helm: use Helm hooks instead of Job unique name #23102
Conversation
maintainer-s-little-helper
bot
added
the
dont-merge/needs-release-note-label
github-actions
bot
added
the
kind/community-contribution
There was a problem hiding this comment.
Thanks for the PR, I did some local testing and this seems to work nicely!
For anyone curious how this works: Thanks to the job being a hook, Helm will not treat it as part oft the release. Any existing job will be removed by Helm after an upgrade or install due to the "helm.sh/hook-delete-policy": before-hook-creation default value.
Could you also update the clustermesh certificate generation? Thanks
gandro
added
release-note/minor
| generate a name for the job here which is based on the checksum of the spec. | ||
| This will cause the name of the job to change if its content changes, | ||
| and in turn cause Helm to do delete the old job and replace it with a new one. | ||
| */}} | ||
| {{- $jobSpec := include "hubble-generate-certs.job.spec" . -}} | ||
| {{- $checkSum := $jobSpec | sha256sum | trunc 10 -}} |
There was a problem hiding this comment.
Ah, noticed too late. Please also remove this line, since it's not used anymore. And we can probably inline $jobSpec too, now that there is only one use.
|
@gandro. Thanks for your review. I've addressed your comments. Backto you!
Done.
Done. |
|
/test Job 'Cilium-PR-K8s-1.24-kernel-5.4' failed: Click to show.Test NameFailure OutputIf it is a flake and a GitHub issue doesn't already exist to track it, comment Job 'Cilium-PR-K8s-1.25-kernel-4.19' failed: Click to show.Test NameFailure OutputIf it is a flake and a GitHub issue doesn't already exist to track it, comment |
install/kubernetes/cilium/templates/clustermesh-apiserver/tls-cronjob/job.yaml
Show resolved
Hide resolved
As far as I understand, no. At least not as long as |
|
This PR has 3 approvals, however the CI is failing for unrelated reason. Anything missing to merge? |
|
@sathieu looks like some image pull backoff issues in k8s testing. It's been a couple weeks since the CI images where built so the images probably just expired - I'm just going to rerun the tests. |
|
/test |
@tommyp1ckles Note that command doesn't rerun the image builds. You need to do that manually (I will). |
See https://helm.sh/docs/topics/charts_hooks/. Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Signed-off-by: Mathieu Parent <mathieu.parent@insee.fr>
|
@sathieu Was there a merge conflict forcing to rebase? JFYI, we need to rerun the full test suite after each rebase. |
|
/test |
|
@pchaigno Sorry, I added a commit for #23102 (comment), and rebased for clean history. I thought a merge would require a /retest too... |
|
Looks like k8s-1.26-kernel-net-next CI run hit #20723 |
|
/test-1.26-net-next |
|
/ci-l4lb |
|
/ci-verifier |
maintainer-s-little-helper
bot
added
the
ready-to-merge
|
@kaworu Please provide a rationale when restarting tests. We want to ensure that we don't miss new flakes (i.e., that we create flake issues as soon as the flakes as discovered). |
|
@pchaigno both ci-l4lb and ci-verifier were in a "waiting status" pending state and didn't report anything. I was assuming they didn't run at all, but is there any way to get info? |
|
Ok, probably some blip caused the job triggering to fail for those. Still good to mention so the TopHat doesn't get scared when they see a lot of reruns 😸 |
|
Unfortunately, it's not in 1.13.0. Any chance to have this backported? |
|
Seems safe enough to backport to v1.13, @gandro do you agree? |
|
I'd like to avoid such changes in patch releases, there is the potential danger of it breaking peoples workflow (e.g. if they manually use Since this is not a bugfix, I don't think it satisfies the Backport Criteria for Current Minor Release |
Without this, ArgoCD (and other Gitops tools) thinks there is a diff.
See https://helm.sh/docs/topics/charts_hooks/.