# SOME DESCRIPTIVE TITLE. # Copyright (C) 2016, Magnum developers # This file is distributed under the same license as the magnum package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: magnum \n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2024-11-12 06:43+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: ../../:166 msgid "" "--keypair-id parameter in magnum CLI cluster-template-create has been " "renamed to --keypair." msgstr "" #: ../../:200 msgid "10.0.0" msgstr "" #: ../../:24 msgid "10.1.0" msgstr "" #: ../../:5 msgid "10.1.0-3" msgstr "" #: ../../:65 msgid "11.0.0" msgstr "" #: ../../:24 msgid "11.1.0" msgstr "" #: ../../:5 msgid "11.2.0" msgstr "" #: ../../:24 msgid "12.0.0" msgstr "" #: ../../:5 msgid "12.1.0" msgstr "" #: ../../:21 msgid "13.0.0" msgstr "" #: ../../:5 msgid "13.1.0" msgstr "" #: ../../:5 msgid "14.0.0" msgstr "" #: ../../:5 msgid "15.0.0" msgstr "" #: ../../:22 stable/2023.2>:99 msgid "16.0.0" msgstr "" #: ../../:5 msgid "16.0.1" msgstr "" #: ../../:5 msgid "17.0.0" msgstr "" #: ../../:5 msgid "18.0.0" msgstr "" #: ../../:5 msgid "19.0.0" msgstr "" #: ../../:197 msgid "3.0.0" msgstr "" #: ../../:69 msgid "3.1.0" msgstr "" #: ../../:5 msgid "3.2.0" msgstr "" #: ../../:108 msgid "4.0.0" msgstr "" #: ../../:91 msgid "4.1.0" msgstr "" #: ../../:37 msgid "4.1.1" msgstr "" #: ../../:22 msgid "4.1.2" msgstr "" #: ../../:5 msgid "4.1.4-8" msgstr "" #: ../../:87 msgid "5.0.0" msgstr "" #: ../../:53 msgid "5.0.1" msgstr "" #: ../../:5 msgid "5.0.2" msgstr "" #: ../../:307 stable/rocky>:408 msgid "6.0.1" msgstr "" #: ../../:223 msgid "6.1.0" msgstr "" #: ../../:133 msgid "6.1.1" msgstr "" #: ../../:86 msgid "6.2.0" msgstr "" #: ../../:50 msgid "6.3.0" msgstr "" #: ../../:5 msgid "6.3.0-9" msgstr "" #: ../../:189 msgid "7.0.0" msgstr "" #: ../../:165 msgid "7.0.1" msgstr "" #: ../../:117 msgid "7.0.2" msgstr "" #: ../../:74 msgid "7.1.0" msgstr "" #: ../../:5 msgid "7.2.0" msgstr "" #: ../../:84 msgid "8.0.0" msgstr "" #: ../../:34 msgid "8.1.0" msgstr "" #: ../../:5 msgid "8.2.0" msgstr "" #: ../../:302 msgid "9.0.0" msgstr "" #: ../../:219 msgid "9.1.0" msgstr "" #: ../../:135 msgid "9.2.0" msgstr "" #: ../../:100 msgid "9.3.0" msgstr "" #: ../../:21 msgid "9.4.0" msgstr "" #: ../../:5 msgid "9.4.1" msgstr "" #: ../../:393 msgid "" "A new API endpoint /actions/upgrade is added to support rolling " "upgrade the base OS of nodes and the version of Kubernetes. More details " "please refer the API Refreence document." msgstr "" #: ../../:57 stable/victoria>:98 msgid "" "A new boolean flag is introduced in the CLuster and Nodegroup create API " "calls. Using this flag, users can override label values when clusters or " "nodegroups are created without having to specify all the inherited values. " "To do that, users have to specify the labels with their new values and use " "the flag --merge-labels. At the same time, three new fields are added in the " "cluster and nodegroup show outputs, showing the differences between the " "actual and the iherited labels." msgstr "" #: ../../:87 msgid "A new column was added to the cluster_templates DB table." msgstr "" #: ../../:287 msgid "" "A new config option `post_install_manifest_url` is added to support " "installing cloud provider/vendor specific manifest after booted the k8s " "cluster. It's an URL pointing to the manifest file. For example, cloud admin " "can set their specific storageclass into this file, then it will be " "automatically setup after created the cluster." msgstr "" #: ../../:186 msgid "" "A new label named ``master_lb_floating_ip_enabled`` is introduced which " "controls if Magnum allocates floating IP for the load balancer of master " "nodes. This label only takes effect when the ``master_lb_enabled`` is set. " "The default value is the same as ``floating_ip_enabled``. The " "``floating_ip_enabled`` property now only controls if Magnum should allocate " "the floating IPs for the master and worker nodes." msgstr "" #: ../../:140 msgid "" "A new section is created in magnum.conf named cinder. In this cinder " "section, you need to set a value for the key default_docker_volume_type, " "which should be a valid type for cinder volumes in your cinder deployment. " "This default value will be used if no volume_type is provided by the user " "when using a cinder volume for container storage. The suggested default " "value the one set in cinder.conf of your cinder deployment." msgstr "" #: ../../:385 msgid "" "A new tag ``auto_healing_controller`` is introduced to allow the user to " "choose the auto-healing service when ``auto_healing_enabled`` is specified " "in the labels, ``draino`` and ``magnum-auto-healer`` are supported for now. " "Another label ``magnum_auto_healer_tag`` is also added to specify the " "``magnum-auto-healer`` image tag." msgstr "" #: ../../:187 stable/ussuri>:445 msgid "" "A regression issue about downloading images has been fixed. Now both Fedora " "Atomic driver and Fedora CoreOS driver can support using proxy in template " "to create cluster." msgstr "" #: ../../:59 stable/rocky>:228 msgid "" "Add 'cloud_provider_enabled' label for the k8s_fedora_atomic driver. " "Defaults to true. For specific kubernetes versions if 'cinder' is selected " "as a 'volume_driver', it is implied that the cloud provider will be enabled " "since they are combined." msgstr "" #: ../../:133 stable/stein>:149 msgid "" "Add 'grafana_tag' and 'prometheus_tag' labels for the k8s_fedora_atomic " "driver. Grafana defaults to 5.1.5 and Prometheus defaults to v1.8.2." msgstr "" #: ../../:14 msgid "Add Cilium as a supported network driver of Kubernetes" msgstr "" #: ../../:224 msgid "" "Add Kubernetes cluster pre-delete support to remove the cloud resources " "before deleting the cluster. For now, only load balancers for Kubernetes " "services of LoadBalancer type are deleted." msgstr "" #: ../../:214 msgid "" "Add Microversion 1.3 to support Magnum bay rollback, user can enable " "rollback on bay update failure by setting 'OpenStack-API-Version' to " "'container-infra 1.3' in request header and passing 'rollback=True' param in " "bay update request." msgstr "" #: ../../:14 msgid "" "Add Support of LBaaS v2, LBaaS v1 is removed by neutron community in Newton " "release. Until now, LBaaS v1 was used by all clusters created using magnum. " "This release adds support of LBaaS v2 for all supported drivers." msgstr "" #: ../../:72 stable/rocky>:333 msgid "" "Add `region` parameter to the Global configuration section of the Kubernetes " "configuration file. Setting this parameter will allow Magnum cluster to be " "created in the multi-regional OpenStack installation." msgstr "" #: ../../:339 msgid "" "Add `trustee_keystone_region_name` optional parameter to the `trust` " "section. This parameter is useful for multi-regional OpenStack installations " "with different Identity service for every region. In such installation it is " "necessary to specify a region when searching for `auth_url` to authenticate " "a trustee user." msgstr "" #: ../../:18 msgid "" "Add a feature to prevent drivers clashing when multiple drivers are able to " "provide the same functionality." msgstr "" #: ../../:144 stable/stein>:310 msgid "" "Add a new label `service_cluster_ip_range` for kubernetes so that user can " "set the IP range for service portals to avoid conflicts with pod IP range." msgstr "" #: ../../:50 stable/victoria>:91 msgid "" "Add a new label named `master_lb_allowed_cidrs` to control the IP ranges " "which can access the k8s API and etcd load balancers of master. To get this " "feature, the minimum version of Heat is stable/ussuri and minimum version of " "Octavia is stable/train." msgstr "" #: ../../:31 stable/stein>:196 msgid "" "Add a new option 'octavia' for the label 'ingress_controller' and a new " "label 'octavia_ingress_controller_tag' to enable the deployment of `octavia-" "ingress-controller `_ in the kubernetes " "cluster. The 'ingress_controller_role' label is not used for this option." msgstr "" #: ../../:109 stable/ussuri>:215 msgid "Add cinder_csi_enabled label to support out of tree Cinder CSI." msgstr "" #: ../../:117 msgid "" "Add configuration for overlay networks for the docker network driver in " "swarm. To use this feature, users need to create a swarm cluster with " "network_driver set to 'docker'. After the cluster is created, users can " "create an overlay network (docker network create -d overlay mynetwork) and " "use it when launching a new container (docker run --net=mynetwork ...)." msgstr "" #: ../../:344 msgid "" "Add coredns_tag label to control the tag of the coredns container in " "k8s_fedora_atomic. Taken from https://hub.docker.com/r/coredns/coredns/tags/ " "Since stein default to 1.3.1" msgstr "" #: ../../:206 msgid "" "Add docker-storage-driver parameter to baymodel to allow user select from " "the supported drivers. Until now, only devicemapper was supported. This " "release adds support for OverlayFS on Fedora Atomic hosts with kernel " "version >= 3.18 (Fedora 22 or higher) resulting significant performance " "improvement. To use OverlayFS, SELinux must be enabled and in enforcing mode " "on the physical machine, but must be disabled in the container. Thus, if you " "select overlay for docker-storage-driver SELinux will be disable inside the " "containers." msgstr "" #: ../../:228 stable/ussuri>:244 msgid "" "Add fedora coreos driver. To deploy clusters with fedora coreos operators or " "users need to add os_distro=fedora-coreos to the image. The scripts to " "deploy kubernetes on top are the same with fedora atomic. Note that this " "driver has selinux enabled." msgstr "" #: ../../:109 msgid "" "Add flannel's host-gw backend option. Magnum deploys cluster over a " "dedicated neutron private network by using flannel. Flannel's host-gw " "backend gives the best performance in this topopolgy (private layer2) since " "there is no packet processing overhead, no reduction to MTU, scales to many " "hosts as well as the alternatives. The label \"flannel_use_vxlan\" was " "repurposed when the network driver is flannel. First, rename the label " "flannel_use_vxlan to flannel_backend. Second, redefine the value of this " "label from \"yes/no\" to \"udp/vxlan/host-gw\"." msgstr "" #: ../../:159 msgid "" "Add heat container agent into Kubernetes cluster worker nodes to support " "cluster rolling upgrade." msgstr "" #: ../../:20 msgid "" "Add heat_container_agent_tag label to allow users select the heat-agent tag. " "Rocky default: rocky-stable" msgstr "" #: ../../:154 msgid "" "Add heat_container_agent_tag label to allow users select the heat-agent tag. " "Stein default: stein-dev" msgstr "" #: ../../:311 msgid "" "Add information about the cluster in magnum event notifications. Previously " "the CADF notification's target ID was randomly generated and no other " "relevant info about the cluster was sent. Cluster details are now included " "in the notifications. This is useful for other OpenStack projects like " "Searchlight or third party projects that cache information regarding " "OpenStack objects or have custom actions running on notification. Caching " "systems can now efficiently update one single object (e.g. cluster), while " "without notifications they need to periodically retrieve object list, which " "is inefficient." msgstr "" #: ../../:58 stable/stein>:335 msgid "" "Add iptables -P FORWARD ACCEPT unit. On node reboot, kubelet and kube-proxy " "set iptables -P FORWARD DROP which doesn't work with flannel in the way we " "use it. Add a systemd unit to set the rule to ACCEPT after flannel, docker, " "kubelet, kube-proxy." msgstr "" #: ../../:148 msgid "" "Add microversion 1.5 to support rotation of a cluster's CA certificate. " "This gives admins a way to restrict/deny access to an existing cluster once " "a user has been granted access." msgstr "" #: ../../:14 stable/queens>:410 msgid "" "Add new configuration option `openstack_ca_file` in the `drivers` section to " "pass the CA bundle used for the OpenStack API. Setting this file and setting " "`verify_ca` to `true` will result to all requests from the cluster nodes to " "the OpenStack APIs to be verified." msgstr "" #: ../../:243 stable/rocky>:219 msgid "" "Add new label 'cert_manager_api' enabling the kubernetes certificate manager " "api." msgstr "" #: ../../:248 stable/rocky>:235 msgid "" "Add new labels 'ingress_controller' and 'ingress_controller_role' enabling " "the deployment of a Kubernetes Ingress Controller backend for clusters. " "Default for 'ingress_controller' is '' (meaning no controller deployed), " "with possible values being 'traefik'. Default for 'ingress_controller_role' " "is 'ingress'." msgstr "" #: ../../:43 stable/train>:350 msgid "" "Add nginx as an additional Ingress controller option for Kubernetes. " "Installation is done via the upstream nginx-ingress helm chart, and " "selection can be done via label ingress_controller=nginx." msgstr "" #: ../../:49 msgid "" "Add persistency for grafana UI altered dashboards. To enable this use " "monitoring_storage_class_name label. It is recommended that dashboards be " "persisted by other means, mainly by using kubernetes configMaps. More info " "[0]." msgstr "" #: ../../:295 msgid "" "Add selinux_mode label. By default, selinux_mode=permissive with Fedora " "Atomic driver and selinux_mode=enforcing with Fedora CoreOS." msgstr "" #: ../../:113 msgid "" "Add support for a new OpenSUSE driver for running k8s cluster on OpenSUSE. " "This driver is experimental for now, and operators need to get it from /" "contrib folder." msgstr "" #: ../../:111 msgid "" "Add support to store the etcd configuration in a cinder volume. " "k8s_fedora_atomic accepts a new label etcd_volume_size defining the size of " "the volume. A value of 0 or leaving the label unset means no volume should " "be used, and the data will go to the instance local storage." msgstr "" #: ../../:78 msgid "" "Add swarm-mode driver based on fedora-atomic. Users can select the swarm-" "mode COE by using the `coe` field in cluster-template. This is a new driver, " "it is recommended to let magnum create a private-network and security groups " "per cluster." msgstr "" #: ../../:127 msgid "" "Add tiller_enabled to install tiller in k8s_fedora_atomic clusters. Defaults " "to false. Add tiller_tag label to select the version of tiller. If the tag " "is not set the tag that matches the helm client version in the heat-agent " "will be picked. The tiller image can be stored in a private registry and the " "cluster can pull it using the container_infra_prefix label. Add " "tiller_namespace label to select in which namespace to install tiller. " "Tiller is install with a Kubernetes job. This job runs with a container that " "includes the helm client. This image is maintained by the magnum team and " "lives in, docker.io/openstackmagnum/helm-client. This container follows the " "same versions as helm and tiller." msgstr "" #: ../../:88 stable/victoria>:137 msgid "Add to prometheus federation exported metrics the cluster_uuid label." msgstr "" #: ../../:209 msgid "" "Added calico_ipv4pool_ipip label for configuring calico network_driver IPIP " "Mode to use for the IPv4 POOL created at start up. Allowed_values: Always, " "CrossSubnet, Never, Off." msgstr "" #: ../../:159 stable/ussuri>:270 msgid "" "Added custom.metrics.k8s.io API installer by means of stable/prometheus-" "adapter helm chart. The label prometheus_adapter_enabled (default: true) " "controls configuration. You can also use prometheus_adapter_chart_tag to " "select helm chart version, and prometheus_adapter_configmap if you would " "like to setup your own metrics (specifying this other than default " "overwrites default configurations). This feature requires the usage of label " "monitoring_enabled=true." msgstr "" #: ../../:144 stable/ussuri>:251 msgid "" "Added label heapster_enabled to control heapster installation in the cluster." msgstr "" #: ../../:266 msgid "" "Added label helm_client_tag to allow user to specify helm client container " "version." msgstr "" #: ../../:49 stable/train>:371 msgid "" "Added label traefik_ingress_controller_tag to enable specifying traefik " "container version." msgstr "" #: ../../:69 msgid "" "Added metrics_retention_days magnum label allowing user to specify " "prometheus server scraped metrics retention days (default: 14). Added " "metrics_retention_size_gi magnum label allowing user to specify prometheus " "server metrics storage maximum size in Gi (default: 14). Added " "metrics_interval_seconds allowing user to specify prometheus scrape " "frequency in seconds (default: 30). Added metrics_storage_class_name " "allowing user to specify the storageClass to use as external retention for " "pod fail-over data persistency." msgstr "" #: ../../:172 msgid "" "Added monitoring_enabled to install prometheus-operator monitoring solution " "by means of helm stable/prometheus-operator public chart. Defaults to false. " "grafana_admin_passwd label can be used to set grafana dashboard admin access " "password. If grafana_admin_passwd is not set the password defaults to " "prom_operator." msgstr "" #: ../../:58 msgid "" "Added monitoring_ingress_enabled magnum label to set up ingress with path " "based routing for all the configured services {alertmanager,grafana," "prometheus}. When using this, cluster_root_domain_name magnum label must be " "used to setup base path where this services are available. Added " "cluster_basic_auth_secret magnum label to configure basic auth on " "unprotected services {alertmanager and prometheus}. This is only in effect " "when app access is routed by ingress." msgstr "" #: ../../:93 msgid "Added new tool ``magnum-status upgrade check``." msgstr "" #: ../../:132 msgid "" "Added parameter in cluster-create to specify the keypair. If keypair is not " "provided, the default value from the matching ClusterTemplate will be used." msgstr "" #: ../../:14 msgid "" "Added support for choosing Octavia LB algorithm by using " "``octavia_lb_algorithm`` tag." msgstr "" #: ../../:19 msgid "" "Added support for choosing Octavia provider driver by using " "``octavia_provider`` tag." msgstr "" #: ../../:276 stable/rocky>:269 msgid "" "Adding 'calico' as network driver for Kubernetes so as to support network " "isolation between namespace with k8s network policy." msgstr "" #: ../../:14 msgid "Adds initial support for Kubernetes v1.28" msgstr "" #: ../../:159 msgid "" "All container/pod/service/replication controller operations were removed. " "Users are recommended to use the COE's native tool (i.e. docker, kubectl) to " "do the equivalent of the removed operations." msgstr "" #: ../../:333 msgid "" "Allow any value to be passed on the docker_storage_driver field by turning " "it into a StringField (was EnumField), and remove the constraints limiting " "the values to 'devicemapper' and 'overlay'." msgstr "" #: ../../:322 msgid "" "Allow overriding cluster template labels for swarm mode clusters - this " "functionality was missed from this COE when it was introduced." msgstr "" #: ../../:235 stable/ussuri>:280 msgid "" "Along with the kubernetes version upgrade support we just released, we're " "adding the support to upgrade the operating system of the k8s cluster " "(including master and worker nodes). It's an inplace upgrade leveraging the " "atomic/ostree upgrade capability." msgstr "" #: ../../:121 msgid "" "Auto generate name for cluster and cluster-template. If users create a " "cluster/cluster-template without specifying a name, the name will be auto-" "generated." msgstr "" #: ../../:50 origin/stable/ocata>:10 #: origin/stable/ocata>:72 origin/stable/ocata>:172 stable/2023.1>:61 #: stable/2023.2>:77 stable/pike>:23 stable/pike>:169 stable/queens>:68 #: stable/queens>:102 stable/queens>:198 stable/queens>:294 stable/queens>:419 #: stable/rocky>:47 stable/rocky>:140 stable/rocky>:329 stable/stein>:69 #: stable/stein>:306 stable/train>:10 stable/train>:73 stable/train>:120 #: stable/train>:183 stable/train>:285 stable/train>:444 stable/ussuri>:133 #: stable/ussuri>:431 stable/victoria>:44 stable/victoria>:199 #: stable/wallaby>:134 stable/xena>:10 unmaintained/yoga>:40 msgid "Bug Fixes" msgstr "" #: ../../:384 msgid "" "Bump up default versions for fedora-coreos driver kube_tag: v1.18.2 " "autoscaler_tag: v1.18.1 cloud_provider_tag: v1.18.0 cinder_csi_plugin_tag: " "v1.18.0 k8s_keystone_auth_tag: v1.18.0 magnum_auto_healer_tag: v1.18.0 " "octavia_ingress_controller_tag: v1.18.0" msgstr "" #: ../../:208 stable/ussuri>:501 msgid "" "Bump up prometheus operator chart version to 8.2.2 so that it is compatible " "with k8s 1.16.x." msgstr "" #: ../../:213 stable/ussuri>:506 msgid "Bump up traefik to 1.7.19 for compatibility with Kubernetes 1.16.x." msgstr "" #: ../../:116 stable/victoria>:169 msgid "" "Bumped prometheus-operator chart tag to 8.12.13. Added " "container_infra_prefix to missing prometheusOperator images." msgstr "" #: ../../:155 msgid "" "Change default API development service from wsgiref simple_server to " "werkzeug for better supporting SSL." msgstr "" #: ../../:88 msgid "" "Change service type from \"Container service\" to \"Container Infrastructure " "Management service\". In addition, the mission statement is changed to \"To " "provide a set of services for provisioning, scaling, and managing container " "orchestration engines.\"" msgstr "" #: ../../:254 stable/ussuri>:327 msgid "" "Choose whether system containers etcd, kubernetes and the heat-agent will be " "installed with podman or atomic. This label is relevant for k8s_fedora " "drivers." msgstr "" #: ../../:83 stable/victoria>:132 msgid "" "Cloud admin user now can do rolling upgrade on behalf of end user so as to " "do urgent security patching when it's necessary." msgstr "" #: ../../:242 stable/ussuri>:315 msgid "" "Cluster upgrade API supports upgrading specific nodegroups in kubernetes " "clusters. If a user chooses a default nodegroup to be upgraded, then both of " "the default nodegroups will be upgraded since they are in one stack. For non-" "default nodegroups users are allowed to use only the cluster template " "already set in the cluster. This means that the cluster (default nodegroups) " "has to be upgraded on the first hand. For now, the only label that is taken " "into consideration during upgrades is the kube_tag. All other labels are " "ignored." msgstr "" #: ../../:42 msgid "" "Clusters can now be created with empty nodegroups. Existing nodegroups can " "be set to node_count = 0. min_node_count defaults to 0. This is usefull for " "HA or special hardware clusters with multiple nodegroups managed by the " "cluster auto-scaller." msgstr "" #: ../../:91 msgid "" "Configured {alertmanager,grafana,prometheus} services logFormat to json to " "enable easier machine log parsing." msgstr "" #: ../../:119 stable/rocky>:374 msgid "" "Create admin cluster role for k8s_fedora_atomic, it is defined in the " "configuration but it wasn't applied." msgstr "" #: ../../:110 msgid "Critical Issues" msgstr "" #: ../../:210 msgid "" "Current implementation of magnum bay operations are synchronous and as a " "result API requests are blocked until response from HEAT service is " "received. This release adds support for asynchronous bay operations (bay-" "create, bay-update, and bay-delete). Please note that with this change, bay-" "create, bay-update API calls will return bay uuid instead of bay object and " "also return HTTP status code 202 instead of 201. Microversion 1.2 is added " "for new behavior." msgstr "" #: ../../:174 stable/stein>:272 msgid "" "Currently, Magnum is running periodic tasks to collect k8s cluster metrics " "to message bus. Unfortunately, it's collecting pods info only from \"default" "\" namespace which makes this function useless. What's more, even Magnum can " "get all pods from all namespaces, it doesn't make much sense to keep this " "function in Magnum. Because operators only care about the health of cluster " "nodes. If they want to know the status of pods, they can use heapster or " "other tools to get that. So the feauture is being deprecated now and will be " "removed in Stein release. And the default value is changed to False, which " "means won't send the metrics." msgstr "" #: ../../:153 stable/rocky>:274 msgid "" "Currently, the replicas of coreDNS pod is hardcoded as 1. It's not a " "reasonable number for such a critical service. Without DNS, probably all " "workloads running on the k8s cluster will be broken. Now Magnum is making " "the coreDNS pod autoscaling based on the nodes and cores number." msgstr "" #: ../../:122 msgid "" "Currently, the swarm and the kubernetes drivers use a dedicated cinder " "volume to store the container images. It was been observed that one cinder " "volume per node is a bottleneck for large clusters." msgstr "" #: ../../:125 msgid "" "Decouple the hard requirement on barbican. Introduce a new certificate store " "called x509keypair. If x509keypair is used, TLS certificates will be stored " "at magnum's database instead of barbican. To do that, set the value of the " "config ``cert_manager_type`` as ``x509keypair``." msgstr "" #: ../../:129 msgid "" "Decouple the hard requirement on neutron-lbaas. Introduce a new property " "master_lb_enabled in cluster template. This property will determines if a " "cluster's master nodes should be load balanced. Set the value to false if " "neutron-lbaas is not installed." msgstr "" #: ../../:447 msgid "" "Default `policy.json` file is now removed as Magnum now generate the default " "policies in code. Please be aware that when using that file in your " "environment." msgstr "" #: ../../:109 stable/victoria>:162 msgid "" "Default tiller_tag is set to v2.16.7. The charts remain compatible but " "helm_client_tag will also need to be set to the same value as tiller_tag, i." "e. v2.16.7. In this case, the user will also need to provide " "helm_client_sha256 for the helm client binary intended for use." msgstr "" #: ../../:14 unmaintained/yoga>:44 msgid "" "Default value of ``[cinder_client] api_version`` has been updated from ``2`` " "to ``3``, because volume v2 API is no longer available." msgstr "" #: ../../:291 msgid "" "Defines more strict security group rules for kubernetes worker nodes. The " "ports that are open by default: default port range(30000-32767) for external " "service ports; kubelet healthcheck port; Calico BGP network ports; flannel " "overlay network ports. The cluster admin should manually config the security " "group on the nodes where Traefik is allowed. To allow traffic to the default " "ports (80, 443) that the traefik ingress controller exposes users will need " "to create additional rules or expose traefik with a kubernetes service with " "type: LoadBalaner. Finally, the ssh port in worker nodes is closed as well. " "If ssh access is required, users will need to create a rule for port 22 as " "well." msgstr "" #: ../../:14 stable/rocky>:126 stable/stein>:103 msgid "" "Deploy kubelet in master nodes for the k8s_fedora_atomic driver. Previously " "it was done only for calico, now kubelet will run in all cases. Really " "useful, for monitoing the master nodes (eg deploy fluentd) or run the " "kubernetes control-plance self-hosted." msgstr "" #: ../../:137 stable/victoria>:203 msgid "Deploy traefik from the heat-agent" msgstr "" #: ../../:180 msgid "" "Deprecate in-tree Cinder volume driver for removal in X cycle in favour of " "out-of-tree Cinder CSI plugin." msgstr "" #: ../../:14 stable/2023.2>:50 msgid "" "Deprecate the Docker Swarm COE ('swarm' and 'swarm-mode'). Docker Swarm " "relies on Fedora Atomic OS which has been EOL. Users are encourged to use " "the 'kubernetes' COE as it is better supported." msgstr "" #: ../../:42 msgid "" "Deprecate the use of os_distro 'coreos' with COE 'kubernetes'. CoreOS (not " "Fedora CoreOS) has been EOL since 2020-05-26. Users using COE 'kubernetes' " "are encouraged to migrate to Fedora CoreOS and the 'fedora-coreos' driver. " "'coreos' driver will be removed in a future Magnum verison." msgstr "" #: ../../:42 msgid "" "Deprecate the use of os_distro 'fedora-atomic' with COE 'kubernetes'. Fedora " "Atomic OS has been EOL since 2019-11-26. Users using COE 'kubernetes' are " "encouraged to migrate to Fedora CoreOS and the 'fedora-coreos' driver. " "'fedora-atomic' driver will be removed in a future Magnum verison." msgstr "" #: ../../:165 origin/stable/ocata>:162 #: stable/2023.1>:10 stable/2023.1>:38 stable/2023.2>:38 stable/2024.1>:94 #: stable/rocky>:170 stable/stein>:268 stable/ussuri>:123 stable/ussuri>:420 #: stable/victoria>:176 stable/wallaby>:119 unmaintained/yoga>:28 msgid "Deprecation Notes" msgstr "" #: ../../:21 msgid "" "Drivers used to be selected based on a tuple of (server_type, os, coe). This " "can be a problem if multiple drivers provides the same functionality, e.g. a " "tuple like (vm, ubuntu, kubernetes)." msgstr "" #: ../../:62 msgid "Dropped swarm drivers, Docker Swarm is not supported in Magnum anymore." msgstr "" #: ../../:56 msgid "" "Due to the lack of maintainers for the Fedora Kubernetes Ironic driver, it " "has been deprecated. Users are encouraged to use the Fedora CoreOS " "Kubernetes VM driver to create their Kubernetes clusters." msgstr "" #: ../../:224 msgid "" "Embed certificates in kubernetes config file when issuing 'cluster config', " "instead of generating additional files with the certificates. This is now " "the default behavior. To get the old behavior and still generate cert files, " "pass --output-certs." msgstr "" #: ../../:133 msgid "" "Emit notifications when there is an event on a cluster. An event could be a " "status change of the cluster due to an operation issued by end-users (i.e. " "users create, update or delete the cluster). Notifications are sent by using " "oslo.notify and PyCADF. Ceilometer can capture the events and generate " "samples for auditing, billing, monitoring, or quota purposes." msgstr "" #: ../../:137 msgid "" "Enable Mesos cluster to export more slave flags via labels in cluster " "template. Add the following labels: mesos_slave_isolation, " "mesos_slave_image_providers, mesos_slave_work_dir, and " "mesos_slave_executor_environment_variables." msgstr "" #: ../../:376 msgid "" "Enhancement to support anfinity policy for cluster nodes. Before this patch, " "There is no way to gurantee all nodes of a cluster created on different " "compute hosts to get high availbility." msgstr "" #: ../../:36 origin/stable/ocata>:58 #: stable/pike>:155 msgid "" "Every magnum cluster is assigned a trustee user and a trustID. This user is " "used to allow clusters communicate with the key-manager service (Barbican) " "and get the certificate authority of the cluster. This trust user can be " "used by other services too. It can be used to let the cluster authenticate " "with other OpenStack services like the Block Storage service, Object Storage " "service, Load Balancing etc. The cluster with this user and the trustID has " "full access to the trustor's OpenStack project. A new configuration " "parameter has been added to restrict the access to other services than " "Magnum." msgstr "" #: ../../:46 stable/victoria>:87 msgid "Expose autoscaler prometheus metrics on pod port metrics (8085)." msgstr "" #: ../../:240 msgid "Expose traefik prometheus metrics." msgstr "" #: ../../:77 stable/ussuri>:172 #: stable/victoria>:233 msgid "" "Fix an issue with private clusters getting stuck in CREATE_IN_PROGRESS " "status where floating_ip_enabled=True in the cluster template but this is " "disabled when the cluster is created." msgstr "" #: ../../:209 stable/rocky>:379 msgid "" "Fix bug #1758672 [1] to protect kubelet in the