🌱 clusterctl upgrade cert manager before upgrading providers #3364
Conversation
k8s-ci-robot
added
do-not-merge/work-in-progress
k8s-ci-robot
added
the
size/XXL
|
/milestone v0.3.9 |
k8s-ci-robot
added
the
needs-rebase
fabriziopandini
force-pushed
the
clusterctl-upgrade-cert-manager
branch
from
4d6f723 to
2c1f290
Compare
k8s-ci-robot
added
size/XL
fabriziopandini
force-pushed
the
clusterctl-upgrade-cert-manager
branch
2 times, most recently
from
23c76ce to
cc648c5
Compare
fabriziopandini
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
There was a problem hiding this comment.
Tested this out locally and the upgrade works.
A couple of things:
- I think we should document that now
clusterctl upgrade applywill also try upgrading cert-manager? - Should we have an entry in the
clusterctl upgrade planto check cert-manager versions as well? This need not be part of this PR.
| case c < 0: | ||
| // if version < current, then upgrade | ||
| currentVersion = objVersion | ||
| needUpgrade = true |
There was a problem hiding this comment.
Could we break here? Then we may not need the if needUpgrade check below on line 281.
This way we have a consistent pattern that everywhere needUpgrade = true we break.
There was a problem hiding this comment.
If we break here, we are breaking the switch statement while the goal of the statement on line 281 is to break the for loop
k8s-ci-robot
added
the
needs-rebase
fabriziopandini
force-pushed
the
clusterctl-upgrade-cert-manager
branch
from
ecca906 to
89d13cd
Compare
k8s-ci-robot
removed
the
needs-rebase
|
@wfernandes thanks for the feedback
This makes sense |
|
We can open a separate issue to track this work.
/lgtm |
k8s-ci-robot
added
the
lgtm
|
Squash commits? |
| // NOTE: // If the cert-manager.yaml asset is modified, this line **MUST** be updated | ||
| // accordingly else future upgrades of the cert-manager component will not | ||
| // be possible, as there'll be no record of the version installed. | ||
| embeddedCertManagerManifestVersion = "v0.16.0" |
There was a problem hiding this comment.
We should use v0.16.1 given that it was just released
There was a problem hiding this comment.
If it is ok for you I will send a separate PR as soon as this one merge
There was a problem hiding this comment.
I was going to suggest a separate PR because that way we can test out what updating the cert-manager manifest would look like.
| // NOTE: // If the cert-manager.yaml asset is modified, this line **MUST** be updated | ||
| // accordingly else future upgrades of the cert-manager component will not | ||
| // be possible, as there'll be no record of the version installed. | ||
| embeddedCertManagerManifestVersion = "v0.16.0" | ||
|
|
||
| // NOTE: The hash is used to ensure that when the cert-manager.yaml file is updated, | ||
| // the version number marker here is _also_ updated. | ||
| // You can either generate the SHA256 hash of the file, or alternatively | ||
| // run `go test` against this package. THe Test_VersionMarkerUpToDate will output | ||
| // the expected hash if it does not match the hash here. | ||
| embeddedCertManagerManifestHash = "5770f5f01c10a902355b3522b8ce44508ebb6ec88955efde9a443afe5b3969d7" |
There was a problem hiding this comment.
Should we be hardcoding versions and hashes within the codebase? Can we open an issue to get rid of this or find an alternative that doesn't require code changes?
There was a problem hiding this comment.
This was inherited from #3313 and slightly re-worked here.
So far we have a unit test that ensures this value is in sync with the embedded manifest.
But happy to open an issue for another round of improvement
|
/assign |
fabriziopandini
force-pushed
the
clusterctl-upgrade-cert-manager
branch
from
89d13cd to
6e0e62d
Compare
k8s-ci-robot
removed
the
lgtm
|
squashed commits |
|
@fabriziopandini: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: vincepri The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
What this PR does / why we need it:
This PR extends
clusterctl upgradein order to manage cert-manager upgrades before upgrading providersThis PR builds on top of #3313, which is not yet merged. In the meantime, please consider the latest commit only