-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
k8s 1.32 upgrade (CI to use 1.31) #466
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Hi @mythi ! I'm not sure about this bump. The CI for operator doesn't run functional tests but rather mere install/uninstall operations, coco's functional tests rely on Kata CI. In there, it's still using v1.30 for sev-snp and tdx (v1.28 for s390x) if I'm not mistaken. The question is: shouldn't we keep same k8s version used in here and Kata CI? If yes, then we probably should bump the version in kata CI first. |
I'm OK to drop 5258d2d if that's the concern? |
5258d2d
to
ef69202
Compare
I dropped the commit. However, I feel we should always be moving to the latest released k8s version to find potential problems as soon as possible. |
Being a newbie here but I also think the upstream projects should try consuming the latest and greatest bits. Downstream should verify and patch things in case something gets broken, but upstream should move fast and break stuff, that's the purpose of upstream, isn't it? As for the functional testing, I don't think the operator requires much but perhaps it'd be nice to bring back at least very simple scenario (the testing takes 20m so adding basic functional test shouldn't increase that significantly) |
I agree with you. I'm just concern on doing it right before a release and I think we should start bumping on kata CI side (due the lack of functional tests I mentioned). I will reach to maintainers of jobs on kata CI to see if they can upgrade to k8s 1.31. |
Agree.
#446 is a tentative to introduce some basic function tests back. Unfortunately Gabriela switched to another project, so she won't be able to keep working on it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @mythi !
I see the error in sev and snp-sev jobs:
The previous version of this PR had 1.31 installed then latest reverted back to 1.30. Maybe CI didn't wipe out kubelet from the node properly? I'm re-running the jobs to see if they pass... @AdithyaKrishnan @ryansavino could you have a look if they don't pass? |
FYI, I added af08f6f back. |
Fixed @wainersm @ryansavino |
af08f6f
to
bc19fb2
Compare
It looks the |
Hi @mythi , regarding the bump of k8s version, yesterday on CI meeting we talked about a policy. On Kata CI, the non-TEE job, is running in AKS with unpinned version; meaning it will be using the latest available version according to AKS's policy which is getting N-1. For example, currently on the east-us region N = 1.30, so it's installed are using 1.29. While we won't be on latest and greatest upstream k8s version, we agreed that it will be sufficiently close and enough for our testing purposes. On operator side, we will be free to pick up the latest upstream k8s version + we plan to introduce some functional (smoke) tests to help on finding any breakage. |
bc19fb2
to
0fd9585
Compare
Signed-off-by: Mikko Ylinen <[email protected]>
Security scanners may warn about earlier versions and v0.31.0 fixes a CVE. Signed-off-by: Mikko Ylinen <[email protected]>
v1.31 has been out for some time so we better move to test with it. Signed-off-by: Mikko Ylinen <[email protected]>
0fd9585
to
ac464be
Compare
I re-requested a review from @wainersm as I bumped to 1.32 k8s version for the dependencies. CI is still at 1.31. |
No description provided.