Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

helm mode: add implementation for clustermesh connect #1628

Merged
merged 2 commits into from
Jun 8, 2023
Merged

helm mode: add implementation for clustermesh connect #1628

merged 2 commits into from
Jun 8, 2023

Conversation

asauber
Copy link
Member

@asauber asauber commented May 13, 2023
edited
Loading

Add an implementation for clustermesh connect using Helm.

Like the classic mode implementation, we autodetect the clustermesh-apiserver IPs and port numbers in order to write the endpoints: configuration. However, rather than generate the certificates in-process, we rely on the cronJob (certgen) mode of the Helm chart to generate (and re-generate) all of the ClusterMesh related certs.

As a first pass, we support the same set of flags as the classic mode.

A second pass PR will include all --helm-* flags, which will allow the use of extraDnsNames for the purpose of Service resolvability, and the use of other PKI modes.

Fixes: #1620

@asauber asauber temporarily deployed to ci May 13, 2023 01:31 — with GitHub Actions Inactive
@asauber asauber temporarily deployed to ci May 15, 2023 18:53 — with GitHub Actions Inactive
@asauber asauber force-pushed the pr/asauber/helm-mode-clustermesh branch from 8aaa5a8 to 09b4047 Compare May 15, 2023 19:05
@asauber asauber temporarily deployed to ci May 15, 2023 19:05 — with GitHub Actions Inactive
@asauber asauber marked this pull request as ready for review May 15, 2023 19:11
@asauber asauber requested review from a team as code owners May 15, 2023 19:11
@asauber asauber requested review from squeed and giorio94 May 15, 2023 19:11
@asauber
Copy link
Member Author

asauber commented May 15, 2023

Converting to draft to fix cronJob config.

@asauber asauber marked this pull request as draft May 15, 2023 19:27
@asauber asauber temporarily deployed to ci May 15, 2023 19:32 — with GitHub Actions Inactive
@asauber asauber force-pushed the pr/asauber/helm-mode-clustermesh branch from ff8ad73 to 8b5f512 Compare May 16, 2023 18:25
@asauber asauber temporarily deployed to ci May 16, 2023 18:26 — with GitHub Actions Inactive
@asauber asauber marked this pull request as ready for review May 16, 2023 19:23
@asauber asauber requested a review from michi-covalent May 16, 2023 19:25
@asauber asauber mentioned this pull request May 16, 2023
Closed
michi-covalent
michi-covalent reviewed May 16, 2023
View reviewed changes
internal/cli/cmd/clustermesh.go Show resolved Hide resolved
clustermesh/clustermesh.go Outdated Show resolved Hide resolved
clustermesh/clustermesh.go Outdated Show resolved Hide resolved
@michi-covalent michi-covalent mentioned this pull request May 16, 2023
Closed
giorio94
giorio94 reviewed May 17, 2023
View reviewed changes
internal/helm/helm.go Outdated Show resolved Hide resolved
clustermesh/clustermesh.go Outdated Show resolved Hide resolved
clustermesh/clustermesh.go Outdated Show resolved Hide resolved
clustermesh/clustermesh.go Outdated Show resolved Hide resolved
clustermesh/clustermesh.go Outdated Show resolved Hide resolved
clustermesh/clustermesh.go Outdated Show resolved Hide resolved
clustermesh/clustermesh.go Outdated Show resolved Hide resolved
clustermesh/clustermesh.go Outdated Show resolved Hide resolved
@giorio94
Copy link
Member

I've tested this PR trying to connect more than two clusters, and it seems to overwrite the previous configuration rather than adding the new cluster (as the legacy implementation did).

@asauber
Copy link
Member Author

asauber commented May 19, 2023

Great suggestions all, working on it

squeed
squeed reviewed May 24, 2023
View reviewed changes
clustermesh/clustermesh.go Outdated Show resolved Hide resolved
squeed
squeed reviewed May 24, 2023
View reviewed changes
clustermesh/clustermesh.go Outdated Show resolved Hide resolved
@tklauser tklauser added needs-rebase This PR needs to be rebased because it has merge conflicts. and removed needs-rebase This PR needs to be rebased because it has merge conflicts. labels May 25, 2023
@asauber asauber force-pushed the pr/asauber/helm-mode-clustermesh branch from 8b5f512 to 2ade061 Compare June 1, 2023 03:01
@asauber asauber temporarily deployed to ci June 1, 2023 03:01 — with GitHub Actions Inactive
@asauber asauber temporarily deployed to ci June 2, 2023 20:08 — with GitHub Actions Inactive
@asauber asauber force-pushed the pr/asauber/helm-mode-clustermesh branch from 7aebb66 to 0ff0859 Compare June 2, 2023 20:18
@asauber asauber temporarily deployed to ci June 2, 2023 20:18 — with GitHub Actions Inactive
giorio94
giorio94 requested changes Jun 5, 2023
View reviewed changes
Copy link
Member

@giorio94 giorio94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall, the PR looks OK to me, I've left a few minor comments inline. Additionally, there seems to be something wrong with the merging logic, since the cilium clustermesh connect command fails with Error: Unable to connect cluster: existing clustermesh.config.cluters array is invalid when issued a second time.

clustermesh/clustermesh.go Outdated Show resolved Hide resolved
clustermesh/clustermesh.go Outdated Show resolved Hide resolved
clustermesh/clustermesh.go Outdated Show resolved Hide resolved
clustermesh/clustermesh.go Outdated Show resolved Hide resolved
@giorio94 giorio94 mentioned this pull request Jun 5, 2023
Merged
@asauber asauber force-pushed the pr/asauber/helm-mode-clustermesh branch from 0ff0859 to ec41572 Compare June 5, 2023 13:45
@asauber asauber temporarily deployed to ci June 5, 2023 13:45 — with GitHub Actions Inactive
@asauber asauber force-pushed the pr/asauber/helm-mode-clustermesh branch from ec41572 to 7d1f94a Compare June 5, 2023 13:53
@asauber asauber temporarily deployed to ci June 5, 2023 13:53 — with GitHub Actions Inactive
@asauber asauber temporarily deployed to ci June 6, 2023 14:40 — with GitHub Actions Inactive
giorio94
giorio94 approved these changes Jun 7, 2023
View reviewed changes
Copy link
Member

@giorio94 giorio94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks awesome to me! Just a couple of very minor nits inline. I guess that the last missing piece is now the clustermesh disconnect support.

clustermesh/clustermesh.go Outdated Show resolved Hide resolved
clustermesh/clustermesh.go Outdated Show resolved Hide resolved
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jun 7, 2023
@tklauser tklauser removed the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jun 7, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jun 7, 2023
@asauber asauber added dont-merge/blocked Another PR must be merged before this one. and removed dont-merge/blocked Another PR must be merged before this one. labels Jun 7, 2023
@asauber
Copy link
Member Author

asauber commented Jun 7, 2023
edited
Loading

I pushed this rebased commit ce4d16c but GitHub PR's are currently having issues and it has not shown up here.

@asauber asauber added the dont-merge/bad-bot To prevent MLH from marking ready-to-merge. label Jun 7, 2023
@asauber asauber force-pushed the pr/asauber/helm-mode-clustermesh branch from 82eedfc to 279eaf1 Compare June 7, 2023 18:20
@asauber asauber temporarily deployed to ci June 7, 2023 18:20 — with GitHub Actions Inactive
@asauber asauber force-pushed the pr/asauber/helm-mode-clustermesh branch from 279eaf1 to ce4d16c Compare June 7, 2023 18:27
tklauser
tklauser reviewed Jun 8, 2023
View reviewed changes
internal/helm/helm.go Outdated Show resolved Hide resolved
@asauber asauber removed the dont-merge/bad-bot To prevent MLH from marking ready-to-merge. label Jun 8, 2023
asauber added 2 commits June 8, 2023 11:47
@asauber
helm mode: add implementation for clustermesh connect
b69d2bf 
Signed-off-by: Andrew Sauber <[email protected]>
@asauber
clustermesh connect: configure PKI upon CA mismatch
0abeec8 
Previously, if CA certificates did not match among clusters during
clustermesh connect, we would bail out of the connect process. Now, upon
a mismatch, present a warning to the user that multicluster features
will be degraded, and use the per-cluster PKI configuration in the Helm
chart to configure key material for each cluster.

Signed-off-by: Andrew Sauber <[email protected]>
@asauber asauber force-pushed the pr/asauber/helm-mode-clustermesh branch from ce4d16c to 0abeec8 Compare June 8, 2023 15:47
@asauber asauber temporarily deployed to ci June 8, 2023 15:47 — with GitHub Actions Inactive
@tklauser tklauser merged commit db37706 into main Jun 8, 2023
@tklauser tklauser deleted the pr/asauber/helm-mode-clustermesh branch June 8, 2023 17:14
@ChrsMark ChrsMark mentioned this pull request Jun 21, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michi-covalent michi-covalent michi-covalent left review comments

@tklauser tklauser tklauser left review comments

@giorio94 giorio94 giorio94 approved these changes

@squeed squeed squeed approved these changes

Assignees
No one assigned
Labels
ready-to-merge This PR has passed all tests and received consensus from code owners to merge.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement cilium clustermesh connect using new Helm functions
5 participants
@asauber @giorio94 @tklauser @squeed @michi-covalent