Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow CSI drivers to opt-in to volume ownership change #1682

Closed
gnufied opened this issue Apr 13, 2020 · 53 comments · Fixed by kubernetes/kubernetes#92001
Closed

Allow CSI drivers to opt-in to volume ownership change #1682

gnufied opened this issue Apr 13, 2020 · 53 comments · Fixed by kubernetes/kubernetes#92001
Assignees
Labels
sig/storage Categorizes an issue or PR as relevant to SIG Storage. stage/beta Denotes an issue tracking an enhancement targeted for Beta status

Comments

@gnufied
Copy link
Member

gnufied commented Apr 13, 2020

Enhancement Description

@k8s-ci-robot k8s-ci-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Apr 13, 2020
@gnufied
Copy link
Member Author

gnufied commented Apr 13, 2020

/sig storage

@k8s-ci-robot k8s-ci-robot added sig/storage Categorizes an issue or PR as relevant to SIG Storage. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Apr 13, 2020
@huffmanca
Copy link
Contributor

huffmanca commented Apr 17, 2020

/assign

@harshanarayana
Copy link

harshanarayana commented Apr 30, 2020

Hey there @huffmanca / @gnufied -- 1.19 Enhancements shadow here. I wanted to check in and see if you think this Enhancement will be graduating in 1.19?

In order to have this part of the release:

  1. The KEP PR must be merged in an implementable state
  2. The KEP must have test plans
  3. The KEP must have graduation criteria.

The current release schedule is:

  • Monday, April 13: Week 1 - Release cycle begins
  • Tuesday, May 19: Week 6 - Enhancements Freeze
  • Thursday, June 25: Week 11 - Code Freeze
  • Thursday, July 9: Week 14 - Docs must be completed and reviewed
  • Tuesday, August 4: Week 17 - Kubernetes v1.19.0 released

If you do, I'll add it to the 1.19 tracking sheet (http://bit.ly/k8s-1-19-enhancements). Once coding begins please list all relevant k/k PRs in this issue so they can be tracked properly. 👍

Thanks!

@huffmanca
Copy link
Contributor

huffmanca commented May 1, 2020

@harshanarayana ,

It is expected for this enhancement to be included in the 1.19 release. Please go ahead and add it to the tracking sheet, or let me know if there are any issues.

Thank you!

@harshanarayana
Copy link

harshanarayana commented May 1, 2020

Hey @huffmanca, thanks for following up on this with an update. I have update the tracking sheet accordingly. 🖖

Thanks

@palnabarun
Copy link
Member

palnabarun commented May 4, 2020

/stage alpha
/milestone v1.19

@k8s-ci-robot k8s-ci-robot added the stage/alpha Denotes an issue tracking an enhancement targeted for Alpha status label May 4, 2020
@k8s-ci-robot k8s-ci-robot added this to the v1.19 milestone May 4, 2020
@palnabarun palnabarun added the tracked/yes Denotes an enhancement issue is actively being tracked by the Release Team label May 4, 2020
@harshanarayana
Copy link

harshanarayana commented May 15, 2020

Hey @huffmanca , Enhancements shadow for the v1.19 here. Thanks for including the PRR criteria in the KEP 🖖

@harshanarayana
Copy link

harshanarayana commented May 18, 2020

Hey @huffmanca / @gnufied, Enhancement shadow for the v1.19 release cycle here. Just following up on my earlier update to inform you of the upcoming Enhancement Freeze scheduled on Tuesday, May 19.

I noticed that the KEP is still in flight. As per the requirements, the KEP should be merged and implementable for it to be considered for the release v1.19.

Please feel free to reach out in case if you need any more information.

Thanks, Harsha

@liggitt liggitt added the kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API label May 21, 2020
@zestrells
Copy link

zestrells commented May 25, 2020

Hi @gnufied - My name is Zachary, 1.19 Docs shadow. Is this enhancement work planned for 1.19 and does it require any new docs (or modifications to existing docs)? If not, can you please update the 1.19 Enhancement Tracker Sheet, or let me know, I can do it for you :)
If docs are required, just a friendly reminder that we are looking for a PR against k/website (branch dev-1.19) due by Friday, June 12, it can just be a placeholder PR at this time. Let me know if you have any questions!

@harshanarayana
Copy link

harshanarayana commented May 27, 2020

Hey @gnufied, I am with the enhancements team for the v1.19 release cycle as a shadow.

