-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validate guides for 1.9 release #13627
Comments
FYI I have disabled the "v1.9" branch docs for now in favor of the "v1.9.0-rc2" docs. Please follow the docs from here: https://docs.cilium.io/en/v1.9.0-rc2/ EDIT: I updated the links in the guides above. |
Refs: #13627 Signed-off-by: Tom Payne <tom@isovalent.com>
For cilium#13627 Signed-off-by: Timo Beckers <timo@isovalent.com>
GKE instructions seem solid, everything works as expected. Addresses some nits in #13645. (I can't update the issue description..) |
Refs: #13627 Signed-off-by: Tom Payne <tom@isovalent.com>
having trouble running
|
EKS is looking good. I had no issue. |
Some issues with transparent encryption: Failure to autodetect interfaceUsing:
Failed. The problem seemed to be with cilium guess the interface wrong:
There was no The guide states the following:
Which might be interpreted so that it means that the interface can only be set when using direct routing. An attempt to clarify this can be found in: #13660 Long term, we might want to improve the interface detection. nodeEncryption=true does not seem to workSpecifying Some info that might be useful:
|
@kkourt Could you open dedicated issues for:
and
|
For #13627 Signed-off-by: Timo Beckers <timo@isovalent.com>
Sure.
|
The quick install guide is fine. While validating it, I noticed that we sometimes refer to slack by using |
Got some CRD and Ingress api version deprecation warnings when running
I think this is fine, but wanted to put this out there. As a side note, Small nitpick - "Copy All" button copies brackets with preceding backslash, which causes the script to fail - this happens on zsh only, not in bash, or when pasting into vim.
Last one is this error message an expected one at the end of step 5?
Overall, I think the guide works good. |
Refs: #13627 Signed-off-by: Tom Payne <tom@isovalent.com>
- Use `GOOGLE_CREDENTIALS` instead of `GOOGLE_APPLICATION_CREDENTIALS`. - Refer to https://github.com/openshift/installer/blob/master/docs/user/gcp/iam.md to assign appropriate roles to service account. - Make it a bit clearer that the firewall rule creation is time-sensitive. Ref: #13627 (comment) Signed-off-by: Michi Mutsuzaki <michi@isovalent.com>
opened #13713 for some minor modifications for openshift gsg. well done @errordeveloper i don't know how you figured out all these steps 💯 🚀 |
[ upstream commit e8bce62 ] As of Azure Linux kernel 5.4.0-1022 the necessary patches to the hv_netvsc have been backported, see [1]. This allows to run NodePort XDP on Azure AKS when using the Ubuntu 18.04 node image which provides said kernel version. [1] https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/1877654 Update the instructions accordingly. In addition the nodePort device helm option needs to be set explicitly to eth0, as otherwise bpf_host.o would erroneously be bound to the azure0 interface. For #13627 Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
- Use `GOOGLE_CREDENTIALS` instead of `GOOGLE_APPLICATION_CREDENTIALS`. - Refer to https://github.com/openshift/installer/blob/master/docs/user/gcp/iam.md to assign appropriate roles to service account. - Make it a bit clearer that the firewall rule creation is time-sensitive. Ref: #13627 (comment) Signed-off-by: Michi Mutsuzaki <michi@isovalent.com>
[ upstream commit e8bce62 ] As of Azure Linux kernel 5.4.0-1022 the necessary patches to the hv_netvsc have been backported, see [1]. This allows to run NodePort XDP on Azure AKS when using the Ubuntu 18.04 node image which provides said kernel version. [1] https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/1877654 Update the instructions accordingly. In addition the nodePort device helm option needs to be set explicitly to eth0, as otherwise bpf_host.o would erroneously be bound to the azure0 interface. For #13627 Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
I did a multi-regional deployment in GKE to test cluster-mesh. One of the things that I ran into is that I needed to turn "global access" on manually for the internal loadbalancers for etcd ala this guide. I filed this issue for us to fix it. |
[ upstream commit c40dfb0 ] - Use `GOOGLE_CREDENTIALS` instead of `GOOGLE_APPLICATION_CREDENTIALS`. - Refer to https://github.com/openshift/installer/blob/master/docs/user/gcp/iam.md to assign appropriate roles to service account. - Make it a bit clearer that the firewall rule creation is time-sensitive. Ref: #13627 (comment) Signed-off-by: Michi Mutsuzaki <michi@isovalent.com> Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
[ upstream commit c40dfb0 ] - Use `GOOGLE_CREDENTIALS` instead of `GOOGLE_APPLICATION_CREDENTIALS`. - Refer to https://github.com/openshift/installer/blob/master/docs/user/gcp/iam.md to assign appropriate roles to service account. - Make it a bit clearer that the firewall rule creation is time-sensitive. Ref: #13627 (comment) Signed-off-by: Michi Mutsuzaki <michi@isovalent.com> Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
[ upstream commit c40dfb0 ] - Use `GOOGLE_CREDENTIALS` instead of `GOOGLE_APPLICATION_CREDENTIALS`. - Refer to https://github.com/openshift/installer/blob/master/docs/user/gcp/iam.md to assign appropriate roles to service account. - Make it a bit clearer that the firewall rule creation is time-sensitive. Ref: #13627 (comment) Signed-off-by: Michi Mutsuzaki <michi@isovalent.com> Signed-off-by: Chris Tarazi <chris@isovalent.com>
[ upstream commit c40dfb0 ] - Use `GOOGLE_CREDENTIALS` instead of `GOOGLE_APPLICATION_CREDENTIALS`. - Refer to https://github.com/openshift/installer/blob/master/docs/user/gcp/iam.md to assign appropriate roles to service account. - Make it a bit clearer that the firewall rule creation is time-sensitive. Ref: #13627 (comment) Signed-off-by: Michi Mutsuzaki <michi@isovalent.com> Signed-off-by: Chris Tarazi <chris@isovalent.com>
Noticed while reviewing #15370 The respective guide was removed from documentation in commit 3d0e805 ("doc: Remove Mesos/Marathon guide"), thus the link in the README is broken already. The example hasn't been tested for the last few releases (v1.9: #13627, v1.8: #11903), so remove it. Signed-off-by: Tobias Klauser <tobias@cilium.io>
Noticed while reviewing #15370 The respective guide was removed from documentation in commit 3d0e805 ("doc: Remove Mesos/Marathon guide"), thus the link in the README is broken already. The example hasn't been tested for the last few releases (v1.9: #13627, v1.8: #11903), so remove it. Signed-off-by: Tobias Klauser <tobias@cilium.io>
Managed k8s
docs: GKE - fix some indentation, specify bash code segments #13645docs/gettingstarted: Update AKS instructions #13632Self-managed
docs: fix minor issue in cilium support with external etcd gsg #13651doc: Update OpenShift GSG #13713Guides
docs: Updates kube-proxy-free getting started guide #13692XDP on GKE(@gandro ) - Still not supporteddocs: NodePort XDP on GCP is not supported #13665Various fixes for NodePort XDP kube-proxy free guide #13674,docs: update NodePort XDP kube-proxy-free GSG for Azure AKS #13685transparent encryption: interface detection #13662transparent encryption: setting nodEncryption=true results in nodes being unreachable #13663docs: improve Host Firewall GSG #13673docs: Various LRP gsg fixups #13737redirectpolicy: Check lrp type before restoring lrp service #13741Monitoring
docs/gettingstarted: Fix minor issues in Metrics guide #13668Fixes for troubleshooting guide re. Hubble/Hubble Relay #13644Other Orchestrators
docs: docker: update some command outputs #13695The text was updated successfully, but these errors were encountered: