Fully speced global sidecars #890
Conversation
fischerman
requested review from
avaczi,
CyberDem0n,
erthalion,
FxKu,
Jan-M,
RafiaSabih and
sdudoladov
as code owners
|
Thanks @fischerman for your PR. In general, we think allowing full specs to our CRs is also a source of misuse and errors. But, I do see the appeal of making things like monitoring easier for users. Do you want us to focus on #736 getting merged so that it can be reflected in this PR here, too? Not sure if one want all specified volumes in sidecars, too. |
|
@FxKu thanks for looking into this. Can you elaborate on the possible misuse of this feature? Sure, I can easily break the deployments if I configure sidecars wrongly but that is true for many operator-level settings. I took a closer look at #736 and see what you mean. The way that Independent of volume mounts, one ability of this PR which I consider useful is the ability to specify ports. Although ports can be reached even if not specified, it's very hacky and complicates configuration of (for example) Prometheus. |
fischerman
force-pushed
the
fully-speced-global-sidecars
branch
from
778a1b5
to
d084b74
Compare
|
@fischerman #736 is now merged |
|
Sounds like a great PR. Removing Scalyr code in the scope of this PR would be fine from our side. W would then include this an the release notes. |
|
Awesome, I will solve the merge conflicts. I can also remove the Scalyr code, and optionally the old style global sidecars. Note however, that both of them are breaking changes to the config CRD. Apart from considerations about CRD versioning, the following "no downtime" approach would not be possible:
Should I remove either for v1.5? |
create resource only if scalyr container is created add tests for sidecars add option to remaining CRDs update docs fix typo fix typo during rebase
fischerman
force-pushed
the
fully-speced-global-sidecars
branch
from
f61346a
to
b340b52
Compare
|
Rebased. Let me know regarding the above and I make the necessary changes. |
|
I've fixed #924 with the last commit. I did not write a test for it, since it's deprecated anyways. |
| @@ -507,6 +507,33 @@ A secret can be pre-provisioned in different ways: | |||
| * Automatically provisioned via a custom K8s controller like | |||
| [kube-aws-iam-controller](https://github.com/mikkeloscar/kube-aws-iam-controller) | |||
|
|
|||
| ## Sidecars for Postgres clusters | |||
There was a problem hiding this comment.
Could you add a mention and link from the user docs to this section?
|
LGTM! Aside from very minor things, I'd like to merge this PR. Could you add a commented example in the default configuration manifest? I will add more deprecation notes for the Scalyr fields in a latter polishing PR befor the release. A PR to remove Scalyr is also there already. |
|
@FxKu Done! |
|
👍 |
1 similar comment
|
👍 |
|
@fischerman thank you for the contribution :) |
This addresses #781. It also works really nicely with #736
I've followed the same approach as with init containers, by fully exposing the Kubernetes container specification. This, for example, enables volume mounts required for #736.
I've deprecated
sidecar_docker_imagesin favor of the newsidecars. I think the transition is straightforward and we can eventually remove some of this cumbersome code.With the flexibility of sidecars, it might also be worth considering to specify Scalyr in this fashion (maybe put an example in the docs). An immediate win would be, that the API key is not stored in plaintext, but can be put in a secret instead (and less custom code).
The operator does not manipulate the resource specification of the sidecars. I think this is reasonable because...
As far as I can judge this PR is non-breaking and preserves the existing behavior.