Add functionality to helm chart to allow image digest for controllerImage#11406
Merged
olix0r merged 4 commits intolinkerd:mainfrom Sep 26, 2023
cromulentbanana:main
Merged
Add functionality to helm chart to allow image digest for controllerImage#11406olix0r merged 4 commits intolinkerd:mainfrom cromulentbanana:main
olix0r merged 4 commits intolinkerd:mainfrom
cromulentbanana:main
Conversation
alpeb
reviewed
Sep 25, 2023
Member
alpeb
left a comment
alpeb
left a comment
There was a problem hiding this comment.
Thanks @cromulentbanana . Please run bin/helm-docs to regenerate the chart's README.md file.
olix0r
approved these changes
Sep 26, 2023
Signed-off-by: Adam Shaw <[email protected]>
Signed-off-by: Adam Shaw <[email protected]>
Signed-off-by: Dan Levin <[email protected]>
Signed-off-by: Dan Levin <[email protected]>
adleong
approved these changes
Sep 26, 2023
Contributor
Author
|
thanks everyone |
Contributor
Author
olix0r
added a commit
that referenced
this pull request
Sep 28, 2023
This edge release makes Linkerd even better. * Added a controlPlaneVersion override to the `linkerd-control-plane` Helm chart to support including SHA256 image digests in Linkerd manifests (thanks @cromulentbanana!) ([#11406]) * Improved `linkerd viz check` to attempt to validate that the Prometheus scrape interval will work well with the CLI and Web query parameters ([#11376]) * Fixed an issue where the destination controller would not update pod metadata for profile resolutions for a pod accessed via the host network (e.g. HostPort endpoints) ([#11334]). * Added a validating webhook config for httproutes.gateway.networking.k8s.io resources (thanks @mikutas!) ([#11150]) [#11150]: #11150 [#11334]: #11334 [#11376]: #11376 [#11406]: #11406
Merged
olix0r
added a commit
that referenced
this pull request
Sep 28, 2023
This edge release makes Linkerd even better. * Added a controlPlaneVersion override to the `linkerd-control-plane` Helm chart to support including SHA256 image digests in Linkerd manifests (thanks @cromulentbanana!) ([#11406]) * Improved `linkerd viz check` to attempt to validate that the Prometheus scrape interval will work well with the CLI and Web query parameters ([#11376]) * Fixed an issue where the destination controller would not update pod metadata for profile resolutions for a pod accessed via the host network (e.g. HostPort endpoints) ([#11334]). * Added a validating webhook config for httproutes.gateway.networking.k8s.io resources (thanks @mikutas!) ([#11150]) [#11150]: #11150 [#11334]: #11334 [#11376]: #11376 [#11406]: #11406
olix0r
added a commit
that referenced
this pull request
Sep 29, 2023
This edge release makes Linkerd even better. * Added a controlPlaneVersion override to the `linkerd-control-plane` Helm chart to support including SHA256 image digests in Linkerd manifests (thanks @cromulentbanana!) ([#11406]) * Improved `linkerd viz check` to attempt to validate that the Prometheus scrape interval will work well with the CLI and Web query parameters ([#11376]) * Improved CLI error handling to print differentiated error information when versioncheck.linkerd.io cannot be resolved (thanks @dtaskai) ([#11377]) * Fixed an issue where the destination controller would not update pod metadata for profile resolutions for a pod accessed via the host network (e.g. HostPort endpoints) ([#11334]). * Added a validating webhook config for httproutes.gateway.networking.k8s.io resources (thanks @mikutas!) ([#11150]) * Introduced a new `multicluster check --timeout` flag to limit the time allowed for Kubernetes API calls (thanks @moki1202) ([#11420]) [#11150]: #11150 [#11334]: #11334 [#11376]: #11376 [#11377]: #11377 [#11406]: #11406 [#11420]: #11420
Contributor
|
I see this was rolled into the edge release edge-23.9.4 . When can we expect to see it in a stable release? |
Contributor
This change will be included in stable-2.14.5, which should be released this week! |
hawkw
pushed a commit
that referenced
this pull request
Nov 22, 2023
The linkerd-control-plane Helm chart currently always uses the `linkerdVersion` value to populate the tag of a controller image. This does not allow for these values to diverge and it prohibits the specification of sha values in the image. To fix this, a new optional `controllerImageVersion` value is added to support overriding the default version-based image tag. Signed-off-by: Adam Shaw <[email protected]> Signed-off-by: Dan Levin <[email protected]> Co-authored-by: Adam Shaw <[email protected]>
hawkw
added a commit
that referenced
this pull request
Nov 22, 2023
## stable-2.14.5 This stable release fixes a proxy regression where bursts of TCP connections could result in EOF errors, due to an incorrect queue capacity. In addition, it includes fixes for the control plane, dependency upgrades, and support for image digests in Linkerd manifests. * Added a controlPlaneVersion override to the `linkerd-control-plane`` Helm chart to support including SHA256 image digests in Linkerd manifests (thanks @cromulentbanana!) ([#11406]; fixes [#11312]) * Added a `checksum/config `annotation to the destination and proxy injector deployment manifests, to force restarting those workloads whenever their webhook secrets change during upgrade (thanks @iAnomaly!) ([#11440]; fixes [#6940]) * Updated the Policy controller's OpenSSL dependency to v3, as OpenSSL 1.1.1 is EOL ([#11625]) * proxy: Increased `DEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY` to prevent EOF errors during bursts of TCP connections (proxy PR [#2521][proxy-2521]) [#11406]: #11406 [#11312]: #11312 [#11440]: #11440 [#6940]: #6940 [#11625]: #11625 [proxy-2521]: linkerd/linkerd2-proxy#2521
Merged
hawkw
added a commit
that referenced
this pull request
Nov 22, 2023
## stable-2.14.5 This stable release fixes a proxy regression where bursts of TCP connections could result in EOF errors, due to an incorrect queue capacity. In addition, it includes fixes for the control plane, dependency upgrades, and support for image digests in Linkerd manifests. * Added a controlPlaneVersion override to the `linkerd-control-plane`` Helm chart to support including SHA256 image digests in Linkerd manifests (thanks @cromulentbanana!) ([#11406]; fixes [#11312]) * Added a `checksum/config `annotation to the destination and proxy injector deployment manifests, to force restarting those workloads whenever their webhook secrets change during upgrade (thanks @iAnomaly!) ([#11440]; fixes [#6940]) * Updated the Policy controller's OpenSSL dependency to v3, as OpenSSL 1.1.1 is EOL ([#11625]) * proxy: Increased `DEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY` to prevent EOF errors during bursts of TCP connections (proxy PR [#2521][proxy-2521]) [#11406]: #11406 [#11312]: #11312 [#11440]: #11440 [#6940]: #6940 [#11625]: #11625 [proxy-2521]: linkerd/linkerd2-proxy#2521
hawkw
added a commit
that referenced
this pull request
Nov 22, 2023
## stable-2.14.5 This stable release fixes a proxy regression where bursts of TCP connections could result in EOF errors, due to an incorrect queue capacity. In addition, it includes fixes for the control plane, dependency upgrades, and support for image digests in Linkerd manifests. * Added a controlPlaneVersion override to the `linkerd-control-plane`` Helm chart to support including SHA256 image digests in Linkerd manifests (thanks @cromulentbanana!) ([#11406]; fixes [#11312]) * Added a `checksum/config `annotation to the destination and proxy injector deployment manifests, to force restarting those workloads whenever their webhook secrets change during upgrade (thanks @iAnomaly!) ([#11440]; fixes [#6940]) * Updated the Policy controller's OpenSSL dependency to v3, as OpenSSL 1.1.1 is EOL ([#11625]) * proxy: Increased `DEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY` to prevent EOF errors during bursts of TCP connections (proxy PR [#2521][proxy-2521]) [#11406]: #11406 [#11312]: #11312 [#11440]: #11440 [#6940]: #6940 [#11625]: #11625 [proxy-2521]: linkerd/linkerd2-proxy#2521
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Subject
Introduce helm functionality for controllerImage digest/tag
Problem
I need to reference each image via a digest or its not allowed to run in our cluster.
The current helm chart behaviour appends .Values.linkerdVersion but there is currently no way to add a digest.
This is not an issue for other images because they already allow tags
Solution
Add helm functionality to allow setting the controllerImage tag
Validation
update values.yaml with
controllerImageVersion: tag@sha
Run helm template using the above values and view the output. The controllerImage now has the value
cr.l5d.io/linkerd/controller:tag@sha:123allowing you to reference a digestFixes #11312
DCO Sign off
Signed-off-by: Dan Levin [email protected]