-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[1.9] Automated cherry pick of #58720 #57326 #60342 #60258
[1.9] Automated cherry pick of #58720 #57326 #60342 #60258
Conversation
@@ -56,8 +56,7 @@ spec: | |||
timeoutSeconds: 30 | |||
volumes: | |||
- name: kubernetes-dashboard-certs | |||
secret: | |||
secretName: kubernetes-dashboard-certs | |||
emptyDir: {} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't merge this change. We require the dashboard bump and revert of this (#57326) before merging into a release branch
I'll add #57326 to this chery-pick PR as soon as it's squashed and merged. (edit: now added) |
Add a feature gate ReadOnlyAPIDataVolumes to a provide a way to disable the new behavior in 1.10, but for 1.11, the new behavior will become non-optional. Also, update E2E tests for downwardAPI and projected volumes to mount the volumes somewhere other than /etc.
6be88dd
to
81c9efe
Compare
We should wait until #60342 is done/merged and then add it here before considering this for merge. |
/kind bug |
/retest |
Since the runtime may try to create mount points within the sandbox, it will fail if the mount point is within a read-only API data volume, like a secret or configMap volume. Create any needed mount points during volume setup.
8a5a1ed
to
fb52f29
Compare
I didn't pay enough attention on the backport of the dashboard update. One of its changes prevented the dashboard from starting on 1.9: -apiVersion: apps/v1beta2
+apiVersion: apps/v1 So I've reverted that change (and squashed the revert into the commit) pull-kubernetes-verify should pass now that #60522 is merged |
/lgtm |
/status approved-for-milestone |
[MILESTONENOTIFIER] Milestone Pull Request: Up-to-date for process @joelsmith @liggitt @mbohlool @msau42 @saad-ali Pull Request Labels
|
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: joelsmith, liggitt, msau42, smarterclayton The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
#58720 has a long release note. please update it with a shorter more user facing release note. |
updated |
/test all [submit-queue is verifying that this PR is safe to merge] |
/test pull-kubernetes-e2e-kops-aws |
Automatic merge from submit-queue. |
Cherry pick of #58720 #57326 #60342 on release-1.9.
#58720: Ensure that the runtime mounts RO volumes read-only
#57326: Update Dashboard version to v1.8.3
#60342: Fix nested volume mounts for read-only API data volumes
Fixes #60814 for 1.9
Note for reviewers:
The Dashboard update is necessary because previous versions of the Dashboard attempted to write to the secret volume on startup, and so the read-only secret volume change prevented the Dashboard from starting.