-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
install: Fail helm if kube-proxy-replacement is not valid #25907
Conversation
57945b2
to
292ed3e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
@@ -54,6 +54,9 @@ | |||
{{- $bpfCtTcpMax := (coalesce .Values.bpf.ctTcpMax $defaultBpfCtTcpMax) -}} | |||
{{- $bpfCtAnyMax := (coalesce .Values.bpf.ctAnyMax $defaultBpfCtAnyMax) -}} | |||
{{- $kubeProxyReplacement := (coalesce .Values.kubeProxyReplacement $defaultKubeProxyReplacement) -}} | |||
{{- if and (ne $kubeProxyReplacement "disabled") (ne $kubeProxyReplacement "partial") (ne $kubeProxyReplacement "strict") }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
any reason to have this check here instead of validation.yaml? I assume the $defaultKubeProxyReplacement is always having valid value.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
$defaultKubeProxyReplacement
is computed only in this file, so I'm assuming it is not having the same values in validation.yaml
, or at least that seems to be the case.
/test |
Travis hit a known flake #24678 |
/ci-l4lb |
ci-l4lb fails for a verifier fail #25892, needs a rebase to pick up a fix in main. |
Fail helm if kube-proxy-replacement is set or defaults to an invalid value. kube-proxy-replacement can be defaulted to a deprecated (and since removed) "probe" value. User can also set it into an incorrect value explicitly. It is better to fail on helm than cilium agent failing to start. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
292ed3e
to
c824261
Compare
/test |
Fail helm if kube-proxy-replacement is set or defaults to an invalid value.
kube-proxy-replacement can be defaulted to a deprecated (and since removed) "probe" value. User can also set it into an incorrect value explicitly. It is better to fail on helm than cilium agent failing to start.