fix: use grpc load-balancing when connecting to trustd #3069
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
smira
force-pushed
the
grpc-security-resolver
branch
from
877e659
to
e6c512b
Compare
|
/approve |
|
There is a typo: "locad" instead of "load" |
smira
changed the title
|
/rebase |
talos-bot
force-pushed
the
grpc-security-resolver
branch
from
e6c512b
to
5ab74a8
Compare
smira
force-pushed
the
grpc-security-resolver
branch
from
5ab74a8
to
b924be7
Compare
|
/rebase |
talos-bot
force-pushed
the
grpc-security-resolver
branch
from
b924be7
to
52321bd
Compare
|
/rebase |
talos-bot
force-pushed
the
grpc-security-resolver
branch
from
52321bd
to
511d406
Compare
|
/rebase |
Instead of doing our homegrown "try all the endpoints" method, use gRPC load-balancing across configured endpoints. Generalize load-balancer via gRPC resolver we had in Talos API client, use it in remote certificate generator code. Generalized resolver is still under `machinery/`, as `pkg/grpc` is not in `machinery/`, and we can't depend on Talos code from `machinery/`. Related to: siderolabs#3068 Full fix for siderolabs#3068 requires dynamic updates to control plane endpoints while apid is running, this is coming in the next PR. Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
talos-bot
force-pushed
the
grpc-security-resolver
branch
from
511d406
to
bd44a8e
Compare
|
/LGTM |
|
/lgtm |
smira
added a commit
to smira/talos
that referenced
this pull request
Feb 3, 2021
This moves endpoint refresh from the context of the service `apid` in `machined` into `apid` service itself for the workers. `apid` does initial poll for the endpoints when it boots, but also periodically polls for new endpoints to make sure it has accurate list of `trustd` endpoints to talk to, this handles cases when control plane endpoints change (e.g. rolling replace of control plane nodes with new IPs). Related to siderolabs#3069 Fixes siderolabs#3068 Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
smira
added a commit
to smira/talos
that referenced
this pull request
Feb 3, 2021
This moves endpoint refresh from the context of the service `apid` in `machined` into `apid` service itself for the workers. `apid` does initial poll for the endpoints when it boots, but also periodically polls for new endpoints to make sure it has accurate list of `trustd` endpoints to talk to, this handles cases when control plane endpoints change (e.g. rolling replace of control plane nodes with new IPs). Related to siderolabs#3069 Fixes siderolabs#3068 Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
talos-bot
pushed a commit
that referenced
this pull request
Feb 3, 2021
This moves endpoint refresh from the context of the service `apid` in `machined` into `apid` service itself for the workers. `apid` does initial poll for the endpoints when it boots, but also periodically polls for new endpoints to make sure it has accurate list of `trustd` endpoints to talk to, this handles cases when control plane endpoints change (e.g. rolling replace of control plane nodes with new IPs). Related to #3069 Fixes #3068 Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Instead of doing our homegrown "try all the endpoints" method,
use gRPC load-balancing across configured endpoints.
Generalize load-balancer via gRPC resolver we had in Talos API client,
use it in remote certificate generator code. Generalized resolver is
still under
machinery/, aspkg/grpcis not inmachinery/, and wecan't depend on Talos code from
machinery/.Related to: #3068
Full fix for #3068 requires dynamic updates to control plane endpoints
while apid is running, this is coming in the next PR.
Signed-off-by: Andrey Smirnov smirnov.andrey@gmail.com