New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate from plain manifests to helm charts in mesheryctl #4318
Conversation
Signed-off-by: Pan Yuen Lau <panyuenlau@gmail.com>
Signed-off-by: Pan Yuen Lau <panyuenlau@gmail.com>
Codecov Report
@@ Coverage Diff @@
## master #4318 +/- ##
=======================================
Coverage 21.36% 21.36%
=======================================
Files 59 59
Lines 5046 5046
=======================================
Hits 1078 1078
Misses 3653 3653
Partials 315 315
Flags with carried forward coverage won't be shown. Click here to find out more. Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, @panyuenlau, so cleanly work. Please add the code comment to the ClusterRole
in order to clearly describe the permission we need to apply.
- meshery.layer5.io | ||
resources: | ||
- brokers/status | ||
verbs: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please give any code comment for apiGroups' verbs
if could what I mean we should sure which permissions we need to get.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, should the templates/NOTES.txt be modified to capture the recent changes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Aisuko @hexxdump TBH, I am not familiar enough with the system to give a good explanation on why we need those permissions for the cluster role, I made the changes just based on the plain yaml manifests that we're currently using... reference: https://github.com/meshery/meshery-operator/blob/master/config/manifests/default.yaml#L273-L288
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good discussion. Given that the scope of these verbs is restricted to meshery.layer5.io
resource groups, we shouldn't see any pushback from users given that the Meshery Operator should have full control over the lifecycle of its custom controllers.
install/kubernetes/helm/meshery/charts/meshery-consul/values.yaml
Outdated
Show resolved
Hide resolved
Hi, @navendu-pottekkat, I remember the CI check was only triggered by the specific folder, right? Is that strategy keep working well? I saw there trigger so many CI includes UI, DOC, |
@@ -11,10 +11,10 @@ image: | |||
env: {} | |||
|
|||
probe: | |||
#TODO: Need to confirm the health check path of meshery. | |||
#TODO: Need to confirm the health check path of meshery. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@navendu-pottekkat what's Meshery's health check path?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no specific health-check path but we can try hitting the version endpoint to get the surety that meshery is running properly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A good item to create a new issue for follow up here.
I feel, the mesheryctl changes(to move away from manifests) should be handled through a separate PR |
meshery-nginx-sm: | ||
enabled: true | ||
fullnameOverride: meshery-nginx-sm | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@leecalcote, we do not have helm charts for meshery-nsm, meshery-tanzu-sm and meshery-app-mesh yet. Is there some limitation for these service meshes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@hexxdump I believe we do have the meshery-nsm helm chart: https://github.com/meshery/meshery/tree/master/install/kubernetes/helm/meshery/charts/meshery-nsm
But not the other two that you mentioned
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good question and answer. The other two adapters are alpha stage adapters, and so, charts haven't been created yet. We can go ahead and create those charts now, so long as we don't include their deployment by default.
I agree, since separating the two into different PRs would help us identify potential issues more easily |
…level chart Signed-off-by: Pan Yuen Lau <panyuenlau@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@panyuenlau confirming: with this update, two service accounts will be created: meshery-server
and meshery-operator
?
@@ -49,7 +52,7 @@ securityContext: {} | |||
service: | |||
type: ClusterIP | |||
port: 10010 | |||
targetPOrt: 10010 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yikes!
- meshery.layer5.io | ||
resources: | ||
- brokers/status | ||
verbs: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good discussion. Given that the scope of these verbs is restricted to meshery.layer5.io
resource groups, we shouldn't see any pushback from users given that the Meshery Operator should have full control over the lifecycle of its custom controllers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unless I've missed something, this is a great step forward.
@leecalcote correct, the |
Description
This PR fixes the helm chart part of #4103
(The
mesheryctl
changes will be included in another PR to separate from the helm chart changes)Notes for Reviewers
The current PR only fixes the existing issues related to
serviceAccount
,clusterRole
, andclsuterRoleBInding
within the helm charts, I've tested the basic installations for each adapter but need some help on testing the other functionalitiesSigned commits
>TODO: will be adding changes to themesheryctl
implementation to use the helm chart after making sure the charts are functioning properly