docs: various fixes to documentation, notably Getting Started Guides #16126
Conversation
nbusseneau
added
area/documentation
nbusseneau
force-pushed
the
pr/gsg-1.10-various-fixes
branch
from
9ef2fe8
to
ce9e21e
Compare
| @@ -346,9 +346,3 @@ Troubleshooting | |||
| $ tc filter show dev eth0 ingress | |||
| filter protocol all pref 1 bpf chain 0 | |||
| filter protocol all pref 1 bpf chain 0 handle 0x1 bpf_network.o:[from-network] direct-action not_in_hw id 1145 tag 51b408acf94aa23f jited | |||
|
|
|||
| Disabling Encryption | |||
There was a problem hiding this comment.
Could you please open an issue so we can track this and add it back when the time is come?
There was a problem hiding this comment.
NAK from me. Lets create an issue and fix it. The documentation has been this way from day 1 also when this happens is a specific to kernel versions and modes so correctly describing the conditions would require rework.
There was a problem hiding this comment.
OK! I am removing the commit introducing the change. Do we still need to create an issue for tracking this or will #15993 be sufficient?
| NAME READY STATUS RESTARTS AGE | ||
| pod/mediabot 1/1 Running 0 14s | ||
| kubectl create -f \ |SCM_WEB|\/examples/kubernetes-dns/dns-sw-app.yaml | ||
| kubectl wait pod/mediabot --for=condition=Ready |
There was a problem hiding this comment.
[For what it's worth, I'm not entirely convinced about removing the prompts, as some processing will still be needed after copying to remove the output from the commands. I'm working on adding a new button to copy just the commands starting with the prompt symbol, but excluding the prompt from the copy itself. But this is not directly relevant to this PR, so OK for the change.]
There was a problem hiding this comment.
Yes, this won't work using the "copy all" button anyhow. The prompt removal is more so that one may copy/paste by highlighting a specific line: at the moment it also copy/pastes the $.
nbusseneau
force-pushed
the
pr/gsg-1.10-various-fixes
branch
from
ce9e21e
to
528d75b
Compare
nbusseneau
force-pushed
the
pr/gsg-1.10-various-fixes
branch
from
528d75b
to
669cef6
Compare
|
Did some poking around. More context for my above one liner ;). So the reason, as I understand it, to drop the encryption disable piece is to cover the issue where we add ARP PERM entries but weren't removing them. This had the potential to break a network on the next restart with IPSec disabled due to stale arp entries that would never be removed. This fix should cover the case, #15993 so I think we are safe to keep the encryption disable instructions. Thanks! |
|
We currently still leave some stale state in our encryption routing table, |
| @@ -140,4 +140,4 @@ installed: | |||
| * ``10.2.2.0/24 dev tun-172011760 proto 17 src 172.0.50.227`` | |||
| * ``10.2.3.0/24 dev tun-1720186231 proto 17 src 172.0.50.227`` | |||
|
|
|||
| .. include:: k8s-install-connectivity-test.rst | |||
| .. include:: k8s-install-validate.rst | |||
There was a problem hiding this comment.
To reviewers: will kube-router allow for usage of Cilium CLI? If not, then we should revert to manually linking to
| .. include:: k8s-install-validate.rst | |
| .. include:: kubectl-connectivity-test.rst |
Also refactor hubble-cli installation accordingly. Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
`parsed-literal` blocks are required for parsing RST references but they
don't play nice with console examples: they allow copy-pasting `$`
prefixes even though they're not part of the commands.
`shell-session` blocks play nice with console examples but do not work
with RST references...
This is compromise where we remove `$` prefixes from parsed-literal
blocks for easier copy/pasting and switch to proper `shell-session`
blocks otherwise.
Also reworked the `curl` commands to add `--max-time` for commands
supposed to fail so that user doesn't have to cancal, and switch to
`curl -I {url} | head -1` notation to avoid output flood.
Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
In cilium#15979, the old `k8s-install-validate.rst` and `k8s-install-connectivity-test.rst` were refactored to use the CLI, which broke the flow of several pages: in particular, all installations based on Helm were half-broken due to referencing Cilium CLI commands when the user was never instructed to install it. This commit moves all CLI-related operations to independent `cli-*.rst`, and then refactors `k8s-install-validate.rst` to have both the new CLI status check and connectivity test and the older manual status check and connectivity test. It then refactors CLI-based installation guides to use the `cli-*.rst` in the order that makes the most sense for each page. Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
nbusseneau
force-pushed
the
pr/gsg-1.10-various-fixes
branch
from
dbc017f
to
e304b0f
Compare
|
Sorry, I made a mistake with my fork and accidentally closed all my PRs. Reopening. |
|
Let's merge this and not block on |
nbusseneau
added
the
ready-to-merge
Please see individual commits. I suggest reviewing commits one by one: the last one is messy and is better served reviewed on its own.