From ef21c3df38ffabd10d86efea5cd9f9ebd58e8577 Mon Sep 17 00:00:00 2001 From: Stefan Bueringer Date: Mon, 9 Jan 2023 15:09:26 +0100 Subject: [PATCH] fixup --- .../v1beta1/kubeadm_control_plane_webhook.go | 7 ++ .../kubeadm_control_plane_webhook_test.go | 45 ++++++---- .../internal/workload_cluster_coredns_test.go | 85 ++++++++++++++++++- 3 files changed, 121 insertions(+), 16 deletions(-) diff --git a/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go b/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go index c695710d537d..dd512fe26967 100644 --- a/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go +++ b/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go @@ -620,6 +620,13 @@ func (in *KubeadmControlPlane) validateVersion(previousVersion string) (allErrs ) } + // The Kubernetes ecosystem has been requested to move users to the new registry due to cost issues. + // This validation enforces the move to the new registry by forcing users to upgrade to kubeadm versions + // with the new registry. + // NOTE: This only affects users relying on the community maintained registry. + // NOTE: Pinning to the upstream registry is not recommended because it could lead to issues + // given how the migration has been implemented in kubeadm. + // // Block if imageRepository is not set (i.e. the default registry should be used), if (in.Spec.KubeadmConfigSpec.ClusterConfiguration == nil || in.Spec.KubeadmConfigSpec.ClusterConfiguration.ImageRepository == "") && diff --git a/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook_test.go b/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook_test.go index 19250e5325dd..3ead11553c28 100644 --- a/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook_test.go +++ b/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook_test.go @@ -1039,7 +1039,9 @@ func TestValidateVersion(t *testing.T) { newVersion: "invalid-version", expectErr: true, }, - // Validation of upgrade to v1.19.0. + // Validation that we block upgrade to v1.19.0. + // Note: Upgrading to v1.19.0 is not supported, because of issues in v1.19.0, + // see: https://github.com/kubernetes-sigs/cluster-api/issues/3564 { name: "error when upgrading to v1.19.0", oldVersion: "v1.18.8", @@ -1065,7 +1067,14 @@ func TestValidateVersion(t *testing.T) { newVersion: "v1.21.18", expectErr: false, }, - // Validation for old registry. + // Validation for usage of the old registry. + // Notes: + // * kubeadm versions < v1.22 are always using the old registry. + // * kubeadm versions >= v1.25.0 are always using the new registry. + // * kubeadm versions in between are using the new registry + // starting with certain patch versions. + // This test validates that we don't block upgrades for < v1.22.0 and >= v1.25.0 + // and block upgrades to kubeadm versions in between with the old registry. { name: "pass when imageRepository is set", clusterConfiguration: &bootstrapv1.ClusterConfiguration{ @@ -1082,45 +1091,51 @@ func TestValidateVersion(t *testing.T) { expectErr: false, }, { - name: "pass when version is below migration range", + name: "pass when new version is < v1.22.0", oldVersion: "v1.20.10", newVersion: "v1.21.5", expectErr: false, }, { - name: "error when version is using old registry and in migration range (lower boundary)", + name: "error when new version is using old registry (v1.22.0 <= version <= v1.22.16)", oldVersion: "v1.21.1", - newVersion: "v1.22.0", + newVersion: "v1.22.16", // last patch release using old registry expectErr: true, }, { - name: "pass when version is using new registry and in migration range (lower boundary)", + name: "pass when new version is using new registry (>= v1.22.17)", oldVersion: "v1.21.1", - newVersion: "v1.22.17", + newVersion: "v1.22.17", // first patch release using new registry expectErr: false, }, { - name: "error when version is using old registry and in migration range (middle)", + name: "error when new version is using old registry (v1.23.0 <= version <= v1.23.14)", oldVersion: "v1.22.17", - newVersion: "v1.23.14", + newVersion: "v1.23.14", // last patch release using old registry expectErr: true, }, { - name: "pass when version is using new registry and in migration range (middle)", + name: "pass when new version is using new registry (>= v1.23.15)", oldVersion: "v1.22.17", - newVersion: "v1.23.15", + newVersion: "v1.23.15", // first patch release using new registry expectErr: false, }, { - name: "error when version is using old registry and in migration range (upper boundary)", + name: "error when new version is using old registry (v1.24.0 <= version <= v1.24.8)", oldVersion: "v1.23.1", - newVersion: "v1.24.8", + newVersion: "v1.24.8", // last patch release using old registry expectErr: true, }, { - name: "pass when version is using new registry and in migration range (upper boundary)", + name: "pass when new version is using new registry (>= v1.24.9)", oldVersion: "v1.23.1", - newVersion: "v1.24.9", + newVersion: "v1.24.9", // first patch release using new registry + expectErr: false, + }, + { + name: "pass when new version is using new registry (>= v1.25.0)", + oldVersion: "v1.24.8", + newVersion: "v1.25.0", // uses new registry expectErr: false, }, } diff --git a/controlplane/kubeadm/internal/workload_cluster_coredns_test.go b/controlplane/kubeadm/internal/workload_cluster_coredns_test.go index 13ff7c2e96e0..bac6124e733b 100644 --- a/controlplane/kubeadm/internal/workload_cluster_coredns_test.go +++ b/controlplane/kubeadm/internal/workload_cluster_coredns_test.go @@ -1151,9 +1151,70 @@ func TestGetCoreDNSInfo(t *testing.T) { ToImageTag: "1.7.2-foobar.1", }, }, + { + name: "uses global config ImageRepository if DNS ImageRepository is not set", + objs: []client.Object{newCoreDNSInfoDeploymentWithimage(imageSomeFolder162), cm}, + clusterConfig: &bootstrapv1.ClusterConfiguration{ + ImageRepository: "globalRepo/sub-path", + DNS: bootstrapv1.DNS{ + ImageMeta: bootstrapv1.ImageMeta{ + ImageTag: "1.7.2-foobar.1", + }, + }, + }, + expectedInfo: coreDNSInfo{ + CurrentMajorMinorPatch: "1.6.2", + FromImageTag: "1.6.2", + TargetMajorMinorPatch: "1.7.2", + FromImage: imageSomeFolder162, + ToImage: "globalRepo/sub-path/coredns:1.7.2-foobar.1", + ToImageTag: "1.7.2-foobar.1", + }, + }, + { + name: "uses DNS ImageRepository config if both global and DNS-level are set", + objs: []client.Object{newCoreDNSInfoDeploymentWithimage(imageSomeFolder162), cm}, + clusterConfig: &bootstrapv1.ClusterConfiguration{ + ImageRepository: "globalRepo", + DNS: bootstrapv1.DNS{ + ImageMeta: bootstrapv1.ImageMeta{ + ImageRepository: "dnsRepo", + ImageTag: "1.7.2-foobar.1", + }, + }, + }, + expectedInfo: coreDNSInfo{ + CurrentMajorMinorPatch: "1.6.2", + FromImageTag: "1.6.2", + TargetMajorMinorPatch: "1.7.2", + FromImage: imageSomeFolder162, + ToImage: "dnsRepo/coredns:1.7.2-foobar.1", + ToImageTag: "1.7.2-foobar.1", + }, + }, + { + name: "patches ImageRepository to registry.k8s.io if it's set on neither global nor DNS-level and kubernetesVersion >= v1.25", + objs: []client.Object{newCoreDNSInfoDeploymentWithimage(imageSomeFolder162), cm}, + clusterConfig: &bootstrapv1.ClusterConfiguration{ + DNS: bootstrapv1.DNS{ + ImageMeta: bootstrapv1.ImageMeta{ + ImageTag: "1.7.2-foobar.1", + }, + }, + }, + kubernetesVersion: semver.MustParse("1.25.0"), + expectedInfo: coreDNSInfo{ + CurrentMajorMinorPatch: "1.6.2", + FromImageTag: "1.6.2", + TargetMajorMinorPatch: "1.7.2", + FromImage: imageSomeFolder162, + ToImage: "registry.k8s.io/some-folder/coredns:1.7.2-foobar.1", + ToImageTag: "1.7.2-foobar.1", + }, + }, { name: "rename to coredns/coredns when upgrading to coredns=1.8.0 and kubernetesVersion=1.22.16", - // 1.22.16 has k8s.gcr.io as default registry. Thus the registry doesn't get changed as + // 1.22.16 uses k8s.gcr.io as default registry. Thus the registry doesn't get changed as // FromImage is already using k8s.gcr.io. objs: []client.Object{newCoreDNSInfoDeploymentWithimage("k8s.gcr.io/coredns:1.6.2"), cm}, clusterConfig: &bootstrapv1.ClusterConfiguration{ @@ -1195,6 +1256,28 @@ func TestGetCoreDNSInfo(t *testing.T) { ToImageTag: "1.8.0", }, }, + { + name: "rename to coredns/coredns when upgrading to coredns=1.8.0 and kubernetesVersion=1.26.0", + // 1.26.0 uses registry.k8s.io as default registry. Thus the registry doesn't get changed as + // FromImage is already using registry.k8s.io. + objs: []client.Object{newCoreDNSInfoDeploymentWithimage("registry.k8s.io/coredns:1.6.2"), cm}, + clusterConfig: &bootstrapv1.ClusterConfiguration{ + DNS: bootstrapv1.DNS{ + ImageMeta: bootstrapv1.ImageMeta{ + ImageTag: "1.8.0", + }, + }, + }, + kubernetesVersion: semver.MustParse("1.26.0"), + expectedInfo: coreDNSInfo{ + CurrentMajorMinorPatch: "1.6.2", + FromImageTag: "1.6.2", + TargetMajorMinorPatch: "1.8.0", + FromImage: "registry.k8s.io/coredns:1.6.2", + ToImage: "registry.k8s.io/coredns/coredns:1.8.0", + ToImageTag: "1.8.0", + }, + }, { name: "patches ImageRepository to registry.k8s.io if it's set on neither global nor DNS-level and kubernetesVersion >= v1.22.17 and rename to coredns/coredns", // 1.22.17 has registry.k8s.io as default registry. Thus the registry gets changed as