New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
draft custom CA steps for K8s deployment #6232
Conversation
8062039
to
861b858
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Works great, @taroface! LGTM, with a few nits. And please also add a note in the monitoring section as we discussed, until we figure out how to get prometheus, etc., to use the custom CA.
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @jseldess and @taroface)
_includes/v19.2/orchestration/start-cockroachdb-secure.md, line 25 at r1 (raw file):
Modify the values in the StatefulSet configuration. 1. To avoid running out of memory when CockroachDB is not the only pod on a Kubernetes node, you *must* set memory limits explicitly. This is because CockroachDB does not detect the amount of memory allocated to its pod when run in Kubernetes. In the `containers` specification, set this amount in both `resources.requests.memory` and `resources.limits.memory`.
This language made me think resources.requests.memory
is already in the file, but I can't find it. Are we asking the user to add this?
_includes/v19.2/orchestration/start-cockroachdb-secure.md, line 28 at r1 (raw file):
~~~ shell $ resources:
Let's remove the shell
highlighting and $
here since we're just showing part of a file.
_includes/v19.2/orchestration/start-cockroachdb-secure.md, line 45 at r1 (raw file):
{{site.data.alerts.end}} ~~~ shell
Let's remove the shell
highlighting here.
_includes/v19.2/orchestration/start-cockroachdb-secure.md, line 52 at r1 (raw file):
~~~ shell $ resources:
Same as above.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @jseldess and @taroface)
_includes/v19.2/orchestration/start-cockroachdb-secure.md, line 25 at r1 (raw file):
Previously, jseldess (Jesse Seldess) wrote…
This language made me think
resources.requests.memory
is already in the file, but I can't find it. Are we asking the user to add this?
Yes. It's in the standard config but not in the custom CA config. I'm going to add those fields to the YAML in a PR.
_includes/v19.2/orchestration/start-cockroachdb-secure.md, line 28 at r1 (raw file):
Previously, jseldess (Jesse Seldess) wrote…
Let's remove the
shell
highlighting and$
here since we're just showing part of a file.
Done.
_includes/v19.2/orchestration/start-cockroachdb-secure.md, line 45 at r1 (raw file):
Previously, jseldess (Jesse Seldess) wrote…
Let's remove the
shell
highlighting here.
Done.
_includes/v19.2/orchestration/start-cockroachdb-secure.md, line 52 at r1 (raw file):
Previously, jseldess (Jesse Seldess) wrote…
Same as above.
Done.
Advances #4696. Arguably blocked by #42173.
Custom CA steps are working for authenticating and initializing the CRDB cluster and running SQL shell (steps 1-5) in the K8s deployment guide.
The Monitor step (6) still isn't compatible: Our current Prometheus and Alertmanager YAMLs only request certs from K8s.
I also ran into an
ImagePullBackOff
error with the Upgrade step (7), which may be unrelated.