-
Notifications
You must be signed in to change notification settings - Fork 437
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge refs/heads/v1.13.x into go-grpc-cve-1.13
- Loading branch information
Showing
26 changed files
with
738 additions
and
55 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
changelog: | ||
- type: FIX | ||
issueLink: https://github.com/solo-io/gloo/issues/8288 | ||
description: >- | ||
Fixes the issue of defining a custom readiness probe for the gateway proxy for zero downtime upgrades via helm with the `--wait` flag and via ArgoCD. | ||
- type: HELM | ||
issueLink: https://github.com/solo-io/solo-projects/issues/5490 | ||
resolvesIssue: false | ||
description: Adds a new helm value `global.extraCustomResources` to allow users to add additional custom resources to create, as defined by a helm partial | ||
|
2 changes: 1 addition & 1 deletion
2
...reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/settings.proto.sk.md
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
137 changes: 137 additions & 0 deletions
137
install/helm/gloo/templates/5-resource-rollout-check-job.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,137 @@ | ||
{{- if .Values.gateway.rolloutJob.enabled }} | ||
{{- $image := .Values.gateway.rolloutJob.image }} | ||
{{- if .Values.global }} | ||
{{- $image = merge .Values.gateway.rolloutJob.image .Values.global.image }} | ||
{{- end }} | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
labels: | ||
app: gloo | ||
gloo: resource-rollout | ||
name: gloo-resource-rollout-check | ||
namespace: {{ .Release.Namespace }} | ||
annotations: | ||
"helm.sh/hook": post-install,post-upgrade | ||
"helm.sh/hook-weight": "5" | ||
{{- include "gloo.jobHelmDeletePolicySucceededAndBeforeCreation" .Values.gateway.rolloutJob | nindent 4 }} | ||
spec: | ||
{{- include "gloo.jobSpecStandardFields" .Values.gateway.rolloutJob | nindent 2 -}} | ||
template: | ||
metadata: | ||
labels: | ||
gloo: resource-rollout | ||
sidecar.istio.io/inject: "false" | ||
{{- if .Values.gateway.rolloutJob.extraPodLabels }} | ||
{{- range $key, $value := .Values.gateway.rolloutJob.extraPodLabels }} | ||
{{ $key | quote }}: {{ $value | quote }} | ||
{{- end }} | ||
{{- end }} | ||
{{- if or .Values.settings.linkerd .Values.gateway.rolloutJob.extraPodAnnotations }} | ||
annotations: | ||
{{- if .Values.settings.linkerd }} | ||
"linkerd.io/inject": disabled | ||
{{- end }} | ||
{{- range $key, $value := .Values.gateway.rolloutJob.extraPodAnnotations }} | ||
{{ $key | quote }}: {{ $value | quote }} | ||
{{- end }} | ||
{{- end }} | ||
spec: | ||
{{- include "gloo.pullSecret" $image | nindent 6 -}} | ||
serviceAccountName: gloo-resource-rollout | ||
{{- include "gloo.podSpecStandardFields" .Values.gateway.rolloutJob | nindent 6 -}} | ||
volumes: | ||
- name: custom-resource-config-volume | ||
configMap: | ||
name: gloo-custom-resource-config | ||
items: | ||
- key: custom-resources | ||
path: custom-resources | ||
{{- if .Values.global.extraCustomResources }} | ||
- key: extra-custom-resources | ||
path: extra-custom-resources | ||
{{- end }} | ||
containers: | ||
- name: kubectl | ||
image: {{template "gloo.image" $image}} | ||
imagePullPolicy: {{ $image.pullPolicy }} | ||
env: | ||
- name: HAS_CUSTOM_RESOURCES | ||
valueFrom: | ||
configMapKeyRef: | ||
name: gloo-custom-resource-config | ||
key: has-custom-resources | ||
{{- if .Values.global.extraCustomResources }} | ||
- name: HAS_EXTRA_CUSTOM_RESOURCES | ||
valueFrom: | ||
configMapKeyRef: | ||
name: gloo-custom-resource-config | ||
key: has-extra-custom-resources | ||
{{- end }} | ||
volumeMounts: | ||
- name: custom-resource-config-volume | ||
mountPath: /etc/gloo-custom-resources | ||
securityContext: | ||
runAsNonRoot: true | ||
{{- if not .Values.gateway.rolloutJob.floatingUserId }} | ||
runAsUser: {{ printf "%.0f" (float64 .Values.gateway.rolloutJob.runAsUser) -}} | ||
{{- end }} | ||
{{- with .Values.gateway.rolloutJob.resources }} | ||
resources: {{ toYaml . | nindent 12}} | ||
{{- end }} | ||
command: | ||
- /bin/sh | ||
- -c | ||
- | | ||
# Check if Gloo Edge applied custom resources | ||
if [ "$HAS_CUSTOM_RESOURCES" == "true" ] | ||
then | ||
# Wait for the resource rollout job to complete | ||
kubectl -n {{ .Release.Namespace }} get job gloo-resource-rollout &> /dev/null | ||
if [ $? -eq 0 ] | ||
then | ||
# Exit immediately if the rollout job failed | ||
kubectl -n {{ .Release.Namespace }} get job gloo-resource-rollout -o jsonpath='{.status.conditions[?(@.type=="Failed")].status}' | grep -i "True" &> /dev/null | ||
if [ $? -eq 0 ] | ||
then | ||
echo "Rollout job failed. Not all resources were successfully created." | ||
exit 1 | ||
fi | ||
echo "Waiting for the resource rollout job to complete" | ||
kubectl -n {{ .Release.Namespace }} wait --for=condition=complete job gloo-resource-rollout --timeout={{ .Values.gateway.rolloutJob.timeout }}s || exit 1 | ||
# Clean up the rollout job up so it doesn't cause issues with upgrades | ||
kubectl -n {{ .Release.Namespace }} delete job gloo-resource-rollout || exit $? | ||
fi | ||
# If the resource has been applied, re-applying it should output something like this | ||
# gateway.gateway.solo.io/default unchanged | ||
# If not it will output | ||
# gateway.gateway.solo.io/default configured | ||
# gateway.gateway.solo.io/default created | ||
# This indicates that the resource was not applied in the resource rollout job | ||
if [ "$HAS_EXTRA_CUSTOM_RESOURCES" == "true" ] | ||
then | ||
FAILED_RESOURCES=$(kubectl apply -f /etc/gloo-custom-resources/extra-custom-resources | grep -iv ' unchanged') | ||
if [ ! -z "$FAILED_RESOURCES" ] | ||
then | ||
echo "The following extra resources failed to be applied by the resource rollout job $FAILED_RESOURCES. As a consequence, other custom resources (eg. Gateways) were not applied." | ||
exit 1 | ||
else | ||
echo "The resource rollout job successfully applied all the extra resources" | ||
fi | ||
fi | ||
FAILED_RESOURCES=$(kubectl apply -f /etc/gloo-custom-resources/custom-resources | grep -iv ' unchanged') | ||
if [ ! -z "$FAILED_RESOURCES" ] | ||
then | ||
echo "The following resources failed to be applied by the resource rollout job $FAILED_RESOURCES" | ||
exit 1 | ||
else | ||
echo "The resource rollout job successfully applied all the resources" | ||
fi | ||
else | ||
echo "no custom resources to check" | ||
fi | ||
{{- end }}{{/* if .Values.gateway.rolloutJob.enabled */}} | ||
|
Oops, something went wrong.