fix: Maintain feature gate ValidatingAdmissionPolicy as removed with Kubernetes v1.32
#12643
Conversation
…Kubernetes v1.32 Co-authored-by: Luca Bernstein <luca.bernstein@sap.com>
|
/cherry-pick release-v1.124 |
|
/cherry-pick release-v1.123 |
|
@vpnachev: once the present PR merges, I will cherry-pick it on top of release-v1.124 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@vpnachev: once the present PR merges, I will cherry-pick it on top of release-v1.123 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/cherry-pick release-v1.122 |
|
@vpnachev: once the present PR merges, I will cherry-pick it on top of release-v1.122 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
Release note?? |
| @@ -299,7 +299,7 @@ var featureGateVersionRanges = map[string]*FeatureGateVersionRange{ | |||
| "UserNamespacesPodSecurityStandards": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}}, | |||
| "UserNamespacesStatelessPodsSupport": {VersionRange: versionutils.VersionRange{RemovedInVersion: "1.28"}}, | |||
| "UserNamespacesSupport": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.28"}}, | |||
| "ValidatingAdmissionPolicy": {LockedValue: true, LockedToDefaultInVersion: "1.30"}, | |||
| "ValidatingAdmissionPolicy": {LockedValue: true, LockedToDefaultInVersion: "1.30", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.32"}}, | |||
There was a problem hiding this comment.
Don't we need to maintain also AddedInVersion?
There was a problem hiding this comment.
We only maintain this field if we need to ensure a lower Kubernetes version constraint (as can be seen in line 300 above the change).
The feature gate has been added with Kubernetes v1.26 (ref).
There was a problem hiding this comment.
I see that it is not very consistent at the moment. @shafeeqes also concluded the same #12486 (comment).
I prefer maintaining the versions despite that they the corresponding Kubernetes versions are no longer supported by Gardener. It makes it obvious to the reader when the feature gate was added and we make sure that we don't miss to maintain it.
Anyways, let's do not block this PR because of this. We can agree outside of this PR and write down the agreement/convention.
There was a problem hiding this comment.
Based on a gut feeling, I'd probably also prefer a more consistent approach. As you've said, we didn't want to pollute this PR with changing other feature gate definitions as well.
@ialidzhikov we were debating whether to add a release note or not. It's added now, thanks :) |
Thanks! We are cherry-picking the fix, hence it deserve a release note IMO. :) |
|
/test pull-gardener-integration |
|
LGTM label has been added. Git tree hash: f70fdb030f98fbbc4dcdf17c2d27d979017b1d92
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ialidzhikov, LucaBernstein The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@vpnachev: new pull request created: #12645 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@vpnachev: new pull request created: #12646 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@vpnachev: #12643 failed to apply on top of branch "release-v1.122": In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
…Kubernetes v1.32 (gardener#12643) Co-authored-by: Luca Bernstein <luca.bernstein@sap.com> (cherry picked from commit 08919f0)
…Kubernetes v1.32 (gardener#12643) Co-authored-by: Luca Bernstein <luca.bernstein@sap.com> (cherry picked from commit 08919f0)
…Kubernetes v1.32 (gardener#12643) Co-authored-by: Luca Bernstein <luca.bernstein@sap.com>
How to categorize this PR?
/area usability quality
/kind bug
What this PR does / why we need it:
This PR maintains the feature gate
ValidatingAdmissionPolicyas removed with Kubernetes v1.32.Otherwise, the
kube-apiservercrashes when trying to enable this feature gate with Kubernetes versions >= v1.32.Which issue(s) this PR fixes:
Follow-up to: #11020
Special notes for your reviewer:
/cc @LucaBernstein @vpnachev
Thanks for bringing this to our attention @vpnachev! 🙏
We sanity checked the list of added and removed feature gates in the Kubernetes version v1.32 against the code, but did not identify further issues.
Release note: