Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: rebase to Kubernetes 1.32.0 #3209

Open
1 task
embik opened this issue Dec 10, 2024 · 10 comments · May be fixed by #3302
Open
1 task

feature: rebase to Kubernetes 1.32.0 #3209

embik opened this issue Dec 10, 2024 · 10 comments · May be fixed by #3302
Assignees
@gman0
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@embik
Copy link
Member

embik commented Dec 10, 2024

Feature Description

Kubernetes 1.32.0 is slated to come out tomorrow. We should rebase kcp to that new version. A final changelog isn't out yet, so it likely makes sense to wait for that to understand what changes to expect from the rebase.

Proposed Solution

Follow the rebase guide.

Alternative Solutions

No response

Want to contribute?

  • I would like to work on this issue.

Additional Context

No response
@embik embik added the kind/feature Categorizes issue or PR as related to a new feature. label Dec 10, 2024
@kcp-ci-bot kcp-ci-bot added this to kcp Dec 10, 2024
@github-project-automation github-project-automation bot moved this to New in kcp Dec 10, 2024
@embik
Copy link
Member Author

embik commented Dec 10, 2024

/assign gman0

@kcp-ci-bot
Copy link
Contributor

@embik: GitHub didn't allow me to assign the following users: gman0.

Note that only kcp-dev members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign gman0

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@gman0
Copy link

gman0 commented Dec 10, 2024

Taking (I would self-/assign but that probably won't work for me at the moment because of perms).

@embik
Copy link
Member Author

embik commented Dec 10, 2024

/assign gman0

This was referenced Dec 17, 2024
Merged
Closed
@mjudeikis mjudeikis moved this from New to In Progress in kcp Dec 19, 2024
This was referenced Jan 6, 2025
Merged
Merged
@gman0
Copy link

gman0 commented Jan 27, 2025

WIP branches for kcp-dev/kubernetes:

@gman0
Copy link

gman0 commented Jan 27, 2025

WIP branch for kcp-dev/kcp:

Also working on updating the rebasing docs:

@gman0
Copy link

gman0 commented Jan 27, 2025
edited
Loading

gman0/kubernetes@3ecc3a4

TL;DR we may need to wire in a context to the asPartialObjectMetadataList function. Will try it out and we can discuss it once the PR is out.

@gman0
Copy link

gman0 commented Jan 27, 2025
edited
Loading

gman0/kubernetes@0f81a9e

The new changes in upstream's GC controller may cause some issues for us. I'll try to explain the issue on garbagecollector.Sync because we don't have the new version of ResyncMonitors just yet, and the hack/kcp/garbage_collector_patch.go generator just copy-pastes that anyway.

Main changes:

  • The new version no longer has locks for the workers ((GarbageCollector struct).workerLock doesn't exist anymore). It seems garbagecollector.Sync now relies on retrying and hoping things will be in sync eventually.
  • Observe that the new version no longer retries gc.resyncMonitors && cache.WaitForNamedCacheSync inside wait.PollImmediateUntilWithContext . Again, relying on global retries inside the parent wait.UntilWithContext loop.

Consequences:

  • If we (kcp) fail in gc.resyncMonitors or cache.WaitForNamedCacheSync, it seems like we won't be able to retry, only until the next LogicalCluster event in GC controller that would invoke ResyncMonitors.
  • Lack of worker locks means we may miss to garbage-collect some resources and would find out only until the next LogicalCluster event.

Now what?

What we've decided:

  • We're going with the lock-full version, gman0/kubernetes@28ac217.
    • This is to protect GC from missing events.
    • TODO: let's work toward lock-less version

@gman0
Copy link

gman0 commented Jan 27, 2025
edited
Loading

gman0/kcp-code-generator@e65054c

The build constraint !ignore_autogenerated in templates caused the generated files to be not picked up by tools in https://github.com/kubernetes/code-generator/tree/master/cmd, specifically when re-generating deepcopy functions as a part of hack/update-codegen.sh.

Removing these constraints fixed the issue.

TODO:

@embik embik mentioned this issue Feb 3, 2025
Open
@gman0 gman0 mentioned this issue Feb 7, 2025
Merged
@gman0 gman0 linked a pull request Feb 14, 2025 that will close this issue
Open
@gman0
Copy link

gman0 commented Feb 17, 2025
edited
Loading

gman0@ddbe247

This commit removes v1alpha1 ValidatingAdmissionPolicy from informers and APIExport builtin types.

It seems it was added in 1f2244a , c136c4a and 666c6a3 . This was back in 2023 when we were basing kcp on k8s 1.26, and at that time VAP was indeed just being introduced, and so it was served from admissionregistration.k8s.io/v1alpha1. Since v1alpha1 APIs are disabled by default, c136c4a added a runtime config override:

kcp/pkg/server/options/options.go

Lines 133 to 136 in 4bd4122

// Turn on admissionregistration for validating admission policy
if err := o.GenericControlPlane.APIEnablement.RuntimeConfig.Set("admissionregistration.k8s.io/v1alpha1=true"); err != nil {
panic(fmt.Errorf("error setting APIEnablement: %w", err))
}

With k8s v1.32 rebase however v1alpha1 marks VAP as removed in its APILifecycle policy:

https://github.com/kubernetes/kubernetes/blob/v1.32.0/staging/src/k8s.io/api/admissionregistration/v1alpha1/zz_generated.prerelease-lifecycle.go#L108-L112

This makes it so that the kind is not served. Because of that it was necessary to remove the v1alpha1 VAP code for our 1.32 rebase, otherwise it was causing issues with our informers:

I0214 00:47:29.166169 1915080 deleted_kinds.go:169] Removing resource [validatingadmissionpolicybindings.v1alpha1.admissionregistration.k8s.io](http://validatingadmissionpolicybindings.v1alpha1.admissionregistration.k8s.io/) because it is time to stop serving it per APILifecycle.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gman0 gman0

Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
kcp
Status: In Progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

✨ Updates for Kubernetes v1.32.0 gman0/kcp
3 participants
@gman0 @embik @kcp-ci-bot