Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

do not attempt to mount a cluster secret if none were provided. #774

Merged
merged 1 commit into from
Jun 12, 2024
Merged

do not attempt to mount a cluster secret if none were provided. #774

merged 1 commit into from
Jun 12, 2024

Conversation

jmazzitelli
Copy link
Contributor

also, deprecated features_flags.clustering is removed

fixes: kiali/kiali#7187

@jmazzitelli jmazzitelli self-assigned this Jun 11, 2024
@jmazzitelli jmazzitelli mentioned this pull request Jun 11, 2024
Merged
@jmazzitelli
do not attempt to mount a cluster secret if none were provided.
bf0f629 
also, deprecated features_flags.clustering is removed

fixes: kiali/kiali#7187
@jmazzitelli jmazzitelli force-pushed the 7187-support-inaccessible-cluster branch from 30efa79 to bf0f629 Compare June 11, 2024 18:26
@jmazzitelli jmazzitelli mentioned this pull request Jun 11, 2024
Closed
@jmazzitelli
Copy link
Contributor Author

jmazzitelli commented Jun 11, 2024
edited
Loading

  1. Create minikube cluster (e.g. hack/k8s-minikube.sh start) and install Istio (e.g. hack/istio/install-istio-via-istioctl.sh -c kubectl)
  2. Build, push, and deploy server and operator (make -e CLUSTER_TYPE=minikube build build-ui cluster-push operator-create kiali-create)
  3. Now edit the Kiali CR to set up some dummy remote clusters (kubectl edit kiali kiali -n kiali-operator). Add this to the Kiali CR (i.e., under spec create the clustering section:
spec:
  clustering:
    clusters:
    - name: accessible-cluster
      secret_name: the-accessible-cluster-secret
    - name: not-accessible-cluster
  1. Now examine the volumes and volume mounts of the kiali pod; you should NOT see not-accessible-cluster but you should see accessible-cluster. (e.g. kubectl get pods -n istio-system -l app.kubernetes.io/name=kiali -oyaml)

If you have yq you can more easily see it via this:

kubectl get pods -n istio-system -l app.kubernetes.io/name=kiali -oyaml | yq e '.items[0].spec.containers[0].volumeMounts'

which results in something like this (notice accessible-cluster but no not-accessible-cluster):

- mountPath: /kiali-configuration
  name: kiali-configuration
- mountPath: /kiali-secret
  name: kiali-secret
- mountPath: /kiali-cabundle
  name: kiali-cabundle
- mountPath: /kiali-override-secrets/login-token-signing-key
  name: login-token-signing-key
  readOnly: true
- mountPath: /kiali-remote-cluster-secrets/the-accessible-cluster-secret
  name: accessible-cluster
  readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
  name: kube-api-access-j5qz6
  readOnly: true

Similarly with volumes:

kubectl get pods -n istio-system -l app.kubernetes.io/name=kiali -oyaml | yq e '.items[0].spec.volumes'

results in something like this:

- configMap:
    defaultMode: 420
    name: kiali
  name: kiali-configuration
- name: kiali-secret
  secret:
    defaultMode: 420
    optional: true
    secretName: kiali
- configMap:
    defaultMode: 420
    name: kiali-cabundle
    optional: true
  name: kiali-cabundle
- name: login-token-signing-key
  secret:
    defaultMode: 420
    items:
      - key: key
        path: value.txt
    optional: false
    secretName: kiali-signing-key
- name: accessible-cluster
  secret:
    defaultMode: 420
    secretName: the-accessible-cluster-secret
- name: kube-api-access-j5qz6
  projected:
    defaultMode: 420
    sources:
      - serviceAccountToken:
          expirationSeconds: 3607
          path: token
      - configMap:
          items:
            - key: ca.crt
              path: ca.crt
          name: kube-root-ca.crt
      - downwardAPI:
          items:
            - fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
              path: namespace

@jmazzitelli jmazzitelli requested a review from nrfox June 11, 2024 19:03
@jmazzitelli jmazzitelli merged commit 7f4f845 into kiali:master Jun 12, 2024
1 check passed
@jmazzitelli jmazzitelli deleted the 7187-support-inaccessible-cluster branch June 12, 2024 17:43
@jshaughn jshaughn added the test: n/a PR does not need test additions or updates label Jun 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nrfox nrfox nrfox approved these changes

Assignees

@jmazzitelli jmazzitelli

Labels
requires helm chart PR test: n/a PR does not need test additions or updates
Projects
Kiali Sprint 25-04 | Kiali v2.7
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Helm chart/operator does not support Adding an Inaccessible Cluster
3 participants
@jmazzitelli @nrfox @jshaughn