runtime: Fix configmap/secrets updates with FS sharing disabled #8239
Conversation
|
Can one of the admins verify this patch? |
Sumynwa
force-pushed
the
sumsharma/fix_configmap_update_propagation
branch
from
5cd7410
to
43f7ed6
Compare
|
/test |
Sumynwa
force-pushed
the
sumsharma/fix_configmap_update_propagation
branch
2 times, most recently
from
01d08b6
to
a537a62
Compare
|
/test |
danmihai1
added
the
area/confidential-containers
There was a problem hiding this comment.
Code-wise it looks good to me.
You have my "lgtm", and will have my approval once someone can have this one tested on the peer-pods side. Maybe @stevenhorsman, in case he has a handy cluster around.
So the issue is that peer pods can't run against main here. I did create #8015 to cover adding tests for this scenario, but I don't want to block this change waiting for that. |
|
I just had a minor comment. Rest looks good. As @stevenhorsman already mentioned, it's not possible to test this with peer-pods. |
…abled This PR fixes k8's configmap/secrets etc update propagation when filesystem sharing is disabled. The commit introduces below changes with some limitations: - creates new timestamped directory in guest - updates the '..data' symlink - creates user visible symlinks to newly created secrets. - Limitation: The older timestamped directory and stale user visible symlinks exist in guest due to missing DELETE api in agent. Fixes: kata-containers#7398 Signed-off-by: Sumedh Alok Sharma <sumsharma@microsoft.com>
Sumynwa
force-pushed
the
sumsharma/fix_configmap_update_propagation
branch
from
a537a62
to
4aaf54b
Compare
|
/test |
|
Sumedh is out on vacation. I will remind him to address the feedback from this PR when he comes back to work, next week. |
Nevermind - looks like he is back already. |
|
Dan, I have addressed the PR feedbacks. |
This PR fixes k8's configmap/secrets etc update propagation when filesystem sharing is disabled.
The commit introduces below changes with some limitations:
Fixes: #7398