Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MaintenanceController doesn't check if currently used container runtime is supported by new image #4305

Closed
voelzmo opened this issue Jul 2, 2021 · 2 comments · Fixed by #4438
Closed

MaintenanceController doesn't check if currently used container runtime is supported by new image #4305

voelzmo opened this issue Jul 2, 2021 · 2 comments · Fixed by #4438
Assignees
@BeckerMax
Labels
kind/bug Bug priority/3 Priority (lower number equals higher priority)

Comments

@voelzmo
Copy link
Member

voelzmo commented Jul 2, 2021
edited by BeckerMax
Loading

How to categorize this issue?

/kind bug
/priority 3

What happened:
The maintenance controller selected a new MachineImageVersion during maintenance which doesn't list the cluster's container runtime in the CloudProfile

What you expected to happen:
When picking a new version, support for the currently used container runtime is taken into account. It could happen, for example, that future versions of an image drop support for the docker runtime. In this case, these versions must not be selected for clusters which use the docker container runtime.

How to reproduce it (as minimally and precisely as possible):

  • Deploy a Shoot using containerd using gardenLinux v184.0
  • adapt the CloudProfile:
    • set gardenLinux v184.0 to deprecated with an expirationDate in the past (e.g. 2021-06-30T23:59:59Z)
    • set gardenLinux v318.8.0 to supported
    • Remove containerd support for v318.8.0
  • trigger shoot maintenance immediately with ./hack/usage/shoot-operation <shoot-name> <namespace-name> maintain

Anything else we need to know?:
Right now this is probably not that big of an issue, as we haven't seen events of container runtime support being removed. This is likely to happen in the future, though, if we e.g. decide to drop support for docker at some point in time.

Environment:

  • Gardener version: 1.26.0
  • Kubernetes version (use kubectl version): 1.21.0
  • Cloud provider or hardware configuration: gcp
  • Others:
@voelzmo voelzmo added the kind/bug Bug label Jul 2, 2021
@gardener-robot gardener-robot added the priority/3 Priority (lower number equals higher priority) label Jul 2, 2021
@voelzmo voelzmo mentioned this issue Jul 2, 2021
Closed
31 tasks
@voelzmo
Copy link
Member Author

voelzmo commented Jul 2, 2021
edited
Loading

Related: I can also do this change manually! Updating the Shoot spec, such that my worker's MachineImageVersion refers to a version which doesn't support the currently selected runtime.
For example:

  • Create your shoot with gardenlinux and container runtime containerd
  • Then update it to use suse-chost (which doesn't support containerd yet and therefore doesn't have it in its list of supported runtimes in the CloudProfile
  • This update should be rejected during validation, but it is not!

This is probably worth its own issue: #4308

@voelzmo voelzmo changed the title MaintenanceController doesn't check if currently used container runtime is supported by new image Shoot update and MaintenanceController don't check if currently used container runtime is supported by new image Jul 2, 2021
@voelzmo voelzmo changed the title Shoot update and MaintenanceController don't check if currently used container runtime is supported by new image MaintenanceController doesn't check if currently used container runtime is supported by new image Jul 2, 2021
This was referenced Jul 2, 2021
Closed
Merged
@BeckerMax
Copy link
Contributor

/assign
/assign voelzmo

@BeckerMax BeckerMax mentioned this issue Jul 26, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BeckerMax BeckerMax

Labels
kind/bug Bug priority/3 Priority (lower number equals higher priority)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Maintenance controller now respects workers CRI configuration BeckerMax/gardener
3 participants
@voelzmo @BeckerMax @gardener-robot