Support cert-manager for certificate management #277
Conversation
|
|
|
@Gallardot Thanks for your contribution! Please sign CLA, first! |
|
@Gallardot thank you very much. |
|
@yeya24 please take a look too |
|
|
||
| ## Parameters | ||
|
|
||
| The following tables list the configurable parameters of the Chaos Mesh chart and their default values. |
There was a problem hiding this comment.
Wow. This is amazing! I think every user needs that, thanks!
helm/chaos-mesh/README.md
Outdated
| | `chaosDaemon.image` | the docker image for chaos-daemon | `pingcap/chaos-mesh:latest` | | ||
| | `chaosDaemon.imagePullPolicy` | image pull policy | `Always` | | ||
| | `chaosDaemon.grpcPort` | | `31767` | | ||
| | `chaosDaemon.httpPort` | | `31766` | |
There was a problem hiding this comment.
Is it better to add some comments about the two ports? Like their usage?
There was a problem hiding this comment.
Not very familiar with chaosDaemon. I may need some help.
chaosDaemon.grpcPort | the port which grpc server listens on
chaosDaemon.httpPort | the port which http server listens on
code from here
https://github.com/pingcap/chaos-mesh/blob/7ce47e8d6fb9d047fc82a0b555f5b690f42f8942/cmd/chaos-daemon/main.go#L38-L39
It's OK?
helm/chaos-mesh/README.md
Outdated
| | `controllerManager.nodeSelector` | Node labels for chaos-controller-manager pod assignment | `{}` | | ||
| | `controllerManager.tolerations` | Toleration labels for chaos-controller-manager pod assignment | `[]` | | ||
| | `controllerManager.affinity` | Map of chaos-controller-manager node/pod affinities | `{}` | | ||
| | `controllerManager.podAnnotations` | Deployment chaos-controller-manager annotations | `{}`| |
There was a problem hiding this comment.
Deployment chaos-controller-manager annotations is kind of misleading since these annotations are for pods. What about just simply Pod annotations of chaos-controller-manager
| */}} | ||
| {{- define "chaos-mesh.webhook" -}} | ||
| {{- printf "admission-webhook.pingcap.com" -}} | ||
| {{- end -}} |
There was a problem hiding this comment.
We may need a new line here
| kubectl -n ${K8S_NAMESPACE} apply -f - | ||
|
|
||
| {{- end }} |
| kubectl delete secrets -n {{ .Release.Namespace }} {{ template "chaos-mesh.certs" . }} || true | ||
| {{- end }} |
| secretName: {{ template "chaos-mesh.certs" . }} | ||
| issuerRef: | ||
| name: chaos-mesh-selfsigned | ||
| {{- end }} |
helm/chaos-mesh/values.yaml
Outdated
| enabled: false | ||
| autoDeleteSecret: false | ||
|
|
||
| FailurePolicy: Ignore |
helm/chaos-mesh/README.md
Outdated
| | `dashboard.resources` | CPU/Memory resource requests/limits for chaos-dashboard pod | `requests: { cpu: "250m", memory: "512Mi" }, limits:{ cpu: "500m", memory: "1024Mi" }` | | ||
| | `dashboard.volume.storage` | | `3Gi` | | ||
| | `dashboard.volume.storageClassName` | | `standard` | | ||
| | `prometheus.create` | enable the prometheus | `false` | |
There was a problem hiding this comment.
Don't need the, enable Prometheus is fine
helm/chaos-mesh/README.md
Outdated
| | `chaosDaemon.podAnnotations` | Deployment chaos-daemon annotations | `{}` | | ||
| | `chaosDaemon.runtime` | runtime specifies which container runtime to use. Currently we only supports docker and containerd. | `docker` | | ||
| | `chaosDaemon.socketPath` | specifies the container runtime socket | `/var/run/docker.sock` | | ||
| | `dashboard.create` | enable the chaos-dashboard | `false` | |
| service: | ||
| name: chaos-mesh-controller-manager | ||
| namespace: ${K8S_NAMESPACE} | ||
| path: "/inject-v1-pod" |
There was a problem hiding this comment.
I tried to deploy with certManager.enabled = false and I got the error below in webhook-mw-job pod. Seems the service field is still required
# job failed
webhook-mw-job-4fpbb 0/1 Error 0 69s
webhook-mw-job-89zxk 0/1 Error 0 29s
webhook-mw-job-kv44l 0/1 Error 0 99s
webhook-mw-job-lrb6z 0/1 Error 0 89s
webhook-mw-job-qlfsj 0/1 Error 0 101s
klo webhook-mw-job-kv44l
The MutatingWebhookConfiguration "chaos-mesh-sidecar-injector" is invalid: webhooks[0].clientConfig: Required value: exactly one of url or service is required
There was a problem hiding this comment.
What is your k8s version? My version is v1.17.2 . System operating normally . I will fix it right now.
There was a problem hiding this comment.
Can not recurrence this error, if I use 1.17.0. But I have added the service field on the MutatingWebhookConfiguration. Please try again. Thank you.
There was a problem hiding this comment.
Thanks! With the updated PR, and then it works!
|
I have no idea for why the Jenkins job failed. I need some help. |
|
@Gallardot |
@Gallardot @cwen0 will fix it |
README.md
Outdated
|
|
||
| ```bash | ||
| # helm 2.X | ||
| helm delete chaos-mesh |
| @@ -0,0 +1,138 @@ | |||
| # Chaos Mesh | |||
helm/chaos-mesh/README.md
Outdated
| webhook: | ||
| certManager: | ||
| enabled: true | ||
| autoDeleteSecret: true |
There was a problem hiding this comment.
autoDeleteSecret is misleading, How about naming it deleteSecret, If the deleteSecret is true, we will create a job to delete the secret, Otherwise, do nothing
There was a problem hiding this comment.
Good advice. I'm confused about that too.
| @@ -0,0 +1,58 @@ | |||
| --- | |||
There was a problem hiding this comment.
rename this file to webhook-configuration.yaml?
There was a problem hiding this comment.
All done. Please take a look again.Thanks.
Codecov Report
@@ Coverage Diff @@
## master #277 +/- ##
==========================================
+ Coverage 60.4% 61.84% +1.43%
==========================================
Files 36 40 +4
Lines 1985 2445 +460
==========================================
+ Hits 1199 1512 +313
- Misses 692 833 +141
- Partials 94 100 +6
Continue to review full report at Codecov.
|
|
@yeya24 PTAL again, thanks! |
|
/merge |
|
/run-all-tests |
What problem does this PR solve?
#237
What is changed and how does it work?
Check List
Tests
Code changes
Side effects
Related changes
Does this PR introduce a user-facing change?: