Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: update CA trust bundle for kubecost containers #3004

Merged
merged 4 commits into from
Jan 13, 2025
Merged

feat: update CA trust bundle for kubecost containers #3004

merged 4 commits into from
Jan 13, 2025

Conversation

takirala
Copy link
Contributor

@takirala takirala commented Jan 10, 2025
edited
Loading

What problem does this PR solve?:

  • Kubecost Update: Bumps Kubecost to version 2.5.2 to incorporate the new update-ca-trust init container from the latest chart. This enables the attached cluster's Kubecost to communicate with the management cluster's COSI bucket using a custom CA.
  • Entrypoint Renaming: Renames the velero-ceph entrypoint to external-ceph. This is purely a metadata change and does not affect functionality (e.g., ports remain unchanged).
  • Ingress Migration: Moves the velero-ceph ingress definition from the Velero app to the Ceph app. This ensures the ingress is deployed whenever Ceph is deployed, aligning with its use by both the Velero CLI and Kubecost agents. Deploying it from the Ceph app avoids redundancy and simplifies management. Additionally, since the rename changes the ingress name, upgrades will not encounter naming conflicts.
  • Image Overrides: Removes some image overrides in the Kubecost definition to use the upstream chart's recommended defaults.
  • COSI Driver Relocation: Moves the Ceph COSI driver from the Kubecost definition to the Ceph app. Ceph-agnostic COSI resources remain in the Kubecost definition.

Which issue(s) does this PR fix?:

https://jira.nutanix.com/browse/NCN-104938

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Checklist

  • If the PR adds a version bump, ensure there is no breaking change in Licensing model (or NA).
  • If a chart is changed or app configuration is significantly changed, the chart version is correctly incremented (so that apps are not automatically upgraded from a previous version of DKP).

@takirala
feat: use custom CA in cosi
7c5f3fe 
Signed-off-by: Tarun Gupta Akirala <[email protected]>
@github-actions github-actions bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. services/rook-ceph-cluster services/traefik services/kubecost services/velero labels Jan 10, 2025
@mesosphere-ci mesosphere-ci added ok-to-test Signals mergebot that CI checks are ready to be kicked off do-not-merge/testing Do not merge because there is still on-going testing open-kommander-pr Automatically triggers the creation of a PR in Kommander repo update-licenses signals mergebot to update licenses.d2iq.yaml labels Jan 10, 2025
@github-actions GitHub Actions
Copy link
Contributor

✅ Created Kommander branch to test kommander-applications changes: https://github.com/mesosphere/kommander/tree/kapps/main/tga/kubecost-use-custom-ca

@coveralls
Copy link

coveralls commented Jan 10, 2025
edited
Loading

Pull Request Test Coverage Report for Build 12754563307

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 51.703%
Totals Coverage Status
Change from base Build 12702082266: 0.0%
Covered Lines: 167
Relevant Lines: 323
💛 - Coveralls

@takirala takirala changed the title feat: use custom CA in cosi feat: update CA trust bundle for kubecost containers Jan 10, 2025
@takirala takirala removed the do-not-merge/testing Do not merge because there is still on-going testing label Jan 10, 2025
@takirala takirala marked this pull request as ready for review January 13, 2025 04:27
@takirala takirala self-assigned this Jan 13, 2025
@mesosphere-ci mesosphere-ci added the do-not-merge/testing Do not merge because there is still on-going testing label Jan 13, 2025
@takirala
test: update appspecific suite
0b907bd 
Signed-off-by: Tarun Gupta Akirala <[email protected]>
@takirala takirala merged commit 9be2701 into main Jan 13, 2025
34 checks passed
@takirala takirala deleted the tga/kubecost-use-custom-ca branch January 13, 2025 19:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mhrabovcin mhrabovcin mhrabovcin approved these changes

@cwyl02 cwyl02 cwyl02 approved these changes

@mikolajb mikolajb Awaiting requested review from mikolajb

Assignees

@takirala takirala

Labels
do-not-merge/testing Do not merge because there is still on-going testing ok-to-test Signals mergebot that CI checks are ready to be kicked off open-kommander-pr Automatically triggers the creation of a PR in Kommander repo services/kubecost services/rook-ceph-cluster services/traefik services/velero size/L Denotes a PR that changes 100-499 lines, ignoring generated files. update-licenses signals mergebot to update licenses.d2iq.yaml
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@takirala @coveralls @mhrabovcin @cwyl02 @mesosphere-ci @d2iq-mergebot