Initial support for agentless #1267
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ishustava
force-pushed
the
ishustava/agentless-inital-support
branch
from
0feca58 to
de0faf2
Compare
ishustava
commented
Jun 20, 2022
Comment on lines
+890
to
+893
| # - acceptance-tproxy: | ||
| # context: consul-ci | ||
| # requires: | ||
| # - dev-upload-docker |
There was a problem hiding this comment.
tproxy is not yet supported
ishustava
force-pushed
the
ishustava/agentless-inital-support
branch
3 times, most recently
from
24f2671 to
3df5def
Compare
ishustava
commented
Jun 20, 2022
| @test "client/ConfigMap: enable with global.enabled false" { | ||
| cd `chart_dir` | ||
| local actual=$(helm template \ | ||
| -s templates/client-config-configmap.yaml \ | ||
| --set 'client.enabled=true' \ |
There was a problem hiding this comment.
Clients are now disabled by default (previously they were enabled), and so lots of bats tests needed to be changed to enable clients explicitly
ishustava
commented
Jun 20, 2022
Comment on lines
-631
to
-632
| #-------------------------------------------------------------------- | ||
| # global.tls.enableAutoEncrypt |
There was a problem hiding this comment.
Auto-encrypt is no longer supported for the connect-inject deployment as this is a setting used only when talking to consul clients.
ishustava
force-pushed
the
ishustava/agentless-inital-support
branch
from
3df5def to
f5479bc
Compare
ishustava
commented
Jun 20, 2022
| // which in this case are Pods. It only returns true if the Pod is a Consul Client Agent Pod. It reads the labels | ||
| // from the meta of the resource and uses the values of the "app" and "component" label to validate that | ||
| // the Pod is a Consul Client Agent. | ||
| func (r *EndpointsController) filterAgentPods(object client.Object) bool { |
There was a problem hiding this comment.
This code might come back to better handle upgrades but removing it for now as I'm not sure yet how upgrades will be handled.
There was a problem hiding this comment.
good point. but in that case, we would just re-enqueue all the endpoints I think.
ndhanushkodi
approved these changes
Jun 24, 2022
| fieldPath: status.hostIP | ||
| {{- if .Values.global.tls.enabled }} | ||
| - name: CONSUL_CACERT | ||
| value: /consul/tls/ca/tls.crt |
There was a problem hiding this comment.
clarifying q for my understanding: did this used to be the CA for server and client agents and now when clients are disabled it's only the server agent CA?
There was a problem hiding this comment.
yeah exactly! and more specifically, when using auto-encrypt the CA for the client will be different (connect CA) and so we needed to mount a client-specific CA in that case. Without clients, we'd only need the server CA.
There was a problem hiding this comment.
ahhh thank you for the clarification!!
| ConsulKubernetesCheckType = "kubernetes-readiness" | ||
|
|
||
| // ConsulKubernetesCheckName is the name of health check in Consul for Kubernetes readiness status. | ||
| ConsulKubernetesCheckName = "Kubernetes Readiness Check" |
There was a problem hiding this comment.
in a custom health check like this, is the status of the check all consul would care about to decide whether to route traffic to the app?
thisisnotashwin
pushed a commit
that referenced
this pull request
Sep 19, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
thisisnotashwin
pushed a commit
that referenced
this pull request
Sep 19, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
thisisnotashwin
pushed a commit
that referenced
this pull request
Sep 19, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
ishustava
added a commit
that referenced
this pull request
Sep 20, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
thisisnotashwin
pushed a commit
that referenced
this pull request
Sep 20, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
ishustava
added a commit
that referenced
this pull request
Sep 20, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
t-eckert
pushed a commit
that referenced
this pull request
Sep 21, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
t-eckert
pushed a commit
that referenced
this pull request
Sep 21, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
t-eckert
pushed a commit
that referenced
this pull request
Sep 21, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
t-eckert
pushed a commit
that referenced
this pull request
Sep 21, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
thisisnotashwin
pushed a commit
that referenced
this pull request
Sep 22, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
thisisnotashwin
pushed a commit
that referenced
this pull request
Sep 22, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
thisisnotashwin
pushed a commit
that referenced
this pull request
Sep 27, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
thisisnotashwin
pushed a commit
that referenced
this pull request
Sep 27, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
jmurret
pushed a commit
that referenced
this pull request
Sep 27, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
t-eckert
pushed a commit
that referenced
this pull request
Sep 28, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
t-eckert
pushed a commit
that referenced
this pull request
Sep 28, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
t-eckert
pushed a commit
that referenced
this pull request
Sep 28, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
t-eckert
pushed a commit
that referenced
this pull request
Sep 28, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
t-eckert
pushed a commit
that referenced
this pull request
Sep 28, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
t-eckert
pushed a commit
that referenced
this pull request
Sep 28, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
t-eckert
pushed a commit
that referenced
this pull request
Sep 28, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
t-eckert
pushed a commit
that referenced
this pull request
Sep 28, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
t-eckert
pushed a commit
that referenced
this pull request
Sep 28, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
ishustava
added a commit
that referenced
this pull request
Sep 28, 2022
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes proposed in this PR:
Add initial support for the basic service mesh running with agentless.
-node-nameflag so that it can search for services within a given node using catalog APIs-node-nameflag to theconsul connect envoycommand so that we can generate correct configurationHow I've tested this PR:
acceptance tests
How I expect reviewers to test this PR:
👀
TODO:
add support for external servers(will come in a separate PR as this one is already big)Checklist: