[NOTICE] External dependencies in Kubernetes and you!

159 views
Skip to first unread message

Stephen Augustus

unread,
Jul 11, 2019, 5:06:01 PM7/11/19
to Kubernetes developer/contributor discussion, kubernetes-sig-release, Kubernetes Release Team, Kubernetes Release Managers

Hey kubies!

Across release cycles, we've noticed that something that frequently needs to be answered is, "How do we manage/track/update external dependencies?".

Here, I'm not referring to golang dependencies, but the set of dependencies that enable us to build or run Kubernetes clusters and the infrastructure that test them.

Examples include: etcd, docker (or CRIs more generally), golang, CNI plugins, CoreDNS, and CRI tools

As usual, we strive to relieve human toil with awesome automation/testing, where possible.

In support of that, yesterday we merged a PR[1] which introduces some changes to the way we track/manage external dependencies. This PR adds:

  • a manifest (build/dependencies.yaml), which describes a dependency by:
    • name
    • version
    • reference paths (locations in the kubernetes repo where the dependency needs to be touched), by:
      • absolute path
      • a regex pattern
  • a CLI tool (cmd/verifydependencies/verifydependencies.go), which verifies the contents of the manifest against the k/k codebase
  • a hack script (hack/verify-external-dependencies-version.sh), which is wired into our Prow verify jobs for k/k and will verify that the versions are up-to-date (or fail)

Moving forward, to bump an external dependency you need to:

  • bump the version of the dependency on build/dependencies.yaml
  • bump all files referenced by a dependency listed on build/dependencies.yaml
  • add any new files that may track this dependency version to the manifest, along with a regex pattern to support searching for them

We still need to canonicalize this process (bringing it into docs, KEPs, etc.), and we will work to do this over the Kubernetes 1.16 release cycle.

Tracking for this work can be found in the SIG Release repo[2].

Shoutout to Yassine Tijani (and all of the reviewers) for working on this and moving the needle forward on easier/safer external dependency bumps across the k/k codebase!

-- Stephen


[1]: https://github.com/kubernetes/kubernetes/pull/79366
[2]: https://github.com/kubernetes/sig-release/issues/601

Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages