* add snapd_refresh config and handlers to k8s-master and -worker
* lint readmes
* add snapd_refresh doc to the readme; make "max" less specific
* adjust wording to note snapd_refresh only affects store snaps
Automatic merge from submit-queue (batch tested with PRs 65518, 65624, 65380, 65390, 65586). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Preparing for 1.11 release and update ingress image to 0.16.1
**What this PR does / why we need it**: This is to prepare Juju charms to default to 1.11 release.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Usage of names containing uppercase characters returned by calls to
gethostname and getfqdn in requests to apiserver related to nodes
results in 404 errors. Node names are lowercase in K8s itself so charms
should make sure to use lowercase names well as it results in errors.
pkg/util/node/node.go has code to convert hostnames to lowercase in
GetHostname and that function is used to form node names.
Automatic merge from submit-queue (batch tested with PRs 65301, 65291, 65307, 63845, 65313). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add option to control SSL chain completion
**What this PR does / why we need it**:
This adds templated support to the kubernetes-worker juju charm for the --enable-ssl-chain-completion option on the ingress proxy. It defaults to false, to ensure that production sites are not reliant on OCSP or DNS in order to function.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
kubernetes-worker juju charm: Added support for setting the --enable-ssl-chain-completion option on the ingress proxy. "action required": if your installation relies on supplying incomplete certificate chains and using OCSP to fill them in, you must set "ingress-ssl-chain-completion" to "true" in your juju configuration.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
juju charms: set more accurate status based on goal_state
**What this PR does / why we need it**:
Use juju goal-state to report more accurate charm status.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/593
**Special notes for your reviewer**:
The goal-state hook tool was released in juju 2.4. For deployments on earlier versions of juju, this will fall back to the current status reporting behavior.
**Release note**:
```release-note
Report accurate status for kubernetes-master and -worker charms.
```
Automatic merge from submit-queue (batch tested with PRs 64140, 64898, 65022, 65037, 65027). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add charm support for OpenStack Integrator
**What this PR does / why we need it**:
Add charm support for OpenStack Integrator
Also rename interfaces for existing integrator charms
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62354, 62934, 63502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add support for AWS charm
Support AWS integration via proxy charm.
**What this PR does / why we need it**: Add support for Juju charms to connect to AWS integration charm to automatically manage IAM tags and roles, and cloud-provider setting for AWS.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 60197, 61614, 62074, 62071, 62301). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add support for arm64 to juju charms.
**What this PR does / why we need it**: Add support for arm64 to juju charms.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
accelerators: remove Accelerators from feature gates
Passing this flag is preventing clusters from coming up:
```
server.go:165] unrecognized key: Accelerators
```
Automatic merge from submit-queue (batch tested with PRs 60878, 62118, 62126). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix: when privileged is set correctly in charms
**What this PR does / why we need it**: Privileged flag is not correctly set in juju charms causing validation test to fail.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/538
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
juju: Fix broken ingress after upgrade-charm
**What this PR does / why we need it**:
This fixes a bug that prevents the ingress controller from being deployed after doing an `upgrade-charm`.
Essentially, `worker.auth.bootstrapped` gets cleared during `upgrade-charm`, and it never gets set again. This prevents the `start_worker` and `render_and_launch_ingress` handlers from running, among other things.
This PR fixes that.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Avoid hook errors when effecting label changes on kubernetes-worker charm.
**What this PR does / why we need it**: Avoid hook errors when effecting label changes on kubernetes-worker charm.
**Release note**:
```release-note
Avoid hook errors when effecting label changes on kubernetes-worker charm.
```
Automatic merge from submit-queue (batch tested with PRs 57824, 58806, 59410, 59280). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
2nd try at using a vanity GCR name
The 2nd commit here is the changes relative to the reverted PR. Please focus review attention on that.
This is the 2nd attempt. The previous try (#57573) was reverted while we
figured out the regional mirrors (oops).
New plan: k8s.gcr.io is a read-only facade that auto-detects your source
region (us, eu, or asia for now) and pulls from the closest. To publish
an image, push k8s-staging.gcr.io and it will be synced to the regionals
automatically (similar to today). For now the staging is an alias to
gcr.io/google_containers (the legacy URL).
When we move off of google-owned projects (working on it), then we just
do a one-time sync, and change the google-internal config, and nobody
outside should notice.
We can, in parallel, change the auto-sync into a manual sync - send a PR
to "promote" something from staging, and a bot activates it. Nice and
visible, easy to keep track of.
xref https://github.com/kubernetes/release/issues/281
TL;DR:
* The new `staging-k8s.gcr.io` is where we push images. It is literally an alias to `gcr.io/google_containers` (the existing repo) and is hosted in the US.
* The contents of `staging-k8s.gcr.io` are automatically synced to `{asia,eu,us)-k8s.gcr.io`.
* The new `k8s.gcr.io` will be a read-only alias to whichever regional repo is closest to you.
* In the future, images will be promoted from `staging` to regional "prod" more explicitly and auditably.
```release-note
Use "k8s.gcr.io" for pulling container images rather than "gcr.io/google_containers". Images are already synced, so this should not impact anyone materially.
Documentation and tools should all convert to the new name. Users should take note of this in case they see this new name in the system.
```
This is the 2nd attempt. The previous was reverted while we figured out
the regional mirrors (oops).
New plan: k8s.gcr.io is a read-only facade that auto-detects your source
region (us, eu, or asia for now) and pulls from the closest. To publish
an image, push k8s-staging.gcr.io and it will be synced to the regionals
automatically (similar to today). For now the staging is an alias to
gcr.io/google_containers (the legacy URL).
When we move off of google-owned projects (working on it), then we just
do a one-time sync, and change the google-internal config, and nobody
outside should notice.
We can, in parallel, change the auto-sync into a manual sync - send a PR
to "promote" something from staging, and a bot activates it. Nice and
visible, easy to keep track of.
Automatic merge from submit-queue (batch tested with PRs 59441, 58264, 59287, 59396, 59439). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Ensure docker daemon opts are in effect before docker login
**What this PR does / why we need it**:
Make sure the kubernetes-worker charm is using the configured `docker-opts` daemon options prior to running the `docker-logins` handler.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
https://github.com/juju-solutions/layer-docker/issues/112
**Special notes for your reviewer**:
**Release note**:
```release-note
Fixed charm issue where docker login would run prior to daemon options being set.
```
Previous commit relied on non-obvious reactive behavior, with the
'docker.restart' flag being exploited to re-execute docker_logins_changed
in a single hook execution.
Split this into 2 handlers:
- when docker-logins config changes, set one flag to handle the login
and another to request a daemon restart (if needed).
- run docker login after any potential daemon restarts have occurred.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
bumping timeouts for apiserver communication.
**What this PR does / why we need it**:
Our CI is failing due to timeouts. The times we set node names intersects with apiserver restarts, which can sometimes get caught up for longer than one minute. This is a temporary fix until we can decide on the best long-term solution.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Upped the timeout for apiserver communication in the juju kubernetes-worker charm.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixing upgrade charm failing if upgrading from an old enough charm
**What this PR does / why we need it**:
Charms before ~Nov 2017 can not upgrade to charms made after that time due to a race with a missing credential dictionary. This change forces the dictionary to be created before we attempt to use it.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/474
**Special notes for your reviewer**:
**Release note**:
```release-note
Fixed issue with charm upgrades resulting in an error state.
```
