New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Umbrella Issue] Replace google/gnostic import with google/gnostic-models #118340
Labels
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
triage/accepted
Indicates an issue or PR is ready to be actively worked on.
Comments
k8s-ci-robot
added
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
triage/accepted
Indicates an issue or PR is ready to be actively worked on.
labels
May 30, 2023
5 tasks
Please add https://github.com/kubernetes-sigs/cli-utils to this list. |
ecordell
added a commit
to ecordell/controller-idioms
that referenced
this issue
Aug 17, 2023
this also bumps to kube 1.28 dependencies to deal with: kubernetes/kubernetes#118340
ecordell
added a commit
to ecordell/controller-idioms
that referenced
this issue
Aug 17, 2023
this also bumps to kube 1.28 dependencies to deal with: kubernetes/kubernetes#118340
ecordell
added a commit
to ecordell/controller-idioms
that referenced
this issue
Aug 17, 2023
this also bumps to kube 1.28 dependencies to deal with: kubernetes/kubernetes#118340
ecordell
added a commit
to ecordell/controller-idioms
that referenced
this issue
Aug 17, 2023
this also bumps to kube 1.28 dependencies to deal with: kubernetes/kubernetes#118340
ecordell
added a commit
to ecordell/controller-idioms
that referenced
this issue
Aug 17, 2023
this also bumps to kube 1.28 dependencies to deal with: kubernetes/kubernetes#118340
After months we're still stuck with Flux on Kubernetes 1.27 while our deps cumulate CVEs that we can't fix, such as Cosign. The only blocker left for us is cli-utils: kubernetes-sigs/cli-utils#625 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
triage/accepted
Indicates an issue or PR is ready to be actively worked on.
Currently, k/k and all dependencies depend on gnostic v0.5.7-v3refs because we did not want to capture the additional dependencies introduced with later versions of gnostic. We use gnostic for OpenAPI protobuf serialization/deserialization. Gnostic was split into multiple modules for better encapsulation, and the only component we require is the openapi protobuf encoding module which is under github.com/google/gnostic-models. We should update all references of that.
Because module renames are backwards incompatible, our users are running into a upgrade issues. In order to upgrade properly, the three repos that were changed must be updated together: client-go 0.28, kube-openapi 20230601164746-7562a1006961 , kustomize 5.1.
Unfortunately since these three modules all follow different release cadences, a naive
go get -u
causes problems because client-go 0.28 is unreleased yet while the other modules are available. This creates issues such as: kubernetes/client-go#1266.The workaround for
go get -u
is to pin kube-openapi to an earlier version for clients using a version of client-go <0.28. This is temporary until client-go 0.28 is released.Obviously the alpha version of client-go can also be used to mitigate this problem (k8s.io/client-go v0.28.0-alpha.2) but it's generally recommended to be on a stable version.
For larger projects like flux, other projects that depend on one of the three projects above are part of the imports, and the chain needs to be synced before an upgrade.
This includes:
/sig api-machinery
/triage accepted
The text was updated successfully, but these errors were encountered: