Hello community,
here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-02-06 16:49:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old)
and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubernetes-salt"
Tue Feb 6 16:49:12 2018 rev:3 rq:573102 version:3.0.0+git_r561_e96818e
Changes:
--------
--- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-02-02 22:22:14.461990881 +0100
+++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-02-06 16:49:15.219788996 +0100
@@ -1,0 +2,71 @@
+Mon Feb 5 16:52:13 UTC 2018 - containers-bugowner@suse.de
+
+- Commit 21d9ab7 by Jordi Massaguer Pla jmassaguerpla@suse.de
+ [packaging] Replace | by # in sed expression
+
+ as % is reserved for rpm macros
+
+ Signed-off-by: Jordi Massaguer Pla
+
+
+-------------------------------------------------------------------
+Mon Feb 5 15:53:16 UTC 2018 - containers-bugowner@suse.de
+
+- Commit 0126b32 by Kiall Mac Innes kiall@macinnes.ie
+ Namespace the roles and cluster roles we create
+
+ When we create a role, rolebinding etc, we should namespace the names in
+ order to make it obvious these are deployed as part of CaaSP, as well as to
+ help ensure these are obviously part of CaaSP, not a stock part of
+ Kubernetes.
+
+ I've gone with a "suse:caasp:" prefix, which matches the "system:" prefix for
+ built in roles/rolebindings/etc.
+
+
+-------------------------------------------------------------------
+Mon Feb 5 10:28:39 UTC 2018 - containers-bugowner@suse.de
+
+- Commit 40731ca by Flavio Castelli fcastelli@suse.com
+ Update our manifests to reflect kubernetes 1.8 changes
+
+ * rbac has been promoted to stable
+ * deploymen is now v1beta2
+ * deamonset is now v1beta2
+
+ Signed-off-by: Flavio Castelli
+
+
+-------------------------------------------------------------------
+Fri Feb 2 16:30:33 UTC 2018 - containers-bugowner@suse.de
+
+- Commit 9ecb201 by Kiall Mac Innes kiall@macinnes.ie
+ Remove old mis-named tiller deployment
+
+ Commit a66edac by Nikhil Manchanda SlickNik@gmail.com
+ helm should detect salt-installed tiller service
+
+ The helm client looks for a tiller deployment called 'tiller-deploy' to
+ establish if tiller is already installed in the cluster, or not. Update our
+ salt install of tiller to use a deployment with the same name so that it will
+ be recognized by the helm client as already being installed.
+
+ Fixes: bsc#1066201
+
+
+-------------------------------------------------------------------
+Fri Feb 2 11:55:31 UTC 2018 - containers-bugowner@suse.de
+
+- Commit 5b2893d by Alvaro Saurin alvaro.saurin@gmail.com
+ Do not try to remove some flannel file that cannot be removed, and remove
+ some other instead
+
+
+-------------------------------------------------------------------
+Fri Feb 2 10:42:01 UTC 2018 - containers-bugowner@suse.de
+
+- Commit cb27ba1 by Kiall Mac Innes kiall@macinnes.ie
+ Update flannel image tag to match flannel version
+
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kubernetes-salt.spec ++++++
--- /var/tmp/diff_new_pack.Q0VFPX/_old 2018-02-06 16:49:16.447731539 +0100
+++ /var/tmp/diff_new_pack.Q0VFPX/_new 2018-02-06 16:49:16.447731539 +0100
@@ -32,7 +32,7 @@
Name: kubernetes-salt
%define gitrepo salt
-Version: 3.0.0+git_r549_76bcd68
+Version: 3.0.0+git_r561_e96818e
Release: 0
BuildArch: noarch
Summary: Production-Grade Container Scheduling and Management
@@ -68,8 +68,8 @@
echo "ERROR: File not found $file"
exit -1
fi
- sed -e "s%image:[ ]*sles12/\(.*\):%image: %{_base_image}/\1:%g" -i $file
- sed -e "s%image:[ ]*'sles12/\(.*\):%image: '%{_base_image}/\1:%g" -i $file
+ sed -e "s|image:[ ]*sles12/\(.*\):|image: %{_base_image}/\1:|g" -i $file
+ sed -e "s|image:[ ]*'sles12/\(.*\):|image: '%{_base_image}/\1:|g" -i $file
done
%files
++++++ master.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/packaging/suse/make_spec.sh new/salt-master/packaging/suse/make_spec.sh
--- old/salt-master/packaging/suse/make_spec.sh 2018-02-02 10:42:57.000000000 +0100
+++ new/salt-master/packaging/suse/make_spec.sh 2018-02-05 17:51:16.000000000 +0100
@@ -90,8 +90,8 @@
echo "ERROR: File not found \$file"
exit -1
fi
- sed -e "s%image:[ ]*sles12/\(.*\):%image: %{_base_image}/\1:%g" -i \$file
- sed -e "s%image:[ ]*'sles12/\(.*\):%image: '%{_base_image}/\1:%g" -i \$file
+ sed -e "s|image:[ ]*sles12/\(.*\):|image: %{_base_image}/\1:|g" -i \$file
+ sed -e "s|image:[ ]*'sles12/\(.*\):|image: '%{_base_image}/\1:|g" -i \$file
done
%files
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/pillar/cni.sls new/salt-master/pillar/cni.sls
--- old/salt-master/pillar/cni.sls 2018-02-02 10:42:57.000000000 +0100
+++ new/salt-master/pillar/cni.sls 2018-02-05 17:51:16.000000000 +0100
@@ -1,6 +1,6 @@
# the flannel backend ('udp', 'vxlan', 'host-gw', etc)
flannel:
- image: 'sles12/flannel:1.0.0'
+ image: 'sles12/flannel:0.9.1'
backend: 'vxlan' # UDP seems to be near end of life (https://github.com/coreos/flannel/pull/786)
# log level for flanneld service
# 0 - Generally useful for this to ALWAYS be visible to an operator.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_macros/kubectl.jinja new/salt-master/salt/_macros/kubectl.jinja
--- old/salt-master/salt/_macros/kubectl.jinja 2018-02-02 10:42:57.000000000 +0100
+++ new/salt-master/salt/_macros/kubectl.jinja 2018-02-05 17:51:16.000000000 +0100
@@ -39,6 +39,10 @@
- check_cmd:
- {{ kwargs['check_cmd'] }}
{%- endif %}
+{%- if 'onlyif' in kwargs %}
+ - onlyif:
+ - {{ kwargs['onlyif'] }}
+{%- endif %}
{%- endmacro %}
#####################################################################
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/dns/init.sls new/salt-master/salt/addons/dns/init.sls
--- old/salt-master/salt/addons/dns/init.sls 2018-02-02 10:42:57.000000000 +0100
+++ new/salt-master/salt/addons/dns/init.sls 2018-02-05 17:51:16.000000000 +0100
@@ -10,11 +10,10 @@
"/etc/kubernetes/addons/kubedns.yaml",
check_cmd="kubectl get deploy kube-dns -n kube-system | grep kube-dns") }}
-{{ kubectl("create-dns-clusterrolebinding",
- "create clusterrolebinding system:kube-dns --clusterrole=cluster-admin --serviceaccount=kube-system:default",
- unless="kubectl get clusterrolebindings | grep kube-dns",
- check_cmd="kubectl get clusterrolebindings | grep kube-dns",
- watch=["/etc/kubernetes/addons/kubedns.yaml"]) }}
+# TODO: Transitional code, remove for CaaSP v4
+{{ kubectl("remove-old-kube-dns-clusterrolebinding",
+ "delete clusterrolebinding system:kube-dns",
+ onlyif="kubectl get clusterrolebinding system:kube-dns") }}
{% else %}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/dns/kubedns.yaml.jinja new/salt-master/salt/addons/dns/kubedns.yaml.jinja
--- old/salt-master/salt/addons/dns/kubedns.yaml.jinja 2018-02-02 10:42:57.000000000 +0100
+++ new/salt-master/salt/addons/dns/kubedns.yaml.jinja 2018-02-05 17:51:16.000000000 +0100
@@ -1,4 +1,28 @@
-apiVersion: extensions/v1beta1
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: kube-dns
+ namespace: kube-system
+ labels:
+ kubernetes.io/cluster-service: "true"
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: suse:caasp:kube-dns
+subjects:
+- kind: ServiceAccount
+ name: kube-dns
+ namespace: kube-system
+roleRef:
+ kind: ClusterRole
+ name: cluster-admin
+ apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: kube-dns
@@ -174,12 +198,3 @@
metadata:
name: kube-dns
namespace: kube-system
-
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: kube-dns
- namespace: kube-system
- labels:
- kubernetes.io/cluster-service: "true"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/tiller/init.sls new/salt-master/salt/addons/tiller/init.sls
--- old/salt-master/salt/addons/tiller/init.sls 2018-02-02 10:42:57.000000000 +0100
+++ new/salt-master/salt/addons/tiller/init.sls 2018-02-05 17:51:16.000000000 +0100
@@ -8,13 +8,17 @@
{{ kubectl_apply_template("salt://addons/tiller/tiller.yaml.jinja",
"/etc/kubernetes/addons/tiller.yaml",
