clustermesh-apiserver: add flag to disable external workloads support #25259
Conversation
Currently, the support for external workloads is always enabled in the clustermesh-apiserver. Yet, this feature requires the synchronization of all the services present in the cluster to the kvstore, including the corresponding backends (plain clustermesh instead only requires the synchronization of shared services and associated backends). Given that full synchronization is quite onerous in large clusters, let's make it configurable through a dedicated flag. By default, it is enabled, in order not to modify the current behavior when unspecified (e.g., by the legacy Cilium CLI). When installing cilium through Helm, instead, it is configured according to the pre-existing externalWorkloads.enabled configuration entry. Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
giorio94
added
kind/performance
|
/test |
|
/ci-gke |
|
/ci-gke Failed due to yesterday's GitHub incident. |
|
/test-1.26-net-next Hit known flake #24697 |
@asauber Do you mean using the cilium CLI? The legacy one uses the hard-coded manifests, hence triggering the previous behavior as the flag is not specified. The new one, instead, sets the flag to false, which is the default in helm (this is something that we should keep in mind for the |
|
@giorio94 Have you compiled this locally and tested the flag? (is what I was asking) |
Yep, I've run it both with and without the flag set. |
| @@ -248,6 +249,11 @@ func runApiserver() error { | |||
| flags.Bool(option.K8sEnableEndpointSlice, defaults.K8sEnableEndpointSlice, "Enable support of Kubernetes EndpointSlice") | |||
| option.BindEnv(vp, option.K8sEnableEndpointSlice) | |||
|
|
|||
| // The default values is set to true to match the existing behavior in case | |||
| // the flag is not configured (for instance by the legacy cilium CLI). | |||
| flags.BoolVar(&cfg.enableExternalWorkloads, option.EnableExternalWorkloads, true, "Enable support for external workloads") | |||
There was a problem hiding this comment.
could this default value go in in defaults.EnableExternalWorkloads?
There was a problem hiding this comment.
I personally find flags a bit easier to read when the value is inline rather than defined as a constant, since it does not require to navigate through the code to find it (assuming that it is not reused in multiple places, otherwise having a constant ensures consistency).
I don't have any strong preference though, and the other flags defined don't seem to be consistent in that regard.
There was a problem hiding this comment.
seems like the other flags using defaults are also used elsewhere, so seems like it makes sense to keep it as is 👍
maintainer-s-little-helper
bot
added
the
ready-to-merge
maintainer-s-little-helper
bot
added
the
ready-to-merge
clustermesh externalworkloads command still works under Helm mode
cilium/cilium-cli#1623
giorio94
added
the
needs-backport/1.13
|
Marked as needs-backport for v1.13: #26049 (comment) |
nbusseneau
added
backport-pending/1.13
maintainer-s-little-helper
bot
moved this from Needs backport from main
to Backport pending to v1.13
in 1.13.3
tklauser
added
backport-done/1.13
|
will the helm change be backported into the release branch? https://github.com/cilium/cilium/tree/v1.13.3/install/kubernetes/cilium |
|
Yes, this change has been backported to v1.13 (although it is not yet part of any release). |
Currently, the support for external workloads is always enabled in the clustermesh-apiserver. Yet, this feature requires the synchronization of all the services present in the cluster to the kvstore, including the corresponding backends (plain clustermesh instead only requires the synchronization of shared services and associated backends).
Given that full synchronization is quite onerous in large clusters, let's make it configurable through a dedicated flag. By default, it is enabled, in order not to modify the current behavior when unspecified (e.g., by the legacy Cilium CLI). When installing cilium through Helm, instead, it is configured according to the pre-existing
externalWorkloads.enabledconfiguration entry.