New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Helm: Clean up deprecated values #24214
Conversation
Forgot to update the Helm reference in the docs at each commit, I'll fix this now |
3383d7f
to
2643d45
Compare
2643d45
to
de71bf7
Compare
de71bf7
to
eb00a5f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @qmonnet 🙏 !
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@qmonnet 👋🏻 Looks good! Mostly nits, with one advisory about choosing between "to" or "will" to indicate lesser or greater likelihood of removal, respectively.
I also left a question for you about whether it's possible to avoid future tense in one specific instance while still remaining technically accurate.
Otherwise LGTM!
eb00a5f
to
ebd207a
Compare
Thanks a lot for the review! Thinking of the two terms, I decided to stick with the “to” construct. We do intend to remove these values, but after all, this PR cleans up values that we intended to remove in 1.13, and prepares removal for some that we intended to see disappear in 1.11. So they should go in 1.15, but there's always a risk we forget to actually remove them 🙂. Let me know if you strongly feels against it.
Thanks as well, but this particular instance is unrelated to the current PR. The README file is generated automatically from the changes in
Thanks! I fixed the other nits and rebased. |
I'll do a separate PR to mark the README file as auto-generated in GitHub diff interface. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for late reply. I have one comment as part below, the rest looks good to me.
ebd207a
to
df5c31b
Compare
@zacharysarah Could you have another look at this PR, please? |
/test Job 'Cilium-PR-K8s-1.25-kernel-4.19' failed: Click to show.Test Name
Failure Output
Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.25-kernel-4.19/1784/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Job 'Cilium-PR-K8s-1.26-kernel-net-next' failed: Click to show.Test Name
Failure Output
Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.26-kernel-net-next/1837/ If it is a flake and a GitHub issue doesn't already exist to track it, comment |
95b20ec
to
9c86ba1
Compare
/test |
9c86ba1
to
c5d3ff7
Compare
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot for taking care of all of this, especially the added check around the clusterpool pod CIDR!
Some Helm values related to encryption have been deprecated in the charts since Cilium version 1.10, in commit b52e210 ("helm: move IPSec options under encryption.ipsec"), but we have never logged the change in the upgrade instructions. Let's do it now, so we can remove these values safely in 1.15. Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Helm value hubble.peerService.enabled has been deprecated in commit 66ea2f9 ("hubble: deprecate relay peer-svc through unix domain socket") and, for the upgrade notes, 1.13-backport commit 8ebc2ba ("hubble: deprecate relay peer-svc through unix domain socket"). We can remove this value from the Charts. We also need to adjust some of the templates now that this value is gone. Signed-off-by: Quentin Monnet <quentin@isovalent.com>
These values were deprecated in Cilium 1.12 with commit 0c55c8e ("helm: Support using same CA with helm method"). We can now remove them from the Helm charts and templates. Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Value hubble.ui.securityContext.enabled was removed in Cilium 1.12, with commit 7a457ec ("Expose hubble-ui security context in helm chart"). We can now remove the option from the Helm charts. Signed-off-by: Quentin Monnet <quentin@isovalent.com>
These values were deprecated in Cilium 1.11, with commit 8a7c37f ("fix(cluster-pools): fix parameter"), but have never been removed. Let's remove them from the chart and configmap template. To preserve the behaviour when users don't change the default values, the default CIDRs are moved from the removed options to their list counterparts. To avoid surprises resulting from the change, in particular if users have set up a value for clusterPoolIPv{4,6}PodCIDR and do not expect it to be overwritten by the list versions, make the Helm templating fail if the removed value is still present. This failsafe mechanism can be removed in a few minor versions, or if Helm starts one day to warn on unused values [0]. [0] helm/helm#6422 Signed-off-by: Quentin Monnet <quentin@isovalent.com>
c5d3ff7
to
8d59aae
Compare
/test |
Deprecated Cilium Helm Chart values have been removed in the PR cilium/cilium#24214. Installing Cilium (`cilium install`) & enabling hubble (`cilium hubble enable`) will break the connectivity from the hubble relay to the peer service (`Failed to create peer client for peers synchronization...`). This will consequently also fail the connectivity tests with the following error: `Timeout waiting for flow listener to become ready`. We need to set `tls.ca.cert` & `tls.ca.key` during `cilium hubble enable` to use the same CA cert. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Deprecated Cilium Helm Chart values have been removed in the PR cilium/cilium#24214. Installing Cilium (`cilium install`) & enabling hubble (`cilium hubble enable`) will break the connectivity from the hubble relay to the peer service (`Failed to create peer client for peers synchronization...`). This will consequently also fail the connectivity tests with the following error: `Timeout waiting for flow listener to become ready`. We need to set `tls.ca.cert` & `tls.ca.key` during `cilium hubble enable` to use the same CA cert. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Deprecated Cilium Helm Chart values have been removed in the PR cilium/cilium#24214. Installing Cilium (`cilium install`) & enabling hubble (`cilium hubble enable`) will break the connectivity from the hubble relay to the peer service (`Failed to create peer client for peers synchronization...`). This will consequently also fail the connectivity tests with the following error: `Timeout waiting for flow listener to become ready`. We need to set `tls.ca.cert` & `tls.ca.key` during `cilium hubble enable` to use the same CA cert. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Deprecated Cilium Helm Chart values have been removed in the PR cilium/cilium#24214. Installing Cilium (`cilium install`) & enabling hubble (`cilium hubble enable`) will break the connectivity from the hubble relay to the peer service (`Failed to create peer client for peers synchronization...`). This will consequently also fail the connectivity tests with the following error: `Timeout waiting for flow listener to become ready`. We need to set `tls.ca.cert` & `tls.ca.key` during `cilium hubble enable` to use the same CA cert. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Deprecated Cilium Helm Chart values have been removed in the PR cilium#24214. Installing Cilium (`cilium install`) & enabling hubble (`cilium hubble enable`) will break the connectivity from the hubble relay to the peer service (`Failed to create peer client for peers synchronization...`). This will consequently also fail the connectivity tests with the following error: `Timeout waiting for flow listener to become ready`. We need to set `tls.ca.cert` & `tls.ca.key` during `cilium hubble enable` to use the same CA cert. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
encryption.<attr>
values in upgrade noteshubble.peerService.enabled
hubble.tls.ca
and sub-valueshubble.ui.securityContext.enabled
ipam.operator.clusterPoolIPv{4,6}PodCIDR
These commits result from a simple search for
deprecated
invalues.yaml.tmpl
.