Add linkerd-config-overrides secret #4911
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
adleong
commented
Aug 26, 2020
| @@ -141,7 +141,7 @@ identity: | |||
| # control plane annotation - do not edit | |||
| crtExpiryAnnotation: linkerd.io/identity-issuer-expiry | |||
|
|
|||
| issuanceLifetime: 86400s | |||
| issuanceLifetime: 24h0m0s | |||
There was a problem hiding this comment.
This is how go serializes this duration. By formatting it this way in the chart values.yaml, we avoid spuriously detecting it as overridden.
| @@ -13,7 +13,7 @@ import ( | |||
| "k8s.io/helm/pkg/timeconv" | |||
| ) | |||
|
|
|||
| const versionPlaceholder = "{version}" | |||
| const versionPlaceholder = "linkerdVersionValue" | |||
There was a problem hiding this comment.
I suspect that this was missed in #4373
pkg/charts/linkerd2/values.go
Outdated
| @@ -91,6 +91,7 @@ type ( | |||
| IdentityTrustDomain string `json:"identityTrustDomain"` | |||
| PrometheusURL string `json:"prometheusUrl"` | |||
| GrafanaURL string `json:"grafanaUrl"` | |||
| LinkerdVersion string `json:"linkerdVersion"` | |||
There was a problem hiding this comment.
Not sure why this field was missing to begin with.
|
|
||
| // Tree is a structured representation of a string keyed tree document such as | ||
| // yaml or json. | ||
| type Tree map[string]interface{} |
There was a problem hiding this comment.
You down with ADT? Yeah you know me!
You down with ADT? Yeah you know me!
You down with ADT? Yeah you know me!
Who's down with ADT? NOT GOLANG
|
Ref #4914 |
Pothulapati
approved these changes
Sep 1, 2020
pkg/tree/tree.go
Outdated
| return string(bytes), nil | ||
| } | ||
|
|
||
| // String returns a yaml represetation of the Tree or an error string if |
pkg/tree/tree.go
Outdated
| return diff, nil | ||
| } | ||
|
|
||
| // Prune removes all empty subtress. A subtree is considered empty if it does |
Signed-off-by: Alex Leong <[email protected]>
Signed-off-by: Alex Leong <[email protected]>
…ration test Signed-off-by: Alex Leong <[email protected]>
Signed-off-by: Alex Leong <[email protected]>
Signed-off-by: Alex Leong <[email protected]>
adleong
force-pushed
the
alex/override-of-the-valkyries
branch
from
87da5e3
to
c776584
Compare
Signed-off-by: Alex Leong <[email protected]>
Merged
olix0r
pushed a commit
that referenced
this pull request
Sep 29, 2020
A conflict between #4911 and #4737 caused unit test to be broken. #4737 added a new test to `upgrade_test.go` and the changes in #4911 updated all of these test to ignore differences in the config overrides secret. Since these two PRs merged in parallel, the new test was missing this update. Update the new test to also ignore differences in the config overrides secret as the other ones do. Signed-off-by: Alex Leong <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a new secret to the output of
linkerd installcalledlinkerd-config-overrides. This is the first step towards simplifying the configuration of the linkerd install and upgrade flow through the CLI. This secret contains the subset of the values.yaml which have been overridden. In other words, the subset of values which differ from their default values. The idea is that this will give us a simpler way to produce thelinkerd upgradeoutput while still persisting options set during install. This will eventually replace thelinkerd-configconfigmap entirely.This PR only adds and populates the new secret. The secret is not yet read or used anywhere. Subsequent PRs will update individual control plane components to accept their configuration through flags and will update the
linkerd upgradeflow to use this secret instead of thelinkerd-configconfigmap.This secret is only generated by the CLI and is not present or required when installing or upgrading with Helm.
Here are sample contents of the secret, base64 decoded. Note that identity tls context is saved as an override so that it can be persisted across updates. Since these fields contain private key material, this object must be a secret. This secret is only used for upgrades and thus only the CLI needs to be able to read it. We will not create any RBAC bindings to grant service accounts access to this secret.