Update k8s dependencies #67

Neo2308 · 2024-04-26T08:17:06Z

Updated k8s dependencies to v0.29.3
Updated operator-framework/operator-registry to v1.39.0
Updated kubebuilder to v3.14.2
Updated k8s version in Makefile

Relates to: operator-framework/operator-sdk#6651

Neo2308 · 2024-05-01T09:49:20Z

@rashmigottipati could you help review this PR?

go.mod

* Bump k8s dependencies to 0.29.3 * Bump other operator-framework lib versions to support k8s 0.29.x * Bump ginkgo/v2 to v2.17.2 TODO: * Update operator-framework/ansible-operator-plugins after operator-framework/ansible-operator-plugins#67 is merged * Add changelog * Regenerate testdata Signed-off-by: Neo2308 <[email protected]>

everettraven

These changes look good, but I think we also need to make sure we update the python packages provided in the base image here:

ansible-operator-plugins/images/ansible-operator/Pipfile

Line 11 in 4e8c78d

kubernetes = "==28.1.0"

pkg/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/role.go

internal/ansible/handler/logging_enqueue_owner_test.go

pkg/plugins/util/cleanup.go

hack/generate/samples/ansible/memcached.go

testdata/memcached-molecule-operator/config/default/manager_auth_proxy_patch.yaml

Neo2308 · 2024-05-07T07:02:21Z

@everettraven could you review this PR again?

Neo2308 · 2024-05-15T06:54:18Z

@everettraven could you review this PR since its blocking operator-framework/operator-sdk#6736?

Neo2308 · 2024-05-21T11:00:43Z

@everettraven / @rashmigottipati can you help review this PR? This blocking work on the 1.29 bump

go.mod

everettraven

Changes LGTM aside from the comment that @acornett21 left

Neo2308 · 2024-05-22T00:26:30Z

Made the specified changes. @everettraven, @acornett21 could you review again?

* Bump k8s dependencies to 0.29.3 * Bump other operator-framework lib versions to support k8s 0.29.x * Bump ginkgo/v2 to v2.17.2 TODO: * Update operator-framework/ansible-operator-plugins after operator-framework/ansible-operator-plugins#67 is merged * Add changelog * Regenerate testdata Signed-off-by: Neo2308 <[email protected]>

Neo2308 · 2024-05-27T11:23:52Z

The e2e-molecule test failure seems to be due to an environment issue, I don't seem to have the permissions to retrigger it.
@joelanford could you help retrigger the checks?

acornett21 · 2024-05-28T15:14:15Z

@Neo2308 I think I've re-ran this test 2 or 3 times, and it's still failing.

Use NewDynamicRESTMapper instead of NewDiscoveryRESTMapper (Ref: kubernetes-sigs/controller-runtime#2611)

* Use operator-lib v0.13.0 instead of commit. * Regenerated testdata.

Neo2308 · 2024-06-18T06:09:45Z

Rebased the PR onto latest master. @acornett21 could you approve the workflow runs?

Neo2308 · 2024-06-20T17:06:23Z

The sanity tests are passing locally now, @acornett21 / @everettraven could you run approve the workflow runs?

acornett21 · 2024-06-25T14:46:55Z

@Neo2308 It doesn't appear that you generated the lock file correctly, you need to follow the instructions in the images/Readme file. But even if that is generated correctly there are still other issues, since version of requests needed to get past the CVE does not support the use case (protocol) we are using.

Azure/azure-iot-sdk-python#1182

Controller Logs

{"level":"error","ts":"2024-06-25T14:43:26Z","logger":"runner","msg":"Traceback (most recent call last):\n  File \"/usr/local/lib/python3.9/site-packages/requests/adapters.py\", line 633, in send\n    conn = self.get_connection_with_tls_context(\n  File \"/usr/local/lib/python3.9/site-packages/requests/adapters.py\", line 489, in get_connection_with_tls_context\n    conn = self.poolmanager.connection_from_host(\n  File \"/usr/local/lib/python3.9/site-packages/urllib3/poolmanager.py\", line 246, in connection_from_host\n    return self.connection_from_context(request_context)\n  File \"/usr/local/lib/python3.9/site-packages/urllib3/poolmanager.py\", line 258, in connection_from_context\n    raise URLSchemeUnknown(scheme)\nurllib3.exceptions.URLSchemeUnknown: Not supported URL scheme http+unix\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n  File \"/usr/local/lib/python3.9/site-packages/ansible_runner/__main__.py\", line 874, in main\n    res = run(**run_options)\n  File \"/usr/local/lib/python3.9/site-packages/ansible_runner/interface.py\", line 210, in run\n    r.run()\n  File \"/usr/local/lib/python3.9/site-packages/ansible_runner/runner.py\", line 118, in run\n    self.status_callback('starting')\n  File \"/usr/local/lib/python3.9/site-packages/ansible_runner/runner.py\", line 106, in status_callback\n    ansible_runner.plugins[plugin].status_handler(self.config, status_data)\n  File \"/usr/local/lib/python3.9/site-packages/ansible_runner_http/events.py\", line 35, in status_handler\n    status = send_request(plugin_config['runner_url'],\n  File \"/usr/local/lib/python3.9/site-packages/ansible_runner_http/events.py\", line 18, in send_request\n    return session.post(url_actual, headers=headers, json=(data))\n  File \"/usr/local/lib/python3.9/site-packages/requests/sessions.py\", line 637, in post\n    return self.request(\"POST\", url, data=data, json=json, **kwargs)\n  File \"/usr/local/lib/python3.9/site-packages/requests/sessions.py\", line 589, in request\n    resp = self.send(prep, **send_kwargs)\n  File \"/usr/local/lib/python3.9/site-packages/requests/sessions.py\", line 703, in send\n    r = adapter.send(request, **kwargs)\n  File \"/usr/local/lib/python3.9/site-packages/requests/adapters.py\", line 637, in send\n    raise InvalidURL(e, request=request)\nrequests.exceptions.InvalidURL: Not supported URL scheme http+unix\n","job":"7062013831693068113","name":"bootstrap-token-abcdef","namespace":"kube-system","error":"exit status 1","stacktrace":"github.com/operator-framework/ansible-operator-plugins/internal/ansible/runner.(*runner).Run.func1\n\tansible-operator-plugins/internal/ansible/runner/runner.go:269"}

I'm not really sure how we work around this, since I'm not well versed in python.

I poised this question in k8s slack
https://kubernetes.slack.com/archives/C017UU45SHL/p1719326921876759

Neo2308 · 2024-06-25T18:14:18Z

@acornett21 Should we consider reverting the request package bump and ignore the security warning coming from it for now? By the way, really appreciate your help so far on this PR!

acornett21 · 2024-06-26T13:59:04Z

@Neo2308 After the discussion in slack, @everettraven agrees the path forward for now is to revert the ansible-core changes and ignore the CVE in both docker files. I believe the ID would be 71064.

Neo2308 · 2024-06-27T18:45:57Z

@acornett21 Made the changes. Could you review?

Neo2308 · 2024-07-03T03:40:07Z

@everettraven could you review/approve this PR as well?

* Bump k8s dependencies to 0.29.3 * Bump other operator-framework lib versions to support k8s 0.29.x * Bump ginkgo/v2 to v2.17.2 TODO: * Update operator-framework/ansible-operator-plugins after operator-framework/ansible-operator-plugins#67 is merged * Add changelog * Regenerate testdata Signed-off-by: Neo2308 <[email protected]>

* Bump k8s versions * Bump k8s dependencies to 0.29.3 * Bump other operator-framework lib versions to support k8s 0.29.x * Bump ginkgo/v2 to v2.17.2 TODO: * Update operator-framework/ansible-operator-plugins after operator-framework/ansible-operator-plugins#67 is merged * Add changelog * Regenerate testdata Signed-off-by: Neo2308 <[email protected]> * * Regenerate testdata Signed-off-by: Neo2308 <[email protected]> * * Use [email protected] instead of specific commit. Signed-off-by: Neo2308 <[email protected]> * * Bump up kubebuilder to v3.14.2 * Regenerate testdata Signed-off-by: Neo2308 <[email protected]> * * Updated controller-runtime to v0.17.3 Signed-off-by: Neo2308 <[email protected]> * * Updated ansible-operator-plugins to latest Signed-off-by: Neo2308 <[email protected]> * Added changelog fragment Signed-off-by: Neo2308 <[email protected]> * Use tagged versions for ansible & helm operator plugins Signed-off-by: Neo2308 <[email protected]> * Fix sanity tests Signed-off-by: Neo2308 <[email protected]> * Fix e2e tests Signed-off-by: Neo2308 <[email protected]> * Update java operator plugin version Signed-off-by: Neo2308 <[email protected]> * Use tagged java operator plugin version Signed-off-by: Neo2308 <[email protected]> * Update helm operator plugins to v0.2.2 Signed-off-by: Neo2308 <[email protected]> * Update website config for v1.20 Signed-off-by: Neo2308 <[email protected]> --------- Signed-off-by: Neo2308 <[email protected]>

This PR removes: * awx-operator, whch depends on * ansible-operator because the Ansible operator can only run with non-latest 2.31.0 version of the `requests` Python package, ending up needing an unguarded package. And because it's a runtime dependency of the AWX operator, that applies to that too. Details available [here](operator-framework/ansible-operator-plugins#67 (comment)). Code path non supported by later versions of requests is [here](https://github.com/ansible/ansible-runner-http/blob/631cb47044d792e9e16ae924d26711d1346e3712/ansible_runner_http/events.py#L10). --------- Signed-off-by: Massimiliano Giovagnoli <[email protected]>

openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 26, 2024

openshift-ci bot requested review from anik120 and rashmigottipati April 26, 2024 08:17

Neo2308 mentioned this pull request Apr 26, 2024

Meta Issue for k8s 1.29 bump operator-framework/operator-sdk#6651

Closed

13 tasks

Neo2308 changed the title ~~{WIP} Update k8s dependencies~~ Update k8s dependencies May 1, 2024

openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 1, 2024

Neo2308 commented May 1, 2024

View reviewed changes

go.mod Outdated Show resolved Hide resolved

Neo2308 mentioned this pull request May 1, 2024

Bump k8s to 1.29 versions operator-framework/operator-sdk#6736

Merged

5 tasks

everettraven requested changes May 1, 2024

View reviewed changes

Neo2308 requested a review from everettraven May 3, 2024 06:24