Compatibility with kubernetes 1.26
Opened this issue · 5 comments
I'm currently running webhook-desec with kubernetes 1.25 and the logs shows the following deprecations:
2022-11-26 17:32:38 | W1126 16:32:38.400630 1 warnings.go:70] flowcontrol.apiserver.k8s.io/v1beta1 PriorityLevelConfiguration is deprecated in v1.23+, unavailable in v1.26+; use flowcontrol.apiserver.k8s.io/v1beta2 PriorityLevelConfiguration
2022-11-26 17:31:23 | W1126 16:31:23.592937 1 warnings.go:70] flowcontrol.apiserver.k8s.io/v1beta1 FlowSchema is deprecated in v1.23+, unavailable in v1.26+; use flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema
The deprecated apis will disappear in versión 1.26.
Seems that cert-manager example project has updated depencencies.
I'm going to try to do a PR updating dependencies, even though my knowledge of go is negligible, i'll try.
I created a PR with updates to go and api versions, based on original cert-manager-webhook-example.
I have currently running on kubernetes 1.25 and didn't show any deprecation warnings.
Hi, is your stuff still up and running with the newer version? If yes, could you release your changes, maybe in a fork?
I have it working with kubernetes 1.26 without problems, but with warnings about deprecations in future versions:
2023-03-29 10:42:19 | W0329 08:42:19.438919 1 warnings.go:70] flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema is deprecated in v1.26+, unavailable in v1.29+; use flowcontrol.apiserver.k8s.io/v1beta3 FlowSchema
2023-03-29 10:35:51 | W0329 08:35:51.434751 1 warnings.go:70] flowcontrol.apiserver.k8s.io/v1beta2 PriorityLevelConfiguration is deprecated in v1.26+, unavailable in v1.29+; use flowcontrol.apiserver.k8s.io/v1beta3 PriorityLevelConfiguration
and some warnings in kubernetes-api about rate limited requeue.
I'm not an expert in kubernetes dev, and have very basic knowledge in go, that's why I haven't been brave enough to release a fork.
I think the best solution is desec.io implements RFC2136, with is supported directly by cert-manager and kubernetes external-dns, but I don't know if this will ever happen.
@kmorning if you are in any way unhappy with the self-promotion below, please let me know and I will delete my comment.
If anyone is still looking for an updated version of this hook, I have created another solver for desec which can be deployed via helm. It's available at irreleph4nt/cert-manager-webhook-desec-http.
@irreleph4nt It's all good. I haven't had time to keep on top of this, so it's great you've provided another solution. I guess I'll have to look at this eventually when I get around to upgrading my cluster, but I may just opt for your solution at that point, so thanks.