search

Kong / charts

Helm chart for Kong
Apache License 2.0
243 stars 475 forks source link

Charts >=2.31.0 require newer version of K8S than what is listed in prerequisites #950

Open rwa-siteimprove opened 10 months ago

rwa-siteimprove commented 10 months ago

Kong chart 2.31.0 introduced K8S validations which appear to have been added in K8S 1.25. The current prerequisites for Kong on https://artifacthub.io/packages/helm/kong/kong#prerequisites state that K8S 1.17 or greater is required. Therefore it appears a breaking change was made to the Kong chart in a minor revision.

The following error is seen when trying to use a Kong chart >= 2.31.0 on K8S versions earlier than 1.25 (I'm guessing based on K8S docs as I don't have that version installed).

error validating data: ValidationError(CustomResourceDefinition.spec.versions[0].schema.openAPIV3Schema): unknown field "x-kubernetes-validations" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps

It appears the validation was added here https://github.com/Kong/charts/commit/e66bd9145c02a16f80a3c5125bf41471e76dbdc7#diff-8f052035f2e058d0d78ded7469c0bff29bede9030b5b870e7e72759def41e455R950

I have a few suggestions:

  1. Increment the major version as this is a breaking change, or
  2. Make this check optional somehow (I don't know if that can be done)
  3. Simply update the documentation to state that a newer version of K8S is required for newer charts.
rwa-siteimprove commented 10 months ago

I have confirmed we're on K8S version 1.21

tao12345666333 commented 9 months ago

Thanks for your report.

rainest commented 6 months ago

This is from CEL validation, which we now use in a number of places. I don't think there's a way to opportunistically use it if possible by default. CRDs aren't templated, so we can't do a version gate for the field using a Kubernetes version lookup.

Older versions can drop the unknown field if you ask, but I don't think Helm has a way to request that. You'd need to install them separately via kubectl. For example:

kubectl kustomize https://github.com/Kong/kubernetes-ingress-controller/config/crd?ref=v3.1.0 | kubectl apply -f - --validate=false

using your controller version string instead of 3.1.0. Do you see any issues using that approach?

czeslavo commented 6 months ago

I agree it's not a perfect experience from the Helm chart user's perspective as the version of the chart itself hasn't been bumped despite bumping a major version of KIC. KIC itself documents that incompatibility correctly though so I will just leave a link to its compatibility matrix here for context: https://docs.konghq.com/kubernetes-ingress-controller/latest/reference/version-compatibility/#kubernetes.

rwa-siteimprove commented 5 months ago

using your controller version string instead of 3.1.0. Do you see any issues using that approach?

I'm not entirely sure what you're asking here. We're using the HELM chart and deploying via ArgoCD so I'm not sure I can do this.

Our config looks like:

      source:
        chart: kong
        repoURL: https://charts.konghq.com
        targetRevision: 2.30.0
        helm:
          releaseName: kong