Details

    • Type: Story
    • Status: Closed
    • Priority: Highest
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: Beijing Release
    • Labels:

      Description

      Upgrade to Kubernetes 1.9 will break secrets for docker pulls
      See issues with nexus secrets in OOM-522 that we need to fix or get fixed first before we consume the new features in 1.9

      see https://github.com/kubernetes/kubernetes/issues/57528 

      fixed in 1.9.1

      The following

      https://git.onap.org/oom/tree/kubernetes/oneclick/createAll.bash

      fails to create the secret properly

      cmd=`echo kubectl -namespace $1$2 create secret docker-registry $3 --docker-server=$4 --docker-username=$5 --docker-password=$6 --docker-email=$7`

      related issues
      Our move to helm 2.7 (to be able to use the tpl function) is blocked by an issue with our vnc-portal container – as helm 2.6 comes is with Rancher 1.6.11+ we are still on 1.6.10 using Helm 2.3

      (fixed in OOM-486 )
      Our move to Kubernetes 1.9 is blocked by an issue in the way we store docker repo secrets – I will look into using the older approach so we can move from 1.8.6
      Our move off docker 1.12 is dictated by the version of Rancher that Kubernetes 1.8 works with
      Our move off Ubuntu 16 to 17 is dictated by the version of Ubuntu Rancher is good with – more minor

      Essentially we need to fix the issue with vnc-portal to bump helm which will allow us to use a later Rancher and then fix the docker secret issue in Kubernetes 1.9.

      Kubernetes 1.9 issues
      Docker pulls involving protected nexus server secrets failing after Kubernetes 1.9.0 upgrade from 1.8.4
      https://jira.onap.org/browse/OOM-522
      Upgrade Kubernetes from 1.8.6 to 1.9.0
      https://jira.onap.org/browse/OOM-535
      https://jira.onap.org/browse/OOM-406
      https://jira.onap.org/browse/OOM-457

      Rancher
      Rancher issues (we cannot move to 1.6.11+ (which contains the server version of helm 2.6 until vnc-portal is fixed)
      Rancher 1.6.13 will run docker 17.03.2 via K8S 1.8 (up from 1.12 for K8S 1.7)
      https://jira.onap.org/browse/OOM-530
      onap-log elasticsearch container memory config too low to start - fix: sysctl -w vm.max_map_count=262144 under Rancher 1.6.11+
      https://jira.onap.org/browse/OOM-431
      Rancher 2.0 deployment POC
      https://jira.onap.org/browse/OOM-330

      HELM upgrade from 2.3 to 2.7
      https://jira.onap.org/browse/OOM-486
      OOM vnc-portal container down since 20171114:2300UTC after helm upgrade from 2.3 to 2.6 and Rancher 1.6.11 on same day
      https://jira.onap.org/browse/OOM-441

       

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              • Assignee:
                michaelobrien Michael O'Brien
                Reporter:
                michaelobrien Michael O'Brien
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour
                  1h