Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Forbid modifying cronjob with CRON_TZ and TZ in .spec.schedule #129510

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

soltysh
Copy link
Contributor

@soltysh soltysh commented Jan 7, 2025

What type of PR is this?

/kind cleanup
/kind api-change

What this PR does / why we need it:

We've been warning about not using CRON_TZ and TZ variables in schedule since k8s 1.23 (
#106455), since 1.29 we only allowed updates (#116252) .

The information has been around for long enough for us to entirely restrict the usage of CRON_TZ and TZ in .spec.schedule, which is what this PR does.

Which issue(s) this PR fixes:

NONE

Special notes for your reviewer:

/assign @liggitt

Does this PR introduce a user-facing change?

Using `TZ` or `CRON_TZ` in `.spec.schedule`, is now forbidden, use the `.spec.timeZone` field instead.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

- [KEP]: https://github.com/kubernetes/enhancements/issues/3140

Signed-off-by: Maciej Szulik <soltysh@gmail.com>
@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Jan 7, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: soltysh
Once this PR has been reviewed and has the lgtm label, please assign smarterclayton for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added sig/apps Categorizes an issue or PR as relevant to SIG Apps. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jan 7, 2025
@soltysh
Copy link
Contributor Author

soltysh commented Jan 7, 2025

/priority important-longterm
/triage accepted

@k8s-ci-robot k8s-ci-robot added priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jan 7, 2025
@k8s-triage-robot
Copy link

This PR may require API review.

If so, when the changes are ready, complete the pre-review checklist and request an API review.

Status of requested reviews is tracked in the API Review project.

@kannon92
Copy link
Contributor

kannon92 commented Jan 7, 2025

/label api-review

@k8s-ci-robot k8s-ci-robot added the api-review Categorizes an issue or PR as actively needing an API review. label Jan 7, 2025
@sftim
Copy link
Contributor

sftim commented Jan 8, 2025

As well as this, I suggest we blog about it (“mid-cycle deprecations and removals blog” specifically) and that we recommend a ValidatingAdmissionPolicy. The ValidatingAdmissionPolicy would be one that people can apply to older clusters so that they are ready to upgrade.

@sftim
Copy link
Contributor

sftim commented Jan 8, 2025

Changelog suggestion

-Using `TZ` or `CRON_TZ` in `.spec.schedule`, is now forbidden, use the `.spec.timeZone` field instead.
+Making a change that specifies `TZ` or `CRON_TZ` in the `.spec.schedule` of a CronJob is now forbidden; use the `.spec.timeZone` field instead.

@@ -743,11 +743,7 @@ func validateCronJobSpec(spec, oldSpec *batch.CronJobSpec, fldPath *field.Path,
if len(spec.Schedule) == 0 {
allErrs = append(allErrs, field.Required(fldPath.Child("schedule"), ""))
} else {
allowTZInSchedule := false
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wasn't expecting to drop this ratcheting validation ever... removing this toleration makes unrelated updates to cronjobs containing a TZ (like annotating them or removing a finalizer) fail

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're already requiring use of the field in new cronjobs, I don't see a reason to break updates of old cronjobs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
api-review Categorizes an issue or PR as actively needing an API review. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/apps Categorizes an issue or PR as relevant to SIG Apps. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
Status: Changes requested
Status: Needs Triage
Development

Successfully merging this pull request may close these issues.

6 participants