The code freeze deadline for the Enhancement is Thursday, June 25. I am checking in to see if there is any k/k PR that you have already opened for this enhancement and if so, would you be able to point me in the direction of the PR so that the same can be updated in the tracking sheet

Have a wonderful day. 🖖

@zestrells
Copy link

zestrells commented Jun 8, 2020

Hi @gnufied - Just a reminder that docs placeholder PR against dev-1.19 is due by June 12th. Does this enhancement require any changes to docs? If so, can you update here with a link to the PR once you have it in place? If not, please update the same, so that the tracking sheet can be updated accordingly. Thanks!

@huffmanca
Copy link
Contributor

huffmanca commented Jun 8, 2020

@zestrells ,

I'll ensure to have a placeholder PR submitted for the documentation changes by the deadline. Thank you for the reminder!

@huffmanca
Copy link
Contributor

huffmanca commented Jun 11, 2020

@harshanarayana ,

The code change PR is now linked to this issue, and can be accessed at kubernetes/kubernetes#92001 .

@harshanarayana
Copy link

harshanarayana commented Jun 11, 2020

@harshanarayana ,

The code change PR is now linked to this issue, and can be accessed at kubernetes/kubernetes#92001 .

Hey @huffmanca, thanks the update. I will update the tracker sheet to indicate the k/k PR.

🖖

@huffmanca
Copy link
Contributor

huffmanca commented Jun 11, 2020

@zestrells ,

Two PRs have been opened for documentation:

@harshanarayana
Copy link

harshanarayana commented Jun 16, 2020

Hi, @huffmanca

This is a follow-up to the communication that went out to k-dev today. There has been a revision to the release schedule of v1.19 as follows.

Thursday, July 9th: Week 13 - Code Freeze
Thursday, July 16th: Week 14 - Docs must be completed and reviewed
Tuesday, August 25th: Week 20 - Kubernetes v1.19.0 released
Thursday, August 27th: Week 20 - Release Retrospective

You can find the revised Schedule in the sig-release Repo

Please let me know if you have any questions. 🖖

Fedosin added a commit to Fedosin/csi-driver-nfs that referenced this issue Jun 17, 2020
For RWX volume, kubelet does not perform recursive ownership/permission
change. The heuristics that kubelet uses is being modified via -
kubernetes/enhancements#1682

Having said that, for RWX volumes which are made available via NFS
protocol, using fsGroup is not recommended because if there are 2 pods
that are trying to use same volume but with different fsGroup then one
pod may lock out the other pod.

To avoid this, we must be able to set the folder permissions to 777.
This commit adds a cli option --mount-permissions, that allows to
define custom permissions. Default value is kept to 0750.
Fedosin added a commit to Fedosin/csi-driver-nfs that referenced this issue Jun 17, 2020
For RWX volume, kubelet does not perform recursive ownership/permission
change. The heuristics that kubelet uses is being modified via -
kubernetes/enhancements#1682

Having said that, for RWX volumes which are made available via NFS
protocol, using fsGroup is not recommended because if there are 2 pods
that are trying to use same volume but with different fsGroup then one
pod may lock out the other pod.

To avoid this, we must be able to set the folder permissions to 777.
This commit adds a cli option --mount-permissions, that allows to
define custom permissions. If the value is not specified, then default
permissions will be kept.
Fedosin added a commit to Fedosin/csi-driver-nfs that referenced this issue Jun 17, 2020
For RWX volume, kubelet does not perform recursive ownership/permission
change. The heuristics that kubelet uses is being modified via -
kubernetes/enhancements#1682

Having said that, for RWX volumes which are made available via NFS
protocol, using fsGroup is not recommended because if there are 2 pods
that are trying to use same volume but with different fsGroup then one
pod may lock out the other pod.

To avoid this, we must be able to set the folder permissions to 777.
This commit adds a cli option --mount-permissions, that allows to
define custom permissions. If the value is not specified, then default
permissions will be kept.

Cherry-picked from: kubernetes-csi#36
@k8s-triage-robot
Copy link

k8s-triage-robot commented Aug 5, 2021

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 5, 2021
@xing-yang
Copy link
Contributor

xing-yang commented Aug 30, 2021

/milestone v1.23

@k8s-ci-robot k8s-ci-robot added this to the v1.23 milestone Aug 30, 2021
@xing-yang
Copy link
Contributor

xing-yang commented Aug 30, 2021

/remove-lifecycle rotten

@dobsonj
Copy link
Member

dobsonj commented Aug 30, 2021

/assign

@dobsonj
Copy link
Member

dobsonj commented Aug 30, 2021

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 30, 2021
@supriya-premkumar
Copy link
Contributor

supriya-premkumar commented Sep 8, 2021

Hi @huffmanca 👋🏽 1.23 Enhancements shadow here. Just checking in as we are approaching the enhancement freeze deadline at 23:59:59 PDT on Thursday, September 9th.

This enhancement is marked as atRisk. Please create a PR to update the following.

For the enhancement to be included in the 1.23 milestone, it must meet the following criteria:

  • Should have an approved PRR
  • kep.yaml latest milestone need to reflect the release cycle i.e., latest-milestone: "v1.23"

Any enhancements that do not complete the following requirements by the freeze deadline will require an exception.

Thank you!

@dobsonj
Copy link
Member

dobsonj commented Sep 8, 2021

Hi @supriya-premkumar, the PR just merged: #2918

@supriya-premkumar
Copy link
Contributor

supriya-premkumar commented Sep 8, 2021

I will update the tracking sheet
For the enhancement to be included in the 1.23 milestone, it must meet the following criteria:

  • Should have an approved PRR
  • kep.yaml latest milestone need to reflect the release cycle i.e., latest-milestone: "v1.23"

Thank you @dobsonj. This Issue is all set for the enhancement freeze 🎉

@ramrodo
Copy link
Member

ramrodo commented Sep 20, 2021

Hi @dobsonj @huffmanca 👋 1.23 Docs shadow here.

This enhancement is marked as Needs Docs for the 1.23 release.

Please follow the steps detailed in the documentation to open a PR against the dev-1.23 branch in the k/website repo. This PR can be just a placeholder at this time and must be created before Thu November 18, 11:59 PM PDT.

Also, if needed take a look at Documenting for a release to familiarize yourself with the docs requirement for the release.

Thanks!

@dobsonj
Copy link
Member

dobsonj commented Oct 27, 2021

Feature gate PR:
kubernetes/kubernetes#105940
Doc PR's (@ramrodo):
kubernetes/website#30280
kubernetes-csi/docs#470

@supriya-premkumar
Copy link
Contributor

supriya-premkumar commented Nov 9, 2021

Hi @huffmanca 👋🏽 1.23 Enhancements shadow here
I wanted to check in on the PR status for this issue since we are approaching code freeze deadline on Tuesday, November 16 at 6:00 pm PST

I see that there is one open PR.
For this issue to be included in the release please make sure to

  1. Link the updated PRs in the description
  2. Merge the PRs(k/k) before code freeze deadline

Marking this issue as atRisk on the tracking sheet for now. Please let me know once you have updated it.

@dobsonj
Copy link
Member

dobsonj commented Nov 10, 2021

Hi @supriya-premkumar, that PR just merged, so we should be all set for GA in 1.23.

@sftim
Copy link
Contributor

sftim commented Dec 6, 2021

BTW, the checkboxes for #1682 (comment) are missing. I'm guessing this either did pass its PRR, or we skipped it.

@gracenng gracenng removed this from the v1.23 milestone Jan 9, 2022
@gracenng gracenng removed the tracked/no Denotes an enhancement issue is NOT actively being tracked by the Release Team label Jan 9, 2022
@gracenng
Copy link
Member

gracenng commented Jan 9, 2022

Hi @dobsonj ,

1.24 Enhancements Lead here. Since the issue is in GA, could you please update this enhancements's KEP status to implemented, then close this issue?

Thanks :)

@dobsonj
Copy link
Member

dobsonj commented Jan 19, 2022

Since the issue is in GA, could you please update this enhancements's KEP status to implemented, then close this issue?

Done, thanks! #3145
/close

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Jan 19, 2022

@dobsonj: Closing this issue.

In response to this:

Since the issue is in GA, could you please update this enhancements's KEP status to implemented, then close this issue?

Done, thanks! #3145
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
sig/storage Categorizes an issue or PR as relevant to SIG Storage. stage/beta Denotes an issue tracking an enhancement targeted for Beta status
Projects
None yet
Development

Successfully merging a pull request may close this issue.