Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade dependencies #200

Merged
merged 11 commits into from
Feb 18, 2022
Merged

Upgrade dependencies #200

merged 11 commits into from
Feb 18, 2022

Conversation

willbeason
Copy link
Member

The big one here is upgrading opa to v0.37.2 to fix the security vulnerability.

Will Beason added 4 commits February 16, 2022 09:17
Upgrade OPA to v0.37.2

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
905fe4d 
This fixes the dependabot alert

We have to downgrade logr or else we get a bunch of dependency
conflicts. We'll need to remove that replace directive when we upgrade
the k8s verison we base on.

Signed-off-by: Will Beason <willbeason@google.com>
Upgrade k8s to v0.22.6
0fddf01 
Signed-off-by: Will Beason <willbeason@google.com>
Upgrade client-go to v0.22.6
1fd9b04 
Signed-off-by: Will Beason <willbeason@google.com>
Upgrade apiextensions-apiserver to v0.21.9
22f5f46 
Signed-off-by: Will Beason <willbeason@google.com>
sozercan
sozercan reviewed Feb 16, 2022
View reviewed changes
Will Beason added 2 commits February 16, 2022 11:46
Upgrade k8s to v0.23.0
82cc45a 
Signed-off-by: Will Beason <willbeason@google.com>
Upgrade k8s to 0.23.3
53a737a 
This gets us to the latest stable k8s libraries.

Signed-off-by: Will Beason <willbeason@google.com>
Update conversion-gen and controller-gen in Makefile
672366e 
Signed-off-by: Will Beason <willbeason@google.com>
@willbeason
Copy link
Member Author

I was able to upgrade to k8s 0.23.3 libraries, which gets us past the logr upgrade.

Open Telemetry has a habit of its dependencies getting out of sync, so I've added replace directives to keep them in lockstep. The go mod command isn't able to resolve these on its own.

As far as I can tell, we need to skip k8s 0.22.x since the Open Telemetry libraries are inconsistent across our dependencies.

Will Beason added 4 commits February 16, 2022 12:19
Upgrade controller-gen to v0.8.0
96d6fd3 
Signed-off-by: Will Beason <willbeason@google.com>
Upgrade golang to 1.17
319ad22 
No longer compatible with 1.16 with library upgrades

Signed-off-by: Will Beason <willbeason@google.com>
go mod vendor
52dde25 
Signed-off-by: Will Beason <willbeason@google.com>
Upgrade Go to 1.17 in workflow
4b37af4 
Signed-off-by: Will Beason <willbeason@google.com>
@willbeason
Copy link
Member Author

The gatekeeper failure is expected - it needs to pin the otel dependencies in order for Go to resolve dependencies correctly.

sozercan
sozercan approved these changes Feb 16, 2022
View reviewed changes
Copy link
Member

@sozercan sozercan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sozercan sozercan mentioned this pull request Feb 16, 2022
Closed
maxsmythe
maxsmythe approved these changes Feb 16, 2022
View reviewed changes
Copy link
Contributor

@maxsmythe maxsmythe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

ritazh
ritazh reviewed Feb 17, 2022
View reviewed changes
constraint/go.mod
k8s.io/apimachinery v0.23.3
k8s.io/client-go v0.23.3
k8s.io/utils v0.0.0-20211116205334-6203023598ed
sigs.k8s.io/controller-runtime v0.11.1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how does this impact the controller-runtime we use in gatekeeper? and will it work with the dynamiccache fork of controller-runtime https://github.com/open-policy-agent/gatekeeper/tree/master/third_party/sigs.k8s.io/controller-runtime?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll test this locally to see if this upgrade breaks Gatekeeper.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tested locally, and the upgrade works without impacting Gatekeeper. The dynamiccache fork works correctly.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would we need to upgrade our fork? @shomron

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope - we don't need to. I tested the upgrade and we don't have to modify our fork.

ritazh
ritazh approved these changes Feb 18, 2022
View reviewed changes
Copy link
Member

@ritazh ritazh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @willbeason !
LGTM

@willbeason willbeason merged commit c2a0d8c into open-policy-agent:master Feb 18, 2022
@willbeason willbeason deleted the upgrade branch February 18, 2022 18:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sozercan sozercan

@ritazh ritazh

@maxsmythe maxsmythe

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@willbeason @sozercan @ritazh @maxsmythe