https://bugzilla.suse.com/show_bug.cgi?id=1213786 https://bugzilla.suse.com/show_bug.cgi?id=1213786#c10 --- Comment #10 from Egbert Eich <eich@suse.com> --- Hello Priyanka, let me also address the different topics individually (for brevity reasons I've deleted some lines) - (In reply to Priyanka Saggu from comment #9)
Hello eich@suse.com, apologies for the delay. I got caught up in resolving another issue upstream.
Addressing below each point separately, but just want to mention that I am also relatively new to Kubernetes packaging with O/IBS. So, I have been going back and forth to gather context & still be missing information fully.
That's fine. I've been with this company for quite a while, now, and have handled a lot of difficult packaging issues and still don't know everything - this is true in particular around building containers.
we currently don't have any new tags available for k8s versions beyond N-1 (v1.26), because the above source kiwi files are no longer tracking them.
Exactly, and here lies the problem: we still update older code streams (ie k8s minor versions) - must likely to fix security vulnerabilities - but we do not push updated containers for these. So, despite the effort that went into maintaining all these different code streams - they are not consumable (or if they were, users would potentially still get vulnerable containers). This disadvantages the openSUSE Leap users in particular since they are stuck with kubernetes1.24.
---
Regarding `kubic-pause-image`, yes, it seems that adding another tag (3.9) in kiwi file[3] is required, and versions of kuberetes-pause[4] package need to be bumped (but I'm still digging further on pause image).
[3] https://build.opensuse.org/package/view_file/devel:kubic:containers/kubic- pause-image/kubic-pause-image.kiwi?expand=1 [4] https://build.opensuse.org/package/show/devel:kubic/kubernetes-pause
In my understanding, only the former needs an additional 'Tag' while the latter may remain the same: pause is really a simple application - and it seems we have our own, which has seen fewer updates than upstream. I have not done any research on 'pause' - would it make sense to sync (the sources) with upstream?
---
As for `devel:kubic/etcd-for-k8s1.27`, it appears to be up-to-date based on the dependencies[5] from upstream project. The meta (unversioned) kubernetes packages have the etcd values[5][6] set properly.
[5] etcdversion (wrt v1.27.4) - https://github.com/kubernetes/kubernetes/blob/v1.27.4/build/dependencies. yaml#L63 [6] etcdversionminus1 (wrt v1.26.7) -https://github.com/kubernetes/kubernetes/blob/v1.26.7/build/dependencies. yaml#L56
Indeed. There may have been a different issue involved that is unrelated to the package and the available containers that I was not able to get the correct version - or I was just confused.
---
I totally agree that the current situation of maintaining multiple versions of Kubernetes packaging in OBS needs improvement on multiple levels, to make it barely usable.
For starters, one suggestion I received is to consider moving the k8s container images to registry.suse.com and utilizing `BCI-dockerfile-generator`[7] for that purpose. I am currently exploring this option.
Using BCI-dockerfile-generator might be an option, but I'm skeptical about moving to registry.suse.com: 1. It may be a good idea to keep enterprise and openSUSE activities separate and let the former be derived from the latter. This gives openSUSE more independence. 2. registry.opensuse.com comes with a lot more strings attached. For once, you need to build in IBS. 3. At least currently, SLE users do not get any of the kubernetes packages (except kubernetesXX-client) - not even through PackageHub. Thus, none of them will be able to consume these containers. 4. There's no browsable interface for registry.suse.de - at least I haven't found one, yet. 5. I don't see how this would resolve the problems at hand - we would still have to fix them, wouldn't we? Using registry.suse.com should not be a prerequisite to use the dockerfile generator, so you may still use it while staying on registry.opensuse.org. -- You are receiving this mail because: You are on the CC list for the bug.