New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KEP 18 - Simplify installer - do not install istio nor nginx-ingress #18
KEP 18 - Simplify installer - do not install istio nor nginx-ingress #18
Conversation
for convenience, here is the link to the formatted doc: https://github.com/keptn/enhancement-proposals/blob/1a6f3e2b3f4d4dc697c12a622e223c4862fd7afc/text/0018-simplify-installer.md |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, lgtm! I only have two minor comments.
text/0018-simplify-installer.md
Outdated
* Installer: Do not set `KEPTN_DOMAIN` | ||
* Installer: Do not generate SSL certificates | ||
|
||
* CLI/API: Change `keptn configure bridge` no longer provide the flag `action=[expose | lockdown]`, but a flag to configure the service-type [user and password should stay as they are, they are still required] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would propose that neither the CLI nor the API can change the service type because this should be handled by an administrator.
The administrator has then the rights to execute e.g.
kubectl patch svc api-gateway-nginx -n keptn -p '{"spec": {"type": "LoadBalancer"}}'
However, configure bridge
should allow to set the basic auth password.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would propose that neither the CLI nor the API can change the service type because this should be handled by an administrator.
I agree with that proposal. We should document the command, and remove the funcionality from our API.
text/0018-simplify-installer.md
Outdated
* Helm-Service will break without `KEPTN_DOMAIN` - instead we should ask the user to supply this configuration using a new environment variable called `INGRESS_HOSTNAME_SUFFIX` which we will default to `svc.cluster.local` | ||
* Helm-Service will need to check if istio is available before applying any virtualservices | ||
* Not sure, but OpenShift support might break and we need to fix certain things | ||
* Dynatrace-service will break as it also relies on `KEPTN_DOMAIN` - especially for problem notifications |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In addition to Problem notifications, the KEPTN_COMAIN
is currently used during the dashboard setup (to provide links to the onboarded services, and to the bridge), as well as to provide deep links to the bridge in dynatrace events.
For the first two cases, we could pass the URL of the API/Bridge as parameter(s) for the configure monitoring
command.
For adding the deep links to the bridge in deployment events, we will have to rely on the INGRESS_HOSTNAME_SUFFIX
env var (as we also do in the helm-service)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for bringing this up, I've added it to the KEP.
Basically, with the proposed change in this KEP deep links to Keptn Bridge will not work anymore, as Keptn does not expose Bridge via a VirtualService or alike.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Hi. I would like to know what it takes for a user to get Keptn running on e.g: GKE, Microk8s and k3s. Here is an example. Assume we have a GKE cluster, an nginx-ingress and I am using Istio that is offered with GKE. What are the recommended installation commands to install Keptn? is it somethign like this?
So - for me to accept this proposal I would like to know what the user needs to execute in order to cover the most common use cases we have seen. Maybe this is already explained in the doc - but - it would be helpful to add a section with "How to install Keptn on these common deployment scenarios" |
Thanks Andi, I'll add a section that describes what the installation feels like for the user in terms of a full installation. |
I've added instructions for GKE, OpenShift and K3s. |
Hi, I understand the need to simplify the installer and that not every flavor of different ingress and virtual service types could be covered. As @christian-kreuzberger-dtx also mentioned within the KEP is that different cloud providers got different types of LoadBalancer Annotations. This is the same for ingresses. Perhaps it would be an idea instead of creating the ingress or virtual service to print out a default ingress yaml with preconfigured services hosts and ports, which could be then adjusted by the administrator or by a CI/CD Tool when installing keptn automatically. Something like
|
We will be trying to cover this with tutorials and docs with examples for now, which we believe is more than sufficient. Users should know their way around Kubernetes services and ingress if they want to use it. In fact, we have plenty of users that know what they are doing and overwrite the ingress gateway anyway, and we have plenty of users that struggle in determining the correct hostname for the ingress gateway on their Kubernetes setup. |
This Draft provides some information on why we should simplify the Keptn installer to no longer install istio nor nginx-ingress.
FYI, I believe that implementing this KEP will make the following Keptn Issues obsolete:
Please consider the open questions on the bottom of the markdown file