-
Notifications
You must be signed in to change notification settings - Fork 533
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: use grpc load-balancing when connecting to trustd #3069
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
smira
force-pushed
the
grpc-security-resolver
branch
from
January 29, 2021 20:45
877e659
to
e6c512b
Compare
/approve |
There is a typo: "locad" instead of "load" |
smira
changed the title
fix: use grpc locad-balancing when connecting to trustd
fix: use grpc load-balancing when connecting to trustd
Jan 30, 2021
/rebase |
talos-bot
force-pushed
the
grpc-security-resolver
branch
from
January 30, 2021 17:40
e6c512b
to
5ab74a8
Compare
smira
force-pushed
the
grpc-security-resolver
branch
from
February 1, 2021 12:15
5ab74a8
to
b924be7
Compare
/rebase |
talos-bot
force-pushed
the
grpc-security-resolver
branch
from
February 1, 2021 13:02
b924be7
to
52321bd
Compare
/rebase |
talos-bot
force-pushed
the
grpc-security-resolver
branch
from
February 1, 2021 16:08
52321bd
to
511d406
Compare
/rebase |
Instead of doing our homegrown "try all the endpoints" method, use gRPC load-balancing across configured endpoints. Generalize load-balancer via gRPC resolver we had in Talos API client, use it in remote certificate generator code. Generalized resolver is still under `machinery/`, as `pkg/grpc` is not in `machinery/`, and we can't depend on Talos code from `machinery/`. Related to: siderolabs#3068 Full fix for siderolabs#3068 requires dynamic updates to control plane endpoints while apid is running, this is coming in the next PR. Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
talos-bot
force-pushed
the
grpc-security-resolver
branch
from
February 1, 2021 23:57
511d406
to
bd44a8e
Compare
andrewrynhard
approved these changes
Feb 2, 2021
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/LGTM |
/lgtm |
smira
added a commit
to smira/talos
that referenced
this pull request
Feb 3, 2021
This moves endpoint refresh from the context of the service `apid` in `machined` into `apid` service itself for the workers. `apid` does initial poll for the endpoints when it boots, but also periodically polls for new endpoints to make sure it has accurate list of `trustd` endpoints to talk to, this handles cases when control plane endpoints change (e.g. rolling replace of control plane nodes with new IPs). Related to siderolabs#3069 Fixes siderolabs#3068 Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
smira
added a commit
to smira/talos
that referenced
this pull request
Feb 3, 2021
This moves endpoint refresh from the context of the service `apid` in `machined` into `apid` service itself for the workers. `apid` does initial poll for the endpoints when it boots, but also periodically polls for new endpoints to make sure it has accurate list of `trustd` endpoints to talk to, this handles cases when control plane endpoints change (e.g. rolling replace of control plane nodes with new IPs). Related to siderolabs#3069 Fixes siderolabs#3068 Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
talos-bot
pushed a commit
that referenced
this pull request
Feb 3, 2021
This moves endpoint refresh from the context of the service `apid` in `machined` into `apid` service itself for the workers. `apid` does initial poll for the endpoints when it boots, but also periodically polls for new endpoints to make sure it has accurate list of `trustd` endpoints to talk to, this handles cases when control plane endpoints change (e.g. rolling replace of control plane nodes with new IPs). Related to #3069 Fixes #3068 Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Instead of doing our homegrown "try all the endpoints" method,
use gRPC load-balancing across configured endpoints.
Generalize load-balancer via gRPC resolver we had in Talos API client,
use it in remote certificate generator code. Generalized resolver is
still under
machinery/
, aspkg/grpc
is not inmachinery/
, and wecan't depend on Talos code from
machinery/
.Related to: #3068
Full fix for #3068 requires dynamic updates to control plane endpoints
while apid is running, this is coming in the next PR.
Signed-off-by: Andrey Smirnov smirnov.andrey@gmail.com