(hotfix devel) Hotfixes for v11.0
Version Control Information
Source branch: hotfix/devel/hotfixes-v11
Target branch: devel
Commits:
* Update version number for hotfix-release
* config: Fix condition in ansible_hosts apply
Fixes the apply function of the `yk8s.infra.ansible_hosts` config option where
`applyGroupSubmoduleAttrs` could receive the default value `null` due to a
wrong condition.
Fixes-up: 689e6c6c3 Use YAML based hosts file
* Always SNAT Wireguard traffic
This fixes a bug which prevented cluster creation or adding new nodes to
an existing cluster if "ch_k8s_lbaas_enable_snat" was "false".
In the case that SNAT'ing got disabled, there was a routing asymmetry
for new nodes. In the case SNAT'ing is disabled, the gateways propagate
routes to overwrite the default route on Kubernetes nodes. These get
imported on the Kubernetes nodes by Calico. However, on freshly created
nodes there is no Calico running, yet. Therefore, they use the OpenStack
router as default route. Then, the external Wireguard peer sends a package
to the Wireguard server, but receives an answer from the OpenStack
router. This causes connectivity to break. For existing Kubernetes nodes
there is no problem, because they use the networking_fixed_ip as default
route. To fix the issue for freshly provisioned nodes, which have not
imported the new default route yet but use the OpenStack router, we have
to always SNAT Wireguard traffic.
Fixes-up: 4311fae5c1211bc026e2c3e37d85a93d01b5958f
* ch-k8s-lbaas: Fix reconfiguration of SNAT'ing
Reconfiguring (i.e. disabling) the SNAT'ing option caused the prepare-gw
action script to fail because the bird daemon got misconfigured. This is
because a new function "filter_default_overwrite" is added to the
"k8s_worker" filter if SNAT'ing gets disabled. However, that file
containing that function only got created in the "ch-k8s-lbaas-agent"
role. This caused the bird daemon to fail if SNAT'ing got disabled and
the prepare-gw (or apply-all) action scripts where triggered in advance
of "install-ch-k8s-lbaas.yaml" playbook.
To resolve this issue, the necessary bird preparations for disabling
SNAT'ing have been moved out of the "ch-k8s-lbaas-agents" role into the
"bird" role.
Fixes-up: 4311fae5c1211bc026e2c3e37d85a93d01b5958f
* ch-k8s-lbaas: Connect to frontend only
as it is not necessary to connect to masters
* Fix ansible_hosts/host_file assertion
Either the new `config.yk8s.infra.ansible_hosts` or the old
`config.yk8s.infra.hosts_file` option needs to be set, but not both -- when
Terraform is disabled.
However it was falsely asserted that none of the two option are set.
Fixes-up: 689e6c6c3 Use YAML based hosts file
* fix migration for openstack clusters
Since !1714 (93ea1b4f), we rely on Terraform outputs to build the
YAML-based hosts file. For these outputs to exist, the Terraform stage
has to be run first.
This commit adds a call to the Terraform stage to the migration script
so the cluster repo is in a usable state afterwards.
* fix execute permission of v11-01-yaml-hosts.sh file
In !1714 (93ea1b4f), we introduces the YAML-based approach for Ansible
hosts file.
This commit changes the execute permission for the
`release-migrations/v11-01-yaml-hosts.sh` script and allowing it to
remove obsolete state files during release migration.Fixes-up: !1714 (merged)
Fixes-up: !1943 (merged)
Related-hotfix: !2179 (merged) (v11.0)
After: !2179 (merged)
Merge Prerequisites
-
MR title (and description) are descriptive -
Code is readable and syntactically correct -
Code is understandable -
Documentation has been updated, if necessary -
Commit messages look good -
Release note file in RST format added in latest commit
As a developer: please do not tick these boxes yourself. As a reviewer: please get yourself a hot cold beverage.
Edited by brunos