Permissions to add minikube packages to Kubernetes repos (.deb, .rpm) #839
Comments
tstromberg
changed the title
tstromberg
changed the title
|
Clarifying title. I could use some help with getting the appropriate permissions. Alternatively, we could create our own repo, but it would be nice to preserve the maintainability benefits of having a single Kubernetes package repository. |
|
/cc @justaugustus Now that we are post-v1.16 release, does the release team have the cycles to help make this happen? |
|
If #sig-release prefers, an alternative approach would be pulling files from our GCS or GitHub file stores. This would introduce a post-build race condition, but I'm happy with any solution so long as the deb files get published before we make public announcements. |
justaugustus
added
sig/release
|
any update on this ? |
|
I guess there is no update on this, and it won't be possible to easily install minikube 1.8.0 ? Only change since last time, was that we added the architecture to the package file names: https://github.com/kubernetes/minikube/releases/download/v1.7.0/minikube_1.7.0-0_amd64.deb https://github.com/kubernetes/minikube/releases/download/v1.7.0/minikube-1.7.0-0.x86_64.rpm |
|
Is there anything I or others can do to help with the signing infrastructure? This issue has now been open for 244 days without a response on GitHub, though I did have a chance to briefly bring this up with @justaugustus at KubeCon in November. Even if it takes a Googler to push a button to sign the key, that's fine with me to get this thing going. |
|
From #sig-release Slack thread: @tstromberg -- Sorry for letting this slip. The tl;dr:
ref on the current work: #911 Unfortunately, I don't have a good answer for you right now, given the other more pressing projects. Potential solutions:
cc: @kubernetes/build-admins |
|
The main downside is that user would have to install two separate keys, but that seems to be the same situation for both solutions since if it was the same key used for new repo it could go into the main... https://packages.cloud.google.com/apt/doc/apt-key.gpg So I guess minikube will have to invent some local process, that will be a part of the release build. And then find some hosting for both the (public) gpg keys as well as the rest of the apt/yum index files... |
|
The workaround is still the same as before, user will have to download and install unsigned packages: https://github.com/kubernetes/minikube/releases/download/v1.9.2/minikube_1.9.2-0_amd64.deb https://github.com/kubernetes/minikube/releases/download/v1.9.2/minikube-1.9.2-0.x86_64.rpm Usually this leads to a warning from the web browser, and then another one from the pkg installer... So in that sense it will be the same as the Mac and Win experience, outside their "walled gardens":
They will also have to repeat the process for every minor version, since there is no update/upgrade. |
|
Now it is blocked in the Ubuntu Software as well, so users will need to use the Terminal... Still works in Fedora, but not sure for how long. It is possible that they will move to Flathub. It is getting harder and harder to distribute software, especially without being able to sign it. * Like Homebrew for Mac and Chocolatey for Win Might have to find something similar for Linux as well... |
|
any update on this issue ? |
|
Can we close this ? It's obviously not going anywhere, and minikube is not in of the upstream release or even a "supported" kubeadm distribution.
Until we have fixed the issues with all other package managers, I guess the users are back to |
|
I believe this is still something we should aim for, though ultimately, I agree that the goal is to ensure that the minikube .deb & .rpm packages are hosted somewhere that supports an automated update mechanism. If we have to create our own repo, it'll just take longer to achieve. Shared infra for package hosting would be wonderful. |
|
We also have the choice of removing the installations. Basically, removing all these installers and then just maintaining the script based installation like Anders has mentioned above. For Windows, we could switch exclusively to |
a.k.a. "give up" Ultimately this comes down to how we want users to install and update minikube. Currently, the process is quite awful. Currently using LinuxBrew is actually a nicer experience for doing the installation, than the system package manager... We should probably just close these improvement issues... And have the user use the command-line forever to install them, without the package signing and the automatic updates. For next release we want to start promoting the arm64 binaries and packages, in addition to the existing amd64 binaries. https://github.com/kubernetes/minikube/releases/download/v1.16.0/minikube_1.16.0-0_amd64.deb https://github.com/kubernetes/minikube/releases/download/v1.16.0/minikube-1.16.0-0.x86_64.rpm Using apt and yum would have fixed this too, automatically. |
It is not a good look to your users for a project of this scale and large scale backing to conclude it is unable to stand up a simple pair of apt & yum repositories. I understand that things are complicated, esp. when dealing with large enterprises & code signing systems there, but having a cloud hosting technology project give up on ... setting up cloud hosting is incredibly bad optics.
Maybe if you already use LinuxBrew. If you don't, asking users to install a new package manager just to install your one package is still pretty awful, esp. when they may already be annoyed by having to have 3-4 other package managers already installed as part of their distro (apt/yum, snap, flatpak, ...)
Lots of open source projects leverage that and similar services for this purpose. If getting things hooked up with the Google processes is going to be slow, using that as at least an intermediate solution seems completely reasonable to me as a user. My only question would be whether minikube fits within the 1TB/month download quota they have, but a quick skim through https://api.github.com/repos/kubernetes/minikube/releases suggests that this project would be well within those limits. |
I meant that the experience for users using If it had a reasonable amount of effort to add the repository and required keys, then it would compare... Other than that, there is no way to compare - without getting minikube accepted into all the distributions. For the time being, promoting the binary as the default distribution method seems to be the "easiest". |
This is, at best, an extremely misleading statement
|
Check out how Chrome, VS-Code, and many other "third party" apps do this. The package itself has a post-install script which handles adding the repo, and a crontab to ensure the repo config is kept up to date. The user only needs to download and install the package ones, and thereafter the OS-driven regular system updates keep it up to date. 🎉 |
I meant that you have to 1) download the package file yourself and 2) run a command on the file. I think you are right that we could use |
Most users will have a DE installed and they'll just be able to (double) click to open the downloaded package which will open it in a graphical package manager with a nice big "install" button, or so I would think. That's certainly how things work on Gnome-ish systems, I'm assuming KDE behaves similarly.
Definitely agree this is preferred ... my earlier notes were more than the one-time install can configure the repo for a user automatically, so the complex steps you linked from the main kubernetes installation instructions are not necessarily something a user has to do themselves.
Why? It works here. Granted I'm a terminal person so I don't use that capability, but it does work on my system. The |
|
The feature was disabled in Ubuntu 20.04, in order to promote the Ubuntu Software app store... It used to work like you say. We have similar issues with the Mac and Win downloads not working. |
|
Aah, I wasn't aware of that change in Ubuntu. Seems rather user-hostile, which ... well that's part of why I use Debian :) At any rate, if the package post-install script can setup the apt/yum repo, then the user would only need to do the CLI steps once, which would be a big improvement :) |
Getting the software accepted into Debian is a much longer journey, especially with the insane amount of dependencies. For other distributions we get away with static linking and providing binaries, but that's just not the way that Debian rolls. Not that I think that anyone actually tried (to add minikube) ? |
Yes, was not suggesting trying to get this accepted into Debian, just that the type of user-hostile change you described from Ubuntu is why I don't use Ubuntu. |
And of course the Snap wasn't updated either, because they were promoting Microk8s instead. 🙄 So in the end we ended up deleting it (put it out of its misery). See Which might be the way to "fix" the .deb and .rpm installations as well. Instead of fighting windmills. The actual binary is the same either way, so we will just focus on producing those - "upstream". |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
k8s-ci-robot
added
the
lifecycle/stale
|
While I still feel like minikube (as well as kubectl or other command-line utilities) should have an apt/yum repository to support automatic upgrades, it's clear that this request isn't going anywhere, so I'm going to close it for now. I believe the right path going forward will be for minikube to establish its own repository. |
|
@tstromberg if you want to use any GCP assets for your own repository, do please ask in kubernetes/k8s.io and we'll figure out a way to support you. |
|
Another request: https://kubernetes.slack.com/archives/CJH2GBF7Y/p1647903600618439 |
|
@klaases we already gave up on this |
Hello!
We (minikube) would like to publish our .deb and .rpm packages to the official Kubernetes repositories as part of our release process. How do we get started?
Currently our release scripts publish to a Google Storage bucket:
https://github.com/kubernetes/minikube/blob/551b164017d2649a3857facb79ba80d00569fa18/hack/jenkins/release_build_and_upload.sh#L45
The text was updated successfully, but these errors were encountered: