daemon service. Daemon is an optional service that should 5 | run on every Kubernetes node. It is responsible for watching pod events on 6 | the node it’s running on, answering calls from CNI Driver and attaching 7 | VIFs when they are ready. This helps to limit the number of processes 8 | spawned when creating multiple Pods, as a single Watcher is enough for each 9 | node and CNI Driver will only wait on local network socket for response 10 | from the Daemon. 11 | -------------------------------------------------------------------------------- /openshift-kuryr-tester-rhel8.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubi8 2 | 3 | ENV container=oci 4 | 5 | RUN yum install -y python3-devel python3-pbr python3-pip \ 6 | && yum clean all \ 7 | && rm -rf /var/cache/yum \ 8 | && pip3 install tox 9 | 10 | LABEL \ 11 | io.k8s.description="This is a component of OpenShift Container Platform and provides a testing container for Kuryr service." \ 12 | maintainer="Michal Dulko " \ 13 | name="openshift/kuryr-tester" \ 14 | io.k8s.display-name="kuryr-tester" \ 15 | version="4.6.0" \ 16 | com.redhat.component="kuryr-tester-container" 17 | -------------------------------------------------------------------------------- /test-requirements.txt: -------------------------------------------------------------------------------- 1 | # The order of packages is significant, because pip processes them in the order 2 | # of appearance. Changing the order has an impact on the overall integration 3 | # process, which may cause wedges in the gate later. 4 | 5 | hacking>=3.0.1,<3.1.0 # Apache-2.0 6 | 7 | coverage!=4.4,>=4.0 # Apache-2.0 8 | ddt>=1.0.1 # MIT 9 | docutils>=0.12 # OSI-Approved Open Source, Public Domain 10 | python-subunit>=1.0.0 # Apache-2.0/BSD 11 | stestr>=1.0.0 # Apache-2.0 12 | oslotest>=3.2.0 # Apache-2.0 13 | testrepository>=0.0.18 # Apache-2.0/BSD 14 | testscenarios>=0.4 # Apache-2.0/BSD 15 | testtools>=2.2.0 # MIT 16 | -------------------------------------------------------------------------------- /contrib/kubectl_plugins/README.rst: -------------------------------------------------------------------------------- 1 | ==================== 2 | Kuryr kubectl plugin 3 | ==================== 4 | 5 | This plugin aims to bring kuryr introspection an interaction to the kubectl and 6 | oc command line tools. 7 | 8 | 9 | Installation 10 | ------------ 11 | 12 | Place the kuryr directory in your ~/.kube/plugins 13 | 14 | 15 | Usage 16 | ----- 17 | 18 | The way to use it is via the kubectl/oc plugin facility:: 19 | 20 | kubectl plugin kuryr get vif -o wide -l deploymentconfig=demo 21 | 22 | 23 | Media 24 | ----- 25 | 26 | You can see an example of its operation: 27 | 28 | .. image:: kubectl_kuryr_plugin_1080.gif 29 | -------------------------------------------------------------------------------- /contrib/vagrant/vagrant.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | getent passwd vagrant > /dev/null 4 | if [ $? -eq 0 ]; then 5 | export OS_USER=vagrant 6 | else 7 | getent passwd ubuntu > /dev/null 8 | if [ $? -eq 0 ]; then 9 | export OS_USER=ubuntu 10 | fi 11 | fi 12 | 13 | set -ex 14 | 15 | export HOST_IP=127.0.0.1 16 | 17 | # Enable IPv6 18 | sudo sysctl -w net.ipv6.conf.default.disable_ipv6=0 19 | sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0 20 | 21 | # run script 22 | bash /vagrant/devstack.sh "$1" 23 | 24 | #set environment variables for kuryr 25 | su "$OS_USER" -c "echo 'source /vagrant/config/kuryr_rc' >> ~/.bash_profile" 26 | -------------------------------------------------------------------------------- /releasenotes/notes/make-listener-timeouts-configurable-f563d85eg6c6fe6d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Kuryr will now support the configuration of Octavia listener timeouts. 5 | The timeout-client-data and timeout-member-data settings of listeners 6 | can be configured to use values other than the Octavia defaults when 7 | creating or modifying loadbalancers handled by Kuryr. In order to use this 8 | functionality, the new timeout values can be annotated to the Service or 9 | set in kuryr.conf. New options ``[octavia_defaults]timeout_client_data`` 10 | and ``[octavia_defaults]timeout_member_data`` were added. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/add-tagging-ce56231f58bf7ad0.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added possibility to ensure all OpenStack resources created by Kuryr are 5 | tagged. In case of Neutron regular ``tags`` field is used. If Octavia 6 | supports tagging (from Octavia API 2.5, i.e. Stein), ``tags`` field is used 7 | as well, otherwise tags are put on ``description`` field. All this is 8 | controlled by ``[neutron_defaults]resource_tags`` config option that can 9 | hold a list of tags to be put on resources. This feature is useful to 10 | correctly identify any leftovers in OpenStack after K8s cluster Kuryr was 11 | serving gets deleted. 12 | -------------------------------------------------------------------------------- /releasenotes/notes/bp-openshift-router-support-5f28108b39a2826f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | An OpenShift route is a way to expose a service by giving it an 5 | externally-reachable hostname like www.example.com. 6 | A defined route and the endpoints identified by its service can be 7 | consumed by a router to provide named connectivity that allows external 8 | clients to reach your applications. 9 | Each route consists of a route name , target service details. 10 | To enable it the following handlers should be added : 11 | 12 | .. code-block:: ini 13 | 14 | [kubernetes] 15 | enabled_handlers=vif,lb,lbaasspec,ingresslb,ocproute 16 | -------------------------------------------------------------------------------- /releasenotes/source/README.rst: -------------------------------------------------------------------------------- 1 | ==================================== 2 | Kuryr-Kubernetes Release Notes Howto 3 | ==================================== 4 | 5 | Release notes are a new feature for documenting new features in OpenStack 6 | projects. Background on the process, tooling, and methodology is documented in 7 | a `mailing list post by Doug Hellmann`_. 8 | 9 | For information on how to create release notes, please consult the `Release 10 | Notes documentation`_. 11 | 12 | 13 | .. _mailing list post by Doug Hellmann: http://lists.openstack.org/pipermail/openstack-dev/2015-November/078301.html 14 | .. _Release Notes documentation: https://docs.openstack.org/reno/latest/ 15 | -------------------------------------------------------------------------------- /releasenotes/notes/k8s-client-token-default-882ec49d1faffc29.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | In order to prioritize running kuryr-kubernetes services as pods on the 5 | Kubernetes cluster they are supposed to serve, default values of 6 | ``[kubernetes]ssl_ca_crt_file`` and ``[kubernetes]token_file`` are now 7 | set to where Kubernetes pods are having those files mounted 8 | (``/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`` and 9 | ``/var/run/secrets/kubernetes.io/serviceaccount/token``). This means that 10 | if you want to run Kuryr services standalone through unauthenticated 11 | K8s endpoint you need to set both of them to ``""`` in ``kuryr.conf``. 12 | -------------------------------------------------------------------------------- /kuryr_kubernetes/version.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import pbr.version 14 | 15 | version_info = pbr.version.VersionInfo('kuryr_kubernetes') 16 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecate_lbaasv2-a524aedf5d3a36bc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Legacy Kuryr deployment relying on neutron-lbaas as the LBaaSv2 endpoint is 5 | now deprecated. The possibility of using it as Kuryr's lbaasv2 endpoint 6 | will be totally removed in one of the next releases. 7 | deprecations: 8 | - | 9 | Running Kuryr-Kubernetes with neutron-lbaasv2 is now deprecated. The main 10 | motivation for this is the deprecation of the neutron-lbaas implementation 11 | in favour to Octavia. 12 | 13 | Possibility of running Kuryr-Kubernetes with the lbaas handler pointing to 14 | anything but Octavia or SDN lbaas implementations will be removed in 15 | future releases. 16 | -------------------------------------------------------------------------------- /CONTRIBUTING.rst: -------------------------------------------------------------------------------- 1 | The source repository for this project can be found at: 2 | 3 | https://opendev.org/openstack/kuryr-kubernetes 4 | 5 | Pull requests submitted through GitHub are not monitored. 6 | 7 | To start contributing to OpenStack, follow the steps in the contribution guide 8 | to set up and use Gerrit: 9 | 10 | https://docs.openstack.org/contributors/code-and-documentation/quick-start.html 11 | 12 | Bugs should be filed on Launchpad: 13 | 14 | https://bugs.launchpad.net/kuryr-kubernetes 15 | 16 | For more specific information about contributing to this repository, see the 17 | kuryr-kubernetes contributor guide: 18 | 19 | https://docs.openstack.org/kuryr-kubernetes/latest/contributor/contributing.html 20 | -------------------------------------------------------------------------------- /contrib/devstack-heat/hot/distro_deps.sh: -------------------------------------------------------------------------------- 1 | distro=$(awk -F'=' '/^ID=/ {print $2}' /etc/os-release) 2 | distro="${distro%\"}" 3 | distro="${distro#\"}" 4 | 5 | if [[ "$distro" =~ centos|fedora ]]; then 6 | yum install -y git python-devel 7 | yum group install -y Development Tools 8 | if [[ "$distro" == "centos" ]]; then 9 | yum install -y epel-release 10 | sed -i -e '/Defaults requiretty/{ s/.*/# Defaults requiretty/ }' /etc/sudoers 11 | fi 12 | yum install -y jq 13 | yum install -y python-pip 14 | pip install -U setuptools 15 | elif [[ "$distro" =~ ubuntu|debian ]]; then 16 | apt update -y 17 | apt upgrade -y 18 | apt-get install -y build-essential git python-dev jq 19 | fi 20 | -------------------------------------------------------------------------------- /releasenotes/notes/golang-kuryr-cni-aab144831d4dc9dd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | kuryr-cni, that is the executable called by kubelet, is now rewritten to 5 | golang. This enables Kuryr to work containerized in environments where 6 | there is no Python or curl on the hosts running kubelet. This is the case 7 | e.g. in K8s deployed by Magnum. 8 | upgrade: 9 | - | 10 | kuryr-cni is now a golang binary. The upgrade should be automatic and 11 | consists of deploying an updated kuryr-cni container. Please note that if 12 | you used a custom listening port for kuryr-daemon, it is currently 13 | hardcoded to 5036. We're planning to pass it through 10-kuryr.conf CNI 14 | configuration file in the very near future. 15 | -------------------------------------------------------------------------------- /kubernetes_crds/network_attachment_definition_crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: network-attachment-definitions.k8s.cni.cncf.io 5 | spec: 6 | group: k8s.cni.cncf.io 7 | scope: Namespaced 8 | names: 9 | plural: network-attachment-definitions 10 | singular: network-attachment-definition 11 | kind: NetworkAttachmentDefinition 12 | shortNames: 13 | - net-attach-def 14 | versions: 15 | - name: v1 16 | served: true 17 | storage: true 18 | schema: 19 | openAPIV3Schema: 20 | type: object 21 | properties: 22 | spec: 23 | type: object 24 | properties: 25 | config: 26 | type: string 27 | -------------------------------------------------------------------------------- /kuryr_kubernetes/cmd/eventlet/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2016 Mirantis, Inc. 2 | # All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 5 | # not use this file except in compliance with the License. You may obtain 6 | # a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | # License for the specific language governing permissions and limitations 14 | # under the License. 15 | 16 | import eventlet 17 | 18 | eventlet.monkey_patch() 19 | -------------------------------------------------------------------------------- /kuryr_kubernetes/cmd/cni.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2016 Mirantis, Inc. 2 | # All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 5 | # not use this file except in compliance with the License. You may obtain 6 | # a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | # License for the specific language governing permissions and limitations 14 | # under the License. 15 | 16 | from kuryr_kubernetes.cni import main 17 | 18 | 19 | run = main.run 20 | 21 | if __name__ == '__main__': 22 | run() 23 | -------------------------------------------------------------------------------- /releasenotes/notes/fault-tolerable-watcher-24c51dbccabf5f17.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | For the kuryr kubernetes watcher, 5 | a new option 'watch_retry_timeout' has been added. 6 | The following should be modified at kuryr.conf:: 7 | 8 | 9 | [kubernetes] 10 | # 'watch_retry_timeout' field is optional, 11 | # default = 60 if not set. 12 | watch_retry_timeout =