upgrade: Generate an Identity config if missing#2656
Conversation
When upgrading from an older cluster that has a Linkerd config but no identity, we need to generate an identity context so that the cluster is configured properly. Fixes #2650
|
Integration test results for 43518a1: success 🎉 |
siggy
left a comment
siggy
left a comment
There was a problem hiding this comment.
Code change LGTM. I can't test a successful upgrade due to #2660.
To address the lint error, you can pull in a change from a branch I've been working on:
e3c5396#diff-29ed5f4fd0997821def9785307ff4e7eR261
|
Integration test results for 460f0ad: success 🎉 |
There was a problem hiding this comment.
Got an error upgrading edge-19.3.2 to this branch, when --proxy-auto-inject was enabled:
linkerd install --proxy-auto-inject | kubectl apply -f -
...
bin/linkerd install --proxy-auto-inject | kubectl apply -f -
...
service/linkerd-sp-validator created
Error from server (InternalError): error when applying patch:
{"metadata":{"annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"extensions/v1beta1\",\"kind\":\"Deployment\",\"metadata\":{\"annotations\":{\"linkerd.io/created-by\":\"linkerd/cli git-460f0ad3\"},\"creationTimestamp\":null,\"labels\":{\"linkerd.io/control-plane-compon
...
to:
Resource: "extensions/v1beta1, Resource=deployments", GroupVersionKind: "extensions/v1beta1, Kind=Deployment"
Name: "linkerd-grafana", Namespace: "linkerd"
Object: &{map["kind":"Deployment" "apiVersion":"extensions/v1beta1" "metadata":map["labels":map["linkerd.io/control-plane-component":"grafana"] "name":"linkerd-grafana" "selfLink":"/apis/extensions/v1beta1/namespaces/linkerd/deployments/linkerd-grafana" "uid":"a645329a-5a2d-11e9-adbf-025000000001" "ge
...
"observedGeneration":'\x01' "replicas":'\x01' "updatedReplicas":'\x01' "readyReplicas":'\x01' "availableReplicas":'\x01'] "kind":"Deployment" "apiVersion":"apps/v1"]}
for: "STDIN": Internal error occurred: admission webhook "linkerd-proxy-injector.linkerd.io" denied the request: unknown field "autoInjectContext" in config.Global
Error from server (InternalError): error when creating "STDIN": Internal error occurred: admission webhook "linkerd-proxy-injector.linkerd.io" denied the request: unknown field "autoInjectContext" in config.Global... this does not happen with edge-19.4.2.
|
@siggy that looks like an older auto-injector is reading newer configuration. are you sure that's related to this branch? |
|
Specifically, what I assume is happening here is that the linkerd-config is updated before the proxy-injector is updated, and it's reading the newer config and finding new, unexpected fields. But it would be helpful to compare the proxy-injector pod metadata and the config structure. Also worth calling out that, in newer versions, decoding newer configs doesn't cause an error (we now ignore unknown fields) |
|
@olix0r I tried the same process again with this branch, with master, and with |
|
@siggy it seems pretty likely that there's a race. Perhaps something we need to understand as we revisit the install split... |
|
Integration test results for 2d82dd1: fail 😕 |
|
Integration test results for ccbf846: success 🎉 |
siggy
left a comment
siggy
left a comment
There was a problem hiding this comment.
successfully tested upgrade from edge-19.3.2 and from current master. 👍 🚢
|
Integration test results for 0eda529: success 🎉 |
3 participants
When upgrading from an older cluster that has a Linkerd config but no
identity, we need to generate an identity context so that the cluster is
configured properly.
Fixes #2650