Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Speed up recursive SELinux label change #1710

Open
12 of 16 tasks
jsafrane opened this issue Apr 23, 2020 · 82 comments
Open
12 of 16 tasks

Speed up recursive SELinux label change #1710

jsafrane opened this issue Apr 23, 2020 · 82 comments
Assignees
Labels
lead-opted-in Denotes that an issue has been opted in to a release sig/node Categorizes an issue or PR as relevant to SIG Node. sig/storage Categorizes an issue or PR as relevant to SIG Storage. stage/beta Denotes an issue tracking an enhancement targeted for Beta status
Milestone

Comments

@jsafrane
Copy link
Member

jsafrane commented Apr 23, 2020

Enhancement Description

The KEP describes 2 phases / 2 feature gates.

SELinuxMountReadWriteOncePod:

SELinuxMount

@k8s-ci-robot k8s-ci-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Apr 23, 2020
@jsafrane
Copy link
Member Author

/sig storage
/sig node

@k8s-ci-robot k8s-ci-robot added sig/storage Categorizes an issue or PR as relevant to SIG Storage. sig/node Categorizes an issue or PR as relevant to SIG Node. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Apr 28, 2020
@palnabarun
Copy link
Member

Hey @jsafrane -- 1.19 Enhancements Lead here. I wanted to check in and see if you think this Enhancement will be graduating in 1.19?

In order to have this part of the release:

  1. The KEP PR must be merged in an implementable state
  2. The KEP must have test plans
  3. The KEP must have graduation criteria.

The current release schedule is:

  • Monday, April 13: Week 1 - Release cycle begins
  • Tuesday, May 19: Week 6 - Enhancements Freeze
  • Thursday, June 25: Week 11 - Code Freeze
  • Thursday, July 9: Week 14 - Docs must be completed and reviewed
  • Tuesday, August 4: Week 17 - Kubernetes v1.19.0 released

@palnabarun
Copy link
Member

Hi @jsafrane,

Tomorrow, Tuesday May 19 EOD Pacific Time is Enhancements Freeze

Will this enhancement be part of the 1.19 release cycle?

@palnabarun
Copy link
Member

@jsafrane -- Unfortunately, the deadline for the 1.19 Enhancement freeze has passed. For now, this is being removed from the milestone and 1.19 tracking sheet. If there is a need to get this in, please file an enhancement exception.

@palnabarun palnabarun added the tracked/no Denotes an enhancement issue is NOT actively being tracked by the Release Team label May 20, 2020
@jsafrane
Copy link
Member Author

@palnabarun hey, we've just merged the KEP yesterday, at the last moment. I admit I did not pay attention to this enhancement issue and focused on the design. Do I really need an exception just to restore the milestone?

@palnabarun
Copy link
Member

Do I really need an exception just to restore the milestone?

Yes, an exception would be needed. Here is the process on how to file and exception request.

@palnabarun
Copy link
Member

@jsafrane -- Your exception request was approved. I have updated the tracking sheet accordingly.

@palnabarun
Copy link
Member

/milestone v1.19

@k8s-ci-robot k8s-ci-robot added this to the v1.19 milestone May 22, 2020
@palnabarun palnabarun added tracked/yes Denotes an enhancement issue is actively being tracked by the Release Team and removed tracked/no Denotes an enhancement issue is NOT actively being tracked by the Release Team labels May 22, 2020
@palnabarun
Copy link
Member

/stage alpha

@k8s-ci-robot k8s-ci-robot added the stage/alpha Denotes an issue tracking an enhancement targeted for Alpha status label May 22, 2020
@zestrells
Copy link

Hi @jsafrane - My name is Zachary, 1.19 Docs shadow. Is this enhancement work planned for 1.19 and does it require any new docs (or modifications to existing docs)? If not, can you please update the 1.19 Enhancement Tracker Sheet, or let me know, I can do it for you :)
If docs are required, just a friendly reminder that we are looking for a PR against k/website (branch dev-1.19) due by Friday, June 12, it can just be a placeholder PR at this time. Let me know if you have any questions!

@jsafrane
Copy link
Member Author

@zestrells, yes, documentation will be needed. I can't edit the tracking sheet, can you please note it there?

@harshanarayana
Copy link

Hey @jsafrane, I am with the enhancements team for the v1.19 release cycle as a shadow.

The code freeze deadline for the Enhancement is Thursday, June 25. I am checking in to see if there is any k/k PR that you have already opened for this enhancement and if so, would you be able to point me in the direction of the PR so that the same can be updated in the tracking sheet

Have a wonderful day. 🖖

@zestrells
Copy link

Hi @jsafrane - Just a reminder that docs placeholder PR against dev-1.19 is due by June 12th. Does this enhancement require any changes to docs? If so, can you update here with a link to the PR once you have it in place? If not, please update the same, so that the tracking sheet can be updated accordingly. Thanks!

@harshanarayana
Copy link

Hey @jsafrane, This is just a reminder that the code freeze for the enhancement is Thursday, June 25. I am checking in to see if there is any k/k PR that is already open against this enhancement that needs to be tracked.

Have a wonderful day. 🖖

@jsafrane
Copy link
Member Author

API PR: kubernetes/kubernetes#91838
WIP Docs: kubernetes/website#21773

@harshanarayana
Copy link

Hi, @jsafrane

This is a follow-up to the communication that went out to k-dev today. There has been a revision to the release schedule of v1.19 as follows.

Thursday, July 9th: Week 13 - Code Freeze
Thursday, July 16th: Week 14 - Docs must be completed and reviewed
Tuesday, August 25th: Week 20 - Kubernetes v1.19.0 released
Thursday, August 27th: Week 20 - Release Retrospective

You can find the revised Schedule in the sig-release Repo

Please let me know if you have any questions. 🖖

@harshanarayana
Copy link

Hi @jsafrane ,

This is just a follow up to my earlier messages on the upcoming deadlines. The code freeze deadline is Thursday, July 9th EOD PST and I noticed that the k/k PRs are still in flight.

For the enhancement to be included into v1.19 this PR needs to be merged before the code freeze deadline.

Please refer to the Exception Process documentation in case if there is a need for one.

@harshanarayana
Copy link

/milestone clear
/milestone v1.20

@k8s-ci-robot k8s-ci-robot removed this from the v1.19 milestone Jul 9, 2020
@jsafrane
Copy link
Member Author

BTW, all code was merged before the freeze.

@ibotty
Copy link

ibotty commented May 8, 2023

kubernetes/website#39836 is a blog entry,

It instructs to comment on this KEP when this is not sufficient. It is not for my deployment. I have a large (as in size and file count) CephFS volume that is mounted in multiple pods at the same time. It is only ever mounted with the same fsGroup and selinux context.

I get a CreateContainerError with context deadline exceeded when mounting the volume.

@jsafrane
Copy link
Member Author

jsafrane commented May 9, 2023

copying a paragraph from the blog:

If running two Pods with two different SELinux contexts and using different subPaths of the same volume is necessary in your deployments, please comment in the KEP issue (or upvote any existing comment - it's best not to duplicate). Such pods may not run when the feature is extended to cover all volume access modes.

@ibotty, from what you describe, you run all your Pods that access a big volume with the same fsGroup and SELinux contexts. If that's correct, then you should be fine when the feature gets expanded to all volume access modes (namely ReadWriteMany).

It will take some time to add ReadWriteMany volumes though - we need to catch the cases where things would break first. Like when people run Pods with different SELinux context that access the same volume simultaneously at different subpaths - as kubelet must mount the whole volumes with a single SELinux, not as subpath of it. (kubelet + SELinux is ... not intuitive, I'd say)

@Atharva-Shinde Atharva-Shinde removed tracked/yes Denotes an enhancement issue is actively being tracked by the Release Team lead-opted-in Denotes that an issue has been opted in to a release labels May 14, 2023
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 20, 2024
@jsafrane
Copy link
Member Author

/milestone v1.30
/label lead-opted-in

@k8s-ci-robot k8s-ci-robot modified the milestones: v1.27, v1.30 Jan 23, 2024
@jsafrane
Copy link
Member Author

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 23, 2024
@jsafrane jsafrane added the lead-opted-in Denotes that an issue has been opted in to a release label Jan 23, 2024
@tjons
Copy link

tjons commented Jan 31, 2024

Hello @jsafrane 👋, Enhancements team here.

Just checking in as we approach enhancements freeze on Friday, February 9th, 2024 at 02:00 UTC.

This enhancement is targeting for stage alpha for 1.30 (correct me, if otherwise)

Here's where this enhancement currently stands:

  • KEP readme using the latest template has been merged into the k/enhancements repo.
  • KEP status is marked as implementable for latest-milestone: 1.30. KEPs targeting stable will need to be marked as implemented after code PRs are merged and the feature gates are removed.
  • KEP readme has up-to-date graduation criteria
  • KEP has a production readiness review that has been completed and merged into k/enhancements. (For more information on the PRR process, check here).

For this KEP, we would just need to complete the following:

  • Merge the KEP changes readme into the k/enhancements repo.
  • Complete the PRR review process and merge it into k/enhancements.
  • Mark this KEP as implementable for latest-milestone: 1.30.

The status of this enhancement is marked as at risk for enhancement freeze. Please keep the issue description up-to-date with appropriate stages as well. Thank you!

@jsafrane
Copy link
Member Author

jsafrane commented Feb 1, 2024

@tjons, KEP has been updated: #4436

There are two feature gates in the KEP. One of them is already beta in 1.29 and we don't plan any change there in 1.30.
We're introducing a new feature gate and it will be alpha. IMO it has no impact on PRR, all operational aspects will be the same as they were already approved in 1.29

@jsafrane
Copy link
Member Author

jsafrane commented Feb 1, 2024

And I think the KEP uses the latest template, please let me know if I missed anything.

@tjons
Copy link

tjons commented Feb 4, 2024

Hey @jsafrane - PRR's are now required for alpha features, see https://github.com/kubernetes/community/blob/master/sig-architecture/production-readiness.md. So, we will need that completed to get this tracked for 1.30 enhancements!

@tjons
Copy link

tjons commented Feb 8, 2024

With all the requirements fulfilled this enhancement is now marked as tracked for the upcoming enhancements freeze 🚀

@Princesso
Copy link

Hello @jsafrane , 👋 1.30 Docs Shadow here.
Does this enhancement work planned for 1.30 require any new docs or modifications to existing docs?
If so, please follow the steps here to open a PR against the dev-1.30 branch in the k/website repo. This PR can be just a placeholder at this time and must be created before Thursday, February 22nd, 2024 18:00 PDT.
Also, take a look at Documenting for a release to get yourself familiarize with the docs requirement for the release.
Thank you!

@a-mccarthy
Copy link

Hi @jsafrane ,

👋 from the v1.30 Communications Team! We'd love for you to opt in to write a feature blog about your enhancement!

We encourage blogs for features including, but not limited to: breaking changes, features and changes important to our users, and features that have been in progress for a long time and are graduating.

To opt in, you need to open a Feature Blog placeholder PR against the website repository.
The placeholder PR deadline is 27th February, 2024.
Here's the 1.30 Release Calendar

@jsafrane
Copy link
Member Author

Placeholder doc: kubernetes/website#45280

@tjons
Copy link

tjons commented Feb 25, 2024

Hey again @jsafrane 👋 Enhancements team here,

Just checking in as we approach code freeze at 02:00 UTC Wednesday 6th March 2024 .

Here's where this enhancement currently stands:

  • All PRs to the Kubernetes repo that are related to your enhancement are linked in the above issue description (for tracking purposes).
  • All PR/s are ready to be merged (they have approved and lgtm labels applied) by the code freeze deadline. This includes tests.

For this enhancement, it looks like the following PRs are open and need to be merged before code freeze:

Also, please let me know if there are other PRs in k/k we should be tracking for this KEP.
As always, we are here to help if any questions come up. Thanks!

@jsafrane
Copy link
Member Author

jsafrane commented Mar 4, 2024

The last un-merged code PR: kubernetes/kubernetes#123667
(i.e. still at risk, but doing my best)

@jsafrane
Copy link
Member Author

jsafrane commented Mar 4, 2024

And it has just merged, so we're good for 1.30, I think

@tjons
Copy link

tjons commented Mar 6, 2024

Hello @jsafrane 👋, Enhancements team here.

With all the implementation(code related) PRs merged as per the issue description:

This enhancement is now marked as tracked for code freeze for the 1.30 Code Freeze!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
lead-opted-in Denotes that an issue has been opted in to a release sig/node Categorizes an issue or PR as relevant to SIG Node. sig/storage Categorizes an issue or PR as relevant to SIG Storage. stage/beta Denotes an issue tracking an enhancement targeted for Beta status
Projects
Status: Tracked
Status: Tracked for Code Freeze
Development

No branches or pull requests