Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provision volumes from cross-namespace snapshots #3294

Open
5 of 9 tasks
mkimuram opened this issue May 4, 2022 · 55 comments · Fixed by #3295
Open
5 of 9 tasks

Provision volumes from cross-namespace snapshots #3294

mkimuram opened this issue May 4, 2022 · 55 comments · Fixed by #3295
Assignees
@mkimuram @ttakahashi21
Labels
kind/feature Categorizes issue or PR as related to a new feature. sig/storage Categorizes an issue or PR as relevant to SIG Storage. stage/alpha Denotes an issue tracking an enhancement targeted for Alpha status

Comments

@mkimuram
Copy link
Contributor

mkimuram commented May 4, 2022
edited
Loading

Enhancement Description

Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.
@k8s-ci-robot k8s-ci-robot added sig/storage Categorizes an issue or PR as relevant to SIG Storage. kind/feature Categorizes issue or PR as related to a new feature. labels May 4, 2022
@mkimuram mkimuram mentioned this issue May 4, 2022
Merged
@xing-yang
Copy link
Contributor

/milestone v1.25

@k8s-ci-robot k8s-ci-robot added this to the v1.25 milestone May 13, 2022
@xing-yang xing-yang added the stage/alpha Denotes an issue tracking an enhancement targeted for Alpha status label May 23, 2022
@jingxu97 jingxu97 moved this to Need Review in 1.25 Release May 25, 2022
@Priyankasaggu11929
Copy link
Member

Priyankasaggu11929 commented May 30, 2022
edited
Loading

Hello @mkimuram 👋, 1.25 Enhancements team here.

Just checking in as we approach enhancements freeze on 18:00 PST on Thursday June 16, 2022.

For note, This enhancement is targeting for stage alpha for 1.25 (correct me, if otherwise)

Here's where this enhancement currently stands:

  • KEP file using the latest template has been merged into the k/enhancements repo.
  • KEP status is marked as implementable
  • KEP has a updated detailed test plan section filled out
  • KEP has up to date graduation criteria
  • KEP has a production readiness review that has been completed and merged into k/enhancements.

Looks like for this one, we would need to update the open KEP PR #3295 for the following:

For note, the status of this enhancement is marked as at risk. Please keep the issue description up-to-date with appropriate stages as well. Thank you!

@Priyankasaggu11929 Priyankasaggu11929 added the tracked/yes Denotes an enhancement issue is actively being tracked by the Release Team label May 30, 2022
@Priyankasaggu11929 Priyankasaggu11929 mentioned this issue Jun 11, 2022
Closed
4 tasks
@Priyankasaggu11929
Copy link
Member

Hello @mkimuram 👋, just a quick check-in again, as we approach the 1.25 enhancements freeze.

Please plan to get the above criterias done before the upcoming enhancements freeze on Thursday, June 16, 2022 at 18:00 PM PT.

For note, the current status of the enhancement is at at-risk. Thank you!

@Priyankasaggu11929
Copy link
Member

Hello @mkimuram 👋, another check-in, as we approach the 1.25 enhancements freeze.

All required criteria are fulfilled by the open PR #3295.

We just now require merging it before enhancements freeze on Thursday, June 23, 2022 at 18:00 PM PT, which is just over 3 days away from now.

For note, the current status of the enhancement is atat-risk. Thank you!

@Priyankasaggu11929
Copy link
Member

Hello, 1.25 Enhancements Lead here 👋. With Enhancements Freeze now in effect, this enhancement has not met the criteria for the freeze and has been removed from the milestone.

As a reminder, the criteria for enhancements freeze is:

  • KEP file using the latest template has been merged into the k/enhancements repo, with up to date latest milestone and stage
  • KEP status is marked as implementable
  • KEP has an updated detailed test plan section filled out
  • KEP has up to date graduation criteria
  • KEP has a production readiness review that has been completed and merged into k/enhancements.

Feel free to file an exception to add this back to the release. If you plan to do so, please file this as early as possible.

Thanks!
/milestone clear

@k8s-ci-robot k8s-ci-robot removed this from the v1.25 milestone Jun 24, 2022
@Priyankasaggu11929 Priyankasaggu11929 added tracked/no Denotes an enhancement issue is NOT actively being tracked by the Release Team and removed tracked/yes Denotes an enhancement issue is actively being tracked by the Release Team labels Jun 24, 2022
@jingxu97 jingxu97 moved this from Need Review to Todo in 1.25 Release Jul 25, 2022
@xing-yang xing-yang added the lead-opted-in Denotes that an issue has been opted in to a release label Sep 12, 2022
@xing-yang
Copy link
Contributor

/milestone v1.25

@k8s-ci-robot k8s-ci-robot added this to the v1.25 milestone Sep 12, 2022
@xing-yang xing-yang removed this from the v1.25 milestone Sep 12, 2022
@xing-yang
Copy link
Contributor

/milestone v1.26

@k8s-ci-robot k8s-ci-robot added this to the v1.26 milestone Sep 12, 2022
@xing-yang
Copy link
Contributor

/assign @ttakahashi21

@k8s-ci-robot
Copy link
Contributor

@xing-yang: GitHub didn't allow me to assign the following users: ttakahashi21.

Note that only kubernetes members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @ttakahashi21

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ttakahashi21 ttakahashi21 removed their assignment Sep 12, 2022
@kikisdeliveryservice
Copy link
Member

This issue should remain open so long as the feature isn't deprecated or graduated to GA.

@kikisdeliveryservice kikisdeliveryservice removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Apr 24, 2024
@rcm-steve-horne rcm-steve-horne mentioned this issue Jul 3, 2024
Closed
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jul 23, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle rotten
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Aug 22, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

@k8s-ci-robot k8s-ci-robot closed this as not planned Won't fix, can't repro, duplicate, stale Sep 21, 2024
@k8s-ci-robot
Copy link
Contributor

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@ttakahashi21 ttakahashi21 removed their assignment Sep 24, 2024
@ttakahashi21
Copy link
Contributor

/assign @ttakahashi21
/reopen

It is currently under discussion.
#3294 (comment)

@k8s-ci-robot k8s-ci-robot reopened this Sep 24, 2024
@k8s-ci-robot
Copy link
Contributor

@ttakahashi21: Reopened this issue.

In response to this:

/assign @ttakahashi21
/reopen

It is currently under discussion.
#3294 (comment)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

@k8s-ci-robot
Copy link
Contributor

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot closed this as not planned Won't fix, can't repro, duplicate, stale Oct 24, 2024
@sgielen
Copy link

sgielen commented Oct 24, 2024

/reopen
/remove-lifecycle rotten

This is still awaiting #4387, which is currently still progressing.

@k8s-ci-robot
Copy link
Contributor

@sgielen: You can't reopen an issue/PR unless you authored it or you are a collaborator.

In response to this:

/reopen
/remove-lifecycle rotten

This is still awaiting #4387, which is currently still progressing.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Oct 24, 2024
@ttakahashi21
Copy link
Contributor

/reopen

@k8s-ci-robot
Copy link
Contributor

@ttakahashi21: Reopened this issue.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot reopened this Jan 21, 2025
@ttakahashi21
Copy link
Contributor

ttakahashi21 commented Jan 21, 2025
edited
Loading

@liggitt @deads2k @enj @robscott

Is my understanding right that CrossNamespaceVolumeDataSource feature can be implemented with AuthorizeWithSelectors feature(*1)(*2), instead of ReferenceGrant?

(*1)Authorize with Field and Label Selectors

(*2)Using Node Authorization

@liggitt
Copy link
Member

liggitt commented Jan 21, 2025

Is my understanding right that CrossNamespaceVolumeDataSource feature can be implemented with AuthorizeWithSelectors feature(*1)(*2), instead of ReferenceGrant?

I'm not sure what this feature was planning to use reference grant for. The field/label selector authorization feature just makes selectors visible to authorization. The node authorization feature only applies to kubelet API clients. There is not yet a way to selectively grant selector-based authorization to arbitrary users / clients.

@ttakahashi21
Copy link
Contributor

With this feature enabled, you specify a namespace in the dataSourceRef field of a new PersistentVolumeClaim.
Once CSI provisioner confirms that the DataSource(PVC, VolumeSnapshot ,AnyVolumeDatasource) is allowed to access via the ReferenceGrant. If access is OK, the new PersistentVolume can populate its data from the storage source specified in that other namespace.

I thought this was #4601 that was implemented instead of #4387, am I correct in my understanding?

@liggitt
Copy link
Member

liggitt commented Jan 21, 2025

Once CSI provisioner confirms that the DataSource(PVC, VolumeSnapshot ,AnyVolumeDatasource) is allowed to access via the ReferenceGrant

I'm not aware of any work or design to frame that authorization check in terms of field or label selectors, so I'm not sure how #4601 would impact this feature.

I thought this was #4601 that was implemented instead of #4387, am I correct in my understanding?

#4601 was implemented as a first step and possible building block in a reference grant design.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mkimuram mkimuram

@ttakahashi21 ttakahashi21

Labels
kind/feature Categorizes issue or PR as related to a new feature. sig/storage Categorizes an issue or PR as relevant to SIG Storage. stage/alpha Denotes an issue tracking an enhancement targeted for Alpha status
Projects
(Test board) Kubernetes 1.26 Enhancements Tracking
Status: New New
1.26 Enhancements Tracking
Status: Net New
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

KEP-3294: Add proposal for provisioning volumes from cross-namespace snapshots mkimuram/enhancements