search

aureq / cert-manager-webhook-ovh

OVH Webhook for Cert Manager
https://aureq.github.io/cert-manager-webhook-ovh/
Apache License 2.0
80 stars 14 forks source link

Not compatible with K8S <=v1.22 #6

Closed Nathanael-Mtd closed 1 year ago

Nathanael-Mtd commented 2 years ago

Hi,

I just upgraded our cert-manager-webhook-ovh instance to your fork and I just saw these warn and errors on the webhook pod : 

W1108 16:56:04.551389       1 reflector.go:324] pkg/mod/k8s.io/client-go@v0.24.2/tools/cache/reflector.go:167: failed to list *v1beta2.FlowSchema: the server could not find the requested resource
E1108 16:56:04.551437       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.24.2/tools/cache/reflector.go:167: Failed to watch *v1beta2.FlowSchema: failed to list *v1beta2.FlowSchema: the server could not find the requested resource
W1108 16:56:25.262951       1 reflector.go:324] pkg/mod/k8s.io/client-go@v0.24.2/tools/cache/reflector.go:167: failed to list *v1beta2.PriorityLevelConfiguration: the server could not find the requested resource
E1108 16:56:25.263008       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.24.2/tools/cache/reflector.go:167: Failed to watch *v1beta2.PriorityLevelConfiguration: failed to list *v1beta2.PriorityLevelConfiguration: the server could not find the requested resource

We use kubernetes v1.22 and cert-manager v1.10

I searched and I found that v1beta2 for API Priority and Fairness was added in v1.23. v1.22 (and v1.21) stays at v1beta1.

aureq commented 2 years ago

Hi @Nathanael-Mtd

Thank you for reporting this.

The dependencies for v1beta2 and previously v1beta1 depend on cert-manager own dependencies for building the webhook. I used to have similar warning as this issue #2.

Also, it appears that k8s 1.22 is now out of life according to https://kubernetes.io/releases/#release-v1-22 and https://endoflife.date/kubernetes

For future releases of the webhook, I'll see if it's possible to accommodate older kubernetes installations. Just bear in mind I'm a single me maintaining and improving this webhook and I have very limited resources to perform tests.

Nathanael-Mtd commented 2 years ago

No problems, I can make tests if you need ! 👍

I don't know which library need to use API Priority and Fairness but I saw same issues on nearly every cert-manager-webhook providers repos like this one : https://github.com/Dopingus/cert-manager-webhook-dynu/issues/9

I think that if we use k8s.io/client-go at v0.23+, k8s clusters need to be at version 1.23+ to support v1beta2 of these priority/fairness API.

On my side, I will just upgrade soon the 1.22 k8s cluster I got.