From f09755621518acb19b537487177006172cf488ff Mon Sep 17 00:00:00 2001 From: Jan Kantert Date: Thu, 2 May 2024 16:05:11 +0200 Subject: [PATCH 1/4] Update README.md. Test recommended configuration --- README.md | 72 ++++++++++++++++++++++++++++++++------------ hack/production.yaml | 9 +++++- 2 files changed, 61 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index d8514d10..647a3c59 100644 --- a/README.md +++ b/README.md @@ -4,10 +4,10 @@ # Wave -Wave watches Deployments within a Kubernetes cluster and ensures that each -Deployment's Pods always have up to date configuration. +Wave watches Deployments, StatefulSets and DaemonSets within a Kubernetes +cluster and ensures that their Pods always have up to date configuration. -By monitoring ConfigMaps and Secrets mounted by a Deployment, Wave can trigger +By monitoring mounted ConfigMaps and Secrets mounted, Wave can trigger a Rolling Update of the Deployment when the mounted configuration is changed. ## Introduction @@ -61,6 +61,39 @@ $ helm repo add wave-k8s https://wave-k8s.github.io/wave/ $ helm install wave wave-k8s/wave ``` +Helm will install a minimal setup. +For production setups we recommend the following values: + +``` +# run two replias for HA +replicas: 2 + +# enable webhooks for faster updates +webhooks: + enabled: true + +# make sure that replicas do not restart at the same time +pdb: + enabled: true + +# schedule to multiple AZs +topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: wave + +# set resources. adjust this to your setup +resources: + requests: + memory: 256Mi + cpu: 25m + limits: + memory: 2Gi +``` + #### Deploying with Kustomize Wave is a [Kubebuilder](https://github.com/kubernetes-sigs/kubebuilder) based @@ -80,7 +113,7 @@ instance permission to read all Secrets, ConfigMaps and Deployments and the ability to update Deployments within each namespace in the cluster. Example `ClusterRole` and `ClusterRoleBindings` are available in the -[config/rbac](config/rbac) folder. +[config/rbac](config/rbac) folder or as part of the helm chart. ### Configuration @@ -209,26 +242,27 @@ controller to start a Rolling Update of the Deployment's Pods without changing any of the configuration of the containers or other controllers operation on the Pods and Deployment. -### Finalizers +#### Configuring How Pods are Updated -Wave adds an `OwnerReference` to all ConfigMaps and Secrets that are referenced -by a Deployment. This allows Wave to trigger a reconciliation whenever the -ConfigMaps or Secrets are modified. +Since Wave triggers a Rolling Update you can configure how pods are replaced +in [Strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) field of your Deployment object. +You can choose between `RollingUpdate` (default) and `Recreate`. -Normally, when an owner is deleted, the Kubernetes Garbage Collector deletes all -child resources. This is not desirable and so Wave prevents this from happening. +### Watching -Wave managed Deployments will have a `wave.pusher.com/finalizer` Finalizer -added to them. This allows Wave to perform advanced clean-up operation when a -Deployment is deleted. +Wave watches all ConfigMaps and Secrets that are referenced +by a Deployment. This allows Wave to trigger a reconciliation whenever the +ConfigMaps or Secrets are modified. -When Wave encounters a Deployment marked for deletion that has the Wave -Finalizer, it checks for all ConfigMaps and Secrets with an OwnerReference -pointing to the Deployment and removes the OwnerReference. Thus preventing the -ConfigMaps and Secrets from being deleted by the Garbage Collector. +### Webhooks -Read the docs for more about -[Kubernetes Garbage Collection](https://kubernetes.io/docs/concepts/workloads/controllers/garbage-collection/). +Wave can update Deployments on creation/update using Mutating Webhooks. +This will prevent triggering restarts when adding the hash annotation initially. +Additionally, Wave will prevent scheduling of pods which lack any of their +required Secrets or ConfigMaps to reduce stress on the cluster. +Pods will stay in state `Pending` instead of `ContainerCreating`. +When required Secrets/ConfigMaps have been created Wave will restore the +scheduler and add the config hash without requiring any restarts. ## Communication diff --git a/hack/production.yaml b/hack/production.yaml index fe40d0a6..4de7d10b 100644 --- a/hack/production.yaml +++ b/hack/production.yaml @@ -10,7 +10,14 @@ pdb: topologySpreadConstraints: - maxSkew: 1 topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway + whenUnsatisfiable: DoNotSchedule labelSelector: matchLabels: app: wave + +resources: + requests: + memory: 256Mi + cpu: 25m + limits: + memory: 2Gi \ No newline at end of file From 7b5eb4da7acc02f88700ff71c152570a7b1eb52e Mon Sep 17 00:00:00 2001 From: Jan Kantert Date: Thu, 2 May 2024 16:17:29 +0200 Subject: [PATCH 2/4] add compatibility matrix --- README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/README.md b/README.md index 647a3c59..73210205 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,22 @@ matches the live configuration. It allows developers to discover misconfiguration as it is deployed, rather than when the Pods happen to be re-cycled. +## Compatibility + +Wave uses the the golang Kubernetes client library which only supports +the previous and the next Kubernetes version. +However, since Wave only edits Deployments, Daemonsets and StatefulSet +we can support older Kubernetes verions as long as no fields were removed +from those three objects. +You can find supported versions in the following table: + +| Wave Version | API Client | Maximum Supported Kubernetes Versions | E2E Tested Versions | +|--------------|------------|---------------------------------------|---------------------| +| 0.5 | 1.14 | 1.15 | | +| 0.6+ | 1.29 | 1.30 | 1.21, 1.29 | +| | | | | + + ## Installation Wave is released periodically. The latest version is `v0.5.0` From 3e509df5bf23cdd2b8f934113227d7597c4878c1 Mon Sep 17 00:00:00 2001 From: jabdoa2 Date: Thu, 2 May 2024 16:50:08 +0200 Subject: [PATCH 3/4] Update README.md Co-authored-by: Philipp Riederer --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 73210205..8aafb3f8 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Wave watches Deployments, StatefulSets and DaemonSets within a Kubernetes cluster and ensures that their Pods always have up to date configuration. -By monitoring mounted ConfigMaps and Secrets mounted, Wave can trigger +By monitoring mounted ConfigMaps and Secrets, Wave can trigger a Rolling Update of the Deployment when the mounted configuration is changed. ## Introduction From 42b3a37e2ae97e49b15c7c4f5c84d3ab1a47b44d Mon Sep 17 00:00:00 2001 From: Jan Kantert Date: Thu, 2 May 2024 17:05:47 +0200 Subject: [PATCH 4/4] relax in test --- hack/production.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hack/production.yaml b/hack/production.yaml index 4de7d10b..bcc3e89f 100644 --- a/hack/production.yaml +++ b/hack/production.yaml @@ -10,7 +10,7 @@ pdb: topologySpreadConstraints: - maxSkew: 1 topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: DoNotSchedule + whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: app: wave @@ -20,4 +20,4 @@ resources: memory: 256Mi cpu: 25m limits: - memory: 2Gi \ No newline at end of file + memory: 2Gi