New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Speed up recursive SELinux label change #1710
Comments
/sig storage |
Hey @jsafrane -- 1.19 Enhancements Lead here. I wanted to check in and see if you think this Enhancement will be graduating in 1.19? In order to have this part of the release:
The current release schedule is:
|
Hi @jsafrane, Tomorrow, Tuesday May 19 EOD Pacific Time is Enhancements Freeze Will this enhancement be part of the 1.19 release cycle? |
@jsafrane -- Unfortunately, the deadline for the 1.19 Enhancement freeze has passed. For now, this is being removed from the milestone and 1.19 tracking sheet. If there is a need to get this in, please file an enhancement exception. |
@palnabarun hey, we've just merged the KEP yesterday, at the last moment. I admit I did not pay attention to this enhancement issue and focused on the design. Do I really need an exception just to restore the milestone? |
Yes, an exception would be needed. Here is the process on how to file and exception request. |
/milestone v1.19 |
/stage alpha |
Hi @jsafrane - My name is Zachary, 1.19 Docs shadow. Is this enhancement work planned for 1.19 and does it require any new docs (or modifications to existing docs)? If not, can you please update the 1.19 Enhancement Tracker Sheet, or let me know, I can do it for you :) |
@zestrells, yes, documentation will be needed. I can't edit the tracking sheet, can you please note it there? |
Hey @jsafrane, I am with the enhancements team for the The code freeze deadline for the Enhancement is Have a wonderful day. 🖖 |
Hi @jsafrane - Just a reminder that docs placeholder PR against dev-1.19 is due by June 12th. Does this enhancement require any changes to docs? If so, can you update here with a link to the PR once you have it in place? If not, please update the same, so that the tracking sheet can be updated accordingly. Thanks! |
Hey @jsafrane, This is just a reminder that the code freeze for the enhancement is Have a wonderful day. 🖖 |
API PR: kubernetes/kubernetes#91838 |
Hi, @jsafrane This is a follow-up to the communication that went out to Thursday, July 9th: Week 13 - Code Freeze
Thursday, July 16th: Week 14 - Docs must be completed and reviewed
Tuesday, August 25th: Week 20 - Kubernetes v1.19.0 released
Thursday, August 27th: Week 20 - Release Retrospective You can find the revised Schedule in the sig-release Repo Please let me know if you have any questions. 🖖 |
Hi @jsafrane , This is just a follow up to my earlier messages on the upcoming deadlines. The code freeze deadline is For the enhancement to be included into Please refer to the Exception Process documentation in case if there is a need for one. |
/milestone clear |
copying a paragraph from the blog:
@ibotty, from what you describe, you run all your Pods that access a big volume with the same fsGroup and SELinux contexts. If that's correct, then you should be fine when the feature gets expanded to all volume access modes (namely It will take some time to add ReadWriteMany volumes though - we need to catch the cases where things would break first. Like when people run Pods with different SELinux context that access the same volume simultaneously at different subpaths - as kubelet must mount the whole volumes with a single SELinux, not as subpath of it. (kubelet + SELinux is ... not intuitive, I'd say) |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/milestone v1.30 |
/remove-lifecycle stale |
Hello @jsafrane 👋, Enhancements team here. Just checking in as we approach enhancements freeze on Friday, February 9th, 2024 at 02:00 UTC. This enhancement is targeting for stage Here's where this enhancement currently stands:
For this KEP, we would just need to complete the following:
The status of this enhancement is marked as |
@tjons, KEP has been updated: #4436 There are two feature gates in the KEP. One of them is already beta in 1.29 and we don't plan any change there in 1.30. |
And I think the KEP uses the latest template, please let me know if I missed anything. |
Hey @jsafrane - PRR's are now required for alpha features, see https://github.com/kubernetes/community/blob/master/sig-architecture/production-readiness.md. So, we will need that completed to get this tracked for 1.30 enhancements! |
With all the requirements fulfilled this enhancement is now marked as tracked for the upcoming enhancements freeze 🚀 |
Hello @jsafrane , 👋 1.30 Docs Shadow here. |
Hi @jsafrane , 👋 from the v1.30 Communications Team! We'd love for you to opt in to write a feature blog about your enhancement! We encourage blogs for features including, but not limited to: breaking changes, features and changes important to our users, and features that have been in progress for a long time and are graduating. To opt in, you need to open a Feature Blog placeholder PR against the website repository. |
Placeholder doc: kubernetes/website#45280 |
Hey again @jsafrane 👋 Enhancements team here, Just checking in as we approach code freeze at 02:00 UTC Wednesday 6th March 2024 . Here's where this enhancement currently stands:
For this enhancement, it looks like the following PRs are open and need to be merged before code freeze: Also, please let me know if there are other PRs in k/k we should be tracking for this KEP. |
The last un-merged code PR: kubernetes/kubernetes#123667 |
And it has just merged, so we're good for 1.30, I think |
Hello @jsafrane 👋, Enhancements team here. With all the implementation(code related) PRs merged as per the issue description: This enhancement is now marked as |
Hi @jsafrane 👋, 1.31 Enhancements Lead here. If you wish to progress this enhancement in v1.31, please have the SIG lead opt-in your enhancement by adding the lead-opted-in label and set the milestone to v1.31 before the Production Readiness Review Freeze. /remove-label lead-opted-in |
Enhancement Description
One-line enhancement description (can be used as a release note): Speed up container startup by mounting volumes with the correct SELInux label instead of changing each file on the volumes recursively.
Kubernetes Enhancement Proposal: https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1710-selinux-relabeling
Primary contact (assignee): @jsafrane
Responsible SIGs: sig-storage, sig-node
The KEP describes 2 phases / 2 feature gates.
SELinuxMountReadWriteOncePod:
k/enhancements
) update PR(s):k/k
) update PR(s):k/website
) update PR(s):k/enhancements
) update PR(s):k/k
) update PR(s):k/website
) update(s):SELinuxMount
k/enhancements
) update PR(s): Start SELinuxMount alpha #4436k/k
) update PR(s):k/website
) update PR(s): Document SELinuxMount feature gate website#45280k/enhancements
) update PR(s):k/k
) update PR(s):k/website
) update(s):The text was updated successfully, but these errors were encountered: