Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add etcd-manager certificate expiration advisory #9030

Merged
merged 1 commit into from
May 6, 2020
Merged

Add etcd-manager certificate expiration advisory #9030

merged 1 commit into from
May 6, 2020

Conversation

rifelpet
Copy link
Member

A few notes:

  • etcd-manager was actually introduced in Kops 1.10, but wasn't made default until k8s 1.12
  • I guessed on the next kops release versions that will include the fix

I'd like this to be throughly reviewed before we merge since people will start seeing it and linking to it.

/cc @justinsb

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. area/documentation approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Apr 30, 2020
hakman
hakman reviewed Apr 30, 2020
View reviewed changes
Copy link
Member

@hakman hakman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would also add the workaround as a ## Workaround at the end.
#8959 (comment)

docs/advisories/etcd-manager-certificate-expiration.md Outdated Show resolved Hide resolved
docs/advisories/etcd-manager-certificate-expiration.md Outdated Show resolved Hide resolved
docs/advisories/etcd-manager-certificate-expiration.md Outdated Show resolved Hide resolved
@hakman
Copy link
Member

hakman commented Apr 30, 2020

I would also add the workaround as a ## Workaround at the end.
#8959 (comment)

The reason for also adding the workaround is that it can be done without a rolling-update of the masters, which may be desired in some cases.

@rifelpet
Copy link
Member Author

rifelpet commented Apr 30, 2020
edited
Loading

I added the workaround, mentioning that it will only delay the issue. Also updated the kops 1.18 versions.

/hold for more review and for the new kops versions to be released

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 30, 2020
@rifelpet rifelpet force-pushed the etcd-manager-cert-notice branch 3 times, most recently from 5445837 to 6e43e78 Compare May 1, 2020 01:46
geojaz
geojaz approved these changes May 1, 2020
View reviewed changes
Copy link
Member

@geojaz geojaz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/hold
/lgtm
This looks great @rifelpet thanks! I left some minor edits. Feel free to take or leave them
holding to give a chance for others to see

docs/advisories/etcd-manager-certificate-expiration.md Outdated Show resolved Hide resolved
docs/advisories/etcd-manager-certificate-expiration.md Outdated Show resolved Hide resolved
docs/advisories/etcd-manager-certificate-expiration.md Show resolved Hide resolved
docs/advisories/etcd-manager-certificate-expiration.md Outdated Show resolved Hide resolved
docs/advisories/etcd-manager-certificate-expiration.md Outdated Show resolved Hide resolved
docs/advisories/etcd-manager-certificate-expiration.md Outdated Show resolved Hide resolved
docs/advisories/etcd-manager-certificate-expiration.md Outdated Show resolved Hide resolved
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 1, 2020
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 1, 2020
@hakman
Copy link
Member

hakman commented May 2, 2020

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 2, 2020
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 2, 2020
@hakman
Copy link
Member

hakman commented May 2, 2020

/test pull-kops-bazel-test

justinsb
justinsb reviewed May 6, 2020
View reviewed changes
docs/advisories/etcd-manager-certificate-expiration.md Outdated
The etcd-manager version is set automatically based on the Kops version.
These Kops versions are affected:

* Kops 1.10.0-alpha.1 through 1.16.1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Safe versions are going to be 1.15.3, 1.16.2, 1.17.0-beta.2, 1.18.0-alpha.3

Releases of 1.15.3 and 1.16.2 are staged but not published (please take a look at the message). I figured we should probably do them all at once...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, i updated the list of affected versions and the list of fixed versions in the solutions section below.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I updated the release drafts to link to kops.sigs.k8s.io, and confirmed this page looks good on netlify.

@rifelpet rifelpet force-pushed the etcd-manager-cert-notice branch 2 times, most recently from e3d51b8 to 9e2355f Compare May 6, 2020 08:27
@justinsb
Copy link
Member

justinsb commented May 6, 2020

Thanks - I think it's go time!

/approve
/lgtm
/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 6, 2020
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 6, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: justinsb, rifelpet

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit e8ec987 into kubernetes:master May 6, 2020
@k8s-ci-robot k8s-ci-robot added this to the v1.18 milestone May 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justinsb justinsb justinsb left review comments

@johngmyers johngmyers johngmyers left review comments

@hakman hakman hakman approved these changes

@geojaz geojaz geojaz approved these changes

Assignees

@justinsb justinsb

@hakman hakman

@geojaz geojaz

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/documentation cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.18
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@rifelpet @hakman @justinsb @k8s-ci-robot @johngmyers @geojaz