k8s-friendly dep #64731
k8s-friendly dep #64731
Conversation
k8s-ci-robot
added
do-not-merge/work-in-progress
k8s-ci-robot
added
sig/testing
|
@sigma: Reiterating the mentions to trigger a notification: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/assign @sttts |
staging/src/k8s.io/api/Gopkg.toml
Outdated
| @@ -0,0 +1,10 @@ | |||
| [[constraint]] | |||
There was a problem hiding this comment.
the Godeps.json files in the staging dirs have not changed? Do we still generated them?
There was a problem hiding this comment.
We have to because the publishing-bot depends on them, and people vendoring with godep or glide depend on them.
There was a problem hiding this comment.
I haven't handled that yet, I'll followup shortly with another dep patch to do that. I wasn't quite sure what was the exact requirement, and thought we might get away with generating the corresponding Gopkg.lock. But it seems you're saying we're also going to need valid Godeps.json files no matter what.
There was a problem hiding this comment.
But it seems you're saying we're also going to need valid Godeps.json files no matter what.
I think until vgo is official and adopted wide enough, we will have to keep Godeps.json around, largest common denominator. It's sad, yes.
Potentially we can simulate a godep restore run based on gopkg.lock in the publisher bot, i.e. a run which populates the GOPATH.
There was a problem hiding this comment.
I tried a few things, and settled for a feature in dep to generate all those files after a solution is found (at this point we have an exact knowledge of what packages are needed at what version for what k8s.io/* repo). I guess that would mean we could retire hack/update-staging-godeps-dockerized.sh ?
Incidentally it seems the currently generated Godeps.json can have duplicated entries, which is slightly weird.
There was a problem hiding this comment.
duplicated entries
You mean multiple packages per repo? That's normal for Godep. And the bot makes use of that to avoid running godep safe+restore when nothing changed. So I fear we need that as well.
There was a problem hiding this comment.
no I mean multiple entries for the same package. See the diff for staging/src/k8s.io/api/Godeps/Godeps.json for example. The removed entries are the ones that were previously duplicated.
There was a problem hiding this comment.
The generated Godeps.json looks fine now. The publishing bot should work with that.
k8s-ci-robot
added
the
needs-rebase
|
/ok-to-test |
k8s-ci-robot
removed
the
needs-ok-to-test
|
|
||
| [[constraint]] | ||
| name = "k8s.io/client-go" | ||
| version = "6.0.0" |
There was a problem hiding this comment.
where does this file come from? Is it manually written?
Asking because this must be kept up-to-date. At least we need some hack/verify-* script to check that no constraint is missing
Do we really need the branch and version constraints here? Won't your dep fork figure out that the staging packages are in the same repo?
Background: on publishing we will drop this file (via https://github.com/kubernetes/publishing-bot/blob/master/configs/kubernetes-rules-configmap.yaml#L9) for now.
I tried to keep the file in kubernetes/publishing-bot#55 with full dependencies and hit a wall with the solver. Maybe we can do a minimal file like you have here. But it has to be generated by the bot automatically from the branch config.
There was a problem hiding this comment.
Sorry, those are leftovers from previous iterations. I think at this point, those should mostly be empty and it's probably easier for all constraints to be expressed in the main Gopkg.toml anyway.
I guess I could implement some smarts that would replicate the constraints that make sense in each sub-project, but I'm not convinced that's needed for now.
I suppose I should consider generating the corresponding Gopkg.lock files though...
There was a problem hiding this comment.
btw my experience is that it's easier to generate a Gopkg.toml using overrides rather than constraints when you know ahead of time what the desired solution is.
Of course, the result is not flexible, but since it'll be re-generated when needed anyway, it's probably no big deal.
There was a problem hiding this comment.
rather than constraints when you know ahead of time what the desired solution is.
And overrides are ignored when they are in a library. That's the reason they are of no use in client-go. Also the lock files is ignored.
There was a problem hiding this comment.
To help users with dep though, we could create a Gopkg.toml.template file. They can copy that into their projects, with a long list of overrides. Wdyt? Better than nothing.
There was a problem hiding this comment.
Oh sorry I misunderstood the problem at hand.
Yeah I guess providing a template might help somewhat, although it just pushes the problem one step further, as you note.
There was a problem hiding this comment.
btw I should add that it's entirely possible that the current "solution" expressed in Godeps.json is not an actual solution and that packages would conflict with each other according to their respective constraints (which overrides casually ignore).
I don't know if that's the case currently, but a few weeks back, there was a clear inconsistency for some microsoft-related packages (whether the corresponding constraints were faulty or too broad is another question :))
My point is, in general we shouldn't assume that a godep-snapshot is dep-consistent, so generating one from the other is a risky endeavor by nature.
There was a problem hiding this comment.
Godep does no consistency checks. It only checks out what you declare in Godeps.json. So if kubernetes itself (all of it) builds and works with the given revisions, so will the staging repo.
If I understand you correctly, you are referring to constraints in dependencies' Gopkg.toml. The Godep.json solution might now matchs of the dependencies in this sense. This of course can happen.
Do I understand it correctly that the generated Godeps.jsons of all staging repos agree on the revisions? I.e. you don't try to find solutions for each staging dir alone, but one global one.
There was a problem hiding this comment.
Right, yes all generated here Godeps.json are consistent, and use the versions from the unified Gopkg.lock
What I'm trying to express is that this Gopkg.lock solution is not necessarily a "real" one, in the sense that it's not the result of the resolution of proper constraints (from kubernetes itself or any of the vendored repository that happens to have a Gopkg.toml too). Instead, it's a forced replica (via overrides) of whatever the current godep solution is, at the time of the conversion.
As such, there can be no expectation (yet) that using any of the kubernetes repositories in the context of a proper dep-managed downstream project (e.g. vendoring client-go) should lead to dep finding a solution of said downstream project since there might not even be a dep-computable solution for the repository itself at this point. And that's also what could happen with your solver problem above (kubernetes/publishing-bot#55)
That's a problem that should gradually disappear after migration to dep, when we replace overrides with constraints, make the dependencies versions evolve, and hopefully converge towards an override-free manifest.
In short, as long as overrides are needed, downstream is screwed and needs to override too :( (just as it is today)
k8s-ci-robot
removed
the
needs-rebase
|
/test pull-kubernetes-node-e2e |
|
unrelated but: node-e2e is a widespread flake, I've pinged sig-node about looking into this. |
|
@BenTheElder thanks for the update. And I agree that the verify failures are legit, I'm looking into them (none are really unexpected at this point) |
|
@sigma You can't just remove the verify scripts. The verify that the vendor is up to date, and that the staging dependency definition files are up to date with the main file. They would need to be modified to support dep, but the step of verifying vendor is sane is still required. |
|
@cblecker which is why it's a WIP and I added a TODO for myself :) |
|
Fixing the rest is missing, not removing the test. The test job is supposed to fail until you actually implement a proper, working test. |
sigma
force-pushed
the
kdep
branch
4 times, most recently
from
f0145c8
to
02ff0ef
Compare
Automatic merge from submit-queue (batch tested with PRs 64122, 64936, 65288, 65383). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. update github.com/pelletier/go-toml to 1.2.0 **What this PR does / why we need it**: Rationale: github.com/pelletier/go-toml is the only package that currently prevents the future vendoring of github.com/golang/dep as it depends on functions introduced in 1.1.0. The only consumers of this package are github.com/spf13/viper (used to run e2e tests) and github.com/bazelbuild/bazel-gazelle (bazel helper), so that's a pretty low-risk change. **Special notes for your reviewer**: This should help reducing the noise when #64731 lands **Release note**: ```release-note NONE ```
k8s-ci-robot
added
the
needs-rebase
k8s-ci-robot
removed
the
needs-rebase
|
/retest |
|
garbage collector flakes 👿 |
|
/retest |
|
Please don't do this. I and the rest of the Go team would be happy to work with you to make Kubernetes work well with vgo (eventually just "go") instead of having K-specific tools on the side. If you fork dep you're just taking on more one-off technical load and maintenance instead of being able to take advantage of the rest of the ecosystem. |
|
@rsc I'm personally more than happy to discuss and figure out (and even contribute to) a way forward with vgo. As mentioned in various places, I've been playing with its current incarnation in the context of k8s and experienced no shortage of valuable pain :). |
|
@sigma I'll set up a time to talk, as we discussed. I just want to reply briefly to the point you raised here, to avoid the appearance of ignoring you.
|
|
@sigma: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
needs-rebase
|
@sigma I am not aware of acute pain wrt godep today. The scripts we have wrapping it are slow, and occasionally generate weird deltas (e.g. one more or less character in the hashes) but they work reliably and they are not run THAT often. @rsc I am glad to hear you even considering k8s' bizarre needs. Is there any documentation or anything to describe the principles/patterns vgo will adopt to handle the mess we have made (e.g. staging/... as a pseudo-vendor'ed thing)? |
|
@thockin for the staging/ sub-repositories, my current understanding is that the strategy would look like:
|
I think vgo is the better approach long-term. @rsc's prototype looks pretty convincing. So, I vote for going the vgo route and accepting the godep pain for a bit longer. |
|
+1 to @sttts |
|
We should head down the vgo/go modules route. Why switch twice when we can switch once? Heading that way will also enable us to provide feedback to the vgo team to make sure our use cases are being met. |
|
Should we close this? |
|
seems like we have general agreement, and I'm not pursuing this any further anyway. /close |
What this PR does / why we need it:
This is a followup on #61490
This PR introduces a vendored
depfork that's a superset of the original one, to make it friendlier to the Kubernetes use-cases.It has the following main extra features (plus a few bugfixes that really should go upstream):
Godeps.jsonin the main repo and all staging repos for compatibility with existing scriptsnotes:
godepanddep. If we were to merge something like this, followup tasks would then include removing those overrides, and replacing them with constraints where appropriate.github.com/pelletier/go-tomlpackage which has to move to version1.1.0to allowdepitself to build properly. Given that it's used only as part of the e2e tests usage of viper, it should be low-risk.Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #61490
Special notes for your reviewer:
The whole
depvsvgostory is messy right now, and might require consideration. AFAICTvgois nowhere near ready (some parts of it just don't exist at this point, even as a prototype) anddepdevelopment has slowed-down considerably sincevgo's annoucement. So while I'm still looking at some PRs to integrate things upstream, I'm reluctant just waiting the whole thing out (in particular golang/dep#1764 doesn't seem to go anywhere for now).Release note: