Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

envoy: Default to daemon set deployment from 1.16 #30034

Merged
merged 1 commit into from Feb 29, 2024
Merged

envoy: Default to daemon set deployment from 1.16 #30034

merged 1 commit into from Feb 29, 2024

Conversation

sayboras
Copy link
Member

@sayboras sayboras commented Dec 22, 2023
edited

This is to set the default envoy deployment to daemon set mode for new installation.

Deploy Envoy as a separate DaemonSet by default rather than running it inside the Cilium Pod

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Dec 22, 2023
@sayboras sayboras added area/proxy Impacts proxy components, including DNS, Kafka, Envoy and/or XDS servers. release-note/minor This PR changes functionality that users may find relevant to operating Cilium. area/servicemesh GH issues or PRs regarding servicemesh labels Dec 22, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot removed dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Dec 22, 2023
@sayboras
Copy link
Member Author

/test

@sayboras sayboras mentioned this pull request Dec 24, 2023
Closed
@sayboras
Copy link
Member Author

/test

@sayboras
Copy link
Member Author

sayboras commented Jan 9, 2024

/test

@sayboras
Copy link
Member Author

/test

@sayboras sayboras force-pushed the tam/default-envoy-ds branch 2 times, most recently from 741140f to 5433415 Compare January 14, 2024 00:02
@sayboras
Copy link
Member Author

/test

@sayboras sayboras marked this pull request as ready for review January 14, 2024 00:02
@sayboras sayboras requested review from a team as code owners January 14, 2024 00:02
@sayboras sayboras requested review from joamaki, gandro, learnitall, a team and youngnick and removed request for a team January 14, 2024 00:02
@sayboras
Copy link
Member Author

Adding @cilium/sig-servicemesh team for visibility and review.

gandro
gandro reviewed Jan 15, 2024
View reviewed changes
Copy link
Member

@gandro gandro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, but I do wonder if we should/want to detect upgrade and keep the old behavior for existing installations. See inline comment.

Documentation/operations/upgrade.rst Outdated Show resolved Hide resolved
Merged via the queue into cilium:main with commit 21fa2df Feb 29, 2024
62 checks passed
@sayboras sayboras deleted the tam/default-envoy-ds branch February 29, 2024 21:57
sayboras added a commit to sayboras/cilium that referenced this pull request Feb 29, 2024
@sayboras
gha: Re-purpose Conformance Kind proxy test
62124a8 
As Envoy DS is the default mode now, we should re-purpose the existing
test to embedded mode, so that we still have required coverage.

Relates: 21fa2df
Relates: cilium#30034
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@sayboras sayboras mentioned this pull request Feb 29, 2024
Merged
github-merge-queue bot pushed a commit that referenced this pull request Mar 1, 2024
@sayboras
gha: Re-purpose Conformance Kind proxy test
5abe8a8 
As Envoy DS is the default mode now, we should re-purpose the existing
test to embedded mode, so that we still have required coverage.

Relates: 21fa2df
Relates: #30034
Signed-off-by: Tam Mach <tam.mach@cilium.io>
sayboras added a commit to sayboras/cilium that referenced this pull request Mar 5, 2024
@sayboras
helm: Add pod affinity for cilium-envoy
a2f9063 
This is to ensure that cilium-envoy will only run on the same node with
cilium agent during pod scheduling. Kind note that scheduled pod will
continue running, however, it will be just no-ops except a bunch of warn
logs related to non-existence of shared unix domain socket.

Relates: cilium#25081, cilium#30034
Fixes: cilium#31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@sayboras sayboras mentioned this pull request Mar 5, 2024
Merged
sayboras added a commit to sayboras/cilium that referenced this pull request Mar 5, 2024
@sayboras
helm: Add pod affinity for cilium-envoy
c5d0785 
This is to ensure that cilium-envoy will only run on the same node with
cilium agent during pod scheduling. Kind note that scheduled pod will
continue running, however, it will be just no-ops except a bunch of warn
logs related to non-existence of shared unix domain socket.

Relates: cilium#25081, cilium#30034
Fixes: cilium#31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
sayboras added a commit to sayboras/cilium that referenced this pull request Mar 5, 2024
@sayboras
helm: Add pod affinity for cilium-envoy
a02b5a4 
This is the best effort to avoid cilium-envoy running on the node
without cilium agent. Kind note that the extra cilium-envoy pod
(if any) will be just no-ops except a bunch of warn logs related
to non-existence of shared unix domain socket.

Relates: cilium#25081, cilium#30034
Fixes: cilium#31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
sayboras added a commit to sayboras/cilium that referenced this pull request Mar 5, 2024
@sayboras
helm: Add pod affinity for cilium-envoy
a18ede6 
This is the best effort to avoid cilium-envoy running on the node
without cilium agent. Kind note that the extra cilium-envoy pod
(if any) will be just no-ops except a bunch of warn logs related
to non-existence of shared unix domain socket.

The reason for prefered but not required options is to avoid race
condition for new installation between cilium-agent and cilium-envoy
deamon sets.

Relates: cilium#25081, cilium#30034
Fixes: cilium#31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
sayboras added a commit to sayboras/cilium that referenced this pull request Mar 5, 2024
@sayboras
helm: Add pod affinity for cilium-envoy
faefad3 
This is the best effort to avoid cilium-envoy running on the node
without cilium agent. Kind note that the extra cilium-envoy pod
(if any) will be just no-ops except a bunch of warn logs related
to non-existence of shared unix domain socket.

The reason for preferred but not required options is to avoid race
condition for new installation between cilium-agent and cilium-envoy
deamon sets.

Relates: cilium#25081, cilium#30034
Fixes: cilium#31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
sayboras added a commit to sayboras/cilium that referenced this pull request Mar 5, 2024
@sayboras
helm: Add pod affinity for cilium-envoy
7b9c29a 
This is the best effort to avoid cilium-envoy running on the node
without cilium agent. Kind note that the extra cilium-envoy pod
(if any) will be just no-ops except a bunch of warn logs related
to non-existence of shared unix domain socket.

The reason for preferred but not required options is to avoid race
condition for new installation between cilium-agent and cilium-envoy
daemon sets.

Relates: cilium#25081, cilium#30034
Fixes: cilium#31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@sayboras sayboras added release-note/major This PR introduces major new functionality to Cilium. and removed release-note/minor This PR changes functionality that users may find relevant to operating Cilium. labels Mar 8, 2024
@marseel marseel mentioned this pull request Mar 11, 2024
Open
sayboras added a commit to sayboras/cilium that referenced this pull request Mar 12, 2024
@sayboras
helm: Add pod affinity for cilium-envoy
5b3de7f 
This commit is to avoid cilium-envoy running on the node without cilium
agent.

Relates: cilium#25081, cilium#30034
Fixes: cilium#31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
sayboras added a commit to sayboras/cilium that referenced this pull request Mar 12, 2024
@sayboras
helm: Add pod affinity for cilium-envoy
62cca9c 
This commit is to avoid cilium-envoy running on the node without cilium
agent.

Relates: cilium#25081, cilium#30034
Fixes: cilium#31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
sayboras added a commit to sayboras/cilium that referenced this pull request Mar 12, 2024
@sayboras
helm: Add pod affinity for cilium-envoy
e2eb48a 
This commit is to avoid cilium-envoy running on the node without cilium
agent. Two main changes are:

- podAffinity with requiredDuringSchedulingIgnoredDuringExecution to
  cilium agent
- tolerations with same values as the agent itself, this is to cater
  node without cilium cases

Relates: cilium#25081, cilium#30034
Fixes: cilium#31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
sayboras added a commit to sayboras/cilium that referenced this pull request Mar 12, 2024
@sayboras
helm: Add pod affinity for cilium-envoy
c5f1ae4 
This commit is to avoid cilium-envoy running on the node without cilium
agent. Two main changes are:

- podAffinity with requiredDuringSchedulingIgnoredDuringExecution to
  cilium agent
- tolerations with same values as the agent itself, this is to cater
  node without cilium cases

Relates: cilium#25081, cilium#30034
Fixes: cilium#31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
sayboras added a commit to sayboras/cilium that referenced this pull request Mar 12, 2024
@sayboras
helm: Add pod affinity for cilium-envoy
0954ccb 
This commit is to avoid cilium-envoy running on the node without cilium
agent. Two main changes are:

- podAffinity with requiredDuringSchedulingIgnoredDuringExecution to
  cilium agent
- tolerations with same values as the agent itself, this is to cater
  node without cilium cases

Relates: cilium#25081, cilium#30034
Fixes: cilium#31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
sayboras added a commit to sayboras/cilium that referenced this pull request Mar 12, 2024
@sayboras
helm: Add pod affinity for cilium-envoy
44d1133 
This commit is to avoid cilium-envoy running on the node without cilium
agent. Two main changes are:

- nodeAffinity to make sure that cilium-envoy will not be scheduled on
  node without cilium agent
- podAffinity with requiredDuringSchedulingIgnoredDuringExecution to
  cilium agent

Relates: cilium#25081, cilium#30034
Fixes: cilium#31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
sayboras added a commit to sayboras/cilium that referenced this pull request Mar 12, 2024
@sayboras
helm: Add pod affinity for cilium-envoy
d747c54 
This commit is to avoid cilium-envoy running on the node without cilium
agent. Two main changes are:

- nodeAffinity to make sure that cilium-envoy will not be scheduled on
  node without cilium agent
- podAffinity with requiredDuringSchedulingIgnoredDuringExecution to
  cilium agent

Relates: cilium#25081, cilium#30034
Fixes: cilium#31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
sayboras added a commit to sayboras/cilium that referenced this pull request Mar 12, 2024
@sayboras
helm: Add pod affinity for cilium-envoy
d5289f0 
This commit is to avoid cilium-envoy running on the node without cilium
agent. Two main changes are:

- nodeAffinity to make sure that cilium-envoy will not be scheduled on
  node without cilium agent
- podAffinity with requiredDuringSchedulingIgnoredDuringExecution to
  cilium agent

Relates: cilium#25081, cilium#30034
Fixes: cilium#31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
github-merge-queue bot pushed a commit that referenced this pull request Mar 13, 2024
@sayboras @aanm
helm: Add pod affinity for cilium-envoy
44aeb53 
This commit is to avoid cilium-envoy running on the node without cilium
agent. Two main changes are:

- nodeAffinity to make sure that cilium-envoy will not be scheduled on
  node without cilium agent
- podAffinity with requiredDuringSchedulingIgnoredDuringExecution to
  cilium agent

Relates: #25081, #30034
Fixes: #31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
gandro pushed a commit that referenced this pull request Mar 19, 2024
@sayboras @gandro
helm: Add pod affinity for cilium-envoy
64eacd3 
[ upstream commit 44aeb53 ]
[ backporter notes: Minor conflict in values.yaml due to different
  intendation of podAntiAffinity in v1.15 ]

This commit is to avoid cilium-envoy running on the node without cilium
agent. Two main changes are:

- nodeAffinity to make sure that cilium-envoy will not be scheduled on
  node without cilium agent
- podAffinity with requiredDuringSchedulingIgnoredDuringExecution to
  cilium agent

Relates: #25081, #30034
Fixes: #31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
gandro pushed a commit that referenced this pull request Mar 19, 2024
@sayboras @gandro
helm: Add pod affinity for cilium-envoy
326157b 
[ upstream commit 44aeb53 ]
[ backporter notes: Minor conflict in values.yaml due to different
  intendation of podAntiAffinity in v1.14.
  Also needed to regenerate docs. ]

This commit is to avoid cilium-envoy running on the node without cilium
agent. Two main changes are:

- nodeAffinity to make sure that cilium-envoy will not be scheduled on
  node without cilium agent
- podAffinity with requiredDuringSchedulingIgnoredDuringExecution to
  cilium agent

Relates: #25081, #30034
Fixes: #31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
gandro pushed a commit that referenced this pull request Mar 20, 2024
@sayboras @gandro
helm: Add pod affinity for cilium-envoy
e13ecd6 
[ upstream commit 44aeb53 ]
[ backporter notes: Minor conflict in values.yaml due to different
  intendation of podAntiAffinity in v1.15 ]

This commit is to avoid cilium-envoy running on the node without cilium
agent. Two main changes are:

- nodeAffinity to make sure that cilium-envoy will not be scheduled on
  node without cilium agent
- podAffinity with requiredDuringSchedulingIgnoredDuringExecution to
  cilium agent

Relates: #25081, #30034
Fixes: #31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
gandro pushed a commit that referenced this pull request Mar 20, 2024
@sayboras @gandro
helm: Add pod affinity for cilium-envoy
7733839 
[ upstream commit 44aeb53 ]
[ backporter notes: Minor conflict in values.yaml due to different
  intendation of podAntiAffinity in v1.15 ]

This commit is to avoid cilium-envoy running on the node without cilium
agent. Two main changes are:

- nodeAffinity to make sure that cilium-envoy will not be scheduled on
  node without cilium agent
- podAffinity with requiredDuringSchedulingIgnoredDuringExecution to
  cilium agent

Relates: #25081, #30034
Fixes: #31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
jrajahalme pushed a commit that referenced this pull request Mar 20, 2024
@sayboras @jrajahalme
helm: Add pod affinity for cilium-envoy
5b2d8d6 
[ upstream commit 44aeb53 ]
[ backporter notes: Minor conflict in values.yaml due to different
  intendation of podAntiAffinity in v1.14.
  Also needed to regenerate docs. ]

This commit is to avoid cilium-envoy running on the node without cilium
agent. Two main changes are:

- nodeAffinity to make sure that cilium-envoy will not be scheduled on
  node without cilium agent
- podAffinity with requiredDuringSchedulingIgnoredDuringExecution to
  cilium agent

Relates: #25081, #30034
Fixes: #31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
jrajahalme pushed a commit that referenced this pull request Mar 21, 2024
@sayboras @jrajahalme
helm: Add pod affinity for cilium-envoy
e686ecf 
[ upstream commit 44aeb53 ]
[ backporter notes: Minor conflict in values.yaml due to different
  intendation of podAntiAffinity in v1.15 ]

This commit is to avoid cilium-envoy running on the node without cilium
agent. Two main changes are:

- nodeAffinity to make sure that cilium-envoy will not be scheduled on
  node without cilium agent
- podAffinity with requiredDuringSchedulingIgnoredDuringExecution to
  cilium agent

Relates: #25081, #30034
Fixes: #31149
Signed-off-by: Tam Mach <tam.mach@cilium.io>
Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gandro gandro gandro approved these changes

@joamaki joamaki joamaki approved these changes

@christarazi christarazi christarazi approved these changes

@youngnick youngnick youngnick approved these changes

@learnitall learnitall learnitall approved these changes

Assignees
No one assigned
Labels
area/proxy Impacts proxy components, including DNS, Kafka, Envoy and/or XDS servers. area/servicemesh GH issues or PRs regarding servicemesh ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/major This PR introduces major new functionality to Cilium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@sayboras @gandro @joamaki @christarazi @youngnick @learnitall