[dev-v2.7] Add K8s September patches #967
Conversation
rayandas
force-pushed
the
rayandas-sept-k8s-patch
branch
2 times, most recently
from
e4523a2 to
df2dde0
Compare
rke/templates/metrics_v0.5.0.go
Outdated
| @@ -213,6 +213,7 @@ spec: | |||
| readOnlyRootFilesystem: true | |||
| runAsNonRoot: true | |||
| runAsUser: 1000 | |||
| allowPrivilegeEscalation: false | |||
There was a problem hiding this comment.
We need to introduce a new template as per discussions in this thread - https://github.com/rancher/kontainer-driver-metadata/pull/938/files#r953052960
There was a problem hiding this comment.
Alright! Few questions. The next template verion should be metrics_v0.5.1.go ? And what K8s version should support this new metrics version? The current version has ">=1.20.14-rancher2-1 <1.23.3-rancher1-1": metricsServerv050 see https://github.com/rancher/kontainer-driver-metadata/blob/dev-v2.7/rke/templates/templates.go#L160
cc: @kinarashah
There was a problem hiding this comment.
@kinarashah @snasovich I added a template metrics_v0.5.1.go also updated the range of K8s supported version for metric server
">=1.22.14-rancher1-1 <1.23.3-rancher1-1": metricsServerv051,
">=1.20.14-rancher2-1 <1.22.13-rancher1-1": metricsServerv050,
Please review and let me know what all changes are required.
rayandas
force-pushed
the
rayandas-sept-k8s-patch
branch
2 times, most recently
from
9aea06d to
8a383c0
Compare
rayandas
force-pushed
the
rayandas-sept-k8s-patch
branch
from
8a383c0 to
2719df2
Compare
rke/templates/metrics_v0.5.1.go
Outdated
| @@ -0,0 +1,237 @@ | |||
| package templates | |||
There was a problem hiding this comment.
The chosen file name is confusing as it makes impression that it's for metrics server 0.5.1.
But in fact we've been using rancher/mirrored-metrics-server:v0.5.1 with metrics_v0.5.0.go template for a while now.
Maybe name it (and related variables) as metrics_v0.5.1-fix.go to help avoid confusion? @kinarashah , please chime in on this.
There was a problem hiding this comment.
Sure. Will be updating it.
rayandas
force-pushed
the
rayandas-sept-k8s-patch
branch
2 times, most recently
from
58bcaef to
db32064
Compare
rke/templates/templates.go
Outdated
| ">=1.8.0-rancher0 <1.20.4-rancher1-1": metricsServerv18, | ||
| ">=1.23.3-rancher1-1": metricsServerv061, | ||
| ">=1.22.15-rancher1-1 <1.23.3-rancher1-1": metricsServerv051fix, | ||
| ">=1.20.14-rancher2-1 <=1.22.13-rancher1-1": metricsServerv050, |
There was a problem hiding this comment.
I've just realized that all other template version ranges use exclusive top end of range, so ideally we want to be consistent and have it as below:
| ">=1.20.14-rancher2-1 <=1.22.13-rancher1-1": metricsServerv050, | |
| ">=1.20.14-rancher2-1 <1.22.15-rancher1-1": metricsServerv050, |
However this is a nitpick plus I was the one who suggested inclusive top end of the range, so approving.
If you have a chance to fix it before the second approval is done, that would be great. If this is the only change, consider my approval still valid even if GitHub automatically removes it.
There was a problem hiding this comment.
I've updated your suggestion.
rayandas
force-pushed
the
rayandas-sept-k8s-patch
branch
from
db32064 to
a6a5634
Compare
|
@rayandas If possible, cherry-pick these commits to the custom branch created for 2.6 in the same PR so it's easy to backport and review. |
|
Yeah I will cherry-pick these commits to the backport PR and update. |
This PR includes K8s September patches (issue), and fix for metrics server 0.5.0 failing due to docker CIS hardening (issue)