profile
viewpoint

schndr/amazon-eks-ami 0

Packer configuration for building a custom EKS AMI

schndr/charts 0

Curated applications for Kubernetes

schndr/helm-charts 0

Helm charts for VictoriaMetrics

schndr/helm-charts-1 0

Prometheus community Helm charts

schndr/terraform-aws-rds-aurora 0

Terraform module which creates RDS Aurora resources on AWS

issue openedlinkerd/linkerd2

injector: `linkerd.io/proxy-version` is incorrect

When overriding a proxy version via annotation, the injector sets an incorrect linkerd.io/proxy-version annotation:

metadata:
  annotations:
    config.linkerd.io/proxy-image: ghcr.io/olix0r/l2-proxy
    config.linkerd.io/proxy-version: detect.e7d061ef
    linkerd.io/created-by: linkerd/proxy-injector stable-2.9.0
    linkerd.io/identity-mode: default
    linkerd.io/inject: enabled
    linkerd.io/proxy-version: stable-2.9.0
    ort.olix0r.net/concurrency-limit: "20"
    ort.olix0r.net/request-limit: "5000"
    ort.olix0r.net/threads: "5"
...
    image: ghcr.io/olix0r/l2-proxy:detect.e7d061ef

To fix this, we can do one or more of the following:

  • Change the annotation to be linkerd.io/injector-version, which will make it correct.
  • Change the annotation's value to match the override.
  • Omit the annotation.

created time in 2 hours

issue commentlinkerd/linkerd2

bin/protoc-diff assumes Debian(-based) system

To make a distinction between different Linux systems, something along these lines could be used:

#!/bin/sh -eu
[ -f /etc/os-release ] && . /etc/os-release
[ -n "$ID" ] || {
        echo 'Could not find Linux distro info' >&2
        exit 1
}

PKGMGR=
case "$ID" in
        fedora)
                PKGMGR=yum
                ;;
        debian|ubuntu)
                PKGMGR=apt-get
                ;;
        alpine)
                PKGMGR=apk
                ;;
        *)
                echo "No package manager defined for $ID" >&2
                exit 1
                ;;
esac

echo "Will use $PKGMGR for package management!"
joakimr-axis

comment created time in 4 hours

issue openedlinkerd/linkerd2

bin/protoc-diff assumes Debian(-based) system

Bug Report

What is the issue?

bin/protoc-diff checks if the host is a Linux system. If unzip is missing, it calls apt-get. This will fail for a non-Debian-based system.

How can it be reproduced?

docker run -it --rm -v <path_to_your_linkerd2_dir>:/src/linkerd2 -w /src/linkerd2 fedora
bin/protoc-diff

Logs, error output, etc

[root@f667739e8564 linkerd2]# bin/protoc-diff 
bin/protoc-diff: line 8: apt-get: command not found
[root@f667739e8564 linkerd2]#

linkerd check output

Not applicable

Environment

  • Kubernetes Version: Not applicable
  • Cluster Environment: Not applicable
  • Host OS: Debian Linux (bullseye)
  • Linkerd version: commit 72a0ca974df2e623a3ffbff2a03abaabaab19322

Possible solution

  1. Should the script really install unzip on its host? If so:
    1. Is it supposed to be run as root? Otherwise it will fail due to permission needed for apt-get.
    2. A distinction is needed for the Linux breed. For Debian/Ubuntu etc. apt-get should be used. For Fedora/RedHat etc. yum. For alpine apk. Etc. etc.
  2. Could it be simpler just to check for unzip and return an error message to the user if it is missing? And then let the user install it in a suitable way? Then bin/protoc-diff can be run as any appropriate non-root user and focus solely on its primary tasks.

Additional context

created time in 4 hours

Pull request review commentlinkerd/linkerd2

bin/shellcheck-all was missing some files

 if [ -z "$dir_dirty" ]; then   exit 0 else   echo "Helm-docs generated readmes diverge from current chart readmes:"

Single quotes are preferred here since nothing is to be expanded.

(also goes for line 9)

alpeb

comment created time in 5 hours

Pull request review commentlinkerd/linkerd2

bin/shellcheck-all was missing some files

 if [ -z "$dir_dirty" ]; then   exit 0 else   echo "Protobuf definitions diverge from generated code:"

(also goes for line 16)

alpeb

comment created time in 5 hours

Pull request review commentlinkerd/linkerd2

bin/shellcheck-all was missing some files

 if [ -z "$dir_dirty" ]; then   exit 0 else   echo "Protobuf definitions diverge from generated code:"

Single quotes are preferred here since nothing is to be expanded.

alpeb

comment created time in 5 hours

pull request commentlinkerd/linkerd2

bin/shellcheck-all was missing some files

Using the mimetype seems a bit unreliable. What about something a bit more straightforward: [...]

I do think we want to (still) avoid searching the .git directory and such. And involving awk could be avoided. To do the search-all-files-for-shebang approach (which I like), I reckon a simple (regexp) grep command will do:

grep -rnsle '#!/usr/bin/env \(bash\|sh\)' *

Combined with the shellcheck command we would then get

-"$bindir"/shellcheck -x -P "$bindir" $(find "$rootdir" -type f \
-               ! -path "$rootdir"/.git/hooks/\*.sample \
-               | while read -r f; do [ "$(file -b --mime-type "$f")" = 'text/x-shellscript' ] && printf '%s\0' "$f"; done | xargs -0)
+"$bindir"/shellcheck -x -P "$bindir" $(grep -rnsle '#!/usr/bin/env \(bash\|sh\)' "$rootdir"/* | xargs)

(If it were to be more portable, the regexp grep could be replaced with two grep commands, one for bash and one for sh.)

alpeb

comment created time in 5 hours

pull request commentlinkerd/linkerd2

bin/shellcheck-all was missing some files

These files required just sh because they didn't rely on "advanced" bash features, but it doesn't hurt having them use bash, IMO.

If you ask me (and you did :-) ), I would say that there is no need to use something with 10 times the footprint (bash vs. dash) if there is no good reason for it. And I really like @adleong's suggested approach to the problem at hand.

alpeb

comment created time in 6 hours

issue closedlinkerd/linkerd2

Move multicluster CLI subcommand to multicluster directory

To match the structure of a Linkerd extension, the multicluster subcommand for the Linkerd CLI should be moved to the top-level multicluster directory.

closed time in a day

adleong

issue commentlinkerd/linkerd2

Move multicluster CLI subcommand to multicluster directory

Fixed by https://github.com/linkerd/linkerd2/pull/5293

adleong

comment created time in a day

pull request commentlinkerd/linkerd2

(WIP) Helm: Allow arbitrary annotations on APIService/ Webhook configs

No problem! I'm going to mark this as a draft, however, for now. Please mark it as non-draft once it's ready to be reviewed. Thanks!

cypherfox

comment created time in a day

pull request commentlinkerd/linkerd2

add some missing helm values for multicluster setup

Arg, I just created yet another merge conflict by merging https://github.com/linkerd/linkerd2/pull/5293. If you have a chance to resolve the conflicts (again) then go for it. Otherwise, once another Linkerd maintainer approves this PR, we can handle the merge. Sorry for the moving target.

DaspawnW

comment created time in a day

push eventlinkerd/linkerd2

Tarun Pothulapati

commit sha 72a0ca974df2e623a3ffbff2a03abaabaab19322

extension: Separate multicluster chart and binary (#5293) Fixes #5257 This branch movies mc charts and cli level code to a new top level directory. None of the logic is changed. Also, moves some common types into `/pkg` so that they are accessible both to the main cli and extensions. Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>

view details

push time in a day

delete branch linkerd/linkerd2

delete branch : tarun/sep-multicluster

delete time in a day

PR merged linkerd/linkerd2

extension: Separate multicluster chart and binary

Fixes #5257

This branch movies mc charts and cli level code to a new top level directory. None of the logic is changed.

Also, moves some common types into /pkg so that they are accessible both to the main cli and extensions.

Signed-off-by: Tarun Pothulapati tarunpothulapati@outlook.com

+1253 -1090

4 comments

47 changed files

Pothulapati

pr closed time in a day

issue closedlinkerd/linkerd2

Move multicluster charts to top-level multicluster directory

To follow the structure of a Linkerd extension, the linkerd multicluster charts should be moved into a separate top-level directory called multicluster.

closed time in a day

adleong

push eventlinkerd/linkerd2

Tarun Pothulapati

commit sha 47a49e5ac55b0a00565dd78b9ae3d49ebfcdfbef

jaeger: Add support for override flags (#5304) This change adds flags `set`, `set-string`, `values`, `set-files`, etc flags which are used to override the default values. This is similar to that of Helm. This also updates the install workflow to directly use Helm v3 pkg for chart loading and generation, without having to use our chart type, etc. Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>

view details

push time in a day

delete branch linkerd/linkerd2

delete branch : tarun/jaeger-set

delete time in a day

PR merged linkerd/linkerd2

jaeger: Add support for override flags

This change adds flags set, set-string, values, set-files, etc flags which are used to override the default values. This is similar to that of Helm.

This also updates the install workflow to directly use Helm v3 pkg for chart loading and generation, without having to use our chart type, etc.

Signed-off-by: Tarun Pothulapati tarunpothulapati@outlook.com

+102 -44

0 comment

4 changed files

Pothulapati

pr closed time in a day

pull request commentlinkerd/linkerd2

bin/shellcheck-all was missing some files

Using the mimetype seems a bit unreliable. What about something a bit more straightforward:

-"$bindir"/shellcheck -x -P "$bindir" $(find "$rootdir" -type f \
-               ! -path "$rootdir"/.git/hooks/\*.sample \
-               | while read -r f; do [ "$(file -b --mime-type "$f")" = 'text/x-shellscript' ] && printf '%s\0' "$f"; done | xargs -0)
+"$bindir"/shellcheck -x -P "$bindir" $(find . -exec awk 'NR==1&&/^\#\!\/usr\/bin\/env (bash|sh)$/{print FILENAME}' {} \;)

This should catch everything without needing to change which shell we use.

alpeb

comment created time in a day

pull request commentlinkerd/linkerd2

Update RBAC API versions to avoid deprecations in CNI helm chart

@zaharidichev can you take a look at this?

glitchcrab

comment created time in a day

push eventlinkerd/linkerd2

Alex Leong

commit sha 9f71581cedc5b6ed89cb6a2851769e9ca8668161

Remove annotations set to default values Signed-off-by: Alex Leong <alex@buoyant.io>

view details

push time in a day

pull request commentlinkerd/linkerd2

Use linkerd-jaeger extension for control plane tracing

This is a good find. Let's not block this change on it, but we should definitely spend more time investigating this. @alpeb do you happen to know why recovering takes a couple of minutes? It would be ideal if the changed cert would be detected right away.

adleong

comment created time in a day

PR opened linkerd/linkerd2

Make multicluster gateway replicas configurable and define linkerd mu…

Subject Make multicluster gateway replicas configurable

Problem By default the Multicluster gateway is configured as a single deployment replica count.

Solution Add a similar solution as for high available installation of linkerd also to multicluster install.

+10 -1

0 comment

5 changed files

pr created time in a day

pull request commentlinkerd/linkerd2

add some missing helm values for multicluster setup

sorry rebased to main

DaspawnW

comment created time in a day

pull request commentlinkerd/linkerd2

Use linkerd-jaeger extension for control plane tracing

Thanks @Pothulapati , I think you've found a nasty bug, that I can reproduce in the latest edge :-( Whenever upgrading linkerd to change anything, say something else innocuous like --disable-heartbeat, this will happen. Likely it's because the injector's mutatingwebhookconfiguration and the associated secret are getting regenerated during the upgrade, but the injector pod isn't getting restarted so it's not using the latest secret.

I've just merged the webhook dynamic SSL cert reload (#5282) into main and merging it in this branch solves the issue as the secret change is detected (note it takes a couple of minutes though). I'm not totally sure though if this requires further investigation...

adleong

comment created time in a day

pull request commentlinkerd/linkerd2

bin/shellcheck-all was missing some files

I'm making an exception after all with bin/install-deps and have it use sh because it's used in the Dockerfiles based on Alpine, which doesn't have bash, and installing it would need like 50MB extra.

alpeb

comment created time in a day

push eventlinkerd/linkerd2

Alejandro Pedraza

commit sha f2366040bcbbff8e4cb5f3061efb409c90cec61a

no bash for bin/install-deps though

view details

push time in a day

PR opened linkerd/linkerd2

bin/shellcheck-all was missing some files

bin/shellcheck-all identifies what files to check by filtering by the text/x-shellscript mime-type, which only applies to files with a shebang pointing to bash. We had a number of files with a #!/usr/bin/env sh shebang that (at least in Ubuntu given sh points to dash) only exposes a text/plain mime-type, thus they were not being checked.

These files required just sh because they didn't rely on "advanced" bash features, but it doesn't hurt having them use bash, IMO.

As a result I also fixed a few warnings in the files that were being ignored.

(:taco: to @siggy for the find).

CC @joakimr-axis in case you wanna review :wink:

+30 -30

0 comment

27 changed files

pr created time in a day

create barnchlinkerd/linkerd2

branch : alpeb/shellcheck-comprehensive

created branch time in a day

more