-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable operator operation without kubernetes. #21344
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm actually not sure whether to mark this as release-note/minor
or release-note/major
, as we could consider this to be a major announcement of initial Nomad support 🎉
I ran the sanity checker CI jobs and I can kick off the full CI suite on demand, let me know if/when you're ready to run those.
Typically I would wait for the contributor to mark the PR as "ready for review" before providing comments, but since we've had some discussions before and you pinged me in the description, I took an early look. Couple of minor comments below.
Commit 235bc7eb03e5da43beea92fa2514b5288851b71c does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
235bc7e
to
5a77ca0
Compare
Commit 0be6c2c17793cd5ed615796941310b5d4ba16e5d does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
0be6c2c
to
c46ac11
Compare
Commit fe28bad20ae527253073efa1252c2a3a4102fd80 does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
fe28bad
to
c46ac11
Compare
Updated branch w/ changes and rebased against current master. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor nit. Could you also squash all the patches together?
You will also need to run make && make -C Documentation update-cmdref
after changing the below in order to properly update the docs. Then the CI targets should pass.
c46ac11
to
1cd2049
Compare
Fixed cli help reference, rebased and squashed changes. |
The tests failed because the autogenerated docs need to be updated. Please be sure to build the binaries locally and then run 'make -C Documentation update-cmdref', amend the commit to include the latest changes, and re-push the PR. https://github.com/cilium/cilium/pull/21344/checks?check_run_id=8538833626 |
Using update-cmdref fails on my local (probably due to using osx), so I've
been trying to match it by hand.. I'll try again or move the development to
a docker environment.
…On Mon, Sep 26, 2022 at 8:10 PM Joe Stringer ***@***.***> wrote:
The tests failed because the autogenerated docs need to be updated. Please
be sure to build the binaries locally and then run 'make -C Documentation
update-cmdref', amend the commit to include the latest changes, and re-push
the PR.
—
Reply to this email directly, view it on GitHub
<#21344 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABOV6JRQAT7FWQOCKQGPWTWAHRKHANCNFSM6AAAAAAQOY2EC4>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
1cd2049
to
fd9d2e5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I'll run the full CI. It would be also good to get a review from @cilium/operator.
/test Job 'Cilium-PR-K8s-1.25-kernel-net-next' failed: Click to show.Test Name
Failure Output
If it is a flake and a GitHub issue doesn't already exist to track it, comment |
/mlh new-flake Cilium-PR-K8s-1.25-kernel-net-next 👍 created #21488 |
Testing is passing, just looking for one more reviewer on the operator side. I think that the main concern this will draw over time is whether we can better structure the operator to support enabling these sorts of functionalities in a more modular manner, rather than scattering conditional checks around the code. At the same time, I'm not sure if we've got to a point where the necessary abstractions are clear so I don't have strong opinions about whether we should try to address that now as we begin these steps or whether we can just address that over time. Hopefully someone with a better familiarity with that part of the codebase could provide some thoughts in that regard. |
fd9d2e5
to
7d71e17
Compare
Sorry, looks like something else went into the tree that caused a conflict. Can you rebase against the latest master branch? |
7d71e17
to
34986ae
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
This seems like it's got the necessary approvals, can you rebase against master @pruiz ? After that we can trigger CI and hopefully merge. |
@joestringer I'll try, but this is getting a bit too much overhead to get merged. I understand each project has it's own mechanics.. but this is likely the fifth time I have to rebase this, everytime with additional overhead in order to fix conflicts. :( |
This is intended for use-cases of cilium with other orquestrators compatible with CNI or docker's network plugins, so we can have an operator running against kvstore, but w/o requiring mandatory access to k8s. This is addresses by adding a new command argument (--enable-k8s=false, w/ true as default), which enables basic usage of the operator (lease cleanup, ipam address gc, etc.). Signed-off-by: Pablo Ruiz <pablo.ruiz@gmail.com>
34986ae
to
1291049
Compare
Rebased, and tested locally (w/o k8s), let's hope CI tests finish ok. :? |
Github infrastructure appears to be having some trouble at the moment, causing image CI builds to fail. I'll try closing/reopening the PR to re-kick it. |
@pruiz I understand, thanks for bearing with us in this process. I'll keep an eye out for CI but unless something broke during the recent rebase I expect this should be OK to merge. |
/test |
understood.. I'll try to keep an eye. Thnks |
|
That was the only failure, reviews are in, this looks good to merge. Thanks for your contribution! 🎉 |
Nice! many thnks Joe!
…On Thu, Oct 20, 2022 at 6:07 PM Joe Stringer ***@***.***> wrote:
Merged #21344 <#21344> into master.
—
Reply to this email directly, view it on GitHub
<#21344 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABOV6IO2GVS54Q5O52Y67LWEFU3TANCNFSM6AAAAAAQOY2EC4>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
The enable-k8s option has been introduced to avoid some operator code paths that assumed to run in a k8s environment. Instead of passing around the flag, we use it to configure the clientset, so that the check `clientset.IsEnabled()` will keep that too into account and avoid the execution of kubernetes-specific code. The operator api server cell and tests have been updated accordingly. Related: cilium#21344 Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
The enable-k8s option has been introduced to avoid some operator code paths that assumed to run in a k8s environment. Instead of passing around the flag, we use it to configure the clientset, so that the check `clientset.IsEnabled()` will keep that too into account and avoid the execution of kubernetes-specific code. The operator api server cell and tests have been updated accordingly. Related: #21344 Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
Hi, latelly I've been working on setting up cilium with nomad, instead of kubernetes. By following some advices from @joestringer at #18334, and inspecting some documentation and guidance on howto setup cilium with docker, I've been able to integrate cilium agent, CNI & docker plugins to nomad.
However, the only component not working out of the box is the operator (actually the generic operator). This is due to some code paths assuming kubernetes availability, and failing (obviously) when no k8s apiserver that can be contacted.
This PR addresses this issues by adding a new command argument (--disable-k8s-services, w/ false as default), which enables basic usage of the operator (lease cleanup, ipam address gc, etc.), but disables any k8s-specific code/features.
There are some more missing pieces/features which I would like to add to operator in future PRs, like being able to provide/distribute policy statements to agents from kvstore, instead of using kubernetes CRDs, etc. But this is the bare initial support for operator w/o kubernetes.
PD: For nomad users interested on this, this github issue is the actual place where using cilium w/ nomad is being handled (hashicorp/nomad#12120)