-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade kustomize-in-kubectl to v4.2.0 #103419
Conversation
@natasha41575: This issue is currently awaiting triage. If a SIG or subproject determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cc @liggitt |
6e3a150
to
e49261a
Compare
e49261a
to
33ae08b
Compare
33ae08b
to
6d4096c
Compare
Consuming a fork (even a temporary one) of a dependency like go-yaml makes the maintenance story for versions of kubectl that include this level unclear. It's hard to tell:
|
the dependency update mechanics look good, we just need clarity around the maintenance story for the lifetime of the kubernetes releases which will contain this |
It is based on the most recent commit of go-yaml v3: go-yaml/yaml@496545a, which is the same commit that k/k currently depends on.
The deltas are shown in the PR that we made to go-yaml. We were hoping that the PR would be accepted, but since it wasn't accepted in time for code freeze, we made a copy of the fork in that PR under
Yes. If there are any fixes at all to the yaml library, we have a script that will allow us to pull in those commits to our fork. If there are security related fixes, kustomize will also prioritize picking them up and backporting them into kustomize release branches. I will file an issue in kustomize for this. EDIT: Filed kubernetes-sigs/kustomize#4033 |
/test pull-kubernetes-dependencies |
in order for kubernetes to in turn pick up whatever fixes kustomize picks up, kubernetes will have to update kustomize, potentially post-kubernetes-release? so kustomize can't have breaking changes does it make more sense to have this fork as an actual repo so it can be updated independently? has anyone looked at updating sigs.k8s.io/yaml to this? |
If there are fixes that kustomize needs to pick up urgently (such as security fixes), kustomize can pick them up and backport them into its release branches so that kubernetes can pick them up without picking up any other changes to kustomize. Also FWIW kustomize isn't planning to have breaking changes soon.
We'd discussed this but we chose to make an internal fork for the following reasons:
We have not. I think sigs.k8s.io/yaml depends on go-yaml.v2. I don't know what the story is for v3, which is what we have forked here. Maybe it makes sense to have a permanent fork of v3 in sigs.k8s.io/yaml. My personal opinion is that in the long term it'll be good to have a separate yaml repo (or to have people that can contribute to go-yaml) because the maintainer of go-yaml seems very busy. But again, we only have a couple of days before code freeze and this temporary internal fork seems like the best option to us right now. @KnVerey do you have anything to add? |
That was a great summary, Natasha. I felt particularly strongly about your first point: we intentionally made the fork internal because we expect to no longer need it in the near future, and we have no desire to maintain it any longer than absolutely necessary. I think a repo created under kubernetes-sigs would likely get usage no matter what disclaimers we put on the readme and should only be created if we intend and have the resources to maintain it. I agree that the difficulty of getting changes that Kubernetes needs into go-yaml is concerning and worth ongoing discussion, but IMO this instance alone does not justify permanent fork creation at this time. You're right that sigs.k8s.io/yaml is v2-based. There's an issue about updating to v3: kubernetes-sigs/yaml#18. Given Kustomize's experience even within v3, I expect there might need to be quite a lot of work done to the fork to make a migration possible without surfacing unacceptable behavioural changes in the various k/k consumers. |
@BenTheElder @liggitt did our replies address your concerns?
In case it is helpful, the PR that created the internal fork also has commits that separate out everything we did in creating the internal fork. All but the prep and cleanup commits were done by the script and would be simple to repeat if we need to update the fork during the lifetime of the release. We didn't squash, so you can also see the same commits on master: kubernetes-sigs/kustomize@276d043...e583f19 Breakdown of the commits in that rangeThe first two commits prepare the script and the codebase:
The next one pulls in the code as a subtree:
The next four are Natasha's changes from her go-yaml PR:
The next one makes the forked code internal to kyaml instead of its own module:
Then we have the commits from Natasha's PR to integrate the go-yaml changes into Kustomize (kubernetes-sigs/kustomize#4004):
And finally two cleanup commits:
|
@@ -0,0 +1,50 @@ | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- @dims for nested forked licenses not getting included correctly, xref third_party/forked/golang/LICENSE is not in LICENSES #103551
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in this case, we happen to already include LICENSES/vendor/gopkg.in/yaml.v3 and LICENSES/vendor/gopkg.in/yaml.v2
That addresses my concern for 1.22. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: liggitt, natasha41575 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind bug
/sig cli
/priority important-soon
What this PR does / why we need it:
This upgrades kustomize-in-kubectl to v4.2.0. As discussed in SIG-CLI meetings, this PR prevents a breaking user change from appearing in
kubectl kustomize
. The original issue is linked here. and further described in this comment.Summary copied from the comment linked above:
In a commit on 2020-May-04, marshaling code in gopkg.in/yaml.v3 changed indenting from
to
Kustomize (via kyaml) depends on gopkg.in/yaml.v3. Hundreds of kustomize tests assume the older more compact behavior, where the hyphens don't 'consume' an indent. These tests are intentionally brittle in this fashion as downstream consumers of the YAML also compare differences in marhsalled YAML and don't want surprises.
Meanwhile,
kubectl create deployment foo --dry-run -o yaml --image foo
This means that without this PR:
To remedy this issue, we added a PR to go-yaml in the hopes that it would be accepted in time for the k/k code freeze. The go-yaml maintainer had agreed to make the indentation style configurable upstream, but did not make the change in time for code freeze, so we forked the go-yaml library under kyaml/internal to use the old indentation. We will remove the fork when the change is available upstream.
Special notes for your reviewer:
This is a go.mod change to upgrade the kustomize
dependency from v4.1.3 to v4.2.0.
Does this PR introduce a user-facing change?
How was this PR made?