Page MenuHomePhabricator
Create Task
Maniphest T369164

toolforge: review k8s API usage by custom components for 1.25 upgrade
Closed, ResolvedPublic
Actions

Description

With the Toolforge kubernetes 1.25 upgrade, some k8s API extension may have been deprecated, or changed names. We should review how we use them, or if changes are required for our custom components:

  • jobs-api
  • builds-api
  • builds-builder
  • envvars-api
  • custom admission controllers
  • tools-webservice

See also this useful dashboard: https://grafana.wmcloud.org/d/dVVFcEAVz/deprecated-kubernetes-api-calls?orgId=1&var-cluster=prometheus-tools&var-versions=1.25&from=now-2d&to=now

Details

Related Changes in GitLab:
TitleReferenceAuthorSource BranchDest Branch
envvars-admission: bump to 0.0.13-20240711114848-774571d5repos/cloud/toolforge/toolforge-deploy!409ghostbump_envvars-admissionmain
deployment: drop PSP referencesrepos/cloud/toolforge/envvars-admission!6aborreroarturo-326-deployment-drop-pspmain
builds-builder: bump to 0.0.109-20240708090642-a7a583cbrepos/cloud/toolforge/toolforge-deploy!398ghostbump_builds-buildermain
tekton: update apiVersion to autoscaling/v2repos/cloud/toolforge/builds-builder!50sstefanovaslavina/update-apiVersionmain
Customize query in GitLab

Related Objects
Search...

Event Timeline

aborrero created this task.Jul 3 2024, 12:48 PM
Restricted Application removed a subscriber: taavi. · View Herald TranscriptJul 3 2024, 12:48 PM
aborrero updated the task description. (Show Details)Jul 3 2024, 12:49 PM
Slst2020 updated the task description. (Show Details)Jul 5 2024, 1:21 PM
Slst2020 added a comment.Jul 5 2024, 1:29 PM

builds-builder currently fails to deploy in lima-kilo with k8s 1.25.

deployment/chart/templates/tekton-pipelines.yaml.gotmpl:apiVersion: autoscaling/v2beta1 seems to be the deprecated api. autoscaling/v2 would to be the current one.

CodeReviewBot added a project: Patch-For-Review.Jul 5 2024, 1:38 PM

sstefanova opened https://gitlab.wikimedia.org/repos/cloud/toolforge/builds-builder/-/merge_requests/50

tekton: update apiVersion to autoscaling/v2

CodeReviewBot added a comment.Jul 8 2024, 9:06 AM

sstefanova merged https://gitlab.wikimedia.org/repos/cloud/toolforge/builds-builder/-/merge_requests/50

tekton: update apiVersion to autoscaling/v2

CodeReviewBot added a comment.Jul 8 2024, 9:07 AM

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/398

builds-builder: bump to 0.0.109-20240708090642-a7a583cb

aborrero moved this task from Backlog to Next on the User-aborrero board.Jul 8 2024, 9:36 AM
CodeReviewBot added a comment.Jul 8 2024, 12:06 PM

sstefanova merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/398

builds-builder: bump to 0.0.109-20240708090642-a7a583cb

Slst2020 changed the task status from Open to In Progress.Jul 8 2024, 3:15 PM
Slst2020 moved this task from Next Up to In Progress on the Toolforge (Toolforge iteration 12) board.
Maintenance_bot removed a project: Patch-For-Review.Jul 9 2024, 8:26 PM
Slst2020 updated the task description. (Show Details)Jul 10 2024, 5:30 AM
Slst2020 added a comment.Jul 10 2024, 5:47 AM

@aborrero should this be removed now that PSP is gone?

[~/repos/work/toolforge/envvars-admission (main)] % cat deployment/chart/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: envvars-admission-psp
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: privileged-psp
subjects:
  - kind: ServiceAccount
    name: default
    namespace: "{{ .Release.Namespace }}"
aborrero added a comment.Jul 10 2024, 8:28 AM
In T369164#9968083, @Slst2020 wrote:

@aborrero should this be removed now that PSP is gone?

[~/repos/work/toolforge/envvars-admission (main)] % cat deployment/chart/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: envvars-admission-psp
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: privileged-psp
subjects:
  - kind: ServiceAccount
    name: default
    namespace: "{{ .Release.Namespace }}"

yes, I missed that one as part of T368142: Toolforge: drop PodSecurityPolicy

Slst2020 added a comment.EditedJul 10 2024, 9:11 AM
In T369164#9968243, @aborrero wrote:

yes, I missed that one as part of T368142: Toolforge: drop PodSecurityPolicy

are you on it or should I go ahead and remove it?

aborrero moved this task from Next to Doing on the User-aborrero board.Jul 11 2024, 11:24 AM
CodeReviewBot added a project: Patch-For-Review.Jul 11 2024, 11:28 AM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/toolforge/envvars-admission/-/merge_requests/6

deployment: drop PSP references

CodeReviewBot added a comment.Jul 11 2024, 11:38 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/envvars-admission/-/merge_requests/6

deployment: drop PSP references

CodeReviewBot added a comment.Jul 11 2024, 11:51 AM

project_1317_bot_df3177307bed93c3f34e421e26c86e38 opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/409

envvars-admission: bump to 0.0.13-20240711114848-774571d5

CodeReviewBot added a comment.Jul 11 2024, 11:55 AM

aborrero merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/409

envvars-admission: bump to 0.0.13-20240711114848-774571d5

Maintenance_bot removed a project: Patch-For-Review.Jul 11 2024, 12:30 PM
aborrero closed this task as Resolved.Jul 12 2024, 1:03 PM
dcaro moved this task from In Progress to Done on the Toolforge (Toolforge iteration 12) board.Jul 16 2024, 1:20 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits