pipelines
pipelines copied to clipboard
kubeflow
feat!: Upgrade argo to v3.4.7
Description of your changes: Fixes the following CVEs:
- CVE-2023-27536
- CVE-2022-42915
- CVE-2022-23521
- CVE-2022-41903
- CVE-2022-32221
- CVE-2022-37434
- CVE-2023-23914
Breaking changes:
- Argo 3.4 removed support for choosing container runtime executors, emissary is the only option left: https://argoproj.github.io/argo-workflows/workflow-executors/
Checklist:
- [ ] The title for your pull request (PR) should follow our title convention. Learn more about the pull request title convention used in this repository.
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please ask for approval from chensun. For more information see the Kubernetes Code Review Process.
The full list of commands accepted by this bot can be found here.
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
![google-oss-prow[bot] avatar](https://avatars.githubusercontent.com/in/143327?v=4 "Published by a pub.dev verified publisher"){kind=small}
@chensun: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:
| Test name | Commit | Details | Required | Rerun command |
|---|---|---|---|---|
| kubeflow-pipelines-samples-v2 | d75a28c8786a28af786ae153e80d068243774d7e | link | false | /test kubeflow-pipelines-samples-v2 |
| kubeflow-pipeline-e2e-test | d75a28c8786a28af786ae153e80d068243774d7e | link | true | /test kubeflow-pipeline-e2e-test |
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.
Test failure is due to failed to retrieve the log. And this is due to a bug/breaking change from Argo side: https://github.com/argoproj/argo-workflows/issues/10107#issuecomment-1536113642
Test failure is due to failed to retrieve the log
See also #8935 for an issue on logs in Argo v3.4.
I mentioned there that setting POD_NAMES=v1 will also revert back to the previous naming.
@chensun the current argo is woefully out of date and has not been patched since Nov 2022, and various CVE's have accumulated since then.
What do you think of using the work around as suggested by Terry here, and manually generating the pod name. Can this be something we could do to unblock this upgrade (is there a lot of overhead for this?). Or setting the POD_NAMES=v1 on the workflow controller. I personally think manually generating the name here is better, so we can remain a bit more agnostic to how Argo is being deployed by users.
There seems like there's a PR in transit right now that could resolve this issue for a less hacky fix in a later argo version that we can keep an eye on and create a tracker for.
I think we don't need this PR opened as we have #10568 in progress. @chensun wdyt?
@rimolive: Closed this PR.
In response to this:
/close
Superseded by #10568
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.