dns icon indicating copy to clipboard operation
dns copied to clipboard
verified publisher icon kubernetes

Bump coredns and kubernetes dependencies

Open dereknola opened this issue 1 year ago • 5 comments

Background

These two dependencies are very Out of Date and are introducing CVEs into downstream repos. A previous PR was auto opened by dependabot, but never went anywhere. https://github.com/kubernetes/dns/pull/641 This PRs scope is more limited.

Changes

  • Bump coredns to 1.11.3 (latest version)
  • Bump K8s to 1.28.14 (the oldest version still being supported as of October 2024). This should ensure maximum compatibility.
  • Migrate from deprecated clock package to replacement (clocks and clocks/testing got split up)

The go mod vendor has been isolated to a separate commit to make review easier.

dereknola avatar Oct 18 '24 18:10 dereknola

Welcome @dereknola!

It looks like this is your first PR to kubernetes/dns 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/dns has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. :smiley:

k8s-ci-robot avatar Oct 18 '24 18:10 k8s-ci-robot

Hi @dereknola. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

k8s-ci-robot avatar Oct 18 '24 18:10 k8s-ci-robot

@DamianSawicki Can I get a review on this please? I'm not sure who else to ping, as there hasn't been much activity in this repo in about 4 months.

Related, does this repo need more maintainers?

dereknola avatar Oct 22 '24 16:10 dereknola

Hi @dereknola, I think this repo desperately needs more maintainers. Currently no PR can be submitted (at least normally) because CI is broken (so there is little sense in reviewing your PR before resolving this). If you have the capacity to look at https://github.com/kubernetes/dns/issues/646, it would be really great.

DamianSawicki avatar Oct 22 '24 16:10 DamianSawicki

@DamianSawicki I've rebased this PR now that the E2E fix is in master.

dereknola avatar Oct 25 '24 15:10 dereknola

/ok-to-test

DamianSawicki avatar Oct 26 '24 13:10 DamianSawicki

/retest

dereknola avatar Oct 28 '24 17:10 dereknola

Looks like the 5s timeout I added in the last PR is still not quite enough to prevent flaky e2e tests. Might consider bumping it to 10s.

dereknola avatar Oct 28 '24 17:10 dereknola

@kl52752 Could you review this please? I will squash these commits, I just was waiting for review readability.

dereknola avatar Oct 30 '24 15:10 dereknola

I'm also happy to review it but won't have time this week.

DamianSawicki avatar Oct 30 '24 16:10 DamianSawicki

@DamianSawicki any chance you will have time this week to review this PR? I would love to pull this in to RKE2 November patches.

dereknola avatar Nov 07 '24 18:11 dereknola

Apologies for the delay. It all looks good.

/lgtm

DamianSawicki avatar Nov 07 '24 19:11 DamianSawicki

@kl52752 any chance of getting this approved/reviewed?

dereknola avatar Nov 12 '24 17:11 dereknola

/lgtm /approve

kl52752 avatar Nov 13 '24 07:11 kl52752

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: DamianSawicki, dereknola, kl52752, VestigeJ

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

k8s-ci-robot avatar Nov 13 '24 07:11 k8s-ci-robot

Can we get a new release tagged now that this PR is merged?

dereknola avatar Nov 13 '24 17:11 dereknola

Sure, I'll take care of it, hopefully tomorrow.

DamianSawicki avatar Nov 13 '24 19:11 DamianSawicki

@DamianSawicki or whoever will be tagging a release: please note that coredns v1.11 renamed prometheus metrics https://github.com/coredns/coredns/blob/v1.11.0/plugin/forward/README.md#metrics with very little fanfare in release notes https://github.com/coredns/coredns/blob/v1.11.0/notes/coredns-1.11.0.md ("Some changes to forward plugin metrics.") and I believe this should be mentioned more.

Michcioperz avatar Nov 26 '24 12:11 Michcioperz

How can I tell which version will have this update?

anokun7 avatar Dec 05 '24 17:12 anokun7

How can I tell which version will have this update?

new version has not be released yet.

kl52752 avatar Dec 09 '24 08:12 kl52752

@anokun7 There is a new version https://github.com/kubernetes/dns/releases/tag/1.24.0 ready and in fact already https://github.com/kubernetes/dns/releases/tag/1.24.1 is being prepared.

DamianSawicki avatar Dec 13 '24 15:12 DamianSawicki

Thank you for the update @DamianSawicki !

anokun7 avatar Dec 13 '24 15:12 anokun7