-
Notifications
You must be signed in to change notification settings - Fork 38.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubeadm: update docker version for CE and EE #42425
kubeadm: update docker version for CE and EE #42425
Conversation
cc @Random-Liu @dchen1107 @vishh @yujuhong @kubernetes/sig-node-pr-reviews |
Nope. It's not running in node e2e yet. |
Discussion right now if we should allow 1.9+ without qualification (as this PR as it stands) or if we should warn for 1.13+ as it hasn't been 100% validated yet. |
I think we should absolutely not allow 1.9+ without warnings; that would be bad UX. If docker 1.13 isn't validated for v1.6, it isn't I think we should continue to fail for 1.13 and 17.03-ce until sig-node has validated it. On the other hand, our docs could include that "if you know what you're doing and have run this iptables command described in issue xxx then you may move on with |
5f4e8e6
to
d662c80
Compare
test/e2e_node/system/types.go
Outdated
@@ -114,7 +114,7 @@ var DefaultSysSpec = SysSpec{ | |||
Cgroups: []string{"cpu", "cpuacct", "cpuset", "devices", "freezer", "memory"}, | |||
RuntimeSpec: RuntimeSpec{ | |||
DockerSpec: &DockerSpec{ | |||
Version: []string{`1\.(9|\d{2,})\..*`}, // Requires 1.9+ | |||
Version: []string{`1\.(9|\d?[0-2]{2,})\..*`}, // Requires 1.9+ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure I understand the regexp here.
If we only want to officially support 1.9 - 1.12, could we change this to 1\.(9|1[0-2])\..*
?
@dchen1107 Two questions here:
- Do we still support 1.9?
- Are we going to say we don't support 1.13+ now?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Testing code could still allow for testing newer versions. We might get some early signals from the community before upstream validates new versions. WDYT @Random-Liu ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Testing code could still allow for testing newer versions. We might get some early signals from the community before upstream validates new versions. WDYT @Random-Liu ?
Good point, sounds good to me.
However, for kubeadm preflight check, should we fail on version other than 1.10-1.12?
d662c80
to
eeefd2c
Compare
@k8s-bot cvm gce e2e test this |
This LGTM. The only thing I'd like to see is some pointer for the user to learn more. Based on our current docs I think that https://kubernetes.io/docs/getting-started-guides/kubeadm/#limitations is the best place to send people. I'm thinking we can just do this as part of the mondo error returned by I'm ok with merging without that, but I'd feel better if we had it. |
@@ -28,7 +28,7 @@ func TestValidateDockerInfo(t *testing.T) { | |||
Reporter: DefaultReporter, | |||
} | |||
spec := &DockerSpec{ | |||
Version: []string{`1\.(9|\d{2,})\..*`}, | |||
Version: []string{`1\.(9|\d?[0-2]{2,})\..*`}, // Requires 1.9+ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The regex seems wrong to me. For example things like 1.21
, 1.221
will also match.
If we only want to support 1.9-1.12, 1\.(9|1[0-2])\..*
seems better to me
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sig-node agreed to drop 1.9.x support for 1.6 release, can we update the test here reflecting such change too?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should update this now.
Can we change the docker version checking logic here:
WDYT? |
I'm okay with @dchen1107's proposal. Currently the validators don't have a way to return warnings so that'll require some new plumbing. @dmmcquay -- you up for it? I still think we should direct users to a page for any precheck failure. At least we can address common things quickly there without pushing new code. |
We should check the docker API version (which is semver) instead. |
@dchen1107 @jbeda I don't know if I agree with the proposed change. Is the idea to rework the What is the purpose of throwing the "warning"? Would logging the info satisfy this requirement? |
@yujuhong -- The API version isn't enough. There are other changes (such as how Docker sets up iptables) that can break people and won't show up as a breaking change to the API. @dmmcquay -- my feeling is that <=1.9 we know it wont work. For 1.10-1.12 we have tested and validated. For >=1.13 it hasn't been validated and there may be issues (known and not known). If we error for 1.13+ then if there are issues that people can work around they'll have to turn off all preflight checks. That means they may miss other problems. If we were able to specify which prechecks to skip then I'd be more comfortable making it an error over a warning. This would mean changing the validator interface and that would be a bigger change. But the preflight check interface already knows how to surface warnings so it'll be limited to just the validator interface. Thoughts? @dchen1107 @luxas @lukemarsden? If we can't come to some other conclusion by EOD today, I think we should go with error for all non-proven versions with the addition of a link to the kubeadm docs. |
@jbeda One solution that I thought of would be making a new error type: type DockerValidatorError struct {
Msg string
Warning string
} And then do some sort of type switch on the error, and if its a Not saying this is a better solution, just an idea for keeping the interface intact. |
@dmmcquay I dunno. That just seems to move the problem around into the kubeadm code. At the end of the day, we should look to refactor this stuff out of a test directory so we shouldn't be afraid to move it forward (as long as @dchen1107 and @yujuhong are cool with it). |
@jbeda, @dchen1107, @yujuhong PTAL and let me know what you think about the changes I made. This change will allow 1.13+ (including EE and CE versions) but will return a warning saying |
b135a60
to
a667029
Compare
@k8s-bot non-cri e2e test this |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just some small nits. This didn't end up being as invasive as we feared!
fmt.Println("getting here") | ||
d.Reporter.Report(dockerConfigPrefix+"VERSION", info.ServerVersion, good) | ||
w := fmt.Errorf( | ||
"docker version is greater than the maximum version validated by the node team. docker version: %s", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Users running this won't know who the "node team" is. I'd do something like:
"docker version is greater than the most recently validated version. Docker version: %s. Max validated version: %s"
Ideally we could point to a URL about what the known issues might be. @dchen1107 @yujuhong -- does the node team keep any documentation about the latest status of what has been validated?
@@ -28,7 +28,7 @@ func TestValidateDockerInfo(t *testing.T) { | |||
Reporter: DefaultReporter, | |||
} | |||
spec := &DockerSpec{ | |||
Version: []string{`1\.(9|\d{2,})\..*`}, | |||
Version: []string{`1\.(9|\d?[0-2]{2,})\..*`}, // Requires 1.9+ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should update this now.
ver := `1\.(1[3-9])\..*|\d{2}\.\d+\.\d+-[a-z]{2}` | ||
r := regexp.MustCompile(ver) | ||
if r.MatchString(info.ServerVersion) { | ||
fmt.Println("getting here") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: remove
This change allows validators to pass warnings as well as errors. This was needed because of how support for docker 1.13+ and the new EE and CE versions is currently being handled.
a667029
to
35f0709
Compare
/lgtm |
@jbeda: you can't LGTM a PR unless you are an assignee. In response to this comment:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
[APPROVALNOTIFIER] This PR is APPROVED The following people have approved this PR: dmmcquay, jbeda Needs approval from an approver in each of these OWNERS Files:
We suggest the following people: |
@k8s-bot non-cri e2e test this |
Applying @jbeda's LGTM... |
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
Automatic merge from submit-queue (batch tested with PRs 42762, 42739, 42425, 42778) |
@dmmcquay: The following test(s) failed:
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
What this PR does / why we need it: Update regex for docker version to also capture new CE and EE versions.
Which issue this PR fixes: fixes #kubernetes/kubeadm#189
Special notes for your reviewer: /cc @jbeda @luxas
Release note: