New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test/k8s: keep configmap across upgrade test #12051
Conversation
test-me-please |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's another option which is --reuse-values
which I think we should start encouraging more widely including in the upgrade docs.
But this actually matches our upgrade docs so 👌
test-missed-k8s |
0a6cd59
to
11ca347
Compare
test-focus K8sUpdates |
11ca347
to
e9ca3b7
Compare
test-focus K8sUpdates |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is good enough to fix the upgrade for v1.7 and v1.8 branches, then during v1.9 cycle we can take a long hard look at our Helm charts & upgrade instructions to figure out the long-term solution here.
e9ca3b7
to
ef3a921
Compare
test-focus K8sUpdates |
1 similar comment
test-focus K8sUpdates |
Deployments using the `ConfigMap` which is not generated if | ||
``config.enabled=false`` is set. The above command *only* generates the | ||
DaemonSet, Deployment and RBAC definitions. | ||
``config.enabled=false`` or ``config.keepCurrent=true`` are set. The above | ||
command *only* generates the DaemonSet, Deployment and RBAC definitions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually we need to drop this hunk.
ef3a921
to
5ef27cc
Compare
5ef27cc
to
fa1c9a3
Compare
test-focus K8sUpdates |
fa1c9a3
to
7de5380
Compare
test-focus K8sUpdates |
7de5380
to
be76441
Compare
test-focus K8sUpdates |
test-me-please |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor comment that doesn't need to block merging / backporting / -rc3.
Documentation/install/upgrade.rst
Outdated
Deploy Cilium release via Helm (Running this command will overwrite the | ||
existing cluster's `ConfigMap` which might not be ideal if you want to keep | ||
your existing `ConfigMap`.) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For micro releases, we should just use --reuse-values
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh, actually AFAIU since we don't specify any --set
, --reuse-values
is the default.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fix for probe looks great. I have a question remaining for option A in the upgrade path.
Documentation/install/upgrade.rst
Outdated
Deploy Cilium release via Helm: | ||
Deploy Cilium release via Helm (Running this command will overwrite the | ||
existing cluster's `ConfigMap` which might not be ideal if you want to keep | ||
your existing `ConfigMap`.) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need an overall warning that this will possibly break compatibility as we will use the new helm defaults for upgrades? So far we have been assuming that the ConfigMap values would remain unchanged. The above helm template
will overwrite it as far as I understand. Our backwards compatibility guarantee has been around not changing the defaults in the binary but default breaking changes to the new value in the ConfigMap so new deployments get the good new values without breaking existing clusters?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need an overall warning that this will possibly break compatibility as we will use the new helm defaults for upgrades?
yes. I think we need to take an overall look at this section since we use helm upgrade
in a couple places.
So far we have been assuming that the ConfigMap values would remain unchanged. The above helm template will overwrite it as far as I understand
good point, I've added the warning in the notes section.
Our backwards compatibility guarantee has been around not changing the defaults in the binary but default breaking changes to the new value in the ConfigMap so new deployments get the good new values without breaking existing clusters?
If I understand you correctly, yes that is supposed to be our guarantee.
Since we have new options set for new Cilium installations those might break the connectivity when doing upgrades. To ideally test an upgrade, we should keep the existing ConfigMap from the previous the version. This also fixes the upgrade guide using helm as using `--set config.enabled=false` deploys Cilium without its configuration map, deleting the existing one from the cluster. Also fixes the Cilium DaemonSet since its upgrade does not work using kubectl apply given that we have introduced a new liveness and readiness probes in the DaemonSet. Added upgrade notes to keep the old probes while users perform the upgrades. Fixes: d613dea ("install/kubernetes: use HTTP for agent {liveness,readiness}Probe") Signed-off-by: André Martins <andre@cilium.io>
Unless the user explicitly specifies the IPAM in use, fall back to the default cilium-operator image and use the legacy host-scope IPAM to ensure that during upgrade from a previous release that Cilium is not automatically migrated to the new IPAM model; that should be an explicit opt-in step that the user performs subsequently. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Joe Stringer <joe@cilium.io>
be76441
to
07ea918
Compare
no need to re-rerun the CI since all tests have passed before pushing again to fix some typos. |
test/k8s: keep configmap across upgrade test
Since we have new options set for new Cilium installations those
might break the connectivity when doing upgrades.
To ideally test an upgrade, we should keep the existing ConfigMap
from the previous the version.
This also fixes the upgrade guide using helm as using
--set config.enabled=false
deploys Cilium without its configuration map,deleting the existing one from the cluster.
Also fixes the Cilium DaemonSet since its upgrade does not work using
kubectl apply given that we have introduced a new liveness and readiness
probes in the DaemonSet. Added upgrade notes to keep the old probes
while users perform the upgrades.
Fixes: d613dea ("install/kubernetes: use HTTP for agent {liveness,readiness}Probe")
Signed-off-by: André Martins andre@cilium.io