draft custom CA steps for K8s deployment #6232
Conversation
|
This change is |
taroface
force-pushed
the
k8s-custom-ca
branch
from
8062039
to
861b858
Compare
There was a problem hiding this comment.
Works great, @taroface! LGTM, with a few nits. And please also add a note in the monitoring section as we discussed, until we figure out how to get prometheus, etc., to use the custom CA.
Reviewable status:
complete! 0 of 0 LGTMs obtained (waiting on @jseldess and @taroface)
_includes/v19.2/orchestration/start-cockroachdb-secure.md, line 25 at r1 (raw file):
Modify the values in the StatefulSet configuration. 1. To avoid running out of memory when CockroachDB is not the only pod on a Kubernetes node, you *must* set memory limits explicitly. This is because CockroachDB does not detect the amount of memory allocated to its pod when run in Kubernetes. In the `containers` specification, set this amount in both `resources.requests.memory` and `resources.limits.memory`.
This language made me think resources.requests.memory is already in the file, but I can't find it. Are we asking the user to add this?
_includes/v19.2/orchestration/start-cockroachdb-secure.md, line 28 at r1 (raw file):
~~~ shell $ resources:
Let's remove the shell highlighting and $ here since we're just showing part of a file.
_includes/v19.2/orchestration/start-cockroachdb-secure.md, line 45 at r1 (raw file):
{{site.data.alerts.end}} ~~~ shell
Let's remove the shell highlighting here.
_includes/v19.2/orchestration/start-cockroachdb-secure.md, line 52 at r1 (raw file):
~~~ shell $ resources:
Same as above.
There was a problem hiding this comment.
Reviewable status:
_includes/v19.2/orchestration/start-cockroachdb-secure.md, line 25 at r1 (raw file):
Previously, jseldess (Jesse Seldess) wrote…
This language made me think
resources.requests.memoryis already in the file, but I can't find it. Are we asking the user to add this?
Yes. It's in the standard config but not in the custom CA config. I'm going to add those fields to the YAML in a PR.
_includes/v19.2/orchestration/start-cockroachdb-secure.md, line 28 at r1 (raw file):
Previously, jseldess (Jesse Seldess) wrote…
Let's remove the
shellhighlighting and$here since we're just showing part of a file.
Done.
_includes/v19.2/orchestration/start-cockroachdb-secure.md, line 45 at r1 (raw file):
Previously, jseldess (Jesse Seldess) wrote…
Let's remove the
shellhighlighting here.
Done.
_includes/v19.2/orchestration/start-cockroachdb-secure.md, line 52 at r1 (raw file):
Previously, jseldess (Jesse Seldess) wrote…
Same as above.
Done.
Advances #4696. Arguably blocked by #42173.
Custom CA steps are working for authenticating and initializing the CRDB cluster and running SQL shell (steps 1-5) in the K8s deployment guide.
The Monitor step (6) still isn't compatible: Our current Prometheus and Alertmanager YAMLs only request certs from K8s.
I also ran into an
ImagePullBackOfferror with the Upgrade step (7), which may be unrelated.