fix(vendor/scoped): bump k8s version to 1.24, go version to 1.18 and fix scoped client #2794
Conversation
openshift-ci
bot
added
the
approved
Will do |
dinhxuanvu
force-pushed
the
k8s-1.24
branch
6 times, most recently
from
4cd6a15
to
7e1fdfe
Compare
timflannagan
force-pushed
the
k8s-1.24
branch
2 times, most recently
from
6594913
to
3490f9b
Compare
|
Those (upcoming) e2e failures are known issues. The latest k8s minor version release has changed to SA's generating secret tokens, and OLM relies on 1.) that secret being generated and 2.) parsing that token's value. /hold |
openshift-ci
bot
added
the
do-not-merge/hold
dinhxuanvu
changed the title
|
/unhold |
openshift-ci
bot
removed
the
do-not-merge/hold
|
/retest |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dinhxuanvu, perdasilva The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Signed-off-by: Vu Dinh <vudinh@outlook.com>
The apimachinery/pkg/util/clock is deprecated and all clock utils is on k8s.io/utils/clock repo instead. Signed-off-by: Vu Dinh <vudinh@outlook.com>
Signed-off-by: Vu Dinh <vudinh@outlook.com> Co-authored-by: timflannagan <timflannagan@gmail.com>
In k8s 1.24, token secret is no longer referenced in ServiceAccount. By listing all secrets in the namespace and then filter them with SA name via kubernetes.io/service-account.name annotation, the token secret can be retrieved successfully. Signed-off-by: Vu Dinh <vudinh@outlook.com>
Create token secret for ServiceAccount to ensure those SA is valid for scoped client use. Signed-off-by: Vu Dinh <vudinh@outlook.com>
| for _, ref := range sa.Secrets { | ||
| if _, ok := secrets[ref.Name]; !ok { | ||
| logger.Warnf("skipping secret %s: secret not found", ref.Name) | ||
| continue | ||
| } | ||
| } |
There was a problem hiding this comment.
We're iterating over the list of SA secrets, purely for logging purposes, here? Is that right?
| secretMap := make(map[string]*corev1.Secret) | ||
| for _, ref := range secrets.Items { | ||
| annotations := ref.GetAnnotations() | ||
| value := annotations[corev1.ServiceAccountNameKey] |
There was a problem hiding this comment.
Do we need to nil check the annotations map here before indexing for the SA name key, or do maps handle this instruction fine?
| replace google.golang.org/grpc => google.golang.org/grpc v1.40.0 | ||
|
|
||
| replace ( | ||
| go.opentelemetry.io/contrib => go.opentelemetry.io/contrib v0.20.0 | ||
| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp => go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0 | ||
| go.opentelemetry.io/otel/exporters/otlp => go.opentelemetry.io/otel/exporters/otlp v0.20.0 | ||
| go.opentelemetry.io/otel/metric => go.opentelemetry.io/otel/metric v0.20.0 | ||
| go.opentelemetry.io/otel/oteltest => go.opentelemetry.io/otel/oteltest v0.20.0 | ||
| go.opentelemetry.io/otel/sdk/export/metric => go.opentelemetry.io/otel/sdk/export/metric v0.20.0 | ||
| go.opentelemetry.io/otel/sdk/metric => go.opentelemetry.io/otel/sdk/metric v0.20.0 | ||
| go.opentelemetry.io/otel/trace => go.opentelemetry.io/otel/trace v0.20.0 | ||
| go.opentelemetry.io/proto/otlp => go.opentelemetry.io/proto/otlp v0.7.0 | ||
| ) |
There was a problem hiding this comment.
Note for our future selves: this was needed due to Kubernetes 1.24 requiring a new version of helm, which was problematic as we ran into module issues when bumping that dependency:
go: finding module for package go.opentelemetry.io/otel/internal/metric
go: finding module for package go.opentelemetry.io/otel/unit
go: finding module for package go.opentelemetry.io/otel/semconv
go: finding module for package rsc.io/letsencrypt
go: found rsc.io/letsencrypt in rsc.io/letsencrypt v0.0.3
go: found go.opentelemetry.io/otel/internal/metric in go.opentelemetry.io/otel/internal/metric v0.27.0
go: finding module for package go.opentelemetry.io/otel/metric/registry
go: finding module for package go.opentelemetry.io/otel/semconv
github.com/operator-framework/operator-lifecycle-manager/pkg/package-server/server imports
k8s.io/apiserver/pkg/server/options imports
go.opentelemetry.io/otel/semconv: module go.opentelemetry.io/otel@latest found (v1.7.0), but does not contain package go.opentelemetry.io/otel/semconv
github.com/operator-framework/operator-lifecycle-manager/pkg/package-server/server imports
k8s.io/apiserver/pkg/server/options imports
go.opentelemetry.io/otel/exporters/otlp/otlpgrpc imports
go.opentelemetry.io/otel/exporters/otlp imports
go.opentelemetry.io/otel/sdk/metric/controller/basic imports
go.opentelemetry.io/otel/metric/registry: module go.opentelemetry.io/otel/metric@latest found (v0.30.0), but does not contain package go.opentelemetry.io/otel/metric/registry
It appears the issue here is that helm uses an incompatible containerd version which the opentelemetry module doesn't play well with. After searching github for how others were tackling this through the filename:go.mod replace opentelemetry search query, and filtering by the newest matches, we found projects replace pinning the opentelemtry module version. Adding those replace pins, and re-generating the vendor directory seemed to solve those CI failures we saw pop up before.
|
Feel free to remove the hold. /lgtm |
openshift-ci
bot
added
the
do-not-merge/hold
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
Signed-off-by: Vu Dinh vudinh@outlook.com
Description of the change:
Motivation for the change:
Architectural changes:
Testing remarks:
Reviewer Checklist
/doc[FLAKE]are truly flaky and have an issueCloses #2792
Closes #2762