Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add --print-config flag #171

Merged
merged 1 commit into from
Sep 25, 2020
Merged

Add --print-config flag #171

merged 1 commit into from
Sep 25, 2020

Conversation

zerobfd
Copy link
Contributor

@zerobfd zerobfd commented Sep 24, 2020

Instead of installing anything, just print the config that would have been applied. This also skips verification and cluster/project setup. Closes #169.

Sample output (citadel was chosen to include an additional yaml file to overlay):

$>install_asm -l us-central1-c -n basic-suite-981hztoe -p test-cluster -m install -c citadel --print-config > testfile
$>cat testfile
---
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  profile: asm-gcp
  hub: gcr.io/asm-staging-images/asm
  tag: 1.7.1-asm.0
  components:
    pilot:
      k8s:
        env:
        - name: SPIFFE_BUNDLE_ENDPOINTS
          value: "test-cluster.svc.id.goog|https://storage.googleapis.com/mesh-ca-resources/spiffe_bundle.json"
        - name: ENABLE_STACKDRIVER_MONITORING
          value: "true"
  meshConfig:
    defaultConfig:
      proxyMetadata:
        GCE_METADATA_HOST: "metadata.google.internal"
        TRUST_DOMAIN: "test-cluster.svc.id.goog"
  values:
    global:
      trustDomain: "test-cluster.svc.id.goog"
      sds:
        token:
          aud: "test-cluster.svc.id.goog"
---
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  components:
    pilot:
      k8s:
        env:
        - name: SPIFFE_BUNDLE_ENDPOINTS
          value: ""
        - name: TOKEN_AUDIENCES
          value: "istio-ca,test-cluster.svc.id.goog"
        - name: ENABLE_STACKDRIVER_MONITORING
          value: "true"
  meshConfig:
    defaultConfig:
      proxyMetadata:
        TRUST_DOMAIN: "cluster.local"
        CA_PROVIDER: "Citadel"
        PLUGINS: ""
  values:
    global:
      trustDomain: "cluster.local"
      caAddress: ""
      pilotCertProvider: "istiod"

@zerobfd zerobfd added the asm-installer Issues related to the asm-installer script label Sep 25, 2020
backward-compatible
backward-compatible approved these changes Sep 25, 2020
View reviewed changes
Copy link
Contributor

@backward-compatible backward-compatible left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

djazayeri
djazayeri reviewed Sep 25, 2020
View reviewed changes
scripts/asm-installer/install_asm
--print_config Instead of installing ASM, print all of
the compiled YAML to stdout. All other
output will be written to stderr, even if
it would normally go to stdout. Skip all
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure I agree about "skip all validations" in this case. Is that standard/idiomatic for this kind of command? We can discuss offline.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree that it's a trade-off. In the context of the linked issue (GitOps / CI/CD integration) I thought it was safer for now to disable it by default. I don't know if the CI/CD user/service account is going to have the access to check everything, if the cluster names may be templated in later, etc. @therealmitchconnors do you have any guidance one way or the other?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this validation against user-supplied config, or against runtime values in the cluster or project?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Runtime values. The CLI options/dependencies are still verified.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Then it does seem like a runtime validation might not be possible in some CI scenarios. Perhaps we should have a separate flag to control this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure. Added #176 to track the extra flag.

@zerobfd zerobfd mentioned this pull request Sep 25, 2020
Open
@zerobfd zerobfd merged commit 0f0bf05 into GoogleCloudPlatform:master Sep 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@therealmitchconnors therealmitchconnors therealmitchconnors left review comments

@djazayeri djazayeri djazayeri left review comments

@elfinhe elfinhe elfinhe approved these changes

@backward-compatible backward-compatible backward-compatible approved these changes

Assignees
No one assigned
Labels
asm-installer Issues related to the asm-installer script
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow GitOps integration
5 participants
@zerobfd @therealmitchconnors @djazayeri @elfinhe @backward-compatible