Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade kustomize-in-kubectl to v5.4.2 #124217

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

upgrade kustomize-in-kubectl to v5.4.2 #124217

wants to merge 2 commits into from
+3,133 −4,647

Conversation

koba1t
Copy link
Member

@koba1t koba1t commented Apr 7, 2024
edited

What type of PR is this?

What this PR does / why we need it:

This upgrades kustomize-in-kubectl to v5.4.2

Which issue(s) this PR fixes:

Fixes kubernetes/kubectl#1572

Special notes for your reviewer:

This is a go.mod change to upgrade the kustomize
dependency from v5.0.4 to v5.4.2

Does this PR introduce a user-facing change?

Upgrades functionality of `kubectl kustomize` as described at
https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv5.0.4 and https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv5.4.2

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Apr 7, 2024
@k8s-ci-robot
Copy link
Contributor

Please note that we're already in Test Freeze for the release-1.30 branch. This means every merged PR will be automatically fast-forwarded via the periodic ci-fast-forward job to the release branch of the upcoming v1.30.0 release.

Fast forwards are scheduled to happen every 6 hours, whereas the most recent run was: Sun Apr 7 07:41:51 UTC 2024.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Apr 7, 2024
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Apr 7, 2024
@k8s-ci-robot k8s-ci-robot added area/apiserver area/cloudprovider area/code-generation area/dependency Issues or PRs related to dependency changes area/kube-proxy area/kubectl area/kubelet sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/architecture Categorizes an issue or PR as relevant to SIG Architecture. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/storage Categorizes an issue or PR as relevant to SIG Storage. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Apr 7, 2024
liggitt
liggitt reviewed Apr 11, 2024
View reviewed changes
vendor/github.com/asaskevich/govalidator/patterns.go Outdated
Copy link
Member

@liggitt liggitt Apr 11, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty sure the CreditCard / URLIP / URL regex changes in this file change format validators used in kube-openapi and therefore in CRD validation in ways that can break cross-version validation of persisted data

I don't think we should bump this until CR ratcheting is present in all supported versions.

Options are to figure out what pulled in this new version and revert it, or snapshot the bits of govalidator we use into kube-openapi to lock our format validation API surface. I'm more in favor of the latter.

cc @sttts @alexzielenski for visibility

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can revert the version of the github.com/asaskevich/govalidator pkg.
kubernetes-sigs/kustomize#5680

I restored that in master branch, so Could you wait to create a new release for kustomize?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @liggitt
We restored the github.com/asaskevich/govalidator version.
Could you recheck this PR?

@cici37
Copy link
Contributor

cici37 commented Apr 11, 2024

/remove-sig api-machinery

@k8s-ci-robot k8s-ci-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. and removed sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. labels Apr 11, 2024
@k8s-ci-robot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@koba1t koba1t mentioned this pull request Apr 25, 2024
Merged
@dims dims mentioned this pull request May 13, 2024
Closed
@dims
Copy link
Member

dims commented May 13, 2024

@koba1t when is the next version of kustomize? also can we please use #124812 there are a bunch more changes in there.

@dgrisonnet
Copy link
Member

/remove-sig instrumentation

@k8s-ci-robot k8s-ci-robot removed the sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. label May 16, 2024
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels May 23, 2024
@koba1t koba1t changed the title upgrade kustomize-in-kubectl to v5.4.1 upgrade kustomize-in-kubectl to v5.4.2 May 23, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: koba1t
Once this PR has been reviewed and has the lgtm label, please assign liggitt, sttts for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. labels May 23, 2024
@koba1t
Copy link
Member Author

koba1t commented May 23, 2024

/retest

@k8s-ci-robot k8s-ci-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels May 23, 2024
@k8s-ci-robot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

liggitt
liggitt reviewed May 28, 2024
View reviewed changes
Copy link
Member

@liggitt liggitt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, the govalidator revert lgtm

just a couple questions on pulling in untagged versions of a couple deps, then lgtm

go.mod
@@ -50,12 +50,12 @@ require (
github.com/opencontainers/runc v1.1.12
github.com/opencontainers/selinux v1.11.0
github.com/pkg/errors v0.9.1
github.com/pmezard/go-difflib v1.0.0
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it intentional this is pulling in a version between tags? do we know if this library expects to be used on a non-tagged version and is stable there?

Copy link
Member Author

@koba1t koba1t May 30, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I didn't notice the two non-tag dependencies added.
I investigated those dependencies and found those two dependencies used in github.com/spf13/viper@v1.17.0.(kubernetes-sigs/kustomize#5541)

https://github.com/spf13/viper/blob/v1.17.0/go.mod#L32
https://github.com/spf13/viper/blob/v1.17.0/go.mod#L61

I think kustomize is still working from those packages that are upgraded due to all tests being passed.
But if you have concerns to make effect other things from the update of those dependencies, I think I can consider downgrading the github.com/spf13/viper/ package, too.

go.mod
@@ -139,7 +139,7 @@ require (
github.com/containerd/ttrpc v1.2.2 // indirect
github.com/coredns/caddy v1.1.1 // indirect
github.com/coreos/go-semver v0.3.1 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it intentional this is pulling in a version between tags? do we know if this library expects to be used on a non-tagged version and is stable there?

@liggitt
Copy link
Member

liggitt commented May 29, 2024

I realized we have 3 parallel PRs attempting to update kustomize... (#124812 #124217 #123339)

#123339 is the oldest and also took care of switching k/k to the v4 json-patch library to avoid using two names for the same library

I really appreciate the work here to get the openapi validator change switched back in kustomize, but I think we should proceed with merging #123339 now)

@liggitt liggitt mentioned this pull request May 29, 2024
Merged
@dashpole
Copy link
Contributor

/remove-sig instrumentation

@k8s-ci-robot k8s-ci-robot removed the sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. label May 30, 2024
@cici37
Copy link
Contributor

cici37 commented May 30, 2024

/remove-sig api-machinery

@k8s-ci-robot k8s-ci-robot removed the sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. label May 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liggitt liggitt liggitt left review comments

@andrewsykim andrewsykim Awaiting requested review from andrewsykim

@brianpursley brianpursley Awaiting requested review from brianpursley

Assignees
No one assigned
Labels
area/apiserver area/cloudprovider area/code-generation area/dependency Issues or PRs related to dependency changes area/kube-proxy area/kubectl area/kubelet cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/architecture Categorizes an issue or PR as relevant to SIG Architecture. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/storage Categorizes an issue or PR as relevant to SIG Storage. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
API Reviews
Status: Changes requested
SIG Auth
Status: !SIG Auth
SIG CLI
Status: Needs Triage
SIG Node PR Triage
Archived in project
SIG Node PR Triage
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update kustomize to a version that supports oci repos
8 participants
@koba1t @k8s-ci-robot @alexzielenski @cici37 @dims @dgrisonnet @liggitt @dashpole