Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.7] Automated cherry pick of #58720 #60342 #60516

Merged
merged 2 commits into from Mar 1, 2018
Merged

[1.7] Automated cherry pick of #58720 #60342 #60516

merged 2 commits into from Mar 1, 2018

Conversation

joelsmith
Copy link
Contributor

@joelsmith joelsmith commented Feb 27, 2018
edited by liggitt

Cherry pick of #58720 #60342 on release-1.7.

#58720: Ensure that the runtime mounts RO volumes read-only
#60342: Fix nested volume mounts for read-only API data volumes

Fixes #60814 for 1.7

Changes secret, configMap, downwardAPI and projected volumes to mount read-only, instead of allowing applications to write data and then reverting it automatically. Until version 1.11, setting the feature gate ReadOnlyAPIDataVolumes=false will preserve the old behavior.

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Feb 27, 2018
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Feb 27, 2018
@joelsmith joelsmith changed the title Automated cherry pick of #58720 #60342 [1.7] Automated cherry pick of #58720 #60342 Feb 27, 2018
@k8s-github-robot k8s-github-robot added the do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. label Feb 27, 2018
@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Feb 27, 2018
@joelsmith
Ensure that the runtime mounts RO volumes read-only
38ebc87 
Add a feature gate ReadOnlyAPIDataVolumes to a provide a way to
disable the new behavior in 1.10, but for 1.11, the new
behavior will become non-optional.

Also, update E2E tests for downwardAPI and projected volumes
to mount the volumes somewhere other than /etc.
@joelsmith
Fix nested volume mounts for read-only API data volumes
e13121a 
Since the runtime may try to create mount points within
the sandbox, it will fail if the mount point is within
a read-only API data volume, like a secret or configMap
volume.

Create any needed mount points during volume setup.
@joelsmith joelsmith force-pushed the automated-cherry-pick-of-#58720-#60342-upstream-release-1.7 branch from 3013c5f to e13121a Compare February 27, 2018 19:41
@liggitt liggitt added this to the v1.7 milestone Feb 27, 2018
@joelsmith
Copy link
Contributor Author

/kind bug
/sig storage
/sig node
/priority important-soon

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. sig/storage Categorizes an issue or PR as relevant to SIG Storage. sig/node Categorizes an issue or PR as relevant to SIG Node. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels Feb 27, 2018
@joelsmith
Copy link
Contributor Author

One of the failed tests is marked flaky, so retrying:
/test pull-kubernetes-e2e-kops-aws

@msau42
Copy link
Member

msau42 commented Feb 27, 2018

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 27, 2018
@rata
Copy link
Member

rata commented Feb 27, 2018

/assign @wojtek-t

@smarterclayton
Copy link
Contributor

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: joelsmith, msau42, smarterclayton

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 28, 2018
@BenTheElder
Copy link
Member

This still needs cherry pick approval

@wojtek-t wojtek-t added cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. and removed do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. labels Mar 1, 2018
@wojtek-t
Copy link
Member

wojtek-t commented Mar 1, 2018

Cherrypick approved.

@k8s-github-robot
Copy link

/test all [submit-queue is verifying that this PR is safe to merge]

@msau42
Copy link
Member

msau42 commented Mar 1, 2018

/retest

@k8s-github-robot
Copy link

/test all [submit-queue is verifying that this PR is safe to merge]

@k8s-github-robot
Copy link

Automatic merge from submit-queue.

@k8s-github-robot k8s-github-robot merged commit fc0b94b into kubernetes:release-1.7 Mar 1, 2018
@liggitt liggitt mentioned this pull request Mar 12, 2018
Closed
@andyzhangx andyzhangx mentioned this pull request Apr 17, 2018
Closed
@joelsmith joelsmith deleted the automated-cherry-pick-of-#58720-#60342-upstream-release-1.7 branch June 17, 2020 19:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brendandburns brendandburns Awaiting requested review from brendandburns

@ivan4th ivan4th Awaiting requested review from ivan4th

@kow3ns kow3ns Awaiting requested review from kow3ns

@rata rata Awaiting requested review from rata

@rootfs rootfs Awaiting requested review from rootfs

@saad-ali saad-ali Awaiting requested review from saad-ali

@verult verult Awaiting requested review from verult

@yifan-gu yifan-gu Awaiting requested review from yifan-gu

Assignees

@saad-ali saad-ali

@wojtek-t wojtek-t

@msau42 msau42

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/security cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/storage Categorizes an issue or PR as relevant to SIG Storage. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.7
Development

Successfully merging this pull request may close these issues.

None yet
10 participants
@joelsmith @msau42 @rata @smarterclayton @k8s-ci-robot @BenTheElder @wojtek-t @k8s-github-robot @liggitt @saad-ali