Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add functionality to helm chart to allow image digest for controllerImage #11406

Merged
merged 4 commits into from
Sep 26, 2023
Merged

Add functionality to helm chart to allow image digest for controllerImage #11406

merged 4 commits into from
Sep 26, 2023

Conversation

cromulentbanana
Copy link
Contributor

Subject
Introduce helm functionality for controllerImage digest/tag

Problem
I need to reference each image via a digest or its not allowed to run in our cluster.
The current helm chart behaviour appends .Values.linkerdVersion but there is currently no way to add a digest.

This is not an issue for other images because they already allow tags

Solution
Add helm functionality to allow setting the controllerImage tag

Validation

  1. update values.yaml with
    controllerImageVersion: tag@sha

  2. Run helm template using the above values and view the output. The controllerImage now has the value cr.l5d.io/linkerd/controller:tag@sha:123 allowing you to reference a digest

Fixes #11312

DCO Sign off
Signed-off-by: Dan Levin [email protected]

Copy link
Member

@alpeb alpeb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @cromulentbanana . Please run bin/helm-docs to regenerate the chart's README.md file.

charts/linkerd-control-plane/values.yaml Outdated Show resolved Hide resolved
@olix0r olix0r self-requested a review September 26, 2023 14:54
@olix0r olix0r self-assigned this Sep 26, 2023
@olix0r olix0r merged commit abe66fc into linkerd:main Sep 26, 2023
34 checks passed
@cromulentbanana
Copy link
Contributor Author

thanks everyone

@cromulentbanana
Copy link
Contributor Author

Hi @olix0r I believe we can close #11313 now that this has been merged

olix0r added a commit that referenced this pull request Sep 28, 2023
This edge release makes Linkerd even better.

* Added a controlPlaneVersion override to the `linkerd-control-plane` Helm chart
  to support including SHA256 image digests in Linkerd manifests (thanks
  @cromulentbanana!) ([#11406])
* Improved `linkerd viz check` to attempt to validate that the Prometheus scrape
  interval will work well with the CLI and Web query parameters ([#11376])
* Fixed an issue where the destination controller would not update pod metadata
  for profile resolutions for a pod accessed via the host network (e.g.
  HostPort endpoints) ([#11334]).
* Added a validating webhook config for httproutes.gateway.networking.k8s.io
  resources (thanks @mikutas!) ([#11150])

[#11150]: #11150
[#11334]: #11334
[#11376]: #11376
[#11406]: #11406
@olix0r olix0r mentioned this pull request Sep 28, 2023
olix0r added a commit that referenced this pull request Sep 28, 2023
This edge release makes Linkerd even better.

* Added a controlPlaneVersion override to the `linkerd-control-plane` Helm chart
  to support including SHA256 image digests in Linkerd manifests (thanks
  @cromulentbanana!) ([#11406])
* Improved `linkerd viz check` to attempt to validate that the Prometheus scrape
  interval will work well with the CLI and Web query parameters ([#11376])
* Fixed an issue where the destination controller would not update pod metadata
  for profile resolutions for a pod accessed via the host network (e.g.
  HostPort endpoints) ([#11334]).
* Added a validating webhook config for httproutes.gateway.networking.k8s.io
  resources (thanks @mikutas!) ([#11150])

[#11150]: #11150
[#11334]: #11334
[#11376]: #11376
[#11406]: #11406
olix0r added a commit that referenced this pull request Sep 29, 2023
This edge release makes Linkerd even better.

* Added a controlPlaneVersion override to the `linkerd-control-plane` Helm chart
  to support including SHA256 image digests in Linkerd manifests (thanks
  @cromulentbanana!) ([#11406])
* Improved `linkerd viz check` to attempt to validate that the Prometheus scrape
  interval will work well with the CLI and Web query parameters ([#11376])
* Improved CLI error handling to print differentiated error information when
  versioncheck.linkerd.io cannot be resolved (thanks @dtaskai) ([#11377])
* Fixed an issue where the destination controller would not update pod metadata
  for profile resolutions for a pod accessed via the host network (e.g.
  HostPort endpoints) ([#11334]).
* Added a validating webhook config for httproutes.gateway.networking.k8s.io
  resources (thanks @mikutas!) ([#11150])
* Introduced a new `multicluster check --timeout` flag to limit the time
  allowed for Kubernetes API calls (thanks @moki1202) ([#11420])

[#11150]: #11150
[#11334]: #11334
[#11376]: #11376
[#11377]: #11377
[#11406]: #11406
[#11420]: #11420
@adamshawvipps
Copy link
Contributor

I see this was rolled into the edge release edge-23.9.4 . When can we expect to see it in a stable release?

@hawkw
Copy link
Contributor

hawkw commented Nov 21, 2023

I see this was rolled into the edge release edge-23.9.4 . When can we expect to see it in a stable release?

This change will be included in stable-2.14.5, which should be released this week!

hawkw pushed a commit that referenced this pull request Nov 22, 2023
The linkerd-control-plane Helm chart currently always uses the `linkerdVersion` value
to populate the tag of a controller image. This does not allow for these values to diverge
and it prohibits the specification of sha values in the image.

To fix this, a new optional `controllerImageVersion` value is added to support overriding
the default version-based image tag.

Signed-off-by: Adam Shaw <[email protected]>
Signed-off-by: Dan Levin <[email protected]>
Co-authored-by: Adam Shaw <[email protected]>
hawkw added a commit that referenced this pull request Nov 22, 2023
## stable-2.14.5

This stable release fixes a proxy regression where bursts of TCP
connections could result in EOF errors, due to an incorrect queue
capacity. In addition, it includes fixes for the control plane,
dependency upgrades, and support for image digests in Linkerd manifests.

* Added a controlPlaneVersion override to the `linkerd-control-plane``
  Helm chart to support including SHA256 image digests in Linkerd
  manifests (thanks @cromulentbanana!) ([#11406]; fixes [#11312])
* Added a `checksum/config `annotation to the destination and proxy
  injector deployment manifests, to force restarting those workloads
  whenever their webhook secrets change during upgrade (thanks
  @iAnomaly!) ([#11440]; fixes [#6940])
* Updated the Policy controller's OpenSSL dependency to v3, as OpenSSL
  1.1.1 is EOL ([#11625])
* proxy: Increased `DEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY` to prevent EOF
  errors during bursts of TCP connections (proxy PR [#2521][proxy-2521])

[#11406]: #11406
[#11312]: #11312
[#11440]: #11440
[#6940]: #6940
[#11625]: #11625
[proxy-2521]: linkerd/linkerd2-proxy#2521
@hawkw hawkw mentioned this pull request Nov 22, 2023
hawkw added a commit that referenced this pull request Nov 22, 2023
## stable-2.14.5

This stable release fixes a proxy regression where bursts of TCP
connections could result in EOF errors, due to an incorrect queue
capacity. In addition, it includes fixes for the control plane,
dependency upgrades, and support for image digests in Linkerd manifests.

* Added a controlPlaneVersion override to the `linkerd-control-plane``
  Helm chart to support including SHA256 image digests in Linkerd
  manifests (thanks @cromulentbanana!) ([#11406]; fixes [#11312])
* Added a `checksum/config `annotation to the destination and proxy
  injector deployment manifests, to force restarting those workloads
  whenever their webhook secrets change during upgrade (thanks
  @iAnomaly!) ([#11440]; fixes [#6940])
* Updated the Policy controller's OpenSSL dependency to v3, as OpenSSL
  1.1.1 is EOL ([#11625])
* proxy: Increased `DEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY` to prevent EOF
  errors during bursts of TCP connections (proxy PR [#2521][proxy-2521])

[#11406]: #11406
[#11312]: #11312
[#11440]: #11440
[#6940]: #6940
[#11625]: #11625
[proxy-2521]: linkerd/linkerd2-proxy#2521
hawkw added a commit that referenced this pull request Nov 22, 2023
## stable-2.14.5

This stable release fixes a proxy regression where bursts of TCP
connections could result in EOF errors, due to an incorrect queue
capacity. In addition, it includes fixes for the control plane,
dependency upgrades, and support for image digests in Linkerd manifests.

* Added a controlPlaneVersion override to the `linkerd-control-plane``
  Helm chart to support including SHA256 image digests in Linkerd
  manifests (thanks @cromulentbanana!) ([#11406]; fixes [#11312])
* Added a `checksum/config `annotation to the destination and proxy
  injector deployment manifests, to force restarting those workloads
  whenever their webhook secrets change during upgrade (thanks
  @iAnomaly!) ([#11440]; fixes [#6940])
* Updated the Policy controller's OpenSSL dependency to v3, as OpenSSL
  1.1.1 is EOL ([#11625])
* proxy: Increased `DEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY` to prevent EOF
  errors during bursts of TCP connections (proxy PR [#2521][proxy-2521])

[#11406]: #11406
[#11312]: #11312
[#11440]: #11440
[#6940]: #6940
[#11625]: #11625
[proxy-2521]: linkerd/linkerd2-proxy#2521
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Allow controllerImage to be pulled via image digest
6 participants