diff --git a/.gitlab-ci/packet.yml b/.gitlab-ci/packet.yml index 7313ea41d..290bdc8b9 100644 --- a/.gitlab-ci/packet.yml +++ b/.gitlab-ci/packet.yml @@ -123,6 +123,11 @@ packet_centos7-multus-calico: extends: .packet when: manual +packet_centos8-calico: + stage: deploy-part2 + extends: .packet + when: on_success + packet_opensuse-canal: stage: deploy-part2 extends: .packet diff --git a/README.md b/README.md index 77e5d4cda..a1b77dba0 100644 --- a/README.md +++ b/README.md @@ -103,7 +103,7 @@ vagrant up - **Container Linux by CoreOS** - **Debian** Buster, Jessie, Stretch, Wheezy - **Ubuntu** 16.04, 18.04 -- **CentOS/RHEL** 7 +- **CentOS/RHEL** 7, 8 (experimental: see [centos 8 notes](docs/centos8.md) - **Fedora** 28 - **Fedora CoreOS** (experimental: see [fcos Note](docs/fcos.md) - **openSUSE** Leap 42.3/Tumbleweed diff --git a/docs/centos8.md b/docs/centos8.md new file mode 100644 index 000000000..361448027 --- /dev/null +++ b/docs/centos8.md @@ -0,0 +1,9 @@ +# RHEL / CentOS 8 + +RHEL / CentOS 8 ships only with iptables-nft (ie without iptables-legacy) +The only tested configuration for now is using Calico CNI +You need to use K8S 1.17+ and to add `calico_iptables_backend: "NFT"` to your configuration + +If you have containers that are using iptables in the host network namespace (`hostNetwork=true`), +you need to ensure they are using iptables-nft. +An exemple how k8s do the autodetection can be found [in this PR](https://github.com/kubernetes/kubernetes/pull/82966) diff --git a/tests/files/packet_centos8-calico.yml b/tests/files/packet_centos8-calico.yml new file mode 100644 index 000000000..56b6b72d1 --- /dev/null +++ b/tests/files/packet_centos8-calico.yml @@ -0,0 +1,12 @@ +--- +# Instance settings +cloud_image: centos-8 +mode: default + +# Kubespray settings +kube_network_plugin: calico +deploy_netchecker: true +dns_min_replicas: 1 + +# required / not autodetected for now +calico_iptables_backend: "NFT"