Hello community,
here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-10-29 14:21:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old)
and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubernetes-salt"
Mon Oct 29 14:21:07 2018 rev:35 rq:644679 version:4.0.0+git_r937_e9764fe
Changes:
--------
--- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-10-18 15:38:06.950175908 +0200
+++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-10-29 14:58:23.921972167 +0100
@@ -1,0 +2,21 @@
+Thu Oct 18 14:42:24 UTC 2018 - containers-bugowner@suse.de
+
+- Commit 0d75b49 by Florian Bergmann fbergmann@suse.de
+ Use the registry configuration mapped from the host node.
+
+
+-------------------------------------------------------------------
+Thu Oct 18 12:55:40 UTC 2018 - containers-bugowner@suse.de
+
+- Commit 641ab4e by Ludovic Cavajani lcavajani@suse.com
+ rename aggregator to proxy-client
+
+ Signed-off-by: Ludovic Cavajani
+
+ Commit 081d260 by Ludovic Cavajani lcavajani@suse.com
+ bsc#1108195 Aggregation layer needs configuration
+
+ Signed-off-by: Ludovic Cavajani
+
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kubernetes-salt.spec ++++++
--- /var/tmp/diff_new_pack.4P5sQ2/_old 2018-10-29 14:58:24.561973337 +0100
+++ /var/tmp/diff_new_pack.4P5sQ2/_new 2018-10-29 14:58:24.561973337 +0100
@@ -33,7 +33,7 @@
Name: kubernetes-salt
%define gitrepo salt
-Version: 4.0.0+git_r932_c4914f4
+Version: 4.0.0+git_r937_e9764fe
Release: 0
BuildArch: noarch
Summary: Production-Grade Container Scheduling and Management
++++++ master.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/pillar/certificates.sls new/salt-master/pillar/certificates.sls
--- old/salt-master/pillar/certificates.sls 2018-10-10 17:39:29.000000000 +0200
+++ new/salt-master/pillar/certificates.sls 2018-10-18 16:46:15.000000000 +0200
@@ -40,6 +40,9 @@
kube_apiserver_key: '/etc/pki/kube-apiserver.key'
kube_apiserver_crt: '/etc/pki/kube-apiserver.crt'
+ kube_apiserver_proxy_client_key: '/etc/pki/kube-apiserver-proxy-client.key'
+ kube_apiserver_proxy_client_crt: '/etc/pki/kube-apiserver-proxy-client.crt'
+
kube_apiserver_proxy_key: '/etc/pki/private/kube-apiserver-proxy.key'
kube_apiserver_proxy_crt: '/etc/pki/kube-apiserver-proxy.crt'
kube_apiserver_proxy_bundle: '/etc/pki/private/kube-apiserver-proxy-bundle.pem'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_modules/caasp_registry.py new/salt-master/salt/_modules/caasp_registry.py
--- old/salt-master/salt/_modules/caasp_registry.py 2018-10-10 17:39:29.000000000 +0200
+++ new/salt-master/salt/_modules/caasp_registry.py 2018-10-18 16:46:15.000000000 +0200
@@ -9,29 +9,49 @@
- use_registry_images: True if registry images should be used.
- base_image_url: prefix for the container-images: <prefix>/<image>:<tag>
"""
-import sys
+import yaml
UNKNOWN_VERSION = (0, 0)
+REGISTRY_CONFIGURATION_PATH = "/usr/share/caasp-container-manifests/config/registry/registry-config.yaml"
def __virtual__():
return "caasp_registry"
+def _registry_config():
+ registry_config = {
+ "use_registry": False,
+ "host": "",
+ "namespace": ""
+ }
+ try:
+ with open(REGISTRY_CONFIGURATION_PATH) as config:
+ try:
+ registry_config = yaml.safe_load(config)
+ except yaml.YAMLError:
+ __utils__['caasp_log.warn']("Could not load registry configuration at %s",
+ REGISTRY_CONFIGURATION_PATH)
+ except IOError:
+ __utils__['caasp_log.warn']("Could not read registry configuration file: %s",
+ REGISTRY_CONFIGURATION_PATH)
+ return registry_config
+
+
def _use_registry_images():
"""Return whether registry or packaged images are used."""
- return False if sys.version_info < (3,) else True
+ return _registry_config()["use_registry"]
def _registry():
"""Registry to download images from."""
- return "registry.suse.de"
+ return _registry_config()["host"]
def _namespace():
"""Base namespace the images can be found in the registry"""
- return "devel/casp/3.0/controllernode/images_container_base/sles12"
+ return _registry_config()["namespace"]
def caasp_version():
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/kube-apiserver/apiserver.jinja new/salt-master/salt/kube-apiserver/apiserver.jinja
--- old/salt-master/salt/kube-apiserver/apiserver.jinja 2018-10-10 17:39:29.000000000 +0200
+++ new/salt-master/salt/kube-apiserver/apiserver.jinja 2018-10-18 16:46:15.000000000 +0200
@@ -54,6 +54,8 @@
--requestheader-group-headers=X-Remote-Group \
--requestheader-extra-headers-prefix=X-Remote-Extra \
--requestheader-client-ca-file={{ pillar['ssl']['ca_file'] }} \
+ --proxy-client-cert-file={{ pillar['ssl']['kube_apiserver_proxy_client_crt'] }} \
+ --proxy-client-key-file={{ pillar['ssl']['kube_apiserver_proxy_client_key'] }} \
--storage-backend={{ pillar['api']['etcd_version'] }} \
--storage-media-type=application/json \
--service-account-key-file={{ pillar['paths']['service_account_key'] }} \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/kube-apiserver/init.sls new/salt-master/salt/kube-apiserver/init.sls
--- old/salt-master/salt/kube-apiserver/init.sls 2018-10-10 17:39:29.000000000 +0200
+++ new/salt-master/salt/kube-apiserver/init.sls 2018-10-18 16:46:15.000000000 +0200
@@ -12,6 +12,13 @@
cn = grains['nodename'],
o = pillar['certificate_information']['subject_properties']['O']) }}
+{% from '_macros/certs.jinja' import certs with context %}
+{{ certs("kube-apiserver-proxy-client",
+ pillar['ssl']['kube_apiserver_proxy_client_crt'],
+ pillar['ssl']['kube_apiserver_proxy_client_key'],
+ cn = grains['nodename'],
+ o = pillar['certificate_information']['subject_properties']['O']) }}
+
kube-apiserver:
caasp_retriable.retry:
- name: iptables-kube-apiserver