Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

K8s 1.25 and Manifests WG #2325

Closed
kimwnasptd opened this issue Nov 22, 2022 · 7 comments
Closed

K8s 1.25 and Manifests WG #2325

kimwnasptd opened this issue Nov 22, 2022 · 7 comments

Comments

@kimwnasptd
Copy link
Member

kimwnasptd commented Nov 22, 2022

Tracking issue for all updates that we have to do in the common components of manifests to work with K8s 1.25. With a quick look we took with @apo-ger the biggest item is the deprecation of the policy/v1beta1 API version, and the object that affects most of the components is PodDisruptionBudget

This is a draft plan of the common components and the target versions:

Status Component Proposed Version Context/PRs
Istio v1.16 #2327
Knative v1.8 #2325 (comment) /~https://github.com/knative/community/blob/main/mechanics/RELEASE-SCHEDULE.md#upcoming-releases
Cert Manager v1.10 #2330

I'll also update the issue further with other changes we'll need to do for K8s 1.25

cc @kubeflow/wg-manifests-leads

apo-ger added a commit to apo-ger/manifests that referenced this issue Nov 22, 2022
Istio 1.6.0 generated manifests include some policy/v1
PodDisruptionBudget resources that we need to remove. See:
- istio/istio#12602
- istio/istio#24000

The current manifests utilize two "delete" patches:
- common/istio-1-16/istio-install/base/patches/remove-pdb.yaml
- common/istio-1-16/cluster-local-gateway/base/patches/remove-pdb.yaml

However these patches do not work with kustomize v3.2.0. The root
cause is that v3.2.0 doesn't have the appropriate openapi schema for
the policy/v1 API version resources. This is fixed in kustomize v4+.
See:
- kubernetes-sigs/kustomize#3694 (comment)
- kubernetes-sigs/kustomize#4495

Changes:
- We disable the delete patches until we upgrade to kustomize v4+.
  - tracked in: kubeflow#1797

- As a temporary workaraound we remove PodDisruptionBudget resources
  manually with yq before deploying Istio manifests.

- Update README file with instructions.

Refs: kubeflow#2325

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>
apo-ger added a commit to apo-ger/manifests that referenced this issue Nov 22, 2022
Istio 1.6.0 generated manifests include some policy/v1
PodDisruptionBudget resources that we need to remove. See:
- istio/istio#12602
- istio/istio#24000

The current manifests utilize two "delete" patches:
- common/istio-1-16/istio-install/base/patches/remove-pdb.yaml
- common/istio-1-16/cluster-local-gateway/base/patches/remove-pdb.yaml

However these patches do not work with kustomize v3.2.0. The root
cause is that v3.2.0 doesn't have the appropriate openapi schema for
the policy/v1 API version resources. This is fixed in kustomize v4+.
See:
- kubernetes-sigs/kustomize#3694 (comment)
- kubernetes-sigs/kustomize#4495

Changes:
- We disable the delete patches until we upgrade to kustomize v4+.
  - tracked in: kubeflow#1797

- As a temporary workaraound we remove PodDisruptionBudget resources
  manually with yq before deploying Istio manifests.

- Update README file with instructions.

Refs: kubeflow#2325

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>
@apo-ger
Copy link
Contributor

apo-ger commented Nov 22, 2022

The generated manifests of Istio v1.6.0 include some policy/v1 PodDisruptionBudget resources that we need to remove. (see istio/istio#12602 and istio/istio#24000)

Until now we have used two patches to address this:

We found that these patches do not work with kustomize v3.2.0. The problem is that kustomize v3.2.0 doesn't have the appropriate openapi schemas for the policy/v1 API version resources:

This is fixed in kustomize v4+:

To resolve this, I've sent a PR with the following changes:

  • Upgrade Istio to 1.16.0 to work with K8s 1.25
  • Disable the currently used patches until we upgrade to kustomize v4+.
  • Introduce a temporary workaround to remove PodDisruptionBudget resources
    manually with yq before deploying Istio manifests.
  • Update README file with instructions.

I've also sent another PR to update the KinD cluster version to K8s 1.25 for testing.

apo-ger added a commit to apo-ger/manifests that referenced this issue Nov 22, 2022
Istio 1.6.0 generated manifests include some policy/v1
PodDisruptionBudget resources that we need to remove. See:
- istio/istio#12602
- istio/istio#24000

The current manifests utilize two "delete" patches:
- common/istio-1-16/istio-install/base/patches/remove-pdb.yaml
- common/istio-1-16/cluster-local-gateway/base/patches/remove-pdb.yaml

However these patches do not work with kustomize v3.2.0. The root
cause is that v3.2.0 doesn't have the appropriate openapi schema for
the policy/v1 API version resources. This is fixed in kustomize v4+.
See:
- kubernetes-sigs/kustomize#3694 (comment)
- kubernetes-sigs/kustomize#4495

Changes:
- We disable the delete patches until we upgrade to kustomize v4+.
  - tracked in: kubeflow#1797

- As a temporary workaraound we remove PodDisruptionBudget resources
  manually with yq before deploying Istio manifests.

- Update README file with instructions.

Refs: kubeflow#2325

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>
@kimwnasptd
Copy link
Member Author

@yuzisun which Knative version should we target for the KF 1.7 release?

Our target K8s version is 1.25, so we'll need a Knative version that works both with that K8s version as well as the KServe version we'll include in KF 1.7

@yuzisun
Copy link
Member

yuzisun commented Nov 23, 2022

@yuzisun which Knative version should we target for the KF 1.7 release?

Our target K8s version is 1.25, so we'll need a Knative version that works both with that K8s version as well as the KServe version we'll include in KF 1.7

@kimwnasptd Let's target to Knative 1.8 though there is an issue I opened which affects KServe and we will need a patched release after Knative fixes the issue.

@apo-ger
Copy link
Contributor

apo-ger commented Nov 24, 2022

I've prepared a PR to upgrade cert-manager to latest version (v1.10.1)

apo-ger added a commit to apo-ger/manifests that referenced this issue Nov 24, 2022
- Use the updated KinD configuration file
- Trigger the workflows when Kind configuration file changes

  * Exclude Katib workflow. See:
    kubeflow#2273 (comment)

  * Exclude Kserve workflow, until we update Knative version to v1.8. See:
    kubeflow#2325 (comment)

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>
google-oss-prow bot pushed a commit that referenced this issue Nov 24, 2022
* Fix kind configuration file script

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

* tests: Refactor kind configuration file

Have one file for the KinD configuration instead of
version specific ones.

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

* workflows: Update GH Action workflows

- Use the updated KinD configuration file
- Trigger the workflows when Kind configuration file changes

  * Exclude Katib workflow. See:
    #2273 (comment)

  * Exclude Kserve workflow, until we update Knative version to v1.8. See:
    #2325 (comment)

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>
apo-ger added a commit to apo-ger/manifests that referenced this issue Nov 24, 2022
Istio 1.6.0 generated manifests include some policy/v1
PodDisruptionBudget resources that we need to remove. See:
- istio/istio#12602
- istio/istio#24000

The current manifests utilize two "delete" patches:
- common/istio-1-16/istio-install/base/patches/remove-pdb.yaml
- common/istio-1-16/cluster-local-gateway/base/patches/remove-pdb.yaml

However these patches do not work with kustomize v3.2.0. The root
cause is that v3.2.0 doesn't have the appropriate openapi schema for
the policy/v1 API version resources. This is fixed in kustomize v4+.
See:
- kubernetes-sigs/kustomize#3694 (comment)
- kubernetes-sigs/kustomize#4495

Changes:
- We disable the delete patches until we upgrade to kustomize v4+.
  - tracked in: kubeflow#1797

- As a temporary workaraound we remove PodDisruptionBudget resources
  manually with yq before deploying Istio manifests.

- Update README file with instructions.

Refs: kubeflow#2325

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>
google-oss-prow bot pushed a commit that referenced this issue Nov 24, 2022
* common: Add Istio v1.16.0 manifests

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

* Update kustomization file in example to deploy istio-1-16

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

* tests: Update install Istio GH action script

Use Istio 1.16 for testing

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

* common: Remove PodDisruptionBudget resources for Istio

Istio 1.6.0 generated manifests include some policy/v1
PodDisruptionBudget resources that we need to remove. See:
- istio/istio#12602
- istio/istio#24000

The current manifests utilize two "delete" patches:
- common/istio-1-16/istio-install/base/patches/remove-pdb.yaml
- common/istio-1-16/cluster-local-gateway/base/patches/remove-pdb.yaml

However these patches do not work with kustomize v3.2.0. The root
cause is that v3.2.0 doesn't have the appropriate openapi schema for
the policy/v1 API version resources. This is fixed in kustomize v4+.
See:
- kubernetes-sigs/kustomize#3694 (comment)
- kubernetes-sigs/kustomize#4495

Changes:
- We disable the delete patches until we upgrade to kustomize v4+.
  - tracked in: #1797

- As a temporary workaraound we remove PodDisruptionBudget resources
  manually with yq before deploying Istio manifests.

- Update README file with instructions.

Refs: #2325

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

* Update README

Use the --cluster-specific flag when generating Istio 1.16 manifests
for K8s-1.25. See:
* istio/istio#41220

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

* tests: Update GH Action workflows

Trigger the workflows when the Istio version changes

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>
@apo-ger
Copy link
Contributor

apo-ger commented Nov 25, 2022

Here is the PR for upgrading knative-eventing to v1.8.1

@kimwnasptd
Copy link
Member Author

Now that the KServe PRs are merged, we are good to go for K8s 1.25 regarding the common components maintained in this repo

/close

@google-oss-prow
Copy link

@kimwnasptd: Closing this issue.

In response to this:

Now that the KServe PRs are merged, we are good to go for K8s 1.25 regarding the common components maintained in this repo

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

kevin85421 pushed a commit to juliusvonkohout/manifests that referenced this issue Feb 28, 2023
…#2331)

* Fix kind configuration file script

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

* tests: Refactor kind configuration file

Have one file for the KinD configuration instead of
version specific ones.

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

* workflows: Update GH Action workflows

- Use the updated KinD configuration file
- Trigger the workflows when Kind configuration file changes

  * Exclude Katib workflow. See:
    kubeflow#2273 (comment)

  * Exclude Kserve workflow, until we update Knative version to v1.8. See:
    kubeflow#2325 (comment)

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>
kevin85421 pushed a commit to juliusvonkohout/manifests that referenced this issue Feb 28, 2023
* common: Add Istio v1.16.0 manifests

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

* Update kustomization file in example to deploy istio-1-16

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

* tests: Update install Istio GH action script

Use Istio 1.16 for testing

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

* common: Remove PodDisruptionBudget resources for Istio

Istio 1.6.0 generated manifests include some policy/v1
PodDisruptionBudget resources that we need to remove. See:
- istio/istio#12602
- istio/istio#24000

The current manifests utilize two "delete" patches:
- common/istio-1-16/istio-install/base/patches/remove-pdb.yaml
- common/istio-1-16/cluster-local-gateway/base/patches/remove-pdb.yaml

However these patches do not work with kustomize v3.2.0. The root
cause is that v3.2.0 doesn't have the appropriate openapi schema for
the policy/v1 API version resources. This is fixed in kustomize v4+.
See:
- kubernetes-sigs/kustomize#3694 (comment)
- kubernetes-sigs/kustomize#4495

Changes:
- We disable the delete patches until we upgrade to kustomize v4+.
  - tracked in: kubeflow#1797

- As a temporary workaraound we remove PodDisruptionBudget resources
  manually with yq before deploying Istio manifests.

- Update README file with instructions.

Refs: kubeflow#2325

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

* Update README

Use the --cluster-specific flag when generating Istio 1.16 manifests
for K8s-1.25. See:
* istio/istio#41220

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

* tests: Update GH Action workflows

Trigger the workflows when the Istio version changes

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>

Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants