Dependency Update Policy
David Ko edited this page Apr 18, 2024
·
12 revisions
For each feature release, need to update the following dependencies.
- Component container base image (ex: BCI)
- Kubernetes min version support
- This can be determined by the upstream Kubernetes support versions, Longhorn usage metrics info, Rancher downstream provisioned cluster version, or other factors.
- CSI sidecar versions
- Go version
- Kubernetes library versions
- Major, Minor, Patch, and Digest dependent libraries. Major and Minor dependency updates will be individually reviewed.
- When updating versions, it is necessary to ensure that there will be no breaking changes causing incompatibility.
- DISALLOW updating the dependencies with major or minor version changes, as they could cause breaking changes.
- To resolve vulnerability issues, update the dependencies with the patch version only to ensure compatibility.
- If need to update minor versions of dependencies for inevitable reasons, need to ensure compatibility and run complete end-to-end tests.
- Component container base image
- Kubernetes libs
- CSI side car components
- Go version
- Patch and Digest dependent libraries.
- https://kubernetes.io/releases/patch-releases/#support-period
- https://kubernetes.io/docs/reference/using-api/deprecation-guide/
- https://endoflife.date/kubernetes
- https://github.com/longhorn/longhorn/issues/7001, https://github.com/longhorn/longhorn/issues/2757, https://github.com/longhorn/longhorn/issues/3891