Helm: Clean up deprecated values #24214
Conversation
qmonnet
added
release-note/minor
qmonnet
changed the title
|
Forgot to update the Helm reference in the docs at each commit, I'll fix this now |
qmonnet
force-pushed
the
pr/values-cleanup
branch
from
3383d7f
to
2643d45
Compare
qmonnet
force-pushed
the
pr/values-cleanup
branch
from
2643d45
to
de71bf7
Compare
qmonnet
force-pushed
the
pr/values-cleanup
branch
from
de71bf7
to
eb00a5f
Compare
sayboras
added
the
dont-merge/needs-rebase
There was a problem hiding this comment.
@qmonnet 👋🏻 Looks good! Mostly nits, with one advisory about choosing between "to" or "will" to indicate lesser or greater likelihood of removal, respectively.
I also left a question for you about whether it's possible to avoid future tense in one specific instance while still remaining technically accurate.
Otherwise LGTM!
qmonnet
force-pushed
the
pr/values-cleanup
branch
from
eb00a5f
to
ebd207a
Compare
qmonnet
removed
the
dont-merge/needs-rebase
Thanks a lot for the review! Thinking of the two terms, I decided to stick with the “to” construct. We do intend to remove these values, but after all, this PR cleans up values that we intended to remove in 1.13, and prepares removal for some that we intended to see disappear in 1.11. So they should go in 1.15, but there's always a risk we forget to actually remove them 🙂. Let me know if you strongly feels against it.
Thanks as well, but this particular instance is unrelated to the current PR. The README file is generated automatically from the changes in
Thanks! I fixed the other nits and rebased. |
|
I'll do a separate PR to mark the README file as auto-generated in GitHub diff interface. |
qmonnet
force-pushed
the
pr/values-cleanup
branch
from
ebd207a
to
df5c31b
Compare
|
@zacharysarah Could you have another look at this PR, please? |
|
/test Job 'Cilium-PR-K8s-1.25-kernel-4.19' failed: Click to show.Test NameFailure OutputJenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.25-kernel-4.19/1784/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Job 'Cilium-PR-K8s-1.26-kernel-net-next' failed: Click to show.Test NameFailure OutputJenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.26-kernel-net-next/1837/ If it is a flake and a GitHub issue doesn't already exist to track it, comment |
|
Good thing we added the failsafe, it seems Let's fix test/helpers/kubectl.go. |
qmonnet
force-pushed
the
pr/values-cleanup
branch
from
95b20ec
to
9c86ba1
Compare
|
/test |
qmonnet
force-pushed
the
pr/values-cleanup
branch
from
9c86ba1
to
c5d3ff7
Compare
|
/test |
qmonnet
added
the
release-blocker/1.14
Some Helm values related to encryption have been deprecated in the charts since Cilium version 1.10, in commit b52e210 ("helm: move IPSec options under encryption.ipsec"), but we have never logged the change in the upgrade instructions. Let's do it now, so we can remove these values safely in 1.15. Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Helm value hubble.peerService.enabled has been deprecated in commit 66ea2f9 ("hubble: deprecate relay peer-svc through unix domain socket") and, for the upgrade notes, 1.13-backport commit 8ebc2ba ("hubble: deprecate relay peer-svc through unix domain socket"). We can remove this value from the Charts. We also need to adjust some of the templates now that this value is gone. Signed-off-by: Quentin Monnet <quentin@isovalent.com>
These values were deprecated in Cilium 1.12 with commit 0c55c8e ("helm: Support using same CA with helm method"). We can now remove them from the Helm charts and templates. Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Value hubble.ui.securityContext.enabled was removed in Cilium 1.12, with commit 7a457ec ("Expose hubble-ui security context in helm chart"). We can now remove the option from the Helm charts. Signed-off-by: Quentin Monnet <quentin@isovalent.com>
These values were deprecated in Cilium 1.11, with commit 8a7c37f ("fix(cluster-pools): fix parameter"), but have never been removed. Let's remove them from the chart and configmap template. To preserve the behaviour when users don't change the default values, the default CIDRs are moved from the removed options to their list counterparts. To avoid surprises resulting from the change, in particular if users have set up a value for clusterPoolIPv{4,6}PodCIDR and do not expect it to be overwritten by the list versions, make the Helm templating fail if the removed value is still present. This failsafe mechanism can be removed in a few minor versions, or if Helm starts one day to warn on unused values [0]. [0] helm/helm#6422 Signed-off-by: Quentin Monnet <quentin@isovalent.com>
qmonnet
force-pushed
the
pr/values-cleanup
branch
from
c5d3ff7
to
8d59aae
Compare
|
/test |
Deprecated Cilium Helm Chart values have been removed in the PR cilium/cilium#24214. Installing Cilium (`cilium install`) & enabling hubble (`cilium hubble enable`) will break the connectivity from the hubble relay to the peer service (`Failed to create peer client for peers synchronization...`). This will consequently also fail the connectivity tests with the following error: `Timeout waiting for flow listener to become ready`. We need to set `tls.ca.cert` & `tls.ca.key` during `cilium hubble enable` to use the same CA cert. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Deprecated Cilium Helm Chart values have been removed in the PR cilium/cilium#24214. Installing Cilium (`cilium install`) & enabling hubble (`cilium hubble enable`) will break the connectivity from the hubble relay to the peer service (`Failed to create peer client for peers synchronization...`). This will consequently also fail the connectivity tests with the following error: `Timeout waiting for flow listener to become ready`. We need to set `tls.ca.cert` & `tls.ca.key` during `cilium hubble enable` to use the same CA cert. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Deprecated Cilium Helm Chart values have been removed in the PR cilium/cilium#24214. Installing Cilium (`cilium install`) & enabling hubble (`cilium hubble enable`) will break the connectivity from the hubble relay to the peer service (`Failed to create peer client for peers synchronization...`). This will consequently also fail the connectivity tests with the following error: `Timeout waiting for flow listener to become ready`. We need to set `tls.ca.cert` & `tls.ca.key` during `cilium hubble enable` to use the same CA cert. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Deprecated Cilium Helm Chart values have been removed in the PR cilium/cilium#24214. Installing Cilium (`cilium install`) & enabling hubble (`cilium hubble enable`) will break the connectivity from the hubble relay to the peer service (`Failed to create peer client for peers synchronization...`). This will consequently also fail the connectivity tests with the following error: `Timeout waiting for flow listener to become ready`. We need to set `tls.ca.cert` & `tls.ca.key` during `cilium hubble enable` to use the same CA cert. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Deprecated Cilium Helm Chart values have been removed in the PR cilium#24214. Installing Cilium (`cilium install`) & enabling hubble (`cilium hubble enable`) will break the connectivity from the hubble relay to the peer service (`Failed to create peer client for peers synchronization...`). This will consequently also fail the connectivity tests with the following error: `Timeout waiting for flow listener to become ready`. We need to set `tls.ca.cert` & `tls.ca.key` during `cilium hubble enable` to use the same CA cert. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
encryption.<attr>values in upgrade noteshubble.peerService.enabledhubble.tls.caand sub-valueshubble.ui.securityContext.enabledipam.operator.clusterPoolIPv{4,6}PodCIDRThese commits result from a simple search for
deprecatedinvalues.yaml.tmpl.