Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configurable Firewall Controller Version #130

Merged
merged 14 commits into from
Dec 14, 2020
Merged

Configurable Firewall Controller Version #130

merged 14 commits into from
Dec 14, 2020

Conversation

mwindower
Copy link
Contributor

@mwindower mwindower commented Nov 24, 2020
edited
Loading

Current situation

  • the firewall-controller version used in a cluster is not included in the shoot spec
  • it is not easily visible which firewall-controller version is
  • it is hard to further develop the firewall-controller because of the long loop: firewall-controller, metal-images, gepm

Wanted

  • controllerVersion should be fully configurable by the user with the shoot spec
  • there should be an additional field controllerVersionAutoUpdate which indicates whether gepm manages the controllerVersion field
  • gepm holds a default version in its imageVector

Constraints

  • if there are api changes in the objects btw. firewall-controller and gepm (FirewallSpec) those need to be visible with the version number! - we'll use semver for that
  • a gepm release supports only minor / patch level changes of the firewall-controller (cluster update with a new major release will be declined)
  • controllerVersion must be a released GitHub artifact of https://github.com/metal-stack/firewall-controller

How can we initially introduce this feature?

  • you need to get a new firewall image that has the firewall-controller self replacement enabled
  • older firewall-images work as expected (because the controllerVersion field will be omitted if empty during serialization)
  • you may enable the auto update to the firewall-controller version mentioned in gepm's imageVector with controllerVersionAutoUpdate: true
  • reconcilation works for clusters having the feature enabled as well as those that don't have it

How to do major version upgrades?

  • use the new firewall-controller in metal-images and release it
  • exchange firewalls and release gepm with the new major version of firewall-controller containing the api changes
  • Problem: reconcilation of existing clusters with old firewall-controllers will fail
    ALTERNATIVE:
  • versioning the Custom Resource Definition for firewalls and support multiple versions in gepm

@mwindower
introduce firewall controller version in infrastructureConfig.firewal…
6c2f4f9 
…l and publish it to the controllerVersion attribute of the firewall spec
@mwindower
use firewall-controller@v0.3.0
11d39f4
@mwindower
version handling
47f7ad7
@mwindower
use new firewall-controller version that does not have the controller…
0812fb9 
… version in the signature struct
@mwindower
use new firewall-controller release
e672b87
@mwindower
Merge branch 'master' into firewall-controller-version
e3c2379
@mwindower
Merge branch 'firewall-controller-version' of https://github.com/meta…
9b20645 
…l-stack/gardener-extension-provider-metal into firewall-controller-version
@mwindower
tidy
440899e
@mwindower
deploy crds with helper functions from firewall-controller
b40f7c0
@mwindower
fix paths to crds
8955d10
@mwindower
use newer resource-manager that contains the PR gardener-attic/garden…
21e7b36 
…er-resource-manager#85
@mwindower mwindower marked this pull request as ready for review December 10, 2020 15:55
@mwindower
deploy crd does not to be touched - failed conversion btw. apiextensi…
ca72467 
…ons.v1 and apiextensions.v1beta1 was caused by the gardener resource manager
Gerrit91
Gerrit91 reviewed Dec 14, 2020
View reviewed changes
charts/images.yaml Outdated Show resolved Hide resolved
@Gerrit91
Copy link
Contributor

The gardener-resource-manager update has to be mentioned in our release notes.

@mwindower mwindower merged commit 2097c5f into master Dec 14, 2020
@mwindower mwindower deleted the firewall-controller-version branch December 14, 2020 12:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Gerrit91 Gerrit91 Gerrit91 approved these changes

@majst01 majst01 Awaiting requested review from majst01

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mwindower @Gerrit91