-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubeadm: Fix subtle versioning ordering issue with v1.8.0-alpha.0 #47438
kubeadm: Fix subtle versioning ordering issue with v1.8.0-alpha.0 #47438
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: luxas No associated issue. Update pull-request body to add a reference to an issue, or get approval with The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
cmd/kubeadm/app/master/manifests.go
Outdated
if k8sVersion.AtLeast(kubeadmconstants.MinimumNodeAuthorizerVersion) { | ||
// TODO: That we have to exclude v1.8.0-alpha.0 here is based on the way kubernetes branches work | ||
// v1.7.0-beta.0 == v1.8.0.alpha.0 but they are sorted/compared differently | ||
if k8sVersion.AtLeast(kubeadmconstants.MinimumNodeAuthorizerVersion) && cfg.KubernetesVersion != "v1.8.0-alpha.0" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of special-casing 1.8.0-alpha.0, could we say k8sVersion < 1.8?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Problem is that v1.8.0-alpha.1 will be perfectly valid...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure that I fully grok what happened here, but I think some new unit tests would be a great way to demonstrate what the expected behavior is (as well as prove that this works how we think it does).
Is the problem that this feature is going to be removed in 1.8, or is there actually a problem with how we do semver and we think that 1.8.0-alpha.0 came before 1.7.0? My interpretation of this PR is the latter, which is actually pretty scary if true (and something we should excalate / fix project-wide, I think).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, after looking at the repository version tags, I understand now. Ideally, semver means that 1.8.0-alpha.0 came strictly after anything in 1.7, and our engine handles that correctly, but we have actually applied the version tag to the same commit as 1.7.0-beta.0, so the semver comparison doesn't actually make sense, and 1.7.1-beta.1 actually came after 1.8.0-alpha.0 in the commit history. Yuck.
Since the release cycles for wrapping up 1.7 and pushing forward with 1.8 are overlapping, I wonder if the better solution (instead of special-casing 1.8.0-alpha.0) is to have a minimum 1.8 version to check as well. Someone could still tag 1.8.0-alpha.1 to be a commit that logically occurred before 1.7.0-beta.1, but it should at least be a commit later than 1.8.0-alpha.0. I hope that we at least have strong semver guarantees within each 1.X lineage.
So, I'd recommend changing this from an exact check of 1.8.0-alpha.0 to instead check for >= 1.8.0-alpha.1. That way, we're logically asking "is this greater than the first release that included the feature in the 1.7 or 1.8 series?" instead of saying "1.8.0-alpha.0 is a weird botched special case we have to handle specifically."
If the logic gets complicated, I would also pull it out into a well-named helper like IsNodeAuthorizerSupported
that we can much more thoroughly test for all of the version edge cases.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll make IsNodeAuthorizerSupported
instead tomorrow...
Are you fine with
if version.AtLeast("v1.7.0-beta.1") && version != "v1.8.0-alpha.0"
or do you strictly want
if (version.AtLeast("v1.7.0-beta.1") && version.LessThan("v1.8.0-alpha.0")) || version.AtLeast("v1.7.0-beta.1")
?
I think they'll produce the same logic anyway...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1.7.1-beta.1 actually came after 1.8.0-alpha.0 in the commit history. Yuck.
wait, what? Why are we cutting 1.8 anything?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@timothysc Not sure how/why it got cut, but it exists: https://github.com/kubernetes/kubernetes/releases/tag/v1.8.0-alpha.0
@luxas What I was originally suggesting was:
if version.AtLeast("v1.7.0-beta.1") || version.AtLeast("v1.8.0-alpha.1")
but I realized after writing it that it wouldn't skip v1.8.0-alpha.0
at all, unless we do something more elaborate, like:
if (version.Prefix("v1.7") && version.AtLeast("v1.7.0-beta.1")) || version.Prefix("v1.8") && version.AtLeast("v1.8.0-alpha.1")
I don't really mind about how we write the if
as long as the intent is clear (by having a well-named helper instead of just a complex inline if
), there are adequate tests to avoid an oops, and the reasoning behind the version juggling is explained well in comments.
1ac353e
to
473bb9c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
But this is so hacky... how did we get here.
/cc @kubernetes/sig-release-bugs
/retest |
@k8s-bot pull-kubernetes-e2e-kubeadm-gce test this |
/retest
… On 15 Jun 2017, at 14:01, k8s-ci-robot ***@***.***> wrote:
@luxas: The following test failed, say /retest to rerun them all:
Test name Commit Details Rerun command
pull-kubernetes-federation-e2e-gce 473bb9c link @k8s-bot pull-kubernetes-federation-e2e-gce test this
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
/retest
… On 15 Jun 2017, at 17:17, k8s-ci-robot ***@***.***> wrote:
@luxas: The following test failed, say /retest to rerun them all:
Test name Commit Details Rerun command
pull-kubernetes-federation-e2e-gce 473bb9c link @k8s-bot pull-kubernetes-federation-e2e-gce test this
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
/retest |
1 similar comment
/retest |
/retest |
1 similar comment
/retest |
Automatic merge from submit-queue (batch tested with PRs 47523, 47438, 47550, 47450, 47612) |
What this PR does / why we need it:
--kubernetes-version latest
is broken since it evals tov1.8.0-alpha.0
which actually isv1.7.0-beta.0
, so kubeadm enables features that don't existWhich issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close that issue when PR gets merged): fixes #Special notes for your reviewer:
Release note:
@kubernetes/sig-cluster-lifecycle-pr-reviews