Restructure helm chart into components #16795
Conversation
maintainer-s-little-helper
bot
added
the
dont-merge/needs-release-note-label
|
/cc @gandro |
There was a problem hiding this comment.
Awesome, thanks you so much for splitting this up, makes it much easier to review. Overall looks good to me, I think there is a larger discussion to be had on how to do the etcd.managed removal, as I think there is more to it than just removing the service accounts.
| apiVersion: v1 | ||
| kind: ServiceAccount | ||
| metadata: | ||
| name: cilium-etcd-sa |
There was a problem hiding this comment.
This looks unused, but it's actually not. There are references to it here (different repository, but deployed as part of the cilium-etcd-operator):
https://github.com/cilium/cilium-etcd-operator/blob/fdf1993dded89db77742916a9e55ef898a4e5ad0/etcd-operator/descriptors.go#L62
Cilium also has a a well-known identity for this SA as well:
cilium/pkg/identity/numericidentity.go
Lines 171 to 176 in 4f27865
I think we want to remove managed-etcd in Cilium 1.11 (see #15464), as it's already deprecated. So this file here will have to go, but there is more that than just deleting this file. We also need to
- Remove the
cilium-etcd-operatordeployment from the helm chart - Remove all references to
.Values.etcd.managed - Mention the removal in the upgrade guide
- Ensure there are no backwards-compatibility issues
Might be worth doing the etcd.managed removal in a separate PR, so we have separation of concerns and better code reviews.
There was a problem hiding this comment.
Thank you for clarify. I changed it back and let etcd.managed removal in another PR 💯
gandro
added
area/helm
maintainer-s-little-helper
bot
removed
dont-merge/needs-release-note-label
|
test-me-please |
| imagePullPolicy: {{ .Values.nodeinit.image.pullPolicy }} | ||
| securityContext: | ||
| privileged: true | ||
| {{- if .Values.nodeinit.revertReconfigureKubelet }} |
There was a problem hiding this comment.
not related to this PR, but I noticed this attribute is not mentioned in values.yaml (even commented). So something for later.
| @@ -0,0 +1,49 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
I am not sure if this change makes it's easier to read bash script, as this file is now mixed with go template and bash.
I checked this one with below commands and compared the diff, seems like there are some changes with indentation (e.g. tab, space, etc), it might not be issue, but no harm to have second 👀
# From this branch
helm template ./cilium --set nodeinit.enabled=true --set nodeinit.revertReconfigureKubelet=true > new.yaml
# From the master
helm template ./cilium --set nodeinit.enabled=true --set nodeinit.revertReconfigureKubelet=true > original.yaml
diff original.yaml new.yaml
There was a problem hiding this comment.
Thank @sayboras , I fixed the spaces in nodeinit scripts
And yeah, I know that script is now mixed with go template and bash, but with code highlight from IDE, I think it's much easier to read than previous:
Old:
New:
|
test-me-please |
|
Hello @christarazi, could you please check the CI fails, It seem not the helm error. |
Signed-off-by: Đặng Minh Dũng <dungdm93@live.com>
Signed-off-by: Đặng Minh Dũng <dungdm93@live.com>
|
test-me-please Each time you push, the previous CI run results are hidden, so I've re-triggered them |
|
FYI. Conformance AWS-CNI (ci-awscni) was failed before on this branch, re-run was successful. |
There was a problem hiding this comment.
LGTM overall. We will need to make changes to the upgrades e2e test to map between the old Helm chart structure and the new, like we did for #13259 (and potentially any followups after that PR).
In terms of CI, it looks like https://jenkins.cilium.io/job/Cilium-PR-K8s-1.21-kernel-4.9/1025 is a case of endpoint-routes mode being enabled in the previous test run and the pods needing to be restarted when disabling endpoint-routes mode[1]. This is what #16835 is supposed to fix. In other words, looks like CI has passed and the only failure is unrelated to this PR.
[1]: See the console output, find the failure, then scroll up to the previous test. You'll notice that it mentions enabling endpoint-routes mode.
@christarazi I take it from your most recent comment this is not necessary? I was under the impression that this was a purely developer-focused change to make it easier to maintain, and shouldn't impact users at all. |
|
@joestringer Yeah don't think it's necessary and the tests are passing anyway. I thought it would have been required because I thought any change to the structure of the chart would cause problems, but apparently not. |
|
Only failure in e2e is the one fixed by #16835. 👍 |
There was a problem hiding this comment.
@cilium/github-sec owner pieces LGTM. The rest should be good based on @sayboras @christarazi reviews. 
joestringer
added
release-note/misc
|
Since this seems to be not user-facing, I've switched the release-note to misc. If you think this is user facing, please respond and we can switch it back (would also help to describe why it's user-facing or what users might notice). |
FWIW, I added the |
[ upstream commit 27a93e8 ] [ Backporter's notes: conflicts due to structure around daemonset manifest having changed in cilium#16795, which was not backported to v1.10. Changes have been manually reapplied where appropriate in `install/kubernetes/cilium/templates/cilium-nodeinit-daemonset.yaml` and `install/kubernetes/cilium/templates/cilium-agent-daemonset.yaml`. Please note in particular the Helm condition in that last file is different than in `master`, even though it should not have any impact. ] Fixes: cilium#14483 Signed-off-by: Raphaël Pinson <raphael@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit b38d591 ] [ Backporter's notes: conflicts due to structure around daemonset manifest having changed in cilium#16795, which was not backported to v1.10. Changes have been manually reapplied where appropriate in `install/kubernetes/cilium/templates/cilium-nodeinit-daemonset.yaml`. ] Take advantage of the dynamic CHECKPOINT_PATH in the startup-script: https://github.com/cilium/image-tools/blob/396d5a19690229b42398a8be63b5712ea64a2601/images/startup-script/manage-startup-script.sh#L58 Signed-off-by: Raphaël Pinson <raphael@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 27a93e8 ] [ Backporter's notes: conflicts due to structure around daemonset manifest having changed in #16795, which was not backported to v1.10. Changes have been manually reapplied where appropriate in `install/kubernetes/cilium/templates/cilium-nodeinit-daemonset.yaml` and `install/kubernetes/cilium/templates/cilium-agent-daemonset.yaml`. Please note in particular the Helm condition in that last file is different than in `master`, even though it should not have any impact. ] Fixes: #14483 Signed-off-by: Raphaël Pinson <raphael@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit b38d591 ] [ Backporter's notes: conflicts due to structure around daemonset manifest having changed in #16795, which was not backported to v1.10. Changes have been manually reapplied where appropriate in `install/kubernetes/cilium/templates/cilium-nodeinit-daemonset.yaml`. ] Take advantage of the dynamic CHECKPOINT_PATH in the startup-script: https://github.com/cilium/image-tools/blob/396d5a19690229b42398a8be63b5712ea64a2601/images/startup-script/manage-startup-script.sh#L58 Signed-off-by: Raphaël Pinson <raphael@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
This is the first part of refactoring helm chart #16792 with the following changes:
nodeinitstartup & prestop scripts to separated files