New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: various fixes to documentation, notably Getting Started Guides #16126
Conversation
9ef2fe8
to
ce9e21e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few nits below, but these look like nice improvements in my opinion, thanks!
@@ -346,9 +346,3 @@ Troubleshooting | |||
$ tc filter show dev eth0 ingress | |||
filter protocol all pref 1 bpf chain 0 | |||
filter protocol all pref 1 bpf chain 0 handle 0x1 bpf_network.o:[from-network] direct-action not_in_hw id 1145 tag 51b408acf94aa23f jited | |||
|
|||
Disabling Encryption |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please open an issue so we can track this and add it back when the time is come?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NAK from me. Lets create an issue and fix it. The documentation has been this way from day 1 also when this happens is a specific to kernel versions and modes so correctly describing the conditions would require rework.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK! I am removing the commit introducing the change. Do we still need to create an issue for tracking this or will #15993 be sufficient?
NAME READY STATUS RESTARTS AGE | ||
pod/mediabot 1/1 Running 0 14s | ||
kubectl create -f \ |SCM_WEB|\/examples/kubernetes-dns/dns-sw-app.yaml | ||
kubectl wait pod/mediabot --for=condition=Ready |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[For what it's worth, I'm not entirely convinced about removing the prompts, as some processing will still be needed after copying to remove the output from the commands. I'm working on adding a new button to copy just the commands starting with the prompt symbol, but excluding the prompt from the copy itself. But this is not directly relevant to this PR, so OK for the change.]
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pretty nice overhaul 👍 , just one comment see below.
Btw, this makes me wonder whether we should not use exactly the same instructions for Cilium CLI and Hubble CLI?
ce9e21e
to
528d75b
Compare
528d75b
to
669cef6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Drop the disable encryption parts lets handle this as an issue.
Did some poking around. More context for my above one liner ;). So the reason, as I understand it, to drop the encryption disable piece is to cover the issue where we add ARP PERM entries but weren't removing them. This had the potential to break a network on the next restart with IPSec disabled due to stale arp entries that would never be removed. This fix should cover the case, #15993 so I think we are safe to keep the encryption disable instructions. Thanks! |
We currently still leave some stale state in our encryption routing table, |
@@ -140,4 +140,4 @@ installed: | |||
* ``10.2.2.0/24 dev tun-172011760 proto 17 src 172.0.50.227`` | |||
* ``10.2.3.0/24 dev tun-1720186231 proto 17 src 172.0.50.227`` | |||
|
|||
.. include:: k8s-install-connectivity-test.rst | |||
.. include:: k8s-install-validate.rst |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To reviewers: will kube-router
allow for usage of Cilium CLI? If not, then we should revert to manually linking to
.. include:: k8s-install-validate.rst | |
.. include:: kubectl-connectivity-test.rst |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few more nits, but looks good overall.
[I don't know for kops/kube-router.]
Also refactor hubble-cli installation accordingly. Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
`parsed-literal` blocks are required for parsing RST references but they don't play nice with console examples: they allow copy-pasting `$` prefixes even though they're not part of the commands. `shell-session` blocks play nice with console examples but do not work with RST references... This is compromise where we remove `$` prefixes from parsed-literal blocks for easier copy/pasting and switch to proper `shell-session` blocks otherwise. Also reworked the `curl` commands to add `--max-time` for commands supposed to fail so that user doesn't have to cancal, and switch to `curl -I {url} | head -1` notation to avoid output flood. Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
In cilium#15979, the old `k8s-install-validate.rst` and `k8s-install-connectivity-test.rst` were refactored to use the CLI, which broke the flow of several pages: in particular, all installations based on Helm were half-broken due to referencing Cilium CLI commands when the user was never instructed to install it. This commit moves all CLI-related operations to independent `cli-*.rst`, and then refactors `k8s-install-validate.rst` to have both the new CLI status check and connectivity test and the older manual status check and connectivity test. It then refactors CLI-based installation guides to use the `cli-*.rst` in the order that makes the most sense for each page. Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
dbc017f
to
e304b0f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, thank you!
Sorry, I made a mistake with my fork and accidentally closed all my PRs. Reopening. |
Let's merge this and not block on |
Please see individual commits. I suggest reviewing commits one by one: the last one is messy and is better served reviewed on its own.