New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Drop support for Shoots with K8s < 1.20 #6987
Drop support for Shoots with K8s < 1.20 #6987
Conversation
Skipping CI for Draft Pull Request. |
85c6303
to
f13e7bd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are multiple occurrences of version 1.19 checks in this repository. Should we also drop them with this PR?
Here is an example
/assign |
In line with #6987 (review), Can you please check the usages of these constraints gardener/pkg/utils/version/version.go Lines 26 to 39 in d98cf02
|
f13e7bd
to
ead8d08
Compare
ead8d08
to
6eb1c10
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Final suggestions, otherwise lgtm
f4358ee
to
c919d9e
Compare
c919d9e
to
8370a23
Compare
@dimitar-kostadinov: The following tests failed, say
Full PR test history. Your PR dashboard. Command help for this repository. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ialidzhikov The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/test pull-gardener-integration |
After the removal of support for Kubernetes < 1.20 Shoot clusters (ref #6987), the kubeconfig Secret no longer has the `token` field. Basic auth cannot be enabled for K8s 1.19+ clusters, hence the kubeconfig Secret cannot contain the `username`/`password` fields anymore.
After the removal of support for Kubernetes < 1.20 Shoot clusters (ref #6987), the kubeconfig Secret no longer has the `token` field. Basic auth cannot be enabled for K8s 1.19+ clusters, hence the kubeconfig Secret cannot contain the `username`/`password` fields anymore.
After the removal of support for Kubernetes < 1.20 Shoot clusters (ref #6987), the kubeconfig Secret no longer has the `token` field. Basic auth cannot be enabled for K8s 1.19+ clusters, hence the kubeconfig Secret cannot contain the `username`/`password` fields anymore.
After the removal of support for Kubernetes < 1.20 Shoot clusters (ref #6987), the kubeconfig Secret no longer has the `token` field. Basic auth cannot be enabled for K8s 1.19+ clusters, hence the kubeconfig Secret cannot contain the `username`/`password` fields anymore.
After the removal of support for Kubernetes < 1.20 Shoot clusters (ref #6987), the kubeconfig Secret no longer has the `token` field. Basic auth cannot be enabled for K8s 1.19+ clusters, hence the kubeconfig Secret cannot contain the `username`/`password` fields anymore.
After the removal of support for Kubernetes < 1.20 Shoot clusters (ref #6987), the kubeconfig Secret no longer has the `token` field. Basic auth cannot be enabled for K8s 1.19+ clusters, hence the kubeconfig Secret cannot contain the `username`/`password` fields anymore.
After the removal of support for Kubernetes < 1.20 Shoot clusters (ref #6987), the kubeconfig Secret no longer has the `token` field. Basic auth cannot be enabled for K8s 1.19+ clusters, hence the kubeconfig Secret cannot contain the `username`/`password` fields anymore.
After the removal of support for Kubernetes < 1.20 Shoot clusters (ref gardener#6987), the kubeconfig Secret no longer has the `token` field. Basic auth cannot be enabled for K8s 1.19+ clusters, hence the kubeconfig Secret cannot contain the `username`/`password` fields anymore.
* Allow instantiating v1.26 Kubernetes clients * Update `README.md` and `docs/usage/supported_k8s_versions.md` for the K8s 1.26 * Maintain Kubernetes feature gates $ ./hack/compare-k8s-feature-gates.sh 1.25 1.26 Feature gates added in 1.26 compared to 1.25: APISelfSubjectReview AggregatedDiscoveryEndpoint ConsistentHTTPGetHandlers CrossNamespaceVolumeDataSource DynamicResourceAllocation EventedPLEG LegacyServiceAccountTokenTracking MinimizeIPTablesRestore PDBUnhealthyPodEvictionPolicy PodSchedulingReadiness StatefulSetStartOrdinal TopologyManagerPolicyAlphaOptions TopologyManagerPolicyBetaOptions TopologyManagerPolicyOptions ValidatingAdmissionPolicy WindowsHostNetwork Feature gates removed in 1.26 compared to 1.25: CSIMigrationOpenStack CSRDuration DefaultPodTopologySpread DynamicKubeletConfig IndexedJob NonPreemptingPriority PodAffinityNamespaceSelector PodOverhead PreferNominatedNode ServiceLBNodePortControl ServiceLoadBalancerClass SuspendJob Feature gates locked to default in 1.26 compared to 1.25: CPUManager CSIMigrationvSphere DelegateFSGroupToCSIDriver DevicePlugins DryRun EndpointSliceTerminatingCondition JobTrackingWithFinalizers KubeletCredentialProviders MixedProtocolLBService ServerSideApply ServiceIPStaticSubrange ServiceInternalTrafficPolicy WindowsHostProcessContainers * Maintain `kube-apiserver` admission plugins $ ./hack/compare-k8s-admission-plugins.sh 1.25 1.26 Admission plugins added in 1.26 compared to 1.25: ValidatingAdmissionPolicy Admission plugins removed in 1.26 compared to 1.25: * Maintain `ServiceAccount` names for the controllers part of `kube-controller-manager` $ ./hack/compare-k8s-controllers.sh 1.25 1.26 kube-controller-manager controllers added in 1.26 compared to 1.25: resource-claim-controller kube-controller-manager controllers removed in 1.26 compared to 1.25: * Use 1.26 for local shoot and local e2e test * Deprecate the `podEvictionTimeout` field in favor of newly introduced kube-apiserver fields The kube-controller-manager flag `--pod-eviction-timeout` is deprecated in favor of the kube-apiserver flags `--default-not-ready-toleration-seconds` and `--default-unreachable-toleration-seconds`. The `--pod-eviction-timeout` flag does not have effect when the taint besed eviction is enabled. The taint based eviction is beta (enabled by default) since Kubernetes 1.13 and GA since Kubernetes 1.18. For more details, see kubernetes/kubernetes#74651. This commit allows configuring the kube-apiserver flags `--default-not-ready-toleration-seconds` and `--default-unreachable-toleration-seconds`. The `podEvictionTimeout` field is deprecated in favor of the newly introduced fields. gardener-apiserver no longer defaults the `podEvictionTimeout` field. gardener-apiserver also returns a warning when the `podEvictionTimeout` field is set. * Adapt to the renaming of `etcd_db_total_size_in_bytes` metric to `apiserver_storage_db_total_size_in_bytes` The metric `etcd_db_total_size_in_bytes` is renamed to `apiserver_storage_db_total_size_in_bytes`. Ref kubernetes/kubernetes#113310. * Fix the Pod spec in `simple-load-deployment.yaml.tpl` Test runs of the integration test that uses this template prints the following warning about the issue in the template: ``` {"level":"info","ts":"2022-12-28T19:36:29.043+0200","logger":"KubeAPIWarningLogger","msg":"unknown field \"spec.template.spec.containers[0].nodeName\""} ``` * Update `docs/usage/shoot_credentials_rotation.md` After the removal of support for Kubernetes < 1.20 Shoot clusters (ref #6987), the kubeconfig Secret no longer has the `token` field. Basic auth cannot be enabled for K8s 1.19+ clusters, hence the kubeconfig Secret cannot contain the `username`/`password` fields anymore. * Default `enableStaticTokenKubeconfig` to false for Shoots with K8s version >= 1.26 This commit also adapts most of the testmachinery integration tests to use the `shoots/adminkubeconfig` subresource instead of the static kubeconfig. The Shoot creation intergration is still using the static kubeconfig and it is downloading it to `$TM_KUBECONFIG_PATH/shoot.config`. This commit sets `enableStaticTokenKubeconfig=true` until we figure out which tests/components are using this downloaded kubeconfig. * Add constraint for K8s version < 1.26 The constraint `ConstraintK8sLess126` is currently not used by gardener/gardener but it is introduced for usage from the extensions. * Address review comments * Update `new-kubernetes-version.md` guide with details about the `hyperkube` image * Update `supported_k8s_versions.md` for K8s 1.26 * Update kube-scheduler component's unit tests for K8s 1.26 * Revert the K8s versions used for e2e tests For the reasoning, see #7275 (comment)
How to categorize this PR?
/area open-source dev-productivity
/kind cleanup
What this PR does / why we need it:
Drop support for Shoots with K8s < 1.20
Which issue(s) this PR fixes:
Part of #6911
Special notes for your reviewer:
Release note: