Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Umbrella Issue] Replace google/gnostic import with google/gnostic-models #118340

Open
3 tasks done
Jefftree opened this issue May 30, 2023 · 2 comments
Open
3 tasks done

[Umbrella Issue] Replace google/gnostic import with google/gnostic-models #118340

Jefftree opened this issue May 30, 2023 · 2 comments
Labels
sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@Jefftree
Copy link
Member

Jefftree commented May 30, 2023
edited

Currently, k/k and all dependencies depend on gnostic v0.5.7-v3refs because we did not want to capture the additional dependencies introduced with later versions of gnostic. We use gnostic for OpenAPI protobuf serialization/deserialization. Gnostic was split into multiple modules for better encapsulation, and the only component we require is the openapi protobuf encoding module which is under github.com/google/gnostic-models. We should update all references of that.

Because module renames are backwards incompatible, our users are running into a upgrade issues. In order to upgrade properly, the three repos that were changed must be updated together: client-go 0.28, kube-openapi 20230601164746-7562a1006961 , kustomize 5.1.

Unfortunately since these three modules all follow different release cadences, a naive go get -u causes problems because client-go 0.28 is unreleased yet while the other modules are available. This creates issues such as: kubernetes/client-go#1266.

The workaround for go get -u is to pin kube-openapi to an earlier version for clients using a version of client-go <0.28. This is temporary until client-go 0.28 is released.

go mod edit --replace k8s.io/kube-openapi@v0.0.0-20230601164746-7562a1006961=k8s.io/kube-openapi@v0.0.0-20230606174411-725288a7abf1

Obviously the alpha version of client-go can also be used to mitigate this problem (k8s.io/client-go v0.28.0-alpha.2) but it's generally recommended to be on a stable version.

For larger projects like flux, other projects that depend on one of the three projects above are part of the imports, and the chain needs to be synced before an upgrade.

This includes:

/sig api-machinery
/triage accepted
@k8s-ci-robot k8s-ci-robot added sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. triage/accepted Indicates an issue or PR is ready to be actively worked on. labels May 30, 2023
@Jefftree Jefftree mentioned this issue May 31, 2023
Merged
@stefanprodan stefanprodan mentioned this issue Jun 20, 2023
Closed
5 tasks
@stefanprodan
Copy link

Please add https://github.com/kubernetes-sigs/cli-utils to this list.

@lislei lislei mentioned this issue Jul 10, 2023
Closed
@liangyuanpeng liangyuanpeng mentioned this issue Jul 20, 2023
Merged
@tjsampson tjsampson mentioned this issue Aug 3, 2023
Closed
@ash2k ash2k mentioned this issue Aug 9, 2023
Merged
ecordell added a commit to ecordell/controller-idioms that referenced this issue Aug 17, 2023
@ecordell
add basic e2e test for crd bootstrap
10cecbd 
this also bumps to kube 1.28 dependencies to deal with:
kubernetes/kubernetes#118340
ecordell added a commit to ecordell/controller-idioms that referenced this issue Aug 17, 2023
@ecordell
add basic e2e test for crd bootstrap
a857bf1 
this also bumps to kube 1.28 dependencies to deal with:
kubernetes/kubernetes#118340
ecordell added a commit to ecordell/controller-idioms that referenced this issue Aug 17, 2023
@ecordell
add basic e2e test for crd bootstrap
2e2e107 
this also bumps to kube 1.28 dependencies to deal with:
kubernetes/kubernetes#118340
ecordell added a commit to ecordell/controller-idioms that referenced this issue Aug 17, 2023
@ecordell
add basic e2e test for crd bootstrap
ee663c1 
this also bumps to kube 1.28 dependencies to deal with:
kubernetes/kubernetes#118340
ecordell added a commit to ecordell/controller-idioms that referenced this issue Aug 17, 2023
@ecordell
add basic e2e test for crd bootstrap
5547262 
this also bumps to kube 1.28 dependencies to deal with:
kubernetes/kubernetes#118340
@stefanprodan
Copy link

stefanprodan commented Nov 13, 2023
edited

After months we're still stuck with Flux on Kubernetes 1.27 while our deps cumulate CVEs that we can't fix, such as Cosign.

The only blocker left for us is cli-utils: kubernetes-sigs/cli-utils#625

@justenstall justenstall mentioned this issue Nov 15, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stefanprodan @Jefftree @k8s-ci-robot