Fix replacements errors in helm charts and templates #52459
Conversation
Signed-off-by: frherrer <frherrer@redhat.com> Update and fix helm errors Signed-off-by: frherrer <frherrer@redhat.com>
istio-testing
added
size/M
|
Hi @fjglira. Thanks for your PR. I'm waiting for a istio member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Co-authored-by: John Howard <john.howard@solo.io>
Signed-off-by: frherrer <frherrer@redhat.com>
| cniBinDir: /var/lib/cni/bin | ||
| cniConfDir: /etc/cni/multus/net.d | ||
| chained: false | ||
| cniConfFileName: "istio-cni.conf" | ||
| logLevel: info | ||
| provider: "multus" | ||
| pilot: |
There was a problem hiding this comment.
I don't think this should move. Technically i think it will work its just a bit confusing.
The problem is we currently share the same profile between all charts, which is a bit wonky but technically works.
We then allow flattening pilot and cni.
These values are meant to be passed to the pilot chart, they just (somewhat confusingly) are passed as pilot.cni. So because we unwrap that, we happen to get cni which happens to conflict with the CNI chart.
A more clean approach would be to have a profile-per-chart, but its a pain to maintain.
There was a problem hiding this comment.
I don't think this should move. Technically i think it will work its just a bit confusing.
The problem is we currently share the same profile between all charts, which is a bit wonky but technically works.
We then allow flattening
pilotandcni.These values are meant to be passed to the pilot chart, they just (somewhat confusingly) are passed as pilot.cni. So because we unwrap that, we happen to get
cniwhich happens to conflict with the CNI chart.A more clean approach would be to have a profile-per-chart, but its a pain to maintain.
In the case of the openshift profile, I think there is no override of any pilot value.That is why I deleted those in this case. Also, checking in the repo I only find the use of pilot.cni* in some testdata yaml but instead .Values.cni.enabled and .Values.cni.provider are used across all charts now.
There was a problem hiding this comment.
Yeah - these are pilot values, and used nowhere else. They should be scoped exclusively to pilot.
helm install pilot --set cni.enabledhelm install <thing-that-composes-pilot-by-name> --set pilot.cni.enabledhelm install <thing-that-composes-pilot-and-cni-by-name> --set pilot.cni.enabled
should all work just fine in normative helm and inherently be correctly scoped. but since we have/are slowly undoing our own scoping conventions it's not that simple.
As I mentioned in
#52036 (comment)
if pilot.cni is uniquely a problem because we are eagerly unwrapping pilot, I think we can just manually rescope/munge pilot.cni first, then unwrap what's left of pilot as we do currently.
enabled and provider are the only two keys under pilot.cni, they can be munged to cniEnabled and cniProvider under the hood in a sprig templating func if we want.
(if we used Helm composition and composed istiod and istio-cni in the same chart Helm would populate an equivalent of enabled for us anyway dynamically based on whether istio-cni was installed as a dependency or not, so IMO that one is a bit suspect already).
And cni.provider is used only by OpenShift anyway. It has one valid value (multus) - we should drop it, as whatever it does can and should just be done by the openshift profile/platform: openshift.
I'd just s/values.cni.provider=multus/values.platform=openshift/g and drop cni.provider
There was a problem hiding this comment.
@bleggett Should I do this replacement of cni.provider in this PR or do it in another PR to not mix the things? I agree that if the only value used in all the charts is multus and is only used to set openshift specific configuration does not make sense to have it there and should set those values by using values.platform=openshift. Regarding enable will be only key remaining under pilot, can check as you metion to cniEnabled a leave it under pilot? wdyt?
There was a problem hiding this comment.
@bleggett seems to be that I can't add /release-notes-none label
There was a problem hiding this comment.
I'll add it - can you remove https://github.com/istio/istio/blob/49abfa448f43cfd61ed85ba00b640cdd3a47befd/manifests/helm-profiles/openshift.yaml and the resulting value moves, deferring those to followups where we change the scoping properly/drop some of them?
That should reduce the delta here.
There was a problem hiding this comment.
sure, ill try to do that this weekend if not Monday morning will be done
There was a problem hiding this comment.
sure, ill try to do that this weekend if not Monday morning will be done
Don't do it over the weekend - if you do I'll be tempted to look at it :P
There was a problem hiding this comment.
OK, changes are done. To summarise the changes on this PR and what is pending for the next one:
Fix:
.Values.cnierrors in helm charts- Fix incorrect replace in
apiVersion: k8s.cni.cncf.io/v1 - Fix
.Values.pilot.cni.enabledand.Values.pilot.cni.providerincorrect replace that affect login in helm charts
Pending for the next PR:
- Replace the use of
cni.providerbecause the only use is to set values applicable to openshift. Replace by the use ofplatform=openshift - Replace
pilot.cni.enabledforpilot. cniEnabledto avoid warp cni inside pilot - I'll check if there is another helm value that can be simplified and check in the docs to see if we need to update some of the docs also
Co-authored-by: John Howard <john.howard@solo.io>
Co-authored-by: John Howard <john.howard@solo.io>
|
/ok-to-test |
istio-testing
added
ok-to-test
|
ty for the fixes! |
| @@ -14,8 +14,8 @@ data: | |||
| AMBIENT_ENABLED: {{ .Values.ambient.enabled | quote }} | |||
| AMBIENT_DNS_CAPTURE: {{ .Values.ambient.dnsCapture | default "false" | quote }} | |||
| AMBIENT_IPV6: {{ .Values.ambient.ipv6 | default "false" | quote }} | |||
| {{- if .ValuesConfFileName }} # K8S < 1.24 doesn't like empty values | |||
There was a problem hiding this comment.
I shoulda caught this in review, that's on me.
| cniBinDir: /var/lib/cni/bin | ||
| cniConfDir: /etc/cni/multus/net.d | ||
| chained: false | ||
| cniConfFileName: "istio-cni.conf" | ||
| logLevel: info | ||
| provider: "multus" | ||
| pilot: |
There was a problem hiding this comment.
Yeah - these are pilot values, and used nowhere else. They should be scoped exclusively to pilot.
helm install pilot --set cni.enabledhelm install <thing-that-composes-pilot-by-name> --set pilot.cni.enabledhelm install <thing-that-composes-pilot-and-cni-by-name> --set pilot.cni.enabled
should all work just fine in normative helm and inherently be correctly scoped. but since we have/are slowly undoing our own scoping conventions it's not that simple.
As I mentioned in
#52036 (comment)
if pilot.cni is uniquely a problem because we are eagerly unwrapping pilot, I think we can just manually rescope/munge pilot.cni first, then unwrap what's left of pilot as we do currently.
enabled and provider are the only two keys under pilot.cni, they can be munged to cniEnabled and cniProvider under the hood in a sprig templating func if we want.
(if we used Helm composition and composed istiod and istio-cni in the same chart Helm would populate an equivalent of enabled for us anyway dynamically based on whether istio-cni was installed as a dependency or not, so IMO that one is a bit suspect already).
And cni.provider is used only by OpenShift anyway. It has one valid value (multus) - we should drop it, as whatever it does can and should just be done by the openshift profile/platform: openshift.
I'd just s/values.cni.provider=multus/values.platform=openshift/g and drop cni.provider
|
/release-notes-none |
|
/release-note-none |
bleggett
added
the
release-notes-none
Signed-off-by: frherrer <frherrer@redhat.com>
* upstream/master: (67 commits) Add release notes for dual-stack support promotion (istio#52524) Automator: update proxy@master in istio/istio@master (istio#52515) add name (istio#52501) Allow setting resources to null in gateway chart (istio#52514) Fix replacements errors in helm charts and templates (istio#52459) hand written IstioEndpoint deepcopy (istio#52485) operator: remove `profile` commands (istio#52468) Automator: update proxy@master in istio/istio@master (istio#52506) Automator: update proxy@master in istio/istio@master (istio#52505) Automator: update proxy@master in istio/istio@master (istio#52504) Automator: update ztunnel@master in istio/istio@master (istio#52502) Fix typo of InsertDataToConfigMap func description (istio#52491) Fix stale GVK in benchmark test (istio#52482) Bug/stale cert expiration logs (istio#52466) Automator: update ztunnel@master in istio/istio@master (istio#52496) Automator: update proxy@master in istio/istio@master (istio#52495) operator: move proto from api to this repo (istio#52472) remove unneeded func isAllowedKubernetesAudience (istio#52489) operator: misc code cleanup (istio#52467) ambient: do not allow service waypoint to have a waypoint (istio#52480) ...
Update and fix helm errors
After the merge of the PR's #52395 and #52036 some of the replacements using the profile are being done wrong because of the move of the fields on those PR's. More information in the issue #52458 and we can discuss there about the move of the fields
Fixes #52458