127: Add KEP for user namespaces support #3065
Conversation
k8s-ci-robot
added
do-not-merge/invalid-commit-message
k8s-ci-robot
added
kind/kep
k8s-ci-robot
removed
the
do-not-merge/invalid-commit-message
|
|
||
| ### Graduation Criteria | ||
|
|
||
| Graduation for each pod.spec field we introduce will be separate. |
There was a problem hiding this comment.
I want to highlight this. I'd like the different pod.spec changes to graduate separate, so phase 1&2 can be in GA but phase 3 still in alpha/beta, as we gather more info and feedback (phase 3 will probably need quite a lot of feedback, I don't want that to block the progress of the rest of the features)
There was a problem hiding this comment.
That will be through separate feature flags, right? Do we have proposed names? If we don't have one for later phases, we should call it out as a TBD.
rata
force-pushed
the
rata/userns
branch
2 times, most recently
from
5a721e8
to
5a5f0fd
Compare
|
@ehashman Can we move this to "Needs reviewer"? I've answered all the open comments and my understanding from the last SIG-node meeting is that I'm waiting on @mrunalp and @derekwaynecarr to take a closer look. And I will ping @thockin and @mtaufen too. |
|
Added @SergeyKanzhelev as reviewer now, as he asked me to do in the last sig-node meeting :) |
There was a problem hiding this comment.
Thanks @rata for writing this up. The overall breakdown looks good and I'm eager to see this work get started, so all the low level/behind the scenes groundwork can make progress as you mentioned.
It looks like there are maybe still some details to fill out in the KEP but this LGTM as a high level plan of how to approach the work.
|
@mtaufen Thanks a lot for the review! @ehashman can we move this to needs review? (as I mentioned here #3065 (comment)). A review from @mrunalp and @derekwaynecarr is pending. @thockin also told me on slack that he will review during this break, hopefully :) |
|
This is looking fine to me overall for phase 1. I left a few nits. |
|
@SergeyKanzhelev @mrunalp thanks! We have addressed all the review comments. PTAL, let me know if anything is missing to merge this in with status provisional |
k8s-ci-robot
added
the
lgtm
|
/lgtm |
|
could we get /approve as well? :-) /assign @derekwaynecarr |
| approvers: | ||
| - "@derekwaynecarr" | ||
| feature-gates: | ||
| - name: UserNamespacesPhase1 |
There was a problem hiding this comment.
nit: Do you want to rename this back to UserNamespacesSupport as discussed in the thread before merge?
There was a problem hiding this comment.
Oh, sure. I didn't do it in case pushing will lose the LGTM (I'm not sure what is the config on this repo). Will push in a few minutes :)
There was a problem hiding this comment.
Yeap, we lost the lgtm label with the push :(
This commit adds the high level overview I proposed in the SIG-node meeting on Nov 2. The work divided in phases and intial support (phase 1 and 2) is disentangled from further improvements that community members wanted to see (phase 3). This incorporates the valuable feedback in the discussion at PR 2101, making things as automatic as possible and adding a phase 3 for such improvements, while it also leaves room for future improvements too. Slides used in the Nov 2 SIG-node meeting are here: https://docs.google.com/presentation/d/1z4oiZ7v4DjWpZQI2kbFbI8Q6botFaA07KJYaKA-vZpg/edit#slide=id.gc6f73a04f_0_0 Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io> Co-authored-by: Giuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
k8s-ci-robot
removed
the
lgtm
|
@mrunalp pushed changing only the gate-feature name as you requested. Can you LGTM again? :) |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
@derekwaynecarr ? :) |
|
Phase 1 looks great. /approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: derekwaynecarr, rata, SergeyKanzhelev The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
This commit adds the high level overview I proposed in the SIG-node meeting on Nov 2. The work divided in phases and intial support (phase 1 and 2) is disentangled from further improvements that community members wanted to see (phase 3). This incorporates the valuable feedback in the discussion at PR 2101, making things as automatic as possible and adding a phase 3 for such improvements, while it also leaves room for future improvements too. Slides used in the Nov 2 SIG-node meeting are here: https://docs.google.com/presentation/d/1z4oiZ7v4DjWpZQI2kbFbI8Q6botFaA07KJYaKA-vZpg/edit#slide=id.gc6f73a04f_0_0 Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io> Co-authored-by: Giuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Co-authored-by: Giuseppe Scrivano <gscrivan@redhat.com>
Here is the high level work we discussed during Nov 2 SIG-node meeting.
Let me know if this KEP effectively reflects what we discussed and IIUC agreed. I'd like to know of any concerns or show-stoppers ASAP rather than last minute, after we already worked a lot of time on this.
If there are no concerns and this plan is agreed by all parties and this is merged, with @giuseppe we will start a PoC implementation to fill-in the rest of the details this KEP needs (CRI changes, etc.).
To the best of my knowledge, this incorporates all the feedback in the PR #2101 that @thockin @mtaufen and others gave (see basically that almost all is automatic and the room for improvements in phase 3, in particular the per-sa/per-ns strategies are in scope, with some others).
Please let us know what you think and thanks again for your time! :)
Tagging people that might want to get their eyes on this:
@giuseppe @mrunalp @derekwaynecarr @endocrimes @rhatdan @alban @mauriciovasquezbernal
I created this with @giuseppe, who has already reviewed this.
Bellow c&p from the commit msg (see the slides linked below for a quick overview, if you prefer that! :)).
This commit adds the high level overview I proposed in the SIG-node
meeting on Nov 2. The work divided in phases and intial support (phase 1
and 2) is disentangled from further improvements that community members
wanted to see (phase 3).
This incorporates the valuable feedback in the discussion at PR #2101,
making things as automatic as possible and adding a phase 3 for such
improvements, while it also leaves room for future improvements too.
Slides used in the Nov 2 SIG-node meeting are here:
https://docs.google.com/presentation/d/1z4oiZ7v4DjWpZQI2kbFbI8Q6botFaA07KJYaKA-vZpg/edit#slide=id.gc6f73a04f_0_0
Closes: #2101
Signed-off-by: Rodrigo Campos rodrigo@kinvolk.io