Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Outdated addons #255

Open
KlockiLego opened this issue Jan 15, 2024 · 6 comments
Open

Outdated addons #255

KlockiLego opened this issue Jan 15, 2024 · 6 comments

Comments

@KlockiLego
Copy link

Microk8s use outdated core addons - for example Helm.

What is the version upgrade policy for core addons?
Does anyone actively maintain it or does microk8s have rather weak and slow support from Canonical?
@KlockiLego
Copy link
Author

so you can't count on the microk8s project and ongoing support and add-on updates?

@ktsakalozos
Copy link
Member

Hi @KlockiLego sorry we missed this issue last week.

When a MicroK8s release comes out (eg 1.28), the addons repositories for that specific release gets branched out of main. We do not update that branch unless we really have to. The reason is that we want users to have the same experience throughout the life of the release. This approach is in sync with what distributions where the set of packages shipped are pinned to the version of the release.

@KlockiLego
Copy link
Author

I see that there is a branch per Kubernetes version.
But why can't you upgrade addon versions in parallel with new Kubernetes versions?

This makes the microk8s ecosystem obsolete.
This led, for example, to problems with the cert-manager.
#253

Many new features are not available through outdated addons.

I don't see developers reacting quickly to problems.
canonical/microk8s#4361

@ktsakalozos
Copy link
Member

We do not update k8s hosted workloads when upgrading the k8s cluster. Often there are breaking changes and/or changes in the workload's functionality that would be breaking the clusters and UX in many unpredictable ways. Practically, as soon as the admin enables an addon he is expected to own its maintenance. We are offering new versions of the addon enable/disable scripts and in order to get them the admin would need to microk8s addons repo update <repo>.

I don't see developers reacting quickly to problems.

The issues opened in this repository are addressed by the engineers of MicroK8s. Priority is given to bug fixes. Users that require support for their production deployments turn to Canonical for that. In this way dedicated support engineers are engaged and proper support SLAs are in place. This is how all open source projects I know of operate.

@KlockiLego
Copy link
Author

So with the microk8s cluster I download obsolete addons by default and then I have to update them manually?

So I have to edit the enable executable files myself (/var/snap/microk8s/common/addons...)?

@alexanderkjeldaas
Copy link

alexanderkjeldaas commented Mar 23, 2024
edited

I think this policy should be changed.

If you enable vulnerability scanning on the default addons in k9s, most have vulnerabilities it seems.

The first 3 bits that are 111 should indicate critical, severe, and medium vulnerabilities. 😢

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexanderkjeldaas @ktsakalozos @KlockiLego