KlockiLego
commented
5 months ago so you can't count on the microk8s project and ongoing support and add-on updates?
Open KlockiLego opened 5 months ago
KlockiLego
commented
5 months ago so you can't count on the microk8s project and ongoing support and add-on updates?
ktsakalozos
commented
5 months ago Hi @KlockiLego sorry we missed this issue last week.
When a MicroK8s release comes out (eg 1.28), the addons repositories for that specific release gets branched out of main. We do not update that branch unless we really have to. The reason is that we want users to have the same experience throughout the life of the release. This approach is in sync with what distributions where the set of packages shipped are pinned to the version of the release.
KlockiLego
commented
5 months ago I see that there is a branch per Kubernetes version. But why can't you upgrade addon versions in parallel with new Kubernetes versions?
This makes the microk8s ecosystem obsolete. This led, for example, to problems with the cert-manager. https://github.com/canonical/microk8s-core-addons/issues/253
Many new features are not available through outdated addons.
I don't see developers reacting quickly to problems. https://github.com/canonical/microk8s/issues/4361
ktsakalozos
commented
5 months ago We do not update k8s hosted workloads when upgrading the k8s cluster. Often there are breaking changes and/or changes in the workload's functionality that would be breaking the clusters and UX in many unpredictable ways. Practically, as soon as the admin enables an addon he is expected to own its maintenance. We are offering new versions of the addon enable/disable scripts and in order to get them the admin would need to microk8s addons repo update <repo>.
I don't see developers reacting quickly to problems.
The issues opened in this repository are addressed by the engineers of MicroK8s. Priority is given to bug fixes. Users that require support for their production deployments turn to Canonical for that. In this way dedicated support engineers are engaged and proper support SLAs are in place. This is how all open source projects I know of operate.
KlockiLego
commented
5 months ago So with the microk8s cluster I download obsolete addons by default and then I have to update them manually?
So I have to edit the enable executable files myself (/var/snap/microk8s/common/addons...)?
alexanderkjeldaas
commented
3 months ago I think this policy should be changed.
If you enable vulnerability scanning on the default addons in k9s, most have vulnerabilities it seems.
The first 3 bits that are 111 should indicate critical, severe, and medium vulnerabilities. 😢
Microk8s use outdated core addons - for example Helm.
What is the version upgrade policy for core addons? Does anyone actively maintain it or does microk8s have rather weak and slow support from Canonical?