KEP for keeping release branches on supported go versions

285 views
Skip to first unread message

Jordan Liggitt

unread,
Jan 17, 2023, 5:54:21 PM1/17/23
to kubernetes-sig-release, kubernetes-sig-architecture
tl;dr: an initial draft for KEP-3744: Stay on supported go versions is up for review

Hello sig-release and sig-architecture folks,

A recurring topic over the past few years has been the difficulty of consistently picking up new minor versions of go on release branches, resulting in Kubernetes patch releases using out-of-support go versions missing fixes to published CVEs. This has come up while talking through wg-lts possibilities, the annual support KEP, security scanning efforts, and downstream support of Kubernetes minor versions.

Even though updating go minor versions on release branches is not unprecedented (Kubernetes 1.16.5 moved to go1.13, and this month's 1.23 and 1.24 patch releases move to go1.19), our ability to do that has been heavily reliant on the changes in particular go versions, so we haven't been able to make a process to apply those updates automatically and safely.

Surfacing these difficulties to the go team prompted a discussion, proposal, talk at GopherCon, and a design for improving go's backward compatibility in ways that would allow projects like Kubernetes to update to current go versions while retaining runtime behavior compatible with previous versions for a period of time.

With that proposal likely to be accepted, and an open request to document Kubernetes' approach to updating go on release branches, I went ahead and opened an initial draft for KEP-3744: Stay on supported go versions to propose a set of requirements and a process for updating minor versions of go on Kubernetes release branches. Please take a look if you're interested!

Thanks,
Jordan

Jordan Liggitt

unread,
Jan 24, 2023, 9:12:33 AM1/24/23
to kubernetes-sig-release, kubernetes-sig-architecture
I wanted to give a quick update on this:
  • The go proposal to simplify the compatibility story for go minor versions has been accepted and is targeting go1.21 🎉
  • The KEP PR has been updated to cover the first round of comments
I've also added this to the agendas for today's sig-release meeting and Thursday's sig-arch meeting to discuss.

Thanks,
Jordan

Reply all
Reply to author
Forward
0 new messages