-
Notifications
You must be signed in to change notification settings - Fork 591
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make deploy/ manifests use KIC 2.0 #1500
Conversation
Codecov Report
@@ Coverage Diff @@
## next #1500 +/- ##
=======================================
Coverage 53.29% 53.29%
=======================================
Files 47 47
Lines 3916 3916
=======================================
Hits 2087 2087
Misses 1680 1680
Partials 149 149 Continue to review full report at Codecov.
|
@@ -92,6 +96,8 @@ spec: | |||
value: "true" | |||
- name: CONTROLLER_PUBLISH_SERVICE | |||
value: "kong/kong-proxy" | |||
- name: CONTROLLER_CONTROLLER_UDPINGRESS | |||
value: "false" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does it mean : UDPIngress is not supported by default ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Line 94: The hardcode 127.0.0.1:8444 is resolved in PR
#1487
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we need change this line of code when we deploying both controller and proxy into the same node. either 127.0.0.1:8444 or localhost:8444 would work fine.
@@ -120,7 +126,7 @@ spec: | |||
failureThreshold: 3 | |||
readinessProbe: | |||
httpGet: | |||
path: /healthz | |||
path: /readyz |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right. this is good. Do we have an issue adding the readiness check for controller ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no specific issue - this has apparently been added as a part of https:/Kong/kubernetes-ingress-controller/pull/1314/files
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Gotcha.
we need follow k8s readiness probes and define the function reporting the readiness. https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes. The good thing is we already having the path defined in the pod.
Do we indeed want to change the existing all-in-one YAMLs and My expectation here was that we'd create a new version of 2.x needs updated RBAC as well, for both UDPIngress permissions and the addition of finalizer edit permissions to most other resources. I think we can try to have a central place for building 2.x manifests as well though need some engineering work under railgun/config to sort it out. And, our controller is an extension manager, which watches resources from different extensions (CRD), an appropriate RBAC would be as following |
I think we can try to have a central place for building 2.x manifests as well though need some engineering work under railgun/config to sort it out. And, our controller is an extension manager, which watches resources from different extensions (CRD), an appropriate RBAC would be as following https:/Kong/kubernetes-ingress-controller/pull/1487/files#diff-e35bff7662f401f7147347e04d81e9a731e69c626ab6fb0130b037606ab7e397 |
This is being reworked based on the considerations above. |
Part of #1256
This PR:
deploy/
use KIC 2.0. (The2.0
tag is not pushed yet, so for testing it needs to be substituted withnext-railgun
).deploy/
This PR does not: