kubernetes: 1.9.7 -> 1.10.3 #41073
kubernetes: 1.9.7 -> 1.10.3 #41073
Conversation
As shipped with k8s 1.10.3. Also: - updated the definition jsons as they are distributed in k8s. - updated the image uris as they are renamed in k8s - added imageDigest param as per 7368487
As shipped with k8s 1.10.3. Also: - updated the definition jsons as they are distributed in k8s. - updated the image uris as they are renamed in k8s - added imageDigest param as per 7368487
VMs were starving, many of the daemons were unable to complete their tasks resulting in tests failures. Turned off verbose output from k8s components as it consumes even more resources, and useful error messages actually drown in debug-clutter
GrahamcOfBorg
added
6.topic: nixos
| }; | ||
|
|
||
| # go > 1.10 should be fixed by https://github.com/kubernetes/kubernetes/pull/60373 | ||
| # go > 1.10 should be fixed by https://github.com/kubernetes/kubernetes/pull/60597 |
There was a problem hiding this comment.
This looks like it's already merged, but I think we should follow whichever version kube is built with upstream, which appears to be 1.9.3. Is there any place where this information is located that we can link to instead? Maybe the changelog?
There was a problem hiding this comment.
According to https://github.com/kubernetes/community/blob/master/contributors/devel/development.md, minimum Golang version required for 1.10 is v1.9.1. And the official version states in External Dependencies for kubernetes 1.10 is v1.9.3: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.10.md
There was a problem hiding this comment.
Let's link to the External Dependencies instead then.
| @@ -339,9 +370,9 @@ in { | |||
| type = types.str; | |||
| }; | |||
|
|
|||
| admissionControl = mkOption { | |||
| enableAdmissionPlugins = mkOption { | |||
There was a problem hiding this comment.
What change does this require a user of admissionControl to make? If any, this should be documented in the release notes for 18.09
| @@ -113,8 +134,8 @@ in { | |||
| }; | |||
| spec = { | |||
| ports = [{ | |||
| port = 80; | |||
| targetPort = 9090; | |||
| port = 443; | |||
There was a problem hiding this comment.
These port changes look like changes to user-facing behaviour, is that right? If so, we need a release notes for it at the very least.
There was a problem hiding this comment.
Yes, the ports changed upstream, so I chose to update them in our manifest
|
I've built and run the tests on NixOS. Looks good! 👍 |
|
Well done @johanot, do you need any further help? |
|
I am mostly curious whether anyone is using kubernetes on NixOS in production, since the existence of a module is not the same as a production version module. In general, some kind of meta-data on services like "experimental" or "just a toy" or "used in a national lab" would be useful. |
|
@srhb Please review latest commit, when you have time :) |
GrahamcOfBorg
added
8.has: changelog
8.has: documentation
| @@ -108,7 +108,7 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull' | |||
| <para> | |||
| <literal>gnucash</literal> has changed from version 2.4 to 3.x. | |||
| If you've been using <literal>gnucash</literal> (version 2.4) instead of | |||
| <literal>gnucash26</literal> (version 2.6) you must open your Gnucash | |||
| <literal>gnucash26</literal> (version 2.6) you must open your Gnucash | |||
There was a problem hiding this comment.
No touchy the whitespace of other people! :P
There was a problem hiding this comment.
@srhb now undone! :P
- Added information regarding breaking changes to release note for 18.09 - Changed golang version comment in kubernetes package - Added @johanot to maintainers list
|
I think this is very good quality and quite sufficient for inclusion. :) |
| } // (optionalAttrs cfg.enableRBAC { | ||
| kubernetes-dashboard-crb = { | ||
| apiVersion = "rbac.authorization.k8s.io/v1beta1"; | ||
| apiVersion = "rbac.authorization.k8s.io/v1"; |
There was a problem hiding this comment.
v1 is repeated in at least two places. Please introduce a variable and use that instead of using the same constant twice.
| @@ -59,7 +59,7 @@ in { | |||
|
|
|||
| services.kubernetes.addonManager.addons = { | |||
| kubedns-deployment = { | |||
| apiVersion = "apps/v1beta1"; | |||
| apiVersion = "extensions/v1beta1"; | |||
There was a problem hiding this comment.
Same comment for a beta version.
| </listitem> | ||
| <listitem> | ||
| <para> | ||
| Recommented way to access the Kubernetes Dashboard is with HTTPS (TLS) |
There was a problem hiding this comment.
- t -> d (must have)
- with -> via (nice to have)
and perhaps specify a complete URL to access the kubernetes dashboard, if possible.(wish list)
There was a problem hiding this comment.
Will fix the typo in an upcoming PR. Thanks :-)
| containers = [{ | ||
| name = "kubernetes-dashboard"; | ||
| image = "${name}:${version}"; | ||
| ports = [{ | ||
| containerPort = 9090; | ||
| containerPort = 8443; |
There was a problem hiding this comment.
8443 is repeated in multiple places.
| }; | ||
| args = [ | ||
| "--v=2" | ||
| "--logtostderr" |
There was a problem hiding this comment.
Motivation for logging to stderr is missing. For production services, I almost never want to do that.
There was a problem hiding this comment.
It's customnary in Docker containers: logs are then managed using logging drivers and aggregated using dedicated services. The alternative would be for the spawned process to write to files (as there's probably no logging daemon running in the container), but that approach brings up the issue of using a PersistentVolume just for the logs, which is far more invasive as a choice, in my opinion.
There was a problem hiding this comment.
@coretemp No personal preferences involved here. The yaml manifest is a copy of the upstream kube-dns manifest at: https://github.com/kubernetes/kubernetes/blob/release-1.10/cluster/addons/dns/kube-dns.yaml.base. A possible future improvement to the dns submodule could be to add more options for making these things configurable. For now though, I think it's perfectly fine to ship the upstream defaults.
| }; | ||
| args = [ | ||
| "--v=2" |
There was a problem hiding this comment.
If this is a verbosity level it should have a comment. The numeric value could instead be a named constant saying something about the verbosity level.
|
@coretemp Thank you for your comments in general. In a couple of weeks (probably) I'll be submitting a few minor improvements to the kubernetes modules in a new PR. Will bear your considerations in mind then. |
|
@johanot ! Somehow I missed this PR completely... Thank you for this! 🎉 |
Motivation for this change
Update kubernetes module and package to 1.10.X.
This PR is a cleaned and rebased version of latest cherry-picks to #38445
This PR also updates kube-dns and kube-dashboard addons to latest versions:
kube-dns: 1.14.4 -> 1.14.10
kube-dashboard: 1.8.2 -> 1.8.3
Things done
build-use-sandboxinnix.confon non-NixOS)nix-shell -p nox --run "nox-review wip"./result/bin/)