Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.9] Automated cherry pick of #58720 #57326 #60342 #60258

Merged
merged 3 commits into from
Mar 1, 2018
Merged

[1.9] Automated cherry pick of #58720 #57326 #60342 #60258

merged 3 commits into from
Mar 1, 2018

Conversation

joelsmith
Copy link
Contributor

@joelsmith joelsmith commented Feb 22, 2018
edited by liggitt

Cherry pick of #58720 #57326 #60342 on release-1.9.

#58720: Ensure that the runtime mounts RO volumes read-only
#57326: Update Dashboard version to v1.8.3
#60342: Fix nested volume mounts for read-only API data volumes

Fixes #60814 for 1.9

Note for reviewers:
The Dashboard update is necessary because previous versions of the Dashboard attempted to write to the secret volume on startup, and so the read-only secret volume change prevented the Dashboard from starting.

Changes secret, configMap, downwardAPI and projected volumes to mount read-only, instead of allowing applications to write data and then reverting it automatically. Until version 1.11, setting the feature gate ReadOnlyAPIDataVolumes=false will preserve the old behavior. Updates dashboard version to v1.8.3 to avoid writing to read-only locations.

@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Feb 22, 2018
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Feb 22, 2018
@k8s-github-robot k8s-github-robot added the do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. label Feb 22, 2018
liggitt
liggitt reviewed Feb 23, 2018
View reviewed changes
cluster/addons/dashboard/dashboard-controller.yaml Outdated
@@ -56,8 +56,7 @@ spec:
timeoutSeconds: 30
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
emptyDir: {}
Copy link
Member

@liggitt liggitt Feb 23, 2018
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't merge this change. We require the dashboard bump and revert of this (#57326) before merging into a release branch

@joelsmith
Copy link
Contributor Author

joelsmith commented Feb 23, 2018
edited

I'll add #57326 to this chery-pick PR as soon as it's squashed and merged. (edit: now added)

@joelsmith
Ensure that the runtime mounts RO volumes read-only
aa8a494 
Add a feature gate ReadOnlyAPIDataVolumes to a provide a way to
disable the new behavior in 1.10, but for 1.11, the new
behavior will become non-optional.

Also, update E2E tests for downwardAPI and projected volumes
to mount the volumes somewhere other than /etc.
@joelsmith joelsmith force-pushed the automated-cherry-pick-of-#58720-upstream-release-1.9 branch from 6be88dd to 81c9efe Compare February 26, 2018 17:48
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Feb 26, 2018
@joelsmith
Copy link
Contributor Author

We should wait until #60342 is done/merged and then add it here before considering this for merge.
/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Feb 26, 2018
@joelsmith joelsmith changed the title Automated cherry pick of #58720 Automated cherry pick of #58720 #57326 #60342 Feb 27, 2018
@joelsmith joelsmith changed the title Automated cherry pick of #58720 #57326 #60342 [1.9] Automated cherry pick of #58720 #57326 #60342 Feb 27, 2018
@joelsmith
Copy link
Contributor Author

/kind bug
/sig storage
/sig node
/priority important-soon
/hold cancel
Canceling hold since #60342 is in the merge queue.

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. sig/storage Categorizes an issue or PR as relevant to SIG Storage. sig/node Categorizes an issue or PR as relevant to SIG Node. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. labels Feb 27, 2018
@liggitt liggitt added this to the v1.9 milestone Feb 27, 2018
@joelsmith
Copy link
Contributor Author

/retest

Sebastian Florek and others added 2 commits February 27, 2018 23:37
@joelsmith
Update Dashboard version to v1.8.3
8573ece
@joelsmith
Fix nested volume mounts for read-only API data volumes
fb52f29 
Since the runtime may try to create mount points within
the sandbox, it will fail if the mount point is within
a read-only API data volume, like a secret or configMap
volume.

Create any needed mount points during volume setup.
@joelsmith joelsmith force-pushed the automated-cherry-pick-of-#58720-upstream-release-1.9 branch from 8a5a1ed to fb52f29 Compare February 28, 2018 11:37
@k8s-github-robot k8s-github-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 28, 2018
@joelsmith
Copy link
Contributor Author

I didn't pay enough attention on the backport of the dashboard update. One of its changes prevented the dashboard from starting on 1.9:

-apiVersion: apps/v1beta2
+apiVersion: apps/v1

So I've reverted that change (and squashed the revert into the commit)

pull-kubernetes-verify should pass now that #60522 is merged
/retest

@liggitt
Copy link
Member

liggitt commented Feb 28, 2018

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 28, 2018
@liggitt
Copy link
Member

liggitt commented Feb 28, 2018

/status approved-for-milestone

@k8s-github-robot
Copy link

[MILESTONENOTIFIER] Milestone Pull Request: Up-to-date for process

@joelsmith @liggitt @mbohlool @msau42 @saad-ali

Pull Request Labels
  • sig/node sig/storage: Pull Request will be escalated to these SIGs if needed.
  • priority/important-soon: Escalate to the pull request owners and SIG owner; move out of milestone after several unsuccessful escalation attempts.
  • kind/bug: Fixes a bug discovered during the current release.
Help

@smarterclayton
Copy link
Contributor

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: joelsmith, liggitt, msau42, smarterclayton

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 28, 2018
@mbohlool
Copy link
Contributor

#58720 has a long release note. please update it with a shorter more user facing release note.

@liggitt
Copy link
Member

liggitt commented Feb 28, 2018

updated

@mbohlool mbohlool added cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. and removed do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. labels Feb 28, 2018
@k8s-github-robot
Copy link

/test all [submit-queue is verifying that this PR is safe to merge]

@joelsmith
Copy link
Contributor Author

/test pull-kubernetes-e2e-kops-aws

@k8s-github-robot
Copy link

Automatic merge from submit-queue.

@k8s-github-robot k8s-github-robot merged commit 3a9f962 into kubernetes:release-1.9 Mar 1, 2018
@joelsmith joelsmith deleted the automated-cherry-pick-of-#58720-upstream-release-1.9 branch March 1, 2018 14:58
@liggitt liggitt mentioned this pull request Mar 12, 2018
Closed
@andyzhangx andyzhangx mentioned this pull request Apr 17, 2018
Closed
@jaumann jaumann mentioned this pull request Dec 12, 2019
Closed
@kvaps kvaps mentioned this pull request Aug 2, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liggitt liggitt liggitt left review comments

@dchen1107 dchen1107 Awaiting requested review from dchen1107

@enj enj Awaiting requested review from enj

@jbeda jbeda Awaiting requested review from jbeda

@ncdc ncdc Awaiting requested review from ncdc

Assignees

@liggitt liggitt

@mbohlool mbohlool

@saad-ali saad-ali

@msau42 msau42

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/security cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/storage Categorizes an issue or PR as relevant to SIG Storage. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.9
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@joelsmith @msau42 @liggitt @k8s-github-robot @smarterclayton @k8s-ci-robot @mbohlool @saad-ali