Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

peering: remove unnecessary expose servers service, add error cases, fix flaky test #1683

Merged
merged 1 commit into from
Nov 8, 2022
Merged

peering: remove unnecessary expose servers service, add error cases, fix flaky test #1683

merged 1 commit into from
Nov 8, 2022

Conversation

ndhanushkodi
Copy link
Contributor

@ndhanushkodi ndhanushkodi commented Nov 7, 2022
edited
Loading

Changes proposed in this PR:

  • Expose servers service is only needed when partitions are enabled, since peering now requires mesh gateways. So this PR makes it so the helm chart doesn't deploy the expose servers service when only peering (and not partitions) is enabled.
  • Fail fast in the helm chart if tls or mesh gateways are not enabled since they are required for peering
  • In acceptance tests- fix flakiness due to mesh configuration not being recognized before the applying the acceptor resource (which generates the token), to ensure that the token is generated with mesh gateway addresses rather than server pod ips.

How I've tested this PR:
acceptance tests, unit tests

How I expect reviewers to test this PR:
👀

Checklist:

  • Tests added
  • CHANGELOG entry added

    HashiCorp engineers only, community PRs should not add a changelog entry.
    Entries should use present tense (e.g. Add support for...)

@ndhanushkodi ndhanushkodi requested review from a team, jmurret and ishustava and removed request for a team November 7, 2022 03:10
@ndhanushkodi ndhanushkodi changed the title peering: remove unnecessary expose servers service, add error cases, fix flaky test peering: remove unnecessary expose servers service, add error cases, fix flaky test, fix ACL issue Nov 8, 2022
@ndhanushkodi ndhanushkodi changed the title peering: remove unnecessary expose servers service, add error cases, fix flaky test, fix ACL issue peering: remove unnecessary expose servers service, add error cases, fix flaky test Nov 8, 2022
ishustava
ishustava approved these changes Nov 8, 2022
View reviewed changes
Copy link
Contributor

@ishustava ishustava left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

CHANGELOG.md Outdated
Comment on lines 15 to 16
* Enabling peering requires `global.tls.enabled`. [[GH-1610](https://github.com/hashicorp/consul-k8s/pull/1610)]
* Enabling peering requires `meshGateway.enabled`. [[GH-1683](https://github.com/hashicorp/consul-k8s/pull/1683)]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: could we rephrase to be "verb ..." so "Require global.tls.enabled when peering is enabled" 🙏

CHANGELOG.md Outdated
@@ -34,6 +35,7 @@ IMPROVEMENTS:
* API Gateway: Add `tolerations` to `apiGateway.managedGatewayClass` and `apiGateway.controller` [[GH-1650](https://github.com/hashicorp/consul-k8s/pull/1650)]
* API Gateway: Create PodSecurityPolicy for controller when `global.enablePodSecurityPolicies=true`. [[GH-1656](https://github.com/hashicorp/consul-k8s/pull/1656)]
* API Gateway: Create PodSecurityPolicy and allow controller to bind it to ServiceAccounts that it creates for Gateway Deployments when `global.enablePodSecurityPolicies=true`. [[GH-1672](https://github.com/hashicorp/consul-k8s/pull/1672)]
* Expose servers service is only deployed when Admin Partitions(ENT) is enabled. [[GH-1683](https://github.com/hashicorp/consul-k8s/pull/1683)]
Copy link
Contributor

@ishustava ishustava Nov 8, 2022
edited by jmurret
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here:

Suggested change
* Expose servers service is only deployed when Admin Partitions(ENT) is enabled. [[GH-1683](https://github.com/hashicorp/consul-k8s/pull/1683)]
* Deploy `expose-servers` service only when Admin Partitions(ENT) is enabled. [[GH-1683](https://github.com/hashicorp/consul-k8s/pull/1683)]

Copy link
Member

@jmurret jmurret Nov 8, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The suggestion above has the word deploy(ed) twice.. NVM, as admin, I could modify someone else's suggestion. 😬

jmurret
jmurret approved these changes Nov 8, 2022
View reviewed changes
Copy link
Member

@jmurret jmurret left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Looks good! Nice work!

@ndhanushkodi ndhanushkodi force-pushed the nd/peering-improvements branch from 30b5a46 to 796a0c7 Compare November 8, 2022 18:37
@ndhanushkodi
ensure mesh config is created before generating token so mesh gw addr…
a5d4284 
…s are included

remove expose server service when peering is enabled, add more error msgs
@ndhanushkodi ndhanushkodi force-pushed the nd/peering-improvements branch from 796a0c7 to a5d4284 Compare November 8, 2022 19:16
@ndhanushkodi ndhanushkodi merged commit e2cd804 into main Nov 8, 2022
@ndhanushkodi ndhanushkodi deleted the nd/peering-improvements branch November 8, 2022 19:25
@natitomattis natitomattis mentioned this pull request Jun 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmurret jmurret jmurret approved these changes

@ishustava ishustava ishustava approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ndhanushkodi @jmurret @ishustava