Comment # 10 on bug 1213786 from Egbert Eich 
Hello Priyanka, let me also address the different topics individually (for
brevity reasons I've deleted some lines) -

(In reply to Priyanka Saggu from comment #9)
> Hello eich@suse.com, apologies for the delay. I got caught up in resolving
> another issue upstream.
> 
> Addressing below each point separately, but just want to mention that I am
> also relatively new to Kubernetes packaging with O/IBS. So, I have been
> going back and forth to gather context & still be missing information fully.

That's fine. I've been with this company for quite a while, now, and have
handled a lot of difficult packaging issues and still don't know everything
- this is true in particular around building containers.

> we currently don't have any new tags available for k8s versions beyond N-1
> (v1.26), because the above source kiwi files are no longer tracking them.

Exactly, and here lies the problem: we still update older code streams (ie k8s
minor versions) - must likely to fix security vulnerabilities - but we do not
push updated containers for these. So, despite the effort that went into
maintaining all these different code streams - they are not consumable (or if
they were, users would potentially still get vulnerable containers).
This disadvantages the openSUSE Leap users in particular since they are stuck
with
kubernetes1.24.

> ---
> 
> Regarding `kubic-pause-image`, yes, it seems that adding another tag (3.9)
> in kiwi file[3] is required, and versions of kuberetes-pause[4] package need
> to be bumped (but I'm still digging further on pause image).
> 
> [3]
> https://build.opensuse.org/package/view_file/devel:kubic:containers/kubic-
> pause-image/kubic-pause-image.kiwi?expand=1
> [4] https://build.opensuse.org/package/show/devel:kubic/kubernetes-pause

In my understanding, only the former needs an additional 'Tag' while the latter
may
remain the same: pause is really a simple application - and it seems we have
our own, which has seen fewer updates than upstream. I have not done any
research on
'pause' - would it make sense to sync (the sources) with upstream?

> ---
> 
> As for `devel:kubic/etcd-for-k8s1.27`, it appears to be up-to-date based on
> the dependencies[5] from upstream project. The meta (unversioned) kubernetes
> packages have the etcd values[5][6] set properly. 
> 
> [5] etcdversion (wrt v1.27.4) -
> https://github.com/kubernetes/kubernetes/blob/v1.27.4/build/dependencies.
> yaml#L63
> [6] etcdversionminus1 (wrt v1.26.7)
> -https://github.com/kubernetes/kubernetes/blob/v1.26.7/build/dependencies.
> yaml#L56
> 

Indeed. There may have been a different issue involved that is unrelated to the
package and the available containers that I was not able to get the correct
version - or I was just confused.

> ---
> 
> I totally agree that the current situation of maintaining multiple versions
> of Kubernetes packaging in OBS needs improvement on multiple levels, to make
> it barely usable.
> 
> For starters, one suggestion I received is to consider moving the k8s
> container images to registry.suse.com and utilizing
> `BCI-dockerfile-generator`[7] for that purpose.
> I am currently exploring this option.
> 
> [7] https://github.com/SUSE/BCI-dockerfile-generator

Using BCI-dockerfile-generator might be an option, but I'm skeptical about
moving to registry.suse.com:
1. It may be a good idea to keep enterprise and openSUSE activities separate
and 
   let the former be derived from the latter. This gives openSUSE more 
   independence.
2. registry.opensuse.com comes with a lot more strings attached. For once, you
need 
   to build in IBS.
3. At least currently, SLE users do not get any of the kubernetes packages
(except 
   kubernetesXX-client) - not even through PackageHub. Thus, none of them will
be 
   able to consume these containers.
4. There's no browsable interface for registry.suse.de - at least I haven't
found 
   one, yet.
5. I don't see how this would resolve the problems at hand - we would still
have to 
   fix them, wouldn't we?
Using registry.suse.com should not be a prerequisite to use the dockerfile
generator, so you may still use it while staying on registry.opensuse.org.

You are receiving this mail because: