From 75e743bfae2a755f6e21f0280154323b472dc58b Mon Sep 17 00:00:00 2001
From: Etienne Champetier <champetier.etienne@gmail.com>
Date: Tue, 7 Apr 2020 08:49:43 -0400
Subject: [PATCH] CentOS 8 CI (#5842)

* requirements.txt: Bump versions

Ansible 2.8+ allow ansible_python_interpreter autodetection

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* tests: do not force ansible_python_interpreter

we do not expect people to set ansible_python_interpreter, so we should not set it in the CI

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Add CentOS 8 Calico to CI

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
---
 .gitlab-ci/packet.yml                 |  5 +++++
 README.md                             |  2 +-
 docs/centos8.md                       |  9 +++++++++
 tests/files/packet_centos8-calico.yml | 12 ++++++++++++
 4 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 docs/centos8.md
 create mode 100644 tests/files/packet_centos8-calico.yml

diff --git a/.gitlab-ci/packet.yml b/.gitlab-ci/packet.yml
index 7313ea41d..290bdc8b9 100644
--- a/.gitlab-ci/packet.yml
+++ b/.gitlab-ci/packet.yml
@@ -123,6 +123,11 @@ packet_centos7-multus-calico:
   extends: .packet
   when: manual
 
+packet_centos8-calico:
+  stage: deploy-part2
+  extends: .packet
+  when: on_success
+
 packet_opensuse-canal:
   stage: deploy-part2
   extends: .packet
diff --git a/README.md b/README.md
index 77e5d4cda..a1b77dba0 100644
--- a/README.md
+++ b/README.md
@@ -103,7 +103,7 @@ vagrant up
 - **Container Linux by CoreOS**
 - **Debian** Buster, Jessie, Stretch, Wheezy
 - **Ubuntu** 16.04, 18.04
-- **CentOS/RHEL** 7
+- **CentOS/RHEL** 7, 8 (experimental: see [centos 8 notes](docs/centos8.md)
 - **Fedora** 28
 - **Fedora CoreOS** (experimental: see [fcos Note](docs/fcos.md)
 - **openSUSE** Leap 42.3/Tumbleweed
diff --git a/docs/centos8.md b/docs/centos8.md
new file mode 100644
index 000000000..361448027
--- /dev/null
+++ b/docs/centos8.md
@@ -0,0 +1,9 @@
+# RHEL / CentOS 8
+
+RHEL / CentOS 8 ships only with iptables-nft (ie without iptables-legacy)
+The only tested configuration for now is using Calico CNI
+You need to use K8S 1.17+ and to add `calico_iptables_backend: "NFT"` to your configuration
+
+If you have containers that are using iptables in the host network namespace (`hostNetwork=true`),
+you need to ensure they are using iptables-nft.
+An exemple how k8s do the autodetection can be found [in this PR](https://github.com/kubernetes/kubernetes/pull/82966)
diff --git a/tests/files/packet_centos8-calico.yml b/tests/files/packet_centos8-calico.yml
new file mode 100644
index 000000000..56b6b72d1
--- /dev/null
+++ b/tests/files/packet_centos8-calico.yml
@@ -0,0 +1,12 @@
+---
+# Instance settings
+cloud_image: centos-8
+mode: default
+
+# Kubespray settings
+kube_network_plugin: calico
+deploy_netchecker: true
+dns_min_replicas: 1
+
+# required / not autodetected for now
+calico_iptables_backend: "NFT"
-- 
GitLab