Add support for Admin Partitions #729
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
thisisnotashwin
force-pushed
the
partitions
branch
2 times, most recently
from
72e54a6
to
0707b8c
Compare
* Create Admin Partitions when enabled
* Add support for Partition Service - This is a loadBalancer service that allows one to expose the server pods. This allows a constant value for client auto-join even if the node IPs of the server pods change. * Support NodePort along with LoadBalancer as service types for Partition service. - This will allows interop with Kind. Additionally, users can set explicit NodePorts for Serf, HTTPS and RPC endpoints.
* Fail if agents in server cluster are created in a partition not "default" * Fail helm upgrades if partition name is updated. - This does not cause the parition-init job from running or the agents from attempting to join the new partition, but the helm upgrade stays in a failed state until an upgrade is run with the partition name reverted.
* Add partition support to config entries * Fail if namespaces are not enabled and admin partitions are enabled
thisisnotashwin
force-pushed
the
partitions
branch
10 times, most recently
from
f5af9a6
to
683642d
Compare
thisisnotashwin
force-pushed
the
partitions
branch
from
683642d
to
5fac8ee
Compare
thisisnotashwin
force-pushed
the
partitions
branch
from
5fac8ee
to
7bf487f
Compare
thisisnotashwin
requested review from
ishustava,
a team and
t-eckert
and removed request for
a team
t-eckert
approved these changes
Sep 17, 2021
ishustava
approved these changes
Sep 17, 2021
CHANGELOG.md
Outdated
| * Add support for Admin Partitions. **(Consul Enterprise only)** | ||
| **ALPHA** [[GH-729](https://github.com/hashicorp/consul-k8s/pull/729)] | ||
|
|
||
| This feature allows Consul to be deployed across multiple Kubernetes clusters while sharing a single set of Consul |
There was a problem hiding this comment.
I think this section needs to be intended so that it all looks like a part of the admin partitions bullet point.
CHANGELOG.md
Outdated
| **ALPHA** [[GH-729](https://github.com/hashicorp/consul-k8s/pull/729)] | ||
|
|
||
| This feature allows Consul to be deployed across multiple Kubernetes clusters while sharing a single set of Consul | ||
| servers. The services on each cluster can be independently managed. This feature in the alpha phase requires a flat pod |
There was a problem hiding this comment.
might be nice to put these requirements into a bulleted list so that it reads better.
CHANGELOG.md
Outdated
| tls: | ||
| enabled: true | ||
| image: hashicorp/consul-enterprise:1.11.0-ent-alpha | ||
| imageK8S: hashicorp/consul-k8s-control-plane:0.34.0 |
There was a problem hiding this comment.
this image is probably not needed since it's the default, right?
There was a problem hiding this comment.
Good point!! 馃槃
CHANGELOG.md
Outdated
|
|
||
| This feature allows Consul to be deployed across multiple Kubernetes clusters while sharing a single set of Consul | ||
| servers. The services on each cluster can be independently managed. This feature in the alpha phase requires a flat pod | ||
| and node network in order for inter-partition networking to work. This feature requires TLS to be enabled. This feature |
There was a problem hiding this comment.
We require HTTPS for communication to externalServers. We had that already as a requirement and I decided not to loosen it for AP.
CHANGELOG.md
Outdated
| kubectl get svc consul-consul-partition-service -o json | jq -r '.status.loadBalancer.ingress[0].ip' | ||
| ``` | ||
|
|
||
| Migrate the TLS certs from the server cluster to the workload clusters |
There was a problem hiding this comment.
Suggested change
| Migrate the TLS certs from the server cluster to the workload clusters | |
| Migrate the TLS CA credentials from the server cluster to the workload clusters |
CHANGELOG.md
Outdated
| kubectl get secret consul-consul-ca-cert --context "server-context" -o yaml | kubectl apply --context "workload-context" -f - | ||
| ``` | ||
|
|
||
| Configure the Workload cluster using the following config. |
There was a problem hiding this comment.
Suggested change
| Configure the Workload cluster using the following config. | |
| Configure the workload cluster using the following config. |
CHANGELOG.md
Outdated
| ``` | ||
|
|
||
| This should lead to the workload cluster having only Consul agents that connect with the Consul server. Services in this | ||
| cluster behave like independent services. They can be configured to communicated with services in other partitions by |
There was a problem hiding this comment.
Suggested change
| cluster behave like independent services. They can be configured to communicated with services in other partitions by | |
| cluster behave like independent services. They can be configured to communicate with services in other partitions by |
thisisnotashwin
force-pushed
the
partitions
branch
from
96670f5
to
6e3a627
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes proposed in this PR:
Update this PR with the alpha image for Consul 1.11 and ensure the acceptance tests are 馃煝
We will not update the values file with the above image as it is an alpha image.
How I've tested this PR:
How I expect reviewers to test this PR:
Checklist: