New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Versions existence should be validated #2455
Comments
7.5.2 is released so this should be resolved. I'm not sure how we might protect against this in the future, will need to think more on it |
We discussed offline, a few thoughts:
|
I wonder if we can use the container registry defined in the manifest and issue an API request to grab the list of available tags to check against. The downside is that it still requires a network call per submission (unless some clever caching is used) and might not be 100% reliable due to network issues and restrictive registry configurations. |
It also happened to me the other day because the beats 7.6.2 release notes are already there in the current branch, so I made the bad assumption I just missed a patch release and tried to use it. For Charith's suggestion: It's also difficult because we would want to parse the image pull secret, and as Charith said it's possible that pods don't have access to the registry but kubelets do. I'd think we could fail open in those cases though, and only reject a request if we can successfully list the tags and the requested tag is not present. I am def not an image registry connoisseur though, so it is possible I am missing some big edge cases. And either way it seems like it would be simpler to implement the "no downgrades if there are any running pods at a higher version" logic. |
Has this problem been solved? |
While the problem of validating the version submitted by users has not been solved we have since introduced an escape hatch to go back to the last known good version in case a mistake has been made. This is documented here: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-common-problems.html#k8s-common-problems-version-downgrade I am therefore closing this issue for now. |
Thanks, I was also thinking closing this ticket. Happy to see there is a solution now. |
Proposal
I tried upgrading an existing cluster to 7.5.2 but this version is not already out. As the operator does not support downgrading, I cannot now go back to 7.5.1.. so my cluster is stuck until 7.5.2 is out.
Bug Report
What did you do?
Upgrade to 7.5.2.
What did you expect to see?
Refuse the
kubectl apply
of an unkown version or allow downgrading in this caseWhat did you see instead? Under which circumstances?
Error pulling the image
Error downgrading to 7.5.1
Environment
ECK version:
1.0
Kubernetes information:
The text was updated successfully, but these errors were encountered: