Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump github.com/gardener/gardener to 1.86.0 #327

Merged
merged 8 commits into from
Jan 10, 2024
Merged

Bump github.com/gardener/gardener to 1.86.0 #327

merged 8 commits into from
Jan 10, 2024

Conversation

timuthy
Copy link
Member

@timuthy timuthy commented Jan 5, 2024

How to categorize this PR?

/area open-source
/kind enhancement
What this PR does / why we need it:
This PR updates the github.com/gardener/gardener dependency to v1.86.0. As a consequence, admission CA and service certificates are now managed automatically. The vendor directory is removed as well.

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

Release note:

Bump github.com/gardener/gardener to 1.86.0.

CA and server certificates for the admission component are managed automatically. Passing custom certificates via Helm values is not supported anymore.

The `vendor` directory was removed in favor of the `go mod cache`.

@timuthy timuthy requested review from a team as code owners January 5, 2024 14:53
@gardener-robot gardener-robot added area/open-source Open Source (community, enablement, contributions, conferences, CNCF, etc.) related kind/enhancement Enhancement, improvement, extension needs/review Needs review labels Jan 5, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jan 5, 2024
@gardener-robot gardener-robot added size/xl Size of pull request is huge (see gardener-robot robot/bots/size.py) needs/second-opinion Needs second review by someone else labels Jan 5, 2024
@gardener-robot-ci-3 gardener-robot-ci-3 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jan 5, 2024
@timuthy
Adjust admission webhook
36afd4b
@timuthy
Enable leader election for admission controller
a79f9db 
Since admission controllers now run the certificate controller, leader election must be enabled to prevent any interference.
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jan 5, 2024
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jan 5, 2024
ScheererJ
ScheererJ requested changes Jan 9, 2024
View reviewed changes
Copy link
Member

@ScheererJ ScheererJ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this huge change. I have a few questions.

Makefile Outdated Show resolved Hide resolved
Makefile Show resolved Hide resolved
hack/update-codegen.sh Outdated Show resolved Hide resolved
@gardener-robot gardener-robot added the needs/changes Needs (more) changes label Jan 9, 2024
@ScheererJ ScheererJ mentioned this pull request Jan 9, 2024
Closed
@ScheererJ
Copy link
Member

Can we remove https://github.com/gardener/gardener-extension-networking-calico/blob/2ab298f479ca9a637caa74317e1101d7a3f99b50/.ci/verify#L12C1-L15C68 now similar to gardener/gardener-extension-shoot-networking-filter#111?

@ScheererJ
Copy link
Member

Can you please adapt https://github.com/gardener/gardener-extension-networking-calico/blob/master/.github/workflows/vendor_gardener.yaml as well (revendor => tidy) similar to gardener/gardener-extension-shoot-networking-filter#111?

@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jan 9, 2024
timuthy added a commit to timuthy/gardener-extension-provider-gcp that referenced this pull request Jan 10, 2024
@timuthy
Address review comments
2874ebe 
Address review comments from similar PR gardener/gardener-extension-networking-calico#327.
timuthy added a commit to timuthy/gardener-extension-shoot-rsyslog-relp that referenced this pull request Jan 10, 2024
@timuthy
Address review comment
4ee11a6 
Address review comment from similar PR gardener/gardener-extension-networking-calico#327.
timuthy added a commit to timuthy/gardener-extension-provider-openstack that referenced this pull request Jan 10, 2024
@timuthy
Address review comments
6add473 
Address review comments from similar PR gardener/gardener-extension-networking-calico#327.
timuthy added a commit to timuthy/gardener-extension-provider-azure that referenced this pull request Jan 10, 2024
@timuthy
Address review comments
0668b9a 
Address review comments from similar PR gardener/gardener-extension-networking-calico#327.
timuthy added a commit to timuthy/gardener-extension-provider-alicloud that referenced this pull request Jan 10, 2024
@timuthy
Address review comments
dbb5204 
Address review comments from similar PR gardener/gardener-extension-networking-calico#327.
ScheererJ
ScheererJ approved these changes Jan 10, 2024
View reviewed changes
Copy link
Member

@ScheererJ ScheererJ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@gardener-robot gardener-robot added reviewed/lgtm Has approval for merging and removed needs/changes Needs (more) changes needs/review Needs review needs/second-opinion Needs second review by someone else labels Jan 10, 2024
@ScheererJ ScheererJ merged commit 4a42719 into gardener:master Jan 10, 2024
10 checks passed
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Jan 10, 2024
@gardener-robot-ci-3 gardener-robot-ci-3 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jan 10, 2024
@timuthy timuthy deleted the enh.gardener-v186 branch January 10, 2024 10:27
kon-angelo pushed a commit to gardener/gardener-extension-provider-azure that referenced this pull request Jan 16, 2024
@timuthy
Bump github.com/gardener/gardener to 1.86.0 (#774)
e831660 
* Update `github.com/gardener/gardener` to `v1.86.0`

* Remove vendor dir

* Adjust paths after vendor removal

* [make tidy]

* [make generate]

* Adjust admission webhook

* Enable leader election for admission controller

Since admission controllers now run the certificate controller, leader election must be enabled to prevent any interference.

* Restrict admission controller permissions

This change is mostly relevant for deployments without a virtual Garden cluster:
In this case, the admission controller needed cluster-wide list/watch permissions
for secrets. Restricting the cache to the `--webhook-config-namespace` namespace
eliminates this requirement.

* Address review comments

Address review comments from similar PR gardener/gardener-extension-networking-calico#327.
timuthy added a commit to timuthy/gardener-extension-provider-gcp that referenced this pull request Jan 16, 2024
@timuthy
Address review comments
39de792 
Address review comments from similar PR gardener/gardener-extension-networking-calico#327.
kon-angelo pushed a commit to gardener/gardener-extension-provider-gcp that referenced this pull request Jan 17, 2024
@timuthy
Bump github.com/gardener/gardener to 1.86.0 (#675)
69e27ab 
* Update `github.com/gardener/gardener` to `v1.85.1`

* Remove vendor dir

* Adjust paths after vendor removal

* [make tidy]

* [make generate]

* Adjust admission webhook

* Enable leader election for admission controller

Since admission controllers now run the certificate controller, leader election must be enabled to prevent any interference.

* Update `github.com/gardener/gardener` to v1.86.0

* Restrict admission controller permissions

This change is mostly relevant for deployments without a virtual Garden cluster:
In this case, the admission controller needed cluster-wide list/watch permissions
for secrets. Restricting the cache to the `--webhook-config-namespace` namespace
eliminates this requirement.

* Address review comments

Address review comments from similar PR gardener/gardener-extension-networking-calico#327.

* Replace hook-me with Make Target
kon-angelo pushed a commit to gardener/gardener-extension-provider-openstack that referenced this pull request Jan 17, 2024
@timuthy @AndreasBurger
Bump github.com/gardener/gardener to 1.86.0 (#704)
4531784 
* Update `github.com/gardener/gardener` to `v1.86.0`

* Remove vendor dir

* Adjust paths after vendor removal

* [make tidy]

* [make generate]

* Adjust admission webhook

* Enable leader election for admission controller

Since admission controllers now run the certificate controller, leader election must be enabled to prevent any interference.

* Restrict admission controller permissions

This change is mostly relevant for deployments without a virtual Garden cluster:
In this case, the admission controller needed cluster-wide list/watch permissions
for secrets. Restricting the cache to the `--webhook-config-namespace` namespace
eliminates this requirement.

* Address review comments

Address review comments from similar PR gardener/gardener-extension-networking-calico#327.

* fix typo in makefile

* Replace hook-me with Make Target

---------

Co-authored-by: Andreas Burger <andreas.burger@sap.com>
shaoyongfeng pushed a commit to gardener/gardener-extension-provider-alicloud that referenced this pull request Feb 1, 2024
@timuthy
Bump github.com/gardener/gardener to 1.86.0 (#683)
31b7fe0 
* Update `github.com/gardener/gardener` to `v1.83.2`

* Push adjustments for v1.83.2

* [make generate]

* Update `github.com/gardener/gardener` to `v1.86.0`

* Remove vendor dir

* Adjust paths after vendor removal

* [make tidy]

* [make generate]

* Adjust admission webhook

* Enable leader election for admission controller

Since admission controllers now run the certificate controller, leader election must be enabled to prevent any interference.

* Address review comments

Address review comments from similar PR gardener/gardener-extension-networking-calico#327.
timuthy added a commit to timuthy/gardener-extension-shoot-rsyslog-relp that referenced this pull request Feb 26, 2024
@timuthy
Address review comment
0988058 
Address review comment from similar PR gardener/gardener-extension-networking-calico#327.
gardener-prow bot pushed a commit to gardener/gardener-extension-shoot-rsyslog-relp that referenced this pull request Feb 27, 2024
@timuthy
Bump github.com/gardener/gardener to 1.86.0 (#57)
7cd4097 
* Update `github.com/gardener/gardener` to `v1.86.0`

* Remove vendor dir

* Adjust paths after vendor removal

* [make tidy]

* [make generate]

* Adjust admission webhook

* Enable leader election for admission controller

Since admission controllers now run the certificate controller, leader election must be enabled to prevent any interference.

* Remove namespace optimization

The admission controller works with secrets from other namespaces. A restriction is not possible at this point.

* Always set `to-runtime-apiserver` label

This label is required because TLS secrets reside in the runtime cluster.

* Address review comment

Address review comment from similar PR gardener/gardener-extension-networking-calico#327.

* Address review comments II
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ScheererJ ScheererJ ScheererJ approved these changes

Assignees
No one assigned
Labels
area/open-source Open Source (community, enablement, contributions, conferences, CNCF, etc.) related kind/enhancement Enhancement, improvement, extension needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) reviewed/lgtm Has approval for merging reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) size/xl Size of pull request is huge (see gardener-robot robot/bots/size.py) status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@timuthy @ScheererJ @gardener-robot-ci-1 @gardener-robot-ci-2 @gardener-robot-ci-3 @gardener-robot