New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Helm: add configuration options for kvstoremesh #26109
Conversation
@@ -2630,6 +2630,46 @@ clustermesh: | |||
# cpu: 100m | |||
# memory: 100Mi | |||
|
|||
kvstoremesh: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The kvstoremesh
configuration options are currently placed at this level for consistency with etcd
, but I'm wondering whether they should be moved one level up. WDYT?
c2fb235
to
2beef43
Compare
2beef43
to
4d20333
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good, just some minor questions/points.
# -- KVStoreMesh image. | ||
image: | ||
override: ~ | ||
repository: "quay.io/cilium/kvstoremesh-ci" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this appears to be a CI image, is that intended?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've double-checked, and also the repositories for the other components point to CI images. It seems that they are sourced from here (and RELEASE is not set by default).
4d20333
to
69a0291
Compare
/test |
/ci-aks Failed due to #26075 |
69a0291
to
7b49c76
Compare
Force-pushed to explicitly set the etcd rate limit settings for kvstoremesh. |
/test |
7b49c76
to
a87b374
Compare
Rebased onto main now that #26083 has been merged |
a87b374
to
49bc57a
Compare
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@giorio94 Good work. Approving to unblock with the understanding that changes are required prior to merge.
Add the `clustermesh-apiserver.{namespace}.svc` DNS name to the clustermesh-apiserver etcd certificate, so that the secure connection can be successfully established when connecting to the local etcd instance through the service, rather than to a remote one through the corresponding LB/NodePort service or an external DNS name. This is required in particular in the kvstoremesh case. Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
The clustermesh-apiserver runs in pod network, hence there's no shortcoming in enabling those metrics by default. Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
This commit extends the helm chart to allow configuring kvstoremesh. In particular, the clustermesh-apiserver deployment is enriched with the additional kvstoremesh sidecar container (when kvstoremesh is enabled), appropriately mounting the secret containing the remote kvstore configurations. Additionally, the configuration used by the agents is modified to connect to the local kvstore instance (through the corresponding service) instead of the remote ones. Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
49bc57a
to
2b7ada8
Compare
/test |
This PR is a followup of #26083, which extends the helm chart to allow configuring kvstoremesh.