- check_cmd="kubectl get deploy tiller -n kube-system | grep tiller") }}
+ check_cmd="kubectl get deploy tiller-deploy -n kube-system | grep tiller-deploy") }}
-{{ kubectl("create-tiller-clusterrolebinding",
- "create clusterrolebinding system:tiller --clusterrole=cluster-admin --serviceaccount=kube-system:tiller",
- unless="kubectl get clusterrolebindings | grep tiller",
- check_cmd="kubectl get clusterrolebindings | grep tiller",
- watch=["/etc/kubernetes/addons/tiller.yaml"]) }}
+# TODO: Transitional code, remove for CaaSP v4
+{{ kubectl("remove-old-tiller-clusterrolebinding",
+ "delete clusterrolebinding system:tiller",
+ onlyif="kubectl get clusterrolebinding system:tiller") }}
+
+# TODO: Transitional code, remove for CaaSP v4
+{{ kubectl("remove-old-tiller-deployment",
+ "delete deploy tiller -n kube-system",
+ onlyif="kubectl get deploy tiller -n kube-system") }}
{% else %}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/addons/tiller/tiller.yaml.jinja new/salt-master/salt/addons/tiller/tiller.yaml.jinja
--- old/salt-master/salt/addons/tiller/tiller.yaml.jinja 2018-02-02 10:42:57.000000000 +0100
+++ new/salt-master/salt/addons/tiller/tiller.yaml.jinja 2018-02-05 17:51:16.000000000 +0100
@@ -1,4 +1,28 @@
-apiVersion: extensions/v1beta1
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: tiller
+ namespace: kube-system
+ labels:
+ kubernetes.io/cluster-service: "true"
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: suse:caasp:tiller
+subjects:
+- kind: ServiceAccount
+ name: tiller
+ namespace: kube-system
+roleRef:
+ kind: ClusterRole
+ name: cluster-admin
+ apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: apps/v1beta2
kind: Deployment
metadata:
creationTimestamp: null
@@ -6,9 +30,13 @@
app: helm
name: tiller
kubernetes.io/cluster-service: "true"
- name: tiller
+ name: tiller-deploy
namespace: kube-system
spec:
+ selector:
+ matchLabels:
+ app: helm
+ name: tiller
strategy: {}
template:
metadata:
@@ -73,12 +101,3 @@
type: ClusterIP
status:
loadBalancer: {}
-
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: tiller
- namespace: kube-system
- labels:
- kubernetes.io/cluster-service: "true"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/cni/init.sls new/salt-master/salt/cni/init.sls
--- old/salt-master/salt/cni/init.sls 2018-02-02 10:42:57.000000000 +0100
+++ new/salt-master/salt/cni/init.sls 2018-02-05 17:51:16.000000000 +0100
@@ -48,4 +48,3 @@
- file: /etc/kubernetes/addons/kube-flannel-rbac.yaml
{% endif %}
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/cni/kube-flannel-rbac.yaml.jinja new/salt-master/salt/cni/kube-flannel-rbac.yaml.jinja
--- old/salt-master/salt/cni/kube-flannel-rbac.yaml.jinja 2018-02-02 10:42:57.000000000 +0100
+++ new/salt-master/salt/cni/kube-flannel-rbac.yaml.jinja 2018-02-05 17:51:16.000000000 +0100
@@ -3,12 +3,13 @@
kind: ServiceAccount
metadata:
name: flannel
- namespace: "kube-system"
+ namespace: kube-system
+
---
kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
metadata:
- name: flannel
+ name: suse:caasp:flannel
rules:
- apiGroups:
- ""
@@ -29,16 +30,17 @@
- nodes/status
verbs:
- patch
+
---
kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
metadata:
- name: flannel
+ name: suse:caasp:flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
- name: flannel
+ name: suse:caasp:flannel
subjects:
- kind: ServiceAccount
name: flannel
- namespace: "kube-system"
+ namespace: kube-system
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/cni/kube-flannel.yaml.jinja new/salt-master/salt/cni/kube-flannel.yaml.jinja
--- old/salt-master/salt/cni/kube-flannel.yaml.jinja 2018-02-02 10:42:57.000000000 +0100
+++ new/salt-master/salt/cni/kube-flannel.yaml.jinja 2018-02-05 17:51:16.000000000 +0100
@@ -50,7 +50,7 @@
}
}
---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1beta2
kind: DaemonSet
metadata:
name: kube-flannel
@@ -59,6 +59,10 @@
tier: node
k8s-app: flannel
spec:
+ selector:
+ matchLabels:
+ tier: node
