Bump K8s dependencies to v0.28.4 and set K8s min-version to 1.27

[ReToCode]

Changes

• Bump K8s dependencies to v0.28.4 and set K8s min-version to 1.27

Fixes #2902

Release Note

The minimal required kubernetes version to use `knative/pkg` is now v1.27.0

/assign @dprotaso

[knative-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ReToCode

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ReToCode]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (9386ad6) 81.82% compared to head (dc293ad) 81.80%.
Report is 6 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2904      +/-   ##
==========================================
- Coverage   81.82%   81.80%   -0.03%     
==========================================
  Files         167      167              
  Lines       10231    10231              
==========================================
- Hits         8372     8369       -3     
- Misses       1612     1614       +2     
- Partials      247      248       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ReToCode]

Issues are related to:
knative/hack#336 and knative/hack#335

[ReToCode]

According to the discussion in slack, we can directly use go run instead of using the K8s script. We already did this a few lines below, not sure why the script was called in the first place. The last commit was tested with:

find apis/duck -name "zz_generated.deepcopy.go" -delete 
rm -rf client/injection
hack/update-codegen.sh
git diff
# shows no differences

[dprotaso]

hey sorry @ReToCode a update-deps merged - can you rebase?

[ReToCode]

Not sure what is happening with the codegen:

Found diffs in: third_party/VENDOR-LICENSE/golang.org/x/sys/unix/LICENSE
fatal: ambiguous argument 'third_party/VENDOR-LICENSE/golang.org/x/sys/unix/LICENSE': unknown revision or path not in the working tree.
Use '--' to separate paths from revisions, like this:
'git <command> [<revision>...] -- [<file>...]'
Error: Please run ./hack/update-codegen.sh.

knative/pkg is out of date. Please run hack/update-codegen.sh
Error: Process completed with exit code 1.

When I run it locally:

Diffing /Users/rlehmann/code/knative/pkg against freshly generated codegen
/Users/rlehmann/code/knative/pkg up to date.

[dprotaso]

When I run ./hack/update-codegen.sh in Linux (Ubuntu docker container) I see the diff

git status
On branch bump-min-k8s
Your branch is up to date with 'origin/bump-min-k8s'.

Changes not staged for commit:
  (use "git add/rm <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
	deleted:    third_party/VENDOR-LICENSE/golang.org/x/sys/unix/LICENSE

Untracked files:
  (use "git add <file>..." to include in what will be committed)
	third_party/VENDOR-LICENSE/golang.org/x/sys/LICENSE

[ReToCode]

@dprotaso I'm still unable to reproduce. The codegen is fine in ubuntu in container and also on a GH codespace:

# Local ubuntu container
go version
go version go1.18.1 linux/arm64
...
=== Removing empty go.work.sum
Diffing /work against freshly generated codegen
/work up to date.

# GH codespace
go version
go version go1.21.4 linux/amd64
...
=== Removing empty go.work.sum
Diffing /workspaces/pkg against freshly generated codegen
/workspaces/pkg up to date.

GH action is using go 1.21, so no idea why this is different.
But as you are able to reproduce this, can you push the fix to my branch?

[dprotaso]

I think you need to run this on amd64 not arm - the license tool isn't actually reporting licenses for all architectures

[dprotaso]

/hold
/lgtm

@ReToCode unsure about the failures but if those were expected (and there are changes downstream) then feel free to drop the hold

[ReToCode]

I think you need to run this on amd64 not arm - the license tool isn't actually reporting licenses for all architectures

Not sure, the GH actions env was actually go version go1.21.4 linux/amd64. Anyway, its ok now.

@ReToCode unsure about the failures but if those were expected (and there are changes downstream) then feel free to drop the hold

I'm not sure what's the best approach here. Each downstream repo has to make some changes. I see these options:

a) update their hack/update-codegen.sh scripts to still call the deprecated generate-groups.sh but with exec to avoid the permission issues for now.
b) use go run to call all the generators, e.g. here an example for Serving: https://github.com/knative/serving/compare/main...ReToCode:serving:bump-k8s-deps?expand=1#diff-149dfe7bb29d1191dceae3a52915e750e64b7f87257a5fb309c29d3056e2a95dR70
c) Migrate to use k8s.io/code-generator/kube_codegen.sh

All of them have pros and cons. b) has the downside that we do not cleanup the old resources. It seems like the k8s scripts do delete old files.

Opinions? @dprotaso @skonto @pierDipi @matzew @mgencur @cardil (context: k8s 1.28 made changes to the generator scripts).

[dprotaso]

I'd suggest just using go run and not wait - it's what gateway API is doing

[dprotaso]

Not sure, the GH actions env was actually go version go1.21.4 linux/amd64. Anyway, its ok now.

Your container env was using arm arch

[knative-prow-robot]

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[ReToCode]

I'd suggest just using go run and not wait - it's what gateway API is doing

@dprotaso I also like that approach, but is it ok to lose the cleanup?

All of them have pros and cons. b) has the downside that we do not cleanup the old resources. It seems like the k8s scripts do delete old files.

[ReToCode]

As the release is very close, we'll just keep the old generators and just bump K8s deps here. I opened #2927 to tackle the generation change separatly.