Enable operator operation without kubernetes. #21344
Conversation
maintainer-s-little-helper
bot
added
the
dont-merge/needs-release-note-label
joestringer
added
the
release-note/minor
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-release-note-label
There was a problem hiding this comment.
I'm actually not sure whether to mark this as release-note/minor or release-note/major, as we could consider this to be a major announcement of initial Nomad support 🎉
I ran the sanity checker CI jobs and I can kick off the full CI suite on demand, let me know if/when you're ready to run those.
Typically I would wait for the contributor to mark the PR as "ready for review" before providing comments, but since we've had some discussions before and you pinged me in the description, I took an early look. Couple of minor comments below.
|
Commit 235bc7eb03e5da43beea92fa2514b5288851b71c does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
maintainer-s-little-helper
bot
added
the
dont-merge/needs-sign-off
pruiz
force-pushed
the
operator-without-k8s
branch
from
235bc7e
to
5a77ca0
Compare
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-sign-off
|
Commit 0be6c2c17793cd5ed615796941310b5d4ba16e5d does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
maintainer-s-little-helper
bot
added
the
dont-merge/needs-sign-off
pruiz
force-pushed
the
operator-without-k8s
branch
from
0be6c2c
to
c46ac11
Compare
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-sign-off
|
Commit fe28bad20ae527253073efa1252c2a3a4102fd80 does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
maintainer-s-little-helper
bot
added
the
dont-merge/needs-sign-off
pruiz
force-pushed
the
operator-without-k8s
branch
from
fe28bad
to
c46ac11
Compare
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-sign-off
|
Updated branch w/ changes and rebased against current master. |
pruiz
force-pushed
the
operator-without-k8s
branch
from
c46ac11
to
1cd2049
Compare
|
Fixed cli help reference, rebased and squashed changes. |
|
The tests failed because the autogenerated docs need to be updated. Please be sure to build the binaries locally and then run 'make -C Documentation update-cmdref', amend the commit to include the latest changes, and re-push the PR. https://github.com/cilium/cilium/pull/21344/checks?check_run_id=8538833626 |
|
Using update-cmdref fails on my local (probably due to using osx), so I've
been trying to match it by hand.. I'll try again or move the development to
a docker environment.
…On Mon, Sep 26, 2022 at 8:10 PM Joe Stringer ***@***.***> wrote:
The tests failed because the autogenerated docs need to be updated. Please
be sure to build the binaries locally and then run 'make -C Documentation
update-cmdref', amend the commit to include the latest changes, and re-push
the PR.
—
Reply to this email directly, view it on GitHub
<#21344 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABOV6JRQAT7FWQOCKQGPWTWAHRKHANCNFSM6AAAAAAQOY2EC4>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
pruiz
force-pushed
the
operator-without-k8s
branch
from
1cd2049
to
fd9d2e5
Compare
|
/test Job 'Cilium-PR-K8s-1.25-kernel-net-next' failed: Click to show.Test NameFailure OutputIf it is a flake and a GitHub issue doesn't already exist to track it, comment |
|
/mlh new-flake Cilium-PR-K8s-1.25-kernel-net-next 👍 created #21488 |
|
Testing is passing, just looking for one more reviewer on the operator side. I think that the main concern this will draw over time is whether we can better structure the operator to support enabling these sorts of functionalities in a more modular manner, rather than scattering conditional checks around the code. At the same time, I'm not sure if we've got to a point where the necessary abstractions are clear so I don't have strong opinions about whether we should try to address that now as we begin these steps or whether we can just address that over time. Hopefully someone with a better familiarity with that part of the codebase could provide some thoughts in that regard. |
pruiz
force-pushed
the
operator-without-k8s
branch
from
fd9d2e5
to
7d71e17
Compare
joestringer
added
the
dont-merge/needs-rebase
|
Sorry, looks like something else went into the tree that caused a conflict. Can you rebase against the latest master branch? |
pruiz
force-pushed
the
operator-without-k8s
branch
from
7d71e17
to
34986ae
Compare
|
This seems like it's got the necessary approvals, can you rebase against master @pruiz ? After that we can trigger CI and hopefully merge. |
|
@joestringer I'll try, but this is getting a bit too much overhead to get merged. I understand each project has it's own mechanics.. but this is likely the fifth time I have to rebase this, everytime with additional overhead in order to fix conflicts. :( |
This is intended for use-cases of cilium with other orquestrators compatible with CNI or docker's network plugins, so we can have an operator running against kvstore, but w/o requiring mandatory access to k8s. This is addresses by adding a new command argument (--enable-k8s=false, w/ true as default), which enables basic usage of the operator (lease cleanup, ipam address gc, etc.). Signed-off-by: Pablo Ruiz <pablo.ruiz@gmail.com>
pruiz
force-pushed
the
operator-without-k8s
branch
from
34986ae
to
1291049
Compare
|
Rebased, and tested locally (w/o k8s), let's hope CI tests finish ok. :? |
|
Github infrastructure appears to be having some trouble at the moment, causing image CI builds to fail. I'll try closing/reopening the PR to re-kick it. |
|
@pruiz I understand, thanks for bearing with us in this process. I'll keep an eye out for CI but unless something broke during the recent rebase I expect this should be OK to merge. |
|
/test |
understood.. I'll try to keep an eye. Thnks |
|
|
|
That was the only failure, reviews are in, this looks good to merge. Thanks for your contribution! 🎉 |
|
Nice! many thnks Joe!
…On Thu, Oct 20, 2022 at 6:07 PM Joe Stringer ***@***.***> wrote:
Merged #21344 <#21344> into master.
—
Reply to this email directly, view it on GitHub
<#21344 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABOV6IO2GVS54Q5O52Y67LWEFU3TANCNFSM6AAAAAAQOY2EC4>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
The enable-k8s option has been introduced to avoid some operator code paths that assumed to run in a k8s environment. Instead of passing around the flag, we use it to configure the clientset, so that the check `clientset.IsEnabled()` will keep that too into account and avoid the execution of kubernetes-specific code. The operator api server cell and tests have been updated accordingly. Related: cilium#21344 Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
The enable-k8s option has been introduced to avoid some operator code paths that assumed to run in a k8s environment. Instead of passing around the flag, we use it to configure the clientset, so that the check `clientset.IsEnabled()` will keep that too into account and avoid the execution of kubernetes-specific code. The operator api server cell and tests have been updated accordingly. Related: #21344 Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
Hi, latelly I've been working on setting up cilium with nomad, instead of kubernetes. By following some advices from @joestringer at #18334, and inspecting some documentation and guidance on howto setup cilium with docker, I've been able to integrate cilium agent, CNI & docker plugins to nomad.
However, the only component not working out of the box is the operator (actually the generic operator). This is due to some code paths assuming kubernetes availability, and failing (obviously) when no k8s apiserver that can be contacted.
This PR addresses this issues by adding a new command argument (--disable-k8s-services, w/ false as default), which enables basic usage of the operator (lease cleanup, ipam address gc, etc.), but disables any k8s-specific code/features.
There are some more missing pieces/features which I would like to add to operator in future PRs, like being able to provide/distribute policy statements to agents from kvstore, instead of using kubernetes CRDs, etc. But this is the bare initial support for operator w/o kubernetes.
PD: For nomad users interested on this, this github issue is the actual place where using cilium w/ nomad is being handled (hashicorp/nomad#12120)