Kubernetes Conformance 1.24 + 1.25
Hello All! First of all, I want to say a huge thanks to Guilherme Steinmuller for all his help ensuring that OpenStack Magnum remains Kubernetes Certified [1]! We are certified for v1.24! However, in digging into the set of conformance tests this round, it appears that we will not be able to get 1.25 certified with the current Magnum. This means that in May when we have to re-cert (every 3 months they reach an EOL because that's k8s release cadence) we will not be able to maintain this which is the other part of why I wanted to write this email - to raise awareness and ask for help digging into what needs to happen to make sure we can retain this. Tangentially related, Guilherme has posted a patch with documentation for how to run the conformance tests for yourself and it could use some reviews [2]. And one last thing, I have begun conversation with the opendev folks about what it might take to setup jobs to run the conformance tests periodically so that we don't have to manually run them when it's time to recert. I am planning on submitting a forum topic for this for those interested :) Long live LOKI! - Kendall Nelson [1] https://github.com/cncf/k8s-conformance/pull/2446 [2] https://review.opendev.org/c/openstack/magnum/+/849156
On 2023-02-13 13:53:00 -0600 (-0600), Kendall Nelson wrote: [...]
And one last thing, I have begun conversation with the opendev folks about what it might take to setup jobs to run the conformance tests periodically so that we don't have to manually run them when it's time to recert. I am planning on submitting a forum topic for this for those interested :) [...]
I'm happy to join and help talk through the job configuration you'd need for that. -- Jeremy Stanley
Woohoo! Thank you fungi! Assuming it gets accepted of course. -Kendall On Mon, Feb 13, 2023 at 2:06 PM Jeremy Stanley <fungi@yuggoth.org> wrote:
On 2023-02-13 13:53:00 -0600 (-0600), Kendall Nelson wrote: [...]
And one last thing, I have begun conversation with the opendev folks about what it might take to setup jobs to run the conformance tests periodically so that we don't have to manually run them when it's time to recert. I am planning on submitting a forum topic for this for those interested :) [...]
I'm happy to join and help talk through the job configuration you'd need for that. -- Jeremy Stanley
On 14/02/23 08:53, Kendall Nelson wrote:
Hello All!
First of all, I want to say a huge thanks to Guilherme Steinmuller for all his help ensuring that OpenStack Magnum remains Kubernetes Certified [1]! We are certified for v1.24!
However, in digging into the set of conformance tests this round, it appears that we will not be able to get 1.25 certified with the current Magnum. This means that in May when we have to re-cert (every 3 months they reach an EOL because that's k8s release cadence) we will not be able to maintain this which is the other part of why I wanted to write this email - to raise awareness and ask for help digging into what needs to happen to make sure we can retain this.
Tangentially related, Guilherme has posted a patch with documentation for how to run the conformance tests for yourself and it could use some reviews [2]. And one last thing, I have begun conversation with the opendev folks about what it might take to setup jobs to run the conformance tests periodically so that we don't have to manually run them when it's time to recert. I am planning on submitting a forum topic for this for those interested :)
Long live LOKI! - Kendall Nelson
[1] https://github.com/cncf/k8s-conformance/pull/2446 [2] https://review.opendev.org/c/openstack/magnum/+/849156
Hi Kendall, I have submitted Kubernetes Conformance tests for 1.24[1] and 1.25[2] for Catalyst Cloud, which is Openstack Magnum (Wallaby, with several backports). I've submitted the required changes upstream to Magnum for a few fixes, including Calico, containerd and Fedora CoreOS 37 support. Do you know which tests are currently failing for 1.25? Perhaps there are some changes we've not submitted yet, or a differing Magnum template. cheers, Dale [1] https://github.com/cncf/k8s-conformance/pull/2388 [2] https://github.com/cncf/k8s-conformance/pull/2414
On 14/2/2023 6:53 am, Kendall Nelson wrote:
Hello All!
First of all, I want to say a huge thanks to Guilherme Steinmuller for all his help ensuring that OpenStack Magnum remains Kubernetes Certified [1]! We are certified for v1.24!
Wow great work Guilherme Steinmuller! - Jake
Hi everyone! Dale, thanks for your comments here. I no longer have my devstack which I tested v1.25. However, you pointed out something I haven't noticed: for v1.25 I tried using the fedora coreos that is shipped with devstack, which is f36. I will try to reproduce it again, but now using a newer fedora coreos. If it fails, I will be happy to share my results here for us to figure out and get certified for 1.25! Keep in tune! Thank you, Guilherme Steinmuller On Tue, Feb 14, 2023 at 9:26 AM Jake Yip <jake.yip@ardc.edu.au> wrote:
On 14/2/2023 6:53 am, Kendall Nelson wrote:
Hello All!
First of all, I want to say a huge thanks to Guilherme Steinmuller for all his help ensuring that OpenStack Magnum remains Kubernetes Certified [1]! We are certified for v1.24!
Wow great work Guilherme Steinmuller!
- Jake
Hi Guilherme Steinmuller, Is the issue with 1.25 the removal of PodSecurityPolicy? And that there are pieces of PSP in Magnum code. I've been trying to remove it. Regards, Jake On 14/2/2023 11:35 pm, Guilherme Steinmüller wrote:
Hi everyone!
Dale, thanks for your comments here. I no longer have my devstack which I tested v1.25. However, you pointed out something I haven't noticed: for v1.25 I tried using the fedora coreos that is shipped with devstack, which is f36.
I will try to reproduce it again, but now using a newer fedora coreos. If it fails, I will be happy to share my results here for us to figure out and get certified for 1.25!
Keep in tune!
Thank you, Guilherme Steinmuller
On Tue, Feb 14, 2023 at 9:26 AM Jake Yip <jake.yip@ardc.edu.au <mailto:jake.yip@ardc.edu.au>> wrote:
On 14/2/2023 6:53 am, Kendall Nelson wrote: > Hello All! > > First of all, I want to say a huge thanks to Guilherme Steinmuller for > all his help ensuring that OpenStack Magnum remains Kubernetes Certified > [1]! We are certified for v1.24! > Wow great work Guilherme Steinmuller!
- Jake
Hi Jake, Yeah, that could be it. On devstack magnum master, the kube-apiserver pod fails to start with rancher 1.25 hyperkube image with: Feb 14 20:24:06 k8s-cluster-dgpwfkugdna5-master-0 conmon[119164]: E0214 20:24:06.615919 1 run.go:74] "command failed" err="admission-control plugin \"PodSecurityPolicy\" is unknown" Regards, Guilherme Steinmuller On Tue, Feb 14, 2023 at 10:03 AM Jake Yip <jake.yip@ardc.edu.au> wrote:
Hi Guilherme Steinmuller,
Is the issue with 1.25 the removal of PodSecurityPolicy? And that there are pieces of PSP in Magnum code. I've been trying to remove it.
Regards, Jake
On 14/2/2023 11:35 pm, Guilherme Steinmüller wrote:
Hi everyone!
Dale, thanks for your comments here. I no longer have my devstack which I tested v1.25. However, you pointed out something I haven't noticed: for v1.25 I tried using the fedora coreos that is shipped with devstack, which is f36.
I will try to reproduce it again, but now using a newer fedora coreos. If it fails, I will be happy to share my results here for us to figure out and get certified for 1.25!
Keep in tune!
Thank you, Guilherme Steinmuller
On Tue, Feb 14, 2023 at 9:26 AM Jake Yip <jake.yip@ardc.edu.au <mailto:jake.yip@ardc.edu.au>> wrote:
On 14/2/2023 6:53 am, Kendall Nelson wrote: > Hello All! > > First of all, I want to say a huge thanks to Guilherme Steinmuller for > all his help ensuring that OpenStack Magnum remains Kubernetes Certified > [1]! We are certified for v1.24! > Wow great work Guilherme Steinmuller!
- Jake
Circling back to this thread- Thanks Jake for getting this rolling! https://review.opendev.org/c/openstack/magnum/+/874092 -Kendall On Wed, Feb 15, 2023 at 6:34 AM Guilherme Steinmüller < gsteinmuller@vexxhost.com> wrote:
Hi Jake,
Yeah, that could be it.
On devstack magnum master, the kube-apiserver pod fails to start with rancher 1.25 hyperkube image with:
Feb 14 20:24:06 k8s-cluster-dgpwfkugdna5-master-0 conmon[119164]: E0214 20:24:06.615919 1 run.go:74] "command failed" err="admission-control plugin \"PodSecurityPolicy\" is unknown"
Regards, Guilherme Steinmuller
On Tue, Feb 14, 2023 at 10:03 AM Jake Yip <jake.yip@ardc.edu.au> wrote:
Hi Guilherme Steinmuller,
Is the issue with 1.25 the removal of PodSecurityPolicy? And that there are pieces of PSP in Magnum code. I've been trying to remove it.
Regards, Jake
On 14/2/2023 11:35 pm, Guilherme Steinmüller wrote:
Hi everyone!
Dale, thanks for your comments here. I no longer have my devstack which I tested v1.25. However, you pointed out something I haven't noticed: for v1.25 I tried using the fedora coreos that is shipped with devstack, which is f36.
I will try to reproduce it again, but now using a newer fedora coreos. If it fails, I will be happy to share my results here for us to figure out and get certified for 1.25!
Keep in tune!
Thank you, Guilherme Steinmuller
On Tue, Feb 14, 2023 at 9:26 AM Jake Yip <jake.yip@ardc.edu.au <mailto:jake.yip@ardc.edu.au>> wrote:
On 14/2/2023 6:53 am, Kendall Nelson wrote: > Hello All! > > First of all, I want to say a huge thanks to Guilherme Steinmuller for > all his help ensuring that OpenStack Magnum remains Kubernetes Certified > [1]! We are certified for v1.24! > Wow great work Guilherme Steinmuller!
- Jake
Hey there! I am trying to run conformance against 1.25 and 1.26 now, but it looks like we are still with this ongoing? https://review.opendev.org/c/openstack/magnum/+/874092 Im still facing issues to create the cluster due to "PodSecurityPolicy\" is unknown. Thank you, Guilherme Steinmuller ________________________________ From: Kendall Nelson <kennelson11@gmail.com> Sent: 21 February 2023 17:38 To: Guilherme Steinmüller <gsteinmuller@vexxhost.com> Cc: Jake Yip <jake.yip@ardc.edu.au>; OpenStack Discuss <openstack-discuss@lists.openstack.org>; dale@catalystcloud.nz <dale@catalystcloud.nz> Subject: Re: Kubernetes Conformance 1.24 + 1.25 Circling back to this thread- Thanks Jake for getting this rolling! https://review.opendev.org/c/openstack/magnum/+/874092 -Kendall On Wed, Feb 15, 2023 at 6:34 AM Guilherme Steinmüller <gsteinmuller@vexxhost.com<mailto:gsteinmuller@vexxhost.com>> wrote: Hi Jake, Yeah, that could be it. On devstack magnum master, the kube-apiserver pod fails to start with rancher 1.25 hyperkube image with: Feb 14 20:24:06 k8s-cluster-dgpwfkugdna5-master-0 conmon[119164]: E0214 20:24:06.615919 1 run.go:74] "command failed" err="admission-control plugin \"PodSecurityPolicy\" is unknown" Regards, Guilherme Steinmuller On Tue, Feb 14, 2023 at 10:03 AM Jake Yip <jake.yip@ardc.edu.au<mailto:jake.yip@ardc.edu.au>> wrote: Hi Guilherme Steinmuller, Is the issue with 1.25 the removal of PodSecurityPolicy? And that there are pieces of PSP in Magnum code. I've been trying to remove it. Regards, Jake On 14/2/2023 11:35 pm, Guilherme Steinmüller wrote:
Hi everyone!
Dale, thanks for your comments here. I no longer have my devstack which I tested v1.25. However, you pointed out something I haven't noticed: for v1.25 I tried using the fedora coreos that is shipped with devstack, which is f36.
I will try to reproduce it again, but now using a newer fedora coreos. If it fails, I will be happy to share my results here for us to figure out and get certified for 1.25!
Keep in tune!
Thank you, Guilherme Steinmuller
On Tue, Feb 14, 2023 at 9:26 AM Jake Yip <jake.yip@ardc.edu.au<mailto:jake.yip@ardc.edu.au> <mailto:jake.yip@ardc.edu.au<mailto:jake.yip@ardc.edu.au>>> wrote:
On 14/2/2023 6:53 am, Kendall Nelson wrote: > Hello All! > > First of all, I want to say a huge thanks to Guilherme Steinmuller for > all his help ensuring that OpenStack Magnum remains Kubernetes Certified > [1]! We are certified for v1.24! > Wow great work Guilherme Steinmuller!
- Jake
Hello! Wanted to revive this thread since our conformance for magnum is past expiration now. Looks like the patch has landed but I think there is more work required in the driver to be able to pass the tests. I am sure a lot of folks are busy with summit prep, I just wanted to make sure this was still on everyone's radar. -Kendall On Fri, May 5, 2023 at 1:03 PM Guilherme Steinmüller < gsteinmuller@vexxhost.com> wrote:
Hey there!
I am trying to run conformance against 1.25 and 1.26 now, but it looks like we are still with this ongoing? https://review.opendev.org/c/openstack/magnum/+/874092
Im still facing issues to create the cluster due to "PodSecurityPolicy\" is unknown.
Thank you, Guilherme Steinmuller ------------------------------ *From:* Kendall Nelson <kennelson11@gmail.com> *Sent:* 21 February 2023 17:38 *To:* Guilherme Steinmüller <gsteinmuller@vexxhost.com> *Cc:* Jake Yip <jake.yip@ardc.edu.au>; OpenStack Discuss < openstack-discuss@lists.openstack.org>; dale@catalystcloud.nz < dale@catalystcloud.nz> *Subject:* Re: Kubernetes Conformance 1.24 + 1.25
Circling back to this thread-
Thanks Jake for getting this rolling! https://review.opendev.org/c/openstack/magnum/+/874092
-Kendall
On Wed, Feb 15, 2023 at 6:34 AM Guilherme Steinmüller < gsteinmuller@vexxhost.com> wrote:
Hi Jake,
Yeah, that could be it.
On devstack magnum master, the kube-apiserver pod fails to start with rancher 1.25 hyperkube image with:
Feb 14 20:24:06 k8s-cluster-dgpwfkugdna5-master-0 conmon[119164]: E0214 20:24:06.615919 1 run.go:74] "command failed" err="admission-control plugin \"PodSecurityPolicy\" is unknown"
Regards, Guilherme Steinmuller
On Tue, Feb 14, 2023 at 10:03 AM Jake Yip <jake.yip@ardc.edu.au> wrote:
Hi Guilherme Steinmuller,
Is the issue with 1.25 the removal of PodSecurityPolicy? And that there are pieces of PSP in Magnum code. I've been trying to remove it.
Regards, Jake
On 14/2/2023 11:35 pm, Guilherme Steinmüller wrote:
Hi everyone!
Dale, thanks for your comments here. I no longer have my devstack which I tested v1.25. However, you pointed out something I haven't noticed: for v1.25 I tried using the fedora coreos that is shipped with devstack, which is f36.
I will try to reproduce it again, but now using a newer fedora coreos. If it fails, I will be happy to share my results here for us to figure out and get certified for 1.25!
Keep in tune!
Thank you, Guilherme Steinmuller
On Tue, Feb 14, 2023 at 9:26 AM Jake Yip <jake.yip@ardc.edu.au <mailto:jake.yip@ardc.edu.au>> wrote:
On 14/2/2023 6:53 am, Kendall Nelson wrote: > Hello All! > > First of all, I want to say a huge thanks to Guilherme Steinmuller for > all his help ensuring that OpenStack Magnum remains Kubernetes Certified > [1]! We are certified for v1.24! > Wow great work Guilherme Steinmuller!
- Jake
participants (5)
-
Dale Smith
-
Guilherme Steinmüller
-
Jake Yip
-
Jeremy Stanley
-
Kendall Nelson