-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump default Kubernetes version to v1.22.1 and update addons to with new API (ingress, gcpauth, olm and cilium) #12325
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: prezha The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/ok-to-test |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
/retest-this-please |
This comment has been minimized.
This comment has been minimized.
@prezha thank you can u plz also fix the cilium and other addon failure son docker Linux ? |
This comment has been minimized.
This comment has been minimized.
@medyagh i've added changes that should also fix the gcpauth and olm as well |
de97041
to
f3af986
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
f3af986
to
7466e4a
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
cilium seems to be the last reaminaing test to be fixed then we can merge |
This comment has been minimized.
This comment has been minimized.
nice job @prezha test look good, just need to fix lint |
This comment has been minimized.
This comment has been minimized.
@medyagh sure, cilium is fixed now as well :) |
kvm2 driver with docker runtime
Times for minikube start: 48.1s 47.0s 46.3s 47.2s 47.1s Times for minikube ingress: 32.8s 32.3s 31.9s 39.4s 32.4s docker driver with docker runtime
Times for minikube (PR 12325) start: 21.0s 20.7s 21.2s 20.9s 20.8s Times for minikube ingress: 35.0s 36.5s 36.0s 31.0s 37.5s docker driver with containerd runtime
Times for minikube start: 31.7s 43.8s 30.3s 43.7s 43.7s |
These are the flake rates of all failed tests.
Too many tests failed - See test logs for more details. To see the flake rates of all tests by environment, click here. |
great work @prezha thank you for all of the work on this PR |
@sudheerab27 #12299 was closed almost two years ago - perhaps you wanted to reference something else? in general, minikube's ingress deployment yaml is based on kind's one:
but it has to be adapted - ie, not a simply full copy&paste i hope that helps and do let me know if you need any additional help |
fixes #12299
tldr: with this pr, ingress, gcpauth, olm and cilium should also work with the latest k8s v1.22+
there are still a lot of moving parts there and i'll try to document them here
changes and notes:
ValidatingWebhookConfiguration
- as many suggested as a workaround to use atmbackground - deprecation announcement: Updating NGINX-Ingress to use the stable Ingress API
many issues and conversations around this breaking change, kubernetes/ingress-nginx#7448 is a useful read
NGINX Ingress Controller (aka ingress-nginx/controller)
latest stable release v0.49.0 does not work with k8s v1.22+,
v1.0.0 Beta 3
works but only with k8s v1.19+ (https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.0.0-beta.3) introducing breaking changes: https://github.com/kubernetes/ingress-nginx/#support-versions-tableKubernetes webhook certificate generator and patcher (aka kube-webhook-certgen)
so far,
jet/kube-webhook-certgen
was used (https://github.com/jet/kube-webhook-certgen), but it's not yet updated to work with k8s v1.22+, ie,docker.io/jettech/kube-webhook-certgen:v1.5.1 does not work, neither the newer docker.io/jettech/kube-webhook-certgen:v1.5.2 (https://hub.docker.com/layers/jettech/kube-webhook-certgen/v1.5.2/images/sha256-4709d4110f667ba19875d17a23c04ab016c03ae6493d456fb41d942854b23ac1?context=explore)
there's an open issue (kubernetes/ingress-nginx#7418) and pr (jet/kube-webhook-certgen#30) that could address that at some point
in the meantime, upstream already
forked
this repo and adapted it (https://github.com/kubernetes/ingress-nginx/tree/main/images/kube-webhook-certgen):but https://github.com/kubernetes/ingress-nginx/tree/main/images states:
so, i manually built the kube-webhook-certgen image from the upstream repo (https://github.com/kubernetes/ingress-nginx/blob/main/images/kube-webhook-certgen/Makefile => https://hub.docker.com/repository/docker/prezha/kube-webhook-certgen), but then i've found the "official" image that can be used -
k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0@sha256:f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068
:https://github.com/kubernetes/ingress-nginx/blob/557604f4ef526f7755d36089b617bc7686c389f9/deploy/static/provider/kind/deploy.yaml#L612
that is:
https://github.com/kubernetes/ingress-nginx/blob/557604f4ef526f7755d36089b617bc7686c389f9/deploy/static/provider/kind/deploy.yaml#L660
examples
just-ingress@docker test:
just-ingress@kvm test:
full test (filtered):
simulated backwards compatibility test with k8s v1.19.0 and old deployment (apis) and images for ingress: