CentOS 8 CI (#5842)

* requirements.txt: Bump versions

Ansible 2.8+ allow ansible_python_interpreter autodetection

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* tests: do not force ansible_python_interpreter

we do not expect people to set ansible_python_interpreter, so we should not set it in the CI

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Add CentOS 8 Calico to CI

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

.gitlab-ci/packet.yml

@@ -123,6 +123,11 @@ packet_centos7-multus-calico:
   extends: .packet
   when: manual
 
+packet_centos8-calico:
+  stage: deploy-part2
+  extends: .packet
+  when: on_success
+
 packet_opensuse-canal:
   stage: deploy-part2
   extends: .packet

README.md

@@ -103,7 +103,7 @@ vagrant up
 - **Container Linux by CoreOS**
 - **Debian** Buster, Jessie, Stretch, Wheezy
 - **Ubuntu** 16.04, 18.04
-- **CentOS/RHEL** 7
+- **CentOS/RHEL** 7, 8 (experimental: see [centos 8 notes](docs/centos8.md)
 - **Fedora** 28
 - **Fedora CoreOS** (experimental: see [fcos Note](docs/fcos.md)
 - **openSUSE** Leap 42.3/Tumbleweed

docs/centos8.md

@@ -0,0 +1,9 @@
+# RHEL / CentOS 8
+
+RHEL / CentOS 8 ships only with iptables-nft (ie without iptables-legacy)
+The only tested configuration for now is using Calico CNI
+You need to use K8S 1.17+ and to add `calico_iptables_backend: "NFT"` to your configuration
+
+If you have containers that are using iptables in the host network namespace (`hostNetwork=true`),
+you need to ensure they are using iptables-nft.
+An exemple how k8s do the autodetection can be found [in this PR](https://github.com/kubernetes/kubernetes/pull/82966)

tests/files/packet_centos8-calico.yml

@@ -0,0 +1,12 @@
+---
+# Instance settings
+cloud_image: centos-8
+mode: default
+
+# Kubespray settings
+kube_network_plugin: calico
+deploy_netchecker: true
+dns_min_replicas: 1
+
+# required / not autodetected for now
+calico_iptables_backend: "NFT"