-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor Flux 2.3 update #172
Conversation
Signed-off-by: Andrei Kvapil <[email protected]>
I'm checking out this PR now. I see that flux-operator 0.6 is out, a few hours ago. I'll run make update and see what divergences exist between the upstream chart and the local clone. Ideally the changes having been merged upstream will allow us to remove any patches we've added out-of-band to the flux-operator chart. I saw you merged the values files together, I don't know how to support this idea, but I was hoping we could allow users to select their own values somehow, maybe through a toggle. The idea being that the more fields we set in our In the earlier PR of the two that got merged, #166 I think I kept it minimal, and then added more detailed customization in #167 - in my initial idea, ideally the whole Then on second thought I guess it makes more sense if cozystack is creating the |
The network policy appears a bit messed up.
The network patch (alternative to setting cluster.domain) didn't work for me. It correctly identified the service to poll (source-controller) and it looks like coreDNS is directing us to the right address, but it's getting I/O timeout. The error:
This may have been the cilium issue you were talking about before? |
Removing the network policy that cozystack imposes (I can't find where, I did spot it earlier) allows flux pods to talk again:
I suspect that flux would be talking fine if the default network policies weren't skipped. I'm not sure why they don't apply. I'll keep poking around, I have not yet mastered the build process for cozystack + all its parts |
I see that The flux network policies weren't created by default because: looks like a bug in the operator, it can be easily worked around by setting any of the values under What was the purpose of removing |
I'm sure this is a bug, I opened: |
| commonAnnotations | object | `{}` | Common annotations to add to all deployed objects including pods. | | ||
| commonLabels | object | `{}` | Common labels to add to all deployed objects including pods. | | ||
| fullnameOverride | string | `""` | | | ||
+| hostNetwork | bool | `false` | If `true`, start flux-operator in hostNetwork mode. | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not in sync with the upstream chart, please copy https://github.com/controlplaneio-fluxcd/charts/tree/main/charts/flux-operator
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have make update
which pulls from OCI chart upstream, and for flux-operator 0.6 - #178 will bring it back in sync, before these changes are released. I already updated in that PR to fix fuzz in one of the patches here, and deleted the other one for hostNetwork that is no longer needed because it got merged upstream in controlplaneio-fluxcd/charts#10.
This PR upgrades to Flux-Operator 0.6 released this morning, also includes: * #170 which is an aggregate PR, so #171 #172 etc. I think this PR now basically subsumes #170 and can replace it. I have at least 80% confidence there are no errors in this PR. It also restores the networkPolicy default and the deleted cozy-dashboard network policy, which we will see fixed (restored to install NetworkPolicy resources by default) in the next `flux-operator` release. Ref: controlplaneio-fluxcd/flux-operator#52
This PR upgrades to Flux-Operator 0.6 released this morning, also includes: * #170 which is an aggregate PR, so #171 #172 etc. I think this PR now basically subsumes #170 and can replace it. I have at least 80% confidence there are no errors in this PR. It also restores the networkPolicy default and the deleted cozy-dashboard network policy, which we will see fixed (restored to install NetworkPolicy resources by default) in the next `flux-operator` release. Ref: controlplaneio-fluxcd/flux-operator#52
This PR upgrades to Flux-Operator 0.6 released this morning, also includes: * #170 which is an aggregate PR, so #171 #172 etc. I think this PR now basically subsumes #170 and can replace it. I have at least 80% confidence there are no errors in this PR. It also restores the networkPolicy default and the deleted cozy-dashboard network policy, which we will see fixed (restored to install NetworkPolicy resources by default) in the next `flux-operator` release. Ref: controlplaneio-fluxcd/flux-operator#52 Signed-off-by: Andrei Kvapil <[email protected]>
This PR upgrades to Flux-Operator 0.6 released this morning, also includes: * #170 which is an aggregate PR, so #171 #172 etc. I think this PR now basically subsumes #170 and can replace it. I have at least 80% confidence there are no errors in this PR. It also restores the networkPolicy default and the deleted cozy-dashboard network policy, which we will see fixed (restored to install NetworkPolicy resources by default) in the next `flux-operator` release. Ref: controlplaneio-fluxcd/flux-operator#52 Signed-off-by: Andrei Kvapil <[email protected]>
This PR upgrades to Flux-Operator 0.6 released this morning, also includes: * #170 which is an aggregate PR, so #171 #172 etc. I think this PR now basically subsumes #170 and can replace it. I have at least 80% confidence there are no errors in this PR. It also restores the networkPolicy default and the deleted cozy-dashboard network policy, which we will see fixed (restored to install NetworkPolicy resources by default) in the next `flux-operator` release. Ref: controlplaneio-fluxcd/flux-operator#52 Signed-off-by: Andrei Kvapil <[email protected]>
This PR:
*-shared
bundlescozy-fluxcd.svc
domain for fluxcd to allow dashboard accessing source-controller, see Unhardcode cluster.local domain controlplaneio-fluxcd/flux-operator#34 (comment)