k8s_fedora_atomic driver. " "Before this patch kubelet was listening to 0.0.0.0 and for clusters with " "floating IPs the kubelet was exposed. Also, even on clusters without fips " "the kubelet was exposed inside the cluster. This patch allows access to the " "kubelet only over https and with the appropriate roles. The apiserver and " "heapster have the appropriate roles to access it. Finally, all read-only " "ports have been closed to not expose any cluster data. The only remaining " "open ports without authentication are for healthz. [1] https://bugs." "launchpad.net/magnum/+bug/1758672" msgstr "" #: ../../:202 stable/rocky>:354 msgid "" "Fix etcd configuration in k8s_fedora_atomic driver. Explicitly enable client " "and peer authentication and set trusted CA (ETCD_TRUSTED_CA_FILE, " "ETCD_PEER_TRUSTED_CA_FILE, ETCD_CLIENT_CERT_AUTH, " "ETCD_PEER_CLIENT_CERT_AUTH). Only new clusters will benefit from the fix." msgstr "" #: ../../:191 msgid "" "Fix global stack list in periodic task. In before, magnum's periodic task " "performs a `stack-list` operation across all tenants. This is disabled by " "Heat by default since it causes a security issue. At this release, magnum " "performs a `stack-get` operation on each Heat stack by default. This might " "not be scalable and operators have an option to fall back to `stack-list` by " "setting the config `periodic_global_stack_list` to `True` (`False` by " "default) and updating the heat policy file (usually /etc/heat/policy.json) " "to allow magnum list stacks." msgstr "" #: ../../:14 stable/pike>:45 #: stable/queens>:78 stable/rocky>:157 stable/stein>:358 msgid "" "Fixed a bug where --live-restore was passed to Docker daemon causing the " "swarm init to fail. Magnum now ensures the --live-restore is not passed to " "the Docker daemon if it's default in an image." msgstr "" #: ../../:73 stable/train>:462 msgid "" "Fixed an issue that applications running on master nodes which rely on " "network connection keep restarting because of timeout or connection lost, " "by making calico devices unmanaged in NetworkManager config on master nodes." msgstr "" #: ../../:124 stable/ussuri>:440 msgid "" "Fixed the usage of cert_manager_api=true making cluster creation fail due to " "a logic lock between kubemaster.yaml and kubecluster.yaml" msgstr "" #: ../../:54 origin/stable/ocata>:76 #: stable/pike>:173 msgid "" "Fixes CVE-2016-7404 for newly created clusters. Existing clusters will have " "to be re-created to benefit from this fix. Part of this fix is the newly " "introduced setting `cluster_user_trust` in the `trust` section of magnum." "conf. This setting defaults to False. `cluster_user_trust` dictates whether " "to allow passing a trust ID into a cluster's instances. For most clusters " "this capability is not needed. Clusters with `registry_enabled=True` or " "`volume_driver=rexray` will need this capability. Other features that " "require this capability may be introduced in the future. To be able to " "create such clusters you will need to set `cluster_user_trust` to True." msgstr "" #: ../../:14 stable/ussuri>:161 #: stable/victoria>:48 stable/wallaby>:138 msgid "" "Fixes a regression which left behind trustee user accounts and certificates " "when a cluster is deleted." msgstr "" #: ../../:155 stable/victoria>:221 msgid "" "Fixes an edge case where when a cluster with additional nodegroups is " "patched with health_status and health_status_reason, it was leading to the " "default-worker nodegroup being resized." msgstr "" #: ../../:192 stable/victoria>:57 #: stable/wallaby>:147 msgid "" "Fixes an issue with cluster deletion if load balancers do not exist. See " "`story 2008548 ` for " "details." msgstr "" #: ../../:178 stable/victoria>:53 #: stable/wallaby>:143 msgid "Fixes database migrations with SQLAlchemy 1.3.20." msgstr "" #: ../../:204 stable/ussuri>:497 msgid "Fixes the next url in the list nodegroups API response." msgstr "" #: ../../:51 stable/stein>:315 msgid "" "Fixes the problem with Mesos cluster creation where the " "nodes_affinity_policy was not properly conveyed as it is required in order " "to create the corresponding server group in Nova. https://storyboard." "openstack.org/#!/story/2005116" msgstr "" #: ../../:88 stable/ussuri>:479 msgid "" "For fcos-kubelet, add rpc-statd dependency. To mount nfs volumes with the " "embedded volume pkg [0], rpc-statd is required and should be started by " "mount.nfs. When running kubelet in a chroot this fails. With atomic " "containers it used to work. [0] https://github.com/kubernetes/kubernetes/" "tree/master/pkg/volume/nfs" msgstr "" #: ../../:289 stable/ussuri>:435 msgid "" "For k8s_coreos set REQUESTS_CA for heat-agent. The heat-agent as a python " "service needs to use the ca bundle of the host." msgstr "" #: ../../:141 msgid "" "For k8s_fedora_atomic, run flannel as a cni plugin. The deployment method is " "taken from the flannel upstream documentation. One more label for the cni " "tag is added `flannel_cni_tag` for the container, quay.io/repository/coreos/" "flannel-cni. The flannel container is taken from flannel upsteam as well " "quay.io/repository/coreos/flannel." msgstr "" #: ../../:54 msgid "Force traefik https port connections to use TLSv1.2 or greater" msgstr "" #: ../../:39 stable/queens>:435 msgid "" "From now on, server names are prefixed with the cluster name. The cluster " "name is truncated to 30 characters, ('_', '.') are mapped to '-' and non " "alpha-numeric characters are removed to ensure FQDN compatibility." msgstr "" #: ../../:424 msgid "" "Heapster phased out in favor of metrics-server. Last openstack/magnum " "version to include heapster has standard version is magnum train." msgstr "" #: ../../:65 stable/ussuri>:98 #: stable/victoria>:147 msgid "" "If it's still preferred to have 10s health polling interval for Kubernetes " "cluster. It can be set by config `health_polling_interval` under " "`kubernetes` section." msgstr "" #: ../../:76 msgid "" "If you want to disable them then modify the below config options value in " "``magnum.conf`` file::" msgstr "" #: ../../:466 msgid "" "In a multi availability zone (AZ) environment, if Nova doesn't support cross " "AZ volume mount, then the cluster creation may fail because Nova can not " "mount volume in different AZ. This issue only impact Fedora Atomic and " "Fedora CoreOS drivers. Now this issue is fixed by passing in the AZ info " "when creating volumes." msgstr "" #: ../../:65 stable/stein>:342 msgid "" "In kubernetes cluster, a floating IP is created and associated with the vip " "of a load balancer which is created corresponding to the service of " "LoadBalancer type inside kubernetes, it should be deleted when the cluster " "is deleted." msgstr "" #: ../../:388 stable/rocky>:438 msgid "" "In magnum configuration, in [drivers] set send_cluster_metrics = False to to " "avoid collecting metrics using the kubernetes client which crashes the " "periodic tasks." msgstr "" #: ../../:243 msgid "" "In the OpenStack deployment with Octavia service enabled, the Octavia " "service should be used not only for master nodes high availability, but also " "for k8s LoadBalancer type service implementation as well." msgstr "" #: ../../:96 msgid "" "Include kubernetes dashboard in kubernetes cluster by default. Users can use " "this kubernetes dashboard to manage the kubernetes cluster. Dashboard can be " "disabled by setting the label 'kube_dashboard_enabled' to false." msgstr "" #: ../../:103 msgid "" "Includes a monitoring stack based on cAdvisor, node-exporter, Prometheus and " "Grafana. Users can enable this stack through the label " "prometheus_monitoring. Prometheus scrapes metrics from the Kubernetes " "cluster and then serves them to Grafana through Grafana's Prometheus data " "source. Upon completion, a default Grafana dashboard is provided." msgstr "" #: ../../:164 msgid "" "Installs the metrics-server service that is replacing kubernetes deprecated " "heapster as a cluster wide metrics reporting service used by schedulling, " "HPA and others. This service is installed and configured using helm and so " "tiller_enabled flag must be True. Heapster service is maintained active to " "allow compatibility." msgstr "" #: ../../:149 stable/ussuri>:256 msgid "" "Installs the metrics-server service that is replacing kubernetes deprecated " "heapster as a cluster wide metrics reporting service used by schedulling, " "HPA and others. This service is installed and configured using helm and so " "tiller_enabled flag must be True. The label metrics_server_chart_tag can be " "used to specify the stable/metrics-server chart tag to be used. The label " "metrics_server_enabled is used to enable disable the installation of the " "metrics server (default: true)." msgstr "" #: ../../:141 msgid "" "Integrate Docker Swarm Fedora Atomic driver with the Block Storage Service " "(cinder). The rexray volume driver was added based on rexray v0.4. Users can " "create and attach volumes using docker's navive client and they will " "authenticate using the per cluster trustee user. Rexray can be either added " "in the Fedora Atomic image or can be used running in a container." msgstr "" #: ../../:136 msgid "" "Keypair is now optional for ClusterTemplate, in order to allow Clusters to " "use keypairs separate from their parent ClusterTemplate." msgstr "" #: ../../:31 stable/pike>:124 msgid "" "Keystone URL used by Cluster Templates instances to authenticate is now " "configurable with the ``trustee_keystone_interface`` parameter which default " "to ``public``." msgstr "" #: ../../:149 stable/queens>:272 #: stable/queens>:357 stable/rocky>:265 stable/rocky>:413 stable/train>:273 #: stable/train>:401 stable/ussuri>:346 msgid "Known Issues" msgstr "" #: ../../:361 stable/rocky>:417 msgid "" "Kubernetes client is incompatible with evenlet and breaks the periodic " "tasks. After kubernetes client 4.0.0 magnum is affected by the bug below. " "https://github.com/eventlet/eventlet/issues/147 Magnum has three periodic " "tasks, one to sync the magnum service, one to update the cluster status and " "one send cluster metrics The send_metrics task uses the kubernetes client " "for kubernetes clusters and it crashes the sync_cluster_status and " "send_cluster_metrics tasks. https://bugs.launchpad.net/magnum/+bug/1746510 " "Additionally, the kubernetes scale manager needs to be disabled to not break " "the scale down command completely. Note, that when magnum scales down the " "cluster will pick the nodes to scale randomly." msgstr "" #: ../../:124 msgid "" "Kubernetes cluster owner can now do CA cert rotate to re-generate CA of the " "cluster, service account keys and the certs of all nodes will be regenerated " "as well. Cluster user needs to get a new kubeconfig to access kubernetes " "API. This function is only supported by Fedora CoreOS driver." msgstr "" #: ../../:62 msgid "" "Kubernetes for fedora-atomic runs in system containers [1]. These containers " "are stored in ostree in the fedora-atomic hosts and they don't require " "docker to be running. Pulling and storing them in ostree is very fast and " "they can easily be managed as systemd services. Since these containers are " "based on fedora packages, they are working as drop in replacements of the " "binaries in the fedora atomic host. The ProjectAtomic hasn't found a " "solution yet [3] on tagging the images, so the magnum team builds and " "publishes images in this [2] account in dockerhub. Users can select the tag " "they want using the `kube_tag` label." msgstr "" #: ../../:153 msgid "Label cinder_csi_enabled defaults to True from V cycle." msgstr "" #: ../../:114 msgid "" "Magnum Core Team has historically limit changing of defaults in labels. This " "is because existing Cluster Templates in a deployment falls back to using " "the defaults in code if a specific label is not specified. If defaults " "change, an existing deployment's Cluster Templates may stop working after a " "Magnum upgrade." msgstr "" #: ../../:224 msgid "" "Magnum bay operations API default behavior changed from synchronous to " "asynchronous. User can specify OpenStack-API-Version 1.1 in request header " "for synchronous bay operations." msgstr "" #: ../../:228 msgid "" "Magnum default service type changed from \"container\" to \"container-infra" "\". It is recommended to update the service type at Keystone service catalog " "accordingly." msgstr "" #: ../../:67 stable/victoria>:108 msgid "" "Magnum now cascade deletes all the load balancers before deleting the " "cluster, not only including load balancers for the cluster services and " "ingresses, but also those for Kubernetes API/etcd endpoints." msgstr "" #: ../../:140 msgid "" "Magnum now support OSProfiler for HTTP, RPC and DB request tracing. User can " "enable OSProfiler via Magnum configuration file in 'profiler' section." msgstr "" #: ../../:151 msgid "" "Magnum now support SSL for API service. User can enable SSL for API via new " "3 config options 'enabled_ssl', 'ssl_cert_file' and 'ssl_key_file'." msgstr "" #: ../../:343 msgid "" "Magnum now support policy in code [1], which means if users didn't modify " "any of policy rules, they can leave policy file (in `json` or `yaml` format) " "empty or just remove it all together. Because from now, Magnum keeps all " "default policies under `magnum/common/policies` module. Users can still " "modify/generate the policy rules they want in the `policy.yaml` or `policy." "json` file which will override the default policy rules in code only if " "those rules show in the policy file." msgstr "" #: ../../:399 msgid "" "Magnum now supports policy in code, please refer to the relevant features in " "the release notes for more information." msgstr "" #: ../../:86 msgid "Magnum service type and mission statement was changed [1]." msgstr "" #: ../../:120 msgid "" "Magnum will now no longer keep image tag labels (e.g. cloud_provider_tag, " "flannel_tag) static. Please specify explicitly all image tags for the images " "your Cluster Templates will be using, to prevent a future change breaking " "your Cluster Templates. Refer to the documentation under 'Supported Labels' " "for a list of labels Magnum is tested with." msgstr "" #: ../../:78 msgid "" "Magnum's bay-to-cluster blueprint [1] required changes across much of its " "codebase to align to industry standards. To support this blueprint, certain " "group and option names were changed in configuration files [2]. See the " "deprecations section for more details. [1] https://review.openstack.org/#/q/" "topic:bp/rename-bay-to-cluster [2] https://review.openstack.org/#/c/362660/" msgstr "" #: ../../:117 msgid "" "Magnum's keypair-override-on-create blueprint [1] allows for optional " "keypair value in ClusterTemplates and the ability to specify a keypair value " "during cluster creation." msgstr "" #: ../../:240 msgid "" "Magnums onlys has one server group for all master and worker nodes per " "cluster, which is not very flexible for small cloud scale. For a 3+ master " "clusters, it's easily meeting the capacity when using hard anti-affinity " "policy. Now one server group is added for each master and worker nodes group " "to have better flexibility." msgstr "" #: ../../:176 msgid "" "Make the dedicated cinder volume per node an opt-in option. By default, no " "cinder volumes will be created unless the user passes the docker-volume-size " "argument." msgstr "" #: ../../:57 stable/train>:379 msgid "" "Meanwhile, a new label \"auto_scaling_enabled\" is also introduced to enable " "the capability to let the k8s cluster auto scale based its workload." msgstr "" #: ../../:423 msgid "" "Minion is not a good name for k8s worker node anymore, now it has been " "replaced in the fedora atomic driver with 'node' to align with the k8s " "terminologies. So the server name of a worker will be something like `k8s-1-" "lnveovyzpreg-node-0` instead of `k8s-1-lnveovyzpreg-worker-0`." msgstr "" #: ../../:398 msgid "" "Multi master deployments for k8s driver use different service account keys " "for each api/controller manager server which leads to 401 errors for service " "accounts. This patch will create a signed cert and private key for k8s " "service account keys explicitly, dedicatedly for the k8s cluster to avoid " "the inconsistent keys issue." msgstr "" #: ../../:10 origin/stable/newton>:105 #: origin/stable/newton>:202 origin/stable/ocata>:27 origin/stable/ocata>:96 #: origin/stable/ocata>:128 stable/2024.1>:10 stable/2024.2>:10 stable/pike>:58 #: stable/pike>:92 stable/queens>:10 stable/queens>:55 stable/queens>:91 #: stable/queens>:138 stable/queens>:228 stable/queens>:312 stable/rocky>:10 #: stable/rocky>:79 stable/rocky>:122 stable/rocky>:194 stable/stein>:10 #: stable/stein>:39 stable/stein>:99 stable/train>:26 stable/train>:105 #: stable/train>:140 stable/train>:224 stable/train>:307 stable/ussuri>:10 #: stable/ussuri>:29 stable/ussuri>:205 stable/victoria>:10 stable/victoria>:70 #: stable/wallaby>:10 stable/wallaby>:29 stable/xena>:26 unmaintained/zed>:10 msgid "New Features" msgstr "" #: ../../:287 stable/rocky>:303 msgid "" "New clusters should be created with kube_tag=v1.9.3 or later. v1.9.3 is the " "default version in the queens release." msgstr "" #: ../../:308 msgid "" "New clusters will be created with kube_tag=v1.11.1 or later. v1.11.1 is the " "default version in the Rocky release." msgstr "" #: ../../:115 msgid "" "New framework for ``magnum-status upgrade check`` command is added. This " "framework allows adding various checks which can be run before a Magnum " "upgrade to ensure if the upgrade can be performed safely." msgstr "" #: ../../:38 stable/ussuri>:219 msgid "New labels to support containerd as a runtime." msgstr "" #: ../../:264 stable/ussuri>:337 msgid "" "Note that, to use kubernetes version greater or equal to v1.16.0 with the " "k8s_fedora_atomic_v1 driver, you need to set use_podman=true. This is " "necessary since v1.16 dropped the --containerized flag in kubelet. https://" "github.com/kubernetes/kubernetes/pull/80043/files" msgstr "" #: ../../:356 msgid "" "Now Fedora CoreOS driver can support using docker storage driver, only " "overlay2 is supported." msgstr "" #: ../../:339 msgid "Now admin user can access all clusters across projects." msgstr "" #: ../../:230 msgid "" "Now an OpenStack driver for Kubernetes Cluster Autoscaler is being proposed " "to support autoscaling when running k8s cluster on top of OpenStack. " "However, currently there is no way in Magnum to let the external consumer to " "control which node will be removed. The alternative option is calling Heat " "API directly but obviously it is not the best solution and it's confusing " "k8s community. So this new API is being added into Magnum: POST /" "actions/resize" msgstr "" #: ../../:25 stable/stein>:190 msgid "" "Now cloud-provider-openstack of Kubernetes has a webhook to support Keystone " "authorization and authentication. With this feature, user can use a new " "label 'keystone-auth-enabled' to enable the keystone authN and authZ." msgstr "" #: ../../:113 stable/ussuri>:300 msgid "" "Now the Fedora CoreOS driver can support the sha256 verification for the " "hyperkube image when bootstraping the Kubernetes cluster." msgstr "" #: ../../:104 stable/victoria>:33 #: stable/wallaby>:96 msgid "" "Now the default admission controller list is updated by as " "\"NodeRestriction, PodSecurityPolicy, NamespaceLifecycle, LimitRanger, " "ServiceAccount, ResourceQuota, TaintNodesByCondition, Priority, " "DefaultTolerationSeconds, DefaultStorageClass, StorageObjectInUseProtection, " "PersistentVolumeClaimResize, MutatingAdmissionWebhook, " "ValidatingAdmissionWebhook, RuntimeClass\"" msgstr "" #: ../../:356 msgid "" "Now the fedora atomic Kubernetes driver can support rolling upgrade for k8s " "version change or the image change. User can call command `openstack coe " "cluster upgrade ` to upgrade current " "cluster to the new version defined in the new cluster template. At this " "moment, only the image change and the kube_tag change are supported." msgstr "" #: ../../:482 msgid "" "Now the heat-container-agent default tag for Train release is train-dev." msgstr "" #: ../../:166 stable/victoria>:227 msgid "" "Now the label `fixed_network_cidr` have been renamed with " "`fixed_subnet_cidr`. And it can be passed in and set correctly." msgstr "" #: ../../:466 msgid "" "Now the resize and upgrade action of cluster will return cluster ID to be " "consistent with other actions of Magnum cluster." msgstr "" #: ../../:298 stable/rocky>:347 msgid "" "Now user can update labels in cluster-template. Previously string is passed " "as a value to labels, but we know that labels can only hold dictionary " "values. Now we are parsing the string and storing it as dictionary for " "labels in cluster-template." msgstr "" #: ../../:72 stable/2023.2>:104 #: stable/queens>:443 stable/stein>:22 stable/train>:478 msgid "Other Notes" msgstr "" #: ../../:62 msgid "" "PodSecurityPolicy has been removed in Kubernetes v1.25 [1]. To allow Magnum " "to support Kubernetes v1.25 and above, PodSecurityPolicy Admission " "Controller has has been removed." msgstr "" #: ../../:316 msgid "" "Prefix of all container images used in the cluster (kubernetes components, " "coredns, kubernetes-dashboard, node-exporter). For example, kubernetes-" "apiserver is pulled from docker.io/openstackmagnum/kubernetes-apiserver, " "with this label it can be changed to myregistry.example.com/mycloud/" "kubernetes-apiserver. Similarly, all other components used in the cluster " "will be prefixed with this label, which assumes an operator has cloned all " "expected images in myregistry.example.com/mycloud." msgstr "" #: ../../:74 origin/stable/ocata>:113 #: stable/stein>:89 msgid "Prelude" msgstr "" #: ../../:182 stable/victoria>:247 msgid "" "Prometheus server now scrape metrics from traefik proxy. Prometheus server " "now scrape metrics from cluster autoscaler." msgstr "" #: ../../:367 msgid "" "Python 2.7 support has been dropped. Last release magnum support py2.7 is " "OpenStack Train. The minimum version of Python now supported by magnum is " "Python 3.6." msgstr "" #: ../../:31 msgid "" "Python 3.6 & 3.7 support has been dropped. The minimum version of Python now " "supported is Python 3.8." msgstr "" #: ../../:436 msgid "" "Regarding passwords, they could be guessed if there is no faild-to-ban-like " "solution. So it'd better to disable it for security reasons. It's only " "effected for fedora atomic images." msgstr "" #: ../../:91 msgid "" "Remove checking cluster user from rules in default policy for Certificate " "APIs to reflect recent fixes (https://review.opendev.org/c/openstack/magnum/" "+/889144)." msgstr "" #: ../../:32 msgid "" "Remove mesos from the API. This means new clusters of coe type 'mesos' " "cannot be created. The mesos driver will be removed in the next release." msgstr "" #: ../../:54 msgid "" "Remove period job send_cluster_metrics. This job has been deprecated since " "Rocky." msgstr "" #: ../../:98 msgid "" "Remove support for cluster upgrades with the Heat driver. The Heat driver " "can longer support cluster upgrades due to these being unreliable and " "untested. The action now returns an HTTP 500 error. A Cluster API driver " "provides a way forward for Magnum to support this api action again for " "Kubernetes. In the meantime blue/green deployments, where a replacement " "cluster is created, remain a viable alternative to cluster upgrades." msgstr "" #: ../../:50 msgid "Removed mesos driver. Mesos is no longer supported in Magnum." msgstr "" #: ../../:394 msgid "" "Requires a db upgrade to change the docker_storage_driver field to be a " "string instead of an enum." msgstr "" #: ../../:349 msgid "" "Return instance ID of workder node in k8s minion template so that consumer " "can send API request to Heat to remove a particular node with " "removal_policies. Otherwise, the consumer (e.g. AutoScaler) has to use index " "to do the remove which is confusing out of the OpenStack world. https://" "storyboard.openstack.org/#!/story/2005054" msgstr "" #: ../../:187 stable/victoria>:252 msgid "" "Scrape metrics from kube-{controller-manager,scheduler}. Disable " "PrometheusRule for etcd." msgstr "" #: ../../:100 msgid "" "Secure etcd cluster for swarm and k8s. Etcd cluster is secured using TLS by " "default. TLS can be disabled by passing --tls-disabled during cluster " "template creation." msgstr "" #: ../../:32 origin/stable/newton>:187 #: origin/stable/ocata>:54 stable/pike>:10 stable/pike>:151 stable/queens>:184 #: stable/queens>:406 stable/rocky>:315 stable/stein>:287 stable/train>:432 #: stable/xena>:50 msgid "Security Issues" msgstr "" #: ../../:21 stable/rocky>:88 stable/stein>:180 msgid "" "Start Kubernetes workers installation right after the master instances are " "created rather than waiting for all the services inside masters, which could " "decrease the Kubernetes cluster launch time significantly." msgstr "" #: ../../:124 stable/rocky>:391 msgid "" "Strip signed certificate. Certificate (ca.crt) has to be striped for some " "application parsers as they might require pure base64 representation of the " "certificate itself, without empty characters at the beginning nor the end of " "file." msgstr "" #: ../../:73 stable/victoria>:114 msgid "" "Support Helm v3 client to install helm charts. To use this feature, users " "will need to use helm_client_tag>=v3.0.0 (default helm_client_tag=v3.2.1). " "All the existing chart used to depend on Helm v2, e.g. nginx ingress " "controller, metrics server, prometheus operator and prometheus adapter are " "now also installable using v3 client. Also introduce helm_client_sha256 and " "helm_client_url that users can specify to install non-default helm client " "version (https://github.com/helm/helm/releases)." msgstr "" #: ../../:65 msgid "" "Support K8s 1.24 which removed support of dockershim. Needs containerd as " "container runtime." msgstr "" #: ../../:14 stable/victoria>:14 #: stable/wallaby>:14 stable/xena>:30 msgid "" "Support `hyperkube_prefix` label which defaults to k8s.gcr.io/. Users now " "have the option to define alternative hyperkube image source since the " "default source has discontinued publication of hyperkube images for " "`kube_tag` greater than 1.18.x. Note that if `container_infra_prefix` label " "is define, it still takes precedence over this label." msgstr "" #: ../../:331 msgid "" "Support boot from volume for Kubernetes all nodes (master and worker) so " "that user can create a big size root volume, which could be more flexible " "than using docker_volume_size. And user can specify the volume type so that " "user can leverage high performance storage, e.g. NVMe etc. And a new label " "etcd_volme_type is added as well so that user can set volume type for etcd " "volume. If the boot_volume_type or etcd_volume_type are not passed by " "labels, Magnum will try to read them from config option " "default_boot_volume_type and default_etcd_volume_type. A random volume type " "from Cinder will be used if those options are not set." msgstr "" #: ../../:118 msgid "" "Support different volume types for the drivers that support docker storage " "in cinder volumes. swarm_fedora_atomic and k8s_fedora_atomic accept a new " "label to specify a docker_volume_type." msgstr "" #: ../../:127 stable/victoria>:193 msgid "Support for Helm v2 client will be removed in X release." msgstr "" #: ../../:38 msgid "Support for deploying ``Calico v3.3`` has been dropped." msgstr "" #: ../../:63 stable/train>:389 msgid "" "Support multi DNS server when creating template. User can use a comma " "delimited ipv4 address list to specify multi dns server, for example " "\"8.8.8.8,114.114.114.114\"" msgstr "" #: ../../:327 msgid "" "Support passing an availability zone where all cluster nodes should be " "deployed, via the new availability_zone label. Both swarm_fedora_atomic_v2 " "and k8s_fedora_atomic_v1 support this new label." msgstr "" #: ../../:169 msgid "" "The 'bay' group has been renamed to 'cluster' and all options in the former " "'bay' group have been moved to 'cluster'." msgstr "" #: ../../:177 msgid "" "The 'bay_create_timeout' option in the former 'bay_heat' group has been " "renamed to 'create_timeout' inside the 'cluster_heat' group." msgstr "" #: ../../:173 msgid "" "The 'bay_heat' group has been renamed to 'cluster_heat' and all options in " "the former 'bay_heat' group have been moved to 'cluster_heat'." msgstr "" #: ../../:181 msgid "" "The 'baymodel' group has been renamed to 'cluster_template' and all options " "in the former 'baymodel' group have been moved to 'cluster_template'." msgstr "" #: ../../:66 msgid "" "The Magnum service enable the API policies (RBAC) new defaults and scope by " "default. The Default value of config options ``[oslo_policy] enforce_scope`` " "and ``[oslo_policy] enforce_new_defaults`` have been changed to ``True``." msgstr "" #: ../../:23 msgid "" "The Magnum service now allows enables policies (RBAC) new defaults and scope " "checks. These are controlled by the following (default) config options in " "``magnum.conf`` file::" msgstr "" #: ../../:40 stable/rocky>:107 stable/stein>:258 msgid "" "The cloud config for kubernets has been renamed from /etc/kubernetes/" "kube_openstack_config to /etc/kubernetes/cloud-config as the kubelet expects " "this exact name when the external cloud provider is used. A copy of /etc/" "kubernetes/kube_openstack_config is in place for applications developed for " "previous versions of magnum." msgstr "" #: ../../:455 msgid "" "The coe_version was out of sync with the k8s version deployed for the " "cluster. Now it is fixed by making sure the kube_version is consistent with " "the kube_tag when creating the cluster and upgrading the cluster." msgstr "" #: ../../:30 stable/ussuri>:38 stable/victoria>:79 msgid "" "The default 10 seconds health polling interval is too frequent for most of " "the cases. Now it has been changed to 60s. A new config " "`health_polling_interval` is supported to make the interval configurable. " "Cloud admin can totally disable the health polling by set a negative value " "for the config." msgstr "" #: ../../:395 msgid "" "The default Calico version has been upgraded from v3.3.6 to v3.13.1. Calico " "v3.3.6 is still a valid option." msgstr "" #: ../../:400 msgid "" "The default CoreDNS version has been upgraded to 1.6.6 and now it can be " "schedule to master nodes." msgstr "" #: ../../:38 stable/wallaby>:113 msgid "The default containerd version is updated with 1.4.3." msgstr "" #: ../../:101 msgid "" "The default value of ``[oslo_policy] policy_file`` config option has been " "changed from ``policy.json`` to ``policy.yaml``. Operators who are utilizing " "customized or previously generated static policy JSON files (which are not " "needed by default), should generate new policy files or convert them in YAML " "format. Use the `oslopolicy-convert-json-to-yaml `_ tool to " "convert a JSON to YAML formatted policy file in backward compatible way." msgstr "" #: ../../:26 stable/train>:486 msgid "" "The default value of flannel_backend will be replaced with `vxlan` which was " "`udp` based on the recommendation at https://github.com/coreos/flannel/blob/" "master/Documentation/backends.md" msgstr "" #: ../../:379 stable/victoria>:157 msgid "" "The default version of Kubernetes dashboard has been upgraded to v2.0.0 and " "metrics-server is supported by k8s dashboard now." msgstr "" #: ../../:185 msgid "" "The devicemapper and overlay storage driver is deprecated in favor of " "overlay2 in docker, and will be removed in a future release from docker. " "Users of the devicemapper and overlay storage driver are recommended to " "migrate to a different storage driver, such as overlay2. overlay2 will be " "set as the default storage driver from Victoria cycle." msgstr "" #: ../../:254 msgid "" "The etcd service for Kubernetes cluster is no longer allocated a floating IP." msgstr "" #: ../../:93 msgid "" "The intend is to narrow the scope of the Magnum project to focus on " "integrating container orchestration engines (COEs) with OpenStack. API " "features intended to uniformly create, manage, and delete individual " "containers across any COE will be removed from Magnum's API, and will be re-" "introduced as a separate project called Zun." msgstr "" #: ../../:305 msgid "" "The original design of k8s cluster health status is allowing the health " "status being updated by Magnum control plane. However, it doesn't work when " "the cluster is private. Now Magnum supports updating the k8s cluster health " "status via the Magnum cluster update API so that a controller (e.g. magnum-" "auto-healer) running inside the k8s cluster can call the Magnum update API " "to update the cluster health status." msgstr "" #: ../../:87 msgid "" "The registry for cloud-provider-openstack has been updated from `docker.io/" "k8scloudprovider` to `registry.k8s.io/provider-os/`." msgstr "" #: ../../:277 stable/ussuri>:350 msgid "" "The startup of the heat-container-agent uses a workaround to copy the " "SoftwareDeployment credentials to /var/lib/cloud/data/cfn-init-data. The " "fedora coreos driver requires heat train to support ignition." msgstr "" #: ../../:24 msgid "" "The taint for control plane nodes have been updated from 'node-role." "kubernetes.io/master' to 'node-role.kubernetes.io/control-plane', in line " "with upstream. Starting from v1.28, the old taint no longer passes " "conformance. New clusters from existing cluster templates will have this " "change. Existing clusters are not affected. This will be a breaking change " "for Kubernetes :83 stable/ussuri>:461 msgid "" "The taint of master node kubelet has been improved to get the conformance " "test (sonobuoy) passed." msgstr "" #: ../../:414 msgid "" "There is a known issue when doing image(operating system) upgrade for k8s " "cluster. Because when doing image change for a server resource, Heat will " "trigger the Nova rebuild to rebuild the instnace and there is no chance to " "call kubectl drain to drain the node, so there could be a very minior " "downtime when doing(starting to do) the rebuild and meanwhile a request is " "routed to that node." msgstr "" #: ../../:448 msgid "" "There shouldn't be a default value for floating_ip_enabled when creating " "cluster. By default, when it's not set, the cluster's floating_ip_enabled " "attribute should be set with the value of cluster template. It's fixed by " "removing the default value from Magnum API." msgstr "" #: ../../:489 stable/victoria>:239 msgid "" "There was a corner case that when floating_ip_enabled=False, " "master_lb_enabled=True,master_lb_floating_ip_enabled=False in cluster " "template, but setting floating_ip_enabled=True when creating the cluster, " "which causes missing IP address in the api_address of cluster. Now the " "isssue has been fixed." msgstr "" #: ../../:147 stable/victoria>:213 msgid "" "This change is triggered to adddress the kubectl change [0] that is not " "using 127.0.0.1:8080 as the default kubernetes API." msgstr "" #: ../../:95 stable/rocky>:214 msgid "" "This is allowing no floating IP to be usable with a multimaster " "configuration in terms of load balancers." msgstr "" #: ../../:218 msgid "" "This makes the keypair optional. The user should not have to include the " "keypair because they may use some other method of security such as using " "SSSD, preconfigured on the image." msgstr "" #: ../../:71 msgid "" "This means if you are using system scope token to access Magnum API then the " "request will be failed with 403 error code. Also, new defaults will be " "enforced by default. To know about the new defaults of each policy rule, " "refer to the `Policy New Defaults Sample File`_." msgstr "" #: ../../:66 msgid "" "This means that there is a behaviour change in Cluster Templates created " "after this change, where new Clusters with such Cluster Templates will not " "have PodSecurityPolicy. Please be aware of the subsequent impact on Helm " "Charts, etc." msgstr "" #: ../../:129 stable/ussuri>:457 msgid "This proxy issue of Prometheus/Grafana script has been fixed." msgstr "" #: ../../:232 stable/rocky>:203 msgid "" "This release introduces 'federations' endpoint to Magnum API, which allows " "an admin to create and manage federations of clusters through Magnum. As the " "feature is still under development, the endpoints are not bound to any " "driver yet. For more details, please refer to bp/federation-api [1]." msgstr "" #: ../../:144 msgid "" "This release introduces 'quota' endpoint that enable admin users to set, " "update and show quota for a given tenant. A non-admin user can get self " "quota limits." msgstr "" #: ../../:152 msgid "" "This release introduces 'stats' endpoint that provide the total number of " "clusters and the total number of nodes for the given tenant and also overall " "stats across all the tenants." msgstr "" #: ../../:144 stable/victoria>:210 msgid "This way we will have only one way for applying manifests to the API." msgstr "" #: ../../:83 stable/stein>:110 msgid "" "This will add the octavia client code for client to interact with the " "Octavia component of OpenStack" msgstr "" #: ../../:25 msgid "" "To allow for this, it is now possible to explicitly specify a driver name, " "instead of relying on the lookup. The driver name is the same as the " "entrypoint name, and can be specified by a Cluster Template through the " "Glance image property \"magnum_driver\"." msgstr "" #: ../../:14 stable/stein>:121 msgid "" "To get a better cluster template versioning and relieve the pain of " "maintaining public cluster template, now the name of cluster template can be " "changed." msgstr "" #: ../../:24 origin/stable/ocata>:46 #: stable/pike>:134 msgid "" "To let clusters communicate directly with OpenStack service other than " "Magnum, in the `trust` section of magnum.conf, set `cluster_user_trust` to " "True. The default value is False." msgstr "" #: ../../:14 msgid "" "To make sure better have backward compatibility, we set specific rule to " "allow admin perform all actions. This will apply on part of APIs in * " "Cluster * Cluster Template * federation" msgstr "" #: ../../:77 stable/train>:471 msgid "" "Traefik container now defaults to a fixed tag (v1.7.10) instead of tag " "(latest)" msgstr "" #: ../../:156 msgid "" "Update Swarm default version to 1.2.5. It should be the last version since " "Docker people are now working on the new Swarm mode integrated in Docker." msgstr "" #: ../../:264 stable/rocky>:257 msgid "" "Update k8s_fedora_atomic driver to the latest Fedora Atomic 27 release and " "run etcd and flanneld in system containers which are removed from the base " "OS." msgstr "" #: ../../:256 stable/rocky>:249 msgid "" "Update kubernetes dashboard to `v1.8.3` which is compatible via kubectl " "proxy. Addionally, heapster is deployed as standalone deployemt and the user " "can enable a grafana-influx stack with the " "`influx_grafana_dashboard_enabled` label. See the kubernetes dashboard " "documenation for more details. https://github.com/kubernetes/dashboard/wiki" msgstr "" #: ../../:20 origin/stable/newton>:147 #: origin/stable/newton>:220 origin/stable/ocata>:42 stable/2023.1>:27 #: stable/2023.2>:10 stable/2024.1>:34 stable/2024.2>:20 stable/pike>:130 #: stable/queens>:36 stable/queens>:162 stable/queens>:283 stable/queens>:384 #: stable/rocky>:103 stable/rocky>:283 stable/rocky>:434 stable/stein>:250 #: stable/train>:61 stable/train>:171 stable/ussuri>:94 stable/ussuri>:363 #: stable/victoria>:29 stable/victoria>:143 stable/wallaby>:83 stable/xena>:40 #: unmaintained/yoga>:10 msgid "Upgrade Notes" msgstr "" #: ../../:405 msgid "" "Upgrade etcd to v3.4.6 and use quay.io/coreos/etcd since the tags on follow " "the same format as https://github.com/etcd-io/etcd/releases compared to k8s." "gcr.io which modifies the canonical version tag. Users will need to pay " "attention to the format of etcd_tag, e.g. v3.4.5 is valid whereas 3.4.5 is " "not. Existing cluster templates and clusters which which use the latter will " "fail to complete." msgstr "" #: ../../:414 msgid "Upgrade flannel version to v0.12.0-amd64 for Fedora CoreOS driver." msgstr "" #: ../../:19 msgid "" "Upgrade of ingress controler. Chart name nginx-ingress has been changed to " "ingress-nginx. Chart repository also has been changed. More details about " "why this change take place can be found in github repository https://github." "com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx" msgstr "" #: ../../:14 msgid "" "Upgrade to calico_tag=v3.21.2. Additionally, use fixed subnet CIDR for " "IP_AUTODETECTION_METHOD supported from v3.16.x onwards." msgstr "" #: ../../:44 msgid "Upgrade traefik version to v1.7.28" msgstr "" #: ../../:204 msgid "" "Use ClusterIP as the default Prometheus service type, because the NodePort " "type service has the requirement that extra security group rule is properly " "configured. Kubernetes cluster administrator could still change the service " "type after the cluster creation." msgstr "" #: ../../:139 stable/victoria>:205 msgid "" "Use kubectl from the heat agent to apply the traefik deployment. Current " "behaviour was to create a systemd unit to send the manifests to the API." msgstr "" #: ../../:123 msgid "" "Use of JSON policy files was deprecated by the ``oslo.policy`` library " "during the Victoria development cycle. As a result, this deprecation is " "being noted in the Wallaby cycle with an anticipated future removal of " "support by ``oslo.policy``. As such operators will need to convert to YAML " "policy files. Please see the upgrade notes for details on migration of any " "custom policy files." msgstr "" #: ../../:27 stable/rocky>:94 stable/stein>:211 msgid "" "Use the external cloud provider in k8s_fedora_atomic. The cloud_provider_tag " "label can be used to select the container tag for it, together with the " "cloud_provider_enabled label. The cloud provider runs as a DaemonSet on all " "master nodes." msgstr "" #: ../../:33 stable/victoria>:74 msgid "Users can enable or disable master_lb_enabled when creating a cluster." msgstr "" #: ../../:53 stable/train>:375 msgid "" "Using Node Problem Detector, Draino and AutoScaler to support auto healing " "for K8s cluster, user can use a new label \"auto_healing_enabled' to turn on/" "off it." msgstr "" #: ../../:166 stable/rocky>:287 msgid "" "Using the queens (>=2.9.0) python-magnumclient, when a user executes " "openstack coe cluster config, the client certificate has admin as Common " "Name (CN) and system:masters for Organization which are required for " "authorization with RBAC enabled clusters. This change in the client is " "backwards compatible, so old clusters (without RBAC enabled) can be reached " "with certificates generated by the new client. However, old magnum clients " "will generate certificates that will not be able to contact RBAC enabled " "clusters. This issue affects only k8s_fedora_atomic clusters and clients " "<=2.8.0, note that 2.8.0 is still a queens release but only 2.9.0 includes " "the relevant patch. Finally, users can always generate and sign the " "certificates using this [0] procedure even with old clients since only the " "cluster config command is affected. [0] https://docs.openstack.org/magnum/" "latest/user/index.html#interfacing-with-a-secure-cluster" msgstr "" #: ../../:76 stable/2023.2>:108 msgid "" "We are dropping mesos for the lack of support/test and no usage from the " "community." msgstr "" #: ../../:81 msgid "" "We have corrected the authentication scope in Magnum drivers when " "authenticating to create certs, so that trusts can work properly. This will " "change the authenticated user from trustee to trustor (as trusts designed " "for). This change affects all drivers that inherit from common Magnum " "drivers (Heat drivers). If you have custom policies that checks for trustee " "user, you will need to update them to trustor." msgstr "" #: ../../:31 msgid "" "We will change the default to True in 2024.1 (Caracal) cycle. If you want to " "enable them then modify both values to True." msgstr "" #: ../../:33 msgid "" "When creating a cluster template the administrator can use --tags " "argument to add any information that he considers important. The received " "text is a comma separated list with the pretended tags. This information is " "also shown when the user lists all the available cluster templates." msgstr "" #: ../../:106 stable/rocky>:361 msgid "" "When creating a multi-master cluster, all master nodes will attempt to " "create kubernetes resources in the cluster at this same time, like coredns, " "the dashboard, calico etc. This race conditon shouldn't be a problem when " "doing declarative calls instead of imperative (kubectl apply instead of " "create). However, due to [1], kubectl fails to apply the changes and the " "deployemnt scripts fail causing cluster to creation to fail in the case of " "Heat SoftwareDeployments. This patch passes the ResourceGroup index of every " "master so that resource creation will be attempted only from the first " "master node. [1] https://github.com/kubernetes/kubernetes/issues/44165" msgstr "" #: ../../:149 stable/stein>:327 msgid "" "When doing a cluster update magnum is now passing the existing parameter to " "heat which will use the heat templates stored in the heat db. This change " "will prevent heat from replacacing all nodes when the heat templates change, " "for example after an upgrade of the magnum server code. https://storyboard." "openstack.org/#!/story/1722573" msgstr "" #: ../../:323 msgid "" "When using a public cluster template, user still need the capability to " "reuse their existing network/subnet, and they also need to be able to turn " "of/off the floating IP to overwrite the setting in the public template. Now " "this is supported by adding those three items as parameters when creating " "cluster." msgstr "" #: ../../:405 msgid "" "With the new config option keystone_auth_default_policy, cloud admin can set " "a default keystone auth policy for k8s cluster when the keystone auth is " "enabled. As a result, user can use their current keystone user to access k8s " "cluster as long as they're assigned correct roles, and they will get the pre-" "defined permissions defined by the cloud provider." msgstr "" #: ../../:54 msgid "" "[0] https://github.com/helm/charts/tree/master/stable/grafana#sidecar-for-" "dashboards" msgstr "" #: ../../:151 stable/victoria>:217 msgid "" "[0] https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/" "CHANGELOG-1.18.md#kubectl" msgstr "" #: ../../:72 msgid "" "[1] https://github.com/projectatomic/atomic-system-containers [2] https://" "hub.docker.com/r/openstackmagnum/kubernetes-kubelet/tags/ [3] https://pagure." "io/atomic/kubernetes-sig/issue/6" msgstr "" #: ../../:71 msgid "[1] https://kubernetes.io/docs/concepts/security/pod-security-policy/" msgstr "" #: ../../:99 msgid "[1] https://review.openstack.org/#/c/311476/" msgstr "" #: ../../:239 stable/rocky>:210 msgid "[1] https://review.openstack.org/#/q/topic:bp/federation-api" msgstr "" #: ../../:351 msgid "[1]. https://blueprints.launchpad.net/magnum/+spec/policy-in-code" msgstr "" #: ../../:27 stable/queens>:423 msgid "" "[`bug 1663757 `_] A " "configuration parameter, verify_ca, was added to magnum.conf with a default " "value of True and passed to the heat templates to indicate whether the " "cluster nodes validate the Certificate Authority when making requests to the " "OpenStack APIs (Keystone, Magnum, Heat). This parameter can be set to False " "to disable CA validation if you have self-signed certificates for the " "OpenStack APIs or you have your own Certificate Authority and you have not " "installed the Certificate Authority to all nodes." msgstr "" #: ../../:54 msgid "" "``Tiller`` support has been dropped, following labels are not functional " "anymore: * ``tiller_enabled`` * ``tiller_tag`` * ``tiller_namespace``" msgstr "" #: ../../:46 msgid "``k8s_coreos_v1`` driver has been dropped." msgstr "" #: ../../:42 msgid "``k8s_fedora_atomic_v1`` driver has been dropped." msgstr "" #: ../../:50 msgid "``k8s_fedora_ironic_v1`` driver has been dropped." msgstr "" #: ../../:40 stable/ussuri>:221 msgid "" "container_runtime The container runtime to use. Empty value means, use " "docker from the host. Since ussuri, apart from empty (host-docker), " "containerd is also an option." msgstr "" #: ../../:53 stable/ussuri>:234 msgid "" "containerd_tarball_sha256 sha256 of the tarball fetched with " "containerd_tarball_url or from https://storage.googleapis.com/cri-containerd-" "release/." msgstr "" #: ../../:50 stable/ussuri>:231 msgid "containerd_tarball_url Url with the tarball of containerd's binaries." msgstr "" #: ../../:45 stable/ussuri>:226 msgid "" "containerd_version The containerd version to use as released in https://" "github.com/containerd/containerd/releases and https://storage.googleapis.com/" "cri-containerd-release/" msgstr "" #: ../../:294 stable/ussuri>:510 msgid "" "core-podman Mount os-release properly To display the node OS-IMAGE in k8s " "properly we need to mount /usr/lib/os-release, /ets/os-release is just a " "symlink." msgstr "" #: ../../:199 stable/ussuri>:474 msgid "" "k8s-keystone-auth now uses the upstream k8scloudprovider docker repo instead " "of the openstackmagnum repo." msgstr "" #: ../../:188 stable/rocky>:319 msgid "" "k8s_fedora Remove cluster role from the kubernetes-dashboard account. When " "accessing the dashboard and skip authentication, users login with the " "kunernetes-dashboard service account, if that service account has the " "cluster role, users have admin access without authentication. Create an " "admin service account for this use case and others." msgstr "" #: ../../:142 stable/rocky>:198 msgid "" "k8s_fedora_atomic clusters are deployed with RBAC support. Along with RBAC " "Node authorization is added so the appropriate certificates are generated." msgstr "" #: ../../:39 stable/stein>:14 stable/train>:365 msgid "" "k8s_fedora_atomic_v1 Add PodSecurityPolicy for privileged pods. Use " "privileged PSP for calico and node-problem-detector. Add PSP for flannel " "from upstream." msgstr "" #: ../../:258 stable/ussuri>:331 msgid "" "k8s_fedora_atomic_v1 defaults to use_podman=false, meaning atomic will be " "used pulling containers from docker.io/openstackmagnum. use_podman=true is " "accepted as well, which will pull containers by k8s.gcr.io." msgstr "" #: ../../:262 stable/ussuri>:335 msgid "k8s_fedora_coreos_v1 defaults and accepts only use_podman=true." msgstr "" #: ../../:175 stable/ussuri>:373 msgid "" "nginx-ingress-controller QoS changed from Guaranteed to Burstable. Priority " "class 'system-cluster-critical' or higher for nginx-ingress-controller." msgstr "" #: ../../:193 stable/ussuri>:451 msgid "" "nginx-ingress-controller requests.memory increased to 256MiB. This is a " "result of tests that showed the pod getting oom killed by the node on a " "relatively generic use case." msgstr "" #: ../source/2023.1.rst:3 msgid "2023.1 Series Release Notes" msgstr "" #: ../source/2023.2.rst:3 msgid "2023.2 Series Release Notes" msgstr "" #: ../source/2024.1.rst:3 msgid "2024.1 Series Release Notes" msgstr "" #: ../source/2024.2.rst:3 msgid "2024.2 Series Release Notes" msgstr "" #: ../source/index.rst:7 msgid "Welcome to Magnum Release Notes's documentation!" msgstr "" #: ../source/index.rst:9 msgid "Contents:" msgstr "" #: ../source/index.rst:36 msgid "Indices and tables" msgstr "" #: ../source/index.rst:38 msgid ":ref:`genindex`" msgstr "" #: ../source/index.rst:39 msgid ":ref:`search`" msgstr "" #: ../source/liberty.rst:3 msgid "Liberty Series Release Notes" msgstr "" #: ../source/mitaka.rst:3 msgid "Mitaka Series Release Notes" msgstr "" #: ../source/newton.rst:3 msgid "Newton Series Release Notes" msgstr "" #: ../source/ocata.rst:3 msgid "Ocata Series Release Notes" msgstr "" #: ../source/pike.rst:3 msgid "Pike Series Release Notes" msgstr "" #: ../source/queens.rst:3 msgid "Queens Series Release Notes" msgstr "" #: ../source/rocky.rst:3 msgid "Rocky Series Release Notes" msgstr "" #: ../source/stein.rst:3 msgid "Stein Series Release Notes" msgstr "" #: ../source/train.rst:3 msgid "Train Series Release Notes" msgstr "" #: ../source/unreleased.rst:3 msgid "Current Series Release Notes" msgstr "" #: ../source/ussuri.rst:3 msgid "Ussuri Series Release Notes" msgstr "" #: ../source/victoria.rst:3 msgid "Victoria Series Release Notes" msgstr "" #: ../source/wallaby.rst:3 msgid "Wallaby Series Release Notes" msgstr "" #: ../source/xena.rst:3 msgid "Xena Series Release Notes" msgstr "" #: ../source/yoga.rst:3 msgid "Yoga Series Release Notes" msgstr "" #: ../source/zed.rst:3 msgid "Zed Series Release Notes" msgstr ""