+ k8s-app: flannel
template:
metadata:
labels:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/cni/update-pre-reboot.sls new/salt-master/salt/cni/update-pre-reboot.sls
--- old/salt-master/salt/cni/update-pre-reboot.sls 2018-02-02 10:42:57.000000000 +0100
+++ new/salt-master/salt/cni/update-pre-reboot.sls 2018-02-05 17:51:16.000000000 +0100
@@ -7,10 +7,10 @@
service.disabled:
- name: flanneld
-remove-flannel-unit:
+remove-flannel-files-1:
file.absent:
- - name: /usr/lib/systemd/system/docker.service.d/flannel.conf
+ - name: /run/flannel/docker
-remove-flannel-subnets:
+remove-flannel-files-2:
file.absent:
- name: /var/run/flannel
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/dex/dex.yaml new/salt-master/salt/dex/dex.yaml
--- old/salt-master/salt/dex/dex.yaml 2018-02-02 10:42:57.000000000 +0100
+++ new/salt-master/salt/dex/dex.yaml 2018-02-05 17:51:16.000000000 +0100
@@ -9,9 +9,9 @@
---
# Map the LDAP Administrators role to the Kubernetes system:masters group
kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
metadata:
- name: system:dex
+ name: suse:caasp:dex
subjects:
- kind: ServiceAccount
name: dex
@@ -77,7 +77,7 @@
name: "CaaSP CLI"
secret: "swac7qakes7AvucH8bRucucH"
---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1beta2
kind: Deployment
metadata:
labels:
@@ -86,6 +86,9 @@
name: dex
namespace: kube-system
spec:
+ selector:
+ matchLabels:
+ app: dex
replicas: 3
template:
metadata:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/dex/init.sls new/salt-master/salt/dex/init.sls
--- old/salt-master/salt/dex/init.sls 2018-02-02 10:42:57.000000000 +0100
+++ new/salt-master/salt/dex/init.sls 2018-02-05 17:51:16.000000000 +0100
@@ -31,6 +31,26 @@
"/root/roles.yaml",
watch=["dex_secrets", "/root/dex.yaml"]) }}
+# TODO: Transitional code, remove for CaaSP v4
+{{ kubectl("remove-old-find-dex-role",
+ "delete role find-dex -n kube-system",
+ onlyif="kubectl get role find-dex -n kube-system") }}
+
+# TODO: Transitional code, remove for CaaSP v4
+{{ kubectl("remove-old-find-dex-rolebinding",
+ "delete rolebinding find-dex -n kube-system",
+ onlyif="kubectl get rolebinding find-dex -n kube-system") }}
+
+# TODO: Transitional code, remove for CaaSP v4
+{{ kubectl("remove-old-administrators-in-ldap-clusterrolebinding",
+ "delete clusterrolebinding administrators-in-ldap",
+ onlyif="kubectl get clusterrolebinding administrators-in-ldap") }}
+
+# TODO: Transitional code, remove for CaaSP v4
+{{ kubectl("remove-old-dex-clusterrolebinding",
+ "delete clusterrolebinding system:dex",
+ onlyif="kubectl get clusterrolebinding system:dex") }}
+
ensure_dex_running:
# Wait until the Dex API is actually up and running
http.wait_for_successful_query:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/dex/roles.yaml new/salt-master/salt/dex/roles.yaml
--- old/salt-master/salt/dex/roles.yaml 2018-02-02 10:42:57.000000000 +0100
+++ new/salt-master/salt/dex/roles.yaml 2018-02-05 17:51:16.000000000 +0100
@@ -3,9 +3,9 @@
# any time. It will be in a different location in a
# cloud provider environment.
kind: Role
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
metadata:
- name: find-dex
+ name: suse:caasp:read-dex-service
namespace: kube-system
rules:
- apiGroups: [""]
@@ -16,9 +16,9 @@
# Allow any authenticated *or* unauthenticated
# user to look up Dex's service entry
kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
metadata:
- name: find-dex
+ name: suse:caasp:read-dex-service
namespace: kube-system
subjects:
- kind: Group
@@ -29,14 +29,14 @@
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
- name: find-dex
+ name: suse:caasp:read-dex-service
apiGroup: rbac.authorization.k8s.io
---
# Map the LDAP Administrators role to the Kubernetes system:masters group
kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
metadata:
- name: administrators-in-ldap
+ name: suse:caasp:ldap-administrators
subjects:
- kind: Group
name: "{{ pillar['ldap']['admin_group_name'] }}"