Comments (11)
/sig api-machinery
from kubernetes.
from kubernetes.
Has this skew direction (aggregated apiserver newer than kube-apiserver) been supported historically?
from kubernetes.
That's a good point, when I looked at the official doc we didn't mention it anywhere so I guess that it might just not be supported? Thinking about it again, it would make more sense to me that we would not support this.
Feel free to close if we don't support this skew direction
from kubernetes.
IIUC, at least for Kube components, nothing can be newer than the kube-apiserver (or newer than the oldest kube-apiserver, if there is skew between kube-apiserver instances): https://kubernetes.io/releases/version-skew-policy/. I would feel better about closing if someone else can +1 my understanding.
from kubernetes.
We can tweak the docs to clarify the situation, whichever way we decide / confirms it goes.
from kubernetes.
nothing can be newer than the kube-apiserver (or newer than the oldest kube-apiserver, if there is skew between kube-apiserver instances)
I think you mean “no component other than the API server can be newer than the API server, and API servers that are not the oldest API server version can be at most one minor version newer than the oldest API server version”. Does that sound right @benluddy?
from kubernetes.
I'm not sure. The language needs to distinguish between the kube-apiserver
and aggregated apiservers. The existing docs are clear about skew between kube-apiserver instances:
In highly-available (HA) clusters, the newest and oldest kube-apiserver instances must be within one minor version.
And the supported skew between kube-apiserver and the named components in the doc is relative to the version of the oldest kube-apiserver instance.
The ambiguity here is with the supported skew between kube-apiserver and any aggregated apiserver based on a particular version of k8s.io/apiserver
.
from kubernetes.
Controller clients outside kube-apiserver can't be newer than the kube-apiserver they are talking to (true for kubelet, kube-controller-manager and kube-scheduler, true for aggregated apiservers as well)
kube-apiserver supports -1 skew because it talks to itself for APIs it needs for running admission stuff like flowcontrol and webhook/CEL admission, so it is guaranteed to have access to the latest API version.
Controllers that talk to kube-apiserver have to wait until kube-apiserver is upgraded to have the same guarantee.
We should describe that better in skew docs
/remove-kind bug
/kind documentation
from kubernetes.
This was discussed at length today in the SIG meeting: https://www.youtube.com/watch?v=0TXm-DGcK1k, starting at minute 33:00
from kubernetes.
/triage accepted
from kubernetes.
Related Issues (20)
- Kubernets service not distributing traffic in equally , seeing imbalance in traffic . HOT 14
- Publish Markdown for OpenAPI field descriptions using an extension HOT 4
- Enhancement: allow to filter what fields to return from the API HOT 3
- [Failing Test] ci-crio-cgroupv1-node-e2e-conformance (Swap Tests) HOT 3
- [Flaking Test] integration-master (goroutine leak detection) HOT 6
- [Flaking Test] ci-node-e2e (Container Lifecycle) HOT 11
- Migrate existing features to versioned feature gate HOT 4
- verification machinery for compatibility version HOT 3
- [Flaking Test] TestLog/stateful_set_logs_with_all_pods HOT 4
- Pod deleted during image pull still starts HOT 10
- ValidatingAdmissionPolicy objects have different runtime type compared to CRDValidationRules HOT 8
- `kube-proxy`'s `--healthz-bind-address` should support IPv4 and IPv6 simultaneously (dual stack) HOT 24
- Bug: securityContext appArmorProfile unconfined not working with containerd HOT 2
- The old pod log file is not deleted from the /var/log/pods/ directory HOT 13
- Job controller reports the count of terminating pods with unnecessary delay HOT 4
- tracking issue; bump pause to 3.10 HOT 4
- kubernetes-sigs / scheduler-plugins go.mod Error HOT 3
- post-kubernetes-push-image-pause failed to publish version 3.10 HOT 15
- Failure cluster [6bc9e9c5...] HOT 1
- Apiserver log "Forcing xxx watcher close due to unresponsiveness" meaning consultation HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes.