sigs.k8s.io/cluster-api@v1.7.1/docs/book/src/developer/providers/migrations/v1.1-to-v1.2.md (about) 1 # Cluster API v1.1 compared to v1.2 2 3 This document provides an overview over relevant changes between ClusterAPI v1.1 and v1.2 for 4 maintainers of providers and consumers of our Go API. 5 6 ## Minimum Kubernetes version for the management cluster 7 8 * The minimum Kubernetes version that can be used for a management cluster is now 1.20.0 9 * The minimum Kubernetes version that can be used for a management cluster with ClusterClass is now 1.22.0 10 11 NOTE: compliance with minimum Kubernetes version is enforced both by clusterctl and when the CAPI controller starts. 12 13 ## Minimum Go version 14 15 * The Go version used by Cluster API is now Go 1.18.x 16 * If you are using the gcb-docker-gcloud image in cloudbuild, bump to an image which is using 17 Go 1.18, e.g.: `gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20220609-2e4c91eb7e`. 18 19 ## Dependencies 20 21 **Note**: Only the most relevant dependencies are listed, `k8s.io/` and `ginkgo`/`gomega` dependencies 22 in ClusterAPI are kept in sync with the versions used by `sigs.k8s.io/controller-runtime`. 23 24 - sigs.k8s.io/controller-runtime: v0.11.x => v0.12.3 25 - sigs.k8s.io/controller-tools: v0.8.x => v0.9.x 26 - sigs.k8s.io/kind: v0.11.x => v0.14.x 27 - k8s.io/*: v0.23.x => v0.24.x (derived from controller-runtime) 28 - github.com/onsi/gomega: v0.17.0 => v0.18.1 (derived from controller-runtime) 29 - k8s.io/kubectl: v0.23.5 => 0.24.0 30 31 ## Changes by Kind 32 33 ### Deprecation 34 35 * `util.MachinesByCreationTimestamp` has been deprecated and will be removed in a future release. 36 * the `topology.cluster.x-k8s.io/managed-field-paths` annotation has been deprecated and will be removed in a future release. 37 * the `experimentalRetryJoin` field in the KubeadmConfig and, as they compose the same types, KubeadmConfigTemplate, KubeadmControlPlane and KubeadmControlPlaneTemplate, has been deprecated and will be removed in a future release. 38 * 39 ### Removals 40 * The `third_party/kubernetes-drain` package has been removed, as we're now using `k8s.io/kubectl/pkg/drain` instead ([PR](https://github.com/kubernetes-sigs/cluster-api/pull/5440)). 41 * `util/version.CompareWithBuildIdentifiers` has been removed, please use `util/version.Compare(a, b, WithBuildTags())` instead. 42 * The functions `annotations.HasPausedAnnotation` and `annotations.HasSkipRemediationAnnotation` have been removed, please use 43 `annotations.HasPaused` and `annotations.HasSkipRemediation` respectively instead. 44 * `ObjectMeta.ClusterName` has been removed from `k8s.io/apimachinery/pkg/apis/meta/v1`. 45 46 ### golang API Changes 47 48 - `util.ClusterToInfrastructureMapFuncWithExternallyManagedCheck` was removed and the externally managed check was added to `util.ClusterToInfrastructureMapFunc`, which required changing its signature. 49 Users of the former simply need to start using the latter and users of the latter need to add the new arguments to their call. 50 - `conditions.NewPatch` from the "sigs.k8s.io/cluster-api/util/conditions" package has had its return type modified. Previously the function returned `Patch`. It now returns `(Patch, error)`. Users of `NewPatch` need to be update usages to handle the error. 51 52 ### Required API Changes for providers 53 54 - ClusterClass and managed topologies are now using [Server Side Apply](https://kubernetes.io/docs/reference/using-api/server-side-apply/) 55 to properly manage other controllers like CAPA/CAPZ coauthoring slices, see [#6320](https://github.com/kubernetes-sigs/cluster-api/issues/6320). 56 In order to take advantage of this feature providers are required to add marker to their API types as described in 57 [merge-strategy](https://kubernetes.io/docs/reference/using-api/server-side-apply/#merge-strategy). 58 NOTE: the change will cause a rollout on existing clusters created with ClusterClass 59 60 E.g. in CAPA 61 62 ```go 63 // +optional 64 Subnets Subnets `json:"subnets,omitempty" 65 ``` 66 Must be modified into: 67 68 ```go 69 // +optional 70 // +listType=map 71 // +listMapKey=id 72 Subnets Subnets `json:"subnets,omitempty" 73 ``` 74 75 - [Server Side Apply](https://kubernetes.io/docs/reference/using-api/server-side-apply/) implementation in ClusterClass and managed topologies 76 requires to dry-run changes on templates. If infrastructure or bootstrap providers have implemented immutability checks 77 in their InfrastructureMachineTemplate or BootstrapConfigTemplate webhooks, 78 it is required to implement the following changes in order to prevent dry-run to return errors. 79 The implementation requires `sigs.k8s.io/controller-runtime` in version `>= v0.12.3`. 80 81 E.g. in CAPD following changes should be applied to the DockerMachineTemplate webhook: 82 83 ```diff 84 + type DockerMachineTemplateWebhook struct{} 85 86 + func (m *DockerMachineTemplateWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { 87 - func (m *DockerMachineTemplate) SetupWebhookWithManager(mgr ctrl.Manager) error { 88 return ctrl.NewWebhookManagedBy(mgr). 89 - For(m). 90 + For(&DockerMachineTemplate{}). 91 + WithValidator(m). 92 Complete() 93 } 94 95 // +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-dockermachinetemplate,mutating=false,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=dockermachinetemplates,versions=v1beta1,name=validation.dockermachinetemplate.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 96 97 + var _ webhook.CustomValidator = &DockerMachineTemplateWebhook{} 98 - var _ webhook.Validator = &DockerMachineTemplate{} 99 100 + func (*DockerMachineTemplateWebhook) ValidateCreate(ctx context.Context, _ runtime.Object) error { 101 - func (m *DockerMachineTemplate) ValidateCreate() error { 102 ... 103 } 104 105 + func (*DockerMachineTemplateWebhook) ValidateUpdate(ctx context.Context, oldRaw runtime.Object, newRaw runtime.Object) error { 106 + newObj, ok := newRaw.(*DockerMachineTemplate) 107 + if !ok { 108 + return apierrors.NewBadRequest(fmt.Sprintf("expected a DockerMachineTemplate but got a %T", newRaw)) 109 + } 110 - func (m *DockerMachineTemplate) ValidateUpdate(oldRaw runtime.Object) error { 111 oldObj, ok := oldRaw.(*DockerMachineTemplate) 112 if !ok { 113 return apierrors.NewBadRequest(fmt.Sprintf("expected a DockerMachineTemplate but got a %T", oldRaw)) 114 } 115 + req, err := admission.RequestFromContext(ctx) 116 + if err != nil { 117 + return apierrors.NewBadRequest(fmt.Sprintf("expected a admission.Request inside context: %v", err)) 118 + } 119 ... 120 // Immutability check 121 + if !topology.ShouldSkipImmutabilityChecks(req, newObj) && 122 + !reflect.DeepEqual(newObj.Spec.Template.Spec, oldObj.Spec.Template.Spec) { 123 - if !reflect.DeepEqual(m.Spec.Template.Spec, old.Spec.Template.Spec) { 124 allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "template", "spec"), m, dockerMachineTemplateImmutableMsg)) 125 } 126 ... 127 } 128 129 + func (*DockerMachineTemplateWebhook) ValidateDelete(ctx context.Context, _ runtime.Object) error { 130 - func (m *DockerMachineTemplate) ValidateDelete() error { 131 ... 132 } 133 ``` 134 135 NOTES: 136 - We are introducing a `DockerMachineTemplateWebhook` struct because we are going to use a controller runtime 137 `CustomValidator`. This will allow to skip the immutability check only when the topology controller is dry running 138 while preserving the validation behaviour for all other cases. 139 - By using `CustomValidators` it is possible to move webhooks to other packages, thus removing some controller 140 runtime dependency from the API types. However, choosing to do so or not is up to the provider implementers 141 and independent of this change. 142 143 ### Other 144 145 - Logging: 146 - To align with the upstream Kubernetes community CAPI now configures logging via `component-base/logs`. 147 This provides advantages like support for the JSON logging format (via `--logging-format=json`) and automatic 148 deprecation of klog flags aligned to the upstream Kubernetes deprecation period. 149 <details> 150 <summary>View <code>main.go</code> diff</summary> 151 152 ```diff 153 import ( 154 ... 155 + "k8s.io/component-base/logs" 156 + _ "k8s.io/component-base/logs/json/register" 157 ) 158 159 var ( 160 ... 161 + logOptions = logs.NewOptions() 162 ) 163 164 func init() { 165 - klog.InitFlags(nil) 166 167 func InitFlags(fs *pflag.FlagSet) { 168 + logs.AddFlags(fs, logs.SkipLoggingConfigurationFlags()) 169 + logOptions.AddFlags(fs) 170 171 func main() { 172 ... 173 pflag.Parse() 174 175 + if err := logOptions.ValidateAndApply(); err != nil { 176 + setupLog.Error(err, "unable to start manager") 177 + os.Exit(1) 178 + } 179 + 180 + // klog.Background will automatically use the right logger. 181 + ctrl.SetLogger(klog.Background()) 182 - ctrl.SetLogger(klogr.New()) 183 ``` 184 </details> 185 186 This change has been introduced in CAPI in the following PRs: [#6072](https://github.com/kubernetes-sigs/cluster-api/pull/6072), [#6190](https://github.com/kubernetes-sigs/cluster-api/pull/6190), [#6602](https://github.com/kubernetes-sigs/cluster-api/pull/6602).</br> 187 **Note**: This change is not mandatory for providers, but highly recommended. 188 189 - Following E2E framework functions are now checking that machines are created in the expected failure domain (if defined); 190 all E2E tests can now verify failure domains too. 191 - `ApplyClusterTemplateAndWait` 192 - `WaitForControlPlaneAndMachinesReady` 193 - `DiscoveryAndWaitForMachineDeployments` 194 - The `AssertControlPlaneFailureDomains` function in the E2E test framework has been modified to allow proper failure domain testing. 195 196 - After investigating an [issue](https://github.com/kubernetes-sigs/cluster-api/issues/6006) we discovered that improper implementation of a check on `cluster.status.infrastructureReady` can lead to problems during cluster deletion. As a consequence, we recommend that all providers ensure: 197 - The check for `cluster.status.infrastructureReady=true` usually existing at the beginning of the reconcile loop for control-plane providers is implemented after setting external objects ref; 198 - The check for `cluster.status.infrastructureReady=true` usually existing at the beginning of the reconcile loop for infrastructure provider does not prevent the object to be deleted 199 rif. [PR #6183](https://github.com/kubernetes-sigs/cluster-api/pull/6183) 200 201 - CAPI added support for the new control plane label and taint introduced by v1.24 with [PR#5919](https://github.com/kubernetes-sigs/cluster-api/pull/5919). 202 Providers should tolerate _both_ `control-plane` and `master` taints for compatibility with v1.24 control planes. 203 Further, if they use the label in their `manager.yaml`, it should be adjusted since v1.24 only adds the `node-role.kubernetes.io/control-plane` label. 204 An example of such an accommodation can be seen in the capi-provider-aws [manager.yaml][aws-manager-yaml-a69181] 205 206 [aws-manager-yaml-a69181]: https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/a691817f0ea6e8e6624e3c748b33d0058c061fd7/config/manager/manager.yaml?rgh-link-date=2022-02-17T20%3A09%3A43Z#L52