Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document required metadata for cluster-credentials secret in linkerd namespace #11542

Closed
Majkel1999 opened this issue Oct 27, 2023 · 3 comments
Closed

Document required metadata for cluster-credentials secret in linkerd namespace #11542

Majkel1999 opened this issue Oct 27, 2023 · 3 comments
Labels
enhancement wontfix

Comments

@Majkel1999
Copy link

What problem are you trying to solve?

When using the linkerd-multicluster extensions, the cluster-credentials-... Secret, residing in LinkerD control-plane namespace, has required labels and annotations - https://github.com/linkerd/linkerd2/blob/ce950d17c60eab8c7c2a3e67c130241f96056ac2/controller/api/destination/watcher/cluster_store.go#L63C1-L67.

If the labels are not present, the linkerd-destination deployment will throw errors like:

Failed to get remote cluster <remote-cluster-name> addr=":8086" component=server remote="<ip>"

This is not documented and causes issues when deploying this secret without that specific metadata - for example using any automated secret manager or any other CI/CD tooling.

How should the problem be solved?

Document the required metadata and how to troubleshoot this issue. This should include both the required labels and annotations, as well as example log output from linkerd-destination to ensure the process is easy to follow.

Any alternatives you've considered?

Using the cluster-credentials-<remote-cluster-name> Secret name as an indicator of the correct credentials. This obviously has it's own issues, but would solve that.

How would users interact with this feature?

No response

Would you like to work on this feature?

yes
@kflynn
Copy link
Member

kflynn commented Oct 31, 2023

Hi @Majkel1999, thanks for calling this out! If you'd like to work on it, a PR into the https://github.com/linkerd/website repo is the easiest way -- check out the linkerd.io/content/2.14/reference directory. Let me know if you have questions!

@Majkel1999
Copy link
Author

Majkel1999 commented Nov 5, 2023
edited
Loading

Hi @kflynn, taking a look at the structure of docs it's not clear for me where it'd be best to document that - there's no Troubleshooting page, which would fit best. I suppose adding this to the end of linkerd.io/content/2.14/tasks/pod-to-pod-multicluster.md would be the best. Let me know what you think of it.

Edit

My proposition: linkerd/website#1705

@Majkel1999 Majkel1999 mentioned this issue Nov 5, 2023
Open
@stale Stale
Copy link

stale bot commented Feb 4, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Feb 4, 2024
@stale stale bot closed this as completed Feb 19, 2024
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 21, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kflynn @Majkel1999