You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flink.apache.org by Gyula Fóra <gy...@apache.org> on 2022/07/20 09:47:24 UTC
[VOTE] Apache Flink Kubernetes Operator Release 1.1.0, release candidate #1
Hi everyone,
Please review and vote on the release candidate #1 for the version 1.1.0 of
Apache Flink Kubernetes Operator,
as follows:
[ ] +1, Approve the release
[ ] -1, Do not approve the release (please provide specific comments)
**Release Overview**
As an overview, the release consists of the following:
a) Kubernetes Operator canonical source distribution (including the
Dockerfile), to be deployed to the release repository at dist.apache.org
b) Kubernetes Operator Helm Chart to be deployed to the release repository
at dist.apache.org
c) Maven artifacts to be deployed to the Maven Central Repository
d) Docker image to be pushed to dockerhub
**Staging Areas to Review**
The staging areas containing the above mentioned artifacts are as follows,
for your review:
* All artifacts for a,b) can be found in the corresponding dev repository
at dist.apache.org [1]
* All artifacts for c) can be found at the Apache Nexus Repository [2]
* The docker image for d) is staged on github [3]
All artifacts are signed with the key
0B4A34ADDFFA2BB54EB720B221F06303B87DAFF1 [4]
Other links for your review:
* JIRA release notes [5]
* source code tag "release-1.1.0-rc1" [6]
* PR to update the website Downloads page to include Kubernetes Operator
links [7]
**Vote Duration**
The voting time will run for at least 72 hours.
It is adopted by majority approval, with at least 3 PMC affirmative votes.
**Note on Verification**
You can follow the basic verification guide here[8].
Note that you don't need to verify everything yourself, but please make
note of what you have tested together with your +- vote.
Thanks,
Gyula Fora
[1]
https://dist.apache.org/repos/dist/dev/flink/flink-kubernetes-operator-1.1.0-rc1/
[2] https://repository.apache.org/content/repositories/orgapacheflink-1518/
[3] ghcr.io/apache/flink-kubernetes-operator:c9dec3f
[4] https://dist.apache.org/repos/dist/release/flink/KEYS
[5]
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12351723
[6]
https://github.com/apache/flink-kubernetes-operator/tree/release-1.1.0-rc1
[7] https://github.com/apache/flink-web/pull/560
[8]
https://cwiki.apache.org/confluence/display/FLINK/Verifying+a+Flink+Kubernetes+Operator+Release
RE: [VOTE] Apache Flink Kubernetes Operator Release 1.1.0, release candidate #1
Posted by Jim Busche <jb...@us.ibm.com>.
Thank you Gyula,
+1 (non-binding)
Successfully verified the following:
* Helm install of RC1 on OpenShift 4.8.43 and 4.10.18
* Checksums, GPG signatures look good
* Deployed some examples, looks good, nothing strange in logs.
* Port-forward of the rest UI looked good
* Rebuilt the image from source, looks good, and helm installed utilizing this image on OpenShift.
* Vulnerability scan looks good, except for the okhttp mentioned previously which is internal and likely not a concern.
Jim
Re: [VOTE] Apache Flink Kubernetes Operator Release 1.1.0, release candidate #1
Posted by Gyula Fóra <gy...@gmail.com>.
+1 (binding)
Verified the following:
- Helm repo contents, image reference
- Upgrade from 1.0.1 with running Deployments and SessionJobs to 1.1.0
without problems
- Run a few examples, verify logs, basic metrics, CR status, events
Cheers,
Gyula
On Wed, Jul 20, 2022 at 5:58 PM Geng Biao <bi...@gmail.com> wrote:
> Hi there,
> Thanks a lot for the release!
>
> +1 (non-binding)
>
>
> Successfully verified the following:
> - Checksums and gpg signatures of the tar files.
> - No binaries in source release
> - Build from source, build image from source
> - Helm Repo works, Helm install works
> - Submit example applications without errors
> - Check that flink sql/python examples with flink kubernetes operator work
> as expected
> - Check licenses in the docs dir in source code
>
> Best,
> Biao Geng
>
>
> *
>
> From: Gyula Fóra <gy...@apache.org>
> Date: Wednesday, July 20, 2022 at 5:47 PM
> To: dev <de...@flink.apache.org>
> Subject: [VOTE] Apache Flink Kubernetes Operator Release 1.1.0, release
> candidate #1
> Hi everyone,
>
> Please review and vote on the release candidate #1 for the version 1.1.0 of
> Apache Flink Kubernetes Operator,
> as follows:
> [ ] +1, Approve the release
> [ ] -1, Do not approve the release (please provide specific comments)
>
> **Release Overview**
>
> As an overview, the release consists of the following:
> a) Kubernetes Operator canonical source distribution (including the
> Dockerfile), to be deployed to the release repository at dist.apache.org
> b) Kubernetes Operator Helm Chart to be deployed to the release repository
> at dist.apache.org
> c) Maven artifacts to be deployed to the Maven Central Repository
> d) Docker image to be pushed to dockerhub
>
> **Staging Areas to Review**
>
> The staging areas containing the above mentioned artifacts are as follows,
> for your review:
> * All artifacts for a,b) can be found in the corresponding dev repository
> at dist.apache.org [1]
> * All artifacts for c) can be found at the Apache Nexus Repository [2]
> * The docker image for d) is staged on github [3]
>
> All artifacts are signed with the key
> 0B4A34ADDFFA2BB54EB720B221F06303B87DAFF1 [4]
>
> Other links for your review:
> * JIRA release notes [5]
> * source code tag "release-1.1.0-rc1" [6]
> * PR to update the website Downloads page to include Kubernetes Operator
> links [7]
>
> **Vote Duration**
>
> The voting time will run for at least 72 hours.
> It is adopted by majority approval, with at least 3 PMC affirmative votes.
>
> **Note on Verification**
>
> You can follow the basic verification guide here[8].
> Note that you don't need to verify everything yourself, but please make
> note of what you have tested together with your +- vote.
>
> Thanks,
> Gyula Fora
>
> [1]
>
> https://dist.apache.org/repos/dist/dev/flink/flink-kubernetes-operator-1.1.0-rc1/
> [2]
> https://repository.apache.org/content/repositories/orgapacheflink-1518/
> [3] ghcr.io/apache/flink-kubernetes-operator:c9dec3f
> [4] https://dist.apache.org/repos/dist/release/flink/KEYS
> [5]
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12351723
> [6]
> https://github.com/apache/flink-kubernetes-operator/tree/release-1.1.0-rc1
> [7] https://github.com/apache/flink-web/pull/560
> [8]
>
> https://cwiki.apache.org/confluence/display/FLINK/Verifying+a+Flink+Kubernetes+Operator+Release
>
Re: [VOTE] Apache Flink Kubernetes Operator Release 1.1.0, release candidate #1
Posted by Geng Biao <bi...@gmail.com>.
Hi there,
Thanks a lot for the release!
+1 (non-binding)
Successfully verified the following:
- Checksums and gpg signatures of the tar files.
- No binaries in source release
- Build from source, build image from source
- Helm Repo works, Helm install works
- Submit example applications without errors
- Check that flink sql/python examples with flink kubernetes operator work as expected
- Check licenses in the docs dir in source code
Best,
Biao Geng
*
From: Gyula Fóra <gy...@apache.org>
Date: Wednesday, July 20, 2022 at 5:47 PM
To: dev <de...@flink.apache.org>
Subject: [VOTE] Apache Flink Kubernetes Operator Release 1.1.0, release candidate #1
Hi everyone,
Please review and vote on the release candidate #1 for the version 1.1.0 of
Apache Flink Kubernetes Operator,
as follows:
[ ] +1, Approve the release
[ ] -1, Do not approve the release (please provide specific comments)
**Release Overview**
As an overview, the release consists of the following:
a) Kubernetes Operator canonical source distribution (including the
Dockerfile), to be deployed to the release repository at dist.apache.org
b) Kubernetes Operator Helm Chart to be deployed to the release repository
at dist.apache.org
c) Maven artifacts to be deployed to the Maven Central Repository
d) Docker image to be pushed to dockerhub
**Staging Areas to Review**
The staging areas containing the above mentioned artifacts are as follows,
for your review:
* All artifacts for a,b) can be found in the corresponding dev repository
at dist.apache.org [1]
* All artifacts for c) can be found at the Apache Nexus Repository [2]
* The docker image for d) is staged on github [3]
All artifacts are signed with the key
0B4A34ADDFFA2BB54EB720B221F06303B87DAFF1 [4]
Other links for your review:
* JIRA release notes [5]
* source code tag "release-1.1.0-rc1" [6]
* PR to update the website Downloads page to include Kubernetes Operator
links [7]
**Vote Duration**
The voting time will run for at least 72 hours.
It is adopted by majority approval, with at least 3 PMC affirmative votes.
**Note on Verification**
You can follow the basic verification guide here[8].
Note that you don't need to verify everything yourself, but please make
note of what you have tested together with your +- vote.
Thanks,
Gyula Fora
[1]
https://dist.apache.org/repos/dist/dev/flink/flink-kubernetes-operator-1.1.0-rc1/
[2] https://repository.apache.org/content/repositories/orgapacheflink-1518/
[3] ghcr.io/apache/flink-kubernetes-operator:c9dec3f
[4] https://dist.apache.org/repos/dist/release/flink/KEYS
[5]
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12351723
[6]
https://github.com/apache/flink-kubernetes-operator/tree/release-1.1.0-rc1
[7] https://github.com/apache/flink-web/pull/560
[8]
https://cwiki.apache.org/confluence/display/FLINK/Verifying+a+Flink+Kubernetes+Operator+Release
Re: [VOTE] Apache Flink Kubernetes Operator Release 1.1.0, release candidate #1
Posted by Márton Balassi <ba...@gmail.com>.
+1 (binding)
Successfully verified the following:
- Checksums and gpg signatures
- No binaries in source release
- Build from source, build image from source
- Helm Repo works, Helm install works
- Notice files look good
- Upgraded a cluster from 1.0.0 and run some examples
Specifically for FLINK-28637<
https://issues.apache.org/jira/browse/FLINK-28637>: Thank you for reporting
it, Jim. Fortunately both the Fabric8 and the JOSDK community was very
responsive, this gives a path for fixing this. However given the following:
1. The HTTP client is internal to the operator, this vulnerability is very
unlikely to affect it,
2. We also need to bump the dependency within the Flink native k8s
integration,
3. We need extensive testing to make sure the new dependency version
behaves properly,
My suggestion is to release 1.1.0 with this as a known issue and fix it in
1.1.1. That said we can merge a fix for it to the release-1.1 as soon as
possible, so folks who are prohibited to use the 1.1.0 version can roll
their own image from source.
On Thu, Jul 21, 2022 at 6:33 PM Gyula Fóra <gy...@gmail.com> wrote:
> Thank you for flagging this Jim. I looked a little into this and it comes
> from the fabric8 client, so it affects all current operator (and flink)
> versions.
>
> I think it would be a bit risky for us to manually bump this dependency as
> the usage is not controlled by us and it's hard to test for all the
> consequences of this major version change in the http client.
> Also it seems that this vulnerability would require direct user access to
> the http client, which is not the case here.
>
> At this point I think we should not consider this a blocker, I have also
> commented on the jira ticket.
>
> Gyula
>
> On Thu, Jul 21, 2022 at 6:27 PM Jim Busche <jb...@us.ibm.com> wrote:
>
> > Thanks for the release
> >
> > I’m continuing to test and so far it’s looking good, but I found a high
> > security vulnerability in the
> > /flink-kubernetes-operator/flink-kubernetes-operator-1.1.0-shaded.jar
> > file. I’ve created issue FLINK-28637<
> > https://issues.apache.org/jira/browse/FLINK-28637> and seeing if I can
> > successfully upgrade to the newer okhttp version.
> >
> >
> >
> > Thanks, Jim
> >
>
Re: [VOTE] Apache Flink Kubernetes Operator Release 1.1.0, release candidate #1
Posted by Gyula Fóra <gy...@gmail.com>.
Thank you for flagging this Jim. I looked a little into this and it comes
from the fabric8 client, so it affects all current operator (and flink)
versions.
I think it would be a bit risky for us to manually bump this dependency as
the usage is not controlled by us and it's hard to test for all the
consequences of this major version change in the http client.
Also it seems that this vulnerability would require direct user access to
the http client, which is not the case here.
At this point I think we should not consider this a blocker, I have also
commented on the jira ticket.
Gyula
On Thu, Jul 21, 2022 at 6:27 PM Jim Busche <jb...@us.ibm.com> wrote:
> Thanks for the release
>
> I’m continuing to test and so far it’s looking good, but I found a high
> security vulnerability in the
> /flink-kubernetes-operator/flink-kubernetes-operator-1.1.0-shaded.jar
> file. I’ve created issue FLINK-28637<
> https://issues.apache.org/jira/browse/FLINK-28637> and seeing if I can
> successfully upgrade to the newer okhttp version.
>
>
>
> Thanks, Jim
>
Re: [VOTE] Apache Flink Kubernetes Operator Release 1.1.0, release candidate #1
Posted by Jim Busche <jb...@us.ibm.com>.
Thanks for the release
I’m continuing to test and so far it’s looking good, but I found a high security vulnerability in the /flink-kubernetes-operator/flink-kubernetes-operator-1.1.0-shaded.jar file. I’ve created issue FLINK-28637<https://issues.apache.org/jira/browse/FLINK-28637> and seeing if I can successfully upgrade to the newer okhttp version.
Thanks, Jim
Re: [VOTE] Apache Flink Kubernetes Operator Release 1.1.0, release candidate #1
Posted by Yang Wang <da...@gmail.com>.
+1 (binding)
Successfully verified the following:
- Verify that the checksums and GPG files
- Verify that the source distributions do not contain any binaries
- Build binary and image from release source
- Verify the NOTICE and licenses in source release and the docker image
- Verify the helm chart values with correct appVersion and image tag
- Operator functionality manual testing
- Start a Flink Application job(both streaming and batch) with 1.15
- Verify the FlinkUI could be accessed via ingress
- No strange operator logs
Best,
Yang
Thomas Weise <th...@apache.org> 于2022年7月24日周日 08:02写道:
> +1 (binding)
>
> * built from source archive
> * run examples
>
> Thanks,
> Thomas
>
> On Wed, Jul 20, 2022 at 5:48 AM Gyula Fóra <gy...@apache.org> wrote:
> >
> > Hi everyone,
> >
> > Please review and vote on the release candidate #1 for the version 1.1.0
> of
> > Apache Flink Kubernetes Operator,
> > as follows:
> > [ ] +1, Approve the release
> > [ ] -1, Do not approve the release (please provide specific comments)
> >
> > **Release Overview**
> >
> > As an overview, the release consists of the following:
> > a) Kubernetes Operator canonical source distribution (including the
> > Dockerfile), to be deployed to the release repository at dist.apache.org
> > b) Kubernetes Operator Helm Chart to be deployed to the release
> repository
> > at dist.apache.org
> > c) Maven artifacts to be deployed to the Maven Central Repository
> > d) Docker image to be pushed to dockerhub
> >
> > **Staging Areas to Review**
> >
> > The staging areas containing the above mentioned artifacts are as
> follows,
> > for your review:
> > * All artifacts for a,b) can be found in the corresponding dev repository
> > at dist.apache.org [1]
> > * All artifacts for c) can be found at the Apache Nexus Repository [2]
> > * The docker image for d) is staged on github [3]
> >
> > All artifacts are signed with the key
> > 0B4A34ADDFFA2BB54EB720B221F06303B87DAFF1 [4]
> >
> > Other links for your review:
> > * JIRA release notes [5]
> > * source code tag "release-1.1.0-rc1" [6]
> > * PR to update the website Downloads page to include Kubernetes Operator
> > links [7]
> >
> > **Vote Duration**
> >
> > The voting time will run for at least 72 hours.
> > It is adopted by majority approval, with at least 3 PMC affirmative
> votes.
> >
> > **Note on Verification**
> >
> > You can follow the basic verification guide here[8].
> > Note that you don't need to verify everything yourself, but please make
> > note of what you have tested together with your +- vote.
> >
> > Thanks,
> > Gyula Fora
> >
> > [1]
> >
> https://dist.apache.org/repos/dist/dev/flink/flink-kubernetes-operator-1.1.0-rc1/
> > [2]
> https://repository.apache.org/content/repositories/orgapacheflink-1518/
> > [3] ghcr.io/apache/flink-kubernetes-operator:c9dec3f
> > [4] https://dist.apache.org/repos/dist/release/flink/KEYS
> > [5]
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12351723
> > [6]
> >
> https://github.com/apache/flink-kubernetes-operator/tree/release-1.1.0-rc1
> > [7] https://github.com/apache/flink-web/pull/560
> > [8]
> >
> https://cwiki.apache.org/confluence/display/FLINK/Verifying+a+Flink+Kubernetes+Operator+Release
>
Re: [VOTE] Apache Flink Kubernetes Operator Release 1.1.0, release candidate #1
Posted by Thomas Weise <th...@apache.org>.
+1 (binding)
* built from source archive
* run examples
Thanks,
Thomas
On Wed, Jul 20, 2022 at 5:48 AM Gyula Fóra <gy...@apache.org> wrote:
>
> Hi everyone,
>
> Please review and vote on the release candidate #1 for the version 1.1.0 of
> Apache Flink Kubernetes Operator,
> as follows:
> [ ] +1, Approve the release
> [ ] -1, Do not approve the release (please provide specific comments)
>
> **Release Overview**
>
> As an overview, the release consists of the following:
> a) Kubernetes Operator canonical source distribution (including the
> Dockerfile), to be deployed to the release repository at dist.apache.org
> b) Kubernetes Operator Helm Chart to be deployed to the release repository
> at dist.apache.org
> c) Maven artifacts to be deployed to the Maven Central Repository
> d) Docker image to be pushed to dockerhub
>
> **Staging Areas to Review**
>
> The staging areas containing the above mentioned artifacts are as follows,
> for your review:
> * All artifacts for a,b) can be found in the corresponding dev repository
> at dist.apache.org [1]
> * All artifacts for c) can be found at the Apache Nexus Repository [2]
> * The docker image for d) is staged on github [3]
>
> All artifacts are signed with the key
> 0B4A34ADDFFA2BB54EB720B221F06303B87DAFF1 [4]
>
> Other links for your review:
> * JIRA release notes [5]
> * source code tag "release-1.1.0-rc1" [6]
> * PR to update the website Downloads page to include Kubernetes Operator
> links [7]
>
> **Vote Duration**
>
> The voting time will run for at least 72 hours.
> It is adopted by majority approval, with at least 3 PMC affirmative votes.
>
> **Note on Verification**
>
> You can follow the basic verification guide here[8].
> Note that you don't need to verify everything yourself, but please make
> note of what you have tested together with your +- vote.
>
> Thanks,
> Gyula Fora
>
> [1]
> https://dist.apache.org/repos/dist/dev/flink/flink-kubernetes-operator-1.1.0-rc1/
> [2] https://repository.apache.org/content/repositories/orgapacheflink-1518/
> [3] ghcr.io/apache/flink-kubernetes-operator:c9dec3f
> [4] https://dist.apache.org/repos/dist/release/flink/KEYS
> [5]
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12351723
> [6]
> https://github.com/apache/flink-kubernetes-operator/tree/release-1.1.0-rc1
> [7] https://github.com/apache/flink-web/pull/560
> [8]
> https://cwiki.apache.org/confluence/display/FLINK/Verifying+a+Flink+Kubernetes+Operator+Release