Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update helm chart for cilium-operator to implement per-provider opera… #11837

Closed
wants to merge 3 commits into from
Closed

Update helm chart for cilium-operator to implement per-provider opera… #11837

wants to merge 3 commits into from

Conversation

seanmwinn
Copy link
Contributor

@seanmwinn seanmwinn commented Jun 2, 2020
edited by errordeveloper

…tor deployment for generic, aws and azure

Fixes: #11800

Signed-off-by: Sean Winn sean@isovalent.com

cilium-operator now packages a separate container for generic use cases, as well as additional container images for Microsoft Azure and Amazon Web Services. The default configuration will deploy the cilium-operator-generic image. For AWS, configure `.Values.global.eni=true` to deploy the cilium-operator-aws image. For Azure configure `.Values.global.azure.enabled=true` to deploy the cilium-operator-azure image. Only one cloud provider is supported in a Cilium deployment.

@seanmwinn seanmwinn requested a review from a team as a code owner June 2, 2020 19:05
@seanmwinn seanmwinn requested a review from a team June 2, 2020 19:05
@maintainer-s-little-helper
Copy link

Please set the appropriate release note label.

@maintainer-s-little-helper maintainer-s-little-helper bot added this to In progress in 1.8.0 Jun 2, 2020
@coveralls
Copy link

coveralls commented Jun 2, 2020
edited

Coverage Status

Coverage decreased (-0.02%) to 37.027% when pulling 656a952 on seanmwinn:cilium-11800 into 8a02976 on cilium:master.

aanm
aanm requested changes Jun 2, 2020
View reviewed changes
Copy link
Member

@aanm aanm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@seanmwinn please also update the release process to have the imagePullPolicy and tag modified.

cilium/Documentation/contributing/release/stable.rst

Lines 42 to 51 in 6d52ae4

#. Update the ``VERSION`` file to represent ``X.Y.Z+1``
#. If this is the first release after creating a new release branch. Adjust the
image pull policy for all ``.sed`` files in ``install/kubernetes/cilium/values.yaml`` from
``Always`` to ``IfNotPresent``.
#. Update Helm chart documentation
#. Update ``version`` and ``appVersion`` in ``install/kubernetes/cilium/Chart.yaml``
#. Update version tag in ``install/kubernetes/cilium/values.yaml``
#. Update the image tag versions in the examples:

install/kubernetes/cilium/charts/operator/values.yaml Outdated Show resolved Hide resolved
install/kubernetes/cilium/charts/operator/values.yaml Show resolved Hide resolved
@aanm aanm added needs-backport/1.8 release-note/misc This PR makes changes that have no direct user impact. labels Jun 2, 2020
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.8.0 Jun 2, 2020
@joestringer joestringer requested a review from aanm June 2, 2020 22:54
@joestringer joestringer added release-note/minor This PR changes functionality that users may find relevant to operating Cilium. and removed release-note/misc This PR makes changes that have no direct user impact. labels Jun 2, 2020
@joestringer
Copy link
Member

Marked as release-note/minor because the release note in the PR description provides instructions to users, so it's clearly user-facing.

errordeveloper
errordeveloper approved these changes Jun 3, 2020
View reviewed changes
Copy link
Contributor

@errordeveloper errordeveloper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM overall! Thanks @seanmwinn!

aanm
aanm requested changes Jun 3, 2020
View reviewed changes
Copy link
Member

@aanm aanm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@joestringer the release process guide needs to be updated, right?

@joestringer
Copy link
Member

joestringer commented Jun 3, 2020
edited

@aanm which step changes?

The makefile change I pushed expands the existing make -C install/kubernetes main target to also fix up the versions in this target, I didn't create separate targets or anything. So AFAICT there's no change to the release process.

@joestringer joestringer mentioned this pull request Jun 3, 2020
Merged
@aanm
Copy link
Member

aanm commented Jun 4, 2020

@aanm which step changes?

The makefile change I pushed expands the existing make -C install/kubernetes main target to also fix up the versions in this target, I didn't create separate targets or anything. So AFAICT there's no change to the release process.

@joestringer step 5 https://docs.cilium.io/en/latest/contributing/release/stable/

@joestringer
Copy link
Member

@aanm oh right. Yes, we can drop steps 5 & 6 as they are achieved by step 7. That's a separate issue from this PR though, I can send a PR.

@joestringer
Copy link
Member

@aanm I posted #11898 to address that concern. Do you have any remaining reservations about this PR?

@aanm
Copy link
Member

aanm commented Jun 5, 2020

test-me-please

@aanm
Copy link
Member

aanm commented Jun 8, 2020

the CI seem to have failed because the proposed changes https://jenkins.cilium.io/job/Cilium-PR-K8s-newest-kernel-4.9/592/testReport/junit/Suite-k8s-1/18/K8sChaosTest_Connectivity_demo_application_Endpoint_can_still_connect_while_Cilium_is_not_running

@seanmwinn seanmwinn requested review from a team as code owners June 8, 2020 16:03
@aanm
Copy link
Member

aanm commented Jun 8, 2020

test-me-please

1 similar comment
@joestringer
Copy link
Member

test-me-please

@joestringer
Copy link
Member

Looks like the templating is wrong somewhere here, see 139.178.68.33/cilium/operator-generic-generic:latest:
https://jenkins.cilium.io/job/Cilium-PR-Ginkgo-Tests-Kernel/1965/testReport/junit/Suite-k8s-1/17/K8sUpdates_Tests_upgrade_and_downgrade_from_a_Cilium_stable_image_to_master/

	   Warning  Failed     9m26s (x4 over 10m)   kubelet, k8s2      Failed to pull image "139.178.68.33/cilium/operator-generic-generic:latest": rpc error: code = Unknown desc = Error response from daemon: manifest for 139.178.68.33/cilium/operator-generic-generic:latest not found: manifest unknown: manifest unknown

sayboras
sayboras reviewed Jun 9, 2020
View reviewed changes
test/helpers/kubectl.go Outdated Show resolved Hide resolved
@joestringer
install: Fix up version/pullPolicy for multiple values files
d6060e6 
In particular, add the new operator values file to the list of files
that we fix these values up for in the make target.

Signed-off-by: Joe Stringer <joe@cilium.io>
@seanmwinn seanmwinn requested a review from a team as a code owner June 9, 2020 22:26
@seanmwinn @joestringer
Implement per-provider operator deployments
ab55205 
Update the helm charts for for generic, aws and azure operator images.

Fixes: #11800

Signed-off-by: Sean Winn <sean@isovalent.com>
Signed-off-by: Joe Stringer <joe@cilium.io>
@seanmwinn seanmwinn requested a review from a team as a code owner June 10, 2020 02:46
aanm
aanm requested changes Jun 10, 2020
View reviewed changes
Documentation/contributing/testing/e2e.rst Outdated Show resolved Hide resolved
jenkinsfiles/ginkgo-eks.Jenkinsfile Outdated Show resolved Hide resolved
@seanmwinn
fix rendering for image names with a / to not append suffixes
656a952 
Signed-off-by: Sean Winn <sean@isovalent.com>
@joestringer
Copy link
Member

test-focus K8sUpdates

@joestringer
Copy link
Member

joestringer commented Jun 10, 2020
edited

Updates test is already providing some feedback:

https://jenkins.cilium.io/job/Cilium-PR-Ginkgo-Tests-Validated-Focus/259/execution/node/175/log/

15:33:21  Expected command: helm install cilium cilium/cilium --version=1.7-dev --namespace=kube-system  --set operator.image.repository=operator  --set preflight.image=cilium-dev  --set global.ipv6.enabled=true  --set global.logSystemLoad=true  --set global.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0]=k8s3  --set global.hubble.enabled=true  --set global.pprof.enabled=true  --set global.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key=cilium.io/ci-node  --set global.k8sServicePort=6443  --set global.kubeProxyReplacement=strict  --set global.registry=docker.io/cilium  --set global.nodePort.device=enp0s8  --set global.k8s.requireIPv4PodCIDR=true  --set global.cnpStatusUpdates.enabled=true  --set global.bpf.preallocateMaps=true  --set global.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator=NotIn  --set agent.image=cilium  --set global.hubble.listenAddress=:4244  --set global.ci.kubeCacheMutationDetector=true  --set global.sessionAffinity.enabled=false  --set global.debug.enabled=true  --set global.psp.enabled=true  --set global.k8sServiceHost=192.168.36.11  --set global.bpfMasquerade=true  --set global.hostFirewall=true  --set global.tag=v1.7  --set global.etcd.leaseTTL=30s  --set global.ipv4.enabled=true  
15:33:21  To succeed, but it failed:
15:33:21  Exitcode: 1 
15:33:21  Stdout:
15:33:21  
15:33:21  Stderr:
15:33:21   	 coalesce.go:165: warning: skipped value for image: Not a table.
15:33:21  	 coalesce.go:165: warning: skipped value for image: Not a table.
15:33:21  	 coalesce.go:199: warning: destination for image is a table. Ignoring non-table value operator
15:33:21  	 coalesce.go:165: warning: skipped value for image: Not a table.
15:33:21  	 coalesce.go:165: warning: skipped value for image: Not a table.
15:33:21  	 Error: template: cilium/charts/operator/templates/deployment.yaml:129:27: executing "cilium/charts/operator/templates/deployment.yaml" at <.Values.image>: wrong type for value; expected string; got map[string]interface {}
15:33:21  	 
15:33:21  
15:33:21  === Test Finished at 2020-06-10T22:33:17Z====
15:33:21  22:33:17 STEP: Running JustAfterEach block for EntireTestsuite K8sUpdates
15:33:21  ===================== TEST FAILED =====================

Basically the Ginkgo framework is deploying v1.7-dev from helm.cilium.io using a set of Helm options defined in this branch, ie the Helm options correspond to v1.8. This discrepancy means that the image argument handling is inconsistent for the older release. We either need to change the test to use the Cilium-1.7 Helm configuration arguments, or improve our compatibility story in another way.

@tgraf
Copy link
Member

tgraf commented Jun 11, 2020

Given these are doc changes only, we can remove the release blocker flag as we can tag the binary before this is merged.

@joestringer
Copy link
Member

@tgraf my concern was more the helm changes which we would need to test in all cloud configurations prior to release.

@joestringer joestringer mentioned this pull request Jun 11, 2020
Merged
@tgraf
Copy link
Member

tgraf commented Jun 11, 2020

Sure, totally fine to re-add the release blocker label as long as we agree that we don't have to hold rc3 for it.

@aanm aanm added the dont-merge/needs-rebase This PR needs to be rebased because it has merge conflicts. label Jun 12, 2020
joestringer
joestringer requested changes Jun 15, 2020
View reviewed changes
Copy link
Member

@joestringer joestringer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Quick status update to clarify what was merged / what is deferred to resolve in the future.

install/kubernetes/Makefile
CILIUM_CHARTS := "$(ROOT_DIR)/$(RELATIVE_DIR)/cilium/"
CILIUM_VALUES := "$(CILIUM_CHARTS)/values.yaml"
CILIUM_CHARTS := "$(ROOT_DIR)/$(RELATIVE_DIR)/cilium"
CILIUM_VALUES := "$(CILIUM_CHARTS)/values.yaml" "$(CILIUM_CHARTS)/charts/operator/values.yaml"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When rebasing, this change will still be necessary.

install/kubernetes/cilium/charts/operator/values.yaml
Comment on lines +1 to +5
image:
repository: operator
tag: latest
pullPolicy: Always

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of the other changes were already applied in other PRs, except for this change.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(Well, and obviously when this changes the actual daemonset needs to take this into account)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will need to look at this closely from an upgrade instructions angle because changing the "image" value from a string to a map may cause helm to reject the upgrade.

@maintainer-s-little-helper maintainer-s-little-helper bot removed this from Needs backport from master in 1.8.0 Jun 17, 2020
@seanmwinn seanmwinn closed this Jul 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joestringer joestringer joestringer requested changes

@sayboras sayboras sayboras left review comments

@aanm aanm aanm requested changes

@errordeveloper errordeveloper errordeveloper approved these changes

Assignees
No one assigned
Labels
dont-merge/needs-rebase This PR needs to be rebased because it has merge conflicts. release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
No open projects
1.8.0
  
In progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

operator: Follow-up Helm changes for specialised operator images
7 participants
@seanmwinn @coveralls @joestringer @aanm @tgraf @errordeveloper @sayboras