Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fail if partitions enabled with federation #892

Merged
merged 2 commits into from
Dec 6, 2021
Merged

Fail if partitions enabled with federation #892

merged 2 commits into from
Dec 6, 2021

Conversation

thisisnotashwin
Copy link
Contributor

@thisisnotashwin thisisnotashwin commented Dec 2, 2021
edited
Loading

Changes proposed in this PR:

  • Fail if Admin Partitions and WAN federation are both enabled as they are mutually exclusive.
  • Fixup changelog.

How I've tested this PR:

  • BATS

How I expect reviewers to test this PR:

  • 👀

Checklist:

  • Tests added
  • CHANGELOG entry added

    HashiCorp engineers only, community PRs should not add a changelog entry.
    Entries should use present tense (e.g. Add support for...)

@thisisnotashwin thisisnotashwin force-pushed the fail-if-partitions-enabled-with-federation branch from 6e9a73f to 0e4d3a0 Compare December 2, 2021 16:05
@thisisnotashwin thisisnotashwin requested review from ishustava, a team and ndhanushkodi and removed request for a team December 2, 2021 16:09
@thisisnotashwin thisisnotashwin marked this pull request as ready for review December 2, 2021 16:10
ishustava
ishustava approved these changes Dec 2, 2021
View reviewed changes
charts/consul/templates/client-daemonset.yaml
@@ -2,6 +2,7 @@
{{- if (and (and .Values.global.tls.enabled .Values.global.tls.httpsOnly) (and .Values.global.metrics.enabled .Values.global.metrics.enableAgentMetrics))}}{{ fail "global.metrics.enableAgentMetrics cannot be enabled if TLS (HTTPS only) is enabled" }}{{ end -}}
{{- $serverEnabled := (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) -}}
{{- if (and .Values.global.adminPartitions.enabled $serverEnabled (ne .Values.global.adminPartitions.name "default"))}}{{ fail "global.adminPartitions.name has to be \"default\" in the server cluster" }}{{ end -}}
{{- if and .Values.global.federation.enabled .Values.global.adminPartitions.enabled }}{{ fail "If global.federation.enabled is true, global.adminPartitions.enabled must be false because they are mutually exclusive" }}{{ end }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need this check on the clients? I think federation is only possible if servers are also enabled

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is true. I put a check on clients in case someone was using a values file with federation set to enabled on a non-default admin partition.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think federation is only possible if servers are also enabled

I think actually we require federation: true if doing HCP federation. I can double check.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we have a situation where we might have federation enabled and partitions enabled? Consul Core intends on disabling this. https://github.com/hashicorp/consul-enterprise/pull/1391
Am I confusing specifics?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm saying that I think we need to keep this check here rather than on the server statefulset since potentially someone has:

server:
  enabled: false
global:
  federation:
    enabled: true

Although that being said I haven't had time to find out if we actually do use this for HCP fed.

@thisisnotashwin thisisnotashwin merged commit e0f3b71 into main Dec 6, 2021
@thisisnotashwin thisisnotashwin deleted the fail-if-partitions-enabled-with-federation branch December 6, 2021 19:26
rrondeau pushed a commit to rrondeau/consul-k8s that referenced this pull request Dec 21, 2021
@ilpianista
[syncCatalog] support extra labels (hashicorp#892)
a0ace4c
rrondeau pushed a commit to rrondeau/consul-k8s that referenced this pull request Dec 21, 2021
@lkysow
Update changelog for hashicorp#892 (hashicorp#893)
e224fa4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ishustava ishustava ishustava approved these changes

@lkysow lkysow lkysow approved these changes

@ndhanushkodi ndhanushkodi Awaiting requested review from ndhanushkodi

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@thisisnotashwin @lkysow @ishustava