-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support to enable EndpointStatus in Helm chart #15844
Add support to enable EndpointStatus in Helm chart #15844
Conversation
Commit f039d7115c3230cd63663f98300693de5963ddef does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
Signed-off-by: Carlos Castro <carlos.castro@jumo.world>
f039d71
to
3994360
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the changes, only one small clarification requested.
install/kubernetes/cilium/README.md
Outdated
@@ -129,6 +129,8 @@ contributors across the globe, there is almost always someone available to help. | |||
| encryption.secretName | string | `"cilium-ipsec-keys"` | Name of the Kubernetes secret containing the encryption keys. This option is only effective when encryption.type is set to ipsec. | | |||
| encryption.type | string | `"ipsec"` | Encryption method. Can be either ipsec or wireguard. | | |||
| endpointHealthChecking.enabled | bool | `true` | | | |||
| endpointStatus.enabled | bool | `false` | Enable endpoint status | | |||
| endpointStatus.status | string | `policy` | Endpoint status. Can be policy, health, controllers, logs or state | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it can be all of those parameters, why does it default to policy?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I set it default to policy cause I was thinking most users will set this option true to enable the columns in the cep command but I'm happy to change to empty and required field so users can select the status they want.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated PR and description
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we probably should enable policy by default specifically for this reason. It impacts scale, but we have a scalability guide to instruct users how to get the most scalable setup. On the other hand, disabling this by default means that most users just see the CEP output as broken and it's not obvious why.
@@ -571,6 +571,9 @@ data: | |||
{{- if hasKey .Values.k8s "requireIPv6PodCIDR" }} | |||
k8s-require-ipv6-pod-cidr: {{ .Values.k8s.requireIPv6PodCIDR | quote }} | |||
{{- end }} | |||
{{- if and .Values.endpointStatus .Values.endpointStatus.enabled }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wouldn't {{- if .Values.endpointStatus.enabled }}
be enough here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it would. Updating.
Signed-off-by: Carlos Castro <carlos.castro@jumo.world>
Signed-off-by: Carlos Castro <carlos.castro@jumo.world>
# -- Enable endpoint status | ||
endpointStatus: | ||
enabled: false | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can leave the "status" field here but it would be empty.
@@ -571,6 +571,9 @@ data: | |||
{{- if hasKey .Values.k8s "requireIPv6PodCIDR" }} | |||
k8s-require-ipv6-pod-cidr: {{ .Values.k8s.requireIPv6PodCIDR | quote }} | |||
{{- end }} | |||
{{- if .Values.endpointStatus.enabled }} | |||
endpoint-status: {{ required "endpointStatus.status required: policy, health, controllers, logs or state" .Values.endpointStatus.status | quote }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would be nice to give an example with 2 or mor options set. for example: "endpointStatus.status required: policy, health, controllers, logs and / or state. For 2 or more options use a comma: "policy, health""
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a good example. Updated.
Signed-off-by: Carlos Castro <carlos.castro@jumo.world>
Commit 8c255f6e34c6fa1280f129bf414ad82cec682a8f does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
8c255f6
to
8b8ac6e
Compare
Commit 8c255f6e34c6fa1280f129bf414ad82cec682a8f does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
Signed-off-by: Carlos Castro <carlos.castro@jumo.world>
8b8ac6e
to
a373912
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution @carloscastrojumo, I have a small comment but the PR looks good to me!
Signed-off-by: Carlos Castro <carlos.castro@jumo.world>
test-me-please |
test-gke |
merging since this is only changing helm and the CI failures might be flakes |
This commit introduces a new Helm parameter to enable
--endpoint-status
option in Cilium.endpointStatus.enabled
is disabled by default andendpointStatus.status
is required once enabled and suggesting status: policy, controllers, health, log, state.This aims to activate the values in the columns present in
kubectl get cep
.