-
Notifications
You must be signed in to change notification settings - Fork 576
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[IMPROVEMENT] Support K8s 1.25 by updating removed deprecated resource versions like PodSecurityPolicy #4003
Comments
This needs to consider to backport. |
This was released in Longhorn v1.2.5-rc1 release but not in Longhorn v1.2.5 release. Is there an ETA for an official release? |
It was wrongly mentioned in the rc release note. It is planned for 1.4.0 instead, the end of this year. |
dont' forget CronJobs #4490 (comment) |
Thanks 👍 , all deprecated resources will be taken care of together. cc @PhanLe1010 |
I managed to upgrade to kubernetes 1.25 on several nodes before I noticed the issue, so I'm hoping a release comes out that will handle that version as rolling back isn't an option. |
@skandragon I have exactly the same problem too. However, I cannot wait until the end of the year and unfortunately have to set up the cluster again. |
Are you sure about this scheduling, by the end of the year, that is Tuesday 6th December 2022, 1.26 will be out? |
Knowing people are eager for this, but for now, the plan is still the same, because Longhorn has its release scope and cadence. Please keep following up on the update here, and we will work on this soon or later. |
@innobead what is required to do beyond just changing the API calls? I know that means version 1.3 would be locked to 1.25 or higher; the better option is likely to try to use the proper API calls depending on what version was in use, I suppose? I know I was able to just change the betav1 magic to v1 and it just worked as far as I could tell. A bigger issue for me with longhorn is unrelated, and that's that it won't run under Talos. :/ |
Just want to mention that the wording of the issue is misleading.
PodSecurityPolicy has been deprecated since K8s 1.21 and will be removed in 1.25. |
That's really unfortunate, Longhorn will be unusable by the most recent Kubernetes release for the next two months. I encourage you to reconsider this release plan. |
I just hit this issue on k3s (latest channel) and needed to revert to 1.24 (where other coredns bug is present) |
@PhanLe1010 I know that you mean to an earlier date ;) Maybe not really relevant question, but adding a GitHub repo and installing this chart is not really something that works out of the box, and no link online helped so far. Could you summarize that in 2 lines of bash commands? |
The bash command would be like Another alternative is |
Oh, thanks! I thought it is possible to install it using Helm from a GitHub repo on the fly, but it turned out that I need to clone it. I will try it now. Thanks a lot! |
I just want to confirm that the helm chart @ master works excellently on Kubernetes 1.25.3 with the default settings. I am now waiting for the release 1.4.0 |
Verified in longhorn master-head cc @PhanLe1010 , @khushboo-rancher Case 1: within a Kubernetes version
Test basic functionalities (workload, upgrade engine image, replica rebuilding)
Verify CSI snapshot upgrade (by
Case 2: Test a Kubernetes version upgrade
|
@chriscchien Could you just test one more scenario, deploying Longhorn on a hardened cluster? |
Head Chart installs perfectly and everything looks fine MicroK8s 1.25.3 |
and some how installing longhorn crashed treafik in my k3s cluster |
Hi @khushboo-rancher , I tried deploy Longhorn master on hardened cluster but the deploy not scuccessed.
|
@chriscchien Would you mind to share the test steps here? |
Probably need to enable the PSP on this hardened cluster. Can you switch this field to Lines 253 to 255 in 23d2641
|
Hi @PhanLe1010 Using helm to install Longhorn master head by command For use kubectl to deploy Longhorn, I tried add below section into longhon.yaml to deploy but still have problem in
|
longhorn.yaml is generated by running helm template . The default Helm value
cc @innobead Which option would you suggest from PM perspective? |
You also need to add PSP into |
Thank you @PhanLe1010 , Deploy Longhorn on hardened cluster by |
I think we need to do both for users who use kubectl to apply the manifest directly. If in the future, it becomes complicated, we can use kustomize instead, but right now it's enough to have a separate manifest for < 1.25. @PhanLe1010 Could you help with this? Thanks. |
…ecated PodSecurityPolicy on k3s v1.25 (not yet fixed - longhorn/longhorn#4003)
longhorn issues Issue: longhorn/longhorn#4003 (comment)
In addition, tested upgrade Longhorn from old release to v1.40-rc1 then upgrade Kubernetes version to v1.25 In v1.24.7+k3s1
In v1.23.11+k3s1
|
Is your improvement request related to a feature? Please describe
PodSecurityPolicy has been deprecated and will be removed from K8s 1.25, so we need to find an alternative way to resolve the need for PSP in Longhorn to support 1.25.
Also, some deprecated resource versions are also removed from 1.25. Need to resolve this via #4239 or even consider to backport this to 1.3 & 1.2 via an adaptive way to determine the K8s version of the cluster to use which API resource version if possible (except PSP, because it's totally removed instead of version bump).
Note: client-go is backward compatible with K8s any version.
Describe the solution you'd like
Deprecate PSP if it's not needed. Otherwise, we need an alternative solution like https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/.
Describe alternatives you've considered
N/A
Additional context
https://www.kubernetes.dev/resources/release/#timeline
https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-25
#4239
The text was updated successfully, but these errors were encountered: