-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add functionality to helm chart to allow image digest for controllerImage #11406
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @cromulentbanana . Please run bin/helm-docs
to regenerate the chart's README.md
file.
Signed-off-by: Adam Shaw <[email protected]>
Signed-off-by: Adam Shaw <[email protected]>
Signed-off-by: Dan Levin <[email protected]>
Signed-off-by: Dan Levin <[email protected]>
thanks everyone |
This edge release makes Linkerd even better. * Added a controlPlaneVersion override to the `linkerd-control-plane` Helm chart to support including SHA256 image digests in Linkerd manifests (thanks @cromulentbanana!) ([#11406]) * Improved `linkerd viz check` to attempt to validate that the Prometheus scrape interval will work well with the CLI and Web query parameters ([#11376]) * Fixed an issue where the destination controller would not update pod metadata for profile resolutions for a pod accessed via the host network (e.g. HostPort endpoints) ([#11334]). * Added a validating webhook config for httproutes.gateway.networking.k8s.io resources (thanks @mikutas!) ([#11150]) [#11150]: #11150 [#11334]: #11334 [#11376]: #11376 [#11406]: #11406
This edge release makes Linkerd even better. * Added a controlPlaneVersion override to the `linkerd-control-plane` Helm chart to support including SHA256 image digests in Linkerd manifests (thanks @cromulentbanana!) ([#11406]) * Improved `linkerd viz check` to attempt to validate that the Prometheus scrape interval will work well with the CLI and Web query parameters ([#11376]) * Fixed an issue where the destination controller would not update pod metadata for profile resolutions for a pod accessed via the host network (e.g. HostPort endpoints) ([#11334]). * Added a validating webhook config for httproutes.gateway.networking.k8s.io resources (thanks @mikutas!) ([#11150]) [#11150]: #11150 [#11334]: #11334 [#11376]: #11376 [#11406]: #11406
This edge release makes Linkerd even better. * Added a controlPlaneVersion override to the `linkerd-control-plane` Helm chart to support including SHA256 image digests in Linkerd manifests (thanks @cromulentbanana!) ([#11406]) * Improved `linkerd viz check` to attempt to validate that the Prometheus scrape interval will work well with the CLI and Web query parameters ([#11376]) * Improved CLI error handling to print differentiated error information when versioncheck.linkerd.io cannot be resolved (thanks @dtaskai) ([#11377]) * Fixed an issue where the destination controller would not update pod metadata for profile resolutions for a pod accessed via the host network (e.g. HostPort endpoints) ([#11334]). * Added a validating webhook config for httproutes.gateway.networking.k8s.io resources (thanks @mikutas!) ([#11150]) * Introduced a new `multicluster check --timeout` flag to limit the time allowed for Kubernetes API calls (thanks @moki1202) ([#11420]) [#11150]: #11150 [#11334]: #11334 [#11376]: #11376 [#11377]: #11377 [#11406]: #11406 [#11420]: #11420
I see this was rolled into the edge release edge-23.9.4 . When can we expect to see it in a stable release? |
This change will be included in stable-2.14.5, which should be released this week! |
The linkerd-control-plane Helm chart currently always uses the `linkerdVersion` value to populate the tag of a controller image. This does not allow for these values to diverge and it prohibits the specification of sha values in the image. To fix this, a new optional `controllerImageVersion` value is added to support overriding the default version-based image tag. Signed-off-by: Adam Shaw <[email protected]> Signed-off-by: Dan Levin <[email protected]> Co-authored-by: Adam Shaw <[email protected]>
## stable-2.14.5 This stable release fixes a proxy regression where bursts of TCP connections could result in EOF errors, due to an incorrect queue capacity. In addition, it includes fixes for the control plane, dependency upgrades, and support for image digests in Linkerd manifests. * Added a controlPlaneVersion override to the `linkerd-control-plane`` Helm chart to support including SHA256 image digests in Linkerd manifests (thanks @cromulentbanana!) ([#11406]; fixes [#11312]) * Added a `checksum/config `annotation to the destination and proxy injector deployment manifests, to force restarting those workloads whenever their webhook secrets change during upgrade (thanks @iAnomaly!) ([#11440]; fixes [#6940]) * Updated the Policy controller's OpenSSL dependency to v3, as OpenSSL 1.1.1 is EOL ([#11625]) * proxy: Increased `DEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY` to prevent EOF errors during bursts of TCP connections (proxy PR [#2521][proxy-2521]) [#11406]: #11406 [#11312]: #11312 [#11440]: #11440 [#6940]: #6940 [#11625]: #11625 [proxy-2521]: linkerd/linkerd2-proxy#2521
## stable-2.14.5 This stable release fixes a proxy regression where bursts of TCP connections could result in EOF errors, due to an incorrect queue capacity. In addition, it includes fixes for the control plane, dependency upgrades, and support for image digests in Linkerd manifests. * Added a controlPlaneVersion override to the `linkerd-control-plane`` Helm chart to support including SHA256 image digests in Linkerd manifests (thanks @cromulentbanana!) ([#11406]; fixes [#11312]) * Added a `checksum/config `annotation to the destination and proxy injector deployment manifests, to force restarting those workloads whenever their webhook secrets change during upgrade (thanks @iAnomaly!) ([#11440]; fixes [#6940]) * Updated the Policy controller's OpenSSL dependency to v3, as OpenSSL 1.1.1 is EOL ([#11625]) * proxy: Increased `DEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY` to prevent EOF errors during bursts of TCP connections (proxy PR [#2521][proxy-2521]) [#11406]: #11406 [#11312]: #11312 [#11440]: #11440 [#6940]: #6940 [#11625]: #11625 [proxy-2521]: linkerd/linkerd2-proxy#2521
## stable-2.14.5 This stable release fixes a proxy regression where bursts of TCP connections could result in EOF errors, due to an incorrect queue capacity. In addition, it includes fixes for the control plane, dependency upgrades, and support for image digests in Linkerd manifests. * Added a controlPlaneVersion override to the `linkerd-control-plane`` Helm chart to support including SHA256 image digests in Linkerd manifests (thanks @cromulentbanana!) ([#11406]; fixes [#11312]) * Added a `checksum/config `annotation to the destination and proxy injector deployment manifests, to force restarting those workloads whenever their webhook secrets change during upgrade (thanks @iAnomaly!) ([#11440]; fixes [#6940]) * Updated the Policy controller's OpenSSL dependency to v3, as OpenSSL 1.1.1 is EOL ([#11625]) * proxy: Increased `DEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY` to prevent EOF errors during bursts of TCP connections (proxy PR [#2521][proxy-2521]) [#11406]: #11406 [#11312]: #11312 [#11440]: #11440 [#6940]: #6940 [#11625]: #11625 [proxy-2521]: linkerd/linkerd2-proxy#2521
Subject
Introduce helm functionality for controllerImage digest/tag
Problem
I need to reference each image via a digest or its not allowed to run in our cluster.
The current helm chart behaviour appends .Values.linkerdVersion but there is currently no way to add a digest.
This is not an issue for other images because they already allow tags
Solution
Add helm functionality to allow setting the controllerImage tag
Validation
update values.yaml with
controllerImageVersion: tag@sha
Run helm template using the above values and view the output. The controllerImage now has the value
cr.l5d.io/linkerd/controller:tag@sha:123
allowing you to reference a digestFixes #11312
DCO Sign off
Signed-off-by: Dan Levin [email protected]