search

kubernetes-sigs / metrics-server

Scalable and efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.
https://kubernetes.io/docs/tasks/debug-application-cluster/resource-metrics-pipeline/
Apache License 2.0
5.82k stars 1.87k forks source link

Prepared for Release v0.7.0 #1165

Closed yangjunmyfm192085 closed 9 months ago

yangjunmyfm192085 commented 1 year ago

Installation

kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.7.0/components.yaml

Changes since v0.6.0

Improvements

Optimizations

Observability

Tests

Manifests

Documentations

Fixes

Need to be added

Should not to be added

yangjunmyfm192085 commented 1 year ago

/cc @serathius @dgrisonnet

stevehipwell commented 1 year ago

For the Helm chart I'd like to get https://github.com/kubernetes-sigs/metrics-server/pull/1120 merged as well as the Dependabot PRs.

logicalhan commented 1 year ago

/triage accepted /assign @serathius @dgrisonnet

dgrisonnet commented 1 year ago

I discussed this topic with @serathius a few weeks ago and we wanted to wait to have a bit more improvements before cutting a new minor. So far there are mostly dependencies updates and a few bug fixes, but we haven't tackled any long-term improvements from: https://github.com/kubernetes-sigs/metrics-server/issues/627 this time.

gillesdouaire commented 1 year ago

Would be great to release if only to update the version of the k8s.io/client-go library. We are using metrics server 0.6.2, and its current v0.23.2 k8s.io/client-go version is antique, an update is much needed as most Kubernetes clusters these days are at 1.24 if not 1.25.

stevehipwell commented 1 year ago

Would be great to release if only to update the version of the k8s.io/client-go library. We are using metrics server 0.6.2, and its current v0.23.2 k8s.io/client-go version is antique, an update is much needed as most Kubernetes clusters these days are at 1.24 if not 1.25.

I don't disagree with the sentiment here but I'd like to see some number to back up the statement; the last time I remember an overview of where people are running K8s it was 70% on EKS with the other cloud providers also significantly represented. EKS only made v1.24 available in November, AKS does have v1.25 available but it's not particularly stable, GKE has v1.25 on rapid but v1.24 is regular with v1.23 on stable. I can't see there being too many people running a version higher than v1.24 and suspect that the most common version is likely v1.23 or even v1.22.

gillesdouaire commented 1 year ago

oh well 🤷

stevehipwell commented 1 year ago

@gillesdouaire I wasn't disagreeing with getting a release out. But I was interested if you had some numbers to back up your claim on the versions currently in use as I wasn't thinking that the primary reason to be aiming to release.

gillesdouaire commented 1 year ago

@stevehipwell I contacted our GKE representative for K8s minor version usage statistics because I am curious - but I am not convinced my quest will be successful... will keep you posted.

alex-berger commented 1 year ago

In light of https://kubernetes.io/blog/2023/02/06/k8s-gcr-io-freeze-announcement/, I would love to see this release (including the corresponding HelmChart release) rather sooner then later.

dgrisonnet commented 1 year ago

https://kubernetes.io/blog/2023/02/06/k8s-gcr-io-freeze-announcement/ will not have any impact on metrics-server since we are already using the new registry to publish images.

stevehipwell commented 1 year ago

It looks like we might want to release a chart patch to update the source in the Helm chart as we haven't released since the changes were made there.

alex-berger commented 1 year ago

@dgrisonnet That's only half of whats, needed :-). The Helm Chart should also be released to make use of the new registry by default.

dgrisonnet commented 1 year ago

I wasn't aware the chart was still referencing the old registry, but even if it needs to be updated, it doesn't require to release v0.7.0.

111andre111 commented 1 year ago

Question: What are the blockers for not releasing 0.7.0. I see these ones: https://github.com/kubernetes-sigs/metrics-server/issues/1165#issuecomment-1383811742 https://github.com/kubernetes-sigs/metrics-server/issues/1165#issuecomment-1419565587 Are these still a topic?

Dentrax commented 1 year ago

Any update on this discussion?

I was wondering if we are able to up and run 0.6.3 in v1.26.5 k8s cluster. (Since #1265 not released yet) Or should we wait the next release cut for this? If so, is there any planned date for the next release?

dgrisonnet commented 1 year ago

Let's work on this release once Kubernetes 1.28 is out. Release 0.6 is running an unsupported version of the Kubernetes libraries (go.mod) and updating it to the most recent minor could be considered a breaking change since it is outside of the version skew.

Does that sound fine with you @serathius?

wzshiming commented 1 year ago

Hello, Any plans for when it will be released?

sumit-cyber commented 11 months ago

Dear @dgrisonnet , Any plan when Metrics server v0.7.0 will be released ? any tentative date

sumit-cyber commented 11 months ago

Some additional vulnerabilities found in metrics server v0.6.4 CVE-2023-47108 CVE-2023-45142 CVE-2023-39325 GHSA-m425-mq94-257g

dgrisonnet commented 11 months ago

I don't have the bandwidth to shepherd this release, but I'll try to find someone to help me with it.

CatherineF-dev commented 11 months ago

At least one OWNER must LGTM this release.

cc @serathius needs a LGTM

dgrisonnet commented 11 months ago

I can take care of the approval.

The problem right now is that the projected changelog is very much outdated. The last update was in January, so we have to update it before any approval can be made.

serathius commented 11 months ago

The changelog proposed in the top comment (https://github.com/kubernetes-sigs/metrics-server/issues/1165#issue-1512492147) is outdated by a year. Please propose a new changelog. No need to list all the changes, just the major improvements. For example https://github.com/kubernetes-sigs/metrics-server/pull/1182

CatherineF-dev commented 11 months ago

qq: do we have simple ways to get github user id? git log only shows email.

dgrisonnet commented 11 months ago

I don't think there is something like that.

Usually, I would use github compare to build the changelog: https://github.com/kubernetes-sigs/metrics-server/compare

dgrisonnet commented 11 months ago

Another way would be to copy the commit hash in the Github search and look at which github user committed it.

CatherineF-dev commented 11 months ago

Improvements

Support logs in JSON format(@yangjunmyfm192085)

Optimize the timeout setting and timeout logging of metrics-server accessing the /metrics/resource endpoint (@yangjunmyfm192085)

update PodDisruptionBudget to policy/v1(@yangjunmyfm192085)

update golang to 1.19.4(fix CVE-2022-41717)(@yangjunmyfm192085)

Bump go version to 1.19.7 (@JoaoBraveCoding)

Build metrics-server with golang 1.19.11 (@dgrisonnet)

GO-2022-1144: Bump golang.org/x/net(@olivierlemasle)

Bump klog/v2 back to v2.60.1 and other minor bumps (@cruizen)

feat(helm): add autoscaling to helm chart (@chubchubsancho)

Set namespace for auth-reader rb to kube-system (@hamza3202)

add configMap volume for addon resizer (@calvinbui)

Permit running under PodSecurity restricted (@jcpunk)

Optimizations

Remove redundant informer startup(@yangjunmyfm192085)

Observability

Change default secure port to 10250(@stevehipwell)

Update registry location to registry.k8s.io(@dgrisonnet)

cloudbuild: remove buildx-specific commands(@dgrisonnet)

feat(chart): Changed the registry location to registry.k8s.io (@stevehipwell)

Tests

Add test logging flags(@serathius)

try to fix the e2e failure(@yangjunmyfm192085)

add fuzz test for decodeBatch(@yangjunmyfm192085)

verify test:fix golangci-lint(@yangjunmyfm192085)

update logcheck(@yangjunmyfm192085)

Upload metrics-server logs in CI(@dgrisonnet)

e2e test adds support for kubernetes version 1.26(@yangjunmyfm192085)

Manifests

fix(manifests): Turn autoscale into a component(@maxbrunet)

refactor(manifests): Follow base-components-overlays structure(@maxbrunet)

Add HA manifests for the different compatibilities(@dgrisonnet )

Documentations

Update KNOWN_ISSUES (@serathius @yangjunmyfm192085 @maxmetalm)

Document command line flags and test it(@serathius)

Update README.md(@mindw)

document what ports are required for MS to work in the README(@yangjunmyfm192085)

Small cleanups for network requirements(@serathius)

Fix document: replace a broken link on README.md(@Shunpoco)

Link to PSS (since PSP is deprecated).(@guettli)

Update HA instructions to include 1.21+ deployment(@dgrisonnet)

Remove manual assets publication step from RELEASE.md(@dgrisonnet)

Fixes

Restore support for log specific flags in Kubernetes Components (@yangjunmyfm192085)

fix benchmark bug and some small spell mistake(@yangjunmyfm192085)

fix: Handle error while parsing node metrics(@XiaoXiaoSN)

update prometheus to version 2.33.0(@fengshunli)

update api dependencies(@yangjunmyfm192085)

fix verify fail(@yangjunmyfm192085)

Fix errors in find -type f -name ".go" ! -path "/vendor/*" | xargs (@cruizen)

helm: fixes service annotation (@JoaoBraveCoding)

fix addon resizer rolebinding (@calvinbui)

fix(chart): Updated container port to correct default (@stevehipwell)

update k8s version for e2e tests (@yangjunmyfm192085)

CatherineF-dev commented 11 months ago

cc @dgrisonnet

I have updated CHANGELOG using https://github.com/kubernetes-sigs/metrics-server/compare

CatherineF-dev commented 11 months ago

cc @dgrisonnet needs a lgtm

CatherineF-dev commented 11 months ago

cc @dgrisonnet @serathius needs a lgtm

sumit-cyber commented 11 months ago

Hi Team ,

What will the go-lang version in version 0.7.0?

will it be 1.20.9 or 1.21.2 ? which contain fix for vulnerabilities

CVE-2023-47108 CVE-2023-45142 CVE-2023-39325 CVE-2023-39323

logicalhan commented 11 months ago

/triage accepted /assign @dgrisonnet @CatherineF-dev

CatherineF-dev commented 10 months ago

@sumit-cyber it should be golang 1.21.5. Could you check whether master branch still has these vulnerabilities?

https://github.com/kubernetes-sigs/metrics-server/pull/1394/files

dgrisonnet commented 10 months ago

Few comments:

@CatherineF-dev could you perhaps:

CatherineF-dev commented 10 months ago

Improvements

Support logs in JSON format(@yangjunmyfm192085)

Optimize the timeout setting and timeout logging of metrics-server accessing the /metrics/resource endpoint (@yangjunmyfm192085)

update PodDisruptionBudget to policy/v1(@yangjunmyfm192085)

GO-2022-1144: Bump golang.org/x/net(@olivierlemasle)

Bump klog/v2 back to v2.60.1 and other minor bumps (@cruizen)

Set namespace for auth-reader rb to kube-system (@hamza3202)

add configMap volume for addon resizer (@calvinbui)

Permit running under PodSecurity restricted (@jcpunk)

Bump golang from 1.21.4 to 1.21.5 (dependent-bot)

Optimizations

Remove redundant informer startup(@yangjunmyfm192085)

Tests

Add test logging flags(@serathius)

add fuzz test for decodeBatch(@yangjunmyfm192085)

verify test:fix golangci-lint(@yangjunmyfm192085)

update logcheck(@yangjunmyfm192085)

Upload metrics-server logs in CI(@dgrisonnet)

e2e test adds support for kubernetes version 1.26(@yangjunmyfm192085)

Manifests

fix(manifests): Turn autoscale into a component(@maxbrunet)

refactor(manifests): Follow base-components-overlays structure(@maxbrunet)

Add HA manifests for the different compatibilities(@dgrisonnet)

Change default secure port to 10250(@stevehipwell)

Documentations

Update KNOWN_ISSUES (@serathius @yangjunmyfm192085 @maxmetalm)

Document command line flags and test it(@serathius)

Update README.md(@mindw)

document what ports are required for MS to work in the README(@yangjunmyfm192085)

Small cleanups for network requirements(@serathius)

Fix document: replace a broken link on README.md(@Shunpoco)

Link to PSS (since PSP is deprecated).(@guettli)

Update HA instructions to include 1.21+ deployment(@dgrisonnet)

Fixes

Restore support for log specific flags in Kubernetes Components (@yangjunmyfm192085)

fix benchmark bug and some small spell mistake(@yangjunmyfm192085)

fix: Handle error while parsing node metrics(@XiaoXiaoSN)

update prometheus to version 2.33.0(@fengshunli)

update api dependencies(@yangjunmyfm192085)

Fix errors in find -type f -name ".go" ! -path "/vendor/*" | xargs (@cruizen)

fix addon resizer rolebinding (@calvinbui)

fix(chart): Updated container port to correct default (@stevehipwell)

update k8s version for e2e tests (@yangjunmyfm192085)

CatherineF-dev commented 10 months ago

cc @dgrisonnet, have updated

dgrisonnet commented 10 months ago

There still some things that don't really make sense like:

Build metrics-server with golang 1.19.11

when we are now building with golang 1.21.5: https://github.com/kubernetes-sigs/metrics-server/blob/master/Dockerfile#L4

I'll try to give it a stab myself and we can see going from that

CatherineF-dev commented 10 months ago

Oh, I ignored all PRs from non-human. For example, dependent bot.

Added Bump golang from 1.21.4 to 1.21.5 (@dependabot)

sumit-cyber commented 10 months ago

@CatherineF-dev we have upgraded machine-agent using master branch but still there is 1.19.11 version of go-land and vulnerabilities not addressed .

Could you please guide how to upgrade.

First we deleted metrics server using below command from our environment kubectl delete -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

and then create it kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

sumit-cyber commented 10 months ago

@CatherineF-dev @dgrisonnet

I think components.yaml still pointing out to image :registry.k8s.io/metrics-server/metrics-server:v0.6.4

and in branch release-0.6 still go-lang version is 1.19.11

CatherineF-dev commented 10 months ago

Yes, because v0.7 has not been released.

Waiting this issue to be approved, so that we can go to next step.

CatherineF-dev commented 10 months ago

You can see all release steps here: https://github.com/kubernetes-sigs/metrics-server/blob/master/RELEASE.md

This is the first step.

sumit-cyber commented 10 months ago

Yes, because v0.7 has not been released.

Waiting this issue to be approved, so that we can go to next step.

So there will be no changes to release-0.6 instead 0.7 will be after after some days ?

CatherineF-dev commented 10 months ago

I think we can still update release note after release, how about approving this issue now?

cc @dgrisonnet @serathius

dgrisonnet commented 9 months ago

Installation

kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.7.0/components.yaml

Changes since v0.6.4

Logging flags that are klog specific (--log-dir, --log-file, --logtostderr, --alsologtostderr, --one-output, --stderrthreshold, --log-file-max-size, --skip-log-headers, --add-dir-header, --skip-headers, --log-backtrace-at) were deprecated in v0.6.1 and are now removed.

Improvements

Optimizations

Fixes

Tests

Manifests

Documentations

dgrisonnet commented 9 months ago

@CatherineF-dev I went through the git log again and tried to remove most of the non user-facing changes as well as everything related to helm. Let me know what you think about this revised version of the changelog.

dgrisonnet commented 9 months ago

Maybe I could add a section dedicated to Helm changes. @stevehipwell what do you think would be the best for the users between integrating the helm changes to the main changelog or adding them separately in the helm release?

CatherineF-dev commented 9 months ago

Let me know what you think about this revised version of the changelog.

LGTM.

stevehipwell commented 9 months ago

Maybe I could add a section dedicated to Helm changes. @stevehipwell what do you think would be the best for the users between integrating the helm changes to the main changelog or adding them separately in the helm release?

@dgrisonnet I'll be adding a CHANGELOG into the chart directory in the chart release for v0.7.0 so it'd probably be easier to keep them out of the main one.