Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add connectInject.prepareDataplanesUpgrade value #2514

Merged
merged 2 commits into from
Jul 7, 2023
Merged

Add connectInject.prepareDataplanesUpgrade value #2514

merged 2 commits into from
Jul 7, 2023

Conversation

lkysow
Copy link
Member

@lkysow lkysow commented Jul 7, 2023
edited
Loading

Set to true before performing an upgrade to a consul-dataplanes compatible consul-k8s version. This will ensure that the ACL tokens used to register non-dataplane services won't get deleted during the upgrade to dataplanes. If these ACL tokens are deleted, non-dataplane services won't be able to resolve their upstreams. During a normal non-dataplane upgrade this isn't an issue because the new injector re-registers all services using its new ACL token, but during an upgrade to dataplanes, the injector ignores all non-dataplane services and so doesn't re-register them with its latest token.

How I've tested this PR:

  • ran the upgrade and confirmed old non-dataplane services have their upstreams updated

How I expect reviewers to test this PR:

  • code

Checklist:

  • Tests added
  • CHANGELOG entry added

    HashiCorp engineers only, community PRs should not add a changelog entry.
    Entries should use present tense (e.g. Add support for...)

@lkysow
Add connectInject.prepareDataplanesUpgrade value
711d450 
Set to true before performing an upgrade to a consul-dataplanes compatible
consul-k8s version. This will ensure that the ACL tokens used to
register non-dataplane services won't get deleted during the upgrade to
dataplanes. If these ACL tokens are deleted, non-dataplane services
won't be able to resolve their upstreams. During a normal non-dataplane
upgrade this isn't an issue because the new injector re-registers all
services using its new ACL token, but during an upgrade to dataplanes,
the injector ignores all non-dataplane services and so doesn't
re-register them with its latest token.
@lkysow lkysow added the pr/no-backport signals that a PR will not contain a backport label label Jul 7, 2023
david-yu
david-yu reviewed Jul 7, 2023
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
@lkysow lkysow force-pushed the lkysow/prepare-dataplanes-upgrade branch from 654f011 to 8ba790f Compare July 7, 2023 19:02
@lkysow lkysow force-pushed the lkysow/prepare-dataplanes-upgrade branch from 8ba790f to 2100938 Compare July 7, 2023 19:02
@lkysow lkysow marked this pull request as ready for review July 7, 2023 19:03
@lkysow lkysow enabled auto-merge (squash) July 7, 2023 19:29
@lkysow lkysow merged commit c882458 into release/0.49.x Jul 7, 2023
@lkysow lkysow deleted the lkysow/prepare-dataplanes-upgrade branch July 7, 2023 20:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@david-yu david-yu david-yu approved these changes

@ishustava ishustava ishustava approved these changes

Assignees
No one assigned
Labels
pr/no-backport signals that a PR will not contain a backport label
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lkysow @david-yu @ishustava