🌱 Update dependencies to v1.19.2 #501
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: vincepri The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
approved
k8s-ci-robot
added
size/XL
| set -o errexit | ||
| set -o nounset | ||
| set -o pipefail | ||
|
|
||
| readlink=$(command -v readlink) | ||
|
|
||
| cd $(dirname $(readlink -f ${BASH_SOURCE[0]})) | ||
| check_readlink() { | ||
| if ! ${readlink} -f &>/dev/null; then | ||
| if [[ "${OSTYPE}" == "darwin"* ]]; then | ||
| if command -v greadlink; then | ||
| readlink=$(command -v greadlink) | ||
| return | ||
| fi | ||
| fi | ||
| echo "you're probably on OSX. Please install gnu readlink -- otherwise you're missing the most useful readlink flag." | ||
| exit 1 | ||
| fi | ||
| } | ||
| current_dir=$(pwd) | ||
| check_readlink | ||
| cd $(dirname $(${readlink} -f ${BASH_SOURCE[0]})) | ||
| go run -v -exec "./.run-in.sh ${current_dir} " ./cmd/controller-gen $@ |
There was a problem hiding this comment.
@DirectXMan12 Made some changes to support gnu readlink on OSX when it's not linked (usually installed with brew install coreutils)
| k8s.io/api v0.19.2 | ||
| k8s.io/apiextensions-apiserver v0.19.2 | ||
| k8s.io/apimachinery v0.19.2 |
There was a problem hiding this comment.
@DirectXMan12 It seems that a test is now failing after updating to v0.19.2
Expected success, but got an error:
<*errors.errorString | 0xc0000b8ed0>: {
s: "converting (v1.MutatingWebhookConfiguration) to (v1beta1.MutatingWebhookConfiguration): unknown conversion",
}
converting (v1.MutatingWebhookConfiguration) to (v1beta1.MutatingWebhookConfiguration): unknown conversion
From 1.19 changelog:
K8s.io/apimachinery - scheme.Convert() now uses only explicitly registered conversions - default reflection based conversion is no longer available. +k8s:conversion-gen tags can be used with the k8s.io/code-generator component to generate conversions.
Change came in: kubernetes/kubernetes#90018
It seems we're relying on scheme.Convert to convert webhooks, and I can't seem to find where/how to register the conversion functions in the admission APIs 🤔, I might be missing something here, although just registering the types with AddToScheme in https://github.com/kubernetes-sigs/controller-tools/blob/master/pkg/webhook/conv.go#L27-L33 doesn't seem enough for the conversions to work.
There was a problem hiding this comment.
Conversions from v1 directly to v1beta1 AdmissionReview objects are not defined, even internally in kube-apiserver.
The API server would convert from one to the other by way of the internal (unversioned) AdmissionReview type:
This conversions and the internal AdmissionReview type are registered in https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/admission/install/install.go but are not exported for use outside the kube-apiserver
The reflect-based conversion controller-tools was depending on previously was closer to decoding v1beta1 JSON into the v1 struct and hoping all the field names stayed the same.
There was a problem hiding this comment.
The reflect-based conversion controller-tools was depending on previously was closer to decoding v1beta1 JSON into the v1 struct and hoping all the field names stayed the same.
It looks like this happens to be the case:
diff staging/src/k8s.io/api/admission/{v1,v1beta1}/types.go2c2
< Copyright 2019 The Kubernetes Authors.
---
> Copyright 2017 The Kubernetes Authors.
17c17
< package v1
---
> package v1beta1
26a27,31
> // +k8s:prerelease-lifecycle-gen:introduced=1.9
> // +k8s:prerelease-lifecycle-gen:deprecated=1.19
> // This API is never server served. It is used for outbound requests from apiservers. This will ensure it never gets served accidentally
> // and having the generator against this group will protect future APIs which may be served.
> // +k8s:prerelease-lifecycle-gen:replacement=admission.k8s.io,v1,AdmissionReview
118c123
< // This must be copied over from the corresponding AdmissionRequest.
---
> // This should be copied over from the corresponding AdmissionRequest.but the fact that the structs happened to be identical between versions was luck, and doesn't mean this is a correct way to convert between them
There was a problem hiding this comment.
Thanks Jordan, it seems the removal of the default reflection-based conversion was definitely a good step, things might have failed silently. For this codebase, I think the best way is to add support for both types, or deprecate one, or write our own conversion functions. @DirectXMan12 @alvaroaleman what do you all think?
There was a problem hiding this comment.
Why do we have a need to convert? APIServers should still serve both or not?
There was a problem hiding this comment.
AdmissionReview is not a served API, it is the API sent by the API server to admission webhooks and expected in response.
I'm not sure why this component is converting... is it trying to unify v1 and v1beta1 AdmissionReview handling to a single type?
There was a problem hiding this comment.
IIRC, we have a single interface that represents "webhook" that can interact with whatever the hook sends, and we autoconvert from whatever the server sends to the version the interface uses.
Part of it was simplifying the writing of the webhook while still giving folks access to the underlying information. We should be able to paper over it, I think, but I haven't looked at this bit in a while.
k8s-ci-robot
added
the
needs-rebase
|
@vincepri this can be updated now. |
|
@estroz Rebased on top of the latest changes, although we still need to apply the same patch we did in Controller Runtime here |
Signed-off-by: Vince Prignano <vincepri@vmware.com>
vincepri
force-pushed
the
update-deps
branch
from
d01e243
to
3e2063f
Compare
k8s-ci-robot
removed
the
needs-rebase
|
|
||
| cd $(dirname $(readlink -f ${BASH_SOURCE[0]})) | ||
| check_readlink() { | ||
| if ! ${readlink} -f &>/dev/null; then |
There was a problem hiding this comment.
This will always fail with no file argument.
$ uname -o
GNU/Linux
$ readlink -f
readlink: missing operand
Try 'readlink --help' for more information.To fix:
| if ! ${readlink} -f &>/dev/null; then | |
| local test_file="$(mktemp)" | |
| trap "rm -f $test_file" EXIT | |
| if ! ${readlink} -f "$test_file" &>/dev/null; then |
|
Could this be upgraded to 1.120 instead since controller-runtime is already using 1.20 ? kubernetes-sigs/controller-runtime#1268 |
|
We should probably release two versions, one for 1.19 and one for 1.20 |
|
@estroz Do you have some time to finish up these changes? |
Signed-off-by: Vince Prignano vincepri@vmware.com