kube-agent-update: Use the RFD-184 webapi proxy update protocol by default when possible #50464
+202
−23
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
🤖 Vercel preview here: https://docs-9hn260mmh-goteleport.vercel.app/docs |
b1fac70 to
f31a176
Compare
|
🤖 Vercel preview here: https://docs-9wrdwc7ne-goteleport.vercel.app/docs |
sclevine
approved these changes
Jan 16, 2025
vapopov
approved these changes
Jan 16, 2025
bernardjkim
approved these changes
Jan 16, 2025
tigrato
reviewed
Jan 17, 2025
integrations/kube-agent-updater/cmd/teleport-kube-agent-updater/main.go
Outdated
Show resolved
Hide resolved
| @@ -106,7 +112,16 @@ func main() { | |||
| ctrl.Log.Error(trace.BadParameter("--agent-namespace empty"), "agent-namespace must be provided") | |||
| os.Exit(1) | |||
| } | |||
| if versionServer == "" && proxyAddress == "" { | |||
There was a problem hiding this comment.
should we also validate that both aren't empty?
There was a problem hiding this comment.
Having both set is a valid configuration (and the default one for most clusters). We will try first via the proxy addr, then fallback to the version server if the proxy responds but does not support the new agent AUs.
|
|
||
| // If the version server is specified, we enable RFD-109 updates | ||
| // See https://github.com/gravitational/teleport/blob/master/rfd/0109-cloud-agent-upgrades.md#kubernetes-model | ||
| if versionServer != "" { |
There was a problem hiding this comment.
should this be a if else instead? Having both versionServer and proxyAddress can create problems?
There was a problem hiding this comment.
We explicitly want to support both at the same time and do a failover based on which one is implemented. That's because we don't know in Helm if the proxy server supports the new updater API. This way we are doing some opportunistic thing by default:
- if no custom version server is specified in the chart, we set both proxy && version server
- if the proxy implements the update protocol, it takes precedence
- else we fall back to the good ol' version server
- we don't change anything if we're a custom version server is set in the chart because that would be a breaking change
…fault when possible
…r/main.go Co-authored-by: Tiago Silva <tiago.silva@goteleport.com>
45d342b to
d4dcb01
Compare
|
Amplify deployment status
|
tigrato
approved these changes
Jan 17, 2025
mvbrock
pushed a commit
that referenced
this pull request
Jan 18, 2025
…fault when possible (#50464) * kube-agent-update: Use the RFD-184 webapi proxy update protocol by default when possible * Update integrations/kube-agent-updater/cmd/teleport-kube-agent-updater/main.go Co-authored-by: Tiago Silva <tiago.silva@goteleport.com> * log update group --------- Co-authored-by: Tiago Silva <tiago.silva@goteleport.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Part of: RFD-184
Goal (internal): https://github.com/gravitational/cloud/issues/10289
This PR does two changes: