Split Sidecar to it's own container #2105
Conversation
Signed-off-by: Daniel Valdivia <[email protected]>
There was a problem hiding this comment.
Do I understand correctly that the sidecar still uses code from the operator (it references github.com/minio/operator in go.mod)? It looks like, although that code is in the same repository, it will use a fixed version that is fetched from GitHub? So, if changes are made to github.com/minio/operator that should be used in the sidecar, then these changes need to be pushed to GitHub and the sidecar dependency should be updated. Am I right?
Is there no way to avoid this? |
|
what if we move the sidecar process outside of operator instead move it into a separate project? |
|
@harshavardhana the symbiosis between operator and sidecar is too strong, I anticipate only when we need changes to operator that we will pair them with sidecar changes in that way we can in a single PR perform both |
Co-authored-by: Shubhendu <[email protected]>
Co-authored-by: Shubhendu <[email protected]>
Co-authored-by: Shubhendu <[email protected]>
Co-authored-by: Shubhendu <[email protected]>
Co-authored-by: Shubhendu <[email protected]>
Co-authored-by: Shubhendu <[email protected]>
Co-authored-by: Shubhendu <[email protected]>
Co-authored-by: Shubhendu <[email protected]>
Co-authored-by: Shubhendu <[email protected]>
Co-authored-by: Shubhendu <[email protected]>
Signed-off-by: pjuarezd <[email protected]>
Add LICENSE and CREDITS to sidecar container Add goreleaser config for sidecar Signed-off-by: pjuarezd <[email protected]>
Signed-off-by: pjuarezd <[email protected]>
Signed-off-by: pjuarezd <[email protected]>
Signed-off-by: pjuarezd <[email protected]>
harshavardhana
dismissed stale reviews from shtripat, jiuker, and pjuarezd
via
2e3ff47
Signed-off-by: pjuarezd <[email protected]>
Signed-off-by: pjuarezd <[email protected]>
``` ERRO Can't read config: can't read viper config: open ./.golangci.yml: no such file or directory ``` Signed-off-by: pjuarezd <[email protected]>
Signed-off-by: pjuarezd <[email protected]>
Signed-off-by: pjuarezd <[email protected]>
``` Vulnerability #1: GO-2024-2824 Malformed DNS message can cause infinite loop in net More info: https://pkg.go.dev/vuln/GO-2024-2824 Standard library Found in: [email protected] Fixed in: [email protected] Example traces found: Error: #1: pkg/sidecar/http_handlers.go:51:60: sidecar.Controller.BucketSrvHandler calls core.services.Delete, which eventually calls net.Dialer.DialContext Error: #2: pkg/sidecar/sidecar_utils.go:80:40: sidecar.StartSideCar calls http.Server.ListenAndServe, which calls net.Listen Error: #3: cmd/sidecar/main.go:129:31: sidecar.main calls cli.App.Run, which eventually calls net.LookupHost Your code is affected by 1 vulnerability from the Go standard library. This scan found no other vulnerabilities in packages you import or modules you require. Use '-show verbose' for more details. ``` add binary `minio-operator-sidecar`to gotignore Signed-off-by: pjuarezd <[email protected]>
|
BTW lets move CI/CD to go1.22.x // @allanrogerr can you send a fix? |
Right now we have a problem where upgrading/downgrading the operator causes all tenants to perform a rolling restart, this is because the sidecar image is the same as the operator.
This PR splits the sidecar into it's own binary, intended to become it's own container image with separate release cycle.
This way, only when there's changes to the sidecar code, we issue a new release and update operator so we can warn users that any given operator release will cause a rolling restart of all tenants.