Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SDN-5457: Move kube-proxy image from openshift/sdn to openshift/kubernetes #5712

Merged
merged 1 commit into from
Nov 27, 2024
Merged

SDN-5457: Move kube-proxy image from openshift/sdn to openshift/kubernetes #5712

merged 1 commit into from
Nov 27, 2024

Conversation

danwinship
Copy link

@danwinship danwinship commented Nov 21, 2024
edited
Loading

With the deprecation of openshift-sdn, the Dockerfile for the standalone kube-proxy image build has been moved from openshift/sdn to openshift/kubernetes (openshift/kubernetes#2082). CI update is openshift/release#58505.

(I believe this is the only other piece that is needed to make this work? This is not a new image, we're just building it out of a different repo.)

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Nov 21, 2024
@openshift-ci-robot
Copy link

openshift-ci-robot commented Nov 21, 2024
edited by openshift-ci bot
Loading

@danwinship: This pull request references SDN-5457 which is a valid jira issue.

In response to this:

With the deprecation of openshift-sdn, the Dockerfile for the standalone kube-proxy image build has been moved from openshift/sdn to openshift/kubernetes (openshift/kubernetes#2082). CI update is about to merge, openshift/release#58505.

(I believe this is the only other piece that is needed to make this work? This is not a new image, we're just building it out of a different repo.)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-bot
Copy link

Validating 1 file(s)...
Validating images/kube-proxy.yml...
Traceback (most recent call last):
File "/usr/local/bin/validate-ocp-build-data", line 33, in
sys.exit(load_entry_point('rh-ocp-build-data-validator==0.2.5', 'console_scripts', 'validate-ocp-build-data')())
File "/usr/local/lib/python3.9/site-packages/validator/main.py", line 87, in main
validate(f, args.exclude_vpn, args.schema_only)
File "/usr/local/lib/python3.9/site-packages/validator/main.py", line 23, in validate
support.fail_validation(msg, parsed)
File "/usr/local/lib/python3.9/site-packages/validator/support.py", line 14, in fail_validation
raise exceptions.ValidationFailed(msg)
validator.exceptions.ValidationFailed: Schema mismatch: images/kube-proxy.yml
Returned error: Additional properties are not allowed ('delivery' was unexpected)

@danwinship danwinship mentioned this pull request Nov 21, 2024
Merged
@danwinship
Copy link
Author

Returned error: Additional properties are not allowed ('delivery' was unexpected)

I'm not sure why it is saying this... that was already in the file. Is it just cruft and this particular file has not been re-validated in a while?

@openshift-ci-robot
Copy link

openshift-ci-robot commented Nov 21, 2024
edited by openshift-ci bot
Loading

@danwinship: This pull request references SDN-5457 which is a valid jira issue.

In response to this:

With the deprecation of openshift-sdn, the Dockerfile for the standalone kube-proxy image build has been moved from openshift/sdn to openshift/kubernetes (openshift/kubernetes#2082). CI update is openshift/release#58505.

(I believe this is the only other piece that is needed to make this work? This is not a new image, we're just building it out of a different repo.)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@danwinship
Copy link
Author

Once this PR has been reviewed and has the lgtm label, please assign mbiarnes for approval. For more information see the Kubernetes Code Review Process.

um, that only works if you assign reviewers, openshift-ci bot!
well,
/assign @mbiarnes
(and see also #5713)

@joepvd
Copy link
Contributor

joepvd commented Nov 22, 2024
edited
Loading

I think this has implications for our ability to ship embargoed CVEs in other components that stem from the o/k repository. Our tooling demands that SHAs from artifacts from the same repository are the same in a nightly, so increasing the number of artifacts that build from this repository adds overhead in sensitive situation.

(Shortly mistook this image for the rbac-proxy image, which is consumed in virtually all optional operators, which would make this a maintenance nightmare. Removing that hold)

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 22, 2024
@joepvd joepvd removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 22, 2024
@danwinship
Copy link
Author

So... does that mean we can't do this? That we need some set of approvals? That you need more details to better understand the situation? Something else?

FTR, I think the options are:

  1. Keep the kube-proxy image build in https://github.com/openshift/sdn. This is weird because it requires keeping the sdn repo "live" (with new release branches, etc) even though we no longer build or ship openshift-sdn.
  2. Move the kube-proxy image build to https://github.com/openshift/kube-proxy/. This sounds like it makes sense but would be slightly weird because that repo already exists and was used in a different way in the past, so we'd sort of be breaking the git history in half, where older tags/branches contain one source tree used one way, and newer tags/branches have a completely different source tree used in a different way.
  3. Create a new repo just for building the kube-proxy image, eg, openshift/standalone-kube-proxy. I actually had initially done this, https://issues.redhat.com/browse/DPP-15501, but then decided it didn't really make sense and started pursuing the current strategy (and then killed off the new repo again, https://issues.redhat.com/browse/DPP-15896).
  4. Build the kube-proxy image out of https://github.com/openshift/kubernetes. This seemed simple because they've already got an upstream kubernetes tree to build it from, and people have to handle rebasing it every release, etc, and the kube-proxy build is pretty easy, so we basically end up getting the kube-proxy build "for free" on top of the work the apiserver team is already doing there.

@joepvd
Copy link
Contributor

joepvd commented Nov 22, 2024

Sorry for the confusion. We can handle this tiny extra complication in rare cases 👍🏼

Should get a test build likely soon after the weekend, and then this can merge.

@joepvd
Copy link
Contributor

joepvd commented Nov 27, 2024

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Nov 27, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Nov 27, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: joepvd

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 27, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit cc1e5df into openshift-eng:openshift-4.18 Nov 27, 2024
2 checks passed
@danwinship danwinship deleted the kube-proxy-4.18 branch November 27, 2024 13:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@joepvd joepvd

@mbiarnes mbiarnes

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@danwinship @openshift-ci-robot @openshift-bot @joepvd @mbiarnes