Commit Graph

376 Commits

Author SHA1 Message Date
Zuul 0898f29a7a Merge "Add kubernetes 1.29.2 patches" 2024-03-20 16:47:15 +00:00
Zuul b331398cfd Merge "Up-rev runc package to 1.1.12" 2024-03-20 14:03:05 +00:00
Ramesh Kumar Sivanandam 524383ceb9 Up-rev runc package to 1.1.12
This change updates runc package from 1.1.7 to 1.1.12
and fixes the vulnerability issue - CVE-2024-21626.
https://nvd.nist.gov/vuln/detail/CVE-2024-21626

Test Plan:
  PASS: runc package builds successfully
  PASS: Build ISO successful with multiple kubernetes versions
  PASS: Verify correct runc vesion on deployed system,
        dpkg-query -f '${Version}' -W runc
  PASS: Performed the K8s version upgrade from 1.24.4 to 1.28.4
  PASS: Verify platform cpu occupancy is normal using
        collectd.log and occtop tool

Closes-bug: https://bugs.launchpad.net/starlingx/+bug/2052401

Change-Id: Ia34c4a1bcab777a9af80e2b045960895f2bed976
Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
2024-03-20 09:43:36 -04:00
Ramesh Kumar Sivanandam 6633522643 Set kubernetes kubeadm UpgradeManifestTimeout to 3 minutes
This modifies kubeadm UpgradeManifestTimeout from 5 minutes default
to 3 minutes to reduce the unnecessary delay in retries during
kubeadm-upgrade-apply failures.

The typical control-plane upgrade of static pods is 75 to 85 seconds,
so 3 minutes gives adequate buffer to complete the operation.

TEST PLAN:
PASS: All Kubernetes packages build successfully from 1.24 to 1.28.
PASS: Perform k8s upgrade and verify kubeadm-upgrade-apply.log
      shows the UpgradeManifestTimeout value as 3 minutes.

Partial-Bug: 2056326

Change-Id: Ief35c63dacc92af861525f03fa25ceb7b8253622
Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
2024-03-17 23:03:19 -04:00
Zuul a933669618 Merge "Identify platform pods based on pod/namespace labels" 2024-03-07 20:33:00 +00:00
Boovan Rajendran 50883a70df Add kubernetes 1.29.2 patches
This change ports the following kubernetes 1.29.2 patches which were
refactored slightly to allow for upstream changes

The following patches were applied cleanly:
kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch
kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch
Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch
kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch

The following patches were refactored:
kubeadm-create-platform-pods-with-zero-CPU-resources.patch
kubernetes-make-isolcpus-allocation-SMT-aware.patch
kubelet-cpumanager-disable-CFS-quota-throttling.patch
kubelet-cpumanager-keep-normal-containers-off-reserv.patch
kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch

Test Plan:
PASS: Kubernetes package 1.29.2 builds properly.
PASS: Run all Kubelet, kubeadm, kubectl make tests for affected code.

Story: 2011047
Task: 49674

Change-Id: Ib24dc061a7da201650cc6550fd7bbed0aebe390c
Signed-off-by: Boovan Rajendran <boovan.rajendran@windriver.com>
2024-03-06 10:20:55 -05:00
Ramesh Kumar Sivanandam 63991d3041 Up-rev kubernetes package from 1.29.1 to 1.29.2
This change updates kubernetes package from 1.29.1 to 1.29.2
and it uses golang-1.21.7.

Test Plan:
PASS: kubernetes-1.29.2 package builds successfully
PASS: All packages build successfully
PASS: Build ISO successful with multiple kubernetes versions
PASS: For pkg-versioning, add a dummy commit to subdirectory
      of kubernetes-1.29.2. Built package kubernetes-1.29.2
      and verified that package version was incremented by 1.
PASS: Install the ISO as AIO-SX and verify the K8s 1.29.2 staged
      binaries are present in the path /usr/local/kubernetes/1.29.2

Story: 2011047
Task: 49654

Depends-On: https://review.opendev.org/c/starlingx/compile/+/910697

Change-Id: Ib463753fe82527d64d7b0e5605895b0ed2c48e49
Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
2024-03-04 08:49:36 -05:00
Zuul 49e08dd3eb Merge "Remove support for ignoring isolated CPUs in k8s 1.24" 2024-02-27 20:47:16 +00:00
Zuul aa255de4c8 Merge "debian-pkg: Update golang for cni plugins" 2024-02-27 17:21:06 +00:00
Mohammad Issa 435ba6e194 debian-pkg: Update golang for cni plugins
This commit updates the containernetworking-plugins and
bond-cni pkgs to use golang-1.18.

Test Plan:
- PASS: downloader
- PASS: build pkgs
- PASS: build image
- PASS: the plugins are present at /var/opt/cni/bin/
- PASS: test the plugins' functionality

Story: 2010878
Task: 49619

Change-Id: Ie8e0f01502e74cf2fb7a4b3ba88c37b69609c297
Signed-off-by: Mohammad Issa <mohammad.issa@windriver.com>
2024-02-23 16:43:30 +00:00
Ramesh Kumar Sivanandam 5233b51876 Debian: Add kubernetes 1.29.1 package
This adds kubernetes 1.29.1 package for Debian, this is built
using golang-1.21.6.

Taken from the previous version and modified the files for 1.29.1.

Test Plan:
PASS: kubernetes-1.29.1 package builds successfully
PASS: All packages build successfully
PASS: Build ISO successful with multiple kubernetes versions
PASS: For pkg-versioning, add a dummy commit to subdirectory
      of kubernetes-1.29.1. Built package kubernetes-1.29.1
      and verified that package version was incremented by 1.
PASS: Install the ISO as AIO-SX and verify the K8s 1.29.1 staged
      binaries are present in the path /usr/local/kubernetes/1.29.1

Story: 2011047
Task: 49591

Depends-On: https://review.opendev.org/c/starlingx/compile/+/909068

Change-Id: I97b4a3a25ca93a2b414a1600f3ba8bd0f16b1e8c
Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
2024-02-19 03:31:27 -05:00
Kaustubh Dhokte 424c00985e Identify platform pods based on pod/namespace labels
This change updates kubernetes patch
kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch
for supported kubernetes versions from 1.24 to 1.28.

Currently, for static CPU allocation, pods are identified
as platform pods using a hard-coded list of namespaces.
New method identifies a pod as a platform pod using label
assigned to it or its namespace.

Test Plan:
PASS: All affected versions of kubernetes package build successfully.
PASS: Create a pod with the platform label. Pod is classified as
      a platform pod.
PASS: Create a pod without the platform label but in a namespace with
      the platform label. Pod is classified as a platform pod.
PASS: Create a pod without the platform label and in a namespace
      without the platform label. Pod is not classified as a platform
      pod.

Depends-On: https://review.opendev.org/c/starlingx/config/+/907640
Depends-On: https://review.opendev.org/c/starlingx/ansible-playbooks/+/907641
Depends-On: https://review.opendev.org/c/starlingx/integ/+/908340
Depends-On: https://review.opendev.org/c/starlingx/integ/+/908958

Story: 2010612
Task: 47513

Change-Id: I654d466e51522b42a2e1d17a1828288089791b8f
Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
2024-02-14 00:19:51 +00:00
Kaustubh Dhokte 191839ee71 Remove support for ignoring isolated CPUs in k8s 1.24
This change covers up for the missed kubernetes version 1.24.4
in this change.
https://review.opendev.org/c/starlingx/integ/+/908340

Test Plan:
PASS: Kubernetes 1.24.4 package builds successfully.

Story: 2010878
Task: 49546

Change-Id: Iff11cd4ee8239bed5875100b4499216e80e27386
Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
2024-02-14 00:12:08 +00:00
Zuul c5b1a5296f Merge "Remove support for ignoring isolated CPUs in k8s" 2024-02-09 00:38:28 +00:00
Zuul 9702234bb9 Merge "Remove Revert-use-subpath-for-coredns-only-for-default-repo k8s patch" 2024-02-07 21:30:41 +00:00
Kaustubh Dhokte d755f69b6c Remove support for ignoring isolated CPUs in k8s
As we no longer have any users for this feature, we remove the patch
enable-support-for-kubernetes-to-ignore-isolcpus.patch from the repo.

Test Plan:
PASS: Each affected kubernetes version package builds successfully.

Story: 2010878
Task: 49546

Change-Id: Id21fe6cd029d4b3cd6e6bd920628dfcc4703f6b2
Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
2024-02-07 19:24:14 +00:00
Kaustubh Dhokte 8cecc0667d Etcd upversion from 3.3.25 to 3.4.27
This change updates etcd version to 3.4.27.

The new etcd version does not generate package named 'etcd'.
Etcd server binary (/usr/bin/etcd) is packed in the package
'etcd-server'. So a patch is added to the etcd puppet module
to update the package name. Also, as we do not use /etc/etcd/etcd.yml,
another patch is added to remove its generation. Etcd 3.3.25 would
create a new user 'etcd'. As no processes or files require etcd user
context, it is removed in the new version. Etcd process and config
files are managed by puppet and are owned by the root user.

Depends-On: https://review.opendev.org/c/starlingx/integ/+/897091
Depends-On: https://review.opendev.org/c/starlingx/tools/+/897100
Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/897099
Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/898851

Test Plan:
PASS: All packages build and build image successful
PASS: AIO-SX, AIO_DX fresh install success with new etcd version.
PASS: CRUD operations on a test pod successful.
PASS: Lock/Unlock reboot succeeds. K8s cluster healthy after each
      operation. Test pod persists upon lock/unlock and reboot.
PASS: AIO-SX platform upgrade successful. K8s cluster healthy after
      platform upgrade.

Story: 2010878
Task: 48877

Change-Id: Ifb4d7d5c8f4d3dbf754f117db75408bff9181464
Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
2024-01-31 18:49:54 +00:00
Boovan Rajendran 8ba265a6ce Remove Revert-use-subpath-for-coredns-only-for-default-repo k8s patch
Revert-use-subpath-for-coredns-only-for-default-repo.patch
is removed as this change that updates the dns
imageRepository is taken care in ansible playbook review
https://review.opendev.org/c/starlingx/ansible-playbooks/+/903499

Test Plan:
PASS: Kubernetes package 1.25.3, 1.26.1 and 1.27.5
      builds properly.
PASS: Verify k8s upgrade from 1.24.4 to 1.25.3

Story: 2010878
Task: 49244

Change-Id: Ic5a825f88f625db10610cc7e19770a0a36b6aad4
Signed-off-by: Boovan Rajendran <boovan.rajendran@windriver.com>
2024-01-23 01:59:23 -05:00
Zuul 2379dd202e Merge "Add kubernetes 1.28.4 patches" 2024-01-10 17:00:54 +00:00
Saba Touheed Mujawar bc28897dc5 Add kubernetes 1.28.4 patches
This change ports the following kubernetes 1.28.4 patches which were
refactored slightly to allow for upstream changes

The following patches were applied cleanly:
kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch
kubelet-cpumanager-disable-CFS-quota-throttling.patch
kubelet-cpumanager-keep-normal-containers-off-reserv.patch
kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch
Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch
kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch

The following patches were refactored:
kubeadm-create-platform-pods-with-zero-CPU-resources.patch
kubernetes-make-isolcpus-allocation-SMT-aware.patch
kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch
enable-support-for-kubernetes-to-ignore-isolcpus.patch

Note: Revert-use-subpath-for-coredns-only-for-default-repo.patch
      is removed as this change that updates the dns
      imageRepository is taken care in ansible playbook
      https://review.opendev.org/c/starlingx/ansible-playbooks/+/903499/1/playbookconfig/src/playbooks/roles/common/files/kubeadm.yaml.j2

Test Plan:
PASS: Kubernetes package 1.28.4 builds properly.
PASS: Run all Kubelet, kubeadm, kubectl make tests for affected code.
PASS: build-iso successful with multiple kubernetes versions
PASS: Install iso with k8s 1.28 default and test all patches.

Story: 2010878
Task: 49209

Change-Id: I7693ad2fcc93d146eeae882d44f83b60589565db
Signed-off-by: Saba Touheed Mujawar <sabatouheed.mujawar@windriver.com>
2023-12-18 01:38:21 -05:00
Sachin Gopala Krishna 126b37dfe8 remove support for versions of K8s lower than 1.24
Remove support for k8s versions 1.23 and lower since they are not
supported. This change removes k8s versions 1.21.8,
1.22.5, 1.23.1 from the build

Test Plan:
Pass: Tested by successfully creating and installing ISO on AIO-SX.
Pass: Verify /usr/local/kubernetes/ doesn't contain k8s versions
1.21.8, 1.22.5 and 1.23.1.
Pass: Perform platform upgrade, then k8s upgrade to v1.26.1.

Story: 2010368
Task: 48240

Depends-On: https://review.opendev.org/c/starlingx/config/+/886188

Change-Id: If3b9934937c542074ebbcb23d49a5fd4c7e69898
Signed-off-by: Sachin Gopala Krishna <saching.krishna@windriver.com>
Signed-off-by: Boovan Rajendran <boovan.rajendran@windriver.com>
2023-12-15 03:19:39 +00:00
Zuul 9525e95103 Merge "Debian: Add kubernetes 1.28.4 package" 2023-12-11 20:07:14 +00:00
Zuul 7a3d71922b Merge "debian-pkg: Uprev cni plugins" 2023-12-04 17:35:47 +00:00
rakshith mr 79f5f0bb9f Debian: Add kubernetes 1.28.4 package
This adds kubernetes 1.28.4 package for Debian, this is built
using golang-1.20.11.

Taken from the previous version and modified the files for 1.28.4.

Test Plan:
PASS: kubernetes-1.28.4 package builds successfully
PASS: All packages build successfully
PASS: Build ISO successful with multiple kubernetes versions
PASS: For pkg-versioning, add a dummy commit to subdirectory
      of kubernetes-1.28.4. Built package kubernetes-1.28.4
      and verified that package version was incremented by 1.
PASS: Install the ISO as AIO-SX and verify the K8s 1.28.4 staged
      binaries are present in the path /usr/local/kubernetes/1.28.4

Story: 2010878
Task: 48592

Depends-On: https://review.opendev.org/c/starlingx/compile/+/902044

Change-Id: I5f4acec2e693449b41b46d82a4a46b1cb69432f3
Signed-off-by: rakshith mr <rakshith.mr@windriver.com>
2023-12-04 02:21:22 -05:00
Boovan Rajendran ace57cab13 Set the affinity of guaranteed pod to non-isolated CPUs
This corrects kubelet cpumanager static cpuset tracking for isolcpus
for versions 1.26.1 and 1.27.5. This ensures that pods specified with
isolcpus + guaranteed QoS + integer cpu requests, are affined to
exclusive cpuset and tracked as non-isolated cpus.

Test Plan:
Set the "kube-cpu-mgr-policy=static" label and allocate isolcpus.

The following tests are performed for both k8s 1.26.1 and 1.27.5:
PASS: Guaranteed pod without isolcpus specified
      (Pod is affined to exclusive cpu)
PASS: BestEffort pod with isolcpus specified
      (Pod is affined to isolcpus)
PASS: Burstable pod with isolcpus specified
      (Pod is affined to isolcpus)
PASS: Guaranteed pod with isolcpus specified (integer CPU)
      (Pod is affined to exclusive cpu)
PASS: Guaranteed pod with isolcpus specified (fractional CPU)
      (Pod is affined to defaultCpuSet)

Closes-Bug: 2042795

Change-Id: I54ac47d1ec697a53999299cfa84093cb5fd6477a
Signed-off-by: Boovan Rajendran <boovan.rajendran@windriver.com>
2023-11-28 08:38:10 +00:00
Mohammad Issa 32f150ee9d debian-pkg: Uprev cni plugins
This commit uprevs the containernetworking-plugins to v1.3.0 and
bond-cni v1.0 (with the latest commit changes)

Test Plan:
- PASS: downloader
- PASS: build pkgs
- PASS: build image
- PASS: the plugins are present at /var/opt/cni/bin/
- PASS: ensure installed packages are the correct version
- PASS: plugins functionality test includes:
        - bandwidth, bonding, bridge, DHCP, hd,
          ipvlan, macvlan, portmap, ptp, sbr,
          tuning, vlan, and vrf.

Story: 2010639
Task: 49101

Change-Id: I516c717530e50d6bdf50dbc704a382a71f7958cf
Signed-off-by: Mohammad Issa <mohammad.issa@windriver.com>
2023-11-16 22:07:35 +00:00
Zuul d276d60357 Merge "Upversion docker-distribution to v2.8.2+ds1-1" 2023-11-16 11:09:14 +00:00
Karla Felix c007315764 Upversion docker-distribution to v2.8.2+ds1-1
Upversioning docker-distribution to v2.8.2+ds1-1 to be able to block
TLS1.0, TLS1.1 in registry-distribution.

Test Plan:

PASS: $downloader.
PASS: $build-pkgs docker-distribution --clean.
PASS: $build-image.
PASS: List docker-distribution package installed with apt list |
      grep docker.
PASS: Verify if ports 9001 and 9002 are blocking tls1.0, 1.1 and
      1.2 with nmap.

Closes-Bug: 2043217

Change-Id: Id0fc5f8794af54fc4b87b9cab6cec8b454775410
Signed-off-by: Karla Felix <karla.karolinenogueirafelix@windriver.com>
2023-11-10 12:44:09 -03:00
Jim Gauld 05bbc77057 Improve shutdown of containerd
This update is to prevent nodes from crashing while powering
off during graceful shutdown (or reboot). This improves timing
and shutdown of containerd.service.

The containerd shutdown script stops all containers via
'crictl stop' with 5 second timeout, followed by stop all
pods via 'crictl stopp'. This cleans up lingering /pause
sandbox containers.

This modifies the arguments to xargs and crictl to let xargs
deal with parallelism instead of batching to crictl.
crictl appears to do the stop operations serially.

The number stop in parallel is engineered to 10.

Engineering the number of stop in parallel in relation to
shutdown timings under stress load will be addressed in a
subsequent update. The engineering TC should align with
customer requirements.

When testing containerd shutdown under the stress of multiple
pods writing to a shared PersistentVolume, even the new parallel
shutdown code is not sufficient to complete the shutdown within
the default 90-second timeout. Additional changes will be needed
to enable clean shutdown under those circumstances.

Partial-Bug: 2043069

Test plan:
- PASS - build-image, install and boot up on AIO-SX
- PASS - perform reboot and verify /var/log/daemon.log
         has new k8s-container-cleanup.sh logs
         for 'Stopping all pods' and 'Stopping all containers',
         and that drbd stops after containerd.
- FAIL - verify containerd shutdown works under stress with
         the new parallel stop pods parameter NPAR=10.
         The stress load uses ReadWriteMany PVC, and multiple
         pods, each writing to the shared PVC.

Change-Id: Ibfc0a474a40344a629b3f0780449906a9c6b03ba
Signed-off-by: Jim Gauld <James.Gauld@windriver.com>
2023-11-09 12:12:48 -05:00
Zuul 3f539a071a Merge "tox: fixed warnings" 2023-10-19 20:58:56 +00:00
Zuul 724591d233 Merge "Enforce Helm charts uniqueness" 2023-10-13 22:44:11 +00:00
Igor Soares c0b0e689a7 Enforce Helm charts uniqueness
Prevent that an existing chart in a repository gets overwritten
by an incoming chart with the same version or same sha256 digest.

If there is a matching digest against a chart in the repository then the
upload is rejected and the script exits with error code 2. If there is a
matching version against a chart in the repository that has a different
content then the upload is also rejected but with error code 3.

Test Plan:
PASS: build-pkgs && build-image
PASS: AIO-SX fresh install
PASS: Upload chart vault-0.24.3.tgz to stx-platform repository
      Check if the chart was correctly uploaded to
      /var/www/pages/helm_charts/stx-platform/
      Check if the index.yaml file was regenerated accordingly
PASS: Upload chart vault-0.24.3.tgz to stx-platform repository
      Try to upload the same chart again to the same repository
      Confirm that the upload was refused
PASS: Upload chart vault-0.24.3.tgz to stx-platform repository
      Change an image tag and repackage the chart keeping the
      same version
      Try to upload the changed chart again to the same repository
      Confirm that the upload was refused

Story: 2010929
Task: 48883

Change-Id: I974a627d31876c7e2cfd1df05b03c252d958a4d5
Signed-off-by: Igor Soares <Igor.PiresSoares@windriver.com>
2023-10-06 12:12:07 -03:00
Zuul 71e342b239 Merge "cengn reference removal" 2023-10-05 19:14:19 +00:00
Igor Soares 7471413e24 Remove Armada related packages from stx build
As part of the efforts to fully deprecate Armada, this commit removes
two packages from the StarlingX build: "armada" and
"armada-helm-toolkit".

In addition, it also removes the helmv2-cli script from the Helm package
since helmv2 is also deprecated.

Test Plan:
PASS: build-pkgs --clean --all
PASS: AIO-SX install
PASS: AIO-SX upgrade from stx-8

Story: 2010560
Task: 48705

Change-Id: I9986a16ec23057d660cc1834d7f1c5b26564866f
Signed-off-by: Igor Soares <Igor.PiresSoares@windriver.com>
2023-09-27 18:58:13 +00:00
Scott Little 5413a6420d cengn reference removal
mirror.starlingx.cengn.ca no longer exists. CENGN is kindly forwarding
requests to the new location mirror.starlingx.windriver.com for now, but
that will only last a few months. We need to replace all the references
with the new URL.

I will also remove as many 'cengn' references as possible, replacing
them with 'stx_mirror'

Partial-Bug: 2033555
Signed-off-by: Scott Little <scott.little@windriver.com>
Change-Id: I2416766216204d973c53922202679bd166d1e737
2023-09-14 09:56:20 -04:00
Boovan Rajendran 96d5a7a4dd Add kubernetes 1.27.5 patches
This change ports the following kubernetes 1.27.5 patches which were
refactored slightly to allow for upstream changes

The following patches were applied cleanly:
kubeadm-create-platform-pods-with-zero-CPU-resources.patch
kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch

The following patches were refactored:
Revert-use-subpath-for-coredns-only-for-default-repo.patch
kubernetes-make-isolcpus-allocation-SMT-aware.patch
kubelet-cpumanager-disable-CFS-quota-throttling.patch
kubelet-cpumanager-keep-normal-containers-off-reserv.patch
kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch
kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch
enable-support-for-kubernetes-to-ignore-isolcpus.patch
kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch

Test Plan:
PASS: Kubernetes package 1.27.5 builds properly.
PASS: Run all Kubelet, kubeadm, kubectl make tests for affected code.

Story: 2010878
Task: 48740

Depends-On: https://review.opendev.org/c/starlingx/integ/+/892988

Change-Id: I130d41d2b906826e5cb8186ec754e0e74a7d891a
Signed-off-by: Boovan Rajendran <boovan.rajendran@windriver.com>
2023-09-08 13:03:16 -04:00
Ramesh Kumar Sivanandam 1c278b773a Debian: Add kubernetes 1.27.5 package
This adds kubernetes 1.27.5 package for Debian, this is built
using golang-1.20.7.

Taken from the previous version and modified the files for 1.27.5.

Test Plan:
PASS: kubernetes-1.27.5 package builds successfully
PASS: All packages build successfully
PASS: Build ISO successful with multiple kubernetes versions
PASS: For pkg-versioning, add a dummy commit to subdirectory
      of kubernetes-1.27.5. Built package kubernetes-1.27.5
      and verified that package version was incremented by 1.
PASS: Install the ISO as AIO-SX and verify the K8s 1.27.5 staged
      binaries are present in the path /usr/local/kubernetes/1.27.5

Story: 2010878
Task: 48593

Depends-On: https://review.opendev.org/c/starlingx/compile/+/891585

Change-Id: I35f0d08b410c1b0eff82cbdb1f76faad9e613025
Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
2023-09-08 13:01:58 -04:00
Leonardo Fagundes Luz Serrano 5e19b07ebb tox: fixed warnings
meta_data files:
- "too few spaces before comment" warning
- missing document start "---" warning

tox.ini:
- allowlist bash for testenv
- moved 'basepython' var to testenv as it was repeated
  in all derived envs
- removed "tox < 4" requirement. changed minversion to 4

pylint:
- renamed pylintrc to the standard convention ".pylintrc"
- Removed "enable" section, as all warnings are enabled by default
- Updated "disable" section as some warnings changed names
- files-output deprecated [1]
- bad-functions requires a plugin [2, 3]
- max-branchs ==> max-branches [4]
- overgeneral-exceptions updated

[1] https://pylint.pycqa.org/en/latest/whatsnew/1/1.7/summary.html#removed-changes
[2] https://pylint.pycqa.org/en/latest/user_guide/configuration/all-options.html#bad-functions
[3] https://pylint.pycqa.org/en/latest/user_guide/messages/warning/bad-builtin.html
[4] https://pylint.readthedocs.io/en/latest/user_guide/messages/refactor/too-many-branches.html

Test Plan:
pass: run tox

Partial-Bug: 1976377

Change-Id: I715ed859e046a90cc7ec5d047d42902a51009eb8
Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
2023-09-06 17:54:55 -03:00
Boovan Rajendran 8c4a8b7a8c Fix for dwz compression error in isolcpus-device-plugin
isolcpus-device-plugin package was failing with following error
"Found compressed .debug_aranges section, not attempting dwz
compression" for keeping golang-1.19 as default version.

This error showed up when we started using the binary-distributed
golang-1.19 from upstream bullseye-backports as the default golang
version.

This change is to build isolcpus-device-plugin package successfully.

Test Plan:
PASS: isolcpus-device-plugin package build successful using golang-1.19
as default version.

Story: 2010878
Task: 48673

Change-Id: I71f9480296051efc2d3e896efe3599216c9d4bf9
Signed-off-by: Boovan Rajendran <boovan.rajendran@windriver.com>
2023-09-06 09:45:39 -04:00
Marcos Paulo Oliveira Silva 5bf031d65c Add sriov-fec-system namespace to the platform infra list in kubelet
Currently the pods installed in the sriov-fec-operator namespace run
on application cores. The sriov-fec-operator App is seen
as a platform app and therefore its pods need to run on platform
cores.

Accordingly, add the sriov-fec-system namespace to the list of
platform namespaces in kubelet.

Test Plan:
PASS - Verify if the pods are running at the platform cores

Story: 2010826
Task: 48628

Change-Id: I521deeef06a4073516c3a7d06ff8dd4308f7b6bb
Signed-off-by: Marcos Paulo Oliveira Silva <Marcos.PauloOliveiraSilva@windriver.com>
2023-08-31 11:07:43 -03:00
Igor Soares 6026ff9a3c Upversion Helm to v3.12.2
Bump Helm version from 3.9.4 to 3.12.2.

This also bumps helm-mapkubeapis from 0.3.2 to 0.4.1 which is
the latest version to date.

Changelogs:
Helm 3.12.2: https://github.com/helm/helm/releases/tag/v3.12.2
helm-mapkubeapis 0.4.1: https://github.com/helm/helm-mapkubeapis/releases/tag/v0.4.1

Test plan:
PASS: build-pkgs --clean --all
PASS: full AIO-SX deployment
PASS: nginx-ingress-controller successfully uploaded/applied
PASS: cert-manager successfully uploaded/applied
PASS: platform-integ-apps successfully uploaded/applied
PASS: oidc-auth-apps successfully uploaded/applied/removed/deleted
PASS: dell-storage successfully uploaded/applied/removed/deleted
PASS: app-istio successfully uploaded/applied/removed/deleted
PASS: app-kubevirt successfully uploaded/applied/removed/deleted
PASS: app-oran-o2 successfully uploaded/applied/removed/deleted
PASS: app-security-profiles-operator successfully
      uploaded/applied/removed/deleted
PASS: app-sriov-fec-operator successfully
      uploaded/applied/removed/deleted
PASS: app-sts-silicom successfully uploaded/applied/removed/deleted
PASS: auditd successfully uploaded/applied/removed/deleted
PASS: metrics-server successfully uploaded/applied/removed/deleted
PASS: portieris successfully uploaded/applied/removed/deleted
PASS: snmp successfully uploaded/applied/removed/deleted
PASS: vault successfully uploaded/applied/removed/deleted
PASS: AIO-SX upgrade from stx-8.

Story: 2010865
Task: 48549

Change-Id: I025251382c56bb82077f87c3924e81309109002d
Signed-off-by: Igor Soares <Igor.PiresSoares@windriver.com>
2023-08-14 14:54:58 -03:00
Luan Nunes Utimura f491502929 Upversion chartmuseum from 0.12.0 to 0.13.0
It was recently noted that the `chartmuseum` 0.12.0 binary, hosted on
Amazon S3 [1], is no longer publicly accessible, i.e., the endpoint is
returning `403 Forbidden` when accessed.

Since this is impacting the setup of new build environments, this change
proposes the upversion of `chartmuseum` to 0.13.0 and the use of the
corresponding binary hosted on get.helm.sh [2].

[1] https://s3.amazonaws.com/chartmuseum/release/v0.12.0/bin/linux/amd64/chartmuseum
[2] https://get.helm.sh/chartmuseum-v0.13.0-linux-amd64.tar.gz

Test Plan:
PASS - Run downloader successfully
PASS - Build chartmuseum package
PASS - Build package that depends on chartmuseum, e.g., openstack-helm

Closes-Bug: 2012283

Change-Id: I8f35bef60ffc7ba32a49111218e3022d7d5b4f69
Signed-off-by: Luan Nunes Utimura <LuanNunes.Utimura@windriver.com>
2023-08-08 09:59:54 -03:00
Zuul 4cd31fa43f Merge "containerd: remove unnecessary Build-Depends" 2023-08-04 15:04:15 +00:00
Zuul 2b3527d214 Merge "Add intel-power and power-metrics to list of platform namespace" 2023-08-03 20:48:50 +00:00
Davlet Panech d33ee40aff containerd: remove unnecessary Build-Depends
Remove "Build-Depends: build-info-dev" . This package is not required at
build time and causes a dependency error with "build-pkgs --reuse" .

TESTS
=====
Run build-pkgs --clean --reuse --parallel 4

Closes-Bug: 2029139

Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
Change-Id: Icab05e0ac8202a75e179d2a395ab8acbab4de340
2023-08-03 16:01:08 -04:00
Zuul f82b2006cb Merge "Add the NFD namespace to the platform infrastructure list in kubelet" 2023-07-25 17:48:53 +00:00
Marcos Paulo Oliveira Silva c22bd63e65 Add intel-power and power-metrics to list of platform namespace
The intel-power and power-metrics namespace are used by
Kubernetes Power Manager [1] and  Power Metrics [2] StarlingX
platform applications. Therefore, their pods have to run at platform
cores.

[1] https://opendev.org/starlingx/app-kubernetes-power-manager
[2] https://opendev.org/starlingx/app-power-metrics

Test Plan:
PASS: Verify if the pods are running at the platform cores

Story: 2010773
Task: 48414

Depends-On: https://review.opendev.org/c/starlingx/integ/+/887743

Change-Id: I3d4487bdd09157f687329a61cc069816965372e1
Signed-off-by: Marcos Paulo Oliveira Silva <Marcos.PauloOliveiraSilva@windriver.com>
Co-Authored-By: Alyson Deives Pereira <alyson.deivespereira@windriver.com>
2023-07-21 17:30:04 -03:00
Marcos Paulo Oliveira Silva 2e21b87d62 Add the NFD namespace to the platform infrastructure list in kubelet
Actually, the pods installed in the node-feature-discovery namespace run
on application cores. Although, the Node Feature Discovery App is seen
as a platform app, and therefore, its pods need to run on platform
cores.

So, in this change, the node-feature-discovery namespace will be added
in the platform infrastructure list via kubelet patch.

Test Plan:
PASS - Verify if the pods are running at the platform cores

Story: 2010769
Task: 48327

Change-Id: If3fa8cb25050eb70c45bee54d7cf8fbfe9695d2d
Signed-off-by: Marcos Paulo Oliveira Silva <Marcos.PauloOliveiraSilva@windriver.com>
2023-07-21 15:44:37 +00:00
Ramesh Kumar Sivanandam 3b934036cf Update kubelet.kubeconfig environment variable
The incorrect specification of the KUBELET_KUBECONFIG environment
variable made it so that default parameters were not present.

Update the KUBELET_KUBECONFIG environment variable as
KUBELET_KUBECONFIG="--kubeconfig=/etc/kubernetes/kubelet.kubeconfig".
So that kubelet have the correct default parameters.

Partial-Bug: 2026597

Test-plan:
PASS - Install AIO-SX and verified that /etc/kubernetes/kubelet
       contains the modified value of KUBELET_KUBECONFIG.

Change-Id: I38dae1b69b24b6a487d35e3f789e1b0d8171eef8
Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
2023-07-17 17:58:48 -04:00
Zhang Xiao ebe6342f16 Debian: docker-registry: CVE-2023-2253
Upgrade docker-registry from 2.7.1+ds2-7 to 2.7.1+ds2-7+deb11u1

Refer to:
https://www.debian.org/security/2023/dsa-5414
https://security-tracker.debian.org/tracker/CVE-2023-2253

Test Plan:
PASS: $downloader
PASS: $build-pkgs -c -a --parallel 10
PASS: $build-image
PASS: Jenkins Installation
PASS: dpkg -l | grep docker-registry
      ii  docker-registry 2.7.1+ds2-7+deb11u1.stx.8

Closes-Bug: 2022018

Change-Id: Ia71f6f261b0da0e1da21486457baedcb336f481f
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
2023-06-24 15:12:32 